tyler.durden
/
lynis
mirror of https://github.com/CISOfy/lynis.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
1,043 Commits 2 Branches 61 Tags 16 MiB
Commit Graph

1043 Commits

Author SHA1 Message Date
mboelen 5e587adf8a Change ntp_falseticker in report, added ntp_unreliable_peer 2016-04-28 08:51:43 +02:00
mboelen 1e0ca25405 Update log 2016-04-27 16:51:25 +02:00
mboelen f109c318d9 Detect when weak protocols are used, simplify nginx test 2016-04-27 16:51:12 +02:00
mboelen 1825d91c85 [HTTP-6710] Show suggestion when using a weak protocol 2016-04-27 16:37:32 +02:00
mboelen eb0206198a [HTTP-6710] Show SSLv3 as weak protocol 2016-04-27 16:36:24 +02:00
mboelen d6fa2bbd4c Initial import of developer profile, to be used like: lynis audit system --profile developer.prf 2016-04-27 16:18:46 +02:00
mboelen 7c4099a7da Call WaitForKeypress from wait_for_keypress, and report this old function when called to developers 2016-04-27 16:14:22 +02:00
mboelen f4691536ee Add nginx ssl_protocol values to report, minor adjustments to ReportDetails function 2016-04-27 16:09:29 +02:00
mboelen 2cab82f71f Replaced logtext and report with proper functions 2016-04-27 15:37:07 +02:00
mboelen b453190cd7 Added firewall_software[] to report 2016-04-27 10:52:45 +02:00
mboelen 84d619852a [PROC-3612] Removed wchan from output to solve issue with grsecurity-enabled kernel 2016-04-27 10:30:40 +02:00
mboelen 24e5e75611 Updated log 2016-04-26 21:27:58 +02:00
mboelen 6a4287bd64 Proper reference to IsDeveloperMode 2016-04-26 21:25:14 +02:00
mboelen b6884dfda3 Add file permission and ownership tests for cronjobs 2016-04-26 21:21:15 +02:00
mboelen c98b37955c Added IsOwnedByRoot function 2016-04-26 21:20:37 +02:00
mboelen 098a2e3760 Added istat binary 2016-04-26 21:20:17 +02:00
mboelen e20404c60b Add test for world-writable cronjobs 2016-04-26 14:06:27 +02:00
mboelen 7b33ead897 Adding aliases and optimization for value testing 2016-04-26 14:05:56 +02:00
mboelen 216611259e Optimize IsWorldWritable function, with additional debugging data for developers 2016-04-26 13:52:26 +02:00
mboelen 812a0ea270 Added developer-mode option for profiles 2016-04-26 13:51:54 +02:00
mboelen 55799a524c Added developer mode (--developer) 2016-04-26 13:40:21 +02:00
mboelen 2cefdb79d6 Log when a file is world-writable according IsWorldWritable 2016-04-26 13:34:17 +02:00
mboelen 4791b8a6bf Add scheduler[] and minor cleanups 2016-04-26 13:05:17 +02:00
mboelen 448fd65e31 Remove tab 2016-04-26 13:00:41 +02:00
mboelen 705e2444ee [SCHD-7702] Added test to check cron daemon status 2016-04-26 12:58:17 +02:00
mboelen ea9c40a36c Changed text to avoid showing up as a suggestion 2016-04-25 20:48:21 +02:00
mboelen 6143e7ed83 Updated bash completion script 2016-04-25 20:04:44 +02:00
mboelen ee7b5f87bb [BANN-7119/BANN-7122] Disabled tests 2016-04-25 20:04:23 +02:00
mboelen 7878fad617 Removed --config option in favor of lynis show profiles 2016-04-25 20:04:00 +02:00
mboelen 4dcb9eccff Allow skipping of plugins with --skip-plugins or skip-plugins 2016-04-25 16:00:10 +02:00
mboelen e5790dc8c6 Added: lynis show tests skipped (skipped tests) 2016-04-25 15:49:45 +02:00
mboelen 021fd8a98c Reduce debugging for PAM plugin 2016-04-25 15:49:21 +02:00
mboelen ba0381a775 Lowercase all tests when using them in comparisons 2016-04-25 15:49:00 +02:00
mboelen c02ab08b50 Set quiet and quickmode when using --show-warnings-only or show-warnings-only 2016-04-25 11:51:37 +02:00
mboelen bedadd9cd1 Do not show text on screen in quiet mode 2016-04-25 11:13:27 +02:00
mboelen 22cb6d6523 Updated man page with new options 2016-04-25 11:10:39 +02:00
mboelen 2f07fa1d87 Allow show-warnings-only and --(show-)warnings-only option 2016-04-25 11:10:23 +02:00
mboelen 3e20c1e30b [KRNL-5788] Improvements for grsecurity kernels 2016-04-25 10:56:11 +02:00
mboelen 0f64d106b1 Changed supporting text for ReportManual function 2016-04-25 10:55:34 +02:00
mboelen eae8ef99a4 Exit with exit code 0 by default, unless error-on-warnings is being used 2016-04-25 10:18:09 +02:00
mboelen a3075d2e8f Added error-on-warnings 2016-04-25 10:17:14 +02:00
mboelen 32da184947 Add new hints to the database 2016-04-25 10:16:57 +02:00
Eric Light bcdca90942 Update KRNL-5788 for grsecurity (#178) 
* If grsec installed, build FINDKERNEL from uname -r

When running a grsecurity-patched custom kernel, the /vmlinuz link is often missing.  If this link is missing, and grsecurity is installed, then we can calculate the location of FINDKERNEL with the words "linux-image-", plus the output of "uname -r".

* Suggest manually checking kernel if grsec installed

We can't rely on the apt-cache output when running grsecurity.  This is because apt-cache can't tell us if we're running an up-to-date kernel, when it's a custom kernel with grsecurity.  Instead of confirming that the kernel is OK, we instead should remind the auditor to double-check themselves.
 2016-04-25 09:34:14 +02:00
Eric Light c0f86fef09 Minor reword ("latest" -> "latest installed") (#174) 2016-04-25 09:33:55 +02:00
mboelen 904da4d123 Allow additional profile with --profile 2016-04-23 17:55:32 +02:00
mboelen 7823cf60f5 Changed text when no auditor name is specified 2016-04-23 17:42:40 +02:00
mboelen b336304ae6 Identation of help text 2016-04-23 17:06:10 +02:00
mboelen 998e63535c Changed colors and text of default help 2016-04-23 17:00:42 +02:00
mboelen cdebe9dc06 Update date 2016-04-21 11:45:59 +02:00
mboelen 60a7abf877 [PKGS-7354] Test for DNF repoquery plugin before using it 2016-04-21 11:44:42 +02:00