diff options
| author | Michael Boelen <michael.boelen@cisofy.com> | 2020-10-22 09:43:44 +0300 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2020-10-22 09:43:44 +0300 |
| commit | 7930644b6c44363666d44bc96788faaffb400473 (patch) | |
| tree | 68ff61a0e293ac5615fb0abd66c3accaaf565245 /include | |
| parent | 554dd2d5e90ade460e2c8f318dde3d7e0031cdce (diff) | |
| parent | 699b5b6045e5a821463110e2ff48900c69fed38d (diff) | |
Merge branch 'master' into fix_nginx_parser
Diffstat (limited to 'include')
42 files changed, 170 insertions, 72 deletions
diff --git a/include/binaries b/include/binaries index ae2c2824..86a4a22f 100644 --- a/include/binaries +++ b/include/binaries @@ -30,7 +30,7 @@ ################################################################################# # if [ ${CHECK_BINARIES} -eq 1 ]; then - InsertSection "System Tools" + InsertSection "${SECTION_SYSTEM_TOOLS}" Display --indent 2 --text "- Scanning available tools..." LogText "Start scanning for available audit binaries and tools..." diff --git a/include/consts b/include/consts index 053147a4..bb1d63ff 100644 --- a/include/consts +++ b/include/consts @@ -58,6 +58,7 @@ ETC_PATHS="/etc /usr/local/etc" APPLICATION_FIREWALL_ACTIVE=0 BINARY_SCAN_FINISHED=0 BLKIDBINARY="" + BOOTCTLBINARY="" CAT_BINARY="" CFAGENTBINARY="" CHECK=0 @@ -81,6 +82,7 @@ ETC_PATHS="/etc /usr/local/etc" CONTROL_URL_PROTOCOL="" CONTAINER_TYPE="" CREATE_REPORT_FILE=1 + CRYPTSETUPBINARY="" CSUMBINARY="" CURRENT_TS=0 CUSTOM_URL_APPEND="" @@ -99,12 +101,14 @@ ETC_PATHS="/etc /usr/local/etc" DISCOVERED_BINARIES="" DMIDECODEBINARY="" DNFBINARY="" + DNSDOMAINNAMEBINARY="" DOCKERBINARY="" DOCKER_DAEMON_RUNNING=0 DPKGBINARY="" ECHOCMD="" ERROR_ON_WARNINGS=0 EQUERYBINARY="" + EVMCTLBINARY="" EXIMBINARY="" FAIL2BANBINARY="" FILEBINARY="" @@ -130,6 +134,7 @@ ETC_PATHS="/etc /usr/local/etc" HTTPDBINARY="" IDS_IPS_TOOL_FOUND=0 IFCONFIGBINARY="" + INTEGRITYSETUPBINARY="" IPBINARY="" IPFBINARY="" IPTABLESBINARY="" @@ -148,6 +153,7 @@ ETC_PATHS="/etc /usr/local/etc" LOGDIR="" LOGROTATEBINARY="" LOGTEXT=1 + LSBLKBINARY="" LSMODBINARY="" LSOFBINARY="" LSOF_EXTRA_OPTIONS="" @@ -191,6 +197,7 @@ ETC_PATHS="/etc /usr/local/etc" NGINX_RETURN_FOUND=0 NGINX_ROOT_FOUND=0 NGINX_WEAK_SSL_PROTOCOL_FOUND=0 + NTPCTLBINARY="" NTPD_ROLE="" NTPQBINARY="" OPENSSLBINARY="" @@ -204,6 +211,7 @@ ETC_PATHS="/etc /usr/local/etc" OS_REDHAT_OR_CLONE=0 OSIRISBINARY="" PACMANBINARY="" + PAM_PASSWORD_PWHISTORY_AMOUNT="" PASSWORD_MAXIMUM_DAYS=-1 PASSWORD_MINIMUM_DAYS=-1 PAM_2F_AUTH_ENABLED=0 @@ -238,6 +246,7 @@ ETC_PATHS="/etc /usr/local/etc" REFRESH_REPOSITORIES=1 REMOTE_LOGGING_ENABLED=0 RESOLV_DOMAINNAME="" + RESOLVECTLBINARY="" RKHUNTERBINARY="" ROOTDIR="/" ROOTSHBINARY="" @@ -276,6 +285,7 @@ ETC_PATHS="/etc /usr/local/etc" SLOW_TEST_THRESHOLD=10 SMTPCTLBINARY="" SNORTBINARY="" + SSBINARY="" SSHKEYSCANBINARY="" SSHKEYSCANFOUND=0 SSL_CERTIFICATE_INCLUDE_PACKAGES=0 @@ -285,6 +295,7 @@ ETC_PATHS="/etc /usr/local/etc" SWUPDBINARY="" SYSLOGNGBINARY="" SYSTEMCTLBINARY="" + SYSTEMDANALYZEBINARY="" SYSTEM_IS_NOTEBOOK=255 TEMP_FILE="" TEMP_FILES="" @@ -294,6 +305,7 @@ ETC_PATHS="/etc /usr/local/etc" TEST_GROUP_TO_CHECK="all" TESTS_EXECUTED="" TESTS_SKIPPED="" + TIMEDATECTL="" TMPFILE="" TOMOYOINITBINARY="" TOOLTIP_SHOWED=0 @@ -319,6 +331,7 @@ ETC_PATHS="/etc /usr/local/etc" USBGUARD_ROOT="" VALUE="" VERBOSE=0 + VERITYSETUPBINARY="" VGDISPLAYBINARY="" VMTYPE="" VULNERABLE_PACKAGES_FOUND=0 diff --git a/include/functions b/include/functions index 4af4cd7b..26916461 100644 --- a/include/functions +++ b/include/functions @@ -1547,8 +1547,7 @@ if [ -z "${search}" ]; then ExitFatal "Missing process to search for when using IsRunning function"; fi RUNNING=0 - # AIX does not fully support pgrep options, so using ps instead - if [ "${OS}" != "AIX" ]; then + if [ -x "${PGREPBINARY}" ] && [ "${OS}" != "AIX" ]; then # When --user is used, perform a search using the -u option # Initialize users for strict mode if [ -n "${users:-}" ]; then diff --git a/include/helper_audit_dockerfile b/include/helper_audit_dockerfile index 05d24c24..a71326ee 100644 --- a/include/helper_audit_dockerfile +++ b/include/helper_audit_dockerfile @@ -44,7 +44,7 @@ fi ################################################################################################## # - InsertSection "Image" + InsertSection "${SECTION_IMAGE}" PKGMGR="" FIND=$(grep "^FROM" ${AUDIT_FILE} | sed 's/ /:space:/g') @@ -93,7 +93,7 @@ fi # ################################################################################################## # - InsertSection "Basics" + InsertSection "${SECTION_BASICS}" MAINTAINER=$(grep -E -i "*MAINTAINER" ${AUDIT_FILE} | sed 's/=/ /g' | cut -d'"' -f 2) if [ -z "${MAINTAINER}" ]; then @@ -127,7 +127,7 @@ fi # ################################################################################################## # - InsertSection "Software" + InsertSection "${SECTION_SOFTWARE}" case $PKGMGR in "apt") @@ -166,7 +166,7 @@ fi # ################################################################################################## # - InsertSection "Downloads" + InsertSection "${SECTION_DOWNLOADS}" FILE_DOWNLOAD=0 @@ -217,7 +217,7 @@ fi # ################################################################################################## # - InsertSection "Permissions" + InsertSection "${SECTION_PERMISSIONS}" FIND=$(grep -i "chmod 777" ${AUDIT_FILE}) if HasData "${FIND}"; then diff --git a/include/osdetection b/include/osdetection index c2726d31..b52ab188 100644 --- a/include/osdetection +++ b/include/osdetection @@ -173,6 +173,12 @@ OS_REDHAT_OR_CLONE=1 OS_VERSION="Rolling release" ;; + "cloudlinux") + LINUX_VERSION="CloudLinux" + OS_NAME="CloudLinux" + OS_REDHAT_OR_CLONE=1 + OS_VERSION=$(grep "^VERSION_ID=" /etc/os-release | awk -F= '{print $2}' | tr -d '"') + ;; "coreos") LINUX_VERSION="CoreOS" OS_NAME="CoreOS Linux" @@ -190,6 +196,12 @@ OS_REDHAT_OR_CLONE=1 OS_VERSION=$(grep "^VERSION_ID=" /etc/os-release | awk -F= '{print $2}' | tr -d '"') ;; + "flatcar") + LINUX_VERSION="Flatcar" + LINUX_VERSION_LIKE="CoreOS" + OS_NAME="Flatcar Linux" + OS_VERSION=$(grep "^VERSION_ID=" /etc/os-release | awk -F= '{print $2}' | tr -d '"') + ;; "gentoo") LINUX_VERSION="Gentoo" OS_NAME="Gentoo Linux" @@ -206,6 +218,12 @@ OS_VERSION=$(grep "^VERSION_ID=" /etc/os-release | awk -F= '{print $2}' | tr -d '"') OS_VERSION_FULL=$(grep "^VERSION=" /etc/os-release | awk -F= '{print $2}' | tr -d '"') ;; + "mageia") + LINUX_VERSION="Mageia" + OS_NAME="Mageia" + OS_VERSION=$(grep "^VERSION_ID=" /etc/os-release | awk -F= '{print $2}' | tr -d '"') + OS_VERSION_FULL=$(grep "^VERSION=" /etc/os-release | awk -F= '{print $2}' | tr -d '"') + ;; "manjaro") LINUX_VERSION="Manjaro" OS_FULLNAME="Manjaro Linux" @@ -249,24 +267,47 @@ ;; "rhel") LINUX_VERSION="RHEL" - OS_NAME=$(grep "^PRETTY_NAME=" /etc/os-release | awk -F= '{print $2}' | tr -d '"') + OS_NAME="RHEL" OS_VERSION=$(grep "^VERSION_ID=" /etc/os-release | awk -F= '{print $2}' | tr -d '"') OS_VERSION_FULL=$(grep "^VERSION=" /etc/os-release | awk -F= '{print $2}' | tr -d '"') OS_FULLNAME="${OS_NAME} ${OS_VERSION_FULL}" OS_REDHAT_OR_CLONE=1 ;; + "rosa") + LINUX_VERSION="ROSA Linux" + OS_VERSION=$(grep "^VERSION_ID=" /etc/os-release | awk -F= '{print $2}' | tr -d '"') + OS_VERSION_FULL=$(grep "^VERSION=" /etc/os-release | awk -F= '{print $2}' | tr -d '"') + OS_NAME="ROSA Linux" + ;; "slackware") LINUX_VERSION="Slackware" OS_NAME="Slackware Linux" OS_VERSION=$(grep "^VERSION_ID=" /etc/os-release | awk -F= '{print $2}' | tr -d '"') OS_VERSION_FULL=$(grep "^VERSION=" /etc/os-release | awk -F= '{print $2}' | tr -d '"') ;; + "sles") + LINUX_VERSION="SLES" + OS_NAME="openSUSE" + OS_VERSION=$(grep "^VERSION_ID=" /etc/os-release | awk -F= '{print $2}' | tr -d '"') + OS_VERSION_FULL=$(grep "^PRETTY_NAME=" /etc/os-release | awk -F= '{print $2}' | tr -d '"') + ;; "ubuntu") LINUX_VERSION="Ubuntu" OS_VERSION=$(grep "^VERSION_ID=" /etc/os-release | awk -F= '{print $2}' | tr -d '"') OS_VERSION_FULL=$(grep "^VERSION=" /etc/os-release | awk -F= '{print $2}' | tr -d '"') OS_NAME="Ubuntu" ;; + "void") + LINUX_VERSION="Void Linux" + OS_VERSION="Rolling release" + OS_NAME="Void Linux" + ;; + "zorin") + LINUX_VERSION="Zorin OS" + OS_NAME="Zorin OS" + OS_VERSION=$(grep "^VERSION_ID=" /etc/os-release | awk -F= '{print $2}' | tr -d '"') + OS_VERSION_FULL=$(grep "^VERSION=" /etc/os-release | awk -F= '{print $2}' | tr -d '"') + ;; *) ReportException "OS Detection" "Unknown OS found in /etc/os-release - Please create issue on GitHub project page: ${PROGRAM_SOURCE}" ;; @@ -378,13 +419,6 @@ LINUX_VERSION="Fedora" fi - # Mageia (has also /etc/megaia-release) - FIND=$(grep "Mageia" /etc/redhat-release) - if [ ! "${FIND}" = "" ]; then - OS_FULLNAME=$(grep "^Mageia" /etc/redhat-release) - OS_VERSION=$(grep "^Mageia" /etc/redhat-release | awk '{ if ($2=="release") { print $3 } }') - LINUX_VERSION="Mageia" - fi # Oracle Enterprise Linux FIND=$(grep "Enterprise Linux Enterprise Linux Server" /etc/redhat-release) diff --git a/include/tests_accounting b/include/tests_accounting index 91fca1a0..ea763789 100644 --- a/include/tests_accounting +++ b/include/tests_accounting @@ -18,7 +18,7 @@ # ################################################################################# # - InsertSection "Accounting" + InsertSection "${SECTION_ACCOUNTING}" # ################################################################################# # diff --git a/include/tests_authentication b/include/tests_authentication index 3dbe08f7..274cd4f4 100644 --- a/include/tests_authentication +++ b/include/tests_authentication @@ -31,7 +31,7 @@ # ################################################################################# # - InsertSection "Users, Groups and Authentication" + InsertSection "${SECTION_USERS_GROUPS_AND_AUTHENTICATION}" # Test : AUTH-9204 # Description : Check users with UID zero (0) diff --git a/include/tests_banners b/include/tests_banners index 60fa3c2e..f7e4d7e9 100644 --- a/include/tests_banners +++ b/include/tests_banners @@ -22,7 +22,7 @@ # ################################################################################# # - InsertSection "Banners and identification" + InsertSection "${SECTION_BANNERS_AND_IDENTIFICATION}" # ################################################################################# # diff --git a/include/tests_boot_services b/include/tests_boot_services index fe5707e4..c86ca52c 100644 --- a/include/tests_boot_services +++ b/include/tests_boot_services @@ -22,7 +22,7 @@ # ################################################################################# # - InsertSection "Boot and services" + InsertSection "${SECTION_BOOT_AND_SERVICES}" # ################################################################################# # diff --git a/include/tests_containers b/include/tests_containers index a9a18836..78c12c50 100644 --- a/include/tests_containers +++ b/include/tests_containers @@ -22,7 +22,7 @@ # ################################################################################# # - InsertSection "Containers" + InsertSection "${SECTION_CONTAINERS}" # ################################################################################# # diff --git a/include/tests_crypto b/include/tests_crypto index 437c9b54..4885fab0 100644 --- a/include/tests_crypto +++ b/include/tests_crypto @@ -22,7 +22,11 @@ # ################################################################################# # - InsertSection "Cryptography" + RNG_FOUND=0 +# +################################################################################# +# + InsertSection "${SECTION_CRYPTOGRAPHY}" # ################################################################################# # @@ -188,20 +192,28 @@ if [ ${SKIPTEST} -eq 0 ]; then ENCRYPTED_SWAPS=0 UNENCRYPTED_SWAPS=0 - SWAPS=$(${SWAPONBINARY} --show=NAME --noheadings) - for BLOCK_DEV in ${SWAPS}; do - if ${CRYPTSETUPBINARY} isLuks "${BLOCK_DEV}" 2> /dev/null; then - LogText "Result: Found LUKS encrypted swap device: ${BLOCK_DEV}" - ENCRYPTED_SWAPS=$((ENCRYPTED_SWAPS +1)) - elif ${CRYPTSETUPBINARY} status "${BLOCK_DEV}" 2> /dev/null | ${GREPBINARY} --quiet "cipher:"; then - LogText "Result: Found non-LUKS encrypted swap device: ${BLOCK_DEV}" - ENCRYPTED_SWAPS=$((ENCRYPTED_SWAPS +1)) - else - LogText "Result: Found unencrypted swap device: ${BLOCK_DEV}" - UNENCRYPTED_SWAPS=$((UNENCRYPTED_SWAPS +1)) - fi - done - Display --indent 2 --text "- Found ${ENCRYPTED_SWAPS} encrypted and ${UNENCRYPTED_SWAPS} unencrypted swap devices in use." --result OK --color WHITE + # Redirect errors, as RHEL 5/6 and others don't have the --show option + SWAPS=$(${SWAPONBINARY} --show=NAME --noheadings 2> /dev/null) + if [ $? -eq 0 ]; then + for BLOCK_DEV in ${SWAPS}; do + if ${CRYPTSETUPBINARY} isLuks "${BLOCK_DEV}" 2> /dev/null; then + LogText "Result: Found LUKS encrypted swap device: ${BLOCK_DEV}" + ENCRYPTED_SWAPS=$((ENCRYPTED_SWAPS + 1)) + Report "encrypted_swap[]=${BLOCK_DEV},LUKS" + elif ${CRYPTSETUPBINARY} status "${BLOCK_DEV}" 2> /dev/null | ${GREPBINARY} --quiet "cipher:"; then + LogText "Result: Found non-LUKS encrypted swap device: ${BLOCK_DEV}" + ENCRYPTED_SWAPS=$((ENCRYPTED_SWAPS + 1)) + Report "encrypted_swap[]=${BLOCK_DEV},other" + else + LogText "Result: Found unencrypted swap device: ${BLOCK_DEV}" + UNENCRYPTED_SWAPS=$((UNENCRYPTED_SWAPS +1)) + Report "non_encrypted_swap[]=${BLOCK_DEV}" + fi + done + Display --indent 2 --text "- Found ${ENCRYPTED_SWAPS} encrypted and ${UNENCRYPTED_SWAPS} unencrypted swap devices in use." --result OK --color WHITE + else + LogText "Result: skipping testing as swapon returned an error." + fi fi # ################################################################################# @@ -239,6 +251,7 @@ if IsRunning "rngd"; then Display --indent 2 --text "- HW RNG & rngd" --result "${STATUS_YES}" --color GREEN LogText "Result: rngd is running" + RNG_FOUND=1 else Display --indent 2 --text "- HW RNG & rngd" --result "${STATUS_NO}" --color YELLOW # TODO - enable suggestion when website has listing for this control @@ -270,8 +283,9 @@ done if [ -z "${FOUND}" ]; then Display --indent 2 --text "- SW prng" --result "${STATUS_NO}" --color YELLOW - ReportSuggestion "${TEST_NO}" "Utilize software pseudo random number generators" + # ReportSuggestion "${TEST_NO}" "Utilize software pseudo random number generators" else + RNG_FOUND=1 Display --indent 2 --text "- SW prng" --result "${STATUS_YES}" --color GREEN LogText "Result: found ${FOUND} running" fi @@ -279,6 +293,10 @@ # ################################################################################# # + Report "rng_found=${RNG_FOUND}" +# +################################################################################# +# WaitForKeyPress diff --git a/include/tests_databases b/include/tests_databases index ace3fd67..fc44d690 100644 --- a/include/tests_databases +++ b/include/tests_databases @@ -39,7 +39,7 @@ # ################################################################################# # - InsertSection "Databases" + InsertSection "${SECTION_DATABASES}" # Test : DBS-1804 # Description : Check if MySQL is being used diff --git a/include/tests_file_integrity b/include/tests_file_integrity index 728c2616..c06b1703 100644 --- a/include/tests_file_integrity +++ b/include/tests_file_integrity @@ -25,7 +25,7 @@ # ################################################################################# # - InsertSection "Software: file integrity" + InsertSection "${SECTION_FILE_INTEGRITY}" Display --indent 2 --text "- Checking file integrity tools" # ################################################################################# diff --git a/include/tests_file_permissions b/include/tests_file_permissions index e9e859fd..50ccdeee 100644 --- a/include/tests_file_permissions +++ b/include/tests_file_permissions @@ -22,7 +22,7 @@ # ################################################################################# # - InsertSection "File Permissions" + InsertSection "${SECTION_FILE_PERMISSIONS}" # ################################################################################# # diff --git a/include/tests_filesystems b/include/tests_filesystems index bfe451ab..8dc65acc 100644 --- a/include/tests_filesystems +++ b/include/tests_filesystems @@ -28,7 +28,7 @@ # ################################################################################# # - InsertSection "File systems" + InsertSection "${SECTION_FILE_SYSTEMS}" # ################################################################################# # diff --git a/include/tests_firewalls b/include/tests_firewalls index d3ff1e3d..4d0ba748 100644 --- a/include/tests_firewalls +++ b/include/tests_firewalls @@ -22,7 +22,7 @@ # ################################################################################# # - InsertSection "Software: firewalls" + InsertSection "${SECTION_FIREWALLS}" # ################################################################################# # diff --git a/include/tests_hardening b/include/tests_hardening index 2f88b179..4feff7c6 100644 --- a/include/tests_hardening +++ b/include/tests_hardening @@ -18,7 +18,7 @@ # ################################################################################# # - InsertSection "Hardening" + InsertSection "${SECTION_HARDENING}" # COMPILER_INSTALLED is initialized before HARDEN_COMPILERS_NEEDED=0 diff --git a/include/tests_homedirs b/include/tests_homedirs index 09f4601c..c896bf86 100644 --- a/include/tests_homedirs +++ b/include/tests_homedirs @@ -22,7 +22,7 @@ # ################################################################################# # - InsertSection "Home directories" + InsertSection "${SECTION_HOME_DIRECTORIES}" # ################################################################################# # diff --git a/include/tests_insecure_services b/include/tests_insecure_services index d6d87245..230d117e 100644 --- a/include/tests_insecure_services +++ b/include/tests_insecure_services @@ -22,7 +22,7 @@ # ################################################################################# # - InsertSection "Insecure services" + InsertSection "${SECTION_INSECURE_SERVICES}" # ################################################################################# # diff --git a/include/tests_kernel b/include/tests_kernel index 011d02c6..d0f5cdcd 100644 --- a/include/tests_kernel +++ b/include/tests_kernel @@ -22,7 +22,7 @@ # ################################################################################# # - InsertSection "Kernel" + InsertSection "${SECTION_KERNEL}" # ################################################################################# # @@ -665,8 +665,9 @@ LogText "Result: found ${ROOTDIR}boot/vmlinuz-linux-lts" FOUND_VMLINUZ=${ROOTDIR}boot/vmlinuz-linux-lts else - # Match on /boot/vm5.3.7 or /boot/vmlinuz-5.3.7-1-default - FOUND_VMLINUZ=$(${LSBINARY} -t ${ROOTDIR}boot/vm[l0-9]* 2> /dev/null | ${HEADBINARY} -1) + # Match on items like /boot/vm5.3.7 or /boot/vmlinuz-5.3.7-1-default. Get newest file (ls -t and pipe into head) + # Note: ignore a rescue kernel (e.g. CentOS) + FOUND_VMLINUZ=$(${LSBINARY} -t ${ROOTDIR}boot/vm[l0-9]* 2> /dev/null | ${GREPBINARY} -v '\-rescue\-' | ${HEADBINARY} -1) LogText "Result: found ${FOUND_VMLINUZ}" fi @@ -680,8 +681,19 @@ elif [ -f "${FOUND_VMLINUZ}" ]; then VERSION_ON_DISK=$(echo ${FOUND_VMLINUZ} | ${SEDBINARY} 's#^/boot/##' | ${SEDBINARY} 's/^vmlinuz-//') LogText "Result: version derived from file name is '${VERSION_ON_DISK}'" + fi + # Data check: perform reset if we found a version but looks incomplete + # Example: Arch Linux will return only 'linux' as its version after it discovered /boot/vmlinuz-linux + case ${VERSION_ON_DISK} in + "linux" | "linux-lts") + LogText "Result: reset of version (${VERSION_ON_DISK}) as it looks incomplete" + VERSION_ON_DISK="" + ;; + esac + + # If we did not find the version yet, see if we can extract it from the magic data that 'file' returns if [ -z "${VERSION_ON_DISK}" ]; then LogText "Test: checking kernel version on disk" NEXTLINE=0 @@ -697,6 +709,7 @@ done fi + # Last check if we finally got a version or not if [ -z "${VERSION_ON_DISK}" ]; then LogText "Result: could not find the version on disk" ReportException "${TEST_NO}:4" "Could not find the kernel version" diff --git a/include/tests_kernel_hardening b/include/tests_kernel_hardening index 59a5f846..2b45394e 100644 --- a/include/tests_kernel_hardening +++ b/include/tests_kernel_hardening @@ -22,7 +22,7 @@ # ################################################################################# # - InsertSection "Kernel Hardening" + InsertSection "${SECTION_KERNEL_HARDENING}" # ################################################################################# # diff --git a/include/tests_ldap b/include/tests_ldap index 26d11965..7558d491 100644 --- a/include/tests_ldap +++ b/include/tests_ldap @@ -22,7 +22,7 @@ # ################################################################################# # - InsertSection "LDAP Services" + InsertSection "${SECTION_LDAP_SERVICES}" # ################################################################################# # diff --git a/include/tests_logging b/include/tests_logging index 292940e3..b6110263 100644 --- a/include/tests_logging +++ b/include/tests_logging @@ -36,7 +36,7 @@ # ################################################################################# # - InsertSection "Logging and files" + InsertSection "${SECTION_LOGGING_AND_FILES}" # Test : LOGG-2130 # Description : Check for a running syslog daemon diff --git a/include/tests_mac_frameworks b/include/tests_mac_frameworks index 3f23c77e..5234ab36 100644 --- a/include/tests_mac_frameworks +++ b/include/tests_mac_frameworks @@ -24,7 +24,7 @@ SELINUXFOUND=0 TOMOYOFOUND=0 - InsertSection "Security frameworks" + InsertSection "${SECTION_SECURITY_FRAMEWORKS}" # ################################################################################# # diff --git a/include/tests_mail_messaging b/include/tests_mail_messaging index 3a65765c..cbbde8a0 100644 --- a/include/tests_mail_messaging +++ b/include/tests_mail_messaging @@ -22,7 +22,7 @@ # ################################################################################# # - InsertSection "Software: e-mail and messaging" + InsertSection "${SECTION_EMAIL_AND_MESSAGING}" # ################################################################################# # diff --git a/include/tests_malware b/include/tests_malware index 5e3c6fca..3710be60 100644 --- a/include/tests_malware +++ b/include/tests_malware @@ -22,7 +22,7 @@ # ################################################################################# # - InsertSection "Software: ${SECTION_MALWARE}" + InsertSection "${SECTION_MALWARE}" # ################################################################################# # diff --git a/include/tests_nameservices b/include/tests_nameservices index df41fbc9..46f4f1fb 100644 --- a/include/tests_nameservices +++ b/include/tests_nameservices @@ -22,7 +22,7 @@ # ################################################################################# # - InsertSection "Name services" + InsertSection "${SECTION_NAME_SERVICES}" # ################################################################################# # diff --git a/include/tests_networking b/include/tests_networking index 420f26ea..9657a841 100644 --- a/include/tests_networking +++ b/include/tests_networking @@ -31,7 +31,7 @@ # ################################################################################# # - InsertSection "Networking" + InsertSection "${SECTION_NETWORKING}" # ################################################################################# # diff --git a/include/tests_ports_packages b/include/tests_ports_packages index 286da608..c2978be6 100644 --- a/include/tests_ports_packages +++ b/include/tests_ports_packages @@ -22,7 +22,7 @@ # ################################################################################# # - InsertSection "Ports and packages" + InsertSection "${SECTION_PORTS_AND_PACKAGES}" PACKAGE_MGR_PKG=0 PACKAGE_AUDIT_TOOL="" PACKAGE_AUDIT_TOOL_FOUND=0 @@ -1289,7 +1289,7 @@ KERNELS=$(${ZYPPERBINARY} --non-interactive -n se --type package --match-exact --installed-only "kernel-default" 2> /dev/null | ${GREPBINARY} "kernel-default" | ${WCBINARY} -l) if [ ${KERNELS} -eq 0 ]; then LogText "Result: found no kernels from zypper output, which is unexpected." - ReportException "KRNL-5840:3" "Could not find any kernel packages via package manager. Maybe using a different kernel package?" + ReportException "${TEST_NO}" "Could not find any kernel packages via package manager. Maybe using a different kernel package?" elif [ ${KERNELS} -gt 3 ]; then LogText "Result: found more than 5 kernel packages on the system, which might indicate lack of regular cleanups" ReportSuggestion "${TEST_NO}" "Remove any unneeded kernel packages" @@ -1299,7 +1299,19 @@ fi if [ ${KERNELS} -eq 0 -a ${TESTED} -eq 1 ]; then - ReportException "KRNL-5840:1" "Could not find any kernel packages via package manager" + # Only report exception if there are kernels actually there. For example, LXC use the kernel of host system + case "${OS}" in + "Linux") + if [ -d "${ROOTDIR}boot" ]; then + if [ -z "$(${FINDBINARY} /boot -maxdepth 1 -type f -name 'vmlinuz*' -print -quit)" ]; then + ReportException "${TEST_NO}" "Could not find any kernel packages via package manager" + fi + fi + ;; + *) + ReportException "${TEST_NO}" "Could not find any kernel packages via package manager" + ;; + esac fi Report "installed_kernel_packages=${KERNELS}" diff --git a/include/tests_printers_spoolers b/include/tests_printers_spoolers index b8435493..61304f87 100644 --- a/include/tests_printers_spoolers +++ b/include/tests_printers_spoolers @@ -34,7 +34,7 @@ # ################################################################################# # - InsertSection "Printers and Spools" + InsertSection "${SECTION_PRINTERS_AND_SPOOLS}" # ################################################################################# # diff --git a/include/tests_scheduling b/include/tests_scheduling index a7b3f5c2..b461ba95 100644 --- a/include/tests_scheduling +++ b/include/tests_scheduling @@ -22,7 +22,7 @@ # ################################################################################# # - InsertSection "Scheduled tasks" + InsertSection "${SECTION_SCHEDULED_TASKS}" # ################################################################################# # diff --git a/include/tests_shells b/include/tests_shells index 6f39e1fd..89be9979 100644 --- a/include/tests_shells +++ b/include/tests_shells @@ -23,7 +23,7 @@ ################################################################################# # IDLE_TIMEOUT=0 - InsertSection "Shells" + InsertSection "${SECTION_SHELLS}" # ################################################################################# # diff --git a/include/tests_snmp b/include/tests_snmp index d8ce450d..0bf785f0 100644 --- a/include/tests_snmp +++ b/include/tests_snmp @@ -28,7 +28,7 @@ # ################################################################################# # - InsertSection "SNMP Support" + InsertSection "${SECTION_SNMP_SUPPORT}" # Test : SNMP-3302 # Description : Check for a running SNMP daemon diff --git a/include/tests_squid b/include/tests_squid index f94befa0..d62310a3 100644 --- a/include/tests_squid +++ b/include/tests_squid @@ -29,7 +29,7 @@ # ################################################################################# # - InsertSection "Squid Support" + InsertSection "${SECTION_SQUID_SUPPORT}" # ################################################################################# # diff --git a/include/tests_ssh b/include/tests_ssh index bd02440c..43c678b9 100644 --- a/include/tests_ssh +++ b/include/tests_ssh @@ -34,7 +34,7 @@ # ################################################################################# # - InsertSection "SSH Support" + InsertSection "${SECTION_SSH_SUPPORT}" # ################################################################################# # diff --git a/include/tests_storage b/include/tests_storage index 6de4f15d..89431aa0 100644 --- a/include/tests_storage +++ b/include/tests_storage @@ -18,7 +18,7 @@ # ################################################################################# # - InsertSection "Storage" + InsertSection "${SECTION_STORAGE}" # ################################################################################# # diff --git a/include/tests_system_integrity b/include/tests_system_integrity index 7a21925b..825f3d70 100644 --- a/include/tests_system_integrity +++ b/include/tests_system_integrity @@ -25,7 +25,7 @@ # ################################################################################# # - InsertSection "Software: system integrity" + InsertSection "${SECTION_SYSTEM_INTEGRITY}" Display --indent 2 --text "- Checking file integrity tools" # ################################################################################# diff --git a/include/tests_time b/include/tests_time index eda41a6f..95c695bc 100644 --- a/include/tests_time +++ b/include/tests_time @@ -22,7 +22,7 @@ # ################################################################################# # - InsertSection "Time and Synchronization" + InsertSection "${SECTION_TIME_AND_SYNCHRONIZATION}" # ################################################################################# # @@ -575,7 +575,16 @@ Register --test-no TIME-3185 --preqs-met "${PREQS_MET}" --weight L --network NO --category "security" --description "Check systemd-timesyncd synchronized time" SYNCHRONIZED_FILE="/run/systemd/timesync/synchronized" + if [ ${SKIPTEST} -eq 0 ]; then + # On earlier systemd versions (237), '/run/systemd/timesync/synchronized' does not exist, so use '/var/lib/systemd/timesync/clock' + if [ ! -e "${SYNCHRONIZED_FILE}" ]; then + SYNCHRONIZED_FILE="/var/lib/systemd/timesync/clock" + fi + # DynamicUser=yes moves the clock file to '/var/lib/private/systemd/timesync/clock' + if [ ! -e "${SYNCHRONIZED_FILE}" ]; then + SYNCHRONIZED_FILE="/var/lib/private/systemd/timesync/clock" + fi if [ -e "${SYNCHRONIZED_FILE}" ]; then FIND=$(( $(date +%s) - $(${STATBINARY} -L --format %Y "${SYNCHRONIZED_FILE}") )) # Check if last sync was more than 2048 seconds (= the default of systemd) ago diff --git a/include/tests_tooling b/include/tests_tooling index 7fed8460..26870934 100644 --- a/include/tests_tooling +++ b/include/tests_tooling @@ -37,7 +37,7 @@ # ################################################################################# # - InsertSection "Software: System tooling" + InsertSection "${SECTION_SYSTEM_TOOLING}" # ################################################################################# # diff --git a/include/tests_usb b/include/tests_usb index 1c6cae6d..92c81a32 100644 --- a/include/tests_usb +++ b/include/tests_usb @@ -19,7 +19,7 @@ # ################################################################################# # - InsertSection "USB Devices" + InsertSection "${SECTION_USB_DEVICES}" # ################################################################################# # diff --git a/include/tests_virtualization b/include/tests_virtualization index 3902defc..e4df170e 100644 --- a/include/tests_virtualization +++ b/include/tests_virtualization @@ -22,7 +22,7 @@ # ################################################################################# # - InsertSection "Virtualization" + InsertSection "${SECTION_VIRTUALIZATION}" # ################################################################################# # diff --git a/include/tests_webservers b/include/tests_webservers index 188a6031..45588492 100644 --- a/include/tests_webservers +++ b/include/tests_webservers @@ -22,7 +22,7 @@ # ################################################################################# # - InsertSection "Software: webserver" + InsertSection "${SECTION_WEBSERVER}" # ################################################################################# # |