Merge pull request #92 from m-1-k-3/updates

FreeBSD detection and improved static version detection
e-m-b-a · Apr 9, 2021 · 756e228 · 756e228
2 parents 8367a58 + 1eb5419
commit 756e228
Show file tree

Hide file tree

Showing 14 changed files with 86 additions and 33 deletions.
diff --git a/config/bin_version_strings.cfg b/config/bin_version_strings.cfg
@@ -103,6 +103,8 @@ flash_eraseall::"flash_eraseall\ \$Revision:\ [0-9]\.[0-9]\ \$"
 flash_erase::"flash_erase\ version\ [0-9]\.[0-9]\.[0-9]"
 flatfsd:binary:"flatfsd\ [0-9]\.[0-9]\.[0-9]mtd"
 forked_media_server::"Forked\ Media\ Server:\ Version\ [0-9]\.[0-9]+"
+freebsd:binary:"FreeBSD\ [0-9]+\.[0-9]-RELEASE-p[0-9]\ "
+freebsd:binary:"FreeBSD\ [0-9]+\.[0-9]-RELEASE\ "
 fuse_library::"FUSE\ library\ version:\ [0-9]\.[0-9]\.[0-9]"
 fuser::"fuser\ \(PSmisc\)\ [0-9]+\.[0-9]+"
 fusermount::"fusermount\ version:\ [0-9]\.[0-9]\.[0-9]"
@@ -192,8 +194,8 @@ l2tpd::"l2tpd\ Version\ [0-9]\.[0-9]+\ Copyright\ [0-9]+\ Roaring\ Penguin\ Soft
 ldapsearch::"OpenLDAP:\ ldapsearch\ [0-9]\.[0-9]+\.[0-9]+\ "
 ldconfig::"ldconfig\ \(GNU\ libc\)\ [0-9]\.[0-9]+$"
 lesskey::"lesskey\ \ version\ [0-9]+$"
-less::"less\ [0-9]+\ "
-less::"less\ [0-9]+$"
+less::"^less\ [0-9]+\ "
+less::"^less\ [0-9]+$"
 libc:binary:"GNU\ C\ Library\ development\ release\ version\ [0-9]\.[0-9]+\.[0-9]+$"
 libc:binary:"GNU\ C\ Library\ \(.*\)\ stable\ release\ version\ [0-9]\.[0-9]+$"
 libcurl:binary:"CLIENT\ libcurl\ [0-9]\.[0-9]+\.[0-9]+"
@@ -340,7 +342,7 @@ radvdump:strict:"Version:\ [0-9]\.[0-9]+\.[0-9]+$"
 ralink-dot1x::"Ralink\ DOT1X\ daemon,\ version\ ...[0-9]\.[0-9]\.[0-9]\.[0-9]."
 rdisc6::"ndisc6\:\ IPv6\ Neighbor\/Router\ Discovery\ userland\ tool\ [0-9]\.[0-9]\.[0-9]\ "
 rdnssd::"rdnssd\:\ IPv6\ Recursive\ DNS\ Server\ discovery\ Daemon\ [0-9]\.[0-9]\.[0-9]\ "
-Realtek_camera_tool::"----Welcome\ to\ Realtek\ Camera\ Tool\.\ Version\ [0-9]\.[0-9]+\.[0-9]"
+Realtek_camera_tool::"Welcome\ to\ Realtek\ Camera\ Tool\.\ Version\ [0-9]\.[0-9]+\.[0-9]"
 ripd::"ripd\ version\ [0-9]\.[0-9]+\.[0-9]+"
 rndimage:binary:"RNDIMGAE\ v[0-9]\.[0-9]+\.[0-9]+"
 rpcinfo::"rpcinfo\ \(.*\)\ [0-9]\.[0-9]+"
@@ -380,6 +382,7 @@ systemd:strict:"^[0-9]+$"
 tar::"\(GNU\ tar\)\ [0-9]\.[0-9]+$"
 tcpdump::"tcpdump\.[0-9]\.[0-9]+\.[0-9]+\ version"
 tcpdump::"tcpdump\ version\ [0-9]\.[0-9]+\.[0-9]+$"
+tcpdump:strict:"^[0-9]\.[0-9]+\.[0-9]+$"
 texinfo::"\(GNU\ texinfo\)\ [0-9]\.[0-9]+$"
 tinylogin::"Tinylogin v[0-9]\.[0-9]+\ \(.*\)\ multi-call\ binary$"
 traceroute\.db::"traceroute\.db\:\ Modern\ traceroute\ for\ Linux,\ version\ [0-9]\.[0-9]\.[0-9]+,\ Jul\ [0-9]+\ [0-9]+"
@@ -389,7 +392,7 @@ twonky::"Twonky\ Version\ [0-9]\.[0-9]+\.[0-9]+"
 ubnt-infctld::"Multipurpose\(mtik,\ mcast\)\ control\ daemon\ v[0-9]\.[0-9]\ \(c\)\ Ubiquiti$"
 u-boot:binary:"Compiled\ with\ U-Boot\ [0-9]+\.[0-9]+$"
 u-boot:binary:"Compiled\ with\ U-Boot\ [0-9]+\.[0-9]+rc[0-9]+"
-uboot::"U-Boot\ [0-9]+\.[0-9]+"
+uboot::"U-Boot\ [0-9]+\.[0-9]+\ "
 uboot::"U-Boot\ [0-9]\.[0-9]+\.[0-9]+\ "
 ucd-snmpd::"UCD-snmp\ version:\ \ [0-9]\.[0-9]+\.[0-9]+$"
 ucloud::"ucloud_v2\ ver\.[0-9]+"

diff --git a/modules/F19_cve_aggregator.sh b/modules/F19_cve_aggregator.sh
@@ -97,7 +97,12 @@ prepare_version_data() {
     # remove multiple spaces
     # shellcheck disable=SC2001
     VERSION_lower="$(echo "$VERSION_lower" | sed -e 's/[[:space:]]\+/\ /g')"
-    VERSION_lower="${VERSION_lower//in\ extracted\ firmware\ files\./}"
+    VERSION_lower="${VERSION_lower//\ in\ extracted\ firmware\ files\./\ }"
+    VERSION_lower="${VERSION_lower//\ in\ original\ firmware\ file\./\ }"
+    VERSION_lower="${VERSION_lower//\ in\ extraction\ logs\./\ }"
+    VERSION_lower="${VERSION_lower//\ in\ binwalk\ logs\./\ }"
+    # shellcheck disable=SC2001
+    VERSION_lower="$(echo "$VERSION_lower" | sed -e 's/\ in\ binary\ .*\./\ /g')"
 
     # GNU gdbserver (GDB)
     VERSION_lower="${VERSION_lower//gnu\ gdbserver\ /gdb\ }"
@@ -120,6 +125,7 @@ prepare_version_data() {
     VERSION_lower="${VERSION_lower//zic\.c/zic}"
     #bzip2, a block-sorting file compressor.  Version 1.0.6, 
     VERSION_lower="${VERSION_lower//bzip2,\ a\ block-sorting\ file\ compressor\.\ version/bzip2}"
+    VERSION_lower="${VERSION_lower//bzip2recover/bzip2}"
     # gnutls
     VERSION_lower="${VERSION_lower//enabled\ gnutls/gnutls}"
     VERSION_lower="${VERSION_lower//project-id-version:\ gnutls/gnutls}"
@@ -317,6 +323,8 @@ prepare_version_data() {
     VERSION_lower="$(echo "$VERSION_lower" | sed -r 's/ntpdc\ vendor-specific.*query.*([0-9]\.[0-9]\.[0-9])([a-z][0-9])/ntp\ \1:\2/g')"
     # ntpdate 4.2.8p13 -> ntp 4.2.8:p13
     VERSION_lower="$(echo "$VERSION_lower" | sed -r 's/ntpdate\ ([0-9]\.[0-9]\.[0-9])([a-z]([0-9]))/ntp\ \1:\2/g')"
+    # FreeBSD 12.1-RELEASE-p8  -> FreeBSD 12.1:p8 
+    VERSION_lower="$(echo "$VERSION_lower" | sed -r 's/freebsd\ ([0-9]+\.[0-9]+)-release-([a-z]([0-9]+))/freebsd\ \1:\2/g')"
     # unzip .... info-zip -> info-zip
     VERSION_lower="$(echo "$VERSION_lower" | sed -r 's/zipinfo\ ([0-9]\.[0-9][0-9])\ .*\ info-zip.*/info-zip:zip\ \1/g')"
     VERSION_lower="$(echo "$VERSION_lower" | sed -r 's/unzip\ ([0-9]\.[0-9][0-9])\ .*\ by\ info-zip.*/info-zip:unzip\ \1/g')"

diff --git a/modules/F50_base_aggregator.sh b/modules/F50_base_aggregator.sh
@@ -341,7 +341,7 @@ get_data() {
 os_detector() {
 
   VERIFIED=0
-  OSES=("kernel" "vxworks" "siprotec")
+  OSES=("kernel" "vxworks" "siprotec" "freebsd")
 
   #### The following check is based on the results of the aggregator:
   if [[ -f "$LOG_DIR"/"$CVE_AGGREGATOR_LOG" ]]; then
@@ -354,6 +354,8 @@ os_detector() {
           SYSTEM="SIPROTEC"
         elif [[ "$OS_TO_CHECK" == "vxworks" ]]; then
           SYSTEM="VxWorks"
+        elif [[ "$OS_TO_CHECK" == "freebsd" ]]; then
+          SYSTEM="FreeBSD"
         else
           SYSTEM="$OS_TO_CHECK"
         fi

diff --git a/modules/P07_firmware_bin_base_analyzer.sh b/modules/P07_firmware_bin_base_analyzer.sh
@@ -52,7 +52,7 @@ P07_firmware_bin_base_analyzer() {
     wait_for_pid
   fi
 
-  if [[ $(wc -l "$LOG_DIR"/tmp/p07.tmp | awk '{print $1}') ]] ; then
+  if [[ $(wc -l "$TMP_DIR"/p07.tmp | awk '{print $1}') ]] ; then
     NEG_LOG=1
   fi
 
@@ -75,6 +75,17 @@ os_identification() {
   COUNTER_Linux=$((COUNTER_Linux+COUNTER_Linux_FW+COUNTER_Linux_EXT))
   echo "." | tr -d "\n"
 
+  echo "." | tr -d "\n"
+  COUNTER_FreeBSD="$(find "$OUTPUT_DIR" -type f -exec strings {} \; | grep -i -c FreeBSD 2> /dev/null)"
+  echo "." | tr -d "\n"
+  COUNTER_FreeBSD_EXT="$(find "$LOG_DIR" -type f -name "p05_*" -exec grep -i -c FreeBSD {} \; 2> /dev/null)"
+  echo "." | tr -d "\n"
+  COUNTER_FreeBSD_FW="$(strings "$FIRMWARE_PATH" 2>/dev/null | grep -c FreeBSD)"
+  echo "." | tr -d "\n"
+  COUNTER_FreeBSD=$((COUNTER_FreeBSD+COUNTER_FreeBSD_FW+COUNTER_FreeBSD_EXT))
+  echo "." | tr -d "\n"
+
+
   COUNTER_VxWorks="$(find "$OUTPUT_DIR" -type f -exec strings {} \; | grep -i -c "VxWorks\|Wind" 2> /dev/null)"
   echo "." | tr -d "\n"
   COUNTER_VxWorks_EXT="$(find "$LOG_DIR" -type f -name "p05_*" -exec grep -i -c "VxWorks\|Wind" {} \; 2> /dev/null)"
@@ -125,12 +136,13 @@ os_identification() {
   export LINUX_PATH_COUNTER
   LINUX_PATH_COUNTER="$(find "$OUTPUT_DIR" "${EXCL_FIND[@]}" -type d -iname bin -o -type f -iname busybox -o -type d -iname sbin -o -type d -iname etc 2> /dev/null | wc -l)"
 
-  if [[ $((COUNTER_Linux+COUNTER_VxWorks+COUNTER_FreeRTOS+COUNTER_eCos+COUNTER_ADONIS+COUNTER_SIPROTEC)) -gt 0 ]] ; then
+  if [[ $((COUNTER_Linux+COUNTER_VxWorks+COUNTER_FreeRTOS+COUNTER_eCos+COUNTER_ADONIS+COUNTER_SIPROTEC+COUNTER_FreeBSD)) -gt 0 ]] ; then
     print_output ""
     print_output "$(indent "$(orange "Operating system detection:")")"
     if [[ $COUNTER_VxWorks -gt 5 ]] ; then print_output "$(indent "$(orange "VxWorks detected\t\t""$COUNTER_VxWorks")")"; fi
     if [[ $COUNTER_FreeRTOS -gt 0 ]] ; then print_output "$(indent "$(orange "FreeRTOS detected\t\t""$COUNTER_FreeRTOS")")"; fi
     if [[ $COUNTER_eCos -gt 0 ]] ; then print_output "$(indent "$(orange "eCos detected\t\t""$COUNTER_eCos")")"; fi
+    if [[ $COUNTER_FreeBSD -gt 0 ]] ; then print_output "$(indent "$(orange "FreeBSD detected\t\t""$COUNTER_FreeBSD")")"; fi
     if [[ $COUNTER_Linux -gt 5 && $LINUX_PATH_COUNTER -gt 1 ]] ; then 
       print_output "$(indent "$(green "Linux detected\t\t""$COUNTER_Linux""\t-\tverified Linux operating system detected")")"
     elif [[ $COUNTER_Linux -gt 5 ]] ; then 
@@ -142,13 +154,13 @@ os_identification() {
     elif [[ $COUNTER_SIPROTEC -gt 10 ]] ; then
       print_output "$(indent "$(orange "SIPROTEC detected\t\t""$COUNTER_SIPROTEC")")";
     fi
-    echo "$((COUNTER_Linux+COUNTER_VxWorks+COUNTER_FreeRTOS+COUNTER_eCos+COUNTER_ADONIS+COUNTER_SIPROTEC))" >> "$LOG_DIR"/tmp/p07.tmp
+    echo "$((COUNTER_Linux+COUNTER_VxWorks+COUNTER_FreeRTOS+COUNTER_eCos+COUNTER_ADONIS+COUNTER_SIPROTEC+COUNTER_FreeBSD))" >> "$TMP_DIR"/p07.tmp
   fi
 
   echo
   if [[ $LINUX_PATH_COUNTER -gt 0 ]] ; then
     print_output "[+] Found possible Linux operating system in $(print_path "$OUTPUT_DIR")"
-    echo "$LINUX_PATH_COUNTER" >> "$LOG_DIR"/tmp/p07.tmp
+    echo "$LINUX_PATH_COUNTER" >> "$TMP_DIR"/p07.tmp
   fi
 }
 
@@ -160,6 +172,6 @@ binary_architecture_detection()
   mapfile -t PRE_ARCH < <(binwalk -Y "$FIRMWARE_PATH" | grep "valid\ instructions" | awk '{print $3}' | sort -u)
   for PRE_ARCH_ in "${PRE_ARCH[@]}"; do
     print_output "[+] Possible architecture details found: $ORANGE$PRE_ARCH_"
-    echo "$PRE_ARCH_" >> "$LOG_DIR"/tmp/p07.tmp
+    echo "$PRE_ARCH_" >> "$TMP_DIR"/p07.tmp
   done
 }
diff --git a/modules/R09_firmware_base_version_check.sh b/modules/R09_firmware_base_version_check.sh
@@ -37,7 +37,7 @@ detect_binary_versions() {
     STRICT="$(echo "$VERSION_LINE" | cut -d: -f2)"
 
     # as we do not have a typical linux executable we can't use strict version details
-    if [[ $STRICT == "binary" ]]; then
+    if [[ $STRICT != "strict" ]]; then
       #print_output "[*] $VERSION_LINE"
       VERSION_IDENTIFIER="$(echo "$VERSION_LINE" | cut -d: -f3- | sed s/^\"// | sed s/\"$//)"
       echo "." | tr -d "\n"
@@ -64,7 +64,6 @@ detect_binary_versions() {
         echo "." | tr -d "\n"
       fi
 
-
       VERSION_FINDER=$(find "$OUTPUT_DIR" -type f -print0 2> /dev/null | xargs -0 strings | grep -o -a -E "$VERSION_IDENTIFIER" | head -1 2> /dev/null)
 
       if [[ -n $VERSION_FINDER ]]; then

diff --git a/modules/S05_firmware_details.sh b/modules/S05_firmware_details.sh
@@ -23,11 +23,9 @@ S05_firmware_details()
 
   LOG_FILE="$( get_log_file )"
 
-  #local DETECTED_FILES
   local DETECTED_DIR
 
   # we use the file FILE_ARR from helpers module
-  #DETECTED_FILES=$(find "$FIRMWARE_PATH" "${EXCL_FIND[@]}" -xdev -type f 2>/dev/null | wc -l )
   DETECTED_DIR=$(find "$FIRMWARE_PATH" "${EXCL_FIND[@]}" -xdev -type d 2>/dev/null | wc -l)
 
   print_output "[*] ""${#FILE_ARR[@]}"" files and ""$DETECTED_DIR"" directories detected."

diff --git a/modules/S09_firmware_base_version_check.sh b/modules/S09_firmware_base_version_check.sh
@@ -20,8 +20,8 @@
 S09_firmware_base_version_check() {
 
   # this module check for version details statically.
-  # this module is designed for linux systems
-  # for other systems we have the R09
+  # this module is designed for *x based systems
+  # for other systems (eg RTOS) we have the R09
 
   module_log_init "${FUNCNAME[0]}"
   module_title "Binary firmware versions detection"
@@ -35,12 +35,15 @@ S09_firmware_base_version_check() {
     echo "." | tr -d "\n"
 
     STRICT="$(echo "$VERSION_LINE" | cut -d: -f2)"
+    BIN_NAME="$(echo "$VERSION_LINE" | cut -d: -f1)"
 
     # as we do not have a typical linux executable we can't use strict version details
     # but to not exhaust the run time we only search for stuff that we know is possible to detect
+    # on the other hand, if we do not use emulation for deeper detection we run all checks
 
-    if [[ $STRICT == "binary" ]]; then
-      VERSION_IDENTIFIER="$(echo "$VERSION_LINE" | cut -d: -f3- | sed s/^\"// | sed s/\"$//)"
+    VERSION_IDENTIFIER="$(echo "$VERSION_LINE" | cut -d: -f3- | sed s/^\"// | sed s/\"$//)"
+
+    if [[ $STRICT != "strict" ]]; then
       echo "." | tr -d "\n"
 
       # check binwalk files sometimes we can find kernel version information or something else in it
@@ -65,13 +68,25 @@ S09_firmware_base_version_check() {
         echo "." | tr -d "\n"
       fi  
 
-      VERSION_FINDER=$(find "$OUTPUT_DIR" -xdev -type f -print0 2> /dev/null | xargs -0 strings | grep -o -a -E "$VERSION_IDENTIFIER" | head -1 2> /dev/null)
-
-      if [[ -n $VERSION_FINDER ]]; then
-        echo ""
-        print_output "[+] Version information found ${RED}""$VERSION_FINDER""${NC}${GREEN} in extracted firmware files."
-        VERSIONS_DETECTED+=("$VERSION_FINDER")
-      fi  
+      for BIN in "${BINARIES[@]}"; do
+        VERSION_FINDER=$(strings "$BIN" | grep -o -a -E "$VERSION_IDENTIFIER" | head -1 2> /dev/null)
+        if [[ -n $VERSION_FINDER ]]; then
+          echo ""
+          print_output "[+] Version information found ${RED}""$VERSION_FINDER""${NC}${GREEN} in binary $BIN."
+          VERSIONS_DETECTED+=("$VERSION_FINDER")
+        fi  
+      done
+      echo "." | tr -d "\n"
+    else
+      mapfile -t STRICT_BINS < <(find "$OUTPUT_DIR" -xdev -executable -type f -name "$BIN_NAME" -exec md5sum {} \; 2>/dev/null | sort -u -k1,1 | cut -d\  -f3)
+      for BIN in "${STRICT_BINS[@]}"; do
+        VERSION_FINDER=$(strings "$BIN" | grep -E "$VERSION_IDENTIFIER" | sort -u)
+        if [[ -n $VERSION_FINDER ]]; then
+          echo ""
+          print_output "[+] Version information found ${RED}""$BIN"" ""$VERSION_FINDER""${NC}${GREEN} in binary $BIN (strict)."
+          VERSIONS_DETECTED+=("$VERSION_FINDER")
+        fi
+      done
       echo "." | tr -d "\n"
     fi
 

diff --git a/modules/S103_deep_search.sh b/modules/S103_deep_search.sh
@@ -46,8 +46,10 @@ deep_pattern_search() {
         S_OUTPUT="$(grep -E -n -a -h -o ".{0,25}""$PATTERN"".{0,25}" -D skip "$DEEP_S_FILE" | tr -d '\0' )" 
         if [[ -n "$S_OUTPUT" ]] ; then
           print_output "[+] ""$(print_path "$DEEP_S_FILE")"
+          #print_output "[+] $DEEP_S_FILE"
           mapfile -t OUTPUT_ARR < <(echo "$S_OUTPUT")
           for O_LINE in "${OUTPUT_ARR[@]}" ; do
+            #print_output "[*] $O_LINE"
             COLOR_PATTERN="$GREEN""$PATTERN""$NC"
             O_LINE="${O_LINE//'\n'/.}"
             print_output "$( indent "$(echo "${O_LINE//$PATTERN/$COLOR_PATTERN}" | tr "\000-\037\177-\377" "." )")"      

diff --git a/modules/S115_usermode_emulator.sh b/modules/S115_usermode_emulator.sh
@@ -67,7 +67,11 @@ S115_usermode_emulator() {
         FULL_BIN_PATH="$R_PATH"/"$BIN_"
         if ( file "$FULL_BIN_PATH" | grep -q ELF ) && [[ "$BIN_" != './qemu-'*'-static' ]]; then
           if ! [[ "${BIN_BLACKLIST[*]}" == *"$(basename "$FULL_BIN_PATH")"* ]]; then
-            if ( file "$FULL_BIN_PATH" | grep -q "x86-64" ) ; then
+            if ( file "$FULL_BIN_PATH" | grep -q "version\ .\ (FreeBSD)" ) ; then
+              # https://superuser.com/questions/1404806/running-a-freebsd-binary-on-linux-using-qemu-user
+              print_output "[-] No working emulator found for FreeBSD binary $BIN_"
+              EMULATOR="NA"
+            elif ( file "$FULL_BIN_PATH" | grep -q "x86-64" ) ; then
               EMULATOR="qemu-x86_64-static"
             elif ( file "$FULL_BIN_PATH" | grep -q "Intel 80386" ) ; then
               EMULATOR="qemu-i386-static"
@@ -82,7 +86,7 @@ S115_usermode_emulator() {
             elif ( file "$FULL_BIN_PATH" | grep -q "32-bit MSB.*PowerPC" ) ; then
               EMULATOR="qemu-ppc-static"
             else
-              print_output "[-] No working emulator found for ""$LINE"
+              print_output "[-] No working emulator found for $BIN_"
               EMULATOR="NA"
             fi
 

diff --git a/modules/S15_bootloader_check.sh b/modules/S15_bootloader_check.sh
@@ -292,8 +292,8 @@ find_boot_files()
       print_output "$(indent "$(orange "$(print_path "$LINE")")")"
       if [[ "$(basename "$LINE")" == "inittab" ]]  ; then
         INITTAB_V=("${INITTAB_V[@]}" "$LINE")
-        ((STARTUP_FINDS++))
       fi
+      ((STARTUP_FINDS++))
     done
   else
     print_output "[-] No startup files found"

diff --git a/modules/S25_kernel_check.sh b/modules/S25_kernel_check.sh
@@ -97,8 +97,8 @@ populate_karrays() {
   mapfile -t KERNEL_MODULES < <( find "$FIRMWARE_PATH" "${EXCL_FIND[@]}" -xdev -iname "*.ko" -type f -exec md5sum {} \; 2>/dev/null | sort -u -k1,1 | cut -d\  -f3 )
 
   for K_MODULE in "${KERNEL_MODULES[@]}"; do
-    KERNEL_VERSION+=( "$(modinfo "$K_MODULE" | grep -E "vermagic" | cut -d: -f2 | sed 's/^ *//g')" )
-    KERNEL_DESC+=( "$(modinfo "$K_MODULE" | grep -E "description" | cut -d: -f2 | sed 's/^ *//g' | tr -c '[:alnum:]\n\r' '_')" )
+    KERNEL_VERSION+=( "$(modinfo "$K_MODULE" 2>/dev/null | grep -E "vermagic" | cut -d: -f2 | sed 's/^ *//g')" )
+    KERNEL_DESC+=( "$(modinfo "$K_MODULE" 2>/dev/null | grep -E "description" | cut -d: -f2 | sed 's/^ *//g' | tr -c '[:alnum:]\n\r' '_')" )
   done
 
   # unique our results

diff --git a/modules/S50_authentication_check.sh b/modules/S50_authentication_check.sh
@@ -348,38 +348,44 @@ search_pam_testing_libs() {
         FOUND_CRACKLIB=1
         FOUND=1
         print_output "[+] Found pam_cracklib.so (crack library PAM) in ""$(print_path "$FULL_PATH")"
+        ((AUTH_ISSUES++))
       fi
 
       if [[ -f "$FULL_PATH""/pam_passwdqc.so" ]] ; then
         FOUND_PASSWDQC=1
         FOUND=1
         print_output "[+] Found pam_passwdqc.so (passwd quality control PAM) in ""$(print_path "$FULL_PATH")"
+        ((AUTH_ISSUES++))
       fi
 
       if [[ -f "$FULL_PATH""/pam_pwquality.so" ]] ; then
         FOUND_PWQUALITY=1
         FOUND=1
         print_output "[+] Found pam_pwquality.so (password quality control PAM) in ""$(print_path "$FULL_PATH")"
+        ((AUTH_ISSUES++))
       fi
     done
 
     # Cracklib
     if [[ $FOUND_CRACKLIB -eq 1 ]] ; then
       print_output "[+] pam_cracklib.so found"
+      ((AUTH_ISSUES++))
     else
       print_output "[-] pam_cracklib.so not found"
     fi
 
     # Password quality control
     if [[ $FOUND_PASSWDQC -eq 1 ]] ; then
       print_output "[+] pam_passwdqc.so found"
+      ((AUTH_ISSUES++))
     else
       print_output "[-] pam_passwdqc.so not found"
     fi
 
     # pwquality module
     if [[ $FOUND_PWQUALITY -eq 1 ]] ; then
       print_output "[+] pam_pwquality.so found"
+      ((AUTH_ISSUES++))
     else
       print_output "[-] pam_pwquality.so not found"
     fi
@@ -388,6 +394,7 @@ search_pam_testing_libs() {
       print_output "[-] No PAM modules for password strength testing found"
     else
       print_output "[-] Found at least one PAM module for password strength testing"
+      ((AUTH_ISSUES++))
     fi
 
   else
@@ -415,6 +422,7 @@ scan_pam_conf() {
         local LINE
         LINE=$(echo "$FIND" | ${SEDBINARY} 's/:space:/ /g')
         print_output "$(indent "$(orange "$LINE")")"
+        ((AUTH_ISSUES++))
       fi
     fi
   done
@@ -445,6 +453,7 @@ search_pam_configs() {
       for FILE in "${AUTH_FILES[@]}"; do
         print_output "[*] Check if LDAP support in PAM files"
         if [[ -f "$FILE" ]] ; then
+          ((AUTH_ISSUES++))
           print_output "[+] ""$(print_path "$FILE")"" exist"
           local FIND2
           FIND2=$(grep "^auth.*ldap" "$FILE")
@@ -479,6 +488,7 @@ search_pam_files() {
       if [[ -f "$LINE" ]] ; then
         CHECK=1
         print_output "$(indent "$(orange "$(print_path "$LINE")")")"
+        ((AUTH_ISSUES++))
       fi
       if [[ -d "$LINE" ]] && [[ ! -L "$LINE" ]] ; then
         print_output "$(indent "$(print_path "$LINE")")"
@@ -487,6 +497,7 @@ search_pam_files() {
         for FIND_FILE in "${FIND[@]}"; do
           CHECK=1
           print_output "$(indent "$(orange "$FIND_FILE")")"
+          ((AUTH_ISSUES++))
         done
       fi
     done

diff --git a/modules/S65_config_file_check.sh b/modules/S65_config_file_check.sh
@@ -34,7 +34,6 @@ scan_config()
 {
   sub_module_title "Search for config file"
 
-  local CONF_FILES_ARR
   readarray -t CONF_FILES_ARR < <(config_find "$CONFIG_DIR""/config_files.cfg")
 
   if [[ "${CONF_FILES_ARR[0]}" == "C_N_F" ]] ; then print_output "[!] Config not found"