Welcome to mirror list, hosted at ThFree Co, Russian Federation.

github.com/CISOfy/lynis.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/include/tests_firewalls
diff options
context:
space:
mode:
Diffstat (limited to 'include/tests_firewalls')
-rw-r--r--include/tests_firewalls24
1 files changed, 20 insertions, 4 deletions
diff --git a/include/tests_firewalls b/include/tests_firewalls
index f88f3b96..227c8642 100644
--- a/include/tests_firewalls
+++ b/include/tests_firewalls
@@ -236,6 +236,23 @@
#
#################################################################################
#
+ # Test : FIRE-4524
+ # Description : Check for CSF (ConfigServer Security & Firewall)
+ Register --test-no FIRE-4524 --weight L --network NO --description "Check for CSF presence"
+ if [ ${SKIPTEST} -eq 0 ]; then
+ logtext "Test: check /etc/csf/csf.conf"
+ if [ -f /etc/csf/csf.conf ]; then
+ logtext "Result: /etc/csf.conf exists"
+ FIREWALL_ACTIVE=1
+ FIREWALL_SOFTWARE="csf"
+ Display --indent 2 --text "- Checking CSF status (configuration file)" --result FOUND --color GREEN
+ else
+ logtext "Result: /etc/csf/csf.conf does NOT exist"
+ fi
+ fi
+#
+#################################################################################
+#
# Test : FIRE-4526
# Description : Check ipf (Solaris)
if [ ! "${IPFBINARY}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
@@ -267,10 +284,9 @@
if [ ${FIREWALL_ACTIVE} -eq 1 ]; then
Display --indent 2 --text "- Checking host based firewall" --result ACTIVE --color GREEN
logtext "Result: host based firewall or packet filter is active"
- #YYY add manual item to report
report "manual[]=Verify if there is a formal process for testing and applying firewall rules"
- report "manual[]=verify all traffic is filtered the right way between the different security zones"
- report "manual[]=verify if a list is available with all required services"
+ report "manual[]=Verify all traffic is filtered the right way between the different security zones"
+ report "manual[]=Verify if a list is available with all required services"
# YYY Solaris ipf (determine default policy)
report "manual[]=Make sure an explicit deny all is the default policy for all unmatched traffic"
AddHP 5 5
@@ -295,4 +311,4 @@ wait_for_keypress
#
#================================================================================
-# Lynis - Copyright 2007-2015, Michael Boelen - www.rootkit.nl - The Netherlands
+# Lynis - Copyright 2007-2015, Michael Boelen, CISOfy - https://cisofy.com
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-14 05:35:53 +0300