diff options
author | mboelen <michael@cisofy.com> | 2014-08-26 19:33:55 +0400 |
---|---|---|
committer | mboelen <michael@cisofy.com> | 2014-08-26 19:33:55 +0400 |
commit | c0ae2e217b7f1fb0171017ce5afb8eb8898470db (patch) | |
tree | 545aa150c35c5fb74d7bb4c2d3b0ae41cfa7b4e5 /include/tests_banners |
Initial import
Diffstat (limited to 'include/tests_banners')
-rw-r--r-- | include/tests_banners | 250 |
1 files changed, 250 insertions, 0 deletions
diff --git a/include/tests_banners b/include/tests_banners new file mode 100644 index 00000000..38c42c01 --- /dev/null +++ b/include/tests_banners @@ -0,0 +1,250 @@ +#!/bin/sh + +################################################################################# +# +# Lynis +# ------------------ +# +# Copyright 2007-2014, Michael Boelen (michael@rootkit.nl), The Netherlands +# Web site: http://www.rootkit.nl +# +# Lynis comes with ABSOLUTELY NO WARRANTY. This is free software, and you are +# welcome to redistribute it under the terms of the GNU General Public License. +# See LICENSE file for usage of this software. +# +################################################################################# +# +# Banners and identification +# +################################################################################# +# + InsertSection "Banners and identification" +# Display --indent 2 --text "- Checking banners..." +# +################################################################################# +# + BANNER_FILES="/etc/issue /etc/issue.net /etc/motd" + LEGAL_BANNER_STRINGS="access authorized legal monitor owner policy policies private prohibited restricted this unauthorized" +# +################################################################################# +# + # Test : BANN-7113 + # Description : Check FreeBSD COPYRIGHT banner file + Register --test-no BANN-7113 --os FreeBSD --weight L --network NO --description "Check COPYRIGHT banner file" + if [ ${SKIPTEST} -eq 0 ]; then + logtext "Test: Testing existence /COPYRIGHT or /etc/COPYRIGHT" + if [ -f /COPYRIGHT ]; then + Display --indent 2 --text "- /COPYRIGHT" --result FOUND --color GREEN + if [ -s /COPYRIGHT ]; then + logtext "Result: /COPYRIGHT available and contains text" + else + logtext "Result: /COPYRIGHT available, but empty" + fi + else + Display --indent 2 --text "- /COPYRIGHT" --result "NOT FOUND" --color WHITE + logtext "Result: /COPYRIGHT not found" + fi + + if [ -f /etc/COPYRIGHT ]; then + Display --indent 2 --text "- /etc/COPYRIGHT" --result FOUND --color GREEN + if [ -s /etc/COPYRIGHT ]; then + logtext "Result: /etc/COPYRIGHT available and contains text" + else + logtext "Result: /etc/COPYRIGHT available, but empty" + fi + else + Display --indent 2 --text "- /etc/COPYRIGHT" --result "NOT FOUND" --color WHITE + logtext "Result: /etc/COPYRIGHT not found" + fi + fi +# +################################################################################# +# + # Test : BANN-7119 + # Description : Check MOTD banner file + Register --test-no BANN-7119 --weight L --network NO --description "Check MOTD banner file" + if [ ${SKIPTEST} -eq 0 ]; then + logtext "Test: Testing existence /etc/motd" + if [ -f /etc/motd ]; then + logtext "Result: file /etc/motd exists" + Display --indent 2 --text "- /etc/motd..." --result FOUND --color GREEN + if [ ! -L /etc/motd ]; then + IsWorldWritable /etc/motd + if [ "${FileIsWorldWritable}" = "TRUE" ]; then + Display --indent 4 --text "- /etc/motd permissions..." --result WARNING --color RED + logtext "Result: /etc/motd is world writable. Users can change this file!" + ReportWarning ${TEST_NO} "H" "/etc/motd is world writable" + else + Display --indent 4 --text "- /etc/motd permissions..." --result OK --color GREEN + logtext "Result: /etc/motd is not world writable." + fi + else + logtext "Result: file /etc/motd is symlink" + fi + else + logtext "Result: File /etc/motd not found" + Display --indent 2 --text "- /etc/motd..." --result "NOT FOUND" --color WHITE + fi + fi +# +################################################################################# +# + # Test : BANN-7122 + # Description : Check motd file to see if it contains some form of message + # to discourage unauthorized users to leave the system alone + if [ -f /etc/motd -a ! -L /etc/motd ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi + Register --test-no BANN-7122 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check /etc/motd banner file contents" + if [ ${SKIPTEST} -eq 0 ]; then + N=0 + logtext "Test: Checking file /etc/motd contents for legal key words" + for I in ${LEGAL_BANNER_STRINGS}; do + FIND=`grep -i "${I}" /etc/motd` + if [ ! "${FIND}" = "" ]; then + logtext "Result: found string '${I}'" + N=`expr ${N} + 1` + fi + done + # Check if we have 5 or more key words + if [ ${N} -gt 4 ]; then + logtext "Result: Found ${N} key words, to warn unauthorized users" + Display --indent 4 --text "- /etc/motd contents..." --result OK --color GREEN + AddHP 2 2 + else + logtext "Result: Found only ${N} key words, to warn unauthorized users and could be increased" + Display --indent 4 --text "- /etc/motd contents..." --result WEAK --color YELLOW + ReportSuggestion ${TEST_NO} "Add legal banner to /etc/motd, to warn unauthorized users" + AddHP 0 1 + fi + fi +# +################################################################################# +# + # Test : BANN-7124 + # Description : Check issue banner file + Register --test-no BANN-7124 --weight L --network NO --description "Check issue banner file" + if [ ${SKIPTEST} -eq 0 ]; then + logtext "Test: Checking file /etc/issue" + if [ -f /etc/issue ]; then + # Check for symlink + if [ -L /etc/issue ]; then + logtext "Result: file /etc/issue exists (symlink)" + Display --indent 2 --text "- /etc/issue..." --result SYMLINK --color GREEN + else + Display --indent 2 --text "- /etc/issue..." --result FOUND --color GREEN + fi + else + logtext "Result: file /etc/issue does not exist" + Display --indent 2 --text "- /etc/issue..." --result "NOT FOUND" --color WHITE + fi + fi +# +################################################################################# +# + # Test : BANN-7126 + # Description : Check issue file to see if it contains some form of message + # to discourage unauthorized users to leave the system alone + if [ -f /etc/issue ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi + Register --test-no BANN-7126 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check issue banner file contents" + if [ ${SKIPTEST} -eq 0 ]; then + N=0 + logtext "Test: Checking file /etc/issue contents for legal key words" + for I in ${LEGAL_BANNER_STRINGS}; do + FIND=`grep -i "${I}" /etc/issue` + if [ ! "${FIND}" = "" ]; then + logtext "Result: found string '${I}'" + N=`expr ${N} + 1` + fi + done + # Check if we have 5 or more key words + if [ ${N} -gt 4 ]; then + logtext "Result: Found ${N} key words (5 or more suggested), to warn unauthorized users" + Display --indent 4 --text "- /etc/issue contents..." --result OK --color GREEN + AddHP 2 2 + else + logtext "Result: Found only ${N} key words (5 or more suggested), to warn unauthorized users and could be increased" + Display --indent 4 --text "- /etc/issue contents..." --result WEAK --color YELLOW + ReportSuggestion ${TEST_NO} "Add a legal banner to /etc/issue, to warn unauthorized users" + AddHP 0 1 + fi + fi +# +################################################################################# +# + # Test : BANN-7128 + # Description : Check issue.net banner file + Register --test-no BANN-7128 --weight L --network NO --description "Check issue.net banner file" + if [ ${SKIPTEST} -eq 0 ]; then + logtext "Test: Checking file /etc/issue.net" + if [ -f /etc/issue.net ]; then + # Check for symlink + if [ -L /etc/issue.net ]; then + logtext "Result: file /etc/issue.net exists (symlink)" + Display --indent 2 --text "- /etc/issue.net..." --result SYMLINK --color GREEN + else + logtext "Result: file /etc/issue.net exists" + Display --indent 2 --text "- /etc/issue.net..." --result FOUND --color GREEN + fi + else + logtext "Result: file /etc/issue.net does not exist" + Display --indent 2 --text "- /etc/issue.net..." --result "NOT FOUND" --color WHITE + fi + fi +# +################################################################################# +# + # Test : BANN-7130 + # Description : Check issue.net file to see if it contains some form of message + # to discourage unauthorized users to leave the system alone + if [ -f /etc/issue.net ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi + Register --test-no BANN-7130 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check issue.net banner file contents" + if [ ${SKIPTEST} -eq 0 ]; then + N=0 + logtext "Test: Checking file /etc/issue.net contents for legal key words" + for I in ${LEGAL_BANNER_STRINGS}; do + FIND=`grep -i "${I}" /etc/issue.net` + if [ ! "${FIND}" = "" ]; then + logtext "Result: found string '${I}'" + N=`expr ${N} + 1` + fi + done + # Check if we have 5 or more key words + if [ ${N} -gt 4 ]; then + logtext "Result: Found ${N} key words, to warn unauthorized users" + Display --indent 4 --text "- /etc/issue.net contents..." --result OK --color GREEN + AddHP 2 2 + else + logtext "Result: Found only ${N} key words, to warn unauthorized users and could be increased" + Display --indent 4 --text "- /etc/issue.net contents..." --result WEAK --color YELLOW + ReportSuggestion ${TEST_NO} "Add legal banner to /etc/issue.net, to warn unauthorized users" + AddHP 0 1 + fi + fi +# +################################################################################# +# +# /etc/dt/config/*/Xresources +# /etc/default/telnetd (telnet without TCP wrappers) +# /etc/default/ftpd (ftp without TCP wrappers) +# /etc/ftpd/banner.msg (ftp without TCP wrappers on Solaris) +# /etc/ftpaccess (HP-UX) +# /etc/ftpmotd (AIX) +# /etc/ftpaccess.ctl (AIX) +# /etc/security/login.cfg (AIX) +# /etc/X11/xdm/Xresources +# /etc/X11/xdm/kdmrc +# /etc/X11/gdm/gdm +# /etc/vsftpd.conf +# +################################################################################# +# + +wait_for_keypress + +# +################################################################################# +# +# Notes: +# HPUX: /etc/copyright +# +#================================================================================ +# Lynis - Copyright 2007-2014, Michael Boelen - www.rootkit.nl - The Netherlands |