diff options
author | Michael Boelen <michael.boelen@cisofy.com> | 2021-07-21 18:22:17 +0300 |
---|---|---|
committer | GitHub <noreply@github.com> | 2021-07-21 18:22:17 +0300 |
commit | 755abdc556062c22d920160cf5ebfc2adb1dcc7a (patch) | |
tree | be9b9a0a603a3c2a0e504f2cd0a581633342582d /include/tests_databases | |
parent | c2d15eb49a8785cd37bf10dc57ef4c6258d1bde8 (diff) | |
parent | 82db00202598d274bf9dd602761c44e4abaec74f (diff) |
Merge pull request #1137 from teoberi/Lynis-with-PostgreSQL-13.1---test-ID-DBS-1826/DBS-1828
Lynis with PostgreSQL 13.1 test ID DBS-1826/DBS-1828
Diffstat (limited to 'include/tests_databases')
-rw-r--r-- | include/tests_databases | 12 |
1 files changed, 9 insertions, 3 deletions
diff --git a/include/tests_databases b/include/tests_databases index 5e71ee80..19d48f53 100644 --- a/include/tests_databases +++ b/include/tests_databases @@ -174,7 +174,7 @@ # Description : Check if PostgreSQL is being used Register --test-no DBS-1826 --weight L --network NO --category security --description "Checking active PostgreSQL processes" if [ ${SKIPTEST} -eq 0 ]; then - if IsRunning "postgres:"; then + if IsRunning "postgres"; then Display --indent 2 --text "- PostgreSQL processes status" --result "${STATUS_FOUND}" --color GREEN LogText "Result: PostgreSQL is active" POSTGRESQL_RUNNING=1 @@ -203,11 +203,17 @@ Register --test-no DBS-1828 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Test PostgreSQL configuration" if [ ${SKIPTEST} -eq 0 ]; then - FIND_PATHS="${ROOTDIR}etc/postgres ${ROOTDIR}var/lib/postgres/data" - CONFIG_FILES=$(${FINDBINARY} ${FIND_PATHS} -type f -name "postgresql.conf" -print0 2> /dev/null | ${TRBINARY} -cd '[:print:]\0' | ${TRBINARY} -d '\n' | ${TRBINARY} '\0' '\n' | xargs -i sh -c 'test -r "{}" && echo "{}" | ${SEDBINARY} "s/ /:space:/g"') + FIND_PATHS="${ROOTDIR}etc/postgres ${ROOTDIR}var/lib/postgres/data ${ROOTDIR}usr/local/pgsql/data" + CONFIG_FILES=$(${FINDBINARY} ${FIND_PATHS} -type f -name "*.conf" -print0 2> /dev/null | ${TRBINARY} -cd '[:print:]\0' | ${TRBINARY} -d '\n' | ${TRBINARY} '\0' '\n' | xargs -i sh -c 'test -r "{}" && echo "{}"' | ${SEDBINARY} "s/ /:space:/g") for CF in ${CONFIG_FILES}; do Report "postgresql_config_file[]=${CF}" LogText "Found configuration file (${CF})" + if IsWorldReadable ${CF}; then + LogText "Result: configuration file ${CF} is world readable, this might leak sensitive information!" + ReportWarning "${TEST_NO}" "PostgreSQL configuration file ${CF} is world readable and might leak sensitive details" "${CF}" "Use chmod 600 to change file permissions" + else + LogText "Result: great, configuration file ${CF} is not world readable" + fi done fi # |