tyler.durden
/
lynis
mirror of https://github.com/CISOfy/lynis.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
1,362 Commits 2 Branches 62 Tags 17 MiB
Commit Graph

955 Commits

Author SHA1 Message Date
Michael Boelen ee9d7963e7 Add 'lynis show changelog' to display release details 2016-07-24 15:40:55 +02:00
Michael Boelen 9a2dcc9dec Add DisplayError for showing errors on screen 2016-07-24 13:11:32 +02:00
Michael Boelen 65eaeb7ce9 Add header as color 2016-07-24 13:05:36 +02:00
Michael Boelen c1d351fe32 Add bold as color 2016-07-24 11:43:18 +02:00
Michael Boelen 64348b772c Add category and display more details about tests 2016-07-24 11:42:50 +02:00
Michael Boelen ccb39d5e52 [PHP-2374] Changed text and cleanups 2016-07-22 15:46:25 +02:00
Michael Boelen 7f25a1f00e Remove colors properly with one function (contribution: Mike Slifcak at Pindrop 2016-07-18 19:58:32 +02:00
Michael Boelen 75d8824d8f Add 'update check' as example 2016-07-18 10:34:10 +02:00
Michael Boelen 6b92407234 Add 'update check' functionality 2016-07-18 10:33:52 +02:00
Michael Boelen d02cb095da [PHP-2376] Log to discovered item to report instead of logfile 2016-07-16 16:28:43 +02:00
Michael Boelen 7ec51cdae0 Only use license key when it is defined 2016-07-14 15:26:46 +02:00
n[oO]ne 8aeba9fa3d fix: Test names are different. (#228) 
After changes in 9aa5736 the test names are different. This results in something like BOOT-5122 = boot-5122 and skipped test aren't skipped anymore.
 2016-07-14 13:49:20 +02:00
Michael Boelen 9aa57362e6 Show all tests uppercase and remove first space from list for correct display 2016-07-13 13:21:35 +02:00
Michael Boelen dd378a0ca3 Allow showing categories, logfile, report, and test details 2016-07-13 13:20:55 +02:00
Michael Boelen f9011c43e6 Exit cleanly when displaying categories 2016-07-13 11:12:31 +02:00
Michael Boelen 09aa31bb5c Minor code cleanup 2016-07-12 20:32:49 +02:00
Michael Boelen 07a113e46e Set initial value for language and improve auto detection 2016-07-12 20:32:15 +02:00
Michael Boelen cb76421d9c Proper display of tool tips configuration, while not showing tips when using show module 2016-07-12 20:09:10 +02:00
Michael Boelen c090e73ca1 Add blue colors for tips 2016-07-11 20:06:46 +02:00
Michael Boelen 38e6ff18d4 Merge and initial changes for new tests FILE-6344 and FILE-6430 2016-07-11 19:57:45 +02:00
Lukas Pirl 9a5647f66c added test FILE-6337: check if /proc mounted with hidepid=(1|2) (#225) 
to hide users' sensitive files in /proc from other users
  (see `man proc` for details)
 2016-07-11 16:48:25 +02:00
Lukas Pirl f19f5927a5 added test for AllowAgentForwarding being turned off (#222) 
for reasons, see links below:
  https://wiki.mozilla.org/Security/Guidelines/OpenSSH#SSH_agent_forwarding
  https://heipei.github.io/2015/02/26/SSH-Agent-Forwarding-considered-harmful/
 2016-07-11 11:25:51 +02:00
Michael Boelen 576e11b995 [BOOT-5122] Extended password check 2016-07-11 11:24:52 +02:00
Michael Boelen 09a9b80fde Merge branch 'master' of https://github.com/CISOfy/lynis 2016-07-11 11:21:08 +02:00
ratrop cd2429688b Update tests_boot_services (#201) 
Added detection of password for Grub2 in Ubuntu 14.04 LTS. Previous version doesn't detect it.
 2016-07-11 11:20:05 +02:00
Michael Boelen 648d043b0a [FILE-6430] initial import and changes 2016-07-11 11:18:53 +02:00
Michael Boelen d1c8cd3d05 Merge branch 'master' of https://github.com/CISOfy/lynis 2016-07-11 10:32:30 +02:00
Michael Boelen 52317de56c Set date of break lines to similar format as normal log entries 2016-07-11 10:32:00 +02:00
Yann ILAS a62a09d9e4 Remove the support of some filesystems (#205) 
For now keeping the test as-is and merge.
 2016-07-11 10:24:38 +02:00
Michael Boelen 74c9513fbb [HTTP-6632] fix for proper detection of Apache modules 2016-07-11 09:49:24 +02:00
Michael Boelen 13c228fd2d Add --configured-only option to lynis show settings 2016-07-05 19:57:11 +02:00
Michael Boelen 1655b5728b Disable color status and clear blue color 2016-07-05 19:56:38 +02:00
Michael Boelen 467c30b16b Start of migration of deprecated profile options 2016-07-05 19:56:13 +02:00
Michael Boelen b44acc16e0 Disable upload compression for now 2016-07-05 19:55:45 +02:00
Michael Boelen 474455d18b Define colors 2016-07-05 19:55:31 +02:00
Michael Boelen f8bee58ade Implement tooltips 2016-07-05 18:18:54 +02:00
Michael Boelen bac442c6fe Migrate to new options, including skip-plugins 2016-07-05 17:26:27 +02:00
Michael Boelen 75786a1c80 Added DisplayToolTip 2016-07-05 17:25:19 +02:00
Michael Boelen 0c5387f1fe Migration to new profile names and store the related settings 2016-07-05 16:49:36 +02:00
Michael Boelen bdf9a5cf04 Add lynis show settings with --brief and --nocolors options 2016-07-05 16:49:10 +02:00
Michael Boelen 5778d4fa0d Add fuctions: AddSetting, DiscoverProfiles, ParseProfiles 2016-07-05 16:47:32 +02:00
Michael Boelen 8b8a1a9b66 [CRYP-7902] Use SSL paths as configured by profile 2016-07-05 16:46:50 +02:00
Michael Boelen 998af3d7de Add variable for settings and SSL paths 2016-07-05 16:45:27 +02:00
Michael Boelen 6c24c198ee [PRNT-2306] Check if files are readable before parsing them 2016-07-05 12:19:43 +02:00
Michael Boelen fbd24b585a Rename Maid to CleanUp 2016-07-05 12:16:49 +02:00
Michael Boelen 72ca2b926d [AUTH-9254] Only let root use this test, due to permissions 2016-07-05 12:10:32 +02:00
Michael Boelen c181a5745f [AUTH-9288] Only check for accounts which have a maximum password age set 2016-07-05 10:51:59 +02:00
Michael Boelen d9b609ed98 Do not provide a tip about uploading data when user is already doing that 2016-07-05 10:40:07 +02:00
Michael Boelen a1ebc18a76 Don't override variables of ReportDetails functions on every parameter 2016-06-30 11:34:27 +02:00
Michael Boelen 114d95c475 [AUTH-9234] Test for minimal UID number via /etc/login.defs 2016-06-30 11:30:58 +02:00
Michael Boelen 6861e8065f Improve screen output 2016-06-18 11:15:39 +02:00
Michael Boelen 87efe5651f Replaced text strings to allow translations 2016-06-18 11:15:11 +02:00
Michael Boelen b553f01b2a Allow long lines of text by resetting number of spaces to 0 when needed 2016-06-18 11:14:50 +02:00
Michael Boelen 983e293eb1 Replaced text strings to allow translations 2016-06-18 11:14:01 +02:00
Michael Boelen 1be27c7b00 Added IsDeveloperVersion to detect if release is still under development 2016-06-18 09:28:53 +02:00
Michael Boelen 52ad74c5ce [SSH-7408] Show SSH items as a suggestion on screen, like in the report 2016-06-11 14:45:17 +02:00
Michael Boelen f8b134f3c3 Add automatic detection of used language 2016-06-11 14:34:21 +02:00
Michael Boelen f851834dbd Added support for multiple languages 2016-06-11 14:09:41 +02:00
Michael Boelen 7ff4f3b1d3 Add upcoming profile option to choose between upload tools 2016-06-07 17:01:16 +02:00
Michael Boelen 138d1fdcd5 Add comment for upcoming option to choose between upload tools 2016-06-07 17:00:51 +02:00
Michael Boelen 6b05d59855 Add variables for alternative upload tool 2016-06-07 17:00:12 +02:00
Michael Boelen c88a2678f6 [HTTP-6642] Test disabled 2016-06-07 16:59:37 +02:00
Michael Boelen 02fdaf4c1e [PKGS-7328] Set non-interactive as first option like other calls to Zypper 2016-05-30 19:43:10 +02:00
Michael Boelen 751c9734c5 Restrict find action to the /tmp mount 2016-05-30 19:38:42 +02:00
Michael Boelen d3202ade5d Properly display lines again after changing date format in log 2016-05-30 19:36:30 +02:00
Andreas Stieger ece464b1da improve non-interactive use of zypper (#208) 
* PKGS-7328: only list installed items of type package

Otherwise the package list may contain duplicate items of type application or patch

Signed-off-by: Andreas Stieger <astieger@suse.com>

* PKGS-7328, PKGS-7330: run zypper with non-interactive flag

Otherwise the test will hang if zypper issues an interactive query or warning,
such as for new/changed keys, network issues or other errors.

Signed-off-by: Andreas Stieger <astieger@suse.com>
 2016-05-30 19:20:37 +02:00
Michael Boelen 000077d379 Added more tips when cURL has issues uploading the data 2016-05-30 17:06:14 +02:00
Michael Boelen 268ff68966 Added error message when --data-urlencode on cURL is not available 2016-05-30 16:59:29 +02:00
Michael Boelen 7725ce6cc8 Use a common date/time format for log entries 2016-05-25 21:36:12 +02:00
Michael Boelen e20ef13b48 Change instructions to configure Lynis when using self-signed certificates with upload 2016-05-25 13:43:29 +02:00
Michael Boelen 6f1be4c82a Better display when multiple items are to be configured 2016-05-25 13:29:01 +02:00
Michael Boelen c42a1d4083 Improve error message when setting already exists 2016-05-24 20:53:16 +02:00
Michael Boelen a45d6e61f8 Allow automatic configuration of a setting 2016-05-24 20:49:36 +02:00
Michael Boelen 748039358c Remove unneeded quote 2016-05-24 11:31:49 +02:00
Michael Boelen d2c82adc98 Minor cleanups and add hostid2 value for uploads 2016-05-24 11:28:08 +02:00
Eric Light 47748c8fd8 UseDNS = No is a safer configuration (#204) 
See Issue #197.  

References:
 - https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/424371/comments/11
 - https://unix.stackexchange.com/questions/56941/what-is-the-point-of-sshd-usedns-option
 - https://security.googleblog.com/2016/02/cve-2015-7547-glibc-getaddrinfo-stack.html
 2016-05-19 19:58:52 +02:00
Yann ILAS e8d6308d82 use ${LSMODBINARY} instead of lsmod (#200) 2016-05-19 17:34:35 +02:00
Yann ILAS 770605e4c6 use ${LSMODBINARY} instead of lsmod (#199) 
Use detected lsmod binary instead of calling it directly.
 2016-05-19 17:24:49 +02:00
Yann ILAS bc313949c8 Add of MODPROBE variable (#202) 
Test for presence of modprobe utility
 2016-05-19 17:23:54 +02:00
Michael Boelen 7b769214cd Split auditd between Linux and Solaris, store if an audit daemon is running 2016-05-19 17:23:01 +02:00
Michael Boelen 9dafcac6b0 Extend configure module to allow making changes to custom.prf soon 2016-05-17 21:39:02 +02:00
Michael Boelen 7b819b4eca Show release as version with release type (e.g. 2.2.0-dev) 2016-05-17 18:12:49 +02:00
Michael Boelen 443497855e Add lynis show hostids to display host IDs 2016-05-17 18:08:08 +02:00
Michael Boelen 0d62613388 Store host IDv2 and detect utilities when no binaries scan has been done 2016-05-17 18:07:43 +02:00
Michael Boelen 933edeeae0 Improve screen output when an error in a profile has been found 2016-05-16 20:56:42 +02:00
Michael Boelen 573698afdb Show debug details on screen in verbose mode 2016-05-16 20:56:16 +02:00
Michael Boelen f7e353fe17 Report multiple file integrity tools, clean ups, and renumber FINT-4316 to FINT-4402 2016-05-16 20:55:42 +02:00
Michael Boelen 9542dc2f6b Initial import of configure helper 2016-05-15 20:37:10 +02:00
Michael Boelen bb2c97f9c1 Added --man-page alias 2016-05-15 20:01:32 +02:00
Michael Boelen c751302a76 Add helper tool 'configure' 2016-05-15 20:00:18 +02:00
Michael Boelen 1cbf7244c2 Added detection and display of profile directory 2016-05-15 14:03:57 +02:00
Michael Boelen 26c67e4ec6 Use full paths when local directory is used for includedir or dbdir 2016-05-15 13:41:03 +02:00
Michael Boelen 098f7685fc Added show dbdir, show includedir, show workdir 2016-05-14 18:04:26 +02:00
Michael Boelen 18fb54e92d Improve screen output of 'lynis update info' 2016-05-14 17:43:40 +02:00
Michael Boelen e7afd92533 Improve screen output 2016-05-14 17:42:51 +02:00
Michael Boelen b72b510301 Improve help output and error messages 2016-05-14 17:42:33 +02:00
Michael Boelen 08bad0ffbf Initial support for remote scanning with: lynis audit system remote 2016-05-14 15:44:06 +02:00
Michael Boelen 93074a89ea Initial import of remote system scanning 2016-05-14 15:43:29 +02:00
Michael Boelen 4225611b5b Remove debugging details 2016-05-12 11:21:20 +02:00
Michael Boelen d6ceeaa11f Clean ups and added hints for contributions 2016-05-11 16:02:46 +02:00