tyler.durden
/
lynis
mirror of https://github.com/CISOfy/lynis.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
lynis/include/consts

401 lines
10 KiB
Bash
Raw Blame History

#!/bin/sh
#################################################################################
#
# Lynis
# ------------------
#
# Copyright 2007-2013, Michael Boelen
# Copyright 2007-2019, CISOfy
#
# Website : https://cisofy.com
# Blog : http://linux-audit.com
# GitHub : https://github.com/CISOfy/lynis
#
# Lynis comes with ABSOLUTELY NO WARRANTY. This is free software, and you are
# welcome to redistribute it under the terms of the GNU General Public License.
# See LICENSE file for usage of this software.
#
#################################################################################
#
# Consts
#
#################################################################################
#
# Paths where system and program binaries are typically located
BIN_PATHS="/bin /sbin /usr/bin /usr/sbin /usr/local/bin /usr/local/sbin \
/usr/local/libexec /usr/libexec \
/usr/sfw/bin /usr/sfw/sbin /usr/sfw/libexec \
/opt/sfw/bin /opt/sfw/sbin /opt/sfw/libexec \
/usr/xpg4/bin /usr/css/bin /usr/ucb /usr/X11R6/bin /usr/X11R7/bin \
/usr/pkg/bin /usr/pkg/sbin /usr/gnu/bin"
ETC_PATHS="/etc /usr/local/etc"
# Do not use specific language, fall back to default
# Some tools with translated strings are very hard to parse
unset LANG
#
#################################################################################
#
# Initialize defaults
#
#################################################################################
#
# == Variable initializing ==
#
APTBINARY=""
ARCH_AUDIT_BINARY=""
AUDITORNAME=""
AUDITCTLBINARY=""
AUDITDBINARY=""
AUTH_FAILED_LOGINS_LOGGED=0
AUTH_UNLOCK_TIME=-1
PROFILE=""
REPORTFILE=""
AFICKBINARY=""
AIDEBINARY=""
AASTATUSBINARY=""
AUDITD_RUNNING=0
APPLICATION_FIREWALL_ACTIVE=0
BINARY_SCAN_FINISHED=0
BLKIDBINARY=""
CAT_BINARY=""
CFAGENTBINARY=""
CHECK=0
CHECK_BINARIES=1
CHECK_OPTION_ARRAY=""
CHKROOTKITBINARY=""
CHKCONFIGBINARY=""
CLAMCONF_BINARY=""
CLAMSCANBINARY=""
CLANGBINARY=""
COLORS=1
COMPLIANCE_ENABLE_CIS=0
COMPLIANCE_ENABLE_HIPAA=0
COMPLIANCE_ENABLE_ISO27001=0
COMPLIANCE_ENABLE_PCI_DSS=0
COMPLIANCE_TESTS_PERFORMED=0
COMPLIANCE_FINDINGS_FOUND=0
COMPRESSED_UPLOADS=0
CONTROL_URL_APPEND=""
CONTROL_URL_PREPEND=""
CONTROL_URL_PROTOCOL=""
CONTAINER_TYPE=""
CREATE_REPORT_FILE=1
CSUMBINARY=""
CURRENT_TS=0
CUSTOM_URL_APPEND=""
CUSTOM_URL_PREPEND=""
CUSTOM_URL_PROTOCOL=""
CUTBINARY=""
DATABASE_ENGINE_RUNNING=0
DB2_RUNNING=0
DBUSDAEMONBINARY=""
DEBSECANBINARY=""
DEBSUMSBINARY=""
DEVELOPER_MODE=0
DEVOPS_MODE=0
DISABLED_PLUGINS=""
DISCOVERED_BINARIES=""
DMIDECODEBINARY=""
DNFBINARY=""
DOCKERBINARY=""
DOCKER_DAEMON_RUNNING=0
DPKGBINARY=""
ECHOCMD=""
ERROR_ON_WARNINGS=0
EQUERYBINARY=""
EXIMBINARY=""
FAIL2BANBINARY=""
FILEBINARY=""
FILEVALUE=""
FIND=""
FIREWALL_ACTIVE=0
FOUNDPATH=0
FORENSICS_MODE=0
GETENT_BINARY=""
GRADMBINARY=""
GREPBINARY="grep"
GROUP_NAME=""
GRPCKBINARY=""
GRSEC_FOUND=0
GRUBCONFFILE=""
GRUB2INSTALLBINARY=""
HAS_SYSTEMD=0
HEADBINARY=""
HELPER=""
HOSTID=""
HOSTID2=""
HTTPDBINARY=""
IDS_IPS_TOOL_FOUND=0
IFCONFIGBINARY=""
IPBINARY=""
IPFBINARY=""
IPTABLESBINARY=""
JOURNALCTLBINARY=""
KLDSTATBINARY=""
LAUNCHCTL_BINARY=""
LDAP_CLIENT_CONFIG_FILE=""
LICENSE_KEY=""
LICENSE_SERVER=""
LINUX_VERSION=""
LINUXCONFIGFILE=""
LMDBINARY=""
LMDFOUND=0
LOCATEBINARY=""
LOGFILE=""
LOGDIR=""
LOGTEXT=1
LSMODBINARY=""
LSOFBINARY=""
LSOF_EXTRA_OPTIONS=""
LSVGBINARY=""
LYNIS_CRONJOB=""
MACHINEID=""
MACHINE_ROLE=""
MALWARE_SCANNER_INSTALLED=0
MIN_PASSWORD_LENGTH=-1
MONGODB_RUNNING=0
MOUNTBINARY=""
MTREEBINARY=""
MYSQLCLIENTBINARY=""
MYSQL_RUNNING=0
N_PLUGIN=0
N_PLUGIN_ENABLED=0
NAME_CACHE_USED=0
NETWORK_INTERFACES=""
NFTBINARY=""
NGINX_ACCESS_LOG_DISABLED=0
NGINX_ACCESS_LOG_MISSING=0
NGINX_ALIAS_FOUND=0
NGINX_ALLOW_FOUND=0
NGINX_DENY_FOUND=0
NGINX_ERROR_LOG_DEBUG=0
NGINX_ERROR_LOG_MISSING=0
NGINX_EVENTS_COUNTER=0
NGINX_EXPIRES_FOUND=0
NGINX_FASTCGI_FOUND=0
NGINX_FASTCGI_PARAMS_FOUND=0
NGINX_FASTCGI_PASS_FOUND=0
NGINX_HTTP_COUNTER=0
NGINX_LISTEN_FOUND=0
NGINX_LOCATION_COUNTER=0
NGINX_LOCATION_FOUND=0
NGINX_SERVER_COUNTER=0
NGINX_SSL_CIPHERS=0
NGINX_SSL_ON=0
NGINX_SSL_PREFER_SERVER_CIPHERS=0
NGINX_SSL_PROTOCOLS=0
NGINX_RETURN_FOUND=0
NGINX_ROOT_FOUND=0
NGINX_WEAK_SSL_PROTOCOL_FOUND=0
NTPD_ROLE=""
NTPQBINARY=""
OPENSSLBINARY=""
OPTION_DEBIAN_SKIP_SECURITY_REPOSITORY=0
OPTIONS_CONN_MAX_WAIT_STATE=""
ORACLE_RUNNING=0
OS=""
OS_KERNELVERSION=""
OS_KERNELVERSION_FULL=""
OS_MODE=""
OS_REDHAT_OR_CLONE=0
OSIRISBINARY=""
PACMANBINARY=""
PASSWORD_MAXIMUM_DAYS=-1
PASSWORD_MINIMUM_DAYS=-1
PAM_2F_AUTH_ENABLED=0
PAM_2F_AUTH_REQUIRED=0
PAM_AUTH_BRUTE_FORCE_PROTECTION=0
PAM_PASSWORD_HISTORY_AMOUNT=0
PAM_PASSWORD_HISTORY_ENABLED=0
PAM_PASSWORD_STRENGTH_TESTED=0
PAM_PASSWORD_PWHISTORY_ENABLED=0
PAM_PASSWORD_UXHISTORY_ENABLED=0
PFCTLBINARY=""
PFFOUND=0
PGREPBINARY=""
PIDFILE=""
PKG_BINARY=""
PKGADMINBINARY=""
PLUGINDIR=""
PLUGIN_PHASE=0
POSTFIXBINARY=""
POSTGRES_RUNNING=0
PREVIOUS_TEST="No test ID"
PREVIOUS_TS=0
PROFILES=""
PROFILEVALUE=""
PSBINARY="ps"
PSOPTIONS=""
PUPPETBINARY=""
QNAP_DEVICE=0
READLINKBINARY=""
REDIS_RUNNING=0
REFRESH_REPOSITORIES=1
REMOTE_LOGGING_ENABLED=0
RESOLV_DOMAINNAME=""
RKHUNTERBINARY=""
ROOTDIR="/"
ROOTSHBINARY=""
RPCINFOBINARY=""
RPMBINARY=""
RUN_HELPERS=0
RUN_TESTS=1
RUN_UPDATE_CHECK=1
SALTMASTERBINARY=""
SALTMINIONBINARY=""
SAMHAINBINARY=""
SCAN_TEST_HEAVY=""; SCAN_TEST_MEDIUM=""; SCAN_TEST_LOW=""
SEARCH_PROFILES=""
SEARCH_VERSION=""
SESTATUSBINARY=""
SERVICE_MANAGER=""
SETBINARY=""
SETTINGS=""
SETTINGS_FILE=""
SET_STRICT=0
SHA1SUMBINARY=""
SHA256SUMBINARY=""
SHELL_IS_BUSYBOX=0
SHOWMOUNTBINARY=""
SHOW_PROGRAM_DETAILS=1
SHOW_REPORT=1
SHOW_REPORT_SOLUTION=1
SHOW_TOOL_TIPS=1 # Show inline tool tips (default true)
SHOW_WARNINGS_ONLY=0
SKIP_GETHOSTID=0
SKIP_PLUGINS=0
SKIP_TESTS=""
SKIP_VM_DETECTION=0
SKIPREASON=""
SKIPPED_TESTS_ROOTONLY=""
SMTPCTLBINARY=""
SNORTBINARY=""
SSHKEYSCANBINARY=""
SSHKEYSCANFOUND=0
SSL_CERTIFICATE_PATHS=""
SSL_CERTIFICATE_PATHS_TO_IGNORE=""
STUNNELBINARY=""
SWUPDBINARY=""
SYSLOGNGBINARY=""
SYSTEMCTLBINARY=""
SYSTEM_IS_NOTEBOOK=255
TEMP_FILE=""
TEMP_FILES=""
TEST_SKIP_ALWAYS=""
TEST_AVAILABLE_CATEGORIES="performance privacy security"
TEST_CATEGORY_TO_CHECK="all"
TEST_GROUP_TO_CHECK="all"
TESTS_EXECUTED=""
TESTS_SKIPPED=""
TMPFILE=""
TOMOYOINITBINARY=""
TOOLTIP_SHOWED=0
TOTAL_SUGGESTIONS=0
TOTAL_WARNINGS=0
TRBINARY=""
TRIPWIREBINARY=""
UEFI_BOOTED=0
UEFI_BOOTED_SECURE=0
UNAMEBINARY=""
UNBOUND_RUNNING=0
UNIQBINARY=""
UPDATE_CHECK_SKIPPED=0
UPLOAD_OPTIONS=""
UPLOAD_PROXY_PORT=""
UPLOAD_PROXY_PROTOCOL=""
UPLOAD_PROXY_SERVER=""
UPLOAD_SERVER=""
UPLOAD_TOOL=""
UPLOAD_TOOL_ARGS=""
USBGUARDBINARY=""
USBGUARD_CONFIG=""
USBGUARD_ROOT=""
VALUE=""
VERBOSE=0
VGDISPLAYBINARY=""
VMTYPE=""
VULNERABLE_PACKAGES_FOUND=0
WCBINARY=""
XARGSBINARY=""
YUMBINARY=""
ZYPPERBINARY=""
#
#################################################################################
#
# * Options
#
#################################################################################
#
CRONJOB=0 # Run as a cronjob
CTESTS_PERFORMED=0 # Number of tests which are performed
DEBUG=0 # Debugging mode (to screen)
HPPOINTS=0 # Number of hardening points
HPTOTAL=0 # Maximum number of hardening points
LOG_INCORRECT_OS=1 # Log tests with incorrect OS
NEVERBREAK=0 # Don't wait for user input
QUICKMODE=1 # Don't wait for user input
QUIET=0 # Show normal messages and warnings as well
SKIPLOGTEST=0 # Skip logging for one test
SKIP_UPGRADE_TEST=0 # Skip upgrade test
TESTS_TO_PERFORM="" # Which tests only to perform
TEST_PAUSE_TIME=0 # Default pause time
TOTAL_TESTS=0 # Total amount of tests (counter)
UPLOAD_DATA=0 # Upload of data to central node
VIEWHELP=0 # Show help
WRONGOPTION=0 # A wrong option is used
#
#################################################################################
#
# Installed packages and other settings
COMPILER_INSTALLED=0
#
#################################################################################
#
# * Colors
#
# For improved display
#
#################################################################################
#
# Normal color names (BG will color background)
BG_BLUE="$(printf '\033[0;44m')"
CYAN="$(printf '\033[0;36m')"
BLUE="$(printf '\033[0;34m')"
BROWN="$(printf '\033[0;33m')"
DARKGRAY="$(printf '\033[0;30m')"
GRAY="$(printf '\033[0;37m')"
GREEN="$(printf '\033[1;32m')"
LIGHTBLUE="$(printf '\033[0;94m')"
MAGENTA="$(printf '\033[1;35m')"
PURPLE="$(printf '\033[0;35m')"
RED="$(printf '\033[1;31m')"
YELLOW="$(printf '\033[1;33m')"
WHITE="$(printf '\033[1;37m')"
# Special markup
BOLD="${WHITE}"
NORMAL="$(printf '\033[0m')"
# Semantic names
BG_WARNING="$(printf '\033[30;43m')" # Yellow background with grey text
HEADER="${WHITE}"
WARNING="${RED}"
SECTION="${YELLOW}"
NOTICE="${YELLOW}"
OK="${GREEN}"
BAD="${RED}"
#
#################################################################################
#
#================================================================================
# Lynis - Security Auditing and System Hardening for Linux and UNIX - https://cisofy.com
Reference in New Issue View Git Blame Copy Permalink