tyler.durden
/
lynis
mirror of https://github.com/CISOfy/lynis.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
2,321 Commits 2 Branches 62 Tags 17 MiB
Commit Graph

1539 Commits

Author SHA1 Message Date
bcs016 10b8da1c6a
Update tests_authentication 
Update AUTH-9402, change name to check in etc/passwd file when device is a QNAP
 2019-04-29 11:47:11 +02:00
Michael Boelen 96c1ea8b0e
[PKGS-7386] Removed suggestion as a warning is already displayed when vulnerable packages were discovered 2019-04-20 14:31:11 +02:00
Michael Boelen 017103e20c
[PKGS-7392] - Skip test for Zypper-based systems 2019-04-17 15:26:43 +02:00
Michael Boelen 121c861446
Non-interactive mode for zypper 2019-04-17 15:07:07 +02:00
Michael Boelen bf5219d9b9
[PKGS-7328/PKGS-7330] added non-interactive global option 2019-04-15 19:30:21 +02:00
Michael Boelen dba2dcb918
Added missing variables 2019-04-15 19:20:31 +02:00
Michael Boelen 2d0c684931
Added new 'generate' command 2019-04-13 13:26:56 +02:00
Michael Boelen e195e7c8e0
Corrected lsvg binary detection 2019-04-09 08:26:16 +02:00
Michael Boelen d90c43d06c
Updated descriptions 2019-04-09 06:52:00 +02:00
Capashenn fe09e4ebaa fix SHLL-6220 description (#673) 2019-04-09 06:49:33 +02:00
Michael Boelen fd8b1e790d
Improved PackageIsInstalled function and its usage 2019-04-08 15:09:18 +02:00
Michael Boelen 256bc1da0f
Undoed submitted pull request as it breaks testing at least on Ubuntu system 2019-04-08 11:07:41 +02:00
Capashenn 137dc6f0cc fix FILE-6374 (#672) 2019-04-08 10:36:17 +02:00
Michael Boelen 71a0c79053
Corrected stdout/stderr redirection for FreeBSD pkg tool 2019-04-08 07:53:04 +02:00
Michael Boelen 08ecd91180
Use ps instead of pgrep on AIX 2019-04-07 19:03:21 +02:00
Michael Boelen 1e134bc1b3
Extended function with more package managers 2019-04-07 15:52:52 +02:00
Michael Boelen f8b390617b
Changed screen output 2019-04-07 15:51:25 +02:00
Michael Boelen 2750e9b7b8
Detect equery binary 2019-04-07 15:50:46 +02:00
Michael Boelen 72ba872a2f
Improve text output for AIX systems 2019-04-04 19:04:42 +02:00
Michael Boelen 9936224278
Merge of several tests, cleanup, minor code enhancements and restructure 2019-04-04 14:42:39 +02:00
Michael Boelen 247eb7d9a6
Corrected if-statement 2019-04-03 12:46:03 +02:00
Capashenn e0ca517aaa Add tests INSE-8310 INSE-8312 (telnet) (#693) 
* Add test INSE-8000

* Add xinetd support in insecure_services

* fix issue #662

* Check for talk via xinetd

* Check for chargen via xinetd

* Check for daytime via xinetd

* Check discard via xinetd

* Check echo via xinatd

* Check time via xinetd

* Check tftp via xinetd

* Check rsync via xinetd

* Add test INSE-8200

* Add test INSE-8300 INSE-8302 INSE-8304 (rsh)

* Add tests INSE-8310 INSE-8312 (telnet)
 2019-04-02 11:15:31 +02:00
Michael Boelen 2c83037cba
Minor cleanup 2019-04-02 07:58:10 +02:00
Capashenn 7b7086566d Add test FILE-6324 check XFS file systems (#699) 2019-04-02 07:46:04 +02:00
Michael Boelen d0df518426
[PKGS-7420] corrected typo 2019-03-30 13:58:23 +01:00
Michael Boelen 3660043308
[PKGS-7420] limit test to specific OS, add dnf-automatic support, extend logging 2019-03-30 13:31:03 +01:00
Michael Boelen 3702ae67b5
[PKGS-7420] Detect toolkit to automatically download and apply upgrades 2019-03-29 12:53:13 +01:00
Michael Boelen 8a9edeb40b
[AUTH-9278] style change, description, allow different root directory 2019-03-29 12:30:12 +01:00
Capashenn f9bcf26f25 fix issue #612 (#677) 
LDAP support for Red Hat and others (fix issue #612)
 2019-03-29 12:26:12 +01:00
Michael Boelen de2ef2c3e7
Add apt and dpkg binaries 2019-03-29 12:23:45 +01:00
Michael Boelen 605c381eb6
[PKGS-7410] add support for DPKG-based systems to gather installed kernel packages 2019-03-29 12:22:20 +01:00
Michael Boelen ea8c032ea9
[NETW-3015] added support for ip binary 2019-03-21 09:34:26 +01:00
Michael Boelen 943e09db01
[LOGG-2180] minor cleanup 2019-03-21 09:07:05 +01:00
Michael Boelen 928023ec6a
[HTTP-6624] improved logging for test 2019-03-19 13:07:12 +01:00
Michael Boelen 303050dda3
[LOGG-2154] Adjusted test to search in configuration file correctly 2019-03-15 14:25:00 +01:00
Michael Boelen 048815abc0
[SSH-7408] Increased values for MaxAuthRetries as sometimes SSH key-based authentication may need it 2019-03-15 14:00:47 +01:00
Michael Boelen 4a47bde240
Adjusted descriptions 2019-03-15 13:52:55 +01:00
Michael Boelen 89782f1e98
Add logging status of tool tips 2019-03-14 14:15:59 +01:00
Michael Boelen 703a856e82
Corrected blkid detection 2019-03-14 13:15:07 +01:00
Michael Boelen 48195ce221
Initial work to detect Lynis in cronjobs 2019-03-14 12:32:19 +01:00
Michael Boelen 3e7b319ec7
Readability changes and show when plugin execution is skipped 2019-03-14 12:31:39 +01:00
Michael Boelen 3cf64ff5a6
Preparations for user tips to improve usage of tool 2019-03-14 12:30:37 +01:00
Michael Boelen 95c11f8270
[KRNL-5820] Changed color for default value - fixes GitHub #655 2019-03-11 14:06:17 +01:00
Michael Boelen ec4d89b978
[BOOT-5122] don't use WARNING, but show NONE if no protection is implemented 2019-03-07 10:15:16 +01:00
chr0mag e33ca1ec58 [BOOT 5177] Simplify service filter & support multiple periods in names (#633) 
* Handle service names with multiple periods

The current awk filter produces truncated output if the service
name contains multiple periods.

eg. dbus-org.freedesktop.resolve1.service and
dbus-org.freedesktop.network1.service both appear as 'dbus-org' in
the resulting service list.

This change addresses this by filtering on '.service' instead.

* Simplify systemd service filtering

Added systemctl switches to filter the output based on enabled
or running services. This removes the need for one of the awk
statements.
 2019-03-07 10:10:21 +01:00
chr0mag 341612418f BOOT-5117 adds systemd-boot bootloader detection (#634) 
Adds a test to detect systemd-boot. The 'bootctl' binary is also
added as this is the utility used to inspect the systemd-boot
configuration.

This test is only executed if systemd is installed, the bootctl
utility exists and the system is booted in UEFI mode.
 2019-03-07 10:07:52 +01:00
silentcreek fb567465c9 [KRNL-5788] Fix false positive warning on missing /vmlinuz (#650) 
Not all architectures use a /vmlinuz symlink in Debian. For instance,
armhf systems may only provide a symlink in /boot/vmlinuz. Fall back to
testing /boot/vmlinuz if /vmlinuz is not found.

Signed-off-by: Timo Sigurdsson <public_timo.s@silentcreek.de>
 2019-03-07 10:05:12 +01:00
silentcreek 17f2e34660 [PKGS-7388] Fix false positive warning on missing security archive (#651) 
Currently the check for the security archive in Debian/Ubuntu fails, if
the archive is not hosted on security.{debian,ubuntu}.org and the URL
does have trailing slash, such as this:
  deb http://deb.debian.org/debian-security/ stretch/updates main

Change the regular expression to allow for a trailing slash in the URL
when filtering the package sources lists.

Signed-off-by: Timo Sigurdsson <public_timo.s@silentcreek.de>
 2019-03-07 10:03:11 +01:00
Michael Boelen 8888b01dcd
Store date and timestamp for EOL 2019-03-05 19:31:36 +01:00
jirib 0dafe4a02b better OpenBSD support (#641) 2019-03-05 19:03:44 +01:00