tyler.durden
/
lynis
mirror of https://github.com/CISOfy/lynis.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
3,793 Commits 2 Branches 62 Tags 17 MiB
Commit Graph

2443 Commits

Author SHA1 Message Date
Michael Boelen 93a681006f
Merge pull request #1169 from al-lac/macos-detection 
Fix Big Sur Detection and add macOS Monterey
 2021-07-20 21:07:11 +02:00
Michael Boelen 71c15afbd1
Added missing quote 2021-07-20 16:32:18 +02:00
Michael Boelen 20be0f61e3
Merge pull request #1188 from digitalcheetah/artix-linux 
Adding Artix Linux to osdetection
 2021-07-20 11:34:17 +02:00
Michael Boelen 6d6e160100
Merge branch 'master' of https://github.com/CISOfy/lynis 2021-07-20 11:32:05 +02:00
Michael Boelen 3a03af42aa
Fix: show 'egrep' instead of 'grep' when egrep is missing 2021-07-20 11:31:18 +02:00
Michael Boelen 6755ac45c2
Replaced tab with space 2021-07-20 11:30:23 +02:00
Michael Boelen e0a5555715
Merge pull request #1186 from just-some-tall-bloke/patch-1 
Added detection for NethServer
 2021-07-15 13:16:09 +02:00
Michael Boelen aa91bb4c85
Corrected syntax 2021-07-12 15:21:35 +02:00
Jay Keller cd632059e0
Adding OpenRC to boot services detection 2021-07-11 04:39:36 +00:00
digitalcheetah 2816ed5598
Adding Artix Linux to osdetection 2021-07-11 04:25:38 +00:00
just-some-tall-bloke e2aa40665c
Update osdetection 
Added NethServer

https://www.nethserver.org/
 2021-07-09 11:06:12 +02:00
Michael Boelen 7867759750
Dropping option to filter by label as newer versions of 'ip' give another result (no output) 2021-07-08 15:18:20 +02:00
Michael Boelen 5d96098a82
Switched order for interface detection on Linux 2021-07-08 14:54:49 +02:00
Michael Boelen 97e435ffe8
Add fallbacks for hostid generation and improve logging 2021-07-08 13:39:13 +02:00
Michael Boelen da024079f1
Improve HostID generation and logging 2021-07-02 14:23:53 +02:00
Rob Chekaluk b556450364 FILE-6344: support hidepid textual values 2021-06-21 08:53:43 -04:00
Alexander Lackner fff5df170e Fix Big Sur Detection and add macOS Monterey 2021-06-15 20:49:00 +02:00
Michael Boelen 54684aaac5
Merge pull request #1158 from jhe2/wc-argument-fix 
[HRDN-7231] When calling wc, use the short -l flag instead of --lines…
 2021-06-03 13:46:58 +02:00
Michael Boelen 922f822133
Merge pull request #1157 from mhdry/test-arch32-audit 
Test PKGS-7320 extended to "Arch Linux 32"
 2021-06-03 13:46:06 +02:00
Johannes Heimansberg 5666ed0a6d [HRDN-7231] When calling wc, use the short -l flag instead of --lines to make it work with busybox's wc implementation also 2021-05-21 19:51:53 +02:00
Michael Boelen d23c722c04
Removed trailing spaces 2021-05-20 08:30:54 +02:00
Michael Boelen 54f9281040
Added BunsenLabs detection 2021-05-20 08:28:54 +02:00
Marc Hendry 13bf829461 Test PKGS-7320 extended to "Arch Linux 32" 
PKGS-7320 checks whether package arch-audit is installed. This test has been
extended to test ${OS_FULLNAME} for both "Arch Linux" as well as "Arch Linux 32".
 2021-05-19 14:43:55 +02:00
Sander 0298f51940 Added FILE-6398 test 2021-05-15 19:22:17 +00:00
Marc Hendry b339145b84 Added Arch Linux 32 2021-05-14 16:04:07 +02:00
Sander d96628d9b1 Adding HTTP-6660 test 2021-05-14 11:56:48 +00:00
Idesmi 7044d7647e
Added openSUSE MicroOS 2021-05-14 11:00:39 +02:00
Michael Boelen efc71ae6bb
Merge pull request #1119 from NicolaiSoeborg/add-MOR-bit-check 
Check MemoryOverwriteRequest Control
 2021-05-11 19:56:55 +02:00
Michael Boelen 4cfd59d60c
Merge pull request #1135 from pyllyukko/typo-fix 
Small typo fix in ACCT-9622 LogText
 2021-05-11 19:54:15 +02:00
Michael Boelen d694afadd6
Update osdetection 2021-05-11 16:56:39 +02:00
Fred e1d49ff007 Added detection of Rocky Linux to include/osdetection 2021-05-11 10:15:23 -04:00
Michael Boelen 32143f6377
Merge pull request #1139 from teoberi/New-test-BOOT-5140---Check-for-ELILO-boot-loader-presence 
New test: BOOT-5140 - Check for ELILO boot loader presence
 2021-05-11 11:21:33 +02:00
Michael Boelen 2ee335503d
Merge pull request #1143 from jhe2/logg-2138-metalog 
[LOGG-2138] Do not check for klogd when metalog is being used
 2021-05-11 11:14:27 +02:00
Michael Boelen b941d7fccb
Added Manjaro (ARM) 2021-05-11 11:12:23 +02:00
Michael Boelen ac313553fb
Added AlmaLinux 2021-05-11 11:03:43 +02:00
Johannes Heimansberg 0a5dfbe5e2 [LOGG-2138] Do not check for klogd when metalog is being used 
Metalog comes with its own kernel logger, so there is no need to also run klogd.
 2021-05-04 10:50:56 +02:00
Thomas Sjögren ed3d75872e add support for additional Aide db paths 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2021-04-30 22:07:42 +02:00
Michael Boelen db033ed320
Merge pull request #1138 from jhe2/b1134 
[BOOT-5104] Add service manager detection support for runit
 2021-04-29 09:56:22 +02:00
Michael Boelen 0506d4467a
Merge pull request #1105 from afunix/1103-blacklisted-modules 
1103: FILE-6430 reports suggestion only when at least one kernel module is not in the blacklist
 2021-04-28 09:41:59 +02:00
Johannes Heimansberg 1d45d5534e [BOOT-5104] Add service manager detection support for runit 
This fixes issue #1134.
 2021-04-25 10:54:00 +02:00
Michael Boelen f41a2ead38
Merge pull request #1130 from ocafebabe/cmd_support 
Initial draft for Cmd support
 2021-04-15 08:35:31 +02:00
Michael Boelen 95d2ae0dee
Update tests_accounting 
Added condition
 2021-04-15 08:34:56 +02:00
Michael Boelen 032ba73987
Merge pull request #1136 from murin-matus/patch-1 
Add missing bracket in 4402
 2021-04-15 08:33:30 +02:00
Michael Boelen dc0cb691e0
Merge pull request #1128 from nberlee/nft-empty-fix 
nftables empy ruleset test fix by reorder --stateless
 2021-04-15 08:33:02 +02:00
Matus Murin 010e68789e
Add missing bracket in 4402 2021-04-14 14:52:04 +00:00
pyllyukko a8beb37e82
Small typo fix in ACCT-9622 LogText 2021-04-12 22:51:34 +03:00
Christian Bourque 7b632bdbfa Initial draft for Cmd support 2021-04-02 00:37:29 +00:00
Michael Boelen 21219c91eb
Added Devuan 2021-04-01 14:34:26 +02:00
Michael Boelen a8f7b0cb85
Merge pull request #1108 from schurzi/rounds 
[AUTH-9229] resolve inconsistency with AUTH-9230
 2021-04-01 13:44:17 +02:00
Michael Boelen aab6af4017
Merge pull request #1118 from steph78630/master 
Add translated status
 2021-04-01 13:34:20 +02:00
Michael Boelen a59aa785d1
Merge pull request #1123 from sbathe/master 
1122: Add OS detection block for Garuda Linux
 2021-04-01 13:31:59 +02:00
Nico Berlee 7849965d98
nftables empy ruleset test fix by reorder --stateless 2021-03-31 17:05:12 +02:00
Stefan Baumgartner 2be4bcf0d2
Update tests_time 
Fix for TIME-3185 on debian stretch
 2021-03-28 19:16:46 +02:00
Saurabh Bathe 543c41675b 1122: Add OS detection block for Garuda Linux 2021-03-14 17:13:41 +05:30
Nicolai Søborg 3d2f57fe1d
Check MemoryOverwriteRequest Control 2021-03-03 22:38:45 +01:00
Stéphane 3683ffd3c4
Add translated status 2021-03-02 23:31:41 +01:00
Martin Schurz 2d1b217c6c [AUTH-9229] resolve inconsistency with AUTH-9230 2021-01-13 15:07:12 +01:00
teoberi 403a5b5651
Update tests_boot_services 
Modify CONF_FILES variable
 2021-01-09 17:58:02 +02:00
Pavel Malyshev fba5120f3f 1103: FILE-6430 reports suggestion only when at least one kernel module is not in the blacklist 2021-01-07 17:29:06 -06:00
teoberi 82db002025
Update tests_databases 
Change pattern to detect all configuration files
 2021-01-07 21:16:19 +02:00
Michael Boelen da1c1eca10
Preparation for release 3.0.3 2021-01-07 15:22:19 +01:00
Michael Boelen ab1111c0ed
Merge pull request #905 from topimiettinen/check-non-native-binary-formats 
Check for registered non-native binary formats
 2021-01-07 15:16:34 +01:00
Michael Boelen a2f4d52404
Added CCBINARY and GCCBINARY 2021-01-07 12:36:10 +01:00
Michael Boelen cd6edc577b
Small style improvement 2021-01-07 11:34:46 +01:00
Michael Boelen c38c89ae4e
Merge pull request #1004 from Varbin/1003-os-detection 
Test for LINUX_VERSION before setting it again
 2021-01-07 11:30:51 +01:00
Michael Boelen 0abf01b358
Merge pull request #1100 from teoberi/Lynis-with-MariaDB->-10.4 
[DBS-1816] Force test to check only password authentication
 2021-01-07 11:09:40 +01:00
Michael Boelen c864daa742
Merge pull request #1104 from steph78630/master 
Add and improvements strings (GUI)
 2021-01-06 15:17:34 +01:00
Michael Boelen a5a0bc0434
Merge pull request #1099 from gcsgithub/master 
fix syntax must include ${}
 2021-01-06 13:59:42 +01:00
Stéphane f1604c2e55
Add and improvements strings 2021-01-05 11:53:11 +01:00
teoberi 06e3d98c91
Update tests_boot_services 
Add test for ELILO boot loader
 2021-01-03 12:14:24 +02:00
teoberi 49b5398266
Update tests_databases 
Fix the process name for PostgreSQL
Add new path to variable FIND_PATHS
Fix variable CONFIG_FILES
Check permissions for configuration files
 2021-01-03 12:02:38 +02:00
teoberi e859b89cec
Update consts 
Fix the variable name for PostgreSQL
 2021-01-03 11:54:35 +02:00
teoberi 82e5a8beed
Update tests_databases 
Fix for Test: DBS-1816 - Check empty MySQL root password
 2021-01-03 11:48:34 +02:00
Mark Garrett c8175cf74d Syntax fix was only valid in ksh93+ 2021-01-03 18:29:17 +11:00
Brian Ginsbach 7292f0f179 KRNL-5677 add NetBSD 
It is possible that NetBSD has the `proc` filesystem mounted. When
`/proc` is mounted there will be a `/proc/cpuinfo`. Handle the simple
case first (`proc` filesystem mounted). There are multiple other means
to determine PAE/NX without `/proc/cpuinfo`.
 2020-12-31 21:02:04 -06:00
Brian Ginsbach 89403f1494 Multiple platform support in Register 
Support specifying multiple platforms with `--platform`. Useful as
not all operating systems identify identical hardware (platforms)
with the same name (example x86_64 and amd64).
 2020-12-31 21:02:04 -06:00
Michael Boelen 8053165d2f
Remove check at this place 2020-12-28 18:34:19 +01:00
Michael Boelen 7f613f17ca
Improved call-to-action when OS is unknown 2020-12-26 15:37:46 +01:00
Michael Boelen fa69256f45
Added support for Parrot GNU/Linux 2020-12-26 15:36:36 +01:00
Michael Boelen 372c7fb98e
Merge pull request #1087 from konstruktoid/ISSUE1085 
only fail AUTH-9230 if both SHA_CRYPT_{MIN,MAX}_ROUNDS are undefined
 2020-12-24 10:19:25 +01:00
Michael Boelen 44201f02ab
Added elementary OS 2020-12-18 14:04:58 +01:00
Michael Boelen a26ebd3004
Fix: missing curly bracket 2020-12-17 20:17:52 +01:00
Michael Boelen 8fb98cb25c
Only retrieve exit code 
Redirect output of the count and every error to /dev/null, so we only get the exit code
 2020-12-17 14:51:52 +01:00
Michael Boelen 208518d8fa
Merge pull request #1088 from steph78630/master 
Addition and improvement of translated strings
 2020-12-17 14:23:48 +01:00
Michael Boelen c9a57d2caf
Merge pull request #1062 from Varbin/solaris-loghost-not-localhost 
Test if loghost is not localhost
 2020-12-17 14:18:31 +01:00
Stéphane 4cf9660185
Adding and improvement translated strings 2020-12-16 01:07:27 +01:00
Thomas Sjögren 60ed001140 indentation 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2020-12-15 23:14:03 +01:00
Michael Boelen 701be9852b
Merge pull request #1060 from Varbin/solaris-netstat 
[NETW-3012] Use netstat on Solaris to gather listening ports
 2020-12-15 14:30:09 +01:00
Michael Boelen 258b2bf05f
Merge pull request #1064 from Varbin/solaris-ips-svcs 
Add support for Solaris services, run BOOT-5184 there
 2020-12-15 14:16:18 +01:00
Michael Boelen 15ec001a2a
Merge pull request #1074 from Varbin/german-translation 
Extend German translation and add more translated statuses
 2020-12-15 14:13:03 +01:00
Michael Boelen 6e14b73b0c
Merge pull request #1079 from Varbin/1078-path-spaces 
Quote binary variables during SUID/GID enumeration
 2020-12-15 14:11:08 +01:00
Michael Boelen d1d3882130
Merge pull request #1076 from Varbin/1075-solaris-hostid 
Use first e1000 interface and break after match (for hostid generation on Solaris)
 2020-12-15 14:10:34 +01:00
Thomas Sjögren 807cfd430a nitpick about new line 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2020-12-15 01:45:58 +01:00
Thomas Sjögren fbb8ffa301 only check the lowest hashing round value, and correct log text 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2020-12-15 01:43:10 +01:00
Thomas Sjögren 76e89b525b only fail AUTH-9230 if no _MAX_ROUNDS is defined 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2020-12-14 21:43:14 +01:00
ElviaSchoultz d5d43c5d1c
Add EndeavourOS to osdetection. 
Fixes problem #1077
 2020-11-24 08:45:58 +11:00
Simon Biewald f695488ca8 Quote binary variables during SUID/GID enumeration 
Fixes cisofy/lynis#1078.

Signed-off-by: Simon Biewald <sbiewald@fam-biewald.de>
 2020-11-21 01:34:18 +01:00
Simon Biewald 73f39baca8 Use first e1000 interface and break after match 
Fixes CISOfy/lynis#1075.

Before this commit, the interfaces "e1000g1" and "net0" were allowed.
The name "e1000g0" is appended to the list.
After finding an interface, the loop is interrupted now. As previously
"net0" was always used, even if another interface was available, the list
is reordered to "net0 e1000g1 e1000g0" to not break previous generations.

A typo is also fixed ("No interface found op Solaris ..." -> "No
interface found on").

Signed-off-by: Simon Biewald <simon@fam-biewald.de>
 2020-11-14 22:56:42 +00:00
Simon Biewald 0c686bb6ea Use the new status strings in tests 
See-Also: HEAD^
Signed-off-by: Simon Biewald <simon@fam-biewald.de>
 2020-11-14 20:34:43 +00:00
Michael Boelen 22a9fe7037
Merge pull request #1059 from Varbin/solaris-grub-d 
Test if /etc/grub.d is a directory
 2020-11-13 16:45:59 +01:00
Michael Boelen eb759f4c13
Merge pull request #1071 from Varbin/opensolaris-detection 
OpenSolaris distribution detection
 2020-11-13 16:01:00 +01:00
Michael Boelen 6026b82e14
Merge pull request #1073 from Varbin/1040-1068-os-detection 
Add NixOS and IPFire
 2020-11-13 15:58:20 +01:00
Simon Biewald 3f83b9ac86 Add NixOS to osdetection 
Fixes cisofy/lynis#1068.

Signed-off-by: Simon Biewald <simon@fam-biewald.de>
 2020-11-12 22:56:31 +01:00
Simon Biewald 183af1d334 Add IPFire to osdetection 
Fixes cisofy/lynis#1040.

Signed-off-by: Simon Biewald <simon@fam-biewald.de>
 2020-11-12 22:12:26 +01:00
Simon Biewald d388e5d269 Add OpenSolaris and distribution detection 
New variable OPENSOLARIS to distringuish between Oracle Solaris and
OpenSolaris derivates. The edge case of OpenSolaris itself is not yet
solved, but OpenSolaris itself should be very rare these days.

Currently detected and distinguished Solaris variants are:
 - Oracle Solaris >= 11 (exluding Solaris Express and OpenSolaris)
 - Solaris < 11 (as "Sun Solaris")
 - OmniosCE (but not old Omnios)
 - OpenIndiana
 - Shillix
 - SmartOS
 - Tribblix
 - "Unknown Illumos" for unknown distributions based on Illumos

Lynis will fall back to "Sun Solaris" with "SunOS 5.X" for unknown
distributions.
 2020-11-09 23:25:33 +00:00
Simon Biewald 3c31a08024 Do not incorrectly name SFM as IPS 
The "new" service manager was included with Solaris 10 and not 11. It is
named "service management facility" (see smf(5) man page).
There is no IPS service manager, the name is only used for the package
manager of OpenSolaris and Solaris 11.

Signed-off-by: Simon Biewald <simon@fam-biewald.de>
 2020-11-09 23:18:00 +00:00
Michael Boelen 37631b0457
Merge pull request #1061 from Varbin/solaris-hostname 
Simplify tr hostname checking expression
 2020-11-09 14:12:39 +01:00
Michael Boelen f0b7f9159d
Merge pull request #1069 from Varbin/1065-opensolaris-invalid-characters 
Use `od` only for displaying invalid characters
 2020-11-09 10:36:37 +01:00
Josh Soref 6435aeba8a spelling: unknown 
Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
 2020-11-08 23:56:31 -05:00
Josh Soref 9d0e1938aa spelling: therefore 
Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
 2020-11-08 23:56:31 -05:00
Josh Soref 7157eb45f0 spelling: suggestions 
Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
 2020-11-08 23:53:09 -05:00
Josh Soref f22e192838 spelling: successful 
Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
 2020-11-08 23:53:09 -05:00
Josh Soref 2b26f13bed spelling: params 
Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
 2020-11-08 23:53:09 -05:00
Josh Soref f14e12f688 spelling: installed 
Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
 2020-11-08 23:38:46 -05:00
Josh Soref eadd2a8ed8 spelling: indentation 
Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
 2020-11-08 23:38:46 -05:00
Josh Soref ab1aa322ac spelling: ignore 
Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
 2020-11-08 23:38:46 -05:00
Josh Soref a007ad2fe0 spelling: explicitly 
Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
 2020-11-08 23:38:46 -05:00
Josh Soref b0a5490a2e spelling: contains 
Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
 2020-11-08 23:38:46 -05:00
Josh Soref 08c8d1b8f3 spelling: authentication 
Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
 2020-11-08 23:35:46 -05:00
Josh Soref acf7943936 spelling: ambiguous 
Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
 2020-11-08 23:28:56 -05:00
Simon Biewald 8895eccea2 Use correct character class 
Signed-off-by: Simon Biewald <simon@fam-biewald.de>
 2020-10-31 17:36:06 +00:00
Simon Biewald 3e3589291f Use `od` only for displaying invalid characters 
The first od is removed, the second time is moved to right before echoing
the characters. On certain OpenSolaris distributions, `od` always outputs
spaces, even if the input is empty. The spaces would have been converted
to !space!, thus Lynis detected invalid characters / old style configuration.

Resolves cisofy/lynis#1065.

Signed-off-by: Simon Biewald <simon@fam-biewald.de>
 2020-10-29 00:06:10 +00:00
Simon Biewald 25278b6b38 Add support for Solaris services, run BOOT-5184 there 
The Solaris IPS service manager (svcs) is now detected, and services
managed with it are enumerated.

Test BOOT-5184 now runs on Solaris, too, as SysV init scripts are
supported as well, even with IPS. SysV Init has been the traditional
init system on Solaris.
 2020-10-25 21:51:12 +00:00
Simon Biewald 1f3d0956a7 Test if loghost is not localhost 
On Solaris, the name loghost can be used to point to remote log servers.
By default loghost is configured to 127.0.0.1, logging to the local
machine.

Thus a new test - LOGG-2153 - is created to test if loghost is not
localhost and LOGG-2154 is modified to ignore @loghost lines if loghost
is localhost.
 2020-10-25 20:28:19 +00:00
Simon Biewald e917269d01 Reduce tr hostname checking expression 
Solaris' tr does not support full regular expressions.
 2020-10-25 20:25:31 +00:00
Simon Biewald 1a75d66ad9 Use netstat on Solaris to gather listening ports 2020-10-25 20:21:33 +00:00
Simon Biewald 8ee60cea35 Test if /etc/grub.d is a directory, instead always true 2020-10-25 20:14:08 +00:00
Michael Boelen 499cf1cdb9
Small code enhancements 2020-10-25 18:48:42 +01:00
Michael Boelen e66709e13b
Merge pull request #1011 from Varbin/986-sysstat-systemd 
[ACCT-9626] Detect sysstat systemd unit
 2020-10-25 18:47:01 +01:00
Michael Boelen 43d0c6a8fd
Merge branch 'master' into add-suricata-ids-ips-test 2020-10-25 12:50:25 +01:00
Michael Boelen bd6e1d5d39
Include AUTH-9284 and minor changes 2020-10-22 14:17:01 +02:00
Michael Boelen e67f786caa
Merge pull request #1009 from danielorihuela/feature/get-info-on-locked-accounts 
[AUTH-9284] Feature: gather locked accounts info
 2020-10-22 14:13:34 +02:00
Michael Boelen 1fe12c0023
Merge pull request #1008 from kolenichsj/master 
Alpine Improvements
 2020-10-22 13:28:05 +02:00
Michael Boelen 01c970f73f
Merge pull request #1044 from delscate/master 
Fix wc and head cmd when using busybox
 2020-10-22 13:24:56 +02:00
Thomas Sjögren 4671fb7fb9 add Synology Antivirus Essential malware scanner 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2020-10-22 12:10:01 +02:00
Michael Boelen 7930644b6c
Merge branch 'master' into fix_nginx_parser 2020-10-22 08:43:44 +02:00
Stéphane 67d04f2536
Add translate function for all sections 
+ add EN and FR up to date languages files
 2020-10-22 00:13:42 +02:00
Michael Boelen 4aeb244789
Merge pull request #1048 from konstruktoid/pgrep 
require pgrep before usage
 2020-10-21 15:08:21 +02:00
Michael Boelen 8e07c3e9dc
Merge pull request #1013 from Jimver/timesyncd_fix 
[TIME-3185]: Change timesyncd synchronization file
 2020-10-21 15:02:03 +02:00
Michael Boelen 71c474f455
[KRNL-5830] ignore rescue kernel on systems such as CentOS 2020-10-21 14:40:30 +02:00
Thomas Sjögren 3124a04ce9 require pgrep before usage 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2020-10-21 11:27:44 +02:00
Michael Boelen 92df49d08e
Merge pull request #973 from igloonet/fix/functions-parse-nginx-abs-path 
Support absolute paths in nginx includes and fix ls warning on empty directories
 2020-10-20 13:38:08 +02:00
Michael Boelen 4a99f3bdad
Merge pull request #1017 from Varbin/1014-flatcar-detection 
Add support for Flatcar Container Linux
 2020-10-20 13:14:18 +02:00
Michael Boelen 551429d85b
Merge pull request #1042 from steph78630/master 
Add missing constants (CISOfy #1035)
 2020-10-20 13:13:00 +02:00
Michael Boelen 3dd8fba196
Merge pull request #1043 from konstruktoid/mageia 
Mageia got /etc/os-release and add Mageia EOL dates
 2020-10-20 13:11:54 +02:00
Michael Boelen 77b93ae73d
Added SLES detection via /etc/os-release 2020-10-20 13:06:40 +02:00
Thomas Sjögren bc85cbb0ba add Void Linux 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2020-10-20 11:49:05 +02:00
Fabien Lehoussel ae7be7599e Fix head cmd with busybox 2020-10-19 15:09:43 +02:00
Fabien Lehoussel 537624da15 Fix wc command with --lines argument to be used with busybox 2020-10-19 15:02:48 +02:00
Thomas Sjögren 68e8ef862e mageia got /etc/os-release 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2020-10-19 12:38:59 +02:00
Thomas Sjögren f0ded6c2a3 add Mageia EOL dates and grep /etc/mageia-release 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2020-10-19 12:07:16 +02:00
Stéphane af57959d6a
Add missing constants 
From #1035 issue
 2020-10-19 00:41:11 +02:00
Michael Boelen 61c6d5df8d
[PKGS-7410] Don't show exception if no kernels were found on the disk 2020-10-17 13:40:09 +02:00
Michael Boelen 6238f5bc8f
Define RHEL as 'RHEL' 2020-10-17 13:26:11 +02:00
Michael Boelen 4a21fd9a5c
Merge branch 'master' into master 2020-10-17 13:23:08 +02:00
Michael Boelen 791800f95d
Added Zorin OS detection 2020-10-17 13:15:06 +02:00
Michael Boelen 760460528b
Added variable 2020-10-17 12:55:20 +02:00
Michael Boelen ba1cff941f
Improved detection of kernel by ignoring known incorrect values 2020-10-16 13:02:01 +02:00
Timo Sigurdsson 15799cf57e Add test for Suricata IDS/IPS 
Commit 94e0a4e added a test for the Suricata binary, but the result appears to
be used nowhere. Add a proper test for an active Suricata daemon in the
IDS/IPS tooling section.

Signed-off-by: Timo Sigurdsson <public_timo.s@silentcreek.de>
 2020-10-11 02:25:37 +02:00
Sergey Zhemoitel 85d36db113 Add ROSA Linux detection 2020-10-08 23:06:35 +03:00
Michael Boelen c6bd185fd7
Resolved merge conflict 2020-10-02 11:05:04 +02:00
Michael Boelen 5e0a4e685d
Added CloudLinux 2020-10-02 10:57:58 +02:00
Michael Boelen 768d8a62e8
Updated log 2020-10-02 10:55:36 +02:00
Michael Boelen a1f794cc75
Don't provide suggestion to install pseudo rng at this moment 2020-09-03 10:54:21 +02:00
danielorihuelarodriguez@gmail.com 5ca6b7ed79 feature: take into account LK 
Some distributions like CentOS 8 contains "LK" instead of "L" for
locked users.
 2020-08-28 23:19:37 +02:00
Simon Biewald 93a71539d5
Add support for Flatcar Container Linux 
Fixes cisofy/lynis#1014.

Flatcar is a for of CoreOS. Thus the variable LINUX_VERSION_LIKE
(introduced with #1004) for Flatcar is CoreOS.
 2020-08-27 21:49:17 +02:00
Jimver 554dd2d5e9
Better log message 2020-08-27 12:57:22 +02:00
Jimver e6891feeb4
Remove newline 2020-08-27 12:52:59 +02:00
Jimver cd94da3449
Use shell wildcard expansion now 2020-08-27 12:50:48 +02:00
Jimver 6f6e21add2
Fix wildcard expansion, absolute path handling and output to stderr 2020-08-26 16:38:35 +02:00
Jim 84fd612c91
Add check for other clock files for earlier systemd versions 2020-08-24 17:59:06 +02:00
Jim dabac5bf89
Change timesync sync file, fixes #1012 2020-08-23 22:41:19 +02:00
danielorihuelarodriguez@gmail.com c857ee7cf2 fix: take into account unlocked system accounts 2020-08-23 19:54:59 +02:00
Simon Biewald bd7131f6db Detect sysstat systemd unit 2020-08-19 20:47:09 +00:00
Simon Biewald 4a03c61343 Check LINUX_VERSION_LIKE in various tests 
This affects:
BOOT-5180, KRNL-5622, KRNL-5788, PKGS-7388, PKGS-7390, PKGS-7394,
PKGS-7366, and PKGS-7420.
 2020-08-15 16:44:34 +01:00
Simon Biewald 3abc39598a Add LINUX_VERSION_LIKE for variations of Linux distribution 
Real Ubuntu and Debian do not have LINUX_VERSION_LIKE set. They are
different enough to consider them as a different distribution.

Tests targetting any of distributions based of those two should check
both, LINUX_VERSION and LINUX_VERSION_LIKE.
 2020-08-15 16:29:20 +01:00
danielorihuelarodriguez@gmail.com 6bad6b058b feature: gather locked accounts info 2020-08-10 19:27:43 +02:00
Steve Kolenich f65f4d011b Improve detecting kernel version on disk 
Improve handling of kenrel files
/boot/vmlinuz-linux-lts
/boot/vmlinuz-linux
/boot/vmlinuz-lts
by updateing RegEx and adding elif
this corrects issue where version is identified
as 'linux' or 'lts' causing false report that a
reboot is needed
 2020-08-10 12:27:30 -04:00
Simon Biewald 529bcb2a60
Test for LINUX_VERSION before setting it again 
Before parsing /etc/debian-release and /etc/lsb-release,
it is now checked if the variable LINUX_VERSION is already set.

This fixes cisofy/lynis#1003, but has some side effects.

This will affects Ubuntu and Debian based distributions, like:
 - Pop!_OS (Ubuntu based)
 - Kali (Debian Based)
 - Raspbian
 - ...

Unfortunately this will likely skip/brake a few tests for those
distributions, as they are not considered to be Ubuntu or Debian
anymore. Linux Mint was already detected properly, but at least some
tests already had support for them (will other tests for Ubuntu are
skipped).

Those are tests I identified that will be skipped incorrectly now:
 - BOOT-5180: Check for Linux boot services (Debian style)
     It was already skipped on Linux Mint.
 - KRNL-5622: Check default run level on Linux machines
     This will only be skipped if systemd is not installed. It is
     already skipped on Linux Mint in this case.
 - KRNL-5788: Checking availability new kernel (sic!)
     This was already skipped on Linux Mint.
 - PKGS-7388: Check security repository (...)
     It will now be skipped for all distributions that do use the
     Debian / Ubuntu security repositories but are not detected as such
     anymore (like Pop!_OS). It will now be correctly skipped on
     Raspbian. This test was already aware of Linux Mint.
 - PKGS-7390: Check Ubuntu database consitency
     I am not sure why this test is Ubuntu only, thus it already
     skipped on Debian and Mint.
 - PKGS-7394: Check Ubuntu upgradeable packages
     I am not sure why this is for Ubuntu only, too.
     I think this should be feature tested instead, as
     apt-show-versions can be installed on any Debian based
     distribution as well..
 - PKGS-7366: Checking if debsecan is installed (...)
     While it may be correct to skip, debsecan remains usefull if
     package versions, patches and vulnerability fixes are very close
     on Debian itself.
     It is the correct behaviour to not do this test on Ubuntu and
     Ubuntu based distributions, as Canonical does not provide the
     required databases.
 - PKGS-7420: (Autoupdates)
     Linux Mint was already skipped on this test.

I think this could be solved by introducing a variable like
LINUX_VERSION_PARENT. On Linux Mint it would be set to Ubuntu, on e.g.
Kali Linux the veriable has the value Debian. Tests can use this variable
to check if it is broadly applicable, and then check if the specific
distribution is excluded.
 2020-08-08 01:39:13 +02:00
Michael Boelen 792a202934
Merge pull request #913 from topimiettinen/check-der-certs 
[CRYP-7902] Check also certificates in DER format
 2020-08-07 11:54:39 +02:00
Michael Boelen 4206177081
Merge pull request #981 from Varbin/openntpd-equals 
[TIME-3180, TIME-3181, TIME-3182] Fix OpenNTPD tests
 2020-08-07 11:50:22 +02:00
Michael Boelen 30e0fed04f
Merge pull request #993 from Varbin/more-cron-ntp 
[TIME-3104] Find more time synchronization commands
 2020-08-07 11:46:51 +02:00
Michael Boelen 21311364e7
Merge pull request #980 from Varbin/953-timesyncd-no-dbus 
Fix timesyncd detection on systems without dbus.
 2020-08-07 11:44:06 +02:00
Michael Boelen 343e9bdc1c
Merge pull request #974 from igloonet/feature/warn-slow-settting 
Command line option for slow test threshold
 2020-08-07 11:39:39 +02:00
Steve Kolenich 33d8e8e00b Adding Alpine Linux to OSDetection 2020-08-06 20:15:18 -04:00
Michael Boelen 30c8a92594
Merge pull request #994 from konstruktoid/issue992 
add Microsoft Defender ATP, malware scanner
 2020-08-05 11:49:32 +02:00
0ri0n f988e573db
Add missing PHP 7.4 check for BSD 2020-07-27 13:59:46 -04:00
0ri0n 9b388518de
Add PHP 7.4 Detection Paths 2020-07-26 23:33:34 -04:00
Thomas Sjögren baf5f7ad4d add Microsoft Defender ATP, malware scanner 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2020-07-21 23:56:47 +02:00
Simon Biewald e27208a342
use STATBINARY, put filename in variable 2020-07-10 00:48:12 +02:00
Simon Biewald 7ba220811f
use = instead of == 2020-07-10 00:41:45 +02:00
Simon Biewald 092fe08c40
shellcheck: check exit code directly 2020-07-10 00:40:36 +02:00
Simon Biewald d4639b3c6a
find more cron ntp clients, iterate over cron files with glob 2020-07-10 00:29:35 +02:00
Simon Biewald 9107867fa1
use correct regex and comparison to match peers 2020-07-09 18:57:01 +02:00
Simon Biewald df7c6257a5
compare correct stuff in openntpd tests 
I accidentially compared rubbish in the openntpd tests,
thus they were not executed at all.
Additionally, == was used instead of =.
 2020-07-09 18:41:09 +02:00
Simon Biewald 38b6105c60
add new test to test database 2020-07-09 18:27:02 +02:00
Simon Biewald b2be7c160e
detect and test for timesyncd w/o working timedatectl 
On systems without dbus timedatectl does not work.

Thus it is checked if timesyncd currently runs and when
/run/systemd/timesyncd/synchronized was last modified.
Timesyncd touches this file on any sucessfull synchronization.
This is documented in systemd-timesyncd(8).

The new test for successfull documentation has the id TIME-3185.
 2020-07-09 18:19:35 +02:00
Kepi a2e752a8db [functions] ParseNginx: Ignore empty included wildcards 
Its ok to have empty directories included. We should not output errors with
lsbinary unable to find anything there.
 2020-07-07 15:38:19 +02:00
Kepi de18ddc2c0 [functions] ParseNginx: Support include on absolute paths 
Includes can be absolute paths too. This is quick fix counting on fact that
absolute paths have slash at start.
 2020-07-07 15:37:56 +02:00
Michael Boelen 9165cb76fa
Merge pull request #972 from igloonet/fix/FILE-6425-no-modprobe-d 
[FILE-6430] Don't grep nonexistant modprobe.d files
 2020-07-07 12:29:11 +02:00
Michael Boelen 6eae35e564
Fix for too short IDs due to hexdump output missing leading or trailing zeroes 2020-07-06 09:26:27 +02:00
Kepi f94817f66f Command line option for slow test threshold 
IMHO it should be OK to run long tests if we count with it.

Example:

    lynis audit system --slow-warning 300

Will warn when test takes longer than 300 seconds, instead of default 10.
 2020-07-02 23:42:28 +02:00
Kepi 9d52395952 [FILE-6430] Don't grep nonexistant modprobe.d files 
We don't want to grep files in modprobe.d when dir is empty. Uses same approach
as in USB-1000.
 2020-07-02 18:22:03 +02:00
Michael Boelen ea38da3439
Add /etc/os-release detection of Linux Mint 2020-06-28 14:58:23 +02:00
Chris Lynch 5b11c468eb Fix for Issues #964 - Pop!_OS added to osdetection 2020-06-27 10:44:31 +01:00
Michael Boelen 96e7ba5aaa
Activate test for all operating systems, remove function keyword 2020-06-27 10:21:24 +02:00
Wes Price dcf9bd0938 [AUTH-9229] resolving syntax error on MacOS Catalina 2020-06-26 12:29:40 -10:00
Michael Boelen e6c6fdc9a8
[AUTH-9229] Undo escaping exclamation mark and disabling test for AIX and macOS 2020-06-26 10:24:37 +02:00
Michael Boelen 871f95cbf3
Use BSD style format when calling stat 2020-06-26 09:53:23 +02:00
Michael Boelen 9f0bbf52ea
[FIRE-4534] set initial state 2020-06-26 09:44:39 +02:00
Michael Boelen 68c6bdff16
[AUTH-9229] escaped exclamation mark 2020-06-26 09:34:40 +02:00
Michael Boelen 8a5b2a4099
Merge pull request #920 from jsrc27/Fix-KRNL-5730 
Fix KRNL-5730 to properly check /proc/config.gz
 2020-06-24 09:21:32 +02:00
Michael Boelen c707b7d100
[MALW-3280] added additional BitDefender process 2020-06-24 08:09:12 +02:00
Michael Boelen 36f86d76c4
[AUTH-9229] added option to look for LOCKED accounts 2020-06-23 13:57:14 +02:00
Michael Boelen 610f70d5aa
[INSE-8312] corrected text 2020-06-23 13:56:13 +02:00
Alexander Lackner d7870e3f5c Added macOS Big Sur (11.0) 2020-06-22 20:44:58 +02:00
Michael Boelen b980223d42
Merge pull request #958 from Steve8291/patch-2 
fix stderr output from cryptsetup status
 2020-06-22 14:26:47 +02:00
Michael Boelen 75738ceeab
Fix for language detection, unset LANG as right place 2020-06-22 10:25:02 +02:00
Michael Boelen a2f8bdc5f8
[BOOT-5122] presence check for grub.d added 2020-06-22 10:18:01 +02:00
Steve8291 c02ce49ce3
fix stderr output from cryptsetup status 
Redirected stderr to /dev/null to silence output of `cryptsetup status /swap.img`
This was causing error output from my cron script.
Otherwise, if the swap file is not encrypted then the following error will be printed:
`Device swap.img not found`
 2020-06-21 10:47:28 -04:00
Michael Boelen 6d9b530bf4
[KRNL-5830] improved detection for non-symlinked kernel on disk 2020-06-21 13:14:08 +02:00
Michael Boelen aebd5ed9b3
Remove unneeded line in log to prevent double entry 2020-06-21 12:57:05 +02:00
Michael Boelen b2350f2f6c
Add log entry to help troubleshooting users that still use old-style configuration entries in profile 2020-06-21 12:52:50 +02:00
Michael Boelen 6a9e94befb
Reordered items, added Kali Linux, improved exception message 2020-06-19 11:10:22 +02:00
Michael Boelen 3b9eda53cc
CVE-2019-13033 - Discovered by Sander Bos 2020-06-18 12:36:04 +02:00
Michael Boelen 2398c74783
Merge pull request #941 from iain-cuthbertson-siftware/bugfix/allow-mixed-case-hostnames 
Adds uppercase option to the hostname validation regex
 2020-06-02 18:50:35 +02:00
Michael Boelen 05ea9f873d
[FILE-6330] corrected description 2020-06-02 16:34:35 +02:00
Iain Cuthbertson 0b8c775a01 Adds uppercase option to the hostname validation regex 2020-06-02 15:33:32 +01:00
Michael Boelen b285623ac2
Remove double space 2020-06-02 16:30:43 +02:00
Michael Boelen 9fdfc062dd
Add Gentoo 2020-06-02 14:09:49 +02:00
Aditya Shastri 2b0a0ba2e1 Addedd OS detection for Oracle Linux 2020-05-14 20:51:11 -07:00
Jeremias Cordoba f081a9ed7e Fix KRNL-5730 to properly check /proc/config.gz 
When KRNL-5728 locates the kernel config it does not properly set LINUXCONFIGFILE
if config is found as /proc/config.gz. This causes KRNL-5730 to fail due to missing prereqs,
despite a kernel config existing.

Signed-off-by: Jeremias Cordoba <js.cordoba8321@gmail.com>
 2020-05-04 15:51:03 -07:00
Topi Miettinen fcdc07f8d9
[CRYP-7902] Check also certificates in DER format 
Check also certificates in DER (*.cer, *.der) format. Add
/etc/refind.d/keys to list of certificate paths.

Signed-off-by: Topi Miettinen <toiwoton@gmail.com>
 2020-04-25 00:06:58 +03:00
Thomas Sjögren 51dfc34663 accept more restrictive file permissions 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2020-04-22 10:34:58 +02:00
Michael Boelen ce3c80b44f
Merge pull request #883 from topimiettinen/check-encrypted-swap-devices 
Check if system uses encrypted swap devices
 2020-04-12 16:22:22 +02:00
Topi Miettinen de848cb76a
Check for registered non-native binary formats 
Examine /proc/sys/fs/binfmt_misc (Linux) for additional registered
binary formats. Those are probably emulated and their emulation could
be less tested, more buggy and more vulnerable than native binary
formats, so they should be disabled when not needed.

Signed-off-by: Topi Miettinen <toiwoton@gmail.com>
 2020-04-10 12:54:48 +03:00
Michael Boelen a166691199
Merge pull request #882 from topimiettinen/check-package-certificates 
[CRYP-7902] Check also certificates provided by packages
 2020-04-09 11:01:39 +02:00
Michael Boelen 1163648d89
Merge pull request #896 from Schmuuu/feature/raspi-detect-required-reboot 
extended test KRNL-5830 to detect required reboots on Raspbian
 2020-04-09 09:58:48 +02:00
Michael Boelen 0019cf3297
Merge pull request #904 from bginsbach/krnl-5677 
KRNL-5677 use platform instead of preqs-met
 2020-04-09 09:55:28 +02:00
Brian Ginsbach 95b1ae044b KRNL-5677 use platform instead of preqs-met 2020-04-08 15:55:45 -05:00
Martin Churchill e4d491d574
[CRYP-7902] Fixes issue #902 
[CRYP-7902] Checks for SSL_CERTIFICATE_PATHS_TO_IGNORE fails to ignore sub-directories #902
 2020-04-08 10:02:18 +01:00
Michael Boelen be75a089a7
[PROC-3802] added package manager routine as dependency 2020-04-07 10:53:39 +02:00
Michael Boelen c368846a08
Added support to require a detected and known package manager 2020-04-06 20:47:45 +02:00
Michael Boelen 9da0665929
[NETW-2400] Improved logging 2020-04-04 15:56:00 +02:00
Michael Boelen 032bb6988e
Added new test NETW-2400 2020-04-04 15:28:04 +02:00
Michael Boelen 4680f94d11
[NETW-2706] allow usage of systemd-resolve and resolvectl, improved screen output and logging 2020-04-03 14:02:52 +02:00
Michael Boelen 5288479296
Merge pull request #899 from bginsbach/auth-9218 
AUTH-9218 Improvements
 2020-04-03 09:48:39 +02:00
Michael Boelen f92fe4e03f
Merge pull request #898 from bginsbach/auth-9268 
AUTH-9268 Add DragonFly
 2020-04-03 09:45:21 +02:00
Michael Boelen f25ffdbb1f
[NETW-2706] redirect errors to stderr 2020-04-03 09:40:30 +02:00
Brian Ginsbach ac7ad92f22 AUTH-9218 add NetBSD and OpenBSD 
All of the BSDs have `/etc/master.passwd`.
 2020-04-02 20:09:34 -05:00
Brian Ginsbach 50a60fed87 AUTH-9218 add requires root 
The `/etc/master.passwd` file on BSD systems is (or should be) read/write
root only. Skip the test if not being run as root.
 2020-04-02 20:09:15 -05:00
Brian Ginsbach 6308682cae Combine AUTH-9218 and AUTH-9489 
These two tests are essentially identical. There is no need separate
the DragonFly and FreeBSD tests. This will make it easier to add
support for other BSD systems.
 2020-04-02 20:09:01 -05:00
Brian Ginsbach 4bcd695428 AUTH-9268 Add DragonFly 
DragonFly also supports PAM. Rework to use the `--os` option of `Register`
rather than `--preqs-met` as the former can support a list.
 2020-04-02 15:59:11 -05:00
Kristian S 52b72e7b0f extended test KRNL-5830 to detect required reboots on Raspbian 2020-04-02 21:45:40 +02:00
Michael Boelen 38a5c2cb79
Added new test PHP-2382 2020-04-02 19:46:58 +02:00
Michael Boelen 6eb204a85d
[PRNT-2308] check for Port statement and minor adjustments to test 2020-04-02 14:45:44 +02:00
Michael Boelen ca6fc134dd
Renamed spools to spoolers 2020-04-02 13:20:06 +02:00
Michael Boelen 4fe1cb92a5
[PRNT-2308] check also SSLListen statements 2020-04-02 13:15:03 +02:00
Topi Miettinen 9642bcffc8
[CRYP-7902] Optionally check also certificates provided by packages 
The package maintainers are not immune to mistakes or they might not
always provide timely updates, so let's check (optionally) more
certificates even if they are delivered by packages.

I found three expired certificates in my Debian/unstable system,
thanks to changed Lynis.

Signed-off-by: Topi Miettinen <toiwoton@gmail.com>
 2020-04-02 12:52:13 +03:00
Michael Boelen b5a2d11738
Added fallback for awk/tr, small code enhancement, added note 2020-04-02 09:28:41 +02:00
Michael Boelen 156f740ff2
The IsRunning function may have not everything defined early on, so added a fallback 2020-04-01 19:02:11 +02:00
Michael Boelen 4432f93044
[LOGG-2190] skip mysqld related entries 2020-04-01 16:32:52 +02:00
Michael Boelen f232b4f9bb
Added quotes 2020-04-01 16:18:03 +02:00
Michael Boelen 7e3c9448df
[TIME-3104] search for files using find and strip potential characters that may be unexpected 2020-04-01 16:16:31 +02:00
Michael Boelen 8c501c7aa8
Merge pull request #885 from sanderu/master 
Adding test FILE-6394
 2020-04-01 13:43:58 +02:00
Michael Boelen c5914c4e0f
Split count values so they are reported as individual items 2020-04-01 11:48:39 +02:00
Topi Miettinen 179f7d3442
Enhance binaries report 
Report also number of set-uid and set-gid binaries found.

Signed-off-by: Topi Miettinen <toiwoton@gmail.com>
 2020-03-31 19:09:57 +03:00
Michael Boelen 288bca9334
Merge pull request #887 from bginsbach/fix-auth-9229 
AUTH-9229 Do not use long options for sort
 2020-03-31 16:35:48 +02:00
Michael Boelen a38e2b535e
Corrected case where binaries were not checked while we do want to use dmidecode if it available 2020-03-31 16:31:41 +02:00
Michael Boelen 53ad72e791
Removed unneeded complexity regarding dmidecode, as binary checks are already done at this point 2020-03-31 16:25:27 +02:00
Michael Boelen 4ff61a6f46
Merge pull request #890 from bginsbach/add-pkg_info 
Add pkg_info
 2020-03-31 15:49:54 +02:00
Michael Boelen e481d5a173
Merge pull request #888 from bginsbach/fix-auth-9230 
Fix AUTH-9230 for systems without /etc/login.defs
 2020-03-31 11:22:31 +02:00
Brian Ginsbach 94915ac2fe Fix PKGS-7301 message nit 
The comment is correct. It is FreeBSD pkg not NetBSD pkg.
 2020-03-30 14:23:58 -05:00
Brian Ginsbach eb7dbab1ee Add pkg_info to PackageIsInstalled 
The `pkg_info` command is used on a system using NetBSD pkgsrc to
determine which packages are installed.
 2020-03-30 14:12:36 -05:00
Brian Ginsbach 2b1d5fa46f Add NetBSD pkgsrc pkg_info to known binaries 
The NetBSD pkgsrc package management system uses pkg_info for
determining information about packages. This is also the command
used in PKGS-7302.
 2020-03-30 14:09:28 -05:00
Brian Ginsbach f13d919dfa PROC-3802 Only check for prelink package on Linux 
The prelink package is Linux specific no need to check for it on
non-Linux systems.
 2020-03-29 16:19:25 -05:00
Brian Ginsbach 90b17121ba Fix AUTH-9230 for systems without /etc/login.defs 
This fixes a bug where it was determined that /etc/login.defs didn't
exist as a prerequisite but then wasn't used to skip the test. Prevents
warnings from `grep(1)` for "no such file or directory".
 2020-03-29 15:31:41 -05:00
Brian Ginsbach 18daa9f495 AUTH-9229 Do not use long options for sort 
Use the standard `sort(1)` short option `-u` rather than `--unique`,
since not all versions support long options.
 2020-03-29 15:06:36 -05:00
Sander 4732b640ae Adding test FILE-6394 2020-03-28 19:23:00 +00:00
Topi Miettinen 5c5cc43c6f
Check if system uses encrypted swap devices 
Add test CRYP-7931 to check if the system uses any encrypted swap
devices.

Signed-off-by: Topi Miettinen <toiwoton@gmail.com>
 2020-03-27 13:05:56 +02:00
Michael Boelen 603d5b16a2
[FINT-4339] define what file to check for 2020-03-25 19:40:05 +01:00
Michael Boelen b8cdb04772
Corrected requirements to run tests 2020-03-25 19:33:55 +01:00
Michael Boelen 1e52ed0c0d
Added notes to NETW-3200 for future extending this test 2020-03-25 15:19:21 +01:00
Michael Boelen 04c969752a
[NETW-3200] corrected test 2020-03-25 15:15:42 +01:00
Michael Boelen 9b978a3581
Add specific control ID for warnings regarding usage of deprecated options 2020-03-25 15:03:21 +01:00
Michael Boelen db117ae644
Merge branch 'master' of https://github.com/CISOfy/lynis 2020-03-25 10:11:34 +01:00
Michael Boelen f644927a42
Improved warning message with 'how to resolve' 2020-03-25 10:11:25 +01:00
Topi Miettinen 339e0c3207
[FILE-6374]: Summarize unhardened file system 
Report total numbers of unhardened filesystems.

Signed-off-by: Topi Miettinen <toiwoton@gmail.com>
 2020-03-25 09:18:16 +02:00
Michael Boelen 3c8e3b0adb
Merge pull request #862 from topimiettinen/blacklist-fs 
FS module tests: check if modules are blacklisted
 2020-03-24 13:34:05 +01:00
Michael Boelen 3c3feecbfb
Merge pull request #824 from Varbin/master 
Add detection of OpenNTPD
 2020-03-24 13:29:02 +01:00
Michael Boelen f83025a283
Merge pull request #860 from topimiettinen/harden-mount-options 
Harden mount options for /var, check also /dev and /run
 2020-03-24 13:27:50 +01:00
Michael Boelen dbfadc5446
Merge pull request #879 from topimiettinen/enhance-tomoyo-check 
Enhance TOMOYO Linux check
 2020-03-24 13:26:33 +01:00
Michael Boelen 18a570c0b8
Merge pull request #880 from konstruktoid/grphashrounds 
Add test for group password hash rounds
 2020-03-24 13:24:12 +01:00
Thomas Sjögren bc09f921f0 fix indentation 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2020-03-24 11:53:50 +01:00
Thomas Sjögren 0b9e2d85d6 fix tabs 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2020-03-24 11:45:05 +01:00
Thomas Sjögren 5341fa7b29 AUTH-9229 isnt related to login.defs, add AUTH-9230 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2020-03-24 11:44:14 +01:00
Topi Miettinen e09fe98b89 Enhance TOMOYO Linux check 
Count and log unconfined processes, which are not using policy
profile 3.

Signed-off-by: Topi Miettinen <toiwoton@gmail.com>
 2020-03-23 18:44:21 +02:00
Topi Miettinen 0da82a18cb
FS module tests: check if modules are blacklisted 
Check if FS modules are blacklisted.

Signed-off-by: Topi Miettinen <toiwoton@gmail.com>
 2020-03-23 17:43:53 +02:00
Topi Miettinen 8913374092 Run 'systemd-analyze security' 
'systemd-analyze security' (available since systemd v240) makes a nice
overall evaluation of hardening levels of services in a system. More
details can be found with 'systemd-analyze security SERVICE' for each
service.

Signed-off-by: Topi Miettinen <toiwoton@gmail.com>
 2020-03-23 17:31:32 +02:00
Michael Boelen 7bba7bd4af
Removed incorrect process name from list, enable --full as it is required for matching jitterentropy-rngd 2020-03-23 16:13:39 +01:00