diff options
Diffstat (limited to 'include/tests_filesystems')
| -rw-r--r-- | include/tests_filesystems | 74 |
1 files changed, 37 insertions, 37 deletions
diff --git a/include/tests_filesystems b/include/tests_filesystems index 82b3f0b1..5b9710eb 100644 --- a/include/tests_filesystems +++ b/include/tests_filesystems @@ -40,16 +40,16 @@ logtext "Test: Checking if ${I} is mounted separately or mounted on / file system" if [ -L ${I} ]; then logtext "Result: ${I} is a symlink. Manual check required to determine exact file system" - Display --indent 4 --text "- Checking ${I} mount point..." --result SYMLINK --color WHITE + Display --indent 4 --text "- Checking ${I} mount point" --result SYMLINK --color WHITE elif [ -d ${I} ]; then logtext "Result: directory ${I} exists" FIND=`mount | grep "${I}"` if [ ! "${FIND}" = "" ]; then logtext "Result: found ${I} as a separated mount point" - Display --indent 4 --text "- Checking ${I} mount point..." --result OK --color GREEN + Display --indent 4 --text "- Checking ${I} mount point" --result OK --color GREEN else logtext "Result: ${I} not found in mount list. Directory most likely stored on / file system" - Display --indent 4 --text "- Checking ${I} mount point..." --result SUGGESTION --color YELLOW + Display --indent 4 --text "- Checking ${I} mount point" --result SUGGESTION --color YELLOW ReportSuggestion ${TEST_NO} "To decrease the impact of a full ${I} file system, place ${I} on a separated partition" fi else @@ -79,10 +79,10 @@ report "lvm_volume_group[]=${I}" done LVM_VG_USED=1 - Display --indent 2 --text "- Checking LVM volume groups..." --result FOUND --color GREEN + Display --indent 2 --text "- Checking LVM volume groups" --result FOUND --color GREEN else logtext "Result: no LVM volume groups found" - Display --indent 2 --text "- Checking LVM volume groups..." --result NONE --color WHITE + Display --indent 2 --text "- Checking LVM volume groups" --result NONE --color WHITE fi fi # @@ -101,10 +101,10 @@ logtext "Found LVM volume: ${I}" report "lvm_volume[]=${I}" done - Display --indent 4 --text "- Checking LVM volumes..." --result FOUND --color GREEN + Display --indent 4 --text "- Checking LVM volumes" --result FOUND --color GREEN else logtext "Result: no LVM volume groups found" - Display --indent 4 --text "- Checking LVM volumes..." --result NONE --color WHITE + Display --indent 4 --text "- Checking LVM volumes" --result NONE --color WHITE fi fi # @@ -144,10 +144,10 @@ logtext "Test: Query /etc/fstab for available FFS/UFS mount points" FIND=`awk '{ if ($3 == "ufs" || $3 == "ffs" ) { print $1":"$2":"$3":"$4":" }}' /etc/fstab` if [ "${FIND}" = "" ]; then - Display --indent 2 --text "- Querying FFS/UFS mount points (fstab)..." --result NONE --color WHITE + Display --indent 2 --text "- Querying FFS/UFS mount points (fstab)" --result NONE --color WHITE logtext "Result: unable to find any single mount point (FFS/UFS)" else - Display --indent 2 --text "- Querying FFS/UFS mount points (fstab)..." --result FOUND --color GREEN + Display --indent 2 --text "- Querying FFS/UFS mount points (fstab)" --result FOUND --color GREEN report "filesystem[]=ufs" for I in ${FIND}; do logtext "FFS/UFS mount found: ${I}" @@ -165,10 +165,10 @@ logtext "Test: Query /etc/fstab for available ZFS mount points" FIND=`mount -p | awk '{ if ($3 == "zfs") { print $1":"$2":"$3":"$4":" }}'` if [ "${FIND}" = "" ]; then - Display --indent 2 --text "- Querying ZFS mount points (mount -p)..." --result NONE --color WHITE + Display --indent 2 --text "- Querying ZFS mount points (mount -p)" --result NONE --color WHITE logtext "Result: unable to find any single mount point (ZFS)" else - Display --indent 2 --text "- Querying ZFS mount points (mount -p)..." --result FOUND --color GREEN + Display --indent 2 --text "- Querying ZFS mount points (mount -p)" --result FOUND --color GREEN report "filesystem[]=zfs" for I in ${FIND}; do logtext "ZFS mount found: ${I}" @@ -206,9 +206,9 @@ report "swap_partition[]=${I}" done if [ ${FOUND} -eq 1 ]; then - Display --indent 2 --text "- Query swap partitions (fstab)..." --result OK --color GREEN + Display --indent 2 --text "- Query swap partitions (fstab)" --result OK --color GREEN else - Display --indent 2 --text "- Query swap partitions (fstab)..." --result WARNING --color YELLOW + Display --indent 2 --text "- Query swap partitions (fstab)" --result WARNING --color YELLOW ReportWarning ${TEST_NO} "L" "No swap partion found in /etc/fstab" logtext "Result: no swap partitions found in /etc/fstab" fi @@ -225,10 +225,10 @@ logtext "Test: check swap partitions with incorrect mount options" FIND=`awk '{ if ($3=="swap" && ($4!="sw" && $4!="swap" && $4!="defaults")) print $1 }' /etc/fstab` if [ "${FIND}" = "" ]; then - Display --indent 2 --text "- Testing swap partitions..." --result OK --color GREEN + Display --indent 2 --text "- Testing swap partitions" --result OK --color GREEN logtext "Result: all swap partitions have correct options (sw or swap)" else - Display --indent 2 --text "- Testing swap partitions..." --result WARNING --color RED + Display --indent 2 --text "- Testing swap partitions" --result WARNING --color RED logtext "Result: possible incorrect mount options used for mounting swap partition (${FIND})" #ReportWarning ${TEST_NO} "L" "Possible incorrect mount options used for swap parition (${FIND})" ReportSuggestion ${TEST_NO} "Check your /etc/fstab file. Swap partition usually have 'sw' or 'swap' in the options field (4th)." @@ -242,14 +242,14 @@ if [ -d /tmp ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi Register --test-no FILE-6354 --preqs-met ${PREQS_MET} --weight L --network NO --description "Searching for old files in /tmp" if [ ${SKIPTEST} -eq 0 ]; then - logtext "Test: Searching for old files in /tmp..." + logtext "Test: Searching for old files in /tmp" # Search for files only in /tmp, with an access time older than X days FIND=`find /tmp -type f -atime +${TMP_OLD_DAYS} 2> /dev/null | sed 's/ /!space!/g'` if [ "${FIND}" = "" ]; then - Display --indent 2 --text "- Checking for old files in /tmp..." --result OK --color GREEN + Display --indent 2 --text "- Checking for old files in /tmp" --result OK --color GREEN logtext "Result: no files found in /tmp which are older than 3 months" else - Display --indent 2 --text "- Checking for old files in /tmp..." --result WARNING --color RED + Display --indent 2 --text "- Checking for old files in /tmp" --result WARNING --color RED N=0 for I in ${FIND}; do FILE=`echo ${I} | sed 's/!space!/ /g'` @@ -275,7 +275,7 @@ #for I in ${SKELDIRS}; do # - # logtext "Searching skel directory ${I}..." + # logtext "Searching skel directory ${I}" # # if [ -d ${I} ]; then # logtext "Result: Directory found, scanning for unsafe file permissions" @@ -283,20 +283,20 @@ # if [ ! "${FIND}" = "0" ]; then # FIND=`find ${I} -type f -a \( -perm -004 -o -perm -002 -o -perm -001 \)` # if [ "${FIND}" = "" ]; then - # Display --indent 2 --text "- Checking skel file permissions (${I})..." --result OK --color GREEN + # Display --indent 2 --text "- Checking skel file permissions (${I})" --result OK --color GREEN # logtext "Result: Directory seems to be ok, no files found with read/write/execute bit set." # logtext "Status: OK" - # else - # Display --indent 2 --text "- Checking skel file permissions (${I})..." --result WARNING --color RED + # else + # Display --indent 2 --text "- Checking skel file permissions (${I})" --result WARNING --color RED # logtext "Result: The following files do have non restrictive permissions: ${FIND}" # ReportSuggestion ${TEST_NO} "Remove the read, write or execute bit from these files (chmod o-rwx)" - # fi + # fi # else - # Display --indent 2 --text "- Checking skel file permissions (${I})..." --result EMPTY --color WHITE - # logtext "Directory ${I} is empty, no scan performed" + # Display --indent 2 --text "- Checking skel file permissions (${I})" --result EMPTY --color WHITE + # logtext "Directory ${I} is empty, no scan performed" # fi # else - # Display --indent 2 --text "- Checking skel file permissions (${I})..." --result "NOT FOUND" --color WHITE + # Display --indent 2 --text "- Checking skel file permissions (${I})" --result "NOT FOUND" --color WHITE # logtext "Result: Skel directory (${I}) not found" # fi #done @@ -311,11 +311,11 @@ # Depending on OS, number of field with 'tmp' differs FIND=`ls -l / | tr -s ' ' | awk -F" " '{ if ( $8 == "tmp" || $9 == "tmp" ) { print $1 } }' | cut -c 10` if [ "${FIND}" = "t" -o "${FIND}" = "T" ]; then - Display --indent 2 --text "- Checking /tmp sticky bit..." --result OK --color GREEN + Display --indent 2 --text "- Checking /tmp sticky bit" --result OK --color GREEN logtext "Result: Sticky bit (${FIND}) found on /tmp directory" AddHP 3 3 else - Display --indent 2 --text "- Checking /tmp sticky bit..." --result WARNING --color RED + Display --indent 2 --text "- Checking /tmp sticky bit" --result WARNING --color RED ReportWarning ${TEST_NO} "H" "No sticky bit found on /tmp directory, which can be dangerous!" ReportSuggestion ${TEST_NO} "Consult documentation and place the sticky bit, to prevent users deleting (by other owned) files in the /tmp directory." AddHP 0 3 @@ -371,11 +371,11 @@ logtext "Result: ACL option NOT enabled on root file system" logtext "Additional information: if file access need to be more restricted, ACLs could be used. Install the acl utilities and remount the file system with the acl option" logtext "Activate acl support on and active file system with mount -o remount,acl / and add the acl option to the fstab file" - Display --indent 2 --text "- ACL support root file system..." --result DISABLED --color YELLOW + Display --indent 2 --text "- ACL support root file system" --result DISABLED --color YELLOW AddHP 0 1 else logtext "Result: ACL option enabled on root file system" - Display --indent 2 --text "- ACL support root file system..." --result ENABLED --color GREEN + Display --indent 2 --text "- ACL support root file system" --result ENABLED --color GREEN AddHP 3 3 fi fi @@ -396,9 +396,9 @@ if [ ! "${FIND}" = "" ]; then logtext "Result: mount system / is configured with options: ${FIND}" if [ "${FIND}" = "defaults" ]; then - Display --indent 2 --text "- Mount options of /..." --result OK --color GREEN + Display --indent 2 --text "- Mount options of /" --result OK --color GREEN else - Display --indent 2 --text "- Mount options of /..." --result "NON DEFAULT" --color YELLOW + Display --indent 2 --text "- Mount options of /" --result "NON DEFAULT" --color YELLOW fi else logtext "Result: no mount point / or expected options found" @@ -424,16 +424,16 @@ logtext "Result: mount system /boot is configured with options: ${FIND}" if [ ${HARDENED} -eq 1 ]; then logtext "Result: marked /boot options as hardenened" - Display --indent 2 --text "- Mount options of /boot..." --result HARDENED --color GREEN + Display --indent 2 --text "- Mount options of /boot" --result HARDENED --color GREEN AddHP 5 5 else if [ "${FIND}" = "defaults" ]; then logtext "Result: marked /boot options as default (non hardened)" - Display --indent 2 --text "- Mount options of /boot..." --result DEFAULT --color RED + Display --indent 2 --text "- Mount options of /boot" --result DEFAULT --color RED AddHP 3 5 else logtext "Result: marked /boot options as non default (unclear about hardening)" - Display --indent 2 --text "- Mount options of /boot..." --result "NON DEFAULT" --color YELLOW + Display --indent 2 --text "- Mount options of /boot" --result "NON DEFAULT" --color YELLOW AddHP 4 5 fi fi @@ -527,11 +527,11 @@ fi done if [ ${FOUND} -eq 1 ]; then - Display --indent 2 --text "- Checking Locate database..." --result FOUND --color GREEN + Display --indent 2 --text "- Checking Locate database" --result FOUND --color GREEN report "locate_db=${LOCATE_DB}" else logtext "Result: database not found" - Display --indent 2 --text "- Checking Locate database..." --result "NOT FOUND" --color YELLOW + Display --indent 2 --text "- Checking Locate database" --result "NOT FOUND" --color YELLOW ReportSuggestion ${TEST_NO} "The database required for 'locate' could not be found. Run 'updatedb' or 'locate.updatedb' to create this file." fi fi |