"Fossies" - the Fresh Open Source Software Archive

Member "lynis/include/binaries" (22 Jul 2021, 39124 Bytes) of package /linux/misc/lynis-3.0.6.tar.gz:


As a special service "Fossies" has tried to format the requested source page into HTML format using (guessed) Bash source code syntax highlighting (style: standard) with prefixed line numbers and code folding option. Alternatively you can here view or download the uninterpreted source code file. See also the latest Fossies "Diffs" side-by-side code changes report for "binaries": 3.0.5_vs_3.0.6.

    1 #!/bin/sh
    2 
    3 #################################################################################
    4 #
    5 #   Lynis
    6 # ------------------
    7 #
    8 # Copyright 2007-2013, Michael Boelen
    9 # Copyright 2007-2021, CISOfy
   10 #
   11 # Website  : https://cisofy.com
   12 # Blog     : http://linux-audit.com
   13 # GitHub   : https://github.com/CISOfy/lynis
   14 #
   15 # Lynis comes with ABSOLUTELY NO WARRANTY. This is free software, and you are
   16 # welcome to redistribute it under the terms of the GNU General Public License.
   17 # See LICENSE file for usage of this software.
   18 #
   19 #################################################################################
   20 #
   21 # * Check which binaries and tools are installed
   22 # * With the results a customized scan can be performed for every single system.
   23 #
   24 #################################################################################
   25 #
   26     COMPILER_INSTALLED=0
   27     IDLE_SESSION_KILLER_INSTALLED=0
   28     MALWARE_SCANNER_INSTALLED=0
   29 #
   30 #################################################################################
   31 #
   32     if [ ${CHECK_BINARIES} -eq 1 ]; then
   33         InsertSection "${SECTION_SYSTEM_TOOLS}"
   34         Display --indent 2 --text "- Scanning available tools..."
   35         LogText "Start scanning for available audit binaries and tools..."
   36 
   37         # Test        : CORE-1000
   38         # Description : Check all system binaries
   39         # Notes       : Always perform test, dependency for many other tests
   40         Register --test-no CORE-1000 --weight L --network NO --description "Check all system binaries"
   41         BINARY_PATHS_FOUND=""; COUNT=0
   42         Display --indent 2 --text "- Checking system binaries..."
   43         LogText "Status: Starting binary scan..."
   44 
   45         # Notes:
   46         # - If PATH is empty, we use the predefined list in include/consts
   47         # - Common paths first, then followed by more specific paths. This helps on the slightly ancient UNIX derivatives.
   48         # - Avoid sorting the path list, as this might result in incorrect order of finding binaries (e.g. awk binary)
   49 
   50         # Test if our PATH variable provides a set of paths. If so, reverse the order. If we discover the same binary
   51         # multiple times, the one first in PATH should be used.
   52         if [ -n "${PATH}" ]; then
   53             PATH_REVERSED=$(echo "${PATH}" | sed 's/ /!!space!!/g' | awk -F: '{ for (i=NF; i>1; i--) printf("%s ",$i); print $1; }')
   54             BIN_PATHS=$(echo "${PATH_REVERSED}" | tr ':' ' ')
   55         fi
   56 
   57         # First test available locations that may be suspicious or dangerous
   58         for SCANDIR in ${BIN_PATHS}; do
   59             FOUND=0
   60             if [ "${SCANDIR}" = "." ]; then FOUND=1; MSG="Found single dot (.) in PATH"
   61             elif [ "${SCANDIR}" = ".." ]; then FOUND=1; MSG="Found double dot (..) in PATH"
   62             elif echo "${SCANDIR}" | grep '^\.\.' > /dev/null; then FOUND=1; MSG="Found path starting with double dot (..) in PATH"
   63             elif echo "${SCANDIR}" | grep '^[a-zA-Z]' > /dev/null; then FOUND=1; MSG="Found relative path in PATH"
   64             fi
   65             if [ ${FOUND} -eq 1 ]; then
   66                 # Stop execution if privileged, otherwise continue but warn user
   67                 if [ ${PRIVILEGED} -eq 1 ]; then
   68                     ExitFatal "Suspicious location (${SCANDIR}) in PATH discovered. Quitting..."
   69                 else
   70                     Display --indent 4 --text "Warning: suspicious location (${SCANDIR}) in PATH"
   71                     ReportWarning "${TEST_NO}" "Suspicious location in PATH discovered" "text:${MSG}"
   72                     sleep 1
   73                 fi
   74             fi
   75         done
   76 
   77         NSUID_BINARIES=0
   78         NSGID_BINARIES=0
   79         SUID_BINARIES=
   80         SGID_BINARIES=
   81         # Now perform binary detection
   82         for SCANDIR in ${BIN_PATHS}; do
   83             SCANDIR=$(echo "${SCANDIR}" | sed 's/!!space!!/ /g')
   84             LogText "Test: Checking binaries in directory ${SCANDIR}"
   85             ORGPATH=""
   86             if [ -d "${SCANDIR}" ]; then
   87                 SKIPDIR=0
   88                 if [ -L "${SCANDIR}" ]; then
   89                     LogText "Result: directory exists, but is actually a symlink"
   90                     ShowSymlinkPath ${SCANDIR}
   91                     if [ ${FOUNDPATH} -eq 1 ]; then
   92                         if [ -n "${SYMLINK}" -a -d ${SYMLINK} ]; then
   93                             # Set path to new location
   94                             LogText "Result: found the path behind this symlink (${SCANDIR} --> ${sFILE})"
   95                             ORGPATH="${SCANDIR}"
   96                             SCANDIR="${sFILE}"
   97                         else
   98                             SKIPDIR=1; LogText "Result: Symlink variable empty, or directory to symlink is non-existing"
   99                         fi
  100                     else
  101                         SKIPDIR=1; LogText "Result: Could not find the location of this symlink, or is not a directory"
  102                     fi
  103                 fi
  104 
  105                 # Add a space to make sure we discover a related directory if it was already scanned
  106                 # The grep -v is to prevent a match /usr/bin in something like /usr/bin/core_perl
  107                 FIND=$(echo ${BINARY_PATHS_FOUND} | grep ", ${SCANDIR}" | grep -v ", ${SCANDIR}/")
  108                 if [ -n "${FIND}" ]; then
  109                     SKIPDIR=1; LogText "Result: Skipping this directory as it was already scanned"
  110                 fi
  111 
  112                 if [ ${SKIPDIR} -eq 0 ]; then
  113                     BINARY_PATHS_FOUND="${BINARY_PATHS_FOUND}, ${SCANDIR}"
  114                     LogText "Directory ${SCANDIR} exists. Starting directory scanning..."
  115 
  116                     # Show the contents of the directory with binaries, ignore directories
  117                     FIND=$(ls -p "${SCANDIR}" | grep -v '/$')
  118                     for FILENAME in ${FIND}; do
  119                         COUNT=$((COUNT + 1))
  120                         BINARY="${SCANDIR}/${FILENAME}"
  121                         DISCOVERED_BINARIES="${DISCOVERED_BINARIES}${BINARY} "
  122                         if [ -u "${BINARY}" ]; then
  123                             NSUID_BINARIES=$((NSUID_BINARIES + 1))
  124                             SUID_BINARIES="${SUID_BINARIES}${BINARY} "
  125                         fi
  126                         if [ -g "${BINARY}" ]; then
  127                             NSGID_BINARIES=$((NSGID_BINARIES + 1))
  128                             SGID_BINARIES="${SGID_BINARIES}${BINARY} "
  129                         fi
  130                         # Optimized, much quicker (limited file access needed)
  131                         case ${FILENAME} in
  132                             aa-status)              AASTATUSBINARY=${BINARY};          LogText "  Found known binary: aa-status (apparmor component) - ${BINARY}" ;;
  133                             afick.pl)               AFICKBINARY=${BINARY};             LogText "  Found known binary: afick (file integrity checker) - ${BINARY}" ;;
  134                             aide)                   AIDEBINARY=${BINARY};              LogText "  Found known binary: aide (file integrity checker) - ${BINARY}" ;;
  135                             apache2)                HTTPDBINARY=${BINARY};             LogText "  Found known binary: apache2 (web server) - ${BINARY}" ;;
  136                             apt)                    APTBINARY=${BINARY};               LogText "  Found known binary: apt (package manager) - ${BINARY}" ;;
  137                             arch-audit)             ARCH_AUDIT_BINARY="${BINARY}";     LogText "  Found known binary: arch-audit (auditing utility to test for vulnerable packages) - ${BINARY}" ;;
  138                             auditd)                 AUDITDBINARY=${BINARY};            LogText "  Found known binary: auditd (audit framework) - ${BINARY}" ;;
  139                             awk)                    AWKBINARY=${BINARY};               LogText "  Found known binary: awk (string tool) - ${BINARY}" ;;
  140                             as)                     ASBINARY="${BINARY}";              COMPILER_INSTALLED=1;                  LogText "  Found known binary: as (compiler) - ${BINARY}" ;;
  141                             auditctl)               AUDITCTLBINARY="${BINARY}";        LogText "  Found known binary: auditctl (control utility for audit daemon) - ${BINARY}" ;;
  142                             autolog)                AUTOLOGBINARY="${BINARY}";         IDLE_SESSION_KILLER_INSTALLED=1;       LogText "  Found known binary: autolog (idle session killer) - ${BINARY}" ;;
  143                             base64)                 BASE64BINARY="${BINARY}";          LogText "  Found known binary: base64 (encoding tool) - ${BINARY}" ;;
  144                             blkid)                  BLKIDBINARY="${BINARY}";           LogText "  Found known binary: blkid (information about block devices) - ${BINARY}" ;;
  145                             bootctl)                BOOTCTLBINARY="${BINARY}";         LogText "  Found known binary: bootctl (systemd-boot manager utility) - ${BINARY}" ;;
  146                             bro)                    BROBINARY="${BINARY}";             LogText "  Found known binary: bro (IDS) - ${BINARY}" ;;
  147                             cat)                    CAT_BINARY="${BINARY}";            LogText "  Found known binary: cat (generic file handling) - ${BINARY}" ;;
  148                             cc)                     CCBINARY="${BINARY}";              COMPILER_INSTALLED=1;  LogText "  Found known binary: cc (compiler) - ${BINARY}" ;;
  149                             chkconfig)              CHKCONFIGBINARY=${BINARY};         LogText "  Found known binary: chkconfig (administration tool) - ${BINARY}" ;;
  150                             clamconf)               CLAMCONF_BINARY=${BINARY};         LogText "  Found known binary: clamconf (information about ClamAV) - ${BINARY}" ;;
  151                             clamscan)               CLAMSCANBINARY=${BINARY};          LogText "  Found known binary: clamscan (AV scanner) - ${BINARY}" ;;
  152                             clang)                  CLANGBINARY=${BINARY};             COMPILER_INSTALLED=1;  LogText "  Found known binary: clang (compiler) - ${BINARY}" ;;
  153                             cfagent)                CFAGENTBINARY="${BINARY}";         FILE_INT_TOOL_FOUND=1;                 LogText "  Found known binary: cfengine agent (configuration tool) - ${BINARY}" ;;
  154                             chkrootkit)             CHKROOTKITBINARY="${BINARY}";      MALWARE_SCANNER_INSTALLED=1;           LogText "  Found known binary: chkrootkit (malware scanner) - ${BINARY}" ;;
  155                             cmd_daemon)             CMDBINARY=${BINARY};               LogText "  Found known binary: cmd (audit framework) - ${BINARY}" ;;
  156                             comm)                   COMMBINARY="${BINARY}";            LogText "  Found known binary: comm (file compare) - ${BINARY}" ;;
  157                             cryptsetup)             CRYPTSETUPBINARY="${BINARY}";      LogText "  Found known binary: cryptsetup (block device encryption) - ${BINARY}" ;;
  158                             csum)                   CSUMBINARY="${BINARY}";            LogText "  Found known binary: csum (hashing tool on AIX) - ${BINARY}" ;;
  159                             curl)                   CURLBINARY="${BINARY}";            CURLVERSION=$(${BINARY} --version | grep "^curl" | awk '{ if ($1=="curl") { print $2 }}'); LogText "  Found known binary: curl (browser, download utility) - ${BINARY}" ;;
  160                             cut)                    CUTBINARY="${BINARY}";             LogText "  Found known binary: cut (text stream editor) - ${BINARY}" ;;
  161                             debsecan)               DEBSECANBINARY="${BINARY}";        LogText "  Found known binary: debsecan (package vulnerability checking) - ${BINARY}" ;;
  162                             debsums)                DEBSUMSBINARY="${BINARY}";         LogText "  Found known binary: debsums (package integrity checking) - ${BINARY}" ;;
  163                             dig)                    DIGBINARY=${BINARY};               LogText "  Found known binary: dig (network/dns tool) - ${BINARY}" ;;
  164                             dmidecode)              DMIDECODEBINARY=${BINARY};         LogText "  Found known binary: dmidecode (hardware collector tool) - ${BINARY}" ;;
  165                             dnf)                    DNFBINARY="${BINARY}";             LogText "  Found known binary: dnf (package manager) - ${BINARY}" ;;
  166                             dnsdomainname)          DNSDOMAINNAMEBINARY="${BINARY}";   LogText "  Found known binary: dnsdomainname (DNS domain) - ${BINARY}" ;;
  167                             docker)                 DOCKERBINARY="${BINARY}";          LogText "  Found known binary: docker (container technology) - ${BINARY}" ;;
  168                             domainname)             DOMAINNAMEBINARY="${BINARY}";      LogText "  Found known binary: domainname (NIS domain) - ${BINARY}" ;;
  169                             dpkg)                   DPKGBINARY="${BINARY}";            LogText "  Found known binary: dpkg (package management) - ${BINARY}" ;;
  170                             xbps-query)             XBPSBINARY="${BINARY}";            LogText "  Found known binary: xbps (package management) - ${BINARY}" ;;
  171                             egrep)                  EGREPBINARY=${BINARY};             LogText "  Found known binary: egrep (text search) - ${BINARY}" ;;
  172                             equery)                 EQUERYBINARY="${BINARY}";          LogText "  Found known binary: query (package manager) - ${BINARY}" ;;
  173                             evmctl)                 EVMCTLBINARY=${BINARY};            LogText "  Found known binary: evmctl (IMA/EVM tool) - ${BINARY}" ;;
  174                             exim)                   EXIMBINARY="${BINARY}";            EXIMVERSION=$(${BINARY} -bV | grep 'Exim version' | awk '{ print $3 }' | xargs); LogText "  Found known binary ${BINARY} (version ${EXIMVERSION})" ;;
  175                             fail2ban-server)        FAIL2BANBINARY="${BINARY}";        LogText "  Found known binary: fail2ban (IPS tool) - ${BINARY}" ;;
  176                             file)                   FILEBINARY="${BINARY}";            LogText "  Found known binary: file (file type detection) - ${BINARY}" ;;
  177                             find)                   FINDBINARY="${BINARY}";            LogText "  Found known binary: find (search tool) - ${BINARY}" ;;
  178                             g++)                    GPLUSPLUSBINARY="${BINARY}";       COMPILER_INSTALLED=1;  LogText "  Found known binary: g++ (compiler) - ${BINARY}" ;;
  179                             gcc)                    GCCBINARY="${BINARY}";             COMPILER_INSTALLED=1;  LogText "  Found known binary: gcc (compiler) - ${BINARY}" ;;
  180                             getcap)                 GETCAPBINARY="${BINARY}";          LogText "  Found known binary: getcap (kernel capabilities) - ${BINARY}" ;;
  181                             getent)                 GETENT_BINARY="${BINARY}";         LogText "  Found known binary: getent (query tool for name service switch libraries) - ${BINARY}" ;;
  182                             gradm)                  GRADMBINARY=${BINARY};             LogText "  Found known binary: gradm (Grsecurity Administration Utility) - ${BINARY}" ;;
  183                             grep)                   GREPBINARY=${BINARY};              LogText "  Found known binary: grep (text search) - ${BINARY}" ;;
  184                             grpck)                  GRPCKBINARY="${BINARY}";           LogText "  Found known binary: grpck (consistency checker) - ${BINARY}" ;;
  185                             grub2-install)          GRUB2INSTALLBINARY=${BINARY};      LogText "  Found known binary: grub2-install (installer for boot loader) - ${BINARY}" ;;
  186                             gzip)                   GZIPBINARY="${BINARY}";            LogText "  Found known binary: gzip (compressing utility) - ${BINARY}" ;;
  187                             head)                   HEADBINARY="${BINARY}";            LogText "  Found known binary: head (text filter) - ${BINARY}" ;;
  188                             httpd)                  HTTPDBINARY="${BINARY}";           LogText "  Found known binary: httpd (web server) - ${BINARY}" ;;
  189                             httpd2-prefork)         HTTPDBINARY=${BINARY};             LogText "  Found known binary: apache2 (web server) - ${BINARY}" ;;
  190                             initctl)                INITCTLBINARY=${BINARY};           SERVICE_MANAGER="upstart";  LogText "  Found known binary: initctl (client to upstart init) - ${BINARY}" ;;
  191                             ifconfig)               IFCONFIGBINARY="${BINARY}";        LogText "  Found known binary: ipconfig (IP configuration) - ${BINARY}" ;;
  192                             integritysetup)         INTEGRITYSETUPBINARY="${BINARY}";  LogText "  Found known binary: integritysetup (dm-integrity setup tool) - ${BINARY}" ;;
  193                             ip)                     IPBINARY="${BINARY}";              LogText "  Found known binary: ip (IP configuration) - ${BINARY}" ;;
  194                             ipf)                    IPFBINARY="${BINARY}";             LogText "  Found known binary: ipf (firewall) - ${BINARY}" ;;
  195                             iptables)               IPTABLESBINARY="${BINARY}";        LogText "  Found known binary: iptables (firewall) - ${BINARY}" ;;
  196                             iptables-save)          IPTABLESSAVEBINARY="${BINARY}";    LogText "  Found known binary: iptables-save (firewall) - ${BINARY}" ;;
  197                             istat)                  ISTATBINARY="${BINARY}";           LogText "  Found known binary: istat (file information) - ${BINARY}" ;;
  198                             journalctl)             JOURNALCTLBINARY="${BINARY}";      LogText "  Found known binary: journalctl (systemd journal) - ${BINARY}" ;;
  199                             kldstat)                KLDSTATBINARY="${BINARY}";         LogText "  Found known binary: kldstat (kernel modules) - ${BINARY}" ;;
  200                             kstat)                  KSTATBINARY="${BINARY}";           LogText "  Found known binary: kstat (kernel statistics) - ${BINARY}" ;;
  201                             launchctl)              LAUNCHCTL_BINARY="${BINARY}";      SERVICE_MANAGER="launchd"; LogText "  Found known binary: launchctl (launchd client) - ${BINARY}" ;;
  202                             locate)                 LOCATEBINARY="${BINARY}";          LogText "  Found known binary: locate (file database) - ${BINARY}" ;;
  203                             logrotate)              LOGROTATEBINARY="${BINARY}";       LogText "  Found known binary: logrotate (log rotation tool) - ${BINARY}" ;;
  204                             ls)                     LSBINARY="${BINARY}";              LogText "  Found known binary: ls (file listing) - ${BINARY}" ;;
  205                             lsattr)                 LSATTRBINARY="${BINARY}";          LogText "  Found known binary: lsattr (file attributes) - ${BINARY}" ;;
  206                             lsblk)                  LSBLKBINARY="${BINARY}";           LogText "  Found known binary: lsblk (block devices) - ${BINARY}" ;;
  207                             lsmod)                  LSMODBINARY="${BINARY}";           LogText "  Found known binary: lsmod (kernel modules) - ${BINARY}" ;;
  208                             lsof)
  209                                 LSOFBINARY="${BINARY}"
  210                                 LogText "  Found known binary: lsof (open files) - ${BINARY}"
  211                                 DATA=$(${LSOFBINARY} -h 2>&1 | grep "\-K \[i\] list\|\(i\)gn tasKs")
  212                                 if [ $? -eq 0 ]; then
  213                                     LogText "Note: added -K i to ignore tasks on Linux"
  214                                     LSOF_EXTRA_OPTIONS=" -K i"
  215                                 fi
  216                             ;;
  217                             lsvg)                   LSVGBINARY=${BINARY};              LogText "  Found known binary: lsvg (volume manager) - ${BINARY}" ;;
  218                             lvdisplay)              LVDISPLAYBINARY="${BINARY}";       LogText "  Found known binary: lvdisplay (LVM tool) - ${BINARY}" ;;
  219                             lynx)                   LYNXBINARY="${BINARY}";            LYNXVERSION=$(${BINARY} -version | grep "^Lynx Version" | cut -d ' ' -f3); LogText "Found known binary: lynx (browser) - ${BINARY} (version ${LYNXVERSION})" ;;
  220                             maldet)                 LMDBINARY="${BINARY}";             MALWARE_SCANNER_INSTALLED=1;           LogText "  Found known binary: maldet (Linux Malware Detect, malware scanner) - ${BINARY}" ;;
  221                             md5)                    MD5BINARY="${BINARY}";             LogText "  Found known binary: md5 (hash tool) - ${BINARY}" ;;
  222                             md5sum)                 MD5BINARY="${BINARY}";             LogText "  Found known binary: md5sum (hash tool) - ${BINARY}" ;;
  223                             mdatp)                  MDATPBINARY="${BINARY}";           MALWARE_SCANNER_INSTALLED=1;           LogText "  Found known binary: mdatp (Microsoft Defender ATP, malware scanner) - ${BINARY}" ;;
  224                             modprobe)               MODPROBEBINARY="${BINARY}";        LogText "  Found known binary: modprobe (kernel modules) - ${BINARY}" ;;
  225                             mount)                  MOUNTBINARY="${BINARY}";           LogText "  Found known binary: mount (disk utility) - ${BINARY}" ;;
  226                             mtree)                  MTREEBINARY="${BINARY}";           LogText "  Found known binary: mtree (mapping directory tree) - ${BINARY}" ;;
  227                             mysql)                  MYSQLCLIENTBINARY="${BINARY}";     MYSQLCLIENTVERSION=$(${BINARY} -V | awk '{ if ($4=="Distrib") { print $5 }}' | sed 's/,//g') ;  LogText "Found ${BINARY} (version: ${MYSQLCLIENTVERSION})" ;;
  228                             named-checkconf)        NAMEDCHECKCONFBINARY="${BINARY}";  LogText "  Found known binary: named-checkconf (BIND configuration analyzer) - ${BINARY}" ;;
  229                             netstat)                NETSTATBINARY="${BINARY}";         LogText "  Found known binary: netstat (network statistics) - ${BINARY}" ;;
  230                             nft)                    NFTBINARY="${BINARY}";             LogText "  Found known binary: nft (nftables client) - ${BINARY}" ;;
  231                             nmap)                   NMAPBINARY="${BINARY}";            NMAPVERSION=$(${BINARY} -V | grep "^Nmap version" | awk '{ print $3 }'); LogText "Found ${BINARY} (version ${NMAPVERSION})" ;;
  232                             ntpctl)                 NTPCTLBINARY="${BINARY}";                LogText "  Found known binary: ntpctl (openntpd client) - ${BINARY}" ;;
  233                             ntpq)                   NTPQBINARY="${BINARY}";            LogText "  Found known binary ntpq (time daemon client) - ${BINARY}" ;;
  234                             osiris)                 OSIRISBINARY="${BINARY}";          LogText "  Found known binary: osiris - ${BINARY}" ;;
  235                             openssl)                OPENSSLBINARY="${BINARY}";         OPENSSLVERSION=$(${BINARY} version 2> /dev/null | head -n 1 | awk '{ print $2 }' | xargs); LogText "Found ${BINARY} (version ${OPENSSLVERSION})" ;;
  236                             pacman)
  237                                 if [ -z "$(echo "${BINARY}" | grep -E "/usr(/local)?/games")" ]; then
  238                                     PACMANBINARY="${BINARY}"
  239                                     LogText "  Found known binary: pacman (package manager) - ${BINARY}"
  240                                 fi
  241                             ;;
  242                             perl)                   PERLBINARY="${BINARY}";            PERLVERSION=$(${BINARY} -V:version | sed 's/^version=//' | sed 's/;//' | xargs); LogText "Found ${BINARY} (version ${PERLVERSION})" ;;
  243                             pgrep)                  PGREPBINARY="${BINARY}";           LogText "  Found known binary: pgrep (search in process list) - ${BINARY}" ;;
  244                             php)                    PHPBINARY="${BINARY}";             PHPVERSION=$(${BINARY} -v | awk '{ if ($1=="PHP") { print $2 }}' | head -1); LogText "Found known binary: php (programming language interpreter) - ${BINARY} (version ${PHPVERSION})" ;;
  245                             pkg)                    PKG_BINARY="${BINARY}";            LogText "  Found known binary: pkg (software package administration) - ${BINARY}" ;;
  246                             pkg_admin)              PKGADMINBINARY="${BINARY}";        LogText "  Found known binary: pkg_admin (software package administration) - ${BINARY}" ;;
  247                             pkg_info)               PKGINFOBINARY="${BINARY}";         LogText "  Found known binary: pkg_info (software package information) - ${BINARY}" ;;
  248                             postconf)               POSTCONFBINARY="${BINARY}";        LogText "  Found known binary: postconf (postfix configuration) - ${BINARY}" ;;
  249                             postfix)                POSTFIXBINARY="${BINARY}";         LogText "  Found known binary: postfix (postfix binary) - ${BINARY}" ;;
  250                             prelink)                PRELINKBINARY="${BINARY}";         LogText "  Found known binary: prelink (system optimizer) - ${BINARY}" ;;
  251                             pfctl)                  PFCTLBINARY="${BINARY}";           LogText "  Found known binary: pfctl (client to pf firewall) - ${BINARY}" ;;
  252                             ps)                     PSBINARY="${BINARY}";              LogText "  Found known binary: ps (process listing) - ${BINARY}" ;;
  253                             puppet)                 PUPPETBINARY="${BINARY}";          LogText "  Found known binary: puppet (automation tooling) - ${BINARY}" ;;
  254                             puppetmasterd)          PUPPETMASTERDBINARY="${BINARY}";   LogText "  Found known binary: puppetmasterd (puppet master daemon) - ${BINARY}" ;;
  255                             python)                 PYTHONBINARY="${BINARY}";          PYTHONVERSION=$(${BINARY}  --version 2>&1 | sed 's/^Python //'); LogText "Found known binary: ${FILENAME} (programming language interpreter) - ${BINARY} (version ${PYTHONVERSION})" ;;
  256                             python2)                PYTHON2BINARY="${BINARY}";         PYTHON2VERSION=$(${BINARY}  --version 2>&1 | sed 's/^Python //'); LogText "Found known binary: ${FILENAME} (programming language interpreter) - ${BINARY} (version ${PYTHON2VERSION})" ;;
  257                             python3)                PYTHON3BINARY="${BINARY}";         PYTHON3VERSION=$(${BINARY}  --version 2>&1 | sed 's/^Python //'); LogText "Found known binary: ${FILENAME} (programming language interpreter) - ${BINARY} (version ${PYTHON3VERSION})" ;;
  258                             rcctl)                  RCCTLBINARY="${BINARY}";           LogText "  Found known binary: rcctl (services and daemons configuration and control) - ${BINARY}" ;;
  259                             readlink)               READLINKBINARY="${BINARY}";        LogText "  Found known binary: readlink (follows symlinks) - ${BINARY}" ;;
  260                             resolvectl)             RESOLVECTLBINARY="${BINARY}";      LogText "  Found known binary: resolvectl (systemd-resolved DNS resolver manager) - ${BINARY}" ;;
  261                             rkhunter)               RKHUNTERBINARY="${BINARY}";        MALWARE_SCANNER_INSTALLED=1;           LogText "  Found known binary: rkhunter (malware scanner) - ${BINARY}" ;;
  262                             rootsh)                 ROOTSHBINARY="${BINARY}";          LogText "  Found known binary: rootsh (wrapper for shells) - ${BINARY}" ;;
  263                             rpcinfo)                RPCINFOBINARY="${BINARY}";         LogText "  Found known binary: rpcinfo (RPC information) - ${BINARY}" ;;
  264                             rpm)                    RPMBINARY="${BINARY}";             LogText "  Found known binary: rpm (package manager) - ${BINARY}" ;;
  265                             runlevel)               RUNLEVELBINARY="${BINARY}";        LogText "  Found known binary: runlevel (system utility) - ${BINARY}" ;;
  266                             salt-master)            SALTMASTERBINARY="${BINARY}";      LogText "  Found known binary: salt-master (SaltStack master) - ${BINARY}" ;;
  267                             salt-minion)            SALTMINIONBINARY="${BINARY}";      LogText "  Found known binary: salt-minion (SaltStack client) - ${BINARY}" ;;
  268                             samhain)                SAMHAINBINARY="${BINARY}";         LogText "  Found known binary: samhain (integrity tool) - ${BINARY}" ;;
  269                             service)                SERVICEBINARY="${BINARY}";         LogText "  Found known binary: service (system services) - ${BINARY}" ;;
  270                             sed)                    SEDBINARY="${BINARY}";             LogText "  Found known binary: sed (text stream editor) - ${BINARY}" ;;
  271                             semanage)               SEMANAGEBINARY="${BINARY}";        LogText "  Found known binary: semanage (SELinux policy management tool) - ${BINARY}" ;;
  272                             sestatus)               SESTATUSBINARY="${BINARY}";        LogText "  Found known binary: sestatus (SELinux status tool) - ${BINARY}" ;;
  273                             slocate)                LOCATEBINARY="${BINARY}";          LogText "  Found known binary: slocate (file database) - ${BINARY}" ;;
  274                             smbd)                   SMBDBINARY="${BINARY}";            if [ "${OS}" = "macOS" ]; then SMBDVERSION="unknown"; else SMBDVERSION=$(${BINARY} -V | grep "^Version" | awk '{ print $2 }'); fi; LogText "Found ${BINARY} (version ${SMBDVERSION})" ;;
  275                             smtpctl)                SMTPCTLBINARY="${BINARY}";         LogText "  Found known binary: smtpctl (OpenSMTPD client) - ${BINARY}" ;;
  276                             showmount)              SHOWMOUNTBINARY="${BINARY}";       LogText "  Found known binary: showmount (NFS mounts) - ${BINARY}" ;;
  277                             snort)                  SNORTBINARY="${BINARY}";           LogText "  Found known binary: snort (IDS) - ${BINARY}" ;;
  278                             sockstat)               SOCKSTATBINARY="${BINARY}";        LogText "  Found known binary: sockstat (open network sockets) - ${BINARY}" ;;
  279                             sort)                   SORTBINARY="${BINARY}";            LogText "  Found known binary: sort (sort data streams) - ${BINARY}" ;;
  280                             squid)                  SQUIDBINARY="${BINARY}";           LogText "  Found known binary: squid (proxy) - ${BINARY}" ;;
  281                             ss)                     SSBINARY="${BINARY}";              LogText "  Found known binary: ss (show sockets) - ${BINARY}" ;;
  282                             sshd)                   SSHDBINARY="${BINARY}";            SSHDVERSION=$(${BINARY} -t -d 2>&1 | grep 'sshd version' | awk '{ print $4 }' | cut -d '_' -f2 | tr -d ',' | tr -d '\r'); LogText "Found ${BINARY} (version ${SSHDVERSION})" ;;
  283                             stat)                   STATBINARY="${BINARY}";            LogText "  Found known binary: stat (file information) - ${BINARY}" ;;
  284                             strings)                STRINGSBINARY="${BINARY}";         LogText "  Found known binary: strings (text strings search) - ${BINARY}" ;;
  285                             sha1|sha1sum|shasum)    SHA1SUMBINARY="${BINARY}";         LogText "  Found known binary: sha1/sha1sum/shasum (crypto hashing) - ${BINARY}" ;;
  286                             sha256|sha256sum)       SHA256SUMBINARY="${BINARY}";       LogText "  Found known binary: sha256/sha256sum (crypto hashing) - ${BINARY}" ;;
  287                             ssh-keyscan)            SSHKEYSCANBINARY="${BINARY}";      LogText "  Found known binary: ssh-keyscan (scanner for SSH keys) - ${BINARY}" ;;
  288                             suricata)               SURICATABINARY="${BINARY}";        LogText "  Found known binary: suricata (IDS) - ${BINARY}" ;;
  289                             swapon)                 SWAPONBINARY="${BINARY}";          LogText "  Found known binary: swapon (swap device tool) - ${BINARY}" ;;
  290                             svcs)                   SVCSBINARY="${BINARY}" ;           LogText "  Found known binary: svcs (service manager) - ${BINARY}" ;;
  291                             swupd)                  SWUPDBINARY="${BINARY}";           LogText "  Found known binary: swupd (package manager) - ${BINARY}" ;;
  292                             synoavd)                SYNOAVDBINARY=${BINARY};           LogText "  Found known binary: synoavd (Synology AV scanner) - ${BINARY}" ;;
  293                             sysctl)                 SYSCTLBINARY="${BINARY}";          LogText "  Found known binary: sysctl (kernel parameters) - ${BINARY}" ;;
  294                             syslog-ng)              SYSLOGNGBINARY="${BINARY}";        SYSLOGNGVERSION=$(${BINARY} -V 2>&1 | grep "^syslog-ng" | awk '{ print $2 }'); LogText "Found ${BINARY} (version ${SYSLOGNGVERSION})" ;;
  295                             systemctl)              SYSTEMCTLBINARY="${BINARY}";       LogText "  Found known binary: systemctl (client to systemd) - ${BINARY}" ;;
  296                             systemd-analyze)        SYSTEMDANALYZEBINARY="${BINARY}";  LogText "  Found known binary: systemd-analyze (systemd service analysis tool) - ${BINARY}" ;;
  297                             tail)                   TAILBINARY="${BINARY}";            LogText "  Found known binary: tail (text filter) - ${BINARY}" ;;
  298                             timedatectl)            TIMEDATECTL="${BINARY}";           LogText "  Found known binary: timedatectl (timedate client) - ${BINARY}" ;;
  299                             tomoyo-init)            TOMOYOINITBINARY=${BINARY};        LogText "  Found known binary: tomoyo-init (tomoyo component) - ${BINARY}" ;;
  300                             tomoyo-pstree)          TOMOYOPSTREEBINARY=${BINARY};      LogText "  Found known binary: tomoyo-pstree (tomoyo process tree) - ${BINARY}" ;;
  301                             tr)                     TRBINARY="${BINARY}";              LogText "  Found known binary: tr (text transformation) - ${BINARY}" ;;
  302                             tripwire)               TRIPWIREBINARY="${BINARY}";        LogText "  Found known binary: tripwire (file integrity) - ${BINARY}" ;;
  303                             tune2fs)                TUNE2FSBINARY="${BINARY}";         LogText "  Found known binary: tune2fs (file system tool) - ${BINARY}" ;;
  304                             uname)                  UNAMEBINARY="${BINARY}";           LogText "  Found known binary: uname (operating system details) - ${BINARY}" ;;
  305                             uniq)                   UNIQBINARY="${BINARY}";            LogText "  Found known binary: uniq (text manipulation utility) - ${BINARY}";;
  306                             usbguard)               USBGUARDBINARY="${BINARY}";        LogText "  Found known binary: usbguard (USB security tool) - ${BINARY}" ;;
  307                             veritysetup)            VERITYSETUPBINARY="${BINARY}";     LogText "  Found known binary: veritysetup (dm-verity setup tool) - ${BINARY}" ;;
  308                             vgdisplay)              VGDISPLAYBINARY="${BINARY}";       LogText "  Found known binary: vgdisplay (LVM tool) - ${BINARY}" ;;
  309                             vmtoolsd)               VMWARETOOLSDBINARY="${BINARY}";    LogText "  Found known binary: vmtoolsd (VMWare tools) - ${BINARY}" ;;
  310                             wc)                     WCBINARY="${BINARY}";              LogText "  Found known binary: wc (word count) - ${BINARY}" ;;
  311                             wget)                   WGETBINARY="${BINARY}";            WGETVERSION=$(${BINARY} -V 2> /dev/null | grep "^GNU Wget" | awk '{ print $3 }'); LogText "Found ${BINARY} (version ${WGETVERSION})" ;;
  312                             yum)                    YUMBINARY="${BINARY}";             LogText "  Found known binary: yum (package manager) - ${BINARY}" ;;
  313                             xargs)                  XARGSBINARY="${BINARY}";           LogText "  Found known binary: xargs (command output redirection) - ${BINARY}" ;;
  314                             zgrep)                  ZGREPBINARY=${BINARY};             LogText "  Found known binary: zgrep (text search for compressed files) - ${BINARY}" ;;
  315                             zypper)                 ZYPPERBINARY="${BINARY}";          LogText "  Found known binary: zypper (package manager) - ${BINARY}" ;;
  316                         esac
  317                     done
  318                 else
  319                     LogText "Result: Directory ${SCANDIR} skipped"
  320                     if [ -n "${ORGPATH}" ]; then TEXT="${ORGPATH} (links to ${SCANDIR})"; else TEXT="${SCANDIR}"; fi
  321                 fi
  322             else
  323                 LogText "Result: Directory ${SCANDIR} does NOT exist"
  324             fi
  325         done
  326 
  327         # unset SORTED_BIN_PATHS
  328         BINARY_SCAN_FINISHED=1
  329         BINARY_PATHS_FOUND=$(echo ${BINARY_PATHS_FOUND} | sed 's/^, //g' | sed 's/, /,/g')
  330         LogText "Discovered directories: ${BINARY_PATHS_FOUND}"
  331         LogText "Result: found ${COUNT} binaries including ${NSUID_BINARIES} set-uid and ${NSGID_BINARIES} set-gid"
  332         LogText "Result: set-uid binaries: ${SUID_BINARIES}"
  333         LogText "Result: set-gid binaries: ${SGID_BINARIES}"
  334         Report "binaries_count=${COUNT}"
  335         Report "binaries_suid_count=${SUID_BINARIES}"
  336         Report "binaries_sgid_count=${SGID_BINARIES}"
  337         Report "binary_paths=${BINARY_PATHS_FOUND}"
  338 
  339         # Test if the basic system tools are defined. These will be used during the audit.
  340         [ "${AWKBINARY:-}" ] || ExitFatal "awk binary not found"
  341         [ "${CAT_BINARY:-}" ] || ExitFatal "cat binary not found"
  342         [ "${CUTBINARY:-}" ] || ExitFatal "cut binary not found"
  343         [ "${EGREPBINARY:-}" ] || ExitFatal "egrep binary not found"
  344         [ "${FINDBINARY:-}" ] || ExitFatal "find binary not found"
  345         [ "${GREPBINARY:-}" ] || ExitFatal "grep binary not found"
  346         [ "${HEADBINARY:-}" ] || ExitFatal "head binary not found"
  347         [ "${TAILBINARY:-}" ] || ExitFatal "tail binary not found"
  348         [ "${LSBINARY:-}" ] || ExitFatal "ls binary not found"
  349         [ "${PSBINARY:-}" ] || ExitFatal "ps binary not found"
  350         [ "${SEDBINARY:-}" ] || ExitFatal "sed binary not found"
  351         [ "${SORTBINARY:-}" ] || ExitFatal "sort binary not found"
  352         [ "${TRBINARY:-}" ] || ExitFatal "tr binary not found"
  353         [ "${UNIQBINARY:-}" ] || ExitFatal "uniq binary not found"
  354         [ "${WCBINARY:-}" ] || ExitFatal "wc binary not found"
  355 
  356         # Test a few other tools that we did not specifically define (yet)
  357         #TOOLS="xxd"
  358         #for T in ${TOOLS}; do
  359         #    DATA=$(type ${T})
  360         #    if [ $? -gt 0 ]; then ExitFatal "${T} binary not found"; fi
  361         #done
  362 
  363     else
  364         LogText "Result: checking of binaries skipped in this mode"
  365     fi
  366 
  367 
  368 #
  369 #================================================================================
  370 # Lynis - Security Auditing and System Hardening for Linux and UNIX - https://cisofy.com