tyler.durden/lynis
1
0
Fork 0
mirror of https://github.com/CISOfy/lynis.git synced 2025-07-26 23:34:25 +02:00
Code Issues Packages Projects Releases Wiki Activity

Added CRYP-8002

Browse Source
This commit is contained in:
Michael Boelen 2019-08-29 10:39:43 +02:00
parent 4932ab8351
commit a87c2b10f9
No known key found for this signature in database
GPG Key ID: 26141F77A09D7F04
3 changed files with 25 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
CHANGELOG.md
View File

@ -69,6 +69,7 @@ Using the relevant options, the scan will change base on the intended goal.
- AUTH-9266 - skip .pam-old files in /etc/pam.d - AUTH-9266 - skip .pam-old files in /etc/pam.d
- AUTH-9408 - added support for pam_tally2 to log failed logins - AUTH-9408 - added support for pam_tally2 to log failed logins
- CONT-8106 - support newer 'docker info' output - CONT-8106 - support newer 'docker info' output
- CRYP-8002 - gather kernel entropy on Linux systems
- FILE-7524 - optimized file permissions testing - FILE-7524 - optimized file permissions testing
- FINT-4328 - corrected text in log - FINT-4328 - corrected text in log
- FINT-4334 - improved process detection for lfd - FINT-4334 - improved process detection for lfd

1
db/tests.db
View File

@ -85,6 +85,7 @@ CONT-8108:test:security:containers::Check file permissions for Docker files:
CORE-1000:test:performance:system_integrity::Check all system binaries: CORE-1000:test:performance:system_integrity::Check all system binaries:
CRYP-7902:test:security:crypto::Check expire date of SSL certificates: CRYP-7902:test:security:crypto::Check expire date of SSL certificates:
CRYP-7930:test:security:crypto:Linux:Determine if system uses LUKS encryption: CRYP-7930:test:security:crypto:Linux:Determine if system uses LUKS encryption:
CRYP-8002:test:security:crypto:Linux:Gather kernel entropy:
DNS-1600:test:security:dns::Validating that the DNSSEC signatures are checked: DNS-1600:test:security:dns::Validating that the DNSSEC signatures are checked:
DBS-1804:test:security:databases::Checking active MySQL process: DBS-1804:test:security:databases::Checking active MySQL process:
DBS-1816:test:security:databases::Checking MySQL root password: DBS-1816:test:security:databases::Checking MySQL root password:

23
include/tests_crypto
View File

@ -149,6 +149,7 @@
fi fi
done done
unset BLOCK_DEV unset BLOCK_DEV
# This will enable us to do a test for forensics or when crypsetup/lsblk are not available # This will enable us to do a test for forensics or when crypsetup/lsblk are not available
elif [ -f ${CRYPTTABFILE} ]; then elif [ -f ${CRYPTTABFILE} ]; then
LogText "Result: crypttab (${CRYPTTABFILE}) exists" LogText "Result: crypttab (${CRYPTTABFILE}) exists"
@ -172,6 +173,28 @@
fi fi
# #
################################################################################# #################################################################################
#
# Test : CRYP-8002
# Description : Gather available kernel entropy
Register --test-no CRYP-8002 --os Linux --weight L --network NO --root-only NO --category security --description "Gather available kernel entropy"
if [ ${SKIPTEST} -eq 0 ]; then
if [ -f ${ROOTDIR}proc/sys/kernel/random/entropy_avail ]; then
DATA=$(${AWKBINARY} '$1 ~ /^[0-9]+$/ {print $1}' ${ROOTDIR}proc/sys/kernel/random/entropy_avail)
if [ -n "${DATA}" ]; then
LogText "Result: found kernel entropy value of ${DATA}"
Report "kernel_entropy=${DATA}"
if [ ${DATA} -gt 200 ]; then
Display --indent 2 --text "- Kernel entropy is sufficient" --result "${STATUS_YES}" --color GREEN
else
Display --indent 2 --text "- Kernel entropy is sufficient" --result "${STATUS_NO}" --color YELLOW
# TODO - enable suggestion when information on website is available
fi
fi
fi
fi
#
#################################################################################
#
WaitForKeyPress WaitForKeyPress