diff options
| author | mboelen <michael@cisofy.com> | 2015-12-21 23:17:15 +0300 |
|---|---|---|
| committer | mboelen <michael@cisofy.com> | 2015-12-21 23:17:15 +0300 |
| commit | d16b38eff83a8dca405e21e1c34205289f3d0832 (patch) | |
| tree | d9db1eac3d4ead003f0e1b4fbfbabf0ddeb66c1e /include/tests_accounting | |
| parent | 83a44827e03543146e39c37c33f14ebca6f40a29 (diff) | |
Rename of logtext and report functions, upcoming year change
Diffstat (limited to 'include/tests_accounting')
| -rw-r--r-- | include/tests_accounting | 136 |
1 files changed, 68 insertions, 68 deletions
diff --git a/include/tests_accounting b/include/tests_accounting index 5c3bda3c..cfc1113d 100644 --- a/include/tests_accounting +++ b/include/tests_accounting @@ -5,7 +5,7 @@ # Lynis # ------------------ # -# Copyright 2007-2015, Michael Boelen (michael.boelen@cisofy.com) +# Copyright 2007-2016, Michael Boelen (michael.boelen@cisofy.com) # Web site: https://cisofy.com # # Lynis comes with ABSOLUTELY NO WARRANTY. This is free software, and you are @@ -31,12 +31,12 @@ if [ ${SKIPTEST} -eq 0 ]; then if [ -f /var/account/acct ]; then Display --indent 2 --text "- Checking accounting information" --result OK --color GREEN - logtext "Result: /var/account/acct available" + LogText "Result: /var/account/acct available" AddHP 3 3 else Display --indent 2 --text "- Checking accounting information" --result "NOT FOUND" --color YELLOW - logtext "Result: No accounting information available" - logtext "Remark: Possibly there is another location where the accounting data is stored" + LogText "Result: No accounting information available" + LogText "Remark: Possibly there is another location where the accounting data is stored" ReportSuggestion ${TEST_NO} "Enable process accounting" AddHP 2 3 fi @@ -49,23 +49,23 @@ # Notes : /var/log/pacct (Slackware) Register --test-no ACCT-9622 --os Linux --weight L --network NO --description "Check for available Linux accounting information" if [ ${SKIPTEST} -eq 0 ]; then - logtext "Test: Check accounting information" + LogText "Test: Check accounting information" if [ -f /var/account/pacct ]; then Display --indent 2 --text "- Checking accounting information" --result OK --color GREEN - logtext "Result: /var/account/pacct available" + LogText "Result: /var/account/pacct available" AddHP 3 3 elif [ -f /var/log/account/pacct ]; then Display --indent 2 --text "- Checking accounting information" --result OK --color GREEN - logtext "Result: /var/log/account/pacct available" + LogText "Result: /var/log/account/pacct available" AddHP 3 3 elif [ -f /var/log/pacct ]; then Display --indent 2 --text "- Checking accounting information" --result OK --color GREEN - logtext "Result: /var/log/pacct available" + LogText "Result: /var/log/pacct available" AddHP 3 3 else Display --indent 2 --text "- Checking accounting information" --result "NOT FOUND" --color YELLOW - logtext "Result: No accounting information available (/var/account/pacct, /var/log/account/pact nor /var/log/pact exist)" - logtext "Remark: Possibly there is another location where the accounting data is stored" + LogText "Result: No accounting information available (/var/account/pacct, /var/log/account/pact nor /var/log/pact exist)" + LogText "Remark: Possibly there is another location where the accounting data is stored" ReportSuggestion ${TEST_NO} "Enable process accounting" AddHP 2 3 fi @@ -77,30 +77,30 @@ # Description : Check sysstat accounting data Register --test-no ACCT-9626 --os Linux --weight L --network NO --description "Check for sysstat accounting data" if [ ${SKIPTEST} -eq 0 ]; then - logtext "Test: check /etc/default/sysstat presence" + LogText "Test: check /etc/default/sysstat presence" if [ -f /etc/default/sysstat ]; then - logtext "Result: /etc/default/sysstat found" + LogText "Result: /etc/default/sysstat found" FIND=`grep "^ENABLED" /etc/default/sysstat | grep -i true` if [ ! "${FIND}" = "" ]; then - logtext "Result: sysstat enabled via /etc/default/sysstat" + LogText "Result: sysstat enabled via /etc/default/sysstat" Display --indent 2 --text "- Checking sysstat accounting data" --result ENABLED --color GREEN else - logtext "Result: sysstat disabled via /etc/default/sysstat" + LogText "Result: sysstat disabled via /etc/default/sysstat" Display --indent 2 --text "- Checking sysstat accounting data" --result DISABLED --color WHITE ReportSuggestion ${TEST_NO} "Enable sysstat to collect accounting (disabled)" fi elif [ -f /etc/cron.d/sysstat ]; then FIND=`grep -v '^[[:space:]]*\(#\|$\)' /etc/cron.d/sysstat` if [ ! "${FIND}" = "" ]; then - logtext "Result: sysstat enabled via /etc/cron.d/sysstat" + LogText "Result: sysstat enabled via /etc/cron.d/sysstat" Display --indent 2 --text "- Checking sysstat accounting data" --result ENABLED --color GREEN else - logtext "Result: sysstat disabled via /etc/cron.d/sysstat" + LogText "Result: sysstat disabled via /etc/cron.d/sysstat" Display --indent 2 --text "- Checking sysstat accounting data" --result DISABLED --color WHITE ReportSuggestion ${TEST_NO} "Enable sysstat to collect accounting (cron disabled)" fi else - logtext "Result: sysstat not found via /etc/default/sysstat or /etc/cron.d/sysstat" + LogText "Result: sysstat not found via /etc/default/sysstat or /etc/cron.d/sysstat" Display --indent 2 --text "- Checking sysstat accounting data" --result "NOT FOUND" --color YELLOW ReportSuggestion ${TEST_NO} "Enable sysstat to collect accounting (no results)" fi @@ -113,24 +113,24 @@ if [ ! "${AUDITDBINARY}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi Register --test-no ACCT-9628 --os Linux --weight L --network NO --description "Check for auditd" if [ ${SKIPTEST} -eq 0 ]; then - logtext "Test: Check auditd status" + LogText "Test: Check auditd status" # Should not get kauditd IsRunning auditd if [ ${RUNNING} -eq 1 ]; then - logtext "Result: auditd running" + LogText "Result: auditd running" Display --indent 2 --text "- Checking auditd" --result ENABLED --color GREEN AUDITD_RUNNING=1 - report "audit_daemon_running=1" - report "audit_trail_tool[]=auditd" + Report "audit_daemon_running=1" + Report "audit_trail_tool[]=auditd" AddHP 4 4 else - logtext "Result: auditd not active" + LogText "Result: auditd not active" Display --indent 2 --text "- Checking auditd" --result "NOT FOUND" --color WHITE if [ ! "${VMTYPE}" = "openvz" ]; then ReportSuggestion ${TEST_NO} "Enable auditd to collect audit information" fi AUDITD_RUNNING=0 - report "audit_daemon_running=0" + Report "audit_daemon_running=0" AddHP 0 1 fi fi @@ -142,21 +142,21 @@ if [ ! "${AUDITDBINARY}" = "" -a ! "${AUDITCTLBINARY}" = "" -a ${AUDITD_RUNNING} -eq 1 ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi Register --test-no ACCT-9630 --os Linux --preqs-met ${PREQS_MET} --weight L --network NO --root-only YES --description "Check for auditd rules" if [ ${SKIPTEST} -eq 0 ]; then - logtext "Test: Checking auditd rules" + LogText "Test: Checking auditd rules" FIND=`${AUDITCTLBINARY} -l | grep -v "No rules"` if [ "${FIND}" = "" ]; then - logtext "Result: auditd rules empty" + LogText "Result: auditd rules empty" Display --indent 4 --text "- Checking audit rules" --result SUGGESTION --color YELLOW AddHP 0 2 ReportSuggestion ${TEST_NO} "Audit daemon is enabled with an empty ruleset. Disable the daemon or define rules" else - logtext "Result: found auditd rules" + LogText "Result: found auditd rules" Display --indent 4 --text "- Checking audit rules" --result OK --color GREEN # Log audit daemon rules FIND=`${AUDITCTLBINARY} -l | sed 's/ /!space!/g'` for I in ${FIND}; do I=`echo ${I} | sed 's/!space!/ /g'` - logtext "Output: ${I}" + LogText "Output: ${I}" done fi fi @@ -168,20 +168,20 @@ if [ ! "${AUDITDBINARY}" = "" -a ${AUDITD_RUNNING} -eq 1 ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi Register --test-no ACCT-9632 --os Linux --preqs-met ${PREQS_MET} --weight L --network NO --description "Check for auditd configuration file" if [ ${SKIPTEST} -eq 0 ]; then - logtext "Test: Checking auditd configuration file" + LogText "Test: Checking auditd configuration file" for I in ${AUDITD_CONF_LOCS}; do if [ -f ${I}/auditd.conf ]; then AUDITD_CONF_FILE="${I}/auditd.conf" - logtext "Result: Found ${I}/auditd.conf" + LogText "Result: Found ${I}/auditd.conf" else - logtext "Result: ${I}/auditd.conf not found" + LogText "Result: ${I}/auditd.conf not found" fi done # Check if we discovered the configuration file. It should be there is the binaries are available and process is running if [ ! "${AUDITD_CONF_FILE}" = "" ]; then Display --indent 4 --text "- Checking audit configuration file" --result OK --color GREEN else - logtext "Result: could not find auditd configuration file" + LogText "Result: could not find auditd configuration file" Display --indent 4 --text "- Checking audit configuration file" --result WARNING --color RED ReportSuggestion ${TEST_NO} "Determine the location of auditd configuration file" fi @@ -194,22 +194,22 @@ if [ ! "${AUDITDBINARY}" = "" -a ${AUDITD_RUNNING} -eq 1 -a ! "${AUDITD_CONF_FILE}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi Register --test-no ACCT-9634 --os Linux --preqs-met ${PREQS_MET} --weight L --network NO --description "Check for auditd log file" if [ ${SKIPTEST} -eq 0 ]; then - logtext "Test: Checking auditd log file" + LogText "Test: Checking auditd log file" FIND=`grep "^log_file" ${AUDITD_CONF_FILE} | ${AWKBINARY} '{ if ($1=="log_file" && $2=="=") { print $3 } }'` if [ ! "${FIND}" = "" ]; then - logtext "Result: log file is defined" - logtext "Defined value: ${FIND}" + LogText "Result: log file is defined" + LogText "Defined value: ${FIND}" if [ -f ${FIND} ]; then - logtext "Result: log file ${FIND} exists on disk" + LogText "Result: log file ${FIND} exists on disk" Display --indent 4 --text "- Checking auditd log file" --result FOUND --color GREEN - report "logfile[]=${FIND}" + Report "logfile[]=${FIND}" else - logtext "Result: can't find log file ${FIND} on disk" + LogText "Result: can't find log file ${FIND} on disk" Display --indent 4 --text "- Checking auditd log file" --result SUGGESTION --color YELLOW ReportSuggestion ${TEST_NO} "Check auditd log file location" fi else - logtext "Result: no log file found" + LogText "Result: no log file found" Display --indent 4 --text "- Checking auditd log file" --result WARNING --color RED ReportWarning ${TEST_NO} "L" "Auditd log file is defined but can not be found on disk" fi @@ -223,23 +223,23 @@ if [ ${SKIPTEST} -eq 0 ]; then FILE="/lib/snoopy.so" if [ -f ${FILE} ]; then - logtext "Result: found ${FILE}" + LogText "Result: found ${FILE}" Display --indent 2 --text "- Checking Snoopy" --result FOUND --color GREEN if [ -f /etc/ld.so.preload ]; then - logtext "Result: found /etc/ld.so.preload, testing if snoopy.so is listed" + LogText "Result: found /etc/ld.so.preload, testing if snoopy.so is listed" FIND=`grep ${FILE} /etc/ld.so.preload` if [ ! "${FIND}" = "" ]; then - logtext "Result: found snoopy in ld.so.preload" - logtext "Output: ${FIND}" + LogText "Result: found snoopy in ld.so.preload" + LogText "Output: ${FIND}" Display --indent 6 --text "- Library in ld.so.preload" --result "LOADED" --color GREEN - report "audit_trail_tool[]=snoopy" + Report "audit_trail_tool[]=snoopy" else Display --indent 6 --text "- Library in ld.so.preload" --result "NOT FOUND" --color YELLOW ReportSuggestion ${TEST_NO} "Snoopy is installed but not loaded via /etc/ld.so.preload" AddHP 3 3 fi else - logtext "Result: /etc/ld.so.preload does not exist" + LogText "Result: /etc/ld.so.preload does not exist" Display --indent 6 --text "- Library in ld.so.preload" --result "UNKNOWN" --color PURPLE ReportException "${TEST_NO}:1" "Unsure how Snoopy might be loaded as ld.so.preload does not exist" fi @@ -252,14 +252,14 @@ # Description : Check Solaris audit daemon presence Register --test-no ACCT-9650 --os Solaris --weight L --network NO --description "Check Solaris audit daemon" if [ ${SKIPTEST} -eq 0 ]; then - logtext "Test: check if audit daemon is running" + LogText "Test: check if audit daemon is running" IsRunning auditd if [ ${RUNNING} -eq 1 ]; then - logtext "Result: Solaris audit daemon is running" + LogText "Result: Solaris audit daemon is running" SOLARIS_AUDITD_RUNNING=1 Display --indent 2 --text "- Checking Solaris audit daemon status" --result RUNNING --color GREEN else - logtext "Result: Solaris audit daemon is not running" + LogText "Result: Solaris audit daemon is not running" Display --indent 2 --text "- Checking Solaris audit daemon status" --result "NOT RUNNING" --color YELLOW fi fi @@ -271,10 +271,10 @@ if [ -x /usr/bin/svcs -a ${SOLARIS_AUDITD_RUNNING} -eq 1 ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi Register --test-no ACCT-9652 --os Solaris --preqs-met ${PREQS_MET} --weight L --network NO --description "Check auditd SMF status" if [ ${SKIPTEST} -eq 0 ]; then - logtext "Test: check if auditd service is enabled and online" + LogText "Test: check if auditd service is enabled and online" FIND=`/usr/bin/svcs svc:/system/auditd:default | grep "^online"` if [ ! "${FIND}" = "" ]; then - logtext "Result: auditd service is online" + LogText "Result: auditd service is online" Display --indent 4 --text "- Checking Solaris audit daemon status" --result ONLINE --color GREEN else Display --indent 4 --text "- Checking Solaris audit daemon status" --result "NOT ONLINE" --color YELLOW @@ -289,17 +289,17 @@ if [ ${SOLARIS_AUDITD_RUNNING} -eq 1 ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi Register --test-no ACCT-9654 --os Solaris --preqs-met ${PREQS_MET} --weight L --network NO --description "Check BSM auditing in /etc/system" if [ ${SKIPTEST} -eq 0 ]; then - logtext "Test: check if BSM is enabled in /etc/system" + LogText "Test: check if BSM is enabled in /etc/system" if [ -f /etc/system ]; then FIND=`grep 'set c2audit:audit_load = 1' /etc/system` if [ ! "${FIND}" = "" ]; then - logtext "Result: BSM is enabled in /etc/system" + LogText "Result: BSM is enabled in /etc/system" Display --indent 4 --text "- Checking Solaris BSM (/etc/system)" --result ENABLED --color GREEN else Display --indent 4 --text "- Checking Solaris BSM (/etc/system)" --result "NOT FOUND" --color YELLOW fi else - logtext "Result: /etc/system does not exist" + LogText "Result: /etc/system does not exist" fi fi # @@ -310,18 +310,18 @@ if [ ${SOLARIS_AUDITD_RUNNING} -eq 1 ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi Register --test-no ACCT-9656 --os Solaris --preqs-met ${PREQS_MET} --weight L --network NO --description "Check BSM auditing in module list" if [ ${SKIPTEST} -eq 0 ]; then - logtext "Test: check if c2audit module is active" + LogText "Test: check if c2audit module is active" if [ -x /usr/sbin/modinfo ]; then FIND=`/usr/sbin/modinfo | grep c2audit` if [ ! "${FIND}" = "" ]; then - logtext "Result: c2audit found in modinfo output" + LogText "Result: c2audit found in modinfo output" Display --indent 4 --text "- Checking Solaris BSM (modules list)" --result ENABLED --color GREEN else - logtext "Result: c2audit not found in modinfo output" + LogText "Result: c2audit not found in modinfo output" Display --indent 4 --text "- Checking Solaris BSM (modules list)" --result "NOT FOUND" --color YELLOW fi else - logtext "Result: /usr/sbin/modinfo does not exist, skipping test" + LogText "Result: /usr/sbin/modinfo does not exist, skipping test" fi fi # @@ -332,28 +332,28 @@ if [ ${SOLARIS_AUDITD_RUNNING} -eq 1 ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi Register --test-no ACCT-9660 --os Solaris --preqs-met ${PREQS_MET} --weight L --network NO --description "Check location of audit events" if [ ${SKIPTEST} -eq 0 ]; then - logtext "Test: check /etc/security/audit_control for event logging location" + LogText "Test: check /etc/security/audit_control for event logging location" if [ -f /etc/security/audit_control ]; then - logtext "Result: file /etc/security/audit_control found" + LogText "Result: file /etc/security/audit_control found" FIND=`grep "^dir" /etc/security/audit_control | ${AWKBINARY} -F: '{ print $2 }'` if [ ! "${FIND}" = "" ]; then - logtext "Result: found location ${FIND}" - logtext "Test: Checking if location is a valid directory" + LogText "Result: found location ${FIND}" + LogText "Test: Checking if location is a valid directory" if [ -d ${FIND} ]; then - logtext "Result: location ${FIND} is valid" + LogText "Result: location ${FIND} is valid" Display --indent 4 --text "- Checking Solaris audit location" --result FOUND --color GREEN else - logtext "Result: location ${FIND} does not exist" + LogText "Result: location ${FIND} does not exist" Display --indent 4 --text "- Checking Solaris audit location" --result "NOT FOUND" --color YELLOW ReportSuggestion "${TEST_NO}" "Check if the Solaris audit directory is available" fi else - logtext "Result: unknown event location" + LogText "Result: unknown event location" Display --indent 4 --text "- Checking Solaris audit location" --result UNKNOWN --color YELLOW ReportSuggestion "${TEST_NO}" "Check if the Solaris audit directory is properly configured" fi else - logtext "Result: could not find /etc/security/audit_control" + LogText "Result: could not find /etc/security/audit_control" Display --indent 4 --text "- Checking Solaris audit location" --result SKIPPED --color YELLOW fi fi @@ -365,15 +365,15 @@ if [ ${SOLARIS_AUDITD_RUNNING} -eq 1 ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi Register --test-no ACCT-9662 --os Solaris --preqs-met ${PREQS_MET} --weight L --network NO --description "Check Solaris auditing stats" if [ ${SKIPTEST} -eq 0 ]; then - logtext "Test: Check auditing statistics" + LogText "Test: Check auditing statistics" if [ -x /usr/sbin/auditstat ]; then FIND=`/usr/sbin/auditstat | tr -s ' ' ','` for I in ${FIND}; do - logtext "Output: ${I}" + LogText "Output: ${I}" done Display --indent 4 --text "- Checking Solaris audit statistics" --result DONE --color GREEN else - logtext "Result: /usr/sbin/auditstat not found, skipping test" + LogText "Result: /usr/sbin/auditstat not found, skipping test" Display --indent 4 --text "- Checking Solaris audit statistics" --result SKIPPED --color YELLOW fi fi @@ -385,4 +385,4 @@ wait_for_keypress # #================================================================================ -# Lynis - Copyright 2007-2015, Michael Boelen / CISOfy - https://cisofy.com +# Lynis - Copyright 2007-2016, Michael Boelen / CISOfy - https://cisofy.com |