"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "lynis" between
lynis-3.0.1.tar.gz and lynis-3.0.2.tar.gz

About: Lynis is a security and system auditing tool.

lynis  (lynis-3.0.1):lynis  (lynis-3.0.2)
skipping to change at line 46 skipping to change at line 46
# #
################################################################################ # ################################################################################ #
# #
# Program information # Program information
PROGRAM_NAME="Lynis" PROGRAM_NAME="Lynis"
PROGRAM_AUTHOR="CISOfy" PROGRAM_AUTHOR="CISOfy"
PROGRAM_AUTHOR_CONTACT="lynis-dev@cisofy.com" PROGRAM_AUTHOR_CONTACT="lynis-dev@cisofy.com"
PROGRAM_WEBSITE="https://cisofy.com/lynis/" PROGRAM_WEBSITE="https://cisofy.com/lynis/"
# Version details # Version details
PROGRAM_RELEASE_DATE="2020-10-05" PROGRAM_RELEASE_DATE="2020-12-24"
PROGRAM_RELEASE_TIMESTAMP=1601896929 PROGRAM_RELEASE_TIMESTAMP=1608801742
PROGRAM_RELEASE_TYPE="release" # pre-release or release PROGRAM_RELEASE_TYPE="release" # pre-release or release
PROGRAM_VERSION="3.0.1" PROGRAM_VERSION="3.0.2"
# Source, documentation and license # Source, documentation and license
PROGRAM_SOURCE="https://github.com/CISOfy/lynis" PROGRAM_SOURCE="https://github.com/CISOfy/lynis"
PROGRAM_PACKAGE="https://packages.cisofy.com/" PROGRAM_PACKAGE="https://packages.cisofy.com/"
PROGRAM_DOCUMENTATION="https://cisofy.com/docs/" PROGRAM_DOCUMENTATION="https://cisofy.com/docs/"
PROGRAM_COPYRIGHT="2007-2020, ${PROGRAM_AUTHOR} - ${PROGRAM_WEBSITE}" PROGRAM_COPYRIGHT="2007-2020, ${PROGRAM_AUTHOR} - ${PROGRAM_WEBSITE}"
PROGRAM_LICENSE="${PROGRAM_NAME} comes with ABSOLUTELY NO WARRANTY. This is free software, and you are PROGRAM_LICENSE="${PROGRAM_NAME} comes with ABSOLUTELY NO WARRANTY. This is free software, and you are
welcome to redistribute it under the terms of the GNU General Public License. welcome to redistribute it under the terms of the GNU General Public License.
See the LICENSE file for details about using this software." See the LICENSE file for details about using this software."
PROGRAM_EXTRAINFO="Enterprise support available (compliance, plugins, interf ace and tools)" PROGRAM_EXTRAINFO="Enterprise support available (compliance, plugins, interf ace and tools)"
skipping to change at line 508 skipping to change at line 508
fi fi
# #
################################################################################ # ################################################################################ #
# #
# OS Detection # OS Detection
# #
################################################################################ # ################################################################################ #
# #
SafePerms ${INCLUDEDIR}/osdetection SafePerms ${INCLUDEDIR}/osdetection
. ${INCLUDEDIR}/osdetection . ${INCLUDEDIR}/osdetection
Display --indent 2 --text "- Detecting OS... " --result DONE --color GREEN Display --indent 2 --text "- Detecting OS... " --result "${STATUS_DONE}" --c olor GREEN
# Check hostname # Check hostname
case ${OS} in case ${OS} in
HP-UX) HP-UX)
HOSTNAME=$(hostname) ;; HOSTNAME=$(hostname) ;;
Solaris) Solaris)
HOSTNAME=$(uname -n) ;; HOSTNAME=$(uname -n) ;;
*) *)
HOSTNAME=$(hostname -s 2> /dev/null) ;; HOSTNAME=$(hostname -s 2> /dev/null) ;;
esac esac
skipping to change at line 539 skipping to change at line 539
################################################################################ # ################################################################################ #
# #
# Clear log and report files # Clear log and report files
# #
################################################################################ # ################################################################################ #
# #
# Clear log file and test if it's writable # Clear log file and test if it's writable
CDATE=$(date "+%Y-%m-%d %H:%M:%S") CDATE=$(date "+%Y-%m-%d %H:%M:%S")
if [ ${LOGTEXT} -eq 1 ]; then echo "${CDATE} Starting ${PROGRAM_NAME} ${PROG RAM_VERSION} with PID ${OURPID}, build date ${PROGRAM_RELEASE_DATE}" > ${LOGFILE }; fi if [ ${LOGTEXT} -eq 1 ]; then echo "${CDATE} Starting ${PROGRAM_NAME} ${PROG RAM_VERSION} with PID ${OURPID}, build date ${PROGRAM_RELEASE_DATE}" > ${LOGFILE }; fi
if [ $? -gt 0 ]; then if [ $? -gt 0 ]; then
Display --indent 2 --text "- Clearing log file (${LOGFILE})... " --resul t WARNING --color RED Display --indent 2 --text "- Clearing log file (${LOGFILE})... " --resul t "${STATUS_WARNING}" --color RED
echo "${WARNING}Fatal error${NORMAL}: problem while writing to log file. Check location and permissions." echo "${WARNING}Fatal error${NORMAL}: problem while writing to log file. Check location and permissions."
RemovePIDFile RemovePIDFile
exit 1 exit 1
fi fi
LogTextBreak LogTextBreak
LogText "### ${PROGRAM_COPYRIGHT} ###" LogText "### ${PROGRAM_COPYRIGHT} ###"
# Clear report file (to avoid appending to an existing file) # Clear report file (to avoid appending to an existing file)
if [ ${CREATE_REPORT_FILE} -eq 1 ]; then echo "# ${PROGRAM_NAME} Report" > $ {REPORTFILE}; fi if [ ${CREATE_REPORT_FILE} -eq 1 ]; then echo "# ${PROGRAM_NAME} Report" > $ {REPORTFILE}; fi
Report "report_version_major=${REPORT_version_major}" Report "report_version_major=${REPORT_version_major}"
skipping to change at line 586 skipping to change at line 586
# Read profile, set code checks, define language # Read profile, set code checks, define language
# #
################################################################################ # ################################################################################ #
# #
ParseProfiles ParseProfiles
# Define if we keep working in strict mode (development) # Define if we keep working in strict mode (development)
if [ ${SET_STRICT} -eq 0 ]; then if [ ${SET_STRICT} -eq 0 ]; then
set +u # Allow uninitialized variables set +u # Allow uninitialized variables
else else
set -u # Do not allow unitialized variables set -u # Do not allow uninitialized variables
fi fi
# Import a different language when configured # Import a different language when configured
if [ ! "${LANGUAGE}" = "en" ]; then if [ ! "${LANGUAGE}" = "en" ]; then
LogText "Language is set to ${LANGUAGE}" LogText "Language is set to ${LANGUAGE}"
Display --indent 2 --text "- Detecting language and localization" --resu lt "${LANGUAGE}" --color WHITE Display --indent 2 --text "- Detecting language and localization" --resu lt "${LANGUAGE}" --color WHITE
if [ ! -f ${DBDIR}/languages/${LANGUAGE} ]; then if [ ! -f ${DBDIR}/languages/${LANGUAGE} ]; then
Display --indent 4 --text "${YELLOW}Notice:${NORMAL} no language fil e found for '${LANGUAGE}' (tried: ${DBDIR}/languages/${LANGUAGE})" Display --indent 4 --text "${YELLOW}Notice:${NORMAL} no language fil e found for '${LANGUAGE}' (tried: ${DBDIR}/languages/${LANGUAGE})"
if IsDeveloperVersion; then Display --indent 4 --text "See https://g ithub.com/CISOfy/lynis-sdk/documentation/10-translations.md for more details to help translate Lynis"; fi if IsDeveloperVersion; then Display --indent 4 --text "See https://g ithub.com/CISOfy/lynis-sdk/documentation/10-translations.md for more details to help translate Lynis"; fi
sleep 5 sleep 5
skipping to change at line 725 skipping to change at line 725
UPDATE_AVAILABLE=0 UPDATE_AVAILABLE=0
if [ ${SKIP_UPGRADE_TEST} -eq 1 ]; then if [ ${SKIP_UPGRADE_TEST} -eq 1 ]; then
LogText "Upgrade test skipped due profile option set (skip_upgrade_test) " LogText "Upgrade test skipped due profile option set (skip_upgrade_test) "
PROGRAM_LV="${PROGRAM_AC}" PROGRAM_LV="${PROGRAM_AC}"
else else
CheckUpdates CheckUpdates
fi fi
if [ -z "${PROGRAM_AC}" -o -z "${PROGRAM_LV}" ]; then if [ -z "${PROGRAM_AC}" -o -z "${PROGRAM_LV}" ]; then
Display --indent 2 --text "- Program update status... " --result UNKNOWN --color YELLOW Display --indent 2 --text "- Program update status... " --result "${STAT US_UNKNOWN}" --color YELLOW
LogText "Result: Update check failed. No network connection?" LogText "Result: Update check failed. No network connection?"
LogText "Info: to perform an automatic update check, outbound DNS connec tions should be allowed (TXT record)." LogText "Info: to perform an automatic update check, outbound DNS connec tions should be allowed (TXT record)."
# Set both to safe values # Set both to safe values
PROGRAM_AC=0; PROGRAM_LV=0 PROGRAM_AC=0; PROGRAM_LV=0
else else
LogText "Current installed version : ${PROGRAM_AC}" LogText "Current installed version : ${PROGRAM_AC}"
LogText "Latest stable version : ${PROGRAM_LV}" LogText "Latest stable version : ${PROGRAM_LV}"
if [ ${PROGRAM_LV} -gt ${PROGRAM_AC} ]; then if [ ${PROGRAM_LV} -gt ${PROGRAM_AC} ]; then
# Check if current version is REALLY outdated (10 versions ago) # Check if current version is REALLY outdated (10 versions ago)
PROGRAM_MINVERSION=$((PROGRAM_LV - 10)) PROGRAM_MINVERSION=$((PROGRAM_LV - 10))
LogText "Minimum required version : ${PROGRAM_MINVERSION}" LogText "Minimum required version : ${PROGRAM_MINVERSION}"
if [ ${PROGRAM_MINVERSION} -gt ${PROGRAM_AC} ]; then if [ ${PROGRAM_MINVERSION} -gt ${PROGRAM_AC} ]; then
Display --indent 2 --text "- Program update status... " --result "WARNING" --color RED Display --indent 2 --text "- Program update status... " --result "${STATUS_WARNING}" --color RED
LogText "Result: This version is VERY outdated. Newer ${PROGRAM_ NAME} release available!" LogText "Result: This version is VERY outdated. Newer ${PROGRAM_ NAME} release available!"
ReportWarning "LYNIS" "Version of Lynis is very old and should b e updated" ReportWarning "LYNIS" "Version of Lynis is very old and should b e updated"
Report "lynis_update_available=1" Report "lynis_update_available=1"
UPDATE_AVAILABLE=1 UPDATE_AVAILABLE=1
else else
Display --indent 2 --text "- Program update status... " --result "UPDATE AVAILABLE" --color YELLOW Display --indent 2 --text "- Program update status... " --result "${STATUS_UPDATE_AVAILABLE}" --color YELLOW
LogText "Result: newer ${PROGRAM_NAME} release available!" LogText "Result: newer ${PROGRAM_NAME} release available!"
ReportSuggestion "LYNIS" "Version of Lynis outdated, consider up grading to the latest version" ReportSuggestion "LYNIS" "Version of Lynis outdated, consider up grading to the latest version"
Report "lynis_update_available=1" Report "lynis_update_available=1"
UPDATE_AVAILABLE=1 UPDATE_AVAILABLE=1
fi fi
else else
if [ ${UPDATE_CHECK_SKIPPED} -eq 0 ]; then if [ ${UPDATE_CHECK_SKIPPED} -eq 0 ]; then
Display --indent 2 --text "- Program update status... " --result "NO UPDATE" --color GREEN Display --indent 2 --text "- Program update status... " --result "${STATUS_NO_UPDATE}" --color GREEN
LogText "No ${PROGRAM_NAME} update available." LogText "No ${PROGRAM_NAME} update available."
Report "lynis_update_available=0" Report "lynis_update_available=0"
else else
Display --indent 2 --text "- Program update status... " --result "SKIPPED" --color YELLOW Display --indent 2 --text "- Program update status... " --result "${STATUS_SKIPPED}" --color YELLOW
LogText "Update check skipped due to constraints (e.g. missing d ig binary)" LogText "Update check skipped due to constraints (e.g. missing d ig binary)"
Report "lynis_update_available=-1" Report "lynis_update_available=-1"
fi fi
fi fi
fi fi
# Test for older releases, without testing via update mechanism # Test for older releases, without testing via update mechanism
if [ "${OS}" = "Solaris" ]; then if [ "${OS}" = "Solaris" ]; then
NOW=$(nawk 'BEGIN{print srand()}') NOW=$(nawk 'BEGIN{print srand()}')
else else
skipping to change at line 859 skipping to change at line 859
Report "systemd=1" Report "systemd=1"
else else
LogText "Result: systemd not found" LogText "Result: systemd not found"
HAS_SYSTEMD=0 HAS_SYSTEMD=0
Report "systemd=0" Report "systemd=0"
fi fi
# #
################################################################################ # ################################################################################ #
# #
if IsVerbose; then if IsVerbose; then
InsertSection "Program Details" InsertSection "${SECTION_PROGRAM_DETAILS}"
Display --indent 2 --text "- ${GEN_VERBOSE_MODE}" --result "YES" --color Display --indent 2 --text "- ${GEN_VERBOSE_MODE}" --result "${STATUS_YES
GREEN }" --color GREEN
if IsDebug; then if IsDebug; then
Display --indent 2 --text "- ${GEN_DEBUG_MODE}" --result "YES" --col or GREEN Display --indent 2 --text "- ${GEN_DEBUG_MODE}" --result "${STATUS_Y ES}" --color GREEN
else else
Display --indent 2 --text "- ${GEN_DEBUG_MODE}" --result "NO" --colo r RED Display --indent 2 --text "- ${GEN_DEBUG_MODE}" --result "${STATUS_N O}" --color RED
fi fi
fi fi
# #
################################################################################ # ################################################################################ #
# #
# Plugins # Plugins
if [ ${SKIP_PLUGINS} -eq 0 ]; then if [ ${SKIP_PLUGINS} -eq 0 ]; then
N_PLUGIN=0 N_PLUGIN=0
N_PLUGIN_ENABLED=0 N_PLUGIN_ENABLED=0
skipping to change at line 954 skipping to change at line 954
fi fi
fi fi
LogText "--" LogText "--"
done done
LogText "Result: Found ${N_PLUGIN} plugins of which ${N_PLUGIN_ENABL ED} are enabled" LogText "Result: Found ${N_PLUGIN} plugins of which ${N_PLUGIN_ENABL ED} are enabled"
LogText "Result: Plugins phase ${PLUGIN_PHASE} finished" LogText "Result: Plugins phase ${PLUGIN_PHASE} finished"
} }
RunPlugins 1 RunPlugins 1
if [ ${N_PLUGIN_ENABLED} -eq 0 ]; then if [ ${N_PLUGIN_ENABLED} -eq 0 ]; then
Display --indent 2 --text "- ${GEN_PLUGINS_ENABLED}" --result "NONE" --color WHITE Display --indent 2 --text "- ${GEN_PLUGINS_ENABLED}" --result "${STA TUS_NONE}" --color WHITE
Report "plugins_enabled=0" Report "plugins_enabled=0"
else else
Report "plugins_enabled=1" Report "plugins_enabled=1"
fi fi
fi fi
# #
################################################################################ # ################################################################################ #
# #
# Get host ID # Get host ID
LogTextBreak LogTextBreak
skipping to change at line 1014 skipping to change at line 1014
# Include available tests # Include available tests
for INCLUDE_TEST in ${INCLUDE_TESTS}; do for INCLUDE_TEST in ${INCLUDE_TESTS}; do
INCLUDE_FILE="${INCLUDEDIR}/tests_${INCLUDE_TEST}" INCLUDE_FILE="${INCLUDEDIR}/tests_${INCLUDE_TEST}"
if [ -f ${INCLUDE_FILE} ]; then if [ -f ${INCLUDE_FILE} ]; then
if SafeFile ${INCLUDE_FILE}; then if SafeFile ${INCLUDE_FILE}; then
. ${INCLUDE_FILE} . ${INCLUDE_FILE}
else else
LogText "Exception: skipping test category ${INCLUDE_TEST}, file ${INCLUDE_FILE} has bad permissions (should be 640, 600 or 400)" LogText "Exception: skipping test category ${INCLUDE_TEST}, file ${INCLUDE_FILE} has bad permissions (should be 640, 600 or 400)"
ReportWarning "NONE" "Invalid permissions on tests file test s_${INCLUDE_TEST}" ReportWarning "NONE" "Invalid permissions on tests file test s_${INCLUDE_TEST}"
# Insert a section and warn user also on screen # Insert a section and warn user also on screen
InsertSection "General" InsertSection "${SECTION_GENERAL}"
Display --indent 2 --text "- Running test category ${INCLUDE Display --indent 2 --text "- Running test category ${INCLUDE
_TEST}... " --result "SKIPPED" --color RED _TEST}... " --result "${STATUS_SKIPPED}" --color RED
fi fi
else else
echo "Error: Can't find file (category: ${INCLUDE_TEST})" echo "Error: Can't find file (category: ${INCLUDE_TEST})"
fi fi
done done
fi fi
# #
################################################################################ # ################################################################################ #
# #
skipping to change at line 1040 skipping to change at line 1040
# Custom tests # Custom tests
if [ -f ${INCLUDEDIR}/tests_custom ]; then if [ -f ${INCLUDEDIR}/tests_custom ]; then
LogText "Result: tests_custom file found in include directory" LogText "Result: tests_custom file found in include directory"
if SafePerms ${INCLUDEDIR}/tests_custom; then if SafePerms ${INCLUDEDIR}/tests_custom; then
Display --indent 2 --text "- Start custom tests... " Display --indent 2 --text "- Start custom tests... "
LogText "Result: file permissions fine, running custom tests" LogText "Result: file permissions fine, running custom tests"
. ${INCLUDEDIR}/tests_custom . ${INCLUDEDIR}/tests_custom
else else
LogText "Exception: skipping custom tests, file has bad permissi ons (should be 640, 600 or 400)" LogText "Exception: skipping custom tests, file has bad permissi ons (should be 640, 600 or 400)"
ReportWarning "NONE" "Invalid permissions on custom tests file" ReportWarning "NONE" "Invalid permissions on custom tests file"
Display --indent 2 --text "- Running custom tests... " --result "WARNING" --color RED Display --indent 2 --text "- Running custom tests... " --result "${STATUS_WARNING}" --color RED
fi fi
else else
Display --indent 2 --text "- Running custom tests... " --result "NON E" --color WHITE Display --indent 2 --text "- Running custom tests... " --result "${S TATUS_NONE}" --color WHITE
fi fi
fi fi
# #
################################################################################ # ################################################################################ #
# #
# Run helpers # Run helpers
# #
################################################################################ # ################################################################################ #
# #
if [ ${RUN_HELPERS} -eq 1 ]; then if [ ${RUN_HELPERS} -eq 1 ]; then
skipping to change at line 1076 skipping to change at line 1076
# #
################################################################################ # ################################################################################ #
# #
# Run phase 2 of plugins # Run phase 2 of plugins
# #
################################################################################ # ################################################################################ #
# #
if [ ${SKIP_PLUGINS} -eq 0 ]; then if [ ${SKIP_PLUGINS} -eq 0 ]; then
RunPlugins 2 RunPlugins 2
if [ ${N_PLUGIN_ENABLED} -gt 1 ]; then if [ ${N_PLUGIN_ENABLED} -gt 1 ]; then
Display --indent 2 --text "- Plugins (phase 2)" --result "DONE" --co lor GREEN Display --indent 2 --text "- Plugins (phase 2)" --result "${STATUS_D ONE}" --color GREEN
fi fi
fi fi
# #
################################################################################ # ################################################################################ #
# #
# Show test results overview # Show test results overview
# #
################################################################################ # ################################################################################ #
# #
# Store total performed tests # Store total performed tests
 End of changes. 18 change blocks. 
23 lines changed or deleted 23 lines changed or added

Home  |  About  |  Features  |  All  |  Newest  |  Dox  |  Diffs  |  RSS Feeds  |  Screenshots  |  Comments  |  Imprint  |  Privacy  |  HTTP(S)