diff options
| author | Jay Keller <70912302+digitalcheetah@users.noreply.github.com> | 2021-08-15 10:36:09 +0300 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2021-08-15 10:36:09 +0300 |
| commit | 36994847123d0809863f3f75ca8e1618c639665b (patch) | |
| tree | 654c1a54abf075242ae7d4d87dad3a68748f2166 /include | |
| parent | cd632059e0315f156bcabc8763a2018e53008d4c (diff) | |
| parent | 798c1054d7ac5ee6df6a2cbbdbb100545a3892f7 (diff) | |
Merge branch 'CISOfy:master' into openrc
Diffstat (limited to 'include')
| -rw-r--r-- | include/binaries | 4 | ||||
| -rw-r--r-- | include/consts | 2 | ||||
| -rw-r--r-- | include/functions | 2 | ||||
| -rw-r--r-- | include/osdetection | 21 | ||||
| -rw-r--r-- | include/tests_crypto | 4 | ||||
| -rw-r--r-- | include/tests_databases | 14 | ||||
| -rw-r--r-- | include/tests_file_integrity | 2 | ||||
| -rw-r--r-- | include/tests_filesystems | 16 | ||||
| -rw-r--r-- | include/tests_kernel | 5 | ||||
| -rw-r--r-- | include/tests_malware | 55 | ||||
| -rw-r--r-- | include/tests_networking | 3 | ||||
| -rw-r--r-- | include/tests_ports_packages | 17 |
12 files changed, 119 insertions, 26 deletions
diff --git a/include/binaries b/include/binaries index 95182a2f..fb8147ce 100644 --- a/include/binaries +++ b/include/binaries @@ -203,7 +203,7 @@ logrotate) LOGROTATEBINARY="${BINARY}"; LogText " Found known binary: logrotate (log rotation tool) - ${BINARY}" ;; ls) LSBINARY="${BINARY}"; LogText " Found known binary: ls (file listing) - ${BINARY}" ;; lsattr) LSATTRBINARY="${BINARY}"; LogText " Found known binary: lsattr (file attributes) - ${BINARY}" ;; - lsblk) LSBLKBINARY="${BINARY}"; LogText " Found known binary: lsblk (block devices) - ${BINARY}" ;; + lsblk) LSBLKBINARY="${BINARY}"; LogText " Found known binary: lsblk (block devices) - ${BINARY}" ;; lsmod) LSMODBINARY="${BINARY}"; LogText " Found known binary: lsmod (kernel modules) - ${BINARY}" ;; lsof) LSOFBINARY="${BINARY}" @@ -340,7 +340,7 @@ [ "${AWKBINARY:-}" ] || ExitFatal "awk binary not found" [ "${CAT_BINARY:-}" ] || ExitFatal "cat binary not found" [ "${CUTBINARY:-}" ] || ExitFatal "cut binary not found" - [ "${EGREPBINARY:-}" ] || ExitFatal "grep binary not found" + [ "${EGREPBINARY:-}" ] || ExitFatal "egrep binary not found" [ "${FINDBINARY:-}" ] || ExitFatal "find binary not found" [ "${GREPBINARY:-}" ] || ExitFatal "grep binary not found" [ "${HEADBINARY:-}" ] || ExitFatal "head binary not found" diff --git a/include/consts b/include/consts index 33a0af22..1dc3f893 100644 --- a/include/consts +++ b/include/consts @@ -238,7 +238,7 @@ ETC_PATHS="/etc /usr/local/etc" PLUGINDIR="" PLUGIN_PHASE=0 POSTFIXBINARY="" - POSTGRES_RUNNING=0 + POSTGRESQL_RUNNING=0 PREVIOUS_TEST="No test ID" PREVIOUS_TS=0 PROFILES="" diff --git a/include/functions b/include/functions index 33a4edb9..6c4d76c7 100644 --- a/include/functions +++ b/include/functions @@ -991,7 +991,7 @@ "Linux") # Try fetching information from /sys in case 'ip' is not available or does not give expected results - if IsEmpty "${FIND}" -a -d /sys/class/net ]; then + if IsEmpty "${FIND}" && [ -d /sys/class/net ]; then NET_INTERFACES=$(${FINDBINARY} /sys/class/net ! -type d -exec realpath {} \; 2> /dev/null | sort | awk -F'/' '!/virtual/ && /devices/ {for (x=1;x<=NF;x++) if ($x~"net") print $(x+1)}') for INTERFACE in ${NET_INTERFACES}; do if grep -q -s 'up' "/sys/class/net/${INTERFACE}/operstate"; then diff --git a/include/osdetection b/include/osdetection index 7b1e911c..a4d3aa41 100644 --- a/include/osdetection +++ b/include/osdetection @@ -62,7 +62,8 @@ 10.13 | 10.13.[0-9]*) OS_FULLNAME="macOS High Sierra (${OS_VERSION})" ;; 10.14 | 10.14.[0-9]*) OS_FULLNAME="macOS Mojave (${OS_VERSION})" ;; 10.15 | 10.15.[0-9]*) OS_FULLNAME="macOS Catalina (${OS_VERSION})" ;; - 11.0 | 11.0[0-9]*) OS_FULLNAME="macOS Big Sur (${OS_VERSION})" ;; + 11 | 11.[0-9]*) OS_FULLNAME="macOS Big Sur (${OS_VERSION})" ;; + 12 | 12.[0-9]*) OS_FULLNAME="macOS Monterey (${OS_VERSION})" ;; *) echo "Unknown macOS version. Do you know what version it is? Create an issue at ${PROGRAM_SOURCE}" ;; esac else @@ -173,6 +174,11 @@ OS_FULLNAME="Arch Linux 32" OS_VERSION="Rolling release" ;; + "artix") + LINUX_VERSION="Artix Linux" + OS_FULLNAME="Artix Linux" + OS_VERSION="Rolling release" + ;; "bunsenlabs") LINUX_VERSION="BunsenLabs" OS_NAME="BunsenLabs" @@ -279,6 +285,12 @@ OS_NAME="Manjaro" OS_VERSION="Rolling release" ;; + "nethserver") + LINUX_VERSION="NethServer" + OS_NAME="NethServer" + OS_REDHAT_OR_CLONE=1 + OS_VERSION=$(grep "^VERSION_ID=" /etc/os-release | awk -F= '{print $2}' | tr -d '"') + ;; "nixos") LINUX_VERSION="NixOS" OS_NAME="NixOS" @@ -302,6 +314,11 @@ OS_VERSION=$(grep "^VERSION_ID=" /etc/os-release | awk -F= '{print $2}' | tr -d '"') OS_NAME="openSUSE" ;; + "opensuse-microos") + LINUX_VERSION="openSUSE MicroOS" + OS_VERSION=$(grep "^VERSION_ID=" /etc/os-release | awk -F= '{print $2}' | tr -d '"') + OS_NAME="openSUSE" + ;; "parrot") LINUX_VERSION="Parrot" OS_NAME="Parrot GNU/Linux" @@ -329,7 +346,7 @@ OS_VERSION_FULL=$(grep "^VERSION=" /etc/os-release | awk -F= '{print $2}' | tr -d '"') OS_NAME="Raspbian" ;; - "rhel") + "redhat" | "rhel") LINUX_VERSION="RHEL" OS_NAME="RHEL" OS_VERSION=$(grep "^VERSION_ID=" /etc/os-release | awk -F= '{print $2}' | tr -d '"') diff --git a/include/tests_crypto b/include/tests_crypto index 227401c3..89ad1e62 100644 --- a/include/tests_crypto +++ b/include/tests_crypto @@ -80,7 +80,7 @@ if [ ${CANREAD} -eq 1 ]; then # Only check the files that are not installed by a package, unless enabled by profile if [ ${SSL_CERTIFICATE_INCLUDE_PACKAGES} -eq 1 ] || ! FileInstalledByPackage "${FILE}"; then - echo ${FILE} | ${EGREPBINARY} --quiet ".cer$|.der$" + echo ${FILE} | ${EGREPBINARY} -q ".cer$|.der$" CER_DER=$? OUTPUT=$(${GREPBINARY} -q 'BEGIN CERT' "${FILE}") if [ $? -eq 0 -o ${CER_DER} -eq 0 ]; then @@ -200,7 +200,7 @@ LogText "Result: Found LUKS encrypted swap device: ${BLOCK_DEV}" ENCRYPTED_SWAPS=$((ENCRYPTED_SWAPS + 1)) Report "encrypted_swap[]=${BLOCK_DEV},LUKS" - elif ${CRYPTSETUPBINARY} status "${BLOCK_DEV}" 2> /dev/null | ${GREPBINARY} --quiet "cipher:"; then + elif ${CRYPTSETUPBINARY} status "${BLOCK_DEV}" 2> /dev/null | ${GREPBINARY} -q "cipher:"; then LogText "Result: Found non-LUKS encrypted swap device: ${BLOCK_DEV}" ENCRYPTED_SWAPS=$((ENCRYPTED_SWAPS + 1)) Report "encrypted_swap[]=${BLOCK_DEV},other" diff --git a/include/tests_databases b/include/tests_databases index 5e71ee80..9a8755bf 100644 --- a/include/tests_databases +++ b/include/tests_databases @@ -45,7 +45,7 @@ # Description : Check if MySQL is being used Register --test-no DBS-1804 --weight L --network NO --category security --description "Checking active MySQL process" if [ ${SKIPTEST} -eq 0 ]; then - FIND=$(${PSBINARY} ax | ${EGREPBINARY} "mysqld|mysqld_safe" | ${GREPBINARY} -v "grep") + FIND=$(${PSBINARY} ax | ${EGREPBINARY} "mariadb|mysqld|mysqld_safe" | ${GREPBINARY} -v "grep") if [ -z "${FIND}" ]; then if [ ${DEBUG} -eq 1 ]; then Display --indent 2 --text "- MySQL process status" --result "${STATUS_NOT_FOUND}" --color WHITE --debug; fi LogText "Result: MySQL process not active" @@ -174,7 +174,7 @@ # Description : Check if PostgreSQL is being used Register --test-no DBS-1826 --weight L --network NO --category security --description "Checking active PostgreSQL processes" if [ ${SKIPTEST} -eq 0 ]; then - if IsRunning "postgres:"; then + if IsRunning "postgres"; then Display --indent 2 --text "- PostgreSQL processes status" --result "${STATUS_FOUND}" --color GREEN LogText "Result: PostgreSQL is active" POSTGRESQL_RUNNING=1 @@ -203,11 +203,17 @@ Register --test-no DBS-1828 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Test PostgreSQL configuration" if [ ${SKIPTEST} -eq 0 ]; then - FIND_PATHS="${ROOTDIR}etc/postgres ${ROOTDIR}var/lib/postgres/data" - CONFIG_FILES=$(${FINDBINARY} ${FIND_PATHS} -type f -name "postgresql.conf" -print0 2> /dev/null | ${TRBINARY} -cd '[:print:]\0' | ${TRBINARY} -d '\n' | ${TRBINARY} '\0' '\n' | xargs -i sh -c 'test -r "{}" && echo "{}" | ${SEDBINARY} "s/ /:space:/g"') + FIND_PATHS="${ROOTDIR}etc/postgres ${ROOTDIR}var/lib/postgres/data ${ROOTDIR}usr/local/pgsql/data" + CONFIG_FILES=$(${FINDBINARY} ${FIND_PATHS} -type f -name "*.conf" -print0 2> /dev/null | ${TRBINARY} -cd '[:print:]\0' | ${TRBINARY} -d '\n' | ${TRBINARY} '\0' '\n' | xargs -i sh -c 'test -r "{}" && echo "{}"' | ${SEDBINARY} "s/ /:space:/g") for CF in ${CONFIG_FILES}; do Report "postgresql_config_file[]=${CF}" LogText "Found configuration file (${CF})" + if IsWorldReadable ${CF}; then + LogText "Result: configuration file ${CF} is world readable, this might leak sensitive information!" + ReportWarning "${TEST_NO}" "PostgreSQL configuration file ${CF} is world readable and might leak sensitive details" "${CF}" "Use chmod 600 to change file permissions" + else + LogText "Result: great, configuration file ${CF} is not world readable" + fi done fi # diff --git a/include/tests_file_integrity b/include/tests_file_integrity index 68d02c5f..8a38b97e 100644 --- a/include/tests_file_integrity +++ b/include/tests_file_integrity @@ -104,7 +104,7 @@ if [ -n "${AIDEBINARY}" -a -n "${AIDECONFIG}" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi Register --test-no FINT-4316 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Presence of AIDE database and size check" if [ ${SKIPTEST} -eq 0 ]; then - AIDE_DB=$(${GREPBINARY} ^database= ${AIDECONFIG} | ${SEDBINARY} "s/.*://") + AIDE_DB=$(${EGREPBINARY} '(^database|^database_in)=' ${AIDECONFIG} | ${SEDBINARY} "s/.*://") if case ${AIDE_DB} in @@*) ;; *) false;; esac; then I=$(${GREPBINARY} "@@define.*DBDIR" ${AIDECONFIG} | ${AWKBINARY} '{print $3}') AIDE_DB=$(echo ${AIDE_DB} | ${SEDBINARY} "s#.*}#${I}#") diff --git a/include/tests_filesystems b/include/tests_filesystems index d3a6eaab..ce93b018 100644 --- a/include/tests_filesystems +++ b/include/tests_filesystems @@ -339,6 +339,7 @@ # # Test : FILE-6344 # Description : Check proc mount options (Linux >=3.3 only) + # hidepid textual values available kernel >= 5.8 only) # Examples : proc /proc proc defaults,hidepid=2 0 0 # Goal : Users should not be able to see processes of other users if [ "${OS}" = "Linux" -a -f ${ROOTDIR}proc/version ]; then @@ -353,15 +354,20 @@ Register --test-no FILE-6344 --os Linux --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Checking proc mount options" if [ ${SKIPTEST} -eq 0 ]; then # Proc should be mounted with 'hidepid=2' or 'hidepid=1' at least + # https://www.kernel.org/doc/html/latest/filesystems/proc.html#chapter-4-configuring-procfs LogText "Test: check proc mount with incorrect mount options" - FIND=$(${MOUNTBINARY} | ${EGREPBINARY} "${ROOTDIR}proc " | ${EGREPBINARY} -o "hidepid=[0-9]") - if [ "${FIND}" = "hidepid=2" ]; then + FIND=$(${MOUNTBINARY} | ${EGREPBINARY} "${ROOTDIR}proc " | ${EGREPBINARY} -o "hidepid=([0-9]|[a-z][a-z]*)") + if [ "${FIND}" = "hidepid=4" -o "${FIND}" = "hidepid=ptraceable" ]; then # https://lwn.net/Articles/817137/ Display --indent 2 --text "- Testing /proc mount (hidepid)" --result "${STATUS_OK}" --color GREEN - LogText "Result: proc mount mounted with hidepid=2" + LogText "Result: proc mount mounted with ${FIND}" AddHP 3 3 - elif [ "${FIND}" = "hidepid=1" ]; then + elif [ "${FIND}" = "hidepid=2" -o "${FIND}" = "hidepid=invisible" ]; then Display --indent 2 --text "- Testing /proc mount (hidepid)" --result "${STATUS_OK}" --color GREEN - LogText "Result: proc mount mounted with hidepid=1" + LogText "Result: proc mount mounted with ${FIND}" + AddHP 3 3 + elif [ "${FIND}" = "hidepid=1" -o "${FIND}" = "hidepid=noaccess" ]; then + Display --indent 2 --text "- Testing /proc mount (hidepid)" --result "${STATUS_OK}" --color GREEN + LogText "Result: proc mount mounted with ${FIND}" AddHP 2 3 elif [ -z "${FIND}" ]; then # HIDEPID1_SUGGESTION=" (or at least hidepid=1)" diff --git a/include/tests_kernel b/include/tests_kernel index 19ed4dae..610fd325 100644 --- a/include/tests_kernel +++ b/include/tests_kernel @@ -673,9 +673,9 @@ LogText "Result: found ${ROOTDIR}boot/vmlinuz-lts" FOUND_VMLINUZ=${ROOTDIR}boot/vmlinuz-lts else - # Match on items like /boot/vm5.3.7 or /boot/vmlinuz-5.3.7-1-default. Get newest file (ls -t and pipe into head) + # Match on items like /boot/vm5.3.7 or /boot/vmlinuz-5.3.7-1-default. Sort based on versions (-v) and then find the last item # Note: ignore a rescue kernel (e.g. CentOS) - FOUND_VMLINUZ=$(${LSBINARY} -t ${ROOTDIR}boot/vm[l0-9]* 2> /dev/null | ${GREPBINARY} -v '\-rescue\-' | ${HEADBINARY} -1) + FOUND_VMLINUZ=$(${LSBINARY} -v ${ROOTDIR}boot/vm[l0-9]* 2> /dev/null | ${GREPBINARY} -v '\-rescue\-' | ${TAILBINARY} -1) LogText "Result: found ${FOUND_VMLINUZ}" fi @@ -749,6 +749,7 @@ done # Display kernels, extract version numbers and ${SORTBINARY} them numeric per column (up to 6 numbers) # Ignore rescue images. Remove generic. and huge. for Slackware machines + # TODO: see if this can be simplified using ls -v sorting LogText "Action: checking relevant kernels" KERNELS=$(${LSBINARY} /boot/vmlinuz* | ${GREPBINARY} -v rescue | ${SEDBINARY} 's/vmlinuz-//' | ${SEDBINARY} 's/generic.//' | ${SEDBINARY} 's/huge.//' | ${SEDBINARY} 's/\.[a-z].*.//g' | ${SEDBINARY} 's/-[a-z].*.//g' | ${SEDBINARY} 's./boot/..' | ${SEDBINARY} 's/-/./g' | ${SORTBINARY} -n -k1,1 -k2,2 -k3,3 -k4,4 -k5,5 -k6,6 -t \.) KERNELS_ONE_LINE=$(${ECHOCMD} ${KERNELS} | ${TRBINARY} '\n' ' ') diff --git a/include/tests_malware b/include/tests_malware index 4f68b9aa..cb13ca96 100644 --- a/include/tests_malware +++ b/include/tests_malware @@ -37,9 +37,12 @@ KASPERSKY_SCANNER_RUNNING=0 MCAFEE_SCANNER_RUNNING=0 MALWARE_SCANNER_INSTALLED=0 + MALWARE_DAEMON_RUNNING=0 + ROOTKIT_SCANNER_FOUND=0 SOPHOS_SCANNER_RUNNING=0 SYMANTEC_SCANNER_RUNNING=0 SYNOLOGY_DAEMON_RUNNING=0 + TRENDMICRO_DSA_DAEMON_RUNNING=0 # ################################################################################# # @@ -52,6 +55,7 @@ Display --indent 2 --text "- ${GEN_CHECKING} chkrootkit" --result "${STATUS_FOUND}" --color GREEN LogText "Result: Found ${CHKROOTKITBINARY}" MALWARE_SCANNER_INSTALLED=1 + ROOTKIT_SCANNER_FOUND=1 AddHP 2 2 Report "malware_scanner[]=chkrootkit" else @@ -70,6 +74,7 @@ Display --indent 2 --text "- ${GEN_CHECKING} Rootkit Hunter" --result "${STATUS_FOUND}" --color GREEN LogText "Result: Found ${RKHUNTERBINARY}" MALWARE_SCANNER_INSTALLED=1 + ROOTKIT_SCANNER_FOUND=1 AddHP 2 2 Report "malware_scanner[]=rkhunter" else @@ -108,6 +113,7 @@ if IsRunning "com.avast.daemon"; then FOUND=1 AVAST_DAEMON_RUNNING=1 + MALWARE_DAEMON_RUNNING=1 MALWARE_SCANNER_INSTALLED=1 if IsVerbose; then Display --indent 2 --text "- ${GEN_CHECKING} Avast daemon" --result "${STATUS_FOUND}" --color GREEN; fi LogText "Result: found Avast security product" @@ -119,6 +125,7 @@ if IsRunning "avqmd"; then FOUND=1 AVIRA_DAEMON_RUNNING=1 + MALWARE_DAEMON_RUNNING=1 MALWARE_SCANNER_INSTALLED=1 if IsVerbose; then Display --indent 2 --text "- ${GEN_CHECKING} Avira daemon" --result "${STATUS_FOUND}" --color GREEN; fi LogText "Result: found Avira security product" @@ -130,6 +137,7 @@ if IsRunning "bdagentd" || IsRunning "epagd"; then FOUND=1 BITDEFENDER_DAEMON_RUNNING=1 + MALWARE_DAEMON_RUNNING=1 MALWARE_SCANNER_INSTALLED=1 if IsVerbose; then Display --indent 2 --text "- ${GEN_CHECKING} Bitdefender agent" --result "${STATUS_FOUND}" --color GREEN; fi LogText "Result: found Bitdefender security product" @@ -154,6 +162,7 @@ if IsVerbose; then Display --indent 2 --text "- ${GEN_CHECKING} CylancePROTECT" --result "${STATUS_FOUND}" --color GREEN; fi LogText "Result: found CylancePROTECT service" AVAST_DAEMON_RUNNING=1 + MALWARE_DAEMON_RUNNING=1 MALWARE_SCANNER_INSTALLED=1 Report "malware_scanner[]=cylance-protect" fi @@ -163,6 +172,7 @@ if IsRunning "esets_daemon"; then FOUND=1 ESET_DAEMON_RUNNING=1 + MALWARE_DAEMON_RUNNING=1 MALWARE_SCANNER_INSTALLED=1 if IsVerbose; then Display --indent 2 --text "- ${GEN_CHECKING} ESET daemon" --result "${STATUS_FOUND}" --color GREEN; fi LogText "Result: found ESET security product" @@ -181,6 +191,7 @@ FOUND=1 if IsVerbose; then Display --indent 2 --text "- ${GEN_CHECKING} Kaspersky" --result "${STATUS_FOUND}" --color GREEN; fi LogText "Result: Found Kaspersky" + MALWARE_DAEMON_RUNNING=1 MALWARE_SCANNER_INSTALLED=1 Report "malware_scanner[]=kaspersky" fi @@ -197,6 +208,7 @@ FOUND=1 if IsVerbose; then Display --indent 2 --text "- ${GEN_CHECKING} McAfee" --result "${STATUS_FOUND}" --color GREEN; fi LogText "Result: Found McAfee" + MALWARE_DAEMON_RUNNING=1 MALWARE_SCANNER_INSTALLED=1 Report "malware_scanner[]=mcafee" fi @@ -215,6 +227,7 @@ if [ ${SOPHOS_SCANNER_RUNNING} -eq 1 ]; then if IsVerbose; then Display --indent 2 --text "- ${GEN_CHECKING} Sophos" --result "${STATUS_FOUND}" --color GREEN; fi LogText "Result: Found Sophos" + MALWARE_DAEMON_RUNNING=1 MALWARE_SCANNER_INSTALLED=1 Report "malware_scanner[]=sophos" fi @@ -235,6 +248,7 @@ if [ ${SYMANTEC_SCANNER_RUNNING} -eq 1 ]; then if IsVerbose; then Display --indent 2 --text "- ${GEN_CHECKING} Symantec" --result "${STATUS_FOUND}" --color GREEN; fi LogText "Result: found one or more Symantec components" + MALWARE_DAEMON_RUNNING=1 MALWARE_SCANNER_INSTALLED=1 FOUND=1 Report "malware_scanner[]=symantec" @@ -245,18 +259,33 @@ if IsRunning "synoavd"; then FOUND=1 SYNOLOGY_DAEMON_RUNNING=1 + MALWARE_DAEMON_RUNNING=1 MALWARE_SCANNER_INSTALLED=1 if IsVerbose; then Display --indent 2 --text "- ${GEN_CHECKING} Synology Antivirus Essential" --result "${STATUS_FOUND}" --color GREEN; fi LogText "Result: found Synology Antivirus Essential" Report "malware_scanner[]=synoavd" fi + # Trend Micro Anti Malware for Linux + # Typically ds_agent is running as well, the Deep Security Agent + LogText "Test: checking process ds_agent to test for Trend Micro Deep Anti Malware component" + if IsRunning "ds_am"; then + if IsVerbose; then Display --indent 2 --text "- ${GEN_CHECKING} Trend Micro Anti Malware" --result "${STATUS_FOUND}" --color GREEN; fi + LogText "Result: found Trend Micro Anti Malware component" + FOUND=1 + MALWARE_SCANNER_INSTALLED=1 + MALWARE_DAEMON_RUNNING=1 + TRENDMICRO_DSA_DAEMON_RUNNING=1 + Report "malware_scanner[]=trend-micro-am" + fi + # TrendMicro (macOS) LogText "Test: checking process TmccMac to test for Trend Micro anti-virus (macOS)" if IsRunning "TmccMac"; then if IsVerbose; then Display --indent 2 --text "- ${GEN_CHECKING} Trend Micro anti-virus" --result "${STATUS_FOUND}" --color GREEN; fi LogText "Result: found Trend Micro component" FOUND=1 + MALWARE_DAEMON_RUNNING=1 MALWARE_SCANNER_INSTALLED=1 Report "malware_scanner[]=trend-micro-av" fi @@ -298,6 +327,7 @@ if IsRunning "clamd"; then Display --indent 2 --text "- ${GEN_CHECKING} ClamAV daemon" --result "${STATUS_FOUND}" --color GREEN LogText "Result: found running clamd process" + MALWARE_DAEMON_RUNNING=1 MALWARE_SCANNER_INSTALLED=1 CLAMD_RUNNING=1 else @@ -354,6 +384,31 @@ # ################################################################################# # + # Test : MALW-3290 + # Description : Presence of malware scanners + Register --test-no MALW-3290 --weight L --network NO --category security --description "Presence of for malware detection" + if [ ${SKIPTEST} -eq 0 ]; then + if [ ${MALWARE_SCANNER_INSTALLED} -eq 0 ]; then + Display --indent 2 --text "- Malware software components" --result "${STATUS_NOT_FOUND}" --color YELLOW + else + Display --indent 2 --text "- Malware software components" --result "${STATUS_FOUND}" --color GREEN + if [ ${MALWARE_DAEMON_RUNNING} -eq 0 ]; then + Display --indent 4 --text "- Active agent" --result "${STATUS_NOT_FOUND}" --color WHITE + else + Display --indent 4 --text "- Active agent" --result "${STATUS_FOUND}" --color GREEN + fi + if [ ${ROOTKIT_SCANNER_FOUND} -eq 0 ]; then + Display --indent 4 --text "- Rootkit scanner" --result "${STATUS_NOT_FOUND}" --color WHITE + else + Display --indent 4 --text "- Rootkit scanner" --result "${STATUS_FOUND}" --color GREEN + fi + fi + fi +# +################################################################################# +# + + Report "malware_scanner_installed=${MALWARE_SCANNER_INSTALLED}" diff --git a/include/tests_networking b/include/tests_networking index 6a33451c..c615e6d0 100644 --- a/include/tests_networking +++ b/include/tests_networking @@ -758,7 +758,8 @@ fi # Then additional modprobe configuration files if [ -d ${ROOTDIR}etc/modprobe.d ]; then - DATA=$(${GREPBINARY} --files-with-matches --no-messages "^install ${P} /bin/true" ${ROOTDIR}etc/modprobe.d/*) + # Return file names (-l) and suppress errors (-s) + DATA=$(${GREPBINARY} -l -s "^install ${P} /bin/true" ${ROOTDIR}etc/modprobe.d/*) if [ -n "${DATA}" ]; then UNCOMMON_PROTOCOL_DISABLED=1 for F in ${DATA}; do diff --git a/include/tests_ports_packages b/include/tests_ports_packages index 57f0f25b..2f0b98da 100644 --- a/include/tests_ports_packages +++ b/include/tests_ports_packages @@ -1316,11 +1316,18 @@ # Only report exception if there are kernels actually there. For example, LXC use the kernel of host system case "${OS}" in "Linux") - if [ -d "${ROOTDIR}boot" ]; then - if [ -z "$(${FINDBINARY} /boot -maxdepth 1 -type f -name 'vmlinuz*' -print -quit)" ]; then - ReportException "${TEST_NO}" "Could not find any kernel packages via package manager" - fi - fi + case "${CONTAINER_TYPE}" in + "LXC") + LogText "Info: LXC shares the kernel with host, so skipping further testing" + ;; + *) + if [ -d "${ROOTDIR}boot" ]; then + if [ -z "$(${FINDBINARY} /boot -maxdepth 1 -type f -name 'vmlinuz*' -print -quit)" ]; then + ReportException "${TEST_NO}" "Could not find any kernel packages via package manager" + fi + fi + ;; + esac ;; *) ReportException "${TEST_NO}" "Could not find any kernel packages via package manager" |