tyler.durden
/
lynis
mirror of https://github.com/CISOfy/lynis.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'master' of https://github.com/CISOfy/lynis

This commit is contained in:
Michael Boelen 2024-09-10 16:46:20 +00:00
parent 48279f7cd8 5f4c789724
commit 7bf2024c7d
No known key found for this signature in database
GPG Key ID: 26141F77A09D7F04
6 changed files with 11 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
CHANGELOG.md
View File

@ -19,8 +19,7 @@
### Changed ### Changed
- Correction of software EOL database and inclusion of AIX entries - Correction of software EOL database and inclusion of AIX entries
- Support sysctl value perf_event_paranoid -> 2|3 - Support sysctl value perf_event_paranoid -> 2|3
- Update of Turkish translation - Update of translations: German, Portuguest, Turkish
- Update of Portuguese translation
- Grammar and spell improvements - Grammar and spell improvements
- Improved package detection on Alpine Linux - Improved package detection on Alpine Linux
- Slackware support to check installed packges (functionPackageIsInstalled()) - Slackware support to check installed packges (functionPackageIsInstalled())
@ -32,6 +31,7 @@
- CONT-8104 - Checking for errors, not only warning in docker info output - CONT-8104 - Checking for errors, not only warning in docker info output
- DBS-1826 - PostgreSQL detection improved for AlmaLinux, Rocky Linux, and FreeBSD - DBS-1826 - PostgreSQL detection improved for AlmaLinux, Rocky Linux, and FreeBSD
- FILE-6344 - Test kernel version (major/minor) - FILE-6344 - Test kernel version (major/minor)
- INSE-8000 - Added inetd package and service name used in ubuntu 24.04
- KRNL-5622 - Use systemctl get-default instead of following link - KRNL-5622 - Use systemctl get-default instead of following link
- KRNL-5820 - Accept ulimit with -H parameter also - KRNL-5820 - Accept ulimit with -H parameter also
- LOGG-2144 - Check for wazuh-agent presence on Linux systems - LOGG-2144 - Check for wazuh-agent presence on Linux systems
@ -43,6 +43,7 @@
- PKGS-7303 - Added version numbers to brew packages - PKGS-7303 - Added version numbers to brew packages
- PKGS-7370 - Cron job check for debsums improved - PKGS-7370 - Cron job check for debsums improved
- PKGS-7392 - Improved filtering of apt-check output (Ubuntu 24.04 may give an error) - PKGS-7392 - Improved filtering of apt-check output (Ubuntu 24.04 may give an error)
- PKGS-7410 - Added kernel name for Hardkernel odroid XU4
--------------------------------------------------------------------------------- ---------------------------------------------------------------------------------

2
db/languages/de
View File

@ -106,4 +106,4 @@ STATUS_WEAK="SCHWACH"
STATUS_YES="JA" STATUS_YES="JA"
TEXT_UPDATE_AVAILABLE="Aktualisierung verfügbar" TEXT_UPDATE_AVAILABLE="Aktualisierung verfügbar"
TEXT_YOU_CAN_HELP_LOGFILE="Sie können durch Übermittlung Ihrer Logdatei helfen" TEXT_YOU_CAN_HELP_LOGFILE="Sie können durch Übermittlung Ihrer Logdatei helfen"
#SECTION_KERBEROS="Kerberos" SECTION_KERBEROS="Kerberos"

4
include/tests_filesystems
View File

@ -877,8 +877,8 @@
fi fi
FIND=$(${LSBINARY} ${ROOTDIR}etc/modprobe.d/* 2> /dev/null) FIND=$(${LSBINARY} ${ROOTDIR}etc/modprobe.d/* 2> /dev/null)
if [ -n "${FIND}" ]; then if [ -n "${FIND}" ]; then
FIND1=$(${GREPBINARY} -E "^blacklist \+${FS}$" ${ROOTDIR}etc/modprobe.d/* | ${GREPBINARY} -v "#") FIND1=$(${GREPBINARY} -E "^blacklist[[:space:]]+${FS}$" ${ROOTDIR}etc/modprobe.d/* | ${GREPBINARY} -v "#")
FIND2=$(${GREPBINARY} -E "^install \+${FS} \+/bin/true$" ${ROOTDIR}etc/modprobe.d/* | ${GREPBINARY} -v "#") FIND2=$(${GREPBINARY} -E "^install[[:space:]]+${FS}[[:space:]]+/bin/(true|false)$" ${ROOTDIR}etc/modprobe.d/* | ${GREPBINARY} -v "#")
if [ -n "${FIND1}" ] || [ -n "${FIND2}" ]; then if [ -n "${FIND1}" ] || [ -n "${FIND2}" ]; then
Display --indent 4 --text "- Module $FS is blacklisted" --result "OK" --color GREEN Display --indent 4 --text "- Module $FS is blacklisted" --result "OK" --color GREEN
LogText "Result: module ${FS} is blacklisted" LogText "Result: module ${FS} is blacklisted"

4
include/tests_insecure_services
View File

@ -41,7 +41,7 @@
if [ ${SKIPTEST} -eq 0 ]; then if [ ${SKIPTEST} -eq 0 ]; then
# Check for installed inetd daemon # Check for installed inetd daemon
LogText "Test: Checking if inetd is installed" LogText "Test: Checking if inetd is installed"
if PackageIsInstalled "inetd"; then if PackageIsInstalled "inetd" || PackageIsInstalled "inetutils-inetd"; then
INETD_PACKAGE_INSTALLED=1 INETD_PACKAGE_INSTALLED=1
LogText "Result: inetd is installed" LogText "Result: inetd is installed"
Display --indent 2 --text "- Installed inetd package" --result "${STATUS_FOUND}" --color YELLOW Display --indent 2 --text "- Installed inetd package" --result "${STATUS_FOUND}" --color YELLOW
@ -61,7 +61,7 @@
if [ ${SKIPTEST} -eq 0 ]; then if [ ${SKIPTEST} -eq 0 ]; then
# Check running processes # Check running processes
LogText "Test: Searching for active inet daemon" LogText "Test: Searching for active inet daemon"
if IsRunning "inetd"; then if IsRunning "inetd" || IsRunning "inetutils-inetd"; then
LogText "Result: inetd is running" LogText "Result: inetd is running"
Display --indent 4 --text "- inetd status" --result "${STATUS_ACTIVE}" --color GREEN Display --indent 4 --text "- inetd status" --result "${STATUS_ACTIVE}" --color GREEN
INETD_ACTIVE=1 INETD_ACTIVE=1

4
include/tests_networking
View File

@ -750,7 +750,7 @@
UNCOMMON_PROTOCOL_DISABLED=0 UNCOMMON_PROTOCOL_DISABLED=0
# First check modprobe.conf # First check modprobe.conf
if [ -f ${ROOTDIR}etc/modprobe.conf ]; then if [ -f ${ROOTDIR}etc/modprobe.conf ]; then
DATA=$(${GREPBINARY} "^install \+${P} \+/bin/(true|false)$" ${ROOTDIR}etc/modprobe.conf) DATA=$(${GREPBINARY} -E "^install[[:space:]]+${P}[[:space:]]+/bin/(true|false)$" ${ROOTDIR}etc/modprobe.conf)
if [ -n "${DATA}" ]; then if [ -n "${DATA}" ]; then
LogText "Result: found ${P} module disabled via modprobe.conf" LogText "Result: found ${P} module disabled via modprobe.conf"
UNCOMMON_PROTOCOL_DISABLED=1 UNCOMMON_PROTOCOL_DISABLED=1
@ -759,7 +759,7 @@
# Then additional modprobe configuration files # Then additional modprobe configuration files
if [ -d ${ROOTDIR}etc/modprobe.d ]; then if [ -d ${ROOTDIR}etc/modprobe.d ]; then
# Return file names (-l) and suppress errors (-s) # Return file names (-l) and suppress errors (-s)
DATA=$(${GREPBINARY} -l -s "^install \+${P} \+/bin/(true|false)$" ${ROOTDIR}etc/modprobe.d/*) DATA=$(${GREPBINARY} -l -s -E "^install[[:space:]]+${P}[[:space:]]+/bin/(true|false)$" ${ROOTDIR}etc/modprobe.d/*)
if [ -n "${DATA}" ]; then if [ -n "${DATA}" ]; then
UNCOMMON_PROTOCOL_DISABLED=1 UNCOMMON_PROTOCOL_DISABLED=1
for F in ${DATA}; do for F in ${DATA}; do

2
include/tests_ports_packages
View File

@ -1378,7 +1378,7 @@ EOF
if [ "${DPKGBINARY}" ]; then if [ "${DPKGBINARY}" ]; then
TESTED=1 TESTED=1
KERNEL_PKG_NAMES="linux-image-[0-9]|raspberrypi-kernel|pve-kernel-[0-9]" KERNEL_PKG_NAMES="linux-image-[0-9]|raspberrypi-kernel|pve-kernel-[0-9]|linux-odroid-5422"
KERNELS=$(${DPKGBINARY} -l 2> /dev/null | ${GREPBINARY} -E "${KERNEL_PKG_NAMES}" | ${WCBINARY} -l) KERNELS=$(${DPKGBINARY} -l 2> /dev/null | ${GREPBINARY} -E "${KERNEL_PKG_NAMES}" | ${WCBINARY} -l)
if [ ${KERNELS} -eq 0 ]; then if [ ${KERNELS} -eq 0 ]; then
LogText "Result: found no kernels from dpkg -l output, which is unexpected" LogText "Result: found no kernels from dpkg -l output, which is unexpected"