/usr/share/lynis/include/report is in lynis 1.3.9-1.
This file is owned by root:root, with mode 0o640.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 | #!/bin/sh
#################################################################################
#
# Lynis
# ------------------
#
# Copyright 2007-2014, Michael Boelen (michael@rootkit.nl), The Netherlands
# Web site: http://www.rootkit.nl
#
# Lynis comes with ABSOLUTELY NO WARRANTY. This is free software, and you are
# welcome to redistribute it under the terms of the GNU General Public License.
# See LICENSE file for usage of this software.
#
#################################################################################
#
# Report
#
#################################################################################
#
logtextbreak
#if [ ${QUIET} -eq 0 ]; then
# echo ""
# echo " ---------------------------------------------------"
# echo " Program version: ${PROGRAM_version}"
# echo " Operating system: ${OS_NAME}"
# echo " Operating system version: ${OS_VERSION}"
# if [ ! "${OS_MODE}" = "" ]; then echo " Operating system mode: ${OS_MODE}"; fi
# echo " Kernel version: ${OS_KERNELVERSION}"
# echo " Hardware platform: ${HARDWARE}"
# echo " Hostname: ${HOSTNAME}"
# echo " Auditor: ${AUDITORNAME}"
# echo " Profile: ${PROFILE}"
# echo " Log file: ${LOGFILE}"
# echo " Report file: ${REPORTFILE}"
# echo " Report version: ${REPORT_version}"
# echo " ---------------------------------------------------"
# fi
#
#################################################################################
#
# Hardening Index
# Define approximately how strong a machine has been hardened
#
#################################################################################
#
# If no hardening has been found, set value to 1
if [ ${HPPOINTS} -eq 0 ]; then HPPOINTS=1; HPTOTAL=1; fi
HPINDEX=`expr $HPPOINTS \* 100 / $HPTOTAL`
HPAOBLOCKS=`expr $HPPOINTS \* 20 / $HPTOTAL`
# Set color related to rating
if [ ${HPINDEX} -lt 50 ]; then
HPCOLOR="${RED}"
HIDESCRIPTION="System has not or a low amount been hardened"
fi
if [ ${HPINDEX} -gt 49 -a ${HPINDEX} -lt 80 ]; then
HPCOLOR="${YELLOW}"
HIDESCRIPTION="System has been hardened, but could use additional hardening"
fi
if [ ${HPINDEX} -gt 79 -a ${HPINDEX} -lt 90 ]; then
HPCOLOR="${GREEN}"
HIDESCRIPTION="System seem to be decent hardened"
fi
if [ ${HPINDEX} -gt 89 ]; then
HPCOLOR="${GREEN}"
HIDESCRIPTION="System seem to be well hardened"
fi
case ${HPAOBLOCKS} in
0) HPBLOCKS=""; HPEMPTY=" " ;;
1) HPBLOCKS="#"; HPEMPTY=" " ;;
2) HPBLOCKS="##"; HPEMPTY=" " ;;
3) HPBLOCKS="###"; HPEMPTY=" " ;;
4) HPBLOCKS="####"; HPEMPTY=" " ;;
5) HPBLOCKS="#####"; HPEMPTY=" " ;;
6) HPBLOCKS="######"; HPEMPTY=" " ;;
7) HPBLOCKS="#######"; HPEMPTY=" " ;;
8) HPBLOCKS="########"; HPEMPTY=" " ;;
9) HPBLOCKS="#########"; HPEMPTY=" " ;;
10) HPBLOCKS="##########"; HPEMPTY=" " ;;
11) HPBLOCKS="###########"; HPEMPTY=" " ;;
12) HPBLOCKS="############"; HPEMPTY=" " ;;
13) HPBLOCKS="#############"; HPEMPTY=" " ;;
14) HPBLOCKS="##############"; HPEMPTY=" " ;;
15) HPBLOCKS="###############"; HPEMPTY=" " ;;
16) HPBLOCKS="################"; HPEMPTY=" " ;;
17) HPBLOCKS="#################"; HPEMPTY=" " ;;
18) HPBLOCKS="##################"; HPEMPTY=" " ;;
19) HPBLOCKS="###################"; HPEMPTY=" " ;;
20) HPBLOCKS="####################"; HPEMPTY="" ;;
esac
HPGRAPH="[${HPCOLOR}${HPBLOCKS}${NORMAL}${HPEMPTY}]"
logtext "Hardening index : [${HPINDEX}] [${HPBLOCKS}${HPEMPTY}]"
logtext "Hardening strength: ${HIDESCRIPTION}"
report "hardening_index=${HPINDEX}"
#
#################################################################################
#
# Show test results overview
#
#################################################################################
#
# Only show overview if not running in quiet mode
if [ ${QUIET} -eq 0 ]; then
echo ""; echo "================================================================================"
echo ""; echo " -[ ${WHITE}${PROGRAM_name} ${PROGRAM_version} Results${NORMAL} ]-"
echo ""; echo " ${SECTION}Tests performed${NORMAL}: ${CTESTS_PERFORMED}"
# Show warnings from logfile
SWARNINGS=`cat ${LOGFILE} | grep -i 'warning:' | sed 's/ /!space!/g'`
if [ "${SWARNINGS}" = "" ]; then
echo ""; echo " ${OK}All tests OK${NORMAL}"; echo ""
else
echo ""
echo " ${WARNING}Warnings${NORMAL}:"
echo " ----------------------------"
for WARNING in ${SWARNINGS}; do
SHOWWARNING=`echo ${WARNING} | sed 's/!space!/ /g' | sed 's/^\[\(.*\)\] Warning: //'`
echo " - ${SHOWWARNING}"
done
fi
# Show suggestions from logfile
SSUGGESTIONS=`grep -i 'suggestion:' ${LOGFILE} | sed 's/ /!space!/g'`
if [ ! "${SSUGGESTIONS}" = "" ]; then
echo ""
echo " ${YELLOW}Suggestions${NORMAL}:"
echo " ----------------------------"
for SUGGESTION in ${SSUGGESTIONS}; do
SHOWSUGGESTION=`echo ${SUGGESTION} | sed 's/!space!/ /g' | sed 's/^\[\(.*\)\] Suggestion: //'`
echo " - ${SHOWSUGGESTION}"
done
fi
echo "================================================================================"
echo " ${SECTION}Files${NORMAL}:"
echo " - Test and debug information : ${WHITE}${LOGFILE}${NORMAL}"
echo " - Report data : ${WHITE}${REPORTFILE}${NORMAL}"
echo "================================================================================"
if [ ${PROGRAM_LV} -gt ${PROGRAM_AC} ]; then
echo " ${NOTICE}Notice: ${WHITE}${PROGRAM_name} update available${NORMAL}"
echo " Current version : ${WHITE}${PROGRAM_AC}${NORMAL} Latest version : ${WHITE}${PROGRAM_LV}${NORMAL}"
echo "================================================================================"
fi
echo " Hardening index : [${HPINDEX}] ${HPGRAPH}"
echo ""
echo " ${PROGRAM_extrainfo}"
echo "================================================================================"
if [ ${SHOW_TOOL_TIPS} -eq 1 ]; then
echo " Tip: Disable all tests which are not relevant or are too strict for the"
echo " purpose of this particular machine. This will remove unwanted suggestions"
echo " and also boost the hardening index. Each test should be properly analyzed"
echo " to see if the related risks can be accepted, before disabling the test."
echo "================================================================================"
fi
echo " ${PROGRAM_name} ${PROGRAM_version}"
echo " ${PROGRAM_copyright}"
echo "================================================================================"
echo ""; echo ""
fi
#
#================================================================================
# Lynis - Copyright 2007-2014, Michael Boelen - www.rootkit.nl - The Netherlands
|