tyler.durden/lynis
1
0
Fork 0
mirror of https://github.com/CISOfy/lynis.git synced 2025-07-27 15:54:09 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'origin/master' into alpine_apk

Browse Source
This commit is contained in:
Steve Kolenich 2022-01-31 10:05:26 -05:00
commit eb46f39c44
9 changed files with 65 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
CHANGELOG.md
View File

@ -1,16 +1,31 @@
# Lynis Changelog # Lynis Changelog
## Lynis 3.0.7 (Not released yet) ## Lynis 3.0.8 (not released yet)
### Added
- MALW-3274 - Detect McAfee VirusScan Command Line Scanner
- EOL for Alpine Linux 3.14 and 3.15
### Changed
- KRNL-5830 - Check for /var/run/needs_restarting (Slackware)
---------------------------------------------------------------------------------
## Lynis 3.0.7 (2022-01-18)
### Added ### Added
- MALW-3290 - Show status of malware components - MALW-3290 - Show status of malware components
- OS detection for RHEL 6 - OS detection for RHEL 6 and Funtoo Linux
- Added service manager openrc
### Changed ### Changed
- DBS-1804 - Added alias for MariaDB - DBS-1804 - Added alias for MariaDB
- FINT-4316 - Support for newer Ubuntu versions - FINT-4316 - Support for newer Ubuntu versions
- MALW-3280 - Added Trend Micro malware agent - MALW-3280 - Added Trend Micro malware agent
- NETW-3200 - Allow unknown number of spaces in modprobe blacklists
- PKGS-7320 - Support for Garuda Linux and arch-audit
- Several improvements for busybox shell - Several improvements for busybox shell
- Russian translation of Lynis extended
--------------------------------------------------------------------------------- ---------------------------------------------------------------------------------

2
README.md
View File

@ -48,7 +48,7 @@ There are multiple options available to install Lynis.
### Software Package ### Software Package
For sytems running Linux, BSD, and macOS, there is typically a package available. This is the preferred method of obtaining Lynis, as it is quick to install and easy to update. The Lynis project itself also provides [packages](https://packages.cisofy.com/) in RPM or DEB format suitable for systems systems running: For systems running Linux, BSD, and macOS, there is typically a package available. This is the preferred method of obtaining Lynis, as it is quick to install and easy to update. The Lynis project itself also provides [packages](https://packages.cisofy.com/) in RPM or DEB format suitable for systems systems running:
`CentOS`, `Debian`, `Fedora`, `OEL`, `openSUSE`, `RHEL`, `Ubuntu`, and others. `CentOS`, `Debian`, `Fedora`, `OEL`, `openSUSE`, `RHEL`, `Ubuntu`, and others.
Some distributions may also have Lynis in their software repository: [![Repology](https://repology.org/badge/tiny-repos/lynis.svg)](https://repology.org/project/lynis/versions) Some distributions may also have Lynis in their software repository: [![Repology](https://repology.org/badge/tiny-repos/lynis.svg)](https://repology.org/project/lynis/versions)

2
db/software-eol.db
View File

@ -16,6 +16,8 @@
# #
# Alpine - https://alpinelinux.org/releases/ # Alpine - https://alpinelinux.org/releases/
# #
os:Alpine 3.15:2023-11-01:1698793200
os:Alpine 3.14:2023-05-01:1682899200
os:Alpine 3.13:2022-11-01:1667275200 os:Alpine 3.13:2022-11-01:1667275200
os:Alpine 3.12:2022-05-01:1651377600 os:Alpine 3.12:2022-05-01:1651377600
os:Alpine 3.11:2021-11-01:1635739200 os:Alpine 3.11:2021-11-01:1635739200

1
db/tests.db
View File

@ -265,6 +265,7 @@ MAIL-8838:test:security:mail_messaging::Check dovecot process:
MAIL-8860:test:security:mail_messaging::Check Qmail status: MAIL-8860:test:security:mail_messaging::Check Qmail status:
MAIL-8880:test:security:mail_messaging::Check Sendmail status: MAIL-8880:test:security:mail_messaging::Check Sendmail status:
MAIL-8920:test:security:mail_messaging::Check OpenSMTPD status: MAIL-8920:test:security:mail_messaging::Check OpenSMTPD status:
MALW-3274:test:security:malware::Check for McAfee VirusScan Command Line Scanner:
MALW-3275:test:security:malware::Check for chkrootkit: MALW-3275:test:security:malware::Check for chkrootkit:
MALW-3276:test:security:malware::Check for Rootkit Hunter: MALW-3276:test:security:malware::Check for Rootkit Hunter:
MALW-3278:test:security:malware::Check for LMD: MALW-3278:test:security:malware::Check for LMD:

2
include/tests_authentication
View File

@ -916,7 +916,7 @@
LogText "Result: found one or more accounts without password" LogText "Result: found one or more accounts without password"
for I in ${FIND2}; do for I in ${FIND2}; do
LogText "Account without password: ${I}" LogText "Account without password: ${I}"
Report "account_without_password=${I}" Report "account_without_password[]=${I}"
done done
Display --indent 2 --text "- Accounts without password" --result "${STATUS_WARNING}" --color RED Display --indent 2 --text "- Accounts without password" --result "${STATUS_WARNING}" --color RED
ReportWarning "${TEST_NO}" "Found accounts without password" ReportWarning "${TEST_NO}" "Found accounts without password"

6
include/tests_kernel
View File

@ -615,7 +615,8 @@
Register --test-no KRNL-5830 --os Linux --weight L --network NO --category security --description "Checking if system is running on the latest installed kernel" Register --test-no KRNL-5830 --os Linux --weight L --network NO --category security --description "Checking if system is running on the latest installed kernel"
if [ ${SKIPTEST} -eq 0 ]; then if [ ${SKIPTEST} -eq 0 ]; then
REBOOT_NEEDED=2 REBOOT_NEEDED=2
FILE="${ROOTDIR}var/run/reboot-required.pkgs" for FILE in "${ROOTDIR}var/run/reboot-required.pkgs" "${ROOTDIR}var/run/needs_restarting"
do
LogText "Test: Checking presence ${FILE}" LogText "Test: Checking presence ${FILE}"
if [ -f ${FILE} ]; then if [ -f ${FILE} ]; then
LogText "Result: file ${FILE} exists" LogText "Result: file ${FILE} exists"
@ -623,6 +624,7 @@
if [ "${FIND}" = "0" ]; then if [ "${FIND}" = "0" ]; then
LogText "Result: No reboot needed (file empty)" LogText "Result: No reboot needed (file empty)"
REBOOT_NEEDED=0 REBOOT_NEEDED=0
break
else else
PKGSCOUNT=$(${WCBINARY} -l < ${FILE}) PKGSCOUNT=$(${WCBINARY} -l < ${FILE})
LogText "Result: reboot is needed, related to ${PKGSCOUNT} packages" LogText "Result: reboot is needed, related to ${PKGSCOUNT} packages"
@ -630,10 +632,12 @@
LogText "Package: ${I}" LogText "Package: ${I}"
done done
REBOOT_NEEDED=1 REBOOT_NEEDED=1
break
fi fi
else else
LogText "Result: file ${FILE} not found" LogText "Result: file ${FILE} not found"
fi fi
done
# Check if /boot exists # Check if /boot exists
if [ -d "${ROOTDIR}boot" ]; then if [ -d "${ROOTDIR}boot" ]; then

18
include/tests_malware
View File

@ -45,6 +45,24 @@
TRENDMICRO_DSA_DAEMON_RUNNING=0 TRENDMICRO_DSA_DAEMON_RUNNING=0
# #
################################################################################# #################################################################################
#
# Test : MALW-3274
# Description : Check for installed tool (McAfee VirusScan for Command Line)
Register --test-no MALW-3274 --weight L --network NO --category security --description "Check for McAfee VirusScan Command Line"
if [ ${SKIPTEST} -eq 0 ]; then
LogText "Test: checking presence McAfee VirusScan for Command Line"
if [ -x /usr/local/uvscan/uvscan ]; then
Display --indent 2 --text "- ${GEN_CHECKING} McAfee VirusScan for Command Line" --result "${STATUS_FOUND}" --color GREEN
LogText "Result: Found ${MCAFEECLBINARY}"
MALWARE_SCANNER_INSTALLED=1
AddHP 2 2
Report "malware_scanner[]=mcafeecl"
else
LogText "Result: McAfee VirusScan for Command Line not found"
fi
fi
#
#################################################################################
# #
# Test : MALW-3275 # Test : MALW-3275
# Description : Check for installed tool (chkrootkit) # Description : Check for installed tool (chkrootkit)

2
include/tests_ssh
View File

@ -74,7 +74,7 @@
LogText "Result: ${I}/sshd_config exists" LogText "Result: ${I}/sshd_config exists"
if [ ${FOUND} -eq 1 ]; then if [ ${FOUND} -eq 1 ]; then
ReportException "${TEST_NO}:01" ReportException "${TEST_NO}:01"
LogText "Result: we already had found another sshd_config file. Using this new file then." LogText "Result: we already found another sshd_config file. Using this new file instead of the previous one."
fi fi
FileIsReadable ${I}/sshd_config FileIsReadable ${I}/sshd_config
if [ ${CANREAD} -eq 1 ]; then if [ ${CANREAD} -eq 1 ]; then

6
lynis
View File

@ -43,10 +43,10 @@
PROGRAM_WEBSITE="https://cisofy.com/lynis/" PROGRAM_WEBSITE="https://cisofy.com/lynis/"
# Version details # Version details
PROGRAM_RELEASE_DATE="2021-07-27" PROGRAM_RELEASE_DATE="2022-01-31"
PROGRAM_RELEASE_TIMESTAMP=1627375518 PROGRAM_RELEASE_TIMESTAMP=1643632222
PROGRAM_RELEASE_TYPE="pre-release" # pre-release or release PROGRAM_RELEASE_TYPE="pre-release" # pre-release or release
PROGRAM_VERSION="3.0.7" PROGRAM_VERSION="3.0.8"
# Source, documentation and license # Source, documentation and license
PROGRAM_SOURCE="https://github.com/CISOfy/lynis" PROGRAM_SOURCE="https://github.com/CISOfy/lynis"