tyler.durden/lynis
1
0
Fork 0
mirror of https://github.com/CISOfy/lynis.git synced 2025-09-25 02:47:48 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'master' into add_opensuse_slowroll

Browse Source
This commit is contained in:
Michael Boelen 2025-07-31 12:48:41 +00:00 committed by GitHub
commit fcd9b760cb
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
9 changed files with 302 additions and 103 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
CHANGELOG.md
View File

@ -1,9 +1,26 @@
# Lynis Changelog
## Lynis 3.1.5 (not released yet)
## Lynis 3.1.6 (not released yet)
### Added
- Add notice to screen output if end-of-life state is unclear
### Changed
- Releases are now considered to be old if they are 6 months or older
- Removed generic suggestion for outdated/old Lynis release, instead show to screen output
- Generic clarifications on variable usage for operating system and its version
- Updated end-of-life database
- ACCT-9634 - Define default auditd log file location
- MALW-3280 - Adjusted detection of Wazuh agent
---------------------------------------------------------------------------------
## Lynis 3.1.5 (2025-07-29)
### Added
- Support for OpenWrt
- Bitdefender detection on Linux
- Detection of openSUSE Tumbleweed-Slowroll
### Changed
- Corrected detection of service manager SMF

111
db/software-eol.db
View File

@ -12,10 +12,11 @@
#
# Notes:
# For rolling releases or releases that do not (currently have an EOL date, leave field three empty and set field four to -1.
# Full string for CentOS can be something like 'CentOS Linux 8 (Core)'. As this does not correctly match, shorter string is used for matching.
# Full string for CentOS can be something like 'CentOS Linux 8 (Core)'. As this does not correctly match, shorter string can used for matching (partial match will count as well).
#
# AIX - https://www.ibm.com/support/pages/aix-support-lifecycle-information
#
os:AIX 7300-03:2027-12-31:1830207600:
os:AIX 7300-02:2026-11-30:1796032800:
os:AIX 7300-01:2025-12-31:1767175200:
os:AIX 7300-00:2024-12-31:1735639200:
@ -33,18 +34,20 @@ os:AIX 3:1997-12-31:883562400:
#
# Alpine - https://alpinelinux.org/releases/
#
os:Alpine 3.19:2025-11-01:1761955200
os:Alpine 3.18:2025-05-09:1746748800
os:Alpine 3.17:2024-11-22:1732233600
os:Alpine 3.16:2024-05-23:1716422400
os:Alpine 3.15:2023-11-01:1698793200
os:Alpine 3.14:2023-05-01:1682899200
os:Alpine 3.13:2022-11-01:1667275200
os:Alpine 3.12:2022-05-01:1651377600
os:Alpine 3.11:2021-11-01:1635739200
os:Alpine 3.10:2021-05-01:1619841600
os:Alpine 3.9:2020-11-01:1604203200
os:Alpine 3.8:2020-05-01:1588305600
os:Alpine 3.21:2026-11-01:1793487600:
os:Alpine 3.20:2026-04-01:1774994400:
os:Alpine 3.19:2025-11-01:1761955200:
os:Alpine 3.18:2025-05-09:1746748800:
os:Alpine 3.17:2024-11-22:1732233600:
os:Alpine 3.16:2024-05-23:1716422400:
os:Alpine 3.15:2023-11-01:1698793200:
os:Alpine 3.14:2023-05-01:1682899200:
os:Alpine 3.13:2022-11-01:1667275200:
os:Alpine 3.12:2022-05-01:1651377600:
os:Alpine 3.11:2021-11-01:1635739200:
os:Alpine 3.10:2021-05-01:1619841600:
os:Alpine 3.9:2020-11-01:1604203200:
os:Alpine 3.8:2020-05-01:1588305600:
#
# Amazon Linux
#
@ -84,6 +87,18 @@ os:Fedora release 27:2018-11-30:1543532400:
os:Fedora release 28:2019-05-28:1558994400:
os:Fedora release 29:2019-11-26:1574722800:
os:Fedora release 30:2020-05-26:1590444000:
os:Fedora release 31:2020-11-24:1606172400:
os:Fedora release 32:2021-05-25:1621893600:
os:Fedora release 33:2021-11-30:1638226800:
os:Fedora release 34:2022-06-07:1654552800:
os:Fedora release 35:2022-12-13:1670886000:
os:Fedora release 36:2023-05-16:1684188000:
os:Fedora release 37:2023-12-05:1701730800:
os:Fedora release 38:2024-05-21:1716242400:
os:Fedora release 39:2024-11-26:1732575600:
os:Fedora release 40:2025-05-28:1748383200:
os:Fedora release 41:2025-11-19:1763506800:
os:Fedora release 42:2026-05-13:1778623200:
#
# FreeBSD - https://www.freebsd.org/security/unsupported.html
#
@ -97,12 +112,34 @@ os:FreeBSD 11.0:2017-11-30:1511996400:
os:FreeBSD 11.1:2018-09-30:1538258400:
os:FreeBSD 11.2:2019-10-31:1572476400:
os:FreeBSD 12.0:2020-02-29:1582930800:
os:FreeBSD 12.1:2021-01-31:1612047600:
os:FreeBSD 12.2:2022-03-31:1648677600:
os:FreeBSD 12.3:2023-03-31:1680213600:
os:FreeBSD 12.4:2023-12-31:1703977200:
os:FreeBSD 13.0:2022-08-31:1661896800:
os:FreeBSD 13.1:2023-07-31:1690754400:
os:FreeBSD 13.2:2024-06-30:1719698400:
os:FreeBSD 13.3:2024-12-31:1735599600:
os:FreeBSD 13.4:2025-06-30:1751234400:
os:FreeBSD 14.0:2024-09-30:1727647200:
os:FreeBSD 14.1:2025-03-31:1743372000:
os:FreeBSD 14.2:2025-09-30:1759183200:
#
# Linux Mint
#
os:Linux Mint 18:2021-04-01:1617228000:
os:Linux Mint 19:2023-04-01:1680300000:
os:Linux Mint 20:2025-04-01:1743458400:
os:Linux Mint 20.1:2025-04-01:1743458400:
os:Linux Mint 20.2:2025-04-01:1743458400:
os:Linux Mint 20.3:2025-04-01:1743458400:
os:Linux Mint 21:2027-04-01:1806530400:
os:Linux Mint 21.0:2027-04-01:1806530400:
os:Linux Mint 21.1:2027-04-01:1806530400:
os:Linux Mint 21.2:2027-04-01:1806530400:
os:Linux Mint 21.3:2027-04-01:1806530400:
os:Linux Mint 22:2029-04-01:1869688800:
os:Linux Mint 22.1:2029-04-01:1869688800:
#
# macOS - https://support.apple.com/en_US/downloads/macos and
# https://apple.stackexchange.com/a/282788 and
@ -164,7 +201,8 @@ os:Mageia 4:2015-09-19:1442613600
os:Mageia 5:2017-12-31:1514674800
os:Mageia 6:2019-09-30:1569794400
os:Mageia 7:2020-12-30:1609282800
os:Mageia 8::-1
os:Mageia 8:2023-11-30:1701298800:
os:Mageia 9:2025-03-31:1743372000:
#
# NetBSD - https://www.netbsd.org/support/security/release.html and
# https://www.netbsd.org/releases/formal.html
@ -211,9 +249,17 @@ os:NetBSD 7.1:2020-03-14:1584162000:
os:NetBSD 7.1.1:2020-03-14:1584162000:
os:NetBSD 7.1.1:2020-03-14:1584162000:
os:NetBSD 7.2:2020-03-14:1584162000:
os:NetBSD 8.0::-1:
os:NetBSD 8.1::-1:
os:NetBSD 8.0:2024-05-04:1714773600:
os:NetBSD 8.1:2024-05-04:1714773600:
os:NetBSD 8.2:2024-05-04:1714773600:
os:NetBSD 8.3:2024-05-04:1714773600:
os:NetBSD 9.0::-1:
os:NetBSD 9.1::-1:
os:NetBSD 9.2::-1:
os:NetBSD 9.3::-1:
os:NetBSD 9.4::-1:
os:NetBSD 10.0::-1:
os:NetBSD 10.1::-1:
#
# OpenBSD - https://en.wikipedia.org/wiki/OpenBSD_version_history
#
@ -231,7 +277,11 @@ os:OpenBSD 6.8:2021-10-14:1665698400:
os:OpenBSD 6.9:2022-04-21:1650492000:
os:OpenBSD 7.0:2022-10-20:1666216800:
os:OpenBSD 7.1:2023-05-01:1682892000:
os:OpenBSD 7.2::-1
os:OpenBSD 7.2:2023-10-16:1697407200:
os:OpenBSD 7.3:2024-04-05:1712268000:
os:OpenBSD 7.4:2024-10-08:1728338400:
os:OpenBSD 7.5:2025-05-31:1748642400:
os:OpenBSD 7.6:2025-10-31:1761865200:
#
# Red Hat Enterprise Linux - https://access.redhat.com/labs/plcc/
#
@ -254,6 +304,10 @@ os:Slackware Linux 12.2:2013-12-09:1386540000:
os:Slackware Linux 13.0:2018-07-05:1530738000:
os:Slackware Linux 13.1:2018-07-05:1530738000:
os:Slackware Linux 13.37:2018-07-05:1530738000:
os:Slackware Linux 14.0:2024-01-01:1704063600:
os:Slackware Linux 14.1:2024-01-01:1704063600:
os:Slackware Linux 14.2:2024-01-01:1704063600:
os:Slackware Linux 15.0::-1:
#
# SuSE - https://www.suse.com/lifecycle/
#
@ -274,8 +328,18 @@ os:Ubuntu 17.10:2018-07-01:1530396000:
os:Ubuntu 18.04:2023-05-01:1682892000:
os:Ubuntu 18.10:2019-07-18:1563400800:
os:Ubuntu 19.04:2020-01-01:1577833200:
os:Ubuntu 19.10:2020-07-17:1594936800:
os:Ubuntu 20.04:2025-04-01:1743458400:
os:Ubuntu 20.10:2021-07-22:1626904800:
os:Ubuntu 21.04:2022-01-20:1642633200:
os:Ubuntu 21.10:2022-07-14:1657749600:
os:Ubuntu 22.04:2027-04-01:1806537600:
os:Ubuntu 22.10:2023-07-20:1689804000:
os:Ubuntu 23.04:2024-01-25:1706137200:
os:Ubuntu 23.10:2024-07-11:1720648800:
os:Ubuntu 24.04:2029-06-01:1874959200:
os:Ubuntu 24.10:2025-07-01:1751320800:
os:Ubuntu 25.04:2026-01-01:1767222000:
#
# OmniosCE - https://omniosce.org/releasenotes.html
#
@ -283,9 +347,18 @@ os:OmniOS Community Edition v11 r151022:2020-05-11:1589148000:
os:OmniOS Community Edition v11 r151024:2018-11-04:1541286000:
os:OmniOS Community Edition v11 r151026:2019-05-05:1557007200:
os:OmniOS Community Edition v11 r151028:2019-11-04:1572822000:
os:OmniOS Community Edition v11 r151030::-1:
os:OmniOS Community Edition v11 r151030:2022-05-02:1651442400:
os:OmniOS Community Edition v11 r151032:2020-11-03:1604358000:
os:OmniOS Community Edition v11 r151034::-1:
os:OmniOS Community Edition v11 r151034:2021-05-03:1619992800:
os:OmniOS Community Edition v11 r151036:2021-11-01:1635721200:
os:OmniOS Community Edition v11 r151038:2024-05-04:1714773600:
os:OmniOS Community Edition v11 r151040:2022-11-06:1667689200:
os:OmniOS Community Edition v11 r151042:2023-05-01:1682892000:
os:OmniOS Community Edition v11 r151044:2023-11-05:1699138800:
os:OmniOS Community Edition v11 r151046::-1:
os:OmniOS Community Edition v11 r151048:2024-11-04:1730674800:
os:OmniOS Community Edition v11 r151050:2025-05-05:1746396000:
os:OmniOS Community Edition v11 r151052::-1:
#
## Oracle Solaris - https://www.oracle.com/us/support/library/lifetime-support-hardware-301321.pdf (p. 34)
# The list below contains Premier Support End only

7
include/functions
View File

@ -3070,8 +3070,11 @@
# Test against the string with a generic test set
if [ $# -eq 1 ]; then
input="$1"
# Only allow common set of characters: a-z, A-Z, 0-9, /._-:=
cleaned=$(echo "$input" | sed 's/[^a-zA-Z0-9\/\._:=-]//g')
# Use sed to strip all characters -except- those that are allowed
# - Common set of characters: a-z, A-Z, 0-9
# - Special characters: , /._-:=
# - Space for names (like auditor name)
cleaned=$(echo "$input" | sed 's/[^[:space:]a-zA-Z0-9\/\._:=-]//g')
# If two parameters are specified, then test input against specified class
elif [ $# -eq 2 ]; then
input="$1"

28
include/osdetection
View File

@ -20,6 +20,14 @@
# Operating System detection
#
#################################################################################
#
# Variables:
# OS is primary operating system name (e.g. Linux)
# OS_NAME is typically the name that people will refer it to (e.g. Debian)
# OS_VERSION is usually the major version (12) or major and minor version (12.9)
# OS_FULLNAME is the operating system name and version (often OS_NAME + OS_VERSION)
#
#################################################################################
#
# Check operating system
case $(uname) in
@ -247,6 +255,7 @@
OS_NAME="Debian"
OS_VERSION=$(grep "^VERSION_ID=" /etc/os-release | awk -F= '{print $2}' | tr -d '"')
OS_VERSION_FULL=$(grep "^VERSION=" /etc/os-release | awk -F= '{print $2}' | tr -d '"')
OS_FULLNAME="${OS_NAME} ${OS_VERSION}"
;;
"devuan")
LINUX_VERSION="Devuan"
@ -398,7 +407,8 @@
OS_NAME="openSUSE"
;;
"opensuse-slowroll")
LINUX_VERSION="openSUSE Slowroll"
LINUX_VERSION="openSUSE Tumbleweed-Slowroll"
# It's rolling release but has a snapshot version (the date of the snapshot)
OS_VERSION=$(grep "^VERSION_ID=" /etc/os-release | awk -F= '{print $2}' | tr -d '"')
OS_NAME="openSUSE"
;;
@ -951,24 +961,40 @@
# Check if this OS is end-of-life
EOL=255
EOL_DATE=""
EOL_OS_MATCH=""
EOL_STATE=""
EOL_TIMESTAMP=0
Debug "Info: determining if we can find end-of-life of this operating system"
if [ -n "${OS_VERSION}" ]; then
if [ -f "${DBDIR}/software-eol.db" ]; then
FIND="${OS_FULLNAME}"
Debug "Info: using '${OS_FULLNAME}' to search for end-of-life (partial) match"
EOL_TIMESTAMP=$(awk -v value="${FIND}" -F: '{if ($1=="os" && value ~ $2){print $4}}' ${DBDIR}/software-eol.db | head -n 1)
if [ -n "${EOL_TIMESTAMP}" ]; then
EOL_DATE=$(awk -v value="${FIND}" -F: '{if ($1=="os" && value ~ $2){print $3}}' ${DBDIR}/software-eol.db | head -n 1)
if [ -n "${EOL_DATE}" ]; then
EOL_OS_MATCH=$(awk -v value="${FIND}" -F: '{if ($1=="os" && value ~ $2){print $2}}' ${DBDIR}/software-eol.db | head -n 1)
Debug "Found a matching line: ${EOL_OS_MATCH} (timestamp=${EOL_TIMESTAMP}, date=${EOL_DATE})"
if [ ${NOW} -gt ${EOL_TIMESTAMP} ]; then
EOL=1
EOL_STATE="This operating system seems be end-of-life and may no longer receive updates or support!"
Debug "Outcome: OS is end-of-life!"
else
EOL=0
EOL_STATE="This operating system seems not to be end-of-life yet"
Debug "Outcome: OS is not end-of-life yet"
fi
else
EOL=0
fi
else
Debug "Could not find a related OS entry. Maybe it needs to be added to the database (${DBDIR}/software-eol.db)?"
fi
else
Debug "No end-of-life database found (${DBDIR}/software-eol.db)"
fi
else
Debug "No OS version known, so skipped end-of-life check"
fi

72
include/report
View File

@ -208,39 +208,20 @@
echo "================================================================================"
echo ""
echo " ${WHITE}Lynis security scan details${NORMAL}:"
echo ""
echo " ${CYAN}Hardening index${NORMAL} : ${WHITE}${HPINDEX}${NORMAL} ${HPGRAPH}"
echo " ${CYAN}Tests performed${NORMAL} : ${WHITE}${CTESTS_PERFORMED}${NORMAL}"
if [ ${SKIP_PLUGINS} -eq 0 ]; then
echo " ${CYAN}Plugins enabled${NORMAL} : ${WHITE}${N_PLUGIN_ENABLED}${NORMAL}"
else
echo " ${CYAN}Plugins enabled${NORMAL} : ${WHITE}Skipped${NORMAL}"
fi
echo ""
echo " ${WHITE}Components${NORMAL}:"
if [ ${FIREWALL_ACTIVE} -eq 1 ]; then FIREWALL="${GREEN}V"; else FIREWALL="${RED}X"; fi
if [ ${MALWARE_SCANNER_INSTALLED} -eq 1 ]; then MALWARE="${GREEN}V"; else MALWARE="${RED}X"; fi
if [ ${IDS_IPS_TOOL_FOUND} -eq 1 ]; then IDSIPS="${GREEN}V"; else IDSIPS="${RED}X"; fi
echo " - Firewall [${FIREWALL}${NORMAL}]"
#echo " - Integrity monitoring [${IDSIPS}${NORMAL}]"
#echo " - Intrusion software [${IDSIPS}${NORMAL}]"
echo " - Malware scanner [${MALWARE}${NORMAL}]"
echo ""
echo " ${SECTION}Scan mode${NORMAL}:"
if [ ${DEVOPS_MODE} -eq 1 ]; then
echo " Normal [ ] Forensics [ ] Integration [V] Pentest [ ]"
echo " Normal [ ] Forensics [ ] Integration [▆] Pentest [ ]"
elif [ ${FORENSICS_MODE} -eq 1 ]; then
echo " Normal [ ] Forensics [V] Integration [ ] Pentest [ ]"
echo " Normal [ ] Forensics [▆] Integration [ ] Pentest [ ]"
elif [ ${PENTESTINGMODE} -eq 1 ]; then
if [ ${PRIVILEGED} -eq 0 ]; then
echo " Normal [ ] Forensics [ ] Integration [ ] Pentest [V] (running non-privileged)"
echo " Normal [ ] Forensics [ ] Integration [ ] Pentest [▆] (running non-privileged)"
else
echo " Normal [ ] Forensics [ ] Integration [ ] Pentest [V] (running privileged)"
echo " Normal [ ] Forensics [ ] Integration [ ] Pentest [▆] (running privileged)"
fi
else
echo " Normal [V] Forensics [ ] Integration [ ] Pentest [ ]"
echo " Normal [▆] Forensics [ ] Integration [ ] Pentest [ ]"
fi
echo ""
@ -253,6 +234,26 @@
echo " - Compliance status [${COMPLIANCE}${NORMAL}]"
echo " - Security audit [${GREEN}V${NORMAL}]"
echo " - Vulnerability scan [${GREEN}V${NORMAL}]"
echo ""
echo " ${SECTION}Details${NORMAL}:"
echo " ${CYAN}Hardening index${NORMAL} : ${WHITE}${HPINDEX}${NORMAL} ${HPGRAPH}"
echo " ${CYAN}Tests performed${NORMAL} : ${WHITE}${CTESTS_PERFORMED}${NORMAL}"
if [ ${SKIP_PLUGINS} -eq 0 ]; then
echo " ${CYAN}Plugins enabled${NORMAL} : ${WHITE}${N_PLUGIN_ENABLED}${NORMAL}"
else
echo " ${CYAN}Plugins enabled${NORMAL} : ${WHITE}Skipped${NORMAL}"
fi
echo ""
echo " ${SECTION}Software components${NORMAL}:"
if [ ${FIREWALL_ACTIVE} -eq 1 ]; then FIREWALL="${GREEN}V"; else FIREWALL="${RED}X"; fi
if [ ${MALWARE_SCANNER_INSTALLED} -eq 1 ]; then MALWARE="${GREEN}V"; else MALWARE="${RED}X"; fi
if [ ${IDS_IPS_TOOL_FOUND} -eq 1 ]; then IDSIPS="${GREEN}V"; else IDSIPS="${RED}X"; fi
echo " - Firewall [${FIREWALL}${NORMAL}]"
#echo " - Integrity monitoring [${IDSIPS}${NORMAL}]"
echo " - Intrusion software [${IDSIPS}${NORMAL}]"
echo " - Malware scanner [${MALWARE}${NORMAL}]"
echo ""
echo " ${SECTION}Files${NORMAL}:"
echo " - Test and debug information : ${WHITE}${LOGFILE}${NORMAL}"
@ -264,6 +265,12 @@
echo " ${GEN_CURRENT_VERSION} : ${WHITE}${PROGRAM_AC}${NORMAL} ${GEN_LATEST_VERSION} : ${WHITE}${PROGRAM_LV}${NORMAL}"
echo "================================================================================"
else
if [ ${OLD_RELEASE} -eq 1 ]; then
echo ""
echo " ${NOTICE}Notice: ${WHITE}This version of ${PROGRAM_NAME} is older than 6 months and might be outdated. Check the project page if a newer version is available.${NORMAL}"
echo ""
echo "================================================================================"
fi
###########################################################################################
#
# Software quality program
@ -272,6 +279,7 @@
###########################################################################################
if [ ! "${PROGRAM_LV}" = "0" -a ! "${REPORTFILE}" = "" -a ! "${REPORTFILE}" = "/dev/null" ]; then
# Determine if the quality of the program can be increased by filtering out the exceptions
FIND=$(${GREPBINARY} "^exception" ${REPORTFILE})
if [ -n "${FIND}" ]; then
@ -286,13 +294,25 @@
echo "================================================================================"
fi
fi
# If end-of-life check failed, ask to submit
if [ ! "${PROGRAM_LV}" = "0" -a ${EOL} -eq 255 ]; then
echo ""
echo " ${SECTION}Notice: ${WHITE}No OS entry was found in the end-of-life database${NORMAL}"
echo ""
echo " ${CYAN}${GEN_WHAT_TO_DO}:${NORMAL}"
echo " Please submit a pull request on GitHub to include your OS version and the end date of this OS version is being supported"
echo " URL: ${PROGRAM_SOURCE}"
echo ""
echo "================================================================================"
fi
fi
# Display what tests are skipped in non-privileged scan for awareness
if [ ${PENTESTINGMODE} -eq 1 -a ! "${SKIPPED_TESTS_ROOTONLY}" = "" ]; then
echo ""
echo " ${PURPLE}${NOTE_SKIPPED_TESTS_NON_PRIVILEGED}${NORMAL}"
echo " ${PURPLE}${NOTE_SKIPPED_TESTS_NON_PRIVILEGED}:${NORMAL}"
echo ""
FIND=$(echo ${SKIPPED_TESTS_ROOTONLY} | sed 's/ /:space:/g')
# Split entries
FIND=$(echo ${FIND} | sed 's/====/ /g')

26
include/tests_accounting
View File

@ -231,23 +231,25 @@
Register --test-no ACCT-9634 --os Linux --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check for auditd log file"
if [ ${SKIPTEST} -eq 0 ]; then
LogText "Test: Checking auditd log file"
DEFAULT_LOCATION="/var/log/audit/audit.log"
FIND=$(${GREPBINARY} "^log_file" ${AUDITD_CONF_FILE} | ${AWKBINARY} '{ if ($1=="log_file" && $2=="=") { print $3 } }')
if [ -n "${FIND}" ]; then
LogText "Result: log file is defined"
LogText "Defined value: ${FIND}"
if [ -f ${FIND} ]; then
LogText "Result: log file ${FIND} exists on disk"
Display --indent 4 --text "- Checking auditd log file" --result "${STATUS_FOUND}" --color GREEN
Report "logfile[]=${FIND}"
else
LogText "Result: can't find log file ${FIND} on disk"
Display --indent 4 --text "- Checking auditd log file" --result "${STATUS_SUGGESTION}" --color YELLOW
ReportSuggestion "${TEST_NO}" "Check auditd log file location"
fi
else
LogText "Result: no log file found"
Display --indent 4 --text "- Checking auditd log file" --result "${STATUS_WARNING}" --color RED
ReportWarning "${TEST_NO}" "Auditd log file is defined but can not be found on disk"
LogText "Result: log file is not defined"
LogText "Assumed default location: ${DEFAULT_LOCATION}"
FIND="${DEFAULT_LOCATION}"
fi
if [ -f ${FIND} ]; then
LogText "Result: log file ${FIND} exists on disk"
Display --indent 4 --text "- Checking auditd log file" --result "${STATUS_FOUND}" --color GREEN
Report "logfile[]=${FIND}"
else
LogText "Result: can't find log file ${FIND} on disk"
Display --indent 4 --text "- Checking auditd log file" --result "${STATUS_SUGGESTION}" --color RED
ReportWarning "${TEST_NO}" "Check auditd log file location"
fi
fi
#

10
include/tests_malware
View File

@ -147,14 +147,14 @@
Report "malware_scanner[]=avira"
fi
# Bitdefender (macOS)
LogText "Test: checking process epagd"
if IsRunning "bdagentd" || IsRunning "epagd"; then
# Bitdefender (macOS & Linux)
LogText "Test: checking process Bitdefender daemon"
if IsRunning "bdagentd" || IsRunning "epagd" || IsRunning "bdsecd"; then
FOUND=1
BITDEFENDER_DAEMON_RUNNING=1
MALWARE_DAEMON_RUNNING=1
MALWARE_SCANNER_INSTALLED=1
if IsVerbose; then Display --indent 2 --text "- ${GEN_CHECKING} Bitdefender agent" --result "${STATUS_FOUND}" --color GREEN; fi
if IsVerbose; then Display --indent 2 --text "- ${GEN_CHECKING} Bitdefender daemon" --result "${STATUS_FOUND}" --color GREEN; fi
LogText "Result: found Bitdefender security product"
Report "malware_scanner[]=bitdefender"
fi
@ -321,7 +321,7 @@
# Wazuh agent
LogText "Test: checking process wazuh-agent to test for Wazuh agent"
if IsRunning "wazuh-agent"; then
if IsRunning "wazuh-agentd"; then
if IsVerbose; then Display --indent 2 --text "- ${GEN_CHECKING} Wazuh agent" --result "${STATUS_FOUND}" --color GREEN; fi
LogText "Result: found Wazuh component"
FOUND=1

83
lynis
View File

@ -43,16 +43,16 @@
PROGRAM_WEBSITE="https://cisofy.com/lynis/"
# Version details
PROGRAM_RELEASE_DATE="2025-01-28"
PROGRAM_RELEASE_TIMESTAMP=1738061140
PROGRAM_RELEASE_DATE="2025-07-29"
PROGRAM_RELEASE_TIMESTAMP=1753773496
PROGRAM_RELEASE_TYPE="pre-release" # pre-release or release
PROGRAM_VERSION="3.1.5"
PROGRAM_VERSION="3.1.6"
# Source, documentation and license
PROGRAM_SOURCE="https://github.com/CISOfy/lynis"
PROGRAM_PACKAGE="https://packages.cisofy.com/"
PROGRAM_DOCUMENTATION="https://cisofy.com/docs/"
PROGRAM_COPYRIGHT="2007-2024, ${PROGRAM_AUTHOR} - ${PROGRAM_WEBSITE}"
PROGRAM_COPYRIGHT="2007-2025, ${PROGRAM_AUTHOR} - ${PROGRAM_WEBSITE}"
PROGRAM_LICENSE="${PROGRAM_NAME} comes with ABSOLUTELY NO WARRANTY. This is free software, and you are
welcome to redistribute it under the terms of the GNU General Public License.
See the LICENSE file for details about using this software."
@ -676,12 +676,14 @@ ${NORMAL}
echo " Operating system name: ${OS_NAME}"
echo " Operating system version: ${OS_VERSION}"
LogText "EOL check: ${EOL}"
if [ ${EOL} -eq 1 ]; then
echo " End-of-life: ${WARNING}YES${NORMAL}"
if [ ${EOL} -eq 0 ]; then
echo " End-of-life: ${STATUS_NO}"
elif [ ${EOL} -eq 1 ]; then
echo " End-of-life: ${WARNING}${STATUS_YES}${NORMAL}"
ReportWarning "GEN-0010" "This version ${OS_VERSION} is marked end-of-life as of ${EOL_DATE}"
elif [ ${EOL} -eq 255 ]; then
# TODO - mark as item where community can provide help
LogText "Note: the end-of-life of '${OS_FULLNAME}' could not be checked. Entry missing in software-eol.db?"
echo " End-of-life: ${WARNING}${STATUS_UNKNOWN}${NORMAL}"
LogText "Note: the end-of-life of '${OS_FULLNAME}' could not be checked. Entry is missing in db/software-eol.db?"
fi
if [ -n "${OS_MODE}" ]; then echo " Operating system mode: ${OS_MODE}"; fi
@ -789,44 +791,51 @@ ${NORMAL}
fi
OLD_RELEASE=0
TIME_DIFFERENCE_CHECK=10368000 # 4 months
TIME_DIFFERENCE_CHECK=15552000 # approx 6 months
RELEASE_PLUS_TIMEDIFF=$((PROGRAM_RELEASE_TIMESTAMP + TIME_DIFFERENCE_CHECK))
NOW=$(date "+%s")
if [ ${NOW} -gt ${RELEASE_PLUS_TIMEDIFF} ]; then
# Show if release is old, only if we didn't show it with normal update check
if [ ${UPDATE_AVAILABLE} -eq 0 ]; then
ReportSuggestion "LYNIS" "This release is more than 4 months old. Check the website or GitHub to see if there is an update available."
fi
OLD_RELEASE=1
fi
# Show on screen message if release is very outdated (unless --quiet/--silent is used)
if [ ${UPDATE_AVAILABLE} -eq 1 -a ${QUIET} -eq 0 ]; then
echo ""
echo " ==============================================================================="
echo " ${CYAN}${PROGRAM_NAME} ${TEXT_UPDATE_AVAILABLE}${NORMAL}"
echo " ==============================================================================="
echo ""
if [ ${OLD_RELEASE} -eq 1 ]; then
echo " ${YELLOW}Current version is more than 4 months old${NORMAL}"
# Show on screen message if there is an update available or when the release is outdated
# Do not show any output when quiet mode is used (--quiet/--silent)
if [ ${QUIET} -eq 0 ]; then
if [ ${UPDATE_AVAILABLE} -eq 1 ]; then
echo ""
fi
if [ ${PROGRAM_LV} -gt 0 ]; then
echo " Current version : ${YELLOW}${PROGRAM_AC}${NORMAL} Latest version : ${GREEN}${PROGRAM_LV}${NORMAL}"
echo " ==============================================================================="
echo " ${CYAN}${PROGRAM_NAME} ${TEXT_UPDATE_AVAILABLE}${NORMAL}"
echo " ==============================================================================="
echo ""
if [ ${PROGRAM_LV} -gt 0 ]; then
echo " Current version : ${YELLOW}${PROGRAM_AC}${NORMAL} Latest version : ${GREEN}${PROGRAM_LV}${NORMAL}"
echo ""
fi
echo " ${WHITE}Please update to the latest version.${NORMAL}"
echo " New releases include additional features, bug fixes, and tests.${NORMAL}"
elif [ ${OLD_RELEASE} -eq 1 ]; then
echo ""
echo " ==============================================================================="
echo " ${CYAN}${PROGRAM_NAME} might be outdated${NORMAL}"
echo " ==============================================================================="
echo ""
echo " ${YELLOW}Current version is more than 6 months old${NORMAL}"
echo " This version might be ${WHITE}Please check if there is a more recent version available.${NORMAL}"
echo ""
echo " ${WHITE}Please check if there is a more recent version available.${NORMAL}"
fi
if [ ${OLD_RELEASE} -eq 1 -o ${UPDATE_AVAILABLE} -eq 1 ]; then
echo ""
echo " Download locations:"
echo ""
echo " Packages (DEB/RPM) - https://packages.cisofy.com/"
echo " Website (TAR) - https://cisofy.com/downloads/"
echo " GitHub - https://github.com/CISOfy/lynis"
echo ""
echo " ==============================================================================="
echo ""
sleep 5
fi
echo " ${WHITE}Please update to the latest version.${NORMAL}"
echo " New releases include additional features, bug fixes, tests, and baselines.${NORMAL}"
echo ""
echo " Download the latest version:"
echo ""
echo " Packages (DEB/RPM) - https://packages.cisofy.com"
echo " Website (TAR) - https://cisofy.com/downloads/"
echo " GitHub (source) - https://github.com/CISOfy/lynis"
echo ""
echo " ==============================================================================="
echo ""
sleep 5
fi
LogTextBreak

49
publiccode.yml Normal file
View File

@ -0,0 +1,49 @@
publiccodeYmlVersion: "0.4"
name: Lynis
url: https://github.com/CISOfy/lynis
releaseDate: 2025-01-28
platforms:
- linux
- mac
categories:
- cloud-management
- compliance-management
- fleet-management
- it-management
- it-security
developmentStatus: stable
softwareType: standalone/other
description:
en:
shortDescription: Security auditing tool for Linux, macOS, and UNIX-based systems
longDescription: Lynis is a security auditing tool for systems based on UNIX
like Linux, macOS, BSD, and others. It performs an in-depth security scan
and runs on the system itself. The primary goal is to test security
defenses and provide tips for further system hardening. It will also scan
for general system information, vulnerable software packages, and possible
configuration issues. Lynis was commonly used by system administrators and
auditors to assess the security defenses of their systems. Besides the
"blue team," nowadays penetration testers also have Lynis in their
toolkit.
documentation: https://cisofy.com/documentation/lynis/
features:
- command-line
- perform security audit
- extensive log
- security hardening advice
- Linux security hardening
legal:
license: AGPL-3.0-only
maintenance:
type: community
contacts:
- name: Michael Boelen
email: michael.boelen@cisofy.com
phone: ""
affiliation: ""
localisation:
localisationReady: true
availableLanguages:
- en
- es
- nl