Welcome to mirror list, hosted at ThFree Co, Russian Federation.

github.com/CISOfy/lynis.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/include/tests_ports_packages
diff options
context:
space:
mode:
authorhlein <hlein@korelogic.com>2017-03-06 10:41:21 +0300
committerMichael Boelen <michael.boelen@cisofy.com>2017-03-06 10:41:21 +0300
commitb595cc0fb5f0dafe3604f2d2d4915de1acd9c754 (patch)
tree285792c98f8d9d404d55a0d258c8e274868c74d7 /include/tests_ports_packages
parentb9ae378edb9ab109eeb25cc27599b76b2f6f6bfb (diff)
Various cleanups (#363)
* Typo fix. * Style change: always use $(), never ``. The Lynis code already mostly used $(), but backticks were sprinkled around. Converted all of them. * Lots of minor spelling/typo fixes. FWIW these were found with: find . -type f -print0 | xargs -0 cat | aspell list | sort -u | egrep '^[a-z]+$' | less And then reviewing the list to pick out things that looked like misspelled words as opposed to variables, etc., and then manual inspection of context to determine the intention.
Diffstat (limited to 'include/tests_ports_packages')
-rw-r--r--include/tests_ports_packages74
1 files changed, 37 insertions, 37 deletions
diff --git a/include/tests_ports_packages b/include/tests_ports_packages
index d99d8349..273265e9 100644
--- a/include/tests_ports_packages
+++ b/include/tests_ports_packages
@@ -87,7 +87,7 @@
#
# Test : PKGS-7303
# Description : Query brew package manager
- FIND=`which brew 2> /dev/null`
+ FIND=$(which brew 2> /dev/null)
if [ ! "${FIND}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
Register --test-no PKGS-7303 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Query brew package manager"
if [ ${SKIPTEST} -eq 0 ]; then
@@ -97,7 +97,7 @@
LogText "Test: Querying brew to get package list"
Display --indent 4 --text "- Querying brew for installed packages"
LogText "Output:"; LogText "-----"
- GPACKAGES=`brew list`
+ GPACKAGES=$(brew list)
for J in ${GPACKAGES}; do
LogText "Found package ${J}"
INSTALLED_PACKAGES="${INSTALLED_PACKAGES}|${J}"
@@ -166,7 +166,7 @@
LogText "Test: Querying 'rpm -qa' to get package list"
Display --indent 6 --text "- Querying RPM package manager"
LogText "Output:"; LogText "--------"
- SPACKAGES=`${RPMBINARY} -qa --queryformat "%{NAME},%{VERSION}-%{RELEASE}.%{ARCH}\n" 2> /dev/null | sort`
+ SPACKAGES=$(${RPMBINARY} -qa --queryformat "%{NAME},%{VERSION}-%{RELEASE}.%{ARCH}\n" 2> /dev/null | sort)
if [ "${SPACKAGES}" = "" ]; then
LogText "Result: RPM binary available, but package list seems to be empty"
LogText "Info: looks like the rpm binary is installed, but not used for package installation"
@@ -199,15 +199,15 @@
LogText "Test: Querying 'pacman -Q' to get package list"
Display --indent 6 --text "- Querying pacman package manager"
LogText "Output:"; LogText "--------"
- SPACKAGES=`${PACMANBINARY} -Q | ${SORTBINARY} | ${SEDBINARY} 's/ /,/g'`
+ SPACKAGES=$(${PACMANBINARY} -Q | ${SORTBINARY} | ${SEDBINARY} 's/ /,/g')
if [ "${SPACKAGES}" = "" ]; then
LogText "Result: pacman binary available, but package list seems to be empty"
LogText "Info: looks like the pacman binary is installed, but not used for package installation"
else
for J in ${SPACKAGES}; do
N=$((N + 1))
- PACKAGE_NAME=`echo ${J} | ${AWKBINARY} -F, '{ print $1 }'`
- PACKAGE_VERSION=`echo ${J} | ${AWKBINARY} -F, '{ print $2 }'`
+ PACKAGE_NAME=$(echo ${J} | ${AWKBINARY} -F, '{ print $1 }')
+ PACKAGE_VERSION=$(echo ${J} | ${AWKBINARY} -F, '{ print $2 }')
LogText "Found package: ${PACKAGE_NAME} (version: ${PACKAGE_VERSION})"
INSTALLED_PACKAGES="${INSTALLED_PACKAGES}|${J}"
done
@@ -225,7 +225,7 @@
FOUND=0
FIND=$(which checkupdates 2> /dev/null)
if [ ! -z "${FIND}" ]; then
- FIND=`checkupdates`
+ FIND=$(checkupdates)
for I in ${FIND}; do
LogText "Result: update available for ${I}"
Report "available_update[]=${I}"
@@ -255,17 +255,17 @@
COUNT=0
# Check configuration options (options start with a capital)
LogText "Test: searching configured options in ${PACMANCONF}"
- FIND=`${GREPBINARY} "^[A-Z]" ${PACMANCONF} | ${SORTBINARY} -u | ${SEDBINARY} 's/ /:space:/g'`
+ FIND=$(${GREPBINARY} "^[A-Z]" ${PACMANCONF} | ${SORTBINARY} -u | ${SEDBINARY} 's/ /:space:/g')
for I in ${FIND}; do
- PMOPTION=`echo ${I} | ${SEDBINARY} 's/:space:/ /g' | ${AWKBINARY} -F= '{ print $1 }'`
- PMVALUE=`echo ${I} | ${SEDBINARY} 's/:space:/ /g' | ${AWKBINARY} -F= '{ print $2 }'`
+ PMOPTION=$(echo ${I} | ${SEDBINARY} 's/:space:/ /g' | ${AWKBINARY} -F= '{ print $1 }')
+ PMVALUE=$(echo ${I} | ${SEDBINARY} 's/:space:/ /g' | ${AWKBINARY} -F= '{ print $2 }')
LogText "Result: found option ${PMOPTION} configured with value ${PMVALUE}"
Report "pacman_option[]=${PMOPTION}:${PMVALUE}:"
done
# Check software repositories
LogText "Test: checking available repositories"
- FIND=`${GREPBINARY} "^\[.*\]$" ${PACMANCONF} | ${TRBINARY} -d '[]'`
+ FIND=$(${GREPBINARY} "^\[.*\]$" ${PACMANCONF} | ${TRBINARY} -d '[]')
for I in ${FIND}; do
COUNT=$((COUNT + 1))
Report "package_repository[]=${I}"
@@ -325,7 +325,7 @@
N=0
PACKAGE_AUDIT_TOOL_FOUND=1
PACKAGE_AUDIT_TOOL="zypper"
- FIND=`${ZYPPERBINARY} -n se -t package -i | ${AWKBINARY} '{ if ($1=="i") { print $3 } }'`
+ FIND=$(${ZYPPERBINARY} -n se -t package -i | ${AWKBINARY} '{ if ($1=="i") { print $3 } }')
if [ ! "${FIND}" = "" ]; then
for I in ${FIND}; do
N=$((N + 1))
@@ -346,7 +346,7 @@
if [ ! "${ZYPPERBINARY}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
Register --test-no PKGS-7330 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Querying Zypper for vulnerable packages"
if [ ${SKIPTEST} -eq 0 ]; then
- FIND=`${ZYPPERBINARY} -n pchk | ${GREPBINARY} "(0 security patches)"`
+ FIND=$(${ZYPPERBINARY} -n pchk | ${GREPBINARY} "(0 security patches)")
if [ ! "${FIND}" = "" ]; then
LogText "Result: No security updates found with Zypper"
Display --indent 2 --text "- Using Zypper to find vulnerable packages" --result "${STATUS_NONE}" --color GREEN
@@ -355,7 +355,7 @@
LogText "Result: Zypper found one or more installed packages which are vulnerable."
ReportWarning ${TEST_NO} "Found one or more vulnerable packages installed"
# Unfortunately zypper does not properly give back which package it is. Usually best guess is last word on the line
- FIND=`${ZYPPERBINARY} -n lp | ${AWKBINARY} '{ if ($5=="security" || $7=="security") { print $NF }}' | ${SEDBINARY} 's/:$//' | ${GREPBINARY} -v "^$" | ${SORTBINARY} -u`
+ FIND=$(${ZYPPERBINARY} -n lp | ${AWKBINARY} '{ if ($5=="security" || $7=="security") { print $NF }}' | ${SEDBINARY} 's/:$//' | ${GREPBINARY} -v "^$" | ${SORTBINARY} -u)
LogText "List of vulnerable packages/version:"
for I in ${FIND}; do
VULNERABLE_PACKAGES_FOUND=1
@@ -381,11 +381,11 @@
LogText "Test: Querying dpkg -l to get package list"
Display --indent 6 --text "- Querying package manager"
LogText "Output:"
- SPACKAGES=`dpkg -l 2>/dev/null | ${GREPBINARY} "^ii" | ${TRBINARY} -s ' ' | ${TRBINARY} ' ' ',' | sort`
+ SPACKAGES=$(dpkg -l 2>/dev/null | ${GREPBINARY} "^ii" | ${TRBINARY} -s ' ' | ${TRBINARY} ' ' ',' | sort)
for J in ${SPACKAGES}; do
N=$((N + 1))
- PACKAGE_NAME=`echo ${J} | ${CUTBINARY} -d ',' -f2`
- PACKAGE_VERSION=`echo ${J} | ${CUTBINARY} -d ',' -f3`
+ PACKAGE_NAME=$(echo ${J} | ${CUTBINARY} -d ',' -f2)
+ PACKAGE_VERSION=$(echo ${J} | ${CUTBINARY} -d ',' -f3)
LogText "Found package: ${PACKAGE_NAME} (version: ${PACKAGE_VERSION})"
INSTALLED_PACKAGES="${INSTALLED_PACKAGES}|${PACKAGE_NAME},${PACKAGE_VERSION}"
done
@@ -398,13 +398,13 @@
#
# Test : PKGS-7346
# Description : Check packages which are removed, but still own configuration files, cron jobs etc
- # Notes : Cleanup: for pkg in `dpkg -l | ${GREPBINARY} "^rc" | ${CUTBINARY} -d' ' -f3`; do aptitude purge ${pkg}; done
+ # Notes : Cleanup: for pkg in $(dpkg -l | ${GREPBINARY} "^rc" | ${CUTBINARY} -d' ' -f3); do aptitude purge ${pkg}; done
if [ -x /usr/bin/dpkg ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
Register --test-no PKGS-7346 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Search unpurged packages on system"
if [ ${SKIPTEST} -eq 0 ]; then
N=0
LogText "Test: Querying dpkg -l to get unpurged packages"
- SPACKAGES=`dpkg -l 2>/dev/null | ${GREPBINARY} "^rc" | ${CUTBINARY} -d ' ' -f3 | sort`
+ SPACKAGES=$(dpkg -l 2>/dev/null | ${GREPBINARY} "^rc" | ${CUTBINARY} -d ' ' -f3 | sort)
if [ "${SPACKAGES}" = "" ]; then
Display --indent 4 --text "- Query unpurged packages" --result "${STATUS_NONE}" --color GREEN
LogText "Result: no packages found with left overs"
@@ -432,7 +432,7 @@
Register --test-no PKGS-7348 --os FreeBSD --weight L --network NO --category security --description "Check for old distfiles"
if [ ${SKIPTEST} -eq 0 ]; then
if [ -x /usr/local/sbin/portsclean ]; then
- FIND=`/usr/local/sbin/portsclean -n -DD | ${GREPBINARY} 'Delete' | wc -l | ${TRBINARY} -d ' '`
+ FIND=$(/usr/local/sbin/portsclean -n -DD | ${GREPBINARY} 'Delete' | wc -l | ${TRBINARY} -d ' ')
if [ ${FIND} -eq 0 ]; then
Display --indent 2 --text "- Checking presence old distfiles" --result "${STATUS_OK}" --color GREEN
LogText "Result: no unused distfiles found"
@@ -459,11 +459,11 @@
PACKAGE_AUDIT_TOOL_FOUND=1
PACKAGE_AUDIT_TOOL="dnf"
- SPACKAGES=`${DNFBINARY} -q list installed 2> /dev/null | ${AWKBINARY} '{ if ($1!="Installed" && $1!="Last") {print $1","$2 }}'`
+ SPACKAGES=$(${DNFBINARY} -q list installed 2> /dev/null | ${AWKBINARY} '{ if ($1!="Installed" && $1!="Last") {print $1","$2 }}')
for J in ${SPACKAGES}; do
N=$((N + 1))
- PACKAGE_NAME=`echo ${J} | ${CUTBINARY} -d ',' -f1`
- PACKAGE_VERSION=`echo ${J} | ${CUTBINARY} -d ',' -f2`
+ PACKAGE_NAME=$(echo ${J} | ${CUTBINARY} -d ',' -f1)
+ PACKAGE_VERSION=$(echo ${J} | ${CUTBINARY} -d ',' -f2)
LogText "Found package: ${PACKAGE_NAME} (version: ${PACKAGE_VERSION})"
INSTALLED_PACKAGES="${INSTALLED_PACKAGES}|${PACKAGE_NAME},${PACKAGE_VERSION}"
done
@@ -477,7 +477,7 @@
if [ ${SKIPTEST} -eq 0 ]; then
# Check for security updates
LogText "Action: checking updateinfo for security updates"
- FIND=`${DNFBINARY} -q updateinfo list sec 2> /dev/null | ${AWKBINARY} '{ if ($2=="security") { print $3 }}'`
+ FIND=$(${DNFBINARY} -q updateinfo list sec 2> /dev/null | ${AWKBINARY} '{ if ($2=="security") { print $3 }}')
if [ ! "${FIND}" = "" ]; then
VULNERABLE_PACKAGES_FOUND=1
LogText "Result: found vulnerable packages, upgrade of system needed."
@@ -503,7 +503,7 @@
Register --test-no "PKGS-7354" --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Checking package database integrity"
if [ ${SKIPTEST} -eq 0 ]; then
# Check if repoquery plugin is available
- FIND=`${DNFBINARY} 2>&1 | ${GREPBINARY} "^repoquery"`
+ FIND=$(${DNFBINARY} 2>&1 | ${GREPBINARY} "^repoquery")
if [ ! "${FIND}" = "" ]; then
LogText "Action: checking integrity of package database"
FIND=$(${DNFBINARY} -q repoquery --duplicated)
@@ -511,7 +511,7 @@
LogText "Result: found unexpected result on repoquery --duplicated"
ReportSuggestion "${TEST_NO}" "Check output of: dnf repoquery --duplicated"
fi
- FIND=`${DNFBINARY} -q repoquery --unsatisfied`
+ FIND=$(${DNFBINARY} -q repoquery --unsatisfied)
if [ ! "${FIND}" = "" ]; then
LogText "Result: found unexpected result on repoquery --unsatisfied"
ReportSuggestion "${TEST_NO}" "Check output of: dnf repoquery --unsatisfied"
@@ -566,7 +566,7 @@
Display --indent 4 --text "- debsums utility" --result "${STATUS_FOUND}" --color GREEN
AddHP 1 1
# Check in /etc/cron.hourly, daily, weekly, monthly etc
- COUNT=`find /etc/cron* -name debsums | wc -l`
+ COUNT=$(find /etc/cron* -name debsums | wc -l)
if [ ${COUNT} -gt 0 ]; then
LogText "Result: Cron job is configured for debsums utility."
Display --indent 6 --text "- Cron job for debsums" --result "${STATUS_FOUND}" --color GREEN
@@ -593,7 +593,7 @@
if [ ${SKIPTEST} -eq 0 ]; then
N=0
LogText "Test: Querying portmaster for possible port upgrades"
- UPACKAGES=`/usr/local/sbin/portmaster -L | ${GREPBINARY} "version available" | ${AWKBINARY} '{ print $5 }'`
+ UPACKAGES=$(/usr/local/sbin/portmaster -L | ${GREPBINARY} "version available" | ${AWKBINARY} '{ print $5 }')
for J in ${UPACKAGES}; do
N=$((N + 1))
LogText "Upgrade available (new version): ${J}"
@@ -618,7 +618,7 @@
PACKAGE_AUDIT_TOOL_FOUND=1
PACKAGE_AUDIT_TOOL="pkg_admin audit"
if [ -f /var/db/pkg/pkgs-vulnerabilities ]; then
- FIND=`/usr/sbin/pkg_admin audit`
+ FIND=$(/usr/sbin/pkg_admin audit)
if [ "${FIND}" = "" ]; then
LogText "Result: pkg_admin audit results are clean"
Display --indent 2 --text "- Checking pkg_admin audit to obtain vulnerable packages" --result "${STATUS_NONE}" --color GREEN
@@ -628,7 +628,7 @@
LogText "Result: pkg_admin audit found one or more installed packages which are vulnerable."
ReportWarning ${TEST_NO} "Found one or more vulnerable packages."
LogText "List of vulnerable packages/version:"
- for I in `/usr/sbin/pkg_admin audit | ${AWKBINARY} '{ print $2 }' | ${SORTBINARY} -u`; do
+ for I in $(/usr/sbin/pkg_admin audit | ${AWKBINARY} '{ print $2 }' | ${SORTBINARY} -u); do
VULNERABLE_PACKAGES_FOUND=1
Report "vulnerable_package[]=${I}"
LogText "Vulnerable package: ${I}"
@@ -697,7 +697,7 @@
Register --test-no PKGS-7382 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check for vulnerable FreeBSD packages with portaudit"
if [ ${SKIPTEST} -eq 0 ]; then
PACKAGE_AUDIT_TOOL_FOUND=1
- FIND=`/usr/local/sbin/portaudit | ${GREPBINARY} 'problem(s) in your installed packages found' | ${GREPBINARY} -v '0 problem(s) in your installed packages found'`
+ FIND=$(/usr/local/sbin/portaudit | ${GREPBINARY} 'problem(s) in your installed packages found' | ${GREPBINARY} -v '0 problem(s) in your installed packages found')
if [ "${FIND}" = "" ]; then
LogText "Result: Portaudit results are clean"
Display --indent 2 --text "- Checking portaudit to obtain vulnerable packages" --result "${STATUS_NONE}" --color GREEN
@@ -708,7 +708,7 @@
ReportWarning ${TEST_NO} "Found one or more vulnerable packages."
ReportSuggestion ${TEST_NO} "Update your system with portupgrade or other tools"
LogText "List of vulnerable packages/version:"
- for I in `/usr/local/sbin/portaudit | ${GREPBINARY} "Affected package" | ${CUTBINARY} -d ' ' -f3 | ${SORTBINARY} -u`; do
+ for I in $(/usr/local/sbin/portaudit | ${GREPBINARY} "Affected package" | ${CUTBINARY} -d ' ' -f3 | ${SORTBINARY} -u); do
VULNERABLE_PACKAGES_FOUND=1
Report "vulnerable_package[]=${I}"
LogText "Vulnerable package: ${I}"
@@ -749,7 +749,7 @@
LogText "Result: found YUM utils package (/usr/bin/package-cleanup)"
# Check for duplicates
LogText "Test: Checking for duplicate packages"
- FIND=`/usr/bin/package-cleanup -q --dupes > /dev/null; echo $?`
+ FIND=$(/usr/bin/package-cleanup -q --dupes > /dev/null; echo $?)
if [ "${FIND}" = "0" ]; then
LogText "Result: No duplicate packages found"
Display --indent 2 --text "- Checking package database duplicates" --result "${STATUS_OK}" --color GREEN
@@ -762,7 +762,7 @@
# Check for package database problems
LogText "Test: Checking for database problems"
- FIND=`/usr/bin/package-cleanup --problems > /dev/null; echo $?`
+ FIND=$(/usr/bin/package-cleanup --problems > /dev/null; echo $?)
if [ "${FIND}" = "0" ]; then
LogText "Result: No package database problems found"
Display --indent 2 --text "- Checking package database for problems" --result "${STATUS_OK}" --color GREEN
@@ -822,7 +822,7 @@
# Check if it's installed as package (this is old style)
if [ ${DO_TEST} -eq 0 ]; then
- FIND=`rpm -q yum-security yum-plugin-security | ${GREPBINARY} -v "not installed"`
+ FIND=$(rpm -q yum-security yum-plugin-security | ${GREPBINARY} -v "not installed")
if [ ! "${FIND}" = "" ]; then
LogText "Result: found yum-plugin-security package"
DO_TEST=1
@@ -834,7 +834,7 @@
PACKAGE_AUDIT_TOOL_FOUND=1
PACKAGE_AUDIT_TOOL="yum-security"
LogText "Test: Checking for vulnerable packages"
- FIND2=`/usr/bin/yum list-sec security | ${AWKBINARY} '{ if($2=="security" || $2~"Sec") print $3","$5 }'`
+ FIND2=$(/usr/bin/yum list-sec security | ${AWKBINARY} '{ if($2=="security" || $2~"Sec") print $3","$5 }')
if [ "${FIND2}" = "" ]; then
LogText "Result: no vulnerable packages found"
Display --indent 2 --text "- Checking missing security packages" --result "${STATUS_OK}" --color GREEN
@@ -936,7 +936,7 @@
Register --test-no PKGS-7390 --os Linux --preqs-met ${PREQS_MET} --root-only YES --weight L --network NO --category security --description "Check Ubuntu database consistency"
if [ ${SKIPTEST} -eq 0 ]; then
LogText "Test: Package database consistency by running apt-get check"
- FIND=`/usr/bin/apt-get -q=2 check 2> /dev/null; echo $?`
+ FIND=$(/usr/bin/apt-get -q=2 check 2> /dev/null; echo $?)
if [ "${FIND}" = "0" ]; then
Display --indent 2 --text "- Checking APT package database" --result "${STATUS_OK}" --color GREEN
LogText "Result: package database seems to be consistent."
generated by cgit v1.2.3 (git 2.25.1) at 2024-08-10 16:11:01 +0300