diff options
| -rw-r--r-- | CHANGELOG.md | 9 | ||||
| -rw-r--r-- | db/tests.db | 2 | ||||
| -rw-r--r-- | include/osdetection | 43 | ||||
| -rw-r--r-- | include/tests_databases | 25 | ||||
| -rwxr-xr-x | lynis | 17 |
5 files changed, 63 insertions, 33 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md index 83d058b7..ad1cbeb8 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,6 +1,13 @@ # Lynis Changelog -## Lynis 3.0.8 (not released yet) +## Lynis 3.0.9 (not released yet) + +### Changed +- DBS-1820 - added newer style format for Mongo authorization setting + +--------------------------------------------------------------------------------- + +## Lynis 3.0.8 (2022-05-17) ### Added - MALW-3274 - Detect McAfee VirusScan Command Line Scanner diff --git a/db/tests.db b/db/tests.db index fe16ef9c..e4dc8fbd 100644 --- a/db/tests.db +++ b/db/tests.db @@ -136,7 +136,7 @@ FILE-7524:test:security:file_permissions::Perform file permissions check: FINT-4310:test:security:file_integrity::AFICK availability: FINT-4314:test:security:file_integrity::AIDE availability: FINT-4315:test:security:file_integrity::Check AIDE configuration file: -FINT-4316:test:security:file_integirty::Presence of AIDE database and size check: +FINT-4316:test:security:file_integrity::Presence of AIDE database and size check: FINT-4318:test:security:file_integrity::Osiris availability: FINT-4322:test:security:file_integrity::Samhain availability: FINT-4326:test:security:file_integrity::Tripwire availability: diff --git a/include/osdetection b/include/osdetection index d9b8a41c..989b1b38 100644 --- a/include/osdetection +++ b/include/osdetection @@ -777,10 +777,26 @@ ECHONB="" case ${OS} in - "AIX") ECHOCMD="echo"; ECHONB="printf" ;; - "DragonFly"|"FreeBSD"|"NetBSD") ECHOCMD="echo -e"; ECHONB="echo -n" ;; - "macOS" | "Mac OS X") ECHOCMD="echo"; ECHONB="/bin/echo -n" ;; - "Solaris") ECHOCMD="echo" ; test -f /usr/ucb/echo && ECHONB="/usr/ucb/echo -n" ;; + "AIX") + ECHOCMD="echo"; + ECHONB="printf" + ;; + "DragonFly"|"FreeBSD"|"NetBSD") + ECHOCMD="echo -e" + ECHONB="echo -n" + NOW=$(date "+%s") + ;; + "macOS" | "Mac OS X") + ECHOCMD="echo" + ECHONB="/bin/echo -n" + NOW=$(date "+%s") + ;; + + "Solaris") + ECHOCMD="echo" + test -f /usr/ucb/echo && ECHONB="/usr/ucb/echo -n" + NOW=$(nawk 'BEGIN{print srand()}') + ;; "Linux") # Check if dash is used (Debian/Ubuntu) DEFAULT_SHELL=$(ls -l /bin/sh | awk -F'>' '{print $2}') @@ -788,10 +804,14 @@ " dash") ECHOCMD="/bin/echo -e" ;; *) ECHOCMD="echo -e" ;; esac + NOW=$(date "+%s") + ;; + *) + ECHOCMD="echo -e" + NOW=$(date "+%s") ;; - *) ECHOCMD="echo -e" ;; esac - + # Check if we have full featured commands, or are using BusyBox as a shell if [ -x /bin/busybox ]; then if [ -L /bin/ps ]; then @@ -820,13 +840,10 @@ if [ -n "${EOL_TIMESTAMP}" ]; then EOL_DATE=$(awk -v value="${FIND}" -F: '{if ($1=="os" && value ~ $2){print $3}}' ${DBDIR}/software-eol.db | head -n 1) if [ -n "${EOL_DATE}" ]; then - NOW=$(date "+%s") - if [ -n "${NOW}" ]; then - if [ ${NOW} -gt ${EOL_TIMESTAMP} ]; then - EOL=1 - else - EOL=0 - fi + if [ ${NOW} -gt ${EOL_TIMESTAMP} ]; then + EOL=1 + else + EOL=0 fi else EOL=0 diff --git a/include/tests_databases b/include/tests_databases index f5bc22ae..e973d23f 100644 --- a/include/tests_databases +++ b/include/tests_databases @@ -127,12 +127,25 @@ for FILE in ${MONGO_CONF_FILES}; do if [ -f ${FILE} ]; then LogText "Result: found MongoDB configuration file (${FILE})" - LogText "Test: determine authorization setting in new style YAML format" - AUTH_IN_CONFIG=$(${GREPBINARY} "authorization: enabled" ${FILE} | ${GREPBINARY} -E -v "(^#|#auth)") - if HasData "${AUTH_IN_CONFIG}"; then - LogText "Result: GOOD, found authorization option enabled in configuration file (YAML format)" - MONGODB_AUTHORIZATION_ENABLED=1 - else + # YAML with quotes + if [ ${MONGODB_AUTHORIZATION_ENABLED} -eq 0 ]; then + LogText "Test: determine authorization setting in new style YAML format" + AUTH_IN_CONFIG=$(${GREPBINARY} "authorization: \"enabled\"" ${FILE} | ${GREPBINARY} -E -v "(^#|#auth)") + if HasData "${AUTH_IN_CONFIG}"; then + LogText "Result: GOOD, found authorization option enabled in configuration file (YAML format with quotes)" + MONGODB_AUTHORIZATION_ENABLED=1 + fi + fi + # YAML without quotes + if [ ${MONGODB_AUTHORIZATION_ENABLED} -eq 0 ]; then + AUTH_IN_CONFIG=$(${GREPBINARY} "authorization: enabled" ${FILE} | ${GREPBINARY} -E -v "(^#|#auth)") + if HasData "${AUTH_IN_CONFIG}"; then + LogText "Result: GOOD, found authorization option enabled in configuration file (YAML format without quotes)" + MONGODB_AUTHORIZATION_ENABLED=1 + fi + fi + # Old style + if [ ${MONGODB_AUTHORIZATION_ENABLED} -eq 0 ]; then LogText "Result: did NOT find authorization option enabled in configuration file (with YAML format)" LogText "Test: now searching for old style configuration (auth = true) in configuration file" AUTH_IN_CONFIG=$(${GREPBINARY} "auth = true" ${FILE} | ${GREPBINARY} -v "noauth" | ${GREPBINARY} -E -v "(^#|#auth)") @@ -43,9 +43,9 @@ PROGRAM_WEBSITE="https://cisofy.com/lynis/" # Version details - PROGRAM_RELEASE_DATE="2022-01-31" - PROGRAM_RELEASE_TIMESTAMP=1643632222 - PROGRAM_RELEASE_TYPE="pre-release" # pre-release or release + PROGRAM_RELEASE_DATE="2022-05-17" + PROGRAM_RELEASE_TIMESTAMP=1652791205 + PROGRAM_RELEASE_TYPE="release" # pre-release or release PROGRAM_VERSION="3.0.8" # Source, documentation and license @@ -514,7 +514,7 @@ ${NORMAL} . ${INCLUDEDIR}/osdetection Display --indent 2 --text "- Detecting OS... " --result "${STATUS_DONE}" --color GREEN - # Check hostname + # Check hostname and get timestamp case ${OS} in HP-UX) HOSTNAME=$(hostname) ;; @@ -531,7 +531,6 @@ ${NORMAL} if [ "${OS}" = "Linux" -a "${HOSTNAME}" = "${FQDN}" ]; then FQDN=$(hostname -f 2> /dev/null) fi - # ################################################################################# # @@ -789,16 +788,10 @@ ${NORMAL} fi fi - # Test for older releases, without testing via update mechanism - if [ "${OS}" = "Solaris" ]; then - NOW=$(nawk 'BEGIN{print srand()}') - else - NOW=$(date "+%s") - fi - OLD_RELEASE=0 TIME_DIFFERENCE_CHECK=10368000 # 4 months RELEASE_PLUS_TIMEDIFF=$((PROGRAM_RELEASE_TIMESTAMP + TIME_DIFFERENCE_CHECK)) + NOW=$(date "+%s") if [ ${NOW} -gt ${RELEASE_PLUS_TIMEDIFF} ]; then # Show if release is old, only if we didn't show it with normal update check if [ ${UPDATE_AVAILABLE} -eq 0 ]; then |