diff options
| author | Michael Boelen <michael.boelen@cisofy.com> | 2019-02-26 18:15:15 +0300 |
|---|---|---|
| committer | Michael Boelen <michael.boelen@cisofy.com> | 2019-02-26 18:15:15 +0300 |
| commit | 34a2742cdb14c11f965498621d36df78cdbc3303 (patch) | |
| tree | f7ec8781ffb0600a4812a28190eb3e1ce41ed995 | |
| parent | 672677bae1bd2fa2392d2afcb7e204662516679a (diff) | |
Initial support for end-of-life OS detection
| -rw-r--r-- | db/software-eol.db | 22 | ||||
| -rw-r--r-- | include/osdetection | 21 | ||||
| -rwxr-xr-x | lynis | 6 |
3 files changed, 49 insertions, 0 deletions
diff --git a/db/software-eol.db b/db/software-eol.db new file mode 100644 index 00000000..9bf96c12 --- /dev/null +++ b/db/software-eol.db @@ -0,0 +1,22 @@ +# End-of-life for operating systems and software +# FreeBSD - https://www.freebsd.org/releases/ +os:FreeBSD 9.3:2014-07-01: +os:FreeBSD 10.0:2014-01-01: +os:FreeBSD 10.1:2014-11-01: +os:FreeBSD 10.2:2015-08-01: +os:FreeBSD 10.3:2016-04-01: +os:FreeBSD 10.4:2017-10-01: +os:FreeBSD 11.0:2016-10-01: +os:FreeBSD 11.1:2017-07-01: +# Ubuntu - https://wiki.ubuntu.com/Kernel/LTSEnablementStack +os:Ubuntu 14.04:2019-05-01: +os:Ubuntu 14.10:2015-07-01: +os:Ubuntu 15.04:2016-01-01: +os:Ubuntu 15.10:2016-07-01: +os:Ubuntu 16.04:2021-05-01: +os:Ubuntu 16.10:2017-07-01: +os:Ubuntu 17.04:2018-01-01: +os:Ubuntu 17.10:2018-07-01: +os:Ubuntu 18.04:2023-05-01: +os:Ubuntu 18.10:2019-07-01: +os:Ubuntu 19.04:2020-01-01:
\ No newline at end of file diff --git a/include/osdetection b/include/osdetection index 855dc021..959d3a9e 100644 --- a/include/osdetection +++ b/include/osdetection @@ -509,6 +509,27 @@ QNAP_DEVICE=1 fi + # Check if this OS is end-of-life + EOL=255 + EOL_DATE="" + if [ ! -z "${OS_VERSION}" ]; then + if [ -f "${DBDIR}/software-eol.db" ]; then + FIND="${OS_FULLNAME}" + EOL_DATE=$(awk -v value="${FIND}" -F: '{if ($1=="os" && $2 ~ value){print $3}}' ${DBDIR}/software-eol.db | head -n 1) + if [ ! -z "${EOL_DATE}" ]; then + NOW=$(date "+%s") + FIND=$(date "+%s" --date=${EOL_DATE}) + if [ ! -z "${FIND}" ]; then + if [ ${NOW} -gt ${FIND} ]; then + EOL=1 + else + EOL=0 + fi + fi + fi + fi + fi + #================================================================================ # Lynis - Security Auditing and System Hardening for Linux and UNIX - https://cisofy.com @@ -609,6 +609,12 @@ ${NORMAL} echo " Operating system: ${OS}" echo " Operating system name: ${OS_NAME}" echo " Operating system version: ${OS_VERSION}" + LogText "EOL check: ${EOL}" + if [ ${EOL} -eq 1 ]; then + echo " End-of-life: ${WARNING}YES${NORMAL}" + ReportWarning "GEN-0010" "This version ${OS_VERSION} is marked end-of-life as of ${EOL_DATE}" + fi + if [ ! -z "${OS_MODE}" ]; then echo " Operating system mode: ${OS_MODE}"; fi echo " Kernel version: ${OS_KERNELVERSION}" echo " Hardware platform: ${HARDWARE}" |