"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "include/tests_logging" between
lynis-3.0.1.tar.gz and lynis-3.0.2.tar.gz

About: Lynis is a security and system auditing tool.

tests_logging  (lynis-3.0.1):tests_logging  (lynis-3.0.2)
skipping to change at line 31 skipping to change at line 31
# Logging and related files # Logging and related files
# #
################################################################################ # ################################################################################ #
# #
LOG_FILES_LOCS="${ROOTDIR}var/log ${ROOTDIR}var/adm" LOG_FILES_LOCS="${ROOTDIR}var/log ${ROOTDIR}var/adm"
LOGROTATE_CONFIG_FOUND=0 LOGROTATE_CONFIG_FOUND=0
LOGROTATE_TOOL="" LOGROTATE_TOOL=""
METALOG_RUNNING=0 METALOG_RUNNING=0
RFC3195D_RUNNING=0 RFC3195D_RUNNING=0
RSYSLOG_RUNNING=0 RSYSLOG_RUNNING=0
SOLARIS_LOGHOST=""
SOLARIS_LOGHOST_FOUND=0 SOLARIS_LOGHOST_FOUND=0
SOLARIS_LOGHOST_LOCALHOST=0
SYSLOG_DAEMON_PRESENT=0 SYSLOG_DAEMON_PRESENT=0
SYSLOG_DAEMON_RUNNING=0 SYSLOG_DAEMON_RUNNING=0
SYSLOG_NG_RUNNING=0 SYSLOG_NG_RUNNING=0
SYSTEMD_JOURNAL_RUNNING=0 SYSTEMD_JOURNAL_RUNNING=0
# #
################################################################################ # ################################################################################ #
# #
InsertSection "Logging and files" InsertSection "${SECTION_LOGGING_AND_FILES}"
# Test : LOGG-2130 # Test : LOGG-2130
# Description : Check for a running syslog daemon # Description : Check for a running syslog daemon
Register --test-no LOGG-2130 --weight L --network NO --category security --d escription "Check for running syslog daemon" Register --test-no LOGG-2130 --weight L --network NO --category security --d escription "Check for running syslog daemon"
if [ ${SKIPTEST} -eq 0 ]; then if [ ${SKIPTEST} -eq 0 ]; then
LogText "Test: Searching for a logging daemon" LogText "Test: Searching for a logging daemon"
FIND=$(${PSBINARY} ax | ${EGREPBINARY} "syslogd|syslog-ng|metalog|system d-journal" | ${GREPBINARY} -v "grep") FIND=$(${PSBINARY} ax | ${EGREPBINARY} "syslogd|syslog-ng|metalog|system d-journal" | ${GREPBINARY} -v "grep")
if [ -z "${FIND}" ]; then if [ -z "${FIND}" ]; then
Display --indent 2 --text "- Checking for a running log daemon" --re sult "${STATUS_WARNING}" --color RED Display --indent 2 --text "- Checking for a running log daemon" --re sult "${STATUS_WARNING}" --color RED
LogText "Result: Could not find a syslog daemon like syslog, syslog- ng, rsyslog, metalog, systemd-journal" LogText "Result: Could not find a syslog daemon like syslog, syslog- ng, rsyslog, metalog, systemd-journal"
skipping to change at line 308 skipping to change at line 310
# #
# Test : LOGG-2152 # Test : LOGG-2152
# Description : Check for Solaris 'loghost' entry in /etc/inet/hosts, or # Description : Check for Solaris 'loghost' entry in /etc/inet/hosts, or
# successful resolving via DNS or any other name service. # successful resolving via DNS or any other name service.
Register --test-no LOGG-2152 --weight L --os Solaris --network NO --category security --description "Checking loghost" Register --test-no LOGG-2152 --weight L --os Solaris --network NO --category security --description "Checking loghost"
if [ ${SKIPTEST} -eq 0 ]; then if [ ${SKIPTEST} -eq 0 ]; then
# Try local hosts file # Try local hosts file
LogText "Result: Checking for loghost in /etc/inet/hosts" LogText "Result: Checking for loghost in /etc/inet/hosts"
FIND=$(${GREPBINARY} loghost /etc/inet/hosts | ${GREPBINARY} -v "^#") FIND=$(${GREPBINARY} loghost /etc/inet/hosts | ${GREPBINARY} -v "^#")
if [ -n "${FIND}" ]; then if [ -n "${FIND}" ]; then
SOLARIS_LOGHOST="${FIND}"
SOLARIS_LOGHOST_FOUND=1 SOLARIS_LOGHOST_FOUND=1
LogText "Result: Found loghost entry in /etc/inet/hosts" LogText "Result: Found loghost entry in /etc/inet/hosts"
else else
LogText "Result: No loghost entry found in /etc/inet/hosts" LogText "Result: No loghost entry found in /etc/inet/hosts"
# Try name resolving if no entry is present in local host file # Try name resolving if no entry is present in local host file
LogText "Result: Checking for loghost via name resolving" LogText "Result: Checking for loghost via name resolving"
FIND=$(getent hosts loghost | ${GREPBINARY} loghost) FIND=$(getent hosts loghost | ${GREPBINARY} loghost)
if [ -n "${FIND}" ]; then if [ -n "${FIND}" ]; then
SOLARIS_LOGHOST="${FIND}"
SOLARIS_LOGHOST_FOUND=1 SOLARIS_LOGHOST_FOUND=1
LogText "Result: name resolving was successful" LogText "Result: name resolving was successful"
LogText "Output: ${FIND}" LogText "Output: ${FIND}"
else else
LogText "Result: name resolving didn't find results" LogText "Result: name resolving didn't find results"
fi fi
fi fi
if [ ${SOLARIS_LOGHOST_FOUND} -eq 1 ]; then if [ ${SOLARIS_LOGHOST_FOUND} -eq 1 ]; then
LogText "Result: loghost entry found and most likely used to send sy slog messages" LogText "Result: loghost entry found and most likely used to send sy slog messages"
skipping to change at line 338 skipping to change at line 342
else else
Display --indent 2 --text "- Checking loghost entry" --result "${STA TUS_WARNING}" --color RED Display --indent 2 --text "- Checking loghost entry" --result "${STA TUS_WARNING}" --color RED
LogText "Result: No loghost entry found" LogText "Result: No loghost entry found"
ReportWarning "${TEST_NO}" "No loghost entry found" ReportWarning "${TEST_NO}" "No loghost entry found"
ReportSuggestion "${TEST_NO}" "Add a loghost entry to /etc/inet/host s or other name services" ReportSuggestion "${TEST_NO}" "Add a loghost entry to /etc/inet/host s or other name services"
fi fi
fi fi
# #
################################################################################ # ################################################################################ #
# #
# Test : LOGG-2153
# Description : Check Solaris 'loghost' entry is not localhost, meaning
# remote logging is not configured.
if [ ${SOLARIS_LOGHOST_FOUND} -eq 1 ] && [ -n "${SOLARIS_LOGHOST}" ]; then P
REQS_MET="YES"; else PREQS_MET="NO"; fi
Register --test-no LOGG-2153 --preqs-met ${PREQS_MET} --weight L --network N
O --category security --description "Checking loghost is localhost"
if [ ${SKIPTEST} -eq 0 ]; then
FIND=$(echo "${SOLARIS_LOGHOST}" | ${AWKBINARY} '{ print $1 }' | ${EGREP
BINARY} "::1|127.0.0.1|127.1")
if [ -n "${FIND}" ]; then
SOLARIS_LOGHOST_LOCALHOST=1
LogText "Result: loghost entry is localhost (default)"
Display --indent 4 --text "- Checking loghost entry is localhost" --
result "${STATUS_YES}" --color YELLOW
ReportSuggestion "${TEST_NO}" "Set loghost entry to a remote locatio
n to enable remote logging."
else
Display --indent 4 --text "- Checking loghost entry is localhost" --
result "${STATUS_NO}" --color GREEN
fi
fi
#
################################################################################
#
#
# Test : LOGG-2154 # Test : LOGG-2154
# Description : Check to see if remote logging is enabled # Description : Check to see if remote logging is enabled
# Notes : prevent lines showing up with commands in it (like |mail) # Notes : prevent lines showing up with commands in it (like |mail)
if [ ${SYSLOG_DAEMON_RUNNING} -eq 1 ]; then PREQS_MET="YES"; else PREQS_MET= "NO"; fi if [ ${SYSLOG_DAEMON_RUNNING} -eq 1 ]; then PREQS_MET="YES"; else PREQS_MET= "NO"; fi
Register --test-no LOGG-2154 --preqs-met ${PREQS_MET} --weight L --network N O --category security --description "Checking syslog configuration file" Register --test-no LOGG-2154 --preqs-met ${PREQS_MET} --weight L --network N O --category security --description "Checking syslog configuration file"
if [ ${SKIPTEST} -eq 0 ]; then if [ ${SKIPTEST} -eq 0 ]; then
if [ ${RSYSLOG_RUNNING} -eq 1 ]; then if [ ${RSYSLOG_RUNNING} -eq 1 ]; then
DATA="" DATA=""
TARGET="${ROOTDIR}etc/rsyslog.conf" TARGET="${ROOTDIR}etc/rsyslog.conf"
skipping to change at line 405 skipping to change at line 429
if [ ${SYSLOG_NG_RUNNING} -eq 1 ]; then if [ ${SYSLOG_NG_RUNNING} -eq 1 ]; then
SYSLOGD_CONF="${ROOTDIR}etc/syslog-ng/syslog-ng.conf" SYSLOGD_CONF="${ROOTDIR}etc/syslog-ng/syslog-ng.conf"
else else
SYSLOGD_CONF="${ROOTDIR}etc/syslog.conf" SYSLOGD_CONF="${ROOTDIR}etc/syslog.conf"
fi fi
if [ -f ${SYSLOGD_CONF} ]; then if [ -f ${SYSLOGD_CONF} ]; then
LogText "Test: check if logs are also logged to a remote logging hos t" LogText "Test: check if logs are also logged to a remote logging hos t"
FIND=$(${EGREPBINARY} "@[a-zA-Z0-9]|destination\s.+(udp|tcp).+\sport " ${SYSLOGD_CONF} | ${GREPBINARY} -v "^#" | ${GREPBINARY} -v "[a-zA-Z0-9]@") FIND=$(${EGREPBINARY} "@[a-zA-Z0-9]|destination\s.+(udp|tcp).+\sport " ${SYSLOGD_CONF} | ${GREPBINARY} -v "^#" | ${GREPBINARY} -v "[a-zA-Z0-9]@")
if [ -n "${FIND}" ]; then if [ -n "${FIND}" ]; then
LogText "Result: remote logging enabled" FIND2=$(echo "${FIND}" | ${GREPBINARY} -v "@loghost")
REMOTE_LOGGING_ENABLED=1 if [ SOLARIS_LOGHOST_LOCALHOST -eq 1 ] && [ -z "${FIND2}" ]; the
n
LogText "Result: remote logging enabled to loghost, but logh
ost is localhost"
else
LogText "Result: remote logging enabled"
REMOTE_LOGGING_ENABLED=1
fi
else else
# Search for configured destinations with an IP address or hostn ame, then determine which ones are used as a log destination # Search for configured destinations with an IP address or hostn ame, then determine which ones are used as a log destination
DESTINATIONS=$(${GREPBINARY} "^destination" ${SYSLOGD_CONF} | ${ EGREPBINARY} "(udp|tcp)" | ${GREPBINARY} "port" | ${AWKBINARY} '{print $2}') DESTINATIONS=$(${GREPBINARY} "^destination" ${SYSLOGD_CONF} | ${ EGREPBINARY} "(udp|tcp)" | ${GREPBINARY} "port" | ${AWKBINARY} '{print $2}')
for DESTINATION in ${DESTINATIONS}; do for DESTINATION in ${DESTINATIONS}; do
FIND2=$(${GREPBINARY} "log" ${SYSLOGD_CONF} | ${GREPBINARY} "source" | ${EGREPBINARY} "destination\(${DESTINATION}\)") FIND2=$(${GREPBINARY} "log" ${SYSLOGD_CONF} | ${GREPBINARY} "source" | ${EGREPBINARY} "destination\(${DESTINATION}\)")
if [ -n "${FIND2}" ]; then if [ -n "${FIND2}" ]; then
LogText "Result: found destination ${DESTINATION} config ured for remote logging" LogText "Result: found destination ${DESTINATION} config ured for remote logging"
REMOTE_LOGGING_ENABLED=1 REMOTE_LOGGING_ENABLED=1
fi fi
done done
fi fi
fi fi
# Show result # Show result
if [ ${REMOTE_LOGGING_ENABLED} -eq 0 ]; then if [ ${REMOTE_LOGGING_ENABLED} -eq 0 ]; then
Report "remote_syslog_configured=0" Report "remote_syslog_configured=0"
LogText "Result: no remote logging found" LogText "Result: no remote logging found"
ReportSuggestion "${TEST_NO}" "Enable logging to an external logging host for archiving purposes and additional protection" ReportSuggestion "${TEST_NO}" "Enable logging to an external logging host for archiving purposes and additional protection"
AddHP 1 3 AddHP 1 3
Display --indent 2 --text "- Checking remote logging" --result "NOT ENABLED" --color YELLOW Display --indent 2 --text "- Checking remote logging" --result "${ST ATUS_NOT_ENABLED}" --color YELLOW
else else
Report "remote_syslog_configured=1" Report "remote_syslog_configured=1"
AddHP 5 5 AddHP 5 5
Display --indent 2 --text "- Checking remote logging" --result "${ST ATUS_ENABLED}" --color GREEN Display --indent 2 --text "- Checking remote logging" --result "${ST ATUS_ENABLED}" --color GREEN
fi fi
fi fi
# #
################################################################################ # ################################################################################ #
# #
skipping to change at line 553 skipping to change at line 582
LSOF_GREP="${LSOF_GREP}|anacron|awk|run-parts" LSOF_GREP="${LSOF_GREP}|anacron|awk|run-parts"
fi fi
FIND=$(${LSOFBINARY}${LSOF_EXTRA_OPTIONS} -n +L 1 2>&1 | ${EGREPBINARY} -vw "${LSOF_GREP}" | ${EGREPBINARY} -v '/dev/zero|/\[aio\]' | ${AWKBINARY} '{ if ($5=="REG") { printf "%s(%s)\n", $10, $1 } }' | ${GREPBINARY} -v "^$" | ${SORTB INARY} -u) FIND=$(${LSOFBINARY}${LSOF_EXTRA_OPTIONS} -n +L 1 2>&1 | ${EGREPBINARY} -vw "${LSOF_GREP}" | ${EGREPBINARY} -v '/dev/zero|/\[aio\]' | ${AWKBINARY} '{ if ($5=="REG") { printf "%s(%s)\n", $10, $1 } }' | ${GREPBINARY} -v "^$" | ${SORTB INARY} -u)
if [ -n "${FIND}" ]; then if [ -n "${FIND}" ]; then
LogText "Result: found one or more files which are deleted, but stil l in use" LogText "Result: found one or more files which are deleted, but stil l in use"
for I in ${FIND}; do for I in ${FIND}; do
LogText "Found deleted file: ${I}" LogText "Found deleted file: ${I}"
Report "deleted_file[]=${I}" Report "deleted_file[]=${I}"
done done
Display --indent 2 --text "- Checking deleted files in use" --result "FILES FOUND" --color YELLOW Display --indent 2 --text "- Checking deleted files in use" --result "${STATUS_FILES_FOUND}" --color YELLOW
ReportSuggestion "${TEST_NO}" "Check what deleted files are still in use and why." ReportSuggestion "${TEST_NO}" "Check what deleted files are still in use and why."
else else
LogText "Result: no deleted files found" LogText "Result: no deleted files found"
Display --indent 2 --text "- Checking deleted files in use" --result "${STATUS_DONE}" --color GREEN Display --indent 2 --text "- Checking deleted files in use" --result "${STATUS_DONE}" --color GREEN
fi fi
fi fi
# #
################################################################################ # ################################################################################ #
# #
# Test : LOGG-2192 # Test : LOGG-2192
 End of changes. 9 change blocks. 
5 lines changed or deleted 43 lines changed or added

Home  |  About  |  Features  |  All  |  Newest  |  Dox  |  Diffs  |  RSS Feeds  |  Screenshots  |  Comments  |  Imprint  |  Privacy  |  HTTP(S)