/usr/share/lynis/include/report is in lynis 2.1.1-1.
This file is owned by root:root, with mode 0o600.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 | #!/bin/sh
#################################################################################
#
# Lynis
# ------------------
#
# Copyright 2007-2015, Michael Boelen, CISOfy (michael.boelen@cisofy.com)
# Web site: https://cisofy.com
#
# Lynis comes with ABSOLUTELY NO WARRANTY. This is free software, and you are
# welcome to redistribute it under the terms of the GNU General Public License.
# See LICENSE file for usage of this software.
#
#################################################################################
#
# Report
#
#################################################################################
#
# Only show overview if not running in quiet mode
if [ ${QUIET} -eq 0 ]; then
echo ""; echo "================================================================================"
echo ""; echo " -[ ${WHITE}${PROGRAM_name} ${PROGRAM_version} Results${NORMAL} ]-"
echo "";
if [ ${SHOW_REPORT} -eq 1 ]; then
logtextbreak
#
#################################################################################
#
# Hardening Index
# Define approximately how strong a machine has been hardened
#
#################################################################################
#
# If no hardening has been found, set value to 1
if [ ${HPPOINTS} -eq 0 ]; then HPPOINTS=1; HPTOTAL=100; fi
HPINDEX=`expr $HPPOINTS \* 100 / $HPTOTAL`
HPAOBLOCKS=`expr $HPPOINTS \* 20 / $HPTOTAL`
# Set color related to rating
if [ ${HPINDEX} -lt 50 ]; then
HPCOLOR="${RED}"
HIDESCRIPTION="System has not or a low amount been hardened"
fi
if [ ${HPINDEX} -gt 49 -a ${HPINDEX} -lt 80 ]; then
HPCOLOR="${YELLOW}"
HIDESCRIPTION="System has been hardened, but could use additional hardening"
fi
if [ ${HPINDEX} -gt 79 -a ${HPINDEX} -lt 90 ]; then
HPCOLOR="${GREEN}"
HIDESCRIPTION="System seem to be decent hardened"
fi
if [ ${HPINDEX} -gt 89 ]; then
HPCOLOR="${GREEN}"
HIDESCRIPTION="System seem to be well hardened"
fi
case ${HPAOBLOCKS} in
0) HPBLOCKS="#"; HPEMPTY=" " ;;
1) HPBLOCKS="#"; HPEMPTY=" " ;;
2) HPBLOCKS="##"; HPEMPTY=" " ;;
3) HPBLOCKS="###"; HPEMPTY=" " ;;
4) HPBLOCKS="####"; HPEMPTY=" " ;;
5) HPBLOCKS="#####"; HPEMPTY=" " ;;
6) HPBLOCKS="######"; HPEMPTY=" " ;;
7) HPBLOCKS="#######"; HPEMPTY=" " ;;
8) HPBLOCKS="########"; HPEMPTY=" " ;;
9) HPBLOCKS="#########"; HPEMPTY=" " ;;
10) HPBLOCKS="##########"; HPEMPTY=" " ;;
11) HPBLOCKS="###########"; HPEMPTY=" " ;;
12) HPBLOCKS="############"; HPEMPTY=" " ;;
13) HPBLOCKS="#############"; HPEMPTY=" " ;;
14) HPBLOCKS="##############"; HPEMPTY=" " ;;
15) HPBLOCKS="###############"; HPEMPTY=" " ;;
16) HPBLOCKS="################"; HPEMPTY=" " ;;
17) HPBLOCKS="#################"; HPEMPTY=" " ;;
18) HPBLOCKS="##################"; HPEMPTY=" " ;;
19) HPBLOCKS="###################"; HPEMPTY=" " ;;
20) HPBLOCKS="####################"; HPEMPTY="" ;;
esac
HPGRAPH="[${HPCOLOR}${HPBLOCKS}${NORMAL}${HPEMPTY}]"
logtext "Hardening index : [${HPINDEX}] [${HPBLOCKS}${HPEMPTY}]"
logtext "Hardening strength: ${HIDESCRIPTION}"
#
#################################################################################
#
# Show test results overview
#
#################################################################################
#
if [ "${CONTROL_URL_PREPEND}" = "" ]; then CONTROL_URL_PREPEND="https://cisofy.com/controls/"; fi
if [ "${CONTROL_URL_APPEND}" = "" ]; then CONTROL_URL_APPEND="/"; fi
if [ "${CUSTOM_URL_PREPEND}" = "" ]; then CUSTOM_URL_PREPEND="https://your-domain.example.org/controls/"; fi
if [ "${CUSTOM_URL_APPEND}" = "" ]; then CUSTOM_URL_APPEND="/"; fi
# Show warnings from logfile
SWARNINGS=`cat ${LOGFILE} | grep -i 'warning:' | sed 's/ /!space!/g'`
if [ "${SWARNINGS}" = "" ]; then
echo " ${OK}No warnings${NORMAL}"; echo ""
else
echo " ${WARNING}Warnings${NORMAL}:"
echo " ${WHITE}----------------------------${NORMAL}"
for WARNING in ${SWARNINGS}; do
SHOWWARNING=`echo ${WARNING} | sed 's/!space!/ /g' | sed 's/^\[\(.*\)\] Warning: //'`
ADDLINK=`echo ${WARNING} | sed 's/!space!/ /g' | sed 's/^\[\(.*\)\] Warning: \(.*\)\[//' | sed 's/\]//'`
IS_CUSTOM=`echo ${ADDLINK} | grep "^CUST"`
echo " ${WHITE}- ${SHOWWARNING}${NORMAL}"
if [ "${IS_CUSTOM}" = "" ]; then
echo " ${CONTROL_URL_PREPEND}${ADDLINK}${CONTROL_URL_APPEND}"
else
echo " ${CUSTOM_URL_PREPEND}${ADDLINK}${CUSTOM_URL_APPEND}"
fi
echo ""
done
fi
# Show suggestions from logfile
SSUGGESTIONS=`grep -i 'suggestion:' ${LOGFILE} | sed 's/ /!space!/g'`
if [ "${SSUGGESTIONS}" = "" ]; then
echo " ${OK}No suggestions${NORMAL}"; echo ""
else
echo " ${YELLOW}Suggestions${NORMAL}:"
echo " ${WHITE}----------------------------${NORMAL}"
for SUGGESTION in ${SSUGGESTIONS}; do
SHOWSUGGESTION=`echo ${SUGGESTION} | sed 's/!space!/ /g' | sed 's/^\[\(.*\)\] Suggestion: //'`
ADDLINK=`echo ${SUGGESTION} | sed 's/!space!/ /g' | sed 's/^\[\(.*\)\] Suggestion: \(.*\)\[//' | sed 's/\]//'`
IS_CUSTOM=`echo ${ADDLINK} | grep "^CUST"`
echo " - ${SHOWSUGGESTION}"
if [ "${IS_CUSTOM}" = "" ]; then
echo " ${CONTROL_URL_PREPEND}${ADDLINK}${CONTROL_URL_APPEND}"
else
echo " ${CUSTOM_URL_PREPEND}${ADDLINK}${CUSTOM_URL_APPEND}"
fi
done
echo ""
fi
if [ ! "${SWARNINGS}" = "" -o ! "${SSUGGESTIONS}" = "" ]; then
echo " ${CYAN}Follow-up${NORMAL}:"
echo " ${WHITE}----------------------------${NORMAL}"
echo " ${WHITE}-${NORMAL} Check the logfile for more details (less $LOGFILE)"
echo " ${WHITE}-${NORMAL} Read security controls texts (https://cisofy.com)"
echo " ${WHITE}-${NORMAL} Use --upload to upload data (Lynis Enterprise users)"
echo ""
fi
echo "================================================================================"
echo ""
echo " ${WHITE}Lynis security scan details${NORMAL}:"
echo ""
echo " ${CYAN}Hardening index${NORMAL} : ${WHITE}${HPINDEX}${NORMAL} ${HPGRAPH}"
echo " ${CYAN}Tests performed${NORMAL} : ${WHITE}${CTESTS_PERFORMED}${NORMAL}"
echo " ${CYAN}Plugins enabled${NORMAL} : ${WHITE}${N_PLUGIN_ENABLED}${NORMAL}"
echo ""
echo " ${WHITE}Quick overview${NORMAL}:"
if [ ${FIREWALL_ACTIVE} -eq 1 ]; then FIREWALL="${GREEN}V"; else FIREWALL="${RED}X"; fi
if [ ${MALWARE_SCANNER_INSTALLED} -eq 1 ]; then MALWARE="${GREEN}V"; else MALWARE="${RED}X"; fi
echo " - Firewall [${FIREWALL}${NORMAL}] - Malware scanner [${MALWARE}${NORMAL}]"
echo ""
echo " ${SECTION}Lynis Modules${NORMAL}:"
echo " - Heuristics Check [${WHITE}NA${NORMAL}] - Security Audit [${GREEN}V${NORMAL}]"
if [ ${LYNIS_COMPLIANCE_TESTS} -eq 1 ]; then COMPLIANCE="${GREEN}V"; else COMPLIANCE="${RED}X"; fi
echo " - Compliance Tests [${COMPLIANCE}${NORMAL}] - Vulnerability Scan [${GREEN}V${NORMAL}]"
echo ""
echo " ${SECTION}Files${NORMAL}:"
echo " - Test and debug information : ${WHITE}${LOGFILE}${NORMAL}"
echo " - Report data : ${WHITE}${REPORTFILE}${NORMAL}"
echo ""
echo "================================================================================"
if [ ${PROGRAM_LV} -gt ${PROGRAM_AC} ]; then
echo " ${NOTICE}Notice: ${WHITE}${PROGRAM_name} update available${NORMAL}"
echo " Current version : ${WHITE}${PROGRAM_AC}${NORMAL} Latest version : ${WHITE}${PROGRAM_LV}${NORMAL}"
echo "================================================================================"
else
###########################################################################################
#
# Software quality program
# Only provide this hint when the tool is at the latest version
#
###########################################################################################
if [ ! "${PROGRAM_LV}" = "0" -a ! "${REPORTFILE}" = "" -a ! "${REPORTFILE}" = "/dev/null" ]; then
# Determine if the quality of the program can be increased by filtering out the exceptions
FIND=`${GREPBINARY} "^exception" ${REPORTFILE}`
if [ ! "${FIND}" = "" ]; then
echo ""
echo " ${RED}Exceptions found${NORMAL}"
echo " ${WHITE}Some exceptional events or information was found!${NORMAL}"
echo ""
echo " ${CYAN}What to do:${NORMAL}"
echo " You can help improving Lynis by providing your report file."
echo " Go to https://cisofy.com/contact/ and send your file to the e-mail address listed"
echo ""
echo "================================================================================"
fi
fi
fi
# Display what tests are skipped in non-privileged scan for awareness
if [ ${PENTESTINGMODE} -eq 1 -a ! "${SKIPPED_TESTS_ROOTONLY}" = "" ]; then
echo ""
echo " ${PURPLE}Skipped tests due to non-privileged scan${NORMAL}"
FIND=`echo ${SKIPPED_TESTS_ROOTONLY} | sed 's/ /:space:/g'`
# Split entries
FIND=`echo ${FIND} | sed 's/====/ /g'`
# Display found entries
for I in ${FIND}; do
J=`echo ${I} | sed 's/:space:/ /g'`
echo " ${J}"
done
echo ""
echo "================================================================================"
fi
if [ ${SHOW_TOOL_TIPS} -eq 1 ]; then
echo " Tip: Disable all tests which are not relevant or are too strict for the"
echo " purpose of this particular machine. This will remove unwanted suggestions"
echo " and also boost the hardening index. Each test should be properly analyzed"
echo " to see if the related risks can be accepted, before disabling the test."
echo "================================================================================"
fi
echo ""; echo ""
fi
fi
# Report data, even if it is not displayed on screen
report "hardening_index=${HPINDEX}"
if [ ${QUIET} -eq 0 ]; then
echo " ${PROGRAM_name} ${PROGRAM_version}"
echo " Auditing, hardening and compliance for BSD, Linux, Mac OS and Unix"
echo " ${PROGRAM_copyright}"
echo " ${WHITE}${PROGRAM_extrainfo}${NORMAL}"
echo "================================================================================"
fi
#
#================================================================================
# Lynis - Copyright 2007-2015, Michael Boelen, CISOfy - https://cisofy.com
|