Merge branch 'master' of https://github.com/CISOfy/lynis

2024-09-10 16:46:20 +00:00 · 2024-09-10 16:46:20 +00:00 · 7bf2024c7d
parent 48279f7cd8 5f4c789724
commit 7bf2024c7d
6 changed files with 11 additions and 10 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -19,8 +19,7 @@
 ### Changed
 - Correction of software EOL database and inclusion of AIX entries
 - Support sysctl value perf_event_paranoid -> 2|3
- Update of Turkish translation
- Update of Portuguese translation
+- Update of translations: German, Portuguest, Turkish
 - Grammar and spell improvements
 - Improved package detection on Alpine Linux
 - Slackware support to check installed packges (functionPackageIsInstalled())
@ -32,6 +31,7 @@
 - CONT-8104 - Checking for errors, not only warning in docker info output
 - DBS-1826 - PostgreSQL detection improved for AlmaLinux, Rocky Linux, and FreeBSD
 - FILE-6344 - Test kernel version (major/minor)
+- INSE-8000 - Added inetd package and service name used in ubuntu 24.04
 - KRNL-5622 - Use systemctl get-default instead of following link
 - KRNL-5820 - Accept ulimit with -H parameter also
 - LOGG-2144 - Check for wazuh-agent presence on Linux systems
@ -43,6 +43,7 @@
 - PKGS-7303 - Added version numbers to brew packages
 - PKGS-7370 - Cron job check for debsums improved
 - PKGS-7392 - Improved filtering of apt-check output (Ubuntu 24.04 may give an error)
+- PKGS-7410 - Added kernel name for Hardkernel odroid XU4

 ---------------------------------------------------------------------------------

--- a/db/languages/de
+++ b/db/languages/de
@ -106,4 +106,4 @@ STATUS_WEAK="SCHWACH"
 STATUS_YES="JA"
 TEXT_UPDATE_AVAILABLE="Aktualisierung verfügbar"
 TEXT_YOU_CAN_HELP_LOGFILE="Sie können durch Übermittlung Ihrer Logdatei helfen"
-#SECTION_KERBEROS="Kerberos"
+SECTION_KERBEROS="Kerberos"
--- a/include/tests_filesystems
+++ b/include/tests_filesystems
@ -877,8 +877,8 @@
                fi
                FIND=$(${LSBINARY} ${ROOTDIR}etc/modprobe.d/* 2> /dev/null)
                if [ -n "${FIND}" ]; then
-                    FIND1=$(${GREPBINARY} -E "^blacklist \+${FS}$" ${ROOTDIR}etc/modprobe.d/* | ${GREPBINARY} -v "#")
-                    FIND2=$(${GREPBINARY} -E "^install \+${FS} \+/bin/true$" ${ROOTDIR}etc/modprobe.d/* | ${GREPBINARY} -v "#")
+                    FIND1=$(${GREPBINARY} -E "^blacklist[[:space:]]+${FS}$" ${ROOTDIR}etc/modprobe.d/* | ${GREPBINARY} -v "#")
+                    FIND2=$(${GREPBINARY} -E "^install[[:space:]]+${FS}[[:space:]]+/bin/(true|false)$" ${ROOTDIR}etc/modprobe.d/* | ${GREPBINARY} -v "#")
                        if [ -n "${FIND1}" ] || [ -n "${FIND2}" ]; then
                            Display --indent 4 --text "- Module $FS is blacklisted" --result "OK" --color GREEN
                            LogText "Result: module ${FS} is blacklisted"
--- a/include/tests_insecure_services
+++ b/include/tests_insecure_services
@ -41,7 +41,7 @@
    if [ ${SKIPTEST} -eq 0 ]; then
        # Check for installed inetd daemon
        LogText "Test: Checking if inetd is installed"
-        if PackageIsInstalled "inetd"; then
+        if PackageIsInstalled "inetd" || PackageIsInstalled "inetutils-inetd"; then
            INETD_PACKAGE_INSTALLED=1
            LogText "Result: inetd is installed"
            Display --indent 2 --text "- Installed inetd package" --result "${STATUS_FOUND}" --color YELLOW
@ -61,7 +61,7 @@
    if [ ${SKIPTEST} -eq 0 ]; then
        # Check running processes
        LogText "Test: Searching for active inet daemon"
-        if IsRunning "inetd"; then
+        if IsRunning "inetd" || IsRunning "inetutils-inetd"; then
            LogText "Result: inetd is running"
            Display --indent 4 --text "- inetd status" --result "${STATUS_ACTIVE}" --color GREEN
            INETD_ACTIVE=1
--- a/include/tests_networking
+++ b/include/tests_networking
@ -750,7 +750,7 @@
                        UNCOMMON_PROTOCOL_DISABLED=0
                        # First check modprobe.conf
                        if [ -f ${ROOTDIR}etc/modprobe.conf ]; then
-                            DATA=$(${GREPBINARY} "^install \+${P} \+/bin/(true|false)$" ${ROOTDIR}etc/modprobe.conf)
+                            DATA=$(${GREPBINARY} -E "^install[[:space:]]+${P}[[:space:]]+/bin/(true|false)$" ${ROOTDIR}etc/modprobe.conf)
                            if [ -n "${DATA}" ]; then
                                LogText "Result: found ${P} module disabled via modprobe.conf"
                                UNCOMMON_PROTOCOL_DISABLED=1
@ -759,7 +759,7 @@
                        # Then additional modprobe configuration files
                        if [ -d ${ROOTDIR}etc/modprobe.d ]; then
                            # Return file names (-l) and suppress errors (-s)
-                            DATA=$(${GREPBINARY} -l -s "^install \+${P} \+/bin/(true|false)$" ${ROOTDIR}etc/modprobe.d/*)
+                            DATA=$(${GREPBINARY} -l -s -E "^install[[:space:]]+${P}[[:space:]]+/bin/(true|false)$" ${ROOTDIR}etc/modprobe.d/*)
                            if [ -n "${DATA}" ]; then
                                UNCOMMON_PROTOCOL_DISABLED=1
                                for F in ${DATA}; do
--- a/include/tests_ports_packages
+++ b/include/tests_ports_packages
@ -1378,7 +1378,7 @@ EOF

        if [ "${DPKGBINARY}" ]; then
            TESTED=1
-            KERNEL_PKG_NAMES="linux-image-[0-9]|raspberrypi-kernel|pve-kernel-[0-9]"
+            KERNEL_PKG_NAMES="linux-image-[0-9]|raspberrypi-kernel|pve-kernel-[0-9]|linux-odroid-5422"
            KERNELS=$(${DPKGBINARY} -l 2> /dev/null | ${GREPBINARY} -E "${KERNEL_PKG_NAMES}" | ${WCBINARY} -l)
            if [ ${KERNELS} -eq 0 ]; then
                LogText "Result: found no kernels from dpkg -l output, which is unexpected"