#!/bin/sh ################################################################################# # # Lynis # ------------------ # # Copyright 2007-2013, Michael Boelen # Copyright 2007-2017, CISOfy # # Website : https://cisofy.com # Blog : http://linux-audit.com # GitHub : https://github.com/CISOfy/lynis # # Lynis comes with ABSOLUTELY NO WARRANTY. This is free software, and you are # welcome to redistribute it under the terms of the GNU General Public License. # See LICENSE file for usage of this software. # ################################################################################# # # Banners and identification # ################################################################################# # InsertSection "Banners and identification" # ################################################################################# # BANNER_FILES="${ROOTDIR}etc/issue ${ROOTDIR}etc/issue.net ${ROOTDIR}etc/motd" LEGAL_BANNER_STRINGS="audit access authori connect enforce evidence intrusion law legal monitor owner policy policies private prohibited record restricted secure subject terms this unauthorized" # ################################################################################# # # Test : BANN-7113 # Description : Check FreeBSD COPYRIGHT banner file Register --test-no BANN-7113 --os FreeBSD --weight L --network NO --category security --description "Check COPYRIGHT banner file" if [ ${SKIPTEST} -eq 0 ]; then LogText "Test: Testing existence ${ROOTDIR}COPYRIGHT or ${ROOTDIR}etc/COPYRIGHT" if [ -f ${ROOTDIR}COPYRIGHT ]; then Display --indent 2 --text "- ${ROOTDIR}COPYRIGHT" --result "${STATUS_FOUND}" --color GREEN if [ -s ${ROOTDIR}COPYRIGHT ]; then LogText "Result: ${ROOTDIR}COPYRIGHT available and contains text" else LogText "Result: ${ROOTDIR}COPYRIGHT available, but empty" fi else Display --indent 2 --text "- ${ROOTDIR}COPYRIGHT" --result "${STATUS_NOT_FOUND}" --color WHITE LogText "Result: ${ROOTDIR}COPYRIGHT not found" fi if [ -f ${ROOTDIR}etc/COPYRIGHT ]; then Display --indent 2 --text "- ${ROOTDIR}etc/COPYRIGHT" --result "${STATUS_FOUND}" --color GREEN if [ -s ${ROOTDIR}etc/COPYRIGHT ]; then LogText "Result: ${ROOTDIR}etc/COPYRIGHT available and contains text" else LogText "Result: ${ROOTDIR}etc/COPYRIGHT available, but empty" fi else Display --indent 2 --text "- ${ROOTDIR}etc/COPYRIGHT" --result "${STATUS_NOT_FOUND}" --color WHITE LogText "Result: ${ROOTDIR}etc/COPYRIGHT not found" fi fi # ################################################################################# # # Test : BANN-7124 # Description : Check issue banner file Register --test-no BANN-7124 --weight L --network NO --category security --description "Check issue banner file" if [ ${SKIPTEST} -eq 0 ]; then LogText "Test: Checking file ${ROOTDIR}etc/issue" if [ -f ${ROOTDIR}etc/issue ]; then # Check for symlink if [ -L ${ROOTDIR}etc/issue ]; then LogText "Result: file ${ROOTDIR}etc/issue exists (symlink)" Display --indent 2 --text "- ${ROOTDIR}etc/issue" --result SYMLINK --color GREEN else Display --indent 2 --text "- ${ROOTDIR}etc/issue" --result "${STATUS_FOUND}" --color GREEN fi else LogText "Result: file ${ROOTDIR}etc/issue does not exist" Display --indent 2 --text "- ${ROOTDIR}etc/issue" --result "${STATUS_NOT_FOUND}" --color WHITE fi fi # ################################################################################# # # Test : BANN-7126 # Description : Check issue file to see if it contains some form of message # to discourage unauthorized users to leave the system alone if [ -f ${ROOTDIR}etc/issue ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi Register --test-no BANN-7126 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check issue banner file contents" if [ ${SKIPTEST} -eq 0 ]; then COUNT=0 FILE="${ROOTDIR}etc/issue" LogText "Test: Checking file ${FILE} contents for legal key words" for ITEM in ${LEGAL_BANNER_STRINGS}; do FIND=$(${GREPBINARY} -i "${ITEM}" ${FILE}) if HasData "${FIND}"; then LogText "Result: found string '${ITEM}'" COUNT=$((COUNT + 1)) fi done # Check if we have 5 or more key words if [ ${COUNT} -gt 4 ]; then LogText "Result: Found ${COUNT} key words (5 or more suggested), to warn unauthorized users" Display --indent 4 --text "- ${FILE} contents" --result "${STATUS_OK}" --color GREEN AddHP 2 2 else LogText "Result: Found only ${COUNT} key words (5 or more suggested), to warn unauthorized users and could be increased" Display --indent 4 --text "- ${FILE} contents" --result WEAK --color YELLOW ReportSuggestion ${TEST_NO} "Add a legal banner to ${FILE}, to warn unauthorized users" AddHP 0 1 Report "weak_banner_file[]=${FILE}" fi fi # ################################################################################# # # Test : BANN-7128 # Description : Check issue.net banner file Register --test-no BANN-7128 --weight L --network NO --category security --description "Check issue.net banner file" if [ ${SKIPTEST} -eq 0 ]; then LogText "Test: Checking file ${ROOTDIR}etc/issue.net" if [ -f ${ROOTDIR}etc/issue.net ]; then # Check for symlink if [ -L ${ROOTDIR}etc/issue.net ]; then LogText "Result: file ${ROOTDIR}etc/issue.net exists (symlink)" Display --indent 2 --text "- ${ROOTDIR}etc/issue.net" --result SYMLINK --color GREEN else LogText "Result: file ${ROOTDIR}etc/issue.net exists" Display --indent 2 --text "- ${ROOTDIR}etc/issue.net" --result "${STATUS_FOUND}" --color GREEN fi else LogText "Result: file ${ROOTDIR}etc/issue.net does not exist" Display --indent 2 --text "- ${ROOTDIR}etc/issue.net" --result "${STATUS_NOT_FOUND}" --color WHITE fi fi # ################################################################################# # # Test : BANN-7130 # Description : Check issue.net file to see if it contains some form of message # to discourage unauthorized users to leave the system alone if [ -f ${ROOTDIR}etc/issue.net ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi Register --test-no BANN-7130 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check issue.net banner file contents" if [ ${SKIPTEST} -eq 0 ]; then COUNT=0 LogText "Test: Checking file ${ROOTDIR}etc/issue.net contents for legal key words" for ITEM in ${LEGAL_BANNER_STRINGS}; do FIND=$(${GREPBINARY} -i "${ITEM}" ${ROOTDIR}etc/issue.net) if HasData "${FIND}"; then LogText "Result: found string '${ITEM}'" COUNT=$((COUNT + 1)) fi done # Check if we have 5 or more key words if [ ${COUNT} -gt 4 ]; then LogText "Result: Found ${COUNT} key words, to warn unauthorized users" Display --indent 4 --text "- ${ROOTDIR}etc/issue.net contents" --result "${STATUS_OK}" --color GREEN AddHP 2 2 else LogText "Result: Found only ${COUNT} key words, to warn unauthorized users and could be increased" Display --indent 4 --text "- ${ROOTDIR}etc/issue.net contents" --result WEAK --color YELLOW ReportSuggestion ${TEST_NO} "Add legal banner to /etc/issue.net, to warn unauthorized users" AddHP 0 1 fi fi # ################################################################################# # WaitForKeyPress # #================================================================================ # Lynis - Security Auditing and System Hardening for Linux and UNIX - https://cisofy.com