Welcome to mirror list, hosted at ThFree Co, Russian Federation.

github.com/CISOfy/lynis.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/include/tests_malware
diff options
context:
space:
mode:
Diffstat (limited to 'include/tests_malware')
-rw-r--r--include/tests_malware55
1 files changed, 55 insertions, 0 deletions
diff --git a/include/tests_malware b/include/tests_malware
index 4f68b9aa..cb13ca96 100644
--- a/include/tests_malware
+++ b/include/tests_malware
@@ -37,9 +37,12 @@
KASPERSKY_SCANNER_RUNNING=0
MCAFEE_SCANNER_RUNNING=0
MALWARE_SCANNER_INSTALLED=0
+ MALWARE_DAEMON_RUNNING=0
+ ROOTKIT_SCANNER_FOUND=0
SOPHOS_SCANNER_RUNNING=0
SYMANTEC_SCANNER_RUNNING=0
SYNOLOGY_DAEMON_RUNNING=0
+ TRENDMICRO_DSA_DAEMON_RUNNING=0
#
#################################################################################
#
@@ -52,6 +55,7 @@
Display --indent 2 --text "- ${GEN_CHECKING} chkrootkit" --result "${STATUS_FOUND}" --color GREEN
LogText "Result: Found ${CHKROOTKITBINARY}"
MALWARE_SCANNER_INSTALLED=1
+ ROOTKIT_SCANNER_FOUND=1
AddHP 2 2
Report "malware_scanner[]=chkrootkit"
else
@@ -70,6 +74,7 @@
Display --indent 2 --text "- ${GEN_CHECKING} Rootkit Hunter" --result "${STATUS_FOUND}" --color GREEN
LogText "Result: Found ${RKHUNTERBINARY}"
MALWARE_SCANNER_INSTALLED=1
+ ROOTKIT_SCANNER_FOUND=1
AddHP 2 2
Report "malware_scanner[]=rkhunter"
else
@@ -108,6 +113,7 @@
if IsRunning "com.avast.daemon"; then
FOUND=1
AVAST_DAEMON_RUNNING=1
+ MALWARE_DAEMON_RUNNING=1
MALWARE_SCANNER_INSTALLED=1
if IsVerbose; then Display --indent 2 --text "- ${GEN_CHECKING} Avast daemon" --result "${STATUS_FOUND}" --color GREEN; fi
LogText "Result: found Avast security product"
@@ -119,6 +125,7 @@
if IsRunning "avqmd"; then
FOUND=1
AVIRA_DAEMON_RUNNING=1
+ MALWARE_DAEMON_RUNNING=1
MALWARE_SCANNER_INSTALLED=1
if IsVerbose; then Display --indent 2 --text "- ${GEN_CHECKING} Avira daemon" --result "${STATUS_FOUND}" --color GREEN; fi
LogText "Result: found Avira security product"
@@ -130,6 +137,7 @@
if IsRunning "bdagentd" || IsRunning "epagd"; then
FOUND=1
BITDEFENDER_DAEMON_RUNNING=1
+ MALWARE_DAEMON_RUNNING=1
MALWARE_SCANNER_INSTALLED=1
if IsVerbose; then Display --indent 2 --text "- ${GEN_CHECKING} Bitdefender agent" --result "${STATUS_FOUND}" --color GREEN; fi
LogText "Result: found Bitdefender security product"
@@ -154,6 +162,7 @@
if IsVerbose; then Display --indent 2 --text "- ${GEN_CHECKING} CylancePROTECT" --result "${STATUS_FOUND}" --color GREEN; fi
LogText "Result: found CylancePROTECT service"
AVAST_DAEMON_RUNNING=1
+ MALWARE_DAEMON_RUNNING=1
MALWARE_SCANNER_INSTALLED=1
Report "malware_scanner[]=cylance-protect"
fi
@@ -163,6 +172,7 @@
if IsRunning "esets_daemon"; then
FOUND=1
ESET_DAEMON_RUNNING=1
+ MALWARE_DAEMON_RUNNING=1
MALWARE_SCANNER_INSTALLED=1
if IsVerbose; then Display --indent 2 --text "- ${GEN_CHECKING} ESET daemon" --result "${STATUS_FOUND}" --color GREEN; fi
LogText "Result: found ESET security product"
@@ -181,6 +191,7 @@
FOUND=1
if IsVerbose; then Display --indent 2 --text "- ${GEN_CHECKING} Kaspersky" --result "${STATUS_FOUND}" --color GREEN; fi
LogText "Result: Found Kaspersky"
+ MALWARE_DAEMON_RUNNING=1
MALWARE_SCANNER_INSTALLED=1
Report "malware_scanner[]=kaspersky"
fi
@@ -197,6 +208,7 @@
FOUND=1
if IsVerbose; then Display --indent 2 --text "- ${GEN_CHECKING} McAfee" --result "${STATUS_FOUND}" --color GREEN; fi
LogText "Result: Found McAfee"
+ MALWARE_DAEMON_RUNNING=1
MALWARE_SCANNER_INSTALLED=1
Report "malware_scanner[]=mcafee"
fi
@@ -215,6 +227,7 @@
if [ ${SOPHOS_SCANNER_RUNNING} -eq 1 ]; then
if IsVerbose; then Display --indent 2 --text "- ${GEN_CHECKING} Sophos" --result "${STATUS_FOUND}" --color GREEN; fi
LogText "Result: Found Sophos"
+ MALWARE_DAEMON_RUNNING=1
MALWARE_SCANNER_INSTALLED=1
Report "malware_scanner[]=sophos"
fi
@@ -235,6 +248,7 @@
if [ ${SYMANTEC_SCANNER_RUNNING} -eq 1 ]; then
if IsVerbose; then Display --indent 2 --text "- ${GEN_CHECKING} Symantec" --result "${STATUS_FOUND}" --color GREEN; fi
LogText "Result: found one or more Symantec components"
+ MALWARE_DAEMON_RUNNING=1
MALWARE_SCANNER_INSTALLED=1
FOUND=1
Report "malware_scanner[]=symantec"
@@ -245,18 +259,33 @@
if IsRunning "synoavd"; then
FOUND=1
SYNOLOGY_DAEMON_RUNNING=1
+ MALWARE_DAEMON_RUNNING=1
MALWARE_SCANNER_INSTALLED=1
if IsVerbose; then Display --indent 2 --text "- ${GEN_CHECKING} Synology Antivirus Essential" --result "${STATUS_FOUND}" --color GREEN; fi
LogText "Result: found Synology Antivirus Essential"
Report "malware_scanner[]=synoavd"
fi
+ # Trend Micro Anti Malware for Linux
+ # Typically ds_agent is running as well, the Deep Security Agent
+ LogText "Test: checking process ds_agent to test for Trend Micro Deep Anti Malware component"
+ if IsRunning "ds_am"; then
+ if IsVerbose; then Display --indent 2 --text "- ${GEN_CHECKING} Trend Micro Anti Malware" --result "${STATUS_FOUND}" --color GREEN; fi
+ LogText "Result: found Trend Micro Anti Malware component"
+ FOUND=1
+ MALWARE_SCANNER_INSTALLED=1
+ MALWARE_DAEMON_RUNNING=1
+ TRENDMICRO_DSA_DAEMON_RUNNING=1
+ Report "malware_scanner[]=trend-micro-am"
+ fi
+
# TrendMicro (macOS)
LogText "Test: checking process TmccMac to test for Trend Micro anti-virus (macOS)"
if IsRunning "TmccMac"; then
if IsVerbose; then Display --indent 2 --text "- ${GEN_CHECKING} Trend Micro anti-virus" --result "${STATUS_FOUND}" --color GREEN; fi
LogText "Result: found Trend Micro component"
FOUND=1
+ MALWARE_DAEMON_RUNNING=1
MALWARE_SCANNER_INSTALLED=1
Report "malware_scanner[]=trend-micro-av"
fi
@@ -298,6 +327,7 @@
if IsRunning "clamd"; then
Display --indent 2 --text "- ${GEN_CHECKING} ClamAV daemon" --result "${STATUS_FOUND}" --color GREEN
LogText "Result: found running clamd process"
+ MALWARE_DAEMON_RUNNING=1
MALWARE_SCANNER_INSTALLED=1
CLAMD_RUNNING=1
else
@@ -354,6 +384,31 @@
#
#################################################################################
#
+ # Test : MALW-3290
+ # Description : Presence of malware scanners
+ Register --test-no MALW-3290 --weight L --network NO --category security --description "Presence of for malware detection"
+ if [ ${SKIPTEST} -eq 0 ]; then
+ if [ ${MALWARE_SCANNER_INSTALLED} -eq 0 ]; then
+ Display --indent 2 --text "- Malware software components" --result "${STATUS_NOT_FOUND}" --color YELLOW
+ else
+ Display --indent 2 --text "- Malware software components" --result "${STATUS_FOUND}" --color GREEN
+ if [ ${MALWARE_DAEMON_RUNNING} -eq 0 ]; then
+ Display --indent 4 --text "- Active agent" --result "${STATUS_NOT_FOUND}" --color WHITE
+ else
+ Display --indent 4 --text "- Active agent" --result "${STATUS_FOUND}" --color GREEN
+ fi
+ if [ ${ROOTKIT_SCANNER_FOUND} -eq 0 ]; then
+ Display --indent 4 --text "- Rootkit scanner" --result "${STATUS_NOT_FOUND}" --color WHITE
+ else
+ Display --indent 4 --text "- Rootkit scanner" --result "${STATUS_FOUND}" --color GREEN
+ fi
+ fi
+ fi
+#
+#################################################################################
+#
+
+
Report "malware_scanner_installed=${MALWARE_SCANNER_INSTALLED}"
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-19 06:02:20 +0300