From 0fd0a0b0b914fa8c5abd67ac5beac6f352c94bfd Mon Sep 17 00:00:00 2001 From: dataking Date: Thu, 14 Jul 2016 13:01:42 -0700 Subject: [PATCH] Style changes, HTML tidying, and minor bug fixes. --- lynis_report.pl | 215 +++++++++++++++++++++++++++++------------------- 1 file changed, 129 insertions(+), 86 deletions(-) diff --git a/lynis_report.pl b/lynis_report.pl index 9794a7b..7f49841 100755 --- a/lynis_report.pl +++ b/lynis_report.pl @@ -3,7 +3,7 @@ use strict; use warnings; use feature qw( switch ); -#if ($] ge '5.018000') { no warnings "experimental::smartmatch"; } +no if $] ge '5.018', warnings => "experimental::smartmatch"; use Term::ANSIColor; use Getopt::Long qw( :config no_ignore_case bundling ); use Data::Dumper; @@ -16,6 +16,8 @@ GetOptions( 'o|output=s' => \$output, ); +if ($help) { &usage; } + my %to_bool = ( 0 => 'false', 1 => 'true' ); my %to_long_severity = ( 'C' => 'Critical', 'S' => 'Severe', 'H' => 'High', 'M' => 'Medium', 'L' => 'Low', 'I' => 'Informational' ); @@ -111,6 +113,8 @@ print OUT < -

lynis Asset Report

-

created by lynis_report

- - -
lynis infohost info
-
-

host findings:

- +
+

lynis Asset Report

+

created by lynis_report

+
hardening index:
+ +
lynis infohost info
+
+

host findings:

+ END given ($lynis_report_data{'hardening_index'}) { when (($lynis_report_data{'hardening_index'} < 100) and ($lynis_report_data{'hardening_index'} > 90)) { # green - print OUT "\t\t\t"; + print OUT "\t\t\t\t"; } when (($lynis_report_data{'hardening_index'} <= 90) and ($lynis_report_data{'hardening_index'} > 80)) { # yellow - print OUT "\t\t\t"; + print OUT "\t\t\t\t"; } when (($lynis_report_data{'hardening_index'} <= 80) and ($lynis_report_data{'hardening_index'} > 65)) { # orange - print OUT "\t\t\t"; + print OUT "\t\t\t\t"; } when ($lynis_report_data{'hardening_index'} <= 65) { # red - print OUT "\t\t\t"; + print OUT "\t\t\t\t"; } default { # error } } -print OUT "\t\t
hardening index:$lynis_report_data{'hardening_index'}$lynis_report_data{'hardening_index'}$lynis_report_data{'hardening_index'}$lynis_report_data{'hardening_index'}$lynis_report_data{'hardening_index'}$lynis_report_data{'hardening_index'}$lynis_report_data{'hardening_index'}$lynis_report_data{'hardening_index'}
\n"; -print OUT "

warnings (".scalar(@{$lynis_report_data{'warning[]'}})."):

\n"; -print OUT < - Warning IDDescriptionSeverityF4 -END -if (ref($lynis_report_data{'warning[]'}) eq 'ARRAY') { - if (${$lynis_report_data{'warning[]'}}[0] =~ /\|/) { # more than one - foreach my $warn ( sort @{$lynis_report_data{'warning[]'}} ) { - my ($warn_id,$warn_desc,$warn_sev,$warn_f4) = split(/\|/, $warn); - print OUT "$warn_id$warn_desc$to_long_severity{$warn_sev}$warn_f4\n"; - } - } elsif (${$lynis_report_data{'warning[]'}}[0] =~ /[A-Z]{4}\-\d{4}/) { # one warning - my $warn_id = ${$lynis_report_data{'warning[]'}}[0]; - my $warn_desc = ${$lynis_report_data{'warning[]'}}[1]; - my $warn_sev = ${$lynis_report_data{'warning[]'}}[2]; - my $warn_f4 = ${$lynis_report_data{'warning[]'}}[3]; - print OUT "$warn_id$warn_desc$to_long_severity{$warn_sev}$warn_f4\n"; - } else { - die colored("Unexpected ARRAY format! \n", "bold red"); - } +print OUT "\t\t\t\n"; +if (!exists($lynis_report_data{'warning[]'})) { + print OUT "

warnings (0):

\n"; } else { - die colored("warning[] not ARRAY ref!: ".ref($lynis_report_data{'warning[]'})."\n", "bold red"); + print OUT "

warnings (".scalar(@{$lynis_report_data{'warning[]'}})."):

\n"; } print OUT < +
+ + END -print OUT "\t\t

suggestions (".scalar(@{$lynis_report_data{'suggestion[]'}})."):

\n"; +if (exists($lynis_report_data{'warning[]'})) { + if (ref($lynis_report_data{'warning[]'}) eq 'ARRAY') { + if (${$lynis_report_data{'warning[]'}}[0] =~ /\|/) { # more than one + foreach my $warn ( sort @{$lynis_report_data{'warning[]'}} ) { + my ($warn_id,$warn_desc,$warn_sev,$warn_f4) = split(/\|/, $warn); + print OUT "\t\t\t\t\t\n"; + } + } elsif (${$lynis_report_data{'warning[]'}}[0] =~ /[A-Z]{4}\-\d{4}/) { # one warning + my $warn_id = ${$lynis_report_data{'warning[]'}}[0]; + my $warn_desc = ${$lynis_report_data{'warning[]'}}[1]; + my $warn_sev = ${$lynis_report_data{'warning[]'}}[2]; + my $warn_f4 = ${$lynis_report_data{'warning[]'}}[3]; + print OUT "\t\t\t\t\t\n"; + } else { + die colored("Unexpected ARRAY format! \n", "bold red"); + } + } else { + die colored("warning[] not ARRAY ref!: ".ref($lynis_report_data{'warning[]'})."\n", "bold red"); + } +} print OUT < - +
Warning IDDescriptionSeverityF4
$warn_id$warn_desc$to_long_severity{$warn_sev}$warn_f4
$warn_id$warn_desc$to_long_severity{$warn_sev}$warn_f4
Suggestion IDDescriptionSeverityF4
+
+END +print OUT "\t\t\t

suggestions (".scalar(@{$lynis_report_data{'suggestion[]'}})."):

\n"; +print OUT < + + END if ((ref($lynis_report_data{'suggestion[]'}) eq 'ARRAY') and (${$lynis_report_data{'suggestion[]'}}[0] =~ /\|/)) { @@ -191,67 +205,75 @@ if ((ref($lynis_report_data{'suggestion[]'}) eq 'ARRAY') and if ($sug_desc eq 'Consider hardening SSH configuration') { $sug_desc .= ": $sug_sev"; $sug_sev = '-'; } - print OUT "\t\t\t\n"; + print OUT "\t\t\t\t\t\n"; } } print OUT < -

manual checks:

-
    +
Suggestion IDDescriptionSeverityF4
$sug_id$sug_desc$sug_sev$sug_f4
$sug_id$sug_desc$sug_sev$sug_f4
+ +

manual checks:

+
    END -foreach my $man ( sort @{$lynis_report_data{'manual[]'}} ) { - #print Dumper($man); - print OUT "
  • $man
    • \n"; +if ((exists($lynis_report_data{'manual[]'})) and (scalar(@{$lynis_report_data{'manual[]'}}) > 0)) { + foreach my $man ( sort @{$lynis_report_data{'manual[]'}} ) { + #print Dumper($man); + print OUT "
  • $man
    • \n"; + } } print OUT < -
    -

    lynis info:

     - - - - - - - - - - - - - - + +
    +

    lynis info:

     +
    +
    lynis version:$lynis_report_data{'lynis_version'}lynis tests done:$lynis_report_data{'lynis_tests_done'}
    lynis update available:$to_bool{$lynis_report_data{'lynis_update_available'}}license key:$lynis_report_data{'license_key'}
    report version:$lynis_report_data{'report_version_major'}.$lynis_report_data{'report_version_minor'}
    number of plugins enabled:$lynis_report_data{'plugins_enabled'}plugin directory:$lynis_report_data{'plugin_directory'}
    + + + + + + + + + + + + + END -print OUT "\t\t\t\t\n"; print OUT < - - - - - -
    lynis version:$lynis_report_data{'lynis_version'}lynis tests done:$lynis_report_data{'lynis_tests_done'}
    lynis update available:$to_bool{$lynis_report_data{'lynis_update_available'}}license key:$lynis_report_data{'license_key'}
    report version:$lynis_report_data{'report_version_major'}.$lynis_report_data{'report_version_minor'}
    number of plugins enabled:$lynis_report_data{'plugins_enabled'}plugin directory:$lynis_report_data{'plugin_directory'}
    phase 1 plugins enabled:"; -print OUT "\t\t\t\t\t\n"; +print OUT "\t\t\t\t\t\t\n"; +print OUT "\t\t\t\t\t\t\t
    phase 1 plugins enabled:\n"; +print OUT "\t\t\t\t\t\t\t\n"; foreach my $plug ( sort @{$lynis_report_data{'plugin_enabled_phase1[]'}} ) { my ($n,$v) = split(/\|/, $plug); - print OUT "\t\t\t\t\t\t\n"; + print OUT "\t\t\t\t\t\t\t\t\n"; } -print OUT "\t\t\t\t\t
    name:$nversion:$v
    name:$nversion:$v
    \n"; -print OUT "
    \n"; +print OUT "\t\t\t\t\t\t
    report start time:$lynis_report_data{'report_datetime_start'}report end time:$lynis_report_data{'report_datetime_end'}
    hostid:$lynis_report_data{'hostid'}
    hostid:$lynis_report_data{'hostid2'}
    -
    -

    host info:

    - - - - - + + + + + + +
    hostname:$lynis_report_data{'hostname'}domainname:$lynis_report_data{'domainname'}resolv.conf domain:$lynis_report_data{'resolv_conf_domain'}
    os:$lynis_report_data{'os'}os fullname:$lynis_report_data{'os_fullname'}os_version:$lynis_report_data{'os_version'}
    GRSecurity:$to_bool{$lynis_report_data{'framework_grsecurity'}}SELinux:$to_bool{$lynis_report_data{'framework_selinux'}}memory:$lynis_report_data{'memory_size'} $lynis_report_data{'memory_units'}
    linux version:$lynis_report_data{'linux_version'}pae enabled:$to_bool{$lynis_report_data{'cpu_pae'}}nx enabled:$to_bool{$lynis_report_data{'cpu_nx'}}
    report start time:$lynis_report_data{'report_datetime_start'}report end time:$lynis_report_data{'report_datetime_end'}
    hostid:$lynis_report_data{'hostid'}
    hostid:$lynis_report_data{'hostid2'}
    + +
    +

    host info:

    +
    + + + + + END -print OUT "\t\t\t\n"; +print OUT "\t\t\t\t\t\n"; print OUT < - -
    hostname:$lynis_report_data{'hostname'}domainname:$lynis_report_data{'domainname'}resolv.conf domain:$lynis_report_data{'resolv_conf_domain'}
    os:$lynis_report_data{'os'}os fullname:$lynis_report_data{'os_fullname'}os_version:$lynis_report_data{'os_version'}
    GRSecurity:$to_bool{$lynis_report_data{'framework_grsecurity'}}SELinux:$to_bool{$lynis_report_data{'framework_selinux'}}memory:$lynis_report_data{'memory_size'} $lynis_report_data{'memory_units'}
    linux version:$lynis_report_data{'linux_version'}pae enabled:$to_bool{$lynis_report_data{'cpu_pae'}}nx enabled:$to_bool{$lynis_report_data{'cpu_nx'}}
    network interfaces:".join("
    \n", @{$lynis_report_data{'network_interface[]'}})."    		ipv4 addresses:".join("
    \n", @{$lynis_report_data{'network_ipv4_address[]'}})."    		ipv6 addresses:".join("
    \n", @{$lynis_report_data{'network_ipv6_address[]'}})."
    network interfaces:".join("
    \n", @{$lynis_report_data{'network_interface[]'}})."    		ipv4 addresses:".join("
    \n", @{$lynis_report_data{'network_ipv4_address[]'}})."    		ipv6 addresses:".join("
    \n", @{$lynis_report_data{'network_ipv6_address[]'}})."
    kernel version:$lynis_report_data{'linux_kernel_version'}kernel release version:$lynis_report_data{'linux_kernel_release'}uptime (days):$lynis_report_data{'uptime_in_days'}
    vm:$to_bool{$lynis_report_data{'vm'}}vm_type:$lynis_report_data{'vmtype'}uptime (secs):$lynis_report_data{'uptime_in_seconds'}
    + kernel version:$lynis_report_data{'linux_kernel_version'}kernel release version:$lynis_report_data{'linux_kernel_release'}uptime (days):$lynis_report_data{'uptime_in_days'} + vm:$to_bool{$lynis_report_data{'vm'}}vm_type:$lynis_report_data{'vmtype'}uptime (secs):$lynis_report_data{'uptime_in_seconds'} + +
    + @@ -264,3 +286,24 @@ foreach my $idx ( sort @indexes ) { delete($lynis_report_data{$idx}); } print Dumper(\%lynis_report_data); + +############################################################################### +# subs +############################################################################### +sub usage { + print <