diff options
| author | Steve Kolenich <kolenichsj@tutanota.com> | 2022-01-11 17:19:19 +0300 |
|---|---|---|
| committer | Steve Kolenich <kolenichsj@tutanota.com> | 2022-01-11 17:19:19 +0300 |
| commit | 302b52c55d87b0c8dff05e5ae5e7ed61d43a9d51 (patch) | |
| tree | 8dffa2081caec760ad22d429381c65fe397d1409 /include | |
| parent | a4bee8a329c5c8880c81c22631e600f2aba35415 (diff) | |
| parent | 2d16c60da165ddba654ea3cec6a58491fd48532f (diff) | |
Merge remote-tracking branch 'upstream/master' into alpine_apk
Diffstat (limited to 'include')
| -rw-r--r-- | include/osdetection | 5 | ||||
| -rw-r--r-- | include/tests_boot_services | 3 | ||||
| -rw-r--r-- | include/tests_filesystems | 15 | ||||
| -rw-r--r-- | include/tests_networking | 4 | ||||
| -rw-r--r-- | include/tests_ports_packages | 2 |
5 files changed, 18 insertions, 11 deletions
diff --git a/include/osdetection b/include/osdetection index a4d3aa41..c91c69ec 100644 --- a/include/osdetection +++ b/include/osdetection @@ -244,6 +244,11 @@ OS_NAME="Flatcar Linux" OS_VERSION=$(grep "^VERSION_ID=" /etc/os-release | awk -F= '{print $2}' | tr -d '"') ;; + "funtoo") + LINUX_VERSION="Funtoo" + OS_FULLNAME="Funtoo Linux" + OS_VERSION="Rolling release" + ;; "garuda") LINUX_VERSION="Garuda" OS_FULLNAME="Garuda Linux" diff --git a/include/tests_boot_services b/include/tests_boot_services index 42efc80d..4a5fb3df 100644 --- a/include/tests_boot_services +++ b/include/tests_boot_services @@ -112,6 +112,9 @@ runit) SERVICE_MANAGER="runit" ;; + openrc-init) + SERVICE_MANAGER="openrc" + ;; *) CONTAINS_SYSTEMD=$(echo ${SHORTNAME} | ${GREPBINARY} "systemd") if [ -n "${CONTAINS_SYSTEMD}" ]; then diff --git a/include/tests_filesystems b/include/tests_filesystems index ce93b018..480ba40a 100644 --- a/include/tests_filesystems +++ b/include/tests_filesystems @@ -619,7 +619,6 @@ Display --indent 2 --text "- Mount options of ${FILESYSTEM}" --result "${STATUS_PARTIALLY_HARDENED}" --color YELLOW AddHP 4 5 else - # if if ContainsString "defaults" "${FOUND_FLAGS}"; then LogText "Result: marked ${FILESYSTEM} options as default (not hardened)" Display --indent 2 --text "- Mount options of ${FILESYSTEM}" --result "${STATUS_DEFAULT}" --color YELLOW @@ -838,13 +837,13 @@ fi FIND=$(${LSBINARY} ${ROOTDIR}etc/modprobe.d/* 2> /dev/null) if [ -n "${FIND}" ]; then - FIND1=$(${EGREPBINARY} "blacklist ${FS}" ${ROOTDIR}etc/modprobe.d/* | ${GREPBINARY} -v "#") - FIND2=$(${EGREPBINARY} "install ${FS} /bin/true" ${ROOTDIR}etc/modprobe.d/* | ${GREPBINARY} -v "#") - if [ -n "${FIND1}" ] || [ -n "${FIND2}" ]; then - Display --indent 4 --text "- Module $FS is blacklisted" --result "OK" --color GREEN - LogText "Result: module ${FS} is blacklisted" - fi - fi + FIND1=$(${EGREPBINARY} "^blacklist \+${FS}$" ${ROOTDIR}etc/modprobe.d/* | ${GREPBINARY} -v "#") + FIND2=$(${EGREPBINARY} "^install \+${FS} \+/bin/true$" ${ROOTDIR}etc/modprobe.d/* | ${GREPBINARY} -v "#") + if [ -n "${FIND1}" ] || [ -n "${FIND2}" ]; then + Display --indent 4 --text "- Module $FS is blacklisted" --result "OK" --color GREEN + LogText "Result: module ${FS} is blacklisted" + fi + fi done if [ ${FOUND} -eq 1 ]; then Display --indent 4 --text "- Discovered kernel modules: ${AVAILABLE_MODPROBE_FS}" diff --git a/include/tests_networking b/include/tests_networking index c615e6d0..7faf7125 100644 --- a/include/tests_networking +++ b/include/tests_networking @@ -750,7 +750,7 @@ UNCOMMON_PROTOCOL_DISABLED=0 # First check modprobe.conf if [ -f ${ROOTDIR}etc/modprobe.conf ]; then - DATA=$(${GREPBINARY} "^install ${P} /bin/true" ${ROOTDIR}etc/modprobe.conf) + DATA=$(${GREPBINARY} "^install \+${P} \+/bin/true$" ${ROOTDIR}etc/modprobe.conf) if [ -n "${DATA}" ]; then LogText "Result: found ${P} module disabled via modprobe.conf" UNCOMMON_PROTOCOL_DISABLED=1 @@ -759,7 +759,7 @@ # Then additional modprobe configuration files if [ -d ${ROOTDIR}etc/modprobe.d ]; then # Return file names (-l) and suppress errors (-s) - DATA=$(${GREPBINARY} -l -s "^install ${P} /bin/true" ${ROOTDIR}etc/modprobe.d/*) + DATA=$(${GREPBINARY} -l -s "^install \+${P} \+/bin/true$" ${ROOTDIR}etc/modprobe.d/*) if [ -n "${DATA}" ]; then UNCOMMON_PROTOCOL_DISABLED=1 for F in ${DATA}; do diff --git a/include/tests_ports_packages b/include/tests_ports_packages index ee606e7b..54d849e2 100644 --- a/include/tests_ports_packages +++ b/include/tests_ports_packages @@ -296,7 +296,7 @@ # # Test : PKGS-7320 # Description : Check available of arch-audit - if [ "${OS_FULLNAME}" = "Arch Linux" ] || [ "${OS_FULLNAME}" = "Arch Linux 32" ]; then PREQS_MET="YES"; SKIPREASON=""; else PREQS_MET="NO"; SKIPREASON="Test only applies to Arch Linux"; fi + if [ "${OS_FULLNAME}" = "Arch Linux" ] || [ "${OS_FULLNAME}" = "Arch Linux 32" ] || [ "${OS_FULLNAME}" = "Garuda Linux" ]; then PREQS_MET="YES"; SKIPREASON=""; else PREQS_MET="NO"; SKIPREASON="Test only applies to Arch Linux and Garuda Linux"; fi Register --test-no PKGS-7320 --os "Linux" --preqs-met ${PREQS_MET} --skip-reason "${SKIPREASON}" --weight L --network NO --category security --description "Checking for arch-audit tooling" if [ ${SKIPTEST} -eq 0 ]; then if [ -z "${ARCH_AUDIT_BINARY}" ]; then |