1#!/bin/sh 2 3################################################################################# 4# 5# Lynis 6# ------------------ 7# 8# Copyright 2007-2013, Michael Boelen 9# Copyright 2007-2021, CISOfy 10# 11# Website : https://cisofy.com 12# Blog : http://linux-audit.com 13# GitHub : https://github.com/CISOfy/lynis 14# 15# Lynis comes with ABSOLUTELY NO WARRANTY. This is free software, and you are 16# welcome to redistribute it under the terms of the GNU General Public License. 17# See LICENSE file for usage of this software. 18# 19################################################################################# 20# 21# Banners and identification 22# 23################################################################################# 24# 25 InsertSection "${SECTION_BANNERS_AND_IDENTIFICATION}" 26# 27################################################################################# 28# 29 BANNER_FILES="${ROOTDIR}etc/issue ${ROOTDIR}etc/issue.net ${ROOTDIR}etc/motd" 30 LEGAL_BANNER_STRINGS="audit access authori condition connect consent continu criminal enforce evidence forbidden intrusion law legal legislat log monitor owner penal policy policies privacy private prohibited record restricted secure subject system terms warning" 31# 32################################################################################# 33# 34 # Test : BANN-7113 35 # Description : Check FreeBSD COPYRIGHT banner file 36 Register --test-no BANN-7113 --os FreeBSD --weight L --network NO --category security --description "Check COPYRIGHT banner file" 37 if [ ${SKIPTEST} -eq 0 ]; then 38 LogText "Test: Testing existence ${ROOTDIR}COPYRIGHT or ${ROOTDIR}etc/COPYRIGHT" 39 if [ -f ${ROOTDIR}COPYRIGHT ]; then 40 Display --indent 2 --text "- ${ROOTDIR}COPYRIGHT" --result "${STATUS_FOUND}" --color GREEN 41 if [ -s ${ROOTDIR}COPYRIGHT ]; then 42 LogText "Result: ${ROOTDIR}COPYRIGHT available and contains text" 43 else 44 LogText "Result: ${ROOTDIR}COPYRIGHT available, but empty" 45 fi 46 else 47 Display --indent 2 --text "- ${ROOTDIR}COPYRIGHT" --result "${STATUS_NOT_FOUND}" --color WHITE 48 LogText "Result: ${ROOTDIR}COPYRIGHT not found" 49 fi 50 51 if [ -f ${ROOTDIR}etc/COPYRIGHT ]; then 52 Display --indent 2 --text "- ${ROOTDIR}etc/COPYRIGHT" --result "${STATUS_FOUND}" --color GREEN 53 if [ -s ${ROOTDIR}etc/COPYRIGHT ]; then 54 LogText "Result: ${ROOTDIR}etc/COPYRIGHT available and contains text" 55 else 56 LogText "Result: ${ROOTDIR}etc/COPYRIGHT available, but empty" 57 fi 58 else 59 Display --indent 2 --text "- ${ROOTDIR}etc/COPYRIGHT" --result "${STATUS_NOT_FOUND}" --color WHITE 60 LogText "Result: ${ROOTDIR}etc/COPYRIGHT not found" 61 fi 62 fi 63# 64################################################################################# 65# 66 # Test : BANN-7124 67 # Description : Check issue banner file 68 Register --test-no BANN-7124 --weight L --network NO --category security --description "Check issue banner file" 69 if [ ${SKIPTEST} -eq 0 ]; then 70 LogText "Test: Checking file ${ROOTDIR}etc/issue" 71 if [ -f ${ROOTDIR}etc/issue ]; then 72 # Check for symlink 73 if [ -L ${ROOTDIR}etc/issue ]; then 74 LogText "Result: file ${ROOTDIR}etc/issue exists (symlink)" 75 Display --indent 2 --text "- ${ROOTDIR}etc/issue" --result SYMLINK --color GREEN 76 else 77 Display --indent 2 --text "- ${ROOTDIR}etc/issue" --result "${STATUS_FOUND}" --color GREEN 78 fi 79 else 80 LogText "Result: file ${ROOTDIR}etc/issue does not exist" 81 Display --indent 2 --text "- ${ROOTDIR}etc/issue" --result "${STATUS_NOT_FOUND}" --color WHITE 82 fi 83 fi 84# 85################################################################################# 86# 87 # Test : BANN-7126 88 # Description : Check issue file to see if it contains some form of message 89 # to discourage unauthorized users to leave the system alone 90 if [ -f ${ROOTDIR}etc/issue ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi 91 Register --test-no BANN-7126 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check issue banner file contents" 92 if [ ${SKIPTEST} -eq 0 ]; then 93 COUNT=0 94 FILE="${ROOTDIR}etc/issue" 95 LogText "Test: Checking file ${FILE} contents for legal key words" 96 for ITEM in ${LEGAL_BANNER_STRINGS}; do 97 FIND=$(${GREPBINARY} -i "${ITEM}" ${FILE}) 98 if HasData "${FIND}"; then 99 LogText "Result: found string '${ITEM}'" 100 COUNT=$((COUNT + 1)) 101 fi 102 done 103 # Check if we have 5 or more key words 104 if [ ${COUNT} -gt 4 ]; then 105 LogText "Result: Found ${COUNT} key words (5 or more suggested), to warn unauthorized users" 106 Display --indent 4 --text "- ${FILE} contents" --result "${STATUS_OK}" --color GREEN 107 AddHP 2 2 108 else 109 LogText "Result: Found only ${COUNT} key words (5 or more suggested), to warn unauthorized users and could be increased" 110 Display --indent 4 --text "- ${FILE} contents" --result "${STATUS_WEAK}" --color YELLOW 111 ReportSuggestion "${TEST_NO}" "Add a legal banner to ${FILE}, to warn unauthorized users" 112 AddHP 0 1 113 Report "weak_banner_file[]=${FILE}" 114 fi 115 fi 116# 117################################################################################# 118# 119 # Test : BANN-7128 120 # Description : Check issue.net banner file 121 Register --test-no BANN-7128 --weight L --network NO --category security --description "Check issue.net banner file" 122 if [ ${SKIPTEST} -eq 0 ]; then 123 LogText "Test: Checking file ${ROOTDIR}etc/issue.net" 124 if [ -f ${ROOTDIR}etc/issue.net ]; then 125 # Check for symlink 126 if [ -L ${ROOTDIR}etc/issue.net ]; then 127 LogText "Result: file ${ROOTDIR}etc/issue.net exists (symlink)" 128 Display --indent 2 --text "- ${ROOTDIR}etc/issue.net" --result SYMLINK --color GREEN 129 else 130 LogText "Result: file ${ROOTDIR}etc/issue.net exists" 131 Display --indent 2 --text "- ${ROOTDIR}etc/issue.net" --result "${STATUS_FOUND}" --color GREEN 132 fi 133 else 134 LogText "Result: file ${ROOTDIR}etc/issue.net does not exist" 135 Display --indent 2 --text "- ${ROOTDIR}etc/issue.net" --result "${STATUS_NOT_FOUND}" --color WHITE 136 fi 137 fi 138# 139################################################################################# 140# 141 # Test : BANN-7130 142 # Description : Check issue.net file to see if it contains some form of message 143 # to discourage unauthorized users to leave the system alone 144 if [ -f ${ROOTDIR}etc/issue.net ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi 145 Register --test-no BANN-7130 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check issue.net banner file contents" 146 if [ ${SKIPTEST} -eq 0 ]; then 147 COUNT=0 148 LogText "Test: Checking file ${ROOTDIR}etc/issue.net contents for legal key words" 149 for ITEM in ${LEGAL_BANNER_STRINGS}; do 150 FIND=$(${GREPBINARY} -i "${ITEM}" ${ROOTDIR}etc/issue.net) 151 if HasData "${FIND}"; then 152 LogText "Result: found string '${ITEM}'" 153 COUNT=$((COUNT + 1)) 154 fi 155 done 156 # Check if we have 5 or more key words 157 if [ ${COUNT} -gt 4 ]; then 158 LogText "Result: Found ${COUNT} key words, to warn unauthorized users" 159 Display --indent 4 --text "- ${ROOTDIR}etc/issue.net contents" --result "${STATUS_OK}" --color GREEN 160 AddHP 2 2 161 else 162 LogText "Result: Found only ${COUNT} key words, to warn unauthorized users and could be increased" 163 Display --indent 4 --text "- ${ROOTDIR}etc/issue.net contents" --result "${STATUS_WEAK}" --color YELLOW 164 ReportSuggestion "${TEST_NO}" "Add legal banner to /etc/issue.net, to warn unauthorized users" 165 AddHP 0 1 166 fi 167 fi 168# 169################################################################################# 170# 171 172WaitForKeyPress 173 174# 175#================================================================================ 176# Lynis - Security Auditing and System Hardening for Linux and UNIX - https://cisofy.com 177