diff --git a/lynis_report.pl b/lynis_report.pl index 57f185c..a18e3b8 100755 --- a/lynis_report.pl +++ b/lynis_report.pl @@ -73,6 +73,10 @@ while (my $line = ) { } close RPT or die colored("There was a problem closing the lynis report: $! \n", "bold red"); +@{$lynis_report_data{'automation_tool_running[]'}} = &dedup_array(@{$lynis_report_data{'automation_tool_running[]'}}); + +my $pass_score = &calc_password_complexity_score; + my (%warnings, %suggestions); #foreach my $warn ( sort @{$lynis_report_data{'warning[]'}} ) { # my ($warn_id,$descr, $sev, $field4) = split(/\|/, $warn); @@ -115,20 +119,36 @@ print OUT < +

lynis Asset Report

-

created by lynis_report

+

created by lynis_report

@@ -241,7 +261,13 @@ print OUT < - +END +if ((defined($lynis_report_data{'license_key'})) and ($lynis_report_data{'license_key'} ne "")) { + print OUT "\n\n\n\n\n\n\n"; +} else { + print OUT "\n\n\n\n\n\n\n"; +} +print OUT < @@ -277,7 +303,13 @@ print OUT < - +END +if ((defined($lynis_report_data{'resolv_conf_domain'})) and ($lynis_report_data{'resolv_conf_domain'} ne "")) { + print OUT "\t\t\t\t\t\t\n"; +} else { + print OUT "\t\t\t\t\t\t\n"; +} +print OUT < @@ -294,9 +326,6 @@ print OUT <pae enabled: -END -print OUT "\t\t\t\t\t\n"; -print OUT < @@ -319,10 +348,18 @@ print OUT <IPv6 Mode: +END +print OUT "\t\t\t\t\t\n"; +print OUT "\t\t\t\t\t\n"; +print OUT "\t\t\t\t\t\n"; +print OUT < END -if (ref($lynis_report_data{'network_mac_address[]'})) { +#print STDERR "Should be ARRAY: |".ref($lynis_report_data{'network_mac_address[]'})."|\n"; +if (ref($lynis_report_data{'network_mac_address[]'}) eq "ARRAY") { print OUT "\t\t\t\t\t\t\n"; +} elsif ((defined($lynis_report_data{'network_mac_address[]'})) and ($lynis_report_data{'network_mac_address[]'} ne "")) { + print OUT "\t\t\t\t\t\t\n"; } else { print OUT "\t\t\t\t\t\t\n"; } @@ -367,13 +404,13 @@ print OUT <Package Audit Tools Found: - + - - + + @@ -382,36 +419,163 @@ print OUT <Maximum Password Retries: +END +printf OUT "\t\t\t\t\t\t\n", $pass_score; +print OUT <PAM Cracklib Found: - - + + + + +END +print OUT "\t\t\t\t\t\t\n"; +print OUT < + + + + +
lynis infohost info
lynis update available:$to_bool{$lynis_report_data{'lynis_update_available'}}license key:$lynis_report_data{'license_key'}license key:$lynis_report_data{'license_key'}license key: 
report version:$lynis_report_data{'report_version_major'}.$lynis_report_data{'report_version_minor'}hostname:$lynis_report_data{'hostname'} domainname:$lynis_report_data{'domainname'}resolv.conf domain:$lynis_report_data{'resolv_conf_domain'}resolv.conf domain:$lynis_report_data{'resolv_conf_domain'}resolv.conf domain: 
os:$lynis_report_data{'os'}$to_bool{$lynis_report_data{'cpu_pae'}} nx enabled:$to_bool{$lynis_report_data{'cpu_nx'}}
network interfaces:".join("
\n", @{$lynis_report_data{'network_interface[]'}})."		ipv4 addresses:".join("
\n", @{$lynis_report_data{'network_ipv4_address[]'}})."		ipv6 addresses:".join("
\n", @{$lynis_report_data{'network_ipv6_address[]'}})."
$lynis_report_data{'ipv6_mode'} IPv6 Only:$to_bool{$lynis_report_data{'ipv6_only'}}
network interfaces:".join("
\n", @{$lynis_report_data{'network_interface[]'}})."
ipv4 addresses:".join("
\n", @{$lynis_report_data{'network_ipv4_address[]'}})."
ipv6 addresses:".join("
\n", @{$lynis_report_data{'network_ipv6_address[]'}})."
MAC Address:".join("
\n", @{$lynis_report_data{'network_mac_address[]'}})."		MAC Address:$lynis_report_data{'network_mac_address[]'}MAC Address: $to_bool{$lynis_report_data{'package_audit_tool_found'}} Package Audit Tool:$lynis_report_data{'package_audit_tool'} Vulnerable Packages Found:$lynis_report_data{'vulnerable_packages_found'}IDS/IPS Tooling$lynis_report_data{'ids_ips_tooling[]'}Package Manager:$lynis_report_data{'package_manager[]'}
LDAP PAM Module Enabled:$to_bool{$lynis_report_data{'ldap_pam_enabled'}} Two-Factor Authentication Enabled:$to_bool{$lynis_report_data{'authentication_two_factor_enabled'}} Two-Factor Authentication Required:$to_bool{$lynis_report_data{'authentication_two_factor_required'}}Failed Logins Logged:$lynis_report_data{'auth_failed_logins_logged'}LDAP PAM Module Enabled:$to_bool{$lynis_report_data{'ldap_pam_enabled'}}LDAP Auth Enabled:$to_bool{$lynis_report_data{'ldap_auth_enabled'}}
Minimum Password Length:$lynis_report_data{'minimum_password_length'}$lynis_report_data{'max_password_retry'}
Password Complexity Score:%#b$to_bool{$lynis_report_data{'pam_cracklib'}} Password Strength Tested:$to_bool{$lynis_report_data{'password_strength_tested'}}Malware Scanner Installed:$to_bool{$lynis_report_data{'malware_scanner_installed'}}File Integrity Tool Installed:$to_bool{$lynis_report_data{'file_integrity_tool_installed'}}Failed Logins Logged:$lynis_report_data{'auth_failed_logins_logged'}
File Integrity Tool Installed:$to_bool{$lynis_report_data{'file_integrity_tool_installed'}}File Integrity Tool:$lynis_report_data{'file_integrity_tool'}Automation Tool Present:$to_bool{$lynis_report_data{'automation_tool_present'}}Automation Tool:".join("
\n", @{$lynis_report_data{'automation_tool_running[]'}})."
Malware Scanner Installed:$to_bool{$lynis_report_data{'malware_scanner_installed'}}IDS/IPS Tooling$lynis_report_data{'ids_ips_tooling[]'}
-

PAM Modules:

- +

PAM Modules:

> show < +
END -for (my $i=0;$i"; - print OUT "\n"; +my $arrlen = scalar(@{$lynis_report_data{'pam_module[]'}}); +#print "ARRLEN: $arrlen \n"; +if (($arrlen % 5) == 0) { + print "ARRLEN divisible by 5. \n"; +} elsif (($arrlen % 4) == 0) { + print "ARRLEN divisible by 4. \n"; +} elsif (($arrlen % 3) == 0) { + #print "ARRLEN divisible by 3. \n"; + for (my $i=0;$i<$arrlen;$i+=3) { + print OUT "\t\t\t\t\t\n"; + } +} elsif (($arrlen % 2) == 0) { + #print "ARRLEN divisible by 2. \n"; + for (my $i=0;$i<$arrlen;$i+=2) { + print OUT "\t\t\t\t\t\n"; + } +} else { + die "ARRLEN appears to be number with a divisor larger than 5 or 1 ($arrlen) \n"; } print OUT < +
${$lynis_report_data{'pam_module[]'}}[$i]${$lynis_report_data{'pam_module[]'}}[($i + 1)]${$lynis_report_data{'pam_module[]'}}[($i + 2)]${$lynis_report_data{'pam_module[]'}}[($i + 3)]
${$lynis_report_data{'pam_module[]'}}[$i]${$lynis_report_data{'pam_module[]'}}[($i + 1)]${$lynis_report_data{'pam_module[]'}}[($i + 2)]
${$lynis_report_data{'pam_module[]'}}[$i]${$lynis_report_data{'pam_module[]'}}[($i + 1)]
+
-

kernel info:

+

kernel info:

+ - + + + + +
kernel version:$lynis_report_data{'linux_kernel_version'} full kernel version:$lynis_report_data{'os_kernel_version_full'}
kernel version:$lynis_report_data{'linux_kernel_version'} kernel release version:$lynis_report_data{'linux_kernel_release'}kernel IO scheduler:$lynis_report_data{'linux_kernel_io_scheduler[]'}
linux kernel type:$lynis_report_data{'linux_kernel_type'}
+

kernel modules loaded:

> show < +