From 34a2742cdb14c11f965498621d36df78cdbc3303 Mon Sep 17 00:00:00 2001
From: Michael Boelen <michael.boelen@cisofy.com>
Date: Tue, 26 Feb 2019 16:15:15 +0100
Subject: Initial support for end-of-life OS detection

---
 db/software-eol.db  | 22 ++++++++++++++++++++++
 include/osdetection | 21 +++++++++++++++++++++
 lynis               |  6 ++++++
 3 files changed, 49 insertions(+)
 create mode 100644 db/software-eol.db

diff --git a/db/software-eol.db b/db/software-eol.db
new file mode 100644
index 00000000..9bf96c12
--- /dev/null
+++ b/db/software-eol.db
@@ -0,0 +1,22 @@
+# End-of-life for operating systems and software
+# FreeBSD - https://www.freebsd.org/releases/
+os:FreeBSD 9.3:2014-07-01:
+os:FreeBSD 10.0:2014-01-01:
+os:FreeBSD 10.1:2014-11-01:
+os:FreeBSD 10.2:2015-08-01:
+os:FreeBSD 10.3:2016-04-01:
+os:FreeBSD 10.4:2017-10-01:
+os:FreeBSD 11.0:2016-10-01:
+os:FreeBSD 11.1:2017-07-01:
+# Ubuntu - https://wiki.ubuntu.com/Kernel/LTSEnablementStack
+os:Ubuntu 14.04:2019-05-01:
+os:Ubuntu 14.10:2015-07-01:
+os:Ubuntu 15.04:2016-01-01:
+os:Ubuntu 15.10:2016-07-01:
+os:Ubuntu 16.04:2021-05-01:
+os:Ubuntu 16.10:2017-07-01:
+os:Ubuntu 17.04:2018-01-01:
+os:Ubuntu 17.10:2018-07-01:
+os:Ubuntu 18.04:2023-05-01:
+os:Ubuntu 18.10:2019-07-01:
+os:Ubuntu 19.04:2020-01-01:
\ No newline at end of file
diff --git a/include/osdetection b/include/osdetection
index 855dc021..959d3a9e 100644
--- a/include/osdetection
+++ b/include/osdetection
@@ -509,6 +509,27 @@
         QNAP_DEVICE=1
     fi
 
+    # Check if this OS is end-of-life
+    EOL=255
+    EOL_DATE=""
+    if [ ! -z "${OS_VERSION}" ]; then
+        if [ -f "${DBDIR}/software-eol.db" ]; then
+            FIND="${OS_FULLNAME}"
+            EOL_DATE=$(awk -v value="${FIND}" -F: '{if ($1=="os" && $2 ~ value){print $3}}' ${DBDIR}/software-eol.db | head -n 1)
+            if [ ! -z "${EOL_DATE}" ]; then
+                NOW=$(date "+%s")
+                FIND=$(date "+%s" --date=${EOL_DATE})
+                if [ ! -z "${FIND}" ]; then
+                    if [ ${NOW} -gt ${FIND} ]; then
+                        EOL=1
+                    else
+                        EOL=0
+                    fi
+                fi
+            fi
+        fi
+    fi
+
 
 #================================================================================
 # Lynis - Security Auditing and System Hardening for Linux and UNIX - https://cisofy.com
diff --git a/lynis b/lynis
index a882af11..1e94de16 100755
--- a/lynis
+++ b/lynis
@@ -609,6 +609,12 @@ ${NORMAL}
         echo "  Operating system:          ${OS}"
         echo "  Operating system name:     ${OS_NAME}"
         echo "  Operating system version:  ${OS_VERSION}"
+        LogText "EOL check: ${EOL}"
+        if [ ${EOL} -eq 1 ]; then
+            echo "  End-of-life:               ${WARNING}YES${NORMAL}"
+            ReportWarning "GEN-0010" "This version ${OS_VERSION} is marked end-of-life as of ${EOL_DATE}"
+        fi
+
         if [ ! -z "${OS_MODE}" ]; then echo "  Operating system mode:     ${OS_MODE}"; fi
         echo "  Kernel version:            ${OS_KERNELVERSION}"
         echo "  Hardware platform:         ${HARDWARE}"
-- 
cgit v1.2.3