From d16b38eff83a8dca405e21e1c34205289f3d0832 Mon Sep 17 00:00:00 2001 From: mboelen Date: Mon, 21 Dec 2015 21:17:15 +0100 Subject: Rename of logtext and report functions, upcoming year change --- include/tests_logging | 162 +++++++++++++++++++++++++------------------------- 1 file changed, 81 insertions(+), 81 deletions(-) (limited to 'include/tests_logging') diff --git a/include/tests_logging b/include/tests_logging index 70eb42d2..a8c65e23 100644 --- a/include/tests_logging +++ b/include/tests_logging @@ -5,7 +5,7 @@ # Lynis # ------------------ # -# Copyright 2007-2015, Michael Boelen, CISOfy (michael.boelen@cisofy.com) +# Copyright 2007-2016, Michael Boelen, CISOfy (michael.boelen@cisofy.com) # Web site: https://cisofy.com # # Lynis comes with ABSOLUTELY NO WARRANTY. This is free software, and you are @@ -38,17 +38,17 @@ # Description : Check for a running syslog daemon Register --test-no LOGG-2130 --weight L --network NO --description "Check for running syslog daemon" if [ ${SKIPTEST} -eq 0 ]; then - logtext "Test: Searching for a logging daemon" + LogText "Test: Searching for a logging daemon" FIND=`${PSBINARY} ax | egrep "syslogd|syslog-ng|metalog|systemd-journal" | grep -v "grep"` if [ "${FIND}" = "" ]; then Display --indent 2 --text "- Checking for a running log daemon" --result WARNING --color RED - logtext "Result: Could not find a syslog daemon like syslog, syslog-ng, rsyslog, metalog, systemd-journal" + LogText "Result: Could not find a syslog daemon like syslog, syslog-ng, rsyslog, metalog, systemd-journal" ReportSuggestion ${TEST_NO} "Check if any syslog daemon is running and correctly configured." ReportWarning ${TEST_NO} "H" "No syslog daemon found" AddHP 0 3 else Display --indent 2 --text "- Checking for a running log daemon" --result OK --color GREEN - logtext "Result: Found a logging daemon" + LogText "Result: Found a logging daemon" SYSLOG_DAEMON_PRESENT=1 SYSLOG_DAEMON_RUNNING=1 AddHP 3 3 @@ -61,15 +61,15 @@ # Description : Check for a running syslog-ng daemon Register --test-no LOGG-2132 --weight L --network NO --description "Check for running syslog-ng daemon" if [ ${SKIPTEST} -eq 0 ]; then - logtext "Test: Searching for syslog-ng daemon in process list" + LogText "Test: Searching for syslog-ng daemon in process list" IsRunning syslog-ng if [ ${RUNNING} -eq 1 ]; then - logtext "Result: Found syslog-ng in process list" + LogText "Result: Found syslog-ng in process list" Display --indent 4 --text "- Checking Syslog-NG status" --result FOUND --color GREEN SYSLOG_DAEMON_PRESENT=1 SYSLOG_NG_RUNNING=1 else - logtext "Result: Syslog-ng NOT found in process list" + LogText "Result: Syslog-ng NOT found in process list" Display --indent 4 --text "- Checking Syslog-NG status" --result "NOT FOUND" --color WHITE fi fi @@ -83,10 +83,10 @@ if [ ${SKIPTEST} -eq 0 ]; then FIND=`${SYSLOGNGBINARY} -s; echo $?` if [ "${FIND}" = "0" ]; then - logtext "Result: Syslog-NG configuration file seems to be consistent" + LogText "Result: Syslog-NG configuration file seems to be consistent" Display --indent 6 --text "- Checking Syslog-NG consistency" --result OK --color GREEN else - logtext "Result: Syslog-NG configuration file seems NOT to be consistent" + LogText "Result: Syslog-NG configuration file seems NOT to be consistent" Display --indent 6 --text "- Checking Syslog-NG consistency" --result WARNING --color RED ReportWarning ${TEST_NO} "L" "Found one or more problems in Syslog-NG configuration file" ReportSuggestion ${TEST_NO} "Check the Syslog-NG configuration file and/or run a manual consistency check with: syslog-ng -s" @@ -99,7 +99,7 @@ # Description : Check for a running systemd-journal daemon Register --test-no LOGG-2136 --weight L --network NO --description "Check for running systemd journal daemon" if [ ${SKIPTEST} -eq 0 ]; then - logtext "Test: Searching for systemd journal daemon in process list" + LogText "Test: Searching for systemd journal daemon in process list" IsRunning systemd-journal if [ ${RUNNING} -eq 1 ]; then Display --indent 4 --text "- Checking systemd journal status" --result FOUND --color GREEN @@ -115,15 +115,15 @@ # Description : Check for a running metalog daemon Register --test-no LOGG-2210 --weight L --network NO --description "Check for running metalog daemon" if [ ${SKIPTEST} -eq 0 ]; then - logtext "Test: Searching for metalog daemon in process list" + LogText "Test: Searching for metalog daemon in process list" IsRunning metalog if [ ${RUNNING} -eq 1 ]; then - logtext "Result: Found metalog in process list" + LogText "Result: Found metalog in process list" Display --indent 4 --text "- Checking Metalog status" --result FOUND --color GREEN SYSLOG_DAEMON_PRESENT=1 METALOG_RUNNING=1 else - logtext "Result: metalog NOT found in process list" + LogText "Result: metalog NOT found in process list" Display --indent 4 --text "- Checking Metalog status" --result "NOT FOUND" --color WHITE fi fi @@ -134,15 +134,15 @@ # Description : Check for a running rsyslog daemon Register --test-no LOGG-2230 --weight L --network NO --description "Check for running RSyslog daemon" if [ ${SKIPTEST} -eq 0 ]; then - logtext "Test: Searching for RSyslog daemon in process list" + LogText "Test: Searching for RSyslog daemon in process list" IsRunning rsyslogd if [ ${RUNNING} -eq 1 ]; then - logtext "Result: Found rsyslogd in process list" + LogText "Result: Found rsyslogd in process list" Display --indent 4 --text "- Checking RSyslog status" --result FOUND --color GREEN SYSLOG_DAEMON_PRESENT=1 RSYSLOG_RUNNING=1 else - logtext "Result: rsyslogd NOT found in process list" + LogText "Result: rsyslogd NOT found in process list" Display --indent 4 --text "- Checking RSyslog status" --result "NOT FOUND" --color WHITE fi fi @@ -153,15 +153,15 @@ # Description : Check for a running RFC 3195 compliant daemon (syslog via TCP) Register --test-no LOGG-2240 --weight L --network NO --description "Check for running RFC 3195 compliant daemon" if [ ${SKIPTEST} -eq 0 ]; then - logtext "Test: Searching for RFC 3195 daemon (alias syslog reliable) in process list" + LogText "Test: Searching for RFC 3195 daemon (alias syslog reliable) in process list" IsRunning rfc3195d if [ ${RUNNING} -eq 1 ]; then - logtext "Result: Found rfc3195d in process list" + LogText "Result: Found rfc3195d in process list" Display --indent 4 --text "- Checking RFC 3195 daemon status" --result FOUND --color GREEN SYSLOG_DAEMON_PRESENT=1 RFC3195D_RUNNING=1 else - logtext "Result: rfc3195d NOT found in process list" + LogText "Result: rfc3195d NOT found in process list" Display --indent 4 --text "- Checking RFC 3195 daemon status" --result "NOT FOUND" --color WHITE fi fi @@ -176,21 +176,21 @@ # * This test should be below all other logging daemons Register --test-no LOGG-2138 --os Linux --weight L --network NO --description "Checking kernel logger daemon on Linux" if [ ${SKIPTEST} -eq 0 ]; then - logtext "Test: Searching kernel logger daemon (klogd)" + LogText "Test: Searching kernel logger daemon (klogd)" if [ ${RSYSLOG_RUNNING} -eq 0 -a ${SYSTEMD_JOURNAL_RUNNING} -eq 0 ]; then # Search for klogd, but ignore other lines related to klogd (like dd with input/output file) #FIND=`${PSBINARY} ax | grep "klogd" | grep -v "dd" | grep -v "grep"` IsRunning klogd if [ ${RUNNING} -eq 1 ]; then - logtext "Result: klogd running" + LogText "Result: klogd running" Display --indent 4 --text "- Checking klogd" --result FOUND --color GREEN else - logtext "Result: No klogd found" + LogText "Result: No klogd found" Display --indent 4 --text "- Checking klogd" --result "NOT FOUND" --color RED ReportWarning ${TEST_NO} "L" "klogd is not running, which could lead to missing kernel messages in log files" fi else - logtext "Result: test skipped, because other facility is being used to log kernel messages" + LogText "Result: test skipped, because other facility is being used to log kernel messages" fi fi # @@ -200,15 +200,15 @@ # Description : Check for minilogd presence on Linux systems Register --test-no LOGG-2142 --os Linux --weight L --network NO --description "Checking minilog daemon" if [ ${SKIPTEST} -eq 0 ]; then - logtext "Result: Checking for unkilled minilogd instances" + LogText "Result: Checking for unkilled minilogd instances" # Search for minilogd. It shouldn't be running normally, if another syslog daemon is started IsRunning minilogd if [ ${RUNNING} -eq 0 ]; then Display --indent 4 --text "- Checking minilogd instances" --result "NOT FOUND" --color WHITE - logtext "Result: No minilogd is running" + LogText "Result: No minilogd is running" else Display --indent 4 --text "- Checking minilogd instances" --result WARNING --color RED - logtext "Result: minilogd found in process list" + LogText "Result: minilogd found in process list" # minilogd daemon seems to be running ReportWarning ${TEST_NO} "L" "minilogd is running, which should normally not be running" fi @@ -220,28 +220,28 @@ # Description : Check for logrotate (/etc/logrotate.conf and logrotate.d) Register --test-no LOGG-2146 --weight L --os Linux --network NO --description "Checking logrotate.conf and logrotate.d" if [ ${SKIPTEST} -eq 0 ]; then - logtext "Test: Checking for /etc/logrotate.conf" + LogText "Test: Checking for /etc/logrotate.conf" if [ -f /etc/logrotate.conf ]; then LOGROTATE_CONFIG_FOUND=1 LOGROTATE_TOOL="logrotate" - logtext "Result: /etc/logrotate.conf found (file)" + LogText "Result: /etc/logrotate.conf found (file)" else - logtext "Result: /etc/logrotate.conf NOT found" + LogText "Result: /etc/logrotate.conf NOT found" fi - logtext "Test: Checking for /etc/logrotate.d (directory)" + LogText "Test: Checking for /etc/logrotate.d (directory)" if [ -d /etc/logrotate.d ]; then LOGROTATE_CONFIG_FOUND=1 LOGROTATE_TOOL="logrotate" - logtext "Result: /etc/logrotate.d found" + LogText "Result: /etc/logrotate.d found" else - logtext "Result: /etc/logrotate.conf found" + LogText "Result: /etc/logrotate.conf found" fi if [ ${LOGROTATE_CONFIG_FOUND} -eq 1 ]; then Display --indent 2 --text "- Checking logrotate presence" --result OK --color GREEN - logtext "Result: logrotate configuration found" + LogText "Result: logrotate configuration found" else Display --indent 2 --text "- Checking logrotate presence" --result WARNING --color RED - logtext "Result: No logrotate configuration found" + LogText "Result: No logrotate configuration found" ReportSuggestion ${TEST_NO} "Check if files are properly rotated by a some tool instead of logrotate" fi fi @@ -253,14 +253,14 @@ if [ ! "${LOGROTATEBINARY}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi Register --test-no LOGG-2148 --weight L --preqs-met ${PREQS_MET} --network NO --description "Checking logrotated files" if [ ${SKIPTEST} -eq 0 ]; then - logtext "Test: Checking which files are rotated with logrotate and if they exist" + LogText "Test: Checking which files are rotated with logrotate and if they exist" FIND=`${LOGROTATEBINARY} -d -v /etc/logrotate.conf 2>&1 | egrep "considering log|skipping" | grep -v '*' | sort -u | awk '{ if ($2!="log") { print "File:"$2":does_not_exist" } else { print "File:"$3":exists" } }'` if [ "${FIND}" = "" ]; then - logtext "Result: nothing found" + LogText "Result: nothing found" else - logtext "Result: found one or more files which are rotated via logrotate" + LogText "Result: found one or more files which are rotated via logrotate" for I in ${FIND}; do - logtext "Output: ${I}" + LogText "Output: ${I}" done fi fi @@ -272,18 +272,18 @@ if [ ! "${LOGROTATEBINARY}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi Register --test-no LOGG-2150 --weight L --preqs-met ${PREQS_MET} --network NO --description "Checking directories in logrotate configuration" if [ ${SKIPTEST} -eq 0 ]; then - logtext "Test: Checking which directories can be found in logrotate configuration" + LogText "Test: Checking which directories can be found in logrotate configuration" FIND=`${LOGROTATEBINARY} -d -v /etc/logrotate.conf 2>&1 | egrep "considering log|skipping" | grep -v '*' | sort -u | awk '{ if ($2=="log") { print $3 } }' | sed 's@/[^/]*$@@g' | sort -u` if [ "${FIND}" = "" ]; then - logtext "Result: nothing found" + LogText "Result: nothing found" else - logtext "Result: found one or more directories (via logrotate configuration)" + LogText "Result: found one or more directories (via logrotate configuration)" for I in ${FIND}; do if [ -d ${I} ]; then - logtext "Directory found: ${I}" - report "log_directory[]=${I}" + LogText "Directory found: ${I}" + Report "log_directory[]=${I}" else - logtext "Directory could not be found: ${I}" + LogText "Directory could not be found: ${I}" fi done fi @@ -297,32 +297,32 @@ Register --test-no LOGG-2152 --weight L --os Solaris --network NO --description "Checking loghost" if [ ${SKIPTEST} -eq 0 ]; then # Try local hosts file - logtext "Result: Checking for loghost in /etc/inet/hosts" + LogText "Result: Checking for loghost in /etc/inet/hosts" FIND=`grep loghost /etc/inet/hosts | grep -v "^#"` if [ ! "${FIND}" = "" ]; then SOLARIS_LOGHOST_FOUND=1 - logtext "Result: Found loghost entry in /etc/inet/hosts" + LogText "Result: Found loghost entry in /etc/inet/hosts" else - logtext "Result: No loghost entry found in /etc/inet/hosts" + LogText "Result: No loghost entry found in /etc/inet/hosts" # Try name resolving if no entry is present in local host file - logtext "Result: Checking for loghost via name resolving" + LogText "Result: Checking for loghost via name resolving" FIND=`getent hosts loghost | grep loghost` if [ ! "${FIND}" = "" ]; then SOLARIS_LOGHOST_FOUND=1 - logtext "Result: name resolving was succesful" - logtext "Output: ${FIND}" + LogText "Result: name resolving was succesful" + LogText "Output: ${FIND}" else - logtext "Result: name resolving didn't find results" + LogText "Result: name resolving didn't find results" fi fi if [ ${SOLARIS_LOGHOST_FOUND} -eq 1 ]; then - logtext "Result: loghost entry found and most likely used to send syslog messages" + LogText "Result: loghost entry found and most likely used to send syslog messages" Display --indent 2 --text "- Checking loghost entry" --result OK --color GREEN else Display --indent 2 --text "- Checking loghost entry" --result WARNING --color RED - logtext "Result: No loghost entry found" + LogText "Result: No loghost entry found" ReportWarning ${TEST_NO} "L" "No loghost entry found" ReportSuggestion ${TEST_NO} "Add a loghost entry to /etc/inet/hosts or other name services" fi @@ -342,20 +342,20 @@ SYSLOGD_CONF="/etc/syslog.conf" fi if [ -f ${SYSLOGD_CONF} ]; then - logtext "Test: check if logs are also logged to a remote logging host" + LogText "Test: check if logs are also logged to a remote logging host" FIND=`egrep "@[a-zA-Z0-9]|destination\s.+(udp|tcp).+\sport" ${SYSLOGD_CONF} | grep -v "^#" | grep -v "[a-zA-Z0-9]@"` if [ ! "${FIND}" = "" ]; then - logtext "Result: remote logging enabled" + LogText "Result: remote logging enabled" AddHP 5 5 Display --indent 2 --text "- Checking remote logging" --result ENABLED --color GREEN else - logtext "Result: no remote logging found" + LogText "Result: no remote logging found" ReportSuggestion ${TEST_NO} "Enable logging to an external logging host for archiving purposes and additional protection" AddHP 1 3 Display --indent 2 --text "- Checking remote logging" --result "NOT ENABLED" --color YELLOW fi else - logtext "Result: test skipped, file ${SYSLOGD_CONF} not found" + LogText "Result: test skipped, file ${SYSLOGD_CONF} not found" fi fi # @@ -366,7 +366,7 @@ if [ -f /etc/newsyslog.conf ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi Register --test-no LOGG-2160 --preqs-met ${PREQS_MET} --weight L --network NO --description "Checking /etc/newsyslog.conf" if [ ${SKIPTEST} -eq 0 ]; then - logtext "Result: /etc/newsyslog.conf found" + LogText "Result: /etc/newsyslog.conf found" Display --indent 2 --text "- Checking /etc/newsyslog.conf" --result FOUND --color GREEN LOGROTATE_CONFIG_FOUND=1 LOGROTATE_TOOL="newsyslog" @@ -379,14 +379,14 @@ if [ -f /etc/newsyslog.conf ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi Register --test-no LOGG-2162 --preqs-met ${PREQS_MET} --weight L --network NO --description "Checking directories in /etc/newsyslog.conf" if [ ${SKIPTEST} -eq 0 ]; then - logtext "Test: parsing directories from /etc/newsyslog.conf file" + LogText "Test: parsing directories from /etc/newsyslog.conf file" FIND=`awk '/^\// { print $1 }' /etc/newsyslog.conf | sed 's/\/*[a-zA-Z_.-]*$//g' | sort -u` for I in ${FIND}; do if [ -d ${I} ]; then - logtext "Result: Directory ${I} found and exists" - report "log_directory[]=${I}" + LogText "Result: Directory ${I} found and exists" + Report "log_directory[]=${I}" else - logtext "Result: Item ${I} is not a directory" + LogText "Result: Item ${I} is not a directory" fi done Display --indent 4 --text "- Checking log directories (newsyslog.conf)" --result DONE --color GREEN @@ -399,13 +399,13 @@ if [ -f /etc/newsyslog.conf ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi Register --test-no LOGG-2164 --preqs-met ${PREQS_MET} --weight L --network NO --description "Checking files specified /etc/newsyslog.conf" if [ ${SKIPTEST} -eq 0 ]; then - logtext "Test: parsing files from /etc/newsyslog.conf file" + LogText "Test: parsing files from /etc/newsyslog.conf file" FIND=`awk '/^\// { print $1 }' /etc/newsyslog.conf | sort -u` for I in ${FIND}; do if [ -f ${I} ]; then - logtext "Result: File ${I} found and exists" + LogText "Result: File ${I} found and exists" else - logtext "Result: Item ${I} is not a file" + LogText "Result: Item ${I} is not a file" fi done Display --indent 4 --text "- Checking log files (newsyslog.conf)" --result DONE --color GREEN @@ -417,13 +417,13 @@ # Description : Search available log paths Register --test-no LOGG-2170 --weight L --network NO --description "Checking log paths" if [ ${SKIPTEST} -eq 0 ]; then - logtext "Test: Searching log paths" + LogText "Test: Searching log paths" for I in ${LOG_FILES_LOCS}; do if [ -d ${I} ]; then - logtext "Result: directory ${I} exists" - report "log_directory[]=${I}" + LogText "Result: directory ${I} exists" + Report "log_directory[]=${I}" else - logtext "Result: directory ${I} can't be found" + LogText "Result: directory ${I} can't be found" fi done Display --indent 2 --text "- Checking log directories (static list)" --result DONE --color GREEN @@ -435,16 +435,16 @@ # Description : Search open log file Register --test-no LOGG-2180 --weight L --network NO --description "Checking open log files" if [ ${SKIPTEST} -eq 0 ]; then - logtext "Test: checking open log files with lsof" + LogText "Test: checking open log files with lsof" if [ ! "${LSOFBINARY}" = "" ]; then FIND=`${LSOFBINARY} -n 2>&1 | grep "log$" | egrep -v "WARNING|Output information" | awk '{ if ($5=="REG") { print $9 } }' | sort -u | grep -v "^$"` for I in ${FIND}; do - logtext "Found logfile: ${I}" - report "open_logfile[]=${I}" + LogText "Found logfile: ${I}" + Report "open_logfile[]=${I}" done Display --indent 2 --text "- Checking open log files" --result DONE --color GREEN else - logtext "Result: lsof not installed, skipping test" + LogText "Result: lsof not installed, skipping test" Display --indent 2 --text "- Checking open log files" --result SKIPPED --color YELLOW # Add suggestion fi @@ -457,18 +457,18 @@ if [ ! "${LSOFBINARY}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi Register --test-no LOGG-2190 --preqs-met ${PREQS_MET} --weight L --network NO --description "Checking deleted files in file table" if [ ${SKIPTEST} -eq 0 ]; then - logtext "Test: checking deleted files but are still in use" + LogText "Test: checking deleted files but are still in use" FIND=`${LSOFBINARY} -n +L 1 2>&1 | egrep -v "WARNING|Output information" | awk '{ if ($5=="REG") { print $10 } }' | grep -v "^$" | sort -u` if [ ! "${FIND}" = "" ]; then - logtext "Result: found one or more files which are deleted, but still in use" + LogText "Result: found one or more files which are deleted, but still in use" for I in ${FIND}; do - logtext "Found deleted file: ${I}" - report "deleted_file[]=${I}" + LogText "Found deleted file: ${I}" + Report "deleted_file[]=${I}" done Display --indent 2 --text "- Checking deleted files in use" --result "FILES FOUND" --color YELLOW ReportSuggestion ${TEST_NO} "Check what deleted files are still in use and why." else - logtext "Result: no deleted files found" + LogText "Result: no deleted files found" Display --indent 2 --text "- Checking deleted files in use" --result DONE --color GREEN fi fi @@ -476,11 +476,11 @@ ################################################################################# # -report "log_rotation_config_found=${LOGROTATE_CONFIG_FOUND}" -report "log_rotation_tool=${LOGROTATE_TOOL}" +Report "log_rotation_config_found=${LOGROTATE_CONFIG_FOUND}" +Report "log_rotation_tool=${LOGROTATE_TOOL}" wait_for_keypress # #================================================================================ -# Lynis - Copyright 2007-2015, Michael Boelen, CISOfy - https://cisofy.com +# Lynis - Copyright 2007-2016, Michael Boelen, CISOfy - https://cisofy.com -- cgit v1.2.3