Merge remote-tracking branch 'origin/master' into alpine_apk

CHANGELOG.md

@@ -1,16 +1,31 @@
 # Lynis Changelog
 
-## Lynis 3.0.7 (Not released yet)
+## Lynis 3.0.8 (not released yet)
+
+### Added
+- MALW-3274 - Detect McAfee VirusScan Command Line Scanner
+- EOL for Alpine Linux 3.14 and 3.15
+
+### Changed
+- KRNL-5830 - Check for /var/run/needs_restarting (Slackware)
+
+---------------------------------------------------------------------------------
+
+## Lynis 3.0.7 (2022-01-18)
 
 ### Added
 - MALW-3290 - Show status of malware components
-- OS detection for RHEL 6
+- OS detection for RHEL 6 and Funtoo Linux
+- Added service manager openrc
 
 ### Changed
 - DBS-1804 - Added alias for MariaDB
 - FINT-4316 - Support for newer Ubuntu versions
 - MALW-3280 - Added Trend Micro malware agent
+- NETW-3200 - Allow unknown number of spaces in modprobe blacklists
+- PKGS-7320 - Support for Garuda Linux and arch-audit
 - Several improvements for busybox shell
+- Russian translation of Lynis extended
 
 ---------------------------------------------------------------------------------
 

README.md

@@ -48,7 +48,7 @@ There are multiple options available to install Lynis.
 
 ### Software Package
 
-For sytems running Linux, BSD, and macOS, there is typically a package available. This is the preferred method of obtaining Lynis, as it is quick to install and easy to update. The Lynis project itself also provides [packages](https://packages.cisofy.com/) in RPM or DEB format suitable for systems systems running:
+For systems running Linux, BSD, and macOS, there is typically a package available. This is the preferred method of obtaining Lynis, as it is quick to install and easy to update. The Lynis project itself also provides [packages](https://packages.cisofy.com/) in RPM or DEB format suitable for systems systems running:
 `CentOS`, `Debian`, `Fedora`, `OEL`, `openSUSE`, `RHEL`, `Ubuntu`, and others.
 
 Some distributions may also have Lynis in their software repository: [![Repology](https://repology.org/badge/tiny-repos/lynis.svg)](https://repology.org/project/lynis/versions)

db/software-eol.db

@@ -16,6 +16,8 @@
 #
 # Alpine - https://alpinelinux.org/releases/
 #
+os:Alpine 3.15:2023-11-01:1698793200
+os:Alpine 3.14:2023-05-01:1682899200
 os:Alpine 3.13:2022-11-01:1667275200
 os:Alpine 3.12:2022-05-01:1651377600
 os:Alpine 3.11:2021-11-01:1635739200

db/tests.db

@@ -265,6 +265,7 @@ MAIL-8838:test:security:mail_messaging::Check dovecot process:
 MAIL-8860:test:security:mail_messaging::Check Qmail status:
 MAIL-8880:test:security:mail_messaging::Check Sendmail status:
 MAIL-8920:test:security:mail_messaging::Check OpenSMTPD status:
+MALW-3274:test:security:malware::Check for McAfee VirusScan Command Line Scanner:
 MALW-3275:test:security:malware::Check for chkrootkit:
 MALW-3276:test:security:malware::Check for Rootkit Hunter:
 MALW-3278:test:security:malware::Check for LMD:

include/tests_authentication

@@ -916,7 +916,7 @@
             LogText "Result: found one or more accounts without password"
             for I in ${FIND2}; do
                 LogText "Account without password: ${I}"
-                Report "account_without_password=${I}"
+                Report "account_without_password[]=${I}"
             done
             Display --indent 2 --text "- Accounts without password" --result "${STATUS_WARNING}" --color RED
             ReportWarning "${TEST_NO}" "Found accounts without password"

include/tests_kernel

@@ -615,25 +615,29 @@
     Register --test-no KRNL-5830 --os Linux --weight L --network NO --category security --description "Checking if system is running on the latest installed kernel"
     if [ ${SKIPTEST} -eq 0 ]; then
         REBOOT_NEEDED=2
-        FILE="${ROOTDIR}var/run/reboot-required.pkgs"
+        for FILE in "${ROOTDIR}var/run/reboot-required.pkgs" "${ROOTDIR}var/run/needs_restarting"
-        LogText "Test: Checking presence ${FILE}"
+        do
-        if [ -f ${FILE} ]; then
+            LogText "Test: Checking presence ${FILE}"
-            LogText "Result: file ${FILE} exists"
+            if [ -f ${FILE} ]; then
-            FIND=$(${WCBINARY} -l < ${FILE})
+                LogText "Result: file ${FILE} exists"
-            if [ "${FIND}" = "0" ]; then
+                FIND=$(${WCBINARY} -l < ${FILE})
-                LogText "Result: No reboot needed (file empty)"
+                if [ "${FIND}" = "0" ]; then
-                REBOOT_NEEDED=0
+                    LogText "Result: No reboot needed (file empty)"
+                    REBOOT_NEEDED=0
+                    break
+                else
+                    PKGSCOUNT=$(${WCBINARY} -l < ${FILE})
+                    LogText "Result: reboot is needed, related to ${PKGSCOUNT} packages"
+                    for I in ${FIND}; do
+                        LogText "Package: ${I}"
+                    done
+                    REBOOT_NEEDED=1
+                    break
+                fi
             else
-                PKGSCOUNT=$(${WCBINARY} -l < ${FILE})
+                LogText "Result: file ${FILE} not found"
-                LogText "Result: reboot is needed, related to ${PKGSCOUNT} packages"
-                for I in ${FIND}; do
-                    LogText "Package: ${I}"
-                done
-                REBOOT_NEEDED=1
             fi
-        else
+        done
-            LogText "Result: file ${FILE} not found"
-        fi
 
         # Check if /boot exists
         if [ -d "${ROOTDIR}boot" ]; then

include/tests_malware

@@ -45,6 +45,24 @@
     TRENDMICRO_DSA_DAEMON_RUNNING=0
 #
 #################################################################################
+#
+    # Test        : MALW-3274
+    # Description : Check for installed tool (McAfee VirusScan for Command Line)
+    Register --test-no MALW-3274 --weight L --network NO --category security --description "Check for McAfee VirusScan Command Line"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        LogText "Test: checking presence McAfee VirusScan for Command Line"
+        if [ -x /usr/local/uvscan/uvscan ]; then
+            Display --indent 2 --text "- ${GEN_CHECKING} McAfee VirusScan for Command Line" --result "${STATUS_FOUND}" --color GREEN
+            LogText "Result: Found ${MCAFEECLBINARY}"
+            MALWARE_SCANNER_INSTALLED=1
+            AddHP 2 2
+            Report "malware_scanner[]=mcafeecl"
+        else
+            LogText "Result: McAfee VirusScan for Command Line not found"
+        fi
+    fi
+#
+#################################################################################
 #
     # Test        : MALW-3275
     # Description : Check for installed tool (chkrootkit)

include/tests_ssh

@@ -74,7 +74,7 @@
                 LogText "Result: ${I}/sshd_config exists"
                 if [ ${FOUND} -eq 1 ]; then
                     ReportException "${TEST_NO}:01"
-                    LogText "Result: we already had found another sshd_config file. Using this new file then."
+                    LogText "Result: we already found another sshd_config file. Using this new file instead of the previous one."
                 fi
                 FileIsReadable ${I}/sshd_config
                 if [ ${CANREAD} -eq 1 ]; then

lynis

@@ -43,10 +43,10 @@
     PROGRAM_WEBSITE="https://cisofy.com/lynis/"
 
     # Version details
-    PROGRAM_RELEASE_DATE="2021-07-27"
+    PROGRAM_RELEASE_DATE="2022-01-31"
-    PROGRAM_RELEASE_TIMESTAMP=1627375518
+    PROGRAM_RELEASE_TIMESTAMP=1643632222
     PROGRAM_RELEASE_TYPE="pre-release" # pre-release or release
-    PROGRAM_VERSION="3.0.7"
+    PROGRAM_VERSION="3.0.8"
 
     # Source, documentation and license
     PROGRAM_SOURCE="https://github.com/CISOfy/lynis"