diff options
| author | mboelen <michael@cisofy.com> | 2015-12-21 23:17:15 +0300 |
|---|---|---|
| committer | mboelen <michael@cisofy.com> | 2015-12-21 23:17:15 +0300 |
| commit | d16b38eff83a8dca405e21e1c34205289f3d0832 (patch) | |
| tree | d9db1eac3d4ead003f0e1b4fbfbabf0ddeb66c1e /include/tests_squid | |
| parent | 83a44827e03543146e39c37c33f14ebca6f40a29 (diff) | |
Rename of logtext and report functions, upcoming year change
Diffstat (limited to 'include/tests_squid')
| -rw-r--r-- | include/tests_squid | 92 |
1 files changed, 46 insertions, 46 deletions
diff --git a/include/tests_squid b/include/tests_squid index 59d63dd2..02285aed 100644 --- a/include/tests_squid +++ b/include/tests_squid @@ -5,7 +5,7 @@ # Lynis # ------------------ # -# Copyright 2007-2015, Michael Boelen, CISOfy (michael.boelen@cisofy.com) +# Copyright 2007-2016, Michael Boelen, CISOfy (michael.boelen@cisofy.com) # Web site: https://cisofy.com # # Lynis comes with ABSOLUTELY NO WARRANTY. This is free software, and you are @@ -35,16 +35,16 @@ # programs. Register --test-no SQD-3602 --weight L --network NO --description "Check for running Squid daemon" if [ ${SKIPTEST} -eq 0 ]; then - logtext "Test: Searching for a Squid daemon" + LogText "Test: Searching for a Squid daemon" FOUND=0 # Check running processes FIND=`${PSBINARY} ax | egrep "(squid|squid3) " | grep -v "grep"` if [ ! "${FIND}" = "" ]; then SQUID_DAEMON_RUNNING=1 - logtext "Result: Squid daemon is running" + LogText "Result: Squid daemon is running" Display --indent 2 --text "- Checking running Squid daemon" --result FOUND --color GREEN else - logtext "Result: No running Squid daemon found" + LogText "Result: No running Squid daemon found" Display --indent 2 --text "- Checking running Squid daemon" --result "NOT FOUND" --color WHITE fi fi @@ -56,24 +56,24 @@ if [ ${SQUID_DAEMON_RUNNING} -eq 1 ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi Register --test-no SQD-3604 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check Squid daemon file location" if [ ${SKIPTEST} -eq 0 ]; then - logtext "Test: searching for squid.conf or squid3.conf file" + LogText "Test: searching for squid.conf or squid3.conf file" for I in ${SQUID_DAEMON_CONFIG_LOCS}; do # Checking squid.conf if [ -f "${I}/squid.conf" ]; then - logtext "Result: ${I}/squid.conf exists" + LogText "Result: ${I}/squid.conf exists" SQUID_DAEMON_CONFIG="${I}/squid.conf" fi # Checking squid3.conf if [ -f "${I}/squid3.conf" ]; then - logtext "Result: ${I}/squid3.conf exists" + LogText "Result: ${I}/squid3.conf exists" SQUID_DAEMON_CONFIG="${I}/squid3.conf" fi done if [ "${SQUID_DAEMON_CONFIG}" = "" ]; then - logtext "Result: No Squid configuration file found" + LogText "Result: No Squid configuration file found" Display --indent 4 --text "- Searching Squid configuration file" --result "NOT FOUND" --color YELLOW else - logtext "Result: using last found configuration file: ${SQUID_DAEMON_CONFIG}" + LogText "Result: using last found configuration file: ${SQUID_DAEMON_CONFIG}" Display --indent 4 --text "- Searching Squid configuration" --result FOUND --color GREEN fi fi @@ -86,7 +86,7 @@ Register --test-no SQD-3606 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check Squid version" if [ ${SKIPTEST} -eq 0 ]; then if [ ! "${SQUIDBINARY}" = "" ]; then - logtext "Result: Squid binary found (${SQUIDBINARY})" + LogText "Result: Squid binary found (${SQUIDBINARY})" # Skip check if a setuid/setgid bit is found FIND=`find ${SQUIDBINARY} \( -perm 4000 -o -perm 2000 \) -print` if [ "${FIND}" = "" ]; then @@ -94,11 +94,11 @@ Display --indent 4 --text "- Checking Squid version" --result "FOUND" --color GREEN SQUID_VERSION="${FIND2}" else - logtext "Result: test skipped for security reasons, setuid/setgid bit set" + LogText "Result: test skipped for security reasons, setuid/setgid bit set" Display --indent 4 --text "- Checking Squid version" --result "SKIPPED" --color RED fi else - logtext "Result: no Squid binary found" + LogText "Result: no Squid binary found" fi fi # @@ -109,12 +109,12 @@ if [ ${SQUID_DAEMON_RUNNING} -eq 1 -a ! "${SQUID_DAEMON_CONFIG}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi Register --test-no SQD-3610 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check Squid version" if [ ${SKIPTEST} -eq 0 ]; then - logtext "Test: Checking all specific defined options in ${SQUID_DAEMON_CONFIG}" + LogText "Test: Checking all specific defined options in ${SQUID_DAEMON_CONFIG}" FIND=`grep -v "^#" ${SQUID_DAEMON_CONFIG} | grep -v "^$" | ${AWKBINARY} '{gsub("\t"," ");print}' | sed 's/ /!space!/g'` for I in ${FIND}; do I=`echo ${I} | sed 's/!space!/ /g'` - logtext "Found Squid option: ${I}" - report "squid_option=${I}" + LogText "Found Squid option: ${I}" + Report "squid_option=${I}" done Display --indent 4 --text "- Checking defined Squid options" --result "DONE" --color GREEN fi @@ -126,16 +126,16 @@ if [ ${SQUID_DAEMON_RUNNING} -eq 1 -a ! "${SQUID_DAEMON_CONFIG}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi Register --test-no SQD-3613 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check Squid file permissions" if [ ${SKIPTEST} -eq 0 ]; then - logtext "Test: Checking file permissions of ${SQUID_DAEMON_CONFIG}" + LogText "Test: Checking file permissions of ${SQUID_DAEMON_CONFIG}" FIND=`find ${SQUID_DAEMON_CONFIG} -type f -a \( -perm -004 -o -perm -002 -o -perm -001 \)` if [ ! "${FIND}" = "" ]; then - logtext "Result: file ${SQUID_DAEMON_CONFIG} is world readable, writable or executable and could leak information or passwords" + LogText "Result: file ${SQUID_DAEMON_CONFIG} is world readable, writable or executable and could leak information or passwords" Display --indent 4 --text "- Checking Squid configuration file permissions" --result WARNING --color RED ReportSuggestion ${TEST_NO} "Check file permissions of ${SQUID_DAEMON_CONFIG} to limit access" ReportWarning ${TEST_NO} "M" "File permissions of ${SQUID_DAEMON_CONFIG} are not restrictive" AddHP 0 2 else - logtext "Result: file ${SQUID_DAEMON_CONFIG} has proper file permissions" + LogText "Result: file ${SQUID_DAEMON_CONFIG} has proper file permissions" Display --indent 4 --text "- Checking Squid configuration file permissions" --result OK --color GREEN AddHP 2 2 fi @@ -154,16 +154,16 @@ if [ ${SQUID_DAEMON_RUNNING} -eq 1 -a ! "${SQUID_DAEMON_CONFIG}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi Register --test-no SQD-3614 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check Squid authentication methods" if [ ${SKIPTEST} -eq 0 ]; then - logtext "Test: check auth_param option for authentication methods" + LogText "Test: check auth_param option for authentication methods" FIND=`grep "^auth_param" ${SQUID_DAEMON_CONFIG} | awk '{ print $2 }'` if [ "${FIND}" = "" ]; then - logtext "No auth_param option found, proxy access anonymous or based on other methods (like ACLs)" + LogText "No auth_param option found, proxy access anonymous or based on other methods (like ACLs)" Display --indent 6 --text "- Checking Squid authentication methods" --result "NONE" --color YELLOW else Display --indent 6 --text "- Checking Squid authentication methods" --result "FOUND" --color GREEN for I in ${FIND}; do - logtext "Result: found authentication method ${I}" - report "squid_auth_method=${I}" + LogText "Result: found authentication method ${I}" + Report "squid_auth_method=${I}" done fi fi @@ -175,17 +175,17 @@ if [ ${SQUID_DAEMON_RUNNING} -eq 1 -a ! "${SQUID_DAEMON_CONFIG}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi Register --test-no SQD-3616 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check external Squid authentication" if [ ${SKIPTEST} -eq 0 ]; then - logtext "Test: check external_acl_type option for external authentication helpers" + LogText "Test: check external_acl_type option for external authentication helpers" FIND=`grep "^external_acl_type" ${SQUID_DAEMON_CONFIG}` if [ "${FIND}" = "" ]; then - logtext "No external_acl_type found" + LogText "No external_acl_type found" Display --indent 6 --text "- Checking Squid external authentication methods" --result "NONE" --color YELLOW else Display --indent 6 --text "- Checking Squid external authentication methods" --result "FOUND" --color GREEN for I in ${FIND}; do - logtext "Result: found external authentication method helper" - logtext "Output: ${FIND}" - #report "squid_external_acl_type=TRUE" + LogText "Result: found external authentication method helper" + LogText "Output: ${FIND}" + #Report "squid_external_acl_type=TRUE" done fi fi @@ -198,19 +198,19 @@ Register --test-no SQD-3620 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check Squid access control lists" if [ ${SKIPTEST} -eq 0 ]; then N=0 - logtext "Test: checking ACLs" + LogText "Test: checking ACLs" FIND=`grep "^acl " ${SQUID_DAEMON_CONFIG} | sed 's/ /!space!/g'` if [ "${FIND}" = "" ]; then - logtext "Result: No ACLs found" + LogText "Result: No ACLs found" Display --indent 6 --text "- Checking Access Control Lists" --result "NONE" --color RED else for I in ${FIND}; do N=`expr ${N} + 1` I=`echo ${I} | sed 's/!space!/ /g'` - logtext "Found ACL: ${I}" - #report "squid_acl=${I}" + LogText "Found ACL: ${I}" + #Report "squid_acl=${I}" done - logtext "Result: Found ${N} ACLs" + LogText "Result: Found ${N} ACLs" Display --indent 6 --text "- Checking Access Control Lists" --result "${N} ACLs FOUND" --color GREEN fi fi @@ -223,30 +223,30 @@ Register --test-no SQD-3624 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check Squid safe ports" if [ ${SKIPTEST} -eq 0 ]; then N=0 - logtext "Test: checking ACL Safe_ports http_access option" + LogText "Test: checking ACL Safe_ports http_access option" FIND=`grep "^http_access" ${SQUID_DAEMON_CONFIG} | grep "Safe_ports"` if [ "${FIND}" = "" ]; then - logtext "Result: no Safe_ports found" + LogText "Result: no Safe_ports found" Display --indent 6 --text "- Checking ACL 'Safe_ports' http_access option" --result "NOT FOUND" --color YELLOW ReportSuggestion ${TEST_NO} "Check if Squid has been configured to restrict access to all safe ports" else - logtext "Result: checking ACL safe ports" + LogText "Result: checking ACL safe ports" FIND2=`grep "^acl Safe_ports port" ${SQUID_DAEMON_CONFIG} | awk '{ print $4 }'` if [ "${FIND2}" = "" ]; then Display --indent 6 --text "- Checking ACL 'Safe_ports' ports" --result "NONE FOUND" --color YELLOW ReportSuggestion ${TEST_NO} "Check if Squid has been configured for which ports it can allow outgoing traffic (Safe_ports)" AddHP 0 1 else - logtext "Result: Safe_ports found" + LogText "Result: Safe_ports found" for I in ${FIND}; do - logtext "Found safe port: ${I}" + LogText "Found safe port: ${I}" done Display --indent 6 --text "- Checking ACL 'Safe_ports' ports" --result "FOUND" --color GREEN AddHP 1 1 fi #SQUID_DAEMON_UNSAFE_PORTS_LIST for I in ${SQUID_DAEMON_UNSAFE_PORTS_LIST}; do - logtext "Test: Checking port ${I} in Safe_ports list" + LogText "Test: Checking port ${I} in Safe_ports list" FIND2=`grep -w "^acl Safe_ports port ${I}" ${SQUID_DAEMON_CONFIG}` if [ "${FIND2}" = "" ]; then Display --indent 6 --text "- Checking ACL 'Safe_ports' (port ${I})" --result "NOT FOUND" --color GREEN @@ -274,16 +274,16 @@ Register --test-no SQD-3630 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check Squid reply_body_max_size option" if [ ${SKIPTEST} -eq 0 ]; then N=0 - logtext "Test: checking option reply_body_max_size" + LogText "Test: checking option reply_body_max_size" FIND=`grep "^reply_body_max_size " ${SQUID_DAEMON_CONFIG} | sed 's/ /!space!/g'` if [ "${FIND}" = "" ]; then - logtext "Result: option reply_body_max_size not configured" + LogText "Result: option reply_body_max_size not configured" Display --indent 6 --text "- Checking option: reply_body_max_size" --result "NONE" --color RED AddHP 1 2 ReportSuggestion ${TEST_NO} "Configure Squid option reply_body_max_size to limit the upper size of requests." else - logtext "Result: option reply_body_max_size configured" - logtext "Output: ${FIND}" + LogText "Result: option reply_body_max_size configured" + LogText "Output: ${FIND}" Display --indent 6 --text "- Checking option: reply_body_max_size" --result "FOUND" --color GREEN AddHP 2 2 fi @@ -304,13 +304,13 @@ if [ ${SKIPTEST} -eq 0 ]; then FIND=`grep "^httpd_suppress_version_string " ${SQUID_DAEMON_CONFIG} | grep " on"` if [ "${FIND}" = "" ]; then - logtext "Result: option httpd_suppress_version_string not configured" + LogText "Result: option httpd_suppress_version_string not configured" Display --indent 6 --text "- Checking option: httpd_supress_version_string" --result "NOT FOUND" --color YELLOW AddHP 1 2 ReportSuggestion ${TEST_NO} "Configure Squid option httpd_suppress_version_string (on) to suppress the version." else - logtext "Result: option httpd_suppress_version_string configured" - logtext "Output: ${FIND}" + LogText "Result: option httpd_suppress_version_string configured" + LogText "Output: ${FIND}" Display --indent 6 --text "- Checking option: httpd_suppress_version_string" --result "FOUND" --color GREEN AddHP 2 2 fi @@ -323,4 +323,4 @@ wait_for_keypress # #================================================================================ -# Lynis - Copyright 2007-2015 Michael Boelen, CISOfy - https://cisofy.com +# Lynis - Copyright 2007-2016 Michael Boelen, CISOfy - https://cisofy.com |