diff options
| -rw-r--r-- | include/consts | 2 | ||||
| -rw-r--r-- | include/functions | 22 | ||||
| -rw-r--r-- | include/helper_generate | 89 | ||||
| -rw-r--r-- | include/helper_show | 12 | ||||
| -rw-r--r-- | include/parameters | 18 |
5 files changed, 140 insertions, 3 deletions
diff --git a/include/consts b/include/consts index fa923c99..24a32167 100644 --- a/include/consts +++ b/include/consts @@ -251,8 +251,10 @@ unset LANG SHOW_REPORT_SOLUTION=1 SHOW_TOOL_TIPS=1 # Show inline tool tips (default true) SHOW_WARNINGS_ONLY=0 + SKIP_GETHOSTID=0 SKIP_PLUGINS=0 SKIP_TESTS="" + SKIP_VM_DETECTION=0 SKIPREASON="" SKIPPED_TESTS_ROOTONLY="" SMTPCTLBINARY="" diff --git a/include/functions b/include/functions index b15bda88..35cb6b00 100644 --- a/include/functions +++ b/include/functions @@ -805,15 +805,26 @@ # Name : GetHostID() # Description : Create an unique id for the system # - # Returns : optional value + # Returns : 0 = fetched or created IDs, 1 = failed, 2 = skipped # Usage : GetHostID ################################################################################ GetHostID() { + if [ ${SKIP_GETHOSTID} -eq 1 ]; then + return 2 + fi + if [ ! -z "${HOSTID}" -a ! -z "${HOSTID2}" ]; then Debug "Skipping creation of host identifiers, as they are already configured (via profile)" - return 1 + return 2 + fi + + if [ -f "${ROOTDIR}etc/lynis/hostids" ]; then + Debug "Used hostids file to fetch values" + HOSTID=$(grep "^hostid=" ${ROOTDIR}etc/lynis/hostids | awk -F= '{print $2}') + HOSTID2=$(grep "^hostid2=" ${ROOTDIR}etc/lynis/hostids | awk -F= '{print $2}') + return 0 fi FIND="" @@ -1110,8 +1121,9 @@ fi # Show an exception if no HostID could be created, to ensure each system (and scan) has one - if [ "${HOSTID}" = "" ]; then + if [ -z "${HOSTID}" ]; then ReportException "GetHostID" "No unique host identifier could be created." + return 1 elif [ ! -z "${HOSTID2}" ]; then return 0 fi @@ -1393,6 +1405,10 @@ ISVIRTUALMACHINE=2; VMTYPE="unknown"; VMFULLTYPE="Unknown" SHORT="" + if [ ${SKIP_VM_DETECTION} -eq 1 ]; then + return 2 + fi + # lxc environ detection if [ -z "${SHORT}" ]; then if [ -f /proc/1/environ ]; then diff --git a/include/helper_generate b/include/helper_generate new file mode 100644 index 00000000..bdcfb44d --- /dev/null +++ b/include/helper_generate @@ -0,0 +1,89 @@ +#!/bin/sh + +################################################################################# +# +# Lynis +# ------------------ +# +# Copyright 2007-2013, Michael Boelen +# Copyright 2007-2019, CISOfy +# +# Website : https://cisofy.com +# Blog : http://linux-audit.com +# GitHub : https://github.com/CISOfy/lynis +# +# Lynis comes with ABSOLUTELY NO WARRANTY. This is free software, and you are +# welcome to redistribute it under the terms of the GNU General Public License. +# See LICENSE file for usage of this software. +# +###################################################################### +# +# Helper program to generate specific details such as host IDs +# +###################################################################### +# +# How to use: +# ------------ +# Run: lynis generate <option> +# +###################################################################### + +SAVEFILE=0 +GENERATE_ARGS="hostids" + +if [ $# -gt 0 ]; then + case $1 in + "hostids") + + if [ $# -gt 1 ]; then + shift + if [ $1 = "--save" ]; then + SAVEFILE=1 + fi + fi + + # Generate random host IDs + HOSTID=$(head -c20 < /dev/urandom | xxd -c 20 -p) + HOSTID2=$(head -c32 < /dev/urandom | xxd -c 32 -p) + + ${ECHOCMD} "Generated host identifiers" + ${ECHOCMD} "- hostid: ${HOSTID}" + ${ECHOCMD} "- hostid2: ${HOSTID2}" + + if [ ${SAVEFILE} -eq 1 ]; then + FILE="${ROOTDIR}etc/lynis/hostids" + if [ -f ${FILE} ]; then + ${ECHOCMD} "Error: hostids file already exists (${FILE})" + ${ECHOCMD} "Remove the file first and rerun command" + ExitFatal + else + OUTPUT=$(touch ${FILE} 2> /dev/null) + if [ $? -eq 0 ]; then + ${ECHOCMD} "Created hostids file (${FILE})" + echo "# generated using 'lynis generate hostids --save'" > ${FILE} + echo "hostid=${HOSTID}" >> ${FILE} + echo "hostid2=${HOSTID2}" >> ${FILE} + else + ExitFatal "Error: could not created hostids file (${FILE}). Issue with permissions?" + fi + fi + fi + + ExitClean + ;; + *) ${ECHOCMD} "Unknown argument '${RED}$1${NORMAL}' for lynis generate" ;; + esac +else + ${ECHOCMD} "\n ${WHITE}Provide an additional argument${NORMAL}\n\n" + for ITEM in ${GENERATE_ARGS}; do + ${ECHOCMD} " lynis generate ${BROWN}${ITEM}${NORMAL}" + done + ${ECHOCMD} "\n" + ${ECHOCMD} "" + ${ECHOCMD} "Extended help about the generate command can be provided with: $0 show commands generate" +fi + + +ExitClean + +# The End diff --git a/include/helper_show b/include/helper_show index 6e0738e6..a696b0e7 100644 --- a/include/helper_show +++ b/include/helper_show @@ -94,6 +94,17 @@ AUDIT_HELP=" " +GENERATE_ARGS="( --save )" +GENERATE_HELP=" + Generate random value for hostid and hostid2 + ${WHITE}lynis generate hostids${NORMAL} + + Generate and save values + ${WHITE}lynis generate hostids --save${NORMAL} + +" + + UPDATE_ARGS="check info" UPDATE_HELP=" ${CYAN}update info${NORMAL} @@ -274,6 +285,7 @@ if [ $# -gt 0 ]; then shift case $1 in "audit") ${ECHOCMD} "${AUDIT_HELP}" ;; + "generate") ${ECHOCMD} "${GENERATE_HELP}" ;; "show") ${ECHOCMD} "${SHOW_HELP}" ;; "update") ${ECHOCMD} "${UPDATE_HELP}" ;; "upload-only") ${ECHOCMD} "${UPLOAD_ONLY_HELP}" ;; diff --git a/include/parameters b/include/parameters index 96d63524..f3845526 100644 --- a/include/parameters +++ b/include/parameters @@ -111,6 +111,24 @@ break ;; + # Generate data + generate) + CHECK_BINARIES=0 + HELPER="generate" + LOGTEXT=0 + QUIET=1 + RUN_HELPERS=1 + RUN_TESTS=0 + RUN_UPDATE_CHECK=0 + SKIP_GETHOSTID=1 + SKIP_PLUGINS=1 + SKIP_VM_DETECTION=1 + SHOW_PROGRAM_DETAILS=0 + SHOW_TOOL_TIPS=0 + shift; HELPER_PARAMS="$@" + break + ;; + # Show Lynis details show) CHECK_BINARIES=0 |