From f94817f66f4344e9fee676480bf4e04167ebc52c Mon Sep 17 00:00:00 2001 From: Kepi Date: Thu, 2 Jul 2020 22:47:13 +0200 Subject: Command line option for slow test threshold IMHO it should be OK to run long tests if we count with it. Example: lynis audit system --slow-warning 300 Will warn when test takes longer than 300 seconds, instead of default 10. --- extras/bash_completion.d/lynis | 2 +- include/consts | 1 + include/functions | 2 +- include/parameters | 17 +++++++++++++++++ lynis | 1 + 5 files changed, 21 insertions(+), 2 deletions(-) diff --git a/extras/bash_completion.d/lynis b/extras/bash_completion.d/lynis index 8732ede3..7eee7375 100644 --- a/extras/bash_completion.d/lynis +++ b/extras/bash_completion.d/lynis @@ -179,7 +179,7 @@ _lynis() *) COMPREPLY=( $( compgen -W ' \ --auditor --cronjob --debug --quick --quiet --logfile --no-colors --no-log --pentest --reverse-colors \ - --tests --tests-from-category --tests-from-group --upload --verbose' -- "$cur" ) ) + --tests --tests-from-category --tests-from-group --upload --verbose --slow-warning' -- "$cur" ) ) ;; esac diff --git a/include/consts b/include/consts index 1a75ae68..053147a4 100644 --- a/include/consts +++ b/include/consts @@ -273,6 +273,7 @@ ETC_PATHS="/etc /usr/local/etc" SKIP_VM_DETECTION=0 SKIPREASON="" SKIPPED_TESTS_ROOTONLY="" + SLOW_TEST_THRESHOLD=10 SMTPCTLBINARY="" SNORTBINARY="" SSHKEYSCANBINARY="" diff --git a/include/functions b/include/functions index 4ff5b43a..e0f75a64 100644 --- a/include/functions +++ b/include/functions @@ -2586,7 +2586,7 @@ CURRENT_TS=$(GetTimestamp) if [ ${PREVIOUS_TS} -gt 0 ]; then SLOW_TEST=0 - TIME_THRESHOLD=10 # seconds + TIME_THRESHOLD=$SLOW_TEST_THRESHOLD # seconds # Calculate timing and determine if we use seconds or nanoseconds (more precise) TIME_DIFF=$((CURRENT_TS - PREVIOUS_TS)) diff --git a/include/parameters b/include/parameters index 8668b683..242899e6 100644 --- a/include/parameters +++ b/include/parameters @@ -423,6 +423,23 @@ QUIET=1 ;; + # Warning when test is slow + --slow-warning) + if [ $# -gt 1 ]; then + shift + + if [ "$1" -gt 0 ] 2>/dev/null; then + SLOW_TEST_THRESHOLD="$1" + else + echo "Argument has to be number." + exit 1 + fi + else + echo "Specify threshold as number of seconds above which should Lynis warn about long test." + exit 1 + fi + ;; + --tests-category | --tests-categories | --view-categories | --list-categories | --show-categories) echo "Error: Deprecated option ($1)" exit 1 diff --git a/lynis b/lynis index 10f736c5..bfa1c308 100755 --- a/lynis +++ b/lynis @@ -453,6 +453,7 @@ ${YELLOW}Note: ${WHITE}Cancelling the program can leave temporary files behind${ ${GRAY}--verbose${NORMAL} : Show more details on screen ${GRAY}--version (-V)${NORMAL} : Display version number and quit ${GRAY}--wait${NORMAL} : Wait between a set of tests + ${GRAY}--slow-warning ${BROWN}${NORMAL} : Threshold for slow test warning in seconds (default 10) ${WHITE}Enterprise options${NORMAL} ${GRAY}--plugindir ${BROWN}${NORMAL} : Define path of available plugins -- cgit v1.2.3