File: tests_custom.template

package info (click to toggle)
lynis 3.1.6-1
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid
  • size: 2,260 kB
  • sloc: sh: 20,568; makefile: 2
file content (149 lines) | stat: -rw-r--r-- 6,942 bytes parent folder | download | duplicates (4) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
 
#!/bin/sh

#################################################################################
#
# This is the custom tests file and serves as a template.
#
# The language used in bourne shell (not bash). That means that almost everything
# you could use in bash, will also work here. Arrays and advanced substitutions
# will not work.
#
# How to use:
#
# Copy this file to the 'include' directory and name it tests_custom
# Find your includedir with: lynis show includedir
#
#################################################################################
#
# Tips:
#
# Use each test ID only once in the Register function and prefix them with CUST
#
# Use big steps (e.g. 10) in numbering, so you can easily put in tests later.
#
# Help the community and share your checks on https://github.com/CISOfy/lynis/
#
#################################################################################
#
    # Test        : CUST-0010
    # Description : We show some lines on the screen

    # Register our first custom test
    # We consider it to be a lightweight test (no heavy IO, or long searches), no network connection needed
    # --test-no   unique ID
    # --weight    L/M/H
    # --category  category (e.g. performance, privacy, security)
    Register --test-no CUST-0010 --weight L --network NO --category security --description "A test for displaying things on screen"
    if [ ${SKIPTEST} -eq 0 ]; then
        # The Display function makes it easy to show something on screen, with colors.
        # --indent  defines amount of spaces
        # --text    text to be displayed on screen
        # --result  text at end of line
        # --color   color of result text
        Display --indent 2 --text "- Checking if everything is OK..." --result "${STATUS_OK}" --color GREEN
        Display --indent 4 --text "This shows one level deeper " --result "${STATUS_NO}" --color YELLOW
        Display --indent 6 --text "And even deeper" --result "${STATUS_WARNING}" --color RED
    fi
#
#################################################################################
#
    # Test        : CUST-0020
    # Description : We show some lines on the screen
    Register --test-no CUST-0020 --weight L --network NO --category security --description "Dealing with files and directories"
    if [ ${SKIPTEST} -eq 0 ]; then

        # With -d we can test for directories, -f is for files, -L for symlinks.

        # Most tests use the "if-then-else". If something is true, take one step, otherwise the other.
        if DirectoryExists /tmp; then
            LogText "Result: we have a temporary directory"
        else
            LogText "Result: no temporary directory found"
        fi

        # Instead of ready-to-use functions, you can use normal shell script tests, like:
        # if [ -f /etc/file ]; then                     =  Test if file exists
        # if [ -d /var/run/mydirectory ]; then          =  Test if directory exists
        # if [ -L /var/run/mydirectory ]; then          =  Test if symlink exists
        # if [ ${MYVARIABLE} -eq 1 ]; then              =  Test if variable is set to 1 (make sure it was defined at beginning of test)
        # if [ "${MYVARIABLE}" = "Value" ]; then        =  Test if variable is equal to specific value

        # Let's test for a file. We like to find at least one file (file1 or file2)
        if FileExists /etc/file1; then
            LogText "Result: Found file /etc/file1"
        elif FileExists /etc/file2; then
            LogText "Result: Found file /etc/file2"
        else
            LogText "Result: both /etc/file1 and /etc/file2 were not found"
            # Show a warning on screen and in the report. We can specify a detail and how to solve it.
            ReportWarning "${TEST_NO}" "No file /etc/file1 or /etc/file2 available"
        fi

        # If a single value is stored in a variable, using 'case' is very effective.
        # Let's check for a predefined variable OS, which is defined by Lynis
        case ${OS} in
            # Only match one value
            "Linux")
                LogText "Found Linux"
                Display --indent 2 --text "OS: Linux" --result "${STATUS_OK}" --color GREEN
            ;;
            # Matching several platforms
            "FreeBSD" | "NetBSD" | "OpenBSD")
                LogText "Found an operating system based on BSD"
                Display --indent 2 --text "OS: *BSD" --result "${STATUS_OK}" --color GREEN
            ;;
            # Catch-all for other values
            *)
                LogText "Found another operating system"
                ReportSuggestion "${TEST_NO}" "Check if this process is running" "apache" "url:https://cisofy.com/support/"
            ;;
        esac

    fi
#
#################################################################################
#
    # Add a new section to the screen output
    InsertSection "Custom tests - Other"
#
#################################################################################
#
    # Test        : CUST-0040
    # Description : Our second test, with a prerequisite test

    # First check if OPENSSLBINARY is known as a prerequisite for this test
    # ! means "not". So if the binary is known, the prerequisite is matched. Otherwise we set it to NO and define a reason why we skipped this test

    if [ ! "${OPENSSLBINARY}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; SKIPREASON="No OpenSSL binary found"; fi
    Register --test-no CUST-0040 --preqs-met ${PREQS_MET} --skip-reason "${SKIPREASON}" --weight M --network NO --category security --description "Description of custom test"
    if [ ${SKIPTEST} -eq 0 ]; then
        # Set variable to zero, to indicate that we have no problems found (yet)
        FOUNDPROBLEM=0
        DIR="/my/path"
        LogText "Test: we are going to check if we can find a particular directory (${DIR})"
        # Check if a directory exists
        if DirectoryExists ${DIR}; then
            LogText "Result: log entry for easier debugging or additional information"
        else
            FOUNDPROBLEM=1
            LogText "Result: directory ${DIR} was not found!"
            ReportWarning "${TEST_NO}" "This is a test warning line" "${DIR}" "text:Create directory ${DIR}"
        fi

        if [ ${FOUNDPROBLEM} -eq 0 ]; then
            Display --indent 2 --text "- Checking if everything is OK..." --result "${STATUS_OK}" --color GREEN
        else
            Display --indent 2 --text "- Checking if everything is OK..." --result "${STATUS_WARNING}" --color RED
            ReportSuggestion "${TEST_NO}" "This is a suggestion"
        fi
    fi
#
#################################################################################
#

# Wait for keypress (unless --quick is being used)
WaitForKeyPress

#
#================================================================================
# Lynis - Security Auditing and System Hardening for Linux and UNIX - https://cisofy.com