tyler.durden
/
lynis
mirror of https://github.com/CISOfy/lynis.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
2,864 Commits 2 Branches 62 Tags 17 MiB
Commit Graph

1914 Commits

Author SHA1 Message Date
Topi Miettinen 820d2ec607
Check DNSSEC status with resolvectl when available 
'resolvectl statistics' shows if DNSSEC is supported by
systemd-resolved and upstream DNS servers.

Signed-off-by: Topi Miettinen <toiwoton@gmail.com>
 2020-03-19 23:56:24 +02:00
Topi Miettinen fb9cdb5c43
Enhance SELinux checks 
Display and log: permissive types (rules are not enforced), unconfined
processes (not confined by rules) and processes with initrc_t
type (generic type with weak rules).

Signed-off-by: Topi Miettinen <toiwoton@gmail.com>
 2020-03-19 19:45:37 +02:00
Michael Boelen ddcf9bc713
[BOOT-5122] check for defined password in all GRUB configuration files 2020-03-19 15:52:03 +01:00
Topi Miettinen 72e8f572bf
Harden mount options for /var, check also /dev and /run 
There should not be any need for char/block devices in /var, so
propose nodev. Sockets are not affected.

Check also /dev for noexec,nosuid and /run for
nodev,nosuid. Historically there was /dev/MAKEDEV script but that's
long gone.

In case a file system is not found in /etc/fstab, check if they are
mounted otherwise (e.g. via systemd mount units).

Signed-off-by: Topi Miettinen <toiwoton@gmail.com>
 2020-03-19 16:39:02 +02:00
Michael Boelen 6d9ebe4136
Merge pull request #857 from topimiettinen/handle-kernel-img.conf 
Check if /vmlinuz is missing due to /etc/kernel-img.conf
 2020-03-19 15:33:47 +01:00
Michael Boelen 51d727d611
Merge pull request #858 from topimiettinen/fix-enabled-running-processes 
Fix logging of running and enabled services
 2020-03-19 15:32:54 +01:00
Topi Miettinen 3aaeeea856
Check for rEFInd boot loader 
Detect rEFInd boot loader (https://www.rodsbooks.com/refind/).

Signed-off-by: Topi Miettinen <toiwoton@gmail.com>
 2020-03-19 15:44:30 +02:00
Topi Miettinen 80a67914c3
Fix logging of running and enabled services 
Log lines for running and enabled services were mixed up, fix.

Signed-off-by: Topi Miettinen <toiwoton@gmail.com>
 2020-03-19 15:25:59 +02:00
Topi Miettinen f15fbfa6ed
Check if /vmlinuz is missing due to /etc/kernel-img.conf 
If /etc/kernel-img.conf has the line do_symlinks=No, Debian (probably
also Ubuntu) kernel packages will not update /vmlinuz
etc. symlinks. In that case, guess the kernel from uname -r.

Signed-off-by: Topi Miettinen <toiwoton@gmail.com>
 2020-03-19 15:16:37 +02:00
Michael Boelen 671c443641
Merge pull request #845 from maczniak/master 
[SSH-7408] fix OpenSSH server version check
 2020-03-19 11:00:38 +01:00
Michael Boelen b523352a59
Merge pull request #830 from Schmuuu/fix/vmlinuz-check 
restructered test and fixed vmlinuz detection
 2020-03-19 10:58:27 +01:00
Michael Boelen bc4146555c
[PKGS-7388] Only perform test when all conditions are correct 2020-03-19 10:51:02 +01:00
Michael Boelen 8a42643373
Merge pull request #822 from pyllyukko/vmlinuz-raspbian 
KRNL-5788 in Raspi: don't complain about missing /vmlinuz
 2020-03-18 11:39:58 +01:00
Michael Boelen 6a5ea9471e
Merge pull request #828 from gfelkel/patch-1 
FILE-6310 for HP-UX
 2020-03-18 11:35:03 +01:00
Michael Boelen 6e3e93d585
[PKGS-7388] only perform check for Debian, Mint, Ubuntu 2020-03-17 16:05:14 +01:00
Michael Boelen 77dd0e0bbe
Merge pull request #853 from deltablot/php 
Skip the PHP cli configuration file when looking for expose_php
 2020-03-17 14:02:51 +01:00
Michael Boelen d1db448c51
Skip pacman when it is the game instead of package manager 2020-03-17 13:02:59 +01:00
Michael Boelen 0b0b0ea905
Style improvement 2020-03-12 16:01:11 +01:00
Michael Boelen 83a9470b72
Merge pull request #829 from gfelkel/patch-2 
AUTH-9228 for HP-UX
 2020-03-12 15:59:33 +01:00
Michael Boelen 2f9f25a2bf
Merge pull request #842 from chifu1234/master 
add basic xbps/void support
 2020-03-11 15:53:57 +01:00
Michael Boelen efc591c791
Merge pull request #846 from Skactor/patch-2 
Update tests_shells
 2020-03-11 15:52:33 +01:00
Michael Boelen 73491ec850
Merge pull request #843 from Skactor/patch-1 
Update tests_ports_packages
 2020-03-10 15:21:08 +01:00
Nicolas CARPi 600cb84310 Use a POSIX implementation to check for substring 
This works with all shells, even busybox.
 2020-03-05 21:42:54 +01:00
Nicolas CARPi 0593c69f2f Skip the PHP cli configuration file when looking for expose_php 
The expose_php configuration option is only relevant for non-cli PHP and
thus lynis should not look for it in config files that are for cli

Fix #849
 2020-03-05 00:53:27 +01:00
Michael Boelen 3f883106c9
Merge pull request #840 from deltablot/ssh 
Remove the test for ssh config VerifyReverseMapping
 2020-03-04 19:36:56 +01:00
Michael Boelen 28bd36d9c6
Added Fedora 2020-03-04 15:09:10 +01:00
Michael Boelen c0158da38e
Corrected test ID 2020-03-04 15:04:54 +01:00
Michael Boelen 5faf69af16
Code enhancement to avoid repetition 2020-03-04 15:02:39 +01:00
Michael Boelen 6e5f638640
Merge pull request #852 from craigcomstock/pureos 
Added detection of PureOS in /etc/os-release
 2020-03-04 14:58:59 +01:00
Michael Boelen e008907ff1
Remove 's' from word 'colours' 2020-03-04 14:51:13 +01:00
Michael Boelen b011b7a8d5
Merge pull request #850 from gcsgithub/soerelease 
Soerelease
 2020-03-04 14:48:19 +01:00
Craig Comstock 22ceeaa926
Added detection of PureOS in /etc/os-release 2020-03-03 13:56:33 -06:00
Mark Garrett 0cd256372c fix whitespace 2020-03-01 10:31:52 +11:00
Mark Garrett b2f676da7b allow for correct spelling for colour should drop the s from colours but didnt 2020-03-01 10:19:33 +11:00
Mark Garrett 30b1e4170b macosx add Catalina 10.15 2020-03-01 10:18:33 +11:00
Skactor fc7c5fb723
Update tests_shells 
Write function as variable due to careless error
 2020-02-25 15:48:55 +08:00
maczniak d8a3bc8afa fix CISOfy/lynis#844 2020-02-24 23:17:09 +09:00
Skactor 35e568e695
Update tests_ports_packages 
Incorrect constant name spelling
 2020-02-24 20:44:05 +08:00
Kevin 42b2831f75 add basic xbps/void support 2020-02-21 08:06:24 +01:00
Nicolas CARPi 91ad10d464 Remove the test for ssh config VerifyReverseMapping 
This option is deprecated since 2003. Having it in a config file raises
a warning and UseDNS (that is on by default) includes the
VerifyReverseMapping check.

See
3a961dc0d3

See #528
 2020-02-18 22:19:45 +01:00
Michael Boelen 3bbe34ea73
[CRYP-8004] enhanced after pulling in initital test 2020-02-15 14:09:56 +01:00
Michael Boelen 5ca8baf7a8
[USB-2000] improved testing for USB devices and filtering out possible incorrect state 2020-02-15 14:09:23 +01:00
Michael Boelen af70303aeb
Set preferred option to skip plugin executiont o --no-plugins, as that is more in line with the other 'no' options 2020-02-14 11:49:32 +01:00
Michael Boelen 3f834e6ad5
Merge pull request #821 from pyllyukko/CRYP-8004 
Added CRYP-8004
 2020-02-13 13:40:10 +01:00
Sascha Holzleiter 530ad1ef75 NETW-3014: Report correct promisc interface 2020-01-28 21:29:34 +01:00
Kristian Schuster 79a29381a4
restructered test and fixed vmlinuz detection 2020-01-26 19:13:26 +01:00
gfelkel 5bce9d598c
AUTH-9228 for HP-UX 
HP-UX also has /usr/sbin/pwck. For trusted systems, two additional options -s (check inconsistencies with the protected password database) and -l (check encrypted password lengths that are greater than 8 characters) are available.
 2020-01-23 13:30:46 +01:00
gfelkel d3287bd7ef
FILE-6310 for HP-UX 
HP-UX: /usr/sbin/mount reports "/home on /dev/…", so $1 has to be used
 2020-01-22 16:31:49 +01:00
Michael Boelen a7b48e40b0
[NETW-3015] check for promiscuity value that is higher than 0 instead of just 1 2020-01-11 11:31:40 +01:00
Michael Boelen 232b1cdc3f
[KRNL-5820] allow dash to define hard/soft value 2020-01-11 11:27:37 +01:00
Simon Biewald c58e296bd3
add openntpd detection and a few tests for it 2020-01-08 18:53:15 +01:00
pyllyukko 618a843017
KRNL-5788 in Raspi: don't complain about missing /vmlinuz 
The Raspberry Pi kernels reside within raspberrypi-kernel package[1].

[1] https://www.raspberrypi.org/documentation/linux/kernel/updating.md
 2020-01-07 22:27:27 +02:00
pyllyukko 40acdc111d
Added CRYP-8004 2020-01-06 21:22:00 +02:00
Michael Boelen b7da40c6ae
[KRNL-5830] derive kernel version from filename after obtaining symlink target 2019-12-23 15:41:26 +01:00
Michael Boelen ab4291242d
[KRNL-5830] check for symlink 2019-12-23 15:36:26 +01:00
Michael Boelen e5091772c5
Removed -o which had no purpose 2019-12-23 13:59:06 +01:00
Michael Boelen 35d248b74c
[FILE-6430] minor code improvements and show suggestion with more details 2019-12-18 19:20:48 +01:00
Michael Boelen cb59e92441
[MALW-3280] Added support for falcon-sensor by CrowdStrike 2019-12-18 12:22:51 +01:00
Michael Boelen 09f29a5e64
Code style improvement: quote argument 2019-12-18 12:17:46 +01:00
Michael Boelen 94ba30e765
[INSE-8050] corrected function call for showing suggestion 2019-12-18 12:04:32 +01:00
Michael Boelen c4b24c48a9
[INSE-8314] changed text of suggestion 2019-12-18 12:01:32 +01:00
Michael Boelen 2dfb901bcb
[PKGS-7410] Use multiple package managers when they are available on system. Also added support for Zypper for this test 2019-12-17 08:23:12 +01:00
Michael Boelen 11f8ce2361
[KRNL-5830] Use symlink, only test for 'version' keyword if needed, adjusted exception message 2019-12-17 08:03:51 +01:00
Michael Boelen 4e255617d3
[KRNL-5830] Fetch target for symlinked kernel 2019-12-16 09:47:40 +01:00
Michael Boelen d680fe549f
Switched from warnings to suggestions, corrected path selection for DIR variable 2019-12-13 12:59:43 +01:00
Michael Boelen f35a08ad28
Quoting should not be used when globbing 2019-12-13 12:40:29 +01:00
Michael Boelen 1b4b02d813
Decrease length of line breaks between tests 2019-12-13 12:36:19 +01:00
Michael Boelen bf4374bb19
[KRNL-5830] skip test partially if non-privileged 2019-12-13 12:35:38 +01:00
Michael Boelen fd84be485b
Improved permission check for BSD systems 2019-12-13 12:34:56 +01:00
Michael Boelen f00447fd1b
Style change, add curly brackets 2019-12-06 15:55:59 +01:00
Michael Boelen c7c44535e7
Merge pull request #800 from Schmuuu/core/fix-relative-path-detection 
don't fail relative paths check with spaces in PATH
 2019-12-06 15:39:55 +01:00
Michael Boelen 24c5a9fcea
Merge branch 'master' into master 2019-12-06 15:35:46 +01:00
Michael Boelen 6421c2e419
[BANN-7126] additional words for login banner are accepted 2019-12-06 09:49:06 +01:00
Michael Boelen 15ae5ea0c1
Added alias --use-cwd as that is more in line with other options (instead of --usecwd) 2019-12-04 08:01:56 +01:00
Michael Boelen c67696455f
Merge pull request #797 from Schmuuu/KRNL-5840/find-more-kernels 
KRNL-5840: add detection for proxmox and raspi kernel
 2019-12-03 14:32:52 +01:00
Michael Boelen 3e9902b35e
Merge pull request #798 from Schmuuu/OS-detection/detect-raspbian 
OS-Detection: add raspian detection
 2019-11-28 15:42:45 +01:00
Michael Boelen dd2cb31c7f
Merge pull request #799 from Schmuuu/ntp/set-NTP_CONFIG_FOUND 
do set variable NTP_CONFIG_FOUND if ntp config is found
 2019-11-28 15:05:01 +01:00
Michael Boelen ea03723093
Merge pull request #803 from dvehrs/PermTests 
Updated tests for file permissions to case statements
 2019-11-25 15:32:06 +01:00
Michael Boelen cad55d8bec
Merge pull request #802 from dvehrs/HCFP 
Updated permissions checks
 2019-11-25 15:28:00 +01:00
Michael Boelen 65f88e148b
Merge pull request #804 from Schmuuu/krnl/fix-wrong-limits-subfolder 
fix left over test folder with correct folder from variable
 2019-11-25 15:23:47 +01:00
Michael Boelen 35ca01eaac
Merge pull request #805 from Schmuuu/tests_php/add_some_php72_and_php73_support 
added additional php folders to check, plus added PHP72 and PHP73
 2019-11-25 15:23:11 +01:00
Michael Boelen f81ff3d7d6
Removed empty lines 2019-11-18 10:20:31 +01:00
Michael Boelen ffc9309338
Merge branch 'master' of https://github.com/CISOfy/lynis 2019-11-18 10:19:58 +01:00
Michael Boelen a07fcb3348
Add USR1 trap to show status such as active test 2019-11-18 10:19:43 +01:00
Michael Boelen 421b42c5b0
Merge pull request #809 from Marzal/master 
First fix in order make lynis work OK in AIX
 2019-11-13 11:21:43 +01:00
Michael Boelen 6d594b899f
Merge pull request #810 from neilmayhew/fix/773-home-9306 
Fix for false positive for some users on HOME-9306
 2019-11-13 11:18:04 +01:00
fbomj 2b8f761efa MALW-3280: Kaspersky detection 2019-11-06 21:49:54 +01:00
János Márkus d9013b13ac Fixes CISOfy/lynis#773 2019-11-03 11:48:03 +01:00
Neil Mayhew 9de8227674 Fix for false positive for some users on HOME-9306 
Closes #773

Patch from @church1e
 2019-11-01 18:12:33 -06:00
Marzal 8353483d1d grep doesn't work with '\|' in AIX. grep -E is more POSIX compliant. 2019-10-29 18:47:07 +01:00
Kristian Schuster d97221b851
added additional php folders to check, plus added PHP72 and PHP73 2019-10-24 00:14:42 +02:00
Kristian Schuster 32ee016810
fix: forgot to replace test folder with correct folder from variable 2019-10-23 23:06:03 +02:00
Dave Vehrs e6bf111f41 Updated tests for file permissions to case statements 2019-10-23 14:47:03 -06:00
Dave Vehrs 6dad2f476e Updated permissions checks 2019-10-23 12:31:20 -06:00
Kristian Schuster 4898e48e16
don't fail relative paths check with spaces in PATH 2019-10-22 21:43:37 +02:00
Kristian Schuster 62feaf3fff
do set variable NTP_CONFIG_FOUND if ntp config is found 2019-10-22 20:07:56 +02:00
Kristian Schuster 66a754fa18
OS-Detection: add raspian detection 2019-10-20 20:21:54 +02:00
Kristian Schuster ace2e27237
KRNL-5840: add detection for proxmox and raspi kernel 2019-10-20 19:55:34 +02:00
Kristian Schuster 62419033f5
fix for #781 - run lsblk without --paths 2019-10-19 00:34:25 +02:00
Michael Boelen c16133b255
Merge pull request #772 from Marzal/Marzal-test_storage 
Clean shellcheck warnings in STRG-1846
 2019-10-16 14:49:46 +02:00