lynis/include/tests_custom.template

115 lines
5.0 KiB
Bash

#!/bin/sh
#################################################################################
#
# Here you could insert your own custom checks
#
# Tips:
# - Make sure to use each test ID only once in Register function and prefix them with CUST
# - Use big steps in numbering, so you can easily put tests in between
# - Want to improve Lynis? Share your checks!
#
#################################################################################
#
# Test : CUST-0001
# Description : We show some lines on the screen
# Register our first custom test
# We consider it to be a lightweight test (no heavy IO, or long searches), no network connection needed
Register --test-no CUST-0001 --weight L --network NO --description "A test case for colors and text display"
if [ ${SKIPTEST} -eq 0 ]; then
# The Display function makes it easy to show something on screen, with colors.
# --indent defines amount of spaces
# --text text to be displayed on screen
# --result text at end of line
# --color color of result text
Display --indent 2 --text "- Checking if everything is OK..." --result OK --color GREEN
Display --indent 4 --text "This shows one level deeper " --result NOTICE --color YELLOW
Display --indent 6 --text "And even deeper" --result WARNING --color RED
# Here we could add specific tests, like testing for a directory
# Most tests use the "if-then-else". If something is true, take one step, otherwise the other.
if [ -d /tmp ]; then
LogText "Result: we have a temporary directory"
else
LogText "Result: no temporary directory found"
fi
# Common examples to use:
# if [ -f /etc/file ]; then = Test if file exists
# if [ -d /var/run/mydirectory ]; then = Test if directory exists
# if [ ${MYVARIABLE} -eq 1 ]; then = Test if variable is set to 1
# if [ "${MYVARIABLE}" = "Value" ]; then = Test if variable is equal to specific value
if [ -f /etc/file ]; then
LogText "Result: Found file /etc/file"
elif [ -f /etc/file2 ]; then
LogText "Result: Found file /etc/file2"
else
LogText "Result: both /etc/file and /etc/file2 not found"
fi
# If a single value is stored in a variable, using case is effective.
case ${OS} in
# Only match one value
"Linux")
LogText "Found Linux"
Display --indent 2 --text "OS: Linux" --result OK --color GREEN
;;
# Matching several platforms
"FreeBSD" | "NetBSD" | "OpenBSD")
LogText "Found an operating system based on BSD"
Display --indent 2 --text "OS: *BSD" --result OK --color GREEN
;;
# Catch-all for unknown values
*)
LogText "Did find another operating system"
;;
esac
# Show a warning on screen and in the report. We can specify a detail and how to solve it.
ReportWarning "${TEST_NO}" "Something was wrong and should be fixed" "/etc/motd" "text:Change your motd"
ReportSuggestion "${TEST_NO}" "Check if this process is running" "apache" "url:https://cisofy.com/support/"
fi
#
#################################################################################
#
# Add a new section to screen output
InsertSection "Other Tests"
#
#################################################################################
#
# First check if OPENSSLBINARY is known as a prerequisite for this test.
if [ ! "${OPENSSLBINARY}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
Register --test-no CUST-0002 --preqs-met ${PREQS_MET} --weight M --network NO --description "Description of custom test"
if [ ${SKIPTEST} -eq 0 ]; then
FOUNDPROBLEM=0
DIR="/my/path"
LogText "Test: we are going to check if we can find a particular directory (${DIR})"
# Check if a directory exists
if [ -d ${DIR} ]; then
LogText "Result: log entry for easier debugging or additional information"
else
FOUNDPROBLEM=1
LogText "Result: directory ${DIR} was not found!"
ReportWarning "${TEST_NO}" "This is a test warning line" "${DIR}" "text:Create directory ${DIR}"
fi
if [ ${FOUNDPROBLEM} -eq 0 ]; then
Display --indent 2 --text "- Checking if everything is OK..." --result OK --color GREEN
else
Display --indent 2 --text "- Checking if everything is OK..." --result WARNING --color RED
ReportSuggestion ${TEST_NO} "This is a suggestion"
fi
fi
#
#################################################################################
#
# Wait for keypress (unless --quick is being used)
WaitForKeyPress
#
#================================================================================
# Lynis - Security Auditing and System Hardening for Linux and UNIX - https://cisofy.com