1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
|
#!/bin/sh
#################################################################################
#
# Lynis
# ------------------
#
# Copyright 2007-2014, Michael Boelen (michael@rootkit.nl), The Netherlands
# Web site: http://www.rootkit.nl
#
# Lynis comes with ABSOLUTELY NO WARRANTY. This is free software, and you are
# welcome to redistribute it under the terms of the GNU General Public License.
# See LICENSE file for usage of this software.
#
#################################################################################
#
# Memory and processes
#
#################################################################################
#
InsertSection "Memory and processes"
#
#################################################################################
#
# Test : PROC-3602
# Description : Query /proc/meminfo
Register --test-no PROC-3602 --os Linux --weight L --network NO --description "Checking /proc/meminfo for memory details"
if [ ${SKIPTEST} -eq 0 ]; then
if [ -f /proc/meminfo ]; then
logtext "Result: found /proc/meminfo"
Display --indent 2 --text "- Checking /proc/meminfo" --result FOUND --color GREEN
FIND=`cat /proc/meminfo | grep "^MemTotal" | tr -s ' ' | awk '{ print $2" "$3 }'`
MEMORY_SIZE=`echo ${FIND} | awk '{ print $1 }'`
MEMORY_UNITS=`echo ${FIND} | awk '{ print $2 }'`
logtext "Result: Found ${MEMORY_SIZE} ${MEMORY_UNITS} memory"
report "memory_size=${MEMORY_SIZE}"
report "memory_units=${MEMORY_UNITS}"
else
logtext "Result: /proc/meminfo file not found on this system"
fi
fi
#
#################################################################################
#
# Test : PROC-3604
# Description : Query /proc/meminfo
Register --test-no PROC-3604 --os Solaris --weight L --network NO --description "Query prtconf for memory details"
if [ ${SKIPTEST} -eq 0 ]; then
logtext "Test: Searching /usr/sbin/prtconf"
if [ -x /usr/sbin/prtconf ]; then
Display --indent 2 --text "- Querying prtconf for installed memory" --result DONE --color GREEN
MEMORY_SIZE=`/usr/sbin/prtconf | grep "^Memory size:" | cut -d ' ' -f3`
MEMORY_UNITS=`/usr/sbin/prtconf | grep "^Memory size:" | cut -d ' ' -f4`
logtext "Result: Found ${MEMORY_SIZE} ${MEMORY_UNITS} memory"
report "memory_size=${MEMORY_SIZE}"
report "memory_units=${MEMORY_UNITS}"
else
Display --indent 2 --text "- Querying prtconf for installed memory" --result SKIPPED --color WHITE
logtext "Result: /usr/sbin/prtconf not found"
fi
fi
#
#################################################################################
#
# Test : PROC-3612
# Description : Searching for dead and zombie processes
# Notes : Don't perform test on Solaris
if [ ! "${OS}" = "Solaris" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
Register --test-no PROC-3612 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check dead or zombie processes"
if [ ${SKIPTEST} -eq 0 ]; then
if [ "${OS}" = "AIX" ]; then
FIND=`${PSBINARY} -Ae -o pid,wchan,stat,comm | awk '{ if ($3 ~ /Z|X/) print $1 }' | xargs`
else
FIND=`${PSBINARY} x -o pid,wchan,stat,comm | awk '{ if ($3 ~ /Z|X/) print $1 }' | xargs`
fi
if [ "${FIND}" = "" ]; then
logtext "Result: no zombie processes found"
Display --indent 2 --text "- Searching for dead/zombie processes" --result OK --color GREEN
else
logtext "Result: found one or more dead or zombie processes"
logtext "Output: PIDs ${FIND}"
Display --indent 2 --text "- Searching for dead/zombie processes" --result WARNING --color RED
ReportSuggestion ${TEST_NO} "Check the output of ps for dead or zombie processes"
fi
fi
#
#################################################################################
#
# Test : PROC-3614
# Description : Searching for heavy IO based waiting processes
# Notes : Don't perform test on Solaris
if [ ! "${OS}" = "Solaris" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
Register --test-no PROC-3614 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check heavy IO waiting based processes"
if [ ${SKIPTEST} -eq 0 ]; then
if [ "${OS}" = "AIX" ]; then
FIND=`${PSBINARY} -Ae -o pid,wchan,stat,comm | awk '{ if ($3=="D") print $1 }' | xargs`
else
FIND=`${PSBINARY} x -o pid,wchan,stat,comm | awk '{ if ($3=="D") print $1 }' | xargs`
fi
if [ "${FIND}" = "" ]; then
logtext "Result: No processes were waiting for IO requests to be handled first"
Display --indent 2 --text "- Searching for IO waiting processes" --result OK --color GREEN
else
logtext "Result: found one or more processes which were waiting to get IO requests handled first"
logtext "More info: processes which show up with the status flag 'D' are often stuck, until a disk IO event finished. This can happen for example with network storage, where the connection or protocol settings are not logtext well configured."
logtext "Output: PIDs ${FIND}"
Display --indent 2 --text "- Searching for IO waiting processes" --result WARNING --color RED
ReportSuggestion ${TEST_NO} "Check process listing for processes waiting for IO requests"
fi
fi
#
#################################################################################
#
# Ubuntu test: dead processes
# who -d
#
#################################################################################
#
# Test : PROC-3624
# Description : Check shared memory (ipcs -m)
# Notes : if it's empty, check /dev/shm and warn if any files are left behind
#Register --test-no PROC-3614 --os Linux --weight L --network NO --description "Check shared memory"
#if [ ${SKIPTEST} -eq 0 ]; then
#
#################################################################################
#
wait_for_keypress
#
#================================================================================
# Lynis - Copyright 2007-2014, Michael Boelen - www.rootkit.nl - The Netherlands
|
