diff options
author | Michael Boelen <michael.boelen@cisofy.com> | 2017-04-23 21:06:54 +0300 |
---|---|---|
committer | Michael Boelen <michael.boelen@cisofy.com> | 2017-04-23 21:06:54 +0300 |
commit | 70ea29483a5fcb82ddc89d656227194560b502f2 (patch) | |
tree | d90db794f0ae7419b81e2b466ec017565ca176eb /include/tests_webservers | |
parent | 9e9b95e1daf9d64d7753d37b48e88697b297fa36 (diff) |
Code enhancements
Diffstat (limited to 'include/tests_webservers')
-rw-r--r-- | include/tests_webservers | 227 |
1 files changed, 49 insertions, 178 deletions
diff --git a/include/tests_webservers b/include/tests_webservers index 08eacecd..c72d7037 100644 --- a/include/tests_webservers +++ b/include/tests_webservers @@ -39,8 +39,8 @@ ################################################################################# # sTEST_APACHE_TARGETS="${ROOTDIR}etc/apache ${ROOTDIR}etc/apache2 ${ROOTDIR}etc/httpd ${ROOTDIR}usr/local/apache ${ROOTDIR}usr/local/apache2 \ - ${ROOTDIR}usr/local/etc/apache ${ROOTDIR}usr/local/etc/apache2 ${ROOTDIR}usr/local/etc/apache22 \ - ${ROOTDIR}usr/pkg/etc/httpd ${ROOTDIR}etc/sysconfig/apache2" + ${ROOTDIR}usr/local/etc/apache ${ROOTDIR}usr/local/etc/apache2 ${ROOTDIR}usr/local/etc/apache22 \ + ${ROOTDIR}usr/pkg/etc/httpd ${ROOTDIR}etc/sysconfig/apache2" CreateTempFile || ExitFatal TMPFILE="${TEMP_FILE}" @@ -57,15 +57,15 @@ Register --test-no HTTP-6622 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Checking Apache presence" if [ ${SKIPTEST} -eq 0 ]; then if [ "${OS}" = "OpenBSD" -a "${HTTPDBINARY}" = "/usr/sbin/httpd" ]; then HTTPDBINARY=""; fi - if [ "${HTTPDBINARY}" = "" ]; then + if [ -z "${HTTPDBINARY}" ]; then Display --indent 2 --text "- Checking Apache" --result "${STATUS_NOT_FOUND}" --color WHITE - else + else LogText "Test: Scanning for Apache binary" IS_APACHE=$(${HTTPDBINARY} -v 2> /dev/null | ${EGREPBINARY} '[aA]pache') - if [ "${IS_APACHE}" = "" ]; then + if [ -z "${IS_APACHE}" ]; then LogText "Result: ${HTTPDBINARY} is not Apache" Display --indent 2 --text "- Checking Apache (binary ${HTTPDBINARY})" --result "NO MATCH" --color WHITE - else + else Display --indent 2 --text "- Checking Apache (binary ${HTTPDBINARY})" --result "${STATUS_FOUND}" --color GREEN LogText "Result: ${HTTPDBINARY} seems to be Apache HTTP daemon" APACHE_INSTALLED=1 @@ -84,7 +84,7 @@ if [ ${APACHE_INSTALLED} -eq 1 ]; then if [ ! "${OS}" = "NetBSD" -a ! "${OS}" = "OpenBSD" ]; then PREQS_MET="YES" - else + else PREQS_MET="NO" fi else @@ -95,14 +95,14 @@ APACHE_CONFIGFILE="" APACHE_TEST=$(${HTTPDBINARY} -V 2> /dev/null | ${GREPBINARY} "\-D SERVER_CONFIG_FILE=" | ${SEDBINARY} 's/[ ]-D SERVER_CONFIG_FILE=//' | ${TRBINARY} -d '"' | ${TRBINARY} -d ' ' | ${TRBINARY} -d '[:cntrl:]') - if [ "${APACHE_TEST}" = "" ]; then + if [ -z "${APACHE_TEST}" ]; then LogText "Result: Can't find the configuration file, so skipping some Apache related tests" - else + else # We found a possible match. Checking if it's valid filename. If not, we need to add a prefix if [ -f ${APACHE_TEST} ]; then APACHE_CONFIGFILE="${APACHE_TEST}" Display --indent 6 --text "Info: Configuration file found (${APACHE_CONFIGFILE})" - else + else # Probably the prefix is missing, so we are going to search that APACHE_HTTPDROOT=$(${HTTPDBINARY} -V 2> /dev/null | ${GREPBINARY} "\-D HTTPD_ROOT=" | ${SEDBINARY} 's/[ ]-D HTTPD_ROOT=//' | ${TRBINARY} -d '"' | ${TRBINARY} -d ' ') #echo "Apache root prefix: ${APACHE_HTTPDROOT}" @@ -112,7 +112,7 @@ APACHE_CONFIGFILE="${APACHE_TESTFILE}" Display --indent 6 --text "Info: Configuration file found (${APACHE_CONFIGFILE})" LogText "Result: Configuration file found (${APACHE_CONFIGFILE})" - else + else LogText "Result: File or directory ${APACHE_CONFIGFILE} does not exist" Display --indent 6 --text "[Notice] possible directory/file parts found, but still unsure what the real configuration file is. Skipping some Apache related tests" ReportException "${TEST_NO}:1" "Found some unknown directory or file references in Apache configuration" @@ -162,7 +162,7 @@ cVHOSTS=$((cVHOSTS + 1)) fi done - else + else LogText "Result: can not read configuration file with this user ID" ReportException "${TEST_NO}:1" "Can not read configuration file $I" fi @@ -180,66 +180,16 @@ LogText "Result: found ${cVHOSTS} virtual hosts" if [ ${cVHOSTS} -gt 0 ]; then Display --indent 6 --text "Info: Found ${cVHOSTS} virtual hosts" - else + else Display --indent 6 --text "Info: No virtual hosts found" fi fi # Remove temp files - if [ -f ${TMPFILE} -a ! "${TMPFILE}" = "" ]; then + if [ -f ${TMPFILE} -a ! -z "${TMPFILE}" ]; then rm -f ${TMPFILE} fi - if [ ! "${TMPFILE2}" = "" ]; then if [ -f ${TMPFILE2} ]; then rm -f ${TMPFILE2}; fi; fi -# -################################################################################# -# - # Test : HTTP-6628 - # Description : Testing other Apache configuration files - #if [ ${APACHE_INSTALLED} -eq 1 ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi - #Register --test-no HTTP-6628 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Testing other Apache configuration file" - #if [ ${SKIPTEST} -eq 0 ]; then -# # Configuration specific tests -# SERVERTOKENSFOUND=0 -# APACHE_CONFIGFILES="${APACHE_CONFIGFILE} /usr/local/etc/apache22/extra/httpd-default.conf /etc/apache2/sysconfig.d/global.conf" -# -# for APACHE_CONFIGFILE in ${APACHE_CONFIGFILES}; do -# if [ -f ${APACHE_CONFIGFILE} ]; then -# # Check if option ServerTokens is configured -# SERVERTOKENSTEST=$(${GREPBINARY} ServerTokens ${APACHE_CONFIGFILE} | ${GREPBINARY} -v '^#') -# if [ ! "${SERVERTOKENSTEST}" = "" ]; then -# Display --indent 4 --text "- Checking option ServerTokens" --result "${STATUS_FOUND}" --color WHITE -# SERVERTOKENSTEST=$(echo ${SERVERTOKENSTEST} | ${SEDBINARY} 's/ServerTokens//' | ${TRBINARY} -d ' ') -# LogText "Option ServerTokens found: ${SERVERTOKENSTEST}" -# SERVERTOKENSEXPECTED=$(${GREPBINARY} 'apache' ${PROFILE} | ${GREPBINARY} 'ServerTokens' | ${CUTBINARY} -d ':' -f3) -# if [ "${SERVERTOKENSEXPECTED}" = "${SERVERTOKENSTEST}" ]; then -# LogText "Result: Value from configuration file yielded the same output as in template" -# SERVERTOKENSFOUND=1 -# else -# LogText "Result: Value of ServerTokens within active configuration is different than from used template." -# LogText "Found: ${SERVERTOKENSTEST}" -# LogText "Expected: ${SERVERTOKENSEXPECTED}" -# fi -# else -# Display --indent 4 --text "- Checking option ServerTokens" --result "${STATUS_NOT_FOUND}" --color WHITE -# fi -# -# else -# # File does not exist, skipping -# LogText "File ${APACHE_CONFIGFILE} does not exist, so skipping tests on this file" -# fi -# done -# -# # Display results from checks -# if [ ${SERVERTOKENSFOUND} -eq 1 ]; then -# Display --indent 6 --text "- Value of ServerTokens" --result "${STATUS_OK}" --color GREEN -# else -# Display --indent 6 --text "- Value of ServerTokens" --result "${STATUS_WARNING}" --color RED -# ReportWarning ${TEST_NO} "Value of 'ServerTokens' in Apache config is different than template" -# fi -# fi -# fi -# fi - + if [ ! -z "${TMPFILE2}" ]; then if [ -f ${TMPFILE2} ]; then rm -f ${TMPFILE2}; fi; fi # ################################################################################# # @@ -284,7 +234,7 @@ if [ ${N} -eq 0 ]; then Display --indent 4 --text "* Loadable modules" --result "${STATUS_NONE}" --color WHITE ReportException "${TEST_NO}:1" "No loadable Apache modules found" - else + else Display --indent 4 --text "* Loadable modules" --result "${STATUS_FOUND}" --color GREEN Display --indent 8 --text "- Found ${N} loadable modules" fi @@ -302,7 +252,7 @@ if [ ${ITEM_FOUND} -eq 1 ]; then Display --indent 10 --text "mod_evasive: anti-DoS/brute force" --result "${STATUS_FOUND}" --color GREEN AddHP 3 3 - else + else Display --indent 10 --text "mod_evasive: anti-DoS/brute force" --result "${STATUS_NOT_FOUND}" --color WHITE AddHP 2 3 ReportSuggestion ${TEST_NO} "Install Apache mod_evasive to guard webserver against DoS/brute force attempts" @@ -331,26 +281,6 @@ # ################################################################################# # - # Test : HTTP-6642 - # Description : Search for special Apache modules: Spamhaus - # Notes : This test is outdated - #if [ ${APACHE_INSTALLED} -eq 1 ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi - #Register --test-no HTTP-6642 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Determining existence of specific Apache modules" - #if [ ${SKIPTEST} -eq 0 ]; then - # # Check modules, module - # CheckItem "apache_module" "/mod_spamhaus.so" - # if [ ${ITEM_FOUND} -eq 1 ]; then - # Display --indent 10 --text "mod_spamhaus: anti-spam (spamhaus)" --result "${STATUS_FOUND}" --color GREEN - # AddHP 3 3 - # else - # Display --indent 10 --text "mod_spamhaus: anti-spam (spamhaus)" --result "${STATUS_NOT_FOUND}" --color WHITE - # AddHP 2 3 - # ReportSuggestion ${TEST_NO} "Install Apache mod_spamhaus to guard webserver against spammers" - # fi - #fi -# -################################################################################# -# # Test : HTTP-6643 # Description : Search for special Apache modules: security if [ ${APACHE_INSTALLED} -eq 1 ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi @@ -361,12 +291,11 @@ if [ ${ITEM_FOUND} -eq 1 ]; then Display --indent 10 --text "ModSecurity: web application firewall" --result "${STATUS_FOUND}" --color GREEN AddHP 3 3 - else + else Display --indent 10 --text "ModSecurity: web application firewall" --result "${STATUS_NOT_FOUND}" --color WHITE AddHP 2 3 ReportSuggestion ${TEST_NO} "Install Apache modsecurity to guard webserver against web application attacks" fi - # Extend test with nginx? fi # ################################################################################# @@ -382,12 +311,12 @@ if [ ${SKIPTEST} -eq 0 ]; then LogText "Test: searching running nginx process" FIND=$(${PSBINARY} ax | ${GREPBINARY} "/nginx" | ${GREPBINARY} "master" | ${GREPBINARY} -v "grep") - if [ ! "${FIND}" = "" ]; then + if [ ! -z "${FIND}" ]; then LogText "Result: found running nginx process(es)" Display --indent 2 --text "- Checking nginx" --result "${STATUS_FOUND}" --color GREEN NGINX_RUNNING=1 Report "nginx_running=1" - else + else LogText "Result: no running nginx process found" Display --indent 2 --text "- Checking nginx" --result "${STATUS_NOT_FOUND}" --color WHITE fi @@ -408,11 +337,11 @@ NGINX_CONF_FILES="${I}/nginx.conf" fi done - if [ ! "${NGINX_CONF_LOCATION}" = "" ]; then + if [ ! -z "${NGINX_CONF_LOCATION}" ]; then LogText "Result: found nginx configuration file" Report "nginx_main_conf_file=${NGINX_CONF_LOCATION}" Display --indent 4 --text "- Searching nginx configuration file" --result "${STATUS_FOUND}" --color GREEN - else + else LogText "Result: no nginx configuration file found" Display --indent 2 --text "- Searching nginx configuration file" --result "${STATUS_NOT_FOUND}" --color WHITE fi @@ -423,11 +352,11 @@ # Test : HTTP-6706 # Description : Search for includes within nginx configuration file # Notes : Daemon nginx should be running, nginx.conf should be found - if [ ${NGINX_RUNNING} -eq 1 -a ! "${NGINX_CONF_LOCATION}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi + if [ ${NGINX_RUNNING} -eq 1 -a ! -z "${NGINX_CONF_LOCATION}" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi Register --test-no HTTP-6706 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check for additional nginx configuration files" if [ ${SKIPTEST} -eq 0 ]; then # Remove temp file - if [ ! "${TMPFILE}" = "" ]; then if [ -f ${TMPFILE} ]; then rm -f ${TMPFILE}; fi; fi + if [ ! -z "${TMPFILE}" ]; then if [ -f ${TMPFILE} ]; then rm -f ${TMPFILE}; fi; fi N=0 ${SEDBINARY} -e 's/^[ ]*//' ${NGINX_CONF_LOCATION} | ${GREPBINARY} -v "^#" | ${GREPBINARY} -v "^$" | ${SEDBINARY} 's/[ ]/ /g' | ${SEDBINARY} 's/ / /g' | ${SEDBINARY} 's/ / /g' >> ${TMPFILE} # Search for included configuration files (may include directories and wild cards) @@ -440,13 +369,13 @@ N=$((N + 1)) LogText "Result: found Nginx configuration file ${J}" Report "nginx_sub_conf_file[]=${J}" - FileIsReadable ${J} - if [ ${CANREAD} -eq 1 ]; then - NGINX_CONF_FILES="${NGINX_CONF_FILES} ${J}" - FIND3=$(sed -e 's/^[ ]*//' ${J} | ${GREPBINARY} -v "^#" | ${GREPBINARY} -v "^$" | ${SEDBINARY} 's/[ ]/ /g' | ${SEDBINARY} 's/ / /g' | ${SEDBINARY} 's/ / /g' >> ${TMPFILE}) - else - ReportException "${TEST_NO}:1" "Can not parse file ${J}, as it is not readable" - fi + FileIsReadable ${J} + if [ ${CANREAD} -eq 1 ]; then + NGINX_CONF_FILES="${NGINX_CONF_FILES} ${J}" + FIND3=$(sed -e 's/^[ ]*//' ${J} | ${GREPBINARY} -v "^#" | ${GREPBINARY} -v "^$" | ${SEDBINARY} 's/[ ]/ /g' | ${SEDBINARY} 's/ / /g' | ${SEDBINARY} 's/ / /g' >> ${TMPFILE}) + else + ReportException "${TEST_NO}:1" "Can not parse file ${J}, as it is not readable" + fi fi done done @@ -463,7 +392,7 @@ if [ ${N} -eq 0 ]; then LogText "Result: no nginx include statements found" - else + else Display --indent 6 --text "- Found nginx includes" --result "${N} FOUND" --color GREEN fi fi @@ -473,7 +402,7 @@ # Test : HTTP-6708 # Description : Check discovered nginx configuration settings for further hardening # Notes : Daemon of nginx should be running, nginx.conf should be found - if [ ${NGINX_RUNNING} -eq 1 -a ! "${NGINX_CONF_FILES}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi + if [ ${NGINX_RUNNING} -eq 1 -a ! -z "${NGINX_CONF_FILES}" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi Register --test-no HTTP-6708 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check discovered nginx configuration settings" if [ ${SKIPTEST} -eq 0 ]; then LogText "Test: start parsing all discovered nginx options" @@ -513,7 +442,7 @@ # Test : HTTP-6710 # Description : Check SSL configuration of nginx # Notes : Daemon of nginx should be running, nginx.conf should be found - if [ ${NGINX_RUNNING} -eq 1 -a "${NGINX_CONF_LOCATION}" != "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi + if [ ${NGINX_RUNNING} -eq 1 -a ! -z "${NGINX_CONF_LOCATION}" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi Register --test-no HTTP-6710 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check nginx SSL configuration settings" if [ ${SKIPTEST} -eq 0 ]; then NGINX_SSL_SUGGESTION=0 @@ -524,14 +453,14 @@ # Cipher tests if [ ${NGINX_SSL_CIPHERS} -eq 1 ]; then Display --indent 8 --text "- Ciphers configured" --result "${STATUS_YES}" --color GREEN - else + else Display --indent 8 --text "- Ciphers configured" --result "${STATUS_NO}" --color RED NGINX_SSL_SUGGESTION=1 fi if [ ${NGINX_SSL_PREFER_SERVER_CIPHERS} -eq 1 ]; then Display --indent 8 --text "- Prefer server ciphers" --result "${STATUS_YES}" --color GREEN - else + else Display --indent 8 --text "- Prefer server ciphers" --result "${STATUS_NO}" --color RED NGINX_SSL_SUGGESTION=1 fi @@ -540,16 +469,15 @@ Display --indent 8 --text "- Protocols configured" --result "${STATUS_YES}" --color GREEN if [ ${NGINX_WEAK_SSL_PROTOCOL_FOUND} -eq 0 ]; then Display --indent 10 --text "- Insecure protocols found" --result "${STATUS_NO}" --color GREEN - else + else Display --indent 10 --text "- Insecure protocols found" --result "${STATUS_YES}" --color RED ReportSuggestion "${TEST_NO}" "Disable weak protocol in nginx configuration" fi - else + else Display --indent 8 --text "- Protocols configured" --result "${STATUS_NO}" --color RED NGINX_SSL_SUGGESTION=1 fi - - else + else LogText "Result: No SSL configuration found" Display --indent 6 --text "- SSL configured" --result "${STATUS_NO}" --color RED ReportSuggestion ${TEST_NO} "Add HTTPS to nginx virtual hosts for enhanced protection of sensitive data and privacy" @@ -566,7 +494,7 @@ # Test : HTTP-6712 # Description : Check logging configuration of nginx # Notes : Daemon of nginx should be running, nginx.conf should be found - if [ ${NGINX_RUNNING} -eq 1 -a "${NGINX_CONF_LOCATION}" != "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi + if [ ${NGINX_RUNNING} -eq 1 -a ! -z "${NGINX_CONF_LOCATION}" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi Register --test-no HTTP-6712 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check nginx access logging" if [ ${SKIPTEST} -eq 0 ]; then NGINX_LOG_SUGGESTION=0 @@ -576,7 +504,7 @@ if [ ${NGINX_ACCESS_LOG_MISSING} -eq 1 ]; then NGINX_LOG_SUGGESTION=1 Display --indent 8 --text "- Missing log files (access_log)" --result "${STATUS_YES}" --color RED - else + else Display --indent 8 --text "- Missing log files (access_log)" --result "${STATUS_NO}" --color GREEN fi # Access log disabled @@ -585,7 +513,7 @@ LogText "Result: found one or more virtual hosts which have their access log disabled" Display --indent 8 --text "- Disabled access logging" --result "${STATUS_YES}" --color RED AddHP 2 3 - else + else LogText "Result: no virtual hosts found which have their access log disabled" Display --indent 8 --text "- Disabled access logging" --result "${STATUS_NO}" --color GREEN AddHP 3 3 @@ -600,7 +528,7 @@ # # Test : HTTP-6714 # Description : Check missing error logs in nginx - if [ ${NGINX_RUNNING} -eq 1 -a "${NGINX_CONF_LOCATION}" != "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi + if [ ${NGINX_RUNNING} -eq 1 -a ! -z "${NGINX_CONF_LOCATION}" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi Register --test-no HTTP-6714 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check for missing error logs in nginx" if [ ${SKIPTEST} -eq 0 ]; then NGINX_LOG_SUGGESTION=0 @@ -608,7 +536,7 @@ if [ ${NGINX_ERROR_LOG_MISSING} -eq 1 ]; then NGINX_LOG_SUGGESTION=1 Display --indent 8 --text "- Missing log files (error_log)" --result "${STATUS_YES}" --color RED - else + else Display --indent 8 --text "- Missing log files (error_log)" --result "${STATUS_NO}" --color GREEN fi # Report suggestion @@ -621,7 +549,7 @@ # # Test : HTTP-6716 # Description : Check debug mode on error log in nginx - if [ ${NGINX_RUNNING} -eq 1 -a "${NGINX_CONF_LOCATION}" != "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi + if [ ${NGINX_RUNNING} -eq 1 -a ! -z "${NGINX_CONF_LOCATION}" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi Register --test-no HTTP-6716 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check for debug mode on error log in nginx" if [ ${SKIPTEST} -eq 0 ]; then NGINX_LOG_SUGGESTION=0 @@ -631,7 +559,7 @@ LogText "Result: found one or more virtual hosts which have their error log in debug mode" Display --indent 8 --text "- Debugging mode on error_log" --result "${STATUS_YES}" --color RED AddHP 2 3 - else + else LogText "Result: no virtual hosts found which have their access log disabled" Display --indent 8 --text "- Debugging mode on error_log" --result "${STATUS_NO}" --color GREEN AddHP 3 3 @@ -644,56 +572,6 @@ # ################################################################################# # - # Test : HTTP-67xx - # Description : Check if nginx is running as a reverse proxy - # Notes : aliases are not counted yet (YYY) -# if [ ${NGINX_RUNNING} -eq 1 -a ! "${NGINX_CONF_LOCATION}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi -# Register --test-no HTTP-67xx --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check nginx virtual hosts" -# if [ ${SKIPTEST} -eq 0 ]; then -# N=0 -# LogText "Test: searching proxy_pass statement in configuration file ${NGINX_CONF_LOCATION}" -# FIND=$(${GREPBINARY} "proxy_pass" ${NGINX_CONF_LOCATION} | ${GREPBINARY} -v "#" | ${SEDBINARY} 's/proxy_pass//g' | ${TRBINARY} -d ';') -# for I in ${FIND}; do -# LogText "Found reverse proxy configuration for: ${I}" -# N=$((N + 1)) -# done -# if [ ${N} -eq 0 ]; then -# LogText "Result: no reverse proxying functionality found" -# Display --indent 4 --text "- Searching reverse proxy functionality" --result "${STATUS_NOT_FOUND}" --color WHITE -# else -# LogText "Result: found ${N} addresses for which nginx will be a reverse proxy" -# Display --indent 4 --text "- Searching reverse proxy functionality" --result "${N} FOUND" --color GREEN -# fi -# fi -# -################################################################################# -# - # Test : HTTP-67xx - # Description : Search for nginx virtual hosts - # Notes : Test if not aware yet of included configuration files -# if [ ${NGINX_RUNNING} -eq 1 -a ! "${NGINX_CONF_LOCATION}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi -# Register --test-no HTTP-67xx --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check nginx virtual hosts" -# if [ ${SKIPTEST} -eq 0 ]; then -# N=0 -# LogText "Test: searching nginx virtual hosts" -# FIND=$(${GREPBINARY} "server_name" ${NGINX_CONF_LOCATION} | ${GREPBINARY} -v "#" | ${SEDBINARY} 's/server_name//g' | ${TRBINARY} -d ';') -# for I in ${FIND}; do -# if [ "${I}" = "_" ]; then I="Default virtual host"; fi -# LogText "Found virtual host: ${I}" -# Report "nginx_vhost_name[]=${I}" -# N=$((N + 1)) -# done -# if [ ${N} -eq 0 ]; then -# LogText "Result: no virtual hosts found" -# Display --indent 4 --text "- Searching virtual hosts" --result "${STATUS_NOT_FOUND}" --color WHITE -# else -# LogText "Result: found ${N} virtual hosts" -# Display --indent 4 --text "- Searching virtual hosts" --result "${N} FOUND" --color GREEN -# fi -# fi -# -################################################################################# -# # Test : HTTP-6720 # Description : Search for Nginx log files if [ ${NGINX_RUNNING} -eq 1 ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi @@ -727,18 +605,11 @@ # ################################################################################# # - # Test : HTTP-6740 - # Description : Nginx: Check for server_tokens off in configuration files -# -################################################################################# -# - # Remove temp file (double check) - if [ ! "${TMPFILE}" = "" ]; then if [ -f ${TMPFILE} ]; then rm -f ${TMPFILE}; fi; fi - if [ ! "${TMPFILE2}" = "" ]; then if [ -f ${TMPFILE2} ]; then rm -f ${TMPFILE2}; fi; fi - + if [ ! -z "${TMPFILE}" ]; then if [ -f ${TMPFILE} ]; then rm -f ${TMPFILE}; fi; fi + if [ ! -z "${TMPFILE2}" ]; then if [ -f ${TMPFILE2} ]; then rm -f ${TMPFILE2}; fi; fi -WaitForKeyPress + WaitForKeyPress # #================================================================================ |