Merge remote-tracking branch 'origin/master' into alpine_apk

2025-04-08 17:15:25 +02:00 · 2022-01-31 10:05:26 -05:00 · 2022-01-31 10:05:26 -05:00 · eb46f39c44
commit eb46f39c44
parent 302b52c55d ce4a0ce6bb
9 changed files with 65 additions and 25 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -1,16 +1,31 @@
 # Lynis Changelog

-## Lynis 3.0.7 (Not released yet)
+## Lynis 3.0.8 (not released yet)
+
+### Added
+- MALW-3274 - Detect McAfee VirusScan Command Line Scanner
+- EOL for Alpine Linux 3.14 and 3.15
+
+### Changed
+- KRNL-5830 - Check for /var/run/needs_restarting (Slackware)
+
+---------------------------------------------------------------------------------
+
+## Lynis 3.0.7 (2022-01-18)

 ### Added
 - MALW-3290 - Show status of malware components
- OS detection for RHEL 6
+- OS detection for RHEL 6 and Funtoo Linux
+- Added service manager openrc

 ### Changed
 - DBS-1804 - Added alias for MariaDB
 - FINT-4316 - Support for newer Ubuntu versions
 - MALW-3280 - Added Trend Micro malware agent
+- NETW-3200 - Allow unknown number of spaces in modprobe blacklists
+- PKGS-7320 - Support for Garuda Linux and arch-audit
 - Several improvements for busybox shell
+- Russian translation of Lynis extended

 ---------------------------------------------------------------------------------

--- a/README.md
+++ b/README.md
@ -48,7 +48,7 @@ There are multiple options available to install Lynis.

 ### Software Package

-For sytems running Linux, BSD, and macOS, there is typically a package available. This is the preferred method of obtaining Lynis, as it is quick to install and easy to update. The Lynis project itself also provides [packages](https://packages.cisofy.com/) in RPM or DEB format suitable for systems systems running:
+For systems running Linux, BSD, and macOS, there is typically a package available. This is the preferred method of obtaining Lynis, as it is quick to install and easy to update. The Lynis project itself also provides [packages](https://packages.cisofy.com/) in RPM or DEB format suitable for systems systems running:
 `CentOS`, `Debian`, `Fedora`, `OEL`, `openSUSE`, `RHEL`, `Ubuntu`, and others.

 Some distributions may also have Lynis in their software repository: [![Repology](https://repology.org/badge/tiny-repos/lynis.svg)](https://repology.org/project/lynis/versions)
--- a/db/software-eol.db
+++ b/db/software-eol.db
@ -16,6 +16,8 @@
 #
 # Alpine - https://alpinelinux.org/releases/
 #
+os:Alpine 3.15:2023-11-01:1698793200
+os:Alpine 3.14:2023-05-01:1682899200
 os:Alpine 3.13:2022-11-01:1667275200
 os:Alpine 3.12:2022-05-01:1651377600
 os:Alpine 3.11:2021-11-01:1635739200
--- a/db/tests.db
+++ b/db/tests.db
@ -265,6 +265,7 @@ MAIL-8838:test:security:mail_messaging::Check dovecot process:
 MAIL-8860:test:security:mail_messaging::Check Qmail status:
 MAIL-8880:test:security:mail_messaging::Check Sendmail status:
 MAIL-8920:test:security:mail_messaging::Check OpenSMTPD status:
+MALW-3274:test:security:malware::Check for McAfee VirusScan Command Line Scanner:
 MALW-3275:test:security:malware::Check for chkrootkit:
 MALW-3276:test:security:malware::Check for Rootkit Hunter:
 MALW-3278:test:security:malware::Check for LMD:
--- a/include/tests_authentication
+++ b/include/tests_authentication
@ -916,7 +916,7 @@
            LogText "Result: found one or more accounts without password"
            for I in ${FIND2}; do
                LogText "Account without password: ${I}"
-                Report "account_without_password=${I}"
+                Report "account_without_password[]=${I}"
            done
            Display --indent 2 --text "- Accounts without password" --result "${STATUS_WARNING}" --color RED
            ReportWarning "${TEST_NO}" "Found accounts without password"
--- a/include/tests_kernel
+++ b/include/tests_kernel
@ -615,25 +615,29 @@
    Register --test-no KRNL-5830 --os Linux --weight L --network NO --category security --description "Checking if system is running on the latest installed kernel"
    if [ ${SKIPTEST} -eq 0 ]; then
        REBOOT_NEEDED=2
-        FILE="${ROOTDIR}var/run/reboot-required.pkgs"
-        LogText "Test: Checking presence ${FILE}"
-        if [ -f ${FILE} ]; then
-            LogText "Result: file ${FILE} exists"
-            FIND=$(${WCBINARY} -l < ${FILE})
-            if [ "${FIND}" = "0" ]; then
-                LogText "Result: No reboot needed (file empty)"
-                REBOOT_NEEDED=0
+        for FILE in "${ROOTDIR}var/run/reboot-required.pkgs" "${ROOTDIR}var/run/needs_restarting"
+        do
+            LogText "Test: Checking presence ${FILE}"
+            if [ -f ${FILE} ]; then
+                LogText "Result: file ${FILE} exists"
+                FIND=$(${WCBINARY} -l < ${FILE})
+                if [ "${FIND}" = "0" ]; then
+                    LogText "Result: No reboot needed (file empty)"
+                    REBOOT_NEEDED=0
+                    break
+                else
+                    PKGSCOUNT=$(${WCBINARY} -l < ${FILE})
+                    LogText "Result: reboot is needed, related to ${PKGSCOUNT} packages"
+                    for I in ${FIND}; do
+                        LogText "Package: ${I}"
+                    done
+                    REBOOT_NEEDED=1
+                    break
+                fi
            else
-                PKGSCOUNT=$(${WCBINARY} -l < ${FILE})
-                LogText "Result: reboot is needed, related to ${PKGSCOUNT} packages"
-                for I in ${FIND}; do
-                    LogText "Package: ${I}"
-                done
-                REBOOT_NEEDED=1
+                LogText "Result: file ${FILE} not found"
            fi
-        else
-            LogText "Result: file ${FILE} not found"
-        fi
+        done

        # Check if /boot exists
        if [ -d "${ROOTDIR}boot" ]; then
--- a/include/tests_malware
+++ b/include/tests_malware
@ -45,6 +45,24 @@
    TRENDMICRO_DSA_DAEMON_RUNNING=0
 #
 #################################################################################
+#
+    # Test        : MALW-3274
+    # Description : Check for installed tool (McAfee VirusScan for Command Line)
+    Register --test-no MALW-3274 --weight L --network NO --category security --description "Check for McAfee VirusScan Command Line"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        LogText "Test: checking presence McAfee VirusScan for Command Line"
+        if [ -x /usr/local/uvscan/uvscan ]; then
+            Display --indent 2 --text "- ${GEN_CHECKING} McAfee VirusScan for Command Line" --result "${STATUS_FOUND}" --color GREEN
+            LogText "Result: Found ${MCAFEECLBINARY}"
+            MALWARE_SCANNER_INSTALLED=1
+            AddHP 2 2
+            Report "malware_scanner[]=mcafeecl"
+        else
+            LogText "Result: McAfee VirusScan for Command Line not found"
+        fi
+    fi
+#
+#################################################################################
 #
    # Test        : MALW-3275
    # Description : Check for installed tool (chkrootkit)
--- a/include/tests_ssh
+++ b/include/tests_ssh
@ -74,7 +74,7 @@
                LogText "Result: ${I}/sshd_config exists"
                if [ ${FOUND} -eq 1 ]; then
                    ReportException "${TEST_NO}:01"
-                    LogText "Result: we already had found another sshd_config file. Using this new file then."
+                    LogText "Result: we already found another sshd_config file. Using this new file instead of the previous one."
                fi
                FileIsReadable ${I}/sshd_config
                if [ ${CANREAD} -eq 1 ]; then
--- a/6
+++ b/6
@ -43,10 +43,10 @@
    PROGRAM_WEBSITE="https://cisofy.com/lynis/"

    # Version details
-    PROGRAM_RELEASE_DATE="2021-07-27"
-    PROGRAM_RELEASE_TIMESTAMP=1627375518
+    PROGRAM_RELEASE_DATE="2022-01-31"
+    PROGRAM_RELEASE_TIMESTAMP=1643632222
    PROGRAM_RELEASE_TYPE="pre-release" # pre-release or release
-    PROGRAM_VERSION="3.0.7"
+    PROGRAM_VERSION="3.0.8"

    # Source, documentation and license
    PROGRAM_SOURCE="https://github.com/CISOfy/lynis"