Initial import

1 files changed, 223 insertions, 0 deletions

diff --git a/include/report b/include/report
new file mode 100644
index 00000000..318ed027
--- /dev/null
+++ b/include/report
@@ -0,0 +1,223 @@
+#!/bin/sh
+
+#################################################################################
+#
+#   Lynis
+# ------------------
+#
+# Copyright 2007-2014, Michael Boelen (michael@rootkit.nl), The Netherlands
+# Web site: http://www.rootkit.nl
+#
+# Lynis comes with ABSOLUTELY NO WARRANTY. This is free software, and you are
+# welcome to redistribute it under the terms of the GNU General Public License.
+# See LICENSE file for usage of this software.
+#
+#################################################################################
+#
+# Report
+#
+#################################################################################
+#
+    logtextbreak
+    #if [ ${QUIET} -eq 0 ]; then
+#        echo ""
+#        echo "  ---------------------------------------------------"
+#        echo "  Program version:           ${PROGRAM_version}"
+#        echo "  Operating system:          ${OS_NAME}"
+#        echo "  Operating system version:  ${OS_VERSION}" 
+#        if [ ! "${OS_MODE}" = "" ]; then echo "  Operating system mode:     ${OS_MODE}"; fi
+#        echo "  Kernel version:            ${OS_KERNELVERSION}"
+#        echo "  Hardware platform:         ${HARDWARE}"
+#        echo "  Hostname:                  ${HOSTNAME}"
+#        echo "  Auditor:                   ${AUDITORNAME}"
+#        echo "  Profile:                   ${PROFILE}"
+#        echo "  Log file:                  ${LOGFILE}"
+#        echo "  Report file:               ${REPORTFILE}"
+#        echo "  Report version:            ${REPORT_version}"
+#        echo "  ---------------------------------------------------"
+#    fi
+
+#
+#################################################################################
+#
+# Hardening Index
+# Define approximately how strong a machine has been hardened
+#
+#################################################################################
+#
+        # If no hardening has been found, set value to 1
+        if [ ${HPPOINTS} -eq 0 ]; then HPPOINTS=1; HPTOTAL=100; fi
+        HPINDEX=`expr $HPPOINTS \* 100 / $HPTOTAL`
+        HPAOBLOCKS=`expr $HPPOINTS \* 20 / $HPTOTAL`
+        # Set color related to rating
+        if [ ${HPINDEX} -lt 50 ]; then
+            HPCOLOR="${RED}"
+            HIDESCRIPTION="System has not or a low amount been hardened"
+        fi
+        if [ ${HPINDEX} -gt 49 -a ${HPINDEX} -lt 80 ]; then
+            HPCOLOR="${YELLOW}"
+            HIDESCRIPTION="System has been hardened, but could use additional hardening"
+        fi
+        if [ ${HPINDEX} -gt 79 -a ${HPINDEX} -lt 90 ]; then
+            HPCOLOR="${GREEN}"
+            HIDESCRIPTION="System seem to be decent hardened"
+        fi
+        if [ ${HPINDEX} -gt 89 ]; then
+            HPCOLOR="${GREEN}"
+            HIDESCRIPTION="System seem to be well hardened"
+        fi
+
+        case ${HPAOBLOCKS} in
+            0)  HPBLOCKS="#"; HPEMPTY="                   " ;;
+            1)  HPBLOCKS="#"; HPEMPTY="                   " ;;
+            2)  HPBLOCKS="##"; HPEMPTY="                  " ;;
+            3)  HPBLOCKS="###"; HPEMPTY="                 " ;;
+            4)  HPBLOCKS="####"; HPEMPTY="                " ;;
+            5)  HPBLOCKS="#####"; HPEMPTY="               " ;;
+            6)  HPBLOCKS="######"; HPEMPTY="              " ;;
+            7)  HPBLOCKS="#######"; HPEMPTY="             " ;;
+            8)  HPBLOCKS="########"; HPEMPTY="            " ;;
+            9)  HPBLOCKS="#########"; HPEMPTY="           " ;;
+            10) HPBLOCKS="##########"; HPEMPTY="          " ;;
+            11) HPBLOCKS="###########"; HPEMPTY="         " ;;
+            12) HPBLOCKS="############"; HPEMPTY="        " ;;
+            13) HPBLOCKS="#############"; HPEMPTY="       " ;;
+            14) HPBLOCKS="##############"; HPEMPTY="      " ;;
+            15) HPBLOCKS="###############"; HPEMPTY="     " ;;
+            16) HPBLOCKS="################"; HPEMPTY="    " ;;
+            17) HPBLOCKS="#################"; HPEMPTY="   " ;;
+            18) HPBLOCKS="##################"; HPEMPTY="  " ;;
+            19) HPBLOCKS="###################"; HPEMPTY=" " ;;
+            20) HPBLOCKS="####################"; HPEMPTY="" ;;
+        esac
+
+        HPGRAPH="[${HPCOLOR}${HPBLOCKS}${NORMAL}${HPEMPTY}]"
+        logtext "Hardening index : [${HPINDEX}] [${HPBLOCKS}${HPEMPTY}]"
+        logtext "Hardening strength: ${HIDESCRIPTION}"
+        report "hardening_index=${HPINDEX}"
+
+#
+#################################################################################
+#
+# Show test results overview
+#
+#################################################################################
+#
+    # Only show overview if not running in quiet mode
+    if [ ${QUIET} -eq 0 ]; then
+        echo ""; echo "================================================================================"
+        echo ""; echo "  -[ ${WHITE}${PROGRAM_name} ${PROGRAM_version} Results${NORMAL} ]-"
+        echo "";
+
+        # Show warnings from logfile
+        SWARNINGS=`cat ${LOGFILE} | grep -i 'warning:' | sed 's/ /!space!/g'`
+
+
+        if [ "${SWARNINGS}" = "" ]; then
+            echo "  ${OK}No warnings${NORMAL}"; echo ""
+          else
+            echo "  ${WARNING}Warnings${NORMAL}:"
+            echo "  ${WHITE}----------------------------${NORMAL}"
+            for WARNING in ${SWARNINGS}; do
+                SHOWWARNING=`echo ${WARNING} | sed 's/!space!/ /g' | sed 's/^\[\(.*\)\] Warning: //'`
+                ADDLINK=`echo ${WARNING} | sed 's/!space!/ /g' | sed 's/^\[\(.*\)\] Warning: \(.*\)\[//' | sed 's/\]//'`
+                echo "  ${WHITE}- ${SHOWWARNING}${NORMAL}"
+                echo "      http://cisofy.com/controls/${ADDLINK}/"
+                echo ""
+            done
+        fi
+
+        # Show suggestions from logfile
+        SSUGGESTIONS=`grep -i 'suggestion:' ${LOGFILE} | sed 's/ /!space!/g'`
+
+        if [ "${SSUGGESTIONS}" = "" ]; then
+            echo "  ${OK}No suggestions${NORMAL}"; echo ""
+          else
+            echo "  ${YELLOW}Suggestions${NORMAL}:"
+            echo "  ${WHITE}----------------------------${NORMAL}"
+            for SUGGESTION in ${SSUGGESTIONS}; do
+                SHOWSUGGESTION=`echo ${SUGGESTION} | sed 's/!space!/ /g' | sed 's/^\[\(.*\)\] Suggestion: //'`
+                ADDLINK=`echo ${SUGGESTION} | sed 's/!space!/ /g' | sed 's/^\[\(.*\)\] Suggestion: \(.*\)\[//' | sed 's/\]//'`
+                echo "  - ${SHOWSUGGESTION}"
+                echo "      http://cisofy.com/controls/${ADDLINK}/"
+            done
+            echo ""
+        fi
+
+        if [ ! "${SWARNINGS}" = "" -o ! "${SSUGGESTIONS}" = "" ]; then
+            echo "  ${CYAN}Follow-up${NORMAL}:"
+            echo "  ${WHITE}----------------------------${NORMAL}"
+            echo "  ${WHITE}-${NORMAL} Check the logfile (less $LOGFILE)"
+            echo "  ${WHITE}-${NORMAL} Read security controls texts (http://cisofy.com)"
+            echo "  ${WHITE}-${NORMAL} Use --upload to upload data (Lynis Enterprise users)"
+            echo ""
+        fi
+        echo "================================================================================"
+        echo "  ${WHITE}Lynis Scanner (details)${NORMAL}:"
+        echo ""
+        echo "  ${CYAN}Hardening index${NORMAL} : ${WHITE}${HPINDEX}${NORMAL} ${HPGRAPH}"
+        echo "  ${CYAN}Tests performed${NORMAL} : ${WHITE}${CTESTS_PERFORMED}${NORMAL}"
+        echo "  ${CYAN}Plugins enabled${NORMAL} : ${WHITE}${N_PLUGIN_ENABLED}${NORMAL}"
+        echo ""
+        echo "  ${SECTION}Lynis Modules${NORMAL}:"
+        # Heuristics will be implemented later
+        echo "  - Heuristics Check [${WHITE}NA${NORMAL}] - Security Audit [${GREEN}V${NORMAL}] - Vulnerability Scan [${GREEN}V${NORMAL}]"
+        echo ""
+        echo "  ${SECTION}Compliance Checks${NORMAL}:"
+        # Compliance checks and status will be marked in upcoming releases
+        echo "  - HIPAA [${WHITE}NA${NORMAL}] - PCI [${WHITE}NA${NORMAL}] - SOx [${WHITE}NA${NORMAL}] "
+
+        echo ""
+        echo "  ${SECTION}Files${NORMAL}:"
+        echo "  - Test and debug information      : ${WHITE}${LOGFILE}${NORMAL}"
+        echo "  - Report data                     : ${WHITE}${REPORTFILE}${NORMAL}"
+        echo "================================================================================"
+        if [ ${PROGRAM_LV} -gt ${PROGRAM_AC} ]; then
+            echo "  ${NOTICE}Notice: ${WHITE}${PROGRAM_name} update available${NORMAL}"
+            echo "  Current version : ${WHITE}${PROGRAM_AC}${NORMAL}    Latest version : ${WHITE}${PROGRAM_LV}${NORMAL}"
+            echo "================================================================================"
+          else
+            ###########################################################################################
+            #
+            # Software quality program
+            # Only provide this hint when the tool is at the latest version
+            #
+            ###########################################################################################
+
+            if [ ! "${PROGRAM_LV}" = "0" -a ! "${REPORTFILE}" = "" -a ! "${REPORTFILE}" = "/dev/null" ]; then
+                # Determine if the quality of the program can be increased by filtering out the exceptions
+                FIND=`${GREPBINARY} "^exception" ${REPORTFILE}`
+                if [ ! "${FIND}" = "" ]; then
+                    echo ""
+                    echo "  ${RED}Exceptions found${NORMAL}"
+                    echo "  ${WHITE}Some exceptional events or information was found!${NORMAL}"
+                    echo ""
+                    echo "  ${CYAN}What to do:${NORMAL}"
+                    echo "  You can help improving Lynis by providing your report file."
+                    echo "  Go to http://cisofy.com/contact/ and send your file to the e-mail address listed"
+                    echo ""
+                    echo "================================================================================"
+                fi
+            fi
+        fi
+
+        if [ ${SHOW_TOOL_TIPS} -eq 1 ]; then
+            echo "  Tip: Disable all tests which are not relevant or are too strict for the"
+            echo "       purpose of this particular machine. This will remove unwanted suggestions"
+            echo "       and also boost the hardening index. Each test should be properly analyzed"
+            echo "       to see if the related risks can be accepted, before disabling the test."
+            echo "================================================================================"
+        fi
+
+        echo "  ${PROGRAM_name} ${PROGRAM_version}"
+        echo "  ${PROGRAM_copyright}"
+        echo "  ${WHITE}${PROGRAM_extrainfo}${NORMAL}"
+        echo "================================================================================"
+
+
+        echo ""; echo ""
+    fi
+
+#
+#================================================================================
+# Lynis - Copyright 2007-2014, Michael Boelen - cisofy.com - The Netherlands