diff options
author | Michael Boelen <michael.boelen@cisofy.com> | 2016-07-24 18:22:00 +0300 |
---|---|---|
committer | Michael Boelen <michael.boelen@cisofy.com> | 2016-07-24 18:22:00 +0300 |
commit | 2f4c854ba7790d1c8fb8c664daea6c971f18aa72 (patch) | |
tree | c3eed34233a165d56df1173b3f08e047b47ae47e /include/tests_webservers | |
parent | 0b5af4ed387ea0582181e56a56609c4a633cb91f (diff) |
Rename of categories, introduction of groups
Diffstat (limited to 'include/tests_webservers')
-rw-r--r-- | include/tests_webservers | 42 |
1 files changed, 21 insertions, 21 deletions
diff --git a/include/tests_webservers b/include/tests_webservers index 47c4cbed..137165cc 100644 --- a/include/tests_webservers +++ b/include/tests_webservers @@ -52,7 +52,7 @@ # Notes : Do not run on NetBSD, -v is unknown option for httpd binary # On OpenBSD do not run /usr/sbin/httpd with -v: builtin non-Apache if [ ! "${OS}" = "NetBSD" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi - Register --test-no HTTP-6622 --preqs-met ${PREQS_MET} --weight L --network NO --description "Checking Apache presence" + Register --test-no HTTP-6622 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Checking Apache presence" if [ ${SKIPTEST} -eq 0 ]; then if [ "${OS}" = "OpenBSD" -a "${HTTPDBINARY}" = "/usr/sbin/httpd" ]; then HTTPDBINARY=""; fi if [ "${HTTPDBINARY}" = "" ]; then @@ -88,7 +88,7 @@ else PREQS_MET="NO" fi - Register --test-no HTTP-6624 --preqs-met ${PREQS_MET} --weight L --network NO --description "Testing main Apache configuration file" + Register --test-no HTTP-6624 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Testing main Apache configuration file" if [ ${SKIPTEST} -eq 0 ]; then APACHE_CONFIGFILE="" APACHE_TEST=`${HTTPDBINARY} -V 2> /dev/null | grep "\-D SERVER_CONFIG_FILE=" | sed 's/[ ]-D SERVER_CONFIG_FILE=//' | tr -d '"' | tr -d ' ' | tr -d '[:cntrl:]'` @@ -124,7 +124,7 @@ # Test : HTTP-6626 # Description : Testing other Apache configuration files if [ ${APACHE_INSTALLED} -eq 1 ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi - Register --test-no HTTP-6626 --preqs-met ${PREQS_MET} --weight L --network NO --description "Testing other Apache configuration file" + Register --test-no HTTP-6626 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Testing other Apache configuration file" if [ ${SKIPTEST} -eq 0 ]; then #Display --indent 4 --text "- Searching Apache virtual hosts" for I in ${sTEST_APACHE_TARGETS}; do @@ -194,7 +194,7 @@ # Test : HTTP-6628 # Description : Testing other Apache configuration files #if [ ${APACHE_INSTALLED} -eq 1 ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi - #Register --test-no HTTP-6628 --preqs-met ${PREQS_MET} --weight L --network NO --description "Testing other Apache configuration file" + #Register --test-no HTTP-6628 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Testing other Apache configuration file" #if [ ${SKIPTEST} -eq 0 ]; then # # Configuration specific tests # SERVERTOKENSFOUND=0 @@ -244,7 +244,7 @@ # Test : HTTP-6630 # Description : Search for all loaded modules #if [ ${APACHE_INSTALLED} -eq 1 ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi - #Register --test-no HTTP-6630 --preqs-met ${PREQS_MET} --weight L --network NO --description "Determining all loaded Apache modules" + #Register --test-no HTTP-6630 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Determining all loaded Apache modules" #if [ ${SKIPTEST} -eq 0 ]; then # Testing Debian style #LogText "Test: searching loaded/enabled Apache modules" @@ -264,7 +264,7 @@ # Test : HTTP-6632 # Description : Search for available Apache modules if [ ${APACHE_INSTALLED} -eq 1 ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi - Register --test-no HTTP-6632 --preqs-met ${PREQS_MET} --weight L --network NO --description "Determining all available Apache modules" + Register --test-no HTTP-6632 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Determining all available Apache modules" if [ ${SKIPTEST} -eq 0 ]; then LogText "Test: searching available Apache modules" N=0 @@ -293,7 +293,7 @@ # Test : HTTP-6640 # Description : Search for special Apache modules: evasive if [ ${APACHE_INSTALLED} -eq 1 ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi - Register --test-no HTTP-6640 --preqs-met ${PREQS_MET} --weight L --network NO --description "Determining existence of specific Apache modules" + Register --test-no HTTP-6640 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Determining existence of specific Apache modules" if [ ${SKIPTEST} -eq 0 ]; then # Check modules, module CheckItem "apache_module" "/mod_evasive([0-9][0-9])?.so" @@ -312,7 +312,7 @@ # Test : HTTP-6641 # Description : Search for special Apache modules: Quality of Service if [ ${APACHE_INSTALLED} -eq 1 ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi - Register --test-no HTTP-6641 --preqs-met ${PREQS_MET} --weight L --network NO --description "Determining existence of specific Apache modules" + Register --test-no HTTP-6641 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Determining existence of specific Apache modules" if [ ${SKIPTEST} -eq 0 ]; then # Check modules, module CheckItem "apache_module" "/mod_qos.so" @@ -332,7 +332,7 @@ # Description : Search for special Apache modules: Spamhaus # Notes : This test is outdated #if [ ${APACHE_INSTALLED} -eq 1 ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi - #Register --test-no HTTP-6642 --preqs-met ${PREQS_MET} --weight L --network NO --description "Determining existence of specific Apache modules" + #Register --test-no HTTP-6642 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Determining existence of specific Apache modules" #if [ ${SKIPTEST} -eq 0 ]; then # # Check modules, module # CheckItem "apache_module" "/mod_spamhaus.so" @@ -351,7 +351,7 @@ # Test : HTTP-6643 # Description : Search for special Apache modules: security if [ ${APACHE_INSTALLED} -eq 1 ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi - Register --test-no HTTP-6643 --preqs-met ${PREQS_MET} --weight L --network NO --description "Determining existence of specific Apache modules" + Register --test-no HTTP-6643 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Determining existence of specific Apache modules" if [ ${SKIPTEST} -eq 0 ]; then # Check modules, module CheckItem "apache_module" "/mod_security2.so" @@ -375,7 +375,7 @@ # # Test : HTTP-6702 # Description : Search for nginx process - Register --test-no HTTP-6702 --weight L --network NO --description "Check nginx process" + Register --test-no HTTP-6702 --weight L --network NO --category security --description "Check nginx process" if [ ${SKIPTEST} -eq 0 ]; then LogText "Test: searching running nginx process" FIND=`${PSBINARY} ax | grep "/nginx" | grep "master" | grep -v "grep"` @@ -394,7 +394,7 @@ # Test : HTTP-6704 # Description : Search for nginx configuration file if [ ${NGINX_RUNNING} -eq 1 ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi - Register --test-no HTTP-6704 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check nginx configuration file" + Register --test-no HTTP-6704 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check nginx configuration file" if [ ${SKIPTEST} -eq 0 ]; then LogText "Test: searching nginx configuration file" for I in ${NGINX_CONF_LOCS}; do @@ -419,7 +419,7 @@ # Description : Search for includes within nginx configuration file # Notes : Daemon nginx should be running, nginx.conf should be found if [ ${NGINX_RUNNING} -eq 1 -a ! "${NGINX_CONF_LOCATION}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi - Register --test-no HTTP-6706 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check for additional nginx configuration files" + Register --test-no HTTP-6706 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check for additional nginx configuration files" if [ ${SKIPTEST} -eq 0 ]; then # Remove temp file if [ ! "${TMPFILE}" = "" ]; then if [ -f ${TMPFILE} ]; then rm -f ${TMPFILE}; fi; fi @@ -468,7 +468,7 @@ # Description : Check discovered nginx configuration settings for further hardering # Notes : Daemon of nginx should be running, nginx.conf should be found if [ ${NGINX_RUNNING} -eq 1 -a "${NGINX_CONF_LOCATION}" != "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi - Register --test-no HTTP-6708 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check discovered nginx configuration settings" + Register --test-no HTTP-6708 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check discovered nginx configuration settings" if [ ${SKIPTEST} -eq 0 ]; then LogText "Test: start parsing all discovered nginx options" Display --indent 4 --text "- Parsing configuration options" @@ -481,7 +481,7 @@ # Description : Check SSL configuration of nginx # Notes : Daemon of nginx should be running, nginx.conf should be found if [ ${NGINX_RUNNING} -eq 1 -a "${NGINX_CONF_LOCATION}" != "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi - Register --test-no HTTP-6710 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check nginx SSL configuration settings" + Register --test-no HTTP-6710 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check nginx SSL configuration settings" if [ ${SKIPTEST} -eq 0 ]; then NGINX_SSL_SUGGESTION=0 if [ ${NGINX_SSL_ON} -eq 1 ]; then @@ -534,7 +534,7 @@ # Description : Check logging configuration of nginx # Notes : Daemon of nginx should be running, nginx.conf should be found if [ ${NGINX_RUNNING} -eq 1 -a "${NGINX_CONF_LOCATION}" != "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi - Register --test-no HTTP-6712 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check nginx access logging" + Register --test-no HTTP-6712 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check nginx access logging" if [ ${SKIPTEST} -eq 0 ]; then NGINX_LOG_SUGGESTION=0 Display --indent 6 --text "- Checking log file configuration" @@ -568,7 +568,7 @@ # Test : HTTP-6714 # Description : Check missing error logs in nginx if [ ${NGINX_RUNNING} -eq 1 -a "${NGINX_CONF_LOCATION}" != "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi - Register --test-no HTTP-6714 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check for missing error logs in nginx" + Register --test-no HTTP-6714 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check for missing error logs in nginx" if [ ${SKIPTEST} -eq 0 ]; then NGINX_LOG_SUGGESTION=0 # Check for missing access log @@ -589,7 +589,7 @@ # Test : HTTP-6716 # Description : Check debug mode on error log in nginx if [ ${NGINX_RUNNING} -eq 1 -a "${NGINX_CONF_LOCATION}" != "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi - Register --test-no HTTP-6716 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check for debug mode on error log in nginx" + Register --test-no HTTP-6716 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check for debug mode on error log in nginx" if [ ${SKIPTEST} -eq 0 ]; then NGINX_LOG_SUGGESTION=0 # Access log in debug mode @@ -615,7 +615,7 @@ # Description : Check if nginx is running as a reverse proxy # Notes : aliases are not counted yet (YYY) # if [ ${NGINX_RUNNING} -eq 1 -a ! "${NGINX_CONF_LOCATION}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi -# Register --test-no HTTP-67xx --preqs-met ${PREQS_MET} --weight L --network NO --description "Check nginx virtual hosts" +# Register --test-no HTTP-67xx --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check nginx virtual hosts" # if [ ${SKIPTEST} -eq 0 ]; then # N=0 # LogText "Test: searching proxy_pass statement in configuration file ${NGINX_CONF_LOCATION}" @@ -639,7 +639,7 @@ # Description : Search for nginx virtual hosts # Notes : Test if not aware yet of included configuration files # if [ ${NGINX_RUNNING} -eq 1 -a ! "${NGINX_CONF_LOCATION}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi -# Register --test-no HTTP-67xx --preqs-met ${PREQS_MET} --weight L --network NO --description "Check nginx virtual hosts" +# Register --test-no HTTP-67xx --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check nginx virtual hosts" # if [ ${SKIPTEST} -eq 0 ]; then # N=0 # LogText "Test: searching nginx virtual hosts" @@ -664,7 +664,7 @@ # Test : HTTP-6720 # Description : Search for Nginx log files if [ ${NGINX_RUNNING} -eq 1 ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi - Register --test-no HTTP-6720 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check Nginx log files" + Register --test-no HTTP-6720 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check Nginx log files" if [ ${SKIPTEST} -eq 0 ]; then LogText "Test: Checking directories for files with log file definitions" for I in ${NGINX_CONF_LOCS}; do |