diff --git a/CHANGELOG.md b/CHANGELOG.md index ac435bd5..f291d7d0 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,16 +1,31 @@ # Lynis Changelog -## Lynis 3.0.7 (Not released yet) +## Lynis 3.0.8 (not released yet) + +### Added +- MALW-3274 - Detect McAfee VirusScan Command Line Scanner +- EOL for Alpine Linux 3.14 and 3.15 + +### Changed +- KRNL-5830 - Check for /var/run/needs_restarting (Slackware) + +--------------------------------------------------------------------------------- + +## Lynis 3.0.7 (2022-01-18) ### Added - MALW-3290 - Show status of malware components -- OS detection for RHEL 6 +- OS detection for RHEL 6 and Funtoo Linux +- Added service manager openrc ### Changed - DBS-1804 - Added alias for MariaDB - FINT-4316 - Support for newer Ubuntu versions - MALW-3280 - Added Trend Micro malware agent +- NETW-3200 - Allow unknown number of spaces in modprobe blacklists +- PKGS-7320 - Support for Garuda Linux and arch-audit - Several improvements for busybox shell +- Russian translation of Lynis extended --------------------------------------------------------------------------------- diff --git a/README.md b/README.md index 197e59c9..4fa3900e 100644 --- a/README.md +++ b/README.md @@ -48,7 +48,7 @@ There are multiple options available to install Lynis. ### Software Package -For sytems running Linux, BSD, and macOS, there is typically a package available. This is the preferred method of obtaining Lynis, as it is quick to install and easy to update. The Lynis project itself also provides [packages](https://packages.cisofy.com/) in RPM or DEB format suitable for systems systems running: +For systems running Linux, BSD, and macOS, there is typically a package available. This is the preferred method of obtaining Lynis, as it is quick to install and easy to update. The Lynis project itself also provides [packages](https://packages.cisofy.com/) in RPM or DEB format suitable for systems systems running: `CentOS`, `Debian`, `Fedora`, `OEL`, `openSUSE`, `RHEL`, `Ubuntu`, and others. Some distributions may also have Lynis in their software repository: [![Repology](https://repology.org/badge/tiny-repos/lynis.svg)](https://repology.org/project/lynis/versions) diff --git a/db/software-eol.db b/db/software-eol.db index bebd4de8..f8242d35 100644 --- a/db/software-eol.db +++ b/db/software-eol.db @@ -16,6 +16,8 @@ # # Alpine - https://alpinelinux.org/releases/ # +os:Alpine 3.15:2023-11-01:1698793200 +os:Alpine 3.14:2023-05-01:1682899200 os:Alpine 3.13:2022-11-01:1667275200 os:Alpine 3.12:2022-05-01:1651377600 os:Alpine 3.11:2021-11-01:1635739200 diff --git a/db/tests.db b/db/tests.db index c9c4797f..522441f4 100644 --- a/db/tests.db +++ b/db/tests.db @@ -265,6 +265,7 @@ MAIL-8838:test:security:mail_messaging::Check dovecot process: MAIL-8860:test:security:mail_messaging::Check Qmail status: MAIL-8880:test:security:mail_messaging::Check Sendmail status: MAIL-8920:test:security:mail_messaging::Check OpenSMTPD status: +MALW-3274:test:security:malware::Check for McAfee VirusScan Command Line Scanner: MALW-3275:test:security:malware::Check for chkrootkit: MALW-3276:test:security:malware::Check for Rootkit Hunter: MALW-3278:test:security:malware::Check for LMD: diff --git a/include/tests_authentication b/include/tests_authentication index 2712aa34..1718f99a 100644 --- a/include/tests_authentication +++ b/include/tests_authentication @@ -916,7 +916,7 @@ LogText "Result: found one or more accounts without password" for I in ${FIND2}; do LogText "Account without password: ${I}" - Report "account_without_password=${I}" + Report "account_without_password[]=${I}" done Display --indent 2 --text "- Accounts without password" --result "${STATUS_WARNING}" --color RED ReportWarning "${TEST_NO}" "Found accounts without password" diff --git a/include/tests_kernel b/include/tests_kernel index 610fd325..1eed32ad 100644 --- a/include/tests_kernel +++ b/include/tests_kernel @@ -615,25 +615,29 @@ Register --test-no KRNL-5830 --os Linux --weight L --network NO --category security --description "Checking if system is running on the latest installed kernel" if [ ${SKIPTEST} -eq 0 ]; then REBOOT_NEEDED=2 - FILE="${ROOTDIR}var/run/reboot-required.pkgs" - LogText "Test: Checking presence ${FILE}" - if [ -f ${FILE} ]; then - LogText "Result: file ${FILE} exists" - FIND=$(${WCBINARY} -l < ${FILE}) - if [ "${FIND}" = "0" ]; then - LogText "Result: No reboot needed (file empty)" - REBOOT_NEEDED=0 + for FILE in "${ROOTDIR}var/run/reboot-required.pkgs" "${ROOTDIR}var/run/needs_restarting" + do + LogText "Test: Checking presence ${FILE}" + if [ -f ${FILE} ]; then + LogText "Result: file ${FILE} exists" + FIND=$(${WCBINARY} -l < ${FILE}) + if [ "${FIND}" = "0" ]; then + LogText "Result: No reboot needed (file empty)" + REBOOT_NEEDED=0 + break + else + PKGSCOUNT=$(${WCBINARY} -l < ${FILE}) + LogText "Result: reboot is needed, related to ${PKGSCOUNT} packages" + for I in ${FIND}; do + LogText "Package: ${I}" + done + REBOOT_NEEDED=1 + break + fi else - PKGSCOUNT=$(${WCBINARY} -l < ${FILE}) - LogText "Result: reboot is needed, related to ${PKGSCOUNT} packages" - for I in ${FIND}; do - LogText "Package: ${I}" - done - REBOOT_NEEDED=1 + LogText "Result: file ${FILE} not found" fi - else - LogText "Result: file ${FILE} not found" - fi + done # Check if /boot exists if [ -d "${ROOTDIR}boot" ]; then diff --git a/include/tests_malware b/include/tests_malware index cb13ca96..40336fa5 100644 --- a/include/tests_malware +++ b/include/tests_malware @@ -45,6 +45,24 @@ TRENDMICRO_DSA_DAEMON_RUNNING=0 # ################################################################################# +# + # Test : MALW-3274 + # Description : Check for installed tool (McAfee VirusScan for Command Line) + Register --test-no MALW-3274 --weight L --network NO --category security --description "Check for McAfee VirusScan Command Line" + if [ ${SKIPTEST} -eq 0 ]; then + LogText "Test: checking presence McAfee VirusScan for Command Line" + if [ -x /usr/local/uvscan/uvscan ]; then + Display --indent 2 --text "- ${GEN_CHECKING} McAfee VirusScan for Command Line" --result "${STATUS_FOUND}" --color GREEN + LogText "Result: Found ${MCAFEECLBINARY}" + MALWARE_SCANNER_INSTALLED=1 + AddHP 2 2 + Report "malware_scanner[]=mcafeecl" + else + LogText "Result: McAfee VirusScan for Command Line not found" + fi + fi +# +################################################################################# # # Test : MALW-3275 # Description : Check for installed tool (chkrootkit) diff --git a/include/tests_ssh b/include/tests_ssh index 7f31c348..de3209ee 100644 --- a/include/tests_ssh +++ b/include/tests_ssh @@ -74,7 +74,7 @@ LogText "Result: ${I}/sshd_config exists" if [ ${FOUND} -eq 1 ]; then ReportException "${TEST_NO}:01" - LogText "Result: we already had found another sshd_config file. Using this new file then." + LogText "Result: we already found another sshd_config file. Using this new file instead of the previous one." fi FileIsReadable ${I}/sshd_config if [ ${CANREAD} -eq 1 ]; then diff --git a/lynis b/lynis index 4a1a3979..c15a78c7 100755 --- a/lynis +++ b/lynis @@ -43,10 +43,10 @@ PROGRAM_WEBSITE="https://cisofy.com/lynis/" # Version details - PROGRAM_RELEASE_DATE="2021-07-27" - PROGRAM_RELEASE_TIMESTAMP=1627375518 + PROGRAM_RELEASE_DATE="2022-01-31" + PROGRAM_RELEASE_TIMESTAMP=1643632222 PROGRAM_RELEASE_TYPE="pre-release" # pre-release or release - PROGRAM_VERSION="3.0.7" + PROGRAM_VERSION="3.0.8" # Source, documentation and license PROGRAM_SOURCE="https://github.com/CISOfy/lynis"