diff --git a/CHANGELOG.md b/CHANGELOG.md index ad5d6ad4..d997cd8d 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,9 +1,26 @@ # Lynis Changelog -## Lynis 3.1.5 (not released yet) +## Lynis 3.1.6 (not released yet) + +### Added +- Add notice to screen output if end-of-life state is unclear + +### Changed +- Releases are now considered to be old if they are 6 months or older +- Removed generic suggestion for outdated/old Lynis release, instead show to screen output +- Generic clarifications on variable usage for operating system and its version +- Updated end-of-life database +- ACCT-9634 - Define default auditd log file location +- MALW-3280 - Adjusted detection of Wazuh agent + +--------------------------------------------------------------------------------- + +## Lynis 3.1.5 (2025-07-29) ### Added - Support for OpenWrt +- Bitdefender detection on Linux +- Detection of openSUSE Tumbleweed-Slowroll ### Changed - Corrected detection of service manager SMF diff --git a/db/software-eol.db b/db/software-eol.db index 09932338..1e7eec66 100644 --- a/db/software-eol.db +++ b/db/software-eol.db @@ -12,10 +12,11 @@ # # Notes: # For rolling releases or releases that do not (currently have an EOL date, leave field three empty and set field four to -1. -# Full string for CentOS can be something like 'CentOS Linux 8 (Core)'. As this does not correctly match, shorter string is used for matching. +# Full string for CentOS can be something like 'CentOS Linux 8 (Core)'. As this does not correctly match, shorter string can used for matching (partial match will count as well). # # AIX - https://www.ibm.com/support/pages/aix-support-lifecycle-information # +os:AIX 7300-03:2027-12-31:1830207600: os:AIX 7300-02:2026-11-30:1796032800: os:AIX 7300-01:2025-12-31:1767175200: os:AIX 7300-00:2024-12-31:1735639200: @@ -33,18 +34,20 @@ os:AIX 3:1997-12-31:883562400: # # Alpine - https://alpinelinux.org/releases/ # -os:Alpine 3.19:2025-11-01:1761955200 -os:Alpine 3.18:2025-05-09:1746748800 -os:Alpine 3.17:2024-11-22:1732233600 -os:Alpine 3.16:2024-05-23:1716422400 -os:Alpine 3.15:2023-11-01:1698793200 -os:Alpine 3.14:2023-05-01:1682899200 -os:Alpine 3.13:2022-11-01:1667275200 -os:Alpine 3.12:2022-05-01:1651377600 -os:Alpine 3.11:2021-11-01:1635739200 -os:Alpine 3.10:2021-05-01:1619841600 -os:Alpine 3.9:2020-11-01:1604203200 -os:Alpine 3.8:2020-05-01:1588305600 +os:Alpine 3.21:2026-11-01:1793487600: +os:Alpine 3.20:2026-04-01:1774994400: +os:Alpine 3.19:2025-11-01:1761955200: +os:Alpine 3.18:2025-05-09:1746748800: +os:Alpine 3.17:2024-11-22:1732233600: +os:Alpine 3.16:2024-05-23:1716422400: +os:Alpine 3.15:2023-11-01:1698793200: +os:Alpine 3.14:2023-05-01:1682899200: +os:Alpine 3.13:2022-11-01:1667275200: +os:Alpine 3.12:2022-05-01:1651377600: +os:Alpine 3.11:2021-11-01:1635739200: +os:Alpine 3.10:2021-05-01:1619841600: +os:Alpine 3.9:2020-11-01:1604203200: +os:Alpine 3.8:2020-05-01:1588305600: # # Amazon Linux # @@ -84,6 +87,18 @@ os:Fedora release 27:2018-11-30:1543532400: os:Fedora release 28:2019-05-28:1558994400: os:Fedora release 29:2019-11-26:1574722800: os:Fedora release 30:2020-05-26:1590444000: +os:Fedora release 31:2020-11-24:1606172400: +os:Fedora release 32:2021-05-25:1621893600: +os:Fedora release 33:2021-11-30:1638226800: +os:Fedora release 34:2022-06-07:1654552800: +os:Fedora release 35:2022-12-13:1670886000: +os:Fedora release 36:2023-05-16:1684188000: +os:Fedora release 37:2023-12-05:1701730800: +os:Fedora release 38:2024-05-21:1716242400: +os:Fedora release 39:2024-11-26:1732575600: +os:Fedora release 40:2025-05-28:1748383200: +os:Fedora release 41:2025-11-19:1763506800: +os:Fedora release 42:2026-05-13:1778623200: # # FreeBSD - https://www.freebsd.org/security/unsupported.html # @@ -97,12 +112,34 @@ os:FreeBSD 11.0:2017-11-30:1511996400: os:FreeBSD 11.1:2018-09-30:1538258400: os:FreeBSD 11.2:2019-10-31:1572476400: os:FreeBSD 12.0:2020-02-29:1582930800: +os:FreeBSD 12.1:2021-01-31:1612047600: +os:FreeBSD 12.2:2022-03-31:1648677600: +os:FreeBSD 12.3:2023-03-31:1680213600: +os:FreeBSD 12.4:2023-12-31:1703977200: +os:FreeBSD 13.0:2022-08-31:1661896800: +os:FreeBSD 13.1:2023-07-31:1690754400: +os:FreeBSD 13.2:2024-06-30:1719698400: +os:FreeBSD 13.3:2024-12-31:1735599600: +os:FreeBSD 13.4:2025-06-30:1751234400: +os:FreeBSD 14.0:2024-09-30:1727647200: +os:FreeBSD 14.1:2025-03-31:1743372000: +os:FreeBSD 14.2:2025-09-30:1759183200: # # Linux Mint # os:Linux Mint 18:2021-04-01:1617228000: os:Linux Mint 19:2023-04-01:1680300000: os:Linux Mint 20:2025-04-01:1743458400: +os:Linux Mint 20.1:2025-04-01:1743458400: +os:Linux Mint 20.2:2025-04-01:1743458400: +os:Linux Mint 20.3:2025-04-01:1743458400: +os:Linux Mint 21:2027-04-01:1806530400: +os:Linux Mint 21.0:2027-04-01:1806530400: +os:Linux Mint 21.1:2027-04-01:1806530400: +os:Linux Mint 21.2:2027-04-01:1806530400: +os:Linux Mint 21.3:2027-04-01:1806530400: +os:Linux Mint 22:2029-04-01:1869688800: +os:Linux Mint 22.1:2029-04-01:1869688800: # # macOS - https://support.apple.com/en_US/downloads/macos and # https://apple.stackexchange.com/a/282788 and @@ -164,7 +201,8 @@ os:Mageia 4:2015-09-19:1442613600 os:Mageia 5:2017-12-31:1514674800 os:Mageia 6:2019-09-30:1569794400 os:Mageia 7:2020-12-30:1609282800 -os:Mageia 8::-1 +os:Mageia 8:2023-11-30:1701298800: +os:Mageia 9:2025-03-31:1743372000: # # NetBSD - https://www.netbsd.org/support/security/release.html and # https://www.netbsd.org/releases/formal.html @@ -211,9 +249,17 @@ os:NetBSD 7.1:2020-03-14:1584162000: os:NetBSD 7.1.1:2020-03-14:1584162000: os:NetBSD 7.1.1:2020-03-14:1584162000: os:NetBSD 7.2:2020-03-14:1584162000: -os:NetBSD 8.0::-1: -os:NetBSD 8.1::-1: +os:NetBSD 8.0:2024-05-04:1714773600: +os:NetBSD 8.1:2024-05-04:1714773600: +os:NetBSD 8.2:2024-05-04:1714773600: +os:NetBSD 8.3:2024-05-04:1714773600: os:NetBSD 9.0::-1: +os:NetBSD 9.1::-1: +os:NetBSD 9.2::-1: +os:NetBSD 9.3::-1: +os:NetBSD 9.4::-1: +os:NetBSD 10.0::-1: +os:NetBSD 10.1::-1: # # OpenBSD - https://en.wikipedia.org/wiki/OpenBSD_version_history # @@ -231,7 +277,11 @@ os:OpenBSD 6.8:2021-10-14:1665698400: os:OpenBSD 6.9:2022-04-21:1650492000: os:OpenBSD 7.0:2022-10-20:1666216800: os:OpenBSD 7.1:2023-05-01:1682892000: -os:OpenBSD 7.2::-1 +os:OpenBSD 7.2:2023-10-16:1697407200: +os:OpenBSD 7.3:2024-04-05:1712268000: +os:OpenBSD 7.4:2024-10-08:1728338400: +os:OpenBSD 7.5:2025-05-31:1748642400: +os:OpenBSD 7.6:2025-10-31:1761865200: # # Red Hat Enterprise Linux - https://access.redhat.com/labs/plcc/ # @@ -254,6 +304,10 @@ os:Slackware Linux 12.2:2013-12-09:1386540000: os:Slackware Linux 13.0:2018-07-05:1530738000: os:Slackware Linux 13.1:2018-07-05:1530738000: os:Slackware Linux 13.37:2018-07-05:1530738000: +os:Slackware Linux 14.0:2024-01-01:1704063600: +os:Slackware Linux 14.1:2024-01-01:1704063600: +os:Slackware Linux 14.2:2024-01-01:1704063600: +os:Slackware Linux 15.0::-1: # # SuSE - https://www.suse.com/lifecycle/ # @@ -274,8 +328,18 @@ os:Ubuntu 17.10:2018-07-01:1530396000: os:Ubuntu 18.04:2023-05-01:1682892000: os:Ubuntu 18.10:2019-07-18:1563400800: os:Ubuntu 19.04:2020-01-01:1577833200: +os:Ubuntu 19.10:2020-07-17:1594936800: os:Ubuntu 20.04:2025-04-01:1743458400: +os:Ubuntu 20.10:2021-07-22:1626904800: +os:Ubuntu 21.04:2022-01-20:1642633200: +os:Ubuntu 21.10:2022-07-14:1657749600: os:Ubuntu 22.04:2027-04-01:1806537600: +os:Ubuntu 22.10:2023-07-20:1689804000: +os:Ubuntu 23.04:2024-01-25:1706137200: +os:Ubuntu 23.10:2024-07-11:1720648800: +os:Ubuntu 24.04:2029-06-01:1874959200: +os:Ubuntu 24.10:2025-07-01:1751320800: +os:Ubuntu 25.04:2026-01-01:1767222000: # # OmniosCE - https://omniosce.org/releasenotes.html # @@ -283,9 +347,18 @@ os:OmniOS Community Edition v11 r151022:2020-05-11:1589148000: os:OmniOS Community Edition v11 r151024:2018-11-04:1541286000: os:OmniOS Community Edition v11 r151026:2019-05-05:1557007200: os:OmniOS Community Edition v11 r151028:2019-11-04:1572822000: -os:OmniOS Community Edition v11 r151030::-1: +os:OmniOS Community Edition v11 r151030:2022-05-02:1651442400: os:OmniOS Community Edition v11 r151032:2020-11-03:1604358000: -os:OmniOS Community Edition v11 r151034::-1: +os:OmniOS Community Edition v11 r151034:2021-05-03:1619992800: +os:OmniOS Community Edition v11 r151036:2021-11-01:1635721200: +os:OmniOS Community Edition v11 r151038:2024-05-04:1714773600: +os:OmniOS Community Edition v11 r151040:2022-11-06:1667689200: +os:OmniOS Community Edition v11 r151042:2023-05-01:1682892000: +os:OmniOS Community Edition v11 r151044:2023-11-05:1699138800: +os:OmniOS Community Edition v11 r151046::-1: +os:OmniOS Community Edition v11 r151048:2024-11-04:1730674800: +os:OmniOS Community Edition v11 r151050:2025-05-05:1746396000: +os:OmniOS Community Edition v11 r151052::-1: # ## Oracle Solaris - https://www.oracle.com/us/support/library/lifetime-support-hardware-301321.pdf (p. 34) # The list below contains Premier Support End only diff --git a/include/functions b/include/functions index c0296dca..bc44aff1 100644 --- a/include/functions +++ b/include/functions @@ -3070,8 +3070,11 @@ # Test against the string with a generic test set if [ $# -eq 1 ]; then input="$1" - # Only allow common set of characters: a-z, A-Z, 0-9, /._-:= - cleaned=$(echo "$input" | sed 's/[^a-zA-Z0-9\/\._:=-]//g') + # Use sed to strip all characters -except- those that are allowed + # - Common set of characters: a-z, A-Z, 0-9 + # - Special characters: , /._-:= + # - Space for names (like auditor name) + cleaned=$(echo "$input" | sed 's/[^[:space:]a-zA-Z0-9\/\._:=-]//g') # If two parameters are specified, then test input against specified class elif [ $# -eq 2 ]; then input="$1" diff --git a/include/osdetection b/include/osdetection index b4270695..61fd8c39 100644 --- a/include/osdetection +++ b/include/osdetection @@ -20,6 +20,14 @@ # Operating System detection # ################################################################################# +# +# Variables: +# OS is primary operating system name (e.g. Linux) +# OS_NAME is typically the name that people will refer it to (e.g. Debian) +# OS_VERSION is usually the major version (12) or major and minor version (12.9) +# OS_FULLNAME is the operating system name and version (often OS_NAME + OS_VERSION) +# +################################################################################# # # Check operating system case $(uname) in @@ -247,6 +255,7 @@ OS_NAME="Debian" OS_VERSION=$(grep "^VERSION_ID=" /etc/os-release | awk -F= '{print $2}' | tr -d '"') OS_VERSION_FULL=$(grep "^VERSION=" /etc/os-release | awk -F= '{print $2}' | tr -d '"') + OS_FULLNAME="${OS_NAME} ${OS_VERSION}" ;; "devuan") LINUX_VERSION="Devuan" @@ -398,7 +407,8 @@ OS_NAME="openSUSE" ;; "opensuse-slowroll") - LINUX_VERSION="openSUSE Slowroll" + LINUX_VERSION="openSUSE Tumbleweed-Slowroll" + # It's rolling release but has a snapshot version (the date of the snapshot) OS_VERSION=$(grep "^VERSION_ID=" /etc/os-release | awk -F= '{print $2}' | tr -d '"') OS_NAME="openSUSE" ;; @@ -951,24 +961,40 @@ # Check if this OS is end-of-life EOL=255 EOL_DATE="" + EOL_OS_MATCH="" + EOL_STATE="" EOL_TIMESTAMP=0 + Debug "Info: determining if we can find end-of-life of this operating system" if [ -n "${OS_VERSION}" ]; then if [ -f "${DBDIR}/software-eol.db" ]; then FIND="${OS_FULLNAME}" + Debug "Info: using '${OS_FULLNAME}' to search for end-of-life (partial) match" EOL_TIMESTAMP=$(awk -v value="${FIND}" -F: '{if ($1=="os" && value ~ $2){print $4}}' ${DBDIR}/software-eol.db | head -n 1) if [ -n "${EOL_TIMESTAMP}" ]; then EOL_DATE=$(awk -v value="${FIND}" -F: '{if ($1=="os" && value ~ $2){print $3}}' ${DBDIR}/software-eol.db | head -n 1) if [ -n "${EOL_DATE}" ]; then + EOL_OS_MATCH=$(awk -v value="${FIND}" -F: '{if ($1=="os" && value ~ $2){print $2}}' ${DBDIR}/software-eol.db | head -n 1) + Debug "Found a matching line: ${EOL_OS_MATCH} (timestamp=${EOL_TIMESTAMP}, date=${EOL_DATE})" if [ ${NOW} -gt ${EOL_TIMESTAMP} ]; then EOL=1 + EOL_STATE="This operating system seems be end-of-life and may no longer receive updates or support!" + Debug "Outcome: OS is end-of-life!" else EOL=0 + EOL_STATE="This operating system seems not to be end-of-life yet" + Debug "Outcome: OS is not end-of-life yet" fi else EOL=0 fi + else + Debug "Could not find a related OS entry. Maybe it needs to be added to the database (${DBDIR}/software-eol.db)?" fi + else + Debug "No end-of-life database found (${DBDIR}/software-eol.db)" fi + else + Debug "No OS version known, so skipped end-of-life check" fi diff --git a/include/report b/include/report index 363fdd7e..10cbe258 100644 --- a/include/report +++ b/include/report @@ -208,39 +208,20 @@ echo "================================================================================" echo "" echo " ${WHITE}Lynis security scan details${NORMAL}:" - echo "" - echo " ${CYAN}Hardening index${NORMAL} : ${WHITE}${HPINDEX}${NORMAL} ${HPGRAPH}" - echo " ${CYAN}Tests performed${NORMAL} : ${WHITE}${CTESTS_PERFORMED}${NORMAL}" - if [ ${SKIP_PLUGINS} -eq 0 ]; then - echo " ${CYAN}Plugins enabled${NORMAL} : ${WHITE}${N_PLUGIN_ENABLED}${NORMAL}" - else - echo " ${CYAN}Plugins enabled${NORMAL} : ${WHITE}Skipped${NORMAL}" - fi - echo "" - echo " ${WHITE}Components${NORMAL}:" - if [ ${FIREWALL_ACTIVE} -eq 1 ]; then FIREWALL="${GREEN}V"; else FIREWALL="${RED}X"; fi - if [ ${MALWARE_SCANNER_INSTALLED} -eq 1 ]; then MALWARE="${GREEN}V"; else MALWARE="${RED}X"; fi - if [ ${IDS_IPS_TOOL_FOUND} -eq 1 ]; then IDSIPS="${GREEN}V"; else IDSIPS="${RED}X"; fi - - echo " - Firewall [${FIREWALL}${NORMAL}]" - #echo " - Integrity monitoring [${IDSIPS}${NORMAL}]" - #echo " - Intrusion software [${IDSIPS}${NORMAL}]" - echo " - Malware scanner [${MALWARE}${NORMAL}]" - echo "" echo " ${SECTION}Scan mode${NORMAL}:" if [ ${DEVOPS_MODE} -eq 1 ]; then - echo " Normal [ ] Forensics [ ] Integration [V] Pentest [ ]" + echo " Normal [ ] Forensics [ ] Integration [▆] Pentest [ ]" elif [ ${FORENSICS_MODE} -eq 1 ]; then - echo " Normal [ ] Forensics [V] Integration [ ] Pentest [ ]" + echo " Normal [ ] Forensics [▆] Integration [ ] Pentest [ ]" elif [ ${PENTESTINGMODE} -eq 1 ]; then if [ ${PRIVILEGED} -eq 0 ]; then - echo " Normal [ ] Forensics [ ] Integration [ ] Pentest [V] (running non-privileged)" + echo " Normal [ ] Forensics [ ] Integration [ ] Pentest [▆] (running non-privileged)" else - echo " Normal [ ] Forensics [ ] Integration [ ] Pentest [V] (running privileged)" + echo " Normal [ ] Forensics [ ] Integration [ ] Pentest [▆] (running privileged)" fi else - echo " Normal [V] Forensics [ ] Integration [ ] Pentest [ ]" + echo " Normal [▆] Forensics [ ] Integration [ ] Pentest [ ]" fi echo "" @@ -253,6 +234,26 @@ echo " - Compliance status [${COMPLIANCE}${NORMAL}]" echo " - Security audit [${GREEN}V${NORMAL}]" echo " - Vulnerability scan [${GREEN}V${NORMAL}]" + echo "" + echo " ${SECTION}Details${NORMAL}:" + echo " ${CYAN}Hardening index${NORMAL} : ${WHITE}${HPINDEX}${NORMAL} ${HPGRAPH}" + echo " ${CYAN}Tests performed${NORMAL} : ${WHITE}${CTESTS_PERFORMED}${NORMAL}" + if [ ${SKIP_PLUGINS} -eq 0 ]; then + echo " ${CYAN}Plugins enabled${NORMAL} : ${WHITE}${N_PLUGIN_ENABLED}${NORMAL}" + else + echo " ${CYAN}Plugins enabled${NORMAL} : ${WHITE}Skipped${NORMAL}" + fi + echo "" + echo " ${SECTION}Software components${NORMAL}:" + if [ ${FIREWALL_ACTIVE} -eq 1 ]; then FIREWALL="${GREEN}V"; else FIREWALL="${RED}X"; fi + if [ ${MALWARE_SCANNER_INSTALLED} -eq 1 ]; then MALWARE="${GREEN}V"; else MALWARE="${RED}X"; fi + if [ ${IDS_IPS_TOOL_FOUND} -eq 1 ]; then IDSIPS="${GREEN}V"; else IDSIPS="${RED}X"; fi + + echo " - Firewall [${FIREWALL}${NORMAL}]" + #echo " - Integrity monitoring [${IDSIPS}${NORMAL}]" + echo " - Intrusion software [${IDSIPS}${NORMAL}]" + echo " - Malware scanner [${MALWARE}${NORMAL}]" + echo "" echo " ${SECTION}Files${NORMAL}:" echo " - Test and debug information : ${WHITE}${LOGFILE}${NORMAL}" @@ -264,6 +265,12 @@ echo " ${GEN_CURRENT_VERSION} : ${WHITE}${PROGRAM_AC}${NORMAL} ${GEN_LATEST_VERSION} : ${WHITE}${PROGRAM_LV}${NORMAL}" echo "================================================================================" else + if [ ${OLD_RELEASE} -eq 1 ]; then + echo "" + echo " ${NOTICE}Notice: ${WHITE}This version of ${PROGRAM_NAME} is older than 6 months and might be outdated. Check the project page if a newer version is available.${NORMAL}" + echo "" + echo "================================================================================" + fi ########################################################################################### # # Software quality program @@ -272,6 +279,7 @@ ########################################################################################### if [ ! "${PROGRAM_LV}" = "0" -a ! "${REPORTFILE}" = "" -a ! "${REPORTFILE}" = "/dev/null" ]; then + # Determine if the quality of the program can be increased by filtering out the exceptions FIND=$(${GREPBINARY} "^exception" ${REPORTFILE}) if [ -n "${FIND}" ]; then @@ -286,13 +294,25 @@ echo "================================================================================" fi fi + + # If end-of-life check failed, ask to submit + if [ ! "${PROGRAM_LV}" = "0" -a ${EOL} -eq 255 ]; then + echo "" + echo " ${SECTION}Notice: ${WHITE}No OS entry was found in the end-of-life database${NORMAL}" + echo "" + echo " ${CYAN}${GEN_WHAT_TO_DO}:${NORMAL}" + echo " Please submit a pull request on GitHub to include your OS version and the end date of this OS version is being supported" + echo " URL: ${PROGRAM_SOURCE}" + echo "" + echo "================================================================================" + fi fi # Display what tests are skipped in non-privileged scan for awareness if [ ${PENTESTINGMODE} -eq 1 -a ! "${SKIPPED_TESTS_ROOTONLY}" = "" ]; then echo "" - echo " ${PURPLE}${NOTE_SKIPPED_TESTS_NON_PRIVILEGED}${NORMAL}" - + echo " ${PURPLE}${NOTE_SKIPPED_TESTS_NON_PRIVILEGED}:${NORMAL}" + echo "" FIND=$(echo ${SKIPPED_TESTS_ROOTONLY} | sed 's/ /:space:/g') # Split entries FIND=$(echo ${FIND} | sed 's/====/ /g') diff --git a/include/tests_accounting b/include/tests_accounting index 6c44e260..a18f3441 100644 --- a/include/tests_accounting +++ b/include/tests_accounting @@ -231,23 +231,25 @@ Register --test-no ACCT-9634 --os Linux --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check for auditd log file" if [ ${SKIPTEST} -eq 0 ]; then LogText "Test: Checking auditd log file" + DEFAULT_LOCATION="/var/log/audit/audit.log" FIND=$(${GREPBINARY} "^log_file" ${AUDITD_CONF_FILE} | ${AWKBINARY} '{ if ($1=="log_file" && $2=="=") { print $3 } }') if [ -n "${FIND}" ]; then LogText "Result: log file is defined" LogText "Defined value: ${FIND}" - if [ -f ${FIND} ]; then - LogText "Result: log file ${FIND} exists on disk" - Display --indent 4 --text "- Checking auditd log file" --result "${STATUS_FOUND}" --color GREEN - Report "logfile[]=${FIND}" - else - LogText "Result: can't find log file ${FIND} on disk" - Display --indent 4 --text "- Checking auditd log file" --result "${STATUS_SUGGESTION}" --color YELLOW - ReportSuggestion "${TEST_NO}" "Check auditd log file location" - fi else - LogText "Result: no log file found" - Display --indent 4 --text "- Checking auditd log file" --result "${STATUS_WARNING}" --color RED - ReportWarning "${TEST_NO}" "Auditd log file is defined but can not be found on disk" + LogText "Result: log file is not defined" + LogText "Assumed default location: ${DEFAULT_LOCATION}" + FIND="${DEFAULT_LOCATION}" + fi + + if [ -f ${FIND} ]; then + LogText "Result: log file ${FIND} exists on disk" + Display --indent 4 --text "- Checking auditd log file" --result "${STATUS_FOUND}" --color GREEN + Report "logfile[]=${FIND}" + else + LogText "Result: can't find log file ${FIND} on disk" + Display --indent 4 --text "- Checking auditd log file" --result "${STATUS_SUGGESTION}" --color RED + ReportWarning "${TEST_NO}" "Check auditd log file location" fi fi # diff --git a/include/tests_malware b/include/tests_malware index 3156790b..fa26d381 100644 --- a/include/tests_malware +++ b/include/tests_malware @@ -147,14 +147,14 @@ Report "malware_scanner[]=avira" fi - # Bitdefender (macOS) - LogText "Test: checking process epagd" - if IsRunning "bdagentd" || IsRunning "epagd"; then + # Bitdefender (macOS & Linux) + LogText "Test: checking process Bitdefender daemon" + if IsRunning "bdagentd" || IsRunning "epagd" || IsRunning "bdsecd"; then FOUND=1 BITDEFENDER_DAEMON_RUNNING=1 MALWARE_DAEMON_RUNNING=1 MALWARE_SCANNER_INSTALLED=1 - if IsVerbose; then Display --indent 2 --text "- ${GEN_CHECKING} Bitdefender agent" --result "${STATUS_FOUND}" --color GREEN; fi + if IsVerbose; then Display --indent 2 --text "- ${GEN_CHECKING} Bitdefender daemon" --result "${STATUS_FOUND}" --color GREEN; fi LogText "Result: found Bitdefender security product" Report "malware_scanner[]=bitdefender" fi @@ -321,7 +321,7 @@ # Wazuh agent LogText "Test: checking process wazuh-agent to test for Wazuh agent" - if IsRunning "wazuh-agent"; then + if IsRunning "wazuh-agentd"; then if IsVerbose; then Display --indent 2 --text "- ${GEN_CHECKING} Wazuh agent" --result "${STATUS_FOUND}" --color GREEN; fi LogText "Result: found Wazuh component" FOUND=1 diff --git a/lynis b/lynis index e2de13e1..f85dd91b 100755 --- a/lynis +++ b/lynis @@ -43,16 +43,16 @@ PROGRAM_WEBSITE="https://cisofy.com/lynis/" # Version details - PROGRAM_RELEASE_DATE="2025-01-28" - PROGRAM_RELEASE_TIMESTAMP=1738061140 + PROGRAM_RELEASE_DATE="2025-07-29" + PROGRAM_RELEASE_TIMESTAMP=1753773496 PROGRAM_RELEASE_TYPE="pre-release" # pre-release or release - PROGRAM_VERSION="3.1.5" + PROGRAM_VERSION="3.1.6" # Source, documentation and license PROGRAM_SOURCE="https://github.com/CISOfy/lynis" PROGRAM_PACKAGE="https://packages.cisofy.com/" PROGRAM_DOCUMENTATION="https://cisofy.com/docs/" - PROGRAM_COPYRIGHT="2007-2024, ${PROGRAM_AUTHOR} - ${PROGRAM_WEBSITE}" + PROGRAM_COPYRIGHT="2007-2025, ${PROGRAM_AUTHOR} - ${PROGRAM_WEBSITE}" PROGRAM_LICENSE="${PROGRAM_NAME} comes with ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to redistribute it under the terms of the GNU General Public License. See the LICENSE file for details about using this software." @@ -676,12 +676,14 @@ ${NORMAL} echo " Operating system name: ${OS_NAME}" echo " Operating system version: ${OS_VERSION}" LogText "EOL check: ${EOL}" - if [ ${EOL} -eq 1 ]; then - echo " End-of-life: ${WARNING}YES${NORMAL}" + if [ ${EOL} -eq 0 ]; then + echo " End-of-life: ${STATUS_NO}" + elif [ ${EOL} -eq 1 ]; then + echo " End-of-life: ${WARNING}${STATUS_YES}${NORMAL}" ReportWarning "GEN-0010" "This version ${OS_VERSION} is marked end-of-life as of ${EOL_DATE}" elif [ ${EOL} -eq 255 ]; then - # TODO - mark as item where community can provide help - LogText "Note: the end-of-life of '${OS_FULLNAME}' could not be checked. Entry missing in software-eol.db?" + echo " End-of-life: ${WARNING}${STATUS_UNKNOWN}${NORMAL}" + LogText "Note: the end-of-life of '${OS_FULLNAME}' could not be checked. Entry is missing in db/software-eol.db?" fi if [ -n "${OS_MODE}" ]; then echo " Operating system mode: ${OS_MODE}"; fi @@ -789,44 +791,51 @@ ${NORMAL} fi OLD_RELEASE=0 - TIME_DIFFERENCE_CHECK=10368000 # 4 months + TIME_DIFFERENCE_CHECK=15552000 # approx 6 months RELEASE_PLUS_TIMEDIFF=$((PROGRAM_RELEASE_TIMESTAMP + TIME_DIFFERENCE_CHECK)) NOW=$(date "+%s") if [ ${NOW} -gt ${RELEASE_PLUS_TIMEDIFF} ]; then - # Show if release is old, only if we didn't show it with normal update check - if [ ${UPDATE_AVAILABLE} -eq 0 ]; then - ReportSuggestion "LYNIS" "This release is more than 4 months old. Check the website or GitHub to see if there is an update available." - fi OLD_RELEASE=1 fi - # Show on screen message if release is very outdated (unless --quiet/--silent is used) - if [ ${UPDATE_AVAILABLE} -eq 1 -a ${QUIET} -eq 0 ]; then - echo "" - echo " ===============================================================================" - echo " ${CYAN}${PROGRAM_NAME} ${TEXT_UPDATE_AVAILABLE}${NORMAL}" - echo " ===============================================================================" - echo "" - if [ ${OLD_RELEASE} -eq 1 ]; then - echo " ${YELLOW}Current version is more than 4 months old${NORMAL}" + # Show on screen message if there is an update available or when the release is outdated + # Do not show any output when quiet mode is used (--quiet/--silent) + if [ ${QUIET} -eq 0 ]; then + if [ ${UPDATE_AVAILABLE} -eq 1 ]; then echo "" - fi - if [ ${PROGRAM_LV} -gt 0 ]; then - echo " Current version : ${YELLOW}${PROGRAM_AC}${NORMAL} Latest version : ${GREEN}${PROGRAM_LV}${NORMAL}" + echo " ===============================================================================" + echo " ${CYAN}${PROGRAM_NAME} ${TEXT_UPDATE_AVAILABLE}${NORMAL}" + echo " ===============================================================================" echo "" + if [ ${PROGRAM_LV} -gt 0 ]; then + echo " Current version : ${YELLOW}${PROGRAM_AC}${NORMAL} Latest version : ${GREEN}${PROGRAM_LV}${NORMAL}" + echo "" + fi + echo " ${WHITE}Please update to the latest version.${NORMAL}" + echo " New releases include additional features, bug fixes, and tests.${NORMAL}" + elif [ ${OLD_RELEASE} -eq 1 ]; then + echo "" + echo " ===============================================================================" + echo " ${CYAN}${PROGRAM_NAME} might be outdated${NORMAL}" + echo " ===============================================================================" + echo "" + echo " ${YELLOW}Current version is more than 6 months old${NORMAL}" + echo " This version might be ${WHITE}Please check if there is a more recent version available.${NORMAL}" + echo "" + echo " ${WHITE}Please check if there is a more recent version available.${NORMAL}" + fi + if [ ${OLD_RELEASE} -eq 1 -o ${UPDATE_AVAILABLE} -eq 1 ]; then + echo "" + echo " Download locations:" + echo "" + echo " Packages (DEB/RPM) - https://packages.cisofy.com/" + echo " Website (TAR) - https://cisofy.com/downloads/" + echo " GitHub - https://github.com/CISOfy/lynis" + echo "" + echo " ===============================================================================" + echo "" + sleep 5 fi - echo " ${WHITE}Please update to the latest version.${NORMAL}" - echo " New releases include additional features, bug fixes, tests, and baselines.${NORMAL}" - echo "" - echo " Download the latest version:" - echo "" - echo " Packages (DEB/RPM) - https://packages.cisofy.com" - echo " Website (TAR) - https://cisofy.com/downloads/" - echo " GitHub (source) - https://github.com/CISOfy/lynis" - echo "" - echo " ===============================================================================" - echo "" - sleep 5 fi LogTextBreak diff --git a/publiccode.yml b/publiccode.yml new file mode 100644 index 00000000..0e625032 --- /dev/null +++ b/publiccode.yml @@ -0,0 +1,49 @@ +publiccodeYmlVersion: "0.4" +name: Lynis +url: https://github.com/CISOfy/lynis +releaseDate: 2025-01-28 +platforms: + - linux + - mac +categories: + - cloud-management + - compliance-management + - fleet-management + - it-management + - it-security +developmentStatus: stable +softwareType: standalone/other +description: + en: + shortDescription: Security auditing tool for Linux, macOS, and UNIX-based systems + longDescription: Lynis is a security auditing tool for systems based on UNIX + like Linux, macOS, BSD, and others. It performs an in-depth security scan + and runs on the system itself. The primary goal is to test security + defenses and provide tips for further system hardening. It will also scan + for general system information, vulnerable software packages, and possible + configuration issues. Lynis was commonly used by system administrators and + auditors to assess the security defenses of their systems. Besides the + "blue team," nowadays penetration testers also have Lynis in their + toolkit. + documentation: https://cisofy.com/documentation/lynis/ + features: + - command-line + - perform security audit + - extensive log + - security hardening advice + - Linux security hardening +legal: + license: AGPL-3.0-only +maintenance: + type: community + contacts: + - name: Michael Boelen + email: michael.boelen@cisofy.com + phone: "" + affiliation: "" +localisation: + localisationReady: true + availableLanguages: + - en + - es + - nl