mirror of
https://github.com/CISOfy/lynis.git
synced 2025-07-22 13:24:32 +02:00
[LOGG-2154] Check for remote syslogging, more in-depth testing
This commit is contained in:
parent
95832c61d1
commit
72b0f65438
27
CHANGELOG
27
CHANGELOG
@ -17,9 +17,14 @@
|
||||
|
||||
================================================================================
|
||||
|
||||
= Lynis 2.1.x (2.2.0 release in development) =
|
||||
= Lynis 2.1.6 (development version for 2.2.x) =
|
||||
|
||||
This is an major release, which includes both new features and enhancements to existing tests.
|
||||
*** THIS CHANGELOG IS IN PREPARATION FOR THE NEW 2.2.0 RELEASE ***
|
||||
|
||||
We are proud to present this new release of Lynis. It is a major upgrade, and the
|
||||
result of many months of work. This version includes new features and tests, and
|
||||
many small enhancements, to improve the tool. We encourage all to test and
|
||||
upgrade to this latest release.
|
||||
|
||||
* Automation tools
|
||||
------------------
|
||||
@ -28,9 +33,9 @@
|
||||
* Authentication
|
||||
----------------
|
||||
Depending on the operating system, Lynis now tries to determine if failed logins are properly logged. This includes
|
||||
checking for /etc/login.defs [AUTH-9408]. Merged password check on Solaris into AUTH-9228.
|
||||
|
||||
checking for /etc/login.defs [AUTH-9408]. Merged previous password check for Solaris into test AUTH-9228.
|
||||
New plugin is introduced to analyze PAM settings. It including items like:
|
||||
|
||||
- Two-factor authentication methods
|
||||
- Minimum password length, password strength and protection status against brute force cracking
|
||||
- Password history
|
||||
@ -39,6 +44,7 @@
|
||||
|
||||
* Compliance
|
||||
------------
|
||||
This release prepares for upcoming extensions to assist with compliance testing. The profile has a new option, which can b
|
||||
Added new compliance_standards option to default.prf. This defines if compliance testing should be performed in future, and for which standards.
|
||||
|
||||
Right now these standards can be selected:
|
||||
@ -86,16 +92,14 @@
|
||||
-----------
|
||||
AUTH-9286 change has been extended to both capture minimum and password age.
|
||||
|
||||
* Software
|
||||
----------
|
||||
* Software and Packages
|
||||
-----------------------
|
||||
Log when vulnerable software packages were found
|
||||
|
||||
* SSH
|
||||
-----
|
||||
Multiple configuration tests of SSH are now merged into SSH-7408. This enables easier testing later on and reduces repetition.
|
||||
|
||||
Special thanks to: Kamil Boratyński
|
||||
|
||||
* UEFI and Secure Boot
|
||||
----------------------
|
||||
Initial support to test UEFI settings, including Secure Boot option
|
||||
@ -111,6 +115,7 @@
|
||||
------------------
|
||||
[AUTH-9204] Exclude NIS entries to avoid false positives
|
||||
[AUTH-9230] Removed test as it was merged into AUTH-9228
|
||||
[AUTH-9288] Test for expired passwords
|
||||
[AUTH-9328] Show correct message when no umask is found in /etc/profile. It also includes improved logging, and support for /etc/login.conf on systems like FreeBSD.
|
||||
[BOOT-5106] New test to test boot loader on Mac OS X
|
||||
[BOOT-5180] Only gets executed if runlevel 2 is found
|
||||
@ -121,6 +126,7 @@
|
||||
[MALW-3278] New test to detect LMD (Linux Malware Detect)
|
||||
[SHLL-6230] Test for umask values in shell configuration files (e.g. rc files)
|
||||
[TIME-3104] Show only suggestion on FreeBSD systems if ntpdate is configured, yet ntpd isn't running
|
||||
[TIME-3170] New test to check NTP configuration files and determine if any of them are world writable
|
||||
|
||||
* Functions
|
||||
-----------
|
||||
@ -130,6 +136,7 @@
|
||||
[GetHostID] If no MAC address is found, use SSH keys for creation of a host identifier
|
||||
[IsWordWritable] Changed return codes for easier usage of the function
|
||||
[LogText] Replaces the older logtext function
|
||||
[RandomString] Creates a random string of characters
|
||||
[Report] Replaces the older report function
|
||||
[ReportSuggestion] Allows two additional parameters to store details (text and external reference to a solution)
|
||||
[ReportWarning] Like ReportSuggestion() has additional parameters
|
||||
@ -146,6 +153,10 @@
|
||||
- Tool tips are displayed, to make Lynis even easier to use.
|
||||
- PID file has additional checks, including cleanups.
|
||||
|
||||
* Special thanks
|
||||
----------------
|
||||
We like to specifically thank Kamil Boratyński for his contributions to this release.
|
||||
|
||||
* Plugins
|
||||
---------
|
||||
[PAM] New plugin available in all versions of Lynis
|
||||
|
@ -130,6 +130,7 @@ unset LANG
|
||||
PRIVILEGED=0
|
||||
PROFILEVALUE=""
|
||||
PSBINARY="ps"
|
||||
REMOTE_LOGGING_ENABLED=0
|
||||
RKHUNTERBINARY=""
|
||||
RPMBINARY=""
|
||||
RUN_HELPERS=0
|
||||
|
@ -346,13 +346,26 @@
|
||||
FIND=`egrep "@[a-zA-Z0-9]|destination\s.+(udp|tcp).+\sport" ${SYSLOGD_CONF} | grep -v "^#" | grep -v "[a-zA-Z0-9]@"`
|
||||
if [ ! "${FIND}" = "" ]; then
|
||||
LogText "Result: remote logging enabled"
|
||||
AddHP 5 5
|
||||
Display --indent 2 --text "- Checking remote logging" --result ENABLED --color GREEN
|
||||
REMOTE_LOGGING_ENABLED=1
|
||||
else
|
||||
# Search for configured destinations with an IP address or hostname, then determine which ones are used as a log destination
|
||||
DESTINATIONS=`grep "^destination" ${SYSLOGD_CONF} | egrep "(udp|tcp)" | grep "port" | awk '{print $2}'`
|
||||
for DESTINATION in ${DESTINATIONS}; do
|
||||
FIND2=`grep "log" | grep "source" | egrep "destination\(${DESTINATION}\)"`
|
||||
if [ ! "${FIND2}" = "" ]; then
|
||||
LogText "Result: found destination ${DESTINATION} configured for remote logging"
|
||||
REMOTE_LOGGING_ENABLED=1
|
||||
fi
|
||||
done
|
||||
fi
|
||||
if [ ${REMOTE_LOGGING_ENABLED} -eq 0 ]; then
|
||||
LogText "Result: no remote logging found"
|
||||
ReportSuggestion ${TEST_NO} "Enable logging to an external logging host for archiving purposes and additional protection"
|
||||
AddHP 1 3
|
||||
Display --indent 2 --text "- Checking remote logging" --result "NOT ENABLED" --color YELLOW
|
||||
else
|
||||
AddHP 5 5
|
||||
Display --indent 2 --text "- Checking remote logging" --result ENABLED --color GREEN
|
||||
fi
|
||||
else
|
||||
LogText "Result: test skipped, file ${SYSLOGD_CONF} not found"
|
||||
|
Loading…
x
Reference in New Issue
Block a user