tyler.durden
/
lynis
mirror of https://github.com/CISOfy/lynis.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
3,131 Commits 2 Branches 63 Tags 18 MiB
Commit Graph

3131 Commits

Author SHA1 Message Date
Michael Boelen c353ce6626
Merge pull request #1027 from SergeyDjam/master 
Add ROSA Linux detection
 2020-10-17 13:23:53 +02:00
Michael Boelen 4a21fd9a5c
Merge branch 'master' into master 2020-10-17 13:23:08 +02:00
Michael Boelen 791800f95d
Added Zorin OS detection 2020-10-17 13:15:06 +02:00
Michael Boelen 760460528b
Added variable 2020-10-17 12:55:20 +02:00
Stéphane eaca6127ec
Improvements and addition of strings 2020-10-17 00:04:09 +02:00
Michael Boelen 5d9c85a35c
Preparations for 3.0.2 2020-10-16 13:02:57 +02:00
Michael Boelen 1c0c9d7858
Move to pre-release 2020-10-16 13:02:35 +02:00
Michael Boelen ba1cff941f
Improved detection of kernel by ignoring known incorrect values 2020-10-16 13:02:01 +02:00
Timo Sigurdsson b7d5b8a4b9 Update tests.db and CHANGELOG.md for new test TOOL-5130 
Add the new test TOOL-5130 (Check for active Suricata daemon) to the tests
database and update the changelog accordingly.

Signed-off-by: Timo Sigurdsson <public_timo.s@silentcreek.de>
 2020-10-11 11:15:48 +02:00
Timo Sigurdsson 15799cf57e Add test for Suricata IDS/IPS 
Commit 94e0a4e added a test for the Suricata binary, but the result appears to
be used nowhere. Add a proper test for an active Suricata daemon in the
IDS/IPS tooling section.

Signed-off-by: Timo Sigurdsson <public_timo.s@silentcreek.de>
 2020-10-11 02:25:37 +02:00
silentcreek b069d4cda8
Merge pull request #1 from CISOfy/master 
Sync with CISOfy/lynis
 2020-10-10 14:59:03 +02:00
Sergey Zhemoitel 85d36db113 Add ROSA Linux detection 2020-10-08 23:06:35 +03:00
Michael Boelen 21b5493a1c
Release 3.0.1 2020-10-05 13:22:39 +02:00
Michael Boelen c6bd185fd7
Resolved merge conflict 2020-10-02 11:05:04 +02:00
Michael Boelen 11be8b03ae
Updated log 2020-10-02 10:58:06 +02:00
Michael Boelen 5e0a4e685d
Added CloudLinux 2020-10-02 10:57:58 +02:00
Michael Boelen 768d8a62e8
Updated log 2020-10-02 10:55:36 +02:00
Michael Boelen a1f794cc75
Don't provide suggestion to install pseudo rng at this moment 2020-09-03 10:54:21 +02:00
danielorihuelarodriguez@gmail.com 5ca6b7ed79 feature: take into account LK 
Some distributions like CentOS 8 contains "LK" instead of "L" for
locked users.
 2020-08-28 23:19:37 +02:00
Simon Biewald 93a71539d5
Add support for Flatcar Container Linux 
Fixes cisofy/lynis#1014.

Flatcar is a for of CoreOS. Thus the variable LINUX_VERSION_LIKE
(introduced with #1004) for Flatcar is CoreOS.
 2020-08-27 21:49:17 +02:00
Jimver 554dd2d5e9
Better log message 2020-08-27 12:57:22 +02:00
Jimver e6891feeb4
Remove newline 2020-08-27 12:52:59 +02:00
Jimver cd94da3449
Use shell wildcard expansion now 2020-08-27 12:50:48 +02:00
Jimver 6f6e21add2
Fix wildcard expansion, absolute path handling and output to stderr 2020-08-26 16:38:35 +02:00
Jim 84fd612c91
Add check for other clock files for earlier systemd versions 2020-08-24 17:59:06 +02:00
Jim dabac5bf89
Change timesync sync file, fixes #1012 2020-08-23 22:41:19 +02:00
danielorihuelarodriguez@gmail.com c857ee7cf2 fix: take into account unlocked system accounts 2020-08-23 19:54:59 +02:00
Simon Biewald bd7131f6db Detect sysstat systemd unit 2020-08-19 20:47:09 +00:00
danielorihuelarodriguez@gmail.com 6bad6b058b feature: gather locked accounts info 2020-08-10 19:27:43 +02:00
Steve Kolenich f65f4d011b Improve detecting kernel version on disk 
Improve handling of kenrel files
/boot/vmlinuz-linux-lts
/boot/vmlinuz-linux
/boot/vmlinuz-lts
by updateing RegEx and adding elif
this corrects issue where version is identified
as 'linux' or 'lts' causing false report that a
reboot is needed
 2020-08-10 12:27:30 -04:00
Steve Kolenich ec551d732d Added Alpine Linux EOL dates 2020-08-10 12:26:55 -04:00
Claudia 48e794574a
Add macOS EOL 
Apple doesn’t disclose when it stops providing security updates for
macOS versions. There’s no consensus on when the exact EOL date is.

Lacking that information, I applied the following ruleset, which is
driven by what people have observed, and seems pragmatic enough:

- From Mac OS X 10.0 through 10.4, a version 10.N would be considered
  EOL on the day the first patch-level update 10.(N+2).1 for its
  N+2 successor was released.

- Starting with 10.5, Apple began to support three versions at the same
  time. For 10.5 itself, the EOL date is difficult to pin down so I
  went with 2011-06-23, the date given by the English-language
  Wikipedia.

- From 10.6 through 10.11, a version 10.N would be considered EOL on
  the day the first patch-level update 10.(N+3).1 for its N+3 successor
  was released.

- Starting with macOS Sierra (10.12), Lynis counts the patch level.
  Any version 10.N.P can be considered EOL on the day 10.N.(P+1)
  is released. If that hasn’t happened, the EOL date is the day
  10.(N+3).1 is released. If neither has been released, 10.N.P has
  no EOL date.
 2020-08-08 19:11:44 +02:00
Michael Boelen 7df0b8618b
Updated log 2020-08-07 11:56:19 +02:00
Michael Boelen 792a202934
Merge pull request #913 from topimiettinen/check-der-certs 
[CRYP-7902] Check also certificates in DER format
 2020-08-07 11:54:39 +02:00
Michael Boelen 4206177081
Merge pull request #981 from Varbin/openntpd-equals 
[TIME-3180, TIME-3181, TIME-3182] Fix OpenNTPD tests
 2020-08-07 11:50:22 +02:00
Michael Boelen 9715c21c71
Merge pull request #957 from Varbin/rsh-permissions 
rsh host file permissions
 2020-08-07 11:48:13 +02:00
Michael Boelen 30e0fed04f
Merge pull request #993 from Varbin/more-cron-ntp 
[TIME-3104] Find more time synchronization commands
 2020-08-07 11:46:51 +02:00
Michael Boelen 21311364e7
Merge pull request #980 from Varbin/953-timesyncd-no-dbus 
Fix timesyncd detection on systems without dbus.
 2020-08-07 11:44:06 +02:00
Michael Boelen 343e9bdc1c
Merge pull request #974 from igloonet/feature/warn-slow-settting 
Command line option for slow test threshold
 2020-08-07 11:39:39 +02:00
Michael Boelen 3173dd8010
Merge pull request #1002 from kolenichsj/master 
Adding Alpine Linux to OSDetection
 2020-08-07 11:37:31 +02:00
Steve Kolenich 33d8e8e00b Adding Alpine Linux to OSDetection 2020-08-06 20:15:18 -04:00
Michael Boelen 138cce7f9c
Update CHANGELOG.md 2020-08-05 11:50:37 +02:00
Michael Boelen 30c8a92594
Merge pull request #994 from konstruktoid/issue992 
add Microsoft Defender ATP, malware scanner
 2020-08-05 11:49:32 +02:00
Michael Boelen c0ddfd0f77
Changed suggestion text for 4+ months old version 2020-08-04 09:39:05 +02:00
Michael Boelen 65cc4daa57
Update CHANGELOG.md 2020-08-04 09:26:50 +02:00
Michael Boelen 55c65aeddd
Merge pull request #997 from quantumpacket/patch-4 
Add PHP 7.4 Detection Paths
 2020-08-04 09:23:16 +02:00
0ri0n f988e573db
Add missing PHP 7.4 check for BSD 2020-07-27 13:59:46 -04:00
0ri0n 9b388518de
Add PHP 7.4 Detection Paths 2020-07-26 23:33:34 -04:00
Thomas Sjögren baf5f7ad4d add Microsoft Defender ATP, malware scanner 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2020-07-21 23:56:47 +02:00
Simon Biewald e27208a342
use STATBINARY, put filename in variable 2020-07-10 00:48:12 +02:00