#!/bin/sh

#################################################################################
#
#   Lynis
# ------------------
#
# Copyright 2007-2013, Michael Boelen
# Copyright 2007-2017, CISOfy
#
# Website  : https://cisofy.com
# Blog     : http://linux-audit.com
# GitHub   : https://github.com/CISOfy/lynis
#
# Lynis comes with ABSOLUTELY NO WARRANTY. This is free software, and you are
# welcome to redistribute it under the terms of the GNU General Public License.
# See LICENSE file for usage of this software.
#
#################################################################################
#
# Banners and identification
#
#################################################################################
#
    InsertSection "Banners and identification"
#
#################################################################################
#
    BANNER_FILES="/etc/issue /etc/issue.net /etc/motd"
    LEGAL_BANNER_STRINGS="audit access authori connect enforce evidence intrusion law legal monitor owner policy policies private prohibited record restricted secure subject terms this unauthorized"
#
#################################################################################
#
    # Test        : BANN-7113
    # Description : Check FreeBSD COPYRIGHT banner file
    Register --test-no BANN-7113 --os FreeBSD --weight L --network NO --category security --description "Check COPYRIGHT banner file"
    if [ ${SKIPTEST} -eq 0 ]; then
        LogText "Test: Testing existence /COPYRIGHT or /etc/COPYRIGHT"
        if [ -f /COPYRIGHT ]; then
            Display --indent 2 --text "- /COPYRIGHT" --result "${STATUS_FOUND}" --color GREEN
            if [ -s /COPYRIGHT ]; then
                LogText "Result: /COPYRIGHT available and contains text"
             else
                LogText "Result: /COPYRIGHT available, but empty"
            fi
          else
            Display --indent 2 --text "- /COPYRIGHT" --result "${STATUS_NOT_FOUND}" --color WHITE
            LogText "Result: /COPYRIGHT not found"
        fi

        if [ -f /etc/COPYRIGHT ]; then
            Display --indent 2 --text "- /etc/COPYRIGHT" --result "${STATUS_FOUND}" --color GREEN
            if [ -s /etc/COPYRIGHT ]; then
                LogText "Result: /etc/COPYRIGHT available and contains text"
              else
                LogText "Result: /etc/COPYRIGHT available, but empty"
            fi
          else
            Display --indent 2 --text "- /etc/COPYRIGHT" --result "${STATUS_NOT_FOUND}" --color WHITE
            LogText "Result: /etc/COPYRIGHT not found"
        fi
    fi
#
#################################################################################
#
    # Test        : BANN-7119
    # Description : Check MOTD banner file
    #Register --test-no BANN-7119 --weight L --network NO --category security --description "Check MOTD banner file"
    #if [ ${SKIPTEST} -eq 0 ]; then
    #    LogText "Test: Testing existence /etc/motd"
    #    if [ -f /etc/motd  ]; then
    #        LogText "Result: file /etc/motd exists"
    #        Display --indent 2 --text "- /etc/motd" --result "${STATUS_FOUND}" --color GREEN
    #        if [ ! -L /etc/motd ]; then
    #            if IsWorldWritable /etc/motd; then
    #                Display --indent 4 --text "- /etc/motd permissions" --result "${STATUS_WARNING}" --color RED
    #                LogText "Result: /etc/motd is world writable. Users can change this file!"
    #                ReportWarning ${TEST_NO} "/etc/motd is world writable"
    #             else
    #                Display --indent 4 --text "- /etc/motd permissions" --result "${STATUS_OK}" --color GREEN
    #                LogText "Result: /etc/motd is not world writable."
    #            fi
    #          else
    #            LogText "Result: file /etc/motd is symlink"
    #        fi
    #      else
    #        LogText "Result: File /etc/motd not found"
    #        Display --indent 2 --text "- /etc/motd" --result "${STATUS_NOT_FOUND}" --color WHITE
    #    fi
    #fi
#
#################################################################################
#
    # Test        : BANN-7122
    # Description : Check motd file to see if it contains some form of message
    #               to discourage unauthorized users to leave the system alone
    #if [ -f /etc/motd -a ! -L /etc/motd ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
    #Register --test-no BANN-7122 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check /etc/motd banner file contents"
    #if [ ${SKIPTEST} -eq 0 ]; then
    #    N=0
    #    LogText "Test: Checking file /etc/motd contents for legal key words"
    #    for I in ${LEGAL_BANNER_STRINGS}; do
    #        FIND=$(${GREPBINARY} -i "${I}" /etc/motd)
    #        if [ ! "${FIND}" = "" ]; then
    #            LogText "Result: found string '${I}'"
    #            N=$((N + 1))
    #        fi
    #    done
    #    # Check if we have 5 or more key words
    #    if [ ${N} -gt 4 ]; then
    #        LogText "Result: Found ${N} key words, to warn unauthorized users"
    #        Display --indent 4 --text "- /etc/motd contents" --result "${STATUS_OK}" --color GREEN
    #        AddHP 2 2
    #      else
    #        LogText "Result: Found only ${N} key words, to warn unauthorized users and could be increased"
    #        Display --indent 4 --text "- /etc/motd contents" --result WEAK --color YELLOW
    #        ReportSuggestion ${TEST_NO} "Add legal banner to /etc/motd, to warn unauthorized users"
    #        AddHP 0 1
    #    fi
    #fi
#
#################################################################################
#
    # Test        : BANN-7124
    # Description : Check issue banner file
    Register --test-no BANN-7124 --weight L --network NO --category security --description "Check issue banner file"
    if [ ${SKIPTEST} -eq 0 ]; then
        LogText "Test: Checking file /etc/issue"
        if [ -f /etc/issue ]; then
            # Check for symlink
            if [ -L /etc/issue ]; then
                LogText "Result: file /etc/issue exists (symlink)"
                Display --indent 2 --text "- /etc/issue" --result SYMLINK --color GREEN
              else
                Display --indent 2 --text "- /etc/issue" --result "${STATUS_FOUND}" --color GREEN
            fi
          else
            LogText "Result: file /etc/issue does not exist"
            Display --indent 2 --text "- /etc/issue" --result "${STATUS_NOT_FOUND}" --color WHITE
    fi
    fi
#
#################################################################################
#
    # Test        : BANN-7126
    # Description : Check issue file to see if it contains some form of message
    #               to discourage unauthorized users to leave the system alone
    if [ -f /etc/issue ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
    Register --test-no BANN-7126 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check issue banner file contents"
    if [ ${SKIPTEST} -eq 0 ]; then
        N=0
        FILE="${ROOTDIR}etc/issue"
        LogText "Test: Checking file ${FILE} contents for legal key words"
        for I in ${LEGAL_BANNER_STRINGS}; do
            FIND=$(${GREPBINARY} -i "${I}" ${FILE})
            if [ ! -z "${FIND}" ]; then
                LogText "Result: found string '${I}'"
                N=$((N + 1))
            fi
        done
        # Check if we have 5 or more key words
        if [ ${N} -gt 4 ]; then
            LogText "Result: Found ${N} key words (5 or more suggested), to warn unauthorized users"
            Display --indent 4 --text "- ${FILE} contents" --result "${STATUS_OK}" --color GREEN
            AddHP 2 2
          else
            LogText "Result: Found only ${N} key words (5 or more suggested), to warn unauthorized users and could be increased"
            Display --indent 4 --text "- ${FILE} contents" --result WEAK --color YELLOW
            ReportSuggestion ${TEST_NO} "Add a legal banner to ${FILE}, to warn unauthorized users"
            AddHP 0 1
            Report "weak_banner_file[]=${FILE}"
        fi
    fi
#
#################################################################################
#
    # Test        : BANN-7128
    # Description : Check issue.net banner file
    Register --test-no BANN-7128 --weight L --network NO --category security --description "Check issue.net banner file"
    if [ ${SKIPTEST} -eq 0 ]; then
        LogText "Test: Checking file /etc/issue.net"
        if [ -f /etc/issue.net ]; then
            # Check for symlink
            if [ -L /etc/issue.net ]; then
                LogText "Result: file /etc/issue.net exists (symlink)"
                Display --indent 2 --text "- /etc/issue.net" --result SYMLINK --color GREEN
              else
                LogText "Result: file /etc/issue.net exists"
                Display --indent 2 --text "- /etc/issue.net" --result "${STATUS_FOUND}" --color GREEN
            fi
          else
            LogText "Result: file /etc/issue.net does not exist"
            Display --indent 2 --text "- /etc/issue.net" --result "${STATUS_NOT_FOUND}" --color WHITE
        fi
    fi
#
#################################################################################
#
    # Test        : BANN-7130
    # Description : Check issue.net file to see if it contains some form of message
    #               to discourage unauthorized users to leave the system alone
    if [ -f /etc/issue.net ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
    Register --test-no BANN-7130 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check issue.net banner file contents"
    if [ ${SKIPTEST} -eq 0 ]; then
        N=0
        LogText "Test: Checking file /etc/issue.net contents for legal key words"
        for I in ${LEGAL_BANNER_STRINGS}; do
            FIND=$(${GREPBINARY} -i "${I}" /etc/issue.net)
            if [ ! "${FIND}" = "" ]; then
                LogText "Result: found string '${I}'"
                N=$((N + 1))
            fi
        done
        # Check if we have 5 or more key words
        if [ ${N} -gt 4 ]; then
            LogText "Result: Found ${N} key words, to warn unauthorized users"
            Display --indent 4 --text "- /etc/issue.net contents" --result "${STATUS_OK}" --color GREEN
            AddHP 2 2
          else
            LogText "Result: Found only ${N} key words, to warn unauthorized users and could be increased"
            Display --indent 4 --text "- /etc/issue.net contents" --result WEAK --color YELLOW
            ReportSuggestion ${TEST_NO} "Add legal banner to /etc/issue.net, to warn unauthorized users"
            AddHP 0 1
        fi
    fi
#
#################################################################################
#

WaitForKeyPress

#
#================================================================================
# Lynis - Security Auditing and System Hardening for Linux and UNIX - https://cisofy.com
