mirror of https://github.com/CISOfy/lynis.git
[FIRE-4534] detection of Little Snitch
This commit is contained in:
Michael Boelen
parent
7dd3c27b97
commit
fba5140150
51
db/tests.db
51
db/tests.db
|
|
@ -135,17 +135,39 @@ FIRE-4524:test:security:firewalls::Check for CSF presence:
|
|||
FIRE-4526:test:security:firewalls:Solaris:Check ipf status:
|
||||
FIRE-4530:test:security:firewalls:FreeBSD:Check IPFW status:
|
||||
FIRE-4532:test:security:firewalls:MacOS:Check macOS application firewall:
|
||||
FIRE-4534:test:security:firewalls:MacOS:Check Little Snitch firewall:
|
||||
FIRE-4536:test:security:firewalls:Linux:Check nftables status:
|
||||
FIRE-4538:test:security:firewalls:Linux:Check nftables basic configuration:
|
||||
FIRE-4540:test:security:firewalls:Linux:Test for empty nftables configuration:
|
||||
FIRE-4590:test:security:firewalls::Check firewall status:
|
||||
HRDN-7220:test:security:hardening::Check if one or more compilers are installed:
|
||||
HRDN-7222:test:security:hardening::Check compiler permissions:
|
||||
HRDN-7230:test:security:hardening::Check for malware scanner:
|
||||
HOME-9302:test:security:homedirs::Create list with home directories:
|
||||
HOME-9310:test:security:homedirs::Checking for suspicious shell history files:
|
||||
#HOME-9314:test:security:homedirs::Create list with home directories:
|
||||
HOME-9350:test:security:homedirs::Collecting information from home directories:
|
||||
HRDN-7220:test:security:hardening::Check if one or more compilers are installed:
|
||||
HRDN-7222:test:security:hardening::Check compiler permissions:
|
||||
HRDN-7230:test:security:hardening::Check for malware scanner:
|
||||
HTTP-6622:test:security:webservers::Checking Apache presence:
|
||||
HTTP-6624:test:security:webservers::Testing main Apache configuration file:
|
||||
HTTP-6626:test:security:webservers::Testing other Apache configuration file:
|
||||
#HTTP-6628:test:security:webservers::Testing other Apache configuration file:
|
||||
#HTTP-6630:test:security:webservers::Determining all loaded Apache modules:
|
||||
HTTP-6632:test:security:webservers::Determining all available Apache modules:
|
||||
HTTP-6640:test:security:webservers::Determining existence of specific Apache modules:
|
||||
HTTP-6641:test:security:webservers::Determining existence of specific Apache modules:
|
||||
#HTTP-6642:test:security:webservers::Determining existence of specific Apache modules:
|
||||
HTTP-6643:test:security:webservers::Determining existence of specific Apache modules:
|
||||
HTTP-6702:test:security:webservers::Check nginx process:
|
||||
HTTP-6704:test:security:webservers::Check nginx configuration file:
|
||||
HTTP-6706:test:security:webservers::Check for additional nginx configuration files:
|
||||
HTTP-6708:test:security:webservers::Check discovered nginx configuration settings:
|
||||
HTTP-6710:test:security:webservers::Check nginx SSL configuration settings:
|
||||
HTTP-6712:test:security:webservers::Check nginx access logging:
|
||||
HTTP-6714:test:security:webservers::Check for missing error logs in nginx:
|
||||
HTTP-6716:test:security:webservers::Check for debug mode on error log in nginx:
|
||||
#HTTP-67xx:test:security:webservers::Check nginx virtual hosts:
|
||||
#HTTP-67xx:test:security:webservers::Check nginx virtual hosts:
|
||||
HTTP-6720:test:security:webservers::Check Nginx log files:
|
||||
INSE-8002:test:security:insecure_services::Check for enabled inet daemon:
|
||||
INSE-8004:test:security:insecure_services::Check for enabled inet daemon:
|
||||
INSE-8006:test:security:insecure_services::Check configuration of inetd when disabled:
|
||||
|
|
@ -192,7 +214,6 @@ MACF-6204:test:security:mac_frameworks::Check AppArmor presence:
|
|||
MACF-6208:test:security:mac_frameworks::Check if AppArmor is enabled:
|
||||
MACF-6232:test:security:mac_frameworks::Check SELINUX presence:
|
||||
MACF-6234:test:security:mac_frameworks::Check SELINUX status:
|
||||
RBAC-6272:test:security:mac_frameworks::Check grsecurity presence:
|
||||
MACF-6290:test:security:mac_frameworks::Check for implemented MAC framework:
|
||||
MAIL-8802:test:security:mail_messaging::Check Exim status:
|
||||
MAIL-8814:test:security:mail_messaging::Check postfix process status:
|
||||
|
|
@ -308,6 +329,7 @@ PRNT-2314:test:security:printers_spools::Check lpd status:
|
|||
PRNT-2316:test:security:printers_spools:AIX:Checking /etc/qconfig file:
|
||||
PRNT-2418:test:security:printers_spools:AIX:Checking qdaemon printer spooler status:
|
||||
PRNT-2420:test:security:printers_spools:AIX:Checking old print jobs:
|
||||
RBAC-6272:test:security:mac_frameworks::Check grsecurity presence:
|
||||
SCHD-7702:test:security:scheduling::Check status of cron daemon:
|
||||
SCHD-7704:test:security:scheduling::Check crontab/cronjobs:
|
||||
SCHD-7718:test:security:scheduling::Check at users:
|
||||
|
|
@ -366,25 +388,4 @@ TOOL-5102:test:security:tooling::Check for presence of Fail2ban:
|
|||
TOOL-5104:test:security:tooling::Enabled tests for Fail2ban:
|
||||
TOOL-5190:test:security:tooling::Check presence of available IDS/IPS tooling:
|
||||
#VIRT-1920:test::virtualization:Checking VMware guest status:security:
|
||||
HTTP-6622:test:security:webservers::Checking Apache presence:
|
||||
HTTP-6624:test:security:webservers::Testing main Apache configuration file:
|
||||
HTTP-6626:test:security:webservers::Testing other Apache configuration file:
|
||||
#HTTP-6628:test:security:webservers::Testing other Apache configuration file:
|
||||
#HTTP-6630:test:security:webservers::Determining all loaded Apache modules:
|
||||
HTTP-6632:test:security:webservers::Determining all available Apache modules:
|
||||
HTTP-6640:test:security:webservers::Determining existence of specific Apache modules:
|
||||
HTTP-6641:test:security:webservers::Determining existence of specific Apache modules:
|
||||
#HTTP-6642:test:security:webservers::Determining existence of specific Apache modules:
|
||||
HTTP-6643:test:security:webservers::Determining existence of specific Apache modules:
|
||||
HTTP-6702:test:security:webservers::Check nginx process:
|
||||
HTTP-6704:test:security:webservers::Check nginx configuration file:
|
||||
HTTP-6706:test:security:webservers::Check for additional nginx configuration files:
|
||||
HTTP-6708:test:security:webservers::Check discovered nginx configuration settings:
|
||||
HTTP-6710:test:security:webservers::Check nginx SSL configuration settings:
|
||||
HTTP-6712:test:security:webservers::Check nginx access logging:
|
||||
HTTP-6714:test:security:webservers::Check for missing error logs in nginx:
|
||||
HTTP-6716:test:security:webservers::Check for debug mode on error log in nginx:
|
||||
#HTTP-67xx:test:security:webservers::Check nginx virtual hosts:
|
||||
#HTTP-67xx:test:security:webservers::Check nginx virtual hosts:
|
||||
HTTP-6720:test:security:webservers::Check Nginx log files:
|
||||
# EOF
|
||||
|
|
|
|||
|
|
@ -360,19 +360,42 @@
|
|||
# Test : FIRE-4532
|
||||
# Description : Check Application Firewall in Mac OS X
|
||||
if [ -x /usr/libexec/ApplicationFirewall/socketfilterfw ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
|
||||
Register --test-no FIRE-4532 --weight L --os "MacOS" --preqs-met ${PREQS_MET} --network NO --category security --description "Check Mac OS X application firewall"
|
||||
Register --test-no FIRE-4532 --weight L --os "MacOS" --preqs-met ${PREQS_MET} --network NO --category security --description "Check macOS application firewall"
|
||||
if [ ${SKIPTEST} -eq 0 ]; then
|
||||
FIND=$(/usr/libexec/ApplicationFirewall/socketfilterfw --getglobalstate 2> /dev/null | ${GREPBINARY} "Firewall is enabled")
|
||||
if [ ! -z "${FIND}" ]; then
|
||||
Display --indent 2 --text "- Checking Mac OS X: Application Firewall" --result "${STATUS_ENABLED}" --color GREEN
|
||||
Display --indent 2 --text "- Checking macOS: Application Firewall" --result "${STATUS_ENABLED}" --color GREEN
|
||||
AddHP 3 3
|
||||
LogText "Result: application firewall of Mac OS X is enabled"
|
||||
LogText "Result: application firewall of macOS is enabled"
|
||||
FIREWALL_ACTIVE=1
|
||||
APPLICATION_FIREWALL_ACTIVE=1
|
||||
Report "firewall_software[]=macosx-app-fw"
|
||||
Report "app_fw[]=macosx-app-fw"
|
||||
else
|
||||
Display --indent 2 --text "- Checking IPFW" --result "${STATUS_DISABLED}" --color YELLOW
|
||||
if IsVerbose; Display --indent 2 --text "- Checking macOS: Application Firewall" --result "${STATUS_DISABLED}" --color YELLOW; fi
|
||||
AddHP 1 3
|
||||
LogText "Result: application firewall of Mac OS X is disabled"
|
||||
LogText "Result: application firewall of macOS is disabled"
|
||||
fi
|
||||
fi
|
||||
#
|
||||
#################################################################################
|
||||
#
|
||||
# Test : FIRE-4534
|
||||
# Description : Check Little Snitch Daemon on macOS
|
||||
Register --test-no FIRE-4534 --weight L --os "MacOS" --network NO --category security --description "Check for presence of Little Snitch on macOS"
|
||||
if [ ${SKIPTEST} -eq 0 ]; then
|
||||
if [ ! -z "${FIND}" ]; then
|
||||
Display --indent 2 --text "- Checking Little Snitch Daemon" --result "${STATUS_ENABLED}" --color GREEN
|
||||
AddHP 3 3
|
||||
LogText "Result: little Snitch found"
|
||||
FIREWALL_ACTIVE=1
|
||||
APPLICATION_FIREWALL_ACTIVE=1
|
||||
Report "app_fw[]=little-snitch"
|
||||
Report "firewall_software[]=little-snitch"
|
||||
else
|
||||
if IsVerbose; then Display --indent 2 --text "- Checking Little Snitch Daemon" --result "${STATUS_DISABLED}" --color YELLOW; fi
|
||||
AddHP 1 3
|
||||
LogText "Result: could not find Little Snitch"
|
||||
fi
|
||||
fi
|
||||
#
|
||||
|
|
|
|||
Loading…
Reference in New Issue