tyler.durden/lynis
1
0
Fork 0
mirror of https://github.com/CISOfy/lynis.git synced 2025-08-31 14:48:15 +02:00
Code Issues Packages Projects Releases Wiki Activity
3,871 Commits 2 Branches 64 Tags
Commit Graph

2476 Commits

Author SHA1 Message Date
al-lac
ef3a8338a0 osdetection: add macOS Ventura 2023-01-27 15:12:17 +01:00
pyllyukko
31c22f2daa
Added "prosecute" & "report" to LEGAL_BANNER_STRINGS 
https://xkcd.com/838/
 2023-01-05 14:43:29 +02:00
pyllyukko
91ff939d19
KRNL-5820: Accept ulimit with -H parameter also 2023-01-03 17:53:23 +02:00
pyllyukko
051052cc15
Added Slackware support for PackageIsInstalled() function 2022-11-17 18:47:44 +02:00
Alan Gonzalez
4edbce250b
Update profiles 2022-10-28 14:45:05 -04:00
Alan Gonzalez
8e9a95d887
Update profiles 2022-10-28 14:08:26 -04:00
HansHoogerwerf
bbe135d56f
Fix space 2022-10-17 16:27:21 +02:00
HansHoogerwerf
ff26dca83a
Fix simple mistake 2022-10-17 16:24:59 +02:00
HansHoogerwerf
98ac5a562a
Verify the linux OS supports nanoseconds 
Add extra check to verify the linux OS supports nanoseconds. This might not be the case with certain busybox implementations.
 2022-10-17 15:46:40 +02:00
Michael Boelen
490d39f580
Merge pull request #1292 from konstruktoid/issue1291 
Only test Compression if sshd version < 7.4
 2022-10-12 10:51:31 +02:00
Michael Boelen
bf4fa9fabf
Merge pull request #1294 from konstruktoid/issue1288 
add plocate
 2022-10-12 10:48:25 +02:00
Ximalas
49bbf25abe
Update tests_database: Redis configuration file 
On FreeBSD the Redis configuration file is typically stored as /usr/local/etc/redis.conf.
 2022-09-26 10:05:39 +02:00
Michael Boelen
73d43c25eb
Moved section to discover current timestamp related to issue #1329 2022-09-17 14:49:26 +00:00
Zafer Balkan
2788d9fff3
Merge branch 'CISOfy:master' into wazuh-malware-scan 2022-08-29 15:40:23 +03:00
Michael Boelen
622f53247d
[DBS-1820] added newer style format for Mongo authorization setting 2022-08-24 11:42:22 +00:00
Thomas Sjögren
4f6eeb7537 remove file from path 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2022-08-24 10:17:54 +02:00
Thomas Sjögren
fc62b39f34 find redis.conf if /snap directory exists 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2022-08-23 11:57:05 +02:00
Thomas Sjögren
fe5990f208 remove whitespaces 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2022-08-23 11:56:25 +02:00
Zafer Balkan
3140a245da
Added wazuh-agent as a remote syslog capability 2022-08-05 15:45:35 +03:00
Zafer Balkan
32a39eaaf8
Added Wazuh agent as a rootkit scanner 
Wazuh is a fork of OSSEC and is being actively maintained. Wazuh agent has capabilities to detect and prevent rootkits. Therefore, it seems feasible to add wazuh-agent to the accepted rootkit detection products.

https://documentation.wazuh.com/current/pci-dss/rootkit-detection.html
 2022-07-20 21:50:26 +03:00
Zafer Balkan
e4cd5eaede
Added Wazuh Agent as a malware scanner/antivirus 
Solves https://github.com/CISOfy/lynis/issues/1304

Wazuh is a fork of OSSEC and is being actively maintained. Wazuh agent has capabilities to detect and prevent malware acting as an EDR. Therefore, it seems feasible to add wazuh-agent to the accepted antivirus products.

https://documentation.wazuh.com/current/user-manual/capabilities/anomalies-detection/index.html
https://documentation.wazuh.com/current/pci-dss/rootkit-detection.html
 2022-07-20 21:41:55 +03:00
Fionn Fitzmaurice
74fdee1e33 Support Arch Linux ARM detection 2022-07-12 20:53:03 +08:00
Thomas Sjögren
b3436629ce add check for ESET oaeventd 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2022-06-20 09:54:29 +02:00
Thomas Sjögren
225338a923 use systemctl get-default instead of following links 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2022-05-18 18:02:34 +02:00
Thomas Sjögren
975712a616 add plocate 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2022-05-15 23:58:43 +02:00
Thomas Sjögren
e124499e27 Only test Compression if sshd version < 7.4 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2022-05-04 10:51:35 +02:00
mab974
f315c0b325
osdetection: add Koozali #1274 2022-04-13 13:42:21 +04:00
Skia
34d99f72f6 osdetection: add PostmarketOS 2022-03-17 23:28:34 +01:00
Michael Boelen
0664dea946
Merge branch 'master' into symlink_file 2022-03-14 11:54:03 +01:00
Michael Boelen
e2781677ba
[KRNL-5820] small changes to prevent using ROOTDIR and resetting it, also showing additional paths in screen output 2022-03-14 11:48:30 +01:00
Michael Boelen
ff3f24bbba
Merge pull request #1265 from rfrohl/alternative_path_security-limits 
[KRNL-5820] additional path for security/limits.conf
 2022-03-14 11:30:29 +01:00
Wojciech Banaś
4098236412 #1270 added finding configuration files in the "etc" directory, even if they are symlinks 2022-02-14 13:23:20 +01:00
Michael Boelen
4f382331b3
Renumbered new test PKGS-7346 to PKGS-7200 2022-02-10 14:26:38 +01:00
Michael Boelen
8afa7d93fe
Merge pull request #1254 from pyllyukko/pam_faillock 
Check for pam_faillock in AUTH-9408
 2022-02-10 14:18:19 +01:00
Michael Boelen
59d1d8acd8
Merge pull request #1247 from devnull-hub-lab/patch-1 
Update mod_security module version
 2022-02-10 12:05:43 +01:00
Michael Boelen
0830a745cc
Merge pull request #1250 from JensChrG/master 
Dont write over FIND variable. Fixes #1021
 2022-02-10 12:03:46 +01:00
Michael Boelen
cd433e928e
Merge pull request #1205 from kolenichsj/alpine_apk 
Adding support for Alpine Package Keeper
 2022-02-10 12:00:38 +01:00
Michael Boelen
e0b5dcf7d4
Merge pull request #1226 from konstruktoid/1220 
Extend HasCorrectCheckPermissions logging
 2022-02-10 11:52:11 +01:00
Michael Boelen
7fbcede421
Merge pull request #1235 from zwack-am/master 
Updated PAM_FILES_LOCATION for AARCH64
 2022-02-10 11:49:21 +01:00
Michael Boelen
66f93f0275
Removed bashism: == 2022-02-10 09:35:41 +01:00
Michael Boelen
4ecd03598f
Merge pull request #1225 from konstruktoid/ISSUE1214 
add symlink support to HasCorrectFilePermissions and IsWorldWritable
 2022-02-08 11:27:29 +01:00
Robert Frohl
14fd7dabc8
[KRNL-5820] additional path for security/limits.conf 
Changes the user facing output to display a full path, allowing the user to
better grasp which security/limits.conf file is affected.

fix issue #1264
 2022-02-04 13:51:36 +01:00
Michael Boelen
b0ca58895b
[KRNL-5788] Only run relevant tests and improved logging 2022-01-31 17:07:41 +01:00
Michael Boelen
8604431e19
Merge pull request #1261 from jsegitz/reboot_test 
check /boot/vmlinuz as a symlink in the reboot test
 2022-01-31 16:38:38 +01:00
Steve Kolenich
eb46f39c44 Merge remote-tracking branch 'origin/master' into alpine_apk 2022-01-31 10:05:26 -05:00
Michael Boelen
a0e9e3d363
Merge pull request #1263 from pyllyukko/needs_restarting 
KRNL-5830: Check for /var/run/needs_restarting
 2022-01-31 15:07:50 +01:00
Michael Boelen
e5f5750bfa
Improved log message 2022-01-31 13:55:55 +01:00
Michael Boelen
98f57d6d76
Added MALW-3274 to detect McAfee VirusScan Command Line Scanner 2022-01-31 13:29:11 +01:00
pyllyukko
12ad1ca6bd KRNL-5830: Check for /var/run/needs_restarting 
Creating this file was introduced in slackpkg version 15.0.10.
 2022-01-25 18:59:36 +02:00
Johannes Segitz
521487310f check /boot/vmlinuz as a symlink in the reboot test 2022-01-25 09:55:52 +01:00