tyler.durden/lynis
1
0
Fork 0
mirror of https://github.com/CISOfy/lynis.git synced 2025-07-27 07:44:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

Fixed a typo

Browse Source
This commit is contained in:
Michael Boelen 2019-09-21 16:31:06 +02:00
parent 2c32e8e04d
commit a1b6d463b2
No known key found for this signature in database
GPG Key ID: 26141F77A09D7F04
17 changed files with 23 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
CHANGELOG.md
View File

@ -67,6 +67,7 @@ Using the relevant options, the scan will change base on the intended goal.
- Profiles: message is displayed when old format "key:value" is used - Profiles: message is displayed when old format "key:value" is used
- Security: the 'nounset' (set -u) parameter is now activated by default - Security: the 'nounset' (set -u) parameter is now activated by default
- AUTH-9266 - skip .pam-old files in /etc/pam.d - AUTH-9266 - skip .pam-old files in /etc/pam.d
- AUTH-9282 - fix: temporary variable was overwritten
- AUTH-9408 - added support for pam_tally2 to log failed logins - AUTH-9408 - added support for pam_tally2 to log failed logins
- CONT-8106 - support newer 'docker info' output - CONT-8106 - support newer 'docker info' output
- CRYP-8002 - gather kernel entropy on Linux systems - CRYP-8002 - gather kernel entropy on Linux systems
@ -2916,10 +2917,10 @@ Lynis 1.1.7 (2008-06-28)
- Added dig availability check to DNS test [NETW-2704] - Added dig availability check to DNS test [NETW-2704]
- Bugfix: Fixed iptables test if the binary is not located in /sbin [FIRE-4512] - Bugfix: Fixed iptables test if the binary is not located in /sbin [FIRE-4512]
- Bugfix: Improved yum-utils check to display suggestions correctly [PKGS-7384] - Bugfix: Improved yum-utils check to display suggestions correctly [PKGS-7384]
- Bugfix: Fixed prequisits for grpck test [AUTH-9216] - Bugfix: Fixed prerequisites for grpck test [AUTH-9216]
- Improved MySQL check [DBS-1804] - Improved MySQL check [DBS-1804]
- Changed color at chkconfig boot services test [BOOT-5177] - Changed color at chkconfig boot services test [BOOT-5177]
- Added missing prequisits output to portaudit test [PKGS-7382] - Added missing prerequisites output to portaudit test [PKGS-7382]
- Test output for FreeBSD mounts (UFS) improved [FILE-6329] - Test output for FreeBSD mounts (UFS) improved [FILE-6329]
- Extended OpenLDAP test to avoid finding itself in ps output [LDAP-2219] - Extended OpenLDAP test to avoid finding itself in ps output [LDAP-2219]
- Several tests have their warning reporting improved - Several tests have their warning reporting improved

4
include/binaries
View File

@ -65,10 +65,10 @@
if [ ${FOUND} -eq 1 ]; then if [ ${FOUND} -eq 1 ]; then
# Stop execution if privileged, otherwise continue but warn user # Stop execution if privileged, otherwise continue but warn user
if [ ${PRIVILEGED} -eq 1 ]; then if [ ${PRIVILEGED} -eq 1 ]; then
ExitFatal "Possible riskful location (${SCANDIR}) in PATH discovered. Quitting..." ExitFatal "Suspicious location (${SCANDIR}) in PATH discovered. Quitting..."
else else
Display --indent 4 --text "Warning: suspicious location (${SCANDIR}) in PATH" Display --indent 4 --text "Warning: suspicious location (${SCANDIR}) in PATH"
ReportWarning "${TEST_NO}" "Possible riskful location in PATH discovered" "text:${MSG}" ReportWarning "${TEST_NO}" "Suspicious location in PATH discovered" "text:${MSG}"
sleep 1 sleep 1
fi fi
fi fi

2
include/functions
View File

@ -1418,7 +1418,7 @@
if [ -e /proc/1/environ ]; then if [ -e /proc/1/environ ]; then
FIND=$(grep -qa 'container=lxc' ${ROOTDIR}proc/1/environ 2> /dev/null) FIND=$(grep -qa 'container=lxc' ${ROOTDIR}proc/1/environ 2> /dev/null)
if [ $? -eq 0 ]; then if [ $? -eq 0 ]; then
LogText "Result: found LXC in environnement (/proc/1/environ), so we are running in LXC container" LogText "Result: found LXC in environment (/proc/1/environ), so we are running in LXC container"
CONTAINER_TYPE="LXC"; FOUND=1 CONTAINER_TYPE="LXC"; FOUND=1
EXITCODE=0 EXITCODE=0
fi fi

2
include/profiles
View File

@ -196,7 +196,7 @@
OPTION_FREEBSD_SKIP_PORTAUDIT="${VALUE}" OPTION_FREEBSD_SKIP_PORTAUDIT="${VALUE}"
;; ;;
# Lynis Enterprise: group name - deprecrated option # Lynis Enterprise: group name - deprecated option
group) group)
GROUP_NAME="${VALUE}" GROUP_NAME="${VALUE}"
AddSetting "group" "${GROUP_NAME}" "Group" AddSetting "group" "${GROUP_NAME}" "Group"

2
include/tests_custom.template
View File

@ -109,7 +109,7 @@
################################################################################# #################################################################################
# #
# Test : CUST-0040 # Test : CUST-0040
# Description : Our second test, with a prequisite test # Description : Our second test, with a prerequisite test
# First check if OPENSSLBINARY is known as a prerequisite for this test # First check if OPENSSLBINARY is known as a prerequisite for this test
# ! means "not". So if the binary is known, the prerequisite is matched. Otherwise we set it to NO and define a reason why we skipped this test # ! means "not". So if the binary is known, the prerequisite is matched. Otherwise we set it to NO and define a reason why we skipped this test

2
include/tests_databases
View File

@ -219,7 +219,7 @@
################################################################################# #################################################################################
# #
# Test : DBS-1860 # Test : DBS-1860
# Description : Checks if a DB2 instance is currently runnigng # Description : Checks if a DB2 instance is currently running
Register --test-no DBS-1860 --weight L --network NO --category security --description "Checking active DB2 instances" Register --test-no DBS-1860 --weight L --network NO --category security --description "Checking active DB2 instances"
if [ ${SKIPTEST} -eq 0 ]; then if [ ${SKIPTEST} -eq 0 ]; then
if IsRunning db2sysc; then if IsRunning db2sysc; then

4
include/tests_dns
View File

@ -35,7 +35,7 @@
################################################################################# #################################################################################
# #
# # Test : DNS-1600 # # Test : DNS-1600
# # Description : Validate DNSSEC signiture is checked # # Description : Validate DNSSEC signature is checked
# Register --test-no DNS-1600 --weight L --network YES --category security --description "Validate DNSSEC igniture is checked" # Register --test-no DNS-1600 --weight L --network YES --category security --description "Validate DNSSEC igniture is checked"
# if [ "${SKIPTEST}" -eq 0 ]; then # if [ "${SKIPTEST}" -eq 0 ]; then
# if [ -n "${DIGBINARY}" ]; then # if [ -n "${DIGBINARY}" ]; then
@ -54,7 +54,7 @@
# elif [ -n "${GOOD}" -a -n "${BAD}" ]; then # elif [ -n "${GOOD}" -a -n "${BAD}" ]; then
# Display --indent 4 --text "- Checking DNSSEC validation" --result "${STATUS_SUGGESTION}" --color YELLOW # Display --indent 4 --text "- Checking DNSSEC validation" --result "${STATUS_SUGGESTION}" --color YELLOW
# LogText "Note: Using DNSSEC validation can protect from DNS hijacking" # LogText "Note: Using DNSSEC validation can protect from DNS hijacking"
# #ReportSuggestion "${TEST_NO}" "Altered DNS queries are accepted, configure DNSSEC valdating name servers" # #ReportSuggestion "${TEST_NO}" "Altered DNS queries are accepted, configure DNSSEC validating name servers"
# AddHP 2 2 # AddHP 2 2
# elif [ -n "${GOOD}" -a -z "${BAD}" ]; then # elif [ -n "${GOOD}" -a -z "${BAD}" ]; then
# Display --indent 4 --text "- Checking DNSSEC validation" --result "${STATUS_OK}" --color GREEN # Display --indent 4 --text "- Checking DNSSEC validation" --result "${STATUS_OK}" --color GREEN

2
include/tests_hardening
View File

@ -20,7 +20,7 @@
# #
InsertSection "Hardening" InsertSection "Hardening"
# COMPILER_INSTALLED is initialised before # COMPILER_INSTALLED is initialized before
HARDEN_COMPILERS_NEEDED=0 HARDEN_COMPILERS_NEEDED=0
# #
################################################################################# #################################################################################

2
include/tests_homedirs
View File

@ -135,7 +135,7 @@
LogText "Info: above files could be redirected files to avoid logging and should be investigated" LogText "Info: above files could be redirected files to avoid logging and should be investigated"
ReportWarning ${TEST_NO} "Incorrect file type found for shell history file" ReportWarning ${TEST_NO} "Incorrect file type found for shell history file"
fi fi
LogText "Remarks: History files are normally of the type 'file'. Symbolic links and other types can be riskful." LogText "Remarks: History files are normally of the type 'file'. Symbolic links and other types are suspicious."
else else
Display --indent 2 --text "- Checking shell history files" --result "${STATUS_SKIPPED}" --color WHITE Display --indent 2 --text "- Checking shell history files" --result "${STATUS_SKIPPED}" --color WHITE
LogText "Result: Homedirs is empty, test will be skipped" LogText "Result: Homedirs is empty, test will be skipped"

2
include/tests_ldap
View File

@ -89,7 +89,7 @@
################################################################################# #################################################################################
# #
# Test : LDAP-2240 # Test : LDAP-2240
# Description : Check OpenLDAP unencrypted RootDN password # Description : Check OpenLDAP plaintext RootDN password
# #
################################################################################# #################################################################################
# #

2
include/tests_nameservices
View File

@ -124,7 +124,7 @@
Report "resolv_conf_option[]=${ITEM}" Report "resolv_conf_option[]=${ITEM}"
# TODO add suggestions for the related options # TODO add suggestions for the related options
# rotate --> add performance tune point # rotate --> add performance tune point
# timeout --> add performe tune point when smaller than 3 seconds # timeout --> add performance tune point when smaller than 3 seconds
done done
Display --indent 2 --text "- Checking /etc/resolv.conf options" --result "${STATUS_FOUND}" --color GREEN Display --indent 2 --text "- Checking /etc/resolv.conf options" --result "${STATUS_FOUND}" --color GREEN
fi fi

4
include/tests_php
View File

@ -295,7 +295,7 @@
FIND=$(${EGREPBINARY} -i 'allow_url_fopen.*(off|no|0)' ${PHPINIFILE} | ${GREPBINARY} -v '^;') FIND=$(${EGREPBINARY} -i 'allow_url_fopen.*(off|no|0)' ${PHPINIFILE} | ${GREPBINARY} -v '^;')
if [ -z "${FIND}" ]; then if [ -z "${FIND}" ]; then
Display --indent 4 --text "- Checking allow_url_fopen option" --result "${STATUS_ON}" --color YELLOW Display --indent 4 --text "- Checking allow_url_fopen option" --result "${STATUS_ON}" --color YELLOW
LogText "Result: allow_url_fopen option is turned on, which can be used for riskful downloads via PHP" LogText "Result: allow_url_fopen option is turned on, which can be used for downloads via PHP and is a security risk"
ReportSuggestion ${TEST_NO} "Change the allow_url_fopen line to: allow_url_fopen = Off, to disable downloads via PHP" ReportSuggestion ${TEST_NO} "Change the allow_url_fopen line to: allow_url_fopen = Off, to disable downloads via PHP"
AddHP 0 1 AddHP 0 1
else else
@ -318,7 +318,7 @@
FIND=$(${EGREPBINARY} -i 'allow_url_include.*(off|no|0)' ${PHPINIFILE} | ${GREPBINARY} -v '^;') FIND=$(${EGREPBINARY} -i 'allow_url_include.*(off|no|0)' ${PHPINIFILE} | ${GREPBINARY} -v '^;')
if [ -z "${FIND}" ]; then if [ -z "${FIND}" ]; then
Display --indent 4 --text "- Checking allow_url_include option" --result "${STATUS_ON}" --color YELLOW Display --indent 4 --text "- Checking allow_url_include option" --result "${STATUS_ON}" --color YELLOW
Report "Result: allow_url_include option is turned on, which can be used for riskful downloads via PHP" Report "Result: allow_url_include option is turned on, which can be used for downloads via PHP and is a risk"
ReportSuggestion ${TEST_NO} "Change the allow_url_include line to: allow_url_include = Off, to disable downloads via PHP" ReportSuggestion ${TEST_NO} "Change the allow_url_include line to: allow_url_include = Off, to disable downloads via PHP"
AddHP 0 1 AddHP 0 1
else else

2
include/tests_ports_packages
View File

@ -650,7 +650,7 @@
LogText "Result: Cron job is not configured for debsums utility." LogText "Result: Cron job is not configured for debsums utility."
Display --indent 6 --text "- Cron job for debsums" --result "${STATUS_NOT_FOUND}" --color YELLOW Display --indent 6 --text "- Cron job for debsums" --result "${STATUS_NOT_FOUND}" --color YELLOW
AddHP 1 3 AddHP 1 3
ReportSuggestion "${TEST_NO}" "Check debsums configuration and enable checking regurlarly via a cron job." ReportSuggestion "${TEST_NO}" "Check debsums configuration and enable checking regularly via a cron job."
fi fi
else else
LogText "Result: debsums utility is not installed." LogText "Result: debsums utility is not installed."

4
include/tests_shells
View File

@ -109,12 +109,12 @@
LogText "Test: Search for session timeout tools or settings in shell" LogText "Test: Search for session timeout tools or settings in shell"
if IsRunning "timeoutd"; then if IsRunning "timeoutd"; then
IDLE_TIMEOUT=1 IDLE_TIMEOUT=1
LogText "Result: found timeoutd process to kill idle sesions" LogText "Result: found timeoutd process to kill idle sessions"
IDLE_TIMEOUT_METHOD="timeout-daemon" IDLE_TIMEOUT_METHOD="timeout-daemon"
fi fi
if IsRunning "autolog"; then if IsRunning "autolog"; then
IDLE_TIMEOUT=1 IDLE_TIMEOUT=1
LogText "Result: found autolog process to kill idle sesions" LogText "Result: found autolog process to kill idle sessions"
Report="session_timeout_method[]=autolog" Report="session_timeout_method[]=autolog"
IDLE_TIMEOUT_METHOD="autolog" IDLE_TIMEOUT_METHOD="autolog"
fi fi

2
include/tests_squid
View File

@ -222,7 +222,7 @@
################################################################################# #################################################################################
# #
# Test : SQD-3624 # Test : SQD-3624
# Description : Check unsecure ports in Safe_ports list # Description : Check insecure ports in Safe_ports list
if [ ${SQUID_DAEMON_RUNNING} -eq 1 -a ! "${SQUID_DAEMON_CONFIG}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi if [ ${SQUID_DAEMON_RUNNING} -eq 1 -a ! "${SQUID_DAEMON_CONFIG}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
Register --test-no SQD-3624 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check Squid safe ports" Register --test-no SQD-3624 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check Squid safe ports"
if [ ${SKIPTEST} -eq 0 ]; then if [ ${SKIPTEST} -eq 0 ]; then

4
include/tests_time
View File

@ -108,7 +108,7 @@
LogText "Result: ${ROOTDIR}etc/systemd/timesyncd.conf does not exist" LogText "Result: ${ROOTDIR}etc/systemd/timesyncd.conf does not exist"
fi fi
else else
LogText "Result: time sychronization not performed according timedatectl command" LogText "Result: time synchronization not performed according timedatectl command"
fi fi
else else
LogText "Result: timedatectl command not available on this system" LogText "Result: timedatectl command not available on this system"
@ -223,7 +223,7 @@
FIND=$(${TIMEDATECTL} status | ${EGREPBINARY} "(NTP|System clock) synchronized: yes") FIND=$(${TIMEDATECTL} status | ${EGREPBINARY} "(NTP|System clock) synchronized: yes")
if [ -z "${FIND}" ]; then if [ -z "${FIND}" ]; then
LogText "Result: time not synchronized via NTP" LogText "Result: time not synchronized via NTP"
ReportSuggestion "${TEST_NO}" "Check timedatectl output. Sychronization via NTP is enabled, but status reflects it is not synchronized" ReportSuggestion "${TEST_NO}" "Check timedatectl output. Synchronization via NTP is enabled, but status reflects it is not synchronized"
fi fi
fi fi
# #

1
include/tests_virtualization
View File

@ -30,7 +30,6 @@
# # Description : Checking VMware # # Description : Checking VMware
# Register --test-no VIRT-1920 --weight L --network NO --category security --description "Checking VMware guest status" # Register --test-no VIRT-1920 --weight L --network NO --category security --description "Checking VMware guest status"
# if [ ${SKIPTEST} -eq 0 ]; then # if [ ${SKIPTEST} -eq 0 ]; then
# # Initialise
# VMWARE_GUEST=0 # VMWARE_GUEST=0
# Display --indent 2 --text "- Checking VMware guest status" # Display --indent 2 --text "- Checking VMware guest status"
# # check memory driver file # # check memory driver file