tyler.durden
/
lynis
mirror of https://github.com/CISOfy/lynis.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
2,628 Commits 2 Branches 61 Tags 16 MiB
Commit Graph

2628 Commits

Author SHA1 Message Date
Julian Phillips 84dd024887 [CRYP-7930] Modify to use 'lsblk' and 'cryptsetup' 
There are several challenges with the existing method of using
/etc/crypttab:

1)encrypted rootfs partitions are not typically listed in this
file (users are prompted for password in early boot instead)

2)the 'luks' option is the default option so it is possible for
/etc/crypttab entries to never have this set explicitly and any
block device configured as such will be missed currently

3)any device mounted manually, or using any other mechanism aside
from /etc/crypttab will be missed

This commit executes 'cryptsetup isLuks' on every block device in
the system to determine whether it is a LUKS device. This handles
all 3 cases mentioned above.

Test case wording was also updated to reflect the fact that it
only checks for LUKS entrypted block devices. So, plain dm-crypt
and TrueCrypt/VeraCrypt block device encryption is not detected.
Nor is any file system level encryption such as eCryptfs, EncFs,
gocryptfs.
 2019-07-17 16:18:12 -07:00
David d1cb74e7d9
Delete PRIVILEGED var from this file 
if PRIVILEGED is set in the file, it will overwrite the value in the main program always to 0.
This change depends in the other commit that set the variable in both cases.
 2019-07-17 23:28:51 +02:00
David 8de806c9a7
PRIVILEGED var needs to set in both cases 
set PRIVILEGED in both cases, because now this variable is set before ". ${INCLUDEDIR}/consts" and needs not to be set in that file in order to not be reset to a default value.

Also fix typo:
PENTESTINGMODE is set when NO root privileges are used
 2019-07-17 23:25:40 +02:00
David 06413994cf
Initialize some vars to allow strict mode to work 
IsRunning():
To check if $users is empty in strict mode we need the var to be initializez

ReportException:
Some test call this function without the second parameter, this is not allowed in strict mode if we don't initialize the variable
 2019-07-17 23:16:47 +02:00
David 250fb965d3
Strict mode needs this vars initialized 2019-07-17 23:08:20 +02:00
Michael Boelen 2576bc8fca
Updated log 2019-07-16 19:11:07 +02:00
Michael Boelen a4d15f77b5
Differentiate between a discovered binary and running process 2019-07-16 19:10:04 +02:00
Michael Boelen 9e56706aa6
Formatting and improved logging 2019-07-16 19:06:31 +02:00
Michael Boelen 2bd1b1b590
Format change 2019-07-16 19:05:28 +02:00
Michael Boelen d696d521c1
Extended IsRunning function to allow for searching by a combination of process name and user. 2019-07-16 19:04:53 +02:00
Michael Boelen 5869fa4eb1
[INSE-8050] added com.apple.ftp-proxy and improved text output 2019-07-16 14:35:00 +02:00
Michael Boelen b935ab8b6a
Updated log 2019-07-16 13:23:00 +02:00
Michael Boelen a2c57e0b75
Added missing 'then' 2019-07-16 13:21:32 +02:00
Michael Boelen fa8bad20db
Use -n instead of ! -z 2019-07-16 13:20:30 +02:00
Michael Boelen 2777caf6d2
Updated log 2019-07-16 13:13:35 +02:00
Michael Boelen 3213cadd5a
Added new tests INSE-8318 and INSE-8320 2019-07-16 13:13:25 +02:00
Michael Boelen a12aaa2d3a
Added quotes 2019-07-16 13:13:15 +02:00
Michael Boelen 2e192788bb
Added new tests INSE-8318 and INSE-8320 2019-07-16 13:12:17 +02:00
Michael Boelen 95db1dc145
Updated log 2019-07-15 20:05:08 +02:00
Michael Boelen 27b2a4dc7a
Renamed STRG-1840 and STRG-1842 2019-07-15 20:04:59 +02:00
Michael Boelen f8564f2923
[STRG-1840] renamed to USB-1000 2019-07-15 20:04:38 +02:00
Michael Boelen 52610e1abe
[STRG-1842] renamed to USB-2000 2019-07-15 20:00:14 +02:00
Michael Boelen 7ec81715aa
Minor cleanup 2019-07-15 19:57:23 +02:00
Michael Boelen 08cbc6fe2e
Merge pull request #680 from Capashenn/patch_12 
fix issue #610 STRG-1842
 2019-07-15 19:53:33 +02:00
Michael Boelen b1937029fe
Updated log 2019-07-15 19:39:14 +02:00
Michael Boelen 455fc26bf7
Small code enhancements 2019-07-15 19:39:04 +02:00
Michael Boelen 2e7c6c7816
[FINT-4328] correct text in log 2019-07-15 19:34:37 +02:00
Michael Boelen 0d21ba5e52
Updated log 2019-07-15 19:12:46 +02:00
Michael Boelen 07185a0ac2
Updated with missing entries and minor changes 2019-07-15 19:12:37 +02:00
Michael Boelen c1cf106d03
Show location for Lynis package and new documentation 2019-07-15 19:05:57 +02:00
Michael Boelen c31a1318e2
Merge pull request #728 from Marzal/docu 
Improve help info with missing data
 2019-07-15 18:55:33 +02:00
Michael Boelen 7728213ac4
Merge branch 'master' into docu 2019-07-15 18:55:10 +02:00
Michael Boelen 5cc5ecf534
Updated log 2019-07-14 15:13:02 +02:00
Michael Boelen c074c81897
Initial work on GetReportData function 2019-07-14 15:12:25 +02:00
Michael Boelen ced78b52b0
Small markup changes 2019-07-14 15:11:45 +02:00
Michael Boelen 591bc05f4d
[SSH-7408] changed text in suggestion and report 2019-07-14 14:43:35 +02:00
Michael Boelen 5fdd00783e
Updated log 2019-07-14 13:41:02 +02:00
Michael Boelen dbc6f9bc4c
[SCHD-7702] removed hardening points 2019-07-14 13:40:55 +02:00
Michael Boelen c179a0e563
Updated log 2019-07-14 13:36:56 +02:00
Michael Boelen b025b3301a
Define relative or absolute path, depending on directory/file or being a binary 2019-07-14 13:36:45 +02:00
Michael Boelen 1df9630bcf
Merge pull request #676 from Capashenn/patch_8 
fix issue #659
 2019-07-14 13:30:16 +02:00
Michael Boelen 4b68c22f30
Use relative paths 2019-07-14 13:27:08 +02:00
David 8400849c58
Add missing commands to show command helper 
configure,generate,update,upload-only
 2019-07-14 13:26:03 +02:00
Michael Boelen 9ebddf0e0c
Merge pull request #675 from Capashenn/patch_7 
fix issues #666 #667
 2019-07-14 13:21:40 +02:00
Michael Boelen ea67b779c7
Updated log 2019-07-14 13:19:18 +02:00
Michael Boelen 7d33b59b0c
Added tests 2019-07-14 13:19:11 +02:00
Michael Boelen ceb9ea193d
Renamed INSE-8342 to INSE-8304 2019-07-14 13:16:48 +02:00
Michael Boelen 93e311e52e
Added INSE-8314 and INSE-8316 for NIS client and server 2019-07-14 13:13:02 +02:00
Michael Boelen 819f310750
Updated log 2019-07-14 13:06:53 +02:00
Michael Boelen 3f04235353
[INSE-8116] added rsync service 2019-07-14 13:06:23 +02:00