diff options
-rwxr-xr-x | lynis | 259 |
1 files changed, 135 insertions, 124 deletions
@@ -69,10 +69,10 @@ for I in ${tINCLUDE_TARGETS}; do if [ -d ${I} ]; then INCLUDEDIR=${I}; fi; done # Drop out if our include directory can't be found - if [ "${INCLUDEDIR}" = "" ]; then - echo "Fatal error: can't find include directory" - echo "Make sure to execute ${PROGRAM_name} from untarred directory or check your installation." + printf "%s" " +Fatal error: can't find include directory +Make sure to execute ${PROGRAM_name} from untarred directory or check your installation." exit 1 fi @@ -134,37 +134,39 @@ fi fi if [ ${SHOWPERMERROR} -eq 1 ]; then - echo "" - echo "[!] Change ownership of ${INCLUDEDIR}/${FILE} to 'root' or similar (found: ${OWNER} with UID ${OWNERID})." - echo "" - echo " Command:" - echo " # chown 0:0 ${INCLUDEDIR}/${FILE}" - echo "" + printf "%s" " + +[!] Change ownership of ${INCLUDEDIR}/${FILE} to 'root' or similar (found: ${OWNER} with UID ${OWNERID}). + + Command: + # chown 0:0 ${INCLUDEDIR}/${FILE} +" fi # Now if there is an issue with permissions, show it to the user and let them decide how to continue. if [ ${ISSUE} -eq 1 ]; then - echo "" - echo "[X] Security check failed" - echo "" - echo " Why do I see this error?" - echo " -------------------------------" - echo " This is a protection mechanism to prevent the root user from executing user created files. The files may be altered, or including malicious pieces of script." - echo ""; echo "" - echo " What can I do?" - echo " ---------------------" - echo " Option 1) Check if a trusted user created the files (e.g. due to using Git, Homebrew or similar)." - echo " If you trust these files, you can decide to continue this run by pressing ENTER." - echo "" - echo " Option 2) Change ownership and permissions of the related files (or full directory)." - echo "" - echo " Commands (full directory):" - echo " # cd .." - echo " # chown -R 0:0 lynis" - echo " # cd lynis" - echo " ./lynis audit system" - echo ""; echo ""; - echo "[ Press ENTER to continue, or CTRL+C to cancel ]" + printf "%s" " +[X] Security check failed + + Why do I see this error? + ------------------------------- + This is a protection mechanism to prevent the root user from executing user created files. The files may be altered, or including malicious pieces of script. + + What can I do? + --------------------- + Option 1) Check if a trusted user created the files (e.g. due to using Git, Homebrew or similar). + If you trust these files, you can decide to continue this run by pressing ENTER. + + Option 2) Change ownership and permissions of the related files (or full directory). + + Commands (full directory): + # cd .. + # chown -R 0:0 lynis + # cd lynis + ./lynis audit system + + +[ Press ENTER to continue, or CTRL+C to cancel ]" read DUMMY fi . ${INCLUDEDIR}/consts @@ -255,31 +257,34 @@ # if [ ${QUIET} -eq 0 ]; then - echo "" - echo "${WHITE}[ ${PROGRAM_name} ${PROGRAM_version} ]${NORMAL}" - echo "" - echo "################################################################################" - echo " ${PROGRAM_license}" - echo "" - echo " ${PROGRAM_copyright}" - echo " ${PROGRAM_extrainfo}" - echo "################################################################################" + printf "%s" " + +${WHITE}[ ${PROGRAM_name} ${PROGRAM_version} ]${NORMAL} + +################################################################################ + ${PROGRAM_license} + + ${PROGRAM_copyright} + ${PROGRAM_extrainfo} +################################################################################" fi if [ "${PROGRAM_releasetype}" = "beta" ]; then - echo "${WHITE}" - echo " #########################################################" - echo " # ${YELLOW}BETA VERSION${WHITE} #" - echo " #########################################################" - echo "" - echo " Thank you for testing a beta release. Make sure to read" - echo " all available documentation before proceeding and/or" - echo " requesting support. Due the nature of beta releases, it" - echo " is possible new features give unexpected warnings." - echo "" - echo "" - echo " #########################################################" - echo "${NORMAL}"; echo "" + printf "%s" " +${WHITE} + ######################################################### + # ${YELLOW}BETA VERSION${WHITE} # + ######################################################### + + Thank you for testing a beta release. Make sure to read + all available documentation before proceeding and/or + requesting support. Due the nature of beta releases, it + is possible new features give unexpected warnings. + + + ######################################################### +${NORMAL} +" fi # ################################################################################# @@ -332,18 +337,19 @@ # Check if there is already a PID file in any of the locations (incorrect termination of previous instance) if [ -f "${MYHOMEDIR}/lynis.pid" -o -f "./lynis.pid" -o -f "/var/run/lynis.pid" ]; then - echo "" - echo " ${WARNING}Warning${NORMAL}: ${WHITE}PID file exists, probably another Lynis process is running.${NORMAL}" - echo " ------------------------------------------------------------------------------" - echo " If you are unsure another Lynis process is running currently, you are advised " - echo " to stop current process and check the process list first. If you cancelled" - echo " (by using CTRL+C) a previous instance, you can ignore this message." - echo " " - echo " You are advised to check for temporary files after program completion." - echo " ------------------------------------------------------------------------------" - echo "" - echo " ${YELLOW}Note: ${WHITE}Cancelling the program can leave temporary files behind${NORMAL}" - echo "" + printf "%s" " + +${WARNING}Warning${NORMAL}: ${WHITE}PID file exists, probably another Lynis process is running.${NORMAL} +------------------------------------------------------------------------------ +If you are unsure another Lynis process is running currently, you are advised +to stop current process and check the process list first. If you cancelled +(by using CTRL+C) a previous instance, you can ignore this message. + +You are advised to check for temporary files after program completion. +------------------------------------------------------------------------------ + +${YELLOW}Note: ${WHITE}Cancelling the program can leave temporary files behind${NORMAL} +" wait_for_keypress # Deleting any stale PID files that might exist. Note: Display function does not work yet at this point @@ -371,46 +377,47 @@ # # Bail out if we didn't get any parameter, or incorrect ones if [ ${PARAMCOUNT} -eq 0 -o ${WRONGOPTION} -eq 1 -o ${VIEWHELP} -eq 1 ]; then - echo "" - echo " Usage: lynis ${WHITE}[options] ${CYAN}mode${NORMAL}" - echo "" - echo "" - echo " ${CYAN}Mode:${NORMAL}" - echo "" - echo " ${GREEN}audit${NORMAL}" - echo " audit system : Perform security scan" - echo " audit dockerfile <file> : Analyze Dockerfile" - echo "" - echo " ${GREEN}update${NORMAL}" - echo " update info : Show update details" - echo " update release : Update Lynis release" - echo "" - echo "" - echo " ${WHITE}Scan options:${NORMAL}" - echo " --auditor \"<name>\" : Auditor name" - echo " --dump-options : See all available options" - echo " --no-log : Don't create a log file" - echo " --pentest : Non-privileged scan (useful for pentest)" - echo " --profile <profile> : Scan the system with the given profile file" - echo " --quick (-Q) : Quick mode, don't wait for user input" - echo " --tests \"<tests>\" : Run only tests defined by <tests>" - echo " --tests-category \"<category>\" : Run only tests defined by <category>" - echo "" - echo " ${WHITE}Layout options:${NORMAL}" - echo " --no-colors : Don't use colors in output" - echo " --quiet (-q) : No output, except warnings" - echo " --reverse-colors : Optimize color display for light backgrounds" - echo "" - echo " ${WHITE}Misc options:${NORMAL}" - echo " --debug : Debug logging to screen" - echo " --view-manpage (--man) : View man page" - echo " --version (-V) : Display version number and quit" - echo "" - echo " ${WHITE}Enterprise options:${NORMAL}" - echo " --plugin-dir \"<path>\" : Define path of available plugins" - echo " --upload : Upload data to central node" - echo "" - echo "" + printf "%s" " + + Usage: lynis ${WHITE}[options] ${CYAN}mode${NORMAL} + + + ${CYAN}Mode:${NORMAL} + + ${GREEN}audit${NORMAL} + audit system : Perform security scan + audit dockerfile <file> : Analyze Dockerfile + + ${GREEN}update${NORMAL} + update info : Show update details + update release : Update Lynis release + + + ${WHITE}Scan options:${NORMAL} + --auditor \"<name>\" : Auditor name + --dump-options : See all available options + --no-log : Don't create a log file + --pentest : Non-privileged scan (useful for pentest) + --profile <profile> : Scan the system with the given profile file + --quick (-Q) : Quick mode, don't wait for user input + --tests \"<tests>\" : Run only tests defined by <tests> + --tests-category \"<category>\" : Run only tests defined by <category> + + ${WHITE}Layout options:${NORMAL} + --no-colors : Don't use colors in output + --quiet (-q) : No output, except warnings + --reverse-colors : Optimize color display for light backgrounds + + ${WHITE}Misc options:${NORMAL} + --debug : Debug logging to screen + --view-manpage (--man) : View man page + --version (-V) : Display version number and quit + + ${WHITE}Enterprise options:${NORMAL} + --plugin-dir \"<path>\" : Define path of available plugins + --upload : Upload data to central node + +" if [ ${WRONGOPTION} -eq 1 ]; then echo " ${RED}Error${NORMAL}: ${WHITE}Invalid option '${WRONGOPTION_value}'${NORMAL}" @@ -431,28 +438,32 @@ ################################################################################# # if [ ${PRIVILEGED} -eq 0 ]; then - echo "${WHITE}" - echo " ###################################################################" - echo " # #" - echo " # ${PURPLE}NON-PRIVILEGED SCAN MODE${WHITE} #" - echo " # #" - echo " ###################################################################" - echo "${NORMAL}" - echo " ${YELLOW}NOTES:${NORMAL}" - echo " --------------" - echo " ${WHITE}*${NORMAL} Some tests will be skipped (as they require root permissions)" - echo " ${WHITE}*${NORMAL} Some tests might fail silently or give different results" - echo "" + printf "%s" " +${WHITE} + ################################################################### + # # + # ${PURPLE}NON-PRIVILEGED SCAN MODE${WHITE} # + # # + ################################################################### +${NORMAL} + ${YELLOW}NOTES:${NORMAL} + -------------- + ${WHITE}*${NORMAL} Some tests will be skipped (as they require root permissions) + ${WHITE}*${NORMAL} Some tests might fail silently or give different results +" if [ "${LOGFILE}" = "" -o "${LOGFILE}" = "/dev/null" ]; then - echo " ${RED}WARNING:${NORMAL}" - echo " ${WHITE}*${NORMAL} No suggestions or warnings will be displayed in report (due to missing log file)" - echo "" + printf "%s" " +${RED}WARNING:${NORMAL} +${WHITE}*${NORMAL} No suggestions or warnings will be displayed in report (due to missing log file) +" fi - echo "" - echo " ${WHITE}Press [ENTER] to continue or [CTRL] + C to break${NORMAL}" - echo "" - echo " ###################################################################" - echo "${NORMAL}"; echo "" + printf "%s" " + + ${WHITE}Press [ENTER] to continue or [CTRL] + C to break${NORMAL} + + ################################################################### +${NORMAL} +" if [ ${QUICKMODE} -eq 0 ]; then read void; fi fi # |