#!/bin/sh

#################################################################################
#
#   Lynis
# ------------------
#
# Copyright 2007-2008, Michael Boelen (michael@rootkit.nl), The Netherlands
# Web site: http://www.rootkit.nl
#
# Lynis comes with ABSOLUTELY NO WARRANTY. This is free software, and you are
# welcome to redistribute it under the terms of the GNU General Public License.
# See LICENSE file for usage of this software.
#
#################################################################################
#
# Networking
#
#################################################################################
#
    InsertSection "Networking"
#
#################################################################################
#
    # Test        : NETW-2721
    # Description : Basic nameserver configuration tests (connectivity)
    #Register --test-no NETW-2721 --weight L --network NO --description "Basic nameserver configuration tests"


# Check configured DNS servers 
    counttests
    Display --indent 2 --text "- Checking configured nameservers..."
    logtext "Checking /etc/resolv.conf file"
    if [ -f /etc/resolv.conf ]; then
        logtext "Found /etc/resolv.conf file"
        FIND=`cat /etc/resolv.conf | grep '^nameserver' | tr -d '\t' | sed 's/nameserver*//g'`
        if [ ! "${FIND}" = "" ]; then
	    Display --indent 4 --text "- Testing nameservers..."
	    N=0
	    for I in ${FIND}; do
	        logtext "Found nameserver: ${I}"
		# See if we can query something at the nameserver
		# 0=good, rest=bad
		DNSRESPONSE=`dig +noall +time=3 +retry=0 @${I} ${I} 2>/dev/null ; echo $?`
		if [ "${DNSRESPONSE}" = "0" ]; then
		    Display --indent 6 --text "Nameserver: ${I}... " --result OK --color GREEN
		    logtext "Nameserver ${I} seems to respond to queries from this host."
		    # Count responsive nameservers
		    N=$(( $N + 1 ))
		  else
		    Display --indent 6 --text "Nameserver: ${I}... " --result "NO RESPONSE" --color RED
		    logtext "Warning: nameserver ${I} does NOT respond"
		    logtext "Exit-code from dig: ${DNSRESPONSE}"
		    logtext "Suggestion: check connection to this nameserver and make sure no "
		    logtext "outbound DNS queries are blocked (port 53 UDP and TCP)."
		fi			
	        report "nameserver[]=${I}"
	    done      
	    
	    if [ $N -lt 2 ]; then
	        Display --indent 4 --text "- Check for 2 responsive nameservers..." --result WARNING --color RED
	        logtext "Warning: could not find 2 responsive nameservers"
		logtext "Non responsive nameservers can give problems for your system(s). Like lack"
		logtext "of recursive lookups, bad connectivity to update servers etc."
		logtext "Suggestion: check your resolv.conf file and connectivity to your nameservers"
	      else
		Display --indent 4 --text "- Check for 2 responsive nameservers..." --result OK --color GREEN
		logtext "Result: found at least 2 responsive nameservers"
		logtext "Status: OK"
	    fi
	fi
    fi
    logtextbreak
#
#################################################################################
#
    # Test        : NETW-3001
    # Description : Find default gateway (route)
    Register --test-no NETW-3001 --weight L --network NO --description "Find default gateway (route)"
    # FreeBSD/OpenBSD: ^default
    # Linux: 0.0.0.0
    if [ $SKIPTEST -eq 0 ]; then    
        Display --indent 2 --text "- Checking default gateway..." --result DONE --color GREEN
        logtext "Test: Searching default gateway(s)..."
        FIND=`netstat -rn | egrep "^0.0.0.0|default" | tr -s ' ' | cut -d ' ' -f2`
        for I in ${FIND}; do
            logtext "Found default gateway ${I}"
            report "default_gateway[]=${I}"
        done
    fi
#
#################################################################################
#
    # Test        : NETW-3004
    # Description : Find available FreeBSD network interfaces
    Register --test-no NETW-3004 --os FreeBSD --weight L --network NO --description "Search FreeBSD available network interfaces"
    if [ ${SKIPTEST} -eq 0 ]; then
        FIND=`ifconfig -l`
	N=0
	for I in ${FIND}; do
	    logtext "Found network interface ${I}"
	    N=`expr ${N} + 1`
	    report "network_interface[]=${I}"
	done
    fi
#
#################################################################################
#
    # Test        : NETW-3006
    # Description : Get network MAC addresses
    Register --test-no NETW-3006 --weight L --network NO --description "Get network MAC addresses"
    if [ ${SKIPTEST} -eq 0 ]; then
        FIND=""
	case ${OS} in
	    FreeBSD)
	        FIND=`ifconfig -a | awk '{ if ($1=="ether") print $2 }'`
		;;
	    Linux)
	        FIND=`ifconfig -a | grep "HWaddr" | awk '{ if ($4=="HWaddr") print $5 }'`
		;;
	    OpenBSD)
		FIND=`ifconfig -A | awk '{ if ($1=="lladdr") print $2 }'`
		;;
	    SunOS)
	        FIND=`ifconfig -a | awk '{ if ($1=="ether") print $2 }'`	    
		;;
	    *)
	        logtext "Warning: no support for this OS (${OS}) to find MAC information"
		;;
	esac
	N=0
	for I in ${FIND}; do
	    logtext "Found network MAC address ${I}"
	    N=`expr ${N} + 1`
	    report "network_mac_address[]=${I}"
	done
    fi
#
#################################################################################
#
    # Test        : NETW-3008
    # Description : Get network IPv4/6 addresses
    Register --test-no NETW-3008 --weight L --network NO --description "Get network IP addresses"
    if [ ${SKIPTEST} -eq 0 ]; then
        FIND=""; FIND2=""
	case ${OS} in
	    FreeBSD)
	        FIND=`ifconfig -a | awk '{ if ($1=="inet") print $2 }'`	    
		FIND2=`ifconfig -a | awk '{ if ($1=="inet6") print $2 }'`	    
		;;
	    Linux)
		FIND=`ifconfig -a | awk '{ if ($1=="inet") print $2 }' | cut -d ':' -f2`	    
	        FIND2=`ifconfig -a | awk '{ if ($1=="inet6") print $3 }'`
		;;
	    OpenBSD)
		FIND=`ifconfig -A | awk '{ if ($1=="inet") print $2 }'`
		FIND2=`ifconfig -A | awk '{ if ($1=="inet6") print $2 }'`
		;;
	    SunOS)
	        FIND=`ifconfig -a | awk '{ if ($1=="inet") print $2 }'`	    
		FIND2=`ifconfig -a | awk '{ if ($1=="inet6") print $2 }'`	    
		;;
	    *)
	        logtext "Warning: no support yet for this OS (${OS}) to find IP address information"
		;;
	esac
	N=0
	# IPv4
	for I in ${FIND}; do
	    logtext "Found network IP address ${I}"
	    N=`expr ${N} + 1`
	    report "network_ipv4_address[]=${I}"
	done
	# IPv6
	for I in ${FIND2}; do
	    logtext "Found network IP address ${I}"
	    N=`expr ${N} + 1`
	    report "network_ipv6_address[]=${I}"
	done

    fi
#
#################################################################################
#
    # Test        : NETW-3010
    # Description : Check IP forwarding (IPv4, IPv6)
    #Register --test-no NETW-3010 --weight L --network NO --description "Check IP forwarding"
    #if [ ${SKIPTEST} -eq 0 ]; then
    #fi
#
#################################################################################
#
    # Test        : NETW-3012
    # Description : Check IP forwarding (IPv4, IPv6)
    #Register --test-no NETW-3012 --weight L --network NO --description "Check IP forwarding"
    #if [ ${SKIPTEST} -eq 0 ]; then
    #fi
    # Retrieve information from sockstat, when available
    if [ ! "${SOCKSTATBINARY}" = "" ]; then
        counttests
	logtext "Test: Retrieving sockstat information to find listening ports..."
	SOCKSTATOUTPUT=`sockstat | grep '*:*' | cut -c 1-55 | grep '*:' | cut -c 39-47 | tr -d ' ' | sort | grep -v '*' | uniq`
	for I in ${SOCKSTATOUTPUT}; do
	  logtext "Found port: ${I}"
	done
	Display --indent 2 --text "- Getting listening ports (sockstat)..." --result DONE --color GREEN
	logtextbreak
    fi

	
    #YYY Netstat/socktstat compare
#	    echo -n "        - Comparing output sockstat and netstat... "
#	    logtext "Comparing output of sockstat and netstat... "
#	    NETSTATOUTPUT=`netstat -an | grep -v 'TIME_WAIT' | grep -v 'ESTABLISHED' | grep -v 'SYN_SENT' | grep -v 'CLOSE_WAIT' | grep -v 'LAST_ACK' | grep -v 'SYN_RECV' | grep -v 'CLOSING' | cut -c 1-44 | grep '*.' | cut -c 24-32 | tr -d ' ' | tr -d '\t' | grep -v '*' | sort | uniq`
#
#	    if [ "${SOCKSTATOUTPUT}" = "${NETSTATOUTPUT}" ]; then
#	        ShowResult OK
#	      else
#	        echo "[ ${BAD}Warning!${NORMAL} ]"
#		logtext "WARNING!"
#		logtext "Sockstat tested output: ${SOCKSTAT}"
#		logtext "Netstat tested output: ${NETSTAT}"
#	    fi

#
#################################################################################
#

#
#################################################################################
#
    # Test        : NETW-3014
    # Description : Checking promiscuous interfaces (FreeBSD)
    #Register --test-no NETW-3014 --weight L --network NO --description "Checking promiscuous interfaces"
    #if [ ${SKIPTEST} -eq 0 ]; then
    #fi

    # Promiscuous interfaces
    FOUNDPROMISC=0

    if [ "${OS}" = "FreeBSD" ]; then
    counttests
    logtext "Test: Checking promiscuous interfaces (FreeBSD)..."
    FIND=`ifconfig | grep PROMISC | cut -d ':' -f1`
    if [ ! "${FIND}" = "" ]; then
        logtext "Result: Promiscuous interfaces: ${FIND}"
        for I in ${FIND}; do
            ISWHITELISTED=`grep "^if_promisc:${I}:" ${PROFILE}`
	    if [ "${ISWHITELISTED}" = "" ]; then
	        logtext "Warning: Found promiscuous interface ${I}"
	        logtext "Note: some tools put an interface into promiscuous mode, to capture/log network traffic"
		FOUNDPROMISC=1
		report "warning[]=Found promiscuous interface (${I})"
	      else
	        logtext "Found promiscuous interface ${I} (*whitelisted via profile*)"
    	    fi
	done
    fi
    if [ ${FOUNDPROMISC} -eq 0 ]; then
    	Display --indent 2 --text "- Checking promiscuous interfaces..." --result OK --color GREEN
	logtext "No promiscuous interfaces found"	
      else
    	Display --indent 2 --text "- Checking promiscuous interfaces..." --result WARNING --color RED
	logtext "No promiscuous interfaces found"
    fi
    logtextbreak
    fi    
#
#################################################################################
#

#YYYecho "      - Checking logging probed ports...[Not implemented yet]"


wait_for_keypress

#
#================================================================================
# Lynis - Copyright 2007-2008, Michael Boelen - www.rootkit.nl - The Netherlands
