diff --git a/lynis_report.pl b/lynis_report.pl old mode 100644 new mode 100755 index abad960..0293ac2 --- a/lynis_report.pl +++ b/lynis_report.pl @@ -17,17 +17,57 @@ GetOptions( my $lynis_log = '/var/log/lynis.log'; my $lynis_report = '/var/log/lynis-report.dat'; my $audit_run = 0; #assume false -if ( -e $lynis_log and ! -z $lynis_log ) { +my %lynis_report_data; + +if (( -e $lynis_log) and ( ! -z $lynis_log )) { print colored("Found lynis output log. \n", "cyan") if ($verbose); $audit_run++; } -if ( -e $lynis_report and ! -z $lynis_report ) { +if (( -e $lynis_report) and ( ! -z $lynis_report )) { print colored("Found lynis report. \n", "cyan") if ($verbose); $audit_run++; } -if ($audit_run) and ($audit_run >= 1) { +if (($audit_run) and ($audit_run >= 1)) { print "Looks like the audit has been run. \n"; } else { print colored("Couldn't find one or more of the lynis output files. Try running the audit again. \n", "bold red"); } + +# the report is easy to process, and actually doesn't contain the "audit findings"....just the data. +# but it is not our job to draw conclusions here, just present the findings of the tool. +open RPT, "<$lynis_report" or die colored("There was a problem opening the lynis report: $! \n", "bold red"); +while (my $line = ) { + chomp($line); + my ($k, $v) = split(/=/, $line); + print "k=$k\n" if (($verbose) and ($verbose > 1)); + print "v=$v\n" if (($verbose) and ($verbose > 1)); + # if the key already exists, assume it's supposed to be an array value. Array values are handled a couple + # different ways in the lynis report. This is just one. + if (exists($lynis_report_data{$k})) { + if (ref($lynis_report_data{$k}) eq 'ARRAY') { + push @{$lynis_report_data{$k}}, $v; + } else { + my $tmp_v = $lynis_report_data{$k}; + undef($lynis_report_data{$k}); + push @{$lynis_report_data{$k}}, $tmp_v, $v; + } + } else { + $lynis_report_data{$k} = $v; + } +} +close RPT or die colored("There was a problem closing the lynis report: $! \n", "bold red"); + +# process "string array" values delimited by a pipe (|) +foreach my $key ( sort keys %lynis_report_data ) { + print "$key, ".ref($lynis_report_data{$key})." \n" if (($verbose) and ($verbose >= 1)); + if (((ref($lynis_report_data{$key}) ne 'ARRAY') and + (ref($lynis_report_data{$key}) ne 'HASH')) and + ($lynis_report_data{$key} =~ /\|/)) { + my @fs = split(/\|/, $lynis_report_data{$key}); + undef($lynis_report_data{$key}); + push @{$lynis_report_data{$key}}, @fs; + } +} + +print Dumper(\%lynis_report_data);