#!/bin/sh###################################################################

1. #!/bin/sh
2.  
3. #################################################################################
4. #
5. # This is the custom tests file and serves as a template.
6. #
7. # The language used in bourne shell (not bash). That means that almost everything
8. # you could use in bash, will also work here. Arrays and advanced substitutions
9. # will not work.
10. #
11. # How to use:
12. #
13. # Copy this file to the 'include' directory and name it tests_custom
14. # Find your includedir with: lynis show includedir
15. #
16. #################################################################################
17. #
18. # Tips:
19. #
20. # Use each test ID only once in the Register function and prefix them with CUST
21. #
22. # Use big steps (e.g. 10) in numbering, so you can easily put in tests later.
23. #
24. # Help the community and share your checks on https://github.com/CISOfy/lynis/
25. #
26. #################################################################################
27. #
28.     # Test        : CUST-0010
29.     # Description : We show some lines on the screen
30.  
31.     # Register our first custom test
32.     # We consider it to be a lightweight test (no heavy IO, or long searches), no network connection needed
33.     # --test-no   unique ID
34.     # --weight    L/M/H
35.     # --category  category (e.g. performance, privacy, security)
36.     Register --test-no CUST-0010 --weight L --network NO --category security --description "A test for displaying things on screen"
37.     if [ ${SKIPTEST} -eq 0 ]; then
38.         # The Display function makes it easy to show something on screen, with colors.
39.         # --indent  defines amount of spaces
40.         # --text    text to be displayed on screen
41.         # --result  text at end of line
42.         # --color   color of result text
43.         Display --indent 2 --text "- Checking if everything is OK..." --result "${STATUS_OK}" --color GREEN
44.         Display --indent 4 --text "This shows one level deeper " --result "${STATUS_NO}" --color YELLOW
45.         Display --indent 6 --text "And even deeper" --result "${STATUS_WARNING}" --color RED
46.     fi
47. #
48. #################################################################################
49. #
50.     # Test        : CUST-0020
51.     # Description : We show some lines on the screen
52.     Register --test-no CUST-0020 --weight L --network NO --category security --description "Dealing with files and directories"
53.     if [ ${SKIPTEST} -eq 0 ]; then
54.  
55.         # With -d we can test for directories, -f is for files, -L for symlinks.
56.  
57.         # Most tests use the "if-then-else". If something is true, take one step, otherwise the other.
58.         if DirectoryExists /tmp; then
59.             LogText "Result: we have a temporary directory"
60.         else
61.             LogText "Result: no temporary directory found"
62.         fi
63.  
64.         # Instead of ready-to-use functions, you can use normal shell script tests, like:
65.         # if [ -f /etc/file ]; then                     =  Test if file exists
66.         # if [ -d /var/run/mydirectory ]; then          =  Test if directory exists
67.         # if [ -L /var/run/mydirectory ]; then          =  Test if symlink exists
68.         # if [ ${MYVARIABLE} -eq 1 ]; then              =  Test if variable is set to 1 (make sure it was defined at beginning of test)
69.         # if [ "${MYVARIABLE}" = "Value" ]; then        =  Test if variable is equal to specific value
70.  
71.         # Let's test for a file. We like to find at least one file (file1 or file2)
72.         if FileExists /etc/file1; then
73.             LogText "Result: Found file /etc/file1"
74.         elif FileExists /etc/file2; then
75.             LogText "Result: Found file /etc/file2"
76.         else
77.             LogText "Result: both /etc/file1 and /etc/file2 were not found"
78.             # Show a warning on screen and in the report. We can specify a detail and how to solve it.
79.             ReportWarning "${TEST_NO}" "No file /etc/file1 or /etc/file2 available"
80.         fi
81.  
82.         # If a single value is stored in a variable, using 'case' is very effective.
83.         # Let's check for a predefined variable OS, which is defined by Lynis
84.         case ${OS} in
85.             # Only match one value
86.             "Linux")
87.                 LogText "Found Linux"
88.                 Display --indent 2 --text "OS: Linux" --result "${STATUS_OK}" --color GREEN
89.             ;;
90.             # Matching several platforms
91.             "FreeBSD" | "NetBSD" | "OpenBSD")
92.                 LogText "Found an operating system based on BSD"
93.                 Display --indent 2 --text "OS: *BSD" --result "${STATUS_OK}" --color GREEN
94.             ;;
95.             # Catch-all for other values
96.             *)
97.                 LogText "Found another operating system"
98.                 ReportSuggestion "${TEST_NO}" "Check if this process is running" "apache" "url:https://cisofy.com/support/"
99.             ;;
100.         esac
101.  
102.     fi
103. #
104. #################################################################################
105. #
106.     # Add a new section to the screen output
107.     InsertSection "Custom tests - Other"
108. #
109. #################################################################################
110. #
111.     # Test        : CUST-0040
112.     # Description : Our second test, with a prerequisite test
113.  
114.     # First check if OPENSSLBINARY is known as a prerequisite for this test
115.     # ! means "not". So if the binary is known, the prerequisite is matched. Otherwise we set it to NO and define a reason why we skipped this test
116.  
117.     if [ ! "${OPENSSLBINARY}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; SKIPREASON="No OpenSSL binary found"; fi
118.     Register --test-no CUST-0040 --preqs-met ${PREQS_MET} --skip-reason "${SKIPREASON}" --weight M --network NO --category security --description "Description of custom test"
119.     if [ ${SKIPTEST} -eq 0 ]; then
120.         # Set variable to zero, to indicate that we have no problems found (yet)
121.         FOUNDPROBLEM=0
122.         DIR="/my/path"
123.         LogText "Test: we are going to check if we can find a particular directory (${DIR})"
124.         # Check if a directory exists
125.         if DirectoryExists ${DIR}; then
126.             LogText "Result: log entry for easier debugging or additional information"
127.         else
128.             FOUNDPROBLEM=1
129.             LogText "Result: directory ${DIR} was not found!"
130.             ReportWarning "${TEST_NO}" "This is a test warning line" "${DIR}" "text:Create directory ${DIR}"
131.         fi
132.  
133.         if [ ${FOUNDPROBLEM} -eq 0 ]; then
134.             Display --indent 2 --text "- Checking if everything is OK..." --result "${STATUS_OK}" --color GREEN
135.         else
136.             Display --indent 2 --text "- Checking if everything is OK..." --result "${STATUS_WARNING}" --color RED
137.             ReportSuggestion "${TEST_NO}" "This is a suggestion"
138.         fi
139.     fi
140. #
141. #################################################################################
142. #
143.  
144. # Wait for keypress (unless --quick is being used)
145. WaitForKeyPress
146.  
147. #
148. #================================================================================
149. # Lynis - Security Auditing and System Hardening for Linux and UNIX - https://cisofy.com
150.