tyler.durden/lynis
1
0
Fork 0
mirror of https://github.com/CISOfy/lynis.git synced 2025-07-20 12:24:41 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #1029 from silentcreek/add-suricata-ids-ips-test

Browse Source 
Add test for Suricata IDS/IPS
This commit is contained in:
Michael Boelen 2020-10-25 12:50:45 +01:00 committed by GitHub
commit cee7d49a42
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 29 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
CHANGELOG.md
View File

@ -4,6 +4,7 @@
### Added ### Added
- AUTH-9284 - Scan for locked user accounts in /etc/passwd - AUTH-9284 - Scan for locked user accounts in /etc/passwd
- TOOL-5130 - Check for active Suricata daemon
- Detection of Flatcar, Mageia, ROSA Linux, SLES (extended), Void Linux, Zorin OS - Detection of Flatcar, Mageia, ROSA Linux, SLES (extended), Void Linux, Zorin OS
- Alpine, macOS and Mageia EOL dates - Alpine, macOS and Mageia EOL dates

1
db/tests.db
View File

@ -426,6 +426,7 @@ TOOL-5102:test:security:tooling::Check for presence of Fail2ban:
TOOL-5104:test:security:tooling::Enabled tests for Fail2ban: TOOL-5104:test:security:tooling::Enabled tests for Fail2ban:
TOOL-5120:test:security:tooling::Presence of Snort IDS: TOOL-5120:test:security:tooling::Presence of Snort IDS:
TOOL-5122:test:security:tooling::Snort IDS configuration file: TOOL-5122:test:security:tooling::Snort IDS configuration file:
TOOL-5130:test:security:tooling::Check for active Suricata daemon:
TOOL-5160:test:security:tooling::Check for active OSSEC daemon: TOOL-5160:test:security:tooling::Check for active OSSEC daemon:
TOOL-5190:test:security:tooling::Check presence of available IDS/IPS tooling: TOOL-5190:test:security:tooling::Check presence of available IDS/IPS tooling:
USB-1000:test:security:storage:Linux:Check if USB storage is disabled: USB-1000:test:security:storage:Linux:Check if USB storage is disabled:

27
include/tests_tooling
View File

@ -372,6 +372,33 @@
fi fi
# #
################################################################################# #################################################################################
#
# Test : TOOL-5130
# Description : Check for Suricata
Register --test-no TOOL-5130 --weight L --network NO --category security --description "Check for active Suricata daemon"
if [ ${SKIPTEST} -eq 0 ]; then
# Suricata presence
if [ -n "${SURICATABINARY}" ]; then
Report "ids_ips_tooling[]=suricata"
LogText "Result: Suricata is installed (${SURICATABINARY})"
# Suricata status
# Suricata sets its process name to Suricata-Main on Linux, but this might differ on other platforms,
# so fall back to checking the full commandline instead if the first test fails
if IsRunning "Suricata-Main" || IsRunning --full "${SURICATABINARY} "; then
# Only satisfy test TOOL-5190 if Suricata is actually running
IDS_IPS_TOOL_FOUND=1
LogText "Result: Suricata daemon is active"
Display --indent 2 --text "- Checking Suricata status" --result "${STATUS_RUNNING}" --color GREEN
else
LogText "Result: Suricata daemon not active"
Display --indent 2 --text "- Checking Suricata status" --result "${STATUS_NOT_RUNNING}" --color YELLOW
fi
else
LogText "Result: Suricata not installed (suricata not found)"
fi
fi
#
#################################################################################
# #
# Test : TOOL-5160 # Test : TOOL-5160
# Description : Check for OSSEC # Description : Check for OSSEC