"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "include/tests_kernel_hardening" between
lynis-3.0.1.tar.gz and lynis-3.0.2.tar.gz

About: Lynis is a security and system auditing tool.

tests_kernel_hardening  (lynis-3.0.1):tests_kernel_hardening  (lynis-3.0.2)
skipping to change at line 25 skipping to change at line 25
# Lynis comes with ABSOLUTELY NO WARRANTY. This is free software, and you are # Lynis comes with ABSOLUTELY NO WARRANTY. This is free software, and you are
# welcome to redistribute it under the terms of the GNU General Public License. # welcome to redistribute it under the terms of the GNU General Public License.
# See LICENSE file for usage of this software. # See LICENSE file for usage of this software.
# #
################################################################################ # ################################################################################ #
# #
# Kernel # Kernel
# #
################################################################################ # ################################################################################ #
# #
InsertSection "Kernel Hardening" InsertSection "${SECTION_KERNEL_HARDENING}"
# #
################################################################################ # ################################################################################ #
# #
# Test : KRNL-6000 # Test : KRNL-6000
# Description : Check sysctl parameters # Description : Check sysctl parameters
# Sysctl : net.ipv4.icmp_ingore_bogus_error_responses (=1) # Sysctl : net.ipv4.icmp_ignore_bogus_error_responses (=1)
if [ ! "${SYSCTL_READKEY}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO" ; fi if [ ! "${SYSCTL_READKEY}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO" ; fi
Register --test-no KRNL-6000 --preqs-met ${PREQS_MET} --weight L --network N O --category security --description "Check sysctl key pairs in scan profile" Register --test-no KRNL-6000 --preqs-met ${PREQS_MET} --weight L --network N O --category security --description "Check sysctl key pairs in scan profile"
if [ ${SKIPTEST} -eq 0 ]; then if [ ${SKIPTEST} -eq 0 ]; then
FOUND=0 FOUND=0
DATA_TO_SCAN="" DATA_TO_SCAN=""
N=0 N=0
Display --indent 2 --text "- Comparing sysctl key pairs with scan profil e" Display --indent 2 --text "- Comparing sysctl key pairs with scan profil e"
# First scan optional profiles only (ignore default and custom) # First scan optional profiles only (ignore default and custom)
for PROFILE in ${PROFILES}; do for PROFILE in ${PROFILES}; do
skipping to change at line 92 skipping to change at line 92
if [ "${value}" = "${tFINDcurvalue}" ]; then if [ "${value}" = "${tFINDcurvalue}" ]; then
positive_match=1 positive_match=1
fi fi
done done
if [ ${positive_match} -eq 1 ]; then if [ ${positive_match} -eq 1 ]; then
LogText "Result: sysctl key ${tFINDkey} contains equal e xpected and current value (${tFINDexpvalue})" LogText "Result: sysctl key ${tFINDkey} contains equal e xpected and current value (${tFINDexpvalue})"
Display --indent 4 --text "- ${tFINDkey} (exp: ${tFINDex pvalue})" --result "${STATUS_OK}" --color GREEN Display --indent 4 --text "- ${tFINDkey} (exp: ${tFINDex pvalue})" --result "${STATUS_OK}" --color GREEN
AddHP ${tFINDhp} ${tFINDhp} AddHP ${tFINDhp} ${tFINDhp}
else else
LogText "Result: sysctl key ${tFINDkey} has a different value than expected in scan profile. Expected=${tFINDexpvalue}, Real=${tFINDcurv alue}" LogText "Result: sysctl key ${tFINDkey} has a different value than expected in scan profile. Expected=${tFINDexpvalue}, Real=${tFINDcurv alue}"
Display --indent 4 --text "- ${tFINDkey} (exp: ${tFINDex pvalue})" --result DIFFERENT --color RED Display --indent 4 --text "- ${tFINDkey} (exp: ${tFINDex pvalue})" --result "${STATUS_DIFFERENT}" --color RED
AddHP 0 ${tFINDhp} AddHP 0 ${tFINDhp}
FOUND=1 FOUND=1
N=$((N + 1)) N=$((N + 1))
ReportDetails --test "${TEST_NO}" --service "sysctl" --f ield "${tFINDkey}" --value "${tFINDcurvalue}" --preferredvalue "${tFINDexpvalue} " --description "${tFINDdesc}" ReportDetails --test "${TEST_NO}" --service "sysctl" --f ield "${tFINDkey}" --value "${tFINDcurvalue}" --preferredvalue "${tFINDexpvalue} " --description "${tFINDdesc}"
fi fi
else else
LogText "Result: key ${tFINDkey} does not exist on this mach ine" LogText "Result: key ${tFINDkey} does not exist on this mach ine"
fi fi
else else
LogText "Skipped test for ${tFINDkey} via profile" LogText "Skipped test for ${tFINDkey} via profile"
 End of changes. 3 change blocks. 
3 lines changed or deleted 3 lines changed or added

Home  |  About  |  Features  |  All  |  Newest  |  Dox  |  Diffs  |  RSS Feeds  |  Screenshots  |  Comments  |  Imprint  |  Privacy  |  HTTP(S)