mirror of
https://github.com/MacRimi/ProxMenux.git
synced 2026-04-05 20:03:48 +00:00
251 lines
7.4 KiB
Bash
251 lines
7.4 KiB
Bash
#!/bin/bash
|
|
# ProxMenux - Lynis Security Audit Tool Installer
|
|
# ============================================
|
|
# Author : MacRimi
|
|
# License : MIT
|
|
# Version : 1.0
|
|
# ============================================
|
|
# Hybrid script: works from terminal (dialog) and web panel (ScriptTerminalModal)
|
|
|
|
SCRIPT_TITLE="Lynis Security Audit Tool Installer"
|
|
|
|
LOCAL_SCRIPTS="/usr/local/share/proxmenux/scripts"
|
|
BASE_DIR="/usr/local/share/proxmenux"
|
|
UTILS_FILE="$BASE_DIR/utils.sh"
|
|
COMPONENTS_STATUS_FILE="$BASE_DIR/components_status.json"
|
|
|
|
export BASE_DIR
|
|
export COMPONENTS_STATUS_FILE
|
|
|
|
if [[ -f "$UTILS_FILE" ]]; then
|
|
source "$UTILS_FILE"
|
|
fi
|
|
|
|
if [[ ! -f "$COMPONENTS_STATUS_FILE" ]]; then
|
|
echo "{}" > "$COMPONENTS_STATUS_FILE"
|
|
fi
|
|
|
|
load_language
|
|
initialize_cache
|
|
|
|
|
|
# ==========================================================
|
|
# Detection
|
|
# ==========================================================
|
|
detect_lynis() {
|
|
LYNIS_INSTALLED=false
|
|
LYNIS_VERSION=""
|
|
LYNIS_CMD=""
|
|
|
|
for path in /usr/local/bin/lynis /opt/lynis/lynis /usr/bin/lynis; do
|
|
if [[ -f "$path" ]] && [[ -x "$path" ]]; then
|
|
LYNIS_CMD="$path"
|
|
break
|
|
fi
|
|
done
|
|
|
|
if [[ -n "$LYNIS_CMD" ]]; then
|
|
LYNIS_INSTALLED=true
|
|
LYNIS_VERSION=$("$LYNIS_CMD" show version 2>/dev/null || echo "unknown")
|
|
fi
|
|
}
|
|
|
|
|
|
# ==========================================================
|
|
# Installation
|
|
# ==========================================================
|
|
install_lynis() {
|
|
show_proxmenux_logo
|
|
msg_title "$(translate "$SCRIPT_TITLE")"
|
|
msg_info2 "$(translate "Installing latest Lynis security scan tool...")"
|
|
|
|
# Install git if needed
|
|
if ! command -v git >/dev/null 2>&1; then
|
|
msg_info "$(translate "Installing Git as a prerequisite...")"
|
|
apt-get update -qq >/dev/null 2>&1
|
|
apt-get install -y git >/dev/null 2>&1
|
|
msg_ok "$(translate "Git installed")"
|
|
fi
|
|
|
|
# Remove old installation if present
|
|
if [[ -d /opt/lynis ]]; then
|
|
msg_info "$(translate "Removing previous Lynis installation...")"
|
|
rm -rf /opt/lynis >/dev/null 2>&1
|
|
msg_ok "$(translate "Previous installation removed")"
|
|
fi
|
|
|
|
# Clone from GitHub
|
|
msg_info "$(translate "Cloning Lynis from GitHub...")"
|
|
if git clone --quiet https://github.com/CISOfy/lynis.git /opt/lynis >/dev/null 2>&1; then
|
|
# Create wrapper script
|
|
cat << 'EOF' > /usr/local/bin/lynis
|
|
#!/bin/bash
|
|
cd /opt/lynis && ./lynis "$@"
|
|
EOF
|
|
chmod +x /usr/local/bin/lynis
|
|
msg_ok "$(translate "Lynis installed successfully from GitHub")"
|
|
else
|
|
msg_error "$(translate "Failed to clone Lynis from GitHub")"
|
|
return 1
|
|
fi
|
|
|
|
# Verify
|
|
if /usr/local/bin/lynis show version >/dev/null 2>&1; then
|
|
local version
|
|
version=$(/usr/local/bin/lynis show version 2>/dev/null)
|
|
update_component_status "lynis" "installed" "$version" "security" '{}'
|
|
msg_ok "$(translate "Lynis version:") $version"
|
|
msg_success "$(translate "Lynis is ready to use")"
|
|
else
|
|
msg_warn "$(translate "Lynis installation could not be verified")"
|
|
fi
|
|
|
|
msg_info2 "$(translate "You can run a security audit with:")"
|
|
echo -e " lynis audit system"
|
|
echo ""
|
|
msg_success "$(translate "Installation completed. Press Enter to continue...")"
|
|
read -r
|
|
}
|
|
|
|
|
|
# ==========================================================
|
|
# Update
|
|
# ==========================================================
|
|
update_lynis() {
|
|
show_proxmenux_logo
|
|
msg_title "$(translate "$SCRIPT_TITLE")"
|
|
msg_info2 "$(translate "Updating Lynis to the latest version...")"
|
|
|
|
if [[ -d /opt/lynis/.git ]]; then
|
|
cd /opt/lynis
|
|
msg_info "$(translate "Pulling latest changes from GitHub...")"
|
|
if git pull --quiet >/dev/null 2>&1; then
|
|
local version
|
|
version=$(/usr/local/bin/lynis show version 2>/dev/null)
|
|
update_component_status "lynis" "installed" "$version" "security" '{}'
|
|
msg_ok "$(translate "Lynis updated to version:") $version"
|
|
else
|
|
msg_error "$(translate "Failed to update Lynis")"
|
|
fi
|
|
else
|
|
msg_warn "$(translate "Lynis was not installed from Git. Reinstalling...")"
|
|
install_lynis
|
|
return
|
|
fi
|
|
|
|
msg_success "$(translate "Update completed. Press Enter to continue...")"
|
|
read -r
|
|
}
|
|
|
|
|
|
# ==========================================================
|
|
# Run Audit
|
|
# ==========================================================
|
|
run_audit() {
|
|
show_proxmenux_logo
|
|
msg_title "$(translate "$SCRIPT_TITLE")"
|
|
msg_info2 "$(translate "Running Lynis security audit...")"
|
|
echo ""
|
|
|
|
if [[ -z "$LYNIS_CMD" ]]; then
|
|
msg_error "$(translate "Lynis command not found")"
|
|
return 1
|
|
fi
|
|
|
|
# Run the audit
|
|
"$LYNIS_CMD" audit system --no-colors 2>&1
|
|
|
|
echo ""
|
|
msg_success "$(translate "Audit completed. Press Enter to continue...")"
|
|
read -r
|
|
}
|
|
|
|
|
|
# ==========================================================
|
|
# Uninstall
|
|
# ==========================================================
|
|
uninstall_lynis() {
|
|
show_proxmenux_logo
|
|
msg_title "$(translate "$SCRIPT_TITLE")"
|
|
msg_info2 "$(translate "Removing Lynis...")"
|
|
|
|
rm -rf /opt/lynis 2>/dev/null
|
|
rm -f /usr/local/bin/lynis 2>/dev/null
|
|
|
|
update_component_status "lynis" "removed" "" "security" '{}'
|
|
|
|
msg_ok "$(translate "Lynis has been removed")"
|
|
msg_success "$(translate "Uninstallation completed. Press Enter to continue...")"
|
|
read -r
|
|
}
|
|
|
|
|
|
# ==========================================================
|
|
# Main
|
|
# ==========================================================
|
|
main() {
|
|
detect_lynis
|
|
|
|
if $LYNIS_INSTALLED; then
|
|
# Already installed - show action menu
|
|
local action_text
|
|
action_text="\n$(translate 'Lynis is currently installed.')\n"
|
|
action_text+="$(translate 'Version:') $LYNIS_VERSION\n\n"
|
|
action_text+="$(translate 'What would you like to do?')"
|
|
|
|
local ACTION
|
|
ACTION=$(hybrid_menu "$(translate 'Lynis Management')" "$action_text" 20 70 5 \
|
|
"audit" "$(translate 'Run security audit now')" \
|
|
"update" "$(translate 'Update Lynis to latest version')" \
|
|
"reinstall" "$(translate 'Reinstall Lynis')" \
|
|
"remove" "$(translate 'Uninstall Lynis')" \
|
|
"cancel" "$(translate 'Cancel')" \
|
|
) || ACTION="cancel"
|
|
|
|
case "$ACTION" in
|
|
audit)
|
|
run_audit
|
|
;;
|
|
update)
|
|
update_lynis
|
|
;;
|
|
reinstall)
|
|
if hybrid_yesno "$(translate 'Reinstall Lynis')" \
|
|
"\n\n$(translate 'This will remove and reinstall Lynis from the latest GitHub source. Continue?')" 12 70; then
|
|
install_lynis
|
|
fi
|
|
;;
|
|
remove)
|
|
if hybrid_yesno "$(translate 'Remove Lynis')" \
|
|
"\n\n$(translate 'This will completely remove Lynis from the system. Continue?')" 12 70; then
|
|
uninstall_lynis
|
|
fi
|
|
;;
|
|
cancel|*)
|
|
exit 0
|
|
;;
|
|
esac
|
|
else
|
|
# Not installed - confirm and install
|
|
local info_text
|
|
info_text="\n$(translate 'Lynis is not installed on this system.')\n\n"
|
|
info_text+="$(translate 'Lynis is a security auditing tool that performs comprehensive system scans including:')\n\n"
|
|
info_text+=" - $(translate 'System hardening scoring (0-100)')\n"
|
|
info_text+=" - $(translate 'Vulnerability detection')\n"
|
|
info_text+=" - $(translate 'Configuration analysis')\n"
|
|
info_text+=" - $(translate 'Compliance checking (PCI-DSS, HIPAA, etc.)')\n\n"
|
|
info_text+="$(translate 'It will be installed from the official GitHub repository.')\n\n"
|
|
info_text+="$(translate 'Do you want to proceed?')"
|
|
|
|
if hybrid_yesno "$(translate 'Install Lynis')" "$info_text" 22 70; then
|
|
install_lynis
|
|
else
|
|
exit 0
|
|
fi
|
|
fi
|
|
}
|
|
|
|
if [[ "${BASH_SOURCE[0]}" == "$0" ]]; then
|
|
main
|
|
fi
|