[LOGG-2154] Check for remote syslogging, more in-depth testing

This commit is contained in:
mboelen 2015-12-22 16:56:15 +01:00
parent 95832c61d1
commit 72b0f65438
3 changed files with 137 additions and 112 deletions

View File

@ -17,9 +17,14 @@
================================================================================
= Lynis 2.1.x (2.2.0 release in development) =
= Lynis 2.1.6 (development version for 2.2.x) =
This is an major release, which includes both new features and enhancements to existing tests.
*** THIS CHANGELOG IS IN PREPARATION FOR THE NEW 2.2.0 RELEASE ***
We are proud to present this new release of Lynis. It is a major upgrade, and the
result of many months of work. This version includes new features and tests, and
many small enhancements, to improve the tool. We encourage all to test and
upgrade to this latest release.
* Automation tools
------------------
@ -28,9 +33,9 @@
* Authentication
----------------
Depending on the operating system, Lynis now tries to determine if failed logins are properly logged. This includes
checking for /etc/login.defs [AUTH-9408]. Merged password check on Solaris into AUTH-9228.
checking for /etc/login.defs [AUTH-9408]. Merged previous password check for Solaris into test AUTH-9228.
New plugin is introduced to analyze PAM settings. It including items like:
- Two-factor authentication methods
- Minimum password length, password strength and protection status against brute force cracking
- Password history
@ -39,6 +44,7 @@
* Compliance
------------
This release prepares for upcoming extensions to assist with compliance testing. The profile has a new option, which can b
Added new compliance_standards option to default.prf. This defines if compliance testing should be performed in future, and for which standards.
Right now these standards can be selected:
@ -86,16 +92,14 @@
-----------
AUTH-9286 change has been extended to both capture minimum and password age.
* Software
----------
* Software and Packages
-----------------------
Log when vulnerable software packages were found
* SSH
-----
Multiple configuration tests of SSH are now merged into SSH-7408. This enables easier testing later on and reduces repetition.
Special thanks to: Kamil Boratyński
* UEFI and Secure Boot
----------------------
Initial support to test UEFI settings, including Secure Boot option
@ -111,6 +115,7 @@
------------------
[AUTH-9204] Exclude NIS entries to avoid false positives
[AUTH-9230] Removed test as it was merged into AUTH-9228
[AUTH-9288] Test for expired passwords
[AUTH-9328] Show correct message when no umask is found in /etc/profile. It also includes improved logging, and support for /etc/login.conf on systems like FreeBSD.
[BOOT-5106] New test to test boot loader on Mac OS X
[BOOT-5180] Only gets executed if runlevel 2 is found
@ -121,6 +126,7 @@
[MALW-3278] New test to detect LMD (Linux Malware Detect)
[SHLL-6230] Test for umask values in shell configuration files (e.g. rc files)
[TIME-3104] Show only suggestion on FreeBSD systems if ntpdate is configured, yet ntpd isn't running
[TIME-3170] New test to check NTP configuration files and determine if any of them are world writable
* Functions
-----------
@ -130,6 +136,7 @@
[GetHostID] If no MAC address is found, use SSH keys for creation of a host identifier
[IsWordWritable] Changed return codes for easier usage of the function
[LogText] Replaces the older logtext function
[RandomString] Creates a random string of characters
[Report] Replaces the older report function
[ReportSuggestion] Allows two additional parameters to store details (text and external reference to a solution)
[ReportWarning] Like ReportSuggestion() has additional parameters
@ -146,6 +153,10 @@
- Tool tips are displayed, to make Lynis even easier to use.
- PID file has additional checks, including cleanups.
* Special thanks
----------------
We like to specifically thank Kamil Boratyński for his contributions to this release.
* Plugins
---------
[PAM] New plugin available in all versions of Lynis

View File

@ -130,6 +130,7 @@ unset LANG
PRIVILEGED=0
PROFILEVALUE=""
PSBINARY="ps"
REMOTE_LOGGING_ENABLED=0
RKHUNTERBINARY=""
RPMBINARY=""
RUN_HELPERS=0

View File

@ -346,13 +346,26 @@
FIND=`egrep "@[a-zA-Z0-9]|destination\s.+(udp|tcp).+\sport" ${SYSLOGD_CONF} | grep -v "^#" | grep -v "[a-zA-Z0-9]@"`
if [ ! "${FIND}" = "" ]; then
LogText "Result: remote logging enabled"
AddHP 5 5
Display --indent 2 --text "- Checking remote logging" --result ENABLED --color GREEN
REMOTE_LOGGING_ENABLED=1
else
# Search for configured destinations with an IP address or hostname, then determine which ones are used as a log destination
DESTINATIONS=`grep "^destination" ${SYSLOGD_CONF} | egrep "(udp|tcp)" | grep "port" | awk '{print $2}'`
for DESTINATION in ${DESTINATIONS}; do
FIND2=`grep "log" | grep "source" | egrep "destination\(${DESTINATION}\)"`
if [ ! "${FIND2}" = "" ]; then
LogText "Result: found destination ${DESTINATION} configured for remote logging"
REMOTE_LOGGING_ENABLED=1
fi
done
fi
if [ ${REMOTE_LOGGING_ENABLED} -eq 0 ]; then
LogText "Result: no remote logging found"
ReportSuggestion ${TEST_NO} "Enable logging to an external logging host for archiving purposes and additional protection"
AddHP 1 3
Display --indent 2 --text "- Checking remote logging" --result "NOT ENABLED" --color YELLOW
else
AddHP 5 5
Display --indent 2 --text "- Checking remote logging" --result ENABLED --color GREEN
fi
else
LogText "Result: test skipped, file ${SYSLOGD_CONF} not found"