Welcome to mirror list, hosted at ThFree Co, Russian Federation.

github.com/CISOfy/lynis.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/include/tests_boot_services
diff options
context:
space:
mode:
authormboelen <michael@cisofy.com>2014-09-25 19:51:08 +0400
committermboelen <michael@cisofy.com>2014-09-25 19:51:08 +0400
commit27973d5c182afb39ad2bf2debe2a99b4f3310f6b (patch)
tree3de273eff44cde584c0ba815cfa273fef35357a0 /include/tests_boot_services
parent08f77d2531a231111e248754db12d6c92053f462 (diff)
Adjust text and GRUB2 check to work properly
Diffstat (limited to 'include/tests_boot_services')
-rw-r--r--include/tests_boot_services5
1 files changed, 3 insertions, 2 deletions
diff --git a/include/tests_boot_services b/include/tests_boot_services
index 78e51485..cf7ea655 100644
--- a/include/tests_boot_services
+++ b/include/tests_boot_services
@@ -55,8 +55,9 @@
logtext "Result: found GRUB2 configuration file (/boot/grub/grub.cfg)"
# YYY password check, when documentation of GRUB2 project is improved
# YYY Add check permission check (600)
+ fi
if [ -d /boot ]; then
- if [ `ls /boot/* 2> /dev/null` -a ! "${GRUB2INSTALLBINARY}" = "" ]; then
+ if [ "`ls /boot/* 2> /dev/null`" = "" -a ! "${GRUB2INSTALLBINARY}" = "" ]; then
logtext "Result: found empty /boot, however with GRUB2 binary installed. Best guess is that GRUB2 is actually installed, but /boot not mounted"
Display --indent 4 --text "- Checking presence GRUB2" --result "POSSIBLE MATCH" --color YELLOW
ReportManual "${TEST_NO}:01"
@@ -86,7 +87,7 @@
logtext "Risk: user can switch to single user mode by editing current menu items or bypassing them."
logtext "Additional information: Do NOT use a plaintext password, since the grub.conf or menu.lst file is most likely to be world readable!"
logtext "If an unsecured OS like DOS is used, add 'lock' below that entry and setup a password with the password option, to prevent direct system access."
- ReportSuggestion ${TEST_NO} "M" "Set a password on GRUB bootloader to prevent altering configuration"
+ ReportSuggestion ${TEST_NO} "Set a password on GRUB bootloader to prevent altering boot configuration (e.g. boot in single user mode without password)"
logtext "Tip: Run grub-crypt or grub-md5-crypt and create a hashed password. Add a line below the line timeout=<value>, add: password --md5 <password hash> or password --encrypted <password hash> for SHA1 encrypted password"
AddHP 0 2
else
generated by cgit v1.2.3 (git 2.25.1) at 2024-08-25 17:41:10 +0300