From bac442c6fe63da6b0cbfbc3c8e27c1126ca7da46 Mon Sep 17 00:00:00 2001 From: Michael Boelen Date: Tue, 5 Jul 2016 17:26:27 +0200 Subject: Migrate to new options, including skip-plugins --- default.prf | 120 ++++++++++++++++++++++++++-------------------------- include/consts | 2 +- include/helper_show | 2 + include/profiles | 25 +++++++---- include/report | 2 +- lynis | 4 +- 6 files changed, 82 insertions(+), 73 deletions(-) diff --git a/default.prf b/default.prf index 2e80f8da..ddd9eafd 100644 --- a/default.prf +++ b/default.prf @@ -1,11 +1,24 @@ ################################################################################# # +# # Lynis - Scan Profile (default) # # This is the default profile and contains default values. # -# Do not change this file directly. Instead copy over the settings you need -# to a new file (custom.prf) and keep it tidy. +# +################################################################################# +# +# +# SUGGESTION +# ---------- +# +# Do NOT make changes to this file, instead copy your preferred settings to +# custom.prf and put it in the same directory as default.prf +# +# To discover where your profiles are located: lynis show profiles +# +# +################################################################################# # # All empty lines or with the # prefix will be skipped # @@ -14,37 +27,53 @@ # ################################################################################# + +# Show non-zero exit code when warnings are found +error-on-warnings=no + +# Use Lynis in your own language (available languages: en fr nl) +language=en + +# Defines the role of the system (desktop, server) +machine-role=server + # Profile name, will be used as title/description profile-name=Default Audit Template # Number of seconds to pause between every test (0 is no pause) pause-between-tests=0 -################################################################################# -# -# Testing options -# --------------- -# -################################################################################# +# Enable quick mode (no waiting for keypresses, same as --quick option) +quick=no -# ** Scan type ** -# -# Description: How deep the audit should be -# Values: light, normal or full (default) -# +# Show inline tips about the tool +show-tool-tips=yes + +# Skip plugins +skip-plugins=no + +# Skip a test (one per line) +#skip-test=SSH-7408 + +# Skip a particular option within a test (when applicable) +#skip-test=SSH-7408:loglevel +#skip-test=SSH-7408:permitrootlogin + +# Scan type - how deep the audit should be (light, normal or full) test-scan-mode=full -# ** Skip one or more specific tests ** -# (always ignores scan mode and will make sure the test is skipped) -# -# config:test_skip_always:AAAA-1234 BBBB-5678 CCCC-9012: -# ** Define machine role ** +################################################################################# # -# Description: defines the role of the system -# Values: desktop, server (default) +# SUGGESTION +# ---------- # -machine-role=server +# Do NOT make changes to this file, instead copy your preferred settings to +# custom.prf and put it in the same directory as default.prf +# +# To discover where your profiles are located: lynis show profiles +# +################################################################################# ################################################################################# # @@ -85,6 +114,15 @@ plugin=systemd plugin=users + + +################################################################################# +# +# Configuration (Old Style) - will be replaced in phases +# +################################################################################# + + ################################################################################# # # Kernel options @@ -374,45 +412,5 @@ license-key= config:compliance_standards:cis,hipaa,iso27001,pci-dss: -################################################################################# -# -# Configuration (New Style) -# -################################################################################# - -# Show non-zero exit code when warnings are found -error-on-warnings=no - -# Use Lynis in your own language (available languages: en fr nl) -language=en - -# Enable quick mode (no waiting for keypresses, same as --quick option) -quick=no - -# Show inline tips about the tool -show-tool-tips=yes - -# Skip plugins -skip-plugins=no - -# Skip a test (one per line) -#skip-test=SSH-7408 - -# Skip a particular option within a test (when applicable) -#skip-test=SSH-7408:loglevel -#skip-test=SSH-7408:permitrootlogin - - -################################################################################# -# -# SUGGESTION -# ---------- -# -# Do NOT make changes to this file, instead copy your preferred settings to -# custom.prf and put it in the same directory as default.prf -# -# To discover where your profiles are located: lynis show profiles -# -################################################################################# #EOF diff --git a/include/consts b/include/consts index 9f907527..d4d61482 100644 --- a/include/consts +++ b/include/consts @@ -153,7 +153,6 @@ unset LANG RKHUNTERBINARY="" RPMBINARY="" RUN_HELPERS=0 - RUN_PLUGINS=1 RUN_TESTS=1 SAMHAINBINARY="" SCAN_TEST_HEAVY=""; SCAN_TEST_MEDIUM=""; SCAN_TEST_LOW="" @@ -166,6 +165,7 @@ unset LANG SHOW_PROGRAM_DETAILS=1 SHOW_REPORT=1 SHOW_WARNINGS_ONLY=0 + SKIP_PLUGINS=0 SKIP_TESTS="" SKIPPED_TESTS_ROOTONLY="" SSHKEYSCANBINARY="" diff --git a/include/helper_show b/include/helper_show index 5a6662f7..8acb69f5 100644 --- a/include/helper_show +++ b/include/helper_show @@ -209,6 +209,8 @@ if [ $# -gt 0 ]; then if [ ${BRIEF_OUTPUT} -eq 0 ]; then ${ECHOCMD} ""; fi fi done + if [ ${BRIEF_OUTPUT} -eq 0 ]; then DisplayToolTip "add --brief to show just the settings, --nocolors to remove colors"; fi + ;; "tests") if [ $# -gt 0 ]; then diff --git a/include/profiles b/include/profiles index 3875ef77..1d1cf442 100644 --- a/include/profiles +++ b/include/profiles @@ -171,7 +171,7 @@ # How much seconds to wait between tests pause_between_tests | pause-between-tests) TEST_PAUSE_TIME="${VALUE}" - AddSetting "pause-between-tests" "${TEST_PAUSE_TIME}" "Pause between tests" + AddSetting "pause-between-tests" "${TEST_PAUSE_TIME}" "Pause between tests (in seconds)" ;; # Plugin @@ -196,29 +196,38 @@ # Quick (no waiting for keypresses) quick) - FIND=`echo "${VALUE}" | egrep "^(1|yes)"` && QUICKMODE=1 - Debug "Quickmode set to ${QUICKMODE}" + # Quick mode (SKIP_PLUGINS) might already be set outside profile, so store in different variable + SETTING_QUICK_MODE=0 # default is no + FIND=`echo "${VALUE}" | egrep "^(1|true|yes)$"` && QUICKMODE=1 + if [ ! -z "${FIND}" ]; then SETTING_QUICK_MODE=1; fi + Debug "Quickmode set to ${SETTING_QUICK_MODE}" + AddSetting "quick" "${SETTING_QUICK_MODE}" "Quick mode (non-interactive)" ;; # Inline tips about tool (default enabled) show_tool_tips | show-tool-tips) - FIND=`echo "${VALUE}" | egrep "^(1|false|no)"` && SHOW_TOOL_TIPS=0 + FIND=`echo "${VALUE}" | egrep "^(1|false|no)$"` && SHOW_TOOL_TIPS=0 Debug "Show tool tips set to ${SHOW_TOOL_TIPS}" + AddSetting "show-tool-tips" "${SHOW_TOOL_TIPS}" "Show tool tips" ;; # Show warnings only show-warnings-only) QUIET=1 QUICKMODE=1 - FIND=`echo "${VALUE}" | egrep "^(1|true|yes)"` && SHOW_WARNINGS_ONLY=1 + FIND=`echo "${VALUE}" | egrep "^(1|true|yes)$"` && SHOW_WARNINGS_ONLY=1 Debug "Show warnings only set to ${SHOW_WARNINGS_ONLY}" + AddSetting "show-warnings-only" "${SHOW_WARNINGS_ONLY}" "Show only warnings" ;; # Skip plugins skip-plugins) - FIND=`echo "${VALUE}" | egrep "^(1|true|yes)"` && RUN_PLUGINS=0 - Debug "Run plugins is set to ${RUN_PLUGINS}" - AddSetting "run-plugins" "${RUN_PLUGINS}" "Run plugins" + # Skip plugins (SKIP_PLUGINS) might already be set, so store in different variable + SETTING_SKIP_PLUGINS=0 # default is no + FIND=`echo "${VALUE}" | egrep "^(1|true|yes)$"` && SKIP_PLUGINS=1 + if [ ! -z "${FIND}" ]; then SETTING_SKIP_PLUGINS=1; fi + Debug "Skip plugins is set to ${SETTING_SKIP_PLUGINS}" + AddSetting "skip-plugins" "${SETTING_SKIP_PLUGINS}" "Skip plugins" ;; # SSL paths diff --git a/include/report b/include/report index 2b996fc5..af993fbf 100644 --- a/include/report +++ b/include/report @@ -167,7 +167,7 @@ echo "" echo " ${CYAN}Hardening index${NORMAL} : ${WHITE}${HPINDEX}${NORMAL} ${HPGRAPH}" echo " ${CYAN}Tests performed${NORMAL} : ${WHITE}${CTESTS_PERFORMED}${NORMAL}" - if [ ${RUN_PLUGINS} -eq 1 ]; then echo " ${CYAN}Plugins enabled${NORMAL} : ${WHITE}${N_PLUGIN_ENABLED}${NORMAL}"; fi + if [ ${SKIP_PLUGINS} -eq 0 ]; then echo " ${CYAN}Plugins enabled${NORMAL} : ${WHITE}${N_PLUGIN_ENABLED}${NORMAL}"; fi echo "" echo " ${WHITE}Components${NORMAL}:" if [ ${FIREWALL_ACTIVE} -eq 1 ]; then FIREWALL="${GREEN}V"; else FIREWALL="${RED}X"; fi diff --git a/lynis b/lynis index fd0cbf73..3e4b47b3 100755 --- a/lynis +++ b/lynis @@ -743,7 +743,7 @@ ${NORMAL} ################################################################################# # # Plugins - if [ ${RUN_PLUGINS} -eq 1 ]; then + if [ ${SKIP_PLUGINS} -eq 0 ]; then N_PLUGIN=0 N_PLUGIN_ENABLED=0 @@ -933,7 +933,7 @@ ${NORMAL} # ################################################################################# # - if [ ${RUN_PLUGINS} -eq 1 ]; then + if [ ${SKIP_PLUGINS} -eq 0 ]; then RunPlugins 2 if [ ${N_PLUGIN_ENABLED} -gt 1 ]; then Display --indent 2 --text "- Plugins (phase 2)" --result "DONE" --color GREEN -- cgit v1.2.3