diff options
| author | mboelen <michael@cisofy.com> | 2016-01-19 14:09:42 +0300 |
|---|---|---|
| committer | mboelen <michael@cisofy.com> | 2016-01-19 14:09:42 +0300 |
| commit | 00ebad930a0cfd779dabdbbbeca5c20300114e37 (patch) | |
| tree | 78dfada544ed34c3944656a39d84536008658053 /lynis | |
| parent | 6bab259a5e7a7a95bab2227f44fb64fb35e2ca0d (diff) | |
Adjust counting and reporting of plugins
Diffstat (limited to 'lynis')
| -rwxr-xr-x | lynis | 101 |
1 files changed, 51 insertions, 50 deletions
@@ -649,67 +649,68 @@ if [ ${RUN_PLUGINS} -eq 1 ]; then + N_PLUGIN=0 + N_PLUGIN_ENABLED=0 + # Plugins function RunPlugins() { - if [ $# -eq 0 ]; then echo "RunPlugins should be started with phase number"; ExitFatal; fi - PLUGIN_PHASE=$1 - if [ ${PLUGIN_PHASE} -eq 0 -o ${PLUGIN_PHASE} -gt 2 ]; then echo "Incorrect phase number when calling RunPlugins"; ExitFatal; fi - logtextbreak - InsertPluginSection "Plugins (phase ${PLUGIN_PHASE})" - if [ ${PLUGIN_PHASE} -eq 1 ]; then - Display --text "Note: plugins have more extensive tests, which may take a few minutes to complete" - Display --text " " - logtext "Searching plugins..." - fi - N_PLUGIN=0 - N_PLUGIN_ENABLED=0 + if [ $# -eq 0 ]; then echo "RunPlugins should be started with phase number"; ExitFatal; fi + PLUGIN_PHASE=$1 + if [ ${PLUGIN_PHASE} -eq 0 -o ${PLUGIN_PHASE} -gt 2 ]; then echo "Incorrect phase number when calling RunPlugins"; ExitFatal; fi + logtextbreak + InsertPluginSection "Plugins (phase ${PLUGIN_PHASE})" + if [ ${PLUGIN_PHASE} -eq 1 ]; then + Display --text "Note: plugins have more extensive tests, which may take a few minutes to complete" + Display --text " " + logtext "Searching plugins..." + fi - # Search plugins - FIND_PLUGINS=`find ${PLUGINDIR} -type f -name "plugin_[a-z]*" -exec echo \{\} \; | sort` - for PLUGIN_FILE in ${FIND_PLUGINS}; do - logtext "Found plugin file: ${PLUGIN_FILE}" - # Double check if output is a valid file name - if [ -f ${PLUGIN_FILE} ]; then - FIND2=`grep "^# PLUGIN_NAME=" ${PLUGIN_FILE} | awk -F= '{ print $2 }'` - if [ ! "${FIND2}" = "" -a ! "${FIND2}" = "[plugin_name]" ]; then - N_PLUGIN=`expr ${N_PLUGIN} + 1` - FIND3=`grep "^plugin=${FIND2}" ${PROFILE}` - if [ ! "${FIND3}" = "" ]; then - logtext "Plugin ${FIND2} is enabled" - # Plugins should have at least a _phase1 part, _phase2 is optional at this moment - PLUGINFILE="${PLUGINDIR}/plugin_${FIND2}_phase${PLUGIN_PHASE}" - if [ -f ${PLUGINFILE} ]; then - PLUGIN_VERSION=`grep "^# PLUGIN_VERSION=" ${PLUGIN_FILE} | awk -F= '{ print $2 }'` - PLUGIN_VERSION_NODOTS=`echo ${PLUGIN_VERSION} | sed 's/.//g'` - FIND4=`ls -l ${PLUGINFILE} | cut -c 2-10` - if [ "${FIND4}" = "rw-r--r--" -o "${FIND4}" = "rw-r-----" -o "${FIND4}" = "rw-------" -o "${FIND4}" = "r--------" ]; then - logtext "Including plugin file: ${PLUGINFILE} (version: ${PLUGIN_VERSION})" - report "plugin_enabled_phase1[]=${FIND2}|${PLUGIN_VERSION}|" - N_PLUGIN_ENABLED=`expr ${N_PLUGIN_ENABLED} + 1` - Display --indent 2 --text "- ${CYAN}Plugin${NORMAL}: ${WHITE}${FIND2}${NORMAL}" - if [ ${PLUGIN_PHASE} -eq 1 ]; then Progress " ["; fi - . ${PLUGINFILE} - if [ ${PLUGIN_PHASE} -eq 1 ]; then Progress "]"; Progress --finish; fi - logtextbreak - logtext "Result: ${FIND2} plugin (phase ${PLUGIN_PHASE}) finished" + # Search plugins + FIND_PLUGINS=`find ${PLUGINDIR} -type f -name "plugin_[a-z]*" -exec echo \{\} \; | sort` + for PLUGIN_FILE in ${FIND_PLUGINS}; do + logtext "Found plugin file: ${PLUGIN_FILE}" + # Double check if output is a valid file name + if [ -f ${PLUGIN_FILE} ]; then + FIND2=`grep "^# PLUGIN_NAME=" ${PLUGIN_FILE} | awk -F= '{ print $2 }'` + if [ ! "${FIND2}" = "" -a ! "${FIND2}" = "[plugin_name]" ]; then + if [ ${PLUGIN_PHASE} -eq 1 ]; then N_PLUGIN=`expr ${N_PLUGIN} + 1`; fi + FIND3=`grep "^plugin=${FIND2}" ${PROFILE}` + if [ ! "${FIND3}" = "" ]; then + logtext "Plugin ${FIND2} is enabled" + # Plugins should have at least a _phase1 part, _phase2 is optional at this moment + PLUGINFILE="${PLUGINDIR}/plugin_${FIND2}_phase${PLUGIN_PHASE}" + if [ -f ${PLUGINFILE} ]; then + PLUGIN_VERSION=`grep "^# PLUGIN_VERSION=" ${PLUGIN_FILE} | awk -F= '{ print $2 }'` + PLUGIN_VERSION_NODOTS=`echo ${PLUGIN_VERSION} | sed 's/.//g'` + FIND4=`ls -l ${PLUGINFILE} | cut -c 2-10` + if [ "${FIND4}" = "rw-r--r--" -o "${FIND4}" = "rw-r-----" -o "${FIND4}" = "rw-------" -o "${FIND4}" = "r--------" ]; then + logtext "Including plugin file: ${PLUGINFILE} (version: ${PLUGIN_VERSION})" + report "plugin_enabled_phase${PLUGIN_PHASE}[]=${FIND2}|${PLUGIN_VERSION}|" + if [ ${PLUGIN_PHASE} -eq 1 ]; then N_PLUGIN_ENABLED=`expr ${N_PLUGIN_ENABLED} + 1`; fi + Display --indent 2 --text "- ${CYAN}Plugin${NORMAL}: ${WHITE}${FIND2}${NORMAL}" + if [ ${PLUGIN_PHASE} -eq 1 ]; then Progress " ["; fi + . ${PLUGINFILE} + if [ ${PLUGIN_PHASE} -eq 1 ]; then Progress "]"; Progress --finish; fi + logtextbreak + logtext "Result: ${FIND2} plugin (phase ${PLUGIN_PHASE}) finished" + else + logtext "Plugin ${FIND2}: Skipped (bad file permissions, should be 640, 600 or 400)" + fi else - logtext "Plugin ${FIND2}: Skipped (bad file permissions, should be 640, 600 or 400)" + logtext "Plugin ${FIND2}: Skipped (can't find file ${PLUGINFILE})" fi else - logtext "Plugin ${FIND2}: Skipped (can't find file ${PLUGINFILE})" + logtext "Plugin ${FIND2}: Skipped (not enabled)" fi else - logtext "Plugin ${FIND2}: Skipped (not enabled)" + logtext "Skipping plugin file ${PLUGIN_FILE} (no valid plugin name found)" fi - else - logtext "Skipping plugin file ${PLUGIN_FILE} (no valid plugin name found)" fi - fi - logtext "--" - done - logtext "Result: Found ${N_PLUGIN} plugins of which ${N_PLUGIN_ENABLED} are enabled" - logtext "Result: Plugins ${PLUGIN_PHASE} finished" + logtext "--" + done + logtext "Result: Found ${N_PLUGIN} plugins of which ${N_PLUGIN_ENABLED} are enabled" + logtext "Result: Plugins ${PLUGIN_PHASE} finished" } RunPlugins 1 |