Welcome to mirror list, hosted at ThFree Co, Russian Federation.

github.com/CISOfy/lynis.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/include/tests_networking
diff options
context:
space:
mode:
authorTopi Miettinen <toiwoton@gmail.com>2020-03-20 00:53:57 +0300
committerTopi Miettinen <toiwoton@gmail.com>2020-03-20 00:56:24 +0300
commit820d2ec60774e558f24f09357827d98d0c766efe (patch)
treeafe242215a5ce68ad538526cc96775792c5f44a0 /include/tests_networking
parent6d9ebe41365aaf51e41ca4bd322b93a6104e7322 (diff)
Check DNSSEC status with resolvectl when available
'resolvectl statistics' shows if DNSSEC is supported by systemd-resolved and upstream DNS servers. Signed-off-by: Topi Miettinen <toiwoton@gmail.com>
Diffstat (limited to 'include/tests_networking')
-rw-r--r--include/tests_networking25
1 files changed, 25 insertions, 0 deletions
diff --git a/include/tests_networking b/include/tests_networking
index 51bed912..9f78bca4 100644
--- a/include/tests_networking
+++ b/include/tests_networking
@@ -190,6 +190,31 @@
#
#################################################################################
#
+ # Test : NETW-2706
+ # Description : Check systemd-resolved and upstream DNSSEC status
+ if [ -n "${RESOLVECTLBINARY}" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
+ Register --test-no NETW-2706 --preqs-met ${PREQS_MET} --weight L --network YES --category security --description "Check systemd-resolved and upstream DNSSEC status"
+ if [ ${SKIPTEST} -eq 0 ]; then
+ SKIP=0
+ if [ -n "${RESOLVECTLBINARY}" ]; then
+ DNSSEC_STATUS=$(${RESOLVECTLBINARY} statistics | ${AWKBINARY} -F ":" '/DNSSEC supported/ { print $2 }' | ${TRBINARY} -d ' ')
+ if [ "${DNSSEC_STATUS}" = "yes" ]; then
+ Display --indent 4 --text "- DNSSEC supported (systemd-resolved)" --result "${STATUS_OK}" --color GREEN
+ LogText "Result: DNSSEC supported by systemd-resolved and upstream DNS servers"
+ else
+ Display --indent 4 --text "- DNSSEC supported (systemd-resolved)" --result "${STATUS_WARNING}" --color RED
+ LogText "Result: DNSSEC not supported by systemd-resolved or upstream DNS servers"
+ fi
+ else
+ Display --indent 4 --text "- DNSSEC supported (systemd-resolved)" --result "${STATUS_SKIPPED}" --color YELLOW
+ LogText "Result: resolvectl not installed, test can't be fully performed"
+ fi
+ else
+ LogText "Result: Test most likely skipped due to not having resolvectl"
+ fi
+#
+#################################################################################
+#
# Test : NETW-3001
# Description : Find default gateway (route)
# More info : BSD: ^default Linux: 0.0.0.0
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-26 10:58:10 +0300