"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "include/tests_time" between
lynis-3.0.1.tar.gz and lynis-3.0.2.tar.gz

About: Lynis is a security and system auditing tool.

tests_time  (lynis-3.0.1):tests_time  (lynis-3.0.2)
skipping to change at line 25 skipping to change at line 25
# Lynis comes with ABSOLUTELY NO WARRANTY. This is free software, and you are # Lynis comes with ABSOLUTELY NO WARRANTY. This is free software, and you are
# welcome to redistribute it under the terms of the GNU General Public License. # welcome to redistribute it under the terms of the GNU General Public License.
# See LICENSE file for usage of this software. # See LICENSE file for usage of this software.
# #
################################################################################ # ################################################################################ #
# #
# Time # Time
# #
################################################################################ # ################################################################################ #
# #
InsertSection "Time and Synchronization" InsertSection "${SECTION_TIME_AND_SYNCHRONIZATION}"
# #
################################################################################ # ################################################################################ #
# #
CRON_DIRS="${ROOTDIR}etc/cron.d ${ROOTDIR}etc/cron.hourly ${ROOTDIR}etc/cron .daily ${ROOTDIR}etc/cron.weekly ${ROOTDIR}etc/cron.monthly ${ROOTDIR}var/spool/ crontabs" CRON_DIRS="${ROOTDIR}etc/cron.d ${ROOTDIR}etc/cron.hourly ${ROOTDIR}etc/cron .daily ${ROOTDIR}etc/cron.weekly ${ROOTDIR}etc/cron.monthly ${ROOTDIR}var/spool/ crontabs"
CHRONY_CONF_FILE="" CHRONY_CONF_FILE=""
NTP_DAEMON="" NTP_DAEMON=""
NTP_DAEMON_RUNNING=0 NTP_DAEMON_RUNNING=0
NTP_CONFIG_FOUND=0 NTP_CONFIG_FOUND=0
NTP_CONFIG_TYPE_DAEMON=0 NTP_CONFIG_TYPE_DAEMON=0
NTP_CONFIG_TYPE_SCHEDULED=0 NTP_CONFIG_TYPE_SCHEDULED=0
skipping to change at line 89 skipping to change at line 89
FOUND=1; NTP_DAEMON_RUNNING=1; NTP_CONFIG_TYPE_DAEMON=1; NTP_DAEMON= "dntpd" FOUND=1; NTP_DAEMON_RUNNING=1; NTP_CONFIG_TYPE_DAEMON=1; NTP_DAEMON= "dntpd"
Display --indent 2 --text "- NTP daemon found: dntpd" --result "${ST ATUS_FOUND}" --color GREEN Display --indent 2 --text "- NTP daemon found: dntpd" --result "${ST ATUS_FOUND}" --color GREEN
fi fi
# Check for OpenNTPD, ntpctl comes with a "regular" install # Check for OpenNTPD, ntpctl comes with a "regular" install
if [ -n "${NTPCTLBINARY}" ]; then if [ -n "${NTPCTLBINARY}" ]; then
# In contrast to timectl, "synchronised: yes" is not grepped. # In contrast to timectl, "synchronised: yes" is not grepped.
# Reason: openntpd syncs only if large time corrections are not requ ired or -s is passed. # Reason: openntpd syncs only if large time corrections are not requ ired or -s is passed.
# This might be not intended by the administrator (-s is NOT the default!) # This might be not intended by the administrator (-s is NOT the default!)
FIND=$(${PSBINARY} ax | ${GREPBINARY} "ntpd: ntp engine" | ${GREPBIN ARY} -v "grep") FIND=$(${PSBINARY} ax | ${GREPBINARY} "ntpd: ntp engine" | ${GREPBIN ARY} -v "grep")
# Status code 0 is when communication over the socket is successfull # Status code 0 is when communication over the socket is successful
if ${NTPCTLBINARY} -s status > /dev/null 2> /dev/null; then if ${NTPCTLBINARY} -s status > /dev/null 2> /dev/null; then
FOUND=1; NTP_DAEMON_RUNNING=1; NTP_CONFIG_TYPE_DAEMON=1; NTP_DAE MON="openntpd" FOUND=1; NTP_DAEMON_RUNNING=1; NTP_CONFIG_TYPE_DAEMON=1; NTP_DAE MON="openntpd"
LogText "result: found openntpd (method: ntpctl)" LogText "result: found openntpd (method: ntpctl)"
OPENNTPD_COMMUNICATION=1 OPENNTPD_COMMUNICATION=1
elif [ -n "${FIND}" ] ; then elif [ -n "${FIND}" ] ; then
# Reasons for ntpctl to fail might be someone spawned a new proc ess thus overwriting the socket, # Reasons for ntpctl to fail might be someone spawned a new proc ess thus overwriting the socket,
# then ended it, but another openntpd process is still running # then ended it, but another openntpd process is still running
FOUND=1; NTP_DAEMON_RUNNING=1; NTP_CONFIG_TYPE_DAEMON=1; NTP_DAE MON="openntpd" FOUND=1; NTP_DAEMON_RUNNING=1; NTP_CONFIG_TYPE_DAEMON=1; NTP_DAE MON="openntpd"
LogText "result: found openntpd (method: ps)" LogText "result: found openntpd (method: ps)"
else else
LogText "result: running openntpd not found, but ntpctl is insta alled" LogText "result: running openntpd not found, but ntpctl is insta lled"
fi fi
if [ "${NTP_DAEMON}" = "openntpd" ]; then if [ "${NTP_DAEMON}" = "openntpd" ]; then
Display --indent 2 --text "- NTP daemon found: OpenNTPD" --resul t "${STATUS_FOUND}" --color GREEN Display --indent 2 --text "- NTP daemon found: OpenNTPD" --resul t "${STATUS_FOUND}" --color GREEN
fi fi
fi fi
# Check running processes (ntpd from ntp.org) # Check running processes (ntpd from ntp.org)
# As checking by process name is ambigiouse (openntpd has the same proce ss name), # As checking by process name is ambiguous (openntpd has the same proces s name),
# this check will be skipped if openntpd has been found. # this check will be skipped if openntpd has been found.
FIND=$(${PSBINARY} ax | ${GREPBINARY} "ntpd" | ${GREPBINARY} -v "dntpd" | ${GREPBINARY} -v "ntpd: " | ${GREPBINARY} -v "grep") FIND=$(${PSBINARY} ax | ${GREPBINARY} "ntpd" | ${GREPBINARY} -v "dntpd" | ${GREPBINARY} -v "ntpd: " | ${GREPBINARY} -v "grep")
if [ "${NTP_DAEMON}" != "openntpd" ] && [ -n "${FIND}" ]; then if [ "${NTP_DAEMON}" != "openntpd" ] && [ -n "${FIND}" ]; then
FOUND=1; NTPD_RUNNING=1; NTP_DAEMON_RUNNING=1; NTP_CONFIG_TYPE_DAEMO N=1 FOUND=1; NTPD_RUNNING=1; NTP_DAEMON_RUNNING=1; NTP_CONFIG_TYPE_DAEMO N=1
NTP_DAEMON="ntpd" NTP_DAEMON="ntpd"
LogText "Result: found running NTP daemon in process list" LogText "Result: found running NTP daemon in process list"
Display --indent 2 --text "- NTP daemon found: ntpd" --result "${STA TUS_FOUND}" --color GREEN Display --indent 2 --text "- NTP daemon found: ntpd" --result "${STA TUS_FOUND}" --color GREEN
fi fi
# Check time daemon (eg NetBSD) # Check time daemon (eg NetBSD)
skipping to change at line 577 skipping to change at line 577
# Description : Check systemd-timesyncd synchronized time # Description : Check systemd-timesyncd synchronized time
if [ "${NTP_DAEMON}" = "systemd-timesyncd" ]; then if [ "${NTP_DAEMON}" = "systemd-timesyncd" ]; then
PREQS_MET="YES" PREQS_MET="YES"
else else
PREQS_MET="NO" PREQS_MET="NO"
fi fi
Register --test-no TIME-3185 --preqs-met "${PREQS_MET}" --weight L --network NO --category "security" --description "Check systemd-timesyncd synchronized ti me" Register --test-no TIME-3185 --preqs-met "${PREQS_MET}" --weight L --network NO --category "security" --description "Check systemd-timesyncd synchronized ti me"
SYNCHRONIZED_FILE="/run/systemd/timesync/synchronized" SYNCHRONIZED_FILE="/run/systemd/timesync/synchronized"
if [ ${SKIPTEST} -eq 0 ]; then if [ ${SKIPTEST} -eq 0 ]; then
# On earlier systemd versions (237), '/run/systemd/timesync/synchronized
' does not exist, so use '/var/lib/systemd/timesync/clock'
if [ ! -e "${SYNCHRONIZED_FILE}" ]; then
SYNCHRONIZED_FILE="/var/lib/systemd/timesync/clock"
fi
# DynamicUser=yes moves the clock file to '/var/lib/private/systemd/time
sync/clock'
if [ ! -e "${SYNCHRONIZED_FILE}" ]; then
SYNCHRONIZED_FILE="/var/lib/private/systemd/timesync/clock"
fi
if [ -e "${SYNCHRONIZED_FILE}" ]; then if [ -e "${SYNCHRONIZED_FILE}" ]; then
FIND=$(( $(date +%s) - $(${STATBINARY} -L --format %Y "${SYNCHRONIZED _FILE}") )) FIND=$(( $(date +%s) - $(${STATBINARY} -L --format %Y "${SYNCHRONIZED _FILE}") ))
# Check if last sync was more than 2048 seconds (= the default of sys temd) ago # Check if last sync was more than 2048 seconds (= the default of sys temd) ago
if [ "${FIND}" -ge 2048 ]; then if [ "${FIND}" -ge 2048 ]; then
COLOR=RED COLOR=RED
ReportWarning "${TEST_NO}" "systemd-timesyncd did not synchronize d the time recently." ReportWarning "${TEST_NO}" "systemd-timesyncd did not synchronize d the time recently."
else else
COLOR=GREEN COLOR=GREEN
fi fi
Display --indent 2 --text "- Last time synchronization" --result "${F IND}s" --color "${COLOR}" Display --indent 2 --text "- Last time synchronization" --result "${F IND}s" --color "${COLOR}"
 End of changes. 6 change blocks. 
4 lines changed or deleted 15 lines changed or added

Home  |  About  |  Features  |  All  |  Newest  |  Dox  |  Diffs  |  RSS Feeds  |  Screenshots  |  Comments  |  Imprint  |  Privacy  |  HTTP(S)