diff options
Diffstat (limited to 'include/tests_kernel')
-rw-r--r-- | include/tests_kernel | 50 |
1 files changed, 25 insertions, 25 deletions
diff --git a/include/tests_kernel b/include/tests_kernel index a0107973..ae3b8c30 100644 --- a/include/tests_kernel +++ b/include/tests_kernel @@ -45,11 +45,11 @@ FIND2=`echo ${FIND} | egrep "runlevel5|graphical"` if [ ! "${FIND2}" = "" ]; then logtext "Result: Found match on runlevel5/graphical" - Display --indent 2 --text "- Checking default runlevel..." --result "runlevel 5" --color GREEN + Display --indent 2 --text "- Checking default runlevel" --result "runlevel 5" --color GREEN report "linux_default_runlevel=5" else logtext "Result: No match found on runlevel, defaulting to runlevel 3" - Display --indent 2 --text "- Checking default runlevel..." --result "runlevel 3" --color GREEN + Display --indent 2 --text "- Checking default runlevel" --result "runlevel 3" --color GREEN report "linux_default_runlevel=3" fi fi @@ -62,13 +62,13 @@ logtext "Test: Checking /etc/inittab" if [ -f /etc/inittab ]; then logtext "Result: file /etc/inittab found" - logtext "Test: Checking default Linux run level..." + logtext "Test: Checking default Linux run level" FIND=`awk -F: '/^id/ { print $2; }' /etc/inittab | head -n 1` if [ "${FIND}" = "" ]; then Display --indent 2 --text "- Checking default runlevel" --result UNKNOWN --color YELLOW logtext "Result: Can't determine default run level from /etc/inittab" else - Display --indent 2 --text "- Checking default run level..." --result "${FIND}" --color GREEN + Display --indent 2 --text "- Checking default run level" --result "${FIND}" --color GREEN logtext "Found default run level '${FIND}'" report "linux_default_runlevel=${FIND}" fi @@ -79,16 +79,16 @@ FIND=`who -r | awk '{ if ($1=="run-level") { print $2 } }'` if [ ! "${FIND}" = "" ]; then logtext "Result: Found default run level '${FIND}'" - report "linux_default_runlevel=${FIND}" - Display --indent 2 --text "- Checking default run level..." --result "RUNLEVEL ${FIND}" --color GREEN - else - logtext "Result: Can't determine default run level from who -r" - Display --indent 2 --text "- Checking default run level..." --result UNKNOWN --color YELLOW - fi - fi - fi + report "linux_default_runlevel=${FIND}" + Display --indent 2 --text "- Checking default run level" --result "RUNLEVEL ${FIND}" --color GREEN + else + logtext "Result: Can't determine default run level from who -r" + Display --indent 2 --text "- Checking default run level" --result UNKNOWN --color YELLOW + fi + fi + fi fi - fi + fi # ################################################################################# # @@ -99,10 +99,10 @@ Register --test-no KRNL-5677 --os Linux --weight L --network NO --description "Check CPU options and support" if [ ${SKIPTEST} -eq 0 ]; then Display --indent 2 --text "- Checking CPU support (NX/PAE)" - logtext "Test: Checking /proc/cpuinfo..." + logtext "Test: Checking /proc/cpuinfo" if [ -f /proc/cpuinfo ]; then logtext "Result: found /proc/cpuinfo" - logtext "Test: Checking CPU options (XD/NX/PAE)..." + logtext "Test: Checking CPU options (XD/NX/PAE)" FIND_PAE_NX=`cat /proc/cpuinfo | grep " pae " | grep " nx "` FIND_PAE=`cat /proc/cpuinfo | grep " pae "` FIND_NX=`cat /proc/cpuinfo | grep " nx "` @@ -271,7 +271,7 @@ # Description : Checking FreeBSD loaded kernel modules Register --test-no KRNL-5745 --os FreeBSD --weight L --network NO --description "Checking FreeBSD loaded kernel modules" if [ ${SKIPTEST} -eq 0 ]; then - Display --indent 2 --text "- Checking active kernel modules..." + Display --indent 2 --text "- Checking active kernel modules" logtext "Test: ${KERNEL_ACTIVE_MODULES_TITLE}" logtext "Description: ${KERNEL_ACTIVE_MODULES_DESCRIPTION}" logtext "Action: Checking modules" @@ -339,17 +339,17 @@ logtext "Kernel installed: ${FINDINST}" logtext "Kernel candidate: ${FINDCAND}" if [ "${FINDINST}" = "" ]; then - Display --indent 2 --text "- Checking for available kernel update... " --result UNKNOWN --color YELLOW + Display --indent 2 --text "- Checking for available kernel update" --result UNKNOWN --color YELLOW logtext "Result: Exception occured, no output from apt-cache policy" ReportException "${TEST_NO}:01" logtext "Exception: apt-cache policy did not return an installed kernel version" ReportSuggestion ${TEST_NO} "Check the output of apt-cache policy manually to determine why output is empty" else if [ "${FINDINST}" = "${FINDCAND}" ]; then - Display --indent 2 --text "- Checking for available kernel update... " --result OK --color GREEN + Display --indent 2 --text "- Checking for available kernel update" --result OK --color GREEN logtext "Result: no kernel update available" else - Display --indent 2 --text "- Checking for available kernel update... " --result "UPDATE AVAILABLE" --color YELLOW + Display --indent 2 --text "- Checking for available kernel update" --result "UPDATE AVAILABLE" --color YELLOW logtext "Result: kernel update available according 'apt-cache policy'." ReportSuggestion ${TEST_NO} "Determine priority for available kernel update" fi @@ -373,12 +373,12 @@ FIND2=`cat /etc/security/limits.conf | grep -v "^#" | grep -v "^$" | awk '{ if ($1=="*" && $2=="hard" && $3=="core") { print "hard core enabled" } }'` if [ "${FIND1}" = "soft core enabled" -o "${FIND2}" = "hard core enabled" ]; then logtext "Result: core dumps (soft or hard) are enabled" - Display --indent 2 --text "- Checking core dumps configuration... " --result ENABLED --color YELLOW + Display --indent 2 --text "- Checking core dumps configuration" --result ENABLED --color YELLOW #YYY suggestion AddHP 1 2 else logtext "Result: core dumps (soft and hard) are both disabled" - Display --indent 2 --text "- Checking core dumps configuration... " --result DISABLED --color GREEN + Display --indent 2 --text "- Checking core dumps configuration" --result DISABLED --color GREEN CORE_DUMPS_DISABLED=1 AddHP 3 3 fi @@ -393,22 +393,22 @@ fi if [ "${FIND}" = "2" ]; then logtext "Result: programs can dump core dump, but only readable by root (value 2, for debugging with file protection)" - Display --indent 4 --text "- Checking setuid core dumps configuration... " --result PROTECTED --color GREEN + Display --indent 4 --text "- Checking setuid core dumps configuration" --result PROTECTED --color GREEN AddHP 1 1 elif [ "${FIND}" = "1" ]; then logtext "Result: all programs can perform core dumps (value 1, for debugging)" - Display --indent 2 --text "- Checking setuid core dumps configuration... " --result DEBUG --color YELLOW + Display --indent 2 --text "- Checking setuid core dumps configuration" --result DEBUG --color YELLOW ReportSuggestion ${TEST_NO} "Determine if really all binaries need to be able to core dump" AddHP 0 1 else logtext "Result: found default option, some programs can dump (not processes which need to change credentials)" - Display --indent 4 --text "- Checking setuid core dumps configuration... " --result DEFAULT --color YELLOW + Display --indent 4 --text "- Checking setuid core dumps configuration" --result DEFAULT --color YELLOW AddHP 1 1 fi # Check ulimit settings and harden it # echo 'ulimit -S -c 0 > /dev/null 2>&1' >> /etc/profile else - logtext "Result: file /etc/security/limits.conf does not exist, skipping test" + logtext "Result: file /etc/security/limits.conf does not exist, skipping test" fi fi # |