diff options
Diffstat (limited to 'include/functions')
-rw-r--r-- | include/functions | 385 |
1 files changed, 196 insertions, 189 deletions
diff --git a/include/functions b/include/functions index c03022bc..177a297c 100644 --- a/include/functions +++ b/include/functions @@ -124,7 +124,7 @@ HPTOTAL=$((HPTOTAL + HPADDMAX)) if [ ${HPADD} -eq ${HPADDMAX} ]; then LogText "Hardening: assigned maximum number of hardening points for this item (${HPADDMAX}). Currently having ${HPPOINTS} points (out of ${HPTOTAL})" - else + else LogText "Hardening: assigned partial number of hardening points (${HPADD} of ${HPADDMAX}). Currently having ${HPPOINTS} points (out of ${HPTOTAL})" fi } @@ -151,7 +151,7 @@ FIND=$(egrep "^${SETTING};" ${SETTINGS_FILE}) if [ -z "${FIND}" ]; then echo "${SETTING};${VALUE};${DESCRIPTION};" >> ${SETTINGS_FILE} - else + else Debug "Setting '${SETTING}' was already configured, overwriting previous line '${FIND}' in ${SETTINGS_FILE} with value '${VALUE}'" # Delete line first, then add new value (inline search and replace is messy) CreateTempFile @@ -194,12 +194,12 @@ CHECKFILE=$1 if [ ! -d ${CHECKFILE} -a ! -f ${CHECKFILE} ]; then PERMS="FILE_NOT_FOUND" - else + else # If 'file' is an directory, use -d if [ -d ${CHECKFILE} ]; then FILEVALUE=$(ls -d -l ${CHECKFILE} | cut -c 2-10) PROFILEVALUE=$(grep '^permdir' ${PROFILE} | grep ":${CHECKFILE}:" | cut -d: -f3) - else + else FILEVALUE=$(ls -l ${CHECKFILE} | cut -c 2-10) PROFILEVALUE=$(grep '^permfile' ${PROFILE} | grep ":${CHECKFILE}:" | cut -d: -f3) fi @@ -218,33 +218,32 @@ ################################################################################ CheckItem() { - ITEM_FOUND=0 - RETVAL=255 - if [ $# -eq 2 ]; then - # Don't search in /dev/null, it's too empty there - if [ ! "${REPORTFILE}" = "/dev/null" ]; then - # Check if we can find the main type (with or without brackets) - LogText "Test: search string $2 in earlier discovered results" - FIND=$(egrep "^$1(\[\])?=" ${REPORTFILE} | egrep "$2") - if [ ! "${FIND}" = "" ]; then - ITEM_FOUND=1 - RETVAL=0 - LogText "Result: found search string (result: $FIND)" - else - LogText "Result: search string NOT found" - RETVAL=1 - fi - else - LogText "Skipping search, as /dev/null is being used" - fi - return ${RETVAL} - else - ReportException ${TEST_NO} "Error in function call to CheckItem" - fi + ITEM_FOUND=0 + RETVAL=255 + if [ $# -eq 2 ]; then + # Don't search in /dev/null, it's too empty there + if [ ! "${REPORTFILE}" = "/dev/null" ]; then + # Check if we can find the main type (with or without brackets) + LogText "Test: search string $2 in earlier discovered results" + FIND=$(egrep "^$1(\[\])?=" ${REPORTFILE} | egrep "$2") + if HasData "${FIND}"; then + ITEM_FOUND=1 + RETVAL=0 + LogText "Result: found search string (result: $FIND)" + else + LogText "Result: search string NOT found" + RETVAL=1 + fi + else + LogText "Skipping search, as /dev/null is being used" + fi + return ${RETVAL} + else + ReportException ${TEST_NO} "Error in function call to CheckItem" + fi } - ################################################################################ # Name : CheckUpdates() # Description : Determine if there is an update available @@ -344,12 +343,12 @@ RANDOMSTRING1=$(echo lynis-$(od -N4 -tu /dev/random | awk 'NR==1 {print $2} {}')) TEMP_FILE="/tmp/${RANDOMSTRING1}" touch ${TEMP_FILE} - else + else TEMP_FILE=$(mktemp /tmp/lynis.XXXXXXXXXX) || exit 1 fi if [ ! "${TEMP_FILE}" = "" ]; then LogText "Action: created temporary file ${TEMP_FILE}" - else + else Fatal "Could not create a temporary file" fi # Add temporary file to queue for cleanup later @@ -367,13 +366,14 @@ # Determine if a directory exists DirectoryExists() { + if [ $# -eq 0 ]; then ExitFatal "Missing parameter when calling DirectoryExists function"; fi DIRECTORY_FOUND=0 LogText "Test: checking if directory $1 exists" if [ -d $1 ]; then LogText "Result: directory $1 exists" DIRECTORY_FOUND=1 return 0 - else + else LogText "Result: directory $1 NOT found" return 1 fi @@ -434,7 +434,7 @@ Debug "Already discovered default.prf - skipping this file (${PLOC}/${PNAME})" elif [ "${PNAME}" = "custom.prf" -a ! "${CUSTOM_PROFILE}" = "" ]; then Debug "Already discovered custom.prf - skipping this file (${PLOC}/${PNAME})" - else + else if [ "${PLOC}" = "." ]; then FILE="${WORKDIR}/${PNAME}"; else FILE="${PLOC}/${PNAME}"; fi if [ -r ${FILE} ]; then PROFILES="${PROFILES} ${FILE}" @@ -460,7 +460,7 @@ echo "${RED}Fatal error: ${WHITE}No profile defined and could not find default profile${NORMAL}" echo "Search paths used --> ${tPROFILE_TARGETS}" ExitCustom 66 - else + else PROFILES=$(echo ${PROFILES} | sed 's/^ //') fi } @@ -513,10 +513,10 @@ if [ "${RESULT}" = "" ]; then RESULTPART="" - else + else if [ ${CRONJOB} -eq 0 ]; then RESULTPART=" [ ${COLOR}${RESULT}${NORMAL} ]" - else + else RESULTPART=" [ ${RESULT} ]" fi fi @@ -540,7 +540,7 @@ # Check if we already have already discovered a proper echo command tool. It not, set it default to 'echo'. if [ "${ECHOCMD}" = "" ]; then ECHOCMD="echo"; fi ${ECHOCMD} "\033[${INDENT}C${TEXT}\033[${SPACES}C${RESULTPART}${DEBUGTEXT}" - else + else echo "${TEXT}${RESULTPART}" fi fi @@ -637,7 +637,7 @@ if [ $# -eq 1 ]; then LogText "${PROGRAM_NAME} ended with exit code $1." exit $1 - else + else LogText "${PROGRAM_NAME} ended with exit code 1." exit 1 fi @@ -674,13 +674,14 @@ ################################################################################ FileExists() { + if [ $# -eq 0 ]; then ExitFatal "Missing parameter when calling FileExists function"; fi FILE_FOUND=0 LogText "Test: checking if file $1 exists" if [ -f $1 ]; then LogText "Result: file $1 exists" FILE_FOUND=1 return 0 - else + else LogText "Result: file $1 NOT found" return 1 fi @@ -718,17 +719,18 @@ # # Returns : 0 (empty), 1 (not empty) # EMPTY (0 or 1) - deprecated usage - # Usage : xyz + # Usage : if FileIsEmpty /etc/passwd; then ################################################################################ FileIsEmpty() { + if [ $# -eq 0 ]; then ExitFatal "Missing parameter when calling FileIsEmpty function"; fi EMPTY=0 LogText "Test: checking if file $1 is empty" if [ -z $1 ]; then LogText "Result: file $1 is empty" EMPTY=1 return 0 - else + else LogText "Result: file $1 is NOT empty" return 1 fi @@ -851,117 +853,117 @@ else ReportException "GetHostID" "No sha1, sha1sum, csum or openssl binary available on AIX" fi - else + else ReportException "GetHostID" "No output from entstat on interfaces: en0, ent0" fi ;; "DragonFly" | "FreeBSD") - FIND=$(${IFCONFIGBINARY} | grep ether | head -1 | awk '{ print $2 }' | tr '[:upper:]' '[:lower:]') - if [ ! "${FIND}" = "" ]; then - HOSTID=$(echo ${FIND} | sha1) - else - ReportException "GetHostID" "No MAC address returned on DragonFly or FreeBSD" - fi + FIND=$(${IFCONFIGBINARY} | grep ether | head -1 | awk '{ print $2 }' | tr '[:upper:]' '[:lower:]') + if HasData "${FIND}"; then + HOSTID=$(echo ${FIND} | sha1) + else + ReportException "GetHostID" "No MAC address returned on DragonFly or FreeBSD" + fi ;; "Linux") - # Define preferred interfaces - #PREFERRED_INTERFACES="eth0 eth1 eth2 enp0s25" - - # Only use ifconfig if no ip binary has been found - if [ ! "${IFCONFIGBINARY}" = "" ]; then - # Determine if we have ETH0 at all (not all Linux distro have this, e.g. Arch) - HASETH0=$(${IFCONFIGBINARY} | grep "^eth0") - # Check if we can find it with HWaddr on the line - FIND=$(${IFCONFIGBINARY} 2> /dev/null | grep "^eth0" | grep -v "eth0:" | grep HWaddr | awk '{ print $5 }' | tr '[:upper:]' '[:lower:]') - - # If nothing found, then try first for alternative interface. Else other versions of ifconfig (e.g. Slackware/Arch) - if [ "${FIND}" = "" ]; then - FIND=$(${IFCONFIGBINARY} 2> /dev/null | grep HWaddr) - if [ "${FIND}" = "" ]; then - # If possible directly address eth0 to avoid risking gathering the incorrect MAC address. - # If not, then falling back to getting first interface. Better than nothing. - if [ ! "${HASETH0}" = "" ]; then - FIND=$(${IFCONFIGBINARY} eth0 2> /dev/null | grep "ether " | awk '{ print $2 }' | tr '[:upper:]' '[:lower:]') - else - FIND=$(${IFCONFIGBINARY} 2> /dev/null | grep "ether " | awk '{ print $2 }' | head -1 | tr '[:upper:]' '[:lower:]') - if [ "${FIND}" = "" ]; then - ReportException "GetHostID" "No eth0 found (and no ether was found with ifconfig)" - else - LogText "Result: No eth0 found (ether found), using first network interface to determine hostid (with ifconfig)" - fi + # Define preferred interfaces + #PREFERRED_INTERFACES="eth0 eth1 eth2 enp0s25" + + # Only use ifconfig if no ip binary has been found + if [ ! "${IFCONFIGBINARY}" = "" ]; then + # Determine if we have ETH0 at all (not all Linux distro have this, e.g. Arch) + HASETH0=$(${IFCONFIGBINARY} | grep "^eth0") + # Check if we can find it with HWaddr on the line + FIND=$(${IFCONFIGBINARY} 2> /dev/null | grep "^eth0" | grep -v "eth0:" | grep HWaddr | awk '{ print $5 }' | tr '[:upper:]' '[:lower:]') + + # If nothing found, then try first for alternative interface. Else other versions of ifconfig (e.g. Slackware/Arch) + if IsEmpty "${FIND}"; then + FIND=$(${IFCONFIGBINARY} 2> /dev/null | grep HWaddr) + if IsEmpty "${FIND}"; then + # If possible directly address eth0 to avoid risking gathering the incorrect MAC address. + # If not, then falling back to getting first interface. Better than nothing. + if HasData "${HASETH0}"; then + FIND=$(${IFCONFIGBINARY} eth0 2> /dev/null | grep "ether " | awk '{ print $2 }' | tr '[:upper:]' '[:lower:]') + else + FIND=$(${IFCONFIGBINARY} 2> /dev/null | grep "ether " | awk '{ print $2 }' | head -1 | tr '[:upper:]' '[:lower:]') + if IsEmpty "${FIND}"; then + ReportException "GetHostID" "No eth0 found (and no ether was found with ifconfig)" + else + LogText "Result: No eth0 found (ether found), using first network interface to determine hostid (with ifconfig)" fi - else - FIND=$(${IFCONFIGBINARY} 2> /dev/null | grep HWaddr | head -1 | awk '{ print $5 }' | tr '[:upper:]' '[:lower:]') - LogText "GetHostID: No eth0 found (but HWaddr was found), using first network interface to determine hostid, with ifconfig" fi + else + FIND=$(${IFCONFIGBINARY} 2> /dev/null | grep HWaddr | head -1 | awk '{ print $5 }' | tr '[:upper:]' '[:lower:]') + LogText "GetHostID: No eth0 found (but HWaddr was found), using first network interface to determine hostid, with ifconfig" fi - else - # See if we can use ip binary instead - if [ ! "${IPBINARY}" = "" ]; then - # Determine if we have the common available eth0 interface - FIND=$(${IPBINARY} addr show eth0 2> /dev/null | egrep "link/ether " | head -1 | awk '{ print $2 }' | tr '[:upper:]' '[:lower:]') - if [ "${FIND}" = "" ]; then - # Determine the MAC address of first interface with the ip command - FIND=$(${IPBINARY} addr show 2> /dev/null | egrep "link/ether " | head -1 | awk '{ print $2 }' | tr '[:upper:]' '[:lower:]') - if [ "${FIND}" = "" ]; then - ReportException "GetHostID" "Can't create hostid (no MAC addresses found)" - fi + fi + else + # See if we can use ip binary instead + if [ ! "${IPBINARY}" = "" ]; then + # Determine if we have the common available eth0 interface + FIND=$(${IPBINARY} addr show eth0 2> /dev/null | egrep "link/ether " | head -1 | awk '{ print $2 }' | tr '[:upper:]' '[:lower:]') + if IsEmpty "${FIND}"; then + # Determine the MAC address of first interface with the ip command + FIND=$(${IPBINARY} addr show 2> /dev/null | egrep "link/ether " | head -1 | awk '{ print $2 }' | tr '[:upper:]' '[:lower:]') + if IsEmpty "${FIND}"; then + ReportException "GetHostID" "Can't create hostid (no MAC addresses found)" fi - else - ReportException "GetHostID" "Can't create hostid, missing both ifconfig and ip binary" fi + else + ReportException "GetHostID" "Can't create hostid, missing both ifconfig and ip binary" fi + fi - # Check if we found a HostID - if [ ! "${FIND}" = "" ]; then - LogText "Info: using hardware address ${FIND} to create ID" - HOSTID=$(echo ${FIND} | ${SHA1SUMBINARY} | awk '{ print $1 }') - LogText "Result: Found HostID: ${HOSTID}" - else - ReportException "GetHostID" "Can't create HOSTID, command ip not found" - fi + # Check if we found a HostID + if HasData "${FIND}"; then + LogText "Info: using hardware address ${FIND} to create ID" + HOSTID=$(echo ${FIND} | ${SHA1SUMBINARY} | awk '{ print $1 }') + LogText "Result: Found HostID: ${HOSTID}" + else + ReportException "GetHostID" "Can't create HOSTID, command ip not found" + fi ;; "macOS") - FIND=$(${IFCONFIGBINARY} en0 | grep ether | head -1 | awk '{ print $2 }' | tr '[:upper:]' '[:lower:]') - if [ ! "${FIND}" = "" ]; then - HOSTID=$(echo ${FIND} | shasum | awk '{ print $1 }') - else - ReportException "GetHostID" "No MAC address returned on macOS" - fi - LYNIS_HOSTID2_PART1=$(hostname -s) - if [ ! -z "${LYNIS_HOSTID2_PART1}" ]; then - LogText "Info: using hostname ${LYNIS_HOSTID2_PART1}" - LYNIS_HOSTID2_PART2=$(sysctl -n kern.uuid 2> /dev/null) - if [ ! -z "${LYNIS_HOSTID2_PART2}" ]; then - LogText "Info: using UUID ${LYNIS_HOSTID2_PART2}" - else - LogText "Info: could not create HOSTID2 as kern.uuid sysctl key is missing" - fi - HOSTID2=$(echo "${LYNIS_HOSTID2_PART1}${LYNIS_HOSTID2_PART2}" | shasum -a 256 | awk '{ print $1 }') - else - LogText "Info: could not create HOSTID2 as hostname is missing" - fi + FIND=$(${IFCONFIGBINARY} en0 | grep ether | head -1 | awk '{ print $2 }' | tr '[:upper:]' '[:lower:]') + if [ ! "${FIND}" = "" ]; then + HOSTID=$(echo ${FIND} | shasum | awk '{ print $1 }') + else + ReportException "GetHostID" "No MAC address returned on macOS" + fi + LYNIS_HOSTID2_PART1=$(hostname -s) + if [ ! -z "${LYNIS_HOSTID2_PART1}" ]; then + LogText "Info: using hostname ${LYNIS_HOSTID2_PART1}" + LYNIS_HOSTID2_PART2=$(sysctl -n kern.uuid 2> /dev/null) + if [ ! -z "${LYNIS_HOSTID2_PART2}" ]; then + LogText "Info: using UUID ${LYNIS_HOSTID2_PART2}" + else + LogText "Info: could not create HOSTID2 as kern.uuid sysctl key is missing" + fi + HOSTID2=$(echo "${LYNIS_HOSTID2_PART1}${LYNIS_HOSTID2_PART2}" | shasum -a 256 | awk '{ print $1 }') + else + LogText "Info: could not create HOSTID2 as hostname is missing" + fi ;; "NetBSD") - FIND=$(${IFCONFIGBINARY} -a | grep "address:" | head -1 | awk '{ print $2 }' | tr '[:upper:]' '[:lower:]') - if [ ! "${FIND}" = "" ]; then - HOSTID=$(echo ${FIND} | sha1) - else - ReportException "GetHostID" "No MAC address returned on NetBSD" - fi + FIND=$(${IFCONFIGBINARY} -a | grep "address:" | head -1 | awk '{ print $2 }' | tr '[:upper:]' '[:lower:]') + if HasData "${FIND}"; then + HOSTID=$(echo ${FIND} | sha1) + else + ReportException "GetHostID" "No MAC address returned on NetBSD" + fi ;; "OpenBSD") - FIND=$(${IFCONFIGBINARY} | grep "lladdr " | head -1 | awk '{ print $2 }' | tr '[:upper:]' '[:lower:]') - if [ ! "${FIND}" = "" ]; then - HOSTID=$(echo ${FIND} | sha1) - else - ReportException "GetHostID" "No MAC address returned on OpenBSD" - fi + FIND=$(${IFCONFIGBINARY} | grep "lladdr " | head -1 | awk '{ print $2 }' | tr '[:upper:]' '[:lower:]') + if HasData "${FIND}"; then + HOSTID=$(echo ${FIND} | sha1) + else + ReportException "GetHostID" "No MAC address returned on OpenBSD" + fi ;; "Solaris") @@ -979,10 +981,10 @@ HOSTID=$(echo ${FIND} | ${SHA1SUMBINARY} | awk '{ print $1 }') elif [ ! "${OPENSSLBINARY}" = "" ]; then HOSTID=$(echo ${FIND} | ${OPENSSLBINARY} sha -sha1 | awk '{ print $2 }') - else + else ReportException "GetHostID" "Can not find sha1/sha1sum or openssl" fi - else + else ReportException "GetHostID" "No interface found op Solaris to create HostID" fi ;; @@ -1000,7 +1002,7 @@ fi done fi - else + else ReportException "GetHostID" "Can't create HOSTID as there is no SHA1 hash tool available (sha1, sha1sum, openssl)" fi @@ -1027,13 +1029,13 @@ if [ ! "${SHA1SUMBINARY}" = "" ]; then HOSTID=$(cat /etc/ssh/${I} | ${SHA1SUMBINARY} | awk '{ print $1 }') LogText "result: Created HostID with SSH key ($I): ${HOSTID}" - else + else ReportException "GetHostID" "Can't create HOSTID with SSH key, as sha1sum binary is missing" fi fi fi done - else + else LogText "Result: no /etc/ssh directory found, skipping" fi fi @@ -1055,7 +1057,7 @@ fi fi done - else + else LogText "Result: no /etc/ssh directory found, skipping" fi @@ -1216,10 +1218,10 @@ ################################################################################ IsEmpty() { - if [ $# -eq 1 ]; then - if [ -z "$1" ]; then return 0; else return 1; fi - else + if [ $# -eq 0 ]; then ExitFatal "Function IsEmpty called without parameters - look in log to determine where this happened, or use sh -x lynis to see all details." + else + if [ -z "$1" ]; then return 0; else return 1; fi fi } @@ -1232,6 +1234,7 @@ ################################################################################ IsRunning() { + if [ $# -eq 0 ]; then ExitFatal "Missing parameter when calling IsRunning function"; fi RUNNING=0 PSOPTIONS="" if [ ${SHELL_IS_BUSYBOX} -eq 0 ]; then PSOPTIONS=" ax"; fi @@ -1240,7 +1243,7 @@ RUNNING=1 LogText "IsRunning: process '$1' found (${FIND})" return 0 - else + else LogText "IsRunning: process '$1' not found" return 1 fi @@ -1290,14 +1293,14 @@ if [ "${PERMS}" = "" ]; then PERMS=$(ls -n ${FILE} | ${AWKBINARY} '{ print $3":"$4 }') fi - else + else ReportException "IsOwnedByRoot" "Functions needs 1 argument" return 255 fi if [ "${PERMS}" = "0:0" ]; then if IsDeveloperMode; then LogText "Debug: found incorrect file permissions on ${FILE}"; fi return 0 - else + else return 1 fi } @@ -1340,10 +1343,10 @@ LogText "Result: facter says this machine is not a virtual" ;; esac - else + else LogText "Result: facter utility not found" fi - else + else LogText "Result: skipped facter test, as we already found machine type" fi @@ -1356,10 +1359,10 @@ LogText "Result: found ${FIND}" SHORT="${FIND}" fi - else + else LogText "Result: systemd-detect-virt not found" fi - else + else LogText "Result: skipped systemd test, as we already found machine type" fi @@ -1372,13 +1375,13 @@ if [ ! "${FIND}" = "" ]; then LogText "Result: found ${FIND}" SHORT="${FIND}" - else + else LogText "Result: can't find hypervisor vendor with lscpu" fi - else + else LogText "Result: lscpu not found" fi - else + else LogText "Result: skipped lscpu test, as we already found machine type" fi @@ -1387,7 +1390,8 @@ if [ "${SHORT}" = "" ]; then if [ -x /usr/bin/dmidecode ]; then DMIDECODE_BINARY="/usr/bin/dmidecode" elif [ -x /usr/sbin/dmidecode ]; then DMIDECODE_BINARY="/usr/sbin/dmidecode" - else DMIDECODE_BINARY="" + else + DMIDECODE_BINARY="" fi if [ ! "${DMIDECODE_BINARY}" = "" -a ${PRIVILEGED} -eq 1 ]; then LogText "Test: trying to guess virtualization with dmidecode" @@ -1395,13 +1399,13 @@ if [ ! "${FIND}" = "" ]; then LogText "Result: found ${FIND}" SHORT="${FIND}" - else + else LogText "Result: can't find product name with dmidecode" fi - else + else LogText "Result: dmidecode not found (or no access)" fi - else + else LogText "Result: skipped dmidecode test, as we already found machine type" fi # Other options @@ -1423,7 +1427,7 @@ if [ ${RUNNING} -eq 1 ]; then SHORT="virtualbox"; fi IsRunning VBoxClient if [ ${RUNNING} -eq 1 ]; then SHORT="virtualbox"; fi - else + else LogText "Result: skipped processes test, as we already found platform" fi @@ -1432,10 +1436,10 @@ LogText "Test: checking specific files for Amazon" if [ -f /etc/ec2_version -a ! -z /etc/ec2_version ]; then SHORT="amazon-ec2" - else + else LogText "Result: system not hosted on Amazon" fi - else + else LogText "Result: skipped Amazon EC2 test, as we already found platform" fi @@ -1450,21 +1454,21 @@ if [ ! "${FIND}" = "" ]; then SHORT="${FIND}" fi - else + else LogText "Result: skipped sysctl test, as we already found platform" fi # lshw - if [ "${SHORT}" = "" ]; then + if HasData "${SHORT}"; then if [ ${PRIVILEGED} -eq 1 ]; then if [ -x /usr/bin/lshw ]; then LogText "Test: trying to guess virtualization with lshw" FIND=$(lshw -quiet -class system 2> /dev/null | awk '{ if ($1=="product:") { print $2 }}') - if [ ! "${FIND}" = "" ]; then + if HasData "${FIND}"; then LogText "Result: found ${FIND}" SHORT="${FIND}" fi - else + else LogText "Result: lshw not found" fi else @@ -1508,7 +1512,7 @@ elif [ ${ISVIRTUALMACHINE} -eq 2 ]; then LogText "Result: unknown if this system is a virtual machine" Report "vm=2" - else + else LogText "Result: system seems to be non-virtual" fi } @@ -1524,6 +1528,7 @@ ################################################################################ IsWorldReadable() { + if [ $# -eq 0 ]; then ExitFatal "Missing parameter when calling IsWorldReadable function"; fi sFILE=$1 # Check for symlink if [ -L ${sFILE} ]; then @@ -1533,7 +1538,7 @@ if [ -f ${sFILE} -o -d ${sFILE} ]; then FINDVAL=$(ls -ld ${sFILE} | cut -c 8) if [ "${FINDVAL}" = "r" ]; then return 0; else return 1; fi - else + else return 255 fi } @@ -1550,6 +1555,7 @@ # Function IsWorldExecutable IsWorldExecutable() { + if [ $# -eq 0 ]; then ExitFatal "Missing parameter when calling IsWorldExecutable function"; fi sFILE=$1 # Check for symlink if [ -L ${sFILE} ]; then @@ -1559,7 +1565,7 @@ if [ -f ${sFILE} -o -d ${sFILE} ]; then FINDVAL=$(ls -l ${sFILE} | cut -c 10) if [ "${FINDVAL}" = "x" ]; then return 0; else return 1; fi - else + else return 255 fi } @@ -1575,6 +1581,7 @@ ################################################################################ IsWorldWritable() { + if [ $# -eq 0 ]; then ExitFatal "Missing parameter when calling IsWorldWritable function"; fi sFILE=$1 FileIsWorldWritable="" @@ -1583,7 +1590,7 @@ FINDVAL=$(ls -ld ${sFILE} | cut -c 9) if IsDeveloperMode; then Debug "File mode of ${sFILE} is ${FINDVAL}"; fi if [ "${FINDVAL}" = "w" ]; then return 0; else return 1; fi - else + else return 255 fi } @@ -1752,7 +1759,7 @@ if [ "${VALUE}" = "off" ]; then LogText "Result: found logging disabled for one virtual host" NGINX_ACCESS_LOG_DISABLED=1 - else + else if [ ! "${VALUE}" = "" ]; then # If multiple values follow, select first one VALUE=$(echo ${VALUE} | awk '{ print $1 }') @@ -1796,7 +1803,7 @@ if [ ! -f ${FILE} ]; then NGINX_ERROR_LOG_MISSING=1 fi - else + else LogText "Warning: did not find a filename after error_log in nginx configuration" fi ;; @@ -1908,18 +1915,18 @@ PortIsListening() { if [ "${LSOFBINARY}" = "" ]; then return 255 - else + else if [ $# -eq 2 ] && [ $1 = "TCP" -o $1 = "UDP" ]; then LogText "Test: find service listening on $1:$2" if [ $1 = "TCP" ]; then FIND=$(${LSOFBINARY} -i${1} -s${1}:LISTEN -P -n | grep ":${2} "); else FIND=$(${LSOFBINARY} -i${1} -P -n | grep ":${2} "); fi if [ ! "${FIND}" = "" ]; then LogText "Result: found service listening on port $2 ($1)" return 0 - else + else LogText "Result: did not find service listening on port $2 ($1)" return 1 fi - else + else return 255 ReportException ${TEST_NO} "Error in function call to PortIsListening" fi @@ -1945,7 +1952,7 @@ # If the No-Break version of echo is known, use that (usually breaks in combination with -e) if [ ! "${ECHONB}" = "" ]; then ${ECHONB} "$1" - else + else ${ECHOCMD} -en "$1" fi fi @@ -2023,7 +2030,7 @@ ROOT_ONLY=1 elif [ "$1" = "NO" -o "$1" = "no" ]; then ROOT_ONLY=0 - else + else Debug "Invalid option for --root-only parameter of Register function" fi ;; @@ -2111,7 +2118,7 @@ if IsVerbose; then Debug "Performing test ID ${TEST_NO} (${TEST_DESCRIPTION})"; fi fi TESTS_EXECUTED="${TEST_NO}|${TESTS_EXECUTED}" - else + else if [ ${SKIPLOGTEST} -eq 0 ]; then LogText "Skipped test ${TEST_NO} (${TEST_DESCRIPTION})"; fi if [ ${SKIPLOGTEST} -eq 0 ]; then LogText "Reason to skip: ${SKIPREASON}"; fi TESTS_SKIPPED="${TEST_NO}|${TESTS_SKIPPED}" @@ -2167,7 +2174,7 @@ if [ -f ${PIDFILE} ]; then rm -f $PIDFILE; LogText "PID file removed (${PIDFILE})" - else + else LogText "PID file not found (${PIDFILE})" fi fi @@ -2190,14 +2197,14 @@ if [ -f ${TMPFILE} ]; then LogText "Action: removing temporary file ${TMPFILE}" rm -f ${TMPFILE} - else + else LogText "Info: temporary file ${TMPFILE} was already removed" fi - else + else LogText "Found invalid temporary file (${FILE}), not removed. Check your /tmp directory." fi done - else + else LogText "No temporary files to be deleted" fi } @@ -2429,10 +2436,10 @@ LogText "File permissions are OK" return 0 fi - else + else ReportException "SafePerms()" "Invalid number of arguments for function" fi - else + else PERMS_OK=1 return 0 fi @@ -2483,11 +2490,11 @@ LogText "Result: found search string '${STRING}'" if [ ${MASK_LOG} -eq 0 ]; then LogText "Full string returned: ${FIND}"; fi RETVAL=0 - else + else LogText "Result: search search string '${STRING}' NOT found" RETVAL=1 fi - else + else LogText "Skipping search, file (${FILE}) does not exist" ReportException "${TEST_NO}" "Test is trying to search for a string in nonexistent file" fi @@ -2664,7 +2671,7 @@ sFILE="${tFILE}" LogText "Result: symlink found, pointing to directory ${sFILE}" FOUNDPATH=1 - else + else # Check the full path of the symlink, strip the filename, copy the path and linked filename together tDIR=$(echo ${sFILE} | awk '{match($1, "^.*/"); print substr($1, 1, RLENGTH-1)}') tFILE="${tDIR}/${tFILE}" @@ -2700,7 +2707,7 @@ LogText "Result: file ${tFILE} in ${tDIR} not found" fi fi - else + else LogText "Result: file ${sFILE} is not a symlink" fi # Now check if our new location is actually a file or directory destination @@ -2710,7 +2717,7 @@ fi if [ ${FOUNDPATH} -eq 1 ]; then SYMLINK="${sFILE}" - else + else SYMLINK="" fi } @@ -2735,7 +2742,7 @@ STRING=$(echo $1 | tr '[:lower:]' '[:upper:]') if [ "${I}" = "${STRING}" ]; then RETVAL=0; LogText "Atomic test ($1) skipped by configuration (skip-test)"; fi done - else + else ReportException "SkipAtomicTest()" "Function called without right number of arguments (1)" fi return $RETVAL @@ -2860,7 +2867,7 @@ if [ "${RETVAL}" -lt 2 ]; then return ${RESULT} - else + else Fatal "ERROR: No result returned from function (TestValue). Incorrect usage?" #ExitFatal fi @@ -2964,14 +2971,14 @@ RETVAL=1 if [ "$#" -ne "2" ]; then ReportException "${TEST_NO}" "Error in function call to ${FUNCNAME}" - else + else LogText "${FUNCNAME}: checking value for application ${APP}" LogText "${FUNCNAME}: ${OPTION} is set to ${1}" if [ "$1" != "$2" ]; then LogText "${FUNCNAME}: ${1} is not equal to ${2}" RETVAL=0 - else + else LogText "${FUNCNAME}: ${1} is equal to ${2}" fi fi @@ -2988,14 +2995,14 @@ RETVAL=1 if [ "$#" -ne "2" ]; then ReportException "${TEST_NO}" "Error in function call to ${FUNCNAME}" - else + else LogText "${FUNCNAME}: checking value for application ${APP}" LogText "${FUNCNAME}: ${OPTION} is set to ${1}" LogText "${FUNCNAME}: checking if ${1} is greater than ${2}" if [ "$1" > "$2" ]; then LogText "${FUNCNAME}: ${1} is greater than ${2}" RETVAL=0 - else + else LogText "${FUNCNAME}: ${1} is not greater than ${2}" fi fi @@ -3013,7 +3020,7 @@ RETVAL=1 if [ "$#" -ne "2" ]; then ReportException "${TEST_NO}" "Error in function call to ${FUNCNAME}" - else + else LogText "${FUNCNAME}: checking value for application ${APP}" LogText "${FUNCNAME}: ${OPTION} is set to ${1}" LogText "${FUNCNAME}: checking if ${1} is greater or equal ${2}" @@ -3035,7 +3042,7 @@ RETVAL=1 if [ "$#" -ne "2" ]; then ReportException "${TEST_NO}" "Error in function call to TestCase_GreaterOrEqual" - else + else LogText "${FUNCNAME}: checking value for application ${APP}" LogText "${FUNCNAME}: ${OPTION} is set to ${1}" @@ -3059,7 +3066,7 @@ RETVAL=1 if [ "$#" -ne "2" ]; then ReportException "${TEST_NO}" "Error in function call to ${FUNCNAME}" - else + else LogText "${FUNCNAME}: checking value for application ${APP}" LogText "${FUNCNAME}: ${OPTION} is set to ${1}" LogText "${FUNCNAME}: checking if ${1} is less or equal ${2}" |