From e124499e27d48b85ca5fc2734247c47b94ee8ba5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Thomas=20Sj=C3=B6gren?= Date: Wed, 4 May 2022 10:51:35 +0200 Subject: [PATCH 01/68] Only test Compression if sshd version < 7.4 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Thomas Sjögren --- include/tests_ssh | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/include/tests_ssh b/include/tests_ssh index de3209ee..fb784d83 100644 --- a/include/tests_ssh +++ b/include/tests_ssh @@ -135,7 +135,6 @@ SSHOPS="AllowTcpForwarding:NO,LOCAL,YES:=\ ClientAliveCountMax:2,4,16:<\ ClientAliveInterval:300,600,900:<\ - Compression:NO,,YES:=\ FingerprintHash:SHA256,MD5,:=\ GatewayPorts:NO,,YES:=\ IgnoreRhosts:YES,,NO:=\ @@ -158,12 +157,12 @@ # OpenSSH had some options removed over time. Based on the version we add some additional options to check if [ ${OPENSSHD_VERSION_MAJOR} -lt 7 ]; then LogText "Result: added additional options for OpenSSH 6.x and lower" - SSHOPS="${SSHOPS} UsePrivilegeSeparation:SANDBOX,YES,NO:= Protocol:2,,1:=" + SSHOPS="${SSHOPS} Compression:(DELAYED|NO),,YES:= UsePrivilegeSeparation:SANDBOX,YES,NO:= Protocol:2,,1:=" elif [ ${OPENSSHD_VERSION_MAJOR} -eq 7 ]; then # Protocol 1 support removed (OpenSSH 7.4 and later) if [ ${OPENSSHD_VERSION_MINOR} -lt 4 ]; then LogText "Result: added additional options for OpenSSH < 7.4" - SSHOPS="${SSHOPS} Protocol:2,,1:=" + SSHOPS="${SSHOPS} Compression:(DELAYED|NO),,YES:= Protocol:2,,1:=" fi # UsePrivilegedSeparation removed (OpenSSH 7.5 and later) if [ ${OPENSSHD_VERSION_MINOR} -lt 5 ]; then From 975712a6164fcd9fe57202c9705eeadfb7c6b7f8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Thomas=20Sj=C3=B6gren?= Date: Sun, 15 May 2022 23:58:43 +0200 Subject: [PATCH 02/68] add plocate MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Thomas Sjögren --- include/tests_filesystems | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/tests_filesystems b/include/tests_filesystems index 480ba40a..ab6191aa 100644 --- a/include/tests_filesystems +++ b/include/tests_filesystems @@ -744,7 +744,7 @@ if [ ${SKIPTEST} -eq 0 ]; then LogText "Test: Checking locate database" FOUND=0 - LOCATE_DBS="${ROOTDIR}var/lib/mlocate/mlocate.db ${ROOTDIR}var/lib/locate/locatedb ${ROOTDIR}var/lib/locatedb ${ROOTDIR}var/lib/slocate/slocate.db ${ROOTDIR}var/cache/locate/locatedb ${ROOTDIR}var/db/locate.database" + LOCATE_DBS="${ROOTDIR}var/cache/locate/locatedb ${ROOTDIR}var/db/locate.database ${ROOTDIR}var/lib/locate/locatedb ${ROOTDIR}var/lib/locatedb ${ROOTDIR}var/lib/mlocate/mlocate.db ${ROOTDIR}var/lib/plocate/plocate.db ${ROOTDIR}var/lib/slocate/slocate.db" for FILE in ${LOCATE_DBS}; do if [ -f ${FILE} ]; then LogText "Result: locate database found (${FILE})" From a19f532ddf0bd5b6cdd30ff518bfc98e3aea5e93 Mon Sep 17 00:00:00 2001 From: Nick Anderson Date: Wed, 17 Aug 2022 14:03:21 -0500 Subject: [PATCH 03/68] Fixed typo in Group for FINT-4316 Closes #1323 --- db/tests.db | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/db/tests.db b/db/tests.db index fe16ef9c..e4dc8fbd 100644 --- a/db/tests.db +++ b/db/tests.db @@ -136,7 +136,7 @@ FILE-7524:test:security:file_permissions::Perform file permissions check: FINT-4310:test:security:file_integrity::AFICK availability: FINT-4314:test:security:file_integrity::AIDE availability: FINT-4315:test:security:file_integrity::Check AIDE configuration file: -FINT-4316:test:security:file_integirty::Presence of AIDE database and size check: +FINT-4316:test:security:file_integrity::Presence of AIDE database and size check: FINT-4318:test:security:file_integrity::Osiris availability: FINT-4322:test:security:file_integrity::Samhain availability: FINT-4326:test:security:file_integrity::Tripwire availability: From 622f53247da81d64e8b5170baf0f6cb4e785353f Mon Sep 17 00:00:00 2001 From: Michael Boelen Date: Wed, 24 Aug 2022 11:42:22 +0000 Subject: [PATCH 04/68] [DBS-1820] added newer style format for Mongo authorization setting --- include/tests_databases | 25 +++++++++++++++++++------ 1 file changed, 19 insertions(+), 6 deletions(-) diff --git a/include/tests_databases b/include/tests_databases index f5bc22ae..e973d23f 100644 --- a/include/tests_databases +++ b/include/tests_databases @@ -127,12 +127,25 @@ for FILE in ${MONGO_CONF_FILES}; do if [ -f ${FILE} ]; then LogText "Result: found MongoDB configuration file (${FILE})" - LogText "Test: determine authorization setting in new style YAML format" - AUTH_IN_CONFIG=$(${GREPBINARY} "authorization: enabled" ${FILE} | ${GREPBINARY} -E -v "(^#|#auth)") - if HasData "${AUTH_IN_CONFIG}"; then - LogText "Result: GOOD, found authorization option enabled in configuration file (YAML format)" - MONGODB_AUTHORIZATION_ENABLED=1 - else + # YAML with quotes + if [ ${MONGODB_AUTHORIZATION_ENABLED} -eq 0 ]; then + LogText "Test: determine authorization setting in new style YAML format" + AUTH_IN_CONFIG=$(${GREPBINARY} "authorization: \"enabled\"" ${FILE} | ${GREPBINARY} -E -v "(^#|#auth)") + if HasData "${AUTH_IN_CONFIG}"; then + LogText "Result: GOOD, found authorization option enabled in configuration file (YAML format with quotes)" + MONGODB_AUTHORIZATION_ENABLED=1 + fi + fi + # YAML without quotes + if [ ${MONGODB_AUTHORIZATION_ENABLED} -eq 0 ]; then + AUTH_IN_CONFIG=$(${GREPBINARY} "authorization: enabled" ${FILE} | ${GREPBINARY} -E -v "(^#|#auth)") + if HasData "${AUTH_IN_CONFIG}"; then + LogText "Result: GOOD, found authorization option enabled in configuration file (YAML format without quotes)" + MONGODB_AUTHORIZATION_ENABLED=1 + fi + fi + # Old style + if [ ${MONGODB_AUTHORIZATION_ENABLED} -eq 0 ]; then LogText "Result: did NOT find authorization option enabled in configuration file (with YAML format)" LogText "Test: now searching for old style configuration (auth = true) in configuration file" AUTH_IN_CONFIG=$(${GREPBINARY} "auth = true" ${FILE} | ${GREPBINARY} -v "noauth" | ${GREPBINARY} -E -v "(^#|#auth)") From b53d6a80d706d29aaf7a03a31138b024230c49df Mon Sep 17 00:00:00 2001 From: Michael Boelen Date: Wed, 24 Aug 2022 11:43:37 +0000 Subject: [PATCH 05/68] Updated log --- CHANGELOG.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 8e63943e..ad1cbeb8 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,12 @@ # Lynis Changelog +## Lynis 3.0.9 (not released yet) + +### Changed +- DBS-1820 - added newer style format for Mongo authorization setting + +--------------------------------------------------------------------------------- + ## Lynis 3.0.8 (2022-05-17) ### Added From 73d43c25eb290e8879a590c8534202bcd400caeb Mon Sep 17 00:00:00 2001 From: Michael Boelen Date: Sat, 17 Sep 2022 14:49:26 +0000 Subject: [PATCH 06/68] Moved section to discover current timestamp related to issue #1329 --- include/osdetection | 43 ++++++++++++++++++++++++++++++------------- lynis | 10 +--------- 2 files changed, 31 insertions(+), 22 deletions(-) diff --git a/include/osdetection b/include/osdetection index d9b8a41c..989b1b38 100644 --- a/include/osdetection +++ b/include/osdetection @@ -777,10 +777,26 @@ ECHONB="" case ${OS} in - "AIX") ECHOCMD="echo"; ECHONB="printf" ;; - "DragonFly"|"FreeBSD"|"NetBSD") ECHOCMD="echo -e"; ECHONB="echo -n" ;; - "macOS" | "Mac OS X") ECHOCMD="echo"; ECHONB="/bin/echo -n" ;; - "Solaris") ECHOCMD="echo" ; test -f /usr/ucb/echo && ECHONB="/usr/ucb/echo -n" ;; + "AIX") + ECHOCMD="echo"; + ECHONB="printf" + ;; + "DragonFly"|"FreeBSD"|"NetBSD") + ECHOCMD="echo -e" + ECHONB="echo -n" + NOW=$(date "+%s") + ;; + "macOS" | "Mac OS X") + ECHOCMD="echo" + ECHONB="/bin/echo -n" + NOW=$(date "+%s") + ;; + + "Solaris") + ECHOCMD="echo" + test -f /usr/ucb/echo && ECHONB="/usr/ucb/echo -n" + NOW=$(nawk 'BEGIN{print srand()}') + ;; "Linux") # Check if dash is used (Debian/Ubuntu) DEFAULT_SHELL=$(ls -l /bin/sh | awk -F'>' '{print $2}') @@ -788,10 +804,14 @@ " dash") ECHOCMD="/bin/echo -e" ;; *) ECHOCMD="echo -e" ;; esac + NOW=$(date "+%s") + ;; + *) + ECHOCMD="echo -e" + NOW=$(date "+%s") ;; - *) ECHOCMD="echo -e" ;; esac - + # Check if we have full featured commands, or are using BusyBox as a shell if [ -x /bin/busybox ]; then if [ -L /bin/ps ]; then @@ -820,13 +840,10 @@ if [ -n "${EOL_TIMESTAMP}" ]; then EOL_DATE=$(awk -v value="${FIND}" -F: '{if ($1=="os" && value ~ $2){print $3}}' ${DBDIR}/software-eol.db | head -n 1) if [ -n "${EOL_DATE}" ]; then - NOW=$(date "+%s") - if [ -n "${NOW}" ]; then - if [ ${NOW} -gt ${EOL_TIMESTAMP} ]; then - EOL=1 - else - EOL=0 - fi + if [ ${NOW} -gt ${EOL_TIMESTAMP} ]; then + EOL=1 + else + EOL=0 fi else EOL=0 diff --git a/lynis b/lynis index cf7d6bc6..ab8c479e 100755 --- a/lynis +++ b/lynis @@ -514,7 +514,7 @@ ${NORMAL} . ${INCLUDEDIR}/osdetection Display --indent 2 --text "- Detecting OS... " --result "${STATUS_DONE}" --color GREEN - # Check hostname + # Check hostname and get timestamp case ${OS} in HP-UX) HOSTNAME=$(hostname) ;; @@ -531,7 +531,6 @@ ${NORMAL} if [ "${OS}" = "Linux" -a "${HOSTNAME}" = "${FQDN}" ]; then FQDN=$(hostname -f 2> /dev/null) fi - # ################################################################################# # @@ -789,13 +788,6 @@ ${NORMAL} fi fi - # Test for older releases, without testing via update mechanism - if [ "${OS}" = "Solaris" ]; then - NOW=$(nawk 'BEGIN{print srand()}') - else - NOW=$(date "+%s") - fi - OLD_RELEASE=0 TIME_DIFFERENCE_CHECK=10368000 # 4 months RELEASE_PLUS_TIMEDIFF=$((PROGRAM_RELEASE_TIMESTAMP + TIME_DIFFERENCE_CHECK)) From 2c27a8fdce2ec5142d9472345d4545385b658202 Mon Sep 17 00:00:00 2001 From: Massacre Networks <81653728+MassacreNetworks@users.noreply.github.com> Date: Sat, 24 Sep 2022 19:11:40 +0300 Subject: [PATCH 07/68] expected variable $NOW --- lynis | 1 + 1 file changed, 1 insertion(+) diff --git a/lynis b/lynis index ab8c479e..3f6d3b84 100755 --- a/lynis +++ b/lynis @@ -791,6 +791,7 @@ ${NORMAL} OLD_RELEASE=0 TIME_DIFFERENCE_CHECK=10368000 # 4 months RELEASE_PLUS_TIMEDIFF=$((PROGRAM_RELEASE_TIMESTAMP + TIME_DIFFERENCE_CHECK)) + NOW=$(date "+%s") if [ ${NOW} -gt ${RELEASE_PLUS_TIMEDIFF} ]; then # Show if release is old, only if we didn't show it with normal update check if [ ${UPDATE_AVAILABLE} -eq 0 ]; then From 98ac5a562ad6f347bcde307d56466b2668251908 Mon Sep 17 00:00:00 2001 From: HansHoogerwerf Date: Mon, 17 Oct 2022 15:46:40 +0200 Subject: [PATCH 08/68] Verify the linux OS supports nanoseconds Add extra check to verify the linux OS supports nanoseconds. This might not be the case with certain busybox implementations. --- include/functions | 20 +++++++++++--------- 1 file changed, 11 insertions(+), 9 deletions(-) diff --git a/include/functions b/include/functions index 5b211707..db4c7ef8 100644 --- a/include/functions +++ b/include/functions @@ -2562,15 +2562,17 @@ GetTimestamp() { ts=0 - case "${OS}" in - "Linux") - ts=$(date "+%s%N") - ;; - *) - ts=$(date "+%s") - ;; - esac - echo $ts + # Detect if the implementation of date supports nanoseconds, + if [ "${OS}" = "Linux" ]; then + current_nanoseconds=$(date "+%N") + # Verify if the result of the command is a number + if [ -n "$current_nanoseconds" ] && [ "$current_nanoseconds" -eq "$current_nanoseconds" ] 2>/dev/null; then + ts=$(date "+%s%N") + else + ts=$(date "+%s") + fi + fi + echo $ts } Register() { From ff26dca83a0f788ac7853b73e9d42cec49846aa7 Mon Sep 17 00:00:00 2001 From: HansHoogerwerf Date: Mon, 17 Oct 2022 16:24:59 +0200 Subject: [PATCH 09/68] Fix simple mistake --- include/functions | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) diff --git a/include/functions b/include/functions index db4c7ef8..5ae9b978 100644 --- a/include/functions +++ b/include/functions @@ -2562,17 +2562,19 @@ GetTimestamp() { ts=0 - # Detect if the implementation of date supports nanoseconds, - if [ "${OS}" = "Linux" ]; then - current_nanoseconds=$(date "+%N") - # Verify if the result of the command is a number + # Detect if the implementation of date supports nanoseconds, + if [ "${OS}" = "Linux" ]; then + current_nanoseconds=$(date "+%N") + # Verify if the result of the command is a number if [ -n "$current_nanoseconds" ] && [ "$current_nanoseconds" -eq "$current_nanoseconds" ] 2>/dev/null; then ts=$(date "+%s%N") else - ts=$(date "+%s") - fi + ts=$(date "+%s") + fi + else + ts=$(date "+%s") fi - echo $ts + echo $ts } Register() { From bbe135d56f13f3c05a4a328c504639c6568de8b2 Mon Sep 17 00:00:00 2001 From: HansHoogerwerf Date: Mon, 17 Oct 2022 16:27:21 +0200 Subject: [PATCH 10/68] Fix space --- include/functions | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/functions b/include/functions index 5ae9b978..38cc46b3 100644 --- a/include/functions +++ b/include/functions @@ -2567,7 +2567,7 @@ current_nanoseconds=$(date "+%N") # Verify if the result of the command is a number if [ -n "$current_nanoseconds" ] && [ "$current_nanoseconds" -eq "$current_nanoseconds" ] 2>/dev/null; then - ts=$(date "+%s%N") + ts=$(date "+%s%N") else ts=$(date "+%s") fi From 59a3c4b5368cdbd96ba7cdddf0dce5410b30163c Mon Sep 17 00:00:00 2001 From: Michael Boelen Date: Mon, 24 Oct 2022 16:22:27 +0200 Subject: [PATCH 11/68] Updated log --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index ad1cbeb8..bd37121c 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,7 @@ ### Changed - DBS-1820 - added newer style format for Mongo authorization setting +- Extra check to verify if nanoseconds are supported by the date command --------------------------------------------------------------------------------- From e618acaf965a3778b5ee9121a3c27f1d65e730ec Mon Sep 17 00:00:00 2001 From: noci2012 Date: Sun, 8 Jan 2023 00:40:36 +0100 Subject: [PATCH 12/68] Update some EOL date --- db/software-eol.db | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/db/software-eol.db b/db/software-eol.db index f8242d35..c01890a5 100644 --- a/db/software-eol.db +++ b/db/software-eol.db @@ -40,7 +40,7 @@ os:Arch Linux::-1: os:CentOS release 5:2017-03-31:1490911200: os:CentOS release 6:2020-11-30:1606690800: os:CentOS Linux 7:2024-06-30:1719698400: -os:CentOS Linux 8:2029-05-31:1874872800: +os:CentOS Linux 8:2021-12-31:1640905200: # # Debian - https://wiki.debian.org/DebianReleases#Production_Releases # @@ -48,8 +48,9 @@ os:Debian 5.0:2012-02-06:1328482800: os:Debian 6.0:2016-02-29:1456700400: os:Debian 7:2018-05-31:1527717600: os:Debian 8:2020-06-30:1593468000: -os:Debian 9:2022-01-01:1640991600: -os:Debian 10:2022-01-01:1640991600: +os:Debian 9:2022-07-01:1656626400: +os:Debian 10:2022-09-10:1665266400: +os:Debian 11:2024-07-01:1719784800: # # Fedora - https://fedoraproject.org/wiki/End_of_life # @@ -134,6 +135,7 @@ os:Mageia 4:2015-09-19:1442613600 os:Mageia 5:2017-12-31:1514674800 os:Mageia 6:2019-09-30:1569794400 os:Mageia 7:2020-12-30:1609282800 +os:Mageia 8::-1 # # NetBSD - https://www.netbsd.org/support/security/release.html and # https://www.netbsd.org/releases/formal.html @@ -195,7 +197,12 @@ os:OpenBSD 6.3:2019-05-03:1556841600: os:OpenBSD 6.4:2019-10-17:1571270400: os:OpenBSD 6.5:2020-05-19:1589846400: os:OpenBSD 6.6:2020-10-01:1601510400: -os:OpenBSD 6.7:2021-05-01:1619827200: +os:Open166569840021-05-01:1619827200: +os:OpenBSD 6.8:2021-10-14:1665698400: +os:OpenBSD 6.9:2022-04-21:1650492000: +os:OpenBSD 7.0:2022-10-20:1666216800: +os:OpenBSD 7.1:2023-05-01:1682892000: +os:OpenBSD 7.2::-1 # # Red Hat Enterprise Linux - https://access.redhat.com/labs/plcc/ # From b64f7c8f53860514ec7e3716b0fb9231cf85ac25 Mon Sep 17 00:00:00 2001 From: noci2012 Date: Sun, 8 Jan 2023 00:41:56 +0100 Subject: [PATCH 13/68] Typo in previous paste --- db/software-eol.db | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/db/software-eol.db b/db/software-eol.db index c01890a5..fc565be3 100644 --- a/db/software-eol.db +++ b/db/software-eol.db @@ -197,7 +197,7 @@ os:OpenBSD 6.3:2019-05-03:1556841600: os:OpenBSD 6.4:2019-10-17:1571270400: os:OpenBSD 6.5:2020-05-19:1589846400: os:OpenBSD 6.6:2020-10-01:1601510400: -os:Open166569840021-05-01:1619827200: +os:OpenBSD 6.7:2021-05-01:1619827200: os:OpenBSD 6.8:2021-10-14:1665698400: os:OpenBSD 6.9:2022-04-21:1650492000: os:OpenBSD 7.0:2022-10-20:1666216800: From ef3a8338a07febf0a56421d8536c18917ef0b1f5 Mon Sep 17 00:00:00 2001 From: al-lac Date: Fri, 27 Jan 2023 15:12:17 +0100 Subject: [PATCH 14/68] osdetection: add macOS Ventura --- include/osdetection | 1 + 1 file changed, 1 insertion(+) diff --git a/include/osdetection b/include/osdetection index 989b1b38..bed25033 100644 --- a/include/osdetection +++ b/include/osdetection @@ -64,6 +64,7 @@ 10.15 | 10.15.[0-9]*) OS_FULLNAME="macOS Catalina (${OS_VERSION})" ;; 11 | 11.[0-9]*) OS_FULLNAME="macOS Big Sur (${OS_VERSION})" ;; 12 | 12.[0-9]*) OS_FULLNAME="macOS Monterey (${OS_VERSION})" ;; + 13 | 13.[0-9]*) OS_FULLNAME="macOS Ventura (${OS_VERSION})" ;; *) echo "Unknown macOS version. Do you know what version it is? Create an issue at ${PROGRAM_SOURCE}" ;; esac else From 6f1797fb59c23ad4f545ca5ef458ff56199d8152 Mon Sep 17 00:00:00 2001 From: xnoguer Date: Sun, 23 Apr 2023 17:38:21 -0400 Subject: [PATCH 15/68] Using grep -E --- include/binaries | 2 -- include/functions | 9 +++++++-- include/tests_authentication | 32 ++++++++++++++++---------------- include/tests_boot_services | 14 +++++++------- include/tests_containers | 2 +- include/tests_crypto | 4 ++-- include/tests_databases | 4 ++-- include/tests_file_integrity | 8 ++++---- include/tests_file_permissions | 2 +- include/tests_filesystems | 14 +++++++------- include/tests_firewalls | 6 +++--- include/tests_homedirs | 4 ++-- include/tests_insecure_services | 2 +- include/tests_kernel | 18 +++++++++--------- include/tests_logging | 24 ++++++++++++------------ include/tests_mail_messaging | 10 +++++----- include/tests_nameservices | 8 ++++---- include/tests_networking | 2 +- include/tests_php | 18 +++++++++--------- include/tests_ports_packages | 8 ++++---- include/tests_printers_spoolers | 6 +++--- include/tests_scheduling | 16 ++++++++-------- include/tests_shells | 2 +- include/tests_squid | 2 +- include/tests_ssh | 4 ++-- include/tests_storage | 8 ++++---- include/tests_time | 18 +++++++++--------- include/tests_tooling | 4 ++-- include/tests_usb | 12 ++++++------ include/tests_webservers | 6 +++--- 30 files changed, 136 insertions(+), 133 deletions(-) diff --git a/include/binaries b/include/binaries index 7aabba42..c8fdc1e2 100644 --- a/include/binaries +++ b/include/binaries @@ -169,7 +169,6 @@ domainname) DOMAINNAMEBINARY="${BINARY}"; LogText " Found known binary: domainname (NIS domain) - ${BINARY}" ;; dpkg) DPKGBINARY="${BINARY}"; LogText " Found known binary: dpkg (package management) - ${BINARY}" ;; xbps-query) XBPSBINARY="${BINARY}"; LogText " Found known binary: xbps (package management) - ${BINARY}" ;; - egrep) EGREPBINARY=${BINARY}; LogText " Found known binary: egrep (text search) - ${BINARY}" ;; equery) EQUERYBINARY="${BINARY}"; LogText " Found known binary: query (package manager) - ${BINARY}" ;; evmctl) EVMCTLBINARY=${BINARY}; LogText " Found known binary: evmctl (IMA/EVM tool) - ${BINARY}" ;; exim) EXIMBINARY="${BINARY}"; EXIMVERSION=$(${BINARY} -bV | grep 'Exim version' | awk '{ print $3 }' | xargs); LogText " Found known binary ${BINARY} (version ${EXIMVERSION})" ;; @@ -341,7 +340,6 @@ [ "${AWKBINARY:-}" ] || ExitFatal "awk binary not found" [ "${CAT_BINARY:-}" ] || ExitFatal "cat binary not found" [ "${CUTBINARY:-}" ] || ExitFatal "cut binary not found" - [ "${EGREPBINARY:-}" ] || ExitFatal "egrep binary not found" [ "${FINDBINARY:-}" ] || ExitFatal "find binary not found" [ "${GREPBINARY:-}" ] || ExitFatal "grep binary not found" [ "${HEADBINARY:-}" ] || ExitFatal "head binary not found" diff --git a/include/functions b/include/functions index 38cc46b3..841586be 100644 --- a/include/functions +++ b/include/functions @@ -1315,7 +1315,7 @@ return 2 else for CHECK_PERMISSION in ${CHECKPERMISSION_FULL}; do - DATA=$(echo ${CHECK_PERMISSION} | ${EGREPBINARY} "[rwx]") + DATA=$(echo ${CHECK_PERMISSION} | ${GREPBINARY} -E "[rwx]") if [ $? -eq 0 ]; then # add a dummy character as first character so it looks like output is a normal file CHECK_PERMISSION=$(echo "-${CHECK_PERMISSION}" | ${AWKBINARY} '{k=0;for(i=0;i<=8;i++)k+=((substr($1,i+2,1)~/[rwx]/)*2^(8-i));if(k)printf("%0o",k)}') @@ -1608,7 +1608,7 @@ # This search is not foolproof LogText "Performing simple ps scan (busybox)" PSOPTIONS=" -o args=" - FIND=$(${PSBINARY:-ps} ${PSOPTIONS} | ${EGREPBINARY:-egrep} "( |/)${search}" | ${GREPBINARY:-grep} -v "grep") + FIND=$(${PSBINARY:-ps} ${PSOPTIONS} | ${GREPBINARY:-grep} -E "( |/)${search}" | ${GREPBINARY:-grep} -v "grep") else if [ -n "${users}" ]; then for u in ${users}; do @@ -3103,6 +3103,11 @@ unsafe=1 LogText "Security alert: file is not owned by active user, but can write to it" fi + # File is not owned by active user, and not readable by him + if [ ! -O "${FILE}" -a ! -r "${FILE}" ]; then + unsafe=1 + LogText "Security alert: file is not readable by active user" + fi fi # Check file permissions diff --git a/include/tests_authentication b/include/tests_authentication index 0552d646..3ec54d64 100644 --- a/include/tests_authentication +++ b/include/tests_authentication @@ -42,9 +42,9 @@ LogText "Test: Searching accounts with UID 0" # Check if device is a QNAP, as the root user is called admin, and not root if [ ${QNAP_DEVICE} -eq 1 ]; then - FIND=$(${GREPBINARY} ':0:' ${ROOTDIR}etc/passwd | ${EGREPBINARY} -v '^#|^admin:|^(\+:\*)?:0:0:::' | ${CUTBINARY} -d ":" -f1,3 | ${GREPBINARY} ':0') + FIND=$(${GREPBINARY} ':0:' ${ROOTDIR}etc/passwd | ${GREPBINARY} -E -v '^#|^admin:|^(\+:\*)?:0:0:::' | ${CUTBINARY} -d ":" -f1,3 | ${GREPBINARY} ':0') else - FIND=$(${GREPBINARY} ':0:' ${ROOTDIR}etc/passwd | ${EGREPBINARY} -v '^#|^root:|^(\+:\*)?:0:0:::' | ${CUTBINARY} -d ":" -f1,3 | ${GREPBINARY} ':0') + FIND=$(${GREPBINARY} ':0:' ${ROOTDIR}etc/passwd | ${GREPBINARY} -E -v '^#|^root:|^(\+:\*)?:0:0:::' | ${CUTBINARY} -d ":" -f1,3 | ${GREPBINARY} ':0') fi if [ -n "${FIND}" ]; then Display --indent 2 --text "- Administrator accounts" --result "${STATUS_WARNING}" --color RED @@ -163,7 +163,7 @@ LogText "Test: Checking login shells" if [ -f ${ROOTDIR}etc/master.passwd ]; then # Check for all shells, except: (/usr)/sbin/nologin /nonexistent - FIND=$(${GREPBINARY} "[a-z]:\*:" ${ROOTDIR}etc/master.passwd | ${EGREPBINARY} -v '^#|/sbin/nologin|/usr/sbin/nologin|/nonexistent' | ${SEDBINARY} 's/ /!space!/g') + FIND=$(${GREPBINARY} "[a-z]:\*:" ${ROOTDIR}etc/master.passwd | ${GREPBINARY} -E -v '^#|/sbin/nologin|/usr/sbin/nologin|/nonexistent' | ${SEDBINARY} 's/ /!space!/g') if [ -z "${FIND}" ]; then Display --indent 2 --text "- Login shells" --result "${STATUS_OK}" --color GREEN else @@ -499,13 +499,13 @@ Register --test-no AUTH-9240 --weight L --network NO --category security --description "Query NIS+ authentication support" if [ ${SKIPTEST} -eq 0 ]; then if [ -f /etc/nsswitch.conf ]; then - FIND=$(${EGREPBINARY} "^passwd" /etc/nsswitch.conf | ${EGREPBINARY} "compat|nisplus") + FIND=$(${GREPBINARY} -E "^passwd" /etc/nsswitch.conf | ${GREPBINARY} -E "compat|nisplus") if [ -z "${FIND}" ]; then LogText "Result: NIS+ authentication not enabled" Display --indent 2 --text "- NIS+ authentication support" --result "${STATUS_NOT_ENABLED}" --color WHITE else - FIND2=$(${EGREPBINARY} "^passwd_compat" ${ROOTDIR}etc/nsswitch.conf | ${GREPBINARY} "nisplus") - FIND3=$(${EGREPBINARY} "^passwd" ${ROOTDIR}etc/nsswitch.conf | ${GREPBINARY} "nisplus") + FIND2=$(${GREPBINARY} -E "^passwd_compat" ${ROOTDIR}etc/nsswitch.conf | ${GREPBINARY} "nisplus") + FIND3=$(${GREPBINARY} -E "^passwd" ${ROOTDIR}etc/nsswitch.conf | ${GREPBINARY} "nisplus") if [ -n "${FIND2}" -o -n "${FIND3}" ]; then LogText "Result: NIS+ authentication enabled" Display --indent 2 --text "- NIS+ authentication support" --result "${STATUS_ENABLED}" --color GREEN @@ -526,13 +526,13 @@ Register --test-no AUTH-9242 --weight L --network NO --category security --description "Query NIS authentication support" if [ ${SKIPTEST} -eq 0 ]; then if [ -f /etc/nsswitch.conf ]; then - FIND=$(${EGREPBINARY} "^passwd" /etc/nsswitch.conf | ${EGREPBINARY} "compat|nis" | ${GREPBINARY} -v "nisplus") + FIND=$(${GREPBINARY} -E "^passwd" /etc/nsswitch.conf | ${GREPBINARY} -E "compat|nis" | ${GREPBINARY} -v "nisplus") if [ -z "${FIND}" ]; then LogText "Result: NIS authentication not enabled" Display --indent 2 --text "- NIS authentication support" --result "${STATUS_NOT_ENABLED}" --color WHITE else - FIND2=$(${EGREPBINARY} "^passwd_compat" /etc/nsswitch.conf | ${GREPBINARY} "nis" | ${GREPBINARY} -v "nisplus") - FIND3=$(${EGREPBINARY} "^passwd" /etc/nsswitch.conf | ${GREPBINARY} "nis" | ${GREPBINARY} -v "nisplus") + FIND2=$(${GREPBINARY} -E "^passwd_compat" /etc/nsswitch.conf | ${GREPBINARY} "nis" | ${GREPBINARY} -v "nisplus") + FIND3=$(${GREPBINARY} -E "^passwd" /etc/nsswitch.conf | ${GREPBINARY} "nis" | ${GREPBINARY} -v "nisplus") if [ -n "${FIND2}" -o -n "${FIND3}" ]; then LogText "Result: NIS authentication enabled" Display --indent 2 --text "- NIS authentication support" --result "${STATUS_ENABLED}" --color GREEN @@ -737,7 +737,7 @@ LogText "Result: file ${ROOTDIR}etc/pam.conf exists" Display --indent 2 --text "- PAM configuration files (pam.conf)" --result "${STATUS_FOUND}" --color GREEN LogText "Test: searching PAM configuration files" - FIND=$(${EGREPBINARY} -v "^#" ${ROOTDIR}etc/pam.conf | ${EGREPBINARY} -v "^$" | ${SEDBINARY} 's/[[:space:]]/ /g' | ${SEDBINARY} 's/ / /g' | ${SEDBINARY} 's/ /:space:/g') + FIND=$(${GREPBINARY} -E -v "^#" ${ROOTDIR}etc/pam.conf | ${GREPBINARY} -E -v "^$" | ${SEDBINARY} 's/[[:space:]]/ /g' | ${SEDBINARY} 's/ / /g' | ${SEDBINARY} 's/ /:space:/g') if [ -z "${FIND}" ]; then LogText "Result: File has no configuration options defined (empty, or only filled with comments and empty lines)" else @@ -1017,7 +1017,7 @@ LogText "Data: Days since epoch is ${DAYS_SINCE_EPOCH}" LogText "Test: collecting accounts which have an expired password (last day changed + maximum change time)" # Skip fields with a !, *, or x, or !* (field $3 is last changed, $5 is maximum changed) - FIND=$(${EGREPBINARY} -v ":[\!\*x]([\*\!])?:" /etc/shadow | ${AWKBINARY} -v today=${DAYS_SINCE_EPOCH} -F: '{ if (($5!="") && (today>$3+$5)) { print $1 }}') + FIND=$(${GREPBINARY} -E -v ":[\!\*x]([\*\!])?:" /etc/shadow | ${AWKBINARY} -v today=${DAYS_SINCE_EPOCH} -F: '{ if (($5!="") && (today>$3+$5)) { print $1 }}') if [ -n "${FIND}" ]; then for ACCOUNT in ${FIND}; do LogText "Result: password of user ${ACCOUNT} has been expired" @@ -1109,8 +1109,8 @@ TEST_PERFORMED=1 LogText "Result: file ${ROOTDIR}etc/inittab exists" LogText "Test: checking presence sulogin for single user mode" - FIND=$(${EGREPBINARY} "^[a-zA-Z0-9~]+:S:(respawn|wait):/sbin/sulogin" /etc/inittab) - FIND2=$(${EGREPBINARY} "^su:S:(respawn|wait):/sbin/sulogin" /etc/inittab) + FIND=$(${GREPBINARY} -E "^[a-zA-Z0-9~]+:S:(respawn|wait):/sbin/sulogin" /etc/inittab) + FIND2=$(${GREPBINARY} -E "^su:S:(respawn|wait):/sbin/sulogin" /etc/inittab) if [ -n "${FIND}" -o -n "${FIND2}" ]; then FOUND=1 LogText "Result: found sulogin, so single user is protected" @@ -1147,7 +1147,7 @@ # Mark test as performed only when at least 1 target exists (e.g. Ubuntu 14.04 has limited systemd support) TEST_PERFORMED=1 LogText "Result: found target ${I}" - FIND=$(${EGREPBINARY} "^ExecStart=" ${FILE} | ${GREPBINARY} "sulogin") + FIND=$(${GREPBINARY} -E "^ExecStart=" ${FILE} | ${GREPBINARY} "sulogin") if [ "${FIND}" = "" ]; then LogText "Result: did not find sulogin specified, possible risk of getting into single user mode without authentication" else @@ -1486,7 +1486,7 @@ Register --test-no AUTH-9402 --weight L --network NO --category security --description "Query LDAP authentication support" if [ ${SKIPTEST} -eq 0 ]; then if [ -f ${ROOTDIR}etc/nsswitch.conf ]; then - FIND=$(${EGREPBINARY} "^passwd" ${ROOTDIR}etc/nsswitch.conf | ${GREPBINARY} "ldap") + FIND=$(${GREPBINARY} -E "^passwd" ${ROOTDIR}etc/nsswitch.conf | ${GREPBINARY} "ldap") if [ "${FIND}" = "" ]; then LogText "Result: LDAP authentication not enabled" Display --indent 2 --text "- LDAP authentication support" --result "${STATUS_NOT_ENABLED}" --color WHITE @@ -1514,7 +1514,7 @@ LogText "Result: file ${FILE} exists, LDAP being used" LDAP_CLIENT_CONFIG_FILE="${FILE}" LogText "Test: checking LDAP servers in file ${FILE}" - FIND=$(${EGREPBINARY} "^host " ${FILE} | ${AWKBINARY} '{ print $2 }') + FIND=$(${GREPBINARY} -E "^host " ${FILE} | ${AWKBINARY} '{ print $2 }') for SERVER in ${FIND}; do Display --indent 6 --text "LDAP server: ${SERVER}" LogText "Result: found LDAP server ${SERVER}" diff --git a/include/tests_boot_services b/include/tests_boot_services index 5901cd70..967b98a6 100644 --- a/include/tests_boot_services +++ b/include/tests_boot_services @@ -460,7 +460,7 @@ BOOT_LOADER_FOUND=1 Display --indent 2 --text "- Checking presence LILO" --result "${STATUS_OK}" --color GREEN LogText "Checking password option LILO" - FIND=$(${EGREPBINARY} 'password[[:space:]]?=' ${LILOCONFFILE} | ${GREPBINARY} -v "^#") + FIND=$(${GREPBINARY} -E 'password[[:space:]]?=' ${LILOCONFFILE} | ${GREPBINARY} -v "^#") if [ -z "${FIND}" ]; then if [ "${MACHINE_ROLE}" = "server" -o "${MACHINE_ROLE}" = "workstation" ]; then Display --indent 4 --text "- Password option presence " --result "${STATUS_WARNING}" --color RED @@ -605,7 +605,7 @@ else # FreeBSD (Read /etc/rc.conf file for enabled services) LogText "Searching for services at startup (rc.conf)" - FIND=$(${EGREPBINARY} -v -i '^#|none' ${ROOTDIR}etc/rc.conf | ${EGREPBINARY} -i '_enable.*(yes|on|1)' | ${SORTBINARY} | ${AWKBINARY} -F= '{ print $1 }' | ${SEDBINARY} 's/_enable//') + FIND=$(${GREPBINARY} -E -v -i '^#|none' ${ROOTDIR}etc/rc.conf | ${GREPBINARY} -E -i '_enable.*(yes|on|1)' | ${SORTBINARY} | ${AWKBINARY} -F= '{ print $1 }' | ${SEDBINARY} 's/_enable//') fi COUNT=0 for ITEM in ${FIND}; do @@ -715,7 +715,7 @@ if [ -n "${CHKCONFIGBINARY}" ]; then LogText "Result: chkconfig binary found, trying that to discover information" LogText "Searching for services at startup (chkconfig, runlevel 3 and 5)" - FIND=$(${CHKCONFIGBINARY} --list | ${EGREPBINARY} '3:on|5:on' | ${AWKBINARY} '{ print $1 }') + FIND=$(${CHKCONFIGBINARY} --list | ${GREPBINARY} -E '3:on|5:on' | ${AWKBINARY} '{ print $1 }') COUNT=0 Report "boot_service_tool=chkconfig" for ITEM in ${FIND}; do @@ -947,7 +947,7 @@ if [ -f ${ROOTDIR}usr/lib/systemd/system/rescue.service ]; then LogText "Result: file /usr/lib/systemd/system/rescue.service" LogText "Test: checking presence sulogin for single user mode" - FIND=$(${EGREPBINARY} "^ExecStart=.*sulogin" ${ROOTDIR}usr/lib/systemd/system/rescue.service) + FIND=$(${GREPBINARY} -E "^ExecStart=.*sulogin" ${ROOTDIR}usr/lib/systemd/system/rescue.service) if [ -n "${FIND}" ]; then FOUND=1 LogText "Result: found sulogin, so single user is protected" @@ -981,14 +981,14 @@ Report "running_service[]=${ITEM}" COUNT=$((COUNT + 1 )) done - LogText "Note: Run rcctl ls all | egrep '^(pf|check_quotas|library_aslr)$' to see all daemons" + LogText "Note: Run rcctl ls all | grep -E '^(pf|check_quotas|library_aslr)$' to see all daemons" Display --indent 2 --text "- Check running daemons (rcctl)" --result "${STATUS_DONE}" --color GREEN Display --indent 8 --text "Result: found ${COUNT} running daemons" LogText "Result: Found ${COUNT} running daemons" # OpenBSD (Ask rcctl(8) for enabled daemons) LogText "Searching for enabled daemons (rcctl)" - FIND=$(${RCCTLBINARY} ls on | ${EGREPBINARY} -v '^(pf|check_quotas|library_aslr)$') + FIND=$(${RCCTLBINARY} ls on | ${GREPBINARY} -E -v '^(pf|check_quotas|library_aslr)$') COUNT=0 Report "boot_service_tool=rcctl" for ITEM in ${FIND}; do @@ -996,7 +996,7 @@ Report "boot_service[]=${ITEM}" COUNT=$((COUNT + 1 )) done - LogText "Note: Run rcctl ls all | egrep '^(pf|check_quotas|library_aslr)$' to see all daemons" + LogText "Note: Run rcctl ls all | grep -E '^(pf|check_quotas|library_aslr)$' to see all daemons" Display --indent 2 --text "- Check enabled daemons at boot (rcctl)" --result "${STATUS_DONE}" --color GREEN Display --indent 8 --text "Result: found ${COUNT} enabled daemons at boot" LogText "Result: Found ${COUNT} enabled daemons at boot" diff --git a/include/tests_containers b/include/tests_containers index af10997d..a02ea268 100644 --- a/include/tests_containers +++ b/include/tests_containers @@ -137,7 +137,7 @@ # Check total of containers LogText "Test: checking total amount of Docker containers" - DOCKER_CONTAINERS_TOTAL=$(${DOCKERBINARY} info 2> /dev/null | ${EGREPBINARY} "^[ \t]?Containers: " | ${AWKBINARY} '{ print $2 }') + DOCKER_CONTAINERS_TOTAL=$(${DOCKERBINARY} info 2> /dev/null | ${GREPBINARY} -E "^[ \t]?Containers: " | ${AWKBINARY} '{ print $2 }') if [ -z "${DOCKER_CONTAINERS_TOTAL}" ]; then DOCKER_CONTAINERS_TOTAL=0 fi diff --git a/include/tests_crypto b/include/tests_crypto index 89ad1e62..a643b6c0 100644 --- a/include/tests_crypto +++ b/include/tests_crypto @@ -54,7 +54,7 @@ LASTSUBDIR="" LogText "Result: found directory ${DIR}" # Search for certificate files - FILES=$(${FINDBINARY} ${DIR} -type f 2> /dev/null | ${EGREPBINARY} ".cer$|.crt$|.der$|.pem$|^cert" | ${SORTBINARY} | ${SEDBINARY} 's/ /__space__/g') + FILES=$(${FINDBINARY} ${DIR} -type f 2> /dev/null | ${GREPBINARY} -E ".cer$|.crt$|.der$|.pem$|^cert" | ${SORTBINARY} | ${SEDBINARY} 's/ /__space__/g') for FILE in ${FILES}; do FILE=$(echo ${FILE} | ${SEDBINARY} 's/__space__/ /g') # See if we need to skip this path @@ -80,7 +80,7 @@ if [ ${CANREAD} -eq 1 ]; then # Only check the files that are not installed by a package, unless enabled by profile if [ ${SSL_CERTIFICATE_INCLUDE_PACKAGES} -eq 1 ] || ! FileInstalledByPackage "${FILE}"; then - echo ${FILE} | ${EGREPBINARY} -q ".cer$|.der$" + echo ${FILE} | ${GREPBINARY} -E -q ".cer$|.der$" CER_DER=$? OUTPUT=$(${GREPBINARY} -q 'BEGIN CERT' "${FILE}") if [ $? -eq 0 -o ${CER_DER} -eq 0 ]; then diff --git a/include/tests_databases b/include/tests_databases index e973d23f..181dac6c 100644 --- a/include/tests_databases +++ b/include/tests_databases @@ -45,7 +45,7 @@ # Description : Check if MySQL is being used Register --test-no DBS-1804 --weight L --network NO --category security --description "Checking active MySQL process" if [ ${SKIPTEST} -eq 0 ]; then - FIND=$(${PSBINARY} ax | ${EGREPBINARY} "mariadb|mysqld|mysqld_safe" | ${GREPBINARY} -v "grep") + FIND=$(${PSBINARY} ax | ${GREPBINARY} -E "mariadb|mysqld|mysqld_safe" | ${GREPBINARY} -v "grep") if [ -z "${FIND}" ]; then if [ ${DEBUG} -eq 1 ]; then Display --indent 2 --text "- MySQL process status" --result "${STATUS_NOT_FOUND}" --color WHITE --debug; fi LogText "Result: MySQL process not active" @@ -244,7 +244,7 @@ # reco: recovery (optional) Register --test-no DBS-1840 --weight L --network NO --category security --description "Checking active Oracle processes" if [ ${SKIPTEST} -eq 0 ]; then - FIND=$(${PSBINARY} ax | ${EGREPBINARY} "ora_pmon|ora_smon|tnslsnr" | ${GREPBINARY} -v "grep") + FIND=$(${PSBINARY} ax | ${GREPBINARY} -E "ora_pmon|ora_smon|tnslsnr" | ${GREPBINARY} -v "grep") if [ -z "${FIND}" ]; then if [ ${DEBUG} -eq 1 ]; then Display --indent 2 --text "- Oracle processes status" --result "${STATUS_NOT_FOUND}" --color WHITE --debug; fi LogText "Result: Oracle process(es) not active" diff --git a/include/tests_file_integrity b/include/tests_file_integrity index 8a38b97e..daf49196 100644 --- a/include/tests_file_integrity +++ b/include/tests_file_integrity @@ -104,7 +104,7 @@ if [ -n "${AIDEBINARY}" -a -n "${AIDECONFIG}" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi Register --test-no FINT-4316 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Presence of AIDE database and size check" if [ ${SKIPTEST} -eq 0 ]; then - AIDE_DB=$(${EGREPBINARY} '(^database|^database_in)=' ${AIDECONFIG} | ${SEDBINARY} "s/.*://") + AIDE_DB=$(${GREPBINARY} -E '(^database|^database_in)=' ${AIDECONFIG} | ${SEDBINARY} "s/.*://") if case ${AIDE_DB} in @@*) ;; *) false;; esac; then I=$(${GREPBINARY} "@@define.*DBDIR" ${AIDECONFIG} | ${AWKBINARY} '{print $3}') AIDE_DB=$(echo ${AIDE_DB} | ${SEDBINARY} "s#.*}#${I}#") @@ -330,7 +330,7 @@ ROOTDEVICE=$(${MOUNTBINARY} | ${AWKBINARY} '/ on \/ type / { print $1 }') for DEVICE in /dev/mapper/*; do if [ -e "${DEVICE}" ]; then - FIND=$(${INTEGRITYSETUPBINARY} status "${DEVICE}" | ${EGREPBINARY} 'type:.*INTEGRITY') + FIND=$(${INTEGRITYSETUPBINARY} status "${DEVICE}" | ${GREPBINARY} -E 'type:.*INTEGRITY') if [ ! -z "${FIND}" ]; then FOUND=1 LogText "Result: found dm-integrity device ${DEVICE}" @@ -370,7 +370,7 @@ ROOTDEVICE=$(${MOUNTBINARY} | ${AWKBINARY} '/ on \/ type / { print $1 }') for DEVICE in /dev/mapper/*; do if [ -e "${DEVICE}" ]; then - FIND=$(${VERITYSETUPBINARY} status "${DEVICE}" | ${EGREPBINARY} 'type:.*VERITY') + FIND=$(${VERITYSETUPBINARY} status "${DEVICE}" | ${GREPBINARY} -E 'type:.*VERITY') if [ ! -z "${FIND}" ]; then FOUND=1 LogText "Result: found dm-verity device ${DEVICE}" @@ -404,7 +404,7 @@ if [ ! "${AIDEBINARY}" = "" -a -n "${AIDECONFIG}" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi Register --test-no FINT-4402 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "AIDE configuration: Checksums (SHA256 or SHA512)" if [ ${SKIPTEST} -eq 0 ]; then - FIND=$(${GREPBINARY} -v "^#" ${AIDECONFIG} | ${EGREPBINARY} "= .*(sha256|sha512)") + FIND=$(${GREPBINARY} -v "^#" ${AIDECONFIG} | ${GREPBINARY} -E "= .*(sha256|sha512)") if [ -z "${FIND}" ]; then LogText "Result: No SHA256 or SHA512 found for creating checksums" Display --indent 6 --text "- AIDE config (Checksum)" --result Suggestion --color YELLOW diff --git a/include/tests_file_permissions b/include/tests_file_permissions index 32598f45..924dad12 100644 --- a/include/tests_file_permissions +++ b/include/tests_file_permissions @@ -35,7 +35,7 @@ FOUND=0 for PROFILE in ${PROFILES}; do LogText "Using profile ${PROFILE} for baseline." - FILES=$(${EGREPBINARY} '^permfile=|^permdir=' ${PROFILE} | ${CUTBINARY} -d= -f2 | ${CUTBINARY} -d: -f1) + FILES=$(${GREPBINARY} -E '^permfile=|^permdir=' ${PROFILE} | ${CUTBINARY} -d= -f2 | ${CUTBINARY} -d: -f1) for F in ${FILES}; do LogText "Test: checking file/directory ${F}" if [ -f "${F}" ]; then diff --git a/include/tests_filesystems b/include/tests_filesystems index ab6191aa..93af33ed 100644 --- a/include/tests_filesystems +++ b/include/tests_filesystems @@ -356,7 +356,7 @@ # Proc should be mounted with 'hidepid=2' or 'hidepid=1' at least # https://www.kernel.org/doc/html/latest/filesystems/proc.html#chapter-4-configuring-procfs LogText "Test: check proc mount with incorrect mount options" - FIND=$(${MOUNTBINARY} | ${EGREPBINARY} "${ROOTDIR}proc " | ${EGREPBINARY} -o "hidepid=([0-9]|[a-z][a-z]*)") + FIND=$(${MOUNTBINARY} | ${GREPBINARY} -E "${ROOTDIR}proc " | ${GREPBINARY} -E -o "hidepid=([0-9]|[a-z][a-z]*)") if [ "${FIND}" = "hidepid=4" -o "${FIND}" = "hidepid=ptraceable" ]; then # https://lwn.net/Articles/817137/ Display --indent 2 --text "- Testing /proc mount (hidepid)" --result "${STATUS_OK}" --color GREEN LogText "Result: proc mount mounted with ${FIND}" @@ -504,7 +504,7 @@ fi LogText "Test: Checking acl option on xfs root file system" - FIND=$(${MOUNTBINARY} | ${AWKBINARY} '{ if ($3=="/" && $5~/xfs/) { print $6 } }' | ${EGREPBINARY} 'no_acl|no_user_xattr') + FIND=$(${MOUNTBINARY} | ${AWKBINARY} '{ if ($3=="/" && $5~/xfs/) { print $6 } }' | ${GREPBINARY} -E 'no_acl|no_user_xattr') if [ -z "${FIND}" ]; then FOUND=1 # some other tests to do ? @@ -638,7 +638,7 @@ NDEVMOUNTS=$(mount | ${AWKBINARY} '{print $6}' | ${GREPBINARY} -v nodev | ${WCBINARY} -l) NEXECMOUNTS=$(mount | ${AWKBINARY} '{print $6}' | ${GREPBINARY} -v noexec | ${WCBINARY} -l) NSUIDMOUNTS=$(mount | ${AWKBINARY} '{print $6}' | ${GREPBINARY} -v nosuid | ${WCBINARY} -l) - NWRITEANDEXECMOUNTS=$(mount | ${AWKBINARY} '{print $6}' | ${GREPBINARY} -v noexec | ${EGREPBINARY} -v '^\(ro[,)]' | ${WCBINARY} -l) + NWRITEANDEXECMOUNTS=$(mount | ${AWKBINARY} '{print $6}' | ${GREPBINARY} -v noexec | ${GREPBINARY} -E -v '^\(ro[,)]' | ${WCBINARY} -l) LogText "Result: Total without nodev:${NDEVMOUNTS} noexec:${NEXECMOUNTS} nosuid:${NSUIDMOUNTS} ro or noexec (W^X): ${NWRITEANDEXECMOUNTS}, of total ${NMOUNTS}" Display --indent 2 --text "- Total without nodev:${NDEVMOUNTS} noexec:${NEXECMOUNTS} nosuid:${NSUIDMOUNTS} ro or noexec (W^X): ${NWRITEANDEXECMOUNTS} of total ${NMOUNTS}" fi @@ -814,13 +814,13 @@ AVAILABLE_MODPROBE_FS="" for FS in ${LIST_FS_NOT_SUPPORTED}; do # Check if filesystem is present in modprobe output - FIND=$(${MODPROBEBINARY} -v -n ${FS} 2>/dev/null | ${EGREPBINARY} "/${FS}.ko" | ${TAILBINARY} -1) + FIND=$(${MODPROBEBINARY} -v -n ${FS} 2>/dev/null | ${GREPBINARY} -E "/${FS}.ko" | ${TAILBINARY} -1) if [ -n "${FIND}" ]; then LogText "Result: found ${FS} support in the kernel (output = ${FIND})" Debug "Module ${FS} present in the kernel" LogText "Test: Checking if ${FS} is active" # Check if FS is present in lsmod output - FIND=$(${LSMODBINARY} | ${EGREPBINARY} "^${FS}") + FIND=$(${LSMODBINARY} | ${GREPBINARY} -E "^${FS}") if IsEmpty "${FIND}"; then LogText "Result: module ${FS} is currently not loaded in the kernel." AddHP 2 3 @@ -837,8 +837,8 @@ fi FIND=$(${LSBINARY} ${ROOTDIR}etc/modprobe.d/* 2> /dev/null) if [ -n "${FIND}" ]; then - FIND1=$(${EGREPBINARY} "^blacklist \+${FS}$" ${ROOTDIR}etc/modprobe.d/* | ${GREPBINARY} -v "#") - FIND2=$(${EGREPBINARY} "^install \+${FS} \+/bin/true$" ${ROOTDIR}etc/modprobe.d/* | ${GREPBINARY} -v "#") + FIND1=$(${GREPBINARY} -E "^blacklist \+${FS}$" ${ROOTDIR}etc/modprobe.d/* | ${GREPBINARY} -v "#") + FIND2=$(${GREPBINARY} -E "^install \+${FS} \+/bin/true$" ${ROOTDIR}etc/modprobe.d/* | ${GREPBINARY} -v "#") if [ -n "${FIND1}" ] || [ -n "${FIND2}" ]; then Display --indent 4 --text "- Module $FS is blacklisted" --result "OK" --color GREEN LogText "Result: module ${FS} is blacklisted" diff --git a/include/tests_firewalls b/include/tests_firewalls index 44d6c441..6852b536 100644 --- a/include/tests_firewalls +++ b/include/tests_firewalls @@ -112,7 +112,7 @@ TABLES="filter" for TABLE in ${TABLES}; do LogText "Test: gathering information from table ${TABLE}" - FIND="$FIND""\n"$(${IPTABLESBINARY} -t ${TABLE} --numeric --list | ${EGREPBINARY} -z -o -w '[A-Z]+' | tr -d '\0' | ${AWKBINARY} -v t=${TABLE} 'NR%2 {printf "%s %s ",t, $0 ; next;}1') + FIND="$FIND""\n"$(${IPTABLESBINARY} -t ${TABLE} --numeric --list | ${GREPBINARY} -E -z -o -w '[A-Z]+' | tr -d '\0' | ${AWKBINARY} -v t=${TABLE} 'NR%2 {printf "%s %s ",t, $0 ; next;}1') done echo "${FIND}" | while read -r line; do @@ -154,7 +154,7 @@ if [ -n "${IPTABLESBINARY}" -a ${IPTABLES_ACTIVE} -eq 1 ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi Register --test-no FIRE-4512 --preqs-met ${PREQS_MET} --os Linux --weight L --network NO --root-only YES --category security --description "Check iptables for empty ruleset" if [ ${SKIPTEST} -eq 0 ]; then - FIND=$(${IPTABLESBINARY} --list --numeric 2> /dev/null | ${EGREPBINARY} -v "^(Chain|target|$)" | ${WCBINARY} -l | ${TRBINARY} -d ' ') + FIND=$(${IPTABLESBINARY} --list --numeric 2> /dev/null | ${GREPBINARY} -E -v "^(Chain|target|$)" | ${WCBINARY} -l | ${TRBINARY} -d ' ') if [ -n "${FIND}" ]; then FIREWALL_ACTIVE=1 if [ ${FIND} -le 5 ]; then @@ -506,7 +506,7 @@ Register --test-no FIRE-4540 --os Linux --preqs-met ${PREQS_MET} --weight L --network NO --root-only YES --category security --description "Check for empty nftables configuration" if [ ${SKIPTEST} -eq 0 ]; then # Check for empty ruleset - NFT_RULES_LENGTH=$(${NFTBINARY} --stateless list ruleset 2> /dev/null | ${EGREPBINARY} -v "table|chain|;$|}$|^$" | ${WCBINARY} -l) + NFT_RULES_LENGTH=$(${NFTBINARY} --stateless list ruleset 2> /dev/null | ${GREPBINARY} -E -v "table|chain|;$|}$|^$" | ${WCBINARY} -l) if [ ${NFT_RULES_LENGTH} -le 3 ]; then FIREWALL_EMPTY_RULESET=1 LogText "Result: this firewall set has 3 rules or less and is considered to be empty" diff --git a/include/tests_homedirs b/include/tests_homedirs index 3e5f1b78..77de47f4 100644 --- a/include/tests_homedirs +++ b/include/tests_homedirs @@ -57,7 +57,7 @@ if [ ${SKIPTEST} -eq 0 ]; then # Check if users' home directories permissions are 750 or more restrictive FOUND=0 - USERDATA=$(${EGREPBINARY} -v '^(daemon|git|halt|root|shutdown|sync)' ${ROOTDIR}etc/passwd | ${AWKBINARY} -F: '($7 !~ "/(false|nologin)$") { print }') + USERDATA=$(${GREPBINARY} -E -v '^(daemon|git|halt|root|shutdown|sync)' ${ROOTDIR}etc/passwd | ${AWKBINARY} -F: '($7 !~ "/(false|nologin)$") { print }') while read -r LINE; do USER=$(echo ${LINE} | ${CUTBINARY} -d: -f1) DIR=$(echo ${LINE} | ${CUTBINARY} -d: -f6) @@ -93,7 +93,7 @@ EOF if [ ${SKIPTEST} -eq 0 ]; then # Check if users own their home directories FOUND=0 - USERDATA=$(${EGREPBINARY} -v '^(daemon|git|halt|root|shutdown|sync)' ${ROOTDIR}etc/passwd | ${AWKBINARY} -F: '($7 !~ "/(false|nologin)$") { print }') + USERDATA=$(${GREPBINARY} -E -v '^(daemon|git|halt|root|shutdown|sync)' ${ROOTDIR}etc/passwd | ${AWKBINARY} -F: '($7 !~ "/(false|nologin)$") { print }') while read -r LINE; do USER=$(echo ${LINE} | ${CUTBINARY} -d: -f1) DIR=$(echo ${LINE} | ${CUTBINARY} -d: -f6) diff --git a/include/tests_insecure_services b/include/tests_insecure_services index f01966f2..c86070c0 100644 --- a/include/tests_insecure_services +++ b/include/tests_insecure_services @@ -298,7 +298,7 @@ #if [ ${SKIPTEST} -eq 0 ]; then # # Check presence of Rsh Trust Files # FOUND=0 - # for LINE in $(${CAT_BINARY} /etc/passwd | ${EGREPBINARY} -v '^(root|halt|sync|shutdown)' | ${AWKBINARY} -F: '($7 !="/sbin/nologin" && $7 != "/bin/false") { print }'); do + # for LINE in $(${CAT_BINARY} /etc/passwd | ${GREPBINARY} -E -v '^(root|halt|sync|shutdown)' | ${AWKBINARY} -F: '($7 !="/sbin/nologin" && $7 != "/bin/false") { print }'); do # USER=$(echo ${LINE} | ${CUTBINARY} -d: -f1) # DIR=$(echo ${LINE} | ${CUTBINARY} -d: -f6) # if [ -d ${DIR} ]; then diff --git a/include/tests_kernel b/include/tests_kernel index ad914bfb..bba8080f 100644 --- a/include/tests_kernel +++ b/include/tests_kernel @@ -49,7 +49,7 @@ LogText "Exception: can't find the target of the symlink of /etc/systemd/system/default.target" ReportException "${TEST_NO}:01" else - FIND2=$(${ECHOCMD} ${FIND} | ${EGREPBINARY} "runlevel5|graphical") + FIND2=$(${ECHOCMD} ${FIND} | ${GREPBINARY} -E "runlevel5|graphical") if HasData "${FIND2}"; then LogText "Result: Found match on runlevel5/graphical" Display --indent 2 --text "- Checking default runlevel" --result "runlevel 5" --color GREEN @@ -401,7 +401,7 @@ elif [ -e ${ROOTDIR}etc/rpi-issue ]; then FINDKERNEL="raspberrypi-kernel" LogText "Result: ${ROOTDIR}vmlinuz missing due to Raspbian" - elif $(${EGREPBINARY} -q 'do_symlinks.*=.*No' ${ROOTDIR}etc/kernel-img.conf); then + elif $(${GREPBINARY} -E -q 'do_symlinks.*=.*No' ${ROOTDIR}etc/kernel-img.conf); then FINDKERNEL="linux-image-$(uname -r)" LogText "Result: ${ROOTDIR}vmlinuz missing due to /etc/kernel-img.conf item do_symlinks = No" else @@ -414,8 +414,8 @@ else LogText "Result: found kernel '${FINDKERNEL}' which will be used for further testing" LogText "Test: Using apt-cache policy to determine if there is an update available" - FINDINSTALLED=$(apt-cache policy ${FINDKERNEL} | ${EGREPBINARY} 'Installed' | ${CUTBINARY} -d ':' -f2 | ${TRBINARY} -d ' ') - FINDCANDIDATE=$(apt-cache policy ${FINDKERNEL} | ${EGREPBINARY} 'Candidate' | ${CUTBINARY} -d ':' -f2 | ${TRBINARY} -d ' ') + FINDINSTALLED=$(apt-cache policy ${FINDKERNEL} | ${GREPBINARY} -E 'Installed' | ${CUTBINARY} -d ':' -f2 | ${TRBINARY} -d ' ') + FINDCANDIDATE=$(apt-cache policy ${FINDKERNEL} | ${GREPBINARY} -E 'Candidate' | ${CUTBINARY} -d ':' -f2 | ${TRBINARY} -d ' ') LogText "Kernel installed: ${FINDINSTALLED}" LogText "Kernel candidate: ${FINDCANDIDATE}" if IsEmpty "${FINDINSTALLED}"; then @@ -826,7 +826,7 @@ LogText "Check: try to find raspberrypi-kernel file in ${APT_ARCHIVE_DIRECTORY} and extract package date from file name" FOUND_KERNEL_DATE=$(${FINDBINARY} ${APT_ARCHIVE_DIRECTORY} -name "raspberrypi-kernel*" -printf "%T@ %Tc %p\n" 2> /dev/null \ - | ${SORTBINARY} -nr | ${HEADBINARY} -1 | ${GREPBINARY} -o "raspberrypi-kernel.*deb" | ${EGREPBINARY} -o "\.[0-9]+" | ${SEDBINARY} 's/\.//g') + | ${SORTBINARY} -nr | ${HEADBINARY} -1 | ${GREPBINARY} -o "raspberrypi-kernel.*deb" | ${GREPBINARY} -E -o "\.[0-9]+" | ${SEDBINARY} 's/\.//g') if [ -n "${FOUND_KERNEL_DATE}" ]; then FOUND_KERNEL_IN_SECONDS=$(date -d "${FOUND_KERNEL_DATE}" "+%s" 2> /dev/null) @@ -851,21 +851,21 @@ next="month" fi elif [ "$next" = "month" ]; then - if [ $(${ECHOCMD} "${part}" | ${EGREPBINARY} -c "[A-Z][a-z]") -ge 1 ]; then + if [ $(${ECHOCMD} "${part}" | ${GREPBINARY} -E -c "[A-Z][a-z]") -ge 1 ]; then UNAME_DATE_MONTH="${part}" next="day" fi elif [ "${next}" = "day" ]; then - if [ $(${ECHOCMD} ${part} | ${EGREPBINARY} -c "[0-9][0-9]") -ge 1 ]; then + if [ $(${ECHOCMD} ${part} | ${GREPBINARY} -E -c "[0-9][0-9]") -ge 1 ]; then UNAME_DATE_DAY="${part}" next="time" fi elif [ "${next}" = "time" ]; then - if [ $(${ECHOCMD} ${part} | ${EGREPBINARY} -c ":[0-9][0-9]:") -ge 1 ]; then + if [ $(${ECHOCMD} ${part} | ${GREPBINARY} -E -c ":[0-9][0-9]:") -ge 1 ]; then next="year" fi elif [ "${next}" = "year" ]; then - if [ $(${ECHOCMD} ${part} | ${EGREPBINARY} -c "[0-9][0-9]") -ge 1 ]; then + if [ $(${ECHOCMD} ${part} | ${GREPBINARY} -E -c "[0-9][0-9]") -ge 1 ]; then UNAME_DATE_YEAR="${part}" break fi diff --git a/include/tests_logging b/include/tests_logging index b6acdbe5..04bee67d 100644 --- a/include/tests_logging +++ b/include/tests_logging @@ -45,7 +45,7 @@ Register --test-no LOGG-2130 --weight L --network NO --category security --description "Check for running syslog daemon" if [ ${SKIPTEST} -eq 0 ]; then LogText "Test: Searching for a logging daemon" - FIND=$(${PSBINARY} ax | ${EGREPBINARY} "syslogd|syslog-ng|metalog|systemd-journal" | ${GREPBINARY} -v "grep") + FIND=$(${PSBINARY} ax | ${GREPBINARY} -E "syslogd|syslog-ng|metalog|systemd-journal" | ${GREPBINARY} -v "grep") if [ -z "${FIND}" ]; then Display --indent 2 --text "- Checking for a running log daemon" --result "${STATUS_WARNING}" --color RED LogText "Result: Could not find a syslog daemon like syslog, syslog-ng, rsyslog, metalog, systemd-journal" @@ -261,7 +261,7 @@ Register --test-no LOGG-2148 --weight L --preqs-met ${PREQS_MET} --network NO --category security --description "Checking logrotated files" if [ ${SKIPTEST} -eq 0 ]; then LogText "Test: Checking which files are rotated with logrotate and if they exist" - FIND=$(${LOGROTATEBINARY} -d -v ${ROOTDIR}etc/logrotate.conf 2>&1 | ${EGREPBINARY} "considering log|skipping" | ${GREPBINARY} -v '*' | ${SORTBINARY} -u | ${AWKBINARY} '{ if ($2!="log") { print "File:"$2":does_not_exist" } else { print "File:"$3":exists" } }') + FIND=$(${LOGROTATEBINARY} -d -v ${ROOTDIR}etc/logrotate.conf 2>&1 | ${GREPBINARY} -E "considering log|skipping" | ${GREPBINARY} -v '*' | ${SORTBINARY} -u | ${AWKBINARY} '{ if ($2!="log") { print "File:"$2":does_not_exist" } else { print "File:"$3":exists" } }') if [ -z "${FIND}" ]; then LogText "Result: nothing found" else @@ -280,7 +280,7 @@ Register --test-no LOGG-2150 --weight L --preqs-met ${PREQS_MET} --network NO --category security --description "Checking directories in logrotate configuration" if [ ${SKIPTEST} -eq 0 ]; then LogText "Test: Checking which directories can be found in logrotate configuration" - FIND=$(${LOGROTATEBINARY} -d -v ${ROOTDIR}etc/logrotate.conf 2>&1 | ${EGREPBINARY} "considering log|skipping" | ${GREPBINARY} -v '*' | ${SORTBINARY} -u | ${AWKBINARY} '{ if ($2=="log") { print $3 } }' | ${SEDBINARY} 's@/[^/]*$@@g' | ${SORTBINARY} -u) + FIND=$(${LOGROTATEBINARY} -d -v ${ROOTDIR}etc/logrotate.conf 2>&1 | ${GREPBINARY} -E "considering log|skipping" | ${GREPBINARY} -v '*' | ${SORTBINARY} -u | ${AWKBINARY} '{ if ($2=="log") { print $3 } }' | ${SEDBINARY} 's@/[^/]*$@@g' | ${SORTBINARY} -u) if IsEmpty "${FIND}"; then LogText "Result: nothing found" else @@ -345,7 +345,7 @@ if [ ${SOLARIS_LOGHOST_FOUND} -eq 1 ] && [ -n "${SOLARIS_LOGHOST}" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi Register --test-no LOGG-2153 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Checking loghost is localhost" if [ ${SKIPTEST} -eq 0 ]; then - FIND=$(echo "${SOLARIS_LOGHOST}" | ${AWKBINARY} '{ print $1 }' | ${EGREPBINARY} "::1|127.0.0.1|127.1") + FIND=$(echo "${SOLARIS_LOGHOST}" | ${AWKBINARY} '{ print $1 }' | ${GREPBINARY} -E "::1|127.0.0.1|127.1") if [ -n "${FIND}" ]; then SOLARIS_LOGHOST_LOCALHOST=1 LogText "Result: loghost entry is localhost (default)" @@ -371,7 +371,7 @@ TARGET="${ROOTDIR}etc/rsyslog.conf" if [ -f ${TARGET} ]; then LogText "Test: analyzing file ${TARGET} for remote target" - DATA=$(${EGREPBINARY} "@@?([a-zA-Z0-9\-])+(\.)?(([a-zA-Z0-9-])+)?(\.)?(([a-zA-Z0-9-])+)?(\.)?(([a-zA-Z0-9-])+)?(\.)?(([a-zA-Z0-9-])+)?" ${TARGET} | ${GREPBINARY} -v "#" | ${TRBINARY} -cd "[:print:]\n" | ${SEDBINARY} 's/[[:blank:]]\{1,\}/:space:/g') + DATA=$(${GREPBINARY} -E "@@?([a-zA-Z0-9\-])+(\.)?(([a-zA-Z0-9-])+)?(\.)?(([a-zA-Z0-9-])+)?(\.)?(([a-zA-Z0-9-])+)?(\.)?(([a-zA-Z0-9-])+)?" ${TARGET} | ${GREPBINARY} -v "#" | ${TRBINARY} -cd "[:print:]\n" | ${SEDBINARY} 's/[[:blank:]]\{1,\}/:space:/g') if [ -z "${DATA}" ]; then LogText "Result: no remote target found" else @@ -391,7 +391,7 @@ for F in ${FILES}; do F=$(echo ${F} | ${SEDBINARY} 's/:space:/ /g') LogText "Test: analyzing file ${F} for remote target" - DATA=$(${EGREPBINARY} "@@?([a-zA-Z0-9\-])+(\.)?(([a-zA-Z0-9-])+)?(\.)?(([a-zA-Z0-9-])+)?(\.)?(([a-zA-Z0-9-])+)?(\.)?(([a-zA-Z0-9-])+)?" ${F} | ${GREPBINARY} -v "#" | ${TRBINARY} -cd "[:print:]\n" | ${SEDBINARY} 's/[[:blank:]]\{1,\}/:space:/g') + DATA=$(${GREPBINARY} -E "@@?([a-zA-Z0-9\-])+(\.)?(([a-zA-Z0-9-])+)?(\.)?(([a-zA-Z0-9-])+)?(\.)?(([a-zA-Z0-9-])+)?(\.)?(([a-zA-Z0-9-])+)?" ${F} | ${GREPBINARY} -v "#" | ${TRBINARY} -cd "[:print:]\n" | ${SEDBINARY} 's/[[:blank:]]\{1,\}/:space:/g') if [ -n "${DATA}" ]; then LogText "Result: found remote target" REMOTE_LOGGING_ENABLED=1 @@ -403,7 +403,7 @@ done else # Check new style configuration (omrelp/omfwd). This can be all on one line or even split over multiple lines. - DATA=$(${EGREPBINARY} "target=\"([a-zA-Z0-9\-])" ${F}) + DATA=$(${GREPBINARY} -E "target=\"([a-zA-Z0-9\-])" ${F}) if [ -n "${DATA}" ]; then LogText "Result: most likely remote log host is used, as keyword 'target' is used" REMOTE_LOGGING_ENABLED=1 @@ -424,7 +424,7 @@ if [ -f ${SYSLOGD_CONF} ]; then LogText "Test: check if logs are also logged to a remote logging host" - FIND=$(${EGREPBINARY} "@[a-zA-Z0-9]|destination\s.+(udp|tcp).+\sport" ${SYSLOGD_CONF} | ${GREPBINARY} -v "^#" | ${GREPBINARY} -v "[a-zA-Z0-9]@") + FIND=$(${GREPBINARY} -E "@[a-zA-Z0-9]|destination\s.+(udp|tcp).+\sport" ${SYSLOGD_CONF} | ${GREPBINARY} -v "^#" | ${GREPBINARY} -v "[a-zA-Z0-9]@") if [ -n "${FIND}" ]; then FIND2=$(echo "${FIND}" | ${GREPBINARY} -v "@loghost") if [ ${SOLARIS_LOGHOST_LOCALHOST} -eq 1 ] && [ -z "${FIND2}" ]; then @@ -435,9 +435,9 @@ fi else # Search for configured destinations with an IP address or hostname, then determine which ones are used as a log destination - DESTINATIONS=$(${GREPBINARY} "^destination" ${SYSLOGD_CONF} | ${EGREPBINARY} "(udp|tcp)" | ${GREPBINARY} "port" | ${AWKBINARY} '{print $2}') + DESTINATIONS=$(${GREPBINARY} "^destination" ${SYSLOGD_CONF} | ${GREPBINARY} -E "(udp|tcp)" | ${GREPBINARY} "port" | ${AWKBINARY} '{print $2}') for DESTINATION in ${DESTINATIONS}; do - FIND2=$(${GREPBINARY} "log" ${SYSLOGD_CONF} | ${GREPBINARY} "source" | ${EGREPBINARY} "destination\(${DESTINATION}\)") + FIND2=$(${GREPBINARY} "log" ${SYSLOGD_CONF} | ${GREPBINARY} "source" | ${GREPBINARY} -E "destination\(${DESTINATION}\)") if [ -n "${FIND2}" ]; then LogText "Result: found destination ${DESTINATION} configured for remote logging" REMOTE_LOGGING_ENABLED=1 @@ -539,7 +539,7 @@ if [ ${SKIPTEST} -eq 0 ]; then LogText "Test: checking open log files with lsof" if [ -n "${LSOFBINARY}" ]; then - FIND=$(${LSOFBINARY}${LSOF_EXTRA_OPTIONS} -n 2>&1 | ${GREPBINARY} "log$" | ${EGREPBINARY} -v "WARNING|Output information" | ${AWKBINARY} '{ if ($5=="REG") { print $9 } }' | ${SORTBINARY} -u | ${GREPBINARY} -v "^$") + FIND=$(${LSOFBINARY}${LSOF_EXTRA_OPTIONS} -n 2>&1 | ${GREPBINARY} "log$" | ${GREPBINARY} -E -v "WARNING|Output information" | ${AWKBINARY} '{ if ($5=="REG") { print $9 } }' | ${SORTBINARY} -u | ${GREPBINARY} -v "^$") for I in ${FIND}; do LogText "Found logfile: ${I}" done @@ -572,7 +572,7 @@ LSOF_GREP="${LSOF_GREP}|anacron|awk|run-parts" fi - FIND=$(${LSOFBINARY}${LSOF_EXTRA_OPTIONS} -n +L 1 2>&1 | ${EGREPBINARY} -vw "${LSOF_GREP}" | ${EGREPBINARY} -v '/dev/zero|/\[aio\]' | ${AWKBINARY} '{ if ($5=="REG") { printf "%s(%s)\n", $10, $1 } }' | ${GREPBINARY} -v "^$" | ${SORTBINARY} -u) + FIND=$(${LSOFBINARY}${LSOF_EXTRA_OPTIONS} -n +L 1 2>&1 | ${GREPBINARY} -E -vw "${LSOF_GREP}" | ${GREPBINARY} -E -v '/dev/zero|/\[aio\]' | ${AWKBINARY} '{ if ($5=="REG") { printf "%s(%s)\n", $10, $1 } }' | ${GREPBINARY} -v "^$" | ${SORTBINARY} -u) if [ -n "${FIND}" ]; then LogText "Result: found one or more files which are deleted, but still in use" for I in ${FIND}; do diff --git a/include/tests_mail_messaging b/include/tests_mail_messaging index a8e9ec3b..8d4ae929 100644 --- a/include/tests_mail_messaging +++ b/include/tests_mail_messaging @@ -70,18 +70,18 @@ unset FIND FIND2 FIND3 FIND4 # Local Only - FIND=$(echo "${EXIM_ROUTERS}" | ${EGREPBINARY} '^nonlocal') + FIND=$(echo "${EXIM_ROUTERS}" | ${GREPBINARY} -E '^nonlocal') # Internet Host - FIND2=$(echo "${EXIM_ROUTERS}" | ${EGREPBINARY} '^dnslookup_relay_to_domains') + FIND2=$(echo "${EXIM_ROUTERS}" | ${GREPBINARY} -E '^dnslookup_relay_to_domains') # Smarthost or Satellite - FIND3=$(echo "${EXIM_ROUTERS}" | ${EGREPBINARY} '^smarthost') + FIND3=$(echo "${EXIM_ROUTERS}" | ${GREPBINARY} -E '^smarthost') if [ -n "${FIND}" ]; then EXIM_TYPE="LOCAL ONLY" elif [ -n "${FIND2}" ]; then EXIM_TYPE="INTERNET HOST" elif [ -n "${FIND3}" ]; then - FIND4=$(echo "${EXIM_ROUTERS}" | ${EGREPBINARY} '^hub_user_smarthost') + FIND4=$(echo "${EXIM_ROUTERS}" | ${GREPBINARY} -E '^hub_user_smarthost') if [ -n "${FIND4}" ]; then EXIM_TYPE="SATELLITE" else @@ -415,7 +415,7 @@ Register --test-no MAIL-8920 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check OpenSMTPD status" if [ ${SKIPTEST} -eq 0 ]; then LogText "Test: check smtpd status" - FIND=$(${PSBINARY} ax | ${EGREPBINARY} "(/smtpd|smtpd: \[priv\]|smtpd: smtp)" | ${GREPBINARY} -v "grep") + FIND=$(${PSBINARY} ax | ${GREPBINARY} -E "(/smtpd|smtpd: \[priv\]|smtpd: smtp)" | ${GREPBINARY} -v "grep") if [ ! "${FIND}" = "" ]; then LogText "Result: found running smtpd process" Display --indent 2 --text "- OpenSMTPD status" --result "${STATUS_RUNNING}" --color GREEN diff --git a/include/tests_nameservices b/include/tests_nameservices index 8c483d08..c35b4171 100644 --- a/include/tests_nameservices +++ b/include/tests_nameservices @@ -339,7 +339,7 @@ Register --test-no NAME-4210 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check DNS banner" if [ ${SKIPTEST} -eq 0 ]; then LogText "Test: Trying to determine version from banner" - FIND=$(${DIGBINARY} @localhost version.bind chaos txt | ${GREPBINARY} "^version.bind" | ${GREPBINARY} TXT | ${EGREPBINARY} "[0-9].[0-9].[0-9]*") + FIND=$(${DIGBINARY} @localhost version.bind chaos txt | ${GREPBINARY} "^version.bind" | ${GREPBINARY} TXT | ${GREPBINARY} -E "[0-9].[0-9].[0-9]*") if [ "${FIND}" = "" ]; then LogText "Result: no useful information in banner found" Display --indent 4 --text "- Checking BIND version in banner" --result "${STATUS_OK}" --color GREEN @@ -571,7 +571,7 @@ Register --test-no NAME-4402 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check duplicate line in /etc/hosts" if [ ${SKIPTEST} -eq 0 ]; then LogText "Test: check duplicate line in ${ROOTDIR}etc/hosts" - OUTPUT=$(${AWKBINARY} '{ print $1, $2 }' ${ROOTDIR}etc/hosts | ${EGREPBINARY} -v '^(#|$)' | ${EGREPBINARY} "[a-f0-9]" | ${SORTBINARY} | ${UNIQBINARY} -d) + OUTPUT=$(${AWKBINARY} '{ print $1, $2 }' ${ROOTDIR}etc/hosts | ${GREPBINARY} -E -v '^(#|$)' | ${GREPBINARY} -E "[a-f0-9]" | ${SORTBINARY} | ${UNIQBINARY} -d) if [ -z "${OUTPUT}" ]; then LogText "Result: OK, no duplicate lines found" Display --indent 4 --text "- Duplicate entries in hosts file" --result "${STATUS_NONE}" --color GREEN @@ -592,7 +592,7 @@ if [ ${SKIPTEST} -eq 0 ]; then LogText "Test: Check /etc/hosts contains an entry for this server name" if [ -n "${HOSTNAME}" ]; then - DATA=$(${EGREPBINARY} -v '^(#|$|^::1\s|localhost)' ${ROOTDIR}etc/hosts | ${GREPBINARY} -i ${HOSTNAME}) + DATA=$(${GREPBINARY} -E -v '^(#|$|^::1\s|localhost)' ${ROOTDIR}etc/hosts | ${GREPBINARY} -i ${HOSTNAME}) if [ -n "${DATA}" ]; then LogText "Result: Found entry for ${HOSTNAME} in ${ROOTDIR}etc/hosts" Display --indent 4 --text "- Presence of configured hostname in /etc/hosts" --result "${STATUS_FOUND}" --color GREEN @@ -615,7 +615,7 @@ Register --test-no NAME-4406 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check server hostname mapping" if [ ${SKIPTEST} -eq 0 ]; then LogText "Test: Check server hostname not locally mapped in ${ROOTDIR}etc/hosts" - DATA=$(${EGREPBINARY} -v '^(#|$)' ${ROOTDIR}etc/hosts | ${EGREPBINARY} '^(localhost|::1)\s' | ${GREPBINARY} -w ${HOSTNAME}) + DATA=$(${GREPBINARY} -E -v '^(#|$)' ${ROOTDIR}etc/hosts | ${GREPBINARY} -E '^(localhost|::1)\s' | ${GREPBINARY} -w ${HOSTNAME}) if [ -n "${DATA}" ]; then LogText "Result: Found this server hostname mapped to a local address" LogText "Output: ${DATA}" diff --git a/include/tests_networking b/include/tests_networking index 7faf7125..116f3760 100644 --- a/include/tests_networking +++ b/include/tests_networking @@ -280,7 +280,7 @@ Register --test-no NETW-3001 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Find default gateway (route)" if [ $SKIPTEST -eq 0 ]; then LogText "Test: Searching default gateway(s)" - FIND=$(${NETSTATBINARY} -rn | ${EGREPBINARY} "^0.0.0.0|default" | ${TRBINARY} -s ' ' | ${CUTBINARY} -d ' ' -f2) + FIND=$(${NETSTATBINARY} -rn | ${GREPBINARY} -E "^0.0.0.0|default" | ${TRBINARY} -s ' ' | ${CUTBINARY} -d ' ' -f2) if [ -n "${FIND}" ]; then for I in ${FIND}; do LogText "Result: Found default gateway ${I}" diff --git a/include/tests_php b/include/tests_php index 23738198..858bc14b 100644 --- a/include/tests_php +++ b/include/tests_php @@ -285,9 +285,9 @@ # Test : PHP-2368 # Description : Check php register_globals option # Notes : Don't test for it if PHP version is 5.4.0 or later (it has been removed) - if [ -n "${PHPINIFILE}" -a -n "${PHPVERSION}" -a -n "${EGREPBINARY}" ]; then + if [ -n "${PHPINIFILE}" -a -n "${PHPVERSION}" -a -n "${GREPBINARY} -E" ]; then if [ -f "${PHPINIFILE}" ]; then - FIND=$(echo ${PHPVERSION} | ${EGREPBINARY} "^(4.|5.[0-3])") + FIND=$(echo ${PHPVERSION} | ${GREPBINARY} -E "^(4.|5.[0-3])") if [ -z "${FIND}" ]; then PREQS_MET="NO"; Debug "Found most likely PHP version 5.4.0 or higher (${PHPVERSION}) which does not use register_globals" else @@ -305,7 +305,7 @@ Register --test-no PHP-2368 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check PHP register_globals option" if [ ${SKIPTEST} -eq 0 ]; then LogText "Test: Checking PHP register_globals option" - FIND=$(${EGREPBINARY} -i 'register_globals.*(on|yes|1)' ${PHPINIFILE} | ${GREPBINARY} -v '^;') + FIND=$(${GREPBINARY} -E -i 'register_globals.*(on|yes|1)' ${PHPINIFILE} | ${GREPBINARY} -v '^;') if [ -n "${FIND}" ]; then Display --indent 4 --text "- Checking register_globals option" --result "${STATUS_WARNING}" --color RED ReportWarning "${TEST_NO}" "PHP option register_globals option is turned on, which can be a risk for variable value overwriting" @@ -338,7 +338,7 @@ ;; esac LogText "Test: Checking file ${FILE}" - FIND=$(${EGREPBINARY} -i 'expose_php.*(on|yes|1)' ${FILE} | ${GREPBINARY} -v '^;') + FIND=$(${GREPBINARY} -E -i 'expose_php.*(on|yes|1)' ${FILE} | ${GREPBINARY} -v '^;') if HasData "${FIND}"; then LogText "Result: found a a possible match on expose_php setting" LogText "Data: ${FIND}" @@ -367,7 +367,7 @@ Register --test-no PHP-2374 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check PHP enable_dl option" if [ ${SKIPTEST} -eq 0 ]; then LogText "Test: Checking PHP enable_dl option" - FIND=$(${EGREPBINARY} -i 'enable_dl.*(on|yes|1)' ${PHPINIFILE} | ${GREPBINARY} -v '^;') + FIND=$(${GREPBINARY} -E -i 'enable_dl.*(on|yes|1)' ${PHPINIFILE} | ${GREPBINARY} -v '^;') if [ -n "${FIND}" ]; then Display --indent 4 --text "- Checking enable_dl option" --result "${STATUS_ON}" --color YELLOW Report "Result: enable_dl option is turned on, which can be used to enable more modules dynamically and circumventing security controls" @@ -389,7 +389,7 @@ Register --test-no PHP-2376 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check PHP allow_url_fopen option" if [ ${SKIPTEST} -eq 0 ]; then LogText "Test: Checking PHP allow_url_fopen option" - FIND=$(${EGREPBINARY} -i 'allow_url_fopen.*(off|no|0)' ${PHPINIFILE} | ${GREPBINARY} -v '^;') + FIND=$(${GREPBINARY} -E -i 'allow_url_fopen.*(off|no|0)' ${PHPINIFILE} | ${GREPBINARY} -v '^;') if [ -z "${FIND}" ]; then Display --indent 4 --text "- Checking allow_url_fopen option" --result "${STATUS_ON}" --color YELLOW LogText "Result: allow_url_fopen option is turned on, which can be used for downloads via PHP and is a security risk" @@ -412,7 +412,7 @@ Register --test-no PHP-2378 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check PHP allow_url_include option" if [ ${SKIPTEST} -eq 0 ]; then LogText "Test: Checking PHP allow_url_include option" - FIND=$(${EGREPBINARY} -i 'allow_url_include.*(off|no|0)' ${PHPINIFILE} | ${GREPBINARY} -v '^;') + FIND=$(${GREPBINARY} -E -i 'allow_url_include.*(off|no|0)' ${PHPINIFILE} | ${GREPBINARY} -v '^;') if [ -z "${FIND}" ]; then Display --indent 4 --text "- Checking allow_url_include option" --result "${STATUS_ON}" --color YELLOW Report "Result: allow_url_include option is turned on, which can be used for downloads via PHP and is a risk" @@ -436,7 +436,7 @@ #if [ ${SKIPTEST} -eq 0 ]; then # FOUND=0 # SIMULATION=0 - # MAJOR_VERSION=$(echo ${PHPVERSION} | ${EGREPBINARY} "^7") + # MAJOR_VERSION=$(echo ${PHPVERSION} | ${GREPBINARY} -E "^7") # if [ "${OS}" = "OpenBSD" ]; then # FOUND=1 # On OpenBSD, Suhosin is hard linked into PHP # SIMULATION=off @@ -519,7 +519,7 @@ ;; esac LogText "Test: Checking file ${FILE}" - FIND=$(${EGREPBINARY} -i "^listen = [0-9]{1,5}$" ${FILE}) + FIND=$(${GREPBINARY} -E -i "^listen = [0-9]{1,5}$" ${FILE}) if HasData "${FIND}"; then LogText "Result: found listen on just a port number" LogText "Data: ${FIND}" diff --git a/include/tests_ports_packages b/include/tests_ports_packages index 9ca1948d..0e938cfe 100644 --- a/include/tests_ports_packages +++ b/include/tests_ports_packages @@ -836,7 +836,7 @@ Register --test-no PKGS-7383 --preqs-met ${PREQS_MET} --os Linux --weight M --network NO --category security --description "Check for YUM package update management" if [ ${SKIPTEST} -eq 0 ]; then LogText "Test: YUM package update management" - FIND=$(${YUMBINARY} repolist 2>/dev/null | ${GREPBINARY} repolist | ${SEDBINARY} 's/[[:blank:]]//g' | ${SEDBINARY} 's/[,.]//g' | ${AWKBINARY} -F ":" '{print $2}' | ${EGREPBINARY} "^[0-9]+$") + FIND=$(${YUMBINARY} repolist 2>/dev/null | ${GREPBINARY} repolist | ${SEDBINARY} 's/[[:blank:]]//g' | ${SEDBINARY} 's/[,.]//g' | ${AWKBINARY} -F ":" '{print $2}' | ${GREPBINARY} -E "^[0-9]+$") if [ -z "${FIND}" -o "${FIND}" = "0" ]; then LogText "Result: YUM package update management failed" Display --indent 2 --text "- YUM package management consistency" --result "${STATUS_WARNING}" --color RED @@ -1030,7 +1030,7 @@ if [ ${OPTION_DEBIAN_SKIP_SECURITY_REPOSITORY} -eq 0 ]; then if [ -f ${ROOTDIR}etc/apt/sources.list ]; then LogText "Searching for security.debian.org/security.ubuntu.com or security repositories in /etc/apt/sources.list file" - FIND=$(${EGREPBINARY} "security.debian.org|security.ubuntu.com|security/? " ${ROOTDIR}etc/apt/sources.list | ${GREPBINARY} -v '#' | ${SEDBINARY} 's/ /!space!/g') + FIND=$(${GREPBINARY} -E "security.debian.org|security.ubuntu.com|security/? " ${ROOTDIR}etc/apt/sources.list | ${GREPBINARY} -v '#' | ${SEDBINARY} 's/ /!space!/g') if [ -n "${FIND}" ]; then FOUND=1 Display --indent 2 --text "- Checking security repository in sources.list file" --result "${STATUS_OK}" --color GREEN @@ -1043,7 +1043,7 @@ fi if [ -d /etc/apt/sources.list.d ]; then LogText "Searching for security.debian.org/security.ubuntu.com or security repositories in /etc/apt/sources.list.d directory" - FIND=$(${EGREPBINARY} -r "security.debian.org|security.ubuntu.com|security/? " /etc/apt/sources.list.d | ${GREPBINARY} -v '#' | ${SEDBINARY} 's/ /!space!/g') + FIND=$(${GREPBINARY} -E -r "security.debian.org|security.ubuntu.com|security/? " /etc/apt/sources.list.d | ${GREPBINARY} -v '#' | ${SEDBINARY} 's/ /!space!/g') if [ -n "${FIND}" ]; then FOUND=1 Display --indent 2 --text "- Checking security repository in sources.list.d directory" --result "${STATUS_OK}" --color GREEN @@ -1338,7 +1338,7 @@ if [ "${DPKGBINARY}" ]; then TESTED=1 KERNEL_PKG_NAMES="linux-image-[0-9]|raspberrypi-kernel|pve-kernel-[0-9]" - KERNELS=$(${DPKGBINARY} -l 2> /dev/null | ${EGREPBINARY} "${KERNEL_PKG_NAMES}" | ${WCBINARY} -l) + KERNELS=$(${DPKGBINARY} -l 2> /dev/null | ${GREPBINARY} -E "${KERNEL_PKG_NAMES}" | ${WCBINARY} -l) if [ ${KERNELS} -eq 0 ]; then LogText "Result: found no kernels from dpkg -l output, which is unexpected" elif [ ${KERNELS} -gt 5 ]; then diff --git a/include/tests_printers_spoolers b/include/tests_printers_spoolers index 851b0edd..d9318c3b 100644 --- a/include/tests_printers_spoolers +++ b/include/tests_printers_spoolers @@ -144,14 +144,14 @@ LogText "Test: Checking CUPS daemon listening network addresses" # Search for Port statement - FIND=$(${EGREPBINARY} "^Port 631" ${CUPSD_CONFIG_FILE}) + FIND=$(${GREPBINARY} -E "^Port 631" ${CUPSD_CONFIG_FILE}) if [ -n "${FIND}" ]; then LogText "Result: found CUPS listening on port 631 (most likely all interfaces)" PORT_FOUND=1 fi # Checking network addresses - FIND=$(${EGREPBINARY} "^(SSL)?Listen" ${CUPSD_CONFIG_FILE} | ${GREPBINARY} -v "/" | ${AWKBINARY} '{ print $2 }') + FIND=$(${GREPBINARY} -E "^(SSL)?Listen" ${CUPSD_CONFIG_FILE} | ${GREPBINARY} -v "/" | ${AWKBINARY} '{ print $2 }') COUNT=0 for ITEM in ${FIND}; do LogText "Result: found network address: ${ITEM}" @@ -222,7 +222,7 @@ QDAEMON_CONFIG_FILE="${ROOTDIR}etc/qconfig" FileIsReadable ${QDAEMON_CONFIG_FILE} if [ ${CANREAD} -eq 1 ]; then - FIND=$(${GREPBINARY} -v "^\*" ${QDAEMON_CONFIG_FILE} | ${EGREPBINARY} "backend|device") + FIND=$(${GREPBINARY} -v "^\*" ${QDAEMON_CONFIG_FILE} | ${GREPBINARY} -E "backend|device") if [ -n "${FIND}" ]; then LogText "Result: printers are defined in ${QDAEMON_CONFIG_FILE}" Display --indent 2 --text "- Checking /etc/qconfig file" --result "${STATUS_FOUND}" --color GREEN diff --git a/include/tests_scheduling b/include/tests_scheduling index 3aa004c6..10fa0766 100644 --- a/include/tests_scheduling +++ b/include/tests_scheduling @@ -35,7 +35,7 @@ # Description : Check cron daemon Register --test-no SCHD-7702 --weight L --network NO --category security --description "Check status of cron daemon" if [ ${SKIPTEST} -eq 0 ]; then - FIND=$(${PSBINARY} aux | ${EGREPBINARY} "( cron$|/cron(d)? )") + FIND=$(${PSBINARY} aux | ${GREPBINARY} -E "( cron$|/cron(d)? )") if IsEmpty "${FIND}"; then LogText "Result: no cron daemon found" else @@ -55,12 +55,12 @@ BAD_FILE_PERMISSIONS=0 BAD_FILE_OWNERSHIP=0 FindCronJob() { - sCRONJOBS=$(${EGREPBINARY} '^([0-9*])' $1 | ${TRBINARY} '\t' ' ' | ${TRBINARY} -s ' ' | ${TRBINARY} ' ' ',' | ${SORTBINARY}) + sCRONJOBS=$(${GREPBINARY} -E '^([0-9*])' $1 | ${TRBINARY} '\t' ' ' | ${TRBINARY} -s ' ' | ${TRBINARY} ' ' ',' | ${SORTBINARY}) } CRONTAB_FILE="${ROOTDIR}etc/crontab" if [ -f ${CRONTAB_FILE} ]; then - ${EGREPBINARY} -q -s 'lynis audit system' ${CRONTAB_FILE} && LYNIS_CRONJOB="file:/etc/crontab" + ${GREPBINARY} -E -q -s 'lynis audit system' ${CRONTAB_FILE} && LYNIS_CRONJOB="file:/etc/crontab" if IsWorldWritable ${CRONTAB_FILE}; then LogText "Result: insecure file permissions for cronjob file ${CRONTAB_FILE}"; Report "insecure_fileperms_cronjob[]=${CRONTAB_FILE}"; BAD_FILE_PERMISSIONS=1; AddHP 0 5; fi if ! IsOwnedByRoot ${CRONTAB_FILE}; then LogText "Result: incorrect owner found for cronjob file ${CRONTAB_FILE}"; Report "bad_fileowner_cronjob[]=${CRONTAB_FILE}"; BAD_FILE_OWNERSHIP=1; AddHP 0 5; fi FindCronJob ${CRONTAB_FILE} @@ -86,7 +86,7 @@ if IsWorldWritable ${FILE}; then LogText "Result: insecure file permissions for cronjob file ${J}"; Report "insecure_fileperms_cronjob[]=${J}"; BAD_FILE_PERMISSIONS=1; AddHP 0 5; fi if ! IsOwnedByRoot ${FILE}; then LogText "Result: incorrect owner found for cronjob file ${J}"; Report "bad_fileowner_cronjob[]=${J}"; BAD_FILE_OWNERSHIP=1; AddHP 0 5; fi FILENAME=$(echo ${FILE} | ${AWKBINARY} -F/ '{print $NF}') - if [ "${FILENAME}" = "lynis" ]; then ${EGREPBINARY} -q -s 'lynis audit system' ${CRONTAB_FILE} && LYNIS_CRONJOB="file:${FILE}"; fi + if [ "${FILENAME}" = "lynis" ]; then ${GREPBINARY} -E -q -s 'lynis audit system' ${CRONTAB_FILE} && LYNIS_CRONJOB="file:${FILE}"; fi FindCronJob ${FILE} if HasData "${sCRONJOBS}"; then for K in ${sCRONJOBS}; do @@ -121,7 +121,7 @@ if IsWorldWritable ${FILE}; then LogText "Result: insecure file permissions for cronjob file ${FILE}"; Report "insecure_fileperms_cronjob[]=${FILE}"; BAD_FILE_PERMISSIONS=1; AddHP 0 5; fi if ! IsOwnedByRoot ${FILE}; then LogText "Result: incorrect owner found for cronjob file ${FILE}"; Report "bad_fileowner_cronjob[]=${FILE}"; BAD_FILE_OWNERSHIP=1; AddHP 0 5; fi FILENAME=$(echo ${FILE} | ${AWKBINARY} -F/ '{print $NF}') - if [ "${FILENAME}" = "lynis" ]; then ${EGREPBINARY} -q -s 'lynis audit system' ${CRONTAB_FILE} && LYNIS_CRONJOB="file:${FILE}"; fi + if [ "${FILENAME}" = "lynis" ]; then ${GREPBINARY} -E -q -s 'lynis audit system' ${CRONTAB_FILE} && LYNIS_CRONJOB="file:${FILE}"; fi LogText "Result: Found cronjob (${I}): ${FILE}" Report "cronjob[]=${FILE}" done @@ -141,7 +141,7 @@ FIND=$(${FINDBINARY} /var/spool/cron/crontabs -xdev -type f -print 2> /dev/null) for I in ${FIND}; do if FileIsReadable ${I}; then - ${EGREPBINARY} -q -s 'lynis audit system' ${I} && LYNIS_CRONJOB="file:${I}" + ${GREPBINARY} -E -q -s 'lynis audit system' ${I} && LYNIS_CRONJOB="file:${I}" FindCronJob ${I} for FILE in ${sCRONJOBS}; do LogText "Found cronjob (/var/spool/cron/crontabs): ${I} (${FILE})" @@ -154,7 +154,7 @@ FIND=$(find ${ROOTDIR}var/spool/cron -type f -print) for I in ${FIND}; do if FileIsReadable ${I}; then - ${EGREPBINARY} -q -s 'lynis audit system' ${I} && LYNIS_CRONJOB="file:${I}" + ${GREPBINARY} -E -q -s 'lynis audit system' ${I} && LYNIS_CRONJOB="file:${I}" FindCronJob ${I} for FILE in ${sCRONJOBS}; do LogText "Found cronjob in ${ROOTDIR}var/spool/cron: ${I} (${FILE})" @@ -169,7 +169,7 @@ if [ "${OS}" = "Linux" ]; then if [ -f /etc/anacrontab ]; then LogText "Test: checking anacrontab" - sANACRONJOBS=$(${EGREPBINARY} '^([0-9@])' /etc/anacrontab | ${TRBINARY} '\t' ' ' | ${TRBINARY} -s ' ' | ${TRBINARY} ' ' ',' | ${SORTBINARY}) + sANACRONJOBS=$(${GREPBINARY} -E '^([0-9@])' /etc/anacrontab | ${TRBINARY} '\t' ' ' | ${TRBINARY} -s ' ' | ${TRBINARY} ' ' ',' | ${SORTBINARY}) if [ -n "${sANACRONJOBS}" ]; then Report "scheduler[]=anacron" for I in ${sANACRONJOBS}; do diff --git a/include/tests_shells b/include/tests_shells index 8ecbde2c..b046b608 100644 --- a/include/tests_shells +++ b/include/tests_shells @@ -52,7 +52,7 @@ Register --test-no SHLL-6202 --os FreeBSD --weight L --network NO --category security --description "Check console TTYs" if [ ${SKIPTEST} -eq 0 ]; then LogText "Test: Checking console TTYs" - FIND=$(${EGREPBINARY} '^console' ${ROOTDIR}etc/ttys | ${GREPBINARY} -v 'insecure') + FIND=$(${GREPBINARY} -E '^console' ${ROOTDIR}etc/ttys | ${GREPBINARY} -v 'insecure') if [ -z "${FIND}" ]; then Display --indent 2 --text "- Checking console TTYs" --result "${STATUS_OK}" --color GREEN LogText "Result: console is secured against single user mode without password." diff --git a/include/tests_squid b/include/tests_squid index c486108c..1eb43955 100644 --- a/include/tests_squid +++ b/include/tests_squid @@ -42,7 +42,7 @@ LogText "Test: Searching for a Squid daemon" FOUND=0 # Check running processes - FIND=$(${PSBINARY} ax | ${EGREPBINARY} "(squid|squid3) " | ${GREPBINARY} -v "grep") + FIND=$(${PSBINARY} ax | ${GREPBINARY} -E "(squid|squid3) " | ${GREPBINARY} -v "grep") if [ -n "${FIND}" ]; then SQUID_DAEMON_RUNNING=1 LogText "Result: Squid daemon is running" diff --git a/include/tests_ssh b/include/tests_ssh index fb784d83..6ab6f193 100644 --- a/include/tests_ssh +++ b/include/tests_ssh @@ -299,7 +299,7 @@ if [ ${SKIPTEST} -eq 0 ]; then FOUND=0 # AllowUsers - FIND=$(${EGREPBINARY} -i "^AllowUsers" ${SSH_DAEMON_OPTIONS_FILE} | ${AWKBINARY} '{ print $2 }') + FIND=$(${GREPBINARY} -E -i "^AllowUsers" ${SSH_DAEMON_OPTIONS_FILE} | ${AWKBINARY} '{ print $2 }') if [ -n "${FIND}" ]; then LogText "Result: AllowUsers set, with value ${FIND}" Display --indent 4 --text "- OpenSSH option: AllowUsers" --result "${STATUS_FOUND}" --color GREEN @@ -310,7 +310,7 @@ fi # AllowGroups - FIND=$(${EGREPBINARY} -i "^AllowGroups" ${SSH_DAEMON_OPTIONS_FILE} | ${AWKBINARY} '{ print $2 }') + FIND=$(${GREPBINARY} -E -i "^AllowGroups" ${SSH_DAEMON_OPTIONS_FILE} | ${AWKBINARY} '{ print $2 }') if [ -n "${FIND}" ]; then LogText "Result: AllowUsers set ${FIND}" Display --indent 4 --text "- OpenSSH option: AllowGroups" --result "${STATUS_FOUND}" --color GREEN diff --git a/include/tests_storage b/include/tests_storage index ac60502c..29785e6c 100644 --- a/include/tests_storage +++ b/include/tests_storage @@ -38,8 +38,8 @@ if [ -d "${ROOTDIR}etc/modprobe.d" ]; then FIND=$(${LSBINARY} ${ROOTDIR}etc/modprobe.d/* 2> /dev/null) if [ -n "${FIND}" ]; then - FIND1=$(${EGREPBINARY} "blacklist (ohci1394|firewire[-_]ohci|firewire-core)" ${ROOTDIR}etc/modprobe.d/* | ${GREPBINARY} -v "#") - FIND2=$(${EGREPBINARY} "install (ohci1394|firewire[-_]ohci|firewire-core) /bin/(false|true)" ${ROOTDIR}etc/modprobe.d/* | ${GREPBINARY} -v "#") + FIND1=$(${GREPBINARY} -E "blacklist (ohci1394|firewire[-_]ohci|firewire-core)" ${ROOTDIR}etc/modprobe.d/* | ${GREPBINARY} -v "#") + FIND2=$(${GREPBINARY} -E "install (ohci1394|firewire[-_]ohci|firewire-core) /bin/(false|true)" ${ROOTDIR}etc/modprobe.d/* | ${GREPBINARY} -v "#") if [ -n "${FIND1}" ] || [ -n "${FIND2}" ]; then FOUND=1 LogText "Result: found firewire ohci driver in disabled state" @@ -49,8 +49,8 @@ fi fi if [ -f "${ROOTDIR}etc/modprobe.conf" ]; then - FIND1=$(${EGREPBINARY} -r "blacklist (ohci1394|firewire[-_]ohci|firewire-core)" "${ROOTDIR}etc/modprobe.conf" | ${GREPBINARY} -v "#") - FIND2=$(${EGREPBINARY} -r "install (ohci1394|firewire[-_]ohci|firewire-core) /bin/(false|true)" "${ROOTDIR}etc/modprobe.conf" | ${GREPBINARY} -v "#") + FIND1=$(${GREPBINARY} -E -r "blacklist (ohci1394|firewire[-_]ohci|firewire-core)" "${ROOTDIR}etc/modprobe.conf" | ${GREPBINARY} -v "#") + FIND2=$(${GREPBINARY} -E -r "install (ohci1394|firewire[-_]ohci|firewire-core) /bin/(false|true)" "${ROOTDIR}etc/modprobe.conf" | ${GREPBINARY} -v "#") if [ -n "${FIND1}" ] || [ -n "${FIND2}" ]; then FOUND=1 LogText "Result: found firewire ohci driver in disabled state" diff --git a/include/tests_time b/include/tests_time index df9a86b7..7ff6755e 100644 --- a/include/tests_time +++ b/include/tests_time @@ -139,7 +139,7 @@ for I in ${CRONTAB_FILES}; do if [ -f ${I} ]; then LogText "Test: checking for ntpdate, rdate, sntp or ntpdig in crontab file ${I}" - FIND=$(${EGREPBINARY} "${CRONTAB_REGEX}" ${I} | ${GREPBINARY} -v '^#') + FIND=$(${GREPBINARY} -E "${CRONTAB_REGEX}" ${I} | ${GREPBINARY} -v '^#') if [ -n "${FIND}" ]; then FOUND=1; NTP_CONFIG_TYPE_SCHEDULED=1 Display --indent 2 --text "- Checking NTP client in crontab file (${I})" --result "${STATUS_FOUND}" --color GREEN @@ -161,10 +161,10 @@ for I in ${CRON_DIRS}; do for J in "${I}"/*; do # iterate over folders in a safe way # Check: regular file, readable and not called .placeholder - FIND=$(echo "${J}" | ${EGREPBINARY} '/.placeholder$') + FIND=$(echo "${J}" | ${GREPBINARY} -E '/.placeholder$') if [ -f "${J}" ] && [ -r "${J}" ] && [ -z "${FIND}" ]; then LogText "Test: checking for ntpdate, rdate, sntp or ntpdig in ${J}" - FIND=$("${EGREPBINARY}" "${CRONTAB_REGEX}" "${J}" | "${GREPBINARY}" -v "^#") + FIND=$("${GREPBINARY} -E" "${CRONTAB_REGEX}" "${J}" | "${GREPBINARY}" -v "^#") if [ -n "${FIND}" ]; then FOUND=1; FOUND_IN_CRON=1; NTP_CONFIG_TYPE_SCHEDULED=1 LogText "Result: found ntpdate, rdate, sntp or ntpdig in ${J}" @@ -232,7 +232,7 @@ Register --test-no TIME-3106 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check systemd NTP time synchronization status" if [ ${SKIPTEST} -eq 0 ]; then LogText "Test: Check the status of time synchronization via timedatectl" - FIND=$(${TIMEDATECTL} status | ${EGREPBINARY} "(NTP|System clock) synchronized: yes") + FIND=$(${TIMEDATECTL} status | ${GREPBINARY} -E "(NTP|System clock) synchronized: yes") if [ -z "${FIND}" ]; then LogText "Result: time not synchronized via NTP" ReportSuggestion "${TEST_NO}" "Check timedatectl output. Synchronization via NTP is enabled, but status reflects it is not synchronized" @@ -273,7 +273,7 @@ else for ITEM in ${FIND}; do LogText "Found stratum 16 peer: ${ITEM}" - FIND2=$(${EGREPBINARY} "^ntp-ignore-stratum-16-peer=${ITEM}" ${PROFILE}) + FIND2=$(${GREPBINARY} -E "^ntp-ignore-stratum-16-peer=${ITEM}" ${PROFILE}) if IsEmpty "${FIND2}"; then COUNT=$((COUNT + 1)) Report "ntp_stratum_16_peer[]=${ITEM}" @@ -303,7 +303,7 @@ Register --test-no TIME-3120 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check unreliable NTP peers" if [ ${SKIPTEST} -eq 0 ]; then LogText "Test: Checking unreliable ntp peers" - FIND=$(${NTPQBINARY} -p -n | ${EGREPBINARY} "^(-|#)" | ${AWKBINARY} '{ print $1 }' | ${SEDBINARY} 's/^-//g') + FIND=$(${NTPQBINARY} -p -n | ${GREPBINARY} -E "^(-|#)" | ${AWKBINARY} '{ print $1 }' | ${SEDBINARY} 's/^-//g') if [ -z "${FIND}" ]; then Display --indent 2 --text "- Checking unreliable ntp peers" --result "${STATUS_NONE}" --color GREEN LogText "Result: No unreliable peers found" @@ -371,7 +371,7 @@ Register --test-no TIME-3132 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check NTP falsetickers" if [ ${SKIPTEST} -eq 0 ]; then LogText "Test: Checking preferred time source" - FIND=$(${NTPQBINARY} -p -n | ${EGREPBINARY} '^x') + FIND=$(${NTPQBINARY} -p -n | ${GREPBINARY} -E '^x') if [ -z "${FIND}" ]; then Display --indent 2 --text "- Checking falsetickers" --result "${STATUS_OK}" --color GREEN LogText "Result: No falsetickers found (items preceding with an 'x')" @@ -455,7 +455,7 @@ else LogText "Result: ${FILE} is not empty, which is fine" Display --indent 2 --text "- Checking NTP step-tickers file" --result "${STATUS_OK}" --color GREEN - sFIND=$(${AWKBINARY} '/^[a-z0-9]/ { print $1 }' ${FILE} | ${EGREPBINARY} -v "^127." | ${EGREPBINARY} -v "^::1") + sFIND=$(${AWKBINARY} '/^[a-z0-9]/ { print $1 }' ${FILE} | ${GREPBINARY} -E -v "^127." | ${GREPBINARY} -E -v "^::1") for I in ${sFIND}; do FIND=$(${GREPBINARY} ^${I} ${FILE} | wc -l) if [ ${FIND} -gt 0 ]; then @@ -553,7 +553,7 @@ Register --test-no TIME-3182 --preqs-met "${PREQS_MET}" --weight L --network NO --category security --description "Check OpenNTPD has working peers" if [ ${SKIPTEST} -eq 0 ]; then # Format is "xx/yy peers valid, ..." - FIND=$(${NTPCTLBINARY} -s status | ${EGREPBINARY} -o '[0-9]+/[0-9]+' | ${CUTBINARY} -d '/' -f 1) + FIND=$(${NTPCTLBINARY} -s status | ${GREPBINARY} -E -o '[0-9]+/[0-9]+' | ${CUTBINARY} -d '/' -f 1) if [ -z "${FIND}" ] || [ "${FIND}" -eq 0 ]; then ReportWarning "${TEST_NO}" "OpenNTPD has no peers" "${NTPCTLBINARY} -s status" fi diff --git a/include/tests_tooling b/include/tests_tooling index 083f5045..30c506c0 100644 --- a/include/tests_tooling +++ b/include/tests_tooling @@ -259,8 +259,8 @@ # # Check email alert configuration # LogText "Test: checking for email actions within ${FAIL2BAN_CONFIG}" # - # FIND=$(${EGREPBINARY} "^action = \%\(action_m.*\)s" ${FAIL2BAN_CONFIG}) - # FIND2=$(${EGREPBINARY} "^action = \%\(action_\)s" ${FAIL2BAN_CONFIG}) + # FIND=$(${GREPBINARY} -E "^action = \%\(action_m.*\)s" ${FAIL2BAN_CONFIG}) + # FIND2=$(${GREPBINARY} -E "^action = \%\(action_\)s" ${FAIL2BAN_CONFIG}) # # if [ -n "${FIND}" ]; then # FAIL2BAN_EMAIL=1 diff --git a/include/tests_usb b/include/tests_usb index d99d5a66..81c184df 100644 --- a/include/tests_usb +++ b/include/tests_usb @@ -54,8 +54,8 @@ if [ -d /etc/modprobe.d ]; then FIND=$(${LSBINARY} ${ROOTDIR}etc/modprobe.d/* 2> /dev/null) if [ -n "${FIND}" ]; then - FIND=$(${EGREPBINARY} -r "install usb[-_]storage /bin/(false|true)" ${ROOTDIR}etc/modprobe.d/* | ${GREPBINARY} -v "#") - FIND2=$(${EGREPBINARY} -r "^blacklist usb[-_]storage" ${ROOTDIR}etc/modprobe.d/*) + FIND=$(${GREPBINARY} -E -r "install usb[-_]storage /bin/(false|true)" ${ROOTDIR}etc/modprobe.d/* | ${GREPBINARY} -v "#") + FIND2=$(${GREPBINARY} -E -r "^blacklist usb[-_]storage" ${ROOTDIR}etc/modprobe.d/*) if [ -n "${FIND}" -o -n "${FIND2}" ]; then FOUND=1 LogText "Result: found usb-storage driver in disabled state (blacklisted)" @@ -65,7 +65,7 @@ fi fi if [ -f ${ROOTDIR}etc/modprobe.conf ]; then - FIND=$(${EGREPBINARY} "install usb[-_]storage /bin/(false|true)" ${ROOTDIR}etc/modprobe.conf | ${GREPBINARY} "usb-storage" | ${GREPBINARY} -v "#") + FIND=$(${GREPBINARY} -E "install usb[-_]storage /bin/(false|true)" ${ROOTDIR}etc/modprobe.conf | ${GREPBINARY} "usb-storage" | ${GREPBINARY} -v "#") if [ -n "${FIND}" ]; then FOUND=1 LogText "Result: found usb-storage driver in disabled state" @@ -316,11 +316,11 @@ Display --indent 4 --text "- RuleFile" --result "${STATUS_FOUND}" --color GREEN AddHP 1 1 - USBGUARD_RULES_ALLOW=$(${EGREPBINARY} -c "^allow" ${USBGUARD_RULES}) + USBGUARD_RULES_ALLOW=$(${GREPBINARY} -E -c "^allow" ${USBGUARD_RULES}) Display --indent 6 --text "- Controllers & Devices allow" --result "${USBGUARD_RULES_ALLOW}" --color WHITE - USBGUARD_RULES_BLOCK=$(${EGREPBINARY} -c "^block" ${USBGUARD_RULES}) + USBGUARD_RULES_BLOCK=$(${GREPBINARY} -E -c "^block" ${USBGUARD_RULES}) Display --indent 6 --text "- Controllers & Devices block" --result "${USBGUARD_RULES_BLOCK}" --color WHITE - USBGUARD_RULES_REJECT=$(${EGREPBINARY} -c "^reject" ${USBGUARD_RULES}) + USBGUARD_RULES_REJECT=$(${GREPBINARY} -E -c "^reject" ${USBGUARD_RULES}) Display --indent 6 --text "- Controllers & Devices reject" --result "${USBGUARD_RULES_REJECT}" --color WHITE else LogText "Result: RuleFile not found (\"man usbguard\" for instructions to install initial policies)" diff --git a/include/tests_webservers b/include/tests_webservers index e0ca5737..1dbde636 100644 --- a/include/tests_webservers +++ b/include/tests_webservers @@ -63,7 +63,7 @@ Display --indent 2 --text "- Checking Apache" --result "${STATUS_NOT_FOUND}" --color WHITE else LogText "Test: Scanning for Apache binary" - IS_APACHE=$(${HTTPDBINARY} -v 2> /dev/null | ${EGREPBINARY} '[aA]pache') + IS_APACHE=$(${HTTPDBINARY} -v 2> /dev/null | ${GREPBINARY} -E '[aA]pache') if IsEmpty "${IS_APACHE}"; then LogText "Result: ${HTTPDBINARY} is not Apache" Display --indent 2 --text "- Checking Apache (binary ${HTTPDBINARY})" --result "NO MATCH" --color WHITE @@ -203,7 +203,7 @@ #if [ ${SKIPTEST} -eq 0 ]; then # # Testing Debian style # LogText "Test: searching loaded/enabled Apache modules" - # apachectl -t -D DUMP_MODULES 2>&1 | ${EGREPBINARY} -v "(Loaded Modules|Syntax OK)" | ${SEDBINARY} 's/(\(shared\|static\))//' | ${SEDBINARY} 's/ //' + # apachectl -t -D DUMP_MODULES 2>&1 | ${GREPBINARY} -E -v "(Loaded Modules|Syntax OK)" | ${SEDBINARY} 's/(\(shared\|static\))//' | ${SEDBINARY} 's/ //' # for I in ${APACHE_MODULES_ENABLED_LOCS}; do # LogText "Test: checking ${I}" # if [ -d ${I} ]; then @@ -381,7 +381,7 @@ done # Sort all discovered configuration lines and store unique ones. Also strip out the mime types configured in nginx - SORTFILE=$(${SORTBINARY} -u ${TMPFILE} | ${SEDBINARY} 's/ /:space:/g' | ${EGREPBINARY} -v "(application|audio|image|text|video)/" | ${EGREPBINARY} -v "({|})") + SORTFILE=$(${SORTBINARY} -u ${TMPFILE} | ${SEDBINARY} 's/ /:space:/g' | ${GREPBINARY} -E -v "(application|audio|image|text|video)/" | ${GREPBINARY} -E -v "({|})") for I in ${SORTFILE}; do I=$(echo ${I} | ${SEDBINARY} 's/:space:/ /g') Report "nginx_config_option[]=${I}"; From 09c03ce222c03996b652142bb89cc541b28a3243 Mon Sep 17 00:00:00 2001 From: xnoguer Date: Sun, 23 Apr 2023 17:40:16 -0400 Subject: [PATCH 16/68] Using grep -E --- lynis | 28 ++++++++++++++++++++-------- 1 file changed, 20 insertions(+), 8 deletions(-) diff --git a/lynis b/lynis index 3f6d3b84..5aa219b7 100755 --- a/lynis +++ b/lynis @@ -148,13 +148,25 @@ # Perform a basic check for permissions. After including functions, using SafePerms() IGNORE_FILE_PERMISSION_ISSUES=0 - FILES_TO_CHECK="consts functions" + FILES_TO_CHECK="consts functions parameters binaries osdetection data_upload" ISSUE=0 ISSUE_TYPE="" SHOWPERMERROR=0 for FILE in ${FILES_TO_CHECK}; do + SUGGESTED_PERMS=640 + if [ ${PRIVILEGED} -eq 0 ]; then + SUGGESTED_PERMS=644 + fi + + # First check if files are readable so the shell can execute them + if [ ! -r ${INCLUDEDIR}/${FILE} ]; then + ISSUE=1 + ISSUE_TYPE="perms" + echo "[!] Change file permissions of ${INCLUDEDIR}/${FILE} to ${SUGGESTED_PERMS}."; echo " Command: chmod ${SUGGESTED_PERMS} ${INCLUDEDIR}/${FILE}" + fi + PERMS=$(ls -l ${INCLUDEDIR}/${FILE} | cut -c 2-10) GROUPPERMS=$(ls -l ${INCLUDEDIR}/${FILE} | cut -c 5-7) GROUPOWNERID=$(ls -n ${INCLUDEDIR}/${FILE} | awk '{ print $4 }') @@ -163,11 +175,11 @@ # Check permissions of include/X file (400, 600, 640, 644) if [ "${PERMS}" = "rwxrwxrwx" ]; then - ISSUE=1; ISSUE_TYPE="perms"; echo "[!] Change file permissions of ${INCLUDEDIR}/${FILE} to 640."; echo " Command: chmod 640 ${INCLUDEDIR}/${FILE}" + ISSUE=1; ISSUE_TYPE="perms"; echo "[!] Change file permissions of ${INCLUDEDIR}/${FILE} to ${SUGGESTED_PERMS}."; echo " Command: chmod ${SUGGESTED_PERMS} ${INCLUDEDIR}/${FILE}" elif [ ! "${PERMS}" = "r--------" -a ! "${PERMS}" = "rw-------" -a ! "${PERMS}" = "rw-r-----" -a ! "${PERMS}" = "rw-r--r--" ]; then # If group ID equals user ID, we consider permissions to be fine (probably default umask) if [ ! "${GROUPOWNERID}" = "${OWNERID}" ]; then - ISSUE=1; ISSUE_TYPE="perms"; echo "[!] Change file permissions of ${INCLUDEDIR}/${FILE} to 640."; echo " Command: chmod 640 ${INCLUDEDIR}/${FILE}" + ISSUE=1; ISSUE_TYPE="perms"; echo "[!] Change file permissions of ${INCLUDEDIR}/${FILE} to ${SUGGESTED_PERMS}."; echo " Command: chmod ${SUGGESTED_PERMS} ${INCLUDEDIR}/${FILE}" fi fi @@ -193,7 +205,7 @@ if [ ${ISSUE} -eq 1 ]; then printf "\n[X] Security check failed\n\n Why do I see this error?\n -------------------------------\n This is a protection mechanism to prevent the root user from executing user created files. The files may be altered, or including malicious pieces of script.\n\n What can I do?\n ---------------------\n Option 1) Check if a trusted user created the files (e.g. due to using Git, Homebrew or similar).\n If you trust these files, you can decide to continue this run by pressing ENTER.\n" if [ "${ISSUE_TYPE}" = "perms" ]; then - printf "\n Option 2) Change permissions of the related files.\n\n Commands (full directory):\n # chmod 640 include/*\n # ./lynis audit system" + printf "\n Option 2) Change permissions of the related files.\n\n Commands (full directory):\n # chmod ${SUGGESTED_PERMS} include/*\n # ./lynis audit system" elif [ "${ISSUE_TYPE}" = "owner" ]; then printf "\n Option 2) Change ownership of the related files (or full directory).\n\n Commands (full directory):\n # cd ..\n # chown -R 0:0 lynis\n # cd lynis\n # ./lynis audit system" fi @@ -217,10 +229,10 @@ # Extract the short notation of the language (first two characters). if [ -x "$(command -v locale 2> /dev/null)" ]; then - LANGUAGE=$(locale | egrep "^LANG=" | cut -d= -f2 | cut -d_ -f1 | tr -d '"' | egrep "^[a-z]{2}$") + LANGUAGE=$(locale | grep -E "^LANG=" | cut -d= -f2 | cut -d_ -f1 | tr -d '"' | grep -E "^[a-z]{2}$") # Try locale command if shell variable had no value if [ -z "${DISPLAY_LANG}" ]; then - DISPLAY_LANG=$(locale | egrep "^LANG=" | cut -d= -f2) + DISPLAY_LANG=$(locale | grep -E "^LANG=" | cut -d= -f2) fi else LANGUAGE="en" @@ -1036,7 +1048,7 @@ ${NORMAL} if SafeFile ${INCLUDE_FILE}; then . ${INCLUDE_FILE} else - LogText "Exception: skipping test category ${INCLUDE_TEST}, file ${INCLUDE_FILE} has bad permissions (should be 640, 600 or 400)" + LogText "Exception: skipping test category ${INCLUDE_TEST}, file ${INCLUDE_FILE} has bad permissions (should be 644, 640, 600 or 400)" ReportWarning "NONE" "Invalid permissions on tests file tests_${INCLUDE_TEST}" # Insert a section and warn user also on screen InsertSection "${SECTION_GENERAL}" @@ -1063,7 +1075,7 @@ ${NORMAL} LogText "Result: file permissions fine, running custom tests" . ${INCLUDEDIR}/tests_custom else - LogText "Exception: skipping custom tests, file has bad permissions (should be 640, 600 or 400)" + LogText "Exception: skipping custom tests, file has bad permissions (should be 644, 640, 600 or 400)" ReportWarning "NONE" "Invalid permissions on custom tests file" Display --indent 2 --text "- Running custom tests... " --result "${STATUS_WARNING}" --color RED fi From c7b73837db1f68820befd06a63f2ab855a00d5f9 Mon Sep 17 00:00:00 2001 From: xnoguer Date: Sun, 23 Apr 2023 17:44:44 -0400 Subject: [PATCH 17/68] Removing changes from another branch --- include/functions | 5 ----- 1 file changed, 5 deletions(-) diff --git a/include/functions b/include/functions index 841586be..9c52044b 100644 --- a/include/functions +++ b/include/functions @@ -3103,11 +3103,6 @@ unsafe=1 LogText "Security alert: file is not owned by active user, but can write to it" fi - # File is not owned by active user, and not readable by him - if [ ! -O "${FILE}" -a ! -r "${FILE}" ]; then - unsafe=1 - LogText "Security alert: file is not readable by active user" - fi fi # Check file permissions From ea9c6dbcc8c6db00160db7691e7407ed83fab361 Mon Sep 17 00:00:00 2001 From: xnoguer Date: Sun, 23 Apr 2023 17:51:58 -0400 Subject: [PATCH 18/68] Removing --- lynis | 22 +++++----------------- 1 file changed, 5 insertions(+), 17 deletions(-) diff --git a/lynis b/lynis index 5aa219b7..1f401b97 100755 --- a/lynis +++ b/lynis @@ -148,25 +148,13 @@ # Perform a basic check for permissions. After including functions, using SafePerms() IGNORE_FILE_PERMISSION_ISSUES=0 - FILES_TO_CHECK="consts functions parameters binaries osdetection data_upload" + FILES_TO_CHECK="consts functions" ISSUE=0 ISSUE_TYPE="" SHOWPERMERROR=0 for FILE in ${FILES_TO_CHECK}; do - SUGGESTED_PERMS=640 - if [ ${PRIVILEGED} -eq 0 ]; then - SUGGESTED_PERMS=644 - fi - - # First check if files are readable so the shell can execute them - if [ ! -r ${INCLUDEDIR}/${FILE} ]; then - ISSUE=1 - ISSUE_TYPE="perms" - echo "[!] Change file permissions of ${INCLUDEDIR}/${FILE} to ${SUGGESTED_PERMS}."; echo " Command: chmod ${SUGGESTED_PERMS} ${INCLUDEDIR}/${FILE}" - fi - PERMS=$(ls -l ${INCLUDEDIR}/${FILE} | cut -c 2-10) GROUPPERMS=$(ls -l ${INCLUDEDIR}/${FILE} | cut -c 5-7) GROUPOWNERID=$(ls -n ${INCLUDEDIR}/${FILE} | awk '{ print $4 }') @@ -229,10 +217,10 @@ # Extract the short notation of the language (first two characters). if [ -x "$(command -v locale 2> /dev/null)" ]; then - LANGUAGE=$(locale | grep -E "^LANG=" | cut -d= -f2 | cut -d_ -f1 | tr -d '"' | grep -E "^[a-z]{2}$") + LANGUAGE=$(locale | egrep "^LANG=" | cut -d= -f2 | cut -d_ -f1 | tr -d '"' | grep -E "^[a-z]{2}$") # Try locale command if shell variable had no value if [ -z "${DISPLAY_LANG}" ]; then - DISPLAY_LANG=$(locale | grep -E "^LANG=" | cut -d= -f2) + DISPLAY_LANG=$(locale | egrep "^LANG=" | cut -d= -f2) fi else LANGUAGE="en" @@ -1048,7 +1036,7 @@ ${NORMAL} if SafeFile ${INCLUDE_FILE}; then . ${INCLUDE_FILE} else - LogText "Exception: skipping test category ${INCLUDE_TEST}, file ${INCLUDE_FILE} has bad permissions (should be 644, 640, 600 or 400)" + LogText "Exception: skipping test category ${INCLUDE_TEST}, file ${INCLUDE_FILE} has bad permissions (should be 640, 600 or 400)" ReportWarning "NONE" "Invalid permissions on tests file tests_${INCLUDE_TEST}" # Insert a section and warn user also on screen InsertSection "${SECTION_GENERAL}" @@ -1075,7 +1063,7 @@ ${NORMAL} LogText "Result: file permissions fine, running custom tests" . ${INCLUDEDIR}/tests_custom else - LogText "Exception: skipping custom tests, file has bad permissions (should be 644, 640, 600 or 400)" + LogText "Exception: skipping custom tests, file has bad permissions (should be 640, 600 or 400)" ReportWarning "NONE" "Invalid permissions on custom tests file" Display --indent 2 --text "- Running custom tests... " --result "${STATUS_WARNING}" --color RED fi From 25a5d7af40070566cebc6a19c8f4841aabca100e Mon Sep 17 00:00:00 2001 From: xnoguer Date: Sun, 23 Apr 2023 17:53:22 -0400 Subject: [PATCH 19/68] Removing --- lynis | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/lynis b/lynis index 1f401b97..a92e3556 100755 --- a/lynis +++ b/lynis @@ -163,11 +163,11 @@ # Check permissions of include/X file (400, 600, 640, 644) if [ "${PERMS}" = "rwxrwxrwx" ]; then - ISSUE=1; ISSUE_TYPE="perms"; echo "[!] Change file permissions of ${INCLUDEDIR}/${FILE} to ${SUGGESTED_PERMS}."; echo " Command: chmod ${SUGGESTED_PERMS} ${INCLUDEDIR}/${FILE}" + ISSUE=1; ISSUE_TYPE="perms"; echo "[!] Change file permissions of ${INCLUDEDIR}/${FILE} to 640."; echo " Command: chmod 640 ${INCLUDEDIR}/${FILE}" elif [ ! "${PERMS}" = "r--------" -a ! "${PERMS}" = "rw-------" -a ! "${PERMS}" = "rw-r-----" -a ! "${PERMS}" = "rw-r--r--" ]; then # If group ID equals user ID, we consider permissions to be fine (probably default umask) if [ ! "${GROUPOWNERID}" = "${OWNERID}" ]; then - ISSUE=1; ISSUE_TYPE="perms"; echo "[!] Change file permissions of ${INCLUDEDIR}/${FILE} to ${SUGGESTED_PERMS}."; echo " Command: chmod ${SUGGESTED_PERMS} ${INCLUDEDIR}/${FILE}" + ISSUE=1; ISSUE_TYPE="perms"; echo "[!] Change file permissions of ${INCLUDEDIR}/${FILE} to 640."; echo " Command: chmod 640 ${INCLUDEDIR}/${FILE}" fi fi @@ -217,10 +217,10 @@ # Extract the short notation of the language (first two characters). if [ -x "$(command -v locale 2> /dev/null)" ]; then - LANGUAGE=$(locale | egrep "^LANG=" | cut -d= -f2 | cut -d_ -f1 | tr -d '"' | grep -E "^[a-z]{2}$") + LANGUAGE=$(locale | grep -E "^LANG=" | cut -d= -f2 | cut -d_ -f1 | tr -d '"' | grep -E "^[a-z]{2}$") # Try locale command if shell variable had no value if [ -z "${DISPLAY_LANG}" ]; then - DISPLAY_LANG=$(locale | egrep "^LANG=" | cut -d= -f2) + DISPLAY_LANG=$(locale | grep -E "^LANG=" | cut -d= -f2) fi else LANGUAGE="en" From 346b843662376002e34c2e92a1914ae5233c56b0 Mon Sep 17 00:00:00 2001 From: xnoguer Date: Sun, 23 Apr 2023 17:54:01 -0400 Subject: [PATCH 20/68] Removing --- lynis | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lynis b/lynis index a92e3556..3a628424 100755 --- a/lynis +++ b/lynis @@ -193,7 +193,7 @@ if [ ${ISSUE} -eq 1 ]; then printf "\n[X] Security check failed\n\n Why do I see this error?\n -------------------------------\n This is a protection mechanism to prevent the root user from executing user created files. The files may be altered, or including malicious pieces of script.\n\n What can I do?\n ---------------------\n Option 1) Check if a trusted user created the files (e.g. due to using Git, Homebrew or similar).\n If you trust these files, you can decide to continue this run by pressing ENTER.\n" if [ "${ISSUE_TYPE}" = "perms" ]; then - printf "\n Option 2) Change permissions of the related files.\n\n Commands (full directory):\n # chmod ${SUGGESTED_PERMS} include/*\n # ./lynis audit system" + printf "\n Option 2) Change permissions of the related files.\n\n Commands (full directory):\n # chmod 640 include/*\n # ./lynis audit system" elif [ "${ISSUE_TYPE}" = "owner" ]; then printf "\n Option 2) Change ownership of the related files (or full directory).\n\n Commands (full directory):\n # cd ..\n # chown -R 0:0 lynis\n # cd lynis\n # ./lynis audit system" fi From c845cecb6fb709d3bc81e0519688ff2bd5a5fe61 Mon Sep 17 00:00:00 2001 From: xnoguer Date: Sun, 23 Apr 2023 19:00:16 -0400 Subject: [PATCH 21/68] Fixing test --- include/tests_php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/tests_php b/include/tests_php index 858bc14b..04502f68 100644 --- a/include/tests_php +++ b/include/tests_php @@ -285,7 +285,7 @@ # Test : PHP-2368 # Description : Check php register_globals option # Notes : Don't test for it if PHP version is 5.4.0 or later (it has been removed) - if [ -n "${PHPINIFILE}" -a -n "${PHPVERSION}" -a -n "${GREPBINARY} -E" ]; then + if [ -n "${PHPINIFILE}" -a -n "${PHPVERSION}" -a -n "${GREPBINARY}" ]; then if [ -f "${PHPINIFILE}" ]; then FIND=$(echo ${PHPVERSION} | ${GREPBINARY} -E "^(4.|5.[0-3])") if [ -z "${FIND}" ]; then From dde2299e69810261c3f1e181ce82bf93c07397ae Mon Sep 17 00:00:00 2001 From: Michael Boelen Date: Tue, 2 May 2023 08:42:59 +0000 Subject: [PATCH 22/68] Updated log --- CHANGELOG.md | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index ad1cbeb8..ab464ab6 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,7 +3,11 @@ ## Lynis 3.0.9 (not released yet) ### Changed -- DBS-1820 - added newer style format for Mongo authorization setting +- DBS-1820 - Added newer style format for Mongo authorization setting +- FILE-6410 - Locations added for plocate +- SSH-7408 - Only test Compression if sshd version < 7.4 +- Improved fetching timestamp +- Minor changes such as typos --------------------------------------------------------------------------------- From 87624e7c758dd3f208f40405863b198b3dd36080 Mon Sep 17 00:00:00 2001 From: Michael Boelen Date: Tue, 2 May 2023 08:47:25 +0000 Subject: [PATCH 23/68] Release version 3.0.9 --- CHANGELOG.md | 2 +- lynis | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index ab464ab6..eba36baf 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,6 +1,6 @@ # Lynis Changelog -## Lynis 3.0.9 (not released yet) +## Lynis 3.0.9 (2023-05-02) ### Changed - DBS-1820 - Added newer style format for Mongo authorization setting diff --git a/lynis b/lynis index 3f6d3b84..2378b4cd 100755 --- a/lynis +++ b/lynis @@ -43,10 +43,10 @@ PROGRAM_WEBSITE="https://cisofy.com/lynis/" # Version details - PROGRAM_RELEASE_DATE="2022-05-17" - PROGRAM_RELEASE_TIMESTAMP=1652791205 + PROGRAM_RELEASE_DATE="2023-05-02" + PROGRAM_RELEASE_TIMESTAMP=1683017189 PROGRAM_RELEASE_TYPE="release" # pre-release or release - PROGRAM_VERSION="3.0.8" + PROGRAM_VERSION="3.0.9" # Source, documentation and license PROGRAM_SOURCE="https://github.com/CISOfy/lynis" From 2b82fa6ebad1d82ba41acdce50dbdbb7aae56abe Mon Sep 17 00:00:00 2001 From: Armin Kuster Date: Tue, 2 May 2023 16:22:13 -0400 Subject: [PATCH 24/68] osdetection: add OpenEmbedded and Poky Signed-off-by: Armin Kuster --- include/osdetection | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/include/osdetection b/include/osdetection index 989b1b38..e5974e5f 100644 --- a/include/osdetection +++ b/include/osdetection @@ -308,6 +308,12 @@ OS_REDHAT_OR_CLONE=1 OS_VERSION=$(grep "^VERSION_ID=" /etc/os-release | awk -F= '{print $2}' | tr -d '"') ;; + "nodistro") + LINUX_VERSION="openembedded" + OS_NAME="OpenEmbedded" + OS_VERSION=$(grep "^VERSION_ID=" /etc/os-release | awk -F= '{print $2}' | tr -d '"') + OS_VERSION_FULL=$(grep "^VERSION=" /etc/os-release | awk -F= '{print $2}' | tr -d '"') + ;; "opensuse-tumbleweed") LINUX_VERSION="openSUSE Tumbleweed" # It's rolling release but has a snapshot version (the date of the snapshot) @@ -330,6 +336,14 @@ OS_VERSION=$(grep "^VERSION_ID=" /etc/os-release | awk -F= '{print $2}' | tr -d '"') OS_VERSION_FULL=$(grep "^PRETTY_NAME=" /etc/os-release | awk -F= '{print $2}' | tr -d '"') ;; + "poky") + LINUX_VERSION="Poky" + OS_NAME="openembedded" + LINUX_VERSION_LIKE="openembedded" + OS_VERSION=$(grep "^VERSION_ID=" /etc/os-release | awk -F= '{print $2}' | tr -d '"') + OS_VERSION_FULL=$(grep "^PRETTY_NAME=" /etc/os-release | awk -F= '{print $2}' | tr -d '"') + + ;; "pop") LINUX_VERSION="Pop!_OS" LINUX_VERSION_LIKE="Ubuntu" From 6fdfa0a0129e2866ebdc233d771722d09034d9cc Mon Sep 17 00:00:00 2001 From: Xavier Noguer Date: Fri, 19 May 2023 23:12:39 +0000 Subject: [PATCH 25/68] Replacing deprecated option -i --- include/tests_databases | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/include/tests_databases b/include/tests_databases index e973d23f..dbc1d857 100644 --- a/include/tests_databases +++ b/include/tests_databases @@ -216,8 +216,8 @@ Register --test-no DBS-1828 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Test PostgreSQL configuration" if [ ${SKIPTEST} -eq 0 ]; then - FIND_PATHS="${ROOTDIR}etc/postgres ${ROOTDIR}var/lib/postgres/data ${ROOTDIR}usr/local/pgsql/data" - CONFIG_FILES=$(${FINDBINARY} -L ${FIND_PATHS} -type f -name "*.conf" -print0 2> /dev/null | ${TRBINARY} -cd '[:print:]\0' | ${TRBINARY} -d '\n' | ${TRBINARY} '\0' '\n' | xargs -i sh -c 'test -r "{}" && echo "{}"' | ${SEDBINARY} "s/ /:space:/g") + FIND_PATHS="${ROOTDIR}etc/postgres ${ROOTDIR}etc/postgresql ${ROOTDIR}var/lib/postgres/data ${ROOTDIR}usr/local/pgsql/data" + CONFIG_FILES=$(${FINDBINARY} -L ${FIND_PATHS} -type f -name "*.conf" -print0 2> /dev/null | ${TRBINARY} -cd '[:print:]\0' | ${TRBINARY} -d '\n' | ${TRBINARY} '\0' '\n' | xargs -I{} sh -c 'test -r "{}" && echo "{}"' | ${SEDBINARY} "s/ /:space:/g") for CF in ${CONFIG_FILES}; do Report "postgresql_config_file[]=${CF}" LogText "Found configuration file (${CF})" From dbf263dbbd218e6bdf19e7d096c9595e40a8fee1 Mon Sep 17 00:00:00 2001 From: Xavier Noguer Date: Sat, 20 May 2023 15:58:12 +0000 Subject: [PATCH 26/68] Looking for configuration files in all /usr/local/pgsql/data* directories --- include/tests_databases | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/include/tests_databases b/include/tests_databases index e973d23f..aeacaa4a 100644 --- a/include/tests_databases +++ b/include/tests_databases @@ -216,7 +216,8 @@ Register --test-no DBS-1828 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Test PostgreSQL configuration" if [ ${SKIPTEST} -eq 0 ]; then - FIND_PATHS="${ROOTDIR}etc/postgres ${ROOTDIR}var/lib/postgres/data ${ROOTDIR}usr/local/pgsql/data" + FIND_PATHS=$(${LSBINARY} -d ${ROOTDIR}usr/local/pgsql/data* 2> /dev/null) + FIND_PATHS="${FIND_PATHS} ${ROOTDIR}etc/postgres ${ROOTDIR}var/lib/postgres/data ${ROOTDIR}usr/local/pgsql/data" CONFIG_FILES=$(${FINDBINARY} -L ${FIND_PATHS} -type f -name "*.conf" -print0 2> /dev/null | ${TRBINARY} -cd '[:print:]\0' | ${TRBINARY} -d '\n' | ${TRBINARY} '\0' '\n' | xargs -i sh -c 'test -r "{}" && echo "{}"' | ${SEDBINARY} "s/ /:space:/g") for CF in ${CONFIG_FILES}; do Report "postgresql_config_file[]=${CF}" From 9f36e17ee0afd881468c496da3d1ae4ba80956b3 Mon Sep 17 00:00:00 2001 From: Xavier Noguer Date: Tue, 23 May 2023 15:07:42 +0000 Subject: [PATCH 27/68] Added tests considering Wazuh for file integrity and tooling --- db/tests.db | 2 ++ include/tests_file_integrity | 19 +++++++++++++++++++ include/tests_hardening | 2 +- include/tests_tooling | 29 +++++++++++++++++++++++++++++ 4 files changed, 51 insertions(+), 1 deletion(-) diff --git a/db/tests.db b/db/tests.db index e4dc8fbd..69a68bc9 100644 --- a/db/tests.db +++ b/db/tests.db @@ -148,6 +148,7 @@ FINT-4338:test:security:file_integrity::osqueryd syscheck daemon running: FINT-4339:test:security:file_integrity:Linux:Check IMA/EVM Status FINT-4340:test:security:file_integrity:Linux:Check dm-integrity status FINT-4341:test:security:file_integrity:Linux:Check dm-verity status +FINT-4344:test:security:file_integrity::Wazuh syscheck daemon running: FINT-4350:test:security:file_integrity::File integrity software installed: FINT-4402:test:security:file_integrity::Checksums (SHA256 or SHA512): FIRE-4502:test:security:firewalls:Linux:Check iptables kernel module: @@ -437,6 +438,7 @@ TOOL-5102:test:security:tooling::Check for presence of Fail2ban: TOOL-5104:test:security:tooling::Enabled tests for Fail2ban: TOOL-5120:test:security:tooling::Presence of Snort IDS: TOOL-5122:test:security:tooling::Snort IDS configuration file: +TOOL-5128:test:security:tooling::Check for active Wazuh daemon: TOOL-5130:test:security:tooling::Check for active Suricata daemon: TOOL-5160:test:security:tooling::Check for active OSSEC daemon: TOOL-5190:test:security:tooling::Check presence of available IDS/IPS tooling: diff --git a/include/tests_file_integrity b/include/tests_file_integrity index 8a38b97e..a0bf497f 100644 --- a/include/tests_file_integrity +++ b/include/tests_file_integrity @@ -398,6 +398,25 @@ fi # ################################################################################# +# + # Test : FINT-4344 + # Description : Check if Wazuh system integrity tool is running + Register --test-no FINT-4344 --weight L --network NO --category security --description "Wazuh syscheck daemon running" + if [ ${SKIPTEST} -eq 0 ]; then + LogText "Test: Checking if Wazuh syscheck daemon is running" + if IsRunning "wazuh-syscheckd"; then + LogText "Result: syscheck (Wazuh) active" + Report "file_integrity_tool[]=wazuh" + FILE_INT_TOOL="wazuh-syscheck" + FILE_INT_TOOL_FOUND=1 + Display --indent 4 --text "- Wazuh (syscheck)" --result "${STATUS_FOUND}" --color GREEN + else + LogText "Result: syscheck (Wazuh) is not active" + if IsVerbose; then Display --indent 4 --text "- Wazuh" --result "${STATUS_NOT_FOUND}" --color WHITE; fi + fi + fi +# +################################################################################# # # Test : FINT-4402 (was FINT-4316) # Description : Check if AIDE is configured to use SHA256 or SHA512 checksums diff --git a/include/tests_hardening b/include/tests_hardening index c414edb6..8ca04d6d 100644 --- a/include/tests_hardening +++ b/include/tests_hardening @@ -99,7 +99,7 @@ else Display --indent 4 --text "- Installed malware scanner" --result "${STATUS_NOT_FOUND}" --color RED fi - ReportSuggestion "${TEST_NO}" "Harden the system by installing at least one malware scanner, to perform periodic file system scans" "-" "Install a tool like rkhunter, chkrootkit, OSSEC" + ReportSuggestion "${TEST_NO}" "Harden the system by installing at least one malware scanner, to perform periodic file system scans" "-" "Install a tool like rkhunter, chkrootkit, OSSEC, Wazuh" AddHP 1 3 LogText "Result: no malware scanner found" fi diff --git a/include/tests_tooling b/include/tests_tooling index 083f5045..2ef9f81b 100644 --- a/include/tests_tooling +++ b/include/tests_tooling @@ -428,6 +428,35 @@ fi # ################################################################################# +# + # Test : TOOL-5128 + # Description : Check for Wazuh daemon + Register --test-no TOOL-5128 --weight L --network NO --category security --description "Check for active Wazuh daemon" + if [ ${SKIPTEST} -eq 0 ]; then + # Server side + if IsRunning "wazuh-analysisd"; then + IDS_IPS_TOOL_FOUND=1 + Report "ids_ips_tooling[]=wazuh" + Report "ids_ips_tooling[]=wazuh-analysisd" + LogText "Result: Wazuh analysis daemon is active" + Display --indent 2 --text "- Checking presence of Wazuh (analysis)" --result "${STATUS_FOUND}" --color GREEN + else + LogText "Result: Wazuh analysis daemon not active" + fi + + # Client side + if IsRunning "wazuh-agentd"; then + IDS_IPS_TOOL_FOUND=1 + Report "ids_ips_tooling[]=wazuh" + Report "ids_ips_tooling[]=wazuh-agentd" + LogText "Result: Wazuh agent daemon is active" + Display --indent 2 --text "- Checking presence of Wazuh (agent)" --result "${STATUS_FOUND}" --color GREEN + else + LogText "Result: Wazuh agent daemon not active" + fi + fi +# +################################################################################# # # Test : TOOL-5190 # Description : Check for an IDS/IPS tool From 1e70cd0b9252f4d0e2b231c2b7c482cbee6560f0 Mon Sep 17 00:00:00 2001 From: Xavier Noguer Date: Tue, 30 May 2023 08:04:36 +0000 Subject: [PATCH 28/68] Fixing missing or erroneous test number comments --- include/tests_insecure_services | 4 +++- include/tests_system_integrity | 2 ++ include/tests_tooling | 2 +- 3 files changed, 6 insertions(+), 2 deletions(-) diff --git a/include/tests_insecure_services b/include/tests_insecure_services index f01966f2..b27ff168 100644 --- a/include/tests_insecure_services +++ b/include/tests_insecure_services @@ -371,7 +371,7 @@ # ################################################################################# # - # Test : INSE-8312 + # Test : INSE-8322 # Description : Check if telnet server is installed Register --test-no INSE-8322 --package-manager-required --weight L --network NO --category security --description "Check if telnet server is installed" if [ ${SKIPTEST} -eq 0 ]; then @@ -492,6 +492,8 @@ # ################################################################################# # + # Test : INSE-8050 + # Description : Check for insecure services on macOS if [ -n "${LAUNCHCTL_BINARY}" ]; then PREQS_MET="YES"; SKIPREASON=""; else PREQS_MET="NO"; SKIPREASON="No launchctl binary on this system"; fi Register --test-no INSE-8050 --os "macOS" --preqs-met ${PREQS_MET} --skip-reason "${SKIPREASON}" --weight M --network NO --category security --description "Check for insecure services on macOS" if [ ${SKIPTEST} -eq 0 ]; then diff --git a/include/tests_system_integrity b/include/tests_system_integrity index befe09a0..9c5b1e51 100644 --- a/include/tests_system_integrity +++ b/include/tests_system_integrity @@ -30,6 +30,8 @@ # ################################################################################# # + # Test : SINT-7010 + # Description : System Integrity Status if [ -x ${ROOTDIR}/usr/bin/csrutil ]; then PREQS_MET="YES"; else PREQS_MET="NO"; SKIPREASON="No CSrutil binary found"; fi Register --test-no SINT-7010 --os MacOS --preqs-met ${PREQS_MET} --skip-reason "${SKIPREASON}" --weight H --network NO --category security --description "System Integrity Status" if [ ${SKIPTEST} -eq 0 ]; then diff --git a/include/tests_tooling b/include/tests_tooling index 083f5045..cda48616 100644 --- a/include/tests_tooling +++ b/include/tests_tooling @@ -400,7 +400,7 @@ # ################################################################################# # - # Test : TOOL-5160 + # Test : TOOL-5126 # Description : Check for OSSEC Register --test-no TOOL-5126 --weight L --network NO --category security --description "Check for active OSSEC daemon" if [ ${SKIPTEST} -eq 0 ]; then From aa7085bf929bac4d454ed8f4c5dad413d3234f3d Mon Sep 17 00:00:00 2001 From: Ben Perry Date: Tue, 30 May 2023 18:19:46 +1000 Subject: [PATCH 29/68] Update tests_malware --- include/tests_malware | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/include/tests_malware b/include/tests_malware index 40336fa5..41814b43 100644 --- a/include/tests_malware +++ b/include/tests_malware @@ -39,6 +39,7 @@ MALWARE_SCANNER_INSTALLED=0 MALWARE_DAEMON_RUNNING=0 ROOTKIT_SCANNER_FOUND=0 + SENTINELONE_SCANNER_FOUND=0 SOPHOS_SCANNER_RUNNING=0 SYMANTEC_SCANNER_RUNNING=0 SYNOLOGY_DAEMON_RUNNING=0 @@ -231,6 +232,20 @@ Report "malware_scanner[]=mcafee" fi + # SentinelOne + LogText "Text: checking process sentineld (SentinelOne)" + if isRunning "sentineld"; then SENTINELONE_SCANNER_RUNNING=1; fi # macOS + if isRunning "s1-agent"; then SENTINELONE_SCANNER_RUNNING=1; fi # Linux + if isRunning "SentinelAgent"; then SENTINELONE_SCANNER_RUNNING=1; fi # Windows + if [ ${SENTINELONE_SCANNER_RUNNING} -eq 1 ]; then + FOUND=1 + if IsVerbose; then Display --indent 2 --text "- ${GEN_CHECKING} SentinelOne" --result "${STATUS_FOUND}" --color GREEN; fi + LogText "Result: Found SentinelOne" + MALWARE_DAEMON_RUNNING=1 + MALWARE_SCANNER_INSTALLED=1 + Report "malware_scanner[]=sentinelone" + fi + # Sophos savscand/SophosScanD LogText "Test: checking process savscand" if IsRunning "savscand"; then From b16b4628c7d7bb585c50e7a0f8d7f75fc2308cf4 Mon Sep 17 00:00:00 2001 From: Xavier Noguer Date: Tue, 30 May 2023 08:38:17 +0000 Subject: [PATCH 30/68] Fixing test numbers in db/tests.db with the actual numbers used for those tests --- db/tests.db | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/db/tests.db b/db/tests.db index e4dc8fbd..5e7acf4c 100644 --- a/db/tests.db +++ b/db/tests.db @@ -204,7 +204,7 @@ INSE-8200:test:security:insecure_services::Usage of TCP wrappers: INSE-8300:test:security:insecure_services::Presence of rsh client: INSE-8302:test:security:insecure_services::Presence of rsh server: INSE-8310:test:security:insecure_services::Presence of telnet client: -INSE-8312:test:security:insecure_services::Presence of telnet server: +INSE-8322:test:security:insecure_services::Presence of telnet server: INSE-8314:test:security:insecure_services::Presence of NIS client: INSE-8316:test:security:insecure_services::Presence of NIS server: INSE-8318:test:security:insecure_services::Presence of TFTP client: @@ -438,7 +438,7 @@ TOOL-5104:test:security:tooling::Enabled tests for Fail2ban: TOOL-5120:test:security:tooling::Presence of Snort IDS: TOOL-5122:test:security:tooling::Snort IDS configuration file: TOOL-5130:test:security:tooling::Check for active Suricata daemon: -TOOL-5160:test:security:tooling::Check for active OSSEC daemon: +TOOL-5126:test:security:tooling::Check for active OSSEC daemon: TOOL-5190:test:security:tooling::Check presence of available IDS/IPS tooling: USB-1000:test:security:storage:Linux:Check if USB storage is disabled: USB-2000:test:security:storage:Linux:Check USB authorizations: From 6963e4e408fcebc16e00d5e286abfefd93627423 Mon Sep 17 00:00:00 2001 From: Xavier Noguer Date: Tue, 30 May 2023 14:56:11 +0000 Subject: [PATCH 31/68] Updating parsing of arch-audit since arch-audit modified its output --- include/tests_ports_packages | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/include/tests_ports_packages b/include/tests_ports_packages index 9ca1948d..6ffe1b54 100644 --- a/include/tests_ports_packages +++ b/include/tests_ports_packages @@ -347,12 +347,13 @@ Register --test-no PKGS-7322 --os "Linux" --preqs-met ${PREQS_MET} --skip-reason "${SKIPREASON}" --weight L --network NO --category security --description "Discover vulnerable packages with arch-audit" if [ ${SKIPTEST} -eq 0 ]; then LogText "Test: checking arch-audit output for vulnerable packages" - FIND=$(${ARCH_AUDIT_BINARY} | ${SEDBINARY} 's/\.\..*$//' | ${SEDBINARY} 's/, //g' | ${SEDBINARY} 's/\(\["\|"\]\)//g' | ${SEDBINARY} 's/""/,/g' | ${AWKBINARY} '{ if($1=="Package") { print $2"|"$6"|"}}' | ${AWKBINARY} -F'|' 'NF>1{a[$1] = a[$1]","$2}END{for(i in a){print i""a[i]"|"}}' | ${SEDBINARY} 's/,/|cve=/' | ${SORTBINARY}) + FIND=$(${ARCH_AUDIT_BINARY} | ${SEDBINARY} 's/ High risk!//' | ${SEDBINARY} 's/ Medium risk!//' | ${SEDBINARY} 's/ Low risk!//' | ${SEDBINARY} 's/\.\..*$//' | ${SEDBINARY} 's/, /,/g' | ${SEDBINARY} 's/\(\["\|"\]\)//g' | ${SEDBINARY} 's/""/,/g' | ${AWKBINARY} '{if ($0 ~ /is affected by CVE\-/) {print $1"|"$5"|"} else {ORS=""; print $1"|"; for (i=5; i<=NF; i++)print $i; print "\n"; ORS="\n"}}'| ${AWKBINARY} -F'|' 'NF>1{a[$1] = a[$1]","$2}END{for(i in a){print i""a[i]"|"}}' | ${SEDBINARY} 's/,CVE-/|cve=CVE-/' | ${SORTBINARY}) if [ -z "${FIND}" ]; then LogText "Result: no vulnerable packages found with arch-audit" AddHP 10 10 else LogText "Result: found one or more vulnerable packages" + VULNERABLE_PACKAGES_FOUND=1 for ITEM in ${FIND}; do LogText "Found line: ${ITEM}" Report "vulnerable_package[]=${ITEM}" From be5a63a45bd3454ed5bdd3f96a2f287c228307dd Mon Sep 17 00:00:00 2001 From: Jay Keller <70912302+digitalcheetah@users.noreply.github.com> Date: Sat, 10 Jun 2023 11:03:48 +0000 Subject: [PATCH 32/68] Update osdetection with Guix Closes issue #1379 --- include/osdetection | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/include/osdetection b/include/osdetection index 989b1b38..4c51a7a8 100644 --- a/include/osdetection +++ b/include/osdetection @@ -260,6 +260,12 @@ OS_NAME="Gentoo Linux" OS_VERSION="Rolling release" ;; + "guix") + LINUX_VERSION="Guix" + OS_FULLNAME="Guix System" + OS_NAME="Guix" + OS_VERSION="Rolling release" + ;; "ipfire") LINUX_VERSION="IPFire" OS_NAME="IPFire" From 5214132e97313bc0660317605e816d2b72296617 Mon Sep 17 00:00:00 2001 From: Jay Keller <70912302+digitalcheetah@users.noreply.github.com> Date: Sat, 10 Jun 2023 11:20:10 +0000 Subject: [PATCH 33/68] Update osdetection with LSDK This should close issue #1393. --- include/osdetection | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/include/osdetection b/include/osdetection index 989b1b38..fe92c500 100644 --- a/include/osdetection +++ b/include/osdetection @@ -278,6 +278,11 @@ OS_VERSION=$(grep "^VERSION_ID=" /etc/os-release | awk -F= '{print $2}' | tr -d '"') OS_VERSION_FULL=$(grep "^VERSION=" /etc/os-release | awk -F= '{print $2}' | tr -d '"') ;; + "lsdk") + LINUX_VERSION="NXP LSDK" + OS_NAME="NXP LSDK" + OS_VERSION_FULL=$(grep "^VERSION=" /etc/os-release | awk -F= '{print $2}' | tr -d '"') + ;; "mageia") LINUX_VERSION="Mageia" OS_NAME="Mageia" From 6e3cea8c87c04dce721b8c7afa9027a810af5f96 Mon Sep 17 00:00:00 2001 From: rpmbuild Date: Sun, 30 Jul 2023 09:37:10 +0200 Subject: [PATCH 34/68] use grep -E instead of egrep if possible --- include/binaries | 9 +++++++++ include/tests_time | 2 +- lynis | 4 ++-- 3 files changed, 12 insertions(+), 3 deletions(-) diff --git a/include/binaries b/include/binaries index 7aabba42..8b174eed 100644 --- a/include/binaries +++ b/include/binaries @@ -337,6 +337,15 @@ Report "binaries_sgid_count=${SGID_BINARIES}" Report "binary_paths=${BINARY_PATHS_FOUND}" + # If grep is capable of extended regexp, use that instead of egrep to avoid annoying warning + if [ "${GREPBINARY:-}" ] ; then + ${GREPBINARY} --help | ${GREPBINARY} -e "extended-regexp" > /dev/null + if [ $? -eq 0 ] ; then + EGREPBINARY="${GREPBINARY} -E" + fi + fi + + # Test if the basic system tools are defined. These will be used during the audit. [ "${AWKBINARY:-}" ] || ExitFatal "awk binary not found" [ "${CAT_BINARY:-}" ] || ExitFatal "cat binary not found" diff --git a/include/tests_time b/include/tests_time index df9a86b7..f20beed8 100644 --- a/include/tests_time +++ b/include/tests_time @@ -164,7 +164,7 @@ FIND=$(echo "${J}" | ${EGREPBINARY} '/.placeholder$') if [ -f "${J}" ] && [ -r "${J}" ] && [ -z "${FIND}" ]; then LogText "Test: checking for ntpdate, rdate, sntp or ntpdig in ${J}" - FIND=$("${EGREPBINARY}" "${CRONTAB_REGEX}" "${J}" | "${GREPBINARY}" -v "^#") + FIND=$(${EGREPBINARY} "${CRONTAB_REGEX}" "${J}" | "${GREPBINARY}" -v "^#") if [ -n "${FIND}" ]; then FOUND=1; FOUND_IN_CRON=1; NTP_CONFIG_TYPE_SCHEDULED=1 LogText "Result: found ntpdate, rdate, sntp or ntpdig in ${J}" diff --git a/lynis b/lynis index 3f6d3b84..fd891d8e 100755 --- a/lynis +++ b/lynis @@ -217,10 +217,10 @@ # Extract the short notation of the language (first two characters). if [ -x "$(command -v locale 2> /dev/null)" ]; then - LANGUAGE=$(locale | egrep "^LANG=" | cut -d= -f2 | cut -d_ -f1 | tr -d '"' | egrep "^[a-z]{2}$") + LANGUAGE=$(locale | grep -e "^LANG=" | cut -d= -f2 | cut -d_ -f1 | tr -d '"' | grep -E -e "^[a-z]{2}$") # Try locale command if shell variable had no value if [ -z "${DISPLAY_LANG}" ]; then - DISPLAY_LANG=$(locale | egrep "^LANG=" | cut -d= -f2) + DISPLAY_LANG=$(locale | grep -e "^LANG=" | cut -d= -f2) fi else LANGUAGE="en" From e797d2d3bf59e9ab5bbdcd5cc7a5c1668500370f Mon Sep 17 00:00:00 2001 From: "Samuel Henrique (samueloph)" Date: Wed, 2 Aug 2023 17:19:58 +0000 Subject: [PATCH 35/68] Update Amazon Linux EOL dates and add Amazon Linux 2023 Sources: AL2023 EOL: https://docs.aws.amazon.com/linux/al2023/release-notes/support-info-by-support-statement.html#support-info-by-support-statement-eol AL2 EOL: https://aws.amazon.com/amazon-linux-2/faqs/ AL EOL: https://aws.amazon.com/blogs/aws/update-on-amazon-linux-ami-end-of-life/ --- db/software-eol.db | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/db/software-eol.db b/db/software-eol.db index f8242d35..ff33a056 100644 --- a/db/software-eol.db +++ b/db/software-eol.db @@ -28,8 +28,9 @@ os:Alpine 3.8:2020-05-01:1588305600 # Amazon Linux # # Note: shortest entry is listed at end due to regular expression matching being used -os:Amazon Linux 2:2023-06-26:1687730400: -os:Amazon Linux:2020-06-30:1593468000: +os:Amazon Linux 2023:2028-03-15:1836691200: +os:Amazon Linux 2:2025-06-30:1751241600: +os:Amazon Linux:2023-12-31:1703980800: # # Arch Linux # From a23853eebd86573a3af9c889250cd7f916d2e3cd Mon Sep 17 00:00:00 2001 From: Amaury Korb <92906119+amkorb@users.noreply.github.com> Date: Wed, 2 Aug 2023 23:24:18 +0200 Subject: [PATCH 36/68] Add STATUS_NOT_ACTIVE --- db/languages/en | 1 + 1 file changed, 1 insertion(+) diff --git a/db/languages/en b/db/languages/en index 3fc11069..52ace1f7 100644 --- a/db/languages/en +++ b/db/languages/en @@ -84,6 +84,7 @@ STATUS_NO="NO" STATUS_NO_UPDATE="NO UPDATE" STATUS_NON_DEFAULT="NON DEFAULT" STATUS_NONE="NONE" +STATUS_NOT_ACTIVE="NOT ACTIVE" STATUS_NOT_CONFIGURED="NOT CONFIGURED" STATUS_NOT_DISABLED="NOT DISABLED" STATUS_NOT_ENABLED="NOT ENABLED" From e1bcfe955e3ad5b1f339eb584f83a8aae6ad919b Mon Sep 17 00:00:00 2001 From: Amaury Korb <92906119+amkorb@users.noreply.github.com> Date: Wed, 2 Aug 2023 23:24:47 +0200 Subject: [PATCH 37/68] Add STATUS_NOT_ACTIVE --- db/languages/az | 1 + 1 file changed, 1 insertion(+) diff --git a/db/languages/az b/db/languages/az index ffdf4254..24a0ca70 100644 --- a/db/languages/az +++ b/db/languages/az @@ -82,6 +82,7 @@ STATUS_FOUND="Tapıldı" #STATUS_MEDIUM="MEDIUM" #STATUS_NON_DEFAULT="NON DEFAULT" STATUS_NONE="Yox" +STATUS_NOT_ACTIVE="NOT ACTIVE" #STATUS_NOT_CONFIGURED="NOT CONFIGURED" #STATUS_NOT_DISABLED="NOT DISABLED" #STATUS_NOT_ENABLED="NOT ENABLED" From c3bdaa1e08b9bec567558046f4205d1e52a8f258 Mon Sep 17 00:00:00 2001 From: Amaury Korb <92906119+amkorb@users.noreply.github.com> Date: Wed, 2 Aug 2023 23:25:13 +0200 Subject: [PATCH 38/68] Add STATUS_NOT_ACTIVE --- db/languages/cn | 1 + 1 file changed, 1 insertion(+) diff --git a/db/languages/cn b/db/languages/cn index 76f181ca..11826db3 100644 --- a/db/languages/cn +++ b/db/languages/cn @@ -83,6 +83,7 @@ STATUS_FOUND="找到" #STATUS_MEDIUM="MEDIUM" #STATUS_NON_DEFAULT="NON DEFAULT" STATUS_NONE="没有" +STATUS_NOT_ACTIVE="NOT ACTIVE" #STATUS_NOT_CONFIGURED="NOT CONFIGURED" #STATUS_NOT_DISABLED="NOT DISABLED" #STATUS_NOT_ENABLED="NOT ENABLED" From 59d4261ab1c7e633eec70e4956634f9d58f13e09 Mon Sep 17 00:00:00 2001 From: Amaury Korb <92906119+amkorb@users.noreply.github.com> Date: Wed, 2 Aug 2023 23:25:30 +0200 Subject: [PATCH 39/68] Add STATUS_NOT_ACTIVE --- db/languages/da | 1 + 1 file changed, 1 insertion(+) diff --git a/db/languages/da b/db/languages/da index 21cac946..1bd77089 100644 --- a/db/languages/da +++ b/db/languages/da @@ -83,6 +83,7 @@ STATUS_FOUND="FUNDET" #STATUS_NON_DEFAULT="NON DEFAULT" STATUS_NONE="INGEN" STATUS_NO="NEJ" +STATUS_NOT_ACTIVE="NOT ACTIVE" #STATUS_NOT_CONFIGURED="NOT CONFIGURED" #STATUS_NOT_DISABLED="NOT DISABLED" STATUS_NOT_ENABLED="IKKE AKTIVERET" From 03bbf37faba788cabc4b86c01125a35fb2d2b955 Mon Sep 17 00:00:00 2001 From: Amaury Korb <92906119+amkorb@users.noreply.github.com> Date: Wed, 2 Aug 2023 23:25:47 +0200 Subject: [PATCH 40/68] Add STATUS_NOT_ACTIVE --- db/languages/de | 1 + 1 file changed, 1 insertion(+) diff --git a/db/languages/de b/db/languages/de index fad25db9..942693a3 100644 --- a/db/languages/de +++ b/db/languages/de @@ -84,6 +84,7 @@ STATUS_NO="NEIN" STATUS_NO_UPDATE="KEINE AKTUALISIERUNG" STATUS_NON_DEFAULT="NICHT STANDARD" STATUS_NONE="NICHTS" +STATUS_NOT_ACTIVE="NOT ACTIVE" STATUS_NOT_CONFIGURED="NICHT KONFIGURIERT" STATUS_NOT_DISABLED="NICHT DEAKTIVIERT" STATUS_NOT_ENABLED="NICHT AKTIVIERT" From ae1903ca2b0f75fae4de64ffd32bbb43c25b0188 Mon Sep 17 00:00:00 2001 From: Amaury Korb <92906119+amkorb@users.noreply.github.com> Date: Wed, 2 Aug 2023 23:26:14 +0200 Subject: [PATCH 41/68] Add STATUS_NOT_ACTIVE --- db/languages/es | 1 + 1 file changed, 1 insertion(+) diff --git a/db/languages/es b/db/languages/es index fceb261f..1ad53db5 100644 --- a/db/languages/es +++ b/db/languages/es @@ -85,6 +85,7 @@ STATUS_NO_UPDATE="SIN ACTUALIZACIÓN" STATUS_NO="NO" STATUS_NON_DEFAULT="NO POR DEFECTO" STATUS_NONE="NINGUNO" +STATUS_NOT_ACTIVE="NOT ACTIVE" STATUS_NOT_CONFIGURED="NO CONFIGURADO" STATUS_NOT_DISABLED="NO DESHABILITADO" STATUS_NOT_ENABLED="NO HABILITADO" From 2eb902c87e578d343941a74617692f9e0072e9b3 Mon Sep 17 00:00:00 2001 From: Amaury Korb <92906119+amkorb@users.noreply.github.com> Date: Wed, 2 Aug 2023 23:26:32 +0200 Subject: [PATCH 42/68] Add STATUS_NOT_ACTIVE --- db/languages/fi | 1 + 1 file changed, 1 insertion(+) diff --git a/db/languages/fi b/db/languages/fi index 85e6593a..e8dc3564 100644 --- a/db/languages/fi +++ b/db/languages/fi @@ -83,6 +83,7 @@ STATUS_FOUND="LÖYTYNYT" STATUS_NO="EI" #STATUS_NON_DEFAULT="NON DEFAULT" STATUS_NONE="EI MITÄÄN" +STATUS_NOT_ACTIVE="NOT ACTIVE" #STATUS_NOT_CONFIGURED="NOT CONFIGURED" #STATUS_NOT_DISABLED="NOT DISABLED" #STATUS_NOT_ENABLED="NOT ENABLED" From 07864eb469d1a5605d43836a0913a231e053e291 Mon Sep 17 00:00:00 2001 From: Amaury Korb <92906119+amkorb@users.noreply.github.com> Date: Wed, 2 Aug 2023 23:26:51 +0200 Subject: [PATCH 43/68] Add STATUS_NOT_ACTIVE --- db/languages/fr | 1 + 1 file changed, 1 insertion(+) diff --git a/db/languages/fr b/db/languages/fr index d85d643d..d0be5c99 100644 --- a/db/languages/fr +++ b/db/languages/fr @@ -84,6 +84,7 @@ STATUS_NO="NON" STATUS_NO_UPDATE="PAS DE MISE A JOUR" STATUS_NON_DEFAULT="PAS PAR DÉFAUT" STATUS_NONE="AUCUN" +STATUS_NOT_ACTIVE="NOT ACTIVE" STATUS_NOT_CONFIGURED="NON CONFIGURÉ" STATUS_NOT_DISABLED="NON DESACTIVÉ" STATUS_NOT_ENABLED="NON ACTIVÉ" From 5db08f896c69e1e0d74dbd7e35f9bb8fe05b49fb Mon Sep 17 00:00:00 2001 From: Amaury Korb <92906119+amkorb@users.noreply.github.com> Date: Wed, 2 Aug 2023 23:27:08 +0200 Subject: [PATCH 44/68] Add STATUS_NOT_ACTIVE --- db/languages/gr | 1 + 1 file changed, 1 insertion(+) diff --git a/db/languages/gr b/db/languages/gr index 8d285f96..15c3e509 100644 --- a/db/languages/gr +++ b/db/languages/gr @@ -82,6 +82,7 @@ STATUS_FOUND="ΒΡΕΘΗΚΕ" #STATUS_MEDIUM="MEDIUM" #STATUS_NON_DEFAULT="NON DEFAULT" STATUS_NONE="ΚΑΝΕΝΑ" +STATUS_NOT_ACTIVE="NOT ACTIVE" #STATUS_NOT_CONFIGURED="NOT CONFIGURED" #STATUS_NOT_DISABLED="NOT DISABLED" #STATUS_NOT_ENABLED="NOT ENABLED" From 7ada6c3166458285394c416033a595baaa7aae7c Mon Sep 17 00:00:00 2001 From: Amaury Korb <92906119+amkorb@users.noreply.github.com> Date: Wed, 2 Aug 2023 23:27:25 +0200 Subject: [PATCH 45/68] Add STATUS_NOT_ACTIVE --- db/languages/he | 1 + 1 file changed, 1 insertion(+) diff --git a/db/languages/he b/db/languages/he index 83859123..9755bcf7 100644 --- a/db/languages/he +++ b/db/languages/he @@ -82,6 +82,7 @@ STATUS_FOUND="נמצא" #STATUS_MEDIUM="MEDIUM" #STATUS_NON_DEFAULT="NON DEFAULT" STATUS_NONE="אין כלל" +STATUS_NOT_ACTIVE="NOT ACTIVE" #STATUS_NOT_CONFIGURED="NOT CONFIGURED" #STATUS_NOT_DISABLED="NOT DISABLED" #STATUS_NOT_ENABLED="NOT ENABLED" From f4b7556f6cd0b38e9194535c797aabad8ab3e900 Mon Sep 17 00:00:00 2001 From: Amaury Korb <92906119+amkorb@users.noreply.github.com> Date: Wed, 2 Aug 2023 23:27:40 +0200 Subject: [PATCH 46/68] Add STATUS_NOT_ACTIVE --- db/languages/hu | 1 + 1 file changed, 1 insertion(+) diff --git a/db/languages/hu b/db/languages/hu index 1d055bd8..90ae29e1 100644 --- a/db/languages/hu +++ b/db/languages/hu @@ -83,6 +83,7 @@ STATUS_FOUND="FOUND" #STATUS_NON_DEFAULT="NON DEFAULT" STATUS_NO="NEM" STATUS_NONE="NONE" +STATUS_NOT_ACTIVE="NOT ACTIVE" #STATUS_NOT_CONFIGURED="NOT CONFIGURED" #STATUS_NOT_DISABLED="NOT DISABLED" #STATUS_NOT_ENABLED="NOT ENABLED" From 3d1969f3acf1155053b41fe3928d04a5ffb8bee4 Mon Sep 17 00:00:00 2001 From: Amaury Korb <92906119+amkorb@users.noreply.github.com> Date: Wed, 2 Aug 2023 23:27:55 +0200 Subject: [PATCH 47/68] Add STATUS_NOT_ACTIVE --- db/languages/it | 1 + 1 file changed, 1 insertion(+) diff --git a/db/languages/it b/db/languages/it index 3f3a8853..26ff3076 100644 --- a/db/languages/it +++ b/db/languages/it @@ -83,6 +83,7 @@ STATUS_FOUND="TROVATO" #STATUS_NON_DEFAULT="NON DEFAULT" STATUS_NONE="NESSUNO" STATUS_NO="NO" +STATUS_NOT_ACTIVE="NOT ACTIVE" STATUS_NOT_CONFIGURED="NON CONFIGURATO" #STATUS_NOT_DISABLED="NOT DISABLED" #STATUS_NOT_ENABLED="NOT ENABLED" From 2538a02c97ebf0ba69b3200a8e0b2ccc39f75410 Mon Sep 17 00:00:00 2001 From: Amaury Korb <92906119+amkorb@users.noreply.github.com> Date: Wed, 2 Aug 2023 23:28:10 +0200 Subject: [PATCH 48/68] Add STATUS_NOT_ACTIVE --- db/languages/ja | 1 + 1 file changed, 1 insertion(+) diff --git a/db/languages/ja b/db/languages/ja index 3e3de50c..846b1eb1 100644 --- a/db/languages/ja +++ b/db/languages/ja @@ -83,6 +83,7 @@ STATUS_FOUND="見つかりました" STATUS_NO="いいえ" #STATUS_NON_DEFAULT="NON DEFAULT" STATUS_NONE="なし" +STATUS_NOT_ACTIVE="NOT ACTIVE" #STATUS_NOT_CONFIGURED="NOT CONFIGURED" #STATUS_NOT_DISABLED="NOT DISABLED" #STATUS_NOT_ENABLED="NOT ENABLED" From 98f8318256771c795ca145461f86ba3e0cea00cc Mon Sep 17 00:00:00 2001 From: Amaury Korb <92906119+amkorb@users.noreply.github.com> Date: Wed, 2 Aug 2023 23:28:25 +0200 Subject: [PATCH 49/68] Add STATUS_NOT_ACTIVE --- db/languages/ko | 1 + 1 file changed, 1 insertion(+) diff --git a/db/languages/ko b/db/languages/ko index dba75b76..72d31d79 100644 --- a/db/languages/ko +++ b/db/languages/ko @@ -83,6 +83,7 @@ STATUS_FOUND="발견" STATUS_NO="아니오" #STATUS_NON_DEFAULT="NON DEFAULT" STATUS_NONE="없음" +STATUS_NOT_ACTIVE="NOT ACTIVE" #STATUS_NOT_CONFIGURED="NOT CONFIGURED" #STATUS_NOT_DISABLED="NOT DISABLED" #STATUS_NOT_ENABLED="NOT ENABLED" From 4c8af4da3b527746c0e04f6124da975321d3b3d4 Mon Sep 17 00:00:00 2001 From: Amaury Korb <92906119+amkorb@users.noreply.github.com> Date: Wed, 2 Aug 2023 23:28:41 +0200 Subject: [PATCH 50/68] Add STATUS_NOT_ACTIVE --- db/languages/nb-NO | 1 + 1 file changed, 1 insertion(+) diff --git a/db/languages/nb-NO b/db/languages/nb-NO index 84ddf269..ea3e8832 100644 --- a/db/languages/nb-NO +++ b/db/languages/nb-NO @@ -83,6 +83,7 @@ STATUS_FOUND="FUNNET" #STATUS_NON_DEFAULT="NON DEFAULT" STATUS_NO="NEI" STATUS_NONE="INGEN" +STATUS_NOT_ACTIVE="NOT ACTIVE" #STATUS_NOT_CONFIGURED="NOT CONFIGURED" #STATUS_NOT_DISABLED="NOT DISABLED" #STATUS_NOT_ENABLED="NOT ENABLED" From 0102139e256720ec0842ab0db1ce13119145ef00 Mon Sep 17 00:00:00 2001 From: Amaury Korb <92906119+amkorb@users.noreply.github.com> Date: Wed, 2 Aug 2023 23:28:53 +0200 Subject: [PATCH 51/68] Add STATUS_NOT_ACTIVE --- db/languages/nl | 1 + 1 file changed, 1 insertion(+) diff --git a/db/languages/nl b/db/languages/nl index 4c22b9fe..cdb92423 100644 --- a/db/languages/nl +++ b/db/languages/nl @@ -83,6 +83,7 @@ STATUS_FOUND="GEVONDEN" #STATUS_NON_DEFAULT="NON DEFAULT" STATUS_NO="NEE" STATUS_NONE="GEEN" +STATUS_NOT_ACTIVE="NOT ACTIVE" STATUS_NOT_CONFIGURED="NIET GECONFIGUREERD" #STATUS_NOT_DISABLED="NOT DISABLED" #STATUS_NOT_ENABLED="NOT ENABLED" From 03e23ac43cad01355cec830d3f93f889e8128ec1 Mon Sep 17 00:00:00 2001 From: Amaury Korb <92906119+amkorb@users.noreply.github.com> Date: Wed, 2 Aug 2023 23:29:10 +0200 Subject: [PATCH 52/68] Add STATUS_NOT_ACTIVE --- db/languages/pl | 1 + 1 file changed, 1 insertion(+) diff --git a/db/languages/pl b/db/languages/pl index 200bac79..887d0a7d 100644 --- a/db/languages/pl +++ b/db/languages/pl @@ -83,6 +83,7 @@ #STATUS_NON_DEFAULT="NON DEFAULT" #STATUS_NONE="NONE" #STATUS_NO="NO" +STATUS_NOT_ACTIVE="NOT ACTIVE" #STATUS_NOT_CONFIGURED="NOT CONFIGURED" #STATUS_NOT_DISABLED="NOT DISABLED" #STATUS_NOT_ENABLED="NOT ENABLED" From e69f02e8357701db5ac0d591a3fd2599fa3df242 Mon Sep 17 00:00:00 2001 From: Amaury Korb <92906119+amkorb@users.noreply.github.com> Date: Wed, 2 Aug 2023 23:29:23 +0200 Subject: [PATCH 53/68] Add STATUS_NOT_ACTIVE --- db/languages/pt | 1 + 1 file changed, 1 insertion(+) diff --git a/db/languages/pt b/db/languages/pt index 740fab6a..483fabd6 100644 --- a/db/languages/pt +++ b/db/languages/pt @@ -83,6 +83,7 @@ STATUS_FOUND="ENCONTRADO" STATUS_NO="NÃO" #STATUS_NON_DEFAULT="NON DEFAULT" STATUS_NONE="NENHUM" +STATUS_NOT_ACTIVE="NOT ACTIVE" #STATUS_NOT_CONFIGURED="NOT CONFIGURED" #STATUS_NOT_DISABLED="NOT DISABLED" #STATUS_NOT_ENABLED="NOT ENABLED" From ead7df73fe92ffc5eafe76a5484fdca5df3983ed Mon Sep 17 00:00:00 2001 From: Amaury Korb <92906119+amkorb@users.noreply.github.com> Date: Wed, 2 Aug 2023 23:29:39 +0200 Subject: [PATCH 54/68] Add STATUS_NOT_ACTIVE --- db/languages/ru | 1 + 1 file changed, 1 insertion(+) diff --git a/db/languages/ru b/db/languages/ru index c24603b6..55a4717b 100644 --- a/db/languages/ru +++ b/db/languages/ru @@ -82,6 +82,7 @@ STATUS_LOCAL_ONLY="ТОЛЬКО ЛОКАЛЬНО" STATUS_MEDIUM="СРЕДНИЙ" STATUS_NON_DEFAULT="НЕ ПО УМОЛЧАНИЮ" STATUS_NONE="Отсутствует" +STATUS_NOT_ACTIVE="NOT ACTIVE" STATUS_NOT_CONFIGURED="НЕ СКОНФИГУРИРОВАНО" STATUS_NOT_DISABLED="НЕ ОТКЛЮЧЕНО" STATUS_NOT_ENABLED="НЕ ВКЛЮЧЕНО" From e36fd3a5c0e60f3a53b233c77255f913937e0a6f Mon Sep 17 00:00:00 2001 From: Amaury Korb <92906119+amkorb@users.noreply.github.com> Date: Wed, 2 Aug 2023 23:29:52 +0200 Subject: [PATCH 55/68] Add STATUS_NOT_ACTIVE --- db/languages/se | 1 + 1 file changed, 1 insertion(+) diff --git a/db/languages/se b/db/languages/se index d77717b4..e5a90859 100644 --- a/db/languages/se +++ b/db/languages/se @@ -83,6 +83,7 @@ STATUS_FOUND="HITTAD" #STATUS_NON_DEFAULT="NON DEFAULT" STATUS_NONE="INGEN" STATUS_NO="NEJ" +STATUS_NOT_ACTIVE="NOT ACTIVE" #STATUS_NOT_CONFIGURED="NOT CONFIGURED" #STATUS_NOT_DISABLED="NOT DISABLED" #STATUS_NOT_ENABLED="NOT ENABLED" From e2ad42711523d6c939fadf7b8bdabea8d03490f9 Mon Sep 17 00:00:00 2001 From: Amaury Korb <92906119+amkorb@users.noreply.github.com> Date: Wed, 2 Aug 2023 23:30:05 +0200 Subject: [PATCH 56/68] Add STATUS_NOT_ACTIVE --- db/languages/sk | 1 + 1 file changed, 1 insertion(+) diff --git a/db/languages/sk b/db/languages/sk index 7f021ade..45a18943 100644 --- a/db/languages/sk +++ b/db/languages/sk @@ -83,6 +83,7 @@ STATUS_FOUND="NÁJDENÉ" #STATUS_NON_DEFAULT="NON DEFAULT" STATUS_NONE="ŽIADNE" STATUS_NO="NIE" +STATUS_NOT_ACTIVE="NOT ACTIVE" #STATUS_NOT_CONFIGURED="NOT CONFIGURED" #STATUS_NOT_DISABLED="NOT DISABLED" #STATUS_NOT_ENABLED="NOT ENABLED" From b2b6cd057eab9727ce8fc300e6b54e1021d81993 Mon Sep 17 00:00:00 2001 From: Amaury Korb <92906119+amkorb@users.noreply.github.com> Date: Wed, 2 Aug 2023 23:30:17 +0200 Subject: [PATCH 57/68] Add STATUS_NOT_ACTIVE --- db/languages/tr | 1 + 1 file changed, 1 insertion(+) diff --git a/db/languages/tr b/db/languages/tr index 62dcb514..585cfed5 100644 --- a/db/languages/tr +++ b/db/languages/tr @@ -83,6 +83,7 @@ STATUS_FOUND="BULUNDU" STATUS_NO="HAYIR" #STATUS_NON_DEFAULT="NON DEFAULT" STATUS_NONE="YOK" +STATUS_NOT_ACTIVE="NOT ACTIVE" #STATUS_NOT_CONFIGURED="NOT CONFIGURED" #STATUS_NOT_DISABLED="NOT DISABLED" #STATUS_NOT_ENABLED="NOT ENABLED" From c65da1aec9894e18645d3e760fd3bf179278f770 Mon Sep 17 00:00:00 2001 From: Michael Boelen Date: Thu, 3 Aug 2023 11:44:41 +0000 Subject: [PATCH 58/68] Release 3.0.9 --- CHANGELOG.md | 2 +- lynis | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index eba36baf..eb3a4677 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,6 +1,6 @@ # Lynis Changelog -## Lynis 3.0.9 (2023-05-02) +## Lynis 3.0.9 (2023-08-03) ### Changed - DBS-1820 - Added newer style format for Mongo authorization setting diff --git a/lynis b/lynis index 2378b4cd..d538deda 100755 --- a/lynis +++ b/lynis @@ -43,8 +43,8 @@ PROGRAM_WEBSITE="https://cisofy.com/lynis/" # Version details - PROGRAM_RELEASE_DATE="2023-05-02" - PROGRAM_RELEASE_TIMESTAMP=1683017189 + PROGRAM_RELEASE_DATE="2023-08-03" + PROGRAM_RELEASE_TIMESTAMP=1691062820 PROGRAM_RELEASE_TYPE="release" # pre-release or release PROGRAM_VERSION="3.0.9" From 5e8755c15f2e54d5d6f9500e14cc746bf8b05d82 Mon Sep 17 00:00:00 2001 From: Michael Boelen Date: Thu, 3 Aug 2023 15:42:02 +0200 Subject: [PATCH 59/68] Update CHANGELOG.md --- CHANGELOG.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index eb3a4677..248c1528 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,12 @@ # Lynis Changelog +## Lynis 3.1.0 (not released yet) + +### Changed +- STATUS_NOT_ACTIVE variable added to translation files + +--------------------------------------------------------------------------------- + ## Lynis 3.0.9 (2023-08-03) ### Changed From 66d1e90bf4dd40bb5829c53e1d81676718d6d9f2 Mon Sep 17 00:00:00 2001 From: Michael Boelen Date: Thu, 3 Aug 2023 23:43:36 +0200 Subject: [PATCH 60/68] Update CHANGELOG.md --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 248c1528..3612e209 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,6 +3,7 @@ ## Lynis 3.1.0 (not released yet) ### Changed +- Updated Amazon Linux EOL dates and addition of Amazon Linux 2023 - STATUS_NOT_ACTIVE variable added to translation files --------------------------------------------------------------------------------- From 5e7aa8eb1a131fb5bcdbe4dd92c70e4aee884766 Mon Sep 17 00:00:00 2001 From: Samuel Henrique Date: Fri, 4 Aug 2023 19:00:31 +0100 Subject: [PATCH 61/68] software-eol.db: Add new Debian/Ubuntu releases and update EOL dates --- db/software-eol.db | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/db/software-eol.db b/db/software-eol.db index ff33a056..1d861c66 100644 --- a/db/software-eol.db +++ b/db/software-eol.db @@ -44,13 +44,16 @@ os:CentOS Linux 7:2024-06-30:1719698400: os:CentOS Linux 8:2029-05-31:1874872800: # # Debian - https://wiki.debian.org/DebianReleases#Production_Releases +# https://wiki.debian.org/LTS # os:Debian 5.0:2012-02-06:1328482800: os:Debian 6.0:2016-02-29:1456700400: os:Debian 7:2018-05-31:1527717600: os:Debian 8:2020-06-30:1593468000: -os:Debian 9:2022-01-01:1640991600: -os:Debian 10:2022-01-01:1640991600: +os:Debian 9:2022-06-30:1656547200: +os:Debian 10:2024-06-30:1719705600: +os:Debian 11:2026-06-30:1782777600: +os:Debian 12:2028-06-30:1845936000: # # Fedora - https://fedoraproject.org/wiki/End_of_life # @@ -240,6 +243,7 @@ os:Ubuntu 18.04:2023-05-01:1682892000: os:Ubuntu 18.10:2019-07-18:1563400800: os:Ubuntu 19.04:2020-01-01:1577833200: os:Ubuntu 20.04:2025-04-01:1743458400: +os:Ubuntu 22.04:2027-04-01:1806537600: # # OmniosCE - https://omniosce.org/releasenotes.html # From 461edd3e1f2708801ac987617a03b730eb10d362 Mon Sep 17 00:00:00 2001 From: al-lac Date: Mon, 7 Aug 2023 09:55:28 +0200 Subject: [PATCH 62/68] Add OS support for macOS Sonoma (14.x) --- include/osdetection | 1 + 1 file changed, 1 insertion(+) diff --git a/include/osdetection b/include/osdetection index bed25033..0f88c7f0 100644 --- a/include/osdetection +++ b/include/osdetection @@ -65,6 +65,7 @@ 11 | 11.[0-9]*) OS_FULLNAME="macOS Big Sur (${OS_VERSION})" ;; 12 | 12.[0-9]*) OS_FULLNAME="macOS Monterey (${OS_VERSION})" ;; 13 | 13.[0-9]*) OS_FULLNAME="macOS Ventura (${OS_VERSION})" ;; + 14 | 14.[0-9]*) OS_FULLNAME="macOS Sonoma (${OS_VERSION})" ;; *) echo "Unknown macOS version. Do you know what version it is? Create an issue at ${PROGRAM_SOURCE}" ;; esac else From 9d9cedee4ef4b1ab79d7288cb9bb3242d92b4939 Mon Sep 17 00:00:00 2001 From: Michael Boelen Date: Tue, 8 Aug 2023 09:11:02 +0000 Subject: [PATCH 63/68] Only quote binary, not the option -E --- include/tests_time | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/tests_time b/include/tests_time index 7ff6755e..b68bc102 100644 --- a/include/tests_time +++ b/include/tests_time @@ -164,7 +164,7 @@ FIND=$(echo "${J}" | ${GREPBINARY} -E '/.placeholder$') if [ -f "${J}" ] && [ -r "${J}" ] && [ -z "${FIND}" ]; then LogText "Test: checking for ntpdate, rdate, sntp or ntpdig in ${J}" - FIND=$("${GREPBINARY} -E" "${CRONTAB_REGEX}" "${J}" | "${GREPBINARY}" -v "^#") + FIND=$("${GREPBINARY}" -E "${CRONTAB_REGEX}" "${J}" | "${GREPBINARY}" -v "^#") if [ -n "${FIND}" ]; then FOUND=1; FOUND_IN_CRON=1; NTP_CONFIG_TYPE_SCHEDULED=1 LogText "Result: found ntpdate, rdate, sntp or ntpdig in ${J}" From f74428a3d7a57536959f25824cadf64c1cd5e9e9 Mon Sep 17 00:00:00 2001 From: Michael Boelen Date: Tue, 8 Aug 2023 11:09:37 +0000 Subject: [PATCH 64/68] Updated log --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 3612e209..fffcfe4f 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,6 +5,7 @@ ### Changed - Updated Amazon Linux EOL dates and addition of Amazon Linux 2023 - STATUS_NOT_ACTIVE variable added to translation files +- MALW-3280 - Correction to detect com.avast.daemon --------------------------------------------------------------------------------- From 0d77a367c59a0b5f1bdcb46380a518519160503b Mon Sep 17 00:00:00 2001 From: Michael Boelen Date: Tue, 8 Aug 2023 11:15:34 +0000 Subject: [PATCH 65/68] [MALW-3280] Correction to detect com.avast.daemon --- include/tests_malware | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/tests_malware b/include/tests_malware index 40336fa5..2b3b6cb6 100644 --- a/include/tests_malware +++ b/include/tests_malware @@ -128,7 +128,7 @@ # Avast (macOS) LogText "Test: checking process com.avast.daemon" - if IsRunning "com.avast.daemon"; then + if IsRunning --full "com.avast.daemon"; then FOUND=1 AVAST_DAEMON_RUNNING=1 MALWARE_DAEMON_RUNNING=1 From 1bfcc9b1469fab0884df3d3a581089ebc79b79b9 Mon Sep 17 00:00:00 2001 From: Michael Boelen Date: Wed, 13 Sep 2023 16:07:41 +0200 Subject: [PATCH 66/68] Update tests_malware Corrected variable --- include/tests_malware | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/tests_malware b/include/tests_malware index 41814b43..b016a46d 100644 --- a/include/tests_malware +++ b/include/tests_malware @@ -39,7 +39,7 @@ MALWARE_SCANNER_INSTALLED=0 MALWARE_DAEMON_RUNNING=0 ROOTKIT_SCANNER_FOUND=0 - SENTINELONE_SCANNER_FOUND=0 + SENTINELONE_SCANNER_RUNNING=0 SOPHOS_SCANNER_RUNNING=0 SYMANTEC_SCANNER_RUNNING=0 SYNOLOGY_DAEMON_RUNNING=0 From bf197ffd7fb949adcbc00b1136c6d3cf6bd3001a Mon Sep 17 00:00:00 2001 From: Stefan Baumgartner Date: Sun, 17 Sep 2023 10:24:52 +0200 Subject: [PATCH 67/68] Update tests_malware Fix incorrect "IsRunning" invocations for SentinelOne detection. --- include/tests_malware | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/include/tests_malware b/include/tests_malware index 9798fbff..87a721bc 100644 --- a/include/tests_malware +++ b/include/tests_malware @@ -234,9 +234,9 @@ # SentinelOne LogText "Text: checking process sentineld (SentinelOne)" - if isRunning "sentineld"; then SENTINELONE_SCANNER_RUNNING=1; fi # macOS - if isRunning "s1-agent"; then SENTINELONE_SCANNER_RUNNING=1; fi # Linux - if isRunning "SentinelAgent"; then SENTINELONE_SCANNER_RUNNING=1; fi # Windows + if IsRunning "sentineld"; then SENTINELONE_SCANNER_RUNNING=1; fi # macOS + if IsRunning "s1-agent"; then SENTINELONE_SCANNER_RUNNING=1; fi # Linux + if IsRunning "SentinelAgent"; then SENTINELONE_SCANNER_RUNNING=1; fi # Windows if [ ${SENTINELONE_SCANNER_RUNNING} -eq 1 ]; then FOUND=1 if IsVerbose; then Display --indent 2 --text "- ${GEN_CHECKING} SentinelOne" --result "${STATUS_FOUND}" --color GREEN; fi From ddd6e703063a9c03764b2538ee18749ef5be0bd5 Mon Sep 17 00:00:00 2001 From: Michael Boelen Date: Sat, 7 Oct 2023 11:35:09 +0200 Subject: [PATCH 68/68] Update CHANGELOG.md --- CHANGELOG.md | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index fffcfe4f..807bbc51 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,9 +3,17 @@ ## Lynis 3.1.0 (not released yet) ### Changed +- MALW-3280 - Correction to detect com.avast.daemon +- OS detection added for Guix System, macOS Ventura (13.x)/Sonoma (14.x), NXP LSDK, OpenEmbedded "nodistro", and The Yocto Projects distro "Poky" - Updated Amazon Linux EOL dates and addition of Amazon Linux 2023 - STATUS_NOT_ACTIVE variable added to translation files -- MALW-3280 - Correction to detect com.avast.daemon +- End-of-life dates updated +- Fixing missing or erroneous test number comments +- Wazuh for file integrity and tooling +- Updated parsing output of arch-audit +- Added support for SentinelOne detection +- Replacing deprecated option -i for xargs +- Path detection for PostgreSQL improved ---------------------------------------------------------------------------------