diff --git a/lynis_report.pl b/lynis_report.pl index 7f49841..8acf4a2 100755 --- a/lynis_report.pl +++ b/lynis_report.pl @@ -116,6 +116,8 @@ print OUT <lynis Asset Report

created by lynis_report

- + + + +
lynis infohost info
lynis infohost infonetwork infosecurity Info

-

host findings:

+

host findings:

END @@ -220,29 +225,35 @@ if ((exists($lynis_report_data{'manual[]'})) and (scalar(@{$lynis_report_data{'m print OUT "
  • $man
  • \n"; } } + +# It's easier to move stuff around if there is one cell (or cell group) per libe for the tables. Maybe this +# isn't ideal HTML writing, but it makes sense when writing the tool. print OUT <
    -

    lynis info:

    +

    lynis info:

    hardening index:
    - + + - + + - + + END print OUT "\t\t\t\t\t\t
    lynis version:$lynis_report_data{'lynis_version'}lynis tests done:$lynis_report_data{'lynis_tests_done'}lynis version:$lynis_report_data{'lynis_version'}lynis tests done:$lynis_report_data{'lynis_tests_done'}
    lynis update available:$to_bool{$lynis_report_data{'lynis_update_available'}}license key:$lynis_report_data{'license_key'}lynis update available:$to_bool{$lynis_report_data{'lynis_update_available'}}license key:$lynis_report_data{'license_key'}
    report version:$lynis_report_data{'report_version_major'}.$lynis_report_data{'report_version_minor'}
    number of plugins enabled:$lynis_report_data{'plugins_enabled'}plugin directory:$lynis_report_data{'plugin_directory'}number of plugins enabled:$lynis_report_data{'plugins_enabled'}plugin directory:$lynis_report_data{'plugin_directory'}
    phase 1 plugins enabled:\n"; -print OUT "\t\t\t\t\t\t\t\n"; +print OUT "\t\t\t\t\t\t\t
    \n"; foreach my $plug ( sort @{$lynis_report_data{'plugin_enabled_phase1[]'}} ) { my ($n,$v) = split(/\|/, $plug); print OUT "\t\t\t\t\t\t\t\t\n"; @@ -259,18 +270,140 @@ print OUT <
    -

    host info:

    +

    host info:

    name:$nversion:$v
    - - - - + + + + + + + + + + + + + + + + + + + + END print OUT "\t\t\t\t\t\n"; print OUT < - + + + + + + + + + +
    hostname:$lynis_report_data{'hostname'}domainname:$lynis_report_data{'domainname'}resolv.conf domain:$lynis_report_data{'resolv_conf_domain'}
    os:$lynis_report_data{'os'}os fullname:$lynis_report_data{'os_fullname'}os_version:$lynis_report_data{'os_version'}
    GRSecurity:$to_bool{$lynis_report_data{'framework_grsecurity'}}SELinux:$to_bool{$lynis_report_data{'framework_selinux'}}memory:$lynis_report_data{'memory_size'} $lynis_report_data{'memory_units'}
    linux version:$lynis_report_data{'linux_version'}pae enabled:$to_bool{$lynis_report_data{'cpu_pae'}}nx enabled:$to_bool{$lynis_report_data{'cpu_nx'}}
    hostname:$lynis_report_data{'hostname'}domainname:$lynis_report_data{'domainname'}resolv.conf domain:$lynis_report_data{'resolv_conf_domain'}
    os:$lynis_report_data{'os'}os fullname:$lynis_report_data{'os_fullname'}os_version:$lynis_report_data{'os_version'}
    GRSecurity:$to_bool{$lynis_report_data{'framework_grsecurity'}}SELinux:$to_bool{$lynis_report_data{'framework_selinux'}}memory:$lynis_report_data{'memory_size'} $lynis_report_data{'memory_units'}
    linux version:$lynis_report_data{'linux_version'}pae enabled:$to_bool{$lynis_report_data{'cpu_pae'}}nx enabled:$to_bool{$lynis_report_data{'cpu_nx'}}
    network interfaces:".join("
    \n", @{$lynis_report_data{'network_interface[]'}})."
    ipv4 addresses:".join("
    \n", @{$lynis_report_data{'network_ipv4_address[]'}})."
    ipv6 addresses:".join("
    \n", @{$lynis_report_data{'network_ipv6_address[]'}})."
    kernel version:$lynis_report_data{'linux_kernel_version'}kernel release version:$lynis_report_data{'linux_kernel_release'}uptime (days):$lynis_report_data{'uptime_in_days'}
    vm:$to_bool{$lynis_report_data{'vm'}}vm_type:$lynis_report_data{'vmtype'}uptime (secs):$lynis_report_data{'uptime_in_seconds'}
    uptime (days):$lynis_report_data{'uptime_in_days'}
    vm:$to_bool{$lynis_report_data{'vm'}}vm_type:$lynis_report_data{'vmtype'}uptime (secs):$lynis_report_data{'uptime_in_seconds'}
    + +
    +

    network info:

    +
    + + + + + + + + + + + + +
    Default Gateway$lynis_report_data{'default_gateway[]'}
    IPv6 Mode:$lynis_report_data{'ipv6_mode'}IPv6 Only:$to_bool{$lynis_report_data{'ipv6_only'}}
    MAC Address:$lynis_report_data{'network_mac_address[]'}Name Cache Used:$to_bool{$lynis_report_data{'name_cache_used'}}
    +

    Open Ports:

    + + +END + +foreach my $obj ( sort @{$lynis_report_data{'network_listen_port[]'}} ) { + my ($ipp,$proto,$daemon,$dunno) = split(/\|/, $obj); + my ($ip,$port); + my $colon_count = grep(/\:/, split(//, $ipp)); + if ($colon_count > 1) { + # must be an IPv6 address; + my @parts = split(/\:/, $ipp); + $port = pop(@parts); + $ip = join(":", @parts); + } else { + # must be IPv4 + ($ip,$port) = split(/\:/, $ipp); + } + print OUT "\t\t\t\t\t\n"; +} +print OUT < + +
    +

    security info:

    +
    +
    IP AddressPortProtocolDaemon/Process???
    $ip$port$proto$daemon$dunno
    + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    Host Firewall Installed:$to_bool{$lynis_report_data{'firewall_installed'}}Firewall Software:$lynis_report_data{'firewall_software'}Firewall Empty Ruleset:$to_bool{$lynis_report_data{'firewall_empty_ruleset'}}Firewall Active:$to_bool{$lynis_report_data{'firewall_active'}}
    Package Audit Tools Found:$to_bool{$lynis_report_data{'package_audit_tool_found'}}Package Audit Tool:$lynis_report_data{'package_audit_tool'}Vulnerable Packages Found:$lynis_report_data{'vulnerable_packages_found'}IDS/IPS Tooling$lynis_report_data{'ids_ips_tooling[]'}
    LDAP PAM Module Enabled:$to_bool{$lynis_report_data{'ldap_pam_enabled'}}Two-Factor Authentication Enabled:$to_bool{$lynis_report_data{'authentication_two_factor_enabled'}}Two-Factor Authentication Required:$to_bool{$lynis_report_data{'authentication_two_factor_required'}}Failed Logins Logged:$lynis_report_data{'auth_failed_logins_logged'}
    Minimum Password Length:$lynis_report_data{'minimum_password_length'}Maximum Password Days:$lynis_report_data{'password_max_days'}Minimum Password Days:$lynis_report_data{'password_min_days'}Maximum Password Retries:$lynis_report_data{'max_password_retry'}
    PAM Cracklib Found:$to_bool{$lynis_report_data{'pam_cracklib'}}Password Strength Tested:$to_bool{$lynis_report_data{'password_strength_tested'}}Malware Scanner Installed:$to_bool{$lynis_report_data{'malware_scanner_installed'}}File Integrity Tool Installed:$to_bool{$lynis_report_data{'file_integrity_tool_installed'}}
    +

    PAM Modules:

    + +END +for (my $i=0;$i"; + print OUT "\n"; +} +print OUT < + +
    +

    kernel info:

    +
    +
    ${$lynis_report_data{'pam_module[]'}}[$i]${$lynis_report_data{'pam_module[]'}}[($i + 1)]${$lynis_report_data{'pam_module[]'}}[($i + 2)]${$lynis_report_data{'pam_module[]'}}[($i + 3)]
    + + + + + + +
    full kernel version:$lynis_report_data{'os_kernel_version_full'}
    kernel version:$lynis_report_data{'linux_kernel_version'}kernel release version:$lynis_report_data{'linux_kernel_release'}
    @@ -279,9 +412,9 @@ print OUT <