#!/bin/sh

#################################################################################
#
#   Lynis
# ------------------
#
# Copyright 2007-2008, Michael Boelen (michael@rootkit.nl), The Netherlands
# Web site: http://www.rootkit.nl
#
# Lynis comes with ABSOLUTELY NO WARRANTY. This is free software, and you are
# welcome to redistribute it under the terms of the GNU General Public License.
# See LICENSE file for usage of this software.
#
#################################################################################
#
# File systems
#
#################################################################################
#
    InsertSection "File systems"
#
#################################################################################
#
    # Test        : FILE-6023
    # Description : Checking Linux EXT2, EXT3, EXT4 file systems
    Register --test-no FILE-6023 --os Linux --weight L --network NO --description "Checking EXT file systems"
    if [ ${SKIPTEST} -eq 0 ]; then
        logtext "Test: Checking for Linux EXT file systems"
        FIND=`mount -t ext2,ext3,ext4 | awk '{ print $3","$5 }'`
	if [ ! "${FIND}" = "" ]; then
	    logtext "Result: found one or more EXT file systems"
	    for I in ${FIND}; do
	        FILESYSTEM=`echo ${I} | cut -d ',' -f1`
	        FILETYPE=`echo ${I} | cut -d ',' -f1`		
	        logtext "File system: ${FILESYSTEM} (type: ${FILETYPE})"
	    done
	fi
    fi
#
#################################################################################
#
    # Test        : FILE-6029
    # Description : Query all UFS mounts from /etc/fstab
    Register --test-no FILE-6029 --os FreeBSD --weight L --network NO --description "Checking UFS file systems"
    if [ ${SKIPTEST} -eq 0 ]; then
	logtext "Test: Query /etc/fstab for available UFS mount points"
        FIND=`awk '{ if ($3 == "ufs") { print $1":"$2":"$3":"$4":" }}' /etc/fstab`
	if [ "${FIND}" = "" ]; then
	    Display --indent 2 --text "- [FreeBSD] Querying UFS mount points (fstab)..." --result WARNING --color RED
	    logtext "Warning: unable to find any single mount point (UFS)"
	  else
	    Display --indent 2 --text "- [FreeBSD] Querying UFS mount points (fstab)..." --result OK --color GREEN
	    for I in ${FIND}; do
	      logtext "UFS mount found: ${I}"
	      report "mountpoint[]=${I}"	
	    done
	fi
    fi
#
#################################################################################
#

# Test: Check which swap partitions are available
# Test: Test options used for swap partitions

    if [ "${OS}" = "FreeBSD" ]; then
        counttests
	logtext "Test: query swap partitions from /etc/fstab file"
        FIND=`awk '{ if ($3=="swap") print $1 }' /etc/fstab`	
	FOUND=0
	for I in ${FIND}; do
	  logtext "Swap partition found: ${I}"
	  #YYY add to report file
	  FOUND=1
	done
	if [ ${FOUND} -eq 1 ]; then
	    Display --indent 2 --text "- [FreeBSD] query swap partitions (fstab)..." --result OK --color GREEN
	  else
	    Display --indent 2 --text "- [FreeBSD] query swap partitions (fstab)..." --result WARNING --color RED
	    logtext "Warning: found no swap partitions in /etc/fstab"
	fi
        logtextbreak

	counttests	
	logtext "Test: check swap partitions with incorrect mount options"
        FIND=`awk '{ if ($3=="swap" && $4 !~ "sw") print $1 }' /etc/fstab`
	if [ "${FIND}" = "" ]; then
	    Display --indent 2 --text "- [FreeBSD] Testing swap partitions..." --result OK --color GREEN
	    logtext "Result: all swap partitions have correct options (=sw)"
	  else
	    Display --indent 2 --text "- [FreeBSD] Testing swap partitions..." --result WARNING --color RED
	    logtext "Warning: possible incorrect options used for mounting swap partition ($FIND)"
	    logtext "Suggestion: check your /etc/fstab file. Swap parition usually have 'sw' in the"
	    logtext "options field (4th)."
	fi
        logtextbreak
    fi
#
#################################################################################
#
# Test: search all files within /tmp which are older than 3 months

    counttests
    logtext "Test: Searching for old files in /tmp..."
    
    TMP_OLD_DAYS=90
    FIND=`find /tmp -type f -atime +${TMP_OLD_DAYS}`
    if [ "${FIND}" = "" ]; then
	Display --indent 2 --text "- Checking for old files in /tmp..." --result OK --color GREEN
	logtext "Result: no files found in /tmp which are older than 3 months"
      else
	Display --indent 2 --text "- Checking for old files in /tmp..." --result WARNING --color RED
	N=0
	for I in ${FIND}; do
	  logtext "Old temporary file: ${I}"
	  N=$(( $N + 1 ))
	done
	#YYY echo Found ${N} old files
	logtext "Warning: found old files in /tmp, which were not modified in the last ${TMP_OLD_DAYS} days"
	logtext "Suggestion: check and clean up unused files in /tmp. Old files can "
	logtext "fill up a disk or contain private information and should be deleted"
	logtext "it not being used actively. Use a tool like lsof to see which programs"
	logtext "possibly are using a particular file. Some systems can cleanup temporary"
	logtext "directories by setting a boot option"
	report "warning[]=Found ${N} files in /tmp which are older than ${TMP_OLD_DAYS} days"
    fi
    logtextbreak
#
#################################################################################
#

# =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

# Test: scan the skel directory for bad permissions
# Reason: bad permissions on these files will give new created users the same permissions

#YYY enable skel test
# Several differences between operating systems are present

#SKELDIRS="/etc/skel /usr/share/skel"

#for I in ${SKELDIRS}; do
#    counttests
#    logtext "Searching skel directory ${I}..."
#
#    if [ -d ${I} ]; then
#        logtext "Result: Directory found, scanning for unsafe file permissions"
#	FIND=`ls -A ${I} | wc -l | sed 's/ //g'`
#	if [ ! "${FIND}" = "0" ]; then
#     	    FIND=`find ${I} -type f -a \( -perm -004 -o -perm -002 -o -perm -001 \)`
#	    if [ "${FIND}" = "" ]; then
#	        Display --indent 2 --text "- Checking skel file permissions (${I})..." --result OK --color GREEN
#		logtext "Result: Directory seems to be ok, no files found with read/write/execute bit set."
#		logtext "Status: OK"
#	      else	
#	        Display --indent 2 --text "- Checking skel file permissions (${I})..." --result WARNING --color RED
#	        logtext "Warning: The following files do have non restrictive permissions: ${FIND}"
#	        logtext "Suggestion: remove the read, write or execute bit from these files (chmod o-rwx)"
#		logtext "Status: BAD"
#		logtext "Impact: MEDIUM"
#	    fi    
#	  else
#	    Display --indent 2 --text "- Checking skel file permissions (${I})..." --result EMPTY --color WHITE
#	    logtext "Directory ${I} is empty, no scan performed"    
#	fi
#        logtextbreak    
#      else
#        Display --indent 2 --text "- Checking skel file permissions (${I})..." --result "NOT FOUND" --color WHITE
#	logtext "Result: Skel directory (${I}) not found"
#        logtextbreak    
#    fi
#done
#
#################################################################################
#
if [ -d /tmp -a ! -L /tmp ]; then
    logtext "Test: Checking for sticky bit on /tmp directory."
    # Depending on OS, number of field with 'tmp' differs
    FIND=`ls -l / | tr -s ' ' | awk -F" " '{ if ( $8 == "tmp" || $9 == "tmp" ) { print $1 } }' | cut -c 10`
    if [ "${FIND}" = "t" -o "${FIND}" = "T" ]; then
	Display --indent 2 --text "- Checking /tmp sticky bit..." --result OK --color GREEN
        logtext "Sticky bit (${FIND}) found on /tmp directory"
	logtext "Status: OK"
      else
	Display --indent 2 --text "- Checking /tmp sticky bit..." --result WARNING --color RED
	logtext "Warning: No sticky bit found on /tmp directory, which can be dangerous!"
	logtext "Suggestion: consult documentation and place the sticky bit, to prevent"
	logtext "users deleting (by other owned) files in the /tmp directory."
	logtext "Status: BAD"
	logtext "Impact: HIGH"
    fi
    logtextbreak
  else
    logtext "Result: Sticky bit test (on /tmp) skipped. Most likely /tmp is a symlink to another directory."
    logtextbreak
fi

#
#################################################################################
#
    # Test        : FILE-6366
    # Description : Check for noatime option
    # More info   : especially useful for profile 'desktop' and 'server-storage'
    #               profiles
#
#################################################################################
#
    # Test        : FILE-6370
    # Description : Check for nodirtime option
#
#################################################################################
#
    # Test        : FILE-6374
    # Description : Check for relatime
#
#################################################################################
#
    # Test        : FILE-6378
    # Description : Check for nodev option for all NON / (root) mount points
    # More info   : on partitions where applications are chrooted, it should
    #               NOT be placed
#
#################################################################################
#
    # Test        : FILE-6382
    # Description : Check for nosuid option
#
#################################################################################
#
    # Test        : FILE-6386
    # Description : Check for noexec option
#
#################################################################################
#
    # Test        : FILE-6390
    # Description : Check writeback/journalling mode (ext3)
    # More info   : data=writeback | data=ordered | data=journal
#
#################################################################################
#
    # Test        : FILE-6394
    # Description : Check vm.swappiness (Linux)
#
#################################################################################
#
    # Test        : FILE-6398
    # Description : Check if JBD (Journal Block Device) driver is loaded
#
#################################################################################
#

wait_for_keypress

#
#================================================================================
# Lynis - Copyright 2007-2008, Michael Boelen - www.rootkit.nl - The Netherlands
