#!/bin/sh

#################################################################################
#
#   Lynis
# ------------------
#
# Copyright 2007-2008, Michael Boelen (michael@rootkit.nl), The Netherlands
# Web site: http://www.rootkit.nl
#
# Lynis comes with ABSOLUTELY NO WARRANTY. This is free software, and you are
# welcome to redistribute it under the terms of the GNU General Public License.
# See LICENSE file for usage of this software.
#
#################################################################################
#
# Shells
#
#################################################################################
#
    InsertSection "Shells"
#
#################################################################################
#
    # Test        : SHLL-7225
    # Description : check all console TTYs in which root user can enter single user mode without password
    Register --test-no SHLL-7225 --os FreeBSD --weight L --network NO --description "Check console TTYs"
    if [ ${SKIPTEST} -eq 0 ]; then
        logtext "Test: Checking console TTYs..."
        FIND=`cat /etc/ttys | egrep '^console' | grep -v 'insecure'`
        if [ "${FIND}" = "" ]; then
   	    Display --indent 2 --text "- Checking console TTYs... " --result OK --color GREEN
	    logtext "Result: console is secured against single user mode without password."
          else
    	    Display --indent 2 --text "- Checking console TTYs... " --result WARNING --color RED
	    logtext "Result: Found insecure console in /etc/ttys. Single user mode login without password allowed!"
    	    logtext "Output /etc/ttys:"	
    	    logtext "${FIND}"
	    ReportWarning ${TEST_NO} "M" "Found unprotected console in /etc/ttys"
	    ReportSuggestion ${TEST_NO} "Change the console line from 'secure' to 'insecure'."
	fi
    fi
#
#################################################################################
#
    # Test        : SHLL-6211
    # Description : which shells are available according /etc/shells
    Register --test-no SHLL-6211 --weight L --network NO --description "Checking available and valid shells"
    if [ ${SKIPTEST} -eq 0 ]; then
        logtext "Test: Searching for /etc/shells..."
        if [ -f /etc/shells ]; then
            logtext "Result: Found /etc/shells file"
            logtext "Test: Reading available shells from /etc/shells"
            SSHELLS=`cat /etc/shells | grep "^/"`
            CSSHELLS=0; CSSHELLS_ALL=0
            Display --indent 2 --text "- Checking shells from /etc/shells..."
            for I in ${SSHELLS}; do
                CSSHELLS_ALL=`expr ${CSSHELLS_ALL} + 1`
                report "available_shell[]=${I}"
                if [ -f ${I} ]; then
                    logtext "Found installed shell: ${I}"
                    CSSHELLS=`expr ${CSSHELLS} + 1`
                  else
                    logtext "Shell ${I} not installed. Probably a dummy or non existing shell."
                fi
             done
            Display --indent 4 --text "Result: found ${CSSHELLS_ALL} shells (valid shells: ${CSSHELLS})."
          else
            Display --indent 4 --text "Result: test skipped, could not find /etc/shells"
        fi
    fi
#
#################################################################################
#

wait_for_keypress

#
#================================================================================
# Lynis - Copyright 2007-2008, Michael Boelen - www.rootkit.nl - The Netherlands
