tyler.durden
/
lynis
mirror of https://github.com/CISOfy/lynis.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
3,661 Commits 2 Branches 62 Tags 17 MiB
Commit Graph

253 Commits

Author SHA1 Message Date
Alexander L 4a71989d2e
Update en 
Sorting
 2020-06-20 14:20:58 +02:00
Alexander Lackner 6aa63f1c95 Update language files (de, de-AT, en) 2020-06-20 02:12:57 +02:00
Thomas Sjögren 78e7ce36af add RHEL 6,7,8 EOL dates 
(cherry picked from commit 6ce0aa41c6)
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2020-06-18 10:15:13 +02:00
Thomas Sjögren 41ad9d380c update all EOL dates to seconds to epoch 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2020-06-16 09:05:55 +02:00
Thomas Sjögren ca6326a12b
Update db/software-eol.db 
Co-authored-by: Jaimie <59117167+Jaimie85@users.noreply.github.com>
 2020-06-15 07:40:57 +00:00
Thomas Sjögren b3e1fc67c8 add Fedora EOL, update other releases 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2020-06-15 01:35:00 +02:00
Jaimie f072f808a2
Update nl 2020-05-20 15:41:46 +02:00
Michael Boelen ce3c80b44f
Merge pull request #883 from topimiettinen/check-encrypted-swap-devices 
Check if system uses encrypted swap devices
 2020-04-12 16:22:22 +02:00
Topi Miettinen de848cb76a
Check for registered non-native binary formats 
Examine /proc/sys/fs/binfmt_misc (Linux) for additional registered
binary formats. Those are probably emulated and their emulation could
be less tested, more buggy and more vulnerable than native binary
formats, so they should be disabled when not needed.

Signed-off-by: Topi Miettinen <toiwoton@gmail.com>
 2020-04-10 12:54:48 +03:00
0xD503 49549f9155 Added Russian translation 
Added Russian localization
 2020-04-05 22:01:29 +01:00
Michael Boelen 032bb6988e
Added new test NETW-2400 2020-04-04 15:28:04 +02:00
Michael Boelen 5288479296
Merge pull request #899 from bginsbach/auth-9218 
AUTH-9218 Improvements
 2020-04-03 09:48:39 +02:00
Brian Ginsbach 6308682cae Combine AUTH-9218 and AUTH-9489 
These two tests are essentially identical. There is no need separate
the DragonFly and FreeBSD tests. This will make it easier to add
support for other BSD systems.
 2020-04-02 20:09:01 -05:00
Michael Boelen 38a5c2cb79
Added new test PHP-2382 2020-04-02 19:46:58 +02:00
Michael Boelen 4cf21ebdcc
Added FILE-6394 2020-04-01 16:19:09 +02:00
Topi Miettinen 5c5cc43c6f
Check if system uses encrypted swap devices 
Add test CRYP-7931 to check if the system uses any encrypted swap
devices.

Signed-off-by: Topi Miettinen <toiwoton@gmail.com>
 2020-03-27 13:05:56 +02:00
Michael Boelen 5e821687af
Added new tests 2020-03-24 13:33:24 +01:00
Michael Boelen 18a570c0b8
Merge pull request #880 from konstruktoid/grphashrounds 
Add test for group password hash rounds
 2020-03-24 13:24:12 +01:00
Thomas Sjögren 6818db5e12 add AUTH-9230 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2020-03-24 11:43:34 +01:00
Topi Miettinen 8913374092 Run 'systemd-analyze security' 
'systemd-analyze security' (available since systemd v240) makes a nice
overall evaluation of hardening levels of services in a system. More
details can be found with 'systemd-analyze security SERVICE' for each
service.

Signed-off-by: Topi Miettinen <toiwoton@gmail.com>
 2020-03-23 17:31:32 +02:00
Michael Boelen 32cefdea0a
Merge pull request #878 from topimiettinen/check-ima-evm 
Check IMA/EVM, dm-integrity and dm-verity statuses
 2020-03-23 13:18:16 +01:00
Michael Boelen 122619d01f
Merge pull request #874 from topimiettinen/check-password-hashing-methods 
Check password hashing methods
 2020-03-23 12:49:20 +01:00
Topi Miettinen 8ea39314f2
Check for dm-integrity and dm-verity 
Detect tools for dm-integrity and dm-verity, check if some devices
in /dev/mapper/* use them and especially the system root device.

Signed-off-by: Topi Miettinen <toiwoton@gmail.com>
 2020-03-23 10:35:38 +02:00
Topi Miettinen 203a4d3480
Check IMA/EVM status 
Check for evmctl (Extended Verification Module) tool and system IMA (Integrity Measurement
Architecture) status.

Signed-off-by: Topi Miettinen <toiwoton@gmail.com>
 2020-03-22 11:21:52 +02:00
Topi Miettinen 26a54991ba
Check for software pseudo random number generators 
Check for running audio-entropyd, havegd or jitterentropy-rngd.

Signed-off-by: Topi Miettinen <toiwoton@gmail.com>
 2020-03-21 16:26:30 +02:00
Michael Boelen 6e9482a571
Merge branch 'master' into netbsd-eol 2020-03-21 13:34:41 +01:00
Topi Miettinen 4a51ad031b
Check password hashing methods 
Manual page crypt(5) gives recommendations for choosing password
hashing methods, so let's check if there are weakly encrypted
passwords in the system.

Signed-off-by: Topi Miettinen <toiwoton@gmail.com>
 2020-03-21 12:50:38 +02:00
Brian Ginsbach 50fc3f816a Add NetBSD EOL data 2020-03-20 13:42:28 -05:00
Brian Ginsbach 52344913d3 Add a way to signify undetermined EOL 
Replace setting an artificaly high date and converted date for
operating systems with no EOL (rolling) or the EOL is still to
be determined. This makes it easier for humans and saves making
a comparison (when using an artifically high converted time)
will always be false (EOL=0).

An example entry

        os:AGreatOS 2.0:👎

The converted time (seconds since the epoch) could be specified as
zero but this typically means the OS is out of date (now), A value
of -1 is a convention indicating no EOL.
 2020-03-20 13:42:28 -05:00
Michael Boelen af03c07d9f
Shortened CentOS 7/8 strings to allow match and added note 2020-03-20 19:39:49 +01:00
Michael Boelen 724acf1be5
Added CentOS 8 end-of-life 2020-03-20 19:33:10 +01:00
Michael Boelen 27cdcec741
Add CentOS 7 (Core) 2020-03-20 14:57:28 +01:00
Michael Boelen 8f37edb626
Update tests.db 
Corrected test ID
 2020-03-20 09:46:08 +01:00
Topi Miettinen 820d2ec607
Check DNSSEC status with resolvectl when available 
'resolvectl statistics' shows if DNSSEC is supported by
systemd-resolved and upstream DNS servers.

Signed-off-by: Topi Miettinen <toiwoton@gmail.com>
 2020-03-19 23:56:24 +02:00
Topi Miettinen 3aaeeea856
Check for rEFInd boot loader 
Detect rEFInd boot loader (https://www.rodsbooks.com/refind/).

Signed-off-by: Topi Miettinen <toiwoton@gmail.com>
 2020-03-19 15:44:30 +02:00
Michael Boelen 3bbe34ea73
[CRYP-8004] enhanced after pulling in initital test 2020-02-15 14:09:56 +01:00
pyllyukko c88953a815
Test SINT-7010 in macOS only 2019-10-08 20:31:35 +03:00
Michael Boelen 87f5596952
Added new test DBS-1828 2019-10-08 15:15:18 +02:00
Michael Boelen f188bac7e8
Update description for FILE-6374 2019-10-08 15:10:02 +02:00
Michael Boelen 157c23e892
Added additional string 2019-09-12 11:14:44 +02:00
Michael Boelen b3cb6e91f0
Ordering of entries 2019-09-03 10:55:05 +02:00
2*yo b8c3c55d68
Add Debian EOL 2019-09-03 10:41:13 +02:00
Michael Boelen a87c2b10f9
Added CRYP-8002 2019-08-29 10:39:43 +02:00
Michael Boelen 1e4e00adea
Changed description of TOOL-5160 2019-08-28 15:37:35 +02:00
Michael Boelen f89aa98408
Added FINT-4316 2019-08-26 08:02:11 +02:00
Michael Boelen d2deb63ebb
Added NETW-3200 2019-08-22 14:12:53 +02:00
Michael Boelen d3464d88b1
[CRYP-7930] changed description 2019-08-21 14:08:17 +02:00
Michael Boelen e5b8047133
Added data and detection of Amazon Linux 2019-08-13 22:00:30 +02:00
Michael Boelen 3e392c8e6c
Added end-of-life data for Arch Linux (rolling) 2019-08-13 21:40:29 +02:00
Michael Boelen a510c1c136
Sorting and added new strings 2019-08-08 12:38:46 +02:00
Michael Boelen 0a6417423f
Added HOME-9304 and HOME-9306 2019-07-26 14:15:09 +02:00
Michael Boelen 3213cadd5a
Added new tests INSE-8318 and INSE-8320 2019-07-16 13:13:25 +02:00
Michael Boelen 27b2a4dc7a
Renamed STRG-1840 and STRG-1842 2019-07-15 20:04:59 +02:00
Michael Boelen 7d33b59b0c
Added tests 2019-07-14 13:19:11 +02:00
Michael Boelen e4498be840
Added new test: PROC-3802 2019-07-10 20:12:43 +02:00
Michael Boelen 6891f64c39
Added CRYP-7930 2019-07-09 10:33:51 +02:00
Michael Boelen a49ea33fea
Changed Ubuntu 18.10 period 2019-07-07 18:47:35 +02:00
pyllyukko 2065b06e95
Added Slackware Linux EOLs 2019-06-12 11:44:22 +03:00
Patark a64e3966c9 Add danish language support (#718) 2019-05-30 12:38:11 +02:00
Thomas Sjögren 4370c4a241 update CentOS releases in software-eol.db (#721) 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2019-05-30 12:36:26 +02:00
Michael Boelen 2855e8503e
Corrected CentOS entries 2019-04-15 19:20:43 +02:00
Michael Boelen 7ebfd3015c
Added new tests 2019-04-04 14:42:06 +02:00
Michael Boelen f2e6b23c9f
Added PKGS-7420 2019-04-02 11:14:49 +02:00
Michael Boelen c83f87853f
Add new tests 2019-03-07 11:01:33 +01:00
Jerry Park 89bf607498 Added Korean translation (#652) 
* Korean translation for ko-KR

Translation in Korean

* changed ko-KR to ko
 2019-03-07 10:01:02 +01:00
Michael Boelen 32fc4a01b0
Corrected FreeBSD, added CentOS and OpenBSD 2019-03-05 19:31:11 +01:00
jirib 0dafe4a02b better OpenBSD support (#641) 2019-03-05 19:03:44 +01:00
Michael Boelen 19f38bc1ef
Updated entries 2019-03-04 13:40:40 +01:00
Michael Boelen f7a291a62f
Use datestamps instead of date, due to compatibility with other platforms 2019-03-04 12:33:03 +01:00
Michael Boelen 34a2742cdb
Initial support for end-of-life OS detection 2019-02-26 16:15:15 +01:00
Michael Boelen 11368b4ca8
Added STATUS_WEAK 2019-01-14 11:13:03 +01:00
Michael Boelen b9c3590f41
[FIRE-4534] Additional support for Hands Off!, LuLu, and Radio Silence 2018-12-14 13:22:23 +01:00
Katarina Durechova 50e147a1e6 Add Slovak translation (#596) 2018-12-13 12:11:16 +01:00
Michael Boelen 5028aa2f70
Added SSH-7406 to detect OpenSSH version + condition based checking in SSH-7408 2018-10-23 17:14:47 +02:00
Michael Boelen d44f51a353
Added and changed description for TOOL-5160 2018-10-23 13:00:16 +02:00
Michael Boelen 532c1a9bb6
Add TOMOYO tests 2018-10-18 11:01:30 +02:00
Michael Boelen 19b999dc79
[MAIL-8804] added 2018-06-26 11:34:32 +02:00
Ozgur 6f7feed172 add AZ translate (#551) 2018-05-27 09:13:25 +02:00
kisst 039945bde6 DNS-1600 Check for DNSSEC validation (#535) 2018-05-02 13:19:01 +02:00
John Eismeier c5dcbe8c31 Propose fix some typos (#538) 2018-04-23 10:54:44 +02:00
Michael Boelen a8ead02183
Removed SHLL-6290 from database 2018-02-09 12:43:19 +01:00
mslifcak c170f1fc0a Pin db sync (#519) 
* fix testname in one Register and four comments

* remove db dup MAIL-8816; add db AUTH-9489 BOOT-5261 CORE-1000 FILE-6363 FILE-6439 KRNL-5831 MAIL-8817 SINT-7010 USB-3000

* fix description PLGN-3856
 2018-02-09 12:37:10 +01:00
Michael Boelen 1637619351
Renamed language file 2018-01-17 16:06:14 +01:00
alphaomicron a12dfa0847 Create GR (#508) 2018-01-17 13:50:07 +01:00
Ygor Maximo a20fd448ab Update pt (#482) 
Fixed typos. Update made based on information from 'en' file
 2017-10-29 10:21:44 +01:00
aolivac ac524617e5 replace invalid quotes ,error lynis/db/languages/es: Syntax error: Unterminated quoted string (#477) 2017-10-19 09:55:52 +02:00
Michael Boelen 5768d39e16
Updated translations 2017-09-18 08:01:00 +02:00
Michael Boelen 01a806dd45
Extended and activated languages 2017-09-17 20:15:39 +02:00
Jesus Christian Cruz Acono 159477ca6d Update es (#464) 
added more strings
 2017-09-17 20:02:22 +02:00
bruberg 9ddf9e7335 Add Norwegian language file (#450) 2017-09-01 16:23:39 +02:00
(╯°□°)╯︵ uᴉǝssnH ɐɟɐʇsoW 3b66a22f39 Firewall check updates (#414) 
* Check if CSF is running

* Check for APF presence
 2017-07-10 15:23:32 +02:00
superpoussin22 e18d347244 Update fr (#410) 
more accurate translation I think, and all lines translated
 2017-07-01 10:29:41 +02:00
(╯°□°)╯︵ uᴉǝssnH ɐɟɐʇsoW 4cbe8f32c6 add suhosin status test (#401) 
* add suhosin status test

* get matched line only
 2017-06-14 14:06:51 +02:00
Dolev c3a7c5ed5b Hebrew translation for Lynis (#394) 2017-05-23 14:55:12 +02:00
Michael Boelen 4ecb9d4d05
[bulk change] cleaning up, code enhancements, initialization of variables, and new tests 2017-04-30 17:59:35 +02:00
Michael Boelen 7f06a2c34f Added MAIL-8820 test for Postfix 2017-03-27 17:14:11 +02:00
Michael Boelen 24318c273a Added MAIL-8817 2017-02-28 20:17:11 +01:00
Michael Boelen b2f13a2f92 [TIME-3148] new test for TZ variable 2017-02-22 15:06:19 +01:00
Michael Boelen 0712073826 [DBS-1818] MongoDB status 2017-02-10 13:07:38 +01:00
Michael Boelen d27c1eda84 [DBS-1820] Test for MongoDB authentication 2017-02-10 12:58:47 +01:00
Michael Boelen 103ed2afb3 Added FIRE-4586 2017-01-28 15:46:42 +01:00
Orhan Biyiklioglu b70da57b05 Added Turkish language support (#333) 2016-11-21 14:01:06 +00:00
Michael Boelen 483a45e506 Updated files 2016-11-13 20:11:22 +01:00
Dayvidson Bezerra 021f8ca45d Translate EN for PT (#328) 
Looks, good, merging.
 2016-11-13 19:09:52 +00:00
Juha 19e97a6d35 Added Finnish language support (#325) 2016-11-11 18:59:29 +00:00
Michael Boelen fba5140150 [FIRE-4534] detection of Little Snitch 2016-10-15 11:26:51 +02:00
citypw feaec3b673 add Chinese language support (#285) 2016-10-10 12:55:11 +02:00
Michael Boelen 0cc27b956e New test INSE-8050 2016-10-05 09:50:06 +02:00
Michael Boelen cf558df73a Added PKGS-7320 and PKGS-7322 2016-09-24 16:16:52 +02:00
Michael Boelen df2fff6cc7 Added NAME-4408 to check localhost to IP mapping 2016-09-13 17:27:25 +02:00
PCarlsson 6af4ec6ca2 Create se (#279) 
Added Swedish translation.
 2016-09-12 09:24:44 +02:00
Michael Boelen e31899a421 Added FIRE-4540 2016-09-05 19:28:16 +02:00
Michael Boelen 285dde402f Added CONT-8107 2016-08-29 14:18:17 +02:00
Michael Boelen f663768423 Added latest version 2016-08-23 20:20:18 +02:00
Michael Boelen 50b6096e9d Added LOGG-2192 test 2016-08-22 12:21:48 +02:00
Michael Boelen e6db11b787 Added BOOT-5108 2016-08-18 15:32:27 +02:00
Michael Boelen 889a57fc03 Added DBS-1888 to test for Redis bound to localhost 2016-08-12 09:57:03 +02:00
Michael Boelen 2dae957c58 Updated text description 2016-08-12 09:45:00 +02:00
Michael Boelen 6931163442 Added new tests 2016-08-11 19:54:59 +02:00
Yukio Takahara 16ec22ac7b Japanese translation add to ja file (#256) 2016-08-10 09:56:08 +02:00
Zoltan Paldi a7b11aea56 Hu translation (#255) 
* Replace egrep pattern from 'LANGUAGE' to 'LANG'

* Hungarian translation add to hu file
 2016-08-09 15:16:13 +02:00
Michael Boelen 4c3e216c27 Remove comments 2016-08-04 14:20:56 +02:00
stefanomarty a962ad779a Italian translation (#253) 
Italian translation
 2016-08-04 14:18:42 +02:00
kairaven da9f228223 German translation for de (#252) 
* Update de

* German translation for de
 2016-08-04 10:49:04 +02:00
Michael Boelen 9ee232de31 Added Polish translation file 2016-08-01 09:22:55 +02:00
Michael Boelen d2951c117b Extended language files with new strings 2016-08-01 09:22:07 +02:00
Michael Boelen 62c7b46311 Added new error messages 2016-07-31 11:47:32 +02:00
Michael Boelen f436a59c5f Translation of error status 2016-07-31 11:31:21 +02:00
Michael Boelen 6dbb64544a Updated language files 2016-07-31 11:29:04 +02:00
Michael Boelen a00f7130dd Added error text string 2016-07-30 13:23:01 +02:00
Michael Boelen 8a95b49913 [TOOL-5104] added 2016-07-30 12:05:55 +02:00
Michael Boelen f498d7bf2c Added translation for 'enabled' 2016-07-28 11:07:17 +02:00
Michael Boelen 691d8a610d Added translation for 'disabled' 2016-07-28 11:06:17 +02:00
Michael Boelen 37763dcf4f [DBS-1880] Detection for redis 2016-07-24 19:46:45 +02:00
Michael Boelen 64348b772c Add category and display more details about tests 2016-07-24 11:42:50 +02:00
Jesus Christian Cruz Acono 115b119c9b Update es (#235) 
some translated strings, need review, and ortographic correction
 2016-07-18 20:20:14 +02:00
Yann ILAS 2abaefeb21 Correction for some typos (#227) 2016-07-14 13:29:41 +02:00
Michael Boelen 9f7671b162 Initial import of tests database to be used with lynis show tests 2016-07-13 13:19:42 +02:00
Michael Boelen 9986cdd58f Updated language files 2016-07-12 22:02:30 +02:00
Michael Boelen 2b2051dca7 Changed incorrect variable for skipped tests 2016-07-05 18:18:22 +02:00
Michael Boelen dddcf35fa3 Enable French translations 2016-06-21 08:07:41 +02:00
doc 0733ae856a first french translations (#216) 2016-06-21 07:52:18 +02:00
Michael Boelen dc0fa690f3 Updated language files 2016-06-18 11:58:07 +02:00
Michael Boelen 31bd96d216 Added files for Portugese, Chinese, Italian 2016-06-18 11:57:26 +02:00
Michael Boelen ea946ca4ad Added templates for French and Russian translations 2016-06-18 11:55:22 +02:00
Michael Boelen da8cfe8686 Added new translated strings 2016-06-18 11:16:18 +02:00
Michael Boelen 9f0e75f98e Import of Spanish language file 2016-06-11 14:34:47 +02:00
Michael Boelen 18c3984b20 Remove test string 2016-06-11 14:10:54 +02:00
Michael Boelen 34c973386e Import initial set of languages 2016-06-11 14:09:59 +02:00
mboelen 32da184947 Add new hints to the database 2016-04-25 10:16:57 +02:00