diff options
author | mboelen <michael@cisofy.com> | 2014-08-26 19:33:55 +0400 |
---|---|---|
committer | mboelen <michael@cisofy.com> | 2014-08-26 19:33:55 +0400 |
commit | c0ae2e217b7f1fb0171017ce5afb8eb8898470db (patch) | |
tree | 545aa150c35c5fb74d7bb4c2d3b0ae41cfa7b4e5 /include/report |
Initial import
Diffstat (limited to 'include/report')
-rw-r--r-- | include/report | 223 |
1 files changed, 223 insertions, 0 deletions
diff --git a/include/report b/include/report new file mode 100644 index 00000000..318ed027 --- /dev/null +++ b/include/report @@ -0,0 +1,223 @@ +#!/bin/sh + +################################################################################# +# +# Lynis +# ------------------ +# +# Copyright 2007-2014, Michael Boelen (michael@rootkit.nl), The Netherlands +# Web site: http://www.rootkit.nl +# +# Lynis comes with ABSOLUTELY NO WARRANTY. This is free software, and you are +# welcome to redistribute it under the terms of the GNU General Public License. +# See LICENSE file for usage of this software. +# +################################################################################# +# +# Report +# +################################################################################# +# + logtextbreak + #if [ ${QUIET} -eq 0 ]; then +# echo "" +# echo " ---------------------------------------------------" +# echo " Program version: ${PROGRAM_version}" +# echo " Operating system: ${OS_NAME}" +# echo " Operating system version: ${OS_VERSION}" +# if [ ! "${OS_MODE}" = "" ]; then echo " Operating system mode: ${OS_MODE}"; fi +# echo " Kernel version: ${OS_KERNELVERSION}" +# echo " Hardware platform: ${HARDWARE}" +# echo " Hostname: ${HOSTNAME}" +# echo " Auditor: ${AUDITORNAME}" +# echo " Profile: ${PROFILE}" +# echo " Log file: ${LOGFILE}" +# echo " Report file: ${REPORTFILE}" +# echo " Report version: ${REPORT_version}" +# echo " ---------------------------------------------------" +# fi + +# +################################################################################# +# +# Hardening Index +# Define approximately how strong a machine has been hardened +# +################################################################################# +# + # If no hardening has been found, set value to 1 + if [ ${HPPOINTS} -eq 0 ]; then HPPOINTS=1; HPTOTAL=100; fi + HPINDEX=`expr $HPPOINTS \* 100 / $HPTOTAL` + HPAOBLOCKS=`expr $HPPOINTS \* 20 / $HPTOTAL` + # Set color related to rating + if [ ${HPINDEX} -lt 50 ]; then + HPCOLOR="${RED}" + HIDESCRIPTION="System has not or a low amount been hardened" + fi + if [ ${HPINDEX} -gt 49 -a ${HPINDEX} -lt 80 ]; then + HPCOLOR="${YELLOW}" + HIDESCRIPTION="System has been hardened, but could use additional hardening" + fi + if [ ${HPINDEX} -gt 79 -a ${HPINDEX} -lt 90 ]; then + HPCOLOR="${GREEN}" + HIDESCRIPTION="System seem to be decent hardened" + fi + if [ ${HPINDEX} -gt 89 ]; then + HPCOLOR="${GREEN}" + HIDESCRIPTION="System seem to be well hardened" + fi + + case ${HPAOBLOCKS} in + 0) HPBLOCKS="#"; HPEMPTY=" " ;; + 1) HPBLOCKS="#"; HPEMPTY=" " ;; + 2) HPBLOCKS="##"; HPEMPTY=" " ;; + 3) HPBLOCKS="###"; HPEMPTY=" " ;; + 4) HPBLOCKS="####"; HPEMPTY=" " ;; + 5) HPBLOCKS="#####"; HPEMPTY=" " ;; + 6) HPBLOCKS="######"; HPEMPTY=" " ;; + 7) HPBLOCKS="#######"; HPEMPTY=" " ;; + 8) HPBLOCKS="########"; HPEMPTY=" " ;; + 9) HPBLOCKS="#########"; HPEMPTY=" " ;; + 10) HPBLOCKS="##########"; HPEMPTY=" " ;; + 11) HPBLOCKS="###########"; HPEMPTY=" " ;; + 12) HPBLOCKS="############"; HPEMPTY=" " ;; + 13) HPBLOCKS="#############"; HPEMPTY=" " ;; + 14) HPBLOCKS="##############"; HPEMPTY=" " ;; + 15) HPBLOCKS="###############"; HPEMPTY=" " ;; + 16) HPBLOCKS="################"; HPEMPTY=" " ;; + 17) HPBLOCKS="#################"; HPEMPTY=" " ;; + 18) HPBLOCKS="##################"; HPEMPTY=" " ;; + 19) HPBLOCKS="###################"; HPEMPTY=" " ;; + 20) HPBLOCKS="####################"; HPEMPTY="" ;; + esac + + HPGRAPH="[${HPCOLOR}${HPBLOCKS}${NORMAL}${HPEMPTY}]" + logtext "Hardening index : [${HPINDEX}] [${HPBLOCKS}${HPEMPTY}]" + logtext "Hardening strength: ${HIDESCRIPTION}" + report "hardening_index=${HPINDEX}" + +# +################################################################################# +# +# Show test results overview +# +################################################################################# +# + # Only show overview if not running in quiet mode + if [ ${QUIET} -eq 0 ]; then + echo ""; echo "================================================================================" + echo ""; echo " -[ ${WHITE}${PROGRAM_name} ${PROGRAM_version} Results${NORMAL} ]-" + echo ""; + + # Show warnings from logfile + SWARNINGS=`cat ${LOGFILE} | grep -i 'warning:' | sed 's/ /!space!/g'` + + + if [ "${SWARNINGS}" = "" ]; then + echo " ${OK}No warnings${NORMAL}"; echo "" + else + echo " ${WARNING}Warnings${NORMAL}:" + echo " ${WHITE}----------------------------${NORMAL}" + for WARNING in ${SWARNINGS}; do + SHOWWARNING=`echo ${WARNING} | sed 's/!space!/ /g' | sed 's/^\[\(.*\)\] Warning: //'` + ADDLINK=`echo ${WARNING} | sed 's/!space!/ /g' | sed 's/^\[\(.*\)\] Warning: \(.*\)\[//' | sed 's/\]//'` + echo " ${WHITE}- ${SHOWWARNING}${NORMAL}" + echo " http://cisofy.com/controls/${ADDLINK}/" + echo "" + done + fi + + # Show suggestions from logfile + SSUGGESTIONS=`grep -i 'suggestion:' ${LOGFILE} | sed 's/ /!space!/g'` + + if [ "${SSUGGESTIONS}" = "" ]; then + echo " ${OK}No suggestions${NORMAL}"; echo "" + else + echo " ${YELLOW}Suggestions${NORMAL}:" + echo " ${WHITE}----------------------------${NORMAL}" + for SUGGESTION in ${SSUGGESTIONS}; do + SHOWSUGGESTION=`echo ${SUGGESTION} | sed 's/!space!/ /g' | sed 's/^\[\(.*\)\] Suggestion: //'` + ADDLINK=`echo ${SUGGESTION} | sed 's/!space!/ /g' | sed 's/^\[\(.*\)\] Suggestion: \(.*\)\[//' | sed 's/\]//'` + echo " - ${SHOWSUGGESTION}" + echo " http://cisofy.com/controls/${ADDLINK}/" + done + echo "" + fi + + if [ ! "${SWARNINGS}" = "" -o ! "${SSUGGESTIONS}" = "" ]; then + echo " ${CYAN}Follow-up${NORMAL}:" + echo " ${WHITE}----------------------------${NORMAL}" + echo " ${WHITE}-${NORMAL} Check the logfile (less $LOGFILE)" + echo " ${WHITE}-${NORMAL} Read security controls texts (http://cisofy.com)" + echo " ${WHITE}-${NORMAL} Use --upload to upload data (Lynis Enterprise users)" + echo "" + fi + echo "================================================================================" + echo " ${WHITE}Lynis Scanner (details)${NORMAL}:" + echo "" + echo " ${CYAN}Hardening index${NORMAL} : ${WHITE}${HPINDEX}${NORMAL} ${HPGRAPH}" + echo " ${CYAN}Tests performed${NORMAL} : ${WHITE}${CTESTS_PERFORMED}${NORMAL}" + echo " ${CYAN}Plugins enabled${NORMAL} : ${WHITE}${N_PLUGIN_ENABLED}${NORMAL}" + echo "" + echo " ${SECTION}Lynis Modules${NORMAL}:" + # Heuristics will be implemented later + echo " - Heuristics Check [${WHITE}NA${NORMAL}] - Security Audit [${GREEN}V${NORMAL}] - Vulnerability Scan [${GREEN}V${NORMAL}]" + echo "" + echo " ${SECTION}Compliance Checks${NORMAL}:" + # Compliance checks and status will be marked in upcoming releases + echo " - HIPAA [${WHITE}NA${NORMAL}] - PCI [${WHITE}NA${NORMAL}] - SOx [${WHITE}NA${NORMAL}] " + + echo "" + echo " ${SECTION}Files${NORMAL}:" + echo " - Test and debug information : ${WHITE}${LOGFILE}${NORMAL}" + echo " - Report data : ${WHITE}${REPORTFILE}${NORMAL}" + echo "================================================================================" + if [ ${PROGRAM_LV} -gt ${PROGRAM_AC} ]; then + echo " ${NOTICE}Notice: ${WHITE}${PROGRAM_name} update available${NORMAL}" + echo " Current version : ${WHITE}${PROGRAM_AC}${NORMAL} Latest version : ${WHITE}${PROGRAM_LV}${NORMAL}" + echo "================================================================================" + else + ########################################################################################### + # + # Software quality program + # Only provide this hint when the tool is at the latest version + # + ########################################################################################### + + if [ ! "${PROGRAM_LV}" = "0" -a ! "${REPORTFILE}" = "" -a ! "${REPORTFILE}" = "/dev/null" ]; then + # Determine if the quality of the program can be increased by filtering out the exceptions + FIND=`${GREPBINARY} "^exception" ${REPORTFILE}` + if [ ! "${FIND}" = "" ]; then + echo "" + echo " ${RED}Exceptions found${NORMAL}" + echo " ${WHITE}Some exceptional events or information was found!${NORMAL}" + echo "" + echo " ${CYAN}What to do:${NORMAL}" + echo " You can help improving Lynis by providing your report file." + echo " Go to http://cisofy.com/contact/ and send your file to the e-mail address listed" + echo "" + echo "================================================================================" + fi + fi + fi + + if [ ${SHOW_TOOL_TIPS} -eq 1 ]; then + echo " Tip: Disable all tests which are not relevant or are too strict for the" + echo " purpose of this particular machine. This will remove unwanted suggestions" + echo " and also boost the hardening index. Each test should be properly analyzed" + echo " to see if the related risks can be accepted, before disabling the test." + echo "================================================================================" + fi + + echo " ${PROGRAM_name} ${PROGRAM_version}" + echo " ${PROGRAM_copyright}" + echo " ${WHITE}${PROGRAM_extrainfo}${NORMAL}" + echo "================================================================================" + + + echo ""; echo "" + fi + +# +#================================================================================ +# Lynis - Copyright 2007-2014, Michael Boelen - cisofy.com - The Netherlands |