Welcome to mirror list, hosted at ThFree Co, Russian Federation.

github.com/CISOfy/lynis.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/include/tests_ports_packages
diff options
context:
space:
mode:
Diffstat (limited to 'include/tests_ports_packages')
-rw-r--r--include/tests_ports_packages65
1 files changed, 33 insertions, 32 deletions
diff --git a/include/tests_ports_packages b/include/tests_ports_packages
index 8fd32769..42723a6c 100644
--- a/include/tests_ports_packages
+++ b/include/tests_ports_packages
@@ -5,7 +5,7 @@
# Lynis
# ------------------
#
-# Copyright 2007-2014, Michael Boelen (michael@rootkit.nl), The Netherlands
+# Copyright 2007-2015, Michael Boelen (michael@rootkit.nl), The Netherlands
# Web site: http://www.rootkit.nl
#
# Lynis comes with ABSOLUTELY NO WARRANTY. This is free software, and you are
@@ -21,6 +21,7 @@
InsertSection "Ports and packages"
PACKAGE_MGR_PKG=0
PKG_AUDIT_TOOL_FOUND=0
+ INSTALLED_PACKAGES=""
#
#################################################################################
#
@@ -36,19 +37,17 @@
Display --indent 4 --text "- Searching packages with pkg" --result FOUND --color GREEN
report "package_manager[]=pkg"
PACKAGE_MGR_PKG=1
- #logtext "Result: Found pkg"
- #logtext "Test: Querying pkg to get package list"
- #Display --indent 6 --text "- Querying pkg for installed packages"
- #logtext "Output:"; logtext "-----"
- #SPACKAGES=`/usr/sbin/pkg_info 2>&1 | sort | tr -s ' ' | cut -d ' ' -f1 | sed -e 's/^\(.*\)-\([0-9].*\)$/\1,\2/g'`
- #for J in ${SPACKAGES}; do
- # sPKG_NAME=`echo ${J} | cut -d ',' -f1`
- # sPKG_VERSION=`echo ${J} | cut -d ',' -f2`
- # logtext "Installed package: ${sPKG_NAME} (version: ${sPKG_VERSION})"
- # report "installed_package[]=${sPKG_NAME}|${sPKG_VERSION}|"
- #done
- else
- Display --indent 4 --text "- Searching pkg" --result "NOT INSTALLED" --color YELLOW
+ logtext "Result: Found pkg"
+ logtext "Test: Querying pkg to get package list"
+ Display --indent 6 --text "- Querying pkg for installed packages"
+ logtext "Output:"; logtext "-----"
+ SPACKAGES=`/usr/sbin/pkg query %n,%v`
+ for J in ${SPACKAGES}; do
+ sPKG_NAME=`echo ${J} | cut -d ',' -f1`
+ sPKG_VERSION=`echo ${J} | cut -d ',' -f2`
+ logtext "Installed package: ${sPKG_NAME} (version: ${sPKG_VERSION})"
+ INSTALLED_PACKAGES="${INSTALLED_PACKAGES}|${J}"
+ done
fi
fi
#
@@ -72,7 +71,7 @@
sPKG_NAME=`echo ${J} | cut -d ',' -f1`
sPKG_VERSION=`echo ${J} | cut -d ',' -f2`
logtext "Installed package: ${sPKG_NAME} (version: ${sPKG_VERSION})"
- report "installed_package[]=${sPKG_NAME}|${sPKG_VERSION}|"
+ INSTALLED_PACKAGES="${INSTALLED_PACKAGES}|${J}"
done
report "installed_packages=${N}"
fi
@@ -122,7 +121,7 @@
GPACKAGES=`equery l '*' | sed -e 's/[.*]//g'`
for J in ${GPACKAGES}; do
logtext "Found package ${J}"
- report "installed_package[]=${J}||"
+ INSTALLED_PACKAGES="${INSTALLED_PACKAGES}|${J},0,"
done
else
logtext "Result: emerge can NOT be found on this system"
@@ -146,7 +145,7 @@
SPACKAGES=`/usr/bin/pkginfo -i | tr -s ' ' | cut -d ' ' -f2 | sed "s#^SUNW##"`
for J in ${SPACKAGES}; do
logtext "Found package ${J}"
- report "installed_package[]=${J}||"
+ INSTALLED_PACKAGES="${INSTALLED_PACKAGES}|${J},0,"
done
else
logtext "Result: pkginfo can NOT be found on this system"
@@ -176,7 +175,7 @@
for J in ${SPACKAGES}; do
N=`expr ${N} + 1`
logtext "Found package: ${J}"
- report "installed_package[]=${J}||"
+ INSTALLED_PACKAGES="${INSTALLED_PACKAGES}|${J},0,"
done
report "installed_packages=${N}"
fi
@@ -209,7 +208,7 @@
PACKAGE_NAME=`echo ${J} | awk -F, '{ print $1 }'`
PACKAGE_VERSION=`echo ${J} | awk -F, '{ print $2 }'`
logtext "Found package: ${PACKAGE_NAME} (version: ${PACKAGE_VERSION})"
- report "installed_package[]=${PACKAGE_NAME}|${PACKAGE_VERSION}|"
+ INSTALLED_PACKAGES="${INSTALLED_PACKAGES}|${J}"
done
report "installed_packages=${N}"
fi
@@ -286,7 +285,7 @@
for I in ${FIND}; do
N=`expr ${N} + 1`
logtext "Installed package: ${I}"
- report "installed_package[]=${I}|-|"
+ INSTALLED_PACKAGES="${INSTALLED_PACKAGES}|${J},0,"
done
report "installed_packages=${N}"
else
@@ -334,13 +333,13 @@
logtext "Test: Querying dpkg -l to get package list"
Display --indent 6 --text "- Querying package manager"
logtext "Output:"
- SPACKAGES=`dpkg -l 2>/dev/null | grep "^ii" | tr -s ' ' | tr ' ' '#' | sort`
+ SPACKAGES=`dpkg -l 2>/dev/null | grep "^ii" | tr -s ' ' | tr ' ' ',' | sort`
for J in ${SPACKAGES}; do
N=`expr ${N} + 1`
- PACKAGE_NAME=`echo ${J} | cut -d '#' -f2`
- PACKAGE_VERSION=`echo ${J} | cut -d '#' -f3`
+ PACKAGE_NAME=`echo ${J} | cut -d ',' -f2`
+ PACKAGE_VERSION=`echo ${J} | cut -d ',' -f3`
logtext "Found package: ${PACKAGE_NAME} (version: ${PACKAGE_VERSION})"
- report "installed_package[]=${PACKAGE_NAME}|${PACKAGE_VERSION}|"
+ INSTALLED_PACKAGES="${INSTALLED_PACKAGES}|${PACKAGE_NAME},${PACKAGE_VERSION}"
done
report "installed_packages=${N}"
else
@@ -468,7 +467,8 @@
#
# Test : PKGS-7381
# Description : Check for vulnerable FreeBSD packages (with pkg)
- Register --test-no PKGS-7381 --os FreeBSD --weight L --network NO --description "Check for vulnerable FreeBSD packages"
+ if [ -x /usr/sbin/pkg -a /var/db/pkg/vuln.xml ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
+ Register --test-no PKGS-7381 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check for vulnerable FreeBSD packages"
if [ ${SKIPTEST} -eq 0 ]; then
if [ -x /usr/sbin/pkg ]; then
FIND=`/usr/sbin/pkg audit | grep 'problem(s) in your installed packages found' | grep -v '0 problem(s) in your installed packages found'`
@@ -502,9 +502,10 @@
#
# Test : PKGS-7382
# Description : Check for vulnerable FreeBSD packages
- Register --test-no PKGS-7382 --os FreeBSD --weight L --network NO --description "Check for vulnerable FreeBSD packages"
+ # Notes : Newer machines should use pkg audit instead of portaudit
+ if [ -x /usr/local/sbin/portaudit ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
+ Register --test-no PKGS-7382 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check for vulnerable FreeBSD packages"
if [ ${SKIPTEST} -eq 0 ]; then
- if [ -x /usr/local/sbin/portaudit ]; then
PKG_AUDIT_TOOL_FOUND=1
FIND=`/usr/local/sbin/portaudit | grep 'problem(s) in your installed packages found' | grep -v '0 problem(s) in your installed packages found'`
if [ "${FIND}" = "" ]; then
@@ -523,10 +524,6 @@
AddHP 1 2
done
fi
- else
- # Don't advice portaudit anymore, as pkg audit is the replacement (pkgng)
- logtext "Result: Portaudit not installed, can't perform vulnerability test."
- fi
fi
#
#################################################################################
@@ -935,6 +932,10 @@
# check for yum-changelog
+if [ ! "${INSTALLED_PACKAGES}" = "" ]; then
+ report "installed_packages_array=${INSTALLED_PACKAGES}"
+fi
+
report "pkg_audit_tool=${PKG_AUDIT_TOOL}"
report "pkg_audit_tool_found=${PKG_AUDIT_TOOL_FOUND}"
@@ -943,4 +944,4 @@ wait_for_keypress
#
#================================================================================
-# Lynis - Copyright 2007-2014, Michael Boelen - www.rootkit.nl - The Netherlands
+# Lynis - Copyright 2007-2015 Michael Boelen, CISOfy - https://cisofy.com
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-29 10:38:24 +0300