diff --git a/lynis-report-converter.pl b/lynis-report-converter.pl index 01a7382..9ccbd9d 100755 --- a/lynis-report-converter.pl +++ b/lynis-report-converter.pl @@ -38,20 +38,25 @@ my %systemd_uf_status_color = ( if ($json) { $quiet = 1; } -my ($basename, $path, $suffix, $htmldoc); +my ($basename, $path, $suffix, $htmldoc, $format); if ($excel) { $output = 'report.xlsx' unless ((defined($output)) and ($output ne "")); + $format = 'excel'; } elsif ($pdf) { $output = 'report.pdf' unless ((defined($output)) and ($output ne '')); $htmldoc = "$$.html"; + $format = 'pdf'; } elsif ($json) { $output = undef unless ((defined($output)) and ($output ne '')); + $format = 'json'; } elsif ($xml) { $output = 'report.xml' unless ((defined($output)) and ($output ne '')); + $format = 'xml'; } else { $output = "report.html" unless ((defined($output)) and ($output ne "")); - $htmldoc = $output + $htmldoc = $output; + $format = 'html'; } my $lynis_log = '/var/log/lynis.log'; @@ -86,6 +91,9 @@ unless ($quiet) { print "\n"; } +# Handle inconsistent keys +&pop_inconsistent_keys($format, \%lynis_report_data); + # the report is easy to process, and actually doesn't contain the "audit findings"....just the data. # but it is not our job to draw conclusions here, just present the findings of the tool. open RPT, "<$lynis_report" or die colored("There was a problem opening the lynis report: $! \n", "bold red"); @@ -1108,26 +1116,24 @@ END END - if (exists($lynis_report_data{'warning[]'})) { - if (ref($lynis_report_data{'warning[]'}) eq 'ARRAY') { - if (${$lynis_report_data{'warning[]'}}[0] =~ /\|/) { # more than one - foreach my $warn ( sort @{$lynis_report_data{'warning[]'}} ) { - my ($warn_id,$warn_desc,$warn_sev,$warn_f4) = split(/\|/, $warn); - print OUT "\t\t\t\t\t\n"; - } - } elsif (${$lynis_report_data{'warning[]'}}[0] =~ /[A-Z]{4}\-\d{4}/) { # one warning - print colored(Dumper(\@{$lynis_report_data{'warning[]'}})."\n", "bold green") if ($verbose); - my $warn_id = ${$lynis_report_data{'warning[]'}}[0]; - my $warn_desc = ${$lynis_report_data{'warning[]'}}[1]; - my $warn_sev = ${$lynis_report_data{'warning[]'}}[2]; - my $warn_f4 = ${$lynis_report_data{'warning[]'}}[3]; + if (ref($lynis_report_data{'warning[]'}) eq 'ARRAY') { + if (${$lynis_report_data{'warning[]'}}[0] =~ /\|/) { # more than one + foreach my $warn ( sort @{$lynis_report_data{'warning[]'}} ) { + my ($warn_id,$warn_desc,$warn_sev,$warn_f4) = split(/\|/, $warn); print OUT "\t\t\t\t\t\n"; - } else { - die colored("Unexpected ARRAY format! \n", "bold red"); } + } elsif (${$lynis_report_data{'warning[]'}}[0] =~ /[A-Z]{4}\-\d{4}/) { # one warning + print colored(Dumper(\@{$lynis_report_data{'warning[]'}})."\n", "bold green") if ($verbose); + my $warn_id = ${$lynis_report_data{'warning[]'}}[0]; + my $warn_desc = ${$lynis_report_data{'warning[]'}}[1]; + my $warn_sev = ${$lynis_report_data{'warning[]'}}[2]; + my $warn_f4 = ${$lynis_report_data{'warning[]'}}[3]; + print OUT "\t\t\t\t\t\n"; } else { - die colored("warning[] not ARRAY ref!: ".ref($lynis_report_data{'warning[]'})."\n", "bold red"); + die colored("Unexpected ARRAY format! \n", "bold red"); } + } else { + die colored("warning[] not ARRAY ref!: ".ref($lynis_report_data{'warning[]'})."\n", "bold red"); } print OUT < @@ -1218,11 +1224,7 @@ END warn colored("Unexpected result from lynis update available check!\n", "yellow"); print Dumper($lynis_report_data{'lynis_update_available'}); } - if ((defined($lynis_report_data{'license_key'})) and ($lynis_report_data{'license_key'} ne "")) { - print OUT "\n\n\n\n\n\n\n"; - } else { - print OUT "\n\n\n\n\n\n\n"; - } + print OUT "\n\n\n\n\n\n\n"; print OUT < @@ -1256,10 +1258,8 @@ END END - if (exists($lynis_report_data{'plugin_firewall_iptables_list'})) { - if (ref($lynis_report_data{'plugin_firewall_iptables_list'}) eq 'ARRAY') { - print OUT "\t\t\t\t\t\n"; - } + if (ref($lynis_report_data{'plugin_firewall_iptables_list'}) eq 'ARRAY') { + print OUT "\t\t\t\t\t\n"; } print OUT "\t\t\t\t
Warning IDDescriptionSeverityF4
$warn_id$warn_desc$to_long_severity{$warn_sev}$warn_f4
$warn_id$warn_desc$to_long_severity{$warn_sev}$warn_f4
$warn_id$warn_desc$to_long_severity{$warn_sev}$warn_f4
license key:$lynis_report_data{'license_key'}license key: license key:$lynis_report_data{'license_key'}
hostid:$lynis_report_data{'hostid'}
hostid:$lynis_report_data{'hostid2'}
Plugin-firewall iptables list:".join("
\n", @{$lynis_report_data{'plugin_firewall_iptables_list'}})."
Plugin-firewall iptables list:".join("
\n", @{$lynis_report_data{'plugin_firewall_iptables_list'}})."
\n"; if ((exists($lynis_report_data{'plugin_processes_allprocesses'})) and ($lynis_report_data{'plugin_processes_allprocesses'} ne "")) { @@ -1325,67 +1325,39 @@ END END if ((defined($lynis_report_data{'vmtype'})) and ($lynis_report_data{'vmtype'} ne "")) { print OUT "\t\t\t\t\t\tvm_type:$lynis_report_data{'vmtype'}\n"; - } else{ + } else { print OUT "\t\t\t\t\t\tvm_type: \n"; } print OUT <uptime (secs):$lynis_report_data{'uptime_in_seconds'} END - if (exists($lynis_report_data{'notebook'})) { - print OUT "is notebook/laptop:$to_bool{$lynis_report_data{'notebook'}}"; - } else { - print OUT "is notebook/laptop: "; - } - if (exists($lynis_report_data{'container'})) { - print OUT "is Docker container:$to_bool{$lynis_report_data{'container'}}\n"; - } else { - print OUT "is Docker container: \n"; - } + print OUT "is notebook/laptop:$to_bool{$lynis_report_data{'notebook'}}"; + print OUT "is Docker container:$to_bool{$lynis_report_data{'container'}}\n"; print OUT < binary paths:$lynis_report_data{'binary_paths'} END - if (exists($lynis_report_data{'valid_certificate[]'})) { - if (ref($lynis_report_data{'valid_certificate[]'}) eq 'ARRAY') { - print OUT "\t\t\t\t\t\tvalid certificates:".join("
\n",@{$lynis_report_data{'valid_certificate[]'}})."\n"; - } else { - print OUT "\t\t\t\t\t\tvalid certificates:$lynis_report_data{'valid_certificate[]'}\n"; - } + if (ref($lynis_report_data{'valid_certificate[]'}) eq 'ARRAY') { + print OUT "\t\t\t\t\t\tvalid certificates:".join("
\n",@{$lynis_report_data{'valid_certificate[]'}})."\n"; } else { - print OUT "\t\t\t\t\t\tvalid certificates: \n"; + print OUT "\t\t\t\t\t\tvalid certificates:$lynis_report_data{'valid_certificate[]'}\n"; } print OUT < END - if (exists($lynis_report_data{'usb_authorized_default_device[]'})) { - print OUT "\t\t\t\t\t\tauthorized default USB devices:".join("
\n", @{$lynis_report_data{'usb_authorized_default_device[]'}})."\n"; - } else { - print OUT "\t\t\t\t\t\tauthorized default USB devices: \n"; - } - if (exists($lynis_report_data{'expired_certificate[]'})) { - print OUT "\t\t\t\t\t\texpired certificates:".join("
\n", @{$lynis_report_data{'expired_certificate[]'}})."\n"; - } else { - print OUT "\t\t\t\t\t\texpired certificates: \n"; - } + print OUT "\t\t\t\t\t\tauthorized default USB devices:".join("
\n", @{$lynis_report_data{'usb_authorized_default_device[]'}})."\n"; + print OUT "\t\t\t\t\t\texpired certificates:".join("
\n", @{$lynis_report_data{'expired_certificate[]'}})."\n"; print OUT < END - if (exists($lynis_report_data{'certificates'})) { - print OUT "\t\t\t\t\t\tcertificate count:$lynis_report_data{'certificates'}\n"; + print OUT "\t\t\t\t\t\tcertificate count:$lynis_report_data{'certificates'}\n"; + if (ref($lynis_report_data{'certificate[]'}) eq 'ARRAY') { + print OUT "\t\t\t\t\t\tcertificates:".join("
\n", @{$lynis_report_data{'certificate[]'}})."\n"; } else { - print OUT "\t\t\t\t\t\tcertificate count:0\n"; - } - if (exists($lynis_report_data{'certificate[]'})) { - if (ref($lynis_report_data{'certificate[]'}) eq 'ARRAY') { - print OUT "\t\t\t\t\t\tcertificates:".join("
\n", @{$lynis_report_data{'certificate[]'}})."\n"; - } else { - print OUT "\t\t\t\t\t\tcertificates:$lynis_report_data{'certificate[]'}\n"; - } - } else { - print OUT "\t\t\t\t\t\tcertificates: \n"; + print OUT "\t\t\t\t\t\tcertificates:$lynis_report_data{'certificate[]'}\n"; } print OUT < @@ -1421,18 +1393,16 @@ END } else { print OUT "syslog daemon detected:$to_bool{$lynis_report_data{'syslog_daemon_present'}}\n"; } - if (exists($lynis_report_data{'syslog_daemon[]'})) { - print OUT < syslog daemon(s): END - if (ref($lynis_report_data{'syslog_daemon[]'}) eq 'ARRAY') { - print OUT "\t\t\t\t\t\t".join("
\n", @{$lynis_report_data{'syslog_daemon[]'}})."\n"; - } else { - print OUT "\t\t\t\t\t\t$lynis_report_data{'syslog_daemon[]'}\n"; - } - print OUT "\t\t\t\t\t\n"; + if (ref($lynis_report_data{'syslog_daemon[]'}) eq 'ARRAY') { + print OUT "\t\t\t\t\t\t".join("
\n", @{$lynis_report_data{'syslog_daemon[]'}})."\n"; + } else { + print OUT "\t\t\t\t\t\t$lynis_report_data{'syslog_daemon[]'}\n"; } + print OUT "\t\t\t\t\t\n"; print OUT <
@@ -1479,9 +1449,7 @@ END END print OUT "\t\t\t\t\tnetwork interfaces:".join("
\n", @{$lynis_report_data{'network_interface[]'}})."\n"; - if (exists($lynis_report_data{'localhost-mapped-to'})) { - print OUT "\t\t\t\t\t\tlocalhost mapped to:$lynis_report_data{'localhost-mapped-to'}\n"; - } + print OUT "\t\t\t\t\t\tlocalhost mapped to:$lynis_report_data{'localhost-mapped-to'}\n"; print OUT "\t\t\t\t\tipv4 addresses:".join("
\n", @{$lynis_report_data{'network_ipv4_address[]'}})."\n"; print OUT "\t\t\t\t\tipv6 addresses:".join("
\n", @{$lynis_report_data{'network_ipv6_address[]'}})."\n"; print OUT "\t\t\t\t\tDefault Gateway$lynis_report_data{'default_gateway[]'}\n"; @@ -1507,14 +1475,10 @@ END resolv.conf search domain: END - if (exists($lynis_report_data{'resolv_conf_search_domain[]'})) { - if (ref($lynis_report_data{'resolv_conf_search_domain[]'}) eq 'ARRAY') { - print OUT "\t\t\t\t\t\t".join("
\n",@{$lynis_report_data{'resolv_conf_search_domain[]'}})."\n"; - } else { - print OUT "\t\t\t\t\t\t$lynis_report_data{'resolv_conf_search_domain[]'}\n"; - } + if (ref($lynis_report_data{'resolv_conf_search_domain[]'}) eq 'ARRAY') { + print OUT "\t\t\t\t\t\t".join("
\n",@{$lynis_report_data{'resolv_conf_search_domain[]'}})."\n"; } else { - print OUT "\t\t\t\t\t\t \n"; + print OUT "\t\t\t\t\t\t$lynis_report_data{'resolv_conf_search_domain[]'}\n"; } print OUT < @@ -1593,11 +1557,7 @@ END print OUT "\t\t\t\t\t\tPAM Cracklib Found:$to_bool{$lynis_report_data{'pam_cracklib'}}\n"; $lynis_report_data{'password_strength_tested'} = 0 if ((!defined($lynis_report_data{'password_strength_tested'})) or ($lynis_report_data{'password_strength_tested'} eq '')); print OUT "\t\t\t\t\t\tPassword Strength Tested:$to_bool{$lynis_report_data{'password_strength_tested'}}\n"; - if (exists($lynis_report_data{'pam_pwquality'})) { - print OUT "\t\t\t\t\t\tPAM Password Quality:$lynis_report_data{'pam_pwquality'}\n"; - } else { - print OUT "\t\t\t\t\t\tPAM Password Quality: \n"; - } + print OUT "\t\t\t\t\t\tPAM Password Quality:$lynis_report_data{'pam_pwquality'}\n"; print OUT < @@ -1617,51 +1577,34 @@ END Malware Scanner Installed:$to_bool{$lynis_report_data{'malware_scanner_installed'}} END - if (exists($lynis_report_data{'malware_scanner[]'})) { - if (ref($lynis_report_data{'malware_scanner[]'}) eq 'ARRAY') { - print OUT "\t\t\t\t\t\tMalware Scanner(s):".join("
\n", @{$lynis_report_data{'malware_scanner[]'}})."\n"; - } else { - print OUT "\t\t\t\t\t\tMalware Scanner(s):$lynis_report_data{'malware_scanner[]'}\n"; - } + if (ref($lynis_report_data{'malware_scanner[]'}) eq 'ARRAY') { + print OUT "\t\t\t\t\t\tMalware Scanner(s):".join("
\n", @{$lynis_report_data{'malware_scanner[]'}})."\n"; } else { - print OUT "\t\t\t\t\t\tMalware Scanner(s): \n"; + print OUT "\t\t\t\t\t\tMalware Scanner(s):$lynis_report_data{'malware_scanner[]'}\n"; } - print OUT <compiler installed:$to_bool{$lynis_report_data{'compiler_installed'}} END - if (exists($lynis_report_data{'compiler[]'})) { - if (ref($lynis_report_data{'compiler[]'}) eq 'ARRAY') { - print OUT "\t\t\t\t\t\tcompilers:".join("
\n", @{$lynis_report_data{'compiler[]'}})."\n"; - } else { - print OUT "\t\t\t\t\t\tcompilers:$lynis_report_data{'compiler[]'}\n"; - } + if (ref($lynis_report_data{'compiler[]'}) eq 'ARRAY') { + print OUT "\t\t\t\t\t\tcompilers:".join("
\n", @{$lynis_report_data{'compiler[]'}})."\n"; } else { - print OUT "\t\t\t\t\t\tcompilers: \n"; + print OUT "\t\t\t\t\t\tcompilers:$lynis_report_data{'compiler[]'}\n"; } print OUT < END - if (exists($lynis_report_data{'ids_ips_tooling[]'})) { - print OUT "\t\t\t\t\t\tIDS/IPS Tooling$lynis_report_data{'ids_ips_tooling[]'}\n"; - } else { - print OUT "\t\t\t\t\t\tIDS/IPS Tooling \n"; - } + print OUT "\t\t\t\t\t\tIDS/IPS Tooling$lynis_report_data{'ids_ips_tooling[]'}\n"; print OUT "\t\t\t\t\t\tFailed Logins Logged:$lynis_report_data{'auth_failed_logins_logged'}\n"; - if (exists($lynis_report_data{'fail2ban_config'})) { - if (ref($lynis_report_data{'fail2ban_config'}) eq 'ARRAY') { - print OUT "\t\t\t\t\t\tfail2ban config file(s):".join("
\n", @{$lynis_report_data{'fail2ban_config'}})."\n"; - } else { - print OUT "\t\t\t\t\t\tfail2ban config file(s):$lynis_report_data{'fail2ban_config'}\n"; - } + if (ref($lynis_report_data{'fail2ban_config'}) eq 'ARRAY') { + print OUT "\t\t\t\t\t\tfail2ban config file(s):".join("
\n", @{$lynis_report_data{'fail2ban_config'}})."\n"; + } else { + print OUT "\t\t\t\t\t\tfail2ban config file(s):$lynis_report_data{'fail2ban_config'}\n"; } - if (exists($lynis_report_data{'fail2ban_enabled_service[]'})) { - if (ref($lynis_report_data{'fail2ban_enabled_service[]'}) eq 'ARRAY') { - print OUT "\t\t\t\t\t\tfail2ban enabled service(s):".join("
\n", @{$lynis_report_data{'fail2ban_enabled_service[]'}})."\n"; - } else { - print OUT "\t\t\t\t\t\tfail2ban enabled service(s):$lynis_report_data{'fail2ban_enabled_service[]'}\n"; - } + if (ref($lynis_report_data{'fail2ban_enabled_service[]'}) eq 'ARRAY') { + print OUT "\t\t\t\t\t\tfail2ban enabled service(s):".join("
\n", @{$lynis_report_data{'fail2ban_enabled_service[]'}})."\n"; + } else { + print OUT "\t\t\t\t\t\tfail2ban enabled service(s):$lynis_report_data{'fail2ban_enabled_service[]'}\n"; } print OUT "\n"; print OUT "AppArmor Enabled:$to_bool{$lynis_report_data{'apparmor_enabled'}}\n"; @@ -1686,18 +1629,16 @@ END

PAM Modules:

> show <