Welcome to mirror list, hosted at ThFree Co, Russian Federation.

github.com/CISOfy/lynis.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/include/tests_networking
diff options
context:
space:
mode:
authorMichael Boelen <michael.boelen@cisofy.com>2017-04-30 18:59:35 +0300
committerMichael Boelen <michael.boelen@cisofy.com>2017-04-30 18:59:35 +0300
commit4ecb9d4d05124b813cd4d7ddcaf5671c2f4c4765 (patch)
tree282f5a4e9e3530ada04d00bda3e8ac118cf70bbd /include/tests_networking
parent5ccd0912cf74f5d3dd07e5ed5fe0e6a30571fbb5 (diff)
[bulk change] cleaning up, code enhancements, initialization of variables, and new tests
Diffstat (limited to 'include/tests_networking')
-rw-r--r--include/tests_networking85
1 files changed, 40 insertions, 45 deletions
diff --git a/include/tests_networking b/include/tests_networking
index d5a93d8e..ddb846d2 100644
--- a/include/tests_networking
+++ b/include/tests_networking
@@ -216,7 +216,6 @@
Register --test-no NETW-3004 --weight L --network NO --category security --description "Search for available network interfaces"
if [ ${SKIPTEST} -eq 0 ]; then
FIND=""
- N=0
case ${OS} in
AIX)
FIND=$(${IFCONFIGBINARY} -a 2> /dev/null | ${GREPBINARY} "flags=" | ${AWKBINARY} -F ":" '{ print $1 }')
@@ -239,12 +238,11 @@
ReportException "${TEST_NO}:1" "No support for this OS (${OS}) to find available network interfaces"
;;
esac
- if [ ! -z "${FIND}" ]; then
- for I in ${FIND}; do
- NETWORK_INTERFACES="${NETWORK_INTERFACES}|${I}"
- LogText "Found network interface: ${I}"
- N=$((N + 1))
- Report "network_interface[]=${I}"
+ if HasData "${FIND}"; then
+ for ITEM in ${FIND}; do
+ NETWORK_INTERFACES="${NETWORK_INTERFACES}|${ITEM}"
+ LogText "Found network interface: ${ITEM}"
+ Report "network_interface[]=${ITEM}"
done
else
ReportException "${TEST_NO}:1" "No interfaces found on this system (OS=${OS})"
@@ -272,7 +270,7 @@
if [ ! -z "${IPBINARY}" ]; then
LogText "Test: Using ip binary to gather hardware addresses"
FIND=$(${IPBINARY} link 2> /dev/null | ${GREPBINARY} "link/ether" | ${AWKBINARY} '{ print $2 }')
- else
+ else
ReportException "${TEST_NO}:2" "Missing ifconfig or ip command to collect hardware address (MAC)"
fi
fi
@@ -294,11 +292,9 @@
ReportException "${TEST_NO}:1" "No support for this OS (${OS}) to find MAC information"
;;
esac
- N=0
- for I in ${FIND}; do
- LogText "Found MAC address: ${I}"
- N=$((N + 1))
- Report "network_mac_address[]=${I}"
+ for ITEM in ${FIND}; do
+ LogText "Found MAC address: ${ITEM}"
+ Report "network_mac_address[]=${ITEM}"
done
fi
#
@@ -350,20 +346,17 @@
ReportException "${TEST_NO}:1" "IP address information test not implemented for this operating system"
;;
esac
- N=0
+
# IPv4
- for I in ${FIND}; do
- LogText "Found IPv4 address: ${I}"
- N=$((N + 1))
- Report "network_ipv4_address[]=${I}"
+ for ITEM in ${FIND}; do
+ LogText "Found IPv4 address: ${ITEM}"
+ Report "network_ipv4_address[]=${ITEM}"
done
# IPv6
- for I in ${FIND2}; do
- LogText "Found IPv6 address: ${I}"
- N=$((N + 1))
- Report "network_ipv6_address[]=${I}"
+ for ITEM in ${FIND2}; do
+ LogText "Found IPv6 address: ${ITEM}"
+ Report "network_ipv6_address[]=${ITEM}"
done
-
fi
#
#################################################################################
@@ -373,7 +366,7 @@
Register --test-no NETW-3012 --weight L --network NO --category security --description "Check listening ports"
if [ ${SKIPTEST} -eq 0 ]; then
FIND=""; FIND2=""
- N=0
+ COUNT=0
case ${OS} in
DragonFly|FreeBSD)
if [ ! -z "${SOCKSTATBINARY}" ]; then
@@ -390,13 +383,13 @@
FIND=$(${NETSTATBINARY} -nlp 2> /dev/null | ${GREPBINARY} "^udp" | ${AWKBINARY} '{ print $4"|"$1"|"$6"|" }' | ${SEDBINARY} 's:|[0-9]*/:|:')
# TCP
FIND2=$(${NETSTATBINARY} -nlp 2> /dev/null | ${GREPBINARY} "^tcp" | ${AWKBINARY} '{ if($6=="LISTEN") { print $4"|"$1"|"$7"|" }}' | ${SEDBINARY} 's:|[0-9]*/:|:')
- else
+ else
if [ ! "${SSBINARY}" = "" ]; then
# UDP
FIND=$(${SSBINARY} -u -a -n 2> /dev/null | ${AWKBINARY} '{ print $4 }' | ${GREPBINARY} -v Local)
# TCP
FIND2=$(${SSBINARY} -t -a -n 2> /dev/null | ${AWKBINARY} '{ print $4 }' | ${GREPBINARY} -v Local)
- else
+ else
ReportException "${TEST_NO}:1" "netstat and ss binary missing to gather listening ports"
fi
fi
@@ -440,26 +433,26 @@
# Retrieve information from sockstat, when available
LogText "Test: Retrieving sockstat information to find listening ports"
- if [ ! "${FIND}" = "" ]; then
- for I in ${FIND}; do
- N=$((N + 1))
- LogText "Found listening info: ${I}"
- Report "network_listen_port[]=${I}"
+ if HasData "${FIND}"; then
+ for ITEM in ${FIND}; do
+ COUNT=$((COUNT + 1))
+ LogText "Found listening info: ${ITEM}"
+ Report "network_listen_port[]=${ITEM}"
done
fi
if [ ! "${FIND2}" = "" ]; then
- for I in ${FIND2}; do
- N=$((N + 1))
- LogText "Found listening info: ${I}"
- Report "network_listen_port[]=${I}"
+ for ITEM in ${FIND2}; do
+ COUNT=$((COUNT + 1))
+ LogText "Found listening info: ${ITEM}"
+ Report "network_listen_port[]=${ITEM}"
done
fi
if [ "${FIND}" = "" -a "${FIND2}" = "" ]; then
Display --indent 2 --text "- Getting listening ports (TCP/UDP)" --result "${STATUS_SKIPPED}" --color YELLOW
else
Display --indent 2 --text "- Getting listening ports (TCP/UDP)" --result "${STATUS_DONE}" --color GREEN
- Display --indent 6 --text "* Found ${N} ports"
+ Display --indent 6 --text "* Found ${COUNT} ports"
fi
fi
#
@@ -473,14 +466,14 @@
if [ ${SKIPTEST} -eq 0 ]; then
LogText "Test: Checking promiscuous interfaces (FreeBSD)"
FIND=$(${IFCONFIGBINARY} 2> /dev/null | ${GREPBINARY} PROMISC | ${CUTBINARY} -d ':' -f1)
- if [ ! "${FIND}" = "" ]; then
+ if HasData "${FIND}"; then
LogText "Result: Promiscuous interfaces: ${FIND}"
- for I in ${FIND}; do
+ for ITEM in ${FIND}; do
WHITELISTED=0
for PROFILE in ${PROFILES}; do
- Debug "Checking if interface ${I} is whitelisted in profile ${PROFILE}"
- ISWHITELISTED=$(${GREPBINARY} "^if_promisc:${I}:" ${PROFILE})
- if [ ! "${ISWHITELISTED}" = "" ]; then
+ Debug "Checking if interface ${ITEM} is whitelisted in profile ${PROFILE}"
+ ISWHITELISTED=$(${GREPBINARY} "^if_promisc:${ITEM}:" ${PROFILE})
+ if HasData "${ISWHITELISTED}"; then
WHITELISTED=1
LogText "Result: this interface was whitelisted in profile (${PROFILE})"
fi
@@ -536,15 +529,17 @@
if [ ${FOUNDPROMISC} -eq 0 ]; then
Display --indent 2 --text "- Checking promiscuous interfaces" --result "${STATUS_OK}" --color GREEN
LogText "Result: No promiscuous interfaces found"
- else
+ else
Display --indent 2 --text "- Checking promiscuous interfaces" --result "${STATUS_WARNING}" --color RED
fi
fi
#
#################################################################################
#
- # Test : NETW-3020
- # Description : Checking multipath configuration (Solaris)
+ # Do you have a multipath configuration on Linux or other OS? Create a related test and send in a pull request on GitHub
+
+ # Test : NETW-3020 TODO
+ # Description : Checking multipath configuration
#
#################################################################################
#
@@ -557,7 +552,7 @@
if [ ${SKIPTEST} -eq 0 ]; then
LogText "Test: Using netstat for check for connections in WAIT state"
FIND=$(${NETSTATBINARY} -an | ${GREPBINARY} WAIT | ${WCBINARY} -l | ${AWKBINARY} '{ print $1 }')
- if [ -z "${OPTIONS_CONN_MAX_WAIT_STATE}" ]; then OPTIONS_CONN_MAX_WAIT_STATE="5000"; fi
+ if IsEmpty "${OPTIONS_CONN_MAX_WAIT_STATE}"; then OPTIONS_CONN_MAX_WAIT_STATE="5000"; fi
LogText "Result: currently ${FIND} connections are in a waiting state (max configured: ${OPTIONS_CONN_MAX_WAIT_STATE})."
if [ ${FIND} -gt ${OPTIONS_CONN_MAX_WAIT_STATE} ]; then
Display --indent 2 --text "- Checking waiting connections" --result "${STATUS_WARNING}" --color YELLOW
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-19 02:51:21 +0300