mirror of
https://github.com/CISOfy/lynis.git
synced 2026-03-11 08:55:28 +00:00
Non printable ESC character is required to obtain terminal escape sequence i.e. for changing output color. Such sequences (especially ESC character) were replaced by command substitution producing exactly same result (variable value), but using only "safe" characters. Use of printf and especialy '\033' or '\0ddd' sequences is described here: http://pubs.opengroup.org/onlinepubs/9699919799/utilities/printf.html#tag_20_94_13 Use of $(command) or command substitution is described here: http://pubs.opengroup.org/onlinepubs/9699919799/utilities/V3_chap02.html#tag_18_06_03 Verbatim TAB characters were replaced with \t escape sequence as described to avoid problems with editors silently replacing them or developer accidentialy messing up the regex.
365 lines
9.5 KiB
Bash
365 lines
9.5 KiB
Bash
#!/bin/sh
|
|
|
|
#################################################################################
|
|
#
|
|
# Lynis
|
|
# ------------------
|
|
#
|
|
# Copyright 2007-2013, Michael Boelen
|
|
# Copyright 2007-2018, CISOfy
|
|
#
|
|
# Website : https://cisofy.com
|
|
# Blog : http://linux-audit.com
|
|
# GitHub : https://github.com/CISOfy/lynis
|
|
#
|
|
# Lynis comes with ABSOLUTELY NO WARRANTY. This is free software, and you are
|
|
# welcome to redistribute it under the terms of the GNU General Public License.
|
|
# See LICENSE file for usage of this software.
|
|
#
|
|
#################################################################################
|
|
#
|
|
# Consts
|
|
#
|
|
#################################################################################
|
|
#
|
|
|
|
# Paths where system and program binaries are located
|
|
BIN_PATHS="/bin /sbin /usr/bin /usr/sbin /usr/local/bin /usr/local/sbin \
|
|
/usr/local/libexec /usr/libexec /usr/sfw/bin /usr/sfw/sbin \
|
|
/usr/sfw/libexec /opt/sfw/bin /opt/sfw/sbin /opt/sfw/libexec \
|
|
/usr/xpg4/bin /usr/css/bin /usr/ucb /usr/X11R6/bin /usr/X11R7/bin \
|
|
/usr/pkg/bin /usr/pkg/sbin"
|
|
|
|
ETC_PATHS="/etc /usr/local/etc"
|
|
|
|
# Do not use specific language, fall back to default
|
|
# Some tools with translated strings are very hard to parse
|
|
unset LANG
|
|
|
|
#
|
|
#################################################################################
|
|
#
|
|
# Initialize defaults
|
|
#
|
|
#################################################################################
|
|
#
|
|
# == Variable initializing ==
|
|
#
|
|
ARCH_AUDIT_BINARY=""
|
|
AUDITORNAME=""
|
|
AUDITCTLBINARY=""
|
|
AUDITDBINARY=""
|
|
AUTH_FAILED_LOGINS_LOGGED=0
|
|
AUTH_UNLOCK_TIME=-1
|
|
PROFILE=""
|
|
REPORTFILE=""
|
|
AFICKBINARY=""
|
|
AIDEBINARY=""
|
|
AASTATUSBINARY=""
|
|
AUDITD_RUNNING=0
|
|
APPLICATION_FIREWALL_ACTIVE=0
|
|
BINARY_SCAN_FINISHED=0
|
|
BLKIDBINARY=""
|
|
CAT_BINARY=""
|
|
CFAGENTBINARY=""
|
|
CHECK=0
|
|
CHECK_BINARIES=1
|
|
CHECK_OPTION_ARRAY=""
|
|
CHKROOTKITBINARY=""
|
|
CHKCONFIGBINARY=""
|
|
CLAMCONF_BINARY=""
|
|
CLAMSCANBINARY=""
|
|
COLORS=1
|
|
COMPLIANCE_ENABLE_CIS=0
|
|
COMPLIANCE_ENABLE_HIPAA=0
|
|
COMPLIANCE_ENABLE_ISO27001=0
|
|
COMPLIANCE_ENABLE_PCI_DSS=0
|
|
COMPLIANCE_TESTS_PERFORMED=0
|
|
COMPLIANCE_FINDINGS_FOUND=0
|
|
COMPRESSED_UPLOADS=0
|
|
CONTROL_URL_APPEND=""
|
|
CONTROL_URL_PREPEND=""
|
|
CONTROL_URL_PROTOCOL=""
|
|
CONTAINER_TYPE=""
|
|
CREATE_REPORT_FILE=1
|
|
CSUMBINARY=""
|
|
CUSTOM_URL_APPEND=""
|
|
CUSTOM_URL_PREPEND=""
|
|
CUSTOM_URL_PROTOCOL=""
|
|
CUTBINARY=""
|
|
DATABASE_ENGINE_RUNNING=0
|
|
DB2_RUNNING=0
|
|
DBUSDAEMONBINARY=""
|
|
DEBSECANBINARY=""
|
|
DEBSUMSBINARY=""
|
|
DEVELOPER_MODE=0
|
|
DISCOVERED_BINARIES=""
|
|
DMIDECODEBINARY=""
|
|
DNFBINARY=""
|
|
DOCKERBINARY=""
|
|
DOCKER_DAEMON_RUNNING=0
|
|
ECHOCMD=""
|
|
ERROR_ON_WARNINGS=0
|
|
FAIL2BANBINARY=""
|
|
FILEBINARY=""
|
|
FILEVALUE=""
|
|
FIND=""
|
|
FIREWALL_ACTIVE=0
|
|
FOUNDPATH=0
|
|
GETENT_BINARY=""
|
|
GRADMBINARY=""
|
|
GREPBINARY="grep"
|
|
GROUP_NAME=""
|
|
GRPCKBINARY=""
|
|
GRSEC_FOUND=0
|
|
GRUB2INSTALLBINARY=""
|
|
HAS_SYSTEMD=0
|
|
HEADBINARY=""
|
|
HELPER=""
|
|
HOSTID=""
|
|
HOSTID2=""
|
|
HTTPDBINARY=""
|
|
IDS_IPS_TOOL_FOUND=0
|
|
IPFBINARY=""
|
|
IPTABLESBINARY=""
|
|
JOURNALCTLBINARY=""
|
|
KLDSTATBINARY=""
|
|
LAUNCHCTL_BINARY=""
|
|
LDAP_CLIENT_CONFIG_FILE=""
|
|
LINUX_VERSION=""
|
|
LINUXCONFIGFILE=""
|
|
LMDBINARY=""
|
|
LMDFOUND=0
|
|
LOGFILE=""
|
|
LOGDIR=""
|
|
LOGTEXT=1
|
|
LSVGBINARY=""
|
|
MACHINEID=""
|
|
MACHINE_ROLE=""
|
|
MALWARE_SCANNER_INSTALLED=0
|
|
MIN_PASSWORD_LENGTH=-1
|
|
MONGODB_RUNNING=0
|
|
MOUNTBINARY=""
|
|
MTREEBINARY=""
|
|
MYSQLCLIENTBINARY=""
|
|
MYSQL_RUNNING=0
|
|
N_PLUGIN=0
|
|
N_PLUGIN_ENABLED=0
|
|
NAME_CACHE_USED=0
|
|
NETWORK_INTERFACES=""
|
|
NFTBINARY=""
|
|
NGINX_ACCESS_LOG_DISABLED=0
|
|
NGINX_ACCESS_LOG_MISSING=0
|
|
NGINX_ALIAS_FOUND=0
|
|
NGINX_ALLOW_FOUND=0
|
|
NGINX_DENY_FOUND=0
|
|
NGINX_ERROR_LOG_DEBUG=0
|
|
NGINX_ERROR_LOG_MISSING=0
|
|
NGINX_EVENTS_COUNTER=0
|
|
NGINX_EXPIRES_FOUND=0
|
|
NGINX_FASTCGI_FOUND=0
|
|
NGINX_FASTCGI_PARAMS_FOUND=0
|
|
NGINX_FASTCGI_PASS_FOUND=0
|
|
NGINX_HTTP_COUNTER=0
|
|
NGINX_LISTEN_FOUND=0
|
|
NGINX_LOCATION_COUNTER=0
|
|
NGINX_LOCATION_FOUND=0
|
|
NGINX_SERVER_COUNTER=0
|
|
NGINX_SSL_CIPHERS=0
|
|
NGINX_SSL_ON=0
|
|
NGINX_SSL_PREFER_SERVER_CIPHERS=0
|
|
NGINX_SSL_PROTOCOLS=0
|
|
NGINX_RETURN_FOUND=0
|
|
NGINX_ROOT_FOUND=0
|
|
NGINX_WEAK_SSL_PROTOCOL_FOUND=0
|
|
NTPD_ROLE=""
|
|
NTPQBINARY=""
|
|
OPTION_DEBIAN_SKIP_SECURITY_REPOSITORY=0
|
|
OPTIONS_CONN_MAX_WAIT_STATE=""
|
|
ORACLE_RUNNING=0
|
|
OS=""
|
|
OS_KERNELVERSION=""
|
|
OS_KERNELVERSION_FULL=""
|
|
OS_MODE=""
|
|
OS_REDHAT_OR_CLONE=0
|
|
OSIRISBINARY=""
|
|
PACMANBINARY=""
|
|
PASSWORD_MAXIMUM_DAYS=-1
|
|
PASSWORD_MINIMUM_DAYS=-1
|
|
PAM_2F_AUTH_ENABLED=0
|
|
PAM_2F_AUTH_REQUIRED=0
|
|
PAM_AUTH_BRUTE_FORCE_PROTECTION=0
|
|
PAM_PASSWORD_HISTORY_AMOUNT=0
|
|
PAM_PASSWORD_HISTORY_ENABLED=0
|
|
PAM_PASSWORD_STRENGTH_TESTED=0
|
|
PAM_PASSWORD_PWHISTORY_ENABLED=0
|
|
PAM_PASSWORD_UXHISTORY_ENABLED=0
|
|
PFCTLBINARY=""
|
|
PFFOUND=0
|
|
PGREPBINARY=""
|
|
PIDFILE=""
|
|
PKG_BINARY=""
|
|
PKGADMINBINARY=""
|
|
PLUGINDIR=""
|
|
PLUGIN_PHASE=0
|
|
POSTFIXBINARY=""
|
|
POSTGRES_RUNNING=0
|
|
PRIVILEGED=0
|
|
PROFILES=""
|
|
PROFILEVALUE=""
|
|
PSBINARY="ps"
|
|
PSOPTIONS=""
|
|
PUPPETBINARY=""
|
|
READLINKBINARY=""
|
|
REDIS_RUNNING=0
|
|
REFRESH_REPOSITORIES=1
|
|
REMOTE_LOGGING_ENABLED=0
|
|
RESOLV_DOMAINNAME=""
|
|
RKHUNTERBINARY=""
|
|
ROOTDIR="/"
|
|
ROOTSHBINARY=""
|
|
RPCINFOBINARY=""
|
|
RPMBINARY=""
|
|
RUN_HELPERS=0
|
|
RUN_TESTS=1
|
|
RUN_UPDATE_CHECK=1
|
|
SALTMASTERBINARY=""
|
|
SALTMINIONBINARY=""
|
|
SAMHAINBINARY=""
|
|
SCAN_TEST_HEAVY=""; SCAN_TEST_MEDIUM=""; SCAN_TEST_LOW=""
|
|
SEARCH_PROFILES=""
|
|
SESTATUSBINARY=""
|
|
SERVICE_MANAGER=""
|
|
SETBINARY=""
|
|
SETTINGS=""
|
|
SETTINGS_FILE=""
|
|
SET_STRICT=0
|
|
SHELL_IS_BUSYBOX=0
|
|
SHOWMOUNTBINARY=""
|
|
SHOW_PROGRAM_DETAILS=1
|
|
SHOW_REPORT=1
|
|
SHOW_REPORT_SOLUTION=1
|
|
SHOW_TOOL_TIPS=1 # Show inline tool tips (default true)
|
|
SHOW_WARNINGS_ONLY=0
|
|
SKIP_PLUGINS=0
|
|
SKIP_TESTS=""
|
|
SKIPREASON=""
|
|
SKIPPED_TESTS_ROOTONLY=""
|
|
SMTPCTLBINARY=""
|
|
SNORTBINARY=""
|
|
SSHKEYSCANBINARY=""
|
|
SSHKEYSCANFOUND=0
|
|
SSL_CERTIFICATE_PATHS=""
|
|
STUNNELBINARY=""
|
|
SYSLOGNGBINARY=""
|
|
SYSTEMCTLBINARY=""
|
|
SYSTEM_IS_NOTEBOOK=255
|
|
TEMP_FILE=""
|
|
TEMP_FILES=""
|
|
TEST_SKIP_ALWAYS=""
|
|
TEST_AVAILABLE_CATEGORIES="performance privacy security"
|
|
TEST_CATEGORY_TO_CHECK="all"
|
|
TEST_GROUP_TO_CHECK="all"
|
|
TESTS_EXECUTED=""
|
|
TESTS_SKIPPED=""
|
|
TMPFILE=""
|
|
TOOLTIP_SHOWED=0
|
|
TOTAL_SUGGESTIONS=0
|
|
TOTAL_WARNINGS=0
|
|
TRBINARY=""
|
|
TRIPWIREBINARY=""
|
|
UEFI_BOOTED=0
|
|
UEFI_BOOTED_SECURE=0
|
|
UNAMEBINARY=""
|
|
UNBOUND_RUNNING=0
|
|
UNIQBINARY=""
|
|
UPDATE_CHECK_SKIPPED=0
|
|
UPLOAD_OPTIONS=""
|
|
UPLOAD_PROXY_PORT=""
|
|
UPLOAD_PROXY_PROTOCOL=""
|
|
UPLOAD_PROXY_SERVER=""
|
|
UPLOAD_TOOL=""
|
|
UPLOAD_TOOL_ARGS=""
|
|
VALUE=""
|
|
VERBOSE=0
|
|
VMTYPE=""
|
|
VULNERABLE_PACKAGES_FOUND=0
|
|
WCBINARY=""
|
|
XARGSBINARY=""
|
|
YUMBINARY=""
|
|
ZYPPERBINARY=""
|
|
#
|
|
#################################################################################
|
|
#
|
|
# * Options
|
|
#
|
|
#################################################################################
|
|
#
|
|
CRONJOB=0 # Run as a cronjob
|
|
CTESTS_PERFORMED=0 # Number of tests which are performed
|
|
DEBUG=0 # Debugging mode (to screen)
|
|
HPPOINTS=0 # Number of hardening points
|
|
HPTOTAL=0 # Maximum number of hardening points
|
|
LOG_INCORRECT_OS=1 # Log tests with incorrect OS
|
|
NEVERBREAK=0 # Don't wait for user input
|
|
PENTESTINGMODE=0 # Try tests without root privileges
|
|
QUICKMODE=1 # Don't wait for user input
|
|
QUIET=0 # Show normal messages and warnings as well
|
|
SKIPLOGTEST=0 # Skip logging for one test
|
|
SKIP_UPGRADE_TEST=0 # Skip upgrade test
|
|
TESTS_TO_PERFORM="" # Which tests only to perform
|
|
TEST_PAUSE_TIME=0 # Default pause time
|
|
TOTAL_TESTS=0 # Total amount of tests (counter)
|
|
UPLOAD_DATA=0 # Upload of data to central node
|
|
VIEWHELP=0 # Show help
|
|
WRONGOPTION=0 # A wrong option is used
|
|
#
|
|
#################################################################################
|
|
#
|
|
# Installed packages and other settings
|
|
COMPILER_INSTALLED=0
|
|
#
|
|
#################################################################################
|
|
#
|
|
# * Colors
|
|
#
|
|
# For improved display
|
|
#
|
|
#################################################################################
|
|
#
|
|
|
|
# Normal color names
|
|
CYAN="$(printf '\033[0;36m')"
|
|
BLUE="$(printf '\033[0;34m')"
|
|
BROWN="$(printf '\033[0;33m')"
|
|
DARKGRAY="$(printf '\033[0;30m')"
|
|
GRAY="$(printf '\033[0;37m')"
|
|
GREEN="$(printf '\033[1;32m')"
|
|
LIGHTBLUE="$(printf '\033[0;94m')"
|
|
MAGENTA="$(printf '\033[1;35m')"
|
|
PURPLE="$(printf '\033[0;35m')"
|
|
RED="$(printf '\033[1;31m')"
|
|
YELLOW="$(printf '\033[1;33m')"
|
|
WHITE="$(printf '\033[1;37m')"
|
|
|
|
# Markup
|
|
BOLD="${WHITE}"
|
|
|
|
# With background
|
|
BG_BLUE="$(printf '\033[0;44m')"
|
|
|
|
# Semantic names
|
|
HEADER="${WHITE}"
|
|
NORMAL="$(printf '\033[0m')"
|
|
WARNING="${RED}"
|
|
SECTION="${YELLOW}"
|
|
NOTICE="${YELLOW}"
|
|
OK="${GREEN}"
|
|
BAD="${RED}"
|
|
|
|
#
|
|
#################################################################################
|
|
#
|
|
|
|
#================================================================================
|
|
# Lynis - Security Auditing and System Hardening for Linux and UNIX - https://cisofy.com
|