#!/bin/sh

#################################################################################
#
#   Lynis
# ------------------
#
# Copyright 2007-2013, Michael Boelen
# Copyright 2013-2016, CISOfy
#
# Website  : https://cisofy.com
# Blog     : http://linux-audit.com
# GitHub   : https://github.com/CISOfy/lynis
#
# Lynis comes with ABSOLUTELY NO WARRANTY. This is free software, and you are
# welcome to redistribute it under the terms of the GNU General Public License.
# See LICENSE file for usage of this software.
#
#################################################################################
#
# Consts
#
#################################################################################
#

# Paths where system and program binaries are located
BIN_PATHS="/bin /sbin /usr/bin /usr/sbin /usr/local/bin /usr/local/sbin \
          /usr/local/libexec /usr/libexec /usr/sfw/bin /usr/sfw/sbin \
          /usr/sfw/libexec /opt/sfw/bin /opt/sfw/sbin /opt/sfw/libexec \
          /usr/xpg4/bin /usr/css/bin /usr/ucb /usr/X11R6/bin /usr/X11R7/bin \
          /usr/pkg/bin /usr/pkg/sbin"

ETC_PATHS="/etc /usr/local/etc"

# Do not use specific language, fall back to default
# Some tools with translated strings are very hard to parse
unset LANG

#
#################################################################################
#
# Initialize defaults
#
#################################################################################
#
# == Variable initializing ==
#
    AUDITORNAME=""
    AUTH_FAILED_LOGINS_LOGGED=0
    AUTH_UNLOCK_TIME=-1
    PROFILE=""
    REPORTFILE=""
    AFICKBINARY=""
    AIDEBINARY=""
    AASTATUSBINARY=""
    AUDITD_RUNNING=0
    APPLICATION_FIREWALL_ACTIVE=0
    BINARY_SCAN_FINISHED=0
    CHECK=0
    CHECK_BINARIES=1
    CHKROOTKITBINARY=""
    CHKCONFIGBINARY=""
    COMPLIANCE_ENABLE_CIS=0
    COMPLIANCE_ENABLE_HIPAA=0
    COMPLIANCE_ENABLE_ISO27001=0
    COMPLIANCE_ENABLE_PCI_DSS=0
    COMPLIANCE_TESTS_PERFORMED=0
    COMPLIANCE_FINDINGS_FOUND=0
    COMPRESSED_UPLOADS=0
    CONTROL_URL_APPEND=""
    CONTROL_URL_PREPEND=""
    CONTROL_URL_PROTOCOL=""
    CSUMBINARY=""
    CUSTOM_URL_APPEND=""
    CUSTOM_URL_PREPEND=""
    CUSTOM_URL_PROTOCOL=""
    DB2_RUNNING=0
    DEVELOPER_MODE=0
    DISCOVERED_BINARIES=""
    DOCKER_DAEMON_RUNNING=0
    ERROR_ON_WARNINGS=0
    FILEVALUE=""
    FIND=""
    FIREWALL_ACTIVE=0
    FOUNDPATH=0
    GREPBINARY="grep"
    GROUP_NAME=""
    GRPCKBINARY=""
    GRSEC_FOUND=0
    GRUB2INSTALLBINARY=""
    HAS_SYSTEMD=0
    HELPER=""
    HOSTID=""
    IDS_IPS_TOOL_FOUND=0
    IPTABLESBINARY=""
    LINUX_VERSION=""
    LINUXCONFIGFILE=""
    LMDBINARY=""
    LMDFOUND=0
    LOGFILE=""
    MACHINEID=""
    MACHINE_ROLE=""
    MALWARE_SCANNER_INSTALLED=0
    MYSQL_RUNNING=0
    MIN_PASSWORD_LENGTH=-1
    N_PLUGIN_ENABLED=0
    NAME_CACHE_USED=0
    NETWORK_INTERFACES=""
    NGINX_ACCESS_LOG_DISABLED=0
    NGINX_ACCESS_LOG_MISSING=0
    NGINX_ALIAS_FOUND=0
    NGINX_ALLOW_FOUND=0
    NGINX_DENY_FOUND=0
    NGINX_ERROR_LOG_DEBUG=0
    NGINX_ERROR_LOG_MISSING=0
    NGINX_EXPIRES_FOUND=0
    NGINX_FASTCGI_FOUND=0
    NGINX_FASTCGI_PARAMS_FOUND=0
    NGINX_FASTCGI_PASS_FOUND=0
    NGINX_LISTEN_FOUND=0
    NGINX_LOCATION_FOUND=0
    NGINX_SSL_CIPHERS=0
    NGINX_SSL_ON=0
    NGINX_SSL_PREFER_SERVER_CIPHERS=0
    NGINX_SSL_PROTOCOLS=0
    NGINX_RETURN_FOUND=0
    NGINX_ROOT_FOUND=0
    NGINX_WEAK_SSL_PROTOCOL_FOUND=0
    NTPD_ROLE=""
    ORACLE_RUNNING=0
    OS=""; OS_MODE=""
    OS_REDHAT_OR_CLONE=0
    OSIRISBINARY=""
    PASSWORD_MAXIMUM_DAYS=-1
    PASSWORD_MINIMUM_DAYS=-1
    PAM_2F_AUTH_ENABLED=0
    PAM_2F_AUTH_REQUIRED=0
    PAM_AUTH_BRUTE_FORCE_PROTECTION=0
    PAM_PASSWORD_HISTORY_AMOUNT=0
    PAM_PASSWORD_HISTORY_ENABLED=0
    PAM_PASSWORD_STRENGTH_TESTED=0
    PAM_PASSWORD_PWHISTORY_ENABLED=0
    PAM_PASSWORD_UXHISTORY_ENABLED=0
    PFFOUND=0
    PIDFILE=""
    PLUGINDIR=""
    PLUGIN_PHASE=0
    POSTGRES_RUNNING=0
    PRIVILEGED=0
    PROFILEVALUE=""
    PSBINARY="ps"
    REMOTE_LOGGING_ENABLED=0
    RKHUNTERBINARY=""
    RPMBINARY=""
    RUN_HELPERS=0
    RUN_PLUGINS=1
    RUN_TESTS=1
    SAMHAINBINARY=""
    SCAN_TEST_HEAVY=""; SCAN_TEST_MEDIUM=""; SCAN_TEST_LOW=""
    SEARCH_PROFILES=""
    SESTATUSBINARY=""
    SERVICE_MANAGER=""
    SETTINGS=""
    SETTINGS_FILE=""
    SHELL_IS_BUSYBOX=0
    SHOW_PROGRAM_DETAILS=1
    SHOW_REPORT=1
    SHOW_WARNINGS_ONLY=0
    SKIP_TESTS=""
    SKIPPED_TESTS_ROOTONLY=""
    SSHKEYSCANBINARY=""
    SSHKEYSCANFOUND=0
    SSL_CERTIFICATE_PATHS=""
    SYSLOGNGBINARY=""
    SYSTEMCTLBINARY=""
    TEMP_FILE=""
    TEMP_FILES=""
    TEST_SKIP_ALWAYS=""
    TESTS_CATEGORY_TO_PERFORM=""
    TESTS_EXECUTED=""
    TESTS_SKIPPED=""
    TMPFILE=""
    TOTAL_SUGGESTIONS=0
    TOTAL_WARNINGS=0
    TRIPWIREBINARY=""
    UEFI_BOOTED=0
    UEFI_BOOTED_SECURE=0
    UNBOUND_RUNNING=0
    UPDATE_CHECK_SKIPPED=0
    UPLOAD_OPTIONS=""
    UPLOAD_PROXY_PORT=""
    UPLOAD_PROXY_PROTOCOL=""
    UPLOAD_PROXY_SERVER=""
    UPLOAD_TOOL=""
    UPLOAD_TOOL_ARGS=""
    VALUE=""
    VERBOSE=0
    VMTYPE=""
    VULNERABLE_PACKAGES_FOUND=0
#
#################################################################################
#
# * Options
#
#################################################################################
#
    CRONJOB=0                   # Run as a cronjob
    CTESTS_PERFORMED=0          # Number of tests which are performed
    DEBUG=0                     # Debugging mode (to screen)
    HPPOINTS=0                  # Number of hardening points
    HPTOTAL=0                   # Maximum number of hardening points
    LOG_INCORRECT_OS=1          # Log tests with incorrect OS
    NEVERBREAK=0                # Don't wait for user input
    PENTESTINGMODE=0            # Try tests without root privileges
    QUICKMODE=0                 # Don't wait for user input
    QUIET=0                     # Show normal messages and warnings as well
    SHOW_TOOL_TIPS=1            # Show inline tool tips (default true)
    SKIPLOGTEST=0               # Skip logging for one test
    SKIP_UPGRADE_TEST=0         # Skip upgrade test
    TESTS_TO_PERFORM=""         # Which tests only to perform
    TEST_PAUSE_TIME=0           # Default pause time
    TOTAL_TESTS=0               # Total amount of tests (counter)
    UPLOAD_DATA=0               # Upload of data to central node
    VIEWHELP=0                  # Show help
    WRONGOPTION=0               # A wrong option is used
#
#################################################################################
#
    # Installed packages and other settings
    COMPILER_INSTALLED=0
#
#################################################################################
#
# * Colors
#
# For improved display
#
#################################################################################
#
    NORMAL="[0;39m"
    WARNING="[1;31m"          # Bad (red)
    SECTION="[1;33m"          # Section (yellow)
    NOTICE="[1;33m"           # Notice (yellow)
    OK="[1;32m"               # Ok (green)
    BAD="[1;31m"              # Bad (red)

    # Normal color names
    CYAN="[0;36m"
    BLUE="[0;34m"
    BROWN="[0;33m"
    DARKGRAY="[0;30m"
    GRAY="[0;37m"
    GREEN="[1;32m"
    MAGENTA="[1;35m"
    PURPLE="[0;35m"
    RED="[1;31m"
    YELLOW="[1;33m"
    WHITE="[1;37m"

#
#################################################################################
#

#================================================================================
# Lynis - Security Auditing and System Hardening for Linux and UNIX - https://cisofy.com