tyler.durden/lynis
1
0
Fork 0
mirror of https://github.com/CISOfy/lynis.git synced 2025-07-31 01:34:23 +02:00
Code Issues Packages Projects Releases Wiki Activity
3,839 Commits 2 Branches 64 Tags
Commit Graph

335 Commits

Author SHA1 Message Date
Michael Boelen
76a4f4dfd8
Allow spaces when using a parameter such as --auditor 2025-07-30 22:17:54 +00:00
macie
89383ee196
fix: HostID2 generation on OpenWrt 
OpenWrt uses `dropbear` as a lightweight SSH server.

I assume, that all devices with OpenWrt have MAC address (they are routers),
so to minimize impact on other OSes, I didn't touch SSH-based HostID
generation.
 2025-02-09 08:37:45 +01:00
macie
580c7a3e2c
fix: HostID generation on OpenWrt 
To reduce the size of the system, OpenWrt contains only one hashing command -
`sha256sum`.

SHA-256 hash truncation to SHA1 length is allowed by NIST, see:
<https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.180-4.pdf>.
 2025-02-09 08:24:48 +01:00
Michael Boelen
95530fdc0e
Simplified copyright line and meta information as including (and updating) the year does not hold much value 2025-01-28 10:15:09 +00:00
Michael Boelen
f2ac59a130
Allow forward slash in SafeInput check 2024-12-18 17:53:09 +00:00
Michael Boelen
2a540ddf75
Allow more characters as part of 'lynis configure settings' command 2024-12-03 12:34:21 +00:00
Luca Fontana
9270ab0a38 More support for busybox devices 
- Replaced "head -1" with "head -n 1"
- Fixed Stat format error in busybox
- Fixed find -printf error in busybox
- SafeInput accept only alphanumeric values, underscore and hyphens
 2024-11-04 19:04:37 +02:00
pyllyukko
c3996cd1bb
Rephrasing 2024-05-16 07:16:20 +03:00
Michael Boelen
24679bee9a
Do not unset SKIPREASON, as it is cleared at the beginning of the function 2024-05-15 12:23:23 +00:00
Michael Boelen
d9ac616d11
Merge pull request #1450 from hmrodrigues/fix/apk-PackageIsInstalled 
Fixed Alpine Linux installed package detection
 2024-05-14 08:23:54 +02:00
Michael Boelen
308106993d
Merge pull request #1345 from pyllyukko/pkgtools 
Added Slackware support for PackageIsInstalled() function
 2024-05-14 08:20:30 +02:00
Hugo Rodrigues
90ece54445
Fixed Alpine Linux installed package detection 2023-12-13 12:40:05 +00:00
xnoguer
c7b73837db Removing changes from another branch 2023-04-23 17:44:44 -04:00
xnoguer
6f1797fb59 Using grep -E 2023-04-23 17:38:21 -04:00
pyllyukko
051052cc15
Added Slackware support for PackageIsInstalled() function 2022-11-17 18:47:44 +02:00
HansHoogerwerf
bbe135d56f
Fix space 2022-10-17 16:27:21 +02:00
HansHoogerwerf
ff26dca83a
Fix simple mistake 2022-10-17 16:24:59 +02:00
HansHoogerwerf
98ac5a562a
Verify the linux OS supports nanoseconds 
Add extra check to verify the linux OS supports nanoseconds. This might not be the case with certain busybox implementations.
 2022-10-17 15:46:40 +02:00
Michael Boelen
cd433e928e
Merge pull request #1205 from kolenichsj/alpine_apk 
Adding support for Alpine Package Keeper
 2022-02-10 12:00:38 +01:00
Michael Boelen
e0b5dcf7d4
Merge pull request #1226 from konstruktoid/1220 
Extend HasCorrectCheckPermissions logging
 2022-02-10 11:52:11 +01:00
Thomas Sjögren
3bfff0ca62 present expected permission value in octal 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2021-11-08 13:29:51 +01:00
Thomas Sjögren
f2e49ba74c add symlink support to HasCorrectFilePermissions and IsWorldWritable 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2021-11-08 12:26:20 +01:00
Steve Kolenich
a4bee8a329 Added two tests using apk (Alpine Package Keeper) to check for 
installed packages and packages that can be upgraded
 2021-09-01 16:00:01 -04:00
Michael Boelen
aa91bb4c85
Corrected syntax 2021-07-12 15:21:35 +02:00
Michael Boelen
7867759750
Dropping option to filter by label as newer versions of 'ip' give another result (no output) 2021-07-08 15:18:20 +02:00
Michael Boelen
5d96098a82
Switched order for interface detection on Linux 2021-07-08 14:54:49 +02:00
Michael Boelen
97e435ffe8
Add fallbacks for hostid generation and improve logging 2021-07-08 13:39:13 +02:00
Michael Boelen
da024079f1
Improve HostID generation and logging 2021-07-02 14:23:53 +02:00
Michael Boelen
da1c1eca10
Preparation for release 3.0.3 2021-01-07 15:22:19 +01:00
Brian Ginsbach
89403f1494 Multiple platform support in Register 
Support specifying multiple platforms with `--platform`. Useful as
not all operating systems identify identical hardware (platforms)
with the same name (example x86_64 and amd64).
 2020-12-31 21:02:04 -06:00
Simon Biewald
73f39baca8 Use first e1000 interface and break after match 
Fixes CISOfy/lynis#1075.

Before this commit, the interfaces "e1000g1" and "net0" were allowed.
The name "e1000g0" is appended to the list.
After finding an interface, the loop is interrupted now. As previously
"net0" was always used, even if another interface was available, the list
is reordered to "net0 e1000g1 e1000g0" to not break previous generations.

A typo is also fixed ("No interface found op Solaris ..." -> "No
interface found on").

Signed-off-by: Simon Biewald <simon@fam-biewald.de>
 2020-11-14 22:56:42 +00:00
Josh Soref
eadd2a8ed8 spelling: indentation 
Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
 2020-11-08 23:38:46 -05:00
Michael Boelen
7930644b6c
Merge branch 'master' into fix_nginx_parser 2020-10-22 08:43:44 +02:00
Thomas Sjögren
3124a04ce9 require pgrep before usage 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2020-10-21 11:27:44 +02:00
Michael Boelen
92df49d08e
Merge pull request #973 from igloonet/fix/functions-parse-nginx-abs-path 
Support absolute paths in nginx includes and fix ls warning on empty directories
 2020-10-20 13:38:08 +02:00
Jimver
554dd2d5e9
Better log message 2020-08-27 12:57:22 +02:00
Jimver
e6891feeb4
Remove newline 2020-08-27 12:52:59 +02:00
Jimver
cd94da3449
Use shell wildcard expansion now 2020-08-27 12:50:48 +02:00
Jimver
6f6e21add2
Fix wildcard expansion, absolute path handling and output to stderr 2020-08-26 16:38:35 +02:00
Kepi
a2e752a8db [functions] ParseNginx: Ignore empty included wildcards 
Its ok to have empty directories included. We should not output errors with
lsbinary unable to find anything there.
 2020-07-07 15:38:19 +02:00
Kepi
de18ddc2c0 [functions] ParseNginx: Support include on absolute paths 
Includes can be absolute paths too. This is quick fix counting on fact that
absolute paths have slash at start.
 2020-07-07 15:37:56 +02:00
Kepi
f94817f66f Command line option for slow test threshold 
IMHO it should be OK to run long tests if we count with it.

Example:

    lynis audit system --slow-warning 300

Will warn when test takes longer than 300 seconds, instead of default 10.
 2020-07-02 23:42:28 +02:00
Michael Boelen
871f95cbf3
Use BSD style format when calling stat 2020-06-26 09:53:23 +02:00
Thomas Sjögren
51dfc34663 accept more restrictive file permissions 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2020-04-22 10:34:58 +02:00
Michael Boelen
c368846a08
Added support to require a detected and known package manager 2020-04-06 20:47:45 +02:00
Michael Boelen
b5a2d11738
Added fallback for awk/tr, small code enhancement, added note 2020-04-02 09:28:41 +02:00
Michael Boelen
156f740ff2
The IsRunning function may have not everything defined early on, so added a fallback 2020-04-01 19:02:11 +02:00
Michael Boelen
a38e2b535e
Corrected case where binaries were not checked while we do want to use dmidecode if it available 2020-03-31 16:31:41 +02:00
Michael Boelen
53ad72e791
Removed unneeded complexity regarding dmidecode, as binary checks are already done at this point 2020-03-31 16:25:27 +02:00
Brian Ginsbach
eb7dbab1ee Add pkg_info to PackageIsInstalled 
The `pkg_info` command is used on a system using NetBSD pkgsrc to
determine which packages are installed.
 2020-03-30 14:12:36 -05:00