Welcome to mirror list, hosted at ThFree Co, Russian Federation.

github.com/CISOfy/lynis.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/include/functions
diff options
context:
space:
mode:
Diffstat (limited to 'include/functions')
-rw-r--r--include/functions232
1 files changed, 116 insertions, 116 deletions
diff --git a/include/functions b/include/functions
index 5ea2e6d2..ba830c69 100644
--- a/include/functions
+++ b/include/functions
@@ -81,7 +81,7 @@
# ReportManual Log manual actions to report file
# ReportSuggestion Add a suggestion to report file
# ReportWarning Add a warning and priority to report file
-# SafePerms Check if a directory has safe permissions
+# SafePerms Check if a file has safe permissions
# SearchItem Search a string in a file
# ShowComplianceFinding Display a particular finding regarding compliance or a security standard
# ShowSymlinkPath Show a path behind a symlink
@@ -214,25 +214,25 @@
ITEM_FOUND=0
RETVAL=255
if [ $# -eq 2 ]; then
- # Don't search in /dev/null, it's too empty there
- if [ ! "${REPORTFILE}" = "/dev/null" ]; then
- # Check if we can find the main type (with or without brackets)
- LogText "Test: search string $2 in earlier discovered results"
- FIND=$(egrep "^$1(\[\])?=" ${REPORTFILE} | egrep "$2")
- if [ ! "${FIND}" = "" ]; then
- ITEM_FOUND=1
- RETVAL=0
- LogText "Result: found search string (result: $FIND)"
- else
- LogText "Result: search string NOT found"
- RETVAL=1
- fi
- else
- LogText "Skipping search, as /dev/null is being used"
- fi
- return ${RETVAL}
- else
- ReportException ${TEST_NO} "Error in function call to CheckItem"
+ # Don't search in /dev/null, it's too empty there
+ if [ ! "${REPORTFILE}" = "/dev/null" ]; then
+ # Check if we can find the main type (with or without brackets)
+ LogText "Test: search string $2 in earlier discovered results"
+ FIND=$(egrep "^$1(\[\])?=" ${REPORTFILE} | egrep "$2")
+ if [ ! "${FIND}" = "" ]; then
+ ITEM_FOUND=1
+ RETVAL=0
+ LogText "Result: found search string (result: $FIND)"
+ else
+ LogText "Result: search string NOT found"
+ RETVAL=1
+ fi
+ else
+ LogText "Skipping search, as /dev/null is being used"
+ fi
+ return ${RETVAL}
+ else
+ ReportException ${TEST_NO} "Error in function call to CheckItem"
fi
}
@@ -424,9 +424,9 @@
for PLOC in ${tPROFILE_TARGETS}; do
# Only use one default.prf
if [ "${PNAME}" = "default.prf" -a ! "${DEFAULT_PROFILE}" = "" ]; then
- Debug "Already discovered default.prf - skipping this file (${PLOC}/${PNAME})"
+ Debug "Already discovered default.prf - skipping this file (${PLOC}/${PNAME})"
elif [ "${PNAME}" = "custom.prf" -a ! "${CUSTOM_PROFILE}" = "" ]; then
- Debug "Already discovered custom.prf - skipping this file (${PLOC}/${PNAME})"
+ Debug "Already discovered custom.prf - skipping this file (${PLOC}/${PNAME})"
else
if [ "${PLOC}" = "." ]; then FILE="${WORKDIR}/${PNAME}"; else FILE="${PLOC}/${PNAME}"; fi
if [ -r ${FILE} ]; then
@@ -1310,7 +1310,7 @@
# Values: VMware Virtual Platform / VirtualBox
if [ "${SHORT}" = "" ]; then
if [ -x /usr/bin/dmidecode ]; then DMIDECODE_BINARY="/usr/bin/dmidecode"
- elif [ -x /usr/sbin/dmidecode ]; then DMIDECODE_BINARY="/usr/sbin/dmidecode"
+ elif [ -x /usr/sbin/dmidecode ]; then DMIDECODE_BINARY="/usr/sbin/dmidecode"
else DMIDECODE_BINARY=""
fi
if [ ! "${DMIDECODE_BINARY}" = "" -a ${PRIVILEGED} -eq 1 ]; then
@@ -1718,7 +1718,7 @@
FILE=$(echo ${VALUE} | awk '{ print $1 }')
if [ ! "${FILE}" = "" ]; then
if [ ! -f ${FILE} ]; then
- NGINX_ERROR_LOG_MISSING=1
+ NGINX_ERROR_LOG_MISSING=1
fi
else
LogText "Warning: did not find a filename after error_log in nginx configuration"
@@ -1944,9 +1944,9 @@
--root-only)
shift
if [ "$1" = "YES" -o "$1" = "yes" ]; then
- ROOT_ONLY=1
- elif [ "$1" = "NO" -o "$1" = "no" ]; then
- ROOT_ONLY=0
+ ROOT_ONLY=1
+ elif [ "$1" = "NO" -o "$1" = "no" ]; then
+ ROOT_ONLY=0
else
Debug "Invalid option for --root-only parameter of Register function"
fi
@@ -1989,8 +1989,8 @@
# Skip if test is not in the list
if [ ${SKIPTEST} -eq 0 -a ! "${TESTS_TO_PERFORM}" = "" ]; then
- FIND=$(echo "${TESTS_TO_PERFORM}" | grep "${TEST_NO}")
- if [ "${FIND}" = "" ]; then SKIPTEST=1; SKIPREASON="Test not in list of tests to perform"; fi
+ FIND=$(echo "${TESTS_TO_PERFORM}" | grep "${TEST_NO}")
+ if [ "${FIND}" = "" ]; then SKIPTEST=1; SKIPREASON="Test not in list of tests to perform"; fi
fi
# Do not run scans which have a higher intensity than what we prefer
@@ -2001,7 +2001,7 @@
if [ ${SKIPTEST} -eq 0 -a ! -z "${TEST_NEED_OS}" -a ! "${OS}" = "${TEST_NEED_OS}" ]; then
SKIPTEST=1; SKIPREASON="Incorrect guest OS (${TEST_NEED_OS} only)"
if [ ${LOG_INCORRECT_OS} -eq 0 ]; then
- SKIPLOGTEST=1
+ SKIPLOGTEST=1
fi
fi
@@ -2088,12 +2088,12 @@
RemovePIDFile() {
# Test if PIDFILE is defined, before checking file presence
if [ ! "${PIDFILE}" = "" ]; then
- if [ -f ${PIDFILE} ]; then
- rm -f $PIDFILE;
- LogText "PID file removed (${PIDFILE})"
- else
- LogText "PID file not found (${PIDFILE})"
- fi
+ if [ -f ${PIDFILE} ]; then
+ rm -f $PIDFILE;
+ LogText "PID file removed (${PIDFILE})"
+ else
+ LogText "PID file not found (${PIDFILE})"
+ fi
fi
}
@@ -2543,87 +2543,87 @@
# Check for symlink
if [ -L ${sFILE} ]; then
- # macOS does not know -f option, nor do some others
- if [ "${OS}" = "macOS" ]; then
- # If a Python binary is found, use the one in path
- if [ ${BINARY_SCAN_FINISHED} -eq 0 -a "${PYTHONBINARY}" = "" ]; then
- FIND=$(which python 2> /dev/null)
- if [ ! "${FIND}" = "" ]; then LogText "Setting temporary pythonbinary variable"; PYTHONBINARY="${FIND}"; fi
- fi
+ # macOS does not know -f option, nor do some others
+ if [ "${OS}" = "macOS" ]; then
+ # If a Python binary is found, use the one in path
+ if [ ${BINARY_SCAN_FINISHED} -eq 0 -a "${PYTHONBINARY}" = "" ]; then
+ FIND=$(which python 2> /dev/null)
+ if [ ! "${FIND}" = "" ]; then LogText "Setting temporary pythonbinary variable"; PYTHONBINARY="${FIND}"; fi
+ fi
- if [ ! "${PYTHONBINARY}" = "" ]; then
- SYMLINK_USE_PYTHON=1
- LogText "Note: using Python to determine symlinks"
- tFILE=$(python -c "import os,sys; print(os.path.realpath(os.path.expanduser(sys.argv[1])))" $1)
- fi
- else
- if [ ${BINARY_SCAN_FINISHED} -eq 0 -a "${READLINKBINARY}" = "" ]; then
- FIND=$(which readlink 2> /dev/null)
- if [ ! "${FIND}" = "" ]; then LogText "Setting temporary readlinkbinary variable"; READLINKBINARY="${FIND}"; fi
- fi
+ if [ ! "${PYTHONBINARY}" = "" ]; then
+ SYMLINK_USE_PYTHON=1
+ LogText "Note: using Python to determine symlinks"
+ tFILE=$(python -c "import os,sys; print(os.path.realpath(os.path.expanduser(sys.argv[1])))" $1)
+ fi
+ else
+ if [ ${BINARY_SCAN_FINISHED} -eq 0 -a "${READLINKBINARY}" = "" ]; then
+ FIND=$(which readlink 2> /dev/null)
+ if [ ! "${FIND}" = "" ]; then LogText "Setting temporary readlinkbinary variable"; READLINKBINARY="${FIND}"; fi
+ fi
- if [ ! "${READLINKBINARY}" = "" ]; then
- SYMLINK_USE_READLINK=1
- LogText "Note: Using real readlink binary to determine symlink on ${sFILE}"
- tFILE=$(${READLINKBINARY} -f ${sFILE})
- LogText "Result: readlink shows ${tFILE} as output"
- fi
+ if [ ! "${READLINKBINARY}" = "" ]; then
+ SYMLINK_USE_READLINK=1
+ LogText "Note: Using real readlink binary to determine symlink on ${sFILE}"
+ tFILE=$(${READLINKBINARY} -f ${sFILE})
+ LogText "Result: readlink shows ${tFILE} as output"
fi
- # Check if we can find the file now
- if [ "${tFILE}" = "" ]; then
- LogText "Result: command did not return any value"
- elif [ -f ${tFILE} ]; then
- sFILE="${tFILE}"
- LogText "Result: symlink found, pointing to file ${sFILE}"
- FOUNDPATH=1
- elif [ -b ${tFILE} ]; then
- sFILE="${tFILE}"
- LogText "Result: symlink found, pointing to block device ${sFILE}"
- FOUNDPATH=1
- elif [ -c ${tFILE} ]; then
- sFILE="${tFILE}"
- LogText "Result: symlink found, pointing to character device ${sFILE}"
- FOUNDPATH=1
- elif [ -d ${tFILE} ]; then
- sFILE="${tFILE}"
- LogText "Result: symlink found, pointing to directory ${sFILE}"
- FOUNDPATH=1
- else
- # Check the full path of the symlink, strip the filename, copy the path and linked filename together
- tDIR=$(echo ${sFILE} | awk '{match($1, "^.*/"); print substr($1, 1, RLENGTH-1)}')
- tFILE="${tDIR}/${tFILE}"
- if [ -L ${tFILE} ]; then
- LogText "Result: this symlink links to another symlink"
- # Ensure that we use a second try with the right tool as well
- if [ ${SYMLINK_USE_PYTHON} -eq 1 ]; then
- tFILE=$(python -c "import os,sys; print(os.path.realpath(os.path.expanduser(sys.argv[1])))" ${tFILE})
- elif [ ${SYMLINK_USE_READLINK} -eq 1 ]; then
- tFILE=$(${READLINKBINARY} -f ${tFILE})
- fi
- # Check if we now have a normal file
- if [ -f ${tFILE} ]; then
- sFILE="${tFILE}"
- LogText "Result: symlink finally found, seems to be file ${sFILE}"
- FOUNDPATH=1
- elif [ -d ${tFILE} ]; then
- sFILE="${tFILE}"
- LogText "Result: symlink finally found, seems to be directory ${sFILE}"
- FOUNDPATH=1
- else
- LogText "Result: could not find file ${tFILE}, most likely too complicated symlink or too often linked"
- fi
- elif [ -f ${tFILE} ]; then
+ fi
+ # Check if we can find the file now
+ if [ "${tFILE}" = "" ]; then
+ LogText "Result: command did not return any value"
+ elif [ -f ${tFILE} ]; then
+ sFILE="${tFILE}"
+ LogText "Result: symlink found, pointing to file ${sFILE}"
+ FOUNDPATH=1
+ elif [ -b ${tFILE} ]; then
+ sFILE="${tFILE}"
+ LogText "Result: symlink found, pointing to block device ${sFILE}"
+ FOUNDPATH=1
+ elif [ -c ${tFILE} ]; then
+ sFILE="${tFILE}"
+ LogText "Result: symlink found, pointing to character device ${sFILE}"
+ FOUNDPATH=1
+ elif [ -d ${tFILE} ]; then
+ sFILE="${tFILE}"
+ LogText "Result: symlink found, pointing to directory ${sFILE}"
+ FOUNDPATH=1
+ else
+ # Check the full path of the symlink, strip the filename, copy the path and linked filename together
+ tDIR=$(echo ${sFILE} | awk '{match($1, "^.*/"); print substr($1, 1, RLENGTH-1)}')
+ tFILE="${tDIR}/${tFILE}"
+ if [ -L ${tFILE} ]; then
+ LogText "Result: this symlink links to another symlink"
+ # Ensure that we use a second try with the right tool as well
+ if [ ${SYMLINK_USE_PYTHON} -eq 1 ]; then
+ tFILE=$(python -c "import os,sys; print(os.path.realpath(os.path.expanduser(sys.argv[1])))" ${tFILE})
+ elif [ ${SYMLINK_USE_READLINK} -eq 1 ]; then
+ tFILE=$(${READLINKBINARY} -f ${tFILE})
+ fi
+ # Check if we now have a normal file
+ if [ -f ${tFILE} ]; then
sFILE="${tFILE}"
- LogText "Result: symlink found, seems to be file ${sFILE}"
+ LogText "Result: symlink finally found, seems to be file ${sFILE}"
FOUNDPATH=1
elif [ -d ${tFILE} ]; then
sFILE="${tFILE}"
- LogText "Result: symlink found, seems to be directory ${sFILE}"
+ LogText "Result: symlink finally found, seems to be directory ${sFILE}"
FOUNDPATH=1
else
- LogText "Result: file ${tFILE} in ${tDIR} not found"
+ LogText "Result: could not find file ${tFILE}, most likely too complicated symlink or too often linked"
fi
+ elif [ -f ${tFILE} ]; then
+ sFILE="${tFILE}"
+ LogText "Result: symlink found, seems to be file ${sFILE}"
+ FOUNDPATH=1
+ elif [ -d ${tFILE} ]; then
+ sFILE="${tFILE}"
+ LogText "Result: symlink found, seems to be directory ${sFILE}"
+ FOUNDPATH=1
+ else
+ LogText "Result: file ${tFILE} in ${tDIR} not found"
fi
+ fi
else
LogText "Result: file ${sFILE} is not a symlink"
fi
@@ -2839,8 +2839,8 @@
WaitForKeyPress() {
if [ ${QUICKMODE} -eq 0 ]; then
- echo ""; echo "[ Press [ENTER] to continue, or [CTRL]+C to stop ]"
- read void
+ echo ""; echo "[ Press [ENTER] to continue, or [CTRL]+C to stop ]"
+ read void
fi
}
@@ -2864,8 +2864,8 @@
LogText "${FUNCNAME}: check if ${1} is equal to ${2}"
if [ "$1" == "$2" ]; then
- LogText "${FUNCNAME}: ${1} is equal to ${2}"
- RETVAL=0
+ LogText "${FUNCNAME}: ${1} is equal to ${2}"
+ RETVAL=0
fi
if ! [ -z ${3+x} ]; then
@@ -2959,14 +2959,14 @@
RETVAL=1
if [ "$#" -ne "2" ]; then
ReportException "${TEST_NO}" "Error in function call to TestCase_GreaterOrEqual"
- else
+ else
LogText "${FUNCNAME}: checking value for application ${APP}"
LogText "${FUNCNAME}: ${OPTION} is set to ${1}"
LogText "${FUNCNAME}: checking if ${1} is less than ${2}"
if ! [ TestCase_GreaterOrEqual "${1}" "${2}" ]; then
- LogText "${FUNCNAME}: ${1} is less than ${2}"
- RETVAL=0
+ LogText "${FUNCNAME}: ${1} is less than ${2}"
+ RETVAL=0
fi
fi
return ${RETVAL}
@@ -2983,13 +2983,13 @@
RETVAL=1
if [ "$#" -ne "2" ]; then
ReportException "${TEST_NO}" "Error in function call to ${FUNCNAME}"
- else
+ else
LogText "${FUNCNAME}: checking value for application ${APP}"
LogText "${FUNCNAME}: ${OPTION} is set to ${1}"
LogText "${FUNCNAME}: checking if ${1} is less or equal ${2}"
if [ TestCase_Equal "${1}" "${2}" ] || [ TestCase_LessThan "${1}" "${2}" ]; then
- LogText "${FUNCNAME}: ${1} is less than ${2}"
- RETVAL=0
+ LogText "${FUNCNAME}: ${1} is less than ${2}"
+ RETVAL=0
fi
fi
return ${RETVAL}
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-15 21:57:11 +0300