Welcome to mirror list, hosted at ThFree Co, Russian Federation.

github.com/CISOfy/lynis.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/include/tests_time
diff options
context:
space:
mode:
authorMichael Boelen <michael.boelen@cisofy.com>2017-03-13 13:59:05 +0300
committerMichael Boelen <michael.boelen@cisofy.com>2017-03-13 13:59:05 +0300
commit320a397772aafbd4310bf7544d3ca2b68b403086 (patch)
tree4c2f0d40775d2309a03e47374e4d23ba3068233a /include/tests_time
parent7d17bfbbd707e7955a2b2e43047302dd5737dc12 (diff)
[TIME-3104] Test permissions before opening files
Diffstat (limited to 'include/tests_time')
-rw-r--r--include/tests_time59
1 files changed, 31 insertions, 28 deletions
diff --git a/include/tests_time b/include/tests_time
index 78be08b9..c8540dda 100644
--- a/include/tests_time
+++ b/include/tests_time
@@ -83,7 +83,7 @@
# Check running processes
FIND=$(${PSBINARY} ax | ${GREPBINARY} "ntpd" | ${GREPBINARY} -v "dntpd" | ${GREPBINARY} -v "grep")
- if [ ! "${FIND}" = "" ]; then
+ if [ ! -z "${FIND}" ]; then
FOUND=1; NTPD_RUNNING=1; NTP_DAEMON_RUNNING=1; NTP_CONFIG_TYPE_DAEMON=1
NTP_DAEMON="ntpd"
LogText "Result: found running NTP daemon in process list"
@@ -100,7 +100,7 @@
# Check timedate daemon (systemd)
if [ ! -z "${TIMEDATECTL}" ]; then
FIND=$(${TIMEDATECTL} status | ${GREPBINARY} "NTP synchronized: yes")
- if [ ! "${FIND}" = "" ]; then
+ if [ ! -z "${FIND}" ]; then
# Check for systemd-timesyncd
if [ -f /etc/systemd/timesyncd.conf ]; then
FOUND=1; NTP_DAEMON_RUNNING=1; NTP_CONFIG_TYPE_DAEMON=1; NTP_DAEMON="systemd-timesyncd"
@@ -119,7 +119,7 @@
if [ -f ${I} ]; then
LogText "Test: checking for ntpdate or rdate in crontab file ${I}"
FIND=$(${EGREPBINARY} "ntpdate|rdate" ${I} | ${GREPBINARY} -v '^#')
- if [ ! "${FIND}" = "" ]; then
+ if [ ! -z "${FIND}" ]; then
FOUND=1; NTP_CONFIG_TYPE_SCHEDULED=1
Display --indent 2 --text "- Checking NTP client in crontab file (${I})" --result "${STATUS_FOUND}" --color GREEN
LogText "Result: found ntpdate or rdate reference in crontab file ${I}"
@@ -139,18 +139,22 @@
# Check cron jobs
for I in ${CRON_DIRS}; do
if [ -d ${I} ]; then
- FIND=$(${LSBINARY} ${I} | ${GREPBINARY} -v FIFO)
- if [ ! "${FIND}" = "" ]; then
- for J in ${FIND}; do
- LogText "Test: checking for ntpdate or rdate in ${I}/${J}"
- FIND2=$(${EGREPBINARY} "rdate|ntpdate" ${I}/${J} | ${GREPBINARY} -v "^#")
- if [ ! "${FIND2}" = "" ]; then
- LogText "Positive match found: ${FIND2}"
- FOUND=1; FOUND_IN_CRON=1; NTP_CONFIG_TYPE_SCHEDULED=1
- fi
- done
+ if FileIsReadable ${I}; then
+ FIND=$(${LSBINARY} ${I} | ${GREPBINARY} -v FIFO)
+ if [ ! -z "${FIND}" ]; then
+ for J in ${FIND}; do
+ LogText "Test: checking for ntpdate or rdate in ${I}/${J}"
+ FIND2=$(${EGREPBINARY} "rdate|ntpdate" ${I}/${J} | ${GREPBINARY} -v "^#")
+ if [ ! -z "${FIND2}" ]; then
+ LogText "Positive match found: ${FIND2}"
+ FOUND=1; FOUND_IN_CRON=1; NTP_CONFIG_TYPE_SCHEDULED=1
+ fi
+ done
+ else
+ LogText "Result: ${I} is empty, skipping search in directory"
+ fi
else
- LogText "Result: ${I} is empty, skipping search in directory"
+ LogText "Result: could not search in directory due to permissions"
fi
fi
done
@@ -159,7 +163,6 @@
Display --indent 2 --text "- Checking NTP client in cron files" --result "${STATUS_FOUND}" --color GREEN
LogText "Result: found ntpdate or rdate in cron directory"
else
- #Display --indent 2 --text "- Checking NTP client in cron.d files" --result "${STATUS_NOT_FOUND}" --color WHITE
LogText "Result: no ntpdate or rdate found in cron directories"
fi
@@ -178,7 +181,7 @@
if [ -f /etc/rc.conf ]; then
LogText "Test: Checking if ntpdate is enabled at startup in *BSD"
FIND=$(${GREPBINARY} 'ntpdate_enable="YES"' /etc/rc.conf)
- if [ ! "${FIND}" = "" ]; then
+ if [ ! -z "${FIND}" ]; then
LogText "Result: ntpdate is enabled in rc.conf"
FOUND=1
NTP_CONFIG_TYPE_STARTUP=1
@@ -211,7 +214,7 @@
#
# Test : TIME-3106
# Description : Check status of systemd time synchronization
- if [ ${SYSTEMD_NTP_ENABLED} -eq 1 -a ! "${TIMEDATECTL}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
+ if [ ${SYSTEMD_NTP_ENABLED} -eq 1 -a ! -z "${TIMEDATECTL}" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
Register --test-no TIME-3106 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check systemd NTP time synchronization status"
if [ ${SKIPTEST} -eq 0 ]; then
LogText "Test: Check the status of time synchronization via timedatectl"
@@ -226,7 +229,7 @@
#
# Test : TIME-3112
# Description : Check for valid associations from ntpq peers list
- if [ ${NTPD_RUNNING} -eq 1 -a ! "${NTPQBINARY}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
+ if [ ${NTPD_RUNNING} -eq 1 -a ! -z "${NTPQBINARY}" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
Register --test-no TIME-3112 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check active NTP associations ID's"
if [ ${SKIPTEST} -eq 0 ]; then
LogText "Test: Checking for NTP association ID's from ntpq peers list"
@@ -244,13 +247,13 @@
#
# Test : TIME-3116
# Description : Check for stratum 16 peers
- if [ ${NTPD_RUNNING} -eq 1 -a ! "${NTPQBINARY}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
+ if [ ${NTPD_RUNNING} -eq 1 -a ! -z "${NTPQBINARY}" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
Register --test-no TIME-3116 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check peers with stratum value of 16"
if [ ${SKIPTEST} -eq 0 ]; then
N=0
LogText "Test: Checking stratum 16 sources from ntpq peers list"
FIND=$(${NTPQBINARY} -p -n | ${AWKBINARY} '{ if ($2!=".POOL." && $3=="16") { print $1 }}')
- if [ "${FIND}" = "" ]; then
+ if [ -z "${FIND}" ]; then
Display --indent 2 --text "- Checking high stratum ntp peers" --result "${STATUS_OK}" --color GREEN
LogText "Result: All peers are lower than stratum 16"
else
@@ -282,15 +285,15 @@
# Description : Check unreliable peers from peer list
# Notes : Items with # are too far away (network distance)
# Items with - are not chosen due clustering algorithm
- if [ ${NTPD_RUNNING} -eq 1 -a ! "${NTPQBINARY}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
+ if [ ${NTPD_RUNNING} -eq 1 -a ! -z "${NTPQBINARY}" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
Register --test-no TIME-3120 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check unreliable NTP peers"
if [ ${SKIPTEST} -eq 0 ]; then
LogText "Test: Checking unreliable ntp peers"
FIND=$(${NTPQBINARY} -p -n | ${EGREPBINARY} "^(-|#)" | ${AWKBINARY} '{ print $1 }' | ${SEDBINARY} 's/^-//g')
- if [ "${FIND}" = "" ]; then
+ if [ -z "${FIND}" ]; then
Display --indent 2 --text "- Checking unreliable ntp peers" --result "${STATUS_NONE}" --color GREEN
LogText "Result: No unreliable peers found"
- else
+ else
Display --indent 2 --text "- Checking unreliable ntp peers" --result "${STATUS_FOUND}" --color YELLOW
LogText "Result: Found one or more unreliable peers (marked with a minus or dash sign)"
for I in ${FIND}; do
@@ -327,7 +330,7 @@
#
# Test : TIME-3128
# Description : Check time source candidates
- if [ ${NTPD_RUNNING} -eq 1 -a ! "${NTPQBINARY}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
+ if [ ${NTPD_RUNNING} -eq 1 -a ! -z "${NTPQBINARY}" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
Register --test-no TIME-3128 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check preferred time source"
if [ ${SKIPTEST} -eq 0 ]; then
LogText "Test: Checking preferred time source"
@@ -350,7 +353,7 @@
#
# Test : TIME-3132
# Description : Check ntpq falsetickers
- if [ ${NTPD_RUNNING} -eq 1 -a ! "${NTPQBINARY}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
+ if [ ${NTPD_RUNNING} -eq 1 -a ! -z "${NTPQBINARY}" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
Register --test-no TIME-3132 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check NTP falsetickers"
if [ ${SKIPTEST} -eq 0 ]; then
LogText "Test: Checking preferred time source"
@@ -374,7 +377,7 @@
#
# Test : TIME-3136
# Description : Check ntpq reported ntp version (Linux)
- if [ ${NTPD_RUNNING} -eq 1 -a ! "${NTPQBINARY}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
+ if [ ${NTPD_RUNNING} -eq 1 -a ! -z "${NTPQBINARY}" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
Register --test-no TIME-3136 --os Linux --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check NTP protocol version"
if [ ${SKIPTEST} -eq 0 ]; then
LogText "Test: Checking NTP protocol version (ntpq -c ntpversion)"
@@ -395,7 +398,7 @@
# Test : TIME-3146
# Description : Check /etc/default/ntpdate (Linux)
# Notes : ntpdate-debian binary
- #if [ ${NTPD_RUNNING} -eq 1 -a ! "${NTPQBINARY}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
+ #if [ ${NTPD_RUNNING} -eq 1 -a ! -z "${NTPQBINARY}" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
#Register --test-no TIME-3146 --os Linux --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check /etc/default/ntpdate"
#if [ ${SKIPTEST} -eq 0 ]; then
#
@@ -416,7 +419,7 @@
# Test : TIME-3160
# Description : Check empty NTP step-tickers
# Notes : Mostly applies to Red Hat and clones
- if [ "${NTPD_RUNNING}" -eq 1 -a ! "${NTPQBINARY}" = "" -a ! "${CHKCONFIGBINARY}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
+ if [ "${NTPD_RUNNING}" -eq 1 -a ! -z "${NTPQBINARY}" -a ! -z "${CHKCONFIGBINARY}" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
Register --test-no TIME-3160 --os Linux --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check empty NTP step-tickers"
if [ ${SKIPTEST} -eq 0 ]; then
FOUND=0
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-19 09:24:30 +0300