mirror of https://github.com/CISOfy/lynis.git
420 lines
15 KiB
Bash
420 lines
15 KiB
Bash
#!/bin/sh
|
|
|
|
#################################################################################
|
|
#
|
|
# Lynis
|
|
# ------------------
|
|
#
|
|
# Copyright 2007-2016, Michael Boelen, CISOfy (michael.boelen@cisofy.com)
|
|
# Web site: https://cisofy.com
|
|
#
|
|
# This software is licensed under GPL, version 3. See LICENSE file for
|
|
# usage of this software.
|
|
#
|
|
#################################################################################
|
|
#
|
|
# Operating System detection
|
|
#
|
|
#################################################################################
|
|
#
|
|
|
|
# Check operating system
|
|
case `uname` in
|
|
|
|
# IBM AIX
|
|
AIX)
|
|
OS="AIX"
|
|
OS_NAME="AIX"
|
|
OS_VERSION=`oslevel`
|
|
OS_FULLNAME="AIX ${OS_VERSION}"
|
|
CPU=`uname -p`
|
|
HARDWARE=`uname -M`
|
|
FIND_BINARIES="whereis -b"
|
|
SYSCTL_READKEY=""
|
|
;;
|
|
|
|
# Mac OS X
|
|
Darwin)
|
|
OS="MacOS"
|
|
if [ -x /usr/bin/sw_vers ]; then
|
|
OS_NAME=`/usr/bin/sw_vers -productName`
|
|
OS_VERSION=`/usr/bin/sw_vers -productVersion`
|
|
OS_FULLNAME="${OS_NAME} ${OS_VERSION}"
|
|
else
|
|
# Fall back to pretty safe name
|
|
OS_NAME="Mac OS X"
|
|
OS_FULLNAME=`uname -s -r`
|
|
OS_VERSION=`uname -r`
|
|
fi
|
|
HARDWARE=`uname -m`
|
|
HOMEDIRS="/Users"
|
|
FIND_BINARIES="whereis"
|
|
OS_KERNELVERSION=`uname -r`
|
|
SYSCTL_READKEY=""
|
|
;;
|
|
|
|
# DragonFly BSD
|
|
DragonFly)
|
|
OS="DragonFly"
|
|
OS_NAME="DragonFly BSD"
|
|
OS_FULLNAME=`uname -s -r`
|
|
OS_VERSION=`uname -r`
|
|
HARDWARE=`uname -m`
|
|
HOMEDIRS="/home /root"
|
|
FIND_BINARIES="whereis -q -a -b"
|
|
OS_KERNELVERSION=`uname -i`
|
|
SYSCTL_READKEY="sysctl -n"
|
|
;;
|
|
|
|
# FreeBSD
|
|
FreeBSD)
|
|
OS="FreeBSD"
|
|
OS_NAME="FreeBSD"
|
|
OS_FULLNAME=`uname -s -r`
|
|
OS_VERSION=`uname -r`
|
|
HARDWARE=`uname -m`
|
|
HOMEDIRS="/home /root"
|
|
FIND_BINARIES="whereis -q -a -b"
|
|
OS_KERNELVERSION=`uname -i`
|
|
SYSCTL_READKEY="sysctl -n"
|
|
|
|
# TrueOS
|
|
if [ -f /etc/defaults/trueos ]; then
|
|
OS_NAME="TrueOS"
|
|
logtext "Result: found TrueOS file, system is completely based on FreeBSD though. Only adjusting OS name."
|
|
fi
|
|
;;
|
|
|
|
# HP-UX
|
|
HP-UX)
|
|
OS="HP-UX"
|
|
OS_NAME="HP-UX"
|
|
OS_FULLNAME=`uname -s -r`
|
|
OS_VERSION=`uname -r`
|
|
HARDWARE=`uname -m`
|
|
FIND_BINARIES="whereis -b"
|
|
SYSCTL_READKEY=""
|
|
;;
|
|
|
|
# Linux
|
|
Linux)
|
|
OS="Linux"
|
|
OS_NAME="Linux"
|
|
OS_FULLNAME=""
|
|
OS_VERSION=`uname -r`
|
|
LINUX_VERSION=""
|
|
HARDWARE=`uname -m`
|
|
HOMEDIRS="/home"
|
|
FIND_BINARIES="whereis -b"
|
|
OS_KERNELVERSION_FULL=`uname -r`
|
|
OS_KERNELVERSION=`echo ${OS_KERNELVERSION_FULL} | sed 's/-.*//'`
|
|
|
|
# Amazon
|
|
if [ -e "/etc/system-release" ]; then
|
|
FIND=`grep "Amazon" /etc/system-release`
|
|
if [ ! "${FIND}" = "" ]; then
|
|
OS_REDHAT_OR_CLONE=1
|
|
OS_FULLNAME=`grep "^Amazon" /etc/system-release`
|
|
OS_VERSION=`grep "^Amazon" /etc/system-release | awk '{ if ($4=="release") { print $5 } }'`
|
|
LINUX_VERSION="Amazon"
|
|
fi
|
|
fi
|
|
|
|
# Arch Linux
|
|
if [ -e "/etc/arch-release" ]; then
|
|
OS_FULLNAME="Arch Linux"
|
|
OS_VERSION="Unknown"
|
|
LINUX_VERSION="Arch Linux"
|
|
fi
|
|
|
|
# Chakra Linux
|
|
if [ -e "/etc/chakra-release" ]; then
|
|
OS_FULLNAME=`grep "^Chakra" /etc/chakra-release`
|
|
OS_VERSION=`awk '/^Chakra/ { if ($3=="release") { print $4 }}' /etc/chakra-release`
|
|
LINUX_VERSION="Chakra Linux"
|
|
fi
|
|
|
|
# Cobalt
|
|
if [ -e "/etc/cobalt-release" ]; then OS_FULLNAME=`cat /etc/cobalt-release`; fi
|
|
# CPUBuilders Linux
|
|
if [ -e "/etc/cpub-release" ]; then OS_FULLNAME=`cat /etc/cpub-release`; fi
|
|
|
|
# Debian/Ubuntu (***) - Set first to Debian
|
|
if [ -e "/etc/debian_version" ]; then
|
|
OS_VERSION=`cat /etc/debian_version`
|
|
OS_FULLNAME="Debian ${OS_VERSION}"
|
|
LINUX_VERSION="Debian"
|
|
fi
|
|
# /etc/lsb-release does not exist on Debian
|
|
if [ -e "/etc/debian_version" -a -e /etc/lsb-release ]; then
|
|
OS_VERSION=`cat /etc/debian_version`
|
|
FIND=`grep "^DISTRIB_ID=" /etc/lsb-release | cut -d '=' -f2 | sed 's/"//g'`
|
|
if [ "${FIND}" = "Ubuntu" ]; then
|
|
OS_VERSION=`grep "^DISTRIB_RELEASE=" /etc/lsb-release | cut -d '=' -f2`
|
|
OS_FULLNAME="Ubuntu ${OS_VERSION}"
|
|
LINUX_VERSION="Ubuntu"
|
|
elif [ "${FIND}" = "elementary OS" ]; then
|
|
LINUX_VERSION="elementary OS"
|
|
OS_VERSION=`grep "^DISTRIB_RELEASE=" /etc/lsb-release | cut -d '=' -f2`
|
|
OS_FULLNAME=`grep "^DISTRIB_DESCRIPTION=" /etc/lsb-release | cut -d '=' -f2 | sed 's/"//g'`
|
|
else
|
|
# Catch all, in case it's unclear what specific release this is.
|
|
OS_FULLNAME="Debian ${OS_VERSION}"
|
|
LINUX_VERSION="Debian"
|
|
fi
|
|
# Ubuntu test (optional) `grep "[Uu]buntu" /proc/version`
|
|
fi
|
|
# E-smith
|
|
if [ -e "/etc/e-smith-release" ]; then OS_FULLNAME=`cat /etc/e-smith-release`; fi
|
|
# Gentoo
|
|
if [ -e "/etc/gentoo-release" ]; then OS_FULLNAME=`cat /etc/gentoo-release`; fi
|
|
|
|
# Red Hat and others
|
|
if [ -e "/etc/redhat-release" ]; then
|
|
OS_REDHAT_OR_CLONE=1
|
|
|
|
# CentOS
|
|
FIND=`grep "CentOS" /etc/redhat-release`
|
|
if [ ! "${FIND}" = "" ]; then
|
|
OS_FULLNAME=`grep "CentOS" /etc/redhat-release`
|
|
LINUX_VERSION="CentOS"
|
|
OS_VERSION="${OS_FULLNAME}"
|
|
fi
|
|
|
|
# ClearOS
|
|
FIND=`grep "ClearOS" /etc/redhat-release`
|
|
if [ ! "${FIND}" = "" ]; then
|
|
OS_FULLNAME=`grep "ClearOS" /etc/redhat-release`
|
|
LINUX_VERSION="ClearOS"
|
|
OS_VERSION="${OS_FULLNAME}"
|
|
fi
|
|
|
|
# Fedora
|
|
FIND=`grep "Fedora" /etc/redhat-release`
|
|
if [ ! "${FIND}" = "" ]; then
|
|
OS_FULLNAME=`grep "Fedora" /etc/redhat-release`
|
|
OS_VERSION="${OS_FULLNAME}"
|
|
LINUX_VERSION="Fedora"
|
|
fi
|
|
|
|
# Mageia (has also /etc/megaia-release)
|
|
FIND=`grep "Mageia" /etc/redhat-release`
|
|
if [ ! "${FIND}" = "" ]; then
|
|
OS_FULLNAME=`grep "^Mageia" /etc/redhat-release`
|
|
OS_VERSION=`grep "^Mageia" /etc/redhat-release | awk '{ if ($2=="release") { print $3 } }'`
|
|
LINUX_VERSION="Mageia"
|
|
fi
|
|
|
|
# Oracle Enterprise Linux
|
|
FIND=`grep "Enterprise Linux Enterprise Linux Server" /etc/redhat-release`
|
|
if [ ! "${FIND}" = "" ]; then
|
|
LINUX_VERSION="Oracle Enterprise Linux";
|
|
OS_FULLNAME=`grep "Enterprise Linux" /etc/redhat-release`;
|
|
OS_VERSION="${OS_FULLNAME}";
|
|
fi
|
|
|
|
# Oracle Enterprise Linux
|
|
if [ -e /etc/oracle-release ]; then
|
|
FIND=`grep "Oracle Linux Server" /etc/oracle-release`
|
|
if [ ! "${FIND}" = "" ]; then
|
|
LINUX_VERSION="Oracle Enterprise Linux";
|
|
OS_FULLNAME=`grep "Oracle Linux" /etc/oracle-release`;
|
|
OS_VERSION="${OS_FULLNAME}";
|
|
fi
|
|
fi
|
|
|
|
# Oracle VM Server
|
|
if [ -e /etc/ovs-release ]; then
|
|
FIND=`grep "Oracle VM" /etc/ovs-release`
|
|
if [ ! "${FIND}" = "" ]; then
|
|
LINUX_VERSION="Oracle VM Server";
|
|
OS_FULLNAME=`grep "Oracle VM" /etc/ovs-release`;
|
|
OS_VERSION="${OS_FULLNAME}";
|
|
fi
|
|
fi
|
|
|
|
# Red Hat
|
|
FIND=`grep "Red Hat" /etc/redhat-release`
|
|
if [ ! "${FIND}" = "" ]; then
|
|
OS_FULLNAME=`grep "Red Hat" /etc/redhat-release`
|
|
OS_VERSION="${OS_FULLNAME}"
|
|
LINUX_VERSION="Red Hat"
|
|
fi
|
|
|
|
# Scientific
|
|
FIND=`grep "Scientific" /etc/redhat-release`
|
|
if [ ! "${FIND}" = "" ]; then
|
|
OS_FULLNAME=`grep "^Scientific" /etc/redhat-release`
|
|
OS_VERSION=`grep "^Scientific" /etc/redhat-release | awk '{ if ($3=="release") { print $4 } }'`
|
|
LINUX_VERSION="Scientific"
|
|
fi
|
|
|
|
fi
|
|
|
|
# PCLinuxOS
|
|
if [ -f /etc/pclinuxos-release ]; then
|
|
FIND=`grep "^PCLinuxOS" /etc/pclinuxos-release`
|
|
if [ ! "${FIND}" = "" ]; then
|
|
OS_FULLNAME="PCLinuxOS Linux"
|
|
LINUX_VERSION="PCLinuxOS"
|
|
OS_VERSION=`grep "^PCLinuxOS" /etc/pclinuxos-release | awk '{ if ($2=="release") { print $3 } }'`
|
|
fi
|
|
fi
|
|
|
|
# Sabayon Linux
|
|
if [ -f /etc/sabayon-edition ]; then
|
|
FIND=`grep "Sabayon Linux" /etc/sabayon-edition`
|
|
if [ ! "${FIND}" = "" ]; then
|
|
OS_FULLNAME="Sabayon Linux"
|
|
LINUX_VERSION="Sabayon"
|
|
OS_VERSION=`cat /etc/sabayon-edition | awk '{ print $3 }'`
|
|
fi
|
|
fi
|
|
|
|
if [ -f /etc/SLOX-release ]; then
|
|
OS_FULLNAME=`grep "SuSE Linux" /etc/SLOX-release`
|
|
LINUX_VERSION="SuSE"
|
|
fi
|
|
|
|
# Slackware
|
|
if [ -f /etc/slackware-version ]; then
|
|
LINUX_VERSION="Slackware"
|
|
OS_VERSION=`grep "^Slackware" /etc/slackware-version | awk '{ if ($1=="Slackware") { print $2 } }'`
|
|
OS_FULLNAME="Slackware Linux ${OS_VERSION}"
|
|
fi
|
|
|
|
# SuSE
|
|
if [ -e "/etc/SuSE-release" ]; then
|
|
OS_VERSION=`cat /etc/SuSE-release | head -n 1`;
|
|
LINUX_VERSION="SuSE";
|
|
fi
|
|
|
|
# Turbo Linux
|
|
if [ -e "/etc/turbolinux-release" ]; then OS_FULLNAME=`cat /etc/turbolinux-release`; fi
|
|
|
|
# YellowDog
|
|
if [ -e "/etc/yellowdog-release" ]; then OS_FULLNAME=`cat /etc/yellowdog-release`; fi
|
|
|
|
# VMware
|
|
if [ -e "/etc/vmware-release" ]; then
|
|
OS_FULLNAME=`cat /etc/vmware-release`
|
|
OS_VERSION=`uname -r`
|
|
IS_VMWARE_ESXI=`vmware -vl | grep VMware ESXi`
|
|
if [ ! "${IS_VMWARE_ESXI}" = "" ]; then
|
|
OS_FULLNAME="VMware ESXi ${OS_VERSION}"
|
|
fi
|
|
fi
|
|
|
|
# ===================================================================
|
|
# Set OS name to the discovered Linux version
|
|
if [ ! "${LINUX_VERSION}" = "" -a "${OS_NAME}" = "Linux" ]; then
|
|
OS_NAME="${LINUX_VERSION}"
|
|
fi
|
|
# If Linux version (full name) is unknown, use uname value
|
|
if [ "${OS_FULLNAME}" = "" ]; then OS_FULLNAME=`uname -s -r`; fi
|
|
SYSCTL_READKEY="sysctl -n"
|
|
|
|
;;
|
|
|
|
# NetBSD
|
|
NetBSD)
|
|
OS="NetBSD"
|
|
OS_NAME="NetBSD"
|
|
OS_FULLNAME=`uname -s -r`
|
|
OS_KERNELVERSION=`uname -v`
|
|
OS_VERSION=`uname -r`
|
|
HARDWARE=`uname -m`
|
|
FIND_BINARIES="whereis"
|
|
SYSCTL_READKEY=""
|
|
;;
|
|
|
|
# OpenBSD
|
|
OpenBSD)
|
|
OS="OpenBSD"
|
|
OS_NAME="OpenBSD"
|
|
OS_FULLNAME=`uname -s -r`
|
|
OS_KERNELVERSION=`uname -v`
|
|
OS_VERSION=`uname -r`
|
|
HARDWARE=`uname -m`
|
|
FIND_BINARIES="whereis"
|
|
SYSCTL_READKEY=""
|
|
;;
|
|
|
|
# Solaris / OpenSolaris
|
|
SunOS)
|
|
OS="Solaris"
|
|
OS_NAME="Sun Solaris"
|
|
OS_FULLNAME=`uname -s -r`
|
|
OS_VERSION=`uname -r`
|
|
HARDWARE=`uname -m`
|
|
if [ -x /usr/bin/isainfo ]; then
|
|
# Returns 32, 64
|
|
OS_MODE=`/usr/bin/isainfo -b`
|
|
fi
|
|
SYSCTL_READKEY=""
|
|
;;
|
|
|
|
# VMware products
|
|
VMkernel)
|
|
OS="VMware"
|
|
OS_FULLNAME=""
|
|
OS_VERSION=""
|
|
HARDWARE=`uname -m`
|
|
if [ -e "/etc/vmware-release" ]; then
|
|
OS_FULLNAME=`cat /etc/vmware-release`
|
|
OS_VERSION=`uname -r`
|
|
fi
|
|
HAS_VMWARE_UTIL=`which vmware 2> /dev/null`
|
|
if [ ! "${HAS_VMWARE_UTIL}" = "" ]; then
|
|
IS_VMWARE_ESXI=`vmware -vl | grep VMware ESXi`
|
|
if [ ! "${IS_VMWARE_ESXI}" = "" ]; then
|
|
OS_NAME="VMware ESXi"
|
|
OS_FULLNAME="VMware ESXi ${OS_VERSION}"
|
|
fi
|
|
fi
|
|
;;
|
|
|
|
|
|
# Unknown or unsupported systems
|
|
*)
|
|
echo "[ ${WARNING}WARNING${NORMAL} ]"
|
|
echo "${WARNING}Error${NORMAL}: ${WHITE}Unknown OS found. No support available yet for this OS or platform...${NORMAL}"
|
|
echo "Please consult the README/documentation for more information."
|
|
exit 1
|
|
;;
|
|
|
|
esac
|
|
|
|
# Set correct echo binary and parameters after detecting operating system
|
|
ECHONB=""
|
|
|
|
case ${OS} in
|
|
"AIX") ECHOCMD="echo" ;;
|
|
"DragonFly"|"FreeBSD"|"NetBSD") ECHOCMD="echo -e"; ECHONB="echo -n" ;;
|
|
"MacOS") ECHOCMD="echo"; ECHONB="echo -n" ;;
|
|
"Solaris") ECHOCMD="echo" ;;
|
|
"Linux")
|
|
# Check if dash is used (Debian/Ubuntu)
|
|
DEFAULT_SHELL=`ls -l /bin/sh | awk -F'>' '{print $2}'`
|
|
case ${DEFAULT_SHELL} in
|
|
" dash") ECHOCMD="/bin/echo -e" ;;
|
|
*) ECHOCMD="echo -e" ;;
|
|
esac
|
|
;;
|
|
*) ECHOCMD="echo -e" ;;
|
|
esac
|
|
|
|
# Check if we have full featured commands, or are using BusyBox as a shell
|
|
if [ -x /bin/busybox ]; then
|
|
if [ -L /bin/ps ]; then
|
|
ShowSymlinkPath /bin/ps
|
|
if [ "${SYMLINK}" = "/bin/busybox" ]; then
|
|
SHELL_IS_BUSYBOX=1
|
|
fi
|
|
fi
|
|
fi
|
|
|
|
|
|
#================================================================================
|
|
# Lynis - Copyright 2007-2016 Michael Boelen, CISOfy - https://cisofy.com
|