Preparations for forensics scan mode

5 files changed, 50 insertions, 41 deletions

diff --git a/include/consts b/include/consts
index 8e98a833..9235b5f4 100644
--- a/include/consts
+++ b/include/consts
@@ -114,6 +114,7 @@ unset LANG
     FIND=""
     FIREWALL_ACTIVE=0
     FOUNDPATH=0
+    FORENSICS=0
     GETENT_BINARY=""
     GRADMBINARY=""
     GREPBINARY="grep"
diff --git a/include/helper_show b/include/helper_show
index 260518d6..594be15b 100644
--- a/include/helper_show
+++ b/include/helper_show
@@ -30,7 +30,7 @@
 
 COMMANDS="audit configure generate show update upload-only"
 HELPERS="audit configure show update"
-OPTIONS="--auditor\n--cronjob (--cron)\n--debug\n--developer\n--help (-h)\n--license-key\n--log-file\n--manpage (--man)\n--no-colors\n--no-log\n--pentest\n--profile\n--plugin-dir\n--quick (-Q)\n--quiet (-q)\n--report-file\n--reverse-colors\n--skip-plugins\n--tests\n--tests-from-category\n--tests-from-group\n--usecwd\n--upload\n--verbose\n--version (-V)\n--wait\n--warnings-only"
+OPTIONS="--auditor\n--cronjob (--cron)\n--debug\n--developer\n--forensics\n--help (-h)\n--log-file\n--manpage (--man)\n--no-colors\n--no-log\n--pentest\n--profile\n--plugin-dir\n--quick (-Q)\n--quiet (-q)\n--report-file\n--reverse-colors\n--skip-plugins\n--tests\n--tests-from-category\n--tests-from-group\n--usecwd\n--upload\n--verbose\n--version (-V)\n--wait\n--warnings-only"
 
 SHOW_ARGS="categories changelog commands dbdir details environment eol groups help hostids includedir language license logfile man options os pidfile plugindir profiles release releasedate report settings tests version workdir"
 SHOW_HELP="lynis show ${BROWN}categories${NORMAL}              (display test categories)
diff --git a/include/parameters b/include/parameters
index 49c0f495..483f2193 100644
--- a/include/parameters
+++ b/include/parameters
@@ -247,29 +247,9 @@
                 DEVELOPER_MODE=1
             ;;
 
-            # Display all available options with short alias
-            --dump-options | --dumpoptions)
-                OPTIONS="--auditor
-                         --check-all_(-c) --cronjob_(--cron)
-                         --debug
-                         --help_(-h)
-                         --info
-                         --license-key --log-file
-                         --manpage_(--man)
-                         --no-colors --no-log
-                         --pentest --profile --plugins-dir
-                         --quiet_(-q) --quick_(-Q)
-                         --report-file --reverse-colors
-                         --tests
-                         --upload
-                         --version_(-V)"
-                for ITEM in ${OPTIONS}; do
-                    echo "${ITEM}" | tr '_' ' '
-                done
-                echo "This option is deprecated"
-                echo "Use: lynis show options"
-
-                ExitClean
+            # Enable forensics mode (gather information from a mounted directory)
+            --forensics)
+                FORENSICS=1
             ;;
 
             # View help
@@ -277,19 +257,6 @@
                 VIEWHELP=1
             ;;
 
-            # View program/database information
-            --check-update | --check-updates | --info)
-                echo "This option is deprecated"
-                echo "Use: lynis update info"
-                ExitClean
-            ;;
-
-            # License key for Lynis Enterprise
-            --license-key)
-                shift
-                LICENSE_KEY=$1
-            ;;
-
             # Adjust default logfile location
             --logfile | --log-file)
                 shift
@@ -455,6 +422,30 @@
                 exit 1
             ;;
 
+            # Soon to be deprecated options
+
+            # View program/database information
+            --check-update | --check-updates | --info)
+                echo "This option is deprecated"
+                echo "Use: lynis update info"
+                ExitFatal
+            ;;
+
+            # Display all available options with short alias
+            --dump-options | --dumpoptions)
+                echo "This option is deprecated"
+                echo "Use: lynis show options"
+                ExitFatal
+            ;;
+
+            # License key for Lynis Enterprise
+            --license-key)
+                echo "This option is deprecated"
+                echo "Define a license key in /etc/lynis/custom.prf"
+                ExitFatal
+            ;;
+
+
             # Drop out when using wrong option(s)
             *)
                 # Wrong option used, we bail out later
diff --git a/include/report b/include/report
index c340da53..1ec93ffa 100644
--- a/include/report
+++ b/include/report
@@ -215,6 +215,20 @@
             echo "  - Malware scanner        [${MALWARE}${NORMAL}]"
 
             echo ""
+            echo "  ${SECTION}Scan mode${NORMAL}:"
+            if [ ${FORENSICS} -eq 1 ]; then
+                echo "  Normal [ ]  Forensics [V]  Pentest [ ]"
+            elif [ ${PENTESTINGMODE} -eq 1 ]; then
+                if [ ${PRIVILEGED} -eq 0 ]; then
+                    echo "  Normal [ ]  Forensics [ ]  Pentest [V] (running non-privileged)"
+                else
+                    echo "  Normal [ ]  Forensics [ ]  Pentest [V] (running privileged)"
+                fi
+            else
+                echo "  Normal [V]  Forensics [ ]  Pentest [ ]"
+            fi
+            echo ""
+
             echo "  ${SECTION}Lynis modules${NORMAL}:"
             if [ ${COMPLIANCE_TESTS_PERFORMED} -eq 1 ]; then
                 if [ ${COMPLIANCE_FINDINGS_FOUND} -eq 0 ]; then COMPLIANCE="${GREEN}V"; else COMPLIANCE="${RED}X"; fi
diff --git a/lynis b/lynis
index 61a15923..335e65d4 100755
--- a/lynis
+++ b/lynis
@@ -429,10 +429,9 @@ ${YELLOW}Note: ${WHITE}Cancelling the program can leave temporary files behind${
 
   ${WHITE}Options:${NORMAL}
 
-    ${GRAY}--no-log${NORMAL}                          : Don't create a log file
-    ${GRAY}--pentest${NORMAL}                         : Non-privileged scan (useful for pentest)
-    ${GRAY}--profile ${BROWN}<profile>${NORMAL}               : Scan the system with the given profile file
-    ${GRAY}--quick (-Q)${NORMAL}                      : Quick mode, don't wait for user input
+    ${WHITE}Alternative system audit modes${NORMAL}
+    ${GRAY}--forensics${NORMAL}                       : Perform forensics on a running or mounted system
+    ${GRAY}--pentest${NORMAL}                         : Non-privileged, show points of interest for pentesting
 
     ${WHITE}Layout options${NORMAL}
     ${GRAY}--no-colors${NORMAL}                       : Don't use colors in output
@@ -441,9 +440,12 @@ ${YELLOW}Note: ${WHITE}Cancelling the program can leave temporary files behind${
 
     ${WHITE}Misc options${NORMAL}
     ${GRAY}--debug${NORMAL}                           : Debug logging to screen
+    ${GRAY}--no-log${NORMAL}                          : Don't create a log file
+    ${GRAY}--profile ${BROWN}<profile>${NORMAL}               : Scan the system with the given profile file
     ${GRAY}--view-manpage (--man)${NORMAL}            : View man page
     ${GRAY}--verbose${NORMAL}                         : Show more details on screen
     ${GRAY}--version (-V)${NORMAL}                    : Display version number and quit
+    ${GRAY}--wait${NORMAL}                            : Wait between a set of tests
 
     ${WHITE}Enterprise options${NORMAL}
     ${GRAY}--plugindir ${BROWN}<path>${NORMAL}                : Define path of available plugins
@@ -451,6 +453,7 @@ ${YELLOW}Note: ${WHITE}Cancelling the program can leave temporary files behind${
 
     More options available. Run '$0 show options', or use the man page.
 
+
 "
 
         if [ ${WRONGOPTION} -eq 1 ]; then