Welcome to mirror list, hosted at ThFree Co, Russian Federation.

github.com/CISOfy/lynis.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMichael Boelen <michael.boelen@cisofy.com>2016-10-15 17:38:33 +0300
committerMichael Boelen <michael.boelen@cisofy.com>2016-10-15 17:38:33 +0300
commit22d27434c9729c9cfe0d9c952ceb5a6e6775499a (patch)
tree0f02f86b34fda8c8ae6c82d50bd4342b10511b41
parentf1c3c23cae183d11ca825ac5cf5b2f3c6a7aded6 (diff)
Enhance pkg support on FreeBSD
Diffstat
-rw-r--r--include/binaries4
-rw-r--r--include/tests_ports_packages48
2 files changed, 29 insertions, 23 deletions
diff --git a/include/binaries b/include/binaries
index 0f8a13dc..4323d73a 100644
--- a/include/binaries
+++ b/include/binaries
@@ -184,6 +184,10 @@
pacman) PACMANFOUND=1; PACMANBINARY="${BINARY}"; LogText " Found known binary: pacman (package manager) - ${BINARY}" ;;
perl) PERLFOUND=1; PERLBINARY="${BINARY}"; PERLVERSION=`${BINARY} -V:version | sed 's/^version=//' | sed 's/;//' | xargs`; LogText "Found ${BINARY} (version ${PERLVERSION})" ;;
php) PHPFOUND=1; PHPBINARY="${BINARY}"; PHPVERSION=`${BINARY} -v | awk '{ if ($1=="PHP") { print $2 }}' | head -1`; LogText "Found known binary: php (programming language intrepreter) - ${BINARY} (version ${PHPVERSION})" ;;
+ pkg)
+ PKG_BINARY="${BINARY}"
+ LogText " Found known binary: pkg (software package administration) - ${BINARY}"
+ ;;
pkg_admin) PKGADMINBINARY="${BINARY}"; LogText " Found known binary: pkg_admin (software package administration) - ${BINARY}" ;;
postconf) POSTCONFFOUND=1; POSTCONFBINARY="${BINARY}"; LogText " Found known binary: postconf (postfix configuration) - ${BINARY}" ;;
postfix) POSTFIXFOUND=1; POSTFIXBINARY="${BINARY}"; LogText " Found known binary: postfix (postfix binary) - ${BINARY}" ;;
diff --git a/include/tests_ports_packages b/include/tests_ports_packages
index 0f5a3e0b..8e094163 100644
--- a/include/tests_ports_packages
+++ b/include/tests_ports_packages
@@ -652,37 +652,39 @@
# Description : Check for vulnerable FreeBSD packages (with pkg)
# Notes : Related vulnerability file is /var/db/pkg/vuln.xml
# TODO : Run this in any jail
- if [ -x ${ROOTDIR}usr/sbin/pkg ]; then PREQS_MET="YES"; SKIPREASON=""; else PREQS_MET="NO"; SKIPREASON="pkg tool not available"; fi
+ if [ ! -z "${PKG_BINARY}" ]; then PREQS_MET="YES"; SKIPREASON=""; else PREQS_MET="NO"; SKIPREASON="pkg tool not available"; fi
Register --test-no PKGS-7381 --preqs-met ${PREQS_MET} --skip-reason "${SKIPREASON}" --weight L --network NO --category security --description "Check for vulnerable FreeBSD packages with pkg"
if [ ${SKIPTEST} -eq 0 ]; then
COUNT=0
PACKAGE_AUDIT_TOOL_FOUND=1
PACKAGE_AUDIT_TOOL="pkg audit"
- FIND=$(/usr/sbin/pkg audit > /dev/null 2>&1)
- if [ $? -eq 0 ]; then
- LogText "Result: pkg audit results are clean"
- Display --indent 2 --text "- Checking pkg audit to obtain vulnerable packages" --result "${STATUS_NONE}" --color GREEN
- AddHP 10 10
- elif [ $? -eq 1 ]; then
- if [ ! -z "${FIND}" ]; then
- VULNERABLE_PACKAGES_FOUND=1
- Display --indent 2 --text "- Checking pkg audit to obtain vulnerable packages" --result "${STATUS_FOUND}" --color YELLOW
- for ITEM in ${FIND}; do
- COUNT=$((COUNT + 1))
- Report "vulnerable_package[]=${ITEM}"
- LogText "Vulnerable package: ${ITEM}"
- AddHP 1 2
- done
- ReportWarning ${TEST_NO} "Found vulnerable packages" "pkg" "text:${COUNT} vulnerable packages"
+ if [ -f ${ROOTDIR}var/db/pkg/vuln.xml ]; then
+ FIND=$(${PKG_BINARY} audit 2> /dev/null)
+ if [ $? -eq 0 ]; then
+ LogText "Result: pkg audit results are clean"
+ Display --indent 2 --text "- Checking pkg audit to obtain vulnerable packages" --result "${STATUS_NONE}" --color GREEN
+ AddHP 10 10
+ elif [ $? -eq 1 ]; then
+ if [ ! -z "${FIND}" ]; then
+ VULNERABLE_PACKAGES_FOUND=1
+ Display --indent 2 --text "- Checking pkg audit to obtain vulnerable packages" --result "${STATUS_FOUND}" --color YELLOW
+ for ITEM in ${FIND}; do
+ COUNT=$((COUNT + 1))
+ Report "vulnerable_package[]=${ITEM}"
+ LogText "Vulnerable package: ${ITEM}"
+ AddHP 1 2
+ done
+ ReportWarning ${TEST_NO} "Found vulnerable packages" "pkg" "text:${COUNT} vulnerable packages"
+ else
+ LogText "Result: found an exit code greater than zero, yet no output"
+ fi
else
- LogText "Result: found an exit code greater than zero, yet no output"
+ LogText "Result: exited with code $?"
+ ReportException "${TEST_NO}" "Found an unknown exit code for pkg audit. Please create an issue at ${PROJECT_SOURCE}"
fi
- elif [ $? -eq 65 ]; then
- LogText "Result: exited with code 65, meaning there is no vulnerability database"
- ReportWarning "${TEST_NO}" "No vulnerability database available" "pkg audit" "text:Run pkg audit -f"
else
- LogText "Result: exited with code $?"
- ReportException "${TEST_NO}" "Found an unknown exit code for pkg audit. Please create an issue at ${PROJECT_SOURCE}"
+ LogText "Result: could not find vulnerability database"
+ ReportWarning "${TEST_NO}" "No vulnerability database available" "pkg audit" "text:Run pkg audit -f"
fi
fi
#
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-23 10:19:00 +0300