#!/bin/sh ################################################################################# # # Lynis # ------------------ # # Copyright 2007-2013, Michael Boelen # Copyright 2007-2021, CISOfy # # Website : https://cisofy.com # Blog : http://linux-audit.com # GitHub : https://github.com/CISOfy/lynis # # Lynis comes with ABSOLUTELY NO WARRANTY. This is free software, and you are # welcome to redistribute it under the terms of the GNU General Public License. # See LICENSE file for usage of this software. # ################################################################################# # # Consts # ################################################################################# # # Paths where system and program binaries are typically located BIN_PATHS="/bin /sbin /usr/bin /usr/sbin /usr/local/bin /usr/local/sbin \ /usr/local/libexec /usr/libexec \ /usr/sfw/bin /usr/sfw/sbin /usr/sfw/libexec \ /opt/sfw/bin /opt/sfw/sbin /opt/sfw/libexec \ /usr/xpg4/bin /usr/css/bin /usr/ucb /usr/X11R6/bin /usr/X11R7/bin \ /usr/pkg/bin /usr/pkg/sbin /usr/gnu/bin" ETC_PATHS="/etc /usr/local/etc" # ################################################################################# # # Initialize defaults # ################################################################################# # # == Variable initializing == # APTBINARY="" APKBINARY="" ARCH_AUDIT_BINARY="" AUDITORNAME="" AUDITCTLBINARY="" AUDITDBINARY="" AUTH_FAILED_LOGINS_LOGGED=0 AUTH_UNLOCK_TIME=-1 PROFILE="" REPORTFILE="" AFICKBINARY="" AIDEBINARY="" AASTATUSBINARY="" AUDITD_RUNNING=0 APPLICATION_FIREWALL_ACTIVE=0 BINARY_SCAN_FINISHED=0 BLKIDBINARY="" BOOTCTLBINARY="" CAT_BINARY="" CCBINARY="" CFAGENTBINARY="" CHECK=0 CHECK_BINARIES=1 CHECK_OPTION_ARRAY="" CHKROOTKITBINARY="" CHKCONFIGBINARY="" CLAMCONF_BINARY="" CLAMSCANBINARY="" CLANGBINARY="" CMDBINARY="" COLORS=1 COMPLIANCE_ENABLE_CIS=0 COMPLIANCE_ENABLE_HIPAA=0 COMPLIANCE_ENABLE_ISO27001=0 COMPLIANCE_ENABLE_PCI_DSS=0 COMPLIANCE_TESTS_PERFORMED=0 COMPLIANCE_FINDINGS_FOUND=0 COMPRESSED_UPLOADS=0 CONTROL_URL_APPEND="" CONTROL_URL_PREPEND="" CONTROL_URL_PROTOCOL="" CONTAINER_TYPE="" CREATE_REPORT_FILE=1 CRYPTSETUPBINARY="" CSUMBINARY="" CURRENT_TS=0 CUSTOM_URL_APPEND="" CUSTOM_URL_PREPEND="" CUSTOM_URL_PROTOCOL="" CUTBINARY="" DATABASE_ENGINE_RUNNING=0 DB2_RUNNING=0 DBUSDAEMONBINARY="" DEBSECANBINARY="" DEBSUMSBINARY="" DEVELOPER_MODE=0 DEVOPS_MODE=0 DIGBINARY="" DISABLED_PLUGINS="" DISCOVERED_BINARIES="" DMIDECODEBINARY="" DNFBINARY="" DNSDOMAINNAMEBINARY="" DOCKERBINARY="" DOCKER_DAEMON_RUNNING=0 DPKGBINARY="" ECHOCMD="" ERROR_ON_WARNINGS=0 EQUERYBINARY="" EVMCTLBINARY="" EXIMBINARY="" FAIL2BANBINARY="" FILEBINARY="" FILEVALUE="" FIND="" FIREWALL_ACTIVE=0 FOUNDPATH=0 FORENSICS_MODE=0 GCCBINARY="" GETENT_BINARY="" GRADMBINARY="" GREPBINARY="grep" GROUP_NAME="" GRPCKBINARY="" GRSEC_FOUND=0 GRUBCONFFILE="" GRUB2INSTALLBINARY="" HAS_PACKAGE_MANAGER=0 HAS_SYSTEMD=0 HEADBINARY="" HELPER="" HOSTID="" HOSTID_GEN="unknown" HOSTID2="" HOSTID2_GEN="unknown" HTTPDBINARY="" IDS_IPS_TOOL_FOUND=0 IFCONFIGBINARY="" INTEGRITYSETUPBINARY="" IPBINARY="" IPFBINARY="" IPTABLESBINARY="" JOURNALCTLBINARY="" KLDSTATBINARY="" LAUNCHCTL_BINARY="" LDAP_CLIENT_CONFIG_FILE="" LICENSE_KEY="" LICENSE_SERVER="" LINUX_VERSION="" LINUX_VERSION_LIKE="" LINUXCONFIGFILE="" LMDBINARY="" LMDFOUND=0 LOCATEBINARY="" LOGFILE="" LOGDIR="" LOGROTATEBINARY="" LOGTEXT=1 LSBLKBINARY="" LSMODBINARY="" LSOFBINARY="" LSOF_EXTRA_OPTIONS="" LSVGBINARY="" LYNIS_CRONJOB="" MACHINEID="" MACHINE_ROLE="" MALWARE_SCANNER_INSTALLED=0 MIN_PASSWORD_LENGTH=-1 MONGODB_RUNNING=0 MOUNTBINARY="" MTREEBINARY="" MYSQLCLIENTBINARY="" MYSQL_RUNNING=0 N_PLUGIN=0 N_PLUGIN_ENABLED=0 NAME_CACHE_USED=0 NETWORK_INTERFACES="" NFTBINARY="" NGINX_ACCESS_LOG_DISABLED=0 NGINX_ACCESS_LOG_MISSING=0 NGINX_ALIAS_FOUND=0 NGINX_ALLOW_FOUND=0 NGINX_DENY_FOUND=0 NGINX_ERROR_LOG_DEBUG=0 NGINX_ERROR_LOG_MISSING=0 NGINX_EVENTS_COUNTER=0 NGINX_EXPIRES_FOUND=0 NGINX_FASTCGI_FOUND=0 NGINX_FASTCGI_PARAMS_FOUND=0 NGINX_FASTCGI_PASS_FOUND=0 NGINX_HTTP_COUNTER=0 NGINX_LISTEN_FOUND=0 NGINX_LOCATION_COUNTER=0 NGINX_LOCATION_FOUND=0 NGINX_SERVER_COUNTER=0 NGINX_SSL_CIPHERS=0 NGINX_SSL_ON=0 NGINX_SSL_PREFER_SERVER_CIPHERS=0 NGINX_SSL_PROTOCOLS=0 NGINX_RETURN_FOUND=0 NGINX_ROOT_FOUND=0 NGINX_WEAK_SSL_PROTOCOL_FOUND=0 NTPCTLBINARY="" NTPD_ROLE="" NTPQBINARY="" OPENSSLBINARY="" OPTION_DEBIAN_SKIP_SECURITY_REPOSITORY=0 OPTIONS_CONN_MAX_WAIT_STATE="" ORACLE_RUNNING=0 OS="" OS_KERNELVERSION="" OS_KERNELVERSION_FULL="" OS_MODE="" OS_REDHAT_OR_CLONE=0 OSIRISBINARY="" PACMANBINARY="" PAM_PASSWORD_PWHISTORY_AMOUNT="" PASSWORD_MAXIMUM_DAYS=-1 PASSWORD_MINIMUM_DAYS=-1 PAM_2F_AUTH_ENABLED=0 PAM_2F_AUTH_REQUIRED=0 PAM_AUTH_BRUTE_FORCE_PROTECTION=0 PAM_PASSWORD_HISTORY_AMOUNT=0 PAM_PASSWORD_HISTORY_ENABLED=0 PAM_PASSWORD_STRENGTH_TESTED=0 PAM_PASSWORD_PWHISTORY_ENABLED=0 PAM_PASSWORD_UXHISTORY_ENABLED=0 PFCTLBINARY="" PFFOUND=0 PGREPBINARY="" PIDFILE="" PKG_BINARY="" PKGINFOBINARY="" PKGADMINBINARY="" PLUGINDIR="" PLUGIN_PHASE=0 POSTFIXBINARY="" POSTGRESQL_RUNNING=0 PREVIOUS_TEST="No test ID" PREVIOUS_TS=0 PROFILES="" PROFILEVALUE="" PSBINARY="ps" PSOPTIONS="" PUPPETBINARY="" QNAP_DEVICE=0 READLINKBINARY="" REDIS_RUNNING=0 REFRESH_REPOSITORIES=1 REMOTE_LOGGING_ENABLED=0 RESOLV_DOMAINNAME="" RESOLVECTLBINARY="" RKHUNTERBINARY="" ROOTDIR="/" ROOTSHBINARY="" RPCINFOBINARY="" RPMBINARY="" RUN_HELPERS=0 RUN_TESTS=1 RUN_UPDATE_CHECK=1 SALTMASTERBINARY="" SALTMINIONBINARY="" SAMHAINBINARY="" SCAN_TEST_HEAVY=""; SCAN_TEST_MEDIUM=""; SCAN_TEST_LOW="" SEARCH_PROFILES="" SEARCH_VERSION="" SESTATUSBINARY="" SERVICE_MANAGER="" SETBINARY="" SETTINGS="" SETTINGS_FILE="" SET_STRICT=0 SHA1SUMBINARY="" SHA256SUMBINARY="" SHELL_IS_BUSYBOX=0 SHOWMOUNTBINARY="" SHOW_PROGRAM_DETAILS=1 SHOW_REPORT=1 SHOW_REPORT_SOLUTION=1 SHOW_TOOL_TIPS=1 # Show inline tool tips (default true) SHOW_WARNINGS_ONLY=0 SKIP_GETHOSTID=0 SKIP_PLUGINS=0 SKIP_TESTS="" SKIP_VM_DETECTION=0 SKIPREASON="" SKIPPED_TESTS_ROOTONLY="" SLOW_TEST_THRESHOLD=10 SMTPCTLBINARY="" SNORTBINARY="" SSBINARY="" SSHKEYSCANBINARY="" SSHKEYSCANFOUND=0 SSL_CERTIFICATE_INCLUDE_PACKAGES=0 SSL_CERTIFICATE_PATHS="" SSL_CERTIFICATE_PATHS_TO_IGNORE="" STUNNELBINARY="" SWUPDBINARY="" SYSLOGNGBINARY="" SYSTEMCTLBINARY="" SYSTEMDANALYZEBINARY="" SYSTEM_IS_NOTEBOOK=255 TEMP_FILE="" TEMP_FILES="" TEST_SKIP_ALWAYS="" TEST_AVAILABLE_CATEGORIES="performance privacy security" TEST_CATEGORY_TO_CHECK="all" TEST_GROUP_TO_CHECK="all" TESTS_EXECUTED="" TESTS_SKIPPED="" TIMEDATECTL="" TMPFILE="" TOMOYOINITBINARY="" TOOLTIP_SHOWED=0 TOTAL_SUGGESTIONS=0 TOTAL_WARNINGS=0 TRBINARY="" TRIPWIREBINARY="" UEFI_BOOTED=0 UEFI_BOOTED_SECURE=0 UNAMEBINARY="" UNBOUND_RUNNING=0 UNIQBINARY="" UPDATE_CHECK_SKIPPED=0 UPLOAD_OPTIONS="" UPLOAD_PROXY_PORT="" UPLOAD_PROXY_PROTOCOL="" UPLOAD_PROXY_SERVER="" UPLOAD_SERVER="" UPLOAD_TOOL="" UPLOAD_TOOL_ARGS="" USBGUARDBINARY="" USBGUARD_CONFIG="" USBGUARD_ROOT="" VALUE="" VERBOSE=0 VERITYSETUPBINARY="" VGDISPLAYBINARY="" VMTYPE="" VULNERABLE_PACKAGES_FOUND=0 WCBINARY="" XARGSBINARY="" XBPSBINARY="" YUMBINARY="" ZYPPERBINARY="" # ################################################################################# # # * Options # ################################################################################# # CRONJOB=0 # Run as a cronjob CTESTS_PERFORMED=0 # Number of tests which are performed DEBUG=0 # Debugging mode (to screen) HPPOINTS=0 # Number of hardening points HPTOTAL=0 # Maximum number of hardening points LOG_INCORRECT_OS=1 # Log tests with incorrect OS NEVERBREAK=0 # Don't wait for user input QUICKMODE=1 # Don't wait for user input QUIET=0 # Show normal messages and warnings as well SKIPLOGTEST=0 # Skip logging for one test SKIP_UPGRADE_TEST=0 # Skip upgrade test TESTS_TO_PERFORM="" # Which tests only to perform TEST_PAUSE_TIME=0 # Default pause time TOTAL_TESTS=0 # Total amount of tests (counter) UPLOAD_DATA=0 # Upload of data to central node VIEWHELP=0 # Show help WRONGOPTION=0 # A wrong option is used # ################################################################################# # # Installed packages and other settings COMPILER_INSTALLED=0 # ################################################################################# # # * Colors # # For improved display # ################################################################################# # # Normal color names (BG will color background) BG_BLUE="$(printf '\033[0;44m')" CYAN="$(printf '\033[0;36m')" BLUE="$(printf '\033[0;34m')" BROWN="$(printf '\033[0;33m')" DARKGRAY="$(printf '\033[0;30m')" GRAY="$(printf '\033[0;37m')" GREEN="$(printf '\033[1;32m')" LIGHTBLUE="$(printf '\033[0;94m')" MAGENTA="$(printf '\033[1;35m')" PURPLE="$(printf '\033[0;35m')" RED="$(printf '\033[1;31m')" YELLOW="$(printf '\033[1;33m')" WHITE="$(printf '\033[1;37m')" # Special markup BOLD="${WHITE}" NORMAL="$(printf '\033[0m')" # Semantic names BG_WARNING="$(printf '\033[30;43m')" # Yellow background with grey text HEADER="${WHITE}" WARNING="${RED}" SECTION="${YELLOW}" NOTICE="${YELLOW}" OK="${GREEN}" BAD="${RED}" # ################################################################################# # #================================================================================ # Lynis - Security Auditing and System Hardening for Linux and UNIX - https://cisofy.com