Welcome to mirror list, hosted at ThFree Co, Russian Federation.

github.com/CISOfy/lynis.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/include/tests_networking
diff options
context:
space:
mode:
Diffstat (limited to 'include/tests_networking')
-rw-r--r--include/tests_networking52
1 files changed, 26 insertions, 26 deletions
diff --git a/include/tests_networking b/include/tests_networking
index fb6c4f6b..c0d11b5e 100644
--- a/include/tests_networking
+++ b/include/tests_networking
@@ -33,13 +33,13 @@
# Description : Basic nameserver configuration tests (connectivity)
Register --test-no NETW-2704 --weight L --network YES --description "Basic nameserver configuration tests"
if [ ${SKIPTEST} -eq 0 ]; then
- Display --indent 2 --text "- Checking configured nameservers..."
+ Display --indent 2 --text "- Checking configured nameservers"
logtext "Test: Checking /etc/resolv.conf file"
if [ -f /etc/resolv.conf ]; then
logtext "Result: Found /etc/resolv.conf file"
FIND=`grep '^nameserver' /etc/resolv.conf | tr -d '\t' | sed 's/nameserver*//g'`
if [ ! "${FIND}" = "" ]; then
- Display --indent 4 --text "- Testing nameservers..."
+ Display --indent 4 --text "- Testing nameservers"
logtext "Test: Querying nameservers"
for I in ${FIND}; do
logtext "Found nameserver: ${I}"
@@ -53,12 +53,12 @@
# 0=good, other=bad
DNSRESPONSE=`${DIGBINARY} +noall +time=3 +retry=0 @${I} ${I} > /dev/null ; echo $?`
if [ "${DNSRESPONSE}" = "0" ]; then
- Display --indent 8 --text "Nameserver: ${I}..." --result OK --color GREEN
+ Display --indent 8 --text "Nameserver: ${I}" --result OK --color GREEN
logtext "Nameserver ${I} seems to respond to queries from this host."
# Count responsive nameservers
NUMBERACTIVENS=`expr ${NUMBERACTIVENS} + 1`
else
- Display --indent 8 --text "Nameserver: ${I}..." --result "NO RESPONSE" --color RED
+ Display --indent 8 --text "Nameserver: ${I}" --result "NO RESPONSE" --color RED
logtext "Result: nameserver ${I} does NOT respond"
logtext "Exit-code from dig: ${DNSRESPONSE}"
ReportSuggestion ${TEST_NO} "Check connection to this nameserver and make sure no outbound DNS queries are blocked (port 53 UDP and TCP)."
@@ -66,7 +66,7 @@
fi
else
logtext "Result: Nameserver test for ${I} skipped, 'dig' not installed"
- Display --indent 6 --text "Nameserver: ${I}... " --result SKIPPED --color YELLOW
+ Display --indent 6 --text "Nameserver: ${I}" --result SKIPPED --color YELLOW
fi
done
fi
@@ -82,19 +82,19 @@
if [ ${SKIPTEST} -eq 0 ]; then
if [ ! "${DIGBINARY}" = "" ]; then
if [ ${NUMBERACTIVENS} -lt 2 ]; then
- Display --indent 4 --text "- Minimal of 2 responsive nameservers..." --result WARNING --color RED
+ Display --indent 4 --text "- Minimal of 2 responsive nameservers" --result WARNING --color RED
logtext "Result: less than 2 responsive nameservers found"
ReportWarning ${TEST_NO} "L" "Couldn't find 2 responsive nameservers"
logtext "Note: Non responsive nameservers can give problems for your system(s). Like the lack of recursive lookups, bad connectivity to update servers etc."
ReportSuggestion ${TEST_NO} "Check your resolv.conf file and fill in a backup nameserver if possible"
AddHP 1 2
else
- Display --indent 4 --text "- Minimal of 2 responsive nameservers..." --result OK --color GREEN
+ Display --indent 4 --text "- Minimal of 2 responsive nameservers" --result OK --color GREEN
logtext "Result: found at least 2 responsive nameservers"
AddHP 3 3
fi
else
- Display --indent 4 --text "- Minimal of 2 responsive nameservers..." --result SKIPPED --color YELLOW
+ Display --indent 4 --text "- Minimal of 2 responsive nameservers" --result SKIPPED --color YELLOW
logtext "Result: dig not installed, test can't be fully performed"
fi
else
@@ -109,17 +109,17 @@
if [ ! "${NETSTATBINARY}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
Register --test-no NETW-3001 --preqs-met ${PREQS_MET} --weight L --network NO --description "Find default gateway (route)"
if [ $SKIPTEST -eq 0 ]; then
- logtext "Test: Searching default gateway(s)..."
+ logtext "Test: Searching default gateway(s)"
FIND=`${NETSTATBINARY} -rn | egrep "^0.0.0.0|default" | tr -s ' ' | cut -d ' ' -f2`
if [ ! "${FIND}" = "" ]; then
for I in ${FIND}; do
logtext "Result: Found default gateway ${I}"
report "default_gateway[]=${I}"
done
- Display --indent 2 --text "- Checking default gateway..." --result DONE --color GREEN
+ Display --indent 2 --text "- Checking default gateway" --result DONE --color GREEN
else
logtext "Result: No default gateway found"
- Display --indent 2 --text "- Checking default gateway..." --result "NONE FOUND" --color WHITE
+ Display --indent 2 --text "- Checking default gateway" --result "NONE FOUND" --color WHITE
fi
fi
#
@@ -279,7 +279,7 @@
esac
# Retrieve information from sockstat, when available
- logtext "Test: Retrieving sockstat information to find listening ports..."
+ logtext "Test: Retrieving sockstat information to find listening ports"
if [ ! "${FIND}" = "" ]; then
for I in ${FIND}; do
N=`expr ${N} + 1`
@@ -296,9 +296,9 @@
done
fi
if [ "${FIND}" = "" -a "${FIND2}" = "" ]; then
- Display --indent 2 --text "- Getting listening ports (TCP/UDP)..." --result SKIPPED --color YELLOW
+ Display --indent 2 --text "- Getting listening ports (TCP/UDP)" --result SKIPPED --color YELLOW
else
- Display --indent 2 --text "- Getting listening ports (TCP/UDP)..." --result DONE --color GREEN
+ Display --indent 2 --text "- Getting listening ports (TCP/UDP)" --result DONE --color GREEN
Display --indent 6 --text "* Found ${N} ports"
fi
fi
@@ -311,7 +311,7 @@
if [ "${OS}" = "DragonFly" -o "${OS}" = "FreeBSD" -o "${OS}" = "NetBSD" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
Register --test-no NETW-3014 --preqs-met ${PREQS_MET} --weight L --network NO --description "Checking promiscuous interfaces (BSD)"
if [ ${SKIPTEST} -eq 0 ]; then
- logtext "Test: Checking promiscuous interfaces (FreeBSD)..."
+ logtext "Test: Checking promiscuous interfaces (FreeBSD)"
FIND=`${IFCONFIGBINARY} | grep PROMISC | cut -d ':' -f1`
if [ ! "${FIND}" = "" ]; then
logtext "Result: Promiscuous interfaces: ${FIND}"
@@ -329,10 +329,10 @@
# Show result
if [ ${FOUNDPROMISC} -eq 0 ]; then
- Display --indent 2 --text "- Checking promiscuous interfaces..." --result OK --color GREEN
+ Display --indent 2 --text "- Checking promiscuous interfaces" --result OK --color GREEN
logtext "Result: No promiscuous interfaces found"
else
- Display --indent 2 --text "- Checking promiscuous interfaces..." --result WARNING --color RED
+ Display --indent 2 --text "- Checking promiscuous interfaces" --result WARNING --color RED
fi
fi
#
@@ -364,10 +364,10 @@
# Show result
if [ ${FOUNDPROMISC} -eq 0 ]; then
- Display --indent 2 --text "- Checking promiscuous interfaces..." --result OK --color GREEN
+ Display --indent 2 --text "- Checking promiscuous interfaces" --result OK --color GREEN
logtext "Result: No promiscuous interfaces found"
else
- Display --indent 2 --text "- Checking promiscuous interfaces..." --result WARNING --color RED
+ Display --indent 2 --text "- Checking promiscuous interfaces" --result WARNING --color RED
fi
fi
#
@@ -380,8 +380,8 @@
#
# Test : NETW-3024
# Description : Netstat/socktstat compare (FreeBSD)
- # echo -n " - Comparing output sockstat and netstat... "
- # logtext "Comparing output of sockstat and netstat... "
+ # echo -n " - Comparing output sockstat and netstat"
+ # logtext "Comparing output of sockstat and netstat"
# NETSTATOUTPUT=`netstat -an | grep -v 'TIME_WAIT' | grep -v 'ESTABLISHED' | grep -v 'SYN_SENT' | grep -v 'CLOSE_WAIT' | grep -v 'LAST_ACK' | grep -v 'SYN_RECV' | grep -v 'CLOSING' | cut -c 1-44 | grep '*.' | cut -c 24-32 | tr -d ' ' | tr -d '\t' | grep -v '*' | sort | uniq`
#
# if [ "${SOCKSTATOUTPUT}" = "${NETSTATOUTPUT}" ]; then
@@ -401,15 +401,15 @@
if [ ! "${NETSTATBINARY}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
Register --test-no NETW-3028 --preqs-met ${PREQS_MET} --weight L --network NO --description "Checking connections in WAIT state"
if [ ${SKIPTEST} -eq 0 ]; then
- logtext "Test: Using netstat for check for connections in WAIT state..."
+ logtext "Test: Using netstat for check for connections in WAIT state"
FIND=`${NETSTATBINARY} -an | grep WAIT | wc -l | awk '{ print $1 }'`
if [ "${OPTIONS_CONN_MAX_WAIT_STATE}" = "" ]; then OPTIONS_CONN_MAX_WAIT_STATE="100"; fi
logtext "Result: currently ${FIND} connections are in a waiting state (max configured: ${OPTIONS_CONN_MAX_WAIT_STATE})."
if [ ${FIND} -gt ${OPTIONS_CONN_MAX_WAIT_STATE} ]; then
- Display --indent 2 --text "- Checking waiting connections..." --result WARNING --color YELLOW
+ Display --indent 2 --text "- Checking waiting connections" --result WARNING --color YELLOW
ReportWarning ${TEST_NO} "H" "Found too much connections in WAIT state (${FIND})"
else
- Display --indent 2 --text "- Checking waiting connections..." --result OK --color GREEN
+ Display --indent 2 --text "- Checking waiting connections" --result OK --color GREEN
logtext "Result: ${FIND} connections are in WAIT state"
fi
fi
@@ -422,12 +422,12 @@
if [ ${SKIPTEST} -eq 0 ]; then
IsRunning dhclient
if [ ${RUNNING} -eq 1 ]; then
- Display --indent 2 --text "- Checking status DHCP client..." --result RUNNING --color WHITE
+ Display --indent 2 --text "- Checking status DHCP client" --result RUNNING --color WHITE
#YYY report if system type is server, that it is running with DHCP client, might be a badly configured machine
#report "manual[]=System is running DHCP client"
DHCP_CLIENT_RUNNING=1
else
- Display --indent 2 --text "- Checking status DHCP client..." --result "NOT ACTIVE" --color WHITE
+ Display --indent 2 --text "- Checking status DHCP client" --result "NOT ACTIVE" --color WHITE
fi
fi
#
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-29 23:59:51 +0300