tyler.durden
/
lynis
mirror of https://github.com/CISOfy/lynis.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
3,793 Commits 2 Branches 62 Tags 17 MiB
Commit Graph

2443 Commits

Author SHA1 Message Date
Wojciech Banaś 4098236412 #1270 added finding configuration files in the "etc" directory, even if they are symlinks 2022-02-14 13:23:20 +01:00
Michael Boelen 4f382331b3
Renumbered new test PKGS-7346 to PKGS-7200 2022-02-10 14:26:38 +01:00
Michael Boelen 8afa7d93fe
Merge pull request #1254 from pyllyukko/pam_faillock 
Check for pam_faillock in AUTH-9408
 2022-02-10 14:18:19 +01:00
Michael Boelen 59d1d8acd8
Merge pull request #1247 from devnull-hub-lab/patch-1 
Update mod_security module version
 2022-02-10 12:05:43 +01:00
Michael Boelen 0830a745cc
Merge pull request #1250 from JensChrG/master 
Dont write over FIND variable. Fixes #1021
 2022-02-10 12:03:46 +01:00
Michael Boelen cd433e928e
Merge pull request #1205 from kolenichsj/alpine_apk 
Adding support for Alpine Package Keeper
 2022-02-10 12:00:38 +01:00
Michael Boelen e0b5dcf7d4
Merge pull request #1226 from konstruktoid/1220 
Extend HasCorrectCheckPermissions logging
 2022-02-10 11:52:11 +01:00
Michael Boelen 7fbcede421
Merge pull request #1235 from zwack-am/master 
Updated PAM_FILES_LOCATION for AARCH64
 2022-02-10 11:49:21 +01:00
Michael Boelen 66f93f0275
Removed bashism: == 2022-02-10 09:35:41 +01:00
Michael Boelen 4ecd03598f
Merge pull request #1225 from konstruktoid/ISSUE1214 
add symlink support to HasCorrectFilePermissions and IsWorldWritable
 2022-02-08 11:27:29 +01:00
Robert Frohl 14fd7dabc8
[KRNL-5820] additional path for security/limits.conf 
Changes the user facing output to display a full path, allowing the user to
better grasp which security/limits.conf file is affected.

fix issue #1264
 2022-02-04 13:51:36 +01:00
Michael Boelen b0ca58895b
[KRNL-5788] Only run relevant tests and improved logging 2022-01-31 17:07:41 +01:00
Michael Boelen 8604431e19
Merge pull request #1261 from jsegitz/reboot_test 
check /boot/vmlinuz as a symlink in the reboot test
 2022-01-31 16:38:38 +01:00
Steve Kolenich eb46f39c44 Merge remote-tracking branch 'origin/master' into alpine_apk 2022-01-31 10:05:26 -05:00
Michael Boelen a0e9e3d363
Merge pull request #1263 from pyllyukko/needs_restarting 
KRNL-5830: Check for /var/run/needs_restarting
 2022-01-31 15:07:50 +01:00
Michael Boelen e5f5750bfa
Improved log message 2022-01-31 13:55:55 +01:00
Michael Boelen 98f57d6d76
Added MALW-3274 to detect McAfee VirusScan Command Line Scanner 2022-01-31 13:29:11 +01:00
pyllyukko 12ad1ca6bd KRNL-5830: Check for /var/run/needs_restarting 
Creating this file was introduced in slackpkg version 15.0.10.
 2022-01-25 18:59:36 +02:00
Johannes Segitz 521487310f check /boot/vmlinuz as a symlink in the reboot test 2022-01-25 09:55:52 +01:00
Michael Boelen 28409265db
Switch to array type for account_without_password 2022-01-18 14:23:39 +01:00
pyllyukko 3153c89c87
Check for pam_faillock in AUTH-9408 
pam_tally2 was removed in PAM 1.5.0 and pam_faillock has replaced it.
 2022-01-12 19:09:42 +02:00
Steve Kolenich 302b52c55d Merge remote-tracking branch 'upstream/master' into alpine_apk 2022-01-11 09:19:19 -05:00
Jens Christian Gram f81aff384c Dont write over FIND variable. Fixes #1021 2022-01-01 18:55:01 +01:00
Rafael Grether 6c5ddb9cc2
Update mod_security module version 
Update ModSecurity version. Actual version: 3

Issue #1246
 2021-12-16 15:41:18 -03:00
Adam Morris 11306422ac
Corrected a minor typo 2021-11-20 05:23:34 +00:00
Adam Morris 0eb92f5291
Added the aarch64-linux-64 path 
This resolves Issue #1234
 2021-11-20 05:19:37 +00:00
Michael Boelen 2d16c60da1
Merge pull request #1209 from mrpjl/master 
Added Funtoo Linux to osdetection
 2021-11-18 11:08:06 +01:00
Michael Boelen 7674a08ab8
Merge pull request #1202 from digitalcheetah/openrc 
Adding OpenRC to boot service test
 2021-11-18 11:06:14 +01:00
Michael Boelen 5f113f5699
Merge pull request #1223 from konstruktoid/ISSUE1219 
allow unknown number of spaces in modprobe blacklists
 2021-11-18 11:04:52 +01:00
Lahfa Samy c45e502796 Add Garuda Linux to audit package test tool 2021-11-16 22:28:10 +01:00
Thomas Sjögren 3bfff0ca62 present expected permission value in octal 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2021-11-08 13:29:51 +01:00
Thomas Sjögren f2e49ba74c add symlink support to HasCorrectFilePermissions and IsWorldWritable 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2021-11-08 12:26:20 +01:00
Thomas Sjögren 9819ac4023 allow unknown number of spaces in modprobe blacklists 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2021-10-26 10:53:33 +02:00
Prajwal e7c8b235bb Added Funtoo Linux to osdetection 2021-09-26 16:57:07 +05:30
Steve Kolenich a4bee8a329 Added two tests using apk (Alpine Package Keeper) to check for 
installed packages and packages that can be upgraded
 2021-09-01 16:00:01 -04:00
Jay Keller 3699484712
Merge branch 'CISOfy:master' into openrc 2021-08-15 07:36:09 +00:00
Michael Boelen 43054c0999
Added 'RedHat' to OS detection routine (RHEL 6) 2021-07-30 08:17:03 +02:00
Michael Boelen da90488fe6
Merge pull request #1142 from konstruktoid/aideloc 
add support for additional Aide db paths
 2021-07-29 14:57:00 +02:00
Michael Boelen 480cf7e6d1
Merge pull request #1193 from zcrayfish/patch-1 
Use posix grep/egrep options, fixing issue #1166
 2021-07-29 14:53:52 +02:00
Michael Boelen 32e2dc313d
Merge pull request #1194 from zcrayfish/patch-2 
grep options change from gnu to posix
 2021-07-29 14:52:56 +02:00
Michael Boelen 9ba09ac408
Update tests_networking 2021-07-29 14:52:29 +02:00
Glowsome d59970ef16 Update tests_databases 
Add mariadb as binary to check
 2021-07-28 17:25:04 +02:00
Michael Boelen c74bc10db8
Added MALW-3290, Trend Micro malware agent detection, added agent and rootkit scanner status 2021-07-27 10:44:08 +02:00
Zachary Lee Andrews 55cc7215ea
grep options change from gnu to posix 
fix issue #1167
 2021-07-23 22:44:36 -04:00
Zachary Lee Andrews 886adae4ef
Use posix egrep options, fixing issue #1166 2021-07-23 22:38:31 -04:00
Michael Boelen 923f60d420
Merge pull request #1173 from rchekaluk/master 
Kernel 5.8 permits hidepid textual values
 2021-07-22 11:00:03 +02:00
Michael Boelen 755abdc556
Merge pull request #1137 from teoberi/Lynis-with-PostgreSQL-13.1---test-ID-DBS-1826/DBS-1828 
Lynis with PostgreSQL 13.1 test ID DBS-1826/DBS-1828
 2021-07-21 17:22:17 +02:00
Michael Boelen b0bee65843
KRNL-5830: sort kernels by version (ls -v) instead of date on disk (ls -t) 2021-07-21 15:26:48 +02:00
Michael Boelen ad5909372d
PKGS-7410: don't show exception for systems running LXC 2021-07-21 13:16:08 +02:00
Michael Boelen 8f6a373f6b
Merge pull request #1153 from Idesmi/patch-1 
Added openSUSE MicroOS
 2021-07-20 23:29:10 +02:00
Michael Boelen 93a681006f
Merge pull request #1169 from al-lac/macos-detection 
Fix Big Sur Detection and add macOS Monterey
 2021-07-20 21:07:11 +02:00
Michael Boelen 71c15afbd1
Added missing quote 2021-07-20 16:32:18 +02:00
Michael Boelen 20be0f61e3
Merge pull request #1188 from digitalcheetah/artix-linux 
Adding Artix Linux to osdetection
 2021-07-20 11:34:17 +02:00
Michael Boelen 6d6e160100
Merge branch 'master' of https://github.com/CISOfy/lynis 2021-07-20 11:32:05 +02:00
Michael Boelen 3a03af42aa
Fix: show 'egrep' instead of 'grep' when egrep is missing 2021-07-20 11:31:18 +02:00
Michael Boelen 6755ac45c2
Replaced tab with space 2021-07-20 11:30:23 +02:00
Michael Boelen e0a5555715
Merge pull request #1186 from just-some-tall-bloke/patch-1 
Added detection for NethServer
 2021-07-15 13:16:09 +02:00
Michael Boelen aa91bb4c85
Corrected syntax 2021-07-12 15:21:35 +02:00
Jay Keller cd632059e0
Adding OpenRC to boot services detection 2021-07-11 04:39:36 +00:00
digitalcheetah 2816ed5598
Adding Artix Linux to osdetection 2021-07-11 04:25:38 +00:00
just-some-tall-bloke e2aa40665c
Update osdetection 
Added NethServer

https://www.nethserver.org/
 2021-07-09 11:06:12 +02:00
Michael Boelen 7867759750
Dropping option to filter by label as newer versions of 'ip' give another result (no output) 2021-07-08 15:18:20 +02:00
Michael Boelen 5d96098a82
Switched order for interface detection on Linux 2021-07-08 14:54:49 +02:00
Michael Boelen 97e435ffe8
Add fallbacks for hostid generation and improve logging 2021-07-08 13:39:13 +02:00
Michael Boelen da024079f1
Improve HostID generation and logging 2021-07-02 14:23:53 +02:00
Rob Chekaluk b556450364 FILE-6344: support hidepid textual values 2021-06-21 08:53:43 -04:00
Alexander Lackner fff5df170e Fix Big Sur Detection and add macOS Monterey 2021-06-15 20:49:00 +02:00
Michael Boelen 54684aaac5
Merge pull request #1158 from jhe2/wc-argument-fix 
[HRDN-7231] When calling wc, use the short -l flag instead of --lines…
 2021-06-03 13:46:58 +02:00
Michael Boelen 922f822133
Merge pull request #1157 from mhdry/test-arch32-audit 
Test PKGS-7320 extended to "Arch Linux 32"
 2021-06-03 13:46:06 +02:00
Johannes Heimansberg 5666ed0a6d [HRDN-7231] When calling wc, use the short -l flag instead of --lines to make it work with busybox's wc implementation also 2021-05-21 19:51:53 +02:00
Michael Boelen d23c722c04
Removed trailing spaces 2021-05-20 08:30:54 +02:00
Michael Boelen 54f9281040
Added BunsenLabs detection 2021-05-20 08:28:54 +02:00
Marc Hendry 13bf829461 Test PKGS-7320 extended to "Arch Linux 32" 
PKGS-7320 checks whether package arch-audit is installed. This test has been
extended to test ${OS_FULLNAME} for both "Arch Linux" as well as "Arch Linux 32".
 2021-05-19 14:43:55 +02:00
Sander 0298f51940 Added FILE-6398 test 2021-05-15 19:22:17 +00:00
Marc Hendry b339145b84 Added Arch Linux 32 2021-05-14 16:04:07 +02:00
Sander d96628d9b1 Adding HTTP-6660 test 2021-05-14 11:56:48 +00:00
Idesmi 7044d7647e
Added openSUSE MicroOS 2021-05-14 11:00:39 +02:00
Michael Boelen efc71ae6bb
Merge pull request #1119 from NicolaiSoeborg/add-MOR-bit-check 
Check MemoryOverwriteRequest Control
 2021-05-11 19:56:55 +02:00
Michael Boelen 4cfd59d60c
Merge pull request #1135 from pyllyukko/typo-fix 
Small typo fix in ACCT-9622 LogText
 2021-05-11 19:54:15 +02:00
Michael Boelen d694afadd6
Update osdetection 2021-05-11 16:56:39 +02:00
Fred e1d49ff007 Added detection of Rocky Linux to include/osdetection 2021-05-11 10:15:23 -04:00
Michael Boelen 32143f6377
Merge pull request #1139 from teoberi/New-test-BOOT-5140---Check-for-ELILO-boot-loader-presence 
New test: BOOT-5140 - Check for ELILO boot loader presence
 2021-05-11 11:21:33 +02:00
Michael Boelen 2ee335503d
Merge pull request #1143 from jhe2/logg-2138-metalog 
[LOGG-2138] Do not check for klogd when metalog is being used
 2021-05-11 11:14:27 +02:00
Michael Boelen b941d7fccb
Added Manjaro (ARM) 2021-05-11 11:12:23 +02:00
Michael Boelen ac313553fb
Added AlmaLinux 2021-05-11 11:03:43 +02:00
Johannes Heimansberg 0a5dfbe5e2 [LOGG-2138] Do not check for klogd when metalog is being used 
Metalog comes with its own kernel logger, so there is no need to also run klogd.
 2021-05-04 10:50:56 +02:00
Thomas Sjögren ed3d75872e add support for additional Aide db paths 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2021-04-30 22:07:42 +02:00
Michael Boelen db033ed320
Merge pull request #1138 from jhe2/b1134 
[BOOT-5104] Add service manager detection support for runit
 2021-04-29 09:56:22 +02:00
Michael Boelen 0506d4467a
Merge pull request #1105 from afunix/1103-blacklisted-modules 
1103: FILE-6430 reports suggestion only when at least one kernel module is not in the blacklist
 2021-04-28 09:41:59 +02:00
Johannes Heimansberg 1d45d5534e [BOOT-5104] Add service manager detection support for runit 
This fixes issue #1134.
 2021-04-25 10:54:00 +02:00
Michael Boelen f41a2ead38
Merge pull request #1130 from ocafebabe/cmd_support 
Initial draft for Cmd support
 2021-04-15 08:35:31 +02:00
Michael Boelen 95d2ae0dee
Update tests_accounting 
Added condition
 2021-04-15 08:34:56 +02:00
Michael Boelen 032ba73987
Merge pull request #1136 from murin-matus/patch-1 
Add missing bracket in 4402
 2021-04-15 08:33:30 +02:00
Michael Boelen dc0cb691e0
Merge pull request #1128 from nberlee/nft-empty-fix 
nftables empy ruleset test fix by reorder --stateless
 2021-04-15 08:33:02 +02:00
Matus Murin 010e68789e
Add missing bracket in 4402 2021-04-14 14:52:04 +00:00
pyllyukko a8beb37e82
Small typo fix in ACCT-9622 LogText 2021-04-12 22:51:34 +03:00
Christian Bourque 7b632bdbfa Initial draft for Cmd support 2021-04-02 00:37:29 +00:00
Michael Boelen 21219c91eb
Added Devuan 2021-04-01 14:34:26 +02:00
Michael Boelen a8f7b0cb85
Merge pull request #1108 from schurzi/rounds 
[AUTH-9229] resolve inconsistency with AUTH-9230
 2021-04-01 13:44:17 +02:00
Michael Boelen aab6af4017
Merge pull request #1118 from steph78630/master 
Add translated status
 2021-04-01 13:34:20 +02:00
Michael Boelen a59aa785d1
Merge pull request #1123 from sbathe/master 
1122: Add OS detection block for Garuda Linux
 2021-04-01 13:31:59 +02:00
Nico Berlee 7849965d98
nftables empy ruleset test fix by reorder --stateless 2021-03-31 17:05:12 +02:00
Stefan Baumgartner 2be4bcf0d2
Update tests_time 
Fix for TIME-3185 on debian stretch
 2021-03-28 19:16:46 +02:00
Saurabh Bathe 543c41675b 1122: Add OS detection block for Garuda Linux 2021-03-14 17:13:41 +05:30
Nicolai Søborg 3d2f57fe1d
Check MemoryOverwriteRequest Control 2021-03-03 22:38:45 +01:00
Stéphane 3683ffd3c4
Add translated status 2021-03-02 23:31:41 +01:00
Martin Schurz 2d1b217c6c [AUTH-9229] resolve inconsistency with AUTH-9230 2021-01-13 15:07:12 +01:00
teoberi 403a5b5651
Update tests_boot_services 
Modify CONF_FILES variable
 2021-01-09 17:58:02 +02:00
Pavel Malyshev fba5120f3f 1103: FILE-6430 reports suggestion only when at least one kernel module is not in the blacklist 2021-01-07 17:29:06 -06:00
teoberi 82db002025
Update tests_databases 
Change pattern to detect all configuration files
 2021-01-07 21:16:19 +02:00
Michael Boelen da1c1eca10
Preparation for release 3.0.3 2021-01-07 15:22:19 +01:00
Michael Boelen ab1111c0ed
Merge pull request #905 from topimiettinen/check-non-native-binary-formats 
Check for registered non-native binary formats
 2021-01-07 15:16:34 +01:00
Michael Boelen a2f4d52404
Added CCBINARY and GCCBINARY 2021-01-07 12:36:10 +01:00
Michael Boelen cd6edc577b
Small style improvement 2021-01-07 11:34:46 +01:00
Michael Boelen c38c89ae4e
Merge pull request #1004 from Varbin/1003-os-detection 
Test for LINUX_VERSION before setting it again
 2021-01-07 11:30:51 +01:00
Michael Boelen 0abf01b358
Merge pull request #1100 from teoberi/Lynis-with-MariaDB->-10.4 
[DBS-1816] Force test to check only password authentication
 2021-01-07 11:09:40 +01:00
Michael Boelen c864daa742
Merge pull request #1104 from steph78630/master 
Add and improvements strings (GUI)
 2021-01-06 15:17:34 +01:00
Michael Boelen a5a0bc0434
Merge pull request #1099 from gcsgithub/master 
fix syntax must include ${}
 2021-01-06 13:59:42 +01:00
Stéphane f1604c2e55
Add and improvements strings 2021-01-05 11:53:11 +01:00
teoberi 06e3d98c91
Update tests_boot_services 
Add test for ELILO boot loader
 2021-01-03 12:14:24 +02:00
teoberi 49b5398266
Update tests_databases 
Fix the process name for PostgreSQL
Add new path to variable FIND_PATHS
Fix variable CONFIG_FILES
Check permissions for configuration files
 2021-01-03 12:02:38 +02:00
teoberi e859b89cec
Update consts 
Fix the variable name for PostgreSQL
 2021-01-03 11:54:35 +02:00
teoberi 82e5a8beed
Update tests_databases 
Fix for Test: DBS-1816 - Check empty MySQL root password
 2021-01-03 11:48:34 +02:00
Mark Garrett c8175cf74d Syntax fix was only valid in ksh93+ 2021-01-03 18:29:17 +11:00
Brian Ginsbach 7292f0f179 KRNL-5677 add NetBSD 
It is possible that NetBSD has the `proc` filesystem mounted. When
`/proc` is mounted there will be a `/proc/cpuinfo`. Handle the simple
case first (`proc` filesystem mounted). There are multiple other means
to determine PAE/NX without `/proc/cpuinfo`.
 2020-12-31 21:02:04 -06:00
Brian Ginsbach 89403f1494 Multiple platform support in Register 
Support specifying multiple platforms with `--platform`. Useful as
not all operating systems identify identical hardware (platforms)
with the same name (example x86_64 and amd64).
 2020-12-31 21:02:04 -06:00
Michael Boelen 8053165d2f
Remove check at this place 2020-12-28 18:34:19 +01:00
Michael Boelen 7f613f17ca
Improved call-to-action when OS is unknown 2020-12-26 15:37:46 +01:00
Michael Boelen fa69256f45
Added support for Parrot GNU/Linux 2020-12-26 15:36:36 +01:00
Michael Boelen 372c7fb98e
Merge pull request #1087 from konstruktoid/ISSUE1085 
only fail AUTH-9230 if both SHA_CRYPT_{MIN,MAX}_ROUNDS are undefined
 2020-12-24 10:19:25 +01:00
Michael Boelen 44201f02ab
Added elementary OS 2020-12-18 14:04:58 +01:00
Michael Boelen a26ebd3004
Fix: missing curly bracket 2020-12-17 20:17:52 +01:00
Michael Boelen 8fb98cb25c
Only retrieve exit code 
Redirect output of the count and every error to /dev/null, so we only get the exit code
 2020-12-17 14:51:52 +01:00
Michael Boelen 208518d8fa
Merge pull request #1088 from steph78630/master 
Addition and improvement of translated strings
 2020-12-17 14:23:48 +01:00
Michael Boelen c9a57d2caf
Merge pull request #1062 from Varbin/solaris-loghost-not-localhost 
Test if loghost is not localhost
 2020-12-17 14:18:31 +01:00
Stéphane 4cf9660185
Adding and improvement translated strings 2020-12-16 01:07:27 +01:00
Thomas Sjögren 60ed001140 indentation 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2020-12-15 23:14:03 +01:00
Michael Boelen 701be9852b
Merge pull request #1060 from Varbin/solaris-netstat 
[NETW-3012] Use netstat on Solaris to gather listening ports
 2020-12-15 14:30:09 +01:00
Michael Boelen 258b2bf05f
Merge pull request #1064 from Varbin/solaris-ips-svcs 
Add support for Solaris services, run BOOT-5184 there
 2020-12-15 14:16:18 +01:00
Michael Boelen 15ec001a2a
Merge pull request #1074 from Varbin/german-translation 
Extend German translation and add more translated statuses
 2020-12-15 14:13:03 +01:00
Michael Boelen 6e14b73b0c
Merge pull request #1079 from Varbin/1078-path-spaces 
Quote binary variables during SUID/GID enumeration
 2020-12-15 14:11:08 +01:00
Michael Boelen d1d3882130
Merge pull request #1076 from Varbin/1075-solaris-hostid 
Use first e1000 interface and break after match (for hostid generation on Solaris)
 2020-12-15 14:10:34 +01:00
Thomas Sjögren 807cfd430a nitpick about new line 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2020-12-15 01:45:58 +01:00
Thomas Sjögren fbb8ffa301 only check the lowest hashing round value, and correct log text 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2020-12-15 01:43:10 +01:00
Thomas Sjögren 76e89b525b only fail AUTH-9230 if no _MAX_ROUNDS is defined 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2020-12-14 21:43:14 +01:00
ElviaSchoultz d5d43c5d1c
Add EndeavourOS to osdetection. 
Fixes problem #1077
 2020-11-24 08:45:58 +11:00
Simon Biewald f695488ca8 Quote binary variables during SUID/GID enumeration 
Fixes cisofy/lynis#1078.

Signed-off-by: Simon Biewald <sbiewald@fam-biewald.de>
 2020-11-21 01:34:18 +01:00
Simon Biewald 73f39baca8 Use first e1000 interface and break after match 
Fixes CISOfy/lynis#1075.

Before this commit, the interfaces "e1000g1" and "net0" were allowed.
The name "e1000g0" is appended to the list.
After finding an interface, the loop is interrupted now. As previously
"net0" was always used, even if another interface was available, the list
is reordered to "net0 e1000g1 e1000g0" to not break previous generations.

A typo is also fixed ("No interface found op Solaris ..." -> "No
interface found on").

Signed-off-by: Simon Biewald <simon@fam-biewald.de>
 2020-11-14 22:56:42 +00:00
Simon Biewald 0c686bb6ea Use the new status strings in tests 
See-Also: HEAD^
Signed-off-by: Simon Biewald <simon@fam-biewald.de>
 2020-11-14 20:34:43 +00:00
Michael Boelen 22a9fe7037
Merge pull request #1059 from Varbin/solaris-grub-d 
Test if /etc/grub.d is a directory
 2020-11-13 16:45:59 +01:00
Michael Boelen eb759f4c13
Merge pull request #1071 from Varbin/opensolaris-detection 
OpenSolaris distribution detection
 2020-11-13 16:01:00 +01:00
Michael Boelen 6026b82e14
Merge pull request #1073 from Varbin/1040-1068-os-detection 
Add NixOS and IPFire
 2020-11-13 15:58:20 +01:00
Simon Biewald 3f83b9ac86 Add NixOS to osdetection 
Fixes cisofy/lynis#1068.

Signed-off-by: Simon Biewald <simon@fam-biewald.de>
 2020-11-12 22:56:31 +01:00
Simon Biewald 183af1d334 Add IPFire to osdetection 
Fixes cisofy/lynis#1040.

Signed-off-by: Simon Biewald <simon@fam-biewald.de>
 2020-11-12 22:12:26 +01:00
Simon Biewald d388e5d269 Add OpenSolaris and distribution detection 
New variable OPENSOLARIS to distringuish between Oracle Solaris and
OpenSolaris derivates. The edge case of OpenSolaris itself is not yet
solved, but OpenSolaris itself should be very rare these days.

Currently detected and distinguished Solaris variants are:
 - Oracle Solaris >= 11 (exluding Solaris Express and OpenSolaris)
 - Solaris < 11 (as "Sun Solaris")
 - OmniosCE (but not old Omnios)
 - OpenIndiana
 - Shillix
 - SmartOS
 - Tribblix
 - "Unknown Illumos" for unknown distributions based on Illumos

Lynis will fall back to "Sun Solaris" with "SunOS 5.X" for unknown
distributions.
 2020-11-09 23:25:33 +00:00
Simon Biewald 3c31a08024 Do not incorrectly name SFM as IPS 
The "new" service manager was included with Solaris 10 and not 11. It is
named "service management facility" (see smf(5) man page).
There is no IPS service manager, the name is only used for the package
manager of OpenSolaris and Solaris 11.

Signed-off-by: Simon Biewald <simon@fam-biewald.de>
 2020-11-09 23:18:00 +00:00
Michael Boelen 37631b0457
Merge pull request #1061 from Varbin/solaris-hostname 
Simplify tr hostname checking expression
 2020-11-09 14:12:39 +01:00
Michael Boelen f0b7f9159d
Merge pull request #1069 from Varbin/1065-opensolaris-invalid-characters 
Use `od` only for displaying invalid characters
 2020-11-09 10:36:37 +01:00
Josh Soref 6435aeba8a spelling: unknown 
Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
 2020-11-08 23:56:31 -05:00
Josh Soref 9d0e1938aa spelling: therefore 
Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
 2020-11-08 23:56:31 -05:00
Josh Soref 7157eb45f0 spelling: suggestions 
Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
 2020-11-08 23:53:09 -05:00
Josh Soref f22e192838 spelling: successful 
Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
 2020-11-08 23:53:09 -05:00
Josh Soref 2b26f13bed spelling: params 
Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
 2020-11-08 23:53:09 -05:00
Josh Soref f14e12f688 spelling: installed 
Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
 2020-11-08 23:38:46 -05:00
Josh Soref eadd2a8ed8 spelling: indentation 
Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
 2020-11-08 23:38:46 -05:00
Josh Soref ab1aa322ac spelling: ignore 
Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
 2020-11-08 23:38:46 -05:00
Josh Soref a007ad2fe0 spelling: explicitly 
Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
 2020-11-08 23:38:46 -05:00
Josh Soref b0a5490a2e spelling: contains 
Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
 2020-11-08 23:38:46 -05:00
Josh Soref 08c8d1b8f3 spelling: authentication 
Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
 2020-11-08 23:35:46 -05:00
Josh Soref acf7943936 spelling: ambiguous 
Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
 2020-11-08 23:28:56 -05:00
Simon Biewald 8895eccea2 Use correct character class 
Signed-off-by: Simon Biewald <simon@fam-biewald.de>
 2020-10-31 17:36:06 +00:00
Simon Biewald 3e3589291f Use `od` only for displaying invalid characters 
The first od is removed, the second time is moved to right before echoing
the characters. On certain OpenSolaris distributions, `od` always outputs
spaces, even if the input is empty. The spaces would have been converted
to !space!, thus Lynis detected invalid characters / old style configuration.

Resolves cisofy/lynis#1065.

Signed-off-by: Simon Biewald <simon@fam-biewald.de>
 2020-10-29 00:06:10 +00:00
Simon Biewald 25278b6b38 Add support for Solaris services, run BOOT-5184 there 
The Solaris IPS service manager (svcs) is now detected, and services
managed with it are enumerated.

Test BOOT-5184 now runs on Solaris, too, as SysV init scripts are
supported as well, even with IPS. SysV Init has been the traditional
init system on Solaris.
 2020-10-25 21:51:12 +00:00
Simon Biewald 1f3d0956a7 Test if loghost is not localhost 
On Solaris, the name loghost can be used to point to remote log servers.
By default loghost is configured to 127.0.0.1, logging to the local
machine.

Thus a new test - LOGG-2153 - is created to test if loghost is not
localhost and LOGG-2154 is modified to ignore @loghost lines if loghost
is localhost.
 2020-10-25 20:28:19 +00:00
Simon Biewald e917269d01 Reduce tr hostname checking expression 
Solaris' tr does not support full regular expressions.
 2020-10-25 20:25:31 +00:00
Simon Biewald 1a75d66ad9 Use netstat on Solaris to gather listening ports 2020-10-25 20:21:33 +00:00
Simon Biewald 8ee60cea35 Test if /etc/grub.d is a directory, instead always true 2020-10-25 20:14:08 +00:00
Michael Boelen 499cf1cdb9
Small code enhancements 2020-10-25 18:48:42 +01:00
Michael Boelen e66709e13b
Merge pull request #1011 from Varbin/986-sysstat-systemd 
[ACCT-9626] Detect sysstat systemd unit
 2020-10-25 18:47:01 +01:00
Michael Boelen 43d0c6a8fd
Merge branch 'master' into add-suricata-ids-ips-test 2020-10-25 12:50:25 +01:00
Michael Boelen bd6e1d5d39
Include AUTH-9284 and minor changes 2020-10-22 14:17:01 +02:00
Michael Boelen e67f786caa
Merge pull request #1009 from danielorihuela/feature/get-info-on-locked-accounts 
[AUTH-9284] Feature: gather locked accounts info
 2020-10-22 14:13:34 +02:00
Michael Boelen 1fe12c0023
Merge pull request #1008 from kolenichsj/master 
Alpine Improvements
 2020-10-22 13:28:05 +02:00
Michael Boelen 01c970f73f
Merge pull request #1044 from delscate/master 
Fix wc and head cmd when using busybox
 2020-10-22 13:24:56 +02:00
Thomas Sjögren 4671fb7fb9 add Synology Antivirus Essential malware scanner 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2020-10-22 12:10:01 +02:00
Michael Boelen 7930644b6c
Merge branch 'master' into fix_nginx_parser 2020-10-22 08:43:44 +02:00
Stéphane 67d04f2536
Add translate function for all sections 
+ add EN and FR up to date languages files
 2020-10-22 00:13:42 +02:00
Michael Boelen 4aeb244789
Merge pull request #1048 from konstruktoid/pgrep 
require pgrep before usage
 2020-10-21 15:08:21 +02:00
Michael Boelen 8e07c3e9dc
Merge pull request #1013 from Jimver/timesyncd_fix 
[TIME-3185]: Change timesyncd synchronization file
 2020-10-21 15:02:03 +02:00
Michael Boelen 71c474f455
[KRNL-5830] ignore rescue kernel on systems such as CentOS 2020-10-21 14:40:30 +02:00
Thomas Sjögren 3124a04ce9 require pgrep before usage 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2020-10-21 11:27:44 +02:00
Michael Boelen 92df49d08e
Merge pull request #973 from igloonet/fix/functions-parse-nginx-abs-path 
Support absolute paths in nginx includes and fix ls warning on empty directories
 2020-10-20 13:38:08 +02:00
Michael Boelen 4a99f3bdad
Merge pull request #1017 from Varbin/1014-flatcar-detection 
Add support for Flatcar Container Linux
 2020-10-20 13:14:18 +02:00
Michael Boelen 551429d85b
Merge pull request #1042 from steph78630/master 
Add missing constants (CISOfy #1035)
 2020-10-20 13:13:00 +02:00
Michael Boelen 3dd8fba196
Merge pull request #1043 from konstruktoid/mageia 
Mageia got /etc/os-release and add Mageia EOL dates
 2020-10-20 13:11:54 +02:00
Michael Boelen 77b93ae73d
Added SLES detection via /etc/os-release 2020-10-20 13:06:40 +02:00
Thomas Sjögren bc85cbb0ba add Void Linux 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2020-10-20 11:49:05 +02:00
Fabien Lehoussel ae7be7599e Fix head cmd with busybox 2020-10-19 15:09:43 +02:00
Fabien Lehoussel 537624da15 Fix wc command with --lines argument to be used with busybox 2020-10-19 15:02:48 +02:00
Thomas Sjögren 68e8ef862e mageia got /etc/os-release 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2020-10-19 12:38:59 +02:00
Thomas Sjögren f0ded6c2a3 add Mageia EOL dates and grep /etc/mageia-release 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2020-10-19 12:07:16 +02:00
Stéphane af57959d6a
Add missing constants 
From #1035 issue
 2020-10-19 00:41:11 +02:00
Michael Boelen 61c6d5df8d
[PKGS-7410] Don't show exception if no kernels were found on the disk 2020-10-17 13:40:09 +02:00
Michael Boelen 6238f5bc8f
Define RHEL as 'RHEL' 2020-10-17 13:26:11 +02:00
Michael Boelen 4a21fd9a5c
Merge branch 'master' into master 2020-10-17 13:23:08 +02:00
Michael Boelen 791800f95d
Added Zorin OS detection 2020-10-17 13:15:06 +02:00
Michael Boelen 760460528b
Added variable 2020-10-17 12:55:20 +02:00
Michael Boelen ba1cff941f
Improved detection of kernel by ignoring known incorrect values 2020-10-16 13:02:01 +02:00
Timo Sigurdsson 15799cf57e Add test for Suricata IDS/IPS 
Commit 94e0a4e added a test for the Suricata binary, but the result appears to
be used nowhere. Add a proper test for an active Suricata daemon in the
IDS/IPS tooling section.

Signed-off-by: Timo Sigurdsson <public_timo.s@silentcreek.de>
 2020-10-11 02:25:37 +02:00
Sergey Zhemoitel 85d36db113 Add ROSA Linux detection 2020-10-08 23:06:35 +03:00
Michael Boelen c6bd185fd7
Resolved merge conflict 2020-10-02 11:05:04 +02:00
Michael Boelen 5e0a4e685d
Added CloudLinux 2020-10-02 10:57:58 +02:00
Michael Boelen 768d8a62e8
Updated log 2020-10-02 10:55:36 +02:00
Michael Boelen a1f794cc75
Don't provide suggestion to install pseudo rng at this moment 2020-09-03 10:54:21 +02:00
danielorihuelarodriguez@gmail.com 5ca6b7ed79 feature: take into account LK 
Some distributions like CentOS 8 contains "LK" instead of "L" for
locked users.
 2020-08-28 23:19:37 +02:00
Simon Biewald 93a71539d5
Add support for Flatcar Container Linux 
Fixes cisofy/lynis#1014.

Flatcar is a for of CoreOS. Thus the variable LINUX_VERSION_LIKE
(introduced with #1004) for Flatcar is CoreOS.
 2020-08-27 21:49:17 +02:00
Jimver 554dd2d5e9
Better log message 2020-08-27 12:57:22 +02:00
Jimver e6891feeb4
Remove newline 2020-08-27 12:52:59 +02:00
Jimver cd94da3449
Use shell wildcard expansion now 2020-08-27 12:50:48 +02:00
Jimver 6f6e21add2
Fix wildcard expansion, absolute path handling and output to stderr 2020-08-26 16:38:35 +02:00
Jim 84fd612c91
Add check for other clock files for earlier systemd versions 2020-08-24 17:59:06 +02:00
Jim dabac5bf89
Change timesync sync file, fixes #1012 2020-08-23 22:41:19 +02:00
danielorihuelarodriguez@gmail.com c857ee7cf2 fix: take into account unlocked system accounts 2020-08-23 19:54:59 +02:00
Simon Biewald bd7131f6db Detect sysstat systemd unit 2020-08-19 20:47:09 +00:00
Simon Biewald 4a03c61343 Check LINUX_VERSION_LIKE in various tests 
This affects:
BOOT-5180, KRNL-5622, KRNL-5788, PKGS-7388, PKGS-7390, PKGS-7394,
PKGS-7366, and PKGS-7420.
 2020-08-15 16:44:34 +01:00
Simon Biewald 3abc39598a Add LINUX_VERSION_LIKE for variations of Linux distribution 
Real Ubuntu and Debian do not have LINUX_VERSION_LIKE set. They are
different enough to consider them as a different distribution.

Tests targetting any of distributions based of those two should check
both, LINUX_VERSION and LINUX_VERSION_LIKE.
 2020-08-15 16:29:20 +01:00
danielorihuelarodriguez@gmail.com 6bad6b058b feature: gather locked accounts info 2020-08-10 19:27:43 +02:00
Steve Kolenich f65f4d011b Improve detecting kernel version on disk 
Improve handling of kenrel files
/boot/vmlinuz-linux-lts
/boot/vmlinuz-linux
/boot/vmlinuz-lts
by updateing RegEx and adding elif
this corrects issue where version is identified
as 'linux' or 'lts' causing false report that a
reboot is needed
 2020-08-10 12:27:30 -04:00
Simon Biewald 529bcb2a60
Test for LINUX_VERSION before setting it again 
Before parsing /etc/debian-release and /etc/lsb-release,
it is now checked if the variable LINUX_VERSION is already set.

This fixes cisofy/lynis#1003, but has some side effects.

This will affects Ubuntu and Debian based distributions, like:
 - Pop!_OS (Ubuntu based)
 - Kali (Debian Based)
 - Raspbian
 - ...

Unfortunately this will likely skip/brake a few tests for those
distributions, as they are not considered to be Ubuntu or Debian
anymore. Linux Mint was already detected properly, but at least some
tests already had support for them (will other tests for Ubuntu are
skipped).

Those are tests I identified that will be skipped incorrectly now:
 - BOOT-5180: Check for Linux boot services (Debian style)
     It was already skipped on Linux Mint.
 - KRNL-5622: Check default run level on Linux machines
     This will only be skipped if systemd is not installed. It is
     already skipped on Linux Mint in this case.
 - KRNL-5788: Checking availability new kernel (sic!)
     This was already skipped on Linux Mint.
 - PKGS-7388: Check security repository (...)
     It will now be skipped for all distributions that do use the
     Debian / Ubuntu security repositories but are not detected as such
     anymore (like Pop!_OS). It will now be correctly skipped on
     Raspbian. This test was already aware of Linux Mint.
 - PKGS-7390: Check Ubuntu database consitency
     I am not sure why this test is Ubuntu only, thus it already
     skipped on Debian and Mint.
 - PKGS-7394: Check Ubuntu upgradeable packages
     I am not sure why this is for Ubuntu only, too.
     I think this should be feature tested instead, as
     apt-show-versions can be installed on any Debian based
     distribution as well..
 - PKGS-7366: Checking if debsecan is installed (...)
     While it may be correct to skip, debsecan remains usefull if
     package versions, patches and vulnerability fixes are very close
     on Debian itself.
     It is the correct behaviour to not do this test on Ubuntu and
     Ubuntu based distributions, as Canonical does not provide the
     required databases.
 - PKGS-7420: (Autoupdates)
     Linux Mint was already skipped on this test.

I think this could be solved by introducing a variable like
LINUX_VERSION_PARENT. On Linux Mint it would be set to Ubuntu, on e.g.
Kali Linux the veriable has the value Debian. Tests can use this variable
to check if it is broadly applicable, and then check if the specific
distribution is excluded.
 2020-08-08 01:39:13 +02:00
Michael Boelen 792a202934
Merge pull request #913 from topimiettinen/check-der-certs 
[CRYP-7902] Check also certificates in DER format
 2020-08-07 11:54:39 +02:00
Michael Boelen 4206177081
Merge pull request #981 from Varbin/openntpd-equals 
[TIME-3180, TIME-3181, TIME-3182] Fix OpenNTPD tests
 2020-08-07 11:50:22 +02:00
Michael Boelen 30e0fed04f
Merge pull request #993 from Varbin/more-cron-ntp 
[TIME-3104] Find more time synchronization commands
 2020-08-07 11:46:51 +02:00
Michael Boelen 21311364e7
Merge pull request #980 from Varbin/953-timesyncd-no-dbus 
Fix timesyncd detection on systems without dbus.
 2020-08-07 11:44:06 +02:00
Michael Boelen 343e9bdc1c
Merge pull request #974 from igloonet/feature/warn-slow-settting 
Command line option for slow test threshold
 2020-08-07 11:39:39 +02:00
Steve Kolenich 33d8e8e00b Adding Alpine Linux to OSDetection 2020-08-06 20:15:18 -04:00
Michael Boelen 30c8a92594
Merge pull request #994 from konstruktoid/issue992 
add Microsoft Defender ATP, malware scanner
 2020-08-05 11:49:32 +02:00
0ri0n f988e573db
Add missing PHP 7.4 check for BSD 2020-07-27 13:59:46 -04:00
0ri0n 9b388518de
Add PHP 7.4 Detection Paths 2020-07-26 23:33:34 -04:00
Thomas Sjögren baf5f7ad4d add Microsoft Defender ATP, malware scanner 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2020-07-21 23:56:47 +02:00
Simon Biewald e27208a342
use STATBINARY, put filename in variable 2020-07-10 00:48:12 +02:00
Simon Biewald 7ba220811f
use = instead of == 2020-07-10 00:41:45 +02:00
Simon Biewald 092fe08c40
shellcheck: check exit code directly 2020-07-10 00:40:36 +02:00
Simon Biewald d4639b3c6a
find more cron ntp clients, iterate over cron files with glob 2020-07-10 00:29:35 +02:00
Simon Biewald 9107867fa1
use correct regex and comparison to match peers 2020-07-09 18:57:01 +02:00
Simon Biewald df7c6257a5
compare correct stuff in openntpd tests 
I accidentially compared rubbish in the openntpd tests,
thus they were not executed at all.
Additionally, == was used instead of =.
 2020-07-09 18:41:09 +02:00
Simon Biewald 38b6105c60
add new test to test database 2020-07-09 18:27:02 +02:00
Simon Biewald b2be7c160e
detect and test for timesyncd w/o working timedatectl 
On systems without dbus timedatectl does not work.

Thus it is checked if timesyncd currently runs and when
/run/systemd/timesyncd/synchronized was last modified.
Timesyncd touches this file on any sucessfull synchronization.
This is documented in systemd-timesyncd(8).

The new test for successfull documentation has the id TIME-3185.
 2020-07-09 18:19:35 +02:00
Kepi a2e752a8db [functions] ParseNginx: Ignore empty included wildcards 
Its ok to have empty directories included. We should not output errors with
lsbinary unable to find anything there.
 2020-07-07 15:38:19 +02:00
Kepi de18ddc2c0 [functions] ParseNginx: Support include on absolute paths 
Includes can be absolute paths too. This is quick fix counting on fact that
absolute paths have slash at start.
 2020-07-07 15:37:56 +02:00
Michael Boelen 9165cb76fa
Merge pull request #972 from igloonet/fix/FILE-6425-no-modprobe-d 
[FILE-6430] Don't grep nonexistant modprobe.d files
 2020-07-07 12:29:11 +02:00