File: tests_memory_processes

package info (click to toggle)
lynis 3.1.6-1
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid
  • size: 2,260 kB
  • sloc: sh: 20,568; makefile: 2
file content (144 lines) | stat: -rw-r--r-- 7,334 bytes parent folder | download | duplicates (2) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
 
#!/bin/sh

#################################################################################
#
#   Lynis
# ------------------
#
# Copyright (c) Michael Boelen, CISOfy, and many contributors.
#
# Website  : https://cisofy.com
# Blog     : https://linux-audit.com/
# GitHub   : https://github.com/CISOfy/lynis
#
# Lynis comes with ABSOLUTELY NO WARRANTY. This is free software, and you are
# welcome to redistribute it under the terms of the GNU General Public License.
# See LICENSE file for usage of this software.
#
#################################################################################
#
# Memory and processes
#
#################################################################################
#
    InsertSection "${SECTION_MEMORY_AND_PROCESSES}"
#
#################################################################################
#
    # Test        : PROC-3602
    # Description : Query /proc/meminfo
    Register --test-no PROC-3602 --os Linux --weight L --network NO --category security --description "Checking /proc/meminfo for memory details"
    if [ ${SKIPTEST} -eq 0 ]; then
        if [ -f ${ROOTDIR}proc/meminfo ]; then
            LogText "Result: found ${ROOTDIR}proc/meminfo"
            Display --indent 2 --text "- Checking ${ROOTDIR}proc/meminfo" --result "${STATUS_FOUND}" --color GREEN
            FIND=$(${AWKBINARY} '/^MemTotal/ { print $2, $3 }' ${ROOTDIR}proc/meminfo)
            MEMORY_SIZE=$(echo ${FIND} | ${AWKBINARY} '{ print $1 }')
            MEMORY_UNITS=$(echo ${FIND} | ${AWKBINARY} '{ print $2 }')
            LogText "Result: Found ${MEMORY_SIZE} ${MEMORY_UNITS} memory"
            Report "memory_size=${MEMORY_SIZE}"
            Report "memory_units=${MEMORY_UNITS}"
        else
            LogText "Result: ${ROOTDIR}proc/meminfo file not found on this system"
        fi
    fi
#
#################################################################################
#
    # Test        : PROC-3604
    # Description : Query /proc/meminfo
    # Notes       : TODO - prtconf replacement
    Register --test-no PROC-3604 --os Solaris --weight L --network NO --category security --description "Query prtconf for memory details"
    if [ ${SKIPTEST} -eq 0 ]; then
        LogText "Test: Searching /usr/sbin/prtconf"
        if [ -x /usr/sbin/prtconf ]; then
            Display --indent 2 --text "- Querying prtconf for installed memory" --result "${STATUS_DONE}" --color GREEN
            MEMORY_SIZE=$(/usr/sbin/prtconf | ${GREPBINARY} "^Memory size:" | ${CUTBINARY} -d ' ' -f3)
            MEMORY_UNITS=$(/usr/sbin/prtconf | ${GREPBINARY} "^Memory size:" | ${CUTBINARY} -d ' ' -f4)
            LogText "Result: Found ${MEMORY_SIZE} ${MEMORY_UNITS} memory"
            Report "memory_size=${MEMORY_SIZE}"
            Report "memory_units=${MEMORY_UNITS}"
        else
            Display --indent 2 --text "- Querying prtconf for installed memory" --result "${STATUS_SKIPPED}" --color WHITE
            LogText "Result: /usr/sbin/prtconf not found"
        fi
    fi
#
#################################################################################
#
    # Test        : PROC-3612
    # Description : Searching for dead and zombie processes
    # Notes       : Don't perform test on Solaris
    if [ ! "${OS}" = "Solaris" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
    Register --test-no PROC-3612 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check dead or zombie processes"
    if [ ${SKIPTEST} -eq 0 ]; then
        if [ "${OS}" = "AIX" ]; then
            FIND=$(${PSBINARY} -Ae -o pid,stat,comm | ${AWKBINARY} '{ if ($2 ~ /Z|X/) print $1 }' | ${XARGSBINARY})
        else
            FIND=$(${PSBINARY} x -o pid,stat,comm | ${AWKBINARY} '{ if ($2 ~ /Z|X/) print $1 }' | ${XARGSBINARY})
        fi
        if [ -z "${FIND}" ]; then
            LogText "Result: no zombie processes found"
            Display --indent 2 --text "- Searching for dead/zombie processes" --result "${STATUS_NOT_FOUND}" --color GREEN
        else
            LogText "Result: found one or more dead or zombie processes"
            LogText "Output: PIDs ${FIND}"
            Display --indent 2 --text "- Searching for dead/zombie processes" --result "${STATUS_FOUND}" --color RED
            ReportSuggestion "${TEST_NO}" "Check the output of ps for dead or zombie processes"
        fi
    fi
#
#################################################################################
#
    # Test        : PROC-3614
    # Description : Searching for heavy IO based waiting processes
    # Notes       : Don't perform test on Solaris
    if [ ! "${OS}" = "Solaris" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
    Register --test-no PROC-3614 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check heavy IO waiting based processes"
    if [ ${SKIPTEST} -eq 0 ]; then
        if [ "${OS}" = "AIX" ]; then
            FIND=$(${PSBINARY} -Ae -o pid,stat,comm | ${AWKBINARY} '{ if ($2=="D") print $1 }' | ${XARGSBINARY})
        else
            FIND=$(${PSBINARY} x -o pid,stat,comm | ${AWKBINARY} '{ if ($2=="D") print $1 }' | ${XARGSBINARY})
        fi
        if [ -z "${FIND}" ]; then
            LogText "Result: No processes were waiting for IO requests to be handled first"
            Display --indent 2 --text "- Searching for IO waiting processes" --result "${STATUS_NOT_FOUND}" --color GREEN
        else
            LogText "Result: found one or more processes which were waiting to get IO requests handled first"
            LogText "More info: processes which show up with the status flag 'D' are often stuck, until a disk IO event finished. This can happen for example with network storage, where the connection or protocol settings are not logtext well configured."
            LogText "Output: PIDs ${FIND}"
            Display --indent 2 --text "- Searching for IO waiting processes" --result "${STATUS_FOUND}" --color RED
            ReportSuggestion "${TEST_NO}" "Check process listing for processes waiting for IO requests"
        fi
    fi
#
#################################################################################
#
    # Test        : PROC-3802
    # Description : Check presence of prelink tooling
    Register --test-no PROC-3802 --package-manager-required --os Linux --weight L --network NO --category security --description "Check presence of prelink tooling"
    if [ ${SKIPTEST} -eq 0 ]; then
        if PackageIsInstalled "prelink"; then
            LogText "Result: prelink packages is installed"
            # TODO
            # - Add item to website with rationale
            #ReportSuggestion "${TEST_NO}" "Disable and remove prelinking of binaries"
            AddHP 1 3
            Display --indent 2 --text "- Search prelink tooling" --result "${STATUS_FOUND}" --color YELLOW
        else
            Display --indent 2 --text "- Search prelink tooling" --result "${STATUS_NOT_FOUND}" --color GREEN
            LogText "Result: prelink package is NOT installed"
            AddHP 3 3
        fi
    fi
#
#################################################################################
#


WaitForKeyPress

#
#================================================================================
# Lynis - Security Auditing and System Hardening for Linux and UNIX - https://cisofy.com