diff options
| author | Michael Boelen <michael.boelen@cisofy.com> | 2019-03-14 14:32:19 +0300 |
|---|---|---|
| committer | Michael Boelen <michael.boelen@cisofy.com> | 2019-03-14 14:32:19 +0300 |
| commit | 48195ce2212d2bec8369c837d8feb31ec04b673f (patch) | |
| tree | bdc9ec37f52dab0acde3407cdb809a229aba39d3 /include/tests_scheduling | |
| parent | 3e7b319ec7f028e51df05642686a7e6ab5a28efa (diff) | |
Initial work to detect Lynis in cronjobs
Diffstat (limited to 'include/tests_scheduling')
| -rw-r--r-- | include/tests_scheduling | 41 |
1 files changed, 27 insertions, 14 deletions
diff --git a/include/tests_scheduling b/include/tests_scheduling index 4d188eb6..f0f54b5b 100644 --- a/include/tests_scheduling +++ b/include/tests_scheduling @@ -61,6 +61,7 @@ CRONTAB_FILE="${ROOTDIR}etc/crontab" if [ -f ${CRONTAB_FILE} ]; then + ${EGREPBINARY} -q -s 'lynis audit system' ${CRONTAB_FILE} && LYNIS_CRONJOB="file:/etc/crontab" if IsWorldWritable ${CRONTAB_FILE}; then LogText "Result: insecure file permissions for cronjob file ${CRONTAB_FILE}"; Report "insecure_fileperms_cronjob[]=${CRONTAB_FILE}"; BAD_FILE_PERMISSIONS=1; AddHP 0 5; fi if ! IsOwnedByRoot ${CRONTAB_FILE}; then LogText "Result: incorrect owner found for cronjob file ${CRONTAB_FILE}"; Report "bad_fileowner_cronjob[]=${CRONTAB_FILE}"; BAD_FILE_OWNERSHIP=1; AddHP 0 5; fi FindCronJob ${CRONTAB_FILE} @@ -85,6 +86,8 @@ for FILE in ${FIND}; do if IsWorldWritable ${FILE}; then LogText "Result: insecure file permissions for cronjob file ${J}"; Report "insecure_fileperms_cronjob[]=${J}"; BAD_FILE_PERMISSIONS=1; AddHP 0 5; fi if ! IsOwnedByRoot ${FILE}; then LogText "Result: incorrect owner found for cronjob file ${J}"; Report "bad_fileowner_cronjob[]=${J}"; BAD_FILE_OWNERSHIP=1; AddHP 0 5; fi + FILENAME=$(echo ${FILE} | ${AWKBINARY} -F/ '{print $NF}') + if [ "${FILENAME}" = "lynis" ]; then ${EGREPBINARY} -q -s 'lynis audit system' ${CRONTAB_FILE} && LYNIS_CRONJOB="file:${FILE}"; fi FindCronJob ${FILE} if HasData "${sCRONJOBS}"; then for K in ${sCRONJOBS}; do @@ -115,11 +118,13 @@ LogText "Result: no files found in ${I}" else LogText "Result: found one or more files in ${I}. Analyzing files.." - for J in ${FIND}; do - if IsWorldWritable ${J}; then LogText "Result: insecure file permissions for cronjob file ${J}"; Report "insecure_fileperms_cronjob[]=${J}"; BAD_FILE_PERMISSIONS=1; AddHP 0 5; fi - if ! IsOwnedByRoot ${J}; then LogText "Result: incorrect owner found for cronjob file ${J}"; Report "bad_fileowner_cronjob[]=${J}"; BAD_FILE_OWNERSHIP=1; AddHP 0 5; fi - LogText "Result: Found cronjob (${I}): ${J}" - Report "cronjob[]=${J}" + for FILE in ${FIND}; do + if IsWorldWritable ${FILE}; then LogText "Result: insecure file permissions for cronjob file ${FILE}"; Report "insecure_fileperms_cronjob[]=${FILE}"; BAD_FILE_PERMISSIONS=1; AddHP 0 5; fi + if ! IsOwnedByRoot ${FILE}; then LogText "Result: incorrect owner found for cronjob file ${FILE}"; Report "bad_fileowner_cronjob[]=${FILE}"; BAD_FILE_OWNERSHIP=1; AddHP 0 5; fi + FILENAME=$(echo ${FILE} | ${AWKBINARY} -F/ '{print $NF}') + if [ "${FILENAME}" = "lynis" ]; then ${EGREPBINARY} -q -s 'lynis audit system' ${CRONTAB_FILE} && LYNIS_CRONJOB="file:${FILE}"; fi + LogText "Result: Found cronjob (${I}): ${FILE}" + Report "cronjob[]=${FILE}" done LogText "Result: done with analyzing files in ${I}" fi @@ -137,21 +142,23 @@ FIND=$(${FINDBINARY} /var/spool/cron/crontabs -xdev -type f -print 2> /dev/null) for I in ${FIND}; do if FileIsReadable ${I}; then + ${EGREPBINARY} -q -s 'lynis audit system' ${I} && LYNIS_CRONJOB="file:${I}" FindCronJob ${I} - for J in ${sCRONJOBS}; do - LogText "Found cronjob (/var/spool/cron/crontabs): ${I} (${J})" + for FILE in ${sCRONJOBS}; do + LogText "Found cronjob (/var/spool/cron/crontabs): ${I} (${FILE})" Report "cronjob[]=${I}" done fi done else - if [ -d /var/spool/cron ]; then - FIND=$(find /var/spool/cron -type f -print) + if [ -d ${ROOTDIR}var/spool/cron ]; then + FIND=$(find ${ROOTDIR}var/spool/cron -type f -print) for I in ${FIND}; do if FileIsReadable ${I}; then + ${EGREPBINARY} -q -s 'lynis audit system' ${I} && LYNIS_CRONJOB="file:${I}" FindCronJob ${I} - for J in ${sCRONJOBS}; do - LogText "Found cronjob (/var/spool/cron): ${I} (${J})" + for FILE in ${sCRONJOBS}; do + LogText "Found cronjob in ${ROOTDIR}var/spool/cron: ${I} (${FILE})" LogText "cronjob[]=${I}" done fi @@ -177,12 +184,12 @@ # Show warning when an issue shows up. Even if *both* the permissions and ownership are wrong, just show one (prevent overload of warnings). if [ ${BAD_FILE_PERMISSIONS} -eq 1 ]; then ReportWarning "${TEST_NO}" "Found one or more cronjob files with incorrect file permissions (see log for details)" - Display --indent 2 --text "- Checking crontab/cronjob" --result "${STATUS_WARNING}" --color RED + Display --indent 2 --text "- Checking crontab and cronjobs files" --result "${STATUS_WARNING}" --color RED elif [ ${BAD_FILE_OWNERSHIP} -eq 1 ]; then ReportWarning "${TEST_NO}" "Found one or more cronjob files with incorrect ownership (see log for details)" - Display --indent 2 --text "- Checking crontab/cronjob" --result "${STATUS_WARNING}" --color RED + Display --indent 2 --text "- Checking crontab and cronjob files" --result "${STATUS_WARNING}" --color RED else - Display --indent 2 --text "- Checking crontab/cronjob" --result "${STATUS_DONE}" --color GREEN + Display --indent 2 --text "- Checking crontab and cronjob files" --result "${STATUS_DONE}" --color GREEN fi fi @@ -298,6 +305,12 @@ ################################################################################# # +if [ -z "${LYNIS_CRONJOB}" ]; then + LogText "Result: no scheduled Lynis execution found (e.g. crontab, cronjob)" +else + LogText "Result: found scheduled Lynis execution (${LYNIS_CRONJOB})" +fi + WaitForKeyPress # |