#!/bin/sh

#################################################################################
#
#   Lynis
# ------------------
#
# Copyright 2007-2009, Michael Boelen (michael@rootkit.nl), The Netherlands
# Web site: http://www.rootkit.nl
#
# Lynis comes with ABSOLUTELY NO WARRANTY. This is free software, and you are
# welcome to redistribute it under the terms of the GNU General Public License.
# See LICENSE file for usage of this software.
#
#################################################################################
#
# Check which tools are installed
#
#################################################################################
#
    COMPILER_INSTALLED=0
    IDLE_SESSION_KILLER_INSTALLED=0
    MALWARE_SCANNER_INSTALLED=0
#
#################################################################################
#
    InsertSection "System Tools"
#
#################################################################################
#
    Display --indent 2 --text "- Scanning available tools..."
    logtext "Start scanning for available audit binaries and tools..."

    # Test        : FILE-7502
    # Description : Check all system binaries
    Register --test-no FILE-7502 --weight L --network NO --description "Check all system binaries"
    if [ ${SKIPTEST} -eq 0 ]; then
        SCANNEDPATHS=""
        Display --indent 2 --text "- Checking system binaries..."
        logtext "Status: Starting binary scan..."
        for SCANDIR in ${BINPATHS}; do
            logtext "Test: Checking binaries in directory ${SCANDIR}"
	    if [ -d ${SCANDIR} ]; then
	        Display --indent 4 --text "- Checking ${SCANDIR}... " --result FOUND --color GREEN
	        SCANNEDPATHS="${SCANNEDPATHS}, ${SCANDIR}"
    	        logtext "Directory ${SCANDIR} exists. Starting directory scanning..."
    		FIND=`ls ${SCANDIR}`
	        for I in ${FIND}; do
		    BINARY="${SCANDIR}/${I}"
	            logtext "Binary: ${BINARY}"
		    case ${I} in
		        autolog)		AUTOLOGBINARY="${BINARY}"; 		IDLE_SESSION_KILLER_INSTALLED=1;    	logtext "Found known binary: autolog (idle session killer)"			;;
			chkrootkit) 		CHKROOTKITBINARY="${BINARY}";           MALWARE_SCANNER_INSTALLED=1;	    	logtext "Found known binary: chkrootkit (malware scanner)"			;;
			dnsdomainname)          DNSDOMAINNAMEBINARY="${BINARY}";						logtext "Found known binary: dnsdomainname (DNS domain)"			;;
			domainname)             DOMAINNAMEBINARY="${BINARY}";							logtext "Found known binary: domainname (NIS domain)"				;;
		        gcc)	      		GCCBINARY="${SCANDIR}/${I}";		COMPILER_INSTALLED=1;		    	logtext "Found known binary: gcc (compiler)"					;;
			lvdisplay)              LVDISPLAYBINARY="${BINARY}";							logtext "Found known binary: lvdisplay (LVM tool)"				;;
			named-checkconf)	NAMEDCHECKCONFBINARY="${BINARY}";						logtext "Found known binary: named-checkconf (BIND configuration analyzer)"	;;
			rkhunter) 		RKHUNTERBINARY="${BINARY}";             MALWARE_SCANNER_INSTALLED=1;	    	logtext "Found known binary: rkhunter (malware scanner)"			;;
			vgdisplay)              VGDISPLAYBINARY="${BINARY}";							logtext "Found known binary: vgdisplay (LVM tool)"				;;
		    esac
		done
	      else
		Display --indent 4 --text "- Checking ${SCANDIR}... " --result "NOT FOUND" --color WHITE
    	        logtext "Directory ${SCANDIR} does NOT exist."
	    fi
	    logtextbreak        
	done
	SCANNEDPATHS=`echo ${SCANNEDPATHS} | sed 's/^, //g'`
        logtext "Scanned directories: ${SCANNEDPATHS}"
    fi

    for I in ${BINPATHS}; do
      J=${I}"/aa-status";    	if [ -f ${J} ]; then APPARMORFOUND=1;    AASTATUSBINARY=${J}; 	logtext "Found ${J}";	fi
      J=${I}"/afick.pl";    	if [ -f ${J} ]; then AFICKFOUND=0;	 AFICKBINARY=${J}; 	logtext "Found ${J}";	fi
      J=${I}"/aide";    	if [ -f ${J} ]; then AIDEFOUND=1;   	 AIDEBINARY=${J}; 	logtext "Found ${J}";	fi
      J=${I}"/apache2";      	if [ -f ${J} ]; then HTTPDFOUND=1;    	 HTTPDBINARY=${J};   	logtext "Found ${J}";   fi
      J=${I}"/auditd";    	if [ -f ${J} ]; then AUDITDFOUND=1;      AUDITDBINARY=${J}; 	logtext "Found ${J}";	fi    
      J=${I}"/awk";    		if [ -f ${J} ]; then AWKFOUND=0;	 AWKBINARY=${J}; 	logtext "Found ${J}";	fi
      J=${I}"/chkconfig"; 	if [ -f ${J} ]; then CHKCONFIGFOUND=1;   CHKCONFIGBINARY=${J};	logtext "Found ${J}";   fi
      J=${I}"/clamscan"; 	if [ -f ${J} ]; then CLAMSCANFOUND=1;    CLAMSCANBINARY=${J};	logtext "Found ${J}";   fi
      J=${I}"/dig"; 		if [ -f ${J} ]; then DIGFOUND=1; 	 DIGBINARY=${J};  	logtext "Found ${J}";  	fi
      J=${I}"/exim";      	if [ -f ${J} ]; then EXIMFOUND=1;	 EXIMBINARY=${J};	EXIMVERSION=`${J} -bV | grep 'Exim version' | awk '{ print $3 }' | xargs`; 	logtext "Found ${J} (version ${EXIMVERSION})";		fi
      J=${I}"/find";      	if [ -f ${J} ]; then FINDFOUND=1;	 FINDBINARY=${J};	logtext "Found ${J}";   fi
      J=${I}"/grpck";      	if [ -f ${J} ]; then GRPCKFOUND=1;       GRPCKBINARY=${J};      logtext "Found ${J}"; 	fi
      J=${I}"/httpd";      	if [ -f ${J} ]; then HTTPDFOUND=1;       HTTPDBINARY=${J};      logtext "Found ${J}";   fi
      J=${I}"/ip";      	if [ -f ${J} ]; then IPFOUND=1;          IPBINARY=${J};         logtext "Found ${J}"; 	fi
      J=${I}"/ipf";      	if [ -f ${J} ]; then IPFFOUND=1;         IPFBINARY=${J};        logtext "Found ${J}"; 	fi
      J=${I}"/ifconfig";	if [ -f ${J} ]; then IFCONFIGFOUND=1;    IFCONFIGBINARY=${J};   logtext "Found ${J}";   fi
      J=${I}"/iptables";    	if [ -f ${J} ]; then IPTABLESFOUND=1;	 IPTABLESBINARY=${J}; 	logtext "Found ${J}";	fi
      J=${I}"/kldstat";		if [ -f ${J} ]; then KLDSTATFOUND=1;     KLDSTATBINARY=${J};    logtext "Found ${J}";   fi
      J=${I}"/locate";    	if [ -f ${J} ]; then LOCATEFOUND=1;	 LOCATEBINARY=${J};     logtext "Found ${J}";   fi
      J=${I}"/logrotate";	if [ -f ${J} ]; then LOGROTATEFOUND=1;   LOGROTATEBINARY=${J};  logtext "Found ${J}";   fi
      J=${I}"/ls";      	if [ -f ${J} ]; then logtext "Found ${J}"; LSFOUND=1;   	LSBINARY=${J};         fi
      J=${I}"/lsattr";     	if [ -f ${J} ]; then logtext "Found ${J}"; LSATTRFOUND=1;  	LSATTRBINARY=${J};     fi
      J=${I}"/lsmod";      	if [ -f ${J} ]; then logtext "Found ${J}"; LSMODFOUND=1;    	LSMODBINARY=${J};      fi
      J=${I}"/lsof";    	if [ -f ${J} ]; then logtext "Found ${J}"; LSOFFOUND=1;    	LSOFBINARY=${J};       fi
      J=${I}"/lynx";    	if [ -f ${J} ]; then LYNXFOUND=1;	 LYNXBINARY=${J}; 	LYNXVERSION=`${J} -version | grep "^Lynx Version" | cut -d ' ' -f3`;		 logtext "Found ${J} (version ${LYNXVERSION})";		fi
      J=${I}"/md5";     	if [ -f ${J} ]; then logtext "Found ${J}"; MD5FOUND=1;     	MD5BINARY=${J};        fi
      J=${I}"/md5sum";  	if [ -f ${J} ]; then logtext "Found ${J}"; MD5FOUND=1;     	MD5BINARY=${J};        fi
      J=${I}"/mysql";    	if [ -f ${J} ]; then MYSQLCLIENTFOUND=1; MYSQLCLIENTBINARY=${J}; MYSQLCLIENTVERSION=`${J} -V | awk '{ if ($4=="Distrib") { print $5 }}' | sed 's/,//g'` ;       logtext "Found ${J} (version: ${MYSQLCLIENTVERSION})"; fi
      J=${I}"/netstat";  	if [ -f ${J} ]; then logtext "Found ${J}"; NETSTATFOUND=1;     	NETSTATBINARY=${J};    fi
      J=${I}"/nmap";    	if [ -f ${J} ]; then NMAPFOUND=1; 	 NMAPBINARY=${J};   	NMAPVERSION=`${J} -V | grep "^Nmap version" | awk '{ print $3 }'`;	  	 logtext "Found ${J} (version ${NMAPVERSION})";         fi
      J=${I}"/ntpq";    	if [ -f ${J} ]; then NTPQFOUND=1; 	 NTPQBINARY=${J};   		 logtext "Found ${J}";         fi      
      #NTPQVERSION=`${J} --version | awk '{ if ($8=="Ver.") { print $9 } }'`;	  
      J=${I}"/openssl";    	if [ -f ${J} ]; then OPENSSLFOUND=1;  	 OPENSSLBINARY=${J};	OPENSSLVERSION=`${J} version | head -n 1 | awk '{ print $2 }' | xargs`;		 logtext "Found ${J} (version ${OPENSSLVERSION})";	fi
      J=${I}"/osiris";    	if [ -f ${J} ]; then OSIRISFOUND=1;	 OSIRISBINARY=${J}; 	logtext "Found ${J}";	fi
      J=${I}"/perl";        	if [ -f ${J} ]; then PERLFOUND=1;	 PERLBINARY=${J};	PERLVERSION=`${J} -V:version | ${J} -pi -e "s/^version='(.*)';$/\1/" | xargs`;   logtext "Found ${J} (version ${PERLVERSION})";		fi
      J=${I}"/postconf";   	if [ -f ${J} ]; then logtext "Found ${J}"; POSTCONFFOUND=1; 	POSTCONFBINARY=${J};   fi
      J=${I}"/postfix";   	if [ -f ${J} ]; then logtext "Found ${J}"; POSTFIXFOUND=1; 	POSTFIXBINARY=${J};    fi
      J=${I}"/prelink";   	if [ -f ${J} ]; then logtext "Found ${J}"; PRELINKFOUND=1; 	PRELINKBINARY=${J};    fi
      J=${I}"/ps";      	if [ -f ${J} ]; then logtext "Found ${J}"; PSFOUND=1;      	PSBINARY=${J};         fi
      J=${I}"/readlink";      	if [ -f ${J} ]; then READLINKFOUND=1;	 READLINKBINARY=${J};	logtext "Found ${J}";              fi

      J=${I}"/rpm";    		if [ -f ${J} ]; then logtext "Found ${J}"; RPMFOUND=1;	 	 RPMBINARY=${J};        fi  
      J=${I}"/samhain";    	if [ -f ${J} ]; then SAMHAINFOUND=1;   	 SAMHAINBINARY=${J}; 	logtext "Found ${J}";	fi
      J=${I}"/sestatus";    	if [ -f ${J} ]; then SESTATUSFOUND=1;    SESTATUSBINARY=${J}; 	logtext "Found ${J}";	fi
      J=${I}"/slocate";    	if [ -f ${J} ]; then logtext "Found ${J}"; LOCATEFOUND=1;	 LOCATEBINARY=${J};     fi
      J=${I}"/smbd";    	if [ -f ${J} ]; then SMBDFOUND=1;    	 SMBDBINARY=${J}; 	SMBDVERSION=`${J} -V | grep "^Version" | awk '{ print $2 }'`;  		logtext "Found ${J} (version ${SMBDVERSION})";			fi      
      J=${I}"/sockstat";   	if [ -f ${J} ]; then logtext "Found ${J}"; SOCKSTATFOUND=1;	 SOCKSTATBINARY=${J};   fi
      J=${I}"/stat"; 		if [ -f ${J} ]; then logtext "Found ${J}"; STATFOUND=1;	   	 STATBINARY=${J};       fi
      J=${I}"/sshd"; 		if [ -f ${J} ]; then SSHDFOUND=1;	 SSHDBINARY=${J};	SSHDVERSION=`${J} -t -d 2>&1 | head -n 1 | awk '{ print $4 }' | cut -d '_' -f2 | xargs`; logtext "Found ${J} (version ${SSHDVERSION})";		fi
      J=${I}"/strings"; 	if [ -f ${J} ]; then logtext "Found ${J}"; STRINGSFOUND=1; 	 STRINGSBINARY=${J};    fi
      J=${I}"/syslog-ng";	if [ -x ${J} ]; then SYSLOGNGFOUND=1;	 SYSLOGNGBINARY=${J};	SYSLOGNGVERSION=`${J} -V 2>&1 | grep "^syslog-ng" | awk '{ print $2 }'`		logtext "Found ${J} (version ${SYSLOGNGVERSION})";		fi
      J=${I}"/tripwire";    	if [ -f ${J} ]; then TRIPWIREFOUND=1;    TRIPWIREBINARY=${J}; 	logtext "Found ${J}";	fi
      J=${I}"/wget";    	if [ -f ${J} ]; then WGETFOUND=1;    	 WGETBINARY=${J}; 	WGETVERSION=`${J} -V | grep "^GNU Wget" | awk '{ print $3 }'`;  		logtext "Found ${J} (version ${WGETVERSION})";			fi
    done
#
#################################################################################
#

wait_for_keypress

#
#================================================================================
# Lynis - Copyright 2007-2009, Michael Boelen - www.rootkit.nl - The Netherlands
