diff options
| author | mboelen <michael@cisofy.com> | 2014-09-08 16:17:53 +0400 |
|---|---|---|
| committer | mboelen <michael@cisofy.com> | 2014-09-08 16:17:53 +0400 |
| commit | c5b9e186e2461e4aabff7977e1eb424be5c0c857 (patch) | |
| tree | 55653f3bb748cdec91a9ebe521680affd6f36364 | |
| parent | fe0801802966493f4f0c8f7098fff566b10bd7b0 (diff) | |
Change permissions check to enable a non-privileged scan
| -rwxr-xr-x | lynis | 60 |
1 files changed, 33 insertions, 27 deletions
@@ -5,8 +5,8 @@ # Lynis # ------------------ # -# Copyright 2007-2014, Michael Boelen (michael@rootkit.nl), The Netherlands -# Web site: http://www.rootkit.nl +# Copyright 2007-2014, Michael Boelen (michael.boelen@cisofy.com), The Netherlands +# Web site: http://www.cisofy.com # # Lynis comes with ABSOLUTELY NO WARRANTY. This is free software, and you are # welcome to redistribute it under the terms of the GNU General Public License. @@ -20,10 +20,10 @@ # # Program information PROGRAM_name="Lynis" - PROGRAM_version="1.6.0" - PROGRAM_releasedate="27 August 2014" + PROGRAM_version="1.6.1" + PROGRAM_releasedate="8 September 2014" PROGRAM_author="Michael Boelen" - PROGRAM_author_contact="michael@cisofy.com" + PROGRAM_author_contact="michael.boelen@cisofy.com" PROGRAM_website="http://cisofy.com" PROGRAM_copyright="Copyright 2007-2014 - ${PROGRAM_author}, ${PROGRAM_website}" PROGRAM_license="${PROGRAM_name} comes with ABSOLUTELY NO WARRANTY. This is free software, and you are @@ -32,7 +32,7 @@ PROGRAM_extrainfo="Enterprise support and plugins available via CISOfy - http://cisofy.com" # Release version (beta or final) - PROGRAM_releasetype="final" + PROGRAM_releasetype="beta" # Version number of report files (when format changes in future) REPORT_version_major="1"; REPORT_version_minor="0" REPORT_version="${REPORT_version_major}.${REPORT_version_minor}" @@ -71,13 +71,6 @@ else MYID=`id -u` fi - if [ ! ${MYID} -eq 0 ]; then - echo ""; echo ""; echo "Fatal error: Lynis can not be executed with this user ID." - echo "" - echo " * You have to be root (or equivalent) to perform an audit. Please su(do) and try again." - echo ""; echo "" - exit 1 - fi # ################################################################################# # @@ -104,12 +97,12 @@ if [ ! "${PERMS2}" = "r--------" -a ! "${PERMS2}" = "rw-------" ]; then ISSUE=1; echo "[!] Change file permissions of ${INCLUDEDIR}/functions to 600." fi - # Check if owner of both files is root user - if [ ! "${OWNER}" = "root" -a ! "${OWNERID}" = "0" ]; then + # Check if owner of both files is root user, or the same user which is running Lynis (for pentester mode) + if [ ! "${OWNER}" = "root" -a ! "${OWNERID}" = "0" -a ! "${MYID}" = "${OWNER2ID}" ]; then ISSUE=1; echo "[!] Change ownership of ${INCLUDEDIR}/consts to 'root' or similar (found: ${OWNER} with UID ${OWNERID})." fi - # Check if owner of both files is root user - if [ ! "${OWNER2}" = "root" -a ! "${OWNER2ID}" = "0" ]; then + # Check if owner of both files is root user, or the same user which is running Lynis (for pentester mode) + if [ ! "${OWNER2}" = "root" -a ! "${OWNER2ID}" = "0" -a ! "${MYID}" = "${OWNER2ID}" ]; then ISSUE=1; echo "[!] Change ownership of ${INCLUDEDIR}/functions to 'root' or similar (found: ${OWNER2} with UID ${OWNER2ID})." fi @@ -142,6 +135,29 @@ # Drop out on unintialised variables / fatal errors #set -u # +# +################################################################################# +# +# Parameter checks +# +################################################################################# +# + SafePerms ${INCLUDEDIR}/parameters + . ${INCLUDEDIR}/parameters + + # Now determine if we are root (UID 0), unless using pentesting mode + if [ ! ${MYID} -eq 0 -a ${PENTESTINGMODE} -eq 0 ]; then + echo ""; echo ""; echo "Fatal error: Lynis can not be executed with this user ID." + echo "" + echo " * You have to be root (or equivalent) to perform an audit." + echo "" + echo " How to solve:" + echo " - Option 1: su(do) and try again as root user" + echo " - Option 2: run Lynis in pentest mode (not preferred for normal audits)" + echo ""; echo "" + exit 1 + fi +# ################################################################################# # # Plugins @@ -169,16 +185,6 @@ # ################################################################################# # -# Parameter checks -# -################################################################################# -# - SafePerms ${INCLUDEDIR}/parameters - . ${INCLUDEDIR}/parameters - -# -################################################################################# -# # Program information # ################################################################################# |