diff options
author | hlein <hlein@korelogic.com> | 2017-03-08 19:24:24 +0300 |
---|---|---|
committer | Michael Boelen <michael.boelen@cisofy.com> | 2017-03-08 19:24:24 +0300 |
commit | 62d9a18861f53c593e0aea763177ea78cf5833f7 (patch) | |
tree | fcc87140cac2ae8b8adbdb750b4de9591eb750dd /lynis | |
parent | e054e9757c3fdc0ac794e18fa7ed9e04c11b1de1 (diff) |
A bunch of Solaris compatibility tweaks (#367)
* Work around Solaris' /bin/sh not being POSIX.
If /usr/xpg4/bin/sh is present, we are (definitely?) on Solaris or
a derivative, and /bin/sh cannot be trusted to support POSIX, but
/usr/xpg4/bin/sh can be. Exec it right away.
* Work around Solaris 'which' command oddity.
Solaris' (at least) 'which' command outputs not-found errors to STDOUT
instead of STDERR.
This makes "did we get any output from which" checks insufficient;
piping to grep -v the "no foo in ..." message should work.
Note that this patch set includes all such uses of which that I could
find, including ones that should never be reached on Solaris (i.e. only
executed on some other OS) just for consistency.
* Improved alternate-sh exec to avoid looping.
* Solaris' /usr/ucb/echo supports -n.
* Check for the best hash type that openssl supports.
When using openssl to generate hashes, do not assume it supports
sha256; try that, then sha1, then give up and use md5.
* Solaris does not support sed -i; use a tempfile.
* Use the full path for modinfo.
When running as non-root, /usr/sbin/ might not be in PATH.
include/tests_accounting already calls modinfo by full path, but
include/tests_kernel did not.
* Solaris find does not support -maxdepth.
This mirrors the logic already in tests_homedirs.
* Use PSBINARY instead of ps.
* Work around Solaris' date not supporting +%s.
Printing nawk's srand value is a bizarre but apparently once popular
workaround for there being no normal userland command to print
UNIX epoch seconds. A perl one-liner is the other common approach,
but nawk may be more reliably present on Solaris than perl.
* Revert to using sha1 for HOSTID.
* Whitespace cleanup for openssl hash tests.
Diffstat (limited to 'lynis')
-rwxr-xr-x | lynis | 12 |
1 files changed, 11 insertions, 1 deletions
@@ -1,5 +1,10 @@ #!/bin/sh +# In Solaris /bin/sh is not POSIX, but /usr/xpg4/bin/sh is. +# Switch to /usr/xpg4/bin/sh if it exists and we are not already running it. +test "$_" != "/usr/xpg4/bin/sh" && test -f /usr/xpg4/bin/sh && \ +exec /usr/xpg4/bin/sh "$0" "$@" + ################################################################################# # # Lynis @@ -698,7 +703,12 @@ ${NORMAL} fi # Test for older releases, without testing via update mechanism - NOW=$(date "+%s") + if [ "$OS" = "Solaris" ]; then + NOW=$(nawk 'BEGIN{print srand()}') + else + NOW=$(date "+%s") + fi + OLD_RELEASE=0 TIME_DIFFERENCE_CHECK=10368000 # 4 months RELEASE_PLUS_TIMEDIFF=$((${PROGRAM_RELEASE_TIMESTAMP} + ${TIME_DIFFERENCE_CHECK})) |