#!/bin/sh

#################################################################################
#
#   Lynis
# ------------------
#
# Copyright 2007-2008, Michael Boelen (michael@rootkit.nl), The Netherlands
# Web site: http://www.rootkit.nl
#
# Lynis comes with ABSOLUTELY NO WARRANTY. This is free software, and you are
# welcome to redistribute it under the terms of the GNU General Public License.
# See LICENSE file for usage of this software.
#
#################################################################################
#
# File systems
#
#################################################################################
#
    # Number of days to mark a file as old
    TMP_OLD_DAYS=90
#
#################################################################################
#

    InsertSection "File systems"

    # Test        : FILE-6323
    # Description : Checking Linux EXT2, EXT3, EXT4 file systems
    Register --test-no FILE-6323 --os Linux --weight L --network NO --description "Checking EXT file systems"
    if [ ${SKIPTEST} -eq 0 ]; then
        logtext "Test: Checking for Linux EXT file systems"
        FIND=`mount -t ext2,ext3,ext4 | awk '{ print $3","$5 }'`
	if [ ! "${FIND}" = "" ]; then
	    logtext "Result: found one or more EXT file systems"
	    for I in ${FIND}; do
	        FILESYSTEM=`echo ${I} | cut -d ',' -f1`
	        FILETYPE=`echo ${I} | cut -d ',' -f2`		
	        logtext "File system: ${FILESYSTEM} (type: ${FILETYPE})"
	    done
	fi
    fi
#
#################################################################################
#
    # Test        : FILE-6329
    # Description : Query all UFS mounts from /etc/fstab
    Register --test-no FILE-6329 --os FreeBSD --weight L --network NO --description "Checking UFS file systems"
    if [ ${SKIPTEST} -eq 0 ]; then
	logtext "Test: Query /etc/fstab for available UFS mount points"
        FIND=`awk '{ if ($3 == "ufs") { print $1":"$2":"$3":"$4":" }}' /etc/fstab`
	if [ "${FIND}" = "" ]; then
	    Display --indent 2 --text "- Querying UFS mount points (fstab)..." --result WARNING --color RED
	    logtext "Result: unable to find any single mount point (UFS)"
	    ReportWarning ${TEST_NO} "L" "No single UFS mount point found"
	  else
	    Display --indent 2 --text "- Querying UFS mount points (fstab)..." --result OK --color GREEN
	    for I in ${FIND}; do
	        logtext "UFS mount found: ${I}"
	        report "mountpoint[]=${I}"	
	    done
	fi
    fi
#
#################################################################################
#
    # Test        : FILE-6332
    # Description : Check FreeBSD swap partitions
    Register --test-no FILE-6332 --os FreeBSD --weight L --network NO --description "Checking swap partitions"
    if [ ${SKIPTEST} -eq 0 ]; then
    	FOUND=0
        logtext "Test: query swap partitions from /etc/fstab file"
	# Check if third field contains 'swap'
        FIND=`awk '{ if ($3=="swap") print $1 }' /etc/fstab`	
	for I in ${FIND}; do
	    FOUND=1
	    logtext "Swap partition found: ${I}"
	    #YYY add to report file
	done
	if [ ${FOUND} -eq 1 ]; then
	    Display --indent 2 --text "- Query swap partitions (fstab)..." --result OK --color GREEN
	  else
	    Display --indent 2 --text "- Query swap partitions (fstab)..." --result WARNING --color YELLOW
	    ReportWarning ${TEST_NO} "L" "No swap partion found in /etc/fstab"
	    logtext "Result: no swap partitions found in /etc/fstab"
	fi
    fi
#
#################################################################################
#
    # Test        : FILE-6336
    # Description : Check FreeBSD swap mount options
    Register --test-no FILE-6336 --os FreeBSD --weight L --network NO --description "Checking swap mount options"
    if [ ${SKIPTEST} -eq 0 ]; then
        # Swap partitions should be mounted with 'sw'
	logtext "Test: check swap partitions with incorrect mount options"
        FIND=`awk '{ if ($3=="swap" && $4 !~ "sw") print $1 }' /etc/fstab`
	if [ "${FIND}" = "" ]; then
	    Display --indent 2 --text "- Testing swap partitions..." --result OK --color GREEN
	    logtext "Result: all swap partitions have correct options (=sw)"
	  else
	    Display --indent 2 --text "- Testing swap partitions..." --result WARNING --color RED
	    logtext "Result: possible incorrect mount options used for mounting swap partition (${FIND})"
	    ReportWarning ${TEST_NO} "L" "Possible incorrect mount options used for swap parition (${FIND})"
	    ReportSuggestion ${TEST_NO} "Suggestion: check your /etc/fstab file. Swap parition usually have 'sw' in the options field (4th)."
	fi
    fi
#
#################################################################################
#
    # Test        : FILE-6354
    # Description : Search files within /tmp which are older than 3 months
    if [ -d /tmp  ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
    Register --test-no FILE-6354 --preqs-met ${PREQS_MET} --weight L --network NO --description "Searching for old files in /tmp"
    if [ ${SKIPTEST} -eq 0 ]; then
        logtext "Test: Searching for old files in /tmp..."
	# Search for files only in /tmp, with an access time older than X days
        FIND=`find /tmp -type f -atime +${TMP_OLD_DAYS}`
        if [ "${FIND}" = "" ]; then
	    Display --indent 2 --text "- Checking for old files in /tmp..." --result OK --color GREEN
	    logtext "Result: no files found in /tmp which are older than 3 months"
          else
	    Display --indent 2 --text "- Checking for old files in /tmp..." --result WARNING --color RED
	    N=0
	    for I in ${FIND}; do
	        logtext "Old temporary file: ${I}"
	        N=$(( $N + 1 ))
	    done
	    logtext "Result: found old files in /tmp, which were not modified in the last ${TMP_OLD_DAYS} days"
	    logtext "Suggestion: check and clean up unused files in /tmp. Old files can "
	    logtext "fill up a disk or contain private information and should be deleted"
	    logtext "it not being used actively. Use a tool like lsof to see which programs"
	    logtext "possibly are using a particular file. Some systems can cleanup temporary"
	    logtext "directories by setting a boot option"
	    ReportWarning ${TEST_NO} "L" "Found ${N} files in /tmp which are older than ${TMP_OLD_DAYS} days"
	    ReportSuggestion ${TEST_NO} "Clean up files in /tmp if they are not used"
	fi
    fi
#
#################################################################################
#
    # Test: scan the skel directory for bad permissions
    # Reason: bad permissions on these files will give new created users the same permissions
    #YYY enable skel test
    # Several differences between operating systems are present
    #SKELDIRS="/etc/skel /usr/share/skel"

    #for I in ${SKELDIRS}; do
    #    
    #    logtext "Searching skel directory ${I}..."
    #
    #    if [ -d ${I} ]; then
    #        logtext "Result: Directory found, scanning for unsafe file permissions"
    #	FIND=`ls -A ${I} | wc -l | sed 's/ //g'`
    #	if [ ! "${FIND}" = "0" ]; then
    #     	    FIND=`find ${I} -type f -a \( -perm -004 -o -perm -002 -o -perm -001 \)`
    #	    if [ "${FIND}" = "" ]; then
    #	        Display --indent 2 --text "- Checking skel file permissions (${I})..." --result OK --color GREEN
    #		logtext "Result: Directory seems to be ok, no files found with read/write/execute bit set."
    #		logtext "Status: OK"
    #	      else	
    #	        Display --indent 2 --text "- Checking skel file permissions (${I})..." --result WARNING --color RED
    #	        logtext "Result: The following files do have non restrictive permissions: ${FIND}"
    #	        logtext "Suggestion: remove the read, write or execute bit from these files (chmod o-rwx)"
    #	    fi    
    #	  else
    #	    Display --indent 2 --text "- Checking skel file permissions (${I})..." --result EMPTY --color WHITE
    #	    logtext "Directory ${I} is empty, no scan performed"    
    #	fi
    #      else
    #        Display --indent 2 --text "- Checking skel file permissions (${I})..." --result "NOT FOUND" --color WHITE
    #	logtext "Result: Skel directory (${I}) not found"
    #    fi
    #done
#
#################################################################################
#
    # Test        : FILE-6362
    # Description : Check for sticky bit on /tmp
    if [ -d /tmp -a ! -L /tmp ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
    Register --test-no FILE-6362 --preqs-met ${PREQS_MET} --weight L --network NO --description "Checking /tmp sticky bit"
    if [ ${SKIPTEST} -eq 0 ]; then
        # Depending on OS, number of field with 'tmp' differs
        FIND=`ls -l / | tr -s ' ' | awk -F" " '{ if ( $8 == "tmp" || $9 == "tmp" ) { print $1 } }' | cut -c 10`
        if [ "${FIND}" = "t" -o "${FIND}" = "T" ]; then
    	    Display --indent 2 --text "- Checking /tmp sticky bit..." --result OK --color GREEN
            logtext "Result: Sticky bit (${FIND}) found on /tmp directory"
	  else
	    Display --indent 2 --text "- Checking /tmp sticky bit..." --result WARNING --color RED
    	    ReportWarning ${TEST_NO} "H" "No sticky bit found on /tmp directory, which can be dangerous!"
	    ReportSuggestion ${TEST_NO} "Suggestion: consult documentation and place the sticky bit, to prevent users deleting (by other owned) files in the /tmp directory."
	fi
      else
        logtext "Result: Sticky bit test (on /tmp) skipped. Most likely /tmp is a symlink to another directory."
    fi
#
#################################################################################
#
    # Test        : FILE-6366
    # Description : Check for noatime option
    # More info   : especially useful for profile 'desktop' and 'server-storage'
    #               profiles
#
#################################################################################
#
    # Test        : FILE-6370
    # Description : Check for nodirtime option
#
#################################################################################
#
    # Test        : FILE-6374
    # Description : Check for relatime
#
#################################################################################
#
    # Test        : FILE-6378
    # Description : Check for nodev option for all NON / (root) mount points
    # More info   : on partitions where applications are chrooted, it should
    #               NOT be placed
#
#################################################################################
#
    # Test        : FILE-6382
    # Description : Check for nosuid option
#
#################################################################################
#
    # Test        : FILE-6386
    # Description : Check for noexec option
#
#################################################################################
#
    # Test        : FILE-6390
    # Description : Check writeback/journalling mode (ext3)
    # More info   : data=writeback | data=ordered | data=journal
#
#################################################################################
#
    # Test        : FILE-6394
    # Description : Check vm.swappiness (Linux)
#
#################################################################################
#
    # Test        : FILE-6398
    # Description : Check if JBD (Journal Block Device) driver is loaded
#
#################################################################################
#

wait_for_keypress

#
#================================================================================
# Lynis - Copyright 2007-2008, Michael Boelen - www.rootkit.nl - The Netherlands
