tyler.durden
/
lynis
mirror of https://github.com/CISOfy/lynis.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
3,539 Commits 2 Branches 62 Tags 17 MiB
Commit Graph

96 Commits

Author SHA1 Message Date
Michael Boelen 4b912ab357
Merge pull request #1399 from xnoguer/issue-1319 
Added tests considering Wazuh for file integrity and tooling
 2023-09-13 16:04:04 +02:00
Xavier Noguer b16b4628c7 Fixing test numbers in db/tests.db with the actual numbers used for those tests 2023-05-30 08:38:17 +00:00
Xavier Noguer 9f36e17ee0 Added tests considering Wazuh for file integrity and tooling 2023-05-23 15:07:42 +00:00
Nick Anderson a19f532ddf
Fixed typo in Group for FINT-4316 
Closes #1323
 2022-08-17 14:03:21 -05:00
Michael Boelen f64f17f90b
Update tests.db 2022-02-10 14:24:15 +01:00
Michael Boelen 98f57d6d76
Added MALW-3274 to detect McAfee VirusScan Command Line Scanner 2022-01-31 13:29:11 +01:00
Michael Boelen a836d0d5fb
Added MALW-3290 2021-07-27 10:43:16 +02:00
Michael Boelen d0e1b7cd8e
Added CRYP-8006 2021-05-11 19:59:16 +02:00
Michael Boelen 32143f6377
Merge pull request #1139 from teoberi/New-test-BOOT-5140---Check-for-ELILO-boot-loader-presence 
New test: BOOT-5140 - Check for ELILO boot loader presence
 2021-05-11 11:21:33 +02:00
Michael Boelen e493c6717c
Added ACCT-9672 2021-05-11 11:18:37 +02:00
Michael Boelen 77fab97e77
Added ACCT-9670 2021-05-11 11:17:23 +02:00
Michael Boelen ab1111c0ed
Merge pull request #905 from topimiettinen/check-non-native-binary-formats 
Check for registered non-native binary formats
 2021-01-07 15:16:34 +01:00
teoberi a9cc4e0c62
Update tests.db 
Add TestID for ELILO
 2021-01-03 12:09:09 +02:00
Michael Boelen c9a57d2caf
Merge pull request #1062 from Varbin/solaris-loghost-not-localhost 
Test if loghost is not localhost
 2020-12-17 14:18:31 +01:00
Michael Boelen 258b2bf05f
Merge pull request #1064 from Varbin/solaris-ips-svcs 
Add support for Solaris services, run BOOT-5184 there
 2020-12-15 14:16:18 +01:00
Michael Boelen 1d908e19ac
Mark test as multi-OS by removing all values 2020-12-15 14:15:26 +01:00
Josh Soref f1cb5054c4 spelling: authoritative 
Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
 2020-11-08 23:35:46 -05:00
Simon Biewald 25278b6b38 Add support for Solaris services, run BOOT-5184 there 
The Solaris IPS service manager (svcs) is now detected, and services
managed with it are enumerated.

Test BOOT-5184 now runs on Solaris, too, as SysV init scripts are
supported as well, even with IPS. SysV Init has been the traditional
init system on Solaris.
 2020-10-25 21:51:12 +00:00
Simon Biewald 1f3d0956a7 Test if loghost is not localhost 
On Solaris, the name loghost can be used to point to remote log servers.
By default loghost is configured to 127.0.0.1, logging to the local
machine.

Thus a new test - LOGG-2153 - is created to test if loghost is not
localhost and LOGG-2154 is modified to ignore @loghost lines if loghost
is localhost.
 2020-10-25 20:28:19 +00:00
Michael Boelen 43d0c6a8fd
Merge branch 'master' into add-suricata-ids-ips-test 2020-10-25 12:50:25 +01:00
Michael Boelen bd6e1d5d39
Include AUTH-9284 and minor changes 2020-10-22 14:17:01 +02:00
Timo Sigurdsson b7d5b8a4b9 Update tests.db and CHANGELOG.md for new test TOOL-5130 
Add the new test TOOL-5130 (Check for active Suricata daemon) to the tests
database and update the changelog accordingly.

Signed-off-by: Timo Sigurdsson <public_timo.s@silentcreek.de>
 2020-10-11 11:15:48 +02:00
Simon Biewald 38b6105c60
add new test to test database 2020-07-09 18:27:02 +02:00
Michael Boelen ce3c80b44f
Merge pull request #883 from topimiettinen/check-encrypted-swap-devices 
Check if system uses encrypted swap devices
 2020-04-12 16:22:22 +02:00
Topi Miettinen de848cb76a
Check for registered non-native binary formats 
Examine /proc/sys/fs/binfmt_misc (Linux) for additional registered
binary formats. Those are probably emulated and their emulation could
be less tested, more buggy and more vulnerable than native binary
formats, so they should be disabled when not needed.

Signed-off-by: Topi Miettinen <toiwoton@gmail.com>
 2020-04-10 12:54:48 +03:00
Michael Boelen 032bb6988e
Added new test NETW-2400 2020-04-04 15:28:04 +02:00
Michael Boelen 5288479296
Merge pull request #899 from bginsbach/auth-9218 
AUTH-9218 Improvements
 2020-04-03 09:48:39 +02:00
Brian Ginsbach 6308682cae Combine AUTH-9218 and AUTH-9489 
These two tests are essentially identical. There is no need separate
the DragonFly and FreeBSD tests. This will make it easier to add
support for other BSD systems.
 2020-04-02 20:09:01 -05:00
Michael Boelen 38a5c2cb79
Added new test PHP-2382 2020-04-02 19:46:58 +02:00
Michael Boelen 4cf21ebdcc
Added FILE-6394 2020-04-01 16:19:09 +02:00
Topi Miettinen 5c5cc43c6f
Check if system uses encrypted swap devices 
Add test CRYP-7931 to check if the system uses any encrypted swap
devices.

Signed-off-by: Topi Miettinen <toiwoton@gmail.com>
 2020-03-27 13:05:56 +02:00
Michael Boelen 5e821687af
Added new tests 2020-03-24 13:33:24 +01:00
Michael Boelen 18a570c0b8
Merge pull request #880 from konstruktoid/grphashrounds 
Add test for group password hash rounds
 2020-03-24 13:24:12 +01:00
Thomas Sjögren 6818db5e12 add AUTH-9230 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2020-03-24 11:43:34 +01:00
Topi Miettinen 8913374092 Run 'systemd-analyze security' 
'systemd-analyze security' (available since systemd v240) makes a nice
overall evaluation of hardening levels of services in a system. More
details can be found with 'systemd-analyze security SERVICE' for each
service.

Signed-off-by: Topi Miettinen <toiwoton@gmail.com>
 2020-03-23 17:31:32 +02:00
Michael Boelen 32cefdea0a
Merge pull request #878 from topimiettinen/check-ima-evm 
Check IMA/EVM, dm-integrity and dm-verity statuses
 2020-03-23 13:18:16 +01:00
Michael Boelen 122619d01f
Merge pull request #874 from topimiettinen/check-password-hashing-methods 
Check password hashing methods
 2020-03-23 12:49:20 +01:00
Topi Miettinen 8ea39314f2
Check for dm-integrity and dm-verity 
Detect tools for dm-integrity and dm-verity, check if some devices
in /dev/mapper/* use them and especially the system root device.

Signed-off-by: Topi Miettinen <toiwoton@gmail.com>
 2020-03-23 10:35:38 +02:00
Topi Miettinen 203a4d3480
Check IMA/EVM status 
Check for evmctl (Extended Verification Module) tool and system IMA (Integrity Measurement
Architecture) status.

Signed-off-by: Topi Miettinen <toiwoton@gmail.com>
 2020-03-22 11:21:52 +02:00
Topi Miettinen 26a54991ba
Check for software pseudo random number generators 
Check for running audio-entropyd, havegd or jitterentropy-rngd.

Signed-off-by: Topi Miettinen <toiwoton@gmail.com>
 2020-03-21 16:26:30 +02:00
Topi Miettinen 4a51ad031b
Check password hashing methods 
Manual page crypt(5) gives recommendations for choosing password
hashing methods, so let's check if there are weakly encrypted
passwords in the system.

Signed-off-by: Topi Miettinen <toiwoton@gmail.com>
 2020-03-21 12:50:38 +02:00
Michael Boelen 8f37edb626
Update tests.db 
Corrected test ID
 2020-03-20 09:46:08 +01:00
Topi Miettinen 820d2ec607
Check DNSSEC status with resolvectl when available 
'resolvectl statistics' shows if DNSSEC is supported by
systemd-resolved and upstream DNS servers.

Signed-off-by: Topi Miettinen <toiwoton@gmail.com>
 2020-03-19 23:56:24 +02:00
Topi Miettinen 3aaeeea856
Check for rEFInd boot loader 
Detect rEFInd boot loader (https://www.rodsbooks.com/refind/).

Signed-off-by: Topi Miettinen <toiwoton@gmail.com>
 2020-03-19 15:44:30 +02:00
Michael Boelen 3bbe34ea73
[CRYP-8004] enhanced after pulling in initital test 2020-02-15 14:09:56 +01:00
pyllyukko c88953a815
Test SINT-7010 in macOS only 2019-10-08 20:31:35 +03:00
Michael Boelen 87f5596952
Added new test DBS-1828 2019-10-08 15:15:18 +02:00
Michael Boelen f188bac7e8
Update description for FILE-6374 2019-10-08 15:10:02 +02:00
Michael Boelen a87c2b10f9
Added CRYP-8002 2019-08-29 10:39:43 +02:00
Michael Boelen 1e4e00adea
Changed description of TOOL-5160 2019-08-28 15:37:35 +02:00