"Fossies" - the Fresh Open Source Software Archive

Member "lynis/include/tests_homedirs" (21 Apr 2019, 5430 Bytes) of package /linux/misc/lynis-2.7.4.tar.gz:


As a special service "Fossies" has tried to format the requested source page into HTML format using (guessed) Bash source code syntax highlighting (style: standard) with prefixed line numbers. Alternatively you can here view or download the uninterpreted source code file. See also the last Fossies "Diffs" side-by-side code changes report for "tests_homedirs": 2.7.0_vs_2.7.1.

    1 #!/bin/sh
    2 
    3 #################################################################################
    4 #
    5 #   Lynis
    6 # ------------------
    7 #
    8 # Copyright 2007-2013, Michael Boelen
    9 # Copyright 2007-2019, CISOfy
   10 #
   11 # Website  : https://cisofy.com
   12 # Blog     : http://linux-audit.com
   13 # GitHub   : https://github.com/CISOfy/lynis
   14 #
   15 # Lynis comes with ABSOLUTELY NO WARRANTY. This is free software, and you are
   16 # welcome to redistribute it under the terms of the GNU General Public License.
   17 # See LICENSE file for usage of this software.
   18 #
   19 #################################################################################
   20 #
   21 # Home directories
   22 #
   23 #################################################################################
   24 #
   25     InsertSection "Home directories"
   26 #
   27 #################################################################################
   28 #
   29     # Ignore some top level directories (not the sub directories below)
   30     IGNORE_HOME_DIRS="/bin /boot /cdrom /dev /etc /home /lib /lib64 /media /mnt
   31                       /opt /proc /sbin /selinux /srv /sys /tmp /usr /var"
   32 #
   33 #################################################################################
   34 #
   35     # Test        : HOME-9302
   36     # Description : Create list with home directories
   37     Register --test-no HOME-9302 --weight L --network NO --category security --description "Create list with home directories"
   38     if [ ${SKIPTEST} -eq 0 ]; then
   39         # Read sixth field of /etc/passwd
   40         LogText "Test: query /etc/passwd to obtain home directories"
   41         FIND=$(${AWKBINARY} -F: '{ if ($1 !~ "#") print $6 }' /etc/passwd | ${SORTBINARY} -u)
   42         for I in ${FIND}; do
   43             if [ -d ${I} ]; then
   44                 LogText "Result: found home directory: ${I} (directory exists)"
   45                 Report "home_directory[]=${I}"
   46             else
   47                 LogText "Result: found home directory: ${I} (directory does not exist)"
   48             fi
   49         done
   50     fi
   51 #
   52 #################################################################################
   53 #
   54     # Test        : HOME-9310
   55     # Description : Check for suspicious shell history files
   56     Register --test-no HOME-9310 --weight L --network NO --category security --description "Checking for suspicious shell history files"
   57     if [ ${SKIPTEST} -eq 0 ]; then
   58         if [ ! -z "${HOMEDIRS}" ]; then
   59             if [ "${OS}" = "Solaris" ]; then
   60                 # Solaris doesn't support -maxdepth
   61                 FIND=$(${FINDBINARY} ${HOMEDIRS} -name ".*history" ! -type f -print)
   62             else
   63                 FIND=$(${FINDBINARY} ${HOMEDIRS} -maxdepth 1 -name ".*history" ! -type f -print)
   64             fi
   65             if [ -z "${FIND}" ]; then
   66                 Display --indent 2 --text "- Checking shell history files" --result "${STATUS_OK}" --color GREEN
   67                 LogText "Result: Ok, history files are type 'file'."
   68             else
   69                 Display --indent 2 --text "- Checking shell history files" --result "${STATUS_WARNING}" --color RED
   70                 LogText "Result: the following files seem to be of the wrong file type:"
   71                 LogText "Output: ${FIND}"
   72                 LogText "Info: above files could be redirected files to avoid logging and should be investigated"
   73                 ReportWarning ${TEST_NO} "Incorrect file type found for shell history file"
   74             fi
   75             LogText "Remarks: History files are normally of the type 'file'. Symbolic links and other types can be riskful."
   76         else
   77             Display --indent 2 --text "- Checking shell history files" --result "${STATUS_SKIPPED}" --color WHITE
   78             LogText "Result: Homedirs is empty, test will be skipped"
   79         fi
   80     fi
   81 #
   82 #################################################################################
   83 #
   84     # Test        : HOME-9314
   85     # Description : Check if non local paths are found in PATH, which can be a risk, but also bad for performance
   86     #               (like searching on a filer, instead of local disk)
   87     #Register --test-no HOME-9314 --weight L --network NO --category security --description "Create list with home directories"
   88 #
   89 #################################################################################
   90 #
   91     # Test        : HOME-9350
   92     # Description : Scan home directories for specific files, used in different tests later
   93     # Notes       : For performance reasons we combine the scanning of different files, so inode caching is used
   94     #               as much as possible for every find command
   95     # Profile opt : ignore-home-dir (multiple lines allowed), ignores home directory
   96     if [ ! -z "${REPORTFILE}" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
   97     Register --test-no HOME-9350 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Collecting information from home directories"
   98     if [ ${SKIPTEST} -eq 0 ]; then
   99         IGNORE_HOME_DIRS=$(${GREPBINARY} "^ignore-home-dir=" ${REPORTFILE} | ${AWKBINARY} -F= '{ print $2 }')
  100         if [ -z "${IGNORE_HOME_DIRS}" ]; then
  101             LogText "Result: IGNORE_HOME_DIRS empty, no paths excluded"
  102         else
  103             LogText "Output: ${IGNORE_HOME_DIRS}"
  104         fi
  105     fi
  106 #
  107 #################################################################################
  108 #
  109 
  110 WaitForKeyPress
  111 
  112 #
  113 #================================================================================
  114 # Lynis - Security Auditing and System Hardening for Linux and UNIX - https://cisofy.com