tyler.durden
/
lynis
mirror of https://github.com/CISOfy/lynis.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
3,131 Commits 2 Branches 63 Tags 18 MiB
Commit Graph

3131 Commits

Author SHA1 Message Date
Michael Boelen b980223d42
Merge pull request #958 from Steve8291/patch-2 
fix stderr output from cryptsetup status
 2020-06-22 14:26:47 +02:00
Michael Boelen d1cb4d71cd
Merge pull request #951 from al-lac/master 
Update language files (de, de-AT, en)
 2020-06-22 14:14:50 +02:00
Michael Boelen 75738ceeab
Fix for language detection, unset LANG as right place 2020-06-22 10:25:02 +02:00
Michael Boelen 6d6781a2ae
Updated log 2020-06-22 10:18:56 +02:00
Michael Boelen a2f8bdc5f8
[BOOT-5122] presence check for grub.d added 2020-06-22 10:18:01 +02:00
Steve8291 c02ce49ce3
fix stderr output from cryptsetup status 
Redirected stderr to /dev/null to silence output of `cryptsetup status /swap.img`
This was causing error output from my cron script.
Otherwise, if the swap file is not encrypted then the following error will be printed:
`Device swap.img not found`
 2020-06-21 10:47:28 -04:00
Michael Boelen 74c4298eab
Updated log 2020-06-21 13:15:09 +02:00
Michael Boelen 6d9b530bf4
[KRNL-5830] improved detection for non-symlinked kernel on disk 2020-06-21 13:14:08 +02:00
Michael Boelen aebd5ed9b3
Remove unneeded line in log to prevent double entry 2020-06-21 12:57:05 +02:00
Michael Boelen b2350f2f6c
Add log entry to help troubleshooting users that still use old-style configuration entries in profile 2020-06-21 12:52:50 +02:00
Michael Boelen 251cb97902
Updated log 2020-06-21 12:40:51 +02:00
Michael Boelen 22644edc50
Added missing colons 2020-06-21 12:40:43 +02:00
Michael Boelen f855fe7a04
Added Linux Mint 2020-06-21 12:40:03 +02:00
Michael Boelen 06b3cbe529
Reordered items 2020-06-21 12:36:36 +02:00
Simon Biewald 5cd33746a0
add (Open)SSH equivalents to rhost files 
SSH also supports host based authentication. In contrast to the totally
insecure rsh, the hostnames are checked cryptographically. The
authorization checks are still done with the same syntax as with rsh.
In addition to the old rhosts/rlogin (and eqviv) file, SSH adds the
slogin file. This must not be writable as well, as attackers could
elevate their privileges.
 2020-06-20 17:45:34 +02:00
Simon Biewald b7b132721e
check permissions of files used by rsh 
The old rsh (remote shell) grants access to users and hosts in the files
/etc/hosts.equiv and ~/r(login|hosts). If attackers can write to those
files, he can logon as a different user or even root (in case of roots
.r(login|hosts) only) to the system. While the rsh daemon usually checks
for non-root owners or write permissions, this may not be the case on
any system.

Those files might affect other services as well (rlogin, rcp, ...).

As hostnames and usernames are not verified securely, the use of rsh and
similar commands discouraged. It may still be in use on legacy systems
even today, so it should be secured as much as possible if not possible
to remove/replace.
 2020-06-20 17:08:56 +02:00
Alexander L dfb02e4179
Update de 
Sorting
 2020-06-20 14:23:17 +02:00
Alexander L 4a71989d2e
Update en 
Sorting
 2020-06-20 14:20:58 +02:00
Alexander Lackner 6aa63f1c95 Update language files (de, de-AT, en) 2020-06-20 02:12:57 +02:00
Michael Boelen bd29a3e4e7
Updated log 2020-06-19 11:11:47 +02:00
Michael Boelen 57a2ae2b8d
Switch to pre-release 2020-06-19 11:11:37 +02:00
Michael Boelen 6a9e94befb
Reordered items, added Kali Linux, improved exception message 2020-06-19 11:10:22 +02:00
Michael Boelen 05ef9547ae
Release 3.0.0 2020-06-18 12:51:54 +02:00
Michael Boelen 3fa85dd964
Merge pull request #945 from konstruktoid/issue944 
add Fedora EOL, update other releases
 2020-06-18 12:49:15 +02:00
Michael Boelen 3c3c4105b2
Updated log 2020-06-18 12:48:33 +02:00
Michael Boelen 051be09838
Merge pull request #594 from katkad/home_result 
CVE-2020-13882: discovered by Sander Bos, code submission by Katarina Durechova - Store log and data file in home directory for non-privileged usage
 2020-06-18 12:46:42 +02:00
Michael Boelen 3b9eda53cc
CVE-2019-13033 - Discovered by Sander Bos 2020-06-18 12:36:04 +02:00
Thomas Sjögren 78e7ce36af add RHEL 6,7,8 EOL dates 
(cherry picked from commit 6ce0aa41c6)
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2020-06-18 10:15:13 +02:00
Thomas Sjögren 41ad9d380c update all EOL dates to seconds to epoch 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2020-06-16 09:05:55 +02:00
Thomas Sjögren ca6326a12b
Update db/software-eol.db 
Co-authored-by: Jaimie <59117167+Jaimie85@users.noreply.github.com>
 2020-06-15 07:40:57 +00:00
Thomas Sjögren b3e1fc67c8 add Fedora EOL, update other releases 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2020-06-15 01:35:00 +02:00
Steve8291 10402538fa
Fix typo in kernel options description 2020-06-11 10:46:55 -04:00
Michael Boelen 2398c74783
Merge pull request #941 from iain-cuthbertson-siftware/bugfix/allow-mixed-case-hostnames 
Adds uppercase option to the hostname validation regex
 2020-06-02 18:50:35 +02:00
Michael Boelen 3d7de495cc
Updated log 2020-06-02 16:34:42 +02:00
Michael Boelen 05ea9f873d
[FILE-6330] corrected description 2020-06-02 16:34:35 +02:00
Iain Cuthbertson 0b8c775a01 Adds uppercase option to the hostname validation regex 2020-06-02 15:33:32 +01:00
Michael Boelen b285623ac2
Remove double space 2020-06-02 16:30:43 +02:00
Michael Boelen 9fdfc062dd
Add Gentoo 2020-06-02 14:09:49 +02:00
Michael Boelen 96659e61eb
Merge pull request #929 from Jaimie85/update-NL-language 
Update & sort NL language
 2020-05-21 16:03:25 +02:00
Jaimie f072f808a2
Update nl 2020-05-20 15:41:46 +02:00
Michael Boelen 3c04c6b394
Merge pull request #927 from danielf-5/master 
Minor edits
 2020-05-16 15:35:47 +02:00
Daniel Fernandez be4fdb8bc4
Update CONTRIBUTING.md 2020-05-15 23:59:59 -05:00
Daniel Fernandez b74977db53
Update HAPPY_USERS.md 2020-05-15 23:57:31 -05:00
Daniel Fernandez 859298cc2a
Update README.md 2020-05-15 23:56:43 -05:00
Michael Boelen 11cfa7c18d
Merge pull request #925 from ajshastri/master 
Added OS detection for Oracle Linux
 2020-05-15 11:30:33 +02:00
Aditya Shastri 2b0a0ba2e1 Addedd OS detection for Oracle Linux 2020-05-14 20:51:11 -07:00
Michael Boelen e410d68ce6
Merge pull request #912 from konstruktoid/fileperms 
accept more restrictive file permissions
 2020-05-07 08:53:26 +02:00
Jeremias Cordoba f081a9ed7e Fix KRNL-5730 to properly check /proc/config.gz 
When KRNL-5728 locates the kernel config it does not properly set LINUXCONFIGFILE
if config is found as /proc/config.gz. This causes KRNL-5730 to fail due to missing prereqs,
despite a kernel config existing.

Signed-off-by: Jeremias Cordoba <js.cordoba8321@gmail.com>
 2020-05-04 15:51:03 -07:00
Topi Miettinen fcdc07f8d9
[CRYP-7902] Check also certificates in DER format 
Check also certificates in DER (*.cer, *.der) format. Add
/etc/refind.d/keys to list of certificate paths.

Signed-off-by: Topi Miettinen <toiwoton@gmail.com>
 2020-04-25 00:06:58 +03:00
Thomas Sjögren 51dfc34663 accept more restrictive file permissions 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2020-04-22 10:34:58 +02:00