tyler.durden
/
lynis
mirror of https://github.com/CISOfy/lynis.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
2,808 Commits 2 Branches 62 Tags 17 MiB
Commit Graph

285 Commits

Author SHA1 Message Date
Michael Boelen 76c3ea0edb
Fall back to echo if ECHOCMD is empty early during execution of program 2019-06-30 20:38:05 +02:00
Michael Boelen 08e8e59197
New function: SafeInput 2019-06-29 19:34:12 +02:00
Michael Boelen d0377c563d
Added TLSv1 as weak protocol (nginx) 2019-06-24 15:40:18 +02:00
Michael Boelen 2d0c684931
Added new 'generate' command 2019-04-13 13:26:56 +02:00
Michael Boelen fd8b1e790d
Improved PackageIsInstalled function and its usage 2019-04-08 15:09:18 +02:00
Michael Boelen 71a0c79053
Corrected stdout/stderr redirection for FreeBSD pkg tool 2019-04-08 07:53:04 +02:00
Michael Boelen 08ecd91180
Use ps instead of pgrep on AIX 2019-04-07 19:03:21 +02:00
Michael Boelen 1e134bc1b3
Extended function with more package managers 2019-04-07 15:52:52 +02:00
Michael Boelen 247eb7d9a6
Corrected if-statement 2019-04-03 12:46:03 +02:00
Michael Boelen 66066ae226
Changed year and preparing for new release 2019-01-31 14:47:35 +01:00
Michael Boelen 41d5d61a16
Removed non-compatible code (eg AIX) 2019-01-31 14:27:36 +01:00
Michael Boelen 750f55bd27
Minor changes and remarks regarding HostID 2019-01-14 11:13:37 +01:00
superpoussin22 2334bba492 avoid “can't shift that many” error (#571) 
got this error on debian auditing a docker file when testing an ubuntu Dockerfile when lynis try to find KEY_USED
 2018-09-06 07:48:40 +02:00
Michael Boelen 91c6314a1a
Minor cleanups 2018-08-27 14:51:28 +02:00
Michael Boelen 81ea5df3b3
Fix: extra operand error 2018-07-05 15:57:19 +02:00
Michael Boelen 65190d214c
Move reporting of hostid2 to main section to ensure it is added to report 2018-06-28 16:29:16 +02:00
Michael Boelen 40d6a853d5
Changed file permissions 2018-04-23 10:56:26 +02:00
John Eismeier c5dcbe8c31 Propose fix some typos (#538) 2018-04-23 10:54:44 +02:00
Michael Boelen f0ef7fb785
Initial version of PackageIsInstalled function 2018-02-19 15:01:26 +01:00
Michael Boelen 5e9253e8f4
Add host identifier options and use manual configured setting in function 2018-02-16 19:29:08 +01:00
Michael Boelen 1bf789861d
Add possibility to define an array of allowed operating systems for a test 2018-01-18 20:26:19 +01:00
Michael Boelen 503b2662c6
Implemented NetBSD patch: use correct syntax to compare values 2018-01-18 16:50:23 +01:00
Michael Boelen 8934042473
Code enhancements 2018-01-17 17:26:30 +01:00
mslifcak 25b3c4f1eb VBoxService running is another VirtualBox clue (#505) 2018-01-17 17:19:51 +01:00
Michael Boelen 00ad535c6b
Use different variable in for loop 2018-01-11 10:37:56 +01:00
Michael Boelen 66f8cb2441
Changed year 2018-01-11 09:50:26 +01:00
Michael Boelen c487bcb277
\-C flag of ps is different on BSD 2017-12-24 14:05:55 +01:00
Katarina Durechova 09de901d11 Check zero size of files correctly (#487) 
from man test:
-s FILE
    FILE exists and has a size greater than zero

-z STRING
    the length of STRING is zero
 2017-10-31 09:05:29 +01:00
Michael Boelen e5c11991ef
Code enhancements and textual change 2017-10-29 11:26:25 +01:00
Michael Boelen ebf16462a8
Improve IsRunning function to match full process names 2017-10-29 10:54:40 +01:00
Michael Boelen 9d238f6e78
Added HP-UX routine for GetHostID 2017-10-19 19:37:25 +02:00
Michael Boelen 499f7d5015
Improve process detection 2017-09-16 14:08:26 +02:00
FlorentCoppint ccf9db18f8 Improved IsRunning() process matching (#463) 2017-09-16 13:58:04 +02:00
Michael Boelen 2451029a6e
Allow for files with spaces 2017-09-06 12:55:56 +02:00
Bruno Vernay 6cf1c324f8 Support spaces in file names (#445) 
* Support spaces in file names

File names may contain spaces

* Fixed 2more cases
 2017-08-29 14:33:18 +02:00
Michael Boelen 358dc46b81
Ignore file access errors when trying to access them 2017-08-17 14:18:29 +02:00
Michael Boelen 4660362e74
Redirect errors like file permissions 2017-08-08 14:52:11 +02:00
Stéphane BARBARAY 9ca2d640b8 Enhanced detection for LXC and LXC over VM (#426) 
* Update functions

* Update functions

* Update tests_shells

* Update tests_shells

* Update IsVirtualMachine

extra check on /proc/1/environ existence + Log result
 2017-07-31 12:51:19 +02:00
mslifcak af60a2463a 250 fixes (#393) 
* restore use of lshw

* add ROOTDIR to restore lost PHP file ref

* refactor certificate search to benefit older "find" command
 2017-05-23 14:56:25 +02:00
Michael Boelen 4ecb9d4d05
[bulk change] cleaning up, code enhancements, initialization of variables, and new tests 2017-04-30 17:59:35 +02:00
Michael Boelen 2340e7bbbc
Added HasData and IsEmpty function 2017-04-23 20:19:18 +02:00
Michael Boelen 7d17bfbbd7 Escape file when needed to test if it is readable 2017-03-13 11:57:23 +01:00
Michael Boelen 88b37d16ca Added FileInstalledByPackage function 2017-03-12 16:36:02 +01:00
hlein 62d9a18861 A bunch of Solaris compatibility tweaks (#367) 
* Work around Solaris' /bin/sh not being POSIX.

If /usr/xpg4/bin/sh is present, we are (definitely?) on Solaris or
a derivative, and /bin/sh cannot be trusted to support POSIX, but
/usr/xpg4/bin/sh can be.  Exec it right away.

* Work around Solaris 'which' command oddity.

Solaris' (at least) 'which' command outputs not-found errors to STDOUT
instead of STDERR.

This makes "did we get any output from which" checks insufficient;
piping to grep -v the "no foo in ..." message should work.

Note that this patch set includes all such uses of which that I could
find, including ones that should never be reached on Solaris (i.e. only
executed on some other OS) just for consistency.

* Improved alternate-sh exec to avoid looping.

* Solaris' /usr/ucb/echo supports -n.

* Check for the best hash type that openssl supports.

When using openssl to generate hashes, do not assume it supports
sha256; try that, then sha1, then give up and use md5.

* Solaris does not support sed -i; use a tempfile.

* Use the full path for modinfo.

When running as non-root, /usr/sbin/ might not be in PATH.
include/tests_accounting already calls modinfo by full path, but
include/tests_kernel did not.

* Solaris find does not support -maxdepth.

This mirrors the logic already in tests_homedirs.

* Use PSBINARY instead of ps.

* Work around Solaris' date not supporting +%s.

Printing nawk's srand value is a bizarre but apparently once popular
workaround for there being no normal userland command to print
UNIX epoch seconds.  A perl one-liner is the other common approach,
but nawk may be more reliably present on Solaris than perl.

* Revert to using sha1 for HOSTID.

* Whitespace cleanup for openssl hash tests.
 2017-03-08 16:24:24 +00:00
hlein e054e9757c Lots of cleanups (#366) 
* Description fix: SafePerms works on files not dirs.

All uses of SafePerms are on files (and indeed, it would reject
directories which would have +x set).

* Lots of whitespace cleanups.

Enforce everywhere(?) the same indentations for if/fi blocks.
The standard for the Lynis codebase is 4 spaces.  But sometimes
it's 1, sometimes 3, sometimes 8.

These patches standardize all(?) if blocks but _not_ else's (which
are usually indented 2, but sometimes zero); I was too lazy to
identify those (see below).

This diff is giant, but should not change code behavior at all;
diff -w shows no changes apart from whitespace.

FWIW I identified instances to check by using:

  perl -ne 'if ($oldfile ne $ARGV) { $.=1; $oldfile=$ARGV; }; chomp; if ($spaces) { next unless /^( *)([^ ]+)/; $newspaces=length($1); $firsttok = $2; next unless defined($firsttok); $offset = ($firsttok eq "elif" ? 0 : 4); if ($newspaces != $spaces + $offset) { print "$ARGV:$ifline\n$ARGV:$.:$_\n\n" }; $ifline=""; $spaces="";  } if (/^( *)if (?!.*[; ]fi)/) { $ifline = "$.:$_"; $spaces = length($1); }' $(find . -type f -print0 | xargs -0 file | egrep shell | cut -d: -f1)

Which produced output like:

  ./extras/build-lynis.sh:217:            if [ ${VERSION_IN_SPECFILE} = "" -o ! "${VERSION_IN_SPECFILE}" = "${LYNIS_VERSION}" ]; then
  ./extras/build-lynis.sh:218:               echo "[X] Version in specfile is outdated"

  ./plugins/plugin_pam_phase1:69:        if [ -d ${PAM_DIRECTORY} ]; then
  ./plugins/plugin_pam_phase1:70:                LogText "Result: /etc/pam.d exists"

...There's probably formal shellscript-beautification tools that
I'm oblivious about.

* More whitespace standardization.

* Fix a syntax error.

This looks like an if [ foo -o bar ]; was converted to if .. elif,
but incompletely.

* Add whitespace before closing ].

Without it, the shell thinks the ] is part of the last string, and
emits warnings like:

  .../lynis/include/tests_authentication: line 1028: [: missing `]'
 2017-03-07 19:23:08 +00:00
hlein b595cc0fb5 Various cleanups (#363) 
* Typo fix.

* Style change: always use $(), never ``.

The Lynis code already mostly used $(), but backticks were sprinkled
around.  Converted all of them.

* Lots of minor spelling/typo fixes.

FWIW these were found with:

  find . -type f -print0 | xargs -0 cat | aspell list | sort -u | egrep '^[a-z]+$' | less

And then reviewing the list to pick out things that looked like
misspelled words as opposed to variables, etc., and then manual
inspection of context to determine the intention.
 2017-03-06 07:41:21 +00:00
Michael Boelen 44f5209cb9 Add description of CheckItem 2017-03-05 15:12:01 +01:00
Michael Boelen 34ba1ba184 Changed date and preparing for release 2017-02-09 13:35:40 +01:00
Michael Boelen ed45fe7b29 Use the data from machine ID when no SSH keys are available 2017-01-28 12:11:38 +01:00
Michael Boelen 670b18b6f5 Strip out any comments at end of nginx configuration lines 2017-01-27 14:36:55 +01:00
Andres Gomez Casanova 145e1164be Variable name in reportWarning function (#342) 
* Variable name

* Update functions

* Update functions
 2017-01-16 11:03:07 +00:00
Michael Boelen aadd58e6a6 Allow option to configure host IDs via profile 2016-12-02 13:19:29 +01:00
Michael Boelen f16325ff55 Only show non-privileged tests that were skipped if they are applicable to our platform 2016-11-19 15:38:32 +01:00
Zach Crownover 659d3e42c5 Improve DragonFly support (#329) 
* Update facter location for BSDs

BSDs tend to place third party binaries in /usr/local rather than /usr

* Add support for DragonFly boot loader detection

DragonFly BSD has the same file paths for the bootloader as FreeBSD

* Add kernel module checking for DragonFly

DragonFly BSD checks kernel modules the same way as FreeBSD

* Add DragonFly check for login shells

DragonFly's login files are the same as FreeBSD's

* Add HAMMER PFS Detection

All PFS mounts in HAMMER systems for DragonFly will be detected now
 2016-11-19 12:39:57 +00:00
Justin P 50b06efd30 macOS Refactoring (#311) 
* Default all macOS `OS` names as macOS. Added comments to specify `uname` outputs for better understanding.

* Refactored all `Mac` instances referring to macOS over to `macOS` formatting.

Tested on my own machine, unable to find any errors outside of normal parameters.
 2016-11-05 11:53:22 +01:00
Michael Boelen 1641f4c88f Use machine ID if we have no suitable other string yet 2016-10-17 17:16:36 +02:00
Michael Boelen 404bd9ad4c Correct path to cgroup file 2016-10-16 15:51:30 +02:00
Michael Boelen 27054e2f2e Improve logging for non-privileged users 2016-10-16 15:29:50 +02:00
Michael Boelen d0eae6480d Support for Docker container detection 2016-10-16 15:13:04 +02:00
Michael Boelen c87e423196 Added HOSTID2 for macOS platform 2016-10-14 08:49:00 +02:00
alobodzinski 639c5adc72 Fixed cut-and-paste error (#265) 2016-08-29 19:31:06 +02:00
Michael Boelen fdf3ded89f New command 'lynis show details' to display test details 2016-08-26 14:05:20 +02:00
Michael Boelen c11f7fc1ce Do not show update message when using 'show' helper 2016-08-23 20:21:26 +02:00
Michael Boelen 0dab1e9308 Allow multiple level of includes 2016-08-16 08:36:42 +02:00
Michael Boelen 4b96452dab Clean out unneeded file 2016-08-16 08:11:51 +02:00
Michael Boelen c730a3185e Add StoreNginxSettings function to store parsed nginx configuration 2016-08-16 08:07:08 +02:00
Michael Boelen e06db1477d Add notebook hardware detection 2016-08-13 16:38:07 +02:00
Michael Boelen d5a5cc3173 Allow logging a custom reason to skip a test 2016-08-13 10:16:15 +02:00
Michael Boelen 300ab03abc Improved SearchItem function and allow masking of sensitive details 2016-08-11 19:52:15 +02:00
Michael Boelen fa8826f59a Corrected text 2016-08-11 19:29:57 +02:00
Michael Boelen e78e7801ab Allow ExitFatal with text and test for input file on other tests 2016-08-11 19:03:01 +02:00
Michael Boelen bba7cfe200 Add return value to SearchItem() function 2016-08-11 18:46:17 +02:00
Michael Boelen 4f72cdf711 Mark VM type as OpenStack 2016-08-11 10:01:57 +02:00
Liao Tonglang b1c432c3e0 Make IsVirtualMachine detect centos6.8 on openstack (#258) 
These function made mistake in centos 6.8 virtual machine. Only dmicecode work
on these environment and it return Openstack Nova. A openstack case is needed
in codes that check $SHORT codes.
 2016-08-11 09:41:07 +02:00
Michael Boelen 3c46482a9e Readability and style improvements 2016-07-31 21:20:38 +02:00
Michael Boelen 9874530615 Override reading of files when we are root 2016-07-31 21:18:56 +02:00
Michael Boelen 9ae1aa749d Properly replace setting gathered from profiles 2016-07-31 17:18:36 +02:00
Michael Boelen 8ee6cb42a3 DisplayError can now use an optional exit code to quit the program 2016-07-31 11:46:41 +02:00
Liao Tonglang 3fdb949152 Fix description of CheckFilePermissions (#243) 
* Fix description of CheckFilePermissions 

"Adds a system to a group, which can be used for categorizing" should belong to 
AddSystemGroup but not CheckFilePermissions

* make description of IsVirtualMachine right

"Check if a specific item exists in the report" should no be the description of IsVirtualMachien, change it.
 2016-07-30 12:08:43 +02:00
Michael Boelen 22f99ede81 Check for number or arguments on ReportSuggestion and ReportWarning 2016-07-28 11:06:46 +02:00
Michael Boelen f9a4348f10 Uppercase tests: detect them properly as atomic tests. 2016-07-26 16:01:38 +02:00
atao60 0b5b4a47a3 Display function creates wrong indentation of result column (#237) 2016-07-26 15:00:05 +02:00
Michael Boelen 2f4c854ba7 Rename of categories, introduction of groups 2016-07-24 17:22:00 +02:00
Michael Boelen 9a2dcc9dec Add DisplayError for showing errors on screen 2016-07-24 13:11:32 +02:00
Michael Boelen 65eaeb7ce9 Add header as color 2016-07-24 13:05:36 +02:00
Michael Boelen c1d351fe32 Add bold as color 2016-07-24 11:43:18 +02:00
Michael Boelen 7f25a1f00e Remove colors properly with one function (contribution: Mike Slifcak at Pindrop 2016-07-18 19:58:32 +02:00
n[oO]ne 8aeba9fa3d fix: Test names are different. (#228) 
After changes in 9aa5736 the test names are different. This results in something like BOOT-5122 = boot-5122 and skipped test aren't skipped anymore.
 2016-07-14 13:49:20 +02:00
Michael Boelen f9011c43e6 Exit cleanly when displaying categories 2016-07-13 11:12:31 +02:00
Michael Boelen c090e73ca1 Add blue colors for tips 2016-07-11 20:06:46 +02:00
Michael Boelen 52317de56c Set date of break lines to similar format as normal log entries 2016-07-11 10:32:00 +02:00
Michael Boelen f8bee58ade Implement tooltips 2016-07-05 18:18:54 +02:00
Michael Boelen 75786a1c80 Added DisplayToolTip 2016-07-05 17:25:19 +02:00
Michael Boelen 5778d4fa0d Add fuctions: AddSetting, DiscoverProfiles, ParseProfiles 2016-07-05 16:47:32 +02:00
Michael Boelen fbd24b585a Rename Maid to CleanUp 2016-07-05 12:16:49 +02:00
Michael Boelen a1ebc18a76 Don't override variables of ReportDetails functions on every parameter 2016-06-30 11:34:27 +02:00
Michael Boelen b553f01b2a Allow long lines of text by resetting number of spaces to 0 when needed 2016-06-18 11:14:50 +02:00
Michael Boelen 1be27c7b00 Added IsDeveloperVersion to detect if release is still under development 2016-06-18 09:28:53 +02:00
Michael Boelen 7725ce6cc8 Use a common date/time format for log entries 2016-05-25 21:36:12 +02:00
Michael Boelen 0d62613388 Store host IDv2 and detect utilities when no binaries scan has been done 2016-05-17 18:07:43 +02:00