Welcome to mirror list, hosted at ThFree Co, Russian Federation.

github.com/CISOfy/lynis.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/include/tests_crypto
diff options
context:
space:
mode:
Diffstat (limited to 'include/tests_crypto')
-rw-r--r--include/tests_crypto34
1 files changed, 14 insertions, 20 deletions
diff --git a/include/tests_crypto b/include/tests_crypto
index ecb19d2f..4f7f1ff4 100644
--- a/include/tests_crypto
+++ b/include/tests_crypto
@@ -126,34 +126,28 @@
ReportSuggestion ${TEST_NO} "Check available certificates for expiration"
fi
fi
+
#
#################################################################################
#
# Test : CRYP-7930
- # Description : Determine if system uses disk or file encryption
- Register --test-no CRYP-7930 --weight L --network NO --category security --description "Determine if system uses disk or file encryption"
+ # Description : Determine if system uses LUKS block device encryption
+ if [ ! "${LSBLKBINARY}" = "" -a ! "${CRYPTSETUPBINARY}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
+ Register --test-no CRYP-7930 --preqs-met ${PREQS_MET} --weight L --network NO --root-only YES --category security --description "Determine if system uses LUKS block device encryption"
if [ ${SKIPTEST} -eq 0 ]; then
- FILE="${ROOTDIR}etc/crypttab"
- if [ -f ${FILE} ]; then
- LogText "Result: crypttab file (${FILE}) exists"
- DATA=$(${GREPBINARY} "^[a-z]" ${FILE} | ${TRBINARY} -cd '[:alnum:]_\-=,\n\t ' | ${SEDBINARY} 's/[[:blank:]]/__space__/g')
- for LINE in ${DATA}; do
- LINE=$(echo ${LINE} | ${SEDBINARY} 's/__space__/ /g')
- if ContainsString "luks," "${LINE}"; then
- PARTITION=$(echo ${LINE} | ${AWKBINARY} '{print $1}' | ${AWKBINARY} -F_ '{print $1}')
- LogText "Result: Found LUKS encryption on partition ${PARTITION}"
- Report "encryption[]=luks,partition,${PARTITION}"
- fi
- done
- unset DATA LINE PARTITION
- else
- LogText "Result: crypttab file (${FILE}) does not exist"
- fi
+ FOUND=0
+ for BLOCK_DEV in $(${LSBLKBINARY} --noheadings -o PATH); do
+ if ${CRYPTSETUPBINARY} isLuks ${BLOCK_DEV}; then
+ LogText "Result: Found LUKS encrypted block device: ${BLOCK_DEV}"
+ Report "encryption[]=luks,block_device,${BLOCK_DEV}"
+ ((FOUND++))
+ fi
+ done
+ Display --indent 2 --text "- Found ${FOUND} LUKS encrypted block devices." --result OK --color WHITE
+ unset BLOCK_DEV
fi
#
#################################################################################
-#
-
WaitForKeyPress
#
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-10 05:44:47 +0300