diff options
author | mboelen <michael@cisofy.com> | 2015-03-17 20:06:00 +0300 |
---|---|---|
committer | mboelen <michael@cisofy.com> | 2015-03-17 20:06:00 +0300 |
commit | a12876e472b0a75a95a13d2d1f295ca6fbcc51ee (patch) | |
tree | abcbf4ba65ec367f2edbaaba5bb11c319c207a89 | |
parent | 8201510d6aff379605d85a33a8a72a212586a079 (diff) |
Test for presence of CSF
-rw-r--r-- | include/tests_firewalls | 24 |
1 files changed, 20 insertions, 4 deletions
diff --git a/include/tests_firewalls b/include/tests_firewalls index f88f3b96..227c8642 100644 --- a/include/tests_firewalls +++ b/include/tests_firewalls @@ -236,6 +236,23 @@ # ################################################################################# # + # Test : FIRE-4524 + # Description : Check for CSF (ConfigServer Security & Firewall) + Register --test-no FIRE-4524 --weight L --network NO --description "Check for CSF presence" + if [ ${SKIPTEST} -eq 0 ]; then + logtext "Test: check /etc/csf/csf.conf" + if [ -f /etc/csf/csf.conf ]; then + logtext "Result: /etc/csf.conf exists" + FIREWALL_ACTIVE=1 + FIREWALL_SOFTWARE="csf" + Display --indent 2 --text "- Checking CSF status (configuration file)" --result FOUND --color GREEN + else + logtext "Result: /etc/csf/csf.conf does NOT exist" + fi + fi +# +################################################################################# +# # Test : FIRE-4526 # Description : Check ipf (Solaris) if [ ! "${IPFBINARY}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi @@ -267,10 +284,9 @@ if [ ${FIREWALL_ACTIVE} -eq 1 ]; then Display --indent 2 --text "- Checking host based firewall" --result ACTIVE --color GREEN logtext "Result: host based firewall or packet filter is active" - #YYY add manual item to report report "manual[]=Verify if there is a formal process for testing and applying firewall rules" - report "manual[]=verify all traffic is filtered the right way between the different security zones" - report "manual[]=verify if a list is available with all required services" + report "manual[]=Verify all traffic is filtered the right way between the different security zones" + report "manual[]=Verify if a list is available with all required services" # YYY Solaris ipf (determine default policy) report "manual[]=Make sure an explicit deny all is the default policy for all unmatched traffic" AddHP 5 5 @@ -295,4 +311,4 @@ wait_for_keypress # #================================================================================ -# Lynis - Copyright 2007-2015, Michael Boelen - www.rootkit.nl - The Netherlands +# Lynis - Copyright 2007-2015, Michael Boelen, CISOfy - https://cisofy.com |