"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "include/functions" between
lynis-3.0.5.tar.gz and lynis-3.0.6.tar.gz

About: Lynis is a security and system auditing tool.

functions  (lynis-3.0.5):functions  (lynis-3.0.6)
skipping to change at line 964 skipping to change at line 964
HOSTID=$(echo ${FIND} | ${OPENSSLBINARY} sha -sha1 | awk '{ print $2 }') HOSTID=$(echo ${FIND} | ${OPENSSLBINARY} sha -sha1 | awk '{ print $2 }')
else else
ReportException "GetHostID" "No openssl binary avail able on this HP-UX system" ReportException "GetHostID" "No openssl binary avail able on this HP-UX system"
fi fi
else else
ReportException "GetHostID" "No MAC address found by usi ng nwmgr" ReportException "GetHostID" "No MAC address found by usi ng nwmgr"
fi fi
;; ;;
"Linux") "Linux")
# First use ip, then ifconfig as fallback # Try fetching information from /sys in case 'ip' is not ava
if [ -n "${IPBINARY}" ]; then ilable or does not give expected results
if IsEmpty "${FIND}" && [ -d /sys/class/net ]; then
NET_INTERFACES=$(${FINDBINARY} /sys/class/net ! -type d
-exec realpath {} \; 2> /dev/null | sort | awk -F'/' '!/virtual/ && /devices/ {f
or (x=1;x<=NF;x++) if ($x~"net") print $(x+1)}')
for INTERFACE in ${NET_INTERFACES}; do
if grep -q -s 'up' "/sys/class/net/${INTERFACE}/oper
state"; then
LogText "Interface '${INTERFACE}' is up, fetchin
g MAC address"
FIND=$(head -1 "/sys/class/net/${INTERFACE}/addr
ess" | tr '[:upper:]' '[:lower:]')
if HasData "${FIND}"; then
HOSTID_GEN="linux-sys-interface-up"
break
fi
fi
done
fi
# Next is to try ip, as it is available to most modern Linux
distributions
if IsEmpty "${FIND}" && [ -n "${IPBINARY}" ]; then
LogText "Info: trying output from 'ip' to generate HostI
D"
# Determine if we have the common available eth0 interfa ce. If so, give that priority. # Determine if we have the common available eth0 interfa ce. If so, give that priority.
# Note: apply sorting in case there would be multiple MA C addresses linked to increase predictable end result # Note: apply sorting in case there would be multiple MA C addresses linked to increase predictable end result
FIND=$(${IPBINARY} addr show eth0 2> /dev/null | grep -E "link/ether " | awk '{ print $2 }' | tr '[:upper:]' '[:lower:]' | sort | head - 1) FIND=$(${IPBINARY} addr show eth0 2> /dev/null | grep -E "link/ether " | awk '{ print $2 }' | tr '[:upper:]' '[:lower:]' | sort | head - 1)
if HasData "${FIND}"; then if HasData "${FIND}"; then
HOSTID_GEN="linux-ip-interface-eth0" HOSTID_GEN="linux-ip-interface-eth0"
else else
# Trying the most stable route here: # If eth0 does not exist, which is also common, then
# 1) First fetch all links that are UP and filter ou trying the next option:
t everything not starting with 'en' # 1) First fetch all links that are UP
# 2) Filter entries that have a MAC address and filt er out Docker related MAC addresses starting with '02:42:' # 2) Filter entries that have a MAC address and filt er out Docker related MAC addresses starting with '02:42:'
# 3) Convert everything to lowercase # 3) Convert everything to lowercase
# 4) Sort the entries, so that the output is more pr edictable between runs when the same interfaces are available # 4) Sort the entries, so that the output is more pr edictable between runs when the same interfaces are available
# 5) Select first entry # 5) Select first entry
FIND=$(${IPBINARY} -family link addr show up label ' en*' 2> /dev/null | awk '{if($1=="link/ether" && $2 !~ "^02:42:"){print $2}}' | tr '[:upper:]' '[:lower:]' | sort | head -1) FIND=$(${IPBINARY} -family link addr show up 2> /dev /null | awk '{if($1=="link/ether" && $2 !~ "^02:42:"){print $2}}' | tr '[:upper: ]' '[:lower:]' | sort | head -1)
if HasData "${FIND}"; then if HasData "${FIND}"; then
HOSTID_GEN="linux-ip-interface-other" HOSTID_GEN="linux-ip-interface-up-other"
else else
ReportException "GetHostID" "Can't create hostid (no MAC addresses found)" ReportException "GetHostID" "Can't create hostid (no MAC addresses found)"
fi fi
fi fi
elif [ -n "${IFCONFIGBINARY}" ]; then fi
# Finally try ifconfig
if IsEmpty "${FIND}" && [ -n "${IFCONFIGBINARY}" ]; then
LogText "Info: no information found from 'ip' or in /sys
, trying output from 'ifconfig'"
# Determine if we have the eth0 interface (not all Linux distributions have this, e.g. Arch) # Determine if we have the eth0 interface (not all Linux distributions have this, e.g. Arch)
HASETH0=$(${IFCONFIGBINARY} | grep "^eth0") HASETH0=$(${IFCONFIGBINARY} | grep "^eth0")
# Check if we can find it with HWaddr on the line # Check if we can find it with HWaddr on the line
FIND=$(${IFCONFIGBINARY} 2> /dev/null | grep "^eth0" | g rep -v "eth0:" | grep HWaddr | awk '{ print $5 }' | tr '[:upper:]' '[:lower:]') FIND=$(${IFCONFIGBINARY} 2> /dev/null | grep "^eth0" | g rep -v "eth0:" | grep HWaddr | awk '{ print $5 }' | tr '[:upper:]' '[:lower:]')
# If nothing found, then try first for alternative inter face. Else other versions of ifconfig (e.g. Slackware/Arch) # If nothing found, then try first for alternative inter face. Else other versions of ifconfig (e.g. Slackware/Arch)
if IsEmpty "${FIND}"; then if IsEmpty "${FIND}"; then
FIND=$(${IFCONFIGBINARY} 2> /dev/null | grep HWaddr) FIND=$(${IFCONFIGBINARY} 2> /dev/null | grep HWaddr)
if IsEmpty "${FIND}"; then if IsEmpty "${FIND}"; then
# If possible directly address eth0 to avoid ris king gathering the incorrect MAC address. # If possible directly address eth0 to avoid ris king gathering the incorrect MAC address.
skipping to change at line 1018 skipping to change at line 1038
LogText "Result: No eth0 found (but ethe r found), using first network interface to determine hostid (with ifconfig)" LogText "Result: No eth0 found (but ethe r found), using first network interface to determine hostid (with ifconfig)"
fi fi
fi fi
else else
FIND=$(${IFCONFIGBINARY} 2> /dev/null | grep HWa ddr | head -1 | awk '{ print $5 }' | tr '[:upper:]' '[:lower:]') FIND=$(${IFCONFIGBINARY} 2> /dev/null | grep HWa ddr | head -1 | awk '{ print $5 }' | tr '[:upper:]' '[:lower:]')
HOSTID_GEN="linux-ifconfig-interface-first-hwadd r" HOSTID_GEN="linux-ifconfig-interface-first-hwadd r"
fi fi
else else
HOSTID_GEN="linux-ifconfig-interface-eth0-hwaddr" HOSTID_GEN="linux-ifconfig-interface-eth0-hwaddr"
fi fi
else
ReportException "GetHostID" "Both ip and ifconfig tools
are missing"
fi fi
# Check if we found a HostID # Check if we found a MAC address to generate the HostID
if HasData "${FIND}"; then if HasData "${FIND}"; then
LogText "Info: using hardware address ${FIND} to create HostID" LogText "Info: using hardware address '${FIND}' to creat e HostID"
HOSTID=$(echo ${FIND} | ${SHA1SUMBINARY} | awk '{ print $1 }') HOSTID=$(echo ${FIND} | ${SHA1SUMBINARY} | awk '{ print $1 }')
LogText "Result: Found HostID: ${HOSTID}" LogText "Result: Found HostID: ${HOSTID}"
else else
ReportException "GetHostID" "Can't create HOSTID, comman d ip not found" ReportException "GetHostID" "HostID could not be generat ed"
fi fi
;; ;;
"macOS") "macOS")
FIND=$(${IFCONFIGBINARY} en0 | grep ether | head -1 | awk '{ print $2 }' | tr '[:upper:]' '[:lower:]') FIND=$(${IFCONFIGBINARY} en0 | grep ether | head -1 | awk '{ print $2 }' | tr '[:upper:]' '[:lower:]')
if [ ! "${FIND}" = "" ]; then if [ ! "${FIND}" = "" ]; then
HOSTID=$(echo ${FIND} | shasum | awk '{ print $1 }') HOSTID=$(echo ${FIND} | shasum | awk '{ print $1 }')
else else
ReportException "GetHostID" "No MAC address returned on macOS" ReportException "GetHostID" "No MAC address returned on macOS"
fi fi
skipping to change at line 1161 skipping to change at line 1179
if [ -z "${HOSTID2}" ]; then if [ -z "${HOSTID2}" ]; then
LogText "Info: start generation of HostID (version 2)" LogText "Info: start generation of HostID (version 2)"
FOUND=0 FOUND=0
DATA_SSH="" DATA_SSH=""
# Use public keys # Use public keys
SSH_KEY_FILES="ssh_host_ed25519_key.pub ssh_host_ecdsa_key.pub ssh_h ost_dsa_key.pub ssh_host_rsa_key.pub" SSH_KEY_FILES="ssh_host_ed25519_key.pub ssh_host_ecdsa_key.pub ssh_h ost_dsa_key.pub ssh_host_rsa_key.pub"
if [ -d /etc/ssh ]; then if [ -d /etc/ssh ]; then
for I in ${SSH_KEY_FILES}; do for I in ${SSH_KEY_FILES}; do
if [ ${FOUND} -eq 0 ]; then if [ ${FOUND} -eq 0 ]; then
if [ -f /etc/ssh/${I} ]; then if [ -f /etc/ssh/${I} ]; then
LogText "Result: found file ${I} in /etc/ssh, using that to create host identifier" LogText "Result: found file ${I} in /etc/ssh, using that as candidate to create hostid2"
DATA_SSH=$(cat /etc/ssh/${I}) DATA_SSH=$(cat /etc/ssh/${I})
FOUND=1 FOUND=1
fi fi
fi fi
done done
else else
LogText "Result: no /etc/ssh directory found, skipping" LogText "Result: no /etc/ssh directory found, skipping"
fi fi
STRING_TO_HASH="" STRING_TO_HASH=""
if [ ${FOUND} -eq 1 -a -n "${DATA_SSH}" ]; then if [ ${FOUND} -eq 1 -a -n "${DATA_SSH}" ]; then
LogText "Using SSH public key to create the second host identifi er" LogText "Using SSH public key to create hostid2"
STRING_TO_HASH="${DATA_SSH}" STRING_TO_HASH="${DATA_SSH}"
HOSTID2_GEN="ssh-public-key" HOSTID2_GEN="ssh-public-key"
else else
if [ -n "${MACHINEID}" ]; then if [ -n "${MACHINEID}" ]; then
LogText "Using the machine ID to create the second host iden tifier" LogText "Using the machine ID to create hostid2"
STRING_TO_HASH="${MACHINEID}" STRING_TO_HASH="${MACHINEID}"
HOSTID2_GEN="machine-id" HOSTID2_GEN="machine-id"
fi fi
fi fi
# Check if we have a string to turn into a host identifier # Check if we have a string to turn into a host identifier
if [ -n "${STRING_TO_HASH}" ]; then if [ -n "${STRING_TO_HASH}" ]; then
# Create hashes # Create hashes
if [ -n "${SHA256SUMBINARY}" ]; then if [ -n "${SHA256SUMBINARY}" ]; then
HASH2=$(echo ${STRING_TO_HASH} | ${SHA256SUMBINARY} | awk '{ print $1 }') HASH2=$(echo ${STRING_TO_HASH} | ${SHA256SUMBINARY} | awk '{ print $1 }')
HASH_HOSTNAME=$(echo ${HOSTNAME} | ${SHA256SUMBINARY} | awk '{ print $1 }') HASH_HOSTNAME=$(echo ${HOSTNAME} | ${SHA256SUMBINARY} | awk '{ print $1 }')
 End of changes. 12 change blocks. 
17 lines changed or deleted 43 lines changed or added

Home  |  About  |  Features  |  All  |  Newest  |  Dox  |  Diffs  |  RSS Feeds  |  Screenshots  |  Comments  |  Imprint  |  Privacy  |  HTTP(S)