tyler.durden/lynis
1
0
Fork 0
mirror of https://github.com/CISOfy/lynis.git synced 2025-04-08 17:15:25 +02:00
Code Issues Packages Projects Releases Wiki Activity
2,844 Commits 2 Branches 63 Tags
Commit Graph

2844 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Michael Boelen
1d9a887406
Updated log 2020-03-24 13:25:22 +01:00
Michael Boelen
18a570c0b8
Merge pull request #880 from konstruktoid/grphashrounds 
Add test for group password hash rounds
 2020-03-24 13:24:12 +01:00
Michael Boelen
a9db6e0794
Merge pull request #866 from topimiettinen/run-systemd-analyze-security 
Run 'systemd-analyze security'
 2020-03-24 13:17:04 +01:00
Thomas Sjögren
bc09f921f0 fix indentation 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2020-03-24 11:53:50 +01:00
Thomas Sjögren
0b9e2d85d6 fix tabs 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2020-03-24 11:45:05 +01:00
Thomas Sjögren
5341fa7b29 AUTH-9229 isnt related to login.defs, add AUTH-9230 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2020-03-24 11:44:14 +01:00
Thomas Sjögren
6818db5e12 add AUTH-9230 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2020-03-24 11:43:34 +01:00
Topi Miettinen
8913374092 Run 'systemd-analyze security' 
'systemd-analyze security' (available since systemd v240) makes a nice
overall evaluation of hardening levels of services in a system. More
details can be found with 'systemd-analyze security SERVICE' for each
service.

Signed-off-by: Topi Miettinen <toiwoton@gmail.com>
 2020-03-23 17:31:32 +02:00
Michael Boelen
7bba7bd4af
Removed incorrect process name from list, enable --full as it is required for matching jitterentropy-rngd 2020-03-23 16:13:39 +01:00
Michael Boelen
dcddfdb6cc
Merge branch 'master' of https://github.com/CISOfy/lynis 2020-03-23 15:56:03 +01:00
Michael Boelen
1e74f9be9a
Fixed 'lynis show details' output 2020-03-23 15:55:40 +01:00
Michael Boelen
8f77116ce7
Merge pull request #876 from topimiettinen/enhance-apparmor-check 
Enhance AppArmor check
 2020-03-23 15:24:52 +01:00
Michael Boelen
7d1fe1231a
[CRYP-8005] added haveged, match against process name instead of full command line, code cleanup 2020-03-23 14:29:47 +01:00
Michael Boelen
08f57c557d
Updated log 2020-03-23 13:20:41 +01:00
Michael Boelen
1eb9218986
Merge branch 'master' of https://github.com/CISOfy/lynis 2020-03-23 13:19:29 +01:00
Michael Boelen
17bbaa8f7a
[AUTH-9229] make test only available for root 2020-03-23 13:19:10 +01:00
Michael Boelen
32cefdea0a
Merge pull request #878 from topimiettinen/check-ima-evm 
Check IMA/EVM, dm-integrity and dm-verity statuses
 2020-03-23 13:18:16 +01:00
Michael Boelen
4e35b91ab2
Updated log 2020-03-23 12:50:31 +01:00
Michael Boelen
122619d01f
Merge pull request #874 from topimiettinen/check-password-hashing-methods 
Check password hashing methods
 2020-03-23 12:49:20 +01:00
Michael Boelen
410206619a
Removed restriction for using the plugin and code style improvements 2020-03-23 11:30:10 +01:00
Michael Boelen
98fb272501
Merge pull request #865 from topimiettinen/journald-fix-disk-usage 
Fix journalctl output parsing for recent journalctls
 2020-03-23 11:18:45 +01:00
Michael Boelen
17ac4d2c1c
[AUTH-9252] corrected permission check 2020-03-23 10:44:45 +01:00
Topi Miettinen
8ea39314f2
Check for dm-integrity and dm-verity 
Detect tools for dm-integrity and dm-verity, check if some devices
in /dev/mapper/* use them and especially the system root device.

Signed-off-by: Topi Miettinen <toiwoton@gmail.com>
 2020-03-23 10:35:38 +02:00
Michael Boelen
a067c4211a
Updated log 2020-03-22 15:16:31 +01:00
Michael Boelen
058b071ea2
Merge pull request #877 from bginsbach/auth-9268-add-bsd 
Add FreeBSD and NetBSD to AUTH-9268
 2020-03-22 15:16:09 +01:00
Michael Boelen
48367b20a0
Merge pull request #869 from bginsbach/auth-9234-netbsd 
Add AUTH-9234 for NetBSD
 2020-03-22 14:58:13 +01:00
Topi Miettinen
203a4d3480
Check IMA/EVM status 
Check for evmctl (Extended Verification Module) tool and system IMA (Integrity Measurement
Architecture) status.

Signed-off-by: Topi Miettinen <toiwoton@gmail.com>
 2020-03-22 11:21:52 +02:00
Brian Ginsbach
33ba896b41 Add FreeBSD and NetBSD to AUTH-9268 
Add FreeBSD and NetBSD as both support PAM. Simplify the PREQS_MET
test by using a case rather than a long if or.
 2020-03-21 20:03:37 -05:00
Brian Ginsbach
f56c3b5f94 Combine NetBSD and OpenBSD AUTH-9234 check 
Both NetBSD and OpenBSD have `useradd(8)`, so they can share logic
checking `/etc/usermgmt.conf` for the default user UID range.
 2020-03-21 16:16:34 -05:00
Brian Ginsbach
044c78452b Add AUTH-9234 for NetBSD 2020-03-21 16:10:05 -05:00
Michael Boelen
f342669777
Updated log 2020-03-21 18:53:05 +01:00
Michael Boelen
7f823d9007
Merge pull request #875 from topimiettinen/check-for-sw-prng 
Check for software pseudo random number generators
 2020-03-21 18:52:13 +01:00
Topi Miettinen
e0e2096a25
Enhance AppArmor check 
Count and log unconfined processes which have no AppArmor profile
applied.

Signed-off-by: Topi Miettinen <toiwoton@gmail.com>
 2020-03-21 17:14:55 +02:00
Topi Miettinen
26a54991ba
Check for software pseudo random number generators 
Check for running audio-entropyd, havegd or jitterentropy-rngd.

Signed-off-by: Topi Miettinen <toiwoton@gmail.com>
 2020-03-21 16:26:30 +02:00
Michael Boelen
695eef64ad
Updated version 2020-03-21 14:09:11 +01:00
Michael Boelen
fad7c2a8fa
Merge pull request #864 from topimiettinen/pam-selinux-known 
pam: pam_selinux is known good module
 2020-03-21 14:07:06 +01:00
Michael Boelen
4e0357d728
Merge pull request #863 from topimiettinen/pam-ignore-dash 
pam: ignore leading dash
 2020-03-21 13:56:10 +01:00
Michael Boelen
9241e7c925
Merge pull request #868 from topimiettinen/add-contributor 
Add Topi as a contributor
 2020-03-21 13:55:15 +01:00
Michael Boelen
148e5b5c14
Merge pull request #870 from bginsbach/boot-5260-linux 
Make BOOT-5260 Linux only
 2020-03-21 13:54:21 +01:00
Michael Boelen
1bb35b86b8
Merge pull request #873 from topimiettinen/fix-developer-profile 
Fix developer profile
 2020-03-21 13:50:03 +01:00
Michael Boelen
357b059c12
Merge pull request #871 from bginsbach/fix-find-not 
Fix uses of non-standard find not operator
 2020-03-21 13:43:28 +01:00
Michael Boelen
60ffb7395a
Merge pull request #872 from bginsbach/netbsd-eol 
Add NetBSD EOL
 2020-03-21 13:34:50 +01:00
Michael Boelen
6e9482a571
Merge branch 'master' into netbsd-eol 2020-03-21 13:34:41 +01:00
Topi Miettinen
4a51ad031b
Check password hashing methods 
Manual page crypt(5) gives recommendations for choosing password
hashing methods, so let's check if there are weakly encrypted
passwords in the system.

Signed-off-by: Topi Miettinen <toiwoton@gmail.com>
 2020-03-21 12:50:38 +02:00
Topi Miettinen
e98fcb9b73
Fix developer profile 
Initialialize a few variables to let --profile developer.prf pass.

Signed-off-by: Topi Miettinen <toiwoton@gmail.com>
 2020-03-20 22:26:51 +02:00
Brian Ginsbach
9c5451d29d Make BOOT-5260 Linux only 
Linux is the only OS with systemd so no need to check for systemd
single user mode on other operatings systems.
 2020-03-20 14:40:20 -05:00
Brian Ginsbach
32d1155953 Fix uses of non-standard find not operator 
Use ! rather than the non-standard -not find(1) operator.
 2020-03-20 14:37:56 -05:00
Michael Boelen
6356b3adb1
Updated log 2020-03-20 19:43:18 +01:00
Brian Ginsbach
50fc3f816a Add NetBSD EOL data 2020-03-20 13:42:28 -05:00
Brian Ginsbach
52344913d3 Add a way to signify undetermined EOL 
Replace setting an artificaly high date and converted date for
operating systems with no EOL (rolling) or the EOL is still to
be determined. This makes it easier for humans and saves making
a comparison (when using an artifically high converted time)
will always be false (EOL=0).

An example entry

        os:AGreatOS 2.0:👎

The converted time (seconds since the epoch) could be specified as
zero but this typically means the OS is out of date (now), A value
of -1 is a convention indicating no EOL.
 2020-03-20 13:42:28 -05:00