mirror of https://github.com/CISOfy/lynis.git
264 lines
7.3 KiB
Bash
264 lines
7.3 KiB
Bash
#!/bin/sh
|
||
|
||
#################################################################################
|
||
#
|
||
# Lynis
|
||
# ------------------
|
||
#
|
||
# Copyright 2007-2013, Michael Boelen
|
||
# Copyright 2013-2016, CISOfy
|
||
#
|
||
# Website : https://cisofy.com
|
||
# Blog : http://linux-audit.com
|
||
# GitHub : https://github.com/CISOfy/lynis
|
||
#
|
||
# Lynis comes with ABSOLUTELY NO WARRANTY. This is free software, and you are
|
||
# welcome to redistribute it under the terms of the GNU General Public License.
|
||
# See LICENSE file for usage of this software.
|
||
#
|
||
#################################################################################
|
||
#
|
||
# Consts
|
||
#
|
||
#################################################################################
|
||
#
|
||
|
||
# Paths where system and program binaries are located
|
||
BIN_PATHS="/bin /sbin /usr/bin /usr/sbin /usr/local/bin /usr/local/sbin \
|
||
/usr/local/libexec /usr/libexec /usr/sfw/bin /usr/sfw/sbin \
|
||
/usr/sfw/libexec /opt/sfw/bin /opt/sfw/sbin /opt/sfw/libexec \
|
||
/usr/xpg4/bin /usr/css/bin /usr/ucb /usr/X11R6/bin /usr/X11R7/bin \
|
||
/usr/pkg/bin /usr/pkg/sbin"
|
||
|
||
ETC_PATHS="/etc /usr/local/etc"
|
||
|
||
# Do not use specific language, fall back to default
|
||
# Some tools with translated strings are very hard to parse
|
||
unset LANG
|
||
|
||
#
|
||
#################################################################################
|
||
#
|
||
# Initialize defaults
|
||
#
|
||
#################################################################################
|
||
#
|
||
# == Variable initializing ==
|
||
#
|
||
AUDITORNAME=""
|
||
AUTH_FAILED_LOGINS_LOGGED=0
|
||
AUTH_UNLOCK_TIME=-1
|
||
PROFILE=""
|
||
REPORTFILE=""
|
||
AFICKBINARY=""
|
||
AIDEBINARY=""
|
||
AASTATUSBINARY=""
|
||
AUDITD_RUNNING=0
|
||
APPLICATION_FIREWALL_ACTIVE=0
|
||
BINARY_SCAN_FINISHED=0
|
||
CHECK=0
|
||
CHECK_BINARIES=1
|
||
CHKROOTKITBINARY=""
|
||
CHKCONFIGBINARY=""
|
||
COMPLIANCE_ENABLE_CIS=0
|
||
COMPLIANCE_ENABLE_HIPAA=0
|
||
COMPLIANCE_ENABLE_ISO27001=0
|
||
COMPLIANCE_ENABLE_PCI_DSS=0
|
||
COMPLIANCE_TESTS_PERFORMED=0
|
||
COMPLIANCE_FINDINGS_FOUND=0
|
||
COMPRESSED_UPLOADS=0
|
||
CONTROL_URL_APPEND=""
|
||
CONTROL_URL_PREPEND=""
|
||
CONTROL_URL_PROTOCOL=""
|
||
CSUMBINARY=""
|
||
CUSTOM_URL_APPEND=""
|
||
CUSTOM_URL_PREPEND=""
|
||
CUSTOM_URL_PROTOCOL=""
|
||
DB2_RUNNING=0
|
||
DEVELOPER_MODE=0
|
||
DISCOVERED_BINARIES=""
|
||
DOCKER_DAEMON_RUNNING=0
|
||
ERROR_ON_WARNINGS=0
|
||
FILEVALUE=""
|
||
FIND=""
|
||
FIREWALL_ACTIVE=0
|
||
FOUNDPATH=0
|
||
GREPBINARY="grep"
|
||
GROUP_NAME=""
|
||
GRPCKBINARY=""
|
||
GRSEC_FOUND=0
|
||
GRUB2INSTALLBINARY=""
|
||
HAS_SYSTEMD=0
|
||
HELPER=""
|
||
HOSTID=""
|
||
IDS_IPS_TOOL_FOUND=0
|
||
IPTABLESBINARY=""
|
||
LANGUAGE="en-US"
|
||
LINUX_VERSION=""
|
||
LINUXCONFIGFILE=""
|
||
LMDBINARY=""
|
||
LMDFOUND=0
|
||
LOGFILE=""
|
||
MACHINEID=""
|
||
MACHINE_ROLE=""
|
||
MALWARE_SCANNER_INSTALLED=0
|
||
MYSQL_RUNNING=0
|
||
MIN_PASSWORD_LENGTH=-1
|
||
N_PLUGIN_ENABLED=0
|
||
NAME_CACHE_USED=0
|
||
NETWORK_INTERFACES=""
|
||
NGINX_ACCESS_LOG_DISABLED=0
|
||
NGINX_ACCESS_LOG_MISSING=0
|
||
NGINX_ALIAS_FOUND=0
|
||
NGINX_ALLOW_FOUND=0
|
||
NGINX_DENY_FOUND=0
|
||
NGINX_ERROR_LOG_DEBUG=0
|
||
NGINX_ERROR_LOG_MISSING=0
|
||
NGINX_EXPIRES_FOUND=0
|
||
NGINX_FASTCGI_FOUND=0
|
||
NGINX_FASTCGI_PARAMS_FOUND=0
|
||
NGINX_FASTCGI_PASS_FOUND=0
|
||
NGINX_LISTEN_FOUND=0
|
||
NGINX_LOCATION_FOUND=0
|
||
NGINX_SSL_CIPHERS=0
|
||
NGINX_SSL_ON=0
|
||
NGINX_SSL_PREFER_SERVER_CIPHERS=0
|
||
NGINX_SSL_PROTOCOLS=0
|
||
NGINX_RETURN_FOUND=0
|
||
NGINX_ROOT_FOUND=0
|
||
NGINX_WEAK_SSL_PROTOCOL_FOUND=0
|
||
NTPD_ROLE=""
|
||
ORACLE_RUNNING=0
|
||
OS=""; OS_MODE=""
|
||
OS_REDHAT_OR_CLONE=0
|
||
OSIRISBINARY=""
|
||
PASSWORD_MAXIMUM_DAYS=-1
|
||
PASSWORD_MINIMUM_DAYS=-1
|
||
PAM_2F_AUTH_ENABLED=0
|
||
PAM_2F_AUTH_REQUIRED=0
|
||
PAM_AUTH_BRUTE_FORCE_PROTECTION=0
|
||
PAM_PASSWORD_HISTORY_AMOUNT=0
|
||
PAM_PASSWORD_HISTORY_ENABLED=0
|
||
PAM_PASSWORD_STRENGTH_TESTED=0
|
||
PAM_PASSWORD_PWHISTORY_ENABLED=0
|
||
PAM_PASSWORD_UXHISTORY_ENABLED=0
|
||
PFFOUND=0
|
||
PIDFILE=""
|
||
PLUGINDIR=""
|
||
PLUGIN_PHASE=0
|
||
POSTGRES_RUNNING=0
|
||
PRIVILEGED=0
|
||
PROFILEVALUE=""
|
||
PSBINARY="ps"
|
||
REMOTE_LOGGING_ENABLED=0
|
||
RKHUNTERBINARY=""
|
||
RPMBINARY=""
|
||
RUN_HELPERS=0
|
||
RUN_PLUGINS=1
|
||
RUN_TESTS=1
|
||
SAMHAINBINARY=""
|
||
SCAN_TEST_HEAVY=""; SCAN_TEST_MEDIUM=""; SCAN_TEST_LOW=""
|
||
SEARCH_PROFILES=""
|
||
SESTATUSBINARY=""
|
||
SERVICE_MANAGER=""
|
||
SHELL_IS_BUSYBOX=0
|
||
SHOW_PROGRAM_DETAILS=1
|
||
SHOW_REPORT=1
|
||
SHOW_WARNINGS_ONLY=0
|
||
SKIP_TESTS=""
|
||
SKIPPED_TESTS_ROOTONLY=""
|
||
SSHKEYSCANBINARY=""
|
||
SSHKEYSCANFOUND=0
|
||
SYSLOGNGBINARY=""
|
||
SYSTEMCTLBINARY=""
|
||
TEMP_FILE=""
|
||
TEMP_FILES=""
|
||
TEST_SKIP_ALWAYS=""
|
||
TESTS_CATEGORY_TO_PERFORM=""
|
||
TESTS_EXECUTED=""
|
||
TESTS_SKIPPED=""
|
||
TMPFILE=""
|
||
TOTAL_SUGGESTIONS=0
|
||
TOTAL_WARNINGS=0
|
||
TRIPWIREBINARY=""
|
||
UEFI_BOOTED=0
|
||
UEFI_BOOTED_SECURE=0
|
||
UNBOUND_RUNNING=0
|
||
UPDATE_CHECK_SKIPPED=0
|
||
UPLOAD_OPTIONS=""
|
||
UPLOAD_PROXY_PORT=""
|
||
UPLOAD_PROXY_PROTOCOL=""
|
||
UPLOAD_PROXY_SERVER=""
|
||
UPLOAD_TOOL=""
|
||
UPLOAD_TOOL_ARGS=""
|
||
VALUE=""
|
||
VERBOSE=0
|
||
VMTYPE=""
|
||
VULNERABLE_PACKAGES_FOUND=0
|
||
#
|
||
#################################################################################
|
||
#
|
||
# * Options
|
||
#
|
||
#################################################################################
|
||
#
|
||
CRONJOB=0 # Run as a cronjob
|
||
CTESTS_PERFORMED=0 # Number of tests which are performed
|
||
DEBUG=0 # Debugging mode (to screen)
|
||
HPPOINTS=0 # Number of hardening points
|
||
HPTOTAL=0 # Maximum number of hardening points
|
||
LOG_INCORRECT_OS=1 # Log tests with incorrect OS
|
||
NEVERBREAK=0 # Don't wait for user input
|
||
PENTESTINGMODE=0 # Try tests without root privileges
|
||
QUICKMODE=0 # Don't wait for user input
|
||
QUIET=0 # Show normal messages and warnings as well
|
||
SHOW_TOOL_TIPS=1 # Show inline tool tips (default true)
|
||
SKIPLOGTEST=0 # Skip logging for one test
|
||
SKIP_UPGRADE_TEST=0 # Skip upgrade test
|
||
TESTS_TO_PERFORM="" # Which tests only to perform
|
||
TEST_PAUSE_TIME=0 # Default pause time
|
||
TOTAL_TESTS=0 # Total amount of tests (counter)
|
||
UPLOAD_DATA=0 # Upload of data to central node
|
||
VIEWHELP=0 # Show help
|
||
WRONGOPTION=0 # A wrong option is used
|
||
#
|
||
#################################################################################
|
||
#
|
||
# Installed packages and other settings
|
||
COMPILER_INSTALLED=0
|
||
#
|
||
#################################################################################
|
||
#
|
||
# * Colors
|
||
#
|
||
# For improved display
|
||
#
|
||
#################################################################################
|
||
#
|
||
NORMAL="[0;39m"
|
||
WARNING="[1;31m" # Bad (red)
|
||
SECTION="[1;33m" # Section (yellow)
|
||
NOTICE="[1;33m" # Notice (yellow)
|
||
OK="[1;32m" # Ok (green)
|
||
BAD="[1;31m" # Bad (red)
|
||
|
||
# Normal color names
|
||
CYAN="[0;36m"
|
||
BLUE="[0;34m"
|
||
BROWN="[0;33m"
|
||
DARKGRAY="[0;30m"
|
||
GRAY="[0;37m"
|
||
GREEN="[1;32m"
|
||
MAGENTA="[1;35m"
|
||
PURPLE="[0;35m"
|
||
RED="[1;31m"
|
||
YELLOW="[1;33m"
|
||
WHITE="[1;37m"
|
||
|
||
#
|
||
#################################################################################
|
||
#
|
||
|
||
#================================================================================
|
||
# Lynis - Security Auditing and System Hardening for Linux and UNIX - https://cisofy.com
|