1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
|
#!/bin/sh
#################################################################################
#
# Lynis
# ------------------
#
# Copyright 2007-2014, Michael Boelen (michael@rootkit.nl), The Netherlands
# Web site: http://www.rootkit.nl
#
# Lynis comes with ABSOLUTELY NO WARRANTY. This is free software, and you are
# welcome to redistribute it under the terms of the GNU General Public License.
# See LICENSE file for usage of this software.
#
#################################################################################
#
# Banners and identification
#
#################################################################################
#
InsertSection "Banners and identification"
# Display --indent 2 --text "- Checking banners..."
#
#################################################################################
#
BANNER_FILES="/etc/issue /etc/issue.net /etc/motd"
LEGAL_BANNER_STRINGS="access authorized legal monitor owner policy policies private prohibited restricted this unauthorized"
#
#################################################################################
#
# Test : BANN-7113
# Description : Check FreeBSD COPYRIGHT banner file
Register --test-no BANN-7113 --os FreeBSD --weight L --network NO --description "Check COPYRIGHT banner file"
if [ ${SKIPTEST} -eq 0 ]; then
logtext "Test: Testing existence /COPYRIGHT or /etc/COPYRIGHT"
if [ -f /COPYRIGHT ]; then
Display --indent 2 --text "- /COPYRIGHT" --result FOUND --color GREEN
if [ -s /COPYRIGHT ]; then
logtext "Result: /COPYRIGHT available and contains text"
else
logtext "Result: /COPYRIGHT available, but empty"
fi
else
Display --indent 2 --text "- /COPYRIGHT" --result "NOT FOUND" --color WHITE
logtext "Result: /COPYRIGHT not found"
fi
if [ -f /etc/COPYRIGHT ]; then
Display --indent 2 --text "- /etc/COPYRIGHT" --result FOUND --color GREEN
if [ -s /etc/COPYRIGHT ]; then
logtext "Result: /etc/COPYRIGHT available and contains text"
else
logtext "Result: /etc/COPYRIGHT available, but empty"
fi
else
Display --indent 2 --text "- /etc/COPYRIGHT" --result "NOT FOUND" --color WHITE
logtext "Result: /etc/COPYRIGHT not found"
fi
fi
#
#################################################################################
#
# Test : BANN-7119
# Description : Check MOTD banner file
Register --test-no BANN-7119 --weight L --network NO --description "Check MOTD banner file"
if [ ${SKIPTEST} -eq 0 ]; then
logtext "Test: Testing existence /etc/motd"
if [ -f /etc/motd ]; then
logtext "Result: file /etc/motd exists"
Display --indent 2 --text "- /etc/motd..." --result FOUND --color GREEN
if [ ! -L /etc/motd ]; then
IsWorldWritable /etc/motd
if [ "${FileIsWorldWritable}" = "TRUE" ]; then
Display --indent 4 --text "- /etc/motd permissions..." --result WARNING --color RED
logtext "Result: /etc/motd is world writable. Users can change this file!"
ReportWarning ${TEST_NO} "H" "/etc/motd is world writable"
else
Display --indent 4 --text "- /etc/motd permissions..." --result OK --color GREEN
logtext "Result: /etc/motd is not world writable."
fi
else
logtext "Result: file /etc/motd is symlink"
fi
else
logtext "Result: File /etc/motd not found"
Display --indent 2 --text "- /etc/motd..." --result "NOT FOUND" --color WHITE
fi
fi
#
#################################################################################
#
# Test : BANN-7122
# Description : Check motd file to see if it contains some form of message
# to discourage unauthorized users to leave the system alone
if [ -f /etc/motd -a ! -L /etc/motd ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
Register --test-no BANN-7122 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check /etc/motd banner file contents"
if [ ${SKIPTEST} -eq 0 ]; then
N=0
logtext "Test: Checking file /etc/motd contents for legal key words"
for I in ${LEGAL_BANNER_STRINGS}; do
FIND=`grep -i "${I}" /etc/motd`
if [ ! "${FIND}" = "" ]; then
logtext "Result: found string '${I}'"
N=`expr ${N} + 1`
fi
done
# Check if we have 5 or more key words
if [ ${N} -gt 4 ]; then
logtext "Result: Found ${N} key words, to warn unauthorized users"
Display --indent 4 --text "- /etc/motd contents..." --result OK --color GREEN
AddHP 2 2
else
logtext "Result: Found only ${N} key words, to warn unauthorized users and could be increased"
Display --indent 4 --text "- /etc/motd contents..." --result WEAK --color YELLOW
ReportSuggestion ${TEST_NO} "Add legal banner to /etc/motd, to warn unauthorized users"
AddHP 0 1
fi
fi
#
#################################################################################
#
# Test : BANN-7124
# Description : Check issue banner file
Register --test-no BANN-7124 --weight L --network NO --description "Check issue banner file"
if [ ${SKIPTEST} -eq 0 ]; then
logtext "Test: Checking file /etc/issue"
if [ -f /etc/issue ]; then
# Check for symlink
if [ -L /etc/issue ]; then
logtext "Result: file /etc/issue exists (symlink)"
Display --indent 2 --text "- /etc/issue..." --result SYMLINK --color GREEN
else
Display --indent 2 --text "- /etc/issue..." --result FOUND --color GREEN
fi
else
logtext "Result: file /etc/issue does not exist"
Display --indent 2 --text "- /etc/issue..." --result "NOT FOUND" --color WHITE
fi
fi
#
#################################################################################
#
# Test : BANN-7126
# Description : Check issue file to see if it contains some form of message
# to discourage unauthorized users to leave the system alone
if [ -f /etc/issue ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
Register --test-no BANN-7126 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check issue banner file contents"
if [ ${SKIPTEST} -eq 0 ]; then
N=0
logtext "Test: Checking file /etc/issue contents for legal key words"
for I in ${LEGAL_BANNER_STRINGS}; do
FIND=`grep -i "${I}" /etc/issue`
if [ ! "${FIND}" = "" ]; then
logtext "Result: found string '${I}'"
N=`expr ${N} + 1`
fi
done
# Check if we have 5 or more key words
if [ ${N} -gt 4 ]; then
logtext "Result: Found ${N} key words (5 or more suggested), to warn unauthorized users"
Display --indent 4 --text "- /etc/issue contents..." --result OK --color GREEN
AddHP 2 2
else
logtext "Result: Found only ${N} key words (5 or more suggested), to warn unauthorized users and could be increased"
Display --indent 4 --text "- /etc/issue contents..." --result WEAK --color YELLOW
ReportSuggestion ${TEST_NO} "Add a legal banner to /etc/issue, to warn unauthorized users"
AddHP 0 1
fi
fi
#
#################################################################################
#
# Test : BANN-7128
# Description : Check issue.net banner file
Register --test-no BANN-7128 --weight L --network NO --description "Check issue.net banner file"
if [ ${SKIPTEST} -eq 0 ]; then
logtext "Test: Checking file /etc/issue.net"
if [ -f /etc/issue.net ]; then
# Check for symlink
if [ -L /etc/issue.net ]; then
logtext "Result: file /etc/issue.net exists (symlink)"
Display --indent 2 --text "- /etc/issue.net..." --result SYMLINK --color GREEN
else
logtext "Result: file /etc/issue.net exists"
Display --indent 2 --text "- /etc/issue.net..." --result FOUND --color GREEN
fi
else
logtext "Result: file /etc/issue.net does not exist"
Display --indent 2 --text "- /etc/issue.net..." --result "NOT FOUND" --color WHITE
fi
fi
#
#################################################################################
#
# Test : BANN-7130
# Description : Check issue.net file to see if it contains some form of message
# to discourage unauthorized users to leave the system alone
if [ -f /etc/issue.net ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
Register --test-no BANN-7130 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check issue.net banner file contents"
if [ ${SKIPTEST} -eq 0 ]; then
N=0
logtext "Test: Checking file /etc/issue.net contents for legal key words"
for I in ${LEGAL_BANNER_STRINGS}; do
FIND=`grep -i "${I}" /etc/issue.net`
if [ ! "${FIND}" = "" ]; then
logtext "Result: found string '${I}'"
N=`expr ${N} + 1`
fi
done
# Check if we have 5 or more key words
if [ ${N} -gt 4 ]; then
logtext "Result: Found ${N} key words, to warn unauthorized users"
Display --indent 4 --text "- /etc/issue.net contents..." --result OK --color GREEN
AddHP 2 2
else
logtext "Result: Found only ${N} key words, to warn unauthorized users and could be increased"
Display --indent 4 --text "- /etc/issue.net contents..." --result WEAK --color YELLOW
ReportSuggestion ${TEST_NO} "Add legal banner to /etc/issue.net, to warn unauthorized users"
AddHP 0 1
fi
fi
#
#################################################################################
#
# /etc/dt/config/*/Xresources
# /etc/default/telnetd (telnet without TCP wrappers)
# /etc/default/ftpd (ftp without TCP wrappers)
# /etc/ftpd/banner.msg (ftp without TCP wrappers on Solaris)
# /etc/ftpaccess (HP-UX)
# /etc/ftpmotd (AIX)
# /etc/ftpaccess.ctl (AIX)
# /etc/security/login.cfg (AIX)
# /etc/X11/xdm/Xresources
# /etc/X11/xdm/kdmrc
# /etc/X11/gdm/gdm
# /etc/vsftpd.conf
#
#################################################################################
#
wait_for_keypress
#
#################################################################################
#
# Notes:
# HPUX: /etc/copyright
#
#================================================================================
# Lynis - Copyright 2007-2014, Michael Boelen - www.rootkit.nl - The Netherlands
|
