Welcome to mirror list, hosted at ThFree Co, Russian Federation.

github.com/CISOfy/lynis.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/include/tests_kernel
diff options
context:
space:
mode:
Diffstat (limited to 'include/tests_kernel')
-rw-r--r--include/tests_kernel50
1 files changed, 25 insertions, 25 deletions
diff --git a/include/tests_kernel b/include/tests_kernel
index a0107973..ae3b8c30 100644
--- a/include/tests_kernel
+++ b/include/tests_kernel
@@ -45,11 +45,11 @@
FIND2=`echo ${FIND} | egrep "runlevel5|graphical"`
if [ ! "${FIND2}" = "" ]; then
logtext "Result: Found match on runlevel5/graphical"
- Display --indent 2 --text "- Checking default runlevel..." --result "runlevel 5" --color GREEN
+ Display --indent 2 --text "- Checking default runlevel" --result "runlevel 5" --color GREEN
report "linux_default_runlevel=5"
else
logtext "Result: No match found on runlevel, defaulting to runlevel 3"
- Display --indent 2 --text "- Checking default runlevel..." --result "runlevel 3" --color GREEN
+ Display --indent 2 --text "- Checking default runlevel" --result "runlevel 3" --color GREEN
report "linux_default_runlevel=3"
fi
fi
@@ -62,13 +62,13 @@
logtext "Test: Checking /etc/inittab"
if [ -f /etc/inittab ]; then
logtext "Result: file /etc/inittab found"
- logtext "Test: Checking default Linux run level..."
+ logtext "Test: Checking default Linux run level"
FIND=`awk -F: '/^id/ { print $2; }' /etc/inittab | head -n 1`
if [ "${FIND}" = "" ]; then
Display --indent 2 --text "- Checking default runlevel" --result UNKNOWN --color YELLOW
logtext "Result: Can't determine default run level from /etc/inittab"
else
- Display --indent 2 --text "- Checking default run level..." --result "${FIND}" --color GREEN
+ Display --indent 2 --text "- Checking default run level" --result "${FIND}" --color GREEN
logtext "Found default run level '${FIND}'"
report "linux_default_runlevel=${FIND}"
fi
@@ -79,16 +79,16 @@
FIND=`who -r | awk '{ if ($1=="run-level") { print $2 } }'`
if [ ! "${FIND}" = "" ]; then
logtext "Result: Found default run level '${FIND}'"
- report "linux_default_runlevel=${FIND}"
- Display --indent 2 --text "- Checking default run level..." --result "RUNLEVEL ${FIND}" --color GREEN
- else
- logtext "Result: Can't determine default run level from who -r"
- Display --indent 2 --text "- Checking default run level..." --result UNKNOWN --color YELLOW
- fi
- fi
- fi
+ report "linux_default_runlevel=${FIND}"
+ Display --indent 2 --text "- Checking default run level" --result "RUNLEVEL ${FIND}" --color GREEN
+ else
+ logtext "Result: Can't determine default run level from who -r"
+ Display --indent 2 --text "- Checking default run level" --result UNKNOWN --color YELLOW
+ fi
+ fi
+ fi
fi
- fi
+ fi
#
#################################################################################
#
@@ -99,10 +99,10 @@
Register --test-no KRNL-5677 --os Linux --weight L --network NO --description "Check CPU options and support"
if [ ${SKIPTEST} -eq 0 ]; then
Display --indent 2 --text "- Checking CPU support (NX/PAE)"
- logtext "Test: Checking /proc/cpuinfo..."
+ logtext "Test: Checking /proc/cpuinfo"
if [ -f /proc/cpuinfo ]; then
logtext "Result: found /proc/cpuinfo"
- logtext "Test: Checking CPU options (XD/NX/PAE)..."
+ logtext "Test: Checking CPU options (XD/NX/PAE)"
FIND_PAE_NX=`cat /proc/cpuinfo | grep " pae " | grep " nx "`
FIND_PAE=`cat /proc/cpuinfo | grep " pae "`
FIND_NX=`cat /proc/cpuinfo | grep " nx "`
@@ -271,7 +271,7 @@
# Description : Checking FreeBSD loaded kernel modules
Register --test-no KRNL-5745 --os FreeBSD --weight L --network NO --description "Checking FreeBSD loaded kernel modules"
if [ ${SKIPTEST} -eq 0 ]; then
- Display --indent 2 --text "- Checking active kernel modules..."
+ Display --indent 2 --text "- Checking active kernel modules"
logtext "Test: ${KERNEL_ACTIVE_MODULES_TITLE}"
logtext "Description: ${KERNEL_ACTIVE_MODULES_DESCRIPTION}"
logtext "Action: Checking modules"
@@ -339,17 +339,17 @@
logtext "Kernel installed: ${FINDINST}"
logtext "Kernel candidate: ${FINDCAND}"
if [ "${FINDINST}" = "" ]; then
- Display --indent 2 --text "- Checking for available kernel update... " --result UNKNOWN --color YELLOW
+ Display --indent 2 --text "- Checking for available kernel update" --result UNKNOWN --color YELLOW
logtext "Result: Exception occured, no output from apt-cache policy"
ReportException "${TEST_NO}:01"
logtext "Exception: apt-cache policy did not return an installed kernel version"
ReportSuggestion ${TEST_NO} "Check the output of apt-cache policy manually to determine why output is empty"
else
if [ "${FINDINST}" = "${FINDCAND}" ]; then
- Display --indent 2 --text "- Checking for available kernel update... " --result OK --color GREEN
+ Display --indent 2 --text "- Checking for available kernel update" --result OK --color GREEN
logtext "Result: no kernel update available"
else
- Display --indent 2 --text "- Checking for available kernel update... " --result "UPDATE AVAILABLE" --color YELLOW
+ Display --indent 2 --text "- Checking for available kernel update" --result "UPDATE AVAILABLE" --color YELLOW
logtext "Result: kernel update available according 'apt-cache policy'."
ReportSuggestion ${TEST_NO} "Determine priority for available kernel update"
fi
@@ -373,12 +373,12 @@
FIND2=`cat /etc/security/limits.conf | grep -v "^#" | grep -v "^$" | awk '{ if ($1=="*" && $2=="hard" && $3=="core") { print "hard core enabled" } }'`
if [ "${FIND1}" = "soft core enabled" -o "${FIND2}" = "hard core enabled" ]; then
logtext "Result: core dumps (soft or hard) are enabled"
- Display --indent 2 --text "- Checking core dumps configuration... " --result ENABLED --color YELLOW
+ Display --indent 2 --text "- Checking core dumps configuration" --result ENABLED --color YELLOW
#YYY suggestion
AddHP 1 2
else
logtext "Result: core dumps (soft and hard) are both disabled"
- Display --indent 2 --text "- Checking core dumps configuration... " --result DISABLED --color GREEN
+ Display --indent 2 --text "- Checking core dumps configuration" --result DISABLED --color GREEN
CORE_DUMPS_DISABLED=1
AddHP 3 3
fi
@@ -393,22 +393,22 @@
fi
if [ "${FIND}" = "2" ]; then
logtext "Result: programs can dump core dump, but only readable by root (value 2, for debugging with file protection)"
- Display --indent 4 --text "- Checking setuid core dumps configuration... " --result PROTECTED --color GREEN
+ Display --indent 4 --text "- Checking setuid core dumps configuration" --result PROTECTED --color GREEN
AddHP 1 1
elif [ "${FIND}" = "1" ]; then
logtext "Result: all programs can perform core dumps (value 1, for debugging)"
- Display --indent 2 --text "- Checking setuid core dumps configuration... " --result DEBUG --color YELLOW
+ Display --indent 2 --text "- Checking setuid core dumps configuration" --result DEBUG --color YELLOW
ReportSuggestion ${TEST_NO} "Determine if really all binaries need to be able to core dump"
AddHP 0 1
else
logtext "Result: found default option, some programs can dump (not processes which need to change credentials)"
- Display --indent 4 --text "- Checking setuid core dumps configuration... " --result DEFAULT --color YELLOW
+ Display --indent 4 --text "- Checking setuid core dumps configuration" --result DEFAULT --color YELLOW
AddHP 1 1
fi
# Check ulimit settings and harden it
# echo 'ulimit -S -c 0 > /dev/null 2>&1' >> /etc/profile
else
- logtext "Result: file /etc/security/limits.conf does not exist, skipping test"
+ logtext "Result: file /etc/security/limits.conf does not exist, skipping test"
fi
fi
#
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-29 10:37:12 +0300