tyler.durden
/
lynis
mirror of https://github.com/CISOfy/lynis.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
2,963 Commits 2 Branches 62 Tags 17 MiB
Commit Graph

60 Commits

Author SHA1 Message Date
Michael Boelen ce3c80b44f
Merge pull request #883 from topimiettinen/check-encrypted-swap-devices 
Check if system uses encrypted swap devices
 2020-04-12 16:22:22 +02:00
Michael Boelen a166691199
Merge pull request #882 from topimiettinen/check-package-certificates 
[CRYP-7902] Check also certificates provided by packages
 2020-04-09 11:01:39 +02:00
Martin Churchill e4d491d574
[CRYP-7902] Fixes issue #902 
[CRYP-7902] Checks for SSL_CERTIFICATE_PATHS_TO_IGNORE fails to ignore sub-directories #902
 2020-04-08 10:02:18 +01:00
Topi Miettinen 9642bcffc8
[CRYP-7902] Optionally check also certificates provided by packages 
The package maintainers are not immune to mistakes or they might not
always provide timely updates, so let's check (optionally) more
certificates even if they are delivered by packages.

I found three expired certificates in my Debian/unstable system,
thanks to changed Lynis.

Signed-off-by: Topi Miettinen <toiwoton@gmail.com>
 2020-04-02 12:52:13 +03:00
Topi Miettinen 5c5cc43c6f
Check if system uses encrypted swap devices 
Add test CRYP-7931 to check if the system uses any encrypted swap
devices.

Signed-off-by: Topi Miettinen <toiwoton@gmail.com>
 2020-03-27 13:05:56 +02:00
Michael Boelen 7bba7bd4af
Removed incorrect process name from list, enable --full as it is required for matching jitterentropy-rngd 2020-03-23 16:13:39 +01:00
Michael Boelen 7d1fe1231a
[CRYP-8005] added haveged, match against process name instead of full command line, code cleanup 2020-03-23 14:29:47 +01:00
Topi Miettinen 26a54991ba
Check for software pseudo random number generators 
Check for running audio-entropyd, havegd or jitterentropy-rngd.

Signed-off-by: Topi Miettinen <toiwoton@gmail.com>
 2020-03-21 16:26:30 +02:00
Michael Boelen 38310223a6
Updated date/year 2020-03-20 14:50:25 +01:00
Michael Boelen 3bbe34ea73
[CRYP-8004] enhanced after pulling in initital test 2020-02-15 14:09:56 +01:00
pyllyukko 40acdc111d
Added CRYP-8004 2020-01-06 21:22:00 +02:00
Michael Boelen 09f29a5e64
Code style improvement: quote argument 2019-12-18 12:17:46 +01:00
Kristian Schuster 62419033f5
fix for #781 - run lsblk without --paths 2019-10-19 00:34:25 +02:00
Kristian Schuster 51d3c56842
crypto-test: suppress errors when devs are not accessible for cryptsetup 2019-09-29 17:44:15 +02:00
Michael Boelen 0d58ee77a0
[CRYP-7930] replaced incorrect PATH column with alternative 2019-09-02 19:20:16 +02:00
Michael Boelen a87c2b10f9
Added CRYP-8002 2019-08-29 10:39:43 +02:00
Michael Boelen 605e515c31
Updated forensics variable 2019-08-21 14:00:20 +02:00
Michael Boelen d395e1a2da
[CRYP-7930] extend test to use cryptsetup/lsblk or crypttab file 2019-08-21 13:50:01 +02:00
Michael Boelen a714568842
Merge pull request #731 from chr0mag/cryp-7930 
[CRYP-7930] Modify to use 'lsblk' and 'cryptsetup'
 2019-08-21 12:31:36 +02:00
Michael Boelen 9605f0fa80
Combined sort and uniq to sort -u 2019-07-26 15:34:02 +02:00
Julian Phillips e293af16aa Add FOUND var to unset list 2019-07-17 18:01:44 -07:00
Julian Phillips 84dd024887 [CRYP-7930] Modify to use 'lsblk' and 'cryptsetup' 
There are several challenges with the existing method of using
/etc/crypttab:

1)encrypted rootfs partitions are not typically listed in this
file (users are prompted for password in early boot instead)

2)the 'luks' option is the default option so it is possible for
/etc/crypttab entries to never have this set explicitly and any
block device configured as such will be missed currently

3)any device mounted manually, or using any other mechanism aside
from /etc/crypttab will be missed

This commit executes 'cryptsetup isLuks' on every block device in
the system to determine whether it is a LUKS device. This handles
all 3 cases mentioned above.

Test case wording was also updated to reflect the fact that it
only checks for LUKS entrypted block devices. So, plain dm-crypt
and TrueCrypt/VeraCrypt block device encryption is not detected.
Nor is any file system level encryption such as eCryptfs, EncFs,
gocryptfs.
 2019-07-17 16:18:12 -07:00
Michael Boelen fa8bad20db
Use -n instead of ! -z 2019-07-16 13:20:30 +02:00
Michael Boelen 09d8832a0b
[CRYP-7903] enhanced test to properly work 2019-07-09 11:42:04 +02:00
Michael Boelen 6891f64c39
Added CRYP-7930 2019-07-09 10:33:51 +02:00
Michael Boelen f3f6be6630
Fix for incorrect subdirectory retrieval and adding enhancement to reduce number of evaluations needed 2019-07-08 21:20:45 +02:00
Michael Boelen 2c17c14c3b
New profile option to ignore specified certificate directories 2019-07-08 15:08:56 +02:00
Michael Boelen 66066ae226
Changed year and preparing for new release 2019-01-31 14:47:35 +01:00
Michael Boelen 211fb9117c
[CRYP-7902] - Do prevalidation for certificates before testing them 2018-03-05 11:32:23 +01:00
Michael Boelen 66f8cb2441
Changed year 2018-01-11 09:50:26 +01:00
Michael Boelen c248ab6a16
[CRYP-7902] fix for bourne shell and rewrite 2017-09-06 12:56:32 +02:00
Bruno Vernay 4107d8a461 Support spaces in file names (#444) 
File names may contain spaces
 2017-08-29 14:32:42 +02:00
Michael Boelen 1190efac2b
[CRYP-7902] add a test to filter out non-certificate files 2017-08-18 19:19:15 +02:00
Michael Boelen 4a673aebc7
[CRYP-7902] certificate validation changed 2017-08-18 14:14:28 +02:00
Michael Boelen 60f94fef47
[CRYP-7902] prevent test from showing error on screen related to wrong certificate file 2017-07-18 11:51:45 +02:00
mslifcak 8d2b3a202f A250 2 (#398) 
* fix missing ROOTDIR prefix

* sort list of services before processing

* sort list of certificates before processing

* sort list of startup scripts before processing

* spell check

* remove possessive pronoun
 2017-05-31 15:40:39 +02:00
mslifcak af60a2463a 250 fixes (#393) 
* restore use of lshw

* add ROOTDIR to restore lost PHP file ref

* refactor certificate search to benefit older "find" command
 2017-05-23 14:56:25 +02:00
Michael Boelen d8e41ca118 [CRYP-7902] Support for Plesk file names 2017-03-14 16:42:39 +01:00
Michael Boelen 32b9af0767 [CRYP-7902] Test certificates with extension crt and pem, only if not part of a package 2017-03-12 16:35:50 +01:00
Michael Boelen 34ba1ba184 Changed date and preparing for release 2017-02-09 13:35:40 +01:00
Michael Boelen 81d8486cb0 [CRYP-7902] Gather more certificate details and style improvements 2016-09-08 21:04:02 +02:00
Michael Boelen 679e8c628e Use detected binaries 2016-08-25 15:31:33 +02:00
Michael Boelen 2f4c854ba7 Rename of categories, introduction of groups 2016-07-24 17:22:00 +02:00
Michael Boelen 8b8a1a9b66 [CRYP-7902] Use SSL paths as configured by profile 2016-07-05 16:46:50 +02:00
Michael Boelen 983e293eb1 Replaced text strings to allow translations 2016-06-18 11:14:01 +02:00
mboelen 42607ceaf5 Replaced old function names with new ones 2016-04-28 12:31:57 +02:00
mboelen 015287e963 [CRYP-7902] Added support for multiple profiles 2016-04-13 19:49:30 +02:00
mboelen 8cc47819b4 Removed copyright line, added description 2016-03-13 16:03:46 +01:00
mboelen 6197ac08e7 Added link to website, blog, github 2016-03-13 16:00:39 +01:00
mboelen d16b38eff8 Rename of logtext and report functions, upcoming year change 2015-12-21 21:17:15 +01:00