tyler.durden
/
lynis
mirror of https://github.com/CISOfy/lynis.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
3,181 Commits 2 Branches 63 Tags 18 MiB
Commit Graph

2087 Commits

Author SHA1 Message Date
Michael Boelen 61c6d5df8d
[PKGS-7410] Don't show exception if no kernels were found on the disk 2020-10-17 13:40:09 +02:00
Michael Boelen 6238f5bc8f
Define RHEL as 'RHEL' 2020-10-17 13:26:11 +02:00
Michael Boelen 4a21fd9a5c
Merge branch 'master' into master 2020-10-17 13:23:08 +02:00
Michael Boelen 791800f95d
Added Zorin OS detection 2020-10-17 13:15:06 +02:00
Michael Boelen 760460528b
Added variable 2020-10-17 12:55:20 +02:00
Michael Boelen ba1cff941f
Improved detection of kernel by ignoring known incorrect values 2020-10-16 13:02:01 +02:00
Timo Sigurdsson 15799cf57e Add test for Suricata IDS/IPS 
Commit 94e0a4e added a test for the Suricata binary, but the result appears to
be used nowhere. Add a proper test for an active Suricata daemon in the
IDS/IPS tooling section.

Signed-off-by: Timo Sigurdsson <public_timo.s@silentcreek.de>
 2020-10-11 02:25:37 +02:00
Sergey Zhemoitel 85d36db113 Add ROSA Linux detection 2020-10-08 23:06:35 +03:00
Michael Boelen c6bd185fd7
Resolved merge conflict 2020-10-02 11:05:04 +02:00
Michael Boelen 5e0a4e685d
Added CloudLinux 2020-10-02 10:57:58 +02:00
Michael Boelen 768d8a62e8
Updated log 2020-10-02 10:55:36 +02:00
Michael Boelen a1f794cc75
Don't provide suggestion to install pseudo rng at this moment 2020-09-03 10:54:21 +02:00
danielorihuelarodriguez@gmail.com 5ca6b7ed79 feature: take into account LK 
Some distributions like CentOS 8 contains "LK" instead of "L" for
locked users.
 2020-08-28 23:19:37 +02:00
Simon Biewald 93a71539d5
Add support for Flatcar Container Linux 
Fixes cisofy/lynis#1014.

Flatcar is a for of CoreOS. Thus the variable LINUX_VERSION_LIKE
(introduced with #1004) for Flatcar is CoreOS.
 2020-08-27 21:49:17 +02:00
Jimver 554dd2d5e9
Better log message 2020-08-27 12:57:22 +02:00
Jimver e6891feeb4
Remove newline 2020-08-27 12:52:59 +02:00
Jimver cd94da3449
Use shell wildcard expansion now 2020-08-27 12:50:48 +02:00
Jimver 6f6e21add2
Fix wildcard expansion, absolute path handling and output to stderr 2020-08-26 16:38:35 +02:00
Jim 84fd612c91
Add check for other clock files for earlier systemd versions 2020-08-24 17:59:06 +02:00
Jim dabac5bf89
Change timesync sync file, fixes #1012 2020-08-23 22:41:19 +02:00
danielorihuelarodriguez@gmail.com c857ee7cf2 fix: take into account unlocked system accounts 2020-08-23 19:54:59 +02:00
Simon Biewald bd7131f6db Detect sysstat systemd unit 2020-08-19 20:47:09 +00:00
danielorihuelarodriguez@gmail.com 6bad6b058b feature: gather locked accounts info 2020-08-10 19:27:43 +02:00
Steve Kolenich f65f4d011b Improve detecting kernel version on disk 
Improve handling of kenrel files
/boot/vmlinuz-linux-lts
/boot/vmlinuz-linux
/boot/vmlinuz-lts
by updateing RegEx and adding elif
this corrects issue where version is identified
as 'linux' or 'lts' causing false report that a
reboot is needed
 2020-08-10 12:27:30 -04:00
Michael Boelen 792a202934
Merge pull request #913 from topimiettinen/check-der-certs 
[CRYP-7902] Check also certificates in DER format
 2020-08-07 11:54:39 +02:00
Michael Boelen 4206177081
Merge pull request #981 from Varbin/openntpd-equals 
[TIME-3180, TIME-3181, TIME-3182] Fix OpenNTPD tests
 2020-08-07 11:50:22 +02:00
Michael Boelen 30e0fed04f
Merge pull request #993 from Varbin/more-cron-ntp 
[TIME-3104] Find more time synchronization commands
 2020-08-07 11:46:51 +02:00
Michael Boelen 21311364e7
Merge pull request #980 from Varbin/953-timesyncd-no-dbus 
Fix timesyncd detection on systems without dbus.
 2020-08-07 11:44:06 +02:00
Michael Boelen 343e9bdc1c
Merge pull request #974 from igloonet/feature/warn-slow-settting 
Command line option for slow test threshold
 2020-08-07 11:39:39 +02:00
Steve Kolenich 33d8e8e00b Adding Alpine Linux to OSDetection 2020-08-06 20:15:18 -04:00
Michael Boelen 30c8a92594
Merge pull request #994 from konstruktoid/issue992 
add Microsoft Defender ATP, malware scanner
 2020-08-05 11:49:32 +02:00
0ri0n f988e573db
Add missing PHP 7.4 check for BSD 2020-07-27 13:59:46 -04:00
0ri0n 9b388518de
Add PHP 7.4 Detection Paths 2020-07-26 23:33:34 -04:00
Thomas Sjögren baf5f7ad4d add Microsoft Defender ATP, malware scanner 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2020-07-21 23:56:47 +02:00
Simon Biewald e27208a342
use STATBINARY, put filename in variable 2020-07-10 00:48:12 +02:00
Simon Biewald 7ba220811f
use = instead of == 2020-07-10 00:41:45 +02:00
Simon Biewald 092fe08c40
shellcheck: check exit code directly 2020-07-10 00:40:36 +02:00
Simon Biewald d4639b3c6a
find more cron ntp clients, iterate over cron files with glob 2020-07-10 00:29:35 +02:00
Simon Biewald 9107867fa1
use correct regex and comparison to match peers 2020-07-09 18:57:01 +02:00
Simon Biewald df7c6257a5
compare correct stuff in openntpd tests 
I accidentially compared rubbish in the openntpd tests,
thus they were not executed at all.
Additionally, == was used instead of =.
 2020-07-09 18:41:09 +02:00
Simon Biewald 38b6105c60
add new test to test database 2020-07-09 18:27:02 +02:00
Simon Biewald b2be7c160e
detect and test for timesyncd w/o working timedatectl 
On systems without dbus timedatectl does not work.

Thus it is checked if timesyncd currently runs and when
/run/systemd/timesyncd/synchronized was last modified.
Timesyncd touches this file on any sucessfull synchronization.
This is documented in systemd-timesyncd(8).

The new test for successfull documentation has the id TIME-3185.
 2020-07-09 18:19:35 +02:00
Kepi a2e752a8db [functions] ParseNginx: Ignore empty included wildcards 
Its ok to have empty directories included. We should not output errors with
lsbinary unable to find anything there.
 2020-07-07 15:38:19 +02:00
Kepi de18ddc2c0 [functions] ParseNginx: Support include on absolute paths 
Includes can be absolute paths too. This is quick fix counting on fact that
absolute paths have slash at start.
 2020-07-07 15:37:56 +02:00
Michael Boelen 9165cb76fa
Merge pull request #972 from igloonet/fix/FILE-6425-no-modprobe-d 
[FILE-6430] Don't grep nonexistant modprobe.d files
 2020-07-07 12:29:11 +02:00
Michael Boelen 6eae35e564
Fix for too short IDs due to hexdump output missing leading or trailing zeroes 2020-07-06 09:26:27 +02:00
Kepi f94817f66f Command line option for slow test threshold 
IMHO it should be OK to run long tests if we count with it.

Example:

    lynis audit system --slow-warning 300

Will warn when test takes longer than 300 seconds, instead of default 10.
 2020-07-02 23:42:28 +02:00
Kepi 9d52395952 [FILE-6430] Don't grep nonexistant modprobe.d files 
We don't want to grep files in modprobe.d when dir is empty. Uses same approach
as in USB-1000.
 2020-07-02 18:22:03 +02:00
Michael Boelen ea38da3439
Add /etc/os-release detection of Linux Mint 2020-06-28 14:58:23 +02:00
Chris Lynch 5b11c468eb Fix for Issues #964 - Pop!_OS added to osdetection 2020-06-27 10:44:31 +01:00
Michael Boelen 96e7ba5aaa
Activate test for all operating systems, remove function keyword 2020-06-27 10:21:24 +02:00
Wes Price dcf9bd0938 [AUTH-9229] resolving syntax error on MacOS Catalina 2020-06-26 12:29:40 -10:00
Michael Boelen e6c6fdc9a8
[AUTH-9229] Undo escaping exclamation mark and disabling test for AIX and macOS 2020-06-26 10:24:37 +02:00
Michael Boelen 871f95cbf3
Use BSD style format when calling stat 2020-06-26 09:53:23 +02:00
Michael Boelen 9f0bbf52ea
[FIRE-4534] set initial state 2020-06-26 09:44:39 +02:00
Michael Boelen 68c6bdff16
[AUTH-9229] escaped exclamation mark 2020-06-26 09:34:40 +02:00
Michael Boelen 8a5b2a4099
Merge pull request #920 from jsrc27/Fix-KRNL-5730 
Fix KRNL-5730 to properly check /proc/config.gz
 2020-06-24 09:21:32 +02:00
Michael Boelen c707b7d100
[MALW-3280] added additional BitDefender process 2020-06-24 08:09:12 +02:00
Michael Boelen 36f86d76c4
[AUTH-9229] added option to look for LOCKED accounts 2020-06-23 13:57:14 +02:00
Michael Boelen 610f70d5aa
[INSE-8312] corrected text 2020-06-23 13:56:13 +02:00
Alexander Lackner d7870e3f5c Added macOS Big Sur (11.0) 2020-06-22 20:44:58 +02:00
Michael Boelen b980223d42
Merge pull request #958 from Steve8291/patch-2 
fix stderr output from cryptsetup status
 2020-06-22 14:26:47 +02:00
Michael Boelen 75738ceeab
Fix for language detection, unset LANG as right place 2020-06-22 10:25:02 +02:00
Michael Boelen a2f8bdc5f8
[BOOT-5122] presence check for grub.d added 2020-06-22 10:18:01 +02:00
Steve8291 c02ce49ce3
fix stderr output from cryptsetup status 
Redirected stderr to /dev/null to silence output of `cryptsetup status /swap.img`
This was causing error output from my cron script.
Otherwise, if the swap file is not encrypted then the following error will be printed:
`Device swap.img not found`
 2020-06-21 10:47:28 -04:00
Michael Boelen 6d9b530bf4
[KRNL-5830] improved detection for non-symlinked kernel on disk 2020-06-21 13:14:08 +02:00
Michael Boelen aebd5ed9b3
Remove unneeded line in log to prevent double entry 2020-06-21 12:57:05 +02:00
Michael Boelen b2350f2f6c
Add log entry to help troubleshooting users that still use old-style configuration entries in profile 2020-06-21 12:52:50 +02:00
Michael Boelen 6a9e94befb
Reordered items, added Kali Linux, improved exception message 2020-06-19 11:10:22 +02:00
Michael Boelen 3b9eda53cc
CVE-2019-13033 - Discovered by Sander Bos 2020-06-18 12:36:04 +02:00
Michael Boelen 2398c74783
Merge pull request #941 from iain-cuthbertson-siftware/bugfix/allow-mixed-case-hostnames 
Adds uppercase option to the hostname validation regex
 2020-06-02 18:50:35 +02:00
Michael Boelen 05ea9f873d
[FILE-6330] corrected description 2020-06-02 16:34:35 +02:00
Iain Cuthbertson 0b8c775a01 Adds uppercase option to the hostname validation regex 2020-06-02 15:33:32 +01:00
Michael Boelen b285623ac2
Remove double space 2020-06-02 16:30:43 +02:00
Michael Boelen 9fdfc062dd
Add Gentoo 2020-06-02 14:09:49 +02:00
Aditya Shastri 2b0a0ba2e1 Addedd OS detection for Oracle Linux 2020-05-14 20:51:11 -07:00
Jeremias Cordoba f081a9ed7e Fix KRNL-5730 to properly check /proc/config.gz 
When KRNL-5728 locates the kernel config it does not properly set LINUXCONFIGFILE
if config is found as /proc/config.gz. This causes KRNL-5730 to fail due to missing prereqs,
despite a kernel config existing.

Signed-off-by: Jeremias Cordoba <js.cordoba8321@gmail.com>
 2020-05-04 15:51:03 -07:00
Topi Miettinen fcdc07f8d9
[CRYP-7902] Check also certificates in DER format 
Check also certificates in DER (*.cer, *.der) format. Add
/etc/refind.d/keys to list of certificate paths.

Signed-off-by: Topi Miettinen <toiwoton@gmail.com>
 2020-04-25 00:06:58 +03:00
Thomas Sjögren 51dfc34663 accept more restrictive file permissions 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2020-04-22 10:34:58 +02:00
Michael Boelen ce3c80b44f
Merge pull request #883 from topimiettinen/check-encrypted-swap-devices 
Check if system uses encrypted swap devices
 2020-04-12 16:22:22 +02:00
Michael Boelen a166691199
Merge pull request #882 from topimiettinen/check-package-certificates 
[CRYP-7902] Check also certificates provided by packages
 2020-04-09 11:01:39 +02:00
Michael Boelen 1163648d89
Merge pull request #896 from Schmuuu/feature/raspi-detect-required-reboot 
extended test KRNL-5830 to detect required reboots on Raspbian
 2020-04-09 09:58:48 +02:00
Michael Boelen 0019cf3297
Merge pull request #904 from bginsbach/krnl-5677 
KRNL-5677 use platform instead of preqs-met
 2020-04-09 09:55:28 +02:00
Brian Ginsbach 95b1ae044b KRNL-5677 use platform instead of preqs-met 2020-04-08 15:55:45 -05:00
Martin Churchill e4d491d574
[CRYP-7902] Fixes issue #902 
[CRYP-7902] Checks for SSL_CERTIFICATE_PATHS_TO_IGNORE fails to ignore sub-directories #902
 2020-04-08 10:02:18 +01:00
Michael Boelen be75a089a7
[PROC-3802] added package manager routine as dependency 2020-04-07 10:53:39 +02:00
Michael Boelen c368846a08
Added support to require a detected and known package manager 2020-04-06 20:47:45 +02:00
Michael Boelen 9da0665929
[NETW-2400] Improved logging 2020-04-04 15:56:00 +02:00
Michael Boelen 032bb6988e
Added new test NETW-2400 2020-04-04 15:28:04 +02:00
Michael Boelen 4680f94d11
[NETW-2706] allow usage of systemd-resolve and resolvectl, improved screen output and logging 2020-04-03 14:02:52 +02:00
Michael Boelen 5288479296
Merge pull request #899 from bginsbach/auth-9218 
AUTH-9218 Improvements
 2020-04-03 09:48:39 +02:00
Michael Boelen f92fe4e03f
Merge pull request #898 from bginsbach/auth-9268 
AUTH-9268 Add DragonFly
 2020-04-03 09:45:21 +02:00
Michael Boelen f25ffdbb1f
[NETW-2706] redirect errors to stderr 2020-04-03 09:40:30 +02:00
Brian Ginsbach ac7ad92f22 AUTH-9218 add NetBSD and OpenBSD 
All of the BSDs have `/etc/master.passwd`.
 2020-04-02 20:09:34 -05:00
Brian Ginsbach 50a60fed87 AUTH-9218 add requires root 
The `/etc/master.passwd` file on BSD systems is (or should be) read/write
root only. Skip the test if not being run as root.
 2020-04-02 20:09:15 -05:00
Brian Ginsbach 6308682cae Combine AUTH-9218 and AUTH-9489 
These two tests are essentially identical. There is no need separate
the DragonFly and FreeBSD tests. This will make it easier to add
support for other BSD systems.
 2020-04-02 20:09:01 -05:00
Brian Ginsbach 4bcd695428 AUTH-9268 Add DragonFly 
DragonFly also supports PAM. Rework to use the `--os` option of `Register`
rather than `--preqs-met` as the former can support a list.
 2020-04-02 15:59:11 -05:00
Kristian S 52b72e7b0f extended test KRNL-5830 to detect required reboots on Raspbian 2020-04-02 21:45:40 +02:00
Michael Boelen 38a5c2cb79
Added new test PHP-2382 2020-04-02 19:46:58 +02:00
Michael Boelen 6eb204a85d
[PRNT-2308] check for Port statement and minor adjustments to test 2020-04-02 14:45:44 +02:00