lynis

mirror of https://github.com/CISOfy/lynis.git synced 2025-09-02 23:58:17 +02:00

Author	SHA1	Message	Date
Michael Boelen	288bca9334	Merge pull request #887 from bginsbach/fix-auth-9229 AUTH-9229 Do not use long options for sort	2020-03-31 16:35:48 +02:00
Michael Boelen	a38e2b535e	Corrected case where binaries were not checked while we do want to use dmidecode if it available	2020-03-31 16:31:41 +02:00
Michael Boelen	53ad72e791	Removed unneeded complexity regarding dmidecode, as binary checks are already done at this point	2020-03-31 16:25:27 +02:00
Michael Boelen	4ff61a6f46	Merge pull request #890 from bginsbach/add-pkg_info Add pkg_info	2020-03-31 15:49:54 +02:00
Michael Boelen	e481d5a173	Merge pull request #888 from bginsbach/fix-auth-9230 Fix AUTH-9230 for systems without /etc/login.defs	2020-03-31 11:22:31 +02:00
Brian Ginsbach	94915ac2fe	Fix PKGS-7301 message nit The comment is correct. It is FreeBSD pkg not NetBSD pkg.	2020-03-30 14:23:58 -05:00
Brian Ginsbach	eb7dbab1ee	Add pkg_info to PackageIsInstalled The `pkg_info` command is used on a system using NetBSD pkgsrc to determine which packages are installed.	2020-03-30 14:12:36 -05:00
Brian Ginsbach	2b1d5fa46f	Add NetBSD pkgsrc pkg_info to known binaries The NetBSD pkgsrc package management system uses pkg_info for determining information about packages. This is also the command used in PKGS-7302.	2020-03-30 14:09:28 -05:00
Brian Ginsbach	f13d919dfa	PROC-3802 Only check for prelink package on Linux The prelink package is Linux specific no need to check for it on non-Linux systems.	2020-03-29 16:19:25 -05:00
Brian Ginsbach	90b17121ba	Fix AUTH-9230 for systems without /etc/login.defs This fixes a bug where it was determined that /etc/login.defs didn't exist as a prerequisite but then wasn't used to skip the test. Prevents warnings from `grep(1)` for "no such file or directory".	2020-03-29 15:31:41 -05:00
Brian Ginsbach	18daa9f495	AUTH-9229 Do not use long options for sort Use the standard `sort(1)` short option `-u` rather than `--unique`, since not all versions support long options.	2020-03-29 15:06:36 -05:00
Sander	4732b640ae	Adding test FILE-6394	2020-03-28 19:23:00 +00:00
Topi Miettinen	5c5cc43c6f	Check if system uses encrypted swap devices Add test CRYP-7931 to check if the system uses any encrypted swap devices. Signed-off-by: Topi Miettinen <toiwoton@gmail.com>	2020-03-27 13:05:56 +02:00
Michael Boelen	603d5b16a2	[FINT-4339] define what file to check for	2020-03-25 19:40:05 +01:00
Michael Boelen	b8cdb04772	Corrected requirements to run tests	2020-03-25 19:33:55 +01:00
Michael Boelen	1e52ed0c0d	Added notes to NETW-3200 for future extending this test	2020-03-25 15:19:21 +01:00
Michael Boelen	04c969752a	[NETW-3200] corrected test	2020-03-25 15:15:42 +01:00
Michael Boelen	9b978a3581	Add specific control ID for warnings regarding usage of deprecated options	2020-03-25 15:03:21 +01:00
Michael Boelen	db117ae644	Merge branch 'master' of https://github.com/CISOfy/lynis	2020-03-25 10:11:34 +01:00
Michael Boelen	f644927a42	Improved warning message with 'how to resolve'	2020-03-25 10:11:25 +01:00
Topi Miettinen	339e0c3207	[FILE-6374]: Summarize unhardened file system Report total numbers of unhardened filesystems. Signed-off-by: Topi Miettinen <toiwoton@gmail.com>	2020-03-25 09:18:16 +02:00
Michael Boelen	3c8e3b0adb	Merge pull request #862 from topimiettinen/blacklist-fs FS module tests: check if modules are blacklisted	2020-03-24 13:34:05 +01:00
Michael Boelen	3c3feecbfb	Merge pull request #824 from Varbin/master Add detection of OpenNTPD	2020-03-24 13:29:02 +01:00
Michael Boelen	f83025a283	Merge pull request #860 from topimiettinen/harden-mount-options Harden mount options for /var, check also /dev and /run	2020-03-24 13:27:50 +01:00
Michael Boelen	dbfadc5446	Merge pull request #879 from topimiettinen/enhance-tomoyo-check Enhance TOMOYO Linux check	2020-03-24 13:26:33 +01:00
Michael Boelen	18a570c0b8	Merge pull request #880 from konstruktoid/grphashrounds Add test for group password hash rounds	2020-03-24 13:24:12 +01:00
Thomas Sjögren	bc09f921f0	fix indentation Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>	2020-03-24 11:53:50 +01:00
Thomas Sjögren	0b9e2d85d6	fix tabs Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>	2020-03-24 11:45:05 +01:00
Thomas Sjögren	5341fa7b29	AUTH-9229 isnt related to login.defs, add AUTH-9230 Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>	2020-03-24 11:44:14 +01:00
Topi Miettinen	e09fe98b89	Enhance TOMOYO Linux check Count and log unconfined processes, which are not using policy profile 3. Signed-off-by: Topi Miettinen <toiwoton@gmail.com>	2020-03-23 18:44:21 +02:00
Topi Miettinen	0da82a18cb	FS module tests: check if modules are blacklisted Check if FS modules are blacklisted. Signed-off-by: Topi Miettinen <toiwoton@gmail.com>	2020-03-23 17:43:53 +02:00
Topi Miettinen	8913374092	Run 'systemd-analyze security' 'systemd-analyze security' (available since systemd v240) makes a nice overall evaluation of hardening levels of services in a system. More details can be found with 'systemd-analyze security SERVICE' for each service. Signed-off-by: Topi Miettinen <toiwoton@gmail.com>	2020-03-23 17:31:32 +02:00
Michael Boelen	7bba7bd4af	Removed incorrect process name from list, enable --full as it is required for matching jitterentropy-rngd	2020-03-23 16:13:39 +01:00
Michael Boelen	dcddfdb6cc	Merge branch 'master' of https://github.com/CISOfy/lynis	2020-03-23 15:56:03 +01:00
Michael Boelen	1e74f9be9a	Fixed 'lynis show details' output	2020-03-23 15:55:40 +01:00
Michael Boelen	8f77116ce7	Merge pull request #876 from topimiettinen/enhance-apparmor-check Enhance AppArmor check	2020-03-23 15:24:52 +01:00
Michael Boelen	7d1fe1231a	[CRYP-8005] added haveged, match against process name instead of full command line, code cleanup	2020-03-23 14:29:47 +01:00
Michael Boelen	1eb9218986	Merge branch 'master' of https://github.com/CISOfy/lynis	2020-03-23 13:19:29 +01:00
Michael Boelen	17bbaa8f7a	[AUTH-9229] make test only available for root	2020-03-23 13:19:10 +01:00
Michael Boelen	32cefdea0a	Merge pull request #878 from topimiettinen/check-ima-evm Check IMA/EVM, dm-integrity and dm-verity statuses	2020-03-23 13:18:16 +01:00
Michael Boelen	122619d01f	Merge pull request #874 from topimiettinen/check-password-hashing-methods Check password hashing methods	2020-03-23 12:49:20 +01:00
Michael Boelen	17ac4d2c1c	[AUTH-9252] corrected permission check	2020-03-23 10:44:45 +01:00
Topi Miettinen	8ea39314f2	Check for dm-integrity and dm-verity Detect tools for dm-integrity and dm-verity, check if some devices in /dev/mapper/* use them and especially the system root device. Signed-off-by: Topi Miettinen <toiwoton@gmail.com>	2020-03-23 10:35:38 +02:00
Michael Boelen	058b071ea2	Merge pull request #877 from bginsbach/auth-9268-add-bsd Add FreeBSD and NetBSD to AUTH-9268	2020-03-22 15:16:09 +01:00
Topi Miettinen	203a4d3480	Check IMA/EVM status Check for evmctl (Extended Verification Module) tool and system IMA (Integrity Measurement Architecture) status. Signed-off-by: Topi Miettinen <toiwoton@gmail.com>	2020-03-22 11:21:52 +02:00
Brian Ginsbach	33ba896b41	Add FreeBSD and NetBSD to AUTH-9268 Add FreeBSD and NetBSD as both support PAM. Simplify the PREQS_MET test by using a case rather than a long if or.	2020-03-21 20:03:37 -05:00
Brian Ginsbach	f56c3b5f94	Combine NetBSD and OpenBSD AUTH-9234 check Both NetBSD and OpenBSD have `useradd(8)`, so they can share logic checking `/etc/usermgmt.conf` for the default user UID range.	2020-03-21 16:16:34 -05:00
Brian Ginsbach	044c78452b	Add AUTH-9234 for NetBSD	2020-03-21 16:10:05 -05:00
Topi Miettinen	e0e2096a25	Enhance AppArmor check Count and log unconfined processes which have no AppArmor profile applied. Signed-off-by: Topi Miettinen <toiwoton@gmail.com>	2020-03-21 17:14:55 +02:00
Topi Miettinen	26a54991ba	Check for software pseudo random number generators Check for running audio-entropyd, havegd or jitterentropy-rngd. Signed-off-by: Topi Miettinen <toiwoton@gmail.com>	2020-03-21 16:26:30 +02:00

... 10 11 12 13 14 ...

2476 Commits