From 4ecb9d4d05124b813cd4d7ddcaf5671c2f4c4765 Mon Sep 17 00:00:00 2001 From: Michael Boelen Date: Sun, 30 Apr 2017 17:59:35 +0200 Subject: [bulk change] cleaning up, code enhancements, initialization of variables, and new tests --- plugins/custom_plugin.template | 4 ++-- plugins/plugin_pam_phase1 | 23 +++++++++++------------ plugins/plugin_systemd_phase1 | 30 +++++++++++++++--------------- 3 files changed, 28 insertions(+), 29 deletions(-) (limited to 'plugins') diff --git a/plugins/custom_plugin.template b/plugins/custom_plugin.template index 8890cec1..72ce3ce0 100644 --- a/plugins/custom_plugin.template +++ b/plugins/custom_plugin.template @@ -62,7 +62,7 @@ # Check if a directory exists if [ -d ${DIR} ]; then LogText "Result: log entry for easier debugging or additional information" - else + else FOUNDPROBLEM=1 LogText "Result: directory ${DIR} was not found!" ReportWarning "${TEST_NO}" "This is a test warning line" "${DIR}" "text:Create directory ${DIR}" @@ -70,7 +70,7 @@ if [ ${FOUNDPROBLEM} -eq 0 ]; then Display --indent 2 --text "- Checking if everything is OK..." --result OK --color GREEN - else + else Display --indent 2 --text "- Checking if everything is OK..." --result WARNING --color RED ReportSuggestion ${TEST_NO} "This is a suggestion" fi diff --git a/plugins/plugin_pam_phase1 b/plugins/plugin_pam_phase1 index 2d890a1f..c67c9aee 100644 --- a/plugins/plugin_pam_phase1 +++ b/plugins/plugin_pam_phase1 @@ -6,12 +6,12 @@ #----------------------------------------------------- # PLUGIN_AUTHOR=Michael Boelen # PLUGIN_CATEGORY=authentication -# PLUGIN_DATE=2017-03-01 +# PLUGIN_DATE=2017-04-30 # PLUGIN_DESC=PAM # PLUGIN_NAME=pam # PLUGIN_PACKAGE=all # PLUGIN_REQUIRED_TESTS= -# PLUGIN_VERSION=1.0.1 +# PLUGIN_VERSION=1.0.2 #----------------------------------------------------- ######################################################################### # @@ -27,8 +27,8 @@ if [ ${SKIPTEST} -eq 0 ]; then for LINE in $(${GREPBINARY} -v "^#" ${FILE} | ${TRBINARY} -d " "); do for I in ${LINE}; do - OPTION=$(echo ${I} | awk -F= '{ print $1 }') - VALUE=$(echo ${I} | awk -F= '{ print $2 }') + OPTION=$(echo ${I} | ${AWKBINARY} -F= '{ print $1 }') + VALUE=$(echo ${I} | ${AWKBINARY} -F= '{ print $2 }') case ${OPTION} in minlen) DigitsOnly ${VALUE} @@ -69,8 +69,7 @@ if [ -d ${PAM_DIRECTORY} ]; then LogText "Result: /etc/pam.d exists" FIND_FILES=$(find ${PAM_DIRECTORY} -type f -print) - # First check /etc/pam.conf if it exists. - #if [ -f /etc/pam.conf ]; then FIND="/etc/pam.conf ${FIND}"; fi + for PAM_FILE in ${FIND_FILES}; do LogText "Now checking PAM file ${PAM_FILE}" while read line; do @@ -370,7 +369,7 @@ Report "authentication_two_factor_required=${PAM_2F_AUTH_ENABLED}" if [ ! "${AUTH_UNLOCK_TIME}" = "-1" ]; then LogText "[PAM] Authentication unlock time: ${AUTH_UNLOCK_TIME}" Report "authentication_unlock_time=${AUTH_UNLOCK_TIME}" - else +else LogText "[PAM] Authentication unlock time: not configured" fi @@ -383,7 +382,7 @@ fi if [ ! "${MIN_PASSWORD_LENGTH}" = "-1" ]; then LogText "[PAM] Minimum password length: ${MIN_PASSWORD_LENGTH}" Report "minimum_password_length=${MIN_PASSWORD_LENGTH}" - else +else LogText "[PAM] Minimum password length: not configured" fi @@ -395,7 +394,7 @@ if [ ${PAM_PASSWORD_STRENGTH_TESTED} -eq 1 ]; then # Show how many password class are required out of 4 LogText "[PAM] Minimum password class out of 4: ${MIN_PASSWORD_CLASS}" Report "min_password_class=${MIN_PASSWORD_CLASS}" - else + else LogText "[PAM] Minimum password class setting of ${MIN_PASSWORD_CLASS} out of 4 is ignored since at least 1 class are forced" Report "min_password_class=ignored" fi @@ -445,7 +444,7 @@ fi if [ ! -z "${MAX_PASSWORD_RETRY}" ]; then LogText "[PAM] Password maximum retry: ${MAX_PASSWORD_RETRY}" Report "max_password_retry=${MAX_PASSWORD_RETRY}" - else +else LogText "[PAM] Password maximum retry: Not configured" fi @@ -460,7 +459,7 @@ if [ ${PAM_PASSWORD_PWHISTORY_ENABLED} -eq 1 ]; then LogText "[PAM] Password history with pam_pwhistory enabled: ${PAM_PASSWORD_PWHISTORY_ENABLED}" LogText "[PAM] Password history with pam_pwhistory amount: ${PAM_PASSWORD_PWHISTORY_AMOUNT}" Report "password_history_amount=${PAM_PASSWORD_PWHISTORY_AMOUNT}" - else +else LogText "[PAM] Password history with pam_pwhistory IS NOT enabled" fi @@ -468,7 +467,7 @@ if [ ${PAM_PASSWORD_UXHISTORY_ENABLED} -eq 1 ]; then LogText "[PAM] Password history with pam_unix enabled: ${PAM_PASSWORD_UXHISTORY_ENABLED}" LogText "[PAM] Password history with pam_unix amount: ${PAM_PASSWORD_UXHISTORY_AMOUNT}" Report "password_history_amount=${PAM_PASSWORD_UXHISTORY_AMOUNT}" - else +else LogText "[PAM] Password history with pam_unix IS NOT enabled" fi diff --git a/plugins/plugin_systemd_phase1 b/plugins/plugin_systemd_phase1 index a3544c3d..ef19cac0 100644 --- a/plugins/plugin_systemd_phase1 +++ b/plugins/plugin_systemd_phase1 @@ -16,12 +16,12 @@ #----------------------------------------------------- # PLUGIN_AUTHOR=Michael Boelen # PLUGIN_CATEGORY=essentials -# PLUGIN_DATE=2016-04-28 +# PLUGIN_DATE=2017-04-30 # PLUGIN_DESC=Tests related to systemd tooling # PLUGIN_NAME=systemd # PLUGIN_PACKAGE=community # PLUGIN_REQUIRED_TESTS= -# PLUGIN_VERSION=1.0.1 +# PLUGIN_VERSION=1.0.2 #----------------------------------------------------- # ######################################################################### @@ -42,7 +42,7 @@ FIND=$(${SYSTEMCTLBINARY} > /dev/null) if [ $? -gt 0 ]; then Report "systemctl_error_message=${FIND}" - else + else SYSTEMD_RUNNING=1 fi Report "systemctl_exit_code=$?" @@ -63,7 +63,7 @@ Report "systemd_version=${FIND}" LogText "Result: found systemd version ${FIND}" fi - FIND=$(${SYSTEMCTLBINARY} --version 2> /dev/null | grep "^[-+]" | sed 's/[[:space:]]/,/g' | head -1) + FIND=`${SYSTEMCTLBINARY} --version 2> /dev/null | grep "^[-+]" | sed 's/[[:space:]]/,/g' | head -1` if [ ! "${FIND}" = "" ]; then Report "systemd_builtin_components=${FIND}" LogText "Result: found builtin components list" @@ -77,7 +77,7 @@ if [ ! "${SYSTEMCTLBINARY}" = "" -a ${SYSTEMD_RUNNING} -eq 1 ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi Register --test-no PLGN-3804 --preqs-met ${PREQS_MET} --weight L --network NO --description "Gather systemd unit files and their status" --progress if [ ${SKIPTEST} -eq 0 ]; then - FIND=$(${SYSTEMCTLBINARY} --no-legend list-unit-files 2> /dev/null | ${AWKBINARY} '{ print $1"|"$2"|" }') + FIND=`${SYSTEMCTLBINARY} --no-legend list-unit-files 2> /dev/null | ${AWKBINARY} '{ print $1"|"$2"|" }'` if [ ! "${FIND}" = "" ]; then LogText "Result: found systemd unit files via systemctl list-unit-files" for I in ${FIND}; do @@ -94,7 +94,7 @@ if [ ! "${SYSTEMCTLBINARY}" = "" -a ${SYSTEMD_RUNNING} -eq 1 ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi Register --test-no PLGN-3806 --preqs-met ${PREQS_MET} --weight L --network NO --description "Gather failed systemd units" --progress if [ ${SKIPTEST} -eq 0 ]; then - FIND=$(${SYSTEMCTLBINARY} --no-legend --state=failed 2> /dev/null | ${AWKBINARY} '{ if ($4=="failed" && $5=="failed") { print $2 } }') + FIND=`${SYSTEMCTLBINARY} --no-legend --state=failed 2> /dev/null | ${AWKBINARY} '{ if ($4=="failed" && $5=="failed") { print $2 } }'` if [ ! "${FIND}" = "" ]; then LogText "Result: found systemd unit files via systemctl list-unit-files" for I in ${FIND}; do @@ -125,11 +125,11 @@ if [ ! "${FINDBINARY}" = "" -a -d /usr/lib/systemd -a ${SYSTEMD_RUNNING} -eq 1 ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi Register --test-no PLGN-3810 --preqs-met ${PREQS_MET} --weight L --network NO --description "Query main systemd binaries" --progress if [ ${SKIPTEST} -eq 0 ]; then - FIND=$(find /usr/lib/systemd -maxdepth 1 -type f -name "systemd-*" -printf "%f|") + FIND=$(${FINDBINARY} ${ROOTDIR}usr/lib/systemd -maxdepth 1 -type f -name "systemd-*" -printf "%f|") if [ ! "${FIND}" = "" ]; then Report "systemd_binaries=${FIND}" LogText "Result: found systemd binaries in /usr/lib/systemd" - else + else LogText "Result: no binaries found in /usr/lib/systemd" fi fi @@ -160,7 +160,7 @@ if [ ! "${FIND}" = "" ]; then Report "journal_contains_errors=1" for I in ${FIND}; do - LINE=$(echo ${I} | sed 's/:space:/ /g') + LINE=`echo ${I} | sed 's/:space:/ /g'` LogText "Output (fails): ${LINE}" done else @@ -176,7 +176,7 @@ if [ ! "${JOURNALCTLBINARY}" = "" -a ${SYSTEMD_RUNNING} -eq 1 ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi Register --test-no PLGN-3816 --preqs-met ${PREQS_MET} --weight L --network NO --description "Query journal for boot related information" --progress if [ ${SKIPTEST} -eq 0 ]; then - FIND=$(${JOURNALCTLBINARY} --disk-usage | awk '{ if ($1=="Journals") { print $4 }}') + FIND=`${JOURNALCTLBINARY} --disk-usage | awk '{ if ($1=="Journals") { print $4 }}'` Report "journal_disk_size=${FIND}" LogText "Result: journals are ${FIND} in size" fi @@ -188,7 +188,7 @@ if [ ! "${JOURNALCTLBINARY}" = "" -a ${SYSTEMD_RUNNING} -eq 1 ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi Register --test-no PLGN-3818 --preqs-met ${PREQS_MET} --weight L --network NO --description "Query journal meta data" --progress if [ ${SKIPTEST} -eq 0 ]; then - FIND=$(${JOURNALCTLBINARY} --header | sed 's/^$/|/g' | tr '\n' ',' | sed 's/[[:space:]]//g') + FIND=`${JOURNALCTLBINARY} --header | sed 's/^$/|/g' | tr '\n' ',' | sed 's/[[:space:]]//g'` Report "journal_meta_data=${FIND}" fi # @@ -228,7 +228,7 @@ if [ ! "${SYSTEMCTLBINARY}" = "" -a ${SYSTEMD_RUNNING} -eq 1 ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi Register --test-no PLGN-3832 --preqs-met ${PREQS_MET} --weight L --network NO --description "Query systemd status for processes which can not be found" --progress if [ ${SKIPTEST} -eq 0 ]; then - FIND=$(${SYSTEMCTLBINARY} --no-legend --all --state=not-found 2> /dev/null | awk '{ print $1 }') + FIND=`${SYSTEMCTLBINARY} --no-legend --all --state=not-found 2> /dev/null | awk '{ print $1 }'` if [ ! "${FIND}" = "" ]; then for I in ${FIND}; do Report "systemd_unit_not_found[]=${I}" @@ -243,7 +243,7 @@ if [ ! "${SYSTEMCTLBINARY}" = "" -a ! "${AWKBINARY}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi Register --test-no PLGN-3834 --preqs-met ${PREQS_MET} --weight L --network NO --description "Collect service units which can not be found in systemd" --progress if [ ${SKIPTEST} -eq 0 ]; then - FIND=$(${SYSTEMCTLBINARY} list-units -t service --all | ${AWKBINARY} '{ if ($3=="not-found") { print $2 }}') + FIND=`${SYSTEMCTLBINARY} list-units -t service --all | ${AWKBINARY} '{ if ($3=="not-found") { print $2 }}'` if [ ! "${FIND}" = "" ]; then LogText "Result: found one or more services with faulty state" for I in ${FIND}; do @@ -261,7 +261,7 @@ Register --test-no PLGN-3856 --preqs-met ${PREQS_MET} --weight L --network NO --description "Query coredumps from journals since Yesterday" --progress if [ ${SKIPTEST} -eq 0 ]; then SYSTEMD_COREDUMP_USED=1 - FIND=$(cat /proc/sys/kernel/core_pattern | grep systemd-coredump) + FIND=`cat /proc/sys/kernel/core_pattern | grep systemd-coredump` if [ ! "${FIND}" = "" ]; then LogText "Result: systemd uses systemd-coredump to handle coredumps" Report "systemd_coredump_used=1" @@ -285,7 +285,7 @@ if [ ! "${FIND}" = "" ]; then Report "journal_coredumps_lastday=1" LogText "Result: found recent coredumps" - else + else Report "journal_coredumps_lastday=0" LogText "Result: found no coredumps" fi -- cgit v1.2.3