Gecko [ www.finalhopeacademy.com ]

Name	Size	Permission
binaries	38.36 KB	-rw-r--r--
consts	10.77 KB	-rw-r--r--
data_upload	13.63 KB	-rw-r--r--
functions	157.68 KB	-rw-r--r--
helper_audit_dockerfile	7.82 KB	-rw-r--r--
helper_configure	3.67 KB	-rw-r--r--
helper_generate	7.39 KB	-rw-r--r--
helper_show	22.29 KB	-rw-r--r--
helper_system_remote_scan	3.54 KB	-rw-r--r--
helper_update	3.59 KB	-rw-r--r--
osdetection	37.98 KB	-rw-r--r--
parameters	16.48 KB	-rw-r--r--
profiles	26.89 KB	-rw-r--r--
report	16.45 KB	-rw-r--r--
tests_accounting	25.48 KB	-rw-r--r--
tests_authentication	84.03 KB	-rw-r--r--
tests_banners	8.35 KB	-rw-r--r--
tests_boot_services	54.51 KB	-rw-r--r--
tests_containers	11.29 KB	-rw-r--r--
tests_crypto	17.67 KB	-rw-r--r--
tests_custom.template	6.78 KB	-rw-r--r--
tests_databases	23.72 KB	-rw-r--r--
tests_dns	3.39 KB	-rw-r--r--
tests_file_integrity	21.41 KB	-rw-r--r--
tests_file_permissions	3.25 KB	-rw-r--r--
tests_filesystems	46.33 KB	-rw-r--r--
tests_firewalls	29.96 KB	-rw-r--r--
tests_hardening	7.01 KB	-rw-r--r--
tests_homedirs	9.17 KB	-rw-r--r--
tests_insecure_services	26.73 KB	-rw-r--r--
tests_kernel	60.76 KB	-rw-r--r--
tests_kernel_hardening	5.62 KB	-rw-r--r--
tests_ldap	3.96 KB	-rw-r--r--
tests_logging	31.25 KB	-rw-r--r--
tests_mac_frameworks	14.53 KB	-rw-r--r--
tests_mail_messaging	21.45 KB	-rw-r--r--
tests_malware	18.44 KB	-rw-r--r--
tests_memory_processes	7.17 KB	-rw-r--r--
tests_nameservices	34.51 KB	-rw-r--r--
tests_networking	40.67 KB	-rw-r--r--
tests_php	27.48 KB	-rw-r--r--
tests_ports_packages	78.76 KB	-rw-r--r--
tests_printers_spoolers	13.85 KB	-rw-r--r--
tests_scheduling	15.74 KB	-rw-r--r--
tests_shells	13.37 KB	-rw-r--r--
tests_snmp	4.32 KB	-rw-r--r--
tests_squid	16.9 KB	-rw-r--r--
tests_ssh	17.59 KB	-rw-r--r--
tests_storage	3.74 KB	-rw-r--r--
tests_storage_nfs	8.4 KB	-rw-r--r--
tests_system_integrity	2.13 KB	-rw-r--r--
tests_time	32.61 KB	-rw-r--r--
tests_tooling	20.87 KB	-rw-r--r--
tests_usb	21.04 KB	-rw-r--r--
tests_virtualization	1.95 KB	-rw-r--r--
tests_webservers	30.9 KB	-rw-r--r--
tool_tips	2.16 KB	-rw-r--r--

Code Editor : tests_dns

#!/bin/sh

#################################################################################
#
#   Lynis
# ------------------
#
# Copyright 2007-2013, Michael Boelen
# Copyright 2007-2021, CISOfy
#
# Website  : https://cisofy.com
# Blog     : http://linux-audit.com
# GitHub   : https://github.com/CISOfy/lynis
#
# Lynis comes with ABSOLUTELY NO WARRANTY. This is free software, and you are
# welcome to redistribute it under the terms of the GNU General Public License.
# See LICENSE file for usage of this software.
#
#################################################################################
#
# DNS
#
#################################################################################
#
#    # TODO create records on test domain
#    # TODO after update even IP match can be checked to detect hijacking
#    SIGOKDNS="sigok.example.org"      # address with good DNSSEC signature
#    SIGFAILDNS="sigfail.example.org"  # address with bad  DNSSEC signature
#    TIMEOUT=";; connection timed out; no servers could be reached"
#
#################################################################################
#
#    InsertSection "DNS"
#
#################################################################################
#
#    # Test        : DNS-1600
#    # Description : Validate DNSSEC signature is checked
#    Register --test-no DNS-1600 --weight L --network YES --category security --description "Validate DNSSEC igniture is checked"
#    if [ "${SKIPTEST}" -eq 0 ]; then
#        if [ -n "${DIGBINARY}" ]; then
#
#            GOOD=$("${DIGBINARY}" +short +time=1 $SIGOKDNS)
#            BAD=$("${DIGBINARY}" +short +time=1 $SIGFAILDNS)
#
#            if [ "${GOOD}" = "${TIMEOUT}" -a "${BAD}" = "${TIMEOUT}" ]; then
#                LogText "Result: received timeout, can't determine DNSSEC validation"
#                Display --indent 4 --text "- Checking DNSSEC validation" --result "${STATUS_UNKNOWN}" --color YELLOW
#                #ReportException "${TEST_NO}" "Exception found, both query failed, due to connection timeout"
#            elif [ -z "${GOOD}" -a -n "${BAD}" ]; then
#                LogText "Result: good signature failed, yet bad signature was accepted"
#                Display --indent 4 --text "- Checking DNSSEC validation" --result "${STATUS_UNKNOWN}" --color YELLOW
#                #ReportException "${TEST_NO}" "Exception found, OK failed, bad signature was accepted"
#            elif [ -n "${GOOD}" -a -n "${BAD}" ]; then
#                Display --indent 4 --text "- Checking DNSSEC validation" --result "${STATUS_SUGGESTION}" --color YELLOW
#                LogText "Note: Using DNSSEC validation can protect from DNS hijacking"
#                #ReportSuggestion "${TEST_NO}" "Altered DNS queries are accepted, configure DNSSEC validating name servers"
#                AddHP 2 2
#            elif [ -n "${GOOD}" -a -z "${BAD}" ]; then
#                Display --indent 4 --text "- Checking DNSSEC validation" --result "${STATUS_OK}" --color GREEN
#                LogText "Result: altered DNS responses were ignored"
#                AddHP 0 2
#            fi
#        else
#            Display --indent 4 --text "- DNSSEC validation" --result "${STATUS_SKIPPED}" --color YELLOW
#            LogText "Result: dig not installed, test can't be fully performed"
#        fi
#    else
#        LogText "Result: Test was skipped"
#    fi
#
#################################################################################
#

${this.title}

Code Editor : tests_dns