#!/bin/sh

#################################################################################
#
#   Lynis
# ------------------
#
# Copyright 2007-2008, Michael Boelen (michael@rootkit.nl), The Netherlands
# Web site: http://www.rootkit.nl
#
# Lynis comes with ABSOLUTELY NO WARRANTY. This is free software, and you are
# welcome to redistribute it under the terms of the GNU General Public License.
# See LICENSE file for usage of this software.
#
#################################################################################
#
# Firewalls
#
#################################################################################
#
    InsertSection "Software: firewalls"

    # Test        : FIRE-4511
    # Description : Check iptables kernel module
    Register --test-no FIRE-4511 --os Linux --weight L --network NO --description "Check iptables kernel module"
    if [ ${SKIPTEST} -eq 0 ]; then
	FIND=`lsmod | awk '{ print $1 }' | grep "^ip.*_tables"`
	if [ ! "${FIND}" = "" ]; then
	    Display --indent 2 --text "- Checking iptables kernel module..." --result FOUND --color GREEN
	    logtext "Found iptables in loaded kernel modules"
	    for I in ${FIND}; do
	        logtext "Module: ${I}"
	    done
	  else
	    Display --indent 2 --text "- Checking iptables kernel module..." --result "NOT FOUND" --color WHITE

	    # If we can't find an active module, try to find the Linux configuration file and check that
	    LINUXCONFIGFILE="/boot/config-`uname -r`"
	    if [ -f ${LINUXCONFIGFILE} ]; then
	        logtext "Result: found config file (${LINUXCONFIG})"
    	        FIND=`cat ${LINUXCONFIGFILE} | grep -v '^#' | grep "CONFIG_IP_NF_IPTABLES" | head -n 1`
		if [ ! "${FIND}" = "" ]; then
		    HAVEMOD=`echo ${FIND} | cut -d '=' -f2`
	    	    if [ "${HAVEMOD}" = "y" -o "${HAVEMOD}" = "m" ]; then
			logtext "Result: iptables available"
		        Display --indent 2 --text "- Checking iptables in config file" --result FOUND --color GREEN
	              else
	                logtext "Result: no iptables found in Linux kernel config file"
	            fi
		fi
	      else
	        logtext "Result: no Linux configuration file found"
		Display --indent 2 --text "- Checking iptables in config file" --result "NOT FOUND" --color WHITE
	    fi
	fi
    fi
#
#################################################################################
#
    # Test        : FIRE-4514
    # Description : Check ipchains
#
#################################################################################
#
    # Test        : FIRE-4518
    # Description : Check pf kernel loadable module
    Register --test-no FIRE-4518 --os Linux --weight L --network NO --description "Check pf kernel loadable module"
    if [ ${SKIPTEST} -eq 0 ]; then
        logtext "Searching for pf KLD and pf log daemon..."
        if [ ! "${KLDSTATBINARY}" = "" ]; then
	    FOUND=0
	    FIND=`${KLDSTATBINARY} | grep 'pf.ko'`
	    FIND2=`ps ax | grep 'pflogd' | grep -v 'grep'`
	    if [ "${FIND}" = "" ]; then
	        logtext "Result: Can not find pf KLD"
	      else
	        logtext "Result: pf KLD loaded"
	        FOUND=1
	    fi
	    if [ "${FIND}" = "" ]; then
	        logtext "Result: pflog daemon not found in process list"
	      else
	        logtext "Result: Found pflog daemon in process list"
	        FOUND=1
	    fi	
	    if [ ${FOUND} -eq 1 ]; then
		Display --indent 2 --text "- Checking PF configuration..." --result FOUND --color GREEN
		#YYY insert PF tests here

	        # Test for warnings (-n don't load the rules)	    
    	        if [ -f /etc/pf.conf ]; then
		    PFWARNINGS=`pfctl -n -f /etc/pf.conf -vvv 2>&1 | grep -i 'warning'`
		    if [ "${PFWARNINGS}" = "" ]; then
		        Display --indent 4 --text "- pf filter warnings" --result OK --color GREEN
		        logtext "Result: no pf filter warnings found"
	    	      else
		        Display --indent 4 --text "- pf filter warnings" --result WARNING --color RED
			logtext "Warning: found one or more warnings in the pf filter rules"
		    fi
	        fi
	      else
		Display --indent 2 --text "- Checking PF configuration..." --result "NOT FOUND" --color WHITE
	    fi
         else
	    Display --indent 2 --text "- Checking PF configuration..." --result "NOT FOUND" --color WHITE
        fi
    fi
#
#################################################################################
#

wait_for_keypress

#
#================================================================================
# Lynis - Copyright 2007-2008, Michael Boelen - www.rootkit.nl - The Netherlands
