tyler.durden
/
lynis
mirror of https://github.com/CISOfy/lynis.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
1,362 Commits 2 Branches 63 Tags 18 MiB
Commit Graph

955 Commits

Author SHA1 Message Date
Michael Boelen 079efdada1 Merge pull request #138 from rhyven/patch-1 
Hide fail2ban open+deleted file warning, when grsec is installed
 2016-03-30 14:34:36 +02:00
Michael Boelen 420b72ae20 Merge pull request #140 from kboratynski/features/macosx_php 
Added OSX default php.ini location.
 2016-03-30 14:33:54 +02:00
Michael Boelen 570639599b Merge pull request #137 from technimad/technimad-patch-1-PHPiniEl6fix 
Added ini dir of EL6
 2016-03-30 14:33:27 +02:00
mboelen 70bb10328f Use echo when checking parameters to prevent incorrect issues with screen output 2016-03-30 14:26:01 +02:00
mboelen 4d52e64b2a Match sshd process running and/or port 22 listening 2016-03-30 13:48:18 +02:00
mboelen 251b861df5 Changed function name to better reflect goal and UDP support 2016-03-30 13:45:34 +02:00
mboelen 3ad0bc9582 Renamed function to IsPortListening 2016-03-30 12:18:11 +02:00
Michael Boelen beb02e2c3d Merge pull request #142 from kboratynski/features/sshd 
features/sshd
 2016-03-30 11:55:58 +02:00
cnrat fcaa7ffe8b Bug fixed 
echo /etc/fstab is wrong.
 2016-03-29 16:35:39 +08:00
mboelen 0e9b63a6ed Adjusted variable to properly check systemd directory 2016-03-24 17:28:53 +01:00
mboelen 0779005b46 [AUTH-9308] Skip testing some files when systemd is used 2016-03-24 17:16:14 +01:00
mboelen d7c8233dd4 Check for systemd 2016-03-24 17:15:39 +01:00
mboelen 0d2be381f9 [AUTH-9308] Test systemd targets 2016-03-24 16:46:54 +01:00
mboelen 95df056ca8 Don't use type -p, as it won't work on all systems 2016-03-24 14:35:12 +01:00
mboelen 45f6bcc601 Minor text changes 2016-03-24 11:11:40 +01:00
Michael Boelen d1bb7855df Merge pull request #139 from rhyven/patch-2 
AUTH-9262 - restructure + pwquality
 2016-03-24 10:52:20 +01:00
Michael Boelen 30dae85a63 Merge pull request #141 from kboratynski/features/macosx_brew 
Added brew as package manager.
 2016-03-24 10:48:03 +01:00
mboelen a3084da623 Improved templates and examples 2016-03-24 10:34:16 +01:00
Kamil Boratyński 1f320f68c2 Fixed IsTcpUdpListening function 2016-03-22 23:57:09 +01:00
Kamil Boratyński 232419df8c Modified SSH service checking. 2016-03-22 23:54:38 +01:00
Kamil Boratyński 3e5555fb12 Added listening function. 
Listening functions checks whether there exist a service listening
on specified protocol and port.
 2016-03-22 23:53:58 +01:00
Kamil Boratyński 85236bb996 Added brew as package manager. 2016-03-22 23:06:10 +01:00
Kamil Boratyński 89cb26c1f1 Added OSX default php.ini location. 2016-03-22 22:21:55 +01:00
Eric Light fad4dfc0cc Modified AUTH-9262 
Added pwquality (default in some Ubuntu variants) to accepted password-quality modules.  Reworked test so that full points are possible (passwdqc and cracklib incompatible).
 2016-03-22 16:30:47 +13:00
Eric Light 2a2c094825 Hide fail2ban open+deleted file warning with grsec 
One of the features in grsecurity also prevents Fail2Ban from creating a temp file under /var/tmp.  I've been unable to pinpoint the line in fail2ban which causes the issue, but have confirmed it's related to Fail2Ban.

Note: disabling the PaX MPROTECT function on /usr/bin/python will also resolve this issue, but it's better to keep MPROTECT on.
 2016-03-22 15:28:21 +13:00
Erwin Vrolijk 7c2b8b90d9 Added ini dir of EL6 
On my EL6 systems PHP uses an ini directory of /etc/php.d, added this to the php test.
 2016-03-21 11:20:30 +01:00
mboelen c3d5dabb49 Move stderr redirection to sysctl command instead of grep, to prevent errors displaying on screen 2016-03-17 21:02:28 +01:00
mboelen e949e560d7 Improve systemd detection on Fedora 2016-03-17 20:57:31 +01:00
mboelen b9dba2f3be Don't show umask exception, as it will trigger on Debian 8 2016-03-17 20:54:28 +01:00
mboelen a427eb6fa7 Rewrote test to determine system manager 2016-03-17 20:32:21 +01:00
mboelen abbcd2f97e Added additional logging for KRNL-5830 2016-03-17 19:39:36 +01:00
mboelen 39f24a57b9 Add Gentoo as Linux version 2016-03-17 18:11:03 +01:00
mboelen 9689417aec Add missing fi 2016-03-17 16:43:33 +01:00
mboelen a33b3c828f Check system manager and allow init as option in /proc/1/cmdline 2016-03-17 16:40:53 +01:00
mboelen 7adf2425a6 Added STRG-1842 to check for authorized USB devices 2016-03-17 16:36:52 +01:00
mboelen 237c0f87a7 BOOT-5104: Rewrote test to detect service manager 2016-03-16 12:10:10 +01:00
mboelen 488c08c3f3 Add better description of hardening points assignment 2016-03-16 11:19:17 +01:00
Michael Boelen 2fe5fa2cc6 Merge pull request #135 from rhyven/patch-5 
Accept apt-get as a package audit tool
 2016-03-16 11:02:35 +01:00
Michael Boelen a629248048 Merge pull request #134 from rhyven/patch-4 
Make AddHP identify non-optimal HP in logfile entries
 2016-03-16 11:02:15 +01:00
mboelen 322c7354d9 Added alternative location for dmidecode 2016-03-16 10:54:49 +01:00
mboelen bdc0f010c1 Set fixed dmidecode location 2016-03-16 09:54:54 +01:00
Eric Light a97bcb2142 Accept apt-get as a package audit tool 2016-03-14 12:02:18 +13:00
Eric Light 2ff7ce26c9 Make AddHP identify non-optimal HP in logfile entries 2016-03-14 10:35:57 +13:00
mboelen b8df6c4204 DBS-1816: Removed suggestion 2016-03-13 16:49:08 +01:00
mboelen 8cc47819b4 Removed copyright line, added description 2016-03-13 16:03:46 +01:00
mboelen 6197ac08e7 Added link to website, blog, github 2016-03-13 16:00:39 +01:00
mboelen dcb7f311fa Changed text and links 2016-03-13 15:48:03 +01:00
mboelen cf553b543c Added missing } 2016-03-12 20:50:28 +01:00
mboelen 89fbdd2feb HTTP-6622: Determine Apache version and store in report 2016-03-12 20:45:37 +01:00
mboelen 6d2770ede6 Added FreeBSD path for namedb configuration file 2016-03-12 20:19:12 +01:00
mboelen e88f15fd82 Removed tabs 2016-03-12 19:08:53 +01:00
mboelen bd833057e1 NAME-4406: adjusted filter for localhost detection + logging 2016-03-12 19:08:23 +01:00
mboelen 7f34f9dece AUTH-9288: ignore add include/tests_authentication 2016-03-08 12:01:11 +01:00
mboelen 6ec3e5b39d Added suggestion for file systems which are symlinked 2016-03-08 11:35:15 +01:00
mboelen 4874c80186 HTTP-6624: ignore wildcard and default entries as ServerName 2016-03-08 11:34:33 +01:00
mboelen ebdd946570 STRG-1840: disabled suggestion as this is considered high secure item 2016-03-08 09:50:28 +01:00
mboelen 62f31a8b82 SSH-7408: use only the last occurrence of a configured option 2016-03-08 08:47:25 +01:00
Michael Boelen e9edd2dd09 Merge pull request #129 from rhyven/patch-3 
Make NAME-4404 case-insensitive
 2016-03-08 08:08:31 +01:00
Eric Light e40a3562fb Make NAME-4404 case-insensitive 2016-03-07 15:15:22 +13:00
Eric Light 34c88e0c05 Removed errant semicolon which broke uploads 
Resolves below error:
   ./lynis: 25: ./include/data_upload: Syntax error: ";" unexpected
 2016-03-04 15:06:32 +13:00
mboelen 2b95019b62 Use proper variable for cURL 2016-03-03 12:50:43 +01:00
mboelen 09193d8ba9 Add support for FreeBSD to detect PAM files 2016-03-03 12:48:42 +01:00
mboelen a67a8f89bc Added space when upload options are used 2016-03-03 10:20:23 +01:00
mboelen 54ab91f87e Renamed FINT-4351 to FINT-4338 2016-03-01 16:30:48 +01:00
Toni de la Fuente 617ede8686 Update tests_file_integrity 2016-02-29 17:27:07 -05:00
Toni de la Fuente cb73eed69b added support to osquery 2016-02-29 17:16:50 -05:00
mboelen 13cfbd3019 Make IPv6 check compatible for all systems 2016-02-25 14:24:50 +01:00
mboelen f6c84785e7 Changed exception of missing eth0 interface into an informational message 2016-02-24 19:59:23 +01:00
mboelen 75ca02d1a5 Allow proxy usage during license check 2016-02-15 13:50:03 +01:00
mboelen 2aa9b9a9b1 Changed custom URLs for hardening tips 2016-02-15 12:39:06 +01:00
Eric Light 4f38eb4739 Removed ServerAliveInterval 
Belongs in ssh_config instead.  Ref issue #120
 2016-02-10 09:24:19 +13:00
mboelen c4888fbb8e Added value for ServerAliveInterval setting 2016-02-09 15:53:11 +01:00
mboelen b1f655ca1e Merge branch 'master' of https://github.com/CISOfy/Lynis 2016-02-09 13:02:50 +01:00
Michael Boelen fde45eafd4 Merge pull request #113 from pyllyukko/fix_LogText 
Fix "/etc/inittab" -> "/etc/sysconfig/init"
 2016-02-09 13:03:08 +01:00
mboelen 820c24c347 Added OpenBSD for [NETW-3004] 2016-02-09 13:00:29 +01:00
Michael Boelen 44752440e8 Merge pull request #115 from alobodzinski/master 
Change text and add account test for OpenBSD
 2016-02-09 12:59:10 +01:00
mboelen a3b4705508 Reordered SSH options, added ServerAliveInterval, changed TCPKeepAlive suggestion 2016-02-09 12:54:47 +01:00
mboelen 66d8ea418f Improve log file for data uploads 2016-02-02 17:08:53 +01:00
mboelen 4923ce9cb4 Added comment 2016-02-02 17:07:44 +01:00
mboelen ac5c98d76c Show what profile is used when using --config 2016-02-02 17:07:20 +01:00
mboelen 647b482c53 Use the right columns from DNF to split package name and version 2016-01-25 15:47:24 +01:00
mboelen d3e58a0537 Adjusted stderr redirecting and improve logging of packages 2016-01-25 15:38:46 +01:00
mboelen 5c53d16189 Show on screen if vulnerable packages are found 2016-01-25 15:04:46 +01:00
mboelen acafb316d3 Add warning if DNF found vulnerable packages 2016-01-25 13:57:31 +01:00
mboelen 3999be2300 Avoid errors on screen if sysctl keys are not readable 2016-01-25 13:54:09 +01:00
mboelen 727ff26283 Show on screen that DNF is being used 2016-01-25 13:52:58 +01:00
mboelen e3c88fe766 Additional DNF tests 2016-01-25 13:43:05 +01:00
mboelen 1e12852b12 Initial support for DNF package manager 2016-01-25 13:18:59 +01:00
Alexander Lobodzinski 6309588246 [ACCT-2760]: Check availability OpenBSD accounting data 2016-01-22 11:52:34 +01:00
Alexander Lobodzinski 089f7013c1 [PRNT-2302]: Description text was obviously wrong 2016-01-22 11:23:49 +01:00
pyllyukko 71aa47cbf4
Fix "/etc/inittab" -> "/etc/sysconfig/init" 2016-01-16 21:14:38 +02:00
mboelen 6bab259a5e [AUTH-9234] Gather users on AIX, and rewriting of tests 2016-01-11 01:31:08 +01:00
mboelen 5e5507a1cd Use CreateTempFile for temporary file creation 2016-01-11 01:30:06 +01:00
mboelen e0e56f2cdc Use CreateTempFile for creation of temporary files 2016-01-11 01:04:38 +01:00
mboelen 1cb90916ee Added functions and variables for creation of temporary files 2016-01-11 01:04:04 +01:00
mboelen d5867762c6 Use CreateTempFile function for temporary files 2016-01-11 00:24:00 +01:00
mboelen f313b2edf8 Allow defining a proxy for data uploads 2016-01-07 12:57:24 +01:00
mboelen 4736ad87b9 Replacement of functions and adding newlines 2016-01-07 12:56:46 +01:00
asiebelt a095ba64a0 Fix scoring logic for "<" 2016-01-02 18:13:07 +01:00
asiebelt 7f462d0a41 Fix typo 2016-01-02 18:07:02 +01:00
asiebelt 81bac124ee Fix Scoring for "<" 2016-01-02 18:03:11 +01:00
asiebelt 99fd20aae0 Fix Test Definition 2016-01-02 17:49:01 +01:00
asiebelt 4234a646ed Update tests_ssh 2016-01-02 17:39:25 +01:00
mboelen d167fe2782 Added test NETW-2600 to collect IPv6 configuration 2016-01-01 21:38:47 +01:00
mboelen 0116dac1d2 Add more aliases to --dumpoptions 2016-01-01 15:44:32 +01:00
mboelen 70c90bc8fa Added new function TestValue 2016-01-01 14:56:09 +01:00
mboelen 5b25317767 New tests and renumbering 2015-12-30 14:33:50 +01:00
mboelen 6b3c32b61f Added NETW-3032 to test for ARP monitoring software like arpwatch 2015-12-29 16:30:31 +01:00
mboelen 31b5c0bb42 Merged changes for ARPwatch 2015-12-29 16:28:18 +01:00
Michael Boelen 142fc100c4 Merge pull request #108 from alobodzinski/dovecot 
MAIL-8838: dovecot does not have postfix as a prerequisite
 2015-12-29 16:23:01 +01:00
mboelen 72b0f65438 [LOGG-2154] Check for remote syslogging, more in-depth testing 2015-12-22 16:56:15 +01:00
mboelen 95832c61d1 Update to reflect renamed functions logtext and report 2015-12-22 16:02:32 +01:00
mboelen ae6ca56581 Show warning for writable configuration file 2015-12-22 16:01:30 +01:00
mboelen 6520400ca4 [AUTH-9288] New test to determine expired passwords 2015-12-22 16:00:51 +01:00
mboelen d16b38eff8 Rename of logtext and report functions, upcoming year change 2015-12-21 21:17:15 +01:00
mboelen 83a44827e0 Define queryformat for rpm command 2015-12-21 19:20:34 +01:00
mboelen ddfd21b696 Added test for gzip to allow compression of report file 2015-12-21 19:13:50 +01:00
mboelen 360e6b66f6 Split name and version information for RPM based package manager 2015-12-21 19:10:22 +01:00
mboelen 6815c9a915 Redirect errors from postconf output 2015-12-21 17:07:31 +01:00
mboelen 9451e633da [AUTH-9308] Test for respawn option on SUSE-based systems 2015-12-21 15:17:25 +01:00
mboelen c12a4403aa Preparations for compressed uploads 2015-12-21 15:15:51 +01:00
mboelen 040c2efc1c Perform compressed uploads by default 2015-12-21 12:08:47 +01:00
mboelen ad87a83bbc Add upload_compressed option to profile 2015-12-21 11:37:16 +01:00
mboelen 4b9b8a0bc7 New option for compressed uploads 2015-12-21 11:35:38 +01:00
mboelen a59731405f Comment out unused function RealFilename 2015-12-21 11:26:00 +01:00
mboelen 526c519300 Retrieve cURL version number 2015-12-21 11:25:38 +01:00
mboelen c68771a57a Ensure that readlink only is used when it is available 2015-12-21 10:03:51 +01:00
mboelen 7cf247bf21 Added VMware detection for ESXi 2015-12-16 13:40:28 +01:00
Alexander Lobodzinski fccf889936 dovecot does not have postfix as a prerequisite 
fixed some spelling
 2015-12-14 16:14:38 +01:00
Michael Boelen c96e9f079e Merge pull request #83 from alobodzinski/auth-openbsd 
Authentication fixes for OpenBSD
 2015-12-09 22:51:00 +01:00
Michael Boelen 502f106f9a Merge pull request #96 from kboratynski/issue_11-str_1840 
Authorization check for storage devices. Approved.
 2015-12-09 22:49:23 +01:00
Michael Boelen 494ba68a6b Merge pull request #105 from kboratynski/features/ssh_refactor 
Implementation of several SSH related configuration items.
 2015-12-08 18:49:58 +01:00
mboelen 2be968eb2c Add new test BOOT-5106 to check for boot.efi on Mac OS X 2015-12-08 18:41:43 +01:00
Kamil Boratyński 8c544846ab Improved [SSH-7408] with 'AllowTcpForwarding'. 2015-12-07 07:15:48 +01:00
Kamil Boratyński 785119824e Improved [SSH-7408] with 'PermitTunnel'. 2015-12-07 07:15:03 +01:00
Kamil Boratyński 490fd6d5ec Improved [SSH-7408] with 'GatewayPorts'. 2015-12-07 07:14:19 +01:00
Kamil Boratyński 3817ffd299 Improved [SSH-7408] with 'PermitUserEnvironment'. 2015-12-06 01:46:47 +01:00
Kamil Boratyński 5487401aba Improved [SSH-7408] with 'MaxSessions'. 2015-12-06 01:46:47 +01:00
Kamil Boratyński 47576a1bd0 Improved [SSH-7408] with 'MaxStartups'. 2015-12-06 01:46:35 +01:00
Kamil Boratyński 35b663cff9 Improved [SSH-7408] with 'LoginGraceTime'. 2015-12-06 01:45:31 +01:00
Kamil Boratyński 96dfb5cf15 Improved [SSH-7408] with 'Port'. 2015-12-06 01:41:23 +01:00
Kamil Boratyński c394024769 [SSH-7408]: Implemented '!' test type. 2015-12-05 21:46:03 +01:00
Kamil Boratyński d191bed2d7 Improved [SSH-7408] with 'ClientAliveInterval'. 2015-12-05 21:37:27 +01:00
Kamil Boratyński 7bcf442a1e Improved [SSH-7408] with 'ClientAliveCountMax'. 2015-12-05 21:36:13 +01:00
Kamil Boratyński c252b9b376 Improved [SSH-7408] with 'MaxAuthTries'. 2015-12-05 21:18:35 +01:00
Kamil Boratyński 2e37c17675 [SSH-7408]: Implemented '>' test type. 2015-12-05 21:18:35 +01:00
Kamil Boratyński 9a30640327 [SSH-7408]: Implemented '<' test type. 2015-12-05 21:18:32 +01:00
Kamil Boratyński 013886ec16 Refactorized [SSH-7408]. 
First step for differents types of tests.
 2015-12-05 20:39:30 +01:00
Alexander Lobodzinski 199483bd1e Remote syslog server not detected for syslog-ng 2015-12-04 15:43:20 +01:00
mboelen 3e94c4a8f0 Added ssh_host_ed25519_key and ssh_host_ed25519_key.pub as sources to create Host ID 2015-12-04 14:25:24 +01:00
Michael Boelen e227b42eaf Merge pull request #84 from laurentquillerou/master 
Added firewire-core module detection and improvement to egrep statement
 2015-12-04 14:21:57 +01:00
mboelen 386d7701f3 New SSH options added and small changes to improve output on screen and in log file 2015-12-04 11:05:13 +01:00
Kamil Boratyński 9421feb704 Improved [SSH-7408] with 'Compression'. 2015-12-04 09:29:54 +01:00
Kamil Boratyński 201a6728b8 Improved [SSH-7408] with 'TCPKeepAlive'. 2015-12-04 02:30:28 +01:00
Kamil Boratyński 11c6b06c91 Improved [SSH-7408] with 'FingerprintHash'. 2015-12-04 02:29:18 +01:00
mboelen 7d0f5acc54 No warnings for SSH configuration, instead only use suggestions. Plus logging of details. 2015-12-03 12:15:49 +01:00
mboelen e75569babf If a suggestion has specific details, show it on screen 2015-12-03 12:14:39 +01:00
Kamil Boratyński 10b9edd8ef Improved [SSH-7408] with 'PrintLastLog'. 2015-12-03 02:37:56 +01:00
Kamil Boratyński 42a5df3796 Improved [SSH-7408] with 'X11Forwarding'. 2015-12-03 02:29:57 +01:00
Kamil Boratyński cd3cd74b8e Improved [SSH-7408] with 'UseDNS'. 2015-12-03 02:29:57 +01:00
Kamil Boratyński e656111c75 Improved [SSH-7408] with 'IgnoreRhosts'. 2015-12-03 02:29:57 +01:00
Kamil Boratyński 37ab68d501 Improved [SSH-7408] with 'PermitEmptyPasswords'. 
[SSH-7408] will verify 'PermitEmptyPasswords' option too.
 2015-12-03 02:29:57 +01:00
Kamil Boratyński 66b0ee3977 Moved [SSH-7416] into [SSH-7408]. 2015-12-03 02:29:56 +01:00
Kamil Boratyński a07c7ae4f9 Moved [SSH-7412] into [SSH-7408]. 2015-12-03 02:29:56 +01:00
Kamil Boratyński dcd8f89256 Moved [SSH-7414] into [SSH-7408]. 2015-12-03 02:29:56 +01:00
Kamil Boratyński f28fd77583 Modified [SSH-7408] -- made it widely usable. 
Modified [SSH-7408] in such a way that every option for SSH server might
be added in SSHOPS with expected (and wrong) values
(like it was described in comment).
 2015-12-03 02:29:54 +01:00
Michael Boelen 9ca47fd220 Merge pull request #86 from RebuiltBits/master 
Add Python version 2/3 detection and report it
 2015-12-02 18:06:33 +01:00
mboelen d73e79193a Test for longer status string 2015-12-02 17:50:35 +01:00
mboelen 2b101e75e8 Audit status of application firewall and added test for Mac OS X (FIRE-4532) 2015-12-02 17:37:58 +01:00
mboelen 4ab96e4f39 Improved test FIRE-4512 so that it also triggers if no more than 10 rules are found 2015-12-02 16:55:41 +01:00
mboelen 54e7f62d9a Enhancements to retrieve file permissions and related logging 2015-12-01 12:38:40 +01:00
Kamil Boratyński c1c0d722d0 Implemented ISSUE: #11 
Test [STRG-1840] checks authorization.
 2015-12-01 01:18:46 +01:00
mboelen c79a1ea3a4 Show error on screen if license server can not be contacted 2015-11-22 20:43:06 +01:00
mboelen c3054de0fe Added details to logging if upload fails 2015-11-22 19:35:34 +01:00
mboelen 391f67e7c2 Show warning if any error happened during license check 2015-11-22 19:25:32 +01:00
mboelen ce0955d05c Show warning when upload was not succesful 2015-11-22 19:05:25 +01:00
mboelen 756c09cb4a Added YUM details 2015-11-18 15:57:33 +01:00
mboelen c68b70ff2e Extended YUM test for security plugin testing 2015-11-18 15:55:49 +01:00
Jason Novinger e5cc018ad1 Add python2/3 detection and report version 
Add support for checking generic Python, Python 2.x, and Python 3.x with
version reporting.
 2015-11-07 18:16:23 -06:00
mboelen 510de19ce9 NETW-3004 now collects interfaces from most common operating systems 2015-10-27 13:33:16 +01:00
mboelen 7b3299fcb9 Changes to AUTH-9286 to check for minimum age as well 2015-10-27 12:42:41 +01:00
Laurent Quillerou 18eef30c12 Added firewire-core module detection 2015-10-25 18:00:58 +02:00
mboelen a98f377f4d Test for blacklisted host ID values 2015-10-23 13:42:23 +02:00
mboelen d058ba8bfc Added password history tests to PAM plugin 2015-10-22 15:55:14 +02:00
mboelen ebc7cb113e Create a host ID by using SSH keys, when possible 2015-10-22 15:54:51 +02:00
mboelen 69cbabfed2 Log when vulnerable packages are found 2015-10-21 21:45:53 +02:00
Alexander Lobodzinski 250d5b3e0c ypldap on OpenBSD 2015-10-16 11:52:25 +02:00
Alexander Lobodzinski 34eb749636 Authentication fixes for OpenBSD 2015-10-16 11:24:23 +02:00
mboelen a5583da5c3 Adding correct variables for proper logging and testing 2015-10-15 15:57:27 +02:00
mboelen 9d1cec8a9b Changes to check for presence BusyBox, to better support platforms using this as primary shell 2015-10-14 16:49:57 +02:00
Michael Boelen 776a70d6cf Merge pull request #82 from SiemKorteweg/master 
Optimized use of cat, grep and awk.
 2015-10-14 10:55:33 +02:00
mboelen 6bea4e0334 Use POSIX compatible flag, so it also works on BusyBox 2015-10-14 10:28:27 +02:00
mboelen b1437a05ef For exceptions the lynis.log file is a better source 2015-10-14 10:27:37 +02:00
SiemKorteweg 0c48fc3880 Optimized use of cat, grep and awk. 
Detection of duplicate entries in /etc/hosts is now more robust.
On CentOS7 the SERVICE_MANAGER is detected correctly.
 2015-10-10 13:25:14 +02:00
Michael Boelen c0378f38f5 Merge pull request #80 from SiemKorteweg/master 
Combine "sort | uniq" to "sort -u" and sorting data first before making it unique.
 2015-10-08 22:46:21 +02:00
mboelen a99a3d348e Added audit daemon and PAM variables 2015-10-08 16:25:35 +02:00
mboelen fb1cf9e547 Rename PCI-DSS to PCI DSS 2015-10-08 16:25:09 +02:00
SiemKorteweg b7d24c3413 Make sure that the input of "uniq -d" is sorted to avoid that duplicate UID's and hosts entries are missed. 2015-10-06 20:02:33 +02:00
SiemKorteweg bf1da50c14 Combine "sort | uniq" into "sort -u" to reduce the number of processes used for running Lynis. The busybox version of sort also supports the -u option. 2015-10-04 17:59:28 +02:00
mboelen 009a363550 Properly show compliance status now 2015-10-01 22:40:49 +02:00
mboelen ac87ce4c79 Added DisplayManual function, friendly name for compliance, minor enhancements 2015-10-01 22:40:29 +02:00
mboelen 3f8b826585 Renaming of variables for clarity 2015-10-01 22:39:01 +02:00
mboelen 385e62b6a5 Compliance variables 2015-10-01 22:38:29 +02:00
mboelen d6a8a3c425 Correct testing for disabled/blacklisted USB storage driver 2015-10-01 19:56:39 +02:00
mboelen a6ac097a93 Redirect possible errors instead of display on screen 2015-10-01 16:06:27 +02:00
mboelen 85f6c555b2 Minor cleanup and redirecting possible errors 2015-10-01 16:02:09 +02:00
mboelen 2b5c63bff9 Added ShowComplianceFinding function to display any non-compliance with security standards 2015-10-01 13:16:27 +02:00
mboelen 55ee1e90bc Check correct variable for enabled compliance standards 2015-10-01 12:59:15 +02:00
mboelen 9505a10dd7 Add profile setting compliance_standards to define which ones are enabled 2015-10-01 11:59:50 +02:00
mboelen 4c0fa90478 Added variables for compliance standards like HIPAA, ISO27001/ISO27002 and PCI-DSS 2015-10-01 11:58:34 +02:00
mboelen c9c78f751d Added plugin phase variable and specific PAM settings 2015-10-01 11:49:30 +02:00
mboelen fee1961eed Added DigitsOnly function to extract only numbers from a text string 2015-09-30 18:34:16 +02:00
mboelen cf11b95c3f Added detection of ESET products and logging of malware scanner to report 2015-09-28 11:00:34 +02:00
mboelen adb5948b30 Properly parse updated way of storing warnings and suggestions 2015-09-24 21:42:21 +02:00
mboelen cc4feee4e5 New way of reporting a warning 2015-09-24 21:41:48 +02:00
mboelen 784224f4e7 Uniform way of saving warnings and suggestions to the log for later parsing 2015-09-24 21:40:54 +02:00
mboelen 5dfb031e4d Removed bracket 2015-09-24 21:26:55 +02:00
mboelen 1edaba4d71 Added new test [CONT-8108] to check file permissions of Docker files 2015-09-24 20:29:05 +02:00
mboelen 5fe1e6dd65 Corrected logging for tests related to /etc/newsyslog.conf parsing 2015-09-24 20:27:49 +02:00
mboelen 41e08807c9 Changed description of place holder 2015-09-24 20:27:17 +02:00
mboelen 8b5b8b4a01 Added new parameters to ReportSuggestion and ReportWarning functions 2015-09-24 20:26:32 +02:00
mboelen 84821a4ed0 Removed [AUTH-9230] and merged it into [AUTH-9228] 2015-09-24 20:24:46 +02:00
mboelen 31363e9b39 Extended description for vulnerable package tests on FreeBSD 2015-09-24 20:14:59 +02:00
mboelen 2bcb519123 Changed test IDs of place holders 2015-09-24 20:13:05 +02:00
mboelen 9023f17662 Changed test IDs of place holders 2015-09-24 20:12:19 +02:00
mboelen c17fcfd92d Corrected PKGS-7380 and undoubled PKGS-7381 2015-09-24 20:10:30 +02:00
mboelen 1b9b084c03 Changed lmd to maldet, as LMD detection 2015-09-24 17:45:11 +02:00
mboelen 4f5eedabfc Added the detection of LMD, or Linux Malware Detect tooling 2015-09-24 16:45:03 +02:00
Alexander Lobodzinski d80bf2f437 Bugfix: wrong logtext for HRDN-7230 2015-09-22 12:00:44 +02:00
Alexander Lobodzinski adc57330f6 Bugfix: nginx SSL detection worked on Linux only (only GNU sed understands \t on the command line) 2015-09-21 13:04:44 +02:00
Michael Boelen 14a79d8a63 Merge pull request #78 from rsmith-nl/freebsd-services 
Improvements for FreeBSD services
 2015-09-16 23:35:54 +02:00
Roland Smith f11783dbdf Merge branch 'master' into freebsd-services 2015-09-16 20:29:51 +02:00
mboelen 32226d145f Merged patch to properly log umask value 2015-09-16 17:03:13 +02:00
mboelen 91c9760598 Add hardening points properly to umask tests 2015-09-16 17:01:17 +02:00
mboelen d786c687a1 Added variables which were not initialized before 2015-09-16 17:00:12 +02:00
Alexander Lobodzinski 37f9dcb8cc Bugfix for BSD: unrelated variable got logged instead of umask 2015-09-14 19:38:00 +02:00
mboelen df5ff883da Merge branch 'master' of https://github.com/CISOfy/Lynis 2015-09-12 15:19:29 +02:00
mboelen 6fbe0e95c5 Changes to comments only 2015-09-12 15:19:21 +02:00
Alexander Lobodzinski d2c0e7491e In quiet mode, hardening index was not written to log and report files 2015-09-11 14:54:38 +02:00
mboelen 78f32c2f28 Added screen output for /etc/login.conf 2015-09-10 21:46:23 +02:00
mboelen 7d0759297e Corrected case function 2015-09-10 21:42:30 +02:00
mboelen 21d305b689 Add support for testing umask value in /etc/login.conf like FreeBSD systems 2015-09-10 21:07:06 +02:00
mboelen 0b9c6132c6 Add test [SHLL-6230] to test for umask values in common shell configuration files 2015-09-10 21:06:40 +02:00
mboelen fa98d9bba2 Import of tool tips section 2015-09-10 21:05:04 +02:00
mboelen b43bf17954 Remove tool tips section from report 2015-09-10 21:04:18 +02:00
mboelen 28d9a49a5f Renamed BINPATHS to BIN_PATHS 2015-09-10 19:45:12 +02:00
mboelen 0db8eca467 Count total amount of suggestions and warnings 2015-09-10 09:18:20 +02:00
mboelen 7feb7e9a6c Show amount of suggestions and warnings 2015-09-10 09:18:03 +02:00
mboelen b6c0736d6e Added counters for suggestions and warnings 2015-09-10 08:35:57 +02:00
mboelen a8972b7b7f Changed exit codes when using incorrect parameters 2015-09-10 08:35:40 +02:00
mboelen 7f4ee7ba56 Added ExitCustom function and notes for virtualization 2015-09-10 08:35:09 +02:00
mboelen 090bb2d4eb Extended virtualization tests and logging 2015-09-09 20:24:48 +02:00
mboelen 5f2ef483f6 Improved tests and logging for automation tools 2015-09-08 16:02:41 +02:00
Michael Boelen e1c2891db9 Merge pull request #74 from alobodzinski/tooling-cf3 
CFEngine 3 detection
 2015-09-08 15:08:49 +02:00
mboelen 174172eeba Simplify: clarify if a particular set of module is not available, instead of showing cross 2015-09-08 14:59:25 +02:00
mboelen e9373b59b0 Cleanup: Don't show pflogd status on screen, when pf is not available 2015-09-08 14:49:42 +02:00
Alexander Lobodzinski 66ff2a9229 Fixed typos 2015-09-08 14:28:24 +02:00
Alexander Lobodzinski 2d72fe18d3 Detect automation with Cfengine 3 2015-09-08 14:19:11 +02:00
mboelen 1316fdf38b Changed identation for GRUB2 test 2015-09-07 21:13:12 +02:00
Michael Boelen 59390f1717 Merge pull request #73 from laurentquillerou/nginx-conf 
Include main nginx.conf file in parsing.
 2015-09-07 21:06:08 +02:00
Michael Boelen 48fd39c570 Merge pull request #71 from alobodzinski/openbsd-httpd 
merging pull request to skip httpd on OpenBSD systems.
 2015-09-07 20:58:55 +02:00
Laurent Quillerou b83c3fbb10 Include main nginx.conf so that it generate nginx_config_option 2015-09-07 18:52:19 +03:00
mboelen e50eef0c19 Added hint for possible extension to kernel scheduler 2015-09-07 17:43:00 +02:00
mboelen d23ef2db0b Changed screen identation of GRUB2 test 2015-09-07 17:42:29 +02:00
mboelen 1283ccc061 Added new test for UEFI detection [BOOT-5116] and storing data in report 2015-09-07 17:41:05 +02:00
mboelen 919995eb5a Added UEFI_BOOTED_SECURE 2015-09-07 17:40:26 +02:00
mboelen 429fb62fd7 Added UEFI_BOOTED 2015-09-07 17:40:03 +02:00
Laurent Quillerou 3cdd9ea949 Delete trailing whitespace 2015-09-07 18:35:07 +03:00
Alexander Lobodzinski f7ec431a65 /usr/sbin/httpd on OpenBSD is builtin non-Apache webserver, do not run with -v 
If Apache is installed it is detected in /usr/local/sbin/httpd nevertheless
 2015-09-07 17:31:18 +02:00
Michael Boelen a90d225bf4 Merge pull request #68 from d4t4king/master 
include/tests_filesystems tweak
 2015-09-07 12:06:06 +02:00
mboelen 84baf688c8 Renumber test and search for explicit yes value, log status 2015-09-07 11:26:09 +02:00
Michael Boelen f471bf9d96 Merge pull request #70 from kboratynski/auth-9407 
Wrote 'AUTH-9407' - logging failed login attempts.
 2015-09-07 11:19:40 +02:00
mboelen 5165e57b86 Added report option to store logging status of failed logins 2015-09-07 11:17:38 +02:00
mboelen 53840a4cfb Added variable for logging status of failed logins 2015-09-07 11:17:08 +02:00
mboelen fc27379452 Minor cleaning up and improved comment 2015-09-07 10:13:20 +02:00
Kamil Boratyński 0e97f7936f Wrote 'AUTH-9407' - logging failed login attempts. 2015-09-07 04:12:58 +02:00
mboelen a42e8feac2 Added Unbound status and configuration check, logging name cacher status to report file 2015-09-06 21:38:21 +02:00
mboelen 88caa85f59 Added default values for name cachers and Unbound status 2015-09-06 21:37:26 +02:00
mboelen 4a354c8479 Change ipfw to IPFW, change exeception ID for IPFW test 2015-09-06 17:42:56 +02:00
mboelen 10a300ddb7 Don't show pf status on screen when it is not available 2015-09-06 17:38:15 +02:00
Michael Boelen 8ab314cf07 Merge pull request #43 from rsmith-nl/ipfw 
Add test for 'ipfw' firewall on FreeBSD.
 2015-09-06 17:34:36 +02:00
mboelen 05dd1a6814 Remove systemctl to detect virtualization, use systemd-detect-virt instead 2015-09-05 18:51:36 +02:00
mboelen 461920ff72 Enabled dmidecode for virtualization detection 2015-09-05 18:41:04 +02:00
Michael Boelen 2fd7788b9b Merge pull request #58 from markruys/master 
More reliable and often faster check to determine virtualization.
 2015-09-05 17:34:18 +02:00
squid-cache-object 12d9b38288 Update tests_filesystems 2015-09-03 14:14:02 -07:00
Michael Boelen 3927d60b8e Merge pull request #69 from alobodzinski/name-4406-hostname-clash 
Do not let a hostname that is contained in "localhost" like "cal" tri…
 2015-09-03 17:35:25 +02:00
Alexander Lobodzinski e1a87794bc Do not let a hostname that is contained in "localhost" like "cal" trigger a false positive 2015-09-03 17:20:34 +02:00
mboelen d9b7d9a9fd Combined several potential mount option tests into 1 unit 2015-09-03 15:44:10 +02:00
mboelen f4c2bd52fb Ensure that docker is a file, not directory in /usr/libexec 2015-09-03 15:43:33 +02:00
mboelen 235b228fe2 Added vmtoolsd detection 2015-09-03 11:15:55 +02:00
dataking e37446521d include/tests_filesystems tweak 2015-09-01 11:50:07 -07:00
mboelen 2577caf66d Only show suggestion for ntpdate if ntpd isn't running 2015-09-01 17:40:05 +02:00
mboelen d2aaa9662e Changed test description 2015-09-01 16:10:16 +02:00
mboelen 18d97ce60e Use different status for unused firewall rules 2015-09-01 15:50:14 +02:00
mboelen 8cefc0f7b9 Show different status on screen when expired SSL certificates were found 2015-09-01 15:49:50 +02:00
mboelen d4b1812962 Changed screen output when finding old files in /tmp 2015-09-01 15:47:32 +02:00
mboelen 401bf26c91 NIS improvement for test 2015-09-01 13:37:55 +02:00
mboelen 7cb9e364c7 Proper filtering for IPv6 addresses 2015-08-31 13:23:17 +02:00
mboelen d1ae757240 Replaced -z for empty string testing 2015-08-20 18:50:30 +02:00
Michael Boelen afe30cf3a7 Merge pull request #56 from mpepping/master 
Comparison error when Docker is present, but the daemon is not running (or unset).
 2015-08-20 18:48:32 +02:00
mboelen 210ba41a3c Improved umask detection and logging 2015-08-20 18:46:06 +02:00
mboelen 649f0cfb3c Improved BOOT-5180 detection for newer systems like Debian 8 and screen output enhancement 2015-08-20 18:37:03 +02:00
mboelen 7bd91675fe Improved debug logging 2015-08-19 16:20:21 +02:00
mboelen 0c2a9daef9 Show help on screen 2015-08-19 16:19:14 +02:00
mboelen 8c1e1f29a3 Additional logging 2015-08-19 16:02:50 +02:00
mboelen 2e87b8fde9 Apply additional checks on first cURL command execution 2015-08-19 15:51:52 +02:00
mboelen c153344240 Capture self-signed certificates during upload with cURL 2015-08-19 15:31:24 +02:00
Mark Ruys 919e48001d More reliable and often faster check to determine virtualization. 2015-07-27 12:38:13 +02:00
Martijn Pepping 25c8567b57 Fixed an comparison error when Docker is present, but the daemon is not running (or unset). 2015-07-24 23:58:50 +02:00
Mark Ruys c998924b51 Fix STRG-1840 (Check for disabled USB storage) 2015-07-24 15:11:39 +02:00
mboelen dd66273f41 Removed unused categories 2015-07-22 18:28:34 +02:00
mboelen db131518f0 Clean up code 2015-07-22 17:37:39 +02:00
mboelen afd01ece5d Remove incomplete tests, code enhancements 2015-07-22 17:37:11 +02:00
mboelen 66fb369593 Copyright line changes and cleanups 2015-07-22 16:28:11 +02:00
mboelen 17c44ced52 Include examples and clarify usage 2015-07-22 14:57:57 +02:00
mboelen 8f9a616854 Add more descriptive text to the template 2015-07-22 14:26:25 +02:00
mboelen 2b1061ef14 Added suggestions for Solaris auditing 2015-07-22 13:47:44 +02:00
mboelen fd5c968d16 Cleaning up some lines 2015-07-22 13:44:30 +02:00
mboelen afaecd9512 Removing deprecated strings and cleaning up 2015-07-22 12:21:36 +02:00
mboelen 95d08a735a Optimizing code, cleaning up 2015-07-22 12:20:27 +02:00
mboelen e06d706c83 Optimizing code, cleaning up 2015-07-22 12:20:03 +02:00
mboelen 6857f01500 Added LDAP configuration file location to report, and code cleanups 2015-07-16 17:02:15 +02:00
James White f341b01e4d Fix false positive matches with unsafe ports on SQD-3624 
The grep statement needs to be modified to prevent tagging port values that contains a value in `SQUID_DAEMON_UNSAFE_PORTS_LIST` but aren't actually the listed port.
 2015-07-15 11:50:56 +01:00
Michael Boelen 4266992f6b Merge pull request #39 from aneeshusa/check-locate-preqs 
Prevent the locate test from running spuriously when locate is not present.
 2015-07-14 00:55:47 +02:00
Michael Boelen 6694add635 Merge pull request #38 from aneeshusa/update-systemd-sulogin-detection 
Update check for sulogin under systemd.
 2015-07-14 00:49:40 +02:00
mboelen e8111a124f Increase default minimum amount of connections before alerting 2015-07-14 00:31:59 +02:00
mboelen 7d30538311 Added missing bracket 2015-06-17 17:13:44 +02:00
mboelen b947bb085c Changed detection, added examples of fstab entries 2015-06-17 17:06:51 +02:00
mboelen f34e59663f Report hardening index, even when report is not shown 2015-06-11 20:50:19 +02:00
mboelen f0026427bb Textual changes 2015-06-11 13:58:30 +02:00
mboelen 0d4b25d308 Disable suggestion for this test 2015-06-11 13:58:16 +02:00
mboelen e13a9087ea Added compilers to report 2015-06-11 13:57:57 +02:00
mboelen 72feac9638 Added additional legal words for banner usage 2015-06-11 13:57:37 +02:00
mboelen 785ac74f91 Moved tests to new container group 2015-05-27 12:36:34 +02:00
mboelen 5f3c47df68 Added debsecan, debsums and kernel package counting 2015-05-27 12:35:56 +02:00
mboelen 7f0fbcf359 Initial import for container category 2015-05-27 12:34:01 +02:00
mboelen f60011eb1b Removing tests which were already performed in authentication section. 2015-05-27 11:43:08 +02:00
mboelen 917c790ecc Changed text 2015-05-27 11:42:31 +02:00
mboelen fe636c7d6c Docker support 2015-05-27 11:25:35 +02:00
mboelen 30b9b1edd9 Added support for Docker binary 2015-05-27 11:25:07 +02:00
mboelen bb696a04f1 Improved detection of directories in logrotate 2015-05-26 11:13:47 +02:00
mboelen c70f3e93cd Cleanup of screen output, with focus on minimum output 2015-05-26 11:13:23 +02:00
mboelen a1095ef941 Improved swap detection and added UUID check 2015-05-26 11:12:36 +02:00
mboelen 3c3bb2d0db Do not show auditd suggestion for OpenVZ systems 2015-05-26 11:11:42 +02:00
mboelen 1a04109dad Extended descriptions 2015-05-26 11:11:15 +02:00
mboelen 52b8c3a6a7 Added VMTYPE 2015-05-26 11:10:50 +02:00
mboelen b885b9f84f Add missing pipe 2015-05-25 23:20:52 +02:00
mboelen 1d1aa3c966 Improved kernel detection on Slackware 2015-05-25 23:17:42 +02:00
mboelen 2f0e9f0981 Changed last line 2015-05-25 23:17:21 +02:00
mboelen ef2b12e218 Added block and character type devices as symlinks 2015-05-25 23:17:08 +02:00