tyler.durden
/
lynis
mirror of https://github.com/CISOfy/lynis.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
1,155 Commits 2 Branches 61 Tags 16 MiB
Commit Graph

830 Commits

Author SHA1 Message Date
Michael Boelen 0173bd3832 Code rewrites after linting 2016-05-03 12:40:05 +02:00
Michael Boelen 5339a0d466 Improve readability and add missing ;; 2016-05-03 12:19:26 +02:00
Michael Boelen 9c9ca6f947 Proper call to WaitForKeyPress 2016-05-03 11:00:06 +02:00
Michael Boelen 70fd028713 Remove inclusion of empty tests_custom file 2016-05-03 10:58:41 +02:00
Michael Boelen 924e53ed76 Do an earlier detection of grsecurity and store result, so tests can be simplified 2016-05-03 10:58:05 +02:00
Michael Boelen 2205866521 Remove tabs, test for all Red Hat clones, enhanced text 2016-05-02 19:12:55 +02:00
alobodzinski 2b52276110 - Running lynis from /etc/cron.daily some programs delete in-use files (#186) 
- grep for whole words to ignore
- logging what exactly keeps a file open can be very helpful
 2016-05-02 19:08:11 +02:00
StrangeBubble 3a19887972 Update tests_kernel (#185) 
Error during the process of the FIND variable.
 2016-05-02 17:35:55 +02:00
Michael Boelen 99236b13f4 Mark apt-get related tests to be root-only 2016-05-02 17:13:31 +02:00
Michael Boelen efebb99da1 Add action to take when a file has not the right permissions 2016-05-02 17:13:06 +02:00
Michael Boelen 6ea27b912c Add owner and group permissions check 2016-05-02 15:45:27 +02:00
mboelen 6e2640c4d5 Retrieve SSH settings from active configuration and store earlier, test with lowercase settings for other tests 2016-05-02 15:04:40 +02:00
mboelen 9208e35f20 Added alias --no-plugins to skip plugins 2016-05-02 13:57:16 +02:00
mboelen a765163a25 Minor changes to identation and variable names 2016-05-02 13:26:27 +02:00
Eric Light bcaf7a55ef Remove wchan from PROC-3614, to finish #179 (#182) 
Attempt number two, fixing the awk line this time  :)
 2016-05-02 13:24:19 +02:00
StrangeBubble 81a4821636 Check if file is symlink or not (#184) 2016-05-02 13:23:43 +02:00
mboelen 1a680c294f Replace incorrect function call to report 2016-04-28 12:58:33 +02:00
mboelen 43f6baeb2e Replaced old function names with new ones 2016-04-28 12:32:18 +02:00
mboelen 42607ceaf5 Replaced old function names with new ones 2016-04-28 12:31:57 +02:00
mboelen 539bd49856 Big overhaul of functions file. Cleaning up, structurizing, and adding comments 2016-04-28 12:31:38 +02:00
mboelen 9e312f5a5f Replaced functions and minor cleanups 2016-04-28 09:15:54 +02:00
mboelen 5e587adf8a Change ntp_falseticker in report, added ntp_unreliable_peer 2016-04-28 08:51:43 +02:00
mboelen f109c318d9 Detect when weak protocols are used, simplify nginx test 2016-04-27 16:51:12 +02:00
mboelen 1825d91c85 [HTTP-6710] Show suggestion when using a weak protocol 2016-04-27 16:37:32 +02:00
mboelen eb0206198a [HTTP-6710] Show SSLv3 as weak protocol 2016-04-27 16:36:24 +02:00
mboelen 7c4099a7da Call WaitForKeypress from wait_for_keypress, and report this old function when called to developers 2016-04-27 16:14:22 +02:00
mboelen f4691536ee Add nginx ssl_protocol values to report, minor adjustments to ReportDetails function 2016-04-27 16:09:29 +02:00
mboelen b453190cd7 Added firewall_software[] to report 2016-04-27 10:52:45 +02:00
mboelen 84d619852a [PROC-3612] Removed wchan from output to solve issue with grsecurity-enabled kernel 2016-04-27 10:30:40 +02:00
mboelen 6a4287bd64 Proper reference to IsDeveloperMode 2016-04-26 21:25:14 +02:00
mboelen b6884dfda3 Add file permission and ownership tests for cronjobs 2016-04-26 21:21:15 +02:00
mboelen c98b37955c Added IsOwnedByRoot function 2016-04-26 21:20:37 +02:00
mboelen 098a2e3760 Added istat binary 2016-04-26 21:20:17 +02:00
mboelen e20404c60b Add test for world-writable cronjobs 2016-04-26 14:06:27 +02:00
mboelen 7b33ead897 Adding aliases and optimization for value testing 2016-04-26 14:05:56 +02:00
mboelen 216611259e Optimize IsWorldWritable function, with additional debugging data for developers 2016-04-26 13:52:26 +02:00
mboelen 812a0ea270 Added developer-mode option for profiles 2016-04-26 13:51:54 +02:00
mboelen 55799a524c Added developer mode (--developer) 2016-04-26 13:40:21 +02:00
mboelen 2cefdb79d6 Log when a file is world-writable according IsWorldWritable 2016-04-26 13:34:17 +02:00
mboelen 4791b8a6bf Add scheduler[] and minor cleanups 2016-04-26 13:05:17 +02:00
mboelen 448fd65e31 Remove tab 2016-04-26 13:00:41 +02:00
mboelen 705e2444ee [SCHD-7702] Added test to check cron daemon status 2016-04-26 12:58:17 +02:00
mboelen ea9c40a36c Changed text to avoid showing up as a suggestion 2016-04-25 20:48:21 +02:00
mboelen ee7b5f87bb [BANN-7119/BANN-7122] Disabled tests 2016-04-25 20:04:23 +02:00
mboelen 7878fad617 Removed --config option in favor of lynis show profiles 2016-04-25 20:04:00 +02:00
mboelen 4dcb9eccff Allow skipping of plugins with --skip-plugins or skip-plugins 2016-04-25 16:00:10 +02:00
mboelen e5790dc8c6 Added: lynis show tests skipped (skipped tests) 2016-04-25 15:49:45 +02:00
mboelen ba0381a775 Lowercase all tests when using them in comparisons 2016-04-25 15:49:00 +02:00
mboelen c02ab08b50 Set quiet and quickmode when using --show-warnings-only or show-warnings-only 2016-04-25 11:51:37 +02:00
mboelen bedadd9cd1 Do not show text on screen in quiet mode 2016-04-25 11:13:27 +02:00
mboelen 2f07fa1d87 Allow show-warnings-only and --(show-)warnings-only option 2016-04-25 11:10:23 +02:00
mboelen 3e20c1e30b [KRNL-5788] Improvements for grsecurity kernels 2016-04-25 10:56:11 +02:00
mboelen 0f64d106b1 Changed supporting text for ReportManual function 2016-04-25 10:55:34 +02:00
mboelen eae8ef99a4 Exit with exit code 0 by default, unless error-on-warnings is being used 2016-04-25 10:18:09 +02:00
Eric Light bcdca90942 Update KRNL-5788 for grsecurity (#178) 
* If grsec installed, build FINDKERNEL from uname -r

When running a grsecurity-patched custom kernel, the /vmlinuz link is often missing.  If this link is missing, and grsecurity is installed, then we can calculate the location of FINDKERNEL with the words "linux-image-", plus the output of "uname -r".

* Suggest manually checking kernel if grsec installed

We can't rely on the apt-cache output when running grsecurity.  This is because apt-cache can't tell us if we're running an up-to-date kernel, when it's a custom kernel with grsecurity.  Instead of confirming that the kernel is OK, we instead should remind the auditor to double-check themselves.
 2016-04-25 09:34:14 +02:00
Eric Light c0f86fef09 Minor reword ("latest" -> "latest installed") (#174) 2016-04-25 09:33:55 +02:00
mboelen 904da4d123 Allow additional profile with --profile 2016-04-23 17:55:32 +02:00
mboelen 60a7abf877 [PKGS-7354] Test for DNF repoquery plugin before using it 2016-04-21 11:44:42 +02:00
mboelen 821be1ea0c Remove color between categories, to prevent new users missing that on white background 2016-04-20 14:14:10 +02:00
mboelen 560acfadf6 Log what particular atomic test has been skipped and why 2016-04-20 12:08:34 +02:00
mboelen 5757837e28 Show skipped items when running in verbose mode 2016-04-20 12:08:10 +02:00
Eric Light a6393bd8a0 Display skipped atomic tests (#169) 
Added section to log & display skipped atomic tests.
 2016-04-20 10:46:40 +02:00
mboelen f915df67d1 Add --verbose option 2016-04-19 21:11:42 +02:00
mboelen b1403aac20 Only show specific status of services when using --verbose 2016-04-19 21:09:27 +02:00
mboelen 5996dcdc95 Add verbose option to profiles 2016-04-19 19:47:50 +02:00
mboelen f0e7b531cd Add --verbose option 2016-04-19 19:46:20 +02:00
mboelen 64561d4b07 Add IsDebug and IsVerbose functions 2016-04-19 19:44:23 +02:00
mboelen d54f3ae307 Collect more ideas for improving the show command 2016-04-19 19:43:51 +02:00
mboelen c1f0b5e8b0 Allow usage of quick=yes in profile 2016-04-19 18:01:48 +02:00
mboelen c2d5d93fad Colored output for debug details on screen 2016-04-19 18:01:16 +02:00
mboelen 1f0261f168 Add details to AddHP function 2016-04-19 17:48:06 +02:00
mboelen 166c35bc69 Change color when UEFI is disabled 2016-04-19 17:45:46 +02:00
mboelen 2a22e5c42a Renamed logtext and report function calls 2016-04-19 17:43:33 +02:00
mboelen 11d0dabf4f [FILE-6372] Ignore comments in /etc/fstab 2016-04-19 17:39:01 +02:00
mboelen 5aa1a27e32 Cleanup 2016-04-19 17:36:53 +02:00
mboelen 6d512f48ac Improved text for assigning hardening points 2016-04-19 17:35:45 +02:00
mboelen a2514f20e1 Improve logging to state what directory will be scanned 2016-04-19 17:25:25 +02:00
mboelen a3ae0a450a No breaks betweens directories 2016-04-19 17:24:08 +02:00
mboelen 2d7ef97605 Consider binaries check as a core test 2016-04-19 17:23:12 +02:00
mboelen a23758e21f Replace = signs to simplify parsing of data 2016-04-19 13:56:28 +02:00
mboelen 3008727ce0 Log exit code of upload activities 2016-04-19 13:56:00 +02:00
mboelen 2886ad0b7e Allow skipping of tests 2016-04-19 12:38:00 +02:00
mboelen a2594fc370 [SSH-7408] Allow skipping some of the SSH tests 2016-04-19 12:37:40 +02:00
mboelen e9eae5b8b5 Allow skipping of individual tests or atomic tests 2016-04-19 12:37:00 +02:00
mboelen 1af95edd8a Updated ReportDetails call with service name 2016-04-19 12:05:13 +02:00
mboelen 0783b2fd4b Use SSH configuration from sshd instead of configuration file, add more details to report 2016-04-19 12:04:51 +02:00
mboelen e68d9e0dae Make report better readable 2016-04-19 12:04:08 +02:00
mboelen 36b7d1bcdd Added new profile option: quick 2016-04-19 12:03:48 +02:00
mboelen 461bb84b62 Use correct TEMP_FILE variable 2016-04-19 10:34:04 +02:00
mboelen 41589b14c2 Added missing ;; 2016-04-19 09:55:02 +02:00
mboelen 2c815129e4 Added details and changed suggestion text 2016-04-19 09:54:18 +02:00
mboelen 722703da31 Extended ReportDetails function 2016-04-19 09:53:30 +02:00
mboelen bebf3d0bd5 Use semicolon instead of comma 2016-04-19 07:38:24 +02:00
mboelen 1205511c9d Change of variables for IDS/IPS and layout changes 2016-04-15 20:07:20 +02:00
mboelen e86f0522bf [TOOL-5102] Imported Fail2ban support and minor improvements 2016-04-15 14:51:53 +02:00
Eric Light 9c2229483f Replaced call to iptables with $IPTABLESBINARY (#167) 
* Replaced call to iptables with $IPTABLESBINARY

* Check for iptables before checking Fail2Ban chain
 2016-04-15 14:18:11 +02:00
mboelen e86c68e3c5 Using question mark better defines the status then NA for most users 2016-04-13 21:49:43 +02:00
mboelen d4a5aba7ea [FILE-7524] Support for multiple profiles 2016-04-13 19:50:15 +02:00
mboelen 015287e963 [CRYP-7902] Added support for multiple profiles 2016-04-13 19:49:30 +02:00
mboelen f4a1ee8ac2 [NETW-3014] Test whitelisted interface in enabled profiles 2016-04-13 17:08:58 +02:00