diff options
author | Michael Boelen <michael.boelen@cisofy.com> | 2021-01-07 17:16:34 +0300 |
---|---|---|
committer | GitHub <noreply@github.com> | 2021-01-07 17:16:34 +0300 |
commit | ab1111c0ed270f4f45bc5fd47ff994f8711eb69e (patch) | |
tree | 3f311652d5d7d9343b61563096c5d781da9664e4 /include/tests_hardening | |
parent | 74fbc870b32ca7d138d4bc1adb4cc01beb9ce6b5 (diff) | |
parent | de848cb76a1d336bf4b8f46da490fc8b8d14a66e (diff) |
Merge pull request #905 from topimiettinen/check-non-native-binary-formats
Check for registered non-native binary formats
Diffstat (limited to 'include/tests_hardening')
-rw-r--r-- | include/tests_hardening | 21 |
1 files changed, 21 insertions, 0 deletions
diff --git a/include/tests_hardening b/include/tests_hardening index 4feff7c6..16e13374 100644 --- a/include/tests_hardening +++ b/include/tests_hardening @@ -107,6 +107,27 @@ # ################################################################################# # + # Test : HRDN-7231 + # Description : Check for registered non-native binary formats + Register --test-no HRDN-7231 --os Linux --weight L --network NO --category security --description "Check for registered non-native binary formats" + if [ ${SKIPTEST} -eq 0 ]; then + LogText "Test: Check for registered non-native binary formats" + NFORMATS=0 + if [ -d /proc/sys/fs/binfmt_misc ]; then + NFORMATS=$(${FINDBINARY} /proc/sys/fs/binfmt_misc -type f -not -name register -not -name status | ${WCBINARY} --lines) + fi + if [ ${NFORMATS} -eq 0 ]; then + LogText "Result: no non-native binary formats found" + Display --indent 4 --text "- Non-native binary formats" --result "${STATUS_NOT_FOUND}" --color GREEN + else + FORMATS=$(${FINDBINARY} /proc/sys/fs/binfmt_misc -type f -not -name register -not -name status -printf '%f ') + LogText "Result: found ${NFORMATS} non-native binary formats registered: ${FORMATS}" + Display --indent 4 --text "- Non-native binary formats" --result "${STATUS_FOUND}" --color RED + fi + fi +# +################################################################################# +# # LogText "--------------------------------------------------------------------" # LogText "| System part | Preferred value | Actual value | Points |" # LogText "| [!] Compiler installed | 0 | [${COMPILER_INSTALLED}] | x |" |