#!/bin/sh ################################################################################# # # Lynis # ------------------ # # Copyright 2007-2013, Michael Boelen # Copyright 2013-2016, CISOfy # # Website : https://cisofy.com # Blog : http://linux-audit.com # GitHub : https://github.com/CISOfy/lynis # # Lynis comes with ABSOLUTELY NO WARRANTY. This is free software, and you are # welcome to redistribute it under the terms of the GNU General Public License. # See LICENSE file for usage of this software. # ################################################################################# # AUTOMATION_TOOL_FOUND=0 AUTOMATION_TOOL_RUNNING="" CFENGINE_AGENT_FOUND=0 CFENGINE_SERVER_RUNNING=0 BACKUP_AGENT_FOUND=0 PUPPET_MASTER_RUNNING=0 SALT_MASTER_RUNNING=0 SALT_MINION_RUNNING=0 # ################################################################################# # InsertSection "Software: System tooling" # ################################################################################# # # Automation # ################################################################################# # # Test : TOOL-5002 # Description : Check if automation tools are found Register --test-no TOOL-5002 --weight L --network NO --description "Checking for automation tools" if [ ${SKIPTEST} -eq 0 ]; then Display --indent 2 --text "- Checking automation tooling" # Cfengine if [ ! "${CFAGENTBINARY}" = "" ]; then LogText "Result: CFEngine (cfagent) is installed (${CFAGENTBINARY})" AUTOMATION_TOOL_FOUND=1 CFENGINE_AGENT_FOUND=1 Report "automation_tool_running[]=cf-agent" Display --indent 4 --text "Found: Cfengine (cfagent)" --result FOUND --color GREEN fi OTHER_CFENGINE_LOCATIONS="/var/cfengine/bin" for I in ${OTHER_CFENGINE_LOCATIONS}; do if [ -d ${I} ]; then if [ -f ${I}/cf-agent ]; then LogText "Result: found CFEngine agent (cf-agent) in ${I}" AUTOMATION_TOOL_FOUND=1 CFENGINE_AGENT_FOUND=1 Report "automation_tool_running[]=cf-agent" Display --indent 4 --text "Found: CFEngine (cf-agent)" --result FOUND --color GREEN fi IsRunning "cf-server" if [ ${RUNNING} -eq 1 ]; then LogText "Result: found CFEngine server" AUTOMATION_TOOL_FOUND=1 CFENGINE_SERVER_RUNNING=1 Report "automation_tool_running[]=cf-server" Display --indent 4 --text "Found: CFEngine (cf-server)" --result FOUND --color GREEN fi fi done # Chef CHEF_LOCATIONS="/opt/chef/bin /opt/chef-server/sv /opt/chefdk/bin" for I in ${CHEF_LOCATIONS}; do if [ -d ${I} ]; then if [ -f ${I}/chef-client ]; then CHEFCLIENTBINARY="${I}/chef-client" AUTOMATION_TOOL_FOUND=1 Report "automation_tool_running[]=chef-client" Display --indent 4 --text "Found: Chef client (chef-client)" --result FOUND --color GREEN LogText "Result: found chef-client (chef client daemon) in ${I}" fi if [ -f ${I}/erchef ]; then CHEFSERVERBINARY="${I}/erchef" LogText "Result: Chef Server (erchef) is installed (${CHEFSERVERBINARY})" AUTOMATION_TOOL_FOUND=1 Report "automation_tool_running[]=chef-server" Display --indent 4 --text "Found: Chef Server (erchef)" --result FOUND --color GREEN LogText "Result: found erchef (chef server daemon) in ${I}" fi fi done # Puppet if [ ! "${PUPPETBINARY}" = "" ]; then LogText "Result: Puppet is installed (${PUPPETBINARY})" AUTOMATION_TOOL_FOUND=1 Report "automation_tool_running[]=puppet-agent" Display --indent 4 --text "Found: Puppet (agent)" --result FOUND --color GREEN fi IsRunning "puppet master" if [ ${RUNNING} -eq 1 ]; then LogText "Result: found puppet master" PUPPET_MASTER_RUNNING=1 Report "automation_tool_running[]=puppet-master" Display --indent 4 --text "Found: Puppet (master)" --result FOUND --color GREEN fi # SaltStack if [ ! "${SALTMINIONBINARY}" = "" ]; then LogText "Result: SaltStack (salt-minion) is installed (${SALTMINIONBINARY})" AUTOMATION_TOOL_FOUND=1 SALT_MINION_RUNNING=1 Report "automation_tool_running[]=saltstack-minion" Display --indent 4 --text "Found: SaltStack minion (salt-minion)" --result FOUND --color GREEN fi if [ ! "${SALTMASTERBINARY}" = "" ]; then LogText "Result: SaltStack (salt-master) is installed (${SALTMASTERBINARY})" AUTOMATION_TOOL_FOUND=1 SALT_MASTER_RUNNING=1 Report "automation_tool_running[]=saltstack-minion" Display --indent 4 --text "Found: SaltStack master (salt-master)" --result FOUND --color GREEN else IsRunning "salt-master" if [ ${RUNNING} -eq 1 ]; then LogText "Result: found SaltStack (master)" AUTOMATION_TOOL_FOUND=1 SALT_MASTER_RUNNING=1 Report "automation_tool_running[]=saltstack-master" Display --indent 4 --text "Found: SaltStack (master)" --result FOUND --color GREEN fi fi if [ ${AUTOMATION_TOOL_FOUND} -eq 1 ]; then Display --indent 2 --text "- Automation tooling" --result FOUND --color GREEN else Display --indent 2 --text "- Automation tooling" --result "NOT FOUND" --color YELLOW ReportSuggestion ${TEST_NO} "Determine if automation tools are present for system management" fi fi # ################################################################################# # # Backup tools # ################################################################################# # # Netvault # Rsync in cron # ################################################################################# # Report "automation_tool_present=${AUTOMATION_TOOL_FOUND}" wait_for_keypress # #================================================================================ # Lynis - Copyright 2007-2016, Michael Boelen, CISOfy - https://cisofy.com