#!/bin/sh

#################################################################################
#
#   Lynis
# ------------------
#
# Copyright 2007-2012, Michael Boelen (michael@rootkit.nl), The Netherlands
# Web site: http://www.rootkit.nl
#
# Lynis comes with ABSOLUTELY NO WARRANTY. This is free software, and you are
# welcome to redistribute it under the terms of the GNU General Public License.
# See LICENSE file for usage of this software.
#
#################################################################################
#
# NFS
#
#################################################################################
#
    InsertSection "NFS"
#
#################################################################################
#
    NFS_DAEMON_RUNNING=0
    NFS_EXPORTS_EMPTY=0
#
#################################################################################
#

    # Test        : STRG-1902
    # Description : Check rpcinfo
    if [ ! "${RPCINFOBINARY}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi    
    Register --test-no STRG-1902 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check rpcinfo registered programs"
    if [ ${SKIPTEST} -eq 0 ]; then
        logtext "Test: Checking rpcinfo registered programs"
	FIND=`${RPCINFOBINARY} -p | tr -s ' ' ','`
	for I in ${FIND}; do
	    logtext "rpcinfo: ${I}"
	done
	Display --indent 2 --text "- Query rpc registered programs..." --result "DONE" --color GREEN
    fi
#
#################################################################################
#
    # Test        : STRG-1904
    # Description : Check nfs versions in rpcinfo
    if [ ! "${RPCINFOBINARY}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi    
    Register --test-no STRG-1904 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check nfs rpc"
    if [ ${SKIPTEST} -eq 0 ]; then
        logtext "Test: Checking NFS registered versions"
	FIND=`${RPCINFOBINARY} -p | ${AWKBINARY} '{ if ($5=="nfs") { print $2 } }' | uniq | sort`
	for I in ${FIND}; do
	    logtext "Found version: ${I}"
	done
	Display --indent 2 --text "- Query NFS versions..." --result "DONE" --color GREEN
    fi
#
#################################################################################
#
    # Test        : STRG-1906
    # Description : Check nfs protocols (TCP/UDP) and port in rpcinfo
    if [ ! "${RPCINFOBINARY}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi    
    Register --test-no STRG-1906 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check nfs rpc"
    if [ ${SKIPTEST} -eq 0 ]; then
        logtext "Test: Checking NFS registered protocols"
	FIND=`${RPCINFOBINARY} -p | ${AWKBINARY} '{ if ($5=="nfs") { print $3 } }' | uniq | sort`
	for I in ${FIND}; do
	    logtext "Found protocol: ${I}"
	done
	if [ "${FIND}" = "" ]; then
	    logtext "Output: no NFS protocols found"
	fi

	# Check port number
        logtext "Test: Checking NFS registered ports"
	FIND=`${RPCINFOBINARY} -p | ${AWKBINARY} '{ if ($5=="nfs") { print $3 } }' | uniq | sort`
	for I in ${FIND}; do
	    logtext "Found port: ${I}"
	done
	if [ "${FIND}" = "" ]; then
	    logtext "Output: no NFS port number found"
	fi
	Display --indent 2 --text "- Query NFS protocols..." --result "DONE" --color GREEN
    fi
#
#################################################################################
#
    # Test        : STRG-1920
    # Description : Check for running NFS daemons
    Register --test-no STRG-1920 --weight L --network NO --description "Checking NFS daemon"
    if [ ${SKIPTEST} -eq 0 ]; then
        logtext "Test: Checking running NFS daemon"
	FIND=`${PSBINARY} ax | grep "nfsd" | grep -v "grep"`
	if [ "${FIND}" = "" ]; then
	    logtext "Output: NFS daemon is not running"
	    Display --indent 2 --text "- Check running NFS daemon..." --result "NOT FOUND" --color WHITE
	  else
	    logtext "Output: NFS daemon is running"
	    Display --indent 2 --text "- Check running NFS daemon.." --result "FOUND" --color GREEN
	    NFS_DAEMON_RUNNING=1
	fi
    fi
#
#################################################################################
#
    # Test        : STRG-1924
    # Description : Check missing nfs in rpcinfo while NFS is running
    #Register --test-no STRG-1924 --weight L --network NO --description "Checking NFS daemon"
    #if [ ${SKIPTEST} -eq 0 ]; then
#
#################################################################################
#
    # Test        : STRG-1926
    # Description : Check NFS exports
    if [ ${NFS_DAEMON_RUNNING} -eq 1 ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
    Register --test-no STRG-1926 --preqs-met ${PREQS_MET} --weight L --network NO --description "Checking NFS exports"
    if [ ${SKIPTEST} -eq 0 ]; then    
	logtext "Test: check /etc/exports"
	if [ -f /etc/exports ]; then
	    logtext "Result: /etc/exports exists"
	    FIND=`cat /etc/exports | grep -v "^$" | grep -v "^#" | sed 's/ /!space!/g'`
	    if [ ! "${FIND}" = "" ]; then
	        for I in ${FIND}; do
	            I=`echo ${I} | sed 's/!space!/ /g'`
	            logtext "Found line: ${I}"
	        done
	      else
	        logtext "Result: /etc/exports does not contain exported file systems"
		NFS_EXPORTS_EMPTY=1
	    fi
	    Display --indent 4 --text "- Checking /etc/exports..." --result "FOUND" --color GREEN
	  else
	    logtext "Result: file /etc/exports does not exist"
	    Display --indent 4 --text "- Checking /etc/exports..." --result "NOT FOUND" --color WHITE
	fi
    fi    
#
#################################################################################
#
    # Test        : STRG-1928
    # Description : Check for empty exports file while NFS is running
    if [ ${NFS_DAEMON_RUNNING} -eq 1 ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi    
    Register --test-no STRG-1928 --preqs-met ${PREQS_MET} --weight L --network NO --description "Checking empty /etc/exports"
    if [ ${SKIPTEST} -eq 0 ]; then
        if [ ${NFS_EXPORTS_EMPTY} -eq 1 ]; then
    	    Display --indent 6 --text "- Checking empty /etc/exports..." --result SUGGESTION --color YELLOW
	    logtext "Result: /etc/exports seems to have no exported file systems"
	    ReportSuggestion ${TEST_NO} "/etc/exports has no exported file systems, while NFS daemon is running. Check if NFS needs to run on this system"
	fi
    fi
#
#################################################################################
#
#	    ReportWarning ${TEST_NO} "M" "Message"
#	    
#
#################################################################################
#

wait_for_keypress

#
#================================================================================
# Lynis - Copyright 2007-2012, Michael Boelen - www.rootkit.nl - The Netherlands
