[LOGG-2154] Check for remote syslogging, more in-depth testing

CHANGELOG

@@ -17,9 +17,14 @@
 
 ================================================================================
 
-    =  Lynis 2.1.x (2.2.0 release in development)  =
+=  Lynis 2.1.6 (development version for 2.2.x)  =
 
-    This is an major release, which includes both new features and enhancements to existing tests.
+*** THIS CHANGELOG IS IN PREPARATION FOR THE NEW 2.2.0 RELEASE ***
+
+We are proud to present this new release of Lynis. It is a major upgrade, and the
+result of many months of work. This version includes new features and tests, and
+many small enhancements, to improve the tool. We encourage all to test and
+upgrade to this latest release.
 
 * Automation tools
 ------------------
@@ -28,9 +33,9 @@
 * Authentication
 ----------------
 Depending on the operating system, Lynis now tries to determine if failed logins are properly logged. This includes
-    checking for /etc/login.defs [AUTH-9408]. Merged password check on Solaris into AUTH-9228.
+checking for /etc/login.defs [AUTH-9408]. Merged previous password check for Solaris into test AUTH-9228.
-
 New plugin is introduced to analyze PAM settings. It including items like:
+
 - Two-factor authentication methods
 - Minimum password length, password strength and protection status against brute force cracking
 - Password history
@@ -39,6 +44,7 @@
 
 * Compliance
 ------------
+This release prepares for upcoming extensions to assist with compliance testing. The profile has a new option, which can b
 Added new compliance_standards option to default.prf. This defines if compliance testing should be performed in future, and for which standards.
 
 Right now these standards can be selected:
@@ -86,16 +92,14 @@
 -----------
 AUTH-9286 change has been extended to both capture minimum and password age.
 
-    * Software
+* Software and Packages
-    ----------
+-----------------------
 Log when vulnerable software packages were found
 
 * SSH
 -----
 Multiple configuration tests of SSH are now merged into SSH-7408. This enables easier testing later on and reduces repetition.
 
-    Special thanks to: Kamil Boratyński
-
 * UEFI and Secure Boot
 ----------------------
 Initial support to test UEFI settings, including Secure Boot option
@@ -111,6 +115,7 @@
 ------------------
 [AUTH-9204] Exclude NIS entries to avoid false positives
 [AUTH-9230] Removed test as it was merged into AUTH-9228
+[AUTH-9288] Test for expired passwords
 [AUTH-9328] Show correct message when no umask is found in /etc/profile. It also includes improved logging, and support for /etc/login.conf on systems like FreeBSD.
 [BOOT-5106] New test to test boot loader on Mac OS X
 [BOOT-5180] Only gets executed if runlevel 2 is found
@@ -121,6 +126,7 @@
 [MALW-3278] New test to detect LMD (Linux Malware Detect)
 [SHLL-6230] Test for umask values in shell configuration files (e.g. rc files)
 [TIME-3104] Show only suggestion on FreeBSD systems if ntpdate is configured, yet ntpd isn't running
+[TIME-3170] New test to check NTP configuration files and determine if any of them are world writable
 
 * Functions
 -----------
@@ -130,6 +136,7 @@
 [GetHostID]              If no MAC address is found, use SSH keys for creation of a host identifier
 [IsWordWritable]         Changed return codes for easier usage of the function
 [LogText]                Replaces the older logtext function
+[RandomString]           Creates a random string of characters
 [Report]                 Replaces the older report function
 [ReportSuggestion]       Allows two additional parameters to store details (text and external reference to a solution)
 [ReportWarning]          Like ReportSuggestion() has additional parameters
@@ -146,6 +153,10 @@
 - Tool tips are displayed, to make Lynis even easier to use.
 - PID file has additional checks, including cleanups.
 
+* Special thanks
+----------------
+We like to specifically thank Kamil Boratyński for his contributions to this release.
+
 * Plugins
 ---------
 [PAM]       New plugin available in all versions of Lynis

include/consts

@@ -130,6 +130,7 @@ unset LANG
     PRIVILEGED=0
     PROFILEVALUE=""
     PSBINARY="ps"
+    REMOTE_LOGGING_ENABLED=0
     RKHUNTERBINARY=""
     RPMBINARY=""
     RUN_HELPERS=0

include/tests_logging

@@ -346,13 +346,26 @@
             FIND=`egrep "@[a-zA-Z0-9]|destination\s.+(udp|tcp).+\sport" ${SYSLOGD_CONF} | grep -v "^#" | grep -v "[a-zA-Z0-9]@"`
             if [ ! "${FIND}" = "" ]; then
                 LogText "Result: remote logging enabled"
-                AddHP 5 5
+                REMOTE_LOGGING_ENABLED=1
-                Display --indent 2 --text "- Checking remote logging" --result ENABLED --color GREEN
             else
+                # Search for configured destinations with an IP address or hostname, then determine which ones are used as a log destination
+                DESTINATIONS=`grep "^destination" ${SYSLOGD_CONF} | egrep "(udp|tcp)" | grep "port" | awk '{print $2}'`
+                for DESTINATION in ${DESTINATIONS}; do
+                    FIND2=`grep "log" | grep "source" | egrep "destination\(${DESTINATION}\)"`
+                    if [ ! "${FIND2}" = "" ]; then
+                        LogText "Result: found destination ${DESTINATION} configured for remote logging"
+                        REMOTE_LOGGING_ENABLED=1
+                    fi
+                done
+            fi
+            if [ ${REMOTE_LOGGING_ENABLED} -eq 0 ]; then
                 LogText "Result: no remote logging found"
                 ReportSuggestion ${TEST_NO} "Enable logging to an external logging host for archiving purposes and additional protection"
                 AddHP 1 3
                 Display --indent 2 --text "- Checking remote logging" --result "NOT ENABLED" --color YELLOW
+              else
+                AddHP 5 5
+                Display --indent 2 --text "- Checking remote logging" --result ENABLED --color GREEN
             fi
           else
             LogText "Result: test skipped, file ${SYSLOGD_CONF} not found"