tyler.durden
/
lynis
mirror of https://github.com/CISOfy/lynis.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
3,393 Commits 2 Branches 62 Tags 17 MiB
Commit Graph

170 Commits

Author SHA1 Message Date
Martin Schurz 2d1b217c6c [AUTH-9229] resolve inconsistency with AUTH-9230 2021-01-13 15:07:12 +01:00
Michael Boelen da1c1eca10
Preparation for release 3.0.3 2021-01-07 15:22:19 +01:00
Michael Boelen 372c7fb98e
Merge pull request #1087 from konstruktoid/ISSUE1085 
only fail AUTH-9230 if both SHA_CRYPT_{MIN,MAX}_ROUNDS are undefined
 2020-12-24 10:19:25 +01:00
Thomas Sjögren 60ed001140 indentation 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2020-12-15 23:14:03 +01:00
Thomas Sjögren 807cfd430a nitpick about new line 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2020-12-15 01:45:58 +01:00
Thomas Sjögren fbb8ffa301 only check the lowest hashing round value, and correct log text 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2020-12-15 01:43:10 +01:00
Thomas Sjögren 76e89b525b only fail AUTH-9230 if no _MAX_ROUNDS is defined 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2020-12-14 21:43:14 +01:00
Simon Biewald 0c686bb6ea Use the new status strings in tests 
See-Also: HEAD^
Signed-off-by: Simon Biewald <simon@fam-biewald.de>
 2020-11-14 20:34:43 +00:00
Josh Soref 08c8d1b8f3 spelling: authentication 
Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
 2020-11-08 23:35:46 -05:00
Michael Boelen 499cf1cdb9
Small code enhancements 2020-10-25 18:48:42 +01:00
Michael Boelen bd6e1d5d39
Include AUTH-9284 and minor changes 2020-10-22 14:17:01 +02:00
Michael Boelen e67f786caa
Merge pull request #1009 from danielorihuela/feature/get-info-on-locked-accounts 
[AUTH-9284] Feature: gather locked accounts info
 2020-10-22 14:13:34 +02:00
Stéphane 67d04f2536
Add translate function for all sections 
+ add EN and FR up to date languages files
 2020-10-22 00:13:42 +02:00
danielorihuelarodriguez@gmail.com 5ca6b7ed79 feature: take into account LK 
Some distributions like CentOS 8 contains "LK" instead of "L" for
locked users.
 2020-08-28 23:19:37 +02:00
danielorihuelarodriguez@gmail.com c857ee7cf2 fix: take into account unlocked system accounts 2020-08-23 19:54:59 +02:00
danielorihuelarodriguez@gmail.com 6bad6b058b feature: gather locked accounts info 2020-08-10 19:27:43 +02:00
Michael Boelen 96e7ba5aaa
Activate test for all operating systems, remove function keyword 2020-06-27 10:21:24 +02:00
Wes Price dcf9bd0938 [AUTH-9229] resolving syntax error on MacOS Catalina 2020-06-26 12:29:40 -10:00
Michael Boelen e6c6fdc9a8
[AUTH-9229] Undo escaping exclamation mark and disabling test for AIX and macOS 2020-06-26 10:24:37 +02:00
Michael Boelen 68c6bdff16
[AUTH-9229] escaped exclamation mark 2020-06-26 09:34:40 +02:00
Michael Boelen 36f86d76c4
[AUTH-9229] added option to look for LOCKED accounts 2020-06-23 13:57:14 +02:00
Michael Boelen 5288479296
Merge pull request #899 from bginsbach/auth-9218 
AUTH-9218 Improvements
 2020-04-03 09:48:39 +02:00
Brian Ginsbach ac7ad92f22 AUTH-9218 add NetBSD and OpenBSD 
All of the BSDs have `/etc/master.passwd`.
 2020-04-02 20:09:34 -05:00
Brian Ginsbach 50a60fed87 AUTH-9218 add requires root 
The `/etc/master.passwd` file on BSD systems is (or should be) read/write
root only. Skip the test if not being run as root.
 2020-04-02 20:09:15 -05:00
Brian Ginsbach 6308682cae Combine AUTH-9218 and AUTH-9489 
These two tests are essentially identical. There is no need separate
the DragonFly and FreeBSD tests. This will make it easier to add
support for other BSD systems.
 2020-04-02 20:09:01 -05:00
Brian Ginsbach 4bcd695428 AUTH-9268 Add DragonFly 
DragonFly also supports PAM. Rework to use the `--os` option of `Register`
rather than `--preqs-met` as the former can support a list.
 2020-04-02 15:59:11 -05:00
Michael Boelen 288bca9334
Merge pull request #887 from bginsbach/fix-auth-9229 
AUTH-9229 Do not use long options for sort
 2020-03-31 16:35:48 +02:00
Brian Ginsbach 90b17121ba Fix AUTH-9230 for systems without /etc/login.defs 
This fixes a bug where it was determined that /etc/login.defs didn't
exist as a prerequisite but then wasn't used to skip the test. Prevents
warnings from `grep(1)` for "no such file or directory".
 2020-03-29 15:31:41 -05:00
Brian Ginsbach 18daa9f495 AUTH-9229 Do not use long options for sort 
Use the standard `sort(1)` short option `-u` rather than `--unique`,
since not all versions support long options.
 2020-03-29 15:06:36 -05:00
Thomas Sjögren bc09f921f0 fix indentation 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2020-03-24 11:53:50 +01:00
Thomas Sjögren 0b9e2d85d6 fix tabs 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2020-03-24 11:45:05 +01:00
Thomas Sjögren 5341fa7b29 AUTH-9229 isnt related to login.defs, add AUTH-9230 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2020-03-24 11:44:14 +01:00
Michael Boelen 17bbaa8f7a
[AUTH-9229] make test only available for root 2020-03-23 13:19:10 +01:00
Michael Boelen 122619d01f
Merge pull request #874 from topimiettinen/check-password-hashing-methods 
Check password hashing methods
 2020-03-23 12:49:20 +01:00
Michael Boelen 17ac4d2c1c
[AUTH-9252] corrected permission check 2020-03-23 10:44:45 +01:00
Michael Boelen 058b071ea2
Merge pull request #877 from bginsbach/auth-9268-add-bsd 
Add FreeBSD and NetBSD to AUTH-9268
 2020-03-22 15:16:09 +01:00
Brian Ginsbach 33ba896b41 Add FreeBSD and NetBSD to AUTH-9268 
Add FreeBSD and NetBSD as both support PAM. Simplify the PREQS_MET
test by using a case rather than a long if or.
 2020-03-21 20:03:37 -05:00
Brian Ginsbach f56c3b5f94 Combine NetBSD and OpenBSD AUTH-9234 check 
Both NetBSD and OpenBSD have `useradd(8)`, so they can share logic
checking `/etc/usermgmt.conf` for the default user UID range.
 2020-03-21 16:16:34 -05:00
Brian Ginsbach 044c78452b Add AUTH-9234 for NetBSD 2020-03-21 16:10:05 -05:00
Topi Miettinen 4a51ad031b
Check password hashing methods 
Manual page crypt(5) gives recommendations for choosing password
hashing methods, so let's check if there are weakly encrypted
passwords in the system.

Signed-off-by: Topi Miettinen <toiwoton@gmail.com>
 2020-03-21 12:50:38 +02:00
Brian Ginsbach 32d1155953 Fix uses of non-standard find not operator 
Use ! rather than the non-standard -not find(1) operator.
 2020-03-20 14:37:56 -05:00
Michael Boelen 38310223a6
Updated date/year 2020-03-20 14:50:25 +01:00
Michael Boelen 0b0b0ea905
Style improvement 2020-03-12 16:01:11 +01:00
gfelkel 5bce9d598c
AUTH-9228 for HP-UX 
HP-UX also has /usr/sbin/pwck. For trusted systems, two additional options -s (check inconsistencies with the protected password database) and -l (check encrypted password lengths that are greater than 8 characters) are available.
 2020-01-23 13:30:46 +01:00
Michael Boelen 09f29a5e64
Code style improvement: quote argument 2019-12-18 12:17:46 +01:00
Dave Vehrs e6bf111f41 Updated tests for file permissions to case statements 2019-10-23 14:47:03 -06:00
Kristian Schuster 364b770c64
kernel-test: determine reboot requirement for more distros. Plus a few fixes 2019-09-28 00:39:12 +02:00
Michael Boelen 2c32e8e04d
Merge pull request #765 from Marzal/Marzal-AUTH-9282 
Fix auth-9282
 2019-09-21 15:49:58 +02:00
Marzal 0e1e80bacf Double quote to prevent globbing and word splitting.SC2086 2019-09-19 23:36:36 +02:00
Marzal 42ac40aad6 Change variable name from FIND to FIND_P so is not reset by Register 2019-09-19 23:33:19 +02:00