tyler.durden
/
lynis
mirror of https://github.com/CISOfy/lynis.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
2,833 Commits 2 Branches 63 Tags 18 MiB
Commit Graph

303 Commits

Author SHA1 Message Date
Michael Boelen 892a43c991
Switch to development of 2.6.5 2018-05-14 08:28:56 +02:00
Michael Boelen 53004754bc
Release 2.6.4 2018-05-02 13:35:57 +02:00
Michael Boelen 235ec1c8d4
Merge branch 'master' of https://github.com/CISOfy/lynis 2018-05-02 13:19:32 +02:00
kisst 039945bde6 DNS-1600 Check for DNSSEC validation (#535) 2018-05-02 13:19:01 +02:00
Michael Boelen 9f7aeb3e21
Use shortest version for defining plugin directory 2018-05-02 12:42:32 +02:00
Justin McAfee 9bd0a92980 Updated Sentence tense, replaced deprecated wait_for_keypress. (#532) 
==========================
Changed words to match sentence tense. 
==========================
Removed reference to depracated "wait_for_keypress", replaced with WaitForKeyPress, Ln 351. per https://github.com/CISOfy/lynis/blob/master/include/functions
==========================
Contribution by Justin McAfee  (me [at] justinmcafee [dot] com)
 2018-03-16 17:25:18 +01:00
Michael Boelen 5d7fd65f85
Switch to development 2018-03-10 12:26:33 +01:00
Michael Boelen 692dfe9c6b
Release 2.6.3 2018-03-07 16:25:00 +01:00
Michael Boelen 1f80c000cc
Switch to development 2018-02-16 08:52:32 +01:00
Michael Boelen 20e33c87d2
Lynis 2.6.2 2018-02-13 16:15:40 +01:00
Michael Boelen 47d81cfb59
Switch to development version 2018-02-06 10:46:41 +01:00
Michael Boelen 768446e48c
Lynis 2.6.1 2018-01-26 13:07:00 +01:00
Dave Vehrs a30d429315 tests_usb updates (#514) 
* Added kernel.dmesg_restrict to sysctl checks.

* Moved usb-storage and autthorization tests tests_usb

* Limit Suggestions when USBGuard installed

* Changed usb_devices to usb
 2018-01-26 12:24:33 +01:00
Dave Vehrs 8f689d4723 Adding USBGuard to checks for USB Devices. (#499) 
* Added kernel.dmesg_restrict to sysctl checks.

* Initial addition of tests_usb_devices

* More updates for tests_usb_devices

* More updates

* Updated logging and other output.
 2018-01-24 19:29:50 +01:00
Michael Boelen 71d3610d74
Switch to 2.6.1 development 2018-01-18 20:10:10 +01:00
Michael Boelen 4f1f9bc537
Release 1.6.0 2018-01-18 17:06:07 +01:00
mslifcak 173843bdfd Pin svc mgr (#506) 
* systemctl does not mean systemd is used

* Check for systemd active

* determine service manager if not already set
 2018-01-17 15:56:19 +01:00
Michael Boelen fe138d283d
Switch to development 2018-01-13 12:54:04 +01:00
Michael Boelen 332cc49be3
Release 2.5.9 2018-01-12 15:29:39 +01:00
Michael Boelen 66f8cb2441
Changed year 2018-01-11 09:50:26 +01:00
Michael Boelen 408ee73737
Move to development version and no longer show upgrade message when being quiet/silent 2017-12-30 18:40:13 +01:00
Michael Boelen 117f3db2a7
Release 2.5.8 2017-12-28 12:50:56 +01:00
Michael Boelen 8fde6723e2
Additional checks for log and report file 2017-11-25 16:37:28 +01:00
Michael Boelen 4aa8046280
Switch to development version 2017-10-29 17:06:44 +01:00
Michael Boelen be82d80b02
Release 2.5.7 2017-10-29 16:55:55 +01:00
Michael Boelen 858f849c1a
Release 2.5.6 2017-10-27 12:50:58 +02:00
Michael Boelen c3f3e22290
Show language in output 2017-09-17 20:15:57 +02:00
Michael Boelen 6199d26861
Change to development 2017-09-12 15:23:22 +02:00
Michael Boelen daeec982ab
Release 2.5.5 2017-09-07 10:28:19 +02:00
Michael Boelen 61d28ac73c
Start development of 2.5.5 2017-09-06 12:55:31 +02:00
Michael Boelen 72dc0de32b
Release 2.5.4 2017-09-05 13:30:32 +02:00
tobiasfielitz 5aaf81c267 removed "update release" from menu (#448) 2017-08-30 19:12:51 +02:00
Michael Boelen 011639bc60
Textual improvement 2017-08-17 20:30:08 +02:00
Michael Boelen 00648a636c
Improve systemd detection 2017-08-17 20:28:32 +02:00
Michael Boelen 0caf42bc51
Switch to 2.5.4 development 2017-08-17 20:06:58 +02:00
Michael Boelen 83da68fdb5
Release 2.5.3 2017-08-17 14:27:41 +02:00
Michael Boelen a547953d99
Set default log directory, or allow it be set per OS 2017-08-08 14:52:59 +02:00
Michael Boelen b301a1c108
Switch to dev 2017-07-11 09:30:48 +02:00
Michael Boelen 5a66eb8d17
Release 2.5.2 2017-07-10 16:09:09 +02:00
Daniel Romell 5b12f17e3f Minor fixes for embedded Linux. (#406) 
* Check if the "locale" binary is available before using it.

This is no functional change as it will still fall back to english
when the locale can't be determined. This fix gets rid of the
following error when running on systems without the locale binary:

./lynis: line 112: locale: command not found

Signed-off-by: Daniel Romell <daro@hms.se>

* tests_kernel: KRNL-5677: Fix invalid use of shell test.

This fixes an issue (syntax error) triggered on systems with no PAE or
NX extensions:

- Checking CPU support (NX/PAE)
/usr/libexec/lynis/include/tests_kernel: line 126: [: too many arguments
/usr/libexec/lynis/include/tests_kernel: line 132: [: too many arguments

No need to use [] when only looking at function return values.

Signed-off-by: Daniel Romell <daro@hms.se>
 2017-06-21 14:17:49 +02:00
Michael Boelen 55f4448b34
Start development of 2.5.2 2017-06-14 14:11:02 +02:00
Michael Boelen 1be5154b35
Release 2.5.1 2017-05-31 15:49:59 +02:00
Michael Boelen 0bc344d049
Start of 2.5.1 2017-05-08 14:55:49 +02:00
Michael Boelen d012f817ac
Release 2.5.0 2017-05-03 10:42:55 +02:00
Michael Boelen 4ecb9d4d05
[bulk change] cleaning up, code enhancements, initialization of variables, and new tests 2017-04-30 17:59:35 +02:00
Michael Boelen 77d26dc184
Preparing for next release 2017-04-23 20:17:58 +02:00
Michael Boelen 5ef342037f Release 2.4.8 2017-03-29 17:08:40 +02:00
Michael Boelen 8d5243c928
Moving to development version 2017-03-27 11:47:15 +02:00
Michael Boelen 2b14437494 Release 2.4.7 2017-03-22 11:54:05 +01:00
Michael Boelen cba08e8002 Move to development release 2017-03-17 10:37:25 +01:00
Michael Boelen 5693a6c196 Release 2.4.6 2017-03-15 10:35:12 +01:00
Michael Boelen 70607daa65 Cleanups 2017-03-14 16:41:47 +01:00
Michael Boelen 369f0b82d7 Move to development version 2017-03-12 16:36:12 +01:00
Michael Boelen 26d155e012 Moving to 2.4.5 release 2017-03-09 12:29:09 +01:00
hlein 62d9a18861 A bunch of Solaris compatibility tweaks (#367) 
* Work around Solaris' /bin/sh not being POSIX.

If /usr/xpg4/bin/sh is present, we are (definitely?) on Solaris or
a derivative, and /bin/sh cannot be trusted to support POSIX, but
/usr/xpg4/bin/sh can be.  Exec it right away.

* Work around Solaris 'which' command oddity.

Solaris' (at least) 'which' command outputs not-found errors to STDOUT
instead of STDERR.

This makes "did we get any output from which" checks insufficient;
piping to grep -v the "no foo in ..." message should work.

Note that this patch set includes all such uses of which that I could
find, including ones that should never be reached on Solaris (i.e. only
executed on some other OS) just for consistency.

* Improved alternate-sh exec to avoid looping.

* Solaris' /usr/ucb/echo supports -n.

* Check for the best hash type that openssl supports.

When using openssl to generate hashes, do not assume it supports
sha256; try that, then sha1, then give up and use md5.

* Solaris does not support sed -i; use a tempfile.

* Use the full path for modinfo.

When running as non-root, /usr/sbin/ might not be in PATH.
include/tests_accounting already calls modinfo by full path, but
include/tests_kernel did not.

* Solaris find does not support -maxdepth.

This mirrors the logic already in tests_homedirs.

* Use PSBINARY instead of ps.

* Work around Solaris' date not supporting +%s.

Printing nawk's srand value is a bizarre but apparently once popular
workaround for there being no normal userland command to print
UNIX epoch seconds.  A perl one-liner is the other common approach,
but nawk may be more reliably present on Solaris than perl.

* Revert to using sha1 for HOSTID.

* Whitespace cleanup for openssl hash tests.
 2017-03-08 16:24:24 +00:00
hlein e054e9757c Lots of cleanups (#366) 
* Description fix: SafePerms works on files not dirs.

All uses of SafePerms are on files (and indeed, it would reject
directories which would have +x set).

* Lots of whitespace cleanups.

Enforce everywhere(?) the same indentations for if/fi blocks.
The standard for the Lynis codebase is 4 spaces.  But sometimes
it's 1, sometimes 3, sometimes 8.

These patches standardize all(?) if blocks but _not_ else's (which
are usually indented 2, but sometimes zero); I was too lazy to
identify those (see below).

This diff is giant, but should not change code behavior at all;
diff -w shows no changes apart from whitespace.

FWIW I identified instances to check by using:

  perl -ne 'if ($oldfile ne $ARGV) { $.=1; $oldfile=$ARGV; }; chomp; if ($spaces) { next unless /^( *)([^ ]+)/; $newspaces=length($1); $firsttok = $2; next unless defined($firsttok); $offset = ($firsttok eq "elif" ? 0 : 4); if ($newspaces != $spaces + $offset) { print "$ARGV:$ifline\n$ARGV:$.:$_\n\n" }; $ifline=""; $spaces="";  } if (/^( *)if (?!.*[; ]fi)/) { $ifline = "$.:$_"; $spaces = length($1); }' $(find . -type f -print0 | xargs -0 file | egrep shell | cut -d: -f1)

Which produced output like:

  ./extras/build-lynis.sh:217:            if [ ${VERSION_IN_SPECFILE} = "" -o ! "${VERSION_IN_SPECFILE}" = "${LYNIS_VERSION}" ]; then
  ./extras/build-lynis.sh:218:               echo "[X] Version in specfile is outdated"

  ./plugins/plugin_pam_phase1:69:        if [ -d ${PAM_DIRECTORY} ]; then
  ./plugins/plugin_pam_phase1:70:                LogText "Result: /etc/pam.d exists"

...There's probably formal shellscript-beautification tools that
I'm oblivious about.

* More whitespace standardization.

* Fix a syntax error.

This looks like an if [ foo -o bar ]; was converted to if .. elif,
but incompletely.

* Add whitespace before closing ].

Without it, the shell thinks the ] is part of the last string, and
emits warnings like:

  .../lynis/include/tests_authentication: line 1028: [: missing `]'
 2017-03-07 19:23:08 +00:00
hlein b595cc0fb5 Various cleanups (#363) 
* Typo fix.

* Style change: always use $(), never ``.

The Lynis code already mostly used $(), but backticks were sprinkled
around.  Converted all of them.

* Lots of minor spelling/typo fixes.

FWIW these were found with:

  find . -type f -print0 | xargs -0 cat | aspell list | sort -u | egrep '^[a-z]+$' | less

And then reviewing the list to pick out things that looked like
misspelled words as opposed to variables, etc., and then manual
inspection of context to determine the intention.
 2017-03-06 07:41:21 +00:00
Michael Boelen a6b0d7611a Move to development release 2017-03-05 13:13:44 +01:00
Michael Boelen 3779ad76fb Release 2.4.4 2017-03-01 15:30:37 +01:00
Michael Boelen b95019da03 Move to development version 2017-02-28 20:17:32 +01:00
Michael Boelen 3a7d9a42f4 Release 2.4.3 2017-02-22 15:10:05 +01:00
Michael Boelen 9075d903c3 Move to development version 2017-02-16 10:28:50 +01:00
Michael Boelen 97d018f62d Release 2.4.2 2017-02-15 14:06:50 +01:00
Michael Boelen b2395ab175 Moving to development version 2017-02-10 11:13:12 +01:00
Michael Boelen 34ba1ba184 Changed date and preparing for release 2017-02-09 13:35:40 +01:00
Justin P 50b06efd30 macOS Refactoring (#311) 
* Default all macOS `OS` names as macOS. Added comments to specify `uname` outputs for better understanding.

* Refactored all `Mac` instances referring to macOS over to `macOS` formatting.

Tested on my own machine, unable to find any errors outside of normal parameters.
 2016-11-05 11:53:22 +01:00
Michael Boelen 3bafb77395 Switch to development version 2016-10-28 11:47:57 +02:00
Michael Boelen 1cebc05b09 Release 2.4.0 2016-10-27 10:06:22 +02:00
Michael Boelen 26489d03e9 Style improvements and set directories only when empty 2016-10-23 16:26:22 +02:00
Michael Boelen 20ec79d4e2 Extend hostname information for systems that show errors while running hostname command 2016-10-16 17:07:34 +02:00
Michael Boelen ba6c54023f Update release date 2016-10-16 15:23:31 +02:00
Michael Boelen d0eae6480d Support for Docker container detection 2016-10-16 15:13:04 +02:00
Michael Boelen 063f50f39c Add upload-only command 2016-10-13 20:15:00 +02:00
Michael Boelen b9d462a133 Bump to new development version 2016-10-05 09:53:29 +02:00
Michael Boelen de6bf35649 Release 2.3.4 2016-09-27 11:20:51 +02:00
Michael Boelen fdf3ded89f New command 'lynis show details' to display test details 2016-08-26 14:05:20 +02:00
Michael Boelen 8ac9721f43 Mark development version 2016-08-23 20:20:42 +02:00
Michael Boelen 705fd19385 Lynis 2.3.3 release 2016-08-23 10:50:50 +02:00
Michael Boelen f42e63129a Clean up 2016-08-22 21:45:48 +02:00
Michael Boelen c297b14613 Clearly show that root directory has been customized for that run 2016-08-15 20:01:23 +02:00
Michael Boelen 242f91ab97 Added --rootdir for forensics 2016-08-15 19:50:52 +02:00
Michael Boelen e06db1477d Add notebook hardware detection 2016-08-13 16:38:07 +02:00
Michael Boelen f9b2993f35 Removed unneeded field 2016-08-10 07:24:10 +02:00
Michael Boelen 1c1950e5fe New development version 2016-08-09 21:12:52 +02:00
Michael Boelen 0337f6e5b3 Release 2.3.2 2016-08-09 15:23:29 +02:00
Zoltan Paldi a7b11aea56 Hu translation (#255) 
* Replace egrep pattern from 'LANGUAGE' to 'LANG'

* Hungarian translation add to hu file
 2016-08-09 15:16:13 +02:00
Michael Boelen 9b00ea7d40 Perform early tests before running main program 2016-07-31 11:48:04 +02:00
Michael Boelen af999d3207 Allow strict code checking for developers 2016-07-28 11:39:10 +02:00
Michael Boelen db25928da6 Typo 2016-07-28 10:38:55 +02:00
Michael Boelen d23e4b0fa5 Changed header and footer of screen output 2016-07-26 16:00:36 +02:00
atao60 0b5b4a47a3 Display function creates wrong indentation of result column (#237) 2016-07-26 15:00:05 +02:00
Michael Boelen 2f4c854ba7 Rename of categories, introduction of groups 2016-07-24 17:22:00 +02:00
Michael Boelen 1852095bb0 Provide more details when program is old or outdated 2016-07-20 10:51:34 +02:00
Michael Boelen aeb08cb80a Switch to development version 2016-07-16 16:28:10 +02:00
Michael Boelen 5684db4490 Release 2.3.1 2016-07-14 19:45:08 +02:00
Michael Boelen fe53964f0a Preparations for next release 2016-07-14 13:50:51 +02:00
Michael Boelen 8d209fc376 Change in help text 2016-07-13 13:19:23 +02:00
Michael Boelen 6159b4e54d New release 2.3.0 2016-07-13 12:56:15 +02:00
Michael Boelen 07a113e46e Set initial value for language and improve auto detection 2016-07-12 20:32:15 +02:00
Michael Boelen 19807ff573 Updated timestamp 2016-07-11 11:27:59 +02:00