Initial import

author: mboelen <michael@cisofy.com> 2014-08-26 19:33:55 +0400
committer: mboelen <michael@cisofy.com> 2014-08-26 19:33:55 +0400
commit: c0ae2e217b7f1fb0171017ce5afb8eb8898470db (patch)
tree: 545aa150c35c5fb74d7bb4c2d3b0ae41cfa7b4e5 /include/tests_banners
1 files changed, 250 insertions, 0 deletions
diff --git a/include/tests_banners b/include/tests_banners
new file mode 100644
index 00000000..38c42c01
--- /dev/null
+++ b/include/tests_banners
@@ -0,0 +1,250 @@
+#!/bin/sh
+
+#################################################################################
+#
+#   Lynis
+# ------------------
+#
+# Copyright 2007-2014, Michael Boelen (michael@rootkit.nl), The Netherlands
+# Web site: http://www.rootkit.nl
+#
+# Lynis comes with ABSOLUTELY NO WARRANTY. This is free software, and you are
+# welcome to redistribute it under the terms of the GNU General Public License.
+# See LICENSE file for usage of this software.
+#
+#################################################################################
+#
+# Banners and identification
+#
+#################################################################################
+#
+    InsertSection "Banners and identification"
+#    Display --indent 2 --text "- Checking banners..."
+#
+#################################################################################
+#
+    BANNER_FILES="/etc/issue /etc/issue.net /etc/motd"
+    LEGAL_BANNER_STRINGS="access authorized legal monitor owner policy policies private prohibited restricted this unauthorized"
+#
+#################################################################################
+#
+    # Test        : BANN-7113
+    # Description : Check FreeBSD COPYRIGHT banner file
+    Register --test-no BANN-7113 --os FreeBSD --weight L --network NO --description "Check COPYRIGHT banner file"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        logtext "Test: Testing existence /COPYRIGHT or /etc/COPYRIGHT"
+        if [ -f /COPYRIGHT ]; then
+            Display --indent 2 --text "- /COPYRIGHT" --result FOUND --color GREEN
+            if [ -s /COPYRIGHT ]; then
+                logtext "Result: /COPYRIGHT available and contains text"
+             else
+                logtext "Result: /COPYRIGHT available, but empty"
+            fi
+          else
+            Display --indent 2 --text "- /COPYRIGHT" --result "NOT FOUND" --color WHITE
+            logtext "Result: /COPYRIGHT not found"
+        fi
+
+        if [ -f /etc/COPYRIGHT ]; then
+            Display --indent 2 --text "- /etc/COPYRIGHT" --result FOUND --color GREEN	
+            if [ -s /etc/COPYRIGHT ]; then
+                logtext "Result: /etc/COPYRIGHT available and contains text"
+              else
+                logtext "Result: /etc/COPYRIGHT available, but empty"
+            fi
+          else
+            Display --indent 2 --text "- /etc/COPYRIGHT" --result "NOT FOUND" --color WHITE
+            logtext "Result: /etc/COPYRIGHT not found"
+        fi
+    fi
+#
+#################################################################################
+#
+    # Test        : BANN-7119
+    # Description : Check MOTD banner file
+    Register --test-no BANN-7119 --weight L --network NO --description "Check MOTD banner file"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        logtext "Test: Testing existence /etc/motd"
+        if [ -f /etc/motd  ]; then
+	    logtext "Result: file /etc/motd exists"
+	    Display --indent 2 --text "- /etc/motd..." --result FOUND --color GREEN
+	    if [ ! -L /etc/motd ]; then
+	        IsWorldWritable /etc/motd
+		if [ "${FileIsWorldWritable}" = "TRUE" ]; then
+		    Display --indent 4 --text "- /etc/motd permissions..." --result WARNING --color RED
+		    logtext "Result: /etc/motd is world writable. Users can change this file!"
+		    ReportWarning ${TEST_NO} "H" "/etc/motd is world writable"
+	         else
+		    Display --indent 4 --text "- /etc/motd permissions..." --result OK --color GREEN
+		    logtext "Result: /etc/motd is not world writable."
+		fi
+	      else
+	        logtext "Result: file /etc/motd is symlink"
+	    fi
+	  else
+	    logtext "Result: File /etc/motd not found"
+	    Display --indent 2 --text "- /etc/motd..." --result "NOT FOUND" --color WHITE
+        fi
+    fi
+#
+#################################################################################
+#
+    # Test        : BANN-7122
+    # Description : Check motd file to see if it contains some form of message
+    #               to discourage unauthorized users to leave the system alone
+    if [ -f /etc/motd -a ! -L /etc/motd ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
+    Register --test-no BANN-7122 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check /etc/motd banner file contents"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        N=0
+        logtext "Test: Checking file /etc/motd contents for legal key words"
+        for I in ${LEGAL_BANNER_STRINGS}; do
+	    FIND=`grep -i "${I}" /etc/motd`
+	    if [ ! "${FIND}" = "" ]; then
+	        logtext "Result: found string '${I}'"
+	        N=`expr ${N} + 1`
+	    fi
+	done
+	# Check if we have 5 or more key words
+	if [ ${N} -gt 4 ]; then
+	    logtext "Result: Found ${N} key words, to warn unauthorized users"
+	    Display --indent 4 --text "- /etc/motd contents..." --result OK --color GREEN
+	    AddHP 2 2
+	  else
+	    logtext "Result: Found only ${N} key words, to warn unauthorized users and could be increased"
+	    Display --indent 4 --text "- /etc/motd contents..." --result WEAK --color YELLOW
+	    ReportSuggestion ${TEST_NO} "Add legal banner to /etc/motd, to warn unauthorized users"
+	    AddHP 0 1
+	fi
+    fi
+#
+#################################################################################
+#
+    # Test        : BANN-7124
+    # Description : Check issue banner file
+    Register --test-no BANN-7124 --weight L --network NO --description "Check issue banner file"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        logtext "Test: Checking file /etc/issue"
+        if [ -f /etc/issue ]; then
+    	    # Check for symlink
+    	    if [ -L /etc/issue ]; then
+		logtext "Result: file /etc/issue exists (symlink)"
+		Display --indent 2 --text "- /etc/issue..." --result SYMLINK --color GREEN
+	      else
+		Display --indent 2 --text "- /etc/issue..." --result FOUND --color GREEN
+	    fi
+	  else
+	    logtext "Result: file /etc/issue does not exist"
+	    Display --indent 2 --text "- /etc/issue..." --result "NOT FOUND" --color WHITE
+	fi
+    fi
+#
+#################################################################################
+#
+    # Test        : BANN-7126
+    # Description : Check issue file to see if it contains some form of message
+    #               to discourage unauthorized users to leave the system alone
+    if [ -f /etc/issue ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
+    Register --test-no BANN-7126 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check issue banner file contents"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        N=0
+        logtext "Test: Checking file /etc/issue contents for legal key words"
+        for I in ${LEGAL_BANNER_STRINGS}; do
+            FIND=`grep -i "${I}" /etc/issue`
+            if [ ! "${FIND}" = "" ]; then
+                logtext "Result: found string '${I}'"
+                N=`expr ${N} + 1`
+            fi
+        done
+        # Check if we have 5 or more key words
+        if [ ${N} -gt 4 ]; then
+            logtext "Result: Found ${N} key words (5 or more suggested), to warn unauthorized users"
+            Display --indent 4 --text "- /etc/issue contents..." --result OK --color GREEN
+            AddHP 2 2
+          else
+            logtext "Result: Found only ${N} key words (5 or more suggested), to warn unauthorized users and could be increased"
+            Display --indent 4 --text "- /etc/issue contents..." --result WEAK --color YELLOW
+            ReportSuggestion ${TEST_NO} "Add a legal banner to /etc/issue, to warn unauthorized users"
+            AddHP 0 1
+        fi
+    fi
+#
+#################################################################################
+#
+    # Test        : BANN-7128
+    # Description : Check issue.net banner file
+    Register --test-no BANN-7128 --weight L --network NO --description "Check issue.net banner file"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        logtext "Test: Checking file /etc/issue.net"
+        if [ -f /etc/issue.net ]; then
+    	    # Check for symlink
+    	    if [ -L /etc/issue.net ]; then
+		logtext "Result: file /etc/issue.net exists (symlink)"
+		Display --indent 2 --text "- /etc/issue.net..." --result SYMLINK --color GREEN
+	      else
+	        logtext "Result: file /etc/issue.net exists"
+		Display --indent 2 --text "- /etc/issue.net..." --result FOUND --color GREEN
+	    fi
+	  else
+	    logtext "Result: file /etc/issue.net does not exist"
+	    Display --indent 2 --text "- /etc/issue.net..." --result "NOT FOUND" --color WHITE
+	fi
+    fi
+#
+#################################################################################
+#
+    # Test        : BANN-7130
+    # Description : Check issue.net file to see if it contains some form of message
+    #               to discourage unauthorized users to leave the system alone
+    if [ -f /etc/issue.net ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
+    Register --test-no BANN-7130 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check issue.net banner file contents"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        N=0
+        logtext "Test: Checking file /etc/issue.net contents for legal key words"
+        for I in ${LEGAL_BANNER_STRINGS}; do
+	    FIND=`grep -i "${I}" /etc/issue.net`
+	    if [ ! "${FIND}" = "" ]; then
+	        logtext "Result: found string '${I}'"
+	        N=`expr ${N} + 1`
+	    fi
+	done
+	# Check if we have 5 or more key words
+	if [ ${N} -gt 4 ]; then
+	    logtext "Result: Found ${N} key words, to warn unauthorized users"
+	    Display --indent 4 --text "- /etc/issue.net contents..." --result OK --color GREEN
+	    AddHP 2 2
+	  else
+	    logtext "Result: Found only ${N} key words, to warn unauthorized users and could be increased"
+	    Display --indent 4 --text "- /etc/issue.net contents..." --result WEAK --color YELLOW
+	    ReportSuggestion ${TEST_NO} "Add legal banner to /etc/issue.net, to warn unauthorized users"
+	    AddHP 0 1
+	fi
+    fi
+#
+#################################################################################
+#
+# /etc/dt/config/*/Xresources
+# /etc/default/telnetd (telnet without TCP wrappers)
+# /etc/default/ftpd (ftp without TCP wrappers)
+# /etc/ftpd/banner.msg (ftp without TCP wrappers on Solaris)
+# /etc/ftpaccess (HP-UX)
+# /etc/ftpmotd (AIX)
+# /etc/ftpaccess.ctl (AIX)
+# /etc/security/login.cfg (AIX)
+# /etc/X11/xdm/Xresources
+# /etc/X11/xdm/kdmrc
+# /etc/X11/gdm/gdm
+# /etc/vsftpd.conf
+#
+#################################################################################
+#
+
+wait_for_keypress
+
+#
+#################################################################################
+#
+# Notes:
+# HPUX: /etc/copyright
+#
+#================================================================================
+# Lynis - Copyright 2007-2014, Michael Boelen - www.rootkit.nl - The Netherlands
author	mboelen <michael@cisofy.com>	2014-08-26 19:33:55 +0400
committer	mboelen <michael@cisofy.com>	2014-08-26 19:33:55 +0400
commit	c0ae2e217b7f1fb0171017ce5afb8eb8898470db (patch)
tree	545aa150c35c5fb74d7bb4c2d3b0ae41cfa7b4e5 /include/tests_banners