tyler.durden
/
lynis
mirror of https://github.com/CISOfy/lynis.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
2,801 Commits 2 Branches 62 Tags 17 MiB
Commit Graph

1873 Commits

Author SHA1 Message Date
Michael Boelen 148e5b5c14
Merge pull request #870 from bginsbach/boot-5260-linux 
Make BOOT-5260 Linux only
 2020-03-21 13:54:21 +01:00
Michael Boelen 1bb35b86b8
Merge pull request #873 from topimiettinen/fix-developer-profile 
Fix developer profile
 2020-03-21 13:50:03 +01:00
Michael Boelen 357b059c12
Merge pull request #871 from bginsbach/fix-find-not 
Fix uses of non-standard find not operator
 2020-03-21 13:43:28 +01:00
Topi Miettinen e98fcb9b73
Fix developer profile 
Initialialize a few variables to let --profile developer.prf pass.

Signed-off-by: Topi Miettinen <toiwoton@gmail.com>
 2020-03-20 22:26:51 +02:00
Brian Ginsbach 9c5451d29d Make BOOT-5260 Linux only 
Linux is the only OS with systemd so no need to check for systemd
single user mode on other operatings systems.
 2020-03-20 14:40:20 -05:00
Brian Ginsbach 32d1155953 Fix uses of non-standard find not operator 
Use ! rather than the non-standard -not find(1) operator.
 2020-03-20 14:37:56 -05:00
Brian Ginsbach 52344913d3 Add a way to signify undetermined EOL 
Replace setting an artificaly high date and converted date for
operating systems with no EOL (rolling) or the EOL is still to
be determined. This makes it easier for humans and saves making
a comparison (when using an artifically high converted time)
will always be false (EOL=0).

An example entry

        os:AGreatOS 2.0:👎

The converted time (seconds since the epoch) could be specified as
zero but this typically means the OS is out of date (now), A value
of -1 is a convention indicating no EOL.
 2020-03-20 13:42:28 -05:00
Michael Boelen 1f8b5fafde
Add OS to 'show eol' and make output easier to parse 2020-03-20 14:57:56 +01:00
Michael Boelen 38310223a6
Updated date/year 2020-03-20 14:50:25 +01:00
Michael Boelen 8c0b42cdae
Merge pull request #861 from topimiettinen/enhance-selinux-check 
Enhance SELinux checks
 2020-03-20 14:00:57 +01:00
Michael Boelen bf7bd1415b
Merge pull request #867 from topimiettinen/check-dnssec-resolvectl 
Check DNSSEC status with resolvectl when available
 2020-03-20 09:46:40 +01:00
Topi Miettinen 820d2ec607
Check DNSSEC status with resolvectl when available 
'resolvectl statistics' shows if DNSSEC is supported by
systemd-resolved and upstream DNS servers.

Signed-off-by: Topi Miettinen <toiwoton@gmail.com>
 2020-03-19 23:56:24 +02:00
Topi Miettinen fb9cdb5c43
Enhance SELinux checks 
Display and log: permissive types (rules are not enforced), unconfined
processes (not confined by rules) and processes with initrc_t
type (generic type with weak rules).

Signed-off-by: Topi Miettinen <toiwoton@gmail.com>
 2020-03-19 19:45:37 +02:00
Michael Boelen ddcf9bc713
[BOOT-5122] check for defined password in all GRUB configuration files 2020-03-19 15:52:03 +01:00
Michael Boelen 6d9ebe4136
Merge pull request #857 from topimiettinen/handle-kernel-img.conf 
Check if /vmlinuz is missing due to /etc/kernel-img.conf
 2020-03-19 15:33:47 +01:00
Michael Boelen 51d727d611
Merge pull request #858 from topimiettinen/fix-enabled-running-processes 
Fix logging of running and enabled services
 2020-03-19 15:32:54 +01:00
Topi Miettinen 3aaeeea856
Check for rEFInd boot loader 
Detect rEFInd boot loader (https://www.rodsbooks.com/refind/).

Signed-off-by: Topi Miettinen <toiwoton@gmail.com>
 2020-03-19 15:44:30 +02:00
Topi Miettinen 80a67914c3
Fix logging of running and enabled services 
Log lines for running and enabled services were mixed up, fix.

Signed-off-by: Topi Miettinen <toiwoton@gmail.com>
 2020-03-19 15:25:59 +02:00
Topi Miettinen f15fbfa6ed
Check if /vmlinuz is missing due to /etc/kernel-img.conf 
If /etc/kernel-img.conf has the line do_symlinks=No, Debian (probably
also Ubuntu) kernel packages will not update /vmlinuz
etc. symlinks. In that case, guess the kernel from uname -r.

Signed-off-by: Topi Miettinen <toiwoton@gmail.com>
 2020-03-19 15:16:37 +02:00
Michael Boelen 671c443641
Merge pull request #845 from maczniak/master 
[SSH-7408] fix OpenSSH server version check
 2020-03-19 11:00:38 +01:00
Michael Boelen b523352a59
Merge pull request #830 from Schmuuu/fix/vmlinuz-check 
restructered test and fixed vmlinuz detection
 2020-03-19 10:58:27 +01:00
Michael Boelen bc4146555c
[PKGS-7388] Only perform test when all conditions are correct 2020-03-19 10:51:02 +01:00
Michael Boelen 8a42643373
Merge pull request #822 from pyllyukko/vmlinuz-raspbian 
KRNL-5788 in Raspi: don't complain about missing /vmlinuz
 2020-03-18 11:39:58 +01:00
Michael Boelen 6a5ea9471e
Merge pull request #828 from gfelkel/patch-1 
FILE-6310 for HP-UX
 2020-03-18 11:35:03 +01:00
Michael Boelen 6e3e93d585
[PKGS-7388] only perform check for Debian, Mint, Ubuntu 2020-03-17 16:05:14 +01:00
Michael Boelen 77dd0e0bbe
Merge pull request #853 from deltablot/php 
Skip the PHP cli configuration file when looking for expose_php
 2020-03-17 14:02:51 +01:00
Michael Boelen d1db448c51
Skip pacman when it is the game instead of package manager 2020-03-17 13:02:59 +01:00
Michael Boelen 0b0b0ea905
Style improvement 2020-03-12 16:01:11 +01:00
Michael Boelen 83a9470b72
Merge pull request #829 from gfelkel/patch-2 
AUTH-9228 for HP-UX
 2020-03-12 15:59:33 +01:00
Michael Boelen 2f9f25a2bf
Merge pull request #842 from chifu1234/master 
add basic xbps/void support
 2020-03-11 15:53:57 +01:00
Michael Boelen efc591c791
Merge pull request #846 from Skactor/patch-2 
Update tests_shells
 2020-03-11 15:52:33 +01:00
Michael Boelen 73491ec850
Merge pull request #843 from Skactor/patch-1 
Update tests_ports_packages
 2020-03-10 15:21:08 +01:00
Nicolas CARPi 600cb84310 Use a POSIX implementation to check for substring 
This works with all shells, even busybox.
 2020-03-05 21:42:54 +01:00
Nicolas CARPi 0593c69f2f Skip the PHP cli configuration file when looking for expose_php 
The expose_php configuration option is only relevant for non-cli PHP and
thus lynis should not look for it in config files that are for cli

Fix #849
 2020-03-05 00:53:27 +01:00
Michael Boelen 3f883106c9
Merge pull request #840 from deltablot/ssh 
Remove the test for ssh config VerifyReverseMapping
 2020-03-04 19:36:56 +01:00
Michael Boelen 28bd36d9c6
Added Fedora 2020-03-04 15:09:10 +01:00
Michael Boelen c0158da38e
Corrected test ID 2020-03-04 15:04:54 +01:00
Michael Boelen 5faf69af16
Code enhancement to avoid repetition 2020-03-04 15:02:39 +01:00
Michael Boelen 6e5f638640
Merge pull request #852 from craigcomstock/pureos 
Added detection of PureOS in /etc/os-release
 2020-03-04 14:58:59 +01:00
Michael Boelen e008907ff1
Remove 's' from word 'colours' 2020-03-04 14:51:13 +01:00
Michael Boelen b011b7a8d5
Merge pull request #850 from gcsgithub/soerelease 
Soerelease
 2020-03-04 14:48:19 +01:00
Craig Comstock 22ceeaa926
Added detection of PureOS in /etc/os-release 2020-03-03 13:56:33 -06:00
Mark Garrett 0cd256372c fix whitespace 2020-03-01 10:31:52 +11:00
Mark Garrett b2f676da7b allow for correct spelling for colour should drop the s from colours but didnt 2020-03-01 10:19:33 +11:00
Mark Garrett 30b1e4170b macosx add Catalina 10.15 2020-03-01 10:18:33 +11:00
Skactor fc7c5fb723
Update tests_shells 
Write function as variable due to careless error
 2020-02-25 15:48:55 +08:00
maczniak d8a3bc8afa fix CISOfy/lynis#844 2020-02-24 23:17:09 +09:00
Skactor 35e568e695
Update tests_ports_packages 
Incorrect constant name spelling
 2020-02-24 20:44:05 +08:00
Kevin 42b2831f75 add basic xbps/void support 2020-02-21 08:06:24 +01:00
Nicolas CARPi 91ad10d464 Remove the test for ssh config VerifyReverseMapping 
This option is deprecated since 2003. Having it in a config file raises
a warning and UseDNS (that is on by default) includes the
VerifyReverseMapping check.

See
3a961dc0d3

See #528
 2020-02-18 22:19:45 +01:00