tyler.durden/lynis
1
0
Fork 0
mirror of https://github.com/CISOfy/lynis.git synced 2025-04-08 17:15:25 +02:00
Code Issues Packages Projects Releases Wiki Activity

Adding and improvement translated strings

Browse Source
This commit is contained in:
Stéphane 2020-12-16 01:07:27 +01:00 committed by GitHub
parent 701be9852b
commit 4cf9660185
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
6 changed files with 14 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
include/tests_kernel
View File

@ -491,7 +491,7 @@
AddHP 0 1
else
LogText "Result: core dumps are not disabled in systemd configuration. Didn't find settings 'ProcessSizeMax=0' and 'Storage=none'"
Display --indent 4 --text "- configuration in systemd conf files" --result "DEFAULT" --color WHITE
Display --indent 4 --text "- configuration in systemd conf files" --result "${STATUS_DEFAULT}" --color WHITE
AddHP 0 1
fi
fi
@ -508,7 +508,7 @@
AddHP 1 1
elif [ -z "${ULIMIT_C_VALUE_SUB}" ] && [ -z "${ULIMIT_C_VALUE}" ]; then
LogText "Result: core dumps are not disabled in ${ROOTDIR}etc/profile or ${ROOTDIR}etc/profile.d/*.sh config files. Didn't find setting 'ulimit -c 0'"
Display --indent 4 --text "- configuration in etc/profile" --result "DEFAULT" --color WHITE
Display --indent 4 --text "- configuration in etc/profile" --result "${STATUS_DEFAULT}" --color WHITE
AddHP 0 1
elif ( [ -n "${ULIMIT_C_VALUE_SUB}" ] && ( [ "${ULIMIT_C_VALUE_SUB}" = "unlimited" ] || [ "${ULIMIT_C_VALUE_SUB}" != "0" ] ) ) || ( [ -n "${ULIMIT_C_VALUE}" ] && [ -z "${ULIMIT_C_VALUE_SUB}" ] && ( [ "${ULIMIT_C_VALUE}" = "unlimited" ] || [ "${ULIMIT_C_VALUE}" != "0" ] ) ); then
LogText "Result: core dumps are enabled in ${ROOTDIR}etc/profile or ${ROOTDIR}etc/profile.d/*.sh config files. A value higher than 0 is configured for 'ulimit -c'"
@ -516,7 +516,7 @@
AddHP 0 1
else
LogText "Result: ERROR - something went wrong. Unexpected result during check of ${ROOTDIR}etc/profile and ${ROOTDIR}etc/profile.d/*.sh config files. Please report on Github!"
Display --indent 4 --text "- configuration in etc/profile" --result "ERROR" --color YELLOW
Display --indent 4 --text "- configuration in etc/profile" --result "${STATUS_ERROR}" --color YELLOW
fi
fi
# Limits option
@ -538,8 +538,8 @@
FIND2="hard core enabled"
fi
IS_SOFTCORE_DISABLED="$(if [ "${FIND1}" = "soft core disabled" ]; then ${ECHOCMD} DISABLED; elif [ "${FIND1}" = "soft core enabled" ]; then ${ECHOCMD} ENABLED; else ${ECHOCMD} DEFAULT; fi)"
IS_HARDCORE_DISABLED="$(if [ "${FIND2}" = "hard core disabled" ]; then ${ECHOCMD} DISABLED; elif [ "${FIND2}" = "hard core enabled" ]; then ${ECHOCMD} ENABLED; else ${ECHOCMD} DEFAULT; fi)"
IS_SOFTCORE_DISABLED="$(if [ "${FIND1}" = "soft core disabled" ]; then ${ECHOCMD} DISABLED; elif [ "${FIND1}" = "soft core enabled" ]; then ${ECHOCMD} ENABLED; else ${ECHOCMD} ${STATUS_DEFAULT}; fi)"
IS_HARDCORE_DISABLED="$(if [ "${FIND2}" = "hard core disabled" ]; then ${ECHOCMD} DISABLED; elif [ "${FIND2}" = "hard core enabled" ]; then ${ECHOCMD} ENABLED; else ${ECHOCMD} ${STATUS_DEFAULT}; fi)"
if [ "${FIND2}" = "hard core disabled" ]; then
LogText "Result: core dumps are hard disabled"
@ -587,18 +587,18 @@
fi
if [ "${FIND}" = "2" ]; then
LogText "Result: programs can dump core dump, but only readable by root (value 2, for debugging with file protection)"
Display --indent 4 --text "- Checking setuid core dumps configuration" --result PROTECTED --color WHITE
Display --indent 4 --text "- Checking setuid core dumps configuration" --result "${STATUS_PROTECTED}" --color WHITE
AddHP 1 1
elif [ "${FIND}" = "1" ]; then
LogText "Result: all programs can perform core dumps (value 1, for debugging)"
Display --indent 2 --text "- Checking setuid core dumps configuration" --result DEBUG --color YELLOW
Display --indent 2 --text "- Checking setuid core dumps configuration" --result "${STATUS_DEBUG}" --color YELLOW
ReportSuggestion "${TEST_NO}" "Determine if all binaries need to be able to core dump"
AddHP 0 1
else
# 0 - (default) - traditional behaviour. Any process which has changed privilege levels or is execute only will not be dumped
# https://www.kernel.org/doc/Documentation/sysctl/fs.txt
LogText "Result: found default option (0), no execute only program or program with changed privilege levels can dump"
Display --indent 4 --text "- Checking setuid core dumps configuration" --result DISABLED --color GREEN
Display --indent 4 --text "- Checking setuid core dumps configuration" --result "${STATUS_DISABLED}" --color GREEN
AddHP 1 1
fi
fi

2
include/tests_kernel_hardening
View File

@ -89,7 +89,7 @@
AddHP ${tFINDhp} ${tFINDhp}
else
LogText "Result: sysctl key ${tFINDkey} has a different value than expected in scan profile. Expected=${tFINDexpvalue}, Real=${tFINDcurvalue}"
Display --indent 4 --text "- ${tFINDkey} (exp: ${tFINDexpvalue})" --result DIFFERENT --color RED
Display --indent 4 --text "- ${tFINDkey} (exp: ${tFINDexpvalue})" --result "${STATUS_DIFFERENT}" --color RED
AddHP 0 ${tFINDhp}
FOUND=1
N=$((N + 1))

4
include/tests_logging
View File

@ -423,7 +423,7 @@
LogText "Result: no remote logging found"
ReportSuggestion "${TEST_NO}" "Enable logging to an external logging host for archiving purposes and additional protection"
AddHP 1 3
Display --indent 2 --text "- Checking remote logging" --result "NOT ENABLED" --color YELLOW
Display --indent 2 --text "- Checking remote logging" --result "${STATUS_NOT_ENABLED}" --color YELLOW
else
Report "remote_syslog_configured=1"
AddHP 5 5
@ -550,7 +550,7 @@
LogText "Found deleted file: ${I}"
Report "deleted_file[]=${I}"
done
Display --indent 2 --text "- Checking deleted files in use" --result "FILES FOUND" --color YELLOW
Display --indent 2 --text "- Checking deleted files in use" --result "${STATUS_FILES_FOUND}" --color YELLOW
ReportSuggestion "${TEST_NO}" "Check what deleted files are still in use and why."
else
LogText "Result: no deleted files found"

2
include/tests_networking
View File

@ -140,7 +140,7 @@
Display --indent 2 --text "- Checking IPv6 configuration" --result "${STATUS_ENABLED}" --color WHITE
STATUS=$(echo ${IPV6_MODE} | ${TRBINARY} '[:lower:]' '[:upper:]')
Display --indent 6 --text "Configuration method" --result "${STATUS}" --color WHITE
if [ ${IPV6_ONLY} -eq 1 ]; then STATUS="YES"; else STATUS="NO"; fi
if [ ${IPV6_ONLY} -eq 1 ]; then STATUS="${STATUS_YES}"; else STATUS="${STATUS_NO}"; fi
LogText "Result: IPv6 only configuration: ${STATUS}"
Display --indent 6 --text "IPv6 only" --result "${STATUS}" --color WHITE
else

2
include/tests_storage
View File

@ -59,7 +59,7 @@
if [ ${FOUND} -eq 0 ]; then
LogText "Result: firewire ohci driver is not explicitly disabled"
Display --indent 2 --text "- Checking firewire ohci driver (modprobe config)" --result "NOT DISABLED" --color WHITE
Display --indent 2 --text "- Checking firewire ohci driver (modprobe config)" --result "${STATUS_NOT_DISABLED}" --color WHITE
ReportSuggestion "${TEST_NO}" "Disable drivers like firewire storage when not used, to prevent unauthorized storage or data theft"
# after blacklisting modules, make sure to remove them from the initram filesystem: update-initramfs -u
AddHP 2 3

2
include/tests_usb
View File

@ -73,7 +73,7 @@
fi
if [ ${FOUND} -eq 0 ]; then
LogText "Result: usb-storage driver is not explicitly disabled"
Display --indent 2 --text "- Checking usb-storage driver (modprobe config)" --result "NOT DISABLED" --color WHITE
Display --indent 2 --text "- Checking usb-storage driver (modprobe config)" --result "${STATUS_NOT_DISABLED}" --color WHITE
if [ "${USBGUARD_FOUND}" -eq "0" ]; then
ReportSuggestion "${TEST_NO}" "Disable drivers like USB storage when not used, to prevent unauthorized storage or data theft"
fi