#!/bin/sh

#################################################################################
#
#   Lynis
# ------------------
#
# Copyright 2007-2013, Michael Boelen
# Copyright 2013-2016, CISOfy
#
# Website  : https://cisofy.com
# Blog     : http://linux-audit.com
# GitHub   : https://github.com/CISOfy/lynis
#
# Lynis comes with ABSOLUTELY NO WARRANTY. This is free software, and you are
# welcome to redistribute it under the terms of the GNU General Public License.
# See LICENSE file for usage of this software.
#
#################################################################################
#
# Parameter checks
#
#################################################################################
#
    # Check number of parameters submitted (at least one is needed)
    PARAMCOUNT=$#
    while [ $# -ge 1 ]; do
        case $1 in
            # Helpers first
            audit)
                CHECK_BINARIES=0
                RUN_HELPERS=1
                HELPER="audit"
                SKIP_PLUGINS=1
                RUN_TESTS=0
                if [ ! $2 = "" ]; then
                    case $2 in
                        "dockerfile")
                            if [ "$3" = "" ]; then
                                echo "${RED}Error: ${WHITE}Missing file name or URL${NORMAL}"
                                echo "Example: $0 audit dockerfile /root/Dockerfile"
                                ExitFatal
                              else
                                shift; shift
                                HELPER_PARAMS="$1 $2 $3"
                                HELPER="audit_dockerfile"
                                break
                            fi
                        ;;
                        "system")
                            if [ "$3" = "remote" ]; then
                                shift
                                if [ "$3" = "" ]; then
                                    echo "${RED}Error: ${WHITE}Missing remote location${NORMAL}"
                                    echo "Example: $0 audit system remote 192.168.1.100"
                                    ExitFatal
                                  else
                                    REMOTE_TARGET="$3"
                                    shift; shift; shift  # shift out first three arguments
                                    EXTRA_PARAMS=""
                                    if [ ! "$1" = "" ]; then EXTRA_PARAMS=" $@"; fi
                                    # --quick is added to be non-interactive
                                    REMOTE_COMMAND="./lynis audit system --quick${EXTRA_PARAMS}"
                                    echo ""
                                    echo "  How to perform a remote scan:"
                                    echo "  ============================="
                                    echo "  Target  : ${REMOTE_TARGET}"
                                    echo "  Command : ${REMOTE_COMMAND}"
                                    HELPER="system_remote_scan"
                                    HELPER_PARAMS="$@"
                                    CHECK_BINARIES=0
                                    QUIET=1
                                    RUN_HELPERS=1
                                    SKIP_PLUGINS=1
                                    RUN_TESTS=0
                                    SHOW_PROGRAM_DETAILS=0
                                    break
                                fi
                            fi
                            CHECK=1
                            CHECK_BINARIES=1
                            HELPER=""
                            SKIP_PLUGINS=0
                            RUN_TESTS=1
                            shift
                        ;;
                    esac
                  else
                    echo "${RED}Error: ${WHITE}Need a target to audit${NORMAL}"
                    echo " "
                    echo "Examples:"
                    echo "lynis audit dockerfile"
                    echo "lynis audit system"
                    ExitFatal
                fi
            ;;

            # Configure Lynis
            configure)
                CHECK_BINARIES=0
                RUN_HELPERS=1
                QUIET=1
                SKIP_PLUGINS=1
                RUN_TESTS=0
                SHOW_PROGRAM_DETAILS=0
                if [ $# -gt 0 ]; then shift; fi
                HELPER="configure"
                HELPER_PARAMS="$@"
                break
            ;;

            # Show Lynis details
            show)
                CHECK_BINARIES=0
                RUN_HELPERS=1
                HELPER="show"
                RUN_TESTS=0
                SKIP_PLUGINS=1
                SHOW_TOOL_TIPS=0
                QUIET=1
                SHOW_PROGRAM_DETAILS=0
                shift
                HELPER_PARAMS="$1 $2"
                break
            ;;

            update)
                CHECK_BINARIES=0
                RUN_HELPERS=1
                HELPER="update"
                QUIET=1
                SKIP_PLUGINS=1
                RUN_TESTS=0
                SHOW_PROGRAM_DETAILS=0
                if [ ! $2 = "" ]; then
                    shift
                    HELPER_PARAMS="$1 $2"
                    break
                  else
                    echo "${RED}Error: ${WHITE}Need a target for update${NORMAL}"
                    echo " "
                    echo "Examples:"
                    echo "lynis update info"
                    echo "lynis update release"
                    ExitFatal
                fi
            ;;

            # Assign auditor to report
            --auditor)
                shift
                AUDITORNAME=$1
            ;;

            # Perform tests (deprecated, use audit system)
            --check-all | --checkall | -c)
                # echo "Usage of option -c is deprecated. Please use: lynis audit system [options]"
                CHECK=1
            ;;

            # Cronjob support
            --cronjob | --cron)
                CRONJOB=1
                CHECK=1; QUICKMODE=1; NEVERBREAK=1 # Use some defaults (-c, -Q, no colors)
                NORMAL=""; WARNING=""; SECTION=""; NOTICE=""; OK=""; BAD=""; CYAN=""; MAGENTA=""; PURPLE=""; YELLOW=""; WHITE=""; GREEN=""; RED="" # Remove colors
            ;;

            # Perform tests with additional debugging information on screen
            --debug)
                DEBUG=1
            ;;

            # Developer mode (more details when creating tests)
            --developer)
                DEVELOPER_MODE=1
            ;;

            # Display all available options with short alias
            --dump-options | --dumpoptions)
                OPTIONS="--auditor
                         --check-all_(-c) --config --cronjob_(--cron)
                         --debug
                         --help_(-h)
                         --info
                         --license-key --log-file
                         --manpage_(--man)
                         --no-colors --no-log
                         --pentest --profile --plugins-dir
                         --quiet_(-q) --quick_(-Q)
                         --report-file --reverse-colors
                         --tests --tests-category
                         --upload
                         --version_(-V) --view-categories"
                for I in ${OPTIONS}; do
                    echo "${I}" | tr '_' ' '
                done
                ExitClean
            ;;

            # View help
            --help | -h | "-?")
                VIEWHELP=1
            ;;

            # View program/database information
            --check-update | --check-updates | --info)
                echo "This option is deprecated"
                echo "Use: lynis update info"
                ExitClean
            ;;

            # License key for Lynis Enterprise
            --license-key)
                shift
                LICENSE_KEY=$1
            ;;

            # Adjust default logfile location
            --logfile | --log-file)
                shift
                LOGFILE=$1
            ;;

            # Don't use colors
            --no-colors | --nocolors)
                COLORS=0
                BG_BLUE=""; NORMAL=""; WARNING=""; SECTION=""; NOTICE=""; OK=""; BAD=""; BLUE=""; CYAN=""; LIGHTBLUE=""; MAGENTA=""; PURPLE=""; YELLOW=""; WHITE=""; GREEN=""; RED=""
            ;;

            # Disable logging
            --no-log | --nolog)
                LOGFILE="/dev/null"
            ;;

            --pen-test | --pentest)
                PENTESTINGMODE=1
            ;;

            # Define a custom profile file
            --profile)
                shift
                SEARCH_PROFILES=$1
            ;;

            # Define a custom plugin directory
            --plugindir | --plugin-dir | --plugins-dir)
                shift
                PLUGINDIR=$1
                LASTCHAR=`echo $1 | awk '{ print substr($0, length($0))}'`
                if [ "${LASTCHAR}" = "/" ]; then
                    echo "${RED}Error:${WHITE} plugin directory path should not end with a slash${NORMAL}"
                    ExitCustom 65
                fi
                if [ ! -d ${PLUGINDIR} ]; then
                    echo "${RED}Error:${WHITE} invalid plugin directory ${PLUGINDIR}${NORMAL}"
                    ExitCustom 66
                fi
            ;;

            # Quiet mode
            --quiet | -q)
                QUIET=1
                QUICKMODE=1 # Run non-interactive
            ;;

            # Non-interactive mode
            --quick | -Q)
                QUICKMODE=1
            ;;

            # Define alternative report file
            --report-file)
                shift
                REPORTFILE=$1
            ;;

            # Strip the colors which aren't clearly visible on light backgrounds
            --reverse-colors)
                BLUE="${NORMAL}";
                SECTION="${NORMAL}";
                NOTICE="${NORMAL}";
                CYAN="${NORMAL}";
                GREEN="${NORMAL}";
                YELLOW="${NORMAL}";
                WHITE="${NORMAL}";
                PURPLE="${NORMAL}";
            ;;

            # Skip execution of plugins
            --skip-plugins | --no-plugins)
                SKIP_PLUGINS=1
            ;;

            # Only scan these tests
            --tests)
                shift
                TESTS_TO_PERFORM=$1
            ;;

            # Scan one or more categories only
            --tests-category)
                shift
                TESTS_CATEGORY_TO_PERFORM=$1
            ;;

            # Lynis Enterprise: upload data to central node
            --upload)
                UPLOAD_DATA=1
            ;;

            --verbose)
                VERBOSE=1
            ;;

            # Version number
            --version | -V)
                echo "${PROGRAM_VERSION}"
                exit 0
            ;;

            --view-categories | --list-categories | --show-categories)
                ViewCategories
                exit 0
            ;;

            # View man page
            --view-manpage | --man-page | --manpage | --man)
                if [ -f lynis.8 ]; then
                    nroff -man lynis.8
                    exit 0
                  else
                    echo "Error: man page file not found (lynis.8)"
                    echo "If you are running an installed version of Lynis, use 'man lynis'"
                    exit 1
                fi
            ;;

            # Warnings
            --warnings-only | --show-warnings-only)
                SHOW_WARNINGS_ONLY=1
                QUICKMODE=1
                QUIET=1
            ;;

            # Drop out when using wrong option(s)
            *)
                # Wrong option used, we bail out later
                WRONGOPTION=1
                WRONGOPTION_value=$1
            ;;

        esac
        shift

    done

#================================================================================
# Lynis - Security Auditing and System Hardening for Linux and UNIX - https://cisofy.com
