lynis/include/consts

266 lines
7.4 KiB
Bash
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

#!/bin/sh
#################################################################################
#
# Lynis
# ------------------
#
# Copyright 2007-2013, Michael Boelen
# Copyright 2013-2016, CISOfy
#
# Website : https://cisofy.com
# Blog : http://linux-audit.com
# GitHub : https://github.com/CISOfy/lynis
#
# Lynis comes with ABSOLUTELY NO WARRANTY. This is free software, and you are
# welcome to redistribute it under the terms of the GNU General Public License.
# See LICENSE file for usage of this software.
#
#################################################################################
#
# Consts
#
#################################################################################
#
# Paths where system and program binaries are located
BIN_PATHS="/bin /sbin /usr/bin /usr/sbin /usr/local/bin /usr/local/sbin \
/usr/local/libexec /usr/libexec /usr/sfw/bin /usr/sfw/sbin \
/usr/sfw/libexec /opt/sfw/bin /opt/sfw/sbin /opt/sfw/libexec \
/usr/xpg4/bin /usr/css/bin /usr/ucb /usr/X11R6/bin /usr/X11R7/bin \
/usr/pkg/bin /usr/pkg/sbin"
ETC_PATHS="/etc /usr/local/etc"
# Do not use specific language, fall back to default
# Some tools with translated strings are very hard to parse
unset LANG
#
#################################################################################
#
# Initialize defaults
#
#################################################################################
#
# == Variable initializing ==
#
AUDITORNAME=""
AUTH_FAILED_LOGINS_LOGGED=0
AUTH_UNLOCK_TIME=-1
PROFILE=""
REPORTFILE=""
AFICKBINARY=""
AIDEBINARY=""
AASTATUSBINARY=""
AUDITD_RUNNING=0
APPLICATION_FIREWALL_ACTIVE=0
BINARY_SCAN_FINISHED=0
CHECK=0
CHECK_BINARIES=1
CHKROOTKITBINARY=""
CHKCONFIGBINARY=""
COMPLIANCE_ENABLE_CIS=0
COMPLIANCE_ENABLE_HIPAA=0
COMPLIANCE_ENABLE_ISO27001=0
COMPLIANCE_ENABLE_PCI_DSS=0
COMPLIANCE_TESTS_PERFORMED=0
COMPLIANCE_FINDINGS_FOUND=0
COMPRESSED_UPLOADS=0
CONTROL_URL_APPEND=""
CONTROL_URL_PREPEND=""
CONTROL_URL_PROTOCOL=""
CSUMBINARY=""
CUSTOM_URL_APPEND=""
CUSTOM_URL_PREPEND=""
CUSTOM_URL_PROTOCOL=""
DB2_RUNNING=0
DEVELOPER_MODE=0
DISCOVERED_BINARIES=""
DOCKER_DAEMON_RUNNING=0
ERROR_ON_WARNINGS=0
FILEVALUE=""
FIND=""
FIREWALL_ACTIVE=0
FOUNDPATH=0
GREPBINARY="grep"
GROUP_NAME=""
GRPCKBINARY=""
GRSEC_FOUND=0
GRUB2INSTALLBINARY=""
HAS_SYSTEMD=0
HELPER=""
HOSTID=""
IDS_IPS_TOOL_FOUND=0
IPTABLESBINARY=""
LINUX_VERSION=""
LINUXCONFIGFILE=""
LMDBINARY=""
LMDFOUND=0
LOGFILE=""
MACHINEID=""
MACHINE_ROLE=""
MALWARE_SCANNER_INSTALLED=0
MYSQL_RUNNING=0
MIN_PASSWORD_LENGTH=-1
N_PLUGIN_ENABLED=0
NAME_CACHE_USED=0
NETWORK_INTERFACES=""
NGINX_ACCESS_LOG_DISABLED=0
NGINX_ACCESS_LOG_MISSING=0
NGINX_ALIAS_FOUND=0
NGINX_ALLOW_FOUND=0
NGINX_DENY_FOUND=0
NGINX_ERROR_LOG_DEBUG=0
NGINX_ERROR_LOG_MISSING=0
NGINX_EXPIRES_FOUND=0
NGINX_FASTCGI_FOUND=0
NGINX_FASTCGI_PARAMS_FOUND=0
NGINX_FASTCGI_PASS_FOUND=0
NGINX_LISTEN_FOUND=0
NGINX_LOCATION_FOUND=0
NGINX_SSL_CIPHERS=0
NGINX_SSL_ON=0
NGINX_SSL_PREFER_SERVER_CIPHERS=0
NGINX_SSL_PROTOCOLS=0
NGINX_RETURN_FOUND=0
NGINX_ROOT_FOUND=0
NGINX_WEAK_SSL_PROTOCOL_FOUND=0
NTPD_ROLE=""
ORACLE_RUNNING=0
OS=""; OS_MODE=""
OS_REDHAT_OR_CLONE=0
OSIRISBINARY=""
PASSWORD_MAXIMUM_DAYS=-1
PASSWORD_MINIMUM_DAYS=-1
PAM_2F_AUTH_ENABLED=0
PAM_2F_AUTH_REQUIRED=0
PAM_AUTH_BRUTE_FORCE_PROTECTION=0
PAM_PASSWORD_HISTORY_AMOUNT=0
PAM_PASSWORD_HISTORY_ENABLED=0
PAM_PASSWORD_STRENGTH_TESTED=0
PAM_PASSWORD_PWHISTORY_ENABLED=0
PAM_PASSWORD_UXHISTORY_ENABLED=0
PFFOUND=0
PIDFILE=""
PLUGINDIR=""
PLUGIN_PHASE=0
POSTGRES_RUNNING=0
PRIVILEGED=0
PROFILEVALUE=""
PSBINARY="ps"
REMOTE_LOGGING_ENABLED=0
RKHUNTERBINARY=""
RPMBINARY=""
RUN_HELPERS=0
RUN_PLUGINS=1
RUN_TESTS=1
SAMHAINBINARY=""
SCAN_TEST_HEAVY=""; SCAN_TEST_MEDIUM=""; SCAN_TEST_LOW=""
SEARCH_PROFILES=""
SESTATUSBINARY=""
SERVICE_MANAGER=""
SETTINGS=""
SETTINGS_FILE=""
SHELL_IS_BUSYBOX=0
SHOW_PROGRAM_DETAILS=1
SHOW_REPORT=1
SHOW_WARNINGS_ONLY=0
SKIP_TESTS=""
SKIPPED_TESTS_ROOTONLY=""
SSHKEYSCANBINARY=""
SSHKEYSCANFOUND=0
SSL_CERTIFICATE_PATHS=""
SYSLOGNGBINARY=""
SYSTEMCTLBINARY=""
TEMP_FILE=""
TEMP_FILES=""
TEST_SKIP_ALWAYS=""
TESTS_CATEGORY_TO_PERFORM=""
TESTS_EXECUTED=""
TESTS_SKIPPED=""
TMPFILE=""
TOTAL_SUGGESTIONS=0
TOTAL_WARNINGS=0
TRIPWIREBINARY=""
UEFI_BOOTED=0
UEFI_BOOTED_SECURE=0
UNBOUND_RUNNING=0
UPDATE_CHECK_SKIPPED=0
UPLOAD_OPTIONS=""
UPLOAD_PROXY_PORT=""
UPLOAD_PROXY_PROTOCOL=""
UPLOAD_PROXY_SERVER=""
UPLOAD_TOOL=""
UPLOAD_TOOL_ARGS=""
VALUE=""
VERBOSE=0
VMTYPE=""
VULNERABLE_PACKAGES_FOUND=0
#
#################################################################################
#
# * Options
#
#################################################################################
#
CRONJOB=0 # Run as a cronjob
CTESTS_PERFORMED=0 # Number of tests which are performed
DEBUG=0 # Debugging mode (to screen)
HPPOINTS=0 # Number of hardening points
HPTOTAL=0 # Maximum number of hardening points
LOG_INCORRECT_OS=1 # Log tests with incorrect OS
NEVERBREAK=0 # Don't wait for user input
PENTESTINGMODE=0 # Try tests without root privileges
QUICKMODE=0 # Don't wait for user input
QUIET=0 # Show normal messages and warnings as well
SHOW_TOOL_TIPS=1 # Show inline tool tips (default true)
SKIPLOGTEST=0 # Skip logging for one test
SKIP_UPGRADE_TEST=0 # Skip upgrade test
TESTS_TO_PERFORM="" # Which tests only to perform
TEST_PAUSE_TIME=0 # Default pause time
TOTAL_TESTS=0 # Total amount of tests (counter)
UPLOAD_DATA=0 # Upload of data to central node
VIEWHELP=0 # Show help
WRONGOPTION=0 # A wrong option is used
#
#################################################################################
#
# Installed packages and other settings
COMPILER_INSTALLED=0
#
#################################################################################
#
# * Colors
#
# For improved display
#
#################################################################################
#
NORMAL=""
WARNING="" # Bad (red)
SECTION="" # Section (yellow)
NOTICE="" # Notice (yellow)
OK="" # Ok (green)
BAD="" # Bad (red)
# Normal color names
CYAN=""
BLUE=""
BROWN=""
DARKGRAY=""
GRAY=""
GREEN=""
MAGENTA=""
PURPLE=""
RED=""
YELLOW=""
WHITE=""
#
#################################################################################
#
#================================================================================
# Lynis - Security Auditing and System Hardening for Linux and UNIX - https://cisofy.com