tyler.durden
/
lynis
mirror of https://github.com/CISOfy/lynis.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
3,791 Commits 2 Branches 62 Tags 17 MiB
Commit Graph

102 Commits

Author SHA1 Message Date
Michael Boelen 70ea29483a
Code enhancements 2017-04-23 20:06:54 +02:00
hlein e054e9757c Lots of cleanups (#366) 
* Description fix: SafePerms works on files not dirs.

All uses of SafePerms are on files (and indeed, it would reject
directories which would have +x set).

* Lots of whitespace cleanups.

Enforce everywhere(?) the same indentations for if/fi blocks.
The standard for the Lynis codebase is 4 spaces.  But sometimes
it's 1, sometimes 3, sometimes 8.

These patches standardize all(?) if blocks but _not_ else's (which
are usually indented 2, but sometimes zero); I was too lazy to
identify those (see below).

This diff is giant, but should not change code behavior at all;
diff -w shows no changes apart from whitespace.

FWIW I identified instances to check by using:

  perl -ne 'if ($oldfile ne $ARGV) { $.=1; $oldfile=$ARGV; }; chomp; if ($spaces) { next unless /^( *)([^ ]+)/; $newspaces=length($1); $firsttok = $2; next unless defined($firsttok); $offset = ($firsttok eq "elif" ? 0 : 4); if ($newspaces != $spaces + $offset) { print "$ARGV:$ifline\n$ARGV:$.:$_\n\n" }; $ifline=""; $spaces="";  } if (/^( *)if (?!.*[; ]fi)/) { $ifline = "$.:$_"; $spaces = length($1); }' $(find . -type f -print0 | xargs -0 file | egrep shell | cut -d: -f1)

Which produced output like:

  ./extras/build-lynis.sh:217:            if [ ${VERSION_IN_SPECFILE} = "" -o ! "${VERSION_IN_SPECFILE}" = "${LYNIS_VERSION}" ]; then
  ./extras/build-lynis.sh:218:               echo "[X] Version in specfile is outdated"

  ./plugins/plugin_pam_phase1:69:        if [ -d ${PAM_DIRECTORY} ]; then
  ./plugins/plugin_pam_phase1:70:                LogText "Result: /etc/pam.d exists"

...There's probably formal shellscript-beautification tools that
I'm oblivious about.

* More whitespace standardization.

* Fix a syntax error.

This looks like an if [ foo -o bar ]; was converted to if .. elif,
but incompletely.

* Add whitespace before closing ].

Without it, the shell thinks the ] is part of the last string, and
emits warnings like:

  .../lynis/include/tests_authentication: line 1028: [: missing `]'
 2017-03-07 19:23:08 +00:00
hlein b595cc0fb5 Various cleanups (#363) 
* Typo fix.

* Style change: always use $(), never ``.

The Lynis code already mostly used $(), but backticks were sprinkled
around.  Converted all of them.

* Lots of minor spelling/typo fixes.

FWIW these were found with:

  find . -type f -print0 | xargs -0 cat | aspell list | sort -u | egrep '^[a-z]+$' | less

And then reviewing the list to pick out things that looked like
misspelled words as opposed to variables, etc., and then manual
inspection of context to determine the intention.
 2017-03-06 07:41:21 +00:00
Michael Boelen 34ba1ba184 Changed date and preparing for release 2017-02-09 13:35:40 +01:00
Michael Boelen 338edb4971 Add stderr for other network tests 2017-01-24 19:30:17 +01:00
Michael Boelen d2a80ed789 Add stderr for NETW-3004 2017-01-24 19:28:06 +01:00
Michael Boelen e483d69050 Solved error on AIX 2016-12-02 20:48:37 +01:00
Justin P 50b06efd30 macOS Refactoring (#311) 
* Default all macOS `OS` names as macOS. Added comments to specify `uname` outputs for better understanding.

* Refactored all `Mac` instances referring to macOS over to `macOS` formatting.

Tested on my own machine, unable to find any errors outside of normal parameters.
 2016-11-05 11:53:22 +01:00
Michael Boelen e0ea967f01 [NETW-3004] add macOS support 2016-10-27 10:06:41 +02:00
Michael Boelen e96a31eab4 Style improvements 2016-10-26 12:58:51 +02:00
marcus-cr 94d31bba22 NETW-3030 - DHCPD Support Added (#299) 
Added support for DHCPD
 2016-10-26 12:37:35 +02:00
Michael Boelen 903016df36 Code cleanups and generic enhancements 2016-09-10 16:12:44 +02:00
Michael Boelen 82ededed31 Style improvements and command replacements 2016-09-08 21:04:17 +02:00
afa- 4e139f4d71 Check for arpon as ARP monitoring software (#267) 2016-08-29 19:31:17 +02:00
Michael Boelen 679e8c628e Use detected binaries 2016-08-25 15:31:33 +02:00
Michael Boelen f9b2993f35 Removed unneeded field 2016-08-10 07:24:10 +02:00
Michael Boelen abf34b56b6 Rephrase suggestion 2016-07-27 09:55:06 +02:00
Michael Boelen 2f4c854ba7 Rename of categories, introduction of groups 2016-07-24 17:22:00 +02:00
Michael Boelen 983e293eb1 Replaced text strings to allow translations 2016-06-18 11:14:01 +02:00
Michael Boelen eded02cfde Rewritten counters and dealing with values 2016-05-03 14:57:53 +02:00
mboelen 42607ceaf5 Replaced old function names with new ones 2016-04-28 12:31:57 +02:00
mboelen 9e312f5a5f Replaced functions and minor cleanups 2016-04-28 09:15:54 +02:00
mboelen f4a1ee8ac2 [NETW-3014] Test whitelisted interface in enabled profiles 2016-04-13 17:08:58 +02:00
mboelen c3d5dabb49 Move stderr redirection to sysctl command instead of grep, to prevent errors displaying on screen 2016-03-17 21:02:28 +01:00
mboelen 8cc47819b4 Removed copyright line, added description 2016-03-13 16:03:46 +01:00
mboelen 6197ac08e7 Added link to website, blog, github 2016-03-13 16:00:39 +01:00
mboelen 13cfbd3019 Make IPv6 check compatible for all systems 2016-02-25 14:24:50 +01:00
mboelen 820c24c347 Added OpenBSD for [NETW-3004] 2016-02-09 13:00:29 +01:00
mboelen 3999be2300 Avoid errors on screen if sysctl keys are not readable 2016-01-25 13:54:09 +01:00
mboelen d167fe2782 Added test NETW-2600 to collect IPv6 configuration 2016-01-01 21:38:47 +01:00
mboelen 6b3c32b61f Added NETW-3032 to test for ARP monitoring software like arpwatch 2015-12-29 16:30:31 +01:00
mboelen 31b5c0bb42 Merged changes for ARPwatch 2015-12-29 16:28:18 +01:00
mboelen d16b38eff8 Rename of logtext and report functions, upcoming year change 2015-12-21 21:17:15 +01:00
mboelen 510de19ce9 NETW-3004 now collects interfaces from most common operating systems 2015-10-27 13:33:16 +01:00
SiemKorteweg bf1da50c14 Combine "sort | uniq" into "sort -u" to reduce the number of processes used for running Lynis. The busybox version of sort also supports the -u option. 2015-10-04 17:59:28 +02:00
mboelen 66fb369593 Copyright line changes and cleanups 2015-07-22 16:28:11 +02:00
mboelen e8111a124f Increase default minimum amount of connections before alerting 2015-07-14 00:31:59 +02:00
mboelen 5caf4ddc4f Update of the files to reflect HTTPS version of website and 2015. Happy New Year! 2015-01-03 12:45:22 +01:00
mboelen defecac381 Small change regarding logging item to report 2014-12-05 13:29:26 +01:00
mboelen 28b31b95c8 Add OpenBSD support to gather UDP/TCP ports which listen on network 2014-11-04 00:30:08 +01:00
mboelen 7797c32d76 Only extract unique name servers [NAME-2704] 2014-10-13 10:42:07 +02:00
mboelen 911a5e88f6 Mac OS improvement for test NETW-3012 2014-09-21 13:01:29 +02:00
mboelen 116b1eab97 Added support for Mac OS to gather information 2014-09-21 12:58:08 +02:00
mboelen 74fc711965 Removed unneeded exception line 2014-09-19 16:46:35 +02:00
mboelen f5dcb5e7f1 Added usage of ip to NETW-3006 and NETW-3008 2014-09-19 16:28:53 +02:00
mboelen 475b6c3799 Added usage of ss to gather listening ports in NETW-3012 2014-09-19 16:18:09 +02:00
mboelen 94efdd0af1 Check if ifconfig exists before using it in tests (e.g. Arch Linux) 2014-09-19 11:45:19 +02:00
mboelen c9fde8c2d1 Code cleanup and small enhancements 2014-09-15 12:01:09 +02:00
mboelen bce234fa00 Removed warnings, updated changelog 2014-09-15 10:52:06 +02:00
mboelen 56cc2df2c2 Adjustments to allow non-privileged scan and reduce errors on screen 2014-09-08 23:51:27 +02:00
mboelen 09d1ca7fd6 No direct calls to netstat binary, but first determine if the binary was found (e.g. for Arch Linux) 2014-08-28 13:59:30 +02:00
mboelen c0ae2e217b Initial import 2014-08-26 17:33:55 +02:00