Welcome to mirror list, hosted at ThFree Co, Russian Federation.

github.com/CISOfy/lynis.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authormslifcak <slifcan@gmail.com>2018-01-17 17:56:19 +0300
committerMichael Boelen <michael.boelen@cisofy.com>2018-01-17 17:56:19 +0300
commit173843bdfd009f856aca8c37b1c06d3ff5bea5e6 (patch)
tree1cae61d1f9dc0caf8c3db496e5bfcb95093a44a0
parentbc571054c4de724811e6aa47347a028f323c1a39 (diff)
Pin svc mgr (#506)
* systemctl does not mean systemd is used * Check for systemd active * determine service manager if not already set
Diffstat
-rw-r--r--include/binaries2
-rw-r--r--include/tests_boot_services46
-rwxr-xr-xlynis14
3 files changed, 29 insertions, 33 deletions
diff --git a/include/binaries b/include/binaries
index 2d45c3fe..32743447 100644
--- a/include/binaries
+++ b/include/binaries
@@ -213,7 +213,7 @@
ssh-keyscan) SSHKEYSCANBINARY="${BINARY}"; LogText " Found known binary: ssh-keyscan (scanner for SSH keys) - ${BINARY}" ;;
sysctl) SYSCTLBINARY="${BINARY}"; LogText " Found known binary: sysctl (kernel parameters) - ${BINARY}" ;;
syslog-ng) SYSLOGNGBINARY="${BINARY}"; SYSLOGNGVERSION=$(${BINARY} -V 2>&1 | grep "^syslog-ng" | awk '{ print $2 }'); LogText "Found ${BINARY} (version ${SYSLOGNGVERSION})" ;;
- systemctl) SYSTEMCTLBINARY="${BINARY}"; SERVICE_MANAGER="systemd"; HAS_SYSTEMD=1; LogText " Found known binary: systemctl (client to systemd) - ${BINARY}" ;;
+ systemctl) SYSTEMCTLBINARY="${BINARY}"; SERVICE_MANAGER="systemd"; LogText " Found known binary: systemctl (client to systemd) - ${BINARY}" ;;
timedatectl) TIMEDATECTL="${BINARY}"; LogText " Found known binary: timedatectl (timedate client) - ${BINARY}" ;;
tr) TRBINARY="${BINARY}"; LogText " Found known binary: tr (text transformation) - ${BINARY}" ;;
tripwire) TRIPWIREBINARY="${BINARY}"; LogText " Found known binary: tripwire (file integrity) - ${BINARY}" ;;
diff --git a/include/tests_boot_services b/include/tests_boot_services
index 0a2619cb..fbbfd382 100644
--- a/include/tests_boot_services
+++ b/include/tests_boot_services
@@ -30,7 +30,9 @@
BOOT_LOADER_FOUND=0
BOOT_LOADER_SEARCHED=0
GRUB_VERSION=0
- SERVICE_MANAGER="unknown"
+ if [ -z "${SERVICE_MANAGER}" ]; then
+ SERVICE_MANAGER="unknown"
+ fi
#
#################################################################################
#
@@ -85,27 +87,29 @@
if [ ! -z "${FILENAME}" ]; then
SHORTNAME=$(echo ${FILENAME} | ${AWKBINARY} -F/ '{ print $NF }')
LogText "Found: ${SHORTNAME}"
- case ${SHORTNAME} in
- "init" | "initsplash")
- SERVICE_MANAGER="SysV Init"
- ;;
- systemd)
- SERVICE_MANAGER="systemd"
- ;;
- upstart)
- SERVICE_MANAGER="upstart"
- ;;
- *)
- CONTAINS_SYSTEMD=$(echo ${SHORTNAME} | ${GREPBINARY} "systemd")
-
- if [ ! -z "${CONTAINS_SYSTEMD}" ]; then
+ if [ "${SERVICE_MANAGER}" = "unknown" ]; then
+ case ${SHORTNAME} in
+ "init" | "initsplash")
+ SERVICE_MANAGER="SysV Init"
+ ;;
+ systemd)
SERVICE_MANAGER="systemd"
- else
- LogText "Found ${SHORTNAME}. Unclear what service manager this is"
- ReportException "${TEST_NO}:001" "Unknown service manager"
- fi
- ;;
- esac
+ ;;
+ upstart)
+ SERVICE_MANAGER="upstart"
+ ;;
+ *)
+ CONTAINS_SYSTEMD=$(echo ${SHORTNAME} | ${GREPBINARY} "systemd")
+
+ if [ ! -z "${CONTAINS_SYSTEMD}" ]; then
+ SERVICE_MANAGER="systemd"
+ else
+ LogText "Found ${SHORTNAME}. Unclear what service manager this is"
+ ReportException "${TEST_NO}:001" "Unknown service manager"
+ fi
+ ;;
+ esac
+ fi
else
LogText "Result: /proc/1/cmdline seems to be empty"
ReportException "${TEST_NO}:002" "No data found in /proc/1/cmdline"
diff --git a/lynis b/lynis
index 77ae1f3a..7d1a19fd 100755
--- a/lynis
+++ b/lynis
@@ -788,22 +788,14 @@ ${NORMAL}
#
#################################################################################
#
- # Check for systemd presence (already tested via binaries: systemctl)
- if [ ${HAS_SYSTEMD} -eq 0 ]; then
- FOUND=0
- # Backup option to do additional testing for systemd
- LIST="${ROOTDIR}lib/systemd/system"; for ITEM in ${LIST}; do if [ -d ${ITEM} ]; then FOUND=1; break; fi; done
- LIST="${ROOTDIR}usr/lib/systemd/systemd"
- if [ ${FOUND} -eq 0 ]; then for ITEM in ${LIST}; do if [ -f ${ITEM} ]; then FOUND=1; break; fi; done; fi
- else
- FOUND=1
- fi
- if [ ${FOUND} -eq 1 ]; then
+ # Check for systemd active
+ if [ -d /run/systemd/system ]; then
LogText "Result: system is using systemd"
HAS_SYSTEMD=1
Report "systemd=1"
else
LogText "Result: systemd not found"
+ HAS_SYSTEMD=0
Report "systemd=0"
fi
#
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-23 07:31:00 +0300