"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "include/tests_networking" between
lynis-3.0.1.tar.gz and lynis-3.0.2.tar.gz

About: Lynis is a security and system auditing tool.

tests_networking  (lynis-3.0.1):tests_networking  (lynis-3.0.2)
skipping to change at line 34 skipping to change at line 34
# #
FOUNDPROMISC=0 # Promiscuous interfaces FOUNDPROMISC=0 # Promiscuous interfaces
LOCAL_DNSRESOLVER_FOUND=0 # Local DNS resolver LOCAL_DNSRESOLVER_FOUND=0 # Local DNS resolver
NUMBERACTIVENS=0 # Number of active nameserve rs NUMBERACTIVENS=0 # Number of active nameserve rs
DHCP_CLIENT_RUNNING=0 # DHCP client availability DHCP_CLIENT_RUNNING=0 # DHCP client availability
ARPWATCH_RUNNING=0 # ARP-cache based attack mon itoring software ARPWATCH_RUNNING=0 # ARP-cache based attack mon itoring software
ARPON_RUNNING=0 # ARP-cache based attack mon itoring software ARPON_RUNNING=0 # ARP-cache based attack mon itoring software
# #
################################################################################ # ################################################################################ #
# #
InsertSection "Networking" InsertSection "${SECTION_NETWORKING}"
# #
################################################################################ # ################################################################################ #
# #
# Test : NETW-2400 # Test : NETW-2400
# Description : Test hostname for valid characters and length # Description : Test hostname for valid characters and length
# Notes : FQDN: max 253 characters # Notes : FQDN: max 253 characters
# : component: a-z, 0-9, hyphen, not start with hyphen, max 63 c haracters # : component: a-z, 0-9, hyphen, not start with hyphen, max 63 c haracters
# dots allowed as separator # dots allowed as separator
Register --test-no NETW-2400 --weight L --network YES --category basics --de scription "Hostname length and value check" Register --test-no NETW-2400 --weight L --network YES --category basics --de scription "Hostname length and value check"
if [ ${SKIPTEST} -eq 0 ]; then if [ ${SKIPTEST} -eq 0 ]; then
skipping to change at line 73 skipping to change at line 73
LogText "Result: hostname is not defined" LogText "Result: hostname is not defined"
else else
# Test length # Test length
if [ ${#HOSTNAME} -gt 63 ]; then if [ ${#HOSTNAME} -gt 63 ]; then
LogText "Result: hostname is more than 63 characters" LogText "Result: hostname is more than 63 characters"
Display --indent 2 --text "- Hostname (length)" --result "${STAT US_WARNING}" --color RED Display --indent 2 --text "- Hostname (length)" --result "${STAT US_WARNING}" --color RED
else else
LogText "Result: hostnamed is defined and not longer than 63 cha racters" LogText "Result: hostnamed is defined and not longer than 63 cha racters"
fi fi
# Test valid characters (normally a dot should not be in the name, b ut we can't be 100% sure we have short name) # Test valid characters (normally a dot should not be in the name, b ut we can't be 100% sure we have short name)
FIND=$(echo "${HOSTNAME}" | ${TRBINARY} -d '[a-zA-Z0-9\.\-]') FIND=$(echo "${HOSTNAME}" | ${TRBINARY} -d '[:alnum:]\.\-')
if [ -z "${FIND}" ]; then if [ -z "${FIND}" ]; then
LogText "Result: good, no unexpected characters discovered in ho stname" LogText "Result: good, no unexpected characters discovered in ho stname"
if IsVerbose; then Display --indent 2 --text "- Hostname (allowe d characters)" --result "${STATUS_OK}" --color GREEN; fi if IsVerbose; then Display --indent 2 --text "- Hostname (allowe d characters)" --result "${STATUS_OK}" --color GREEN; fi
else else
LogText "Result: unexpected characters discovered in hostname (c haracters: ${FIND}), which may impact network connectivity" LogText "Result: unexpected characters discovered in hostname (c haracters: ${FIND}), which may impact network connectivity"
Display --indent 2 --text "- Hostname (allowed characters)" --re sult "${STATUS_WARNING}" --color RED Display --indent 2 --text "- Hostname (allowed characters)" --re sult "${STATUS_WARNING}" --color RED
ReportWarning "${TEST_NO}" "Hostname contains invalid characters " "hostname" "text:See log file for invalid characters" ReportWarning "${TEST_NO}" "Hostname contains invalid characters " "hostname" "text:See log file for invalid characters"
fi fi
fi fi
fi fi
skipping to change at line 143 skipping to change at line 143
IPV6_MODE="auto" IPV6_MODE="auto"
else else
IPV6_MODE="disabled" IPV6_MODE="disabled"
fi fi
LogText "Result: IPV6 mode is ${IPV6_MODE}" LogText "Result: IPV6 mode is ${IPV6_MODE}"
if [ ${IPV6_CONFIGURED} -eq 1 ]; then if [ ${IPV6_CONFIGURED} -eq 1 ]; then
Display --indent 2 --text "- Checking IPv6 configuration" --result " ${STATUS_ENABLED}" --color WHITE Display --indent 2 --text "- Checking IPv6 configuration" --result " ${STATUS_ENABLED}" --color WHITE
STATUS=$(echo ${IPV6_MODE} | ${TRBINARY} '[:lower:]' '[:upper:]') STATUS=$(echo ${IPV6_MODE} | ${TRBINARY} '[:lower:]' '[:upper:]')
Display --indent 6 --text "Configuration method" --result "${STATUS} " --color WHITE Display --indent 6 --text "Configuration method" --result "${STATUS} " --color WHITE
if [ ${IPV6_ONLY} -eq 1 ]; then STATUS="YES"; else STATUS="NO"; fi if [ ${IPV6_ONLY} -eq 1 ]; then STATUS="${STATUS_YES}"; else STATUS= "${STATUS_NO}"; fi
LogText "Result: IPv6 only configuration: ${STATUS}" LogText "Result: IPv6 only configuration: ${STATUS}"
Display --indent 6 --text "IPv6 only" --result "${STATUS}" --color W HITE Display --indent 6 --text "IPv6 only" --result "${STATUS}" --color W HITE
else else
Display --indent 2 --text "- Checking IPv6 configuration" --result " ${STATUS_DISABLED}" --color WHITE Display --indent 2 --text "- Checking IPv6 configuration" --result " ${STATUS_DISABLED}" --color WHITE
fi fi
# Configuration errors # Configuration errors
if [ ${IPV6_MISCONFIGURED_MTU} -eq 1 ]; then if [ ${IPV6_MISCONFIGURED_MTU} -eq 1 ]; then
IPV6_MISCONFIGURED=1 IPV6_MISCONFIGURED=1
LogText "Result: MTU of IPv6 interfaces should be 1280 or higher" LogText "Result: MTU of IPv6 interfaces should be 1280 or higher"
Display --indent 6 --text "Error: MTU is too low" --result "${STATUS _WARNING}" --color RED Display --indent 6 --text "Error: MTU is too low" --result "${STATUS _WARNING}" --color RED
skipping to change at line 515 skipping to change at line 515
if [ -n "${NETSTATBINARY}" ]; then if [ -n "${NETSTATBINARY}" ]; then
LogText "Test: Retrieving netstat information to find listen ing ports" LogText "Test: Retrieving netstat information to find listen ing ports"
# UDP # UDP
FIND=$(${NETSTATBINARY} -an 2> /dev/null | ${GREPBINARY} "^u dp" | ${AWKBINARY} '{ print $4"|"$1"||" }') FIND=$(${NETSTATBINARY} -an 2> /dev/null | ${GREPBINARY} "^u dp" | ${AWKBINARY} '{ print $4"|"$1"||" }')
# TCP # TCP
FIND2=$(${NETSTATBINARY} -an 2> /dev/null | ${GREPBINARY} " ^tcp" | ${AWKBINARY} '{ if($6=="LISTEN") { print $4"|"$1"||" }}') FIND2=$(${NETSTATBINARY} -an 2> /dev/null | ${GREPBINARY} " ^tcp" | ${AWKBINARY} '{ if($6=="LISTEN") { print $4"|"$1"||" }}')
else else
ReportException "${TEST_NO}:3" "netstat missing to gather li stening ports" ReportException "${TEST_NO}:3" "netstat missing to gather li stening ports"
fi fi
;; ;;
Solaris)
if [ -n "${NETSTATBINARY}" ]; then
LogText "Test: Retrieving netstat information to find listen
ing ports"
FIND=$(${NETSTATBINARY} -an -P udp | ${AWKBINARY} '{ if($7==
"LISTEN") { print $1"|udp|LISTEN|" }}')
FIND2=$(${NETSTATBINARY} -an -P tcp | ${AWKBINARY} '{ if($7=
="LISTEN") { print $1"|tcp|LISTEN|" }}')
else
ReportException "${TEST_NO}:4" "netstat missing to gather li
stening ports"
fi
;;
*) *)
# Got this exception? Provide your details and output of netstat or any other tool to determine this information. # Got this exception? Provide your details and output of netstat or any other tool to determine this information.
ReportException "${TEST_NO}:2" "Unclear what method to use, to d etermine listening port information" ReportException "${TEST_NO}:2" "Unclear what method to use, to d etermine listening port information"
;; ;;
esac esac
if [ -n "${DATA}" ]; then if [ -n "${DATA}" ]; then
for ITEM in ${DATA}; do for ITEM in ${DATA}; do
COUNT=$((COUNT + 1)) COUNT=$((COUNT + 1))
Report "network_listen[]=${ITEM}" Report "network_listen[]=${ITEM}"
skipping to change at line 686 skipping to change at line 695
################################################################################ # ################################################################################ #
# #
# Test : NETW-3030 # Test : NETW-3030
# Description : Checking for DHCP client # Description : Checking for DHCP client
Register --test-no NETW-3030 --weight L --network NO --category security --d escription "Checking DHCP client status" Register --test-no NETW-3030 --weight L --network NO --category security --d escription "Checking DHCP client status"
if [ ${SKIPTEST} -eq 0 ]; then if [ ${SKIPTEST} -eq 0 ]; then
if IsRunning "dhclient" || IsRunning "dhcpcd" || IsRunning "udhcpc"; the n if IsRunning "dhclient" || IsRunning "dhcpcd" || IsRunning "udhcpc"; the n
Display --indent 2 --text "- Checking status DHCP client" --result " ${STATUS_RUNNING}" --color WHITE Display --indent 2 --text "- Checking status DHCP client" --result " ${STATUS_RUNNING}" --color WHITE
DHCP_CLIENT_RUNNING=1 DHCP_CLIENT_RUNNING=1
else else
Display --indent 2 --text "- Checking status DHCP client" --result " NOT ACTIVE" --color WHITE Display --indent 2 --text "- Checking status DHCP client" --result " ${STATUS_NOT_ACTIVE}" --color WHITE
fi fi
fi fi
# #
################################################################################ # ################################################################################ #
# #
# Test : NETW-3032 # Test : NETW-3032
# Description : Checking for ARP spoofing and related monitoring software # Description : Checking for ARP spoofing and related monitoring software
Register --test-no NETW-3032 --os Linux --weight L --network NO --category s ecurity --description "Checking for ARP monitoring software" Register --test-no NETW-3032 --os Linux --weight L --network NO --category s ecurity --description "Checking for ARP monitoring software"
if [ ${SKIPTEST} -eq 0 ]; then if [ ${SKIPTEST} -eq 0 ]; then
FOUND=0 FOUND=0
 End of changes. 5 change blocks. 
4 lines changed or deleted 17 lines changed or added

Home  |  About  |  Features  |  All  |  Newest  |  Dox  |  Diffs  |  RSS Feeds  |  Screenshots  |  Comments  |  Imprint  |  Privacy  |  HTTP(S)