"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "include/tests_filesystems" between
lynis-3.0.1.tar.gz and lynis-3.0.2.tar.gz

About: Lynis is a security and system auditing tool.

tests_filesystems  (lynis-3.0.1):tests_filesystems  (lynis-3.0.2)
skipping to change at line 31 skipping to change at line 31
# File systems # File systems
# #
################################################################################ # ################################################################################ #
# #
# Number of days to mark a file as old # Number of days to mark a file as old
TMP_OLD_DAYS=90 TMP_OLD_DAYS=90
LVM_VG_USED=0 LVM_VG_USED=0
# #
################################################################################ # ################################################################################ #
# #
InsertSection "File systems" InsertSection "${SECTION_FILE_SYSTEMS}"
# #
################################################################################ # ################################################################################ #
# #
# Test : FILE-6310 # Test : FILE-6310
# Description : Checking if some mount points are separated from / # Description : Checking if some mount points are separated from /
# Goal : Users should not be able to fill their home directory or tem porary directory and creating a Denial of Service # Goal : Users should not be able to fill their home directory or tem porary directory and creating a Denial of Service
Register --test-no FILE-6310 --weight L --network NO --category security --d escription "Checking /tmp, /home and /var directory" Register --test-no FILE-6310 --weight L --network NO --category security --d escription "Checking /tmp, /home and /var directory"
if [ ${SKIPTEST} -eq 0 ]; then if [ ${SKIPTEST} -eq 0 ]; then
Display --indent 2 --text "- Checking mount points" Display --indent 2 --text "- Checking mount points"
SEPARATED_FILESYTEMS="/home /tmp /var" SEPARATED_FILESYTEMS="/home /tmp /var"
skipping to change at line 632 skipping to change at line 632
LogText "Result: marked ${FILESYSTEM} options as non -default (unclear about hardening)" LogText "Result: marked ${FILESYSTEM} options as non -default (unclear about hardening)"
Display --indent 2 --text "- Mount options of ${FILE SYSTEM}" --result "NON DEFAULT" --color YELLOW Display --indent 2 --text "- Mount options of ${FILE SYSTEM}" --result "NON DEFAULT" --color YELLOW
AddHP 4 5 AddHP 4 5
fi fi
fi fi
else else
LogText "Result: file system ${FILESYSTEM} not found in ${RO OTDIR}etc/fstab" LogText "Result: file system ${FILESYSTEM} not found in ${RO OTDIR}etc/fstab"
fi fi
done done
fi fi
NMOUNTS=$(mount | ${WCBINARY} --lines) NMOUNTS=$(mount | ${WCBINARY} -l)
NDEVMOUNTS=$(mount | ${AWKBINARY} '{print $6}' | ${GREPBINARY} -v nodev NDEVMOUNTS=$(mount | ${AWKBINARY} '{print $6}' | ${GREPBINARY} -v nodev
| ${WCBINARY} --lines) | ${WCBINARY} -l)
NEXECMOUNTS=$(mount | ${AWKBINARY} '{print $6}' | ${GREPBINARY} -v noexe NEXECMOUNTS=$(mount | ${AWKBINARY} '{print $6}' | ${GREPBINARY} -v noexe
c | ${WCBINARY} --lines) c | ${WCBINARY} -l)
NSUIDMOUNTS=$(mount | ${AWKBINARY} '{print $6}' | ${GREPBINARY} -v nosui NSUIDMOUNTS=$(mount | ${AWKBINARY} '{print $6}' | ${GREPBINARY} -v nosui
d | ${WCBINARY} --lines) d | ${WCBINARY} -l)
NWRITEANDEXECMOUNTS=$(mount | ${AWKBINARY} '{print $6}' | ${GREPBINARY} NWRITEANDEXECMOUNTS=$(mount | ${AWKBINARY} '{print $6}' | ${GREPBINARY}
-v noexec | ${EGREPBINARY} -v '^\(ro[,)]' | ${WCBINARY} --lines) -v noexec | ${EGREPBINARY} -v '^\(ro[,)]' | ${WCBINARY} -l)
LogText "Result: Total without nodev:${NDEVMOUNTS} noexec:${NEXECMOUNTS} nosuid:${NSUIDMOUNTS} ro or noexec (W^X): ${NWRITEANDEXECMOUNTS}, of total ${NM OUNTS}" LogText "Result: Total without nodev:${NDEVMOUNTS} noexec:${NEXECMOUNTS} nosuid:${NSUIDMOUNTS} ro or noexec (W^X): ${NWRITEANDEXECMOUNTS}, of total ${NM OUNTS}"
v noexec | ${EGREPBINARY} -v '^\(ro[,)]' | ${WCBINARY} <span class="insert">-l)< /span>
Display --indent 2 --text "- Total without nodev:${NDEVMOUNTS} noexec:${ NEXECMOUNTS} nosuid:${NSUIDMOUNTS} ro or noexec (W^X): ${NWRITEANDEXECMOUNTS} of total ${NMOUNTS}" Display --indent 2 --text "- Total without nodev:${NDEVMOUNTS} noexec:${ NEXECMOUNTS} nosuid:${NSUIDMOUNTS} ro or noexec (W^X): ${NWRITEANDEXECMOUNTS} of total ${NMOUNTS}"
fi fi
# #
################################################################################ # ################################################################################ #
# #
# Test : FILE-6376 # Test : FILE-6376
# Description : Bind mount the /var/tmp directory to /tmp # Description : Bind mount the /var/tmp directory to /tmp
Register --test-no FILE-6376 --os Linux --weight L --network NO --category s ecurity --description "Determine if /var/tmp is bound to /tmp" Register --test-no FILE-6376 --os Linux --weight L --network NO --category s ecurity --description "Determine if /var/tmp is bound to /tmp"
if [ ${SKIPTEST} -eq 0 ]; then if [ ${SKIPTEST} -eq 0 ]; then
 End of changes. 3 change blocks. 
11 lines changed or deleted 10 lines changed or added

Home  |  About  |  Features  |  All  |  Newest  |  Dox  |  Diffs  |  RSS Feeds  |  Screenshots  |  Comments  |  Imprint  |  Privacy  |  HTTP(S)