-
Notifications
You must be signed in to change notification settings - Fork 63
Usage
Richard Spindler edited this page Jan 21, 2020
·
2 revisions
./lunar.sh -h
Usage: ./lunar.sh -[a|A|s|S|d|p|c|l|h|H|c|C|D|V|n] -[u] -[o] -[t]
-a: Run in audit mode (for Operating Systems - no changes made to system)
-A: Run in audit mode (for Operating Systems - no changes made to system)
[includes filesystem checks which take some time]
-n: Output ansible code segments
-w: Run in audit mode (for AWS - no changes made to system)
-d: Run in audit mode (for Docker - no changes made to system)
-x: Run in recommendations mode (for AWS - no changes made to system)
-s: Run in selective mode (only run tests you want to)
-R: Print information for a specific test
-S: List all UNIX functions available to selective mode
-W: List all AWS functions available to selective mode
-D: List all Docker functions available to selective mode
-l: Run in lockdown mode (for Operating Systems - changes made to system)
-L: Run in lockdown mode (for Operating Systems - changes made to system)
[includes filesystem checks which take some time]
-C: Show changes previously made to system
-c: Run docker-compose testing suite (runs lunar in audit mode without making changes)
-D: Run docker-compose testing suite (drops to shell in order to do more testing)
-o: Set docker OS or container name
-t: Set docker tag
-p: Show previously versions of file
-u: Undo lockdown (for Operating Systems - changes made to system)
-h: Display help
-H: Display usage
-V: Display version
-v: Verbose mode [used with -a and -A]
[Provides more information about the audit taking place]]
Run in Audit Mode:
./lunar.sh -a
Run in Audit Mode and provide more information:
./lunar.sh -a -v
Display previous backups:
./lunar.sh -b
Previous backups:
21_12_2012_19_45_05 21_12_2012_20_35_54 21_12_2012_21_57_25
Restore from previous backup:
./lunar.sh -u 21_12_2012_19_45_05
List tests:
./lunar.sh -S
Only run apache based tests:
./lunar.sh -s audit_apache
Print documentation regarding apache based tests:
./lunar.sh -d audit_apache
# SYSTEM INFORMATION:
Platform: i386
Vendor: Apple
Name: Darwin
Version: 10.12
Update: 3
Checking: If node is managed
Notice: Node is not managed
# Module: audit_apache
# Solaris:
# The action in this section describes disabling the Apache 1.x and 2.x web
# servers provided with Solaris 10. Both services are disabled by default.
# Run control scripts for Apache 1 and the NCA web servers still exist,
# but the services will only be started if the respective configuration
# files have been set up appropriately, and these configuration files do not
# exist by default.
# Even if the system is a Web server, the local site may choose not to use
# the Web server provided with Solaris in favor of a locally developed and
# supported Web environment. If the machine is a Web server, the administrator
# is encouraged to search the Web for additional documentation on Web server
# security.
# Linux:
# HTTP or web servers provide the ability to host web site content.
# The default HTTP server shipped with CentOS Linux is Apache.
# The default HTTP proxy package shipped with CentOS Linux is squid.
# Unless there is a need to run the system as a web server, or a proxy it is
# recommended that the package(s) be deleted.
# Refer to Section(s) 3.11,14 Page(s) 66-9 CIS CentOS Linux 6 Benchmark v1.0.0
# Refer to Section(s) 2.2.10 Page(s) 110 CIS Ubuntu Linux 16.04 Benchmark v1.0.0
# Refer to Section(s) 3.11,14 Page(s) 79-81 CIS RHEL 5 Benchmark v2.1.0
# Refer to Section(s) 3.11,14 Page(s) 69-71 CIS RHEL 6 Benchmark v1.2.0
# Refer to Section(s) 2.2.10,13 Page(s) 110,113 CIS RHEL 7 Benchmark v2.1.0
# Refer to Section(s) 6.10,13 Page(s) 59,61 CIS SLES 11 Benchmark v1.0.0
# Refer to Section(s) 2.4.14.7 Page(s) 56-7 CIS OS X 10.5 Benchmark v1.1.0
# Refer to Section(s) 2.10 Page(s) 21-2 CIS Solaris 11.1 v1.0.0
# Refer to Section(s) 2.2.11 Page(s) 30-2 CIS Solaris 10 v5.1.0
# Refer to Section(s) 2.2.10,13 Page(s) 102,105 CIS Amazon Linux Benchmark v2.0.0