diff options
| -rw-r--r-- | CHANGELOG.md | 17 | ||||
| -rw-r--r-- | TODO.md | 17 | ||||
| -rw-r--r-- | db/languages/es | 102 | ||||
| -rw-r--r-- | include/binaries | 4 | ||||
| -rw-r--r-- | include/consts | 2 | ||||
| -rw-r--r-- | include/functions | 113 | ||||
| -rw-r--r-- | include/osdetection | 14 | ||||
| -rwxr-xr-x | lynis | 28 |
8 files changed, 226 insertions, 71 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md index 0f7c74ab..32f51ac4 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,6 +1,18 @@ # Lynis Changelog -## Lynis 3.0.5 (not released yet) +## Lynis 3.0.6 (not released yet) + +### Added +- OS detection: Artix Linux, macOS Monterey, NethServer + +### Changed +- GetHostID function: fallback options added for Linux systems +- Fix: macOS Big Sur detection +- Fix: show correct text when egrep is missing + +--------------------------------------------------------------------------------- + +## Lynis 3.0.5 (2021-07-02) ### Added - OS detection of Arch Linux 32, BunsenLabs Linux, and Rocky Linux @@ -10,6 +22,9 @@ - ACCT-9622 - Corrected typo - HRDN-7231 - When calling wc, use the short -l flag instead of --lines (Busybox compatibility) - PKGS-7320 - extended to Arch Linux 32 +- Generation of host identifiers (hostid/hostid2) extended +- Linux host identifiers are now using ip as preferred input source +- Improved logging in several areas --------------------------------------------------------------------------------- diff --git a/TODO.md b/TODO.md new file mode 100644 index 00000000..baf9e498 --- /dev/null +++ b/TODO.md @@ -0,0 +1,17 @@ + +# To Do + +There are always thing to do, right?! + +Like to help? See CONTRIBUTING.md for more details. + +## Remove deprecated tools + +Remove usage of `egrep` and `fgrep`. Replace with `grep` or `grep -E`. + +### Rationale: +The egrep/fgrep commands are deprecated. Although often linked on Linux distributions, here is an example where `egrep` is missing on an embedded Linux distribution: https://github.com/CISOfy/lynis/issues/1191 + +[The Open Group Base Specifications Issue 7, 2018 edition](https://pubs.opengroup.org/onlinepubs/9699919799/) + +> This grep has been enhanced in an upwards-compatible way to provide the exact functionality of the historical egrep and fgrep commands as well. It was the clear intention of the standard developers to consolidate the three greps into a single command.
\ No newline at end of file diff --git a/db/languages/es b/db/languages/es index 913374d3..fceb261f 100644 --- a/db/languages/es +++ b/db/languages/es @@ -1,38 +1,108 @@ -GEN_PHASE="fase" +ERROR_NO_LICENSE="No se ha configurado una clave de licencia" +ERROR_NO_UPLOAD_SERVER="No se ha configurado un servidor para subidas" GEN_CHECKING="Revisando" GEN_CURRENT_VERSION="Versión actual" GEN_DEBUG_MODE="Modo de depuración" GEN_INITIALIZE_PROGRAM="Iniciando la aplicación" +GEN_LATEST_VERSION="Última versión" +GEN_PHASE="fase" GEN_PLUGINS_ENABLED="Plugins activados" -GEN_VERBOSE_MODE="Modo detallado" GEN_UPDATE_AVAILABLE="Actualización disponible" +GEN_VERBOSE_MODE="Modo detallado" GEN_WHAT_TO_DO="Qué hacer" -NOTE_EXCEPTIONS_FOUND="Excepciones Encontradas" NOTE_EXCEPTIONS_FOUND_DETAILED="Se encontró alguna excepción o evento extraordinario" +NOTE_EXCEPTIONS_FOUND="Excepciones encontradas" NOTE_PLUGINS_TAKE_TIME="Nota: los plugins contienen pruebas más extensivas y toman más tiempo" +NOTE_SKIPPED_TESTS_NON_PRIVILEGED="Pruebas omitidas, debido a que el modo no privilegiado está activo" +SECTION_ACCOUNTING="Contabilidad" +SECTION_BANNERS_AND_IDENTIFICATION="Banners e identificación" +SECTION_BASICS="Básicos" +SECTION_BOOT_AND_SERVICES="Arranque y servicios" +SECTION_CONTAINERS="Contenedores" +SECTION_CRYPTOGRAPHY="Criptografía" SECTION_CUSTOM_TESTS="Pruebas personalizadas" +SECTION_DATA_UPLOAD="Subida de datos" +SECTION_DATABASES="Bases de datos" +SECTION_DOWNLOADS="Descargas" +SECTION_EMAIL_AND_MESSAGING="Software: correo electrónico y mensajería" +SECTION_FILE_INTEGRITY="Software: integridad de ficheros" +SECTION_FILE_PERMISSIONS="Permisos de ficheros" +SECTION_FILE_SYSTEMS="Sistemas de ficheros" +SECTION_FIREWALLS="Software: firewalls" +SECTION_GENERAL="General" +SECTION_HARDENING="Bastionado" +SECTION_HOME_DIRECTORIES="Directorios de inicio" +SECTION_IMAGE="Imagen" +SECTION_INITIALIZING_PROGRAM="Inicializando programa" +SECTION_INSECURE_SERVICES="Servicios inseguros" +SECTION_KERNEL_HARDENING="Bastionado del kernel" +SECTION_KERNEL="Kernel" +SECTION_LDAP_SERVICES="Servicios LDAP" +SECTION_LOGGING_AND_FILES="Logging y ficheros" SECTION_MALWARE="Malware" -SECTION_MEMORY_AND_PROCESSES="Memoria y Procesos" +SECTION_MALWARE="Software: Malware" +SECTION_MEMORY_AND_PROCESSES="Memoria y procesos" +SECTION_NAME_SERVICES="Servicios de nombres" +SECTION_NETWORKING="Conectividad" +SECTION_PERMISSIONS="Permisos" +SECTION_PORTS_AND_PACKAGES="Puertos y paquetes" +SECTION_PRINTERS_AND_SPOOLS="Impresoras y spools" +SECTION_PROGRAM_DETAILS="Detalles del programa" +SECTION_SCHEDULED_TASKS="Tareas programadas" +SECTION_SECURITY_FRAMEWORKS="Frameworks de seguridad" +SECTION_SHELLS="Shells" +SECTION_SNMP_SUPPORT="Soporte SNMP" +SECTION_SOFTWARE="Software" +SECTION_SQUID_SUPPORT="Soporte Squid" +SECTION_SSH_SUPPORT="Soporte SSH" +SECTION_STORAGE="Almacenamiento" +SECTION_SYSTEM_INTEGRITY="Software: Integridad del sistema" +SECTION_SYSTEM_TOOLING="Software: Herramientas del sistema" +SECTION_SYSTEM_TOOLS="Herramientas del sistema" +SECTION_TIME_AND_SYNCHRONIZATION="Tiempo y sincronización" +SECTION_USB_DEVICES="Dispositivos USB" +SECTION_USERS_GROUPS_AND_AUTHENTICATION="Usuarios, grupos y autenticación" +SECTION_VIRTUALIZATION="Virtualización" +SECTION_WEBSERVER="Software: servidor web" +STATUS_ACTIVE="ACTIVO" +STATUS_CHECK_NEEDED="NECESITA VERIFICACIÓN" +STATUS_DEBUG="DEPURACIÓN" +STATUS_DEFAULT="POR DEFECTO" +STATUS_DIFFERENT="DIFERENTE" +STATUS_DISABLED="DESHABILITADO" STATUS_DONE="HECHO" +STATUS_ENABLED="HABILITADO" +STATUS_ERROR="ERROR" +STATUS_EXPOSED="EXPUESTO" +STATUS_FAILED="FALLADO" +STATUS_FILES_FOUND="ARCHIVOS ENCONTRADOS" STATUS_FOUND="ENCONTRADO" -STATUS_YES="SI" +STATUS_HARDENED="BASTIONADO" +STATUS_INSTALLED="INSTALADO" +STATUS_LOCAL_ONLY="SOLO LOCAL" +STATUS_MEDIUM="MEDIO" +STATUS_NO_UPDATE="SIN ACTUALIZACIÓN" STATUS_NO="NO" -STATUS_OFF="OFF" -STATUS_OK="OK" -STATUS_ON="ON" -STATUS_NONE="NONE" +STATUS_NON_DEFAULT="NO POR DEFECTO" +STATUS_NONE="NINGUNO" +STATUS_NOT_CONFIGURED="NO CONFIGURADO" +STATUS_NOT_DISABLED="NO DESHABILITADO" +STATUS_NOT_ENABLED="NO HABILITADO" STATUS_NOT_FOUND="NO ENCONTRADO" STATUS_NOT_RUNNING="NO ESTÁ CORRIENDO" +STATUS_OFF="APAGADO" +STATUS_OK="OK" +STATUS_ON="ENCENDIDO" +STATUS_PARTIALLY_HARDENED="PARCIALMENTE BASTIONADO" +STATUS_PROTECTED="PROTEGIDO" STATUS_RUNNING="CORRIENDO" STATUS_SKIPPED="OMITIDO" STATUS_SUGGESTION="SUGERENCIA" STATUS_UNKNOWN="DESCONOCIDO" +STATUS_UNSAFE="INSEGURO" +STATUS_UPDATE_AVAILABLE="ACTUALIZACIÓN DISPONIBLE" STATUS_WARNING="PELIGRO" -TEXT_YOU_CAN_HELP_LOGFILE="Puedes ayudar compartiendo tu archivo de log" +STATUS_WEAK="DÉBIL" +STATUS_YES="SÍ" TEXT_UPDATE_AVAILABLE="Actualización disponible" -NOTE_SKIPPED_TESTS_NON_PRIVILEGED="Pruebas omitidas, debido a que el modo no privilegiado está activo" -STATUS_DISABLED="DESACTIVADO" -STATUS_ENABLED="ENABLED" -STATUS_ERROR="ERROR" -ERROR_NO_LICENSE="No se ha configurado una clave de licencia" -ERROR_NO_UPLOAD_SERVER="No se ha configurado un servidor para subidas" +TEXT_YOU_CAN_HELP_LOGFILE="Puedes ayudar compartiendo tu archivo de registro" diff --git a/include/binaries b/include/binaries index 95182a2f..fb8147ce 100644 --- a/include/binaries +++ b/include/binaries @@ -203,7 +203,7 @@ logrotate) LOGROTATEBINARY="${BINARY}"; LogText " Found known binary: logrotate (log rotation tool) - ${BINARY}" ;; ls) LSBINARY="${BINARY}"; LogText " Found known binary: ls (file listing) - ${BINARY}" ;; lsattr) LSATTRBINARY="${BINARY}"; LogText " Found known binary: lsattr (file attributes) - ${BINARY}" ;; - lsblk) LSBLKBINARY="${BINARY}"; LogText " Found known binary: lsblk (block devices) - ${BINARY}" ;; + lsblk) LSBLKBINARY="${BINARY}"; LogText " Found known binary: lsblk (block devices) - ${BINARY}" ;; lsmod) LSMODBINARY="${BINARY}"; LogText " Found known binary: lsmod (kernel modules) - ${BINARY}" ;; lsof) LSOFBINARY="${BINARY}" @@ -340,7 +340,7 @@ [ "${AWKBINARY:-}" ] || ExitFatal "awk binary not found" [ "${CAT_BINARY:-}" ] || ExitFatal "cat binary not found" [ "${CUTBINARY:-}" ] || ExitFatal "cut binary not found" - [ "${EGREPBINARY:-}" ] || ExitFatal "grep binary not found" + [ "${EGREPBINARY:-}" ] || ExitFatal "egrep binary not found" [ "${FINDBINARY:-}" ] || ExitFatal "find binary not found" [ "${GREPBINARY:-}" ] || ExitFatal "grep binary not found" [ "${HEADBINARY:-}" ] || ExitFatal "head binary not found" diff --git a/include/consts b/include/consts index fedc7bd7..33a0af22 100644 --- a/include/consts +++ b/include/consts @@ -133,7 +133,9 @@ ETC_PATHS="/etc /usr/local/etc" HEADBINARY="" HELPER="" HOSTID="" + HOSTID_GEN="unknown" HOSTID2="" + HOSTID2_GEN="unknown" HTTPDBINARY="" IDS_IPS_TOOL_FOUND=0 IFCONFIGBINARY="" diff --git a/include/functions b/include/functions index 62ffdfc5..6c4d76c7 100644 --- a/include/functions +++ b/include/functions @@ -899,20 +899,22 @@ ################################################################################ GetHostID() { - if [ ${SKIP_GETHOSTID} -eq 1 ]; then + Debug "Skipping HostID generation due to SKIP_GETHOSTID" return 2 fi if [ -n "${HOSTID}" -a -n "${HOSTID2}" ]; then Debug "Skipping creation of host identifiers, as they are already configured (via profile)" + HOSTID_GEN="profile" return 2 fi if [ -f "${ROOTDIR}etc/lynis/hostids" ]; then - Debug "Used hostids file to fetch values" HOSTID=$(grep "^hostid=" ${ROOTDIR}etc/lynis/hostids | awk -F= '{print $2}') HOSTID2=$(grep "^hostid2=" ${ROOTDIR}etc/lynis/hostids | awk -F= '{print $2}') + Debug "Used hostids file to fetch values" + HOSTID_GEN="hostids-file" return 0 fi @@ -940,7 +942,7 @@ fi if [ ! "${SHA1SUMBINARY}" = "" -o ! "${OPENSSLBINARY}" = "" -o ! "${CSUMBINARY}" = "" ]; then - + LogText "Info: found hashing tool, start generation of HostID" case "${OS}" in "AIX") @@ -988,15 +990,49 @@ ;; "Linux") + # Try fetching information from /sys in case 'ip' is not available or does not give expected results + if IsEmpty "${FIND}" && [ -d /sys/class/net ]; then + NET_INTERFACES=$(${FINDBINARY} /sys/class/net ! -type d -exec realpath {} \; 2> /dev/null | sort | awk -F'/' '!/virtual/ && /devices/ {for (x=1;x<=NF;x++) if ($x~"net") print $(x+1)}') + for INTERFACE in ${NET_INTERFACES}; do + if grep -q -s 'up' "/sys/class/net/${INTERFACE}/operstate"; then + LogText "Interface '${INTERFACE}' is up, fetching MAC address" + FIND=$(head -1 "/sys/class/net/${INTERFACE}/address" | tr '[:upper:]' '[:lower:]') + if HasData "${FIND}"; then + HOSTID_GEN="linux-sys-interface-up" + break + fi + fi + done + fi - # Future change - # Show brief output of ip of links that are UP. Filter out items like 'UNKNOWN' in col 2 - # Using the {2} syntax does not work on all systems - # ip -br link show up | sort | awk '$2=="UP" && $3 ~ /^[a-f0-9][a-f0-9]:/ {print $3}' + # Next is to try ip, as it is available to most modern Linux distributions + if IsEmpty "${FIND}" && [ -n "${IPBINARY}" ]; then + LogText "Info: trying output from 'ip' to generate HostID" + # Determine if we have the common available eth0 interface. If so, give that priority. + # Note: apply sorting in case there would be multiple MAC addresses linked to increase predictable end result + FIND=$(${IPBINARY} addr show eth0 2> /dev/null | grep -E "link/ether " | awk '{ print $2 }' | tr '[:upper:]' '[:lower:]' | sort | head -1) + if HasData "${FIND}"; then + HOSTID_GEN="linux-ip-interface-eth0" + else + # If eth0 does not exist, which is also common, then trying the next option: + # 1) First fetch all links that are UP + # 2) Filter entries that have a MAC address and filter out Docker related MAC addresses starting with '02:42:' + # 3) Convert everything to lowercase + # 4) Sort the entries, so that the output is more predictable between runs when the same interfaces are available + # 5) Select first entry + FIND=$(${IPBINARY} -family link addr show up 2> /dev/null | awk '{if($1=="link/ether" && $2 !~ "^02:42:"){print $2}}' | tr '[:upper:]' '[:lower:]' | sort | head -1) + if HasData "${FIND}"; then + HOSTID_GEN="linux-ip-interface-up-other" + else + ReportException "GetHostID" "Can't create hostid (no MAC addresses found)" + fi + fi + fi - # Use ifconfig - if [ -n "${IFCONFIGBINARY}" ]; then - # Determine if we have the eth0 interface (not all Linux distro have this, e.g. Arch) + # Finally try ifconfig + if IsEmpty "${FIND}" && [ -n "${IFCONFIGBINARY}" ]; then + LogText "Info: no information found from 'ip' or in /sys, trying output from 'ifconfig'" + # Determine if we have the eth0 interface (not all Linux distributions have this, e.g. Arch) HASETH0=$(${IFCONFIGBINARY} | grep "^eth0") # Check if we can find it with HWaddr on the line FIND=$(${IFCONFIGBINARY} 2> /dev/null | grep "^eth0" | grep -v "eth0:" | grep HWaddr | awk '{ print $5 }' | tr '[:upper:]' '[:lower:]') @@ -1009,42 +1045,34 @@ # If not, then falling back to getting first interface. Better than nothing. if HasData "${HASETH0}"; then FIND=$(${IFCONFIGBINARY} eth0 2> /dev/null | grep "ether " | awk '{ print $2 }' | tr '[:upper:]' '[:lower:]') + if HasData "${FIND}"; then + HOSTID_GEN="linux-ifconfig-interface-eth0-ether" + fi else FIND=$(${IFCONFIGBINARY} 2> /dev/null | grep "ether " | awk '{ print $2 }' | head -1 | tr '[:upper:]' '[:lower:]') if IsEmpty "${FIND}"; then ReportException "GetHostID" "No eth0 found (and no ether was found with ifconfig)" else - LogText "Result: No eth0 found (ether found), using first network interface to determine hostid (with ifconfig)" + HOSTID_GEN="linux-ifconfig-interface-first-ether" + LogText "Result: No eth0 found (but ether found), using first network interface to determine hostid (with ifconfig)" fi fi else FIND=$(${IFCONFIGBINARY} 2> /dev/null | grep HWaddr | head -1 | awk '{ print $5 }' | tr '[:upper:]' '[:lower:]') - LogText "GetHostID: No eth0 found (but HWaddr was found), using first network interface to determine hostid, with ifconfig" - fi - fi - - elif [ -n "${IPBINARY}" ]; then - # Determine if we have the common available eth0 interface - FIND=$(${IPBINARY} addr show eth0 2> /dev/null | grep -E "link/ether " | head -1 | awk '{ print $2 }' | tr '[:upper:]' '[:lower:]') - if IsEmpty "${FIND}"; then - # Determine the MAC address of first interface with the ip command - FIND=$(${IPBINARY} addr show 2> /dev/null | grep -E "link/ether " | head -1 | awk '{ print $2 }' | tr '[:upper:]' '[:lower:]') - if IsEmpty "${FIND}"; then - ReportException "GetHostID" "Can't create hostid (no MAC addresses found)" + HOSTID_GEN="linux-ifconfig-interface-first-hwaddr" fi + else + HOSTID_GEN="linux-ifconfig-interface-eth0-hwaddr" fi - else - ReportException "GetHostID" "Both ip and ifconfig tools are missing" - fi - # Check if we found a HostID + # Check if we found a MAC address to generate the HostID if HasData "${FIND}"; then - LogText "Info: using hardware address ${FIND} to create ID" + LogText "Info: using hardware address '${FIND}' to create HostID" HOSTID=$(echo ${FIND} | ${SHA1SUMBINARY} | awk '{ print $1 }') LogText "Result: Found HostID: ${HOSTID}" else - ReportException "GetHostID" "Can't create HOSTID, command ip not found" + ReportException "GetHostID" "HostID could not be generated" fi ;; @@ -1100,9 +1128,9 @@ done if [ ${FOUND} -eq 1 ]; then FIND=$(${IFCONFIGBINARY} ${I} | grep ether | awk '{ if ($1=="ether") { print $2 }}') - if [ ! "${SHA1SUMBINARY}" = "" ]; then + if [ -n "${SHA1SUMBINARY}" ]; then HOSTID=$(echo ${FIND} | ${SHA1SUMBINARY} | awk '{ print $1 }') - elif [ ! "${OPENSSLBINARY}" = "" ]; then + elif [ -n "${OPENSSLBINARY}" ]; then HOSTID=$(echo ${FIND} | ${OPENSSLBINARY} sha -sha1 | awk '{ print $2 }') else ReportException "GetHostID" "Can not find sha1/sha1sum or openssl" @@ -1116,8 +1144,9 @@ ReportException "GetHostID" "Can't create HOSTID as OS is not supported yet by this function" ;; esac + # Remove HOSTID if it contains a default MAC address with a related hash value - if [ ! "${HOSTID}" = "" ]; then + if [ -n "${HOSTID}" ]; then for CHECKHASH in ${BLACKLISTED_HASHES}; do if [ "${CHECKHASH}" = "${HOSTID}" ]; then LogText "Result: hostid is a blacklisted value" @@ -1125,6 +1154,7 @@ fi done fi + else ReportException "GetHostID" "Can't create HOSTID as there is no SHA1 hash tool available (sha1, sha1sum, openssl)" fi @@ -1152,6 +1182,7 @@ if [ -n "${SHA1SUMBINARY}" ]; then HOSTID=$(${SHA1SUMBINARY} /etc/ssh/${I} | awk '{ print $1 }') LogText "result: Created HostID with SSH key ($I): ${HOSTID}" + HOSTID_GEN="fallback-ssh-public-key" else ReportException "GetHostID" "Can't create HOSTID with SSH key, as sha1sum binary is missing" fi @@ -1163,9 +1194,9 @@ fi fi - # New style host ID - if [ "${HOSTID2}" = "" ]; then - LogText "Info: creating a HostID (version 2)" + # Generation of HostID version 2 + if [ -z "${HOSTID2}" ]; then + LogText "Info: start generation of HostID (version 2)" FOUND=0 DATA_SSH="" # Use public keys @@ -1174,7 +1205,7 @@ for I in ${SSH_KEY_FILES}; do if [ ${FOUND} -eq 0 ]; then if [ -f /etc/ssh/${I} ]; then - LogText "Result: found file ${I} in /etc/ssh, using that to create host identifier" + LogText "Result: found file ${I} in /etc/ssh, using that as candidate to create hostid2" DATA_SSH=$(cat /etc/ssh/${I}) FOUND=1 fi @@ -1186,21 +1217,23 @@ STRING_TO_HASH="" if [ ${FOUND} -eq 1 -a -n "${DATA_SSH}" ]; then - LogText "Using SSH public key to create the second host identifier" + LogText "Using SSH public key to create hostid2" STRING_TO_HASH="${DATA_SSH}" + HOSTID2_GEN="ssh-public-key" else if [ -n "${MACHINEID}" ]; then - LogText "Using the machine ID to create the second host identifier" + LogText "Using the machine ID to create hostid2" STRING_TO_HASH="${MACHINEID}" + HOSTID2_GEN="machine-id" fi fi # Check if we have a string to turn into a host identifier if [ -n "${STRING_TO_HASH}" ]; then # Create hashes - if [ ! "${SHA256SUMBINARY}" = "" ]; then + if [ -n "${SHA256SUMBINARY}" ]; then HASH2=$(echo ${STRING_TO_HASH} | ${SHA256SUMBINARY} | awk '{ print $1 }') HASH_HOSTNAME=$(echo ${HOSTNAME} | ${SHA256SUMBINARY} | awk '{ print $1 }') - elif [ ! "${OPENSSLBINARY}" = "" ]; then + elif [ -n "${OPENSSLBINARY}" ]; then HASH2=$(echo ${STRING_TO_HASH} | ${OPENSSLBINARY} dgst -${OPENSSL_HASHTYPE} | awk '{ print $2 }') HASH_HOSTNAME=$(echo ${HOSTNAME} | ${OPENSSLBINARY} dgst -${OPENSSL_HASHTYPE} | awk '{ print $2 }') fi diff --git a/include/osdetection b/include/osdetection index 7b1e911c..60063dd1 100644 --- a/include/osdetection +++ b/include/osdetection @@ -62,7 +62,8 @@ 10.13 | 10.13.[0-9]*) OS_FULLNAME="macOS High Sierra (${OS_VERSION})" ;; 10.14 | 10.14.[0-9]*) OS_FULLNAME="macOS Mojave (${OS_VERSION})" ;; 10.15 | 10.15.[0-9]*) OS_FULLNAME="macOS Catalina (${OS_VERSION})" ;; - 11.0 | 11.0[0-9]*) OS_FULLNAME="macOS Big Sur (${OS_VERSION})" ;; + 11 | 11.[0-9]*) OS_FULLNAME="macOS Big Sur (${OS_VERSION})" ;; + 12 | 12.[0-9]*) OS_FULLNAME="macOS Monterey (${OS_VERSION})" ;; *) echo "Unknown macOS version. Do you know what version it is? Create an issue at ${PROGRAM_SOURCE}" ;; esac else @@ -173,6 +174,11 @@ OS_FULLNAME="Arch Linux 32" OS_VERSION="Rolling release" ;; + "artix") + LINUX_VERSION="Artix Linux" + OS_FULLNAME="Artix Linux" + OS_VERSION="Rolling release" + ;; "bunsenlabs") LINUX_VERSION="BunsenLabs" OS_NAME="BunsenLabs" @@ -279,6 +285,12 @@ OS_NAME="Manjaro" OS_VERSION="Rolling release" ;; + "nethserver") + LINUX_VERSION="NethServer" + OS_NAME="NethServer" + OS_REDHAT_OR_CLONE=1 + OS_VERSION=$(grep "^VERSION_ID=" /etc/os-release | awk -F= '{print $2}' | tr -d '"') + ;; "nixos") LINUX_VERSION="NixOS" OS_NAME="NixOS" @@ -43,10 +43,10 @@ PROGRAM_WEBSITE="https://cisofy.com/lynis/" # Version details - PROGRAM_RELEASE_DATE="2021-05-11" - PROGRAM_RELEASE_TIMESTAMP=1620725174 + PROGRAM_RELEASE_DATE="2021-07-08" + PROGRAM_RELEASE_TIMESTAMP=1625744373 PROGRAM_RELEASE_TYPE="pre-release" # pre-release or release - PROGRAM_VERSION="3.0.5" + PROGRAM_VERSION="3.0.6" # Source, documentation and license PROGRAM_SOURCE="https://github.com/CISOfy/lynis" @@ -970,17 +970,23 @@ ${NORMAL} # Get host ID LogTextBreak GetHostID + LogText "hostid-generation: method ${HOSTID_GEN}" + LogText "hostid2-generation: method ${HOSTID2_GEN}" # Check if result is not empty (no blank, or hash of blank value, or minus, or zeros) - if [ ! "${HOSTID}" = "-" -a ! "${HOSTID}" = "" -a ! "${HOSTID}" = "adc83b19e793491b1c6ea0fd8b46cd9f32e592fc" -a ! "${HOSTID}" = "6ef1338f520d075957424741d7ed35ab5966ae97" ]; then - LogText "Info: found valid HostID ${HOSTID}" - Report "hostid=${HOSTID}" - else - LogText "Info: no HostID found or invalid one" - fi - if [ ! "${HOSTID2}" = "" ]; then + case ${HOSTID} in + "" | "-" | "adc83b19e793491b1c6ea0fd8b46cd9f32e592fc" | "6ef1338f520d075957424741d7ed35ab5966ae97") + LogText "Info: no HostID found or invalid one" + ;; + *) + LogText "Info: HostID ${HOSTID} looks to be valid" + Report "hostid=${HOSTID}" + ;; + esac + + if [ -n "${HOSTID2}" ]; then Report "hostid2=${HOSTID2}" fi - if [ ! "${MACHINEID}" = "" ]; then + if [ -n "${MACHINEID}" ]; then LogText "Info: found a machine ID ${MACHINEID}" Report "machineid=${MACHINEID}" else |