tyler.durden
/
lynis
mirror of https://github.com/CISOfy/lynis.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
423 Commits 2 Branches 61 Tags 16 MiB
Commit Graph

281 Commits

Author SHA1 Message Date
mboelen 92660aec3c Added comments 2014-12-03 14:11:38 +01:00
mboelen 358ea148ca Added additional virtualization detection for NetBSD and OpenBSD 2014-12-03 14:10:52 +01:00
mboelen 9a8ea8584a Updated copyright line 2014-12-03 14:10:22 +01:00
mboelen f60b00e6f0 Added dpkg binary 2014-12-02 21:38:51 +01:00
mboelen 89217d7ade Testing for service/job manager [BOOT-5104] 2014-12-02 13:55:06 +01:00
mboelen 2bdc4d7742 Fixed typo in report 2014-12-02 13:54:13 +01:00
mboelen 98abf325e4 Cleaning up code a little bit 2014-11-29 16:25:18 +01:00
mboelen b25fa10b1d Do not check for klogd when systemd-journal is being used 2014-11-29 16:23:52 +01:00
mboelen 19cf98dd82 Show if compliance tests have been performed in report output 2014-11-29 16:22:59 +01:00
mboelen 376b37f250 Added proper check for smtpctl binary 2014-11-29 16:22:36 +01:00
mboelen 9beee9a514 Added smtpctl for OpenSMTPD 2014-11-29 16:21:49 +01:00
mboelen 68234525a3 New variables 2014-11-29 16:21:13 +01:00
mboelen 33720a54ac Check for OpenSMTPD on all platforms, but only if smtpctl is found 2014-11-29 16:20:20 +01:00
mboelen 36c9f435f7 Added initctl, launchctl, nft binaries and textual improvements 2014-11-28 23:51:16 +01:00
mboelen 87994330f1 Added test for systemd journal daemon [LOGG-2136] 2014-11-28 23:50:07 +01:00
mboelen f826a4f63f Added Progress function, --progress to Register function and docker detection 2014-11-25 14:22:52 +01:00
mboelen ccf849f214 Properly log as binary 2014-11-25 14:21:23 +01:00
mboelen b9c7a2857e Changed links 2014-11-25 14:20:45 +01:00
mboelen 76a6d1a263 Added --manpage and --dumpoptions 2014-11-14 16:15:35 +01:00
mboelen 2938a2d5af GRUB2 password protection test 2014-11-13 00:58:11 +01:00
mboelen f50595d4e2 Show only unique files for deleted files [LOGG-2190] 2014-11-13 00:57:36 +01:00
mboelen 64d3464543 Use ReportException function 2014-11-11 19:03:57 +01:00
mboelen 16eab10590 Check for rootsh binary 2014-11-04 14:17:18 +01:00
mboelen a1d8ee1e13 Changes to uptime calculation for OpenBSD 2014-11-04 02:23:43 +01:00
mboelen 160f727709 Try to use OpenSSL for SHA1 related functions if sha1/sha1sum are not present 2014-11-04 02:08:56 +01:00
mboelen 6eedbdd176 Do not run Apache test on OpenBSD and strip control chars [HTTP-6624] 2014-11-04 02:08:29 +01:00
mboelen dcef76d250 Allow OpenBSD boot loader test for all platforms 2014-11-04 01:36:56 +01:00
mboelen 525c430d84 Minor improvements to Shellshock test 2014-11-04 01:34:14 +01:00
mboelen 5439083b4e Added uptime detection for OpenBSD systems [BOOT-5202] 2014-11-04 01:04:28 +01:00
mboelen 3609da194a Properly parse PAM lines and add them to report [AUTH-9264] 2014-11-04 00:42:37 +01:00
mboelen 28b31b95c8 Add OpenBSD support to gather UDP/TCP ports which listen on network 2014-11-04 00:30:08 +01:00
mboelen 0a3482b968 OpenBSD support for boot loader detection 2014-11-04 00:29:44 +01:00
mboelen 9f1f006005 Check if Linux config file is set, before executing other tests 2014-10-30 18:09:47 +01:00
mboelen c8189d05e8 Improvements for file systems, with focus on ext2, ext3 and ext4 2014-10-30 18:09:03 +01:00
mboelen 183be1a45a Log license key to report 2014-10-30 13:05:06 +01:00
mboelen 4dfcce354c Don't show error when file system can not be opened by tune2fs 2014-10-29 23:07:59 +01:00
mboelen e176c0028a Added getcap binary check 2014-10-27 23:11:37 +01:00
mboelen ca6c6d14fb Small changes in naming, added binary paths to report file 2014-10-27 23:10:28 +01:00
mboelen 77e2705eb7 Perform configuration integrity test for AIDE 2014-10-27 00:28:28 +01:00
mboelen 46de3f8d99 Hide RPM related database errors, show suggestion instead 2014-10-26 23:33:26 +01:00
mboelen 410861f4df Added AIX support for volume groups 2014-10-26 23:33:08 +01:00
mboelen 16b25ceda3 Added lsvg detection 2014-10-26 23:32:51 +01:00
mboelen f465da5351 Small adjustment to avoid getting error when no files are in APT sources.list.d directory 2014-10-24 01:23:35 +02:00
mboelen 6f6d51a11a Minor textual changes 2014-10-23 23:06:46 +02:00
mboelen 75c2d0ab15 Changed qdaemon test 2014-10-21 00:03:42 +02:00
mboelen 067360db1b Improved qdaemon printer detection 2014-10-19 12:43:15 +02:00
mboelen 8bf76a9a0f Improved Shellshock test by searching for bash via which if /etc/shell is not present 2014-10-19 12:39:37 +02:00
mboelen 47b2a7df33 Redirect errors when searching for readlink binary 2014-10-19 12:30:26 +02:00
mboelen 84c51eead7 Boot loader detection for AIX [BOOT-5102] 2014-10-19 12:25:40 +02:00
mboelen 1e624d5f2e Improved text 2014-10-14 10:54:02 +02:00
mboelen bd5c9ddd7b Textual improvement on screen for Apache configuration test 2014-10-14 10:40:00 +02:00
mboelen d6dbbeedb5 Added warning when GLSA finds security updates 2014-10-14 10:39:34 +02:00
mboelen a6f50356d9 Added new tests 2014-10-14 10:03:54 +02:00
mboelen 4fa5139bfa Improve function to search for kernels on disk and checking results 2014-10-14 10:03:29 +02:00
mboelen f5399981c2 When searching for a swap partition in /etd/fstab, use sw as search string, instead of matching sw or swap 2014-10-14 10:02:41 +02:00
mboelen 1f032c767f Directories will be skipped when searching for nginx log files 2014-10-14 10:01:46 +02:00
mboelen b31a6c4659 Textual changes 2014-10-13 22:39:16 +02:00
mboelen 381fbf25d0 Escaping --security option as string search 2014-10-13 20:47:42 +02:00
mboelen 20815d8133 Changed typo cly.py to cli.py 2014-10-13 20:45:43 +02:00
mboelen 19fd348249 Changed typo cly.py to cli.py 2014-10-13 20:43:46 +02:00
mboelen 5e840367ca Test for built-in security measures in YUM [PKGS-7386] 2014-10-13 20:36:09 +02:00
mboelen 34b177547f Added better text for discovered directories which have symlink 2014-10-13 20:35:14 +02:00
mboelen 5ac6812ba5 Skip directory if it has already been found, or its symlink 2014-10-13 20:07:19 +02:00
mboelen 8454ac7baf Set temporary readlink function if binary scan is not finished yet 2014-10-13 19:57:15 +02:00
mboelen a68b226d3a Added BINARY_SCAN_FINISHED 2014-10-13 19:56:44 +02:00
mboelen 3b7e1a63ae Mark when binary scan is complete 2014-10-13 19:55:49 +02:00
mboelen badd27ac7e Added additional debug information for symlink function 2014-10-13 19:51:20 +02:00
mboelen 6f893ea3b4 Improved symlink detection and reporting 2014-10-13 19:45:14 +02:00
mboelen ebdee5b0d2 Altered symlink function, message display, small cleanups 2014-10-13 19:36:36 +02:00
mboelen 0378677ea9 Cleanup of test and properly show status of timedated [TIME-3104] 2014-10-13 19:19:40 +02:00
mboelen f7bcf60640 Changed copyright line 2014-10-13 10:43:37 +02:00
mboelen 7797c32d76 Only extract unique name servers [NAME-2704] 2014-10-13 10:42:07 +02:00
d4t4king fab2ea5e5e Minor tweak to glsa-check to show '0' when all tests are compliant 2014-10-13 00:19:59 -07:00
mboelen 2bf7e35bf2 Added missing -f for GRUB2 bootloader test [BOOT-5121] 2014-10-09 00:41:06 +02:00
d4t4king 111097506f Tweaked nginx protocol check so it actually works. Added insecure protocol detection. 2014-10-08 22:04:29 +00:00
mboelen 3d0fb8d529 Improved boot loader detection for Grub2 [BOOT-5121] 2014-10-06 21:27:23 +02:00
mboelen 81d910c050 When searching for bash shell, skip comment lines and only take first hit (e.g. Fedora has multiple hits) [SHLL-6290] 2014-10-06 20:57:56 +02:00
mboelen 74f7cfec84 Added Shellshock test improvements 2014-10-06 13:41:55 +02:00
d4t4king ef6de1eddc Added shellshocker checks. 2014-10-06 11:49:20 +02:00
mboelen ac2b2fc548 Added new test to determine if Snoopy is used [ACCT-9636] 2014-10-06 11:30:15 +02:00
mboelen ebe29bc148 Log discovered pam_modules to report 2014-10-06 11:29:31 +02:00
mboelen aeddf84aed Added SSH without-password option for PermitRootLogin 2014-10-06 11:29:04 +02:00
mboelen f3a7921a3d Improved ShowSymlinkPath function and optimized FileIsReadable function 2014-10-03 19:16:13 +02:00
mboelen 616209560f Use quiet mode when checking emerge-webrsync 2014-09-25 19:10:58 +02:00
mboelen c5ce09af9f Added ClamXav test 2014-09-25 19:08:47 +02:00
mboelen ab71616900 Added Mac OS uptime test [BOOT-5202] 2014-09-25 19:00:36 +02:00
mboelen 348d024dd4 Set found status when a possible match for boot loader has been found 2014-09-25 17:57:59 +02:00
mboelen 9067551508 Improved GetHostID if only ip binary is available 2014-09-25 17:57:25 +02:00
mboelen 27973d5c18 Adjust text and GRUB2 check to work properly 2014-09-25 17:51:08 +02:00
mboelen 08f77d2531 Added GRUB2 detection on empty /boot 2014-09-25 17:47:23 +02:00
mboelen f0292d3653 Missing binary in variable 2014-09-25 17:47:05 +02:00
mboelen 6f321b6a08 Added grub2-install 2014-09-25 17:42:57 +02:00
mboelen e209b1046b Changed addresses 2014-09-25 17:32:50 +02:00
mboelen 0dd484f22e Extended logging 2014-09-25 17:00:31 +02:00
mboelen b36be2f82c Missing -eq statement 2014-09-25 16:55:47 +02:00
mboelen a0f0e895eb Minor code adjustments 2014-09-25 16:55:23 +02:00
mboelen 7f7d869ae5 Improvements to kernel detection (e.g. Gentoo) [KRNL-5830] 2014-09-25 16:55:02 +02:00
mboelen 10dc6d3930 Added privileged mode 2014-09-25 11:25:07 +02:00
mboelen 17a6aa3691 Improved detection of mod_evasive 2014-09-23 23:27:01 +02:00
mboelen c257882a24 Improved log output for CheckItem function 2014-09-23 23:26:34 +02:00
mboelen 6dbeb9f6cb Gentoo updates to gather packages and test for vulnerabilities 2014-09-23 22:54:38 +02:00
mboelen e9557423cc Gentoo updates to gather packages and test for vulnerabilities 2014-09-23 22:48:20 +02:00
mboelen 6fbcf20c96 Added new tests for pacman based systems 2014-09-22 23:40:53 +02:00
mboelen 47cfff0e16 Improvements to boot loader tests 2014-09-22 23:39:31 +02:00
mboelen 2006838144 Added drill binary to list to determine latest version 2014-09-22 04:07:46 +02:00
mboelen 595f84ae45 Altered /boot/config.gz into /proc/config.gz as target 2014-09-22 03:46:13 +02:00
mboelen ad4a4cc1a5 Proper sort kernel versions on disk for test KERN-5830 2014-09-22 00:57:34 +02:00
mboelen f3f829c7bc Adjusted logging 2014-09-21 13:05:14 +02:00
mboelen 98a68c52ef Added /usr/libexec/apache as search location for Mac OS 2014-09-21 13:03:40 +02:00
mboelen 911a5e88f6 Mac OS improvement for test NETW-3012 2014-09-21 13:01:29 +02:00
mboelen 116b1eab97 Added support for Mac OS to gather information 2014-09-21 12:58:08 +02:00
mboelen b0e739a15d Support /boot/vmlinuz-linux for Arch systems to determine kernel version 2014-09-19 17:55:00 +02:00
mboelen 74fc711965 Removed unneeded exception line 2014-09-19 16:46:35 +02:00
mboelen 40f210ae74 Added detection for machine ID 2014-09-19 16:44:22 +02:00
mboelen d99dbc7406 Added detection for machine ID 2014-09-19 16:43:20 +02:00
mboelen f5dcb5e7f1 Added usage of ip to NETW-3006 and NETW-3008 2014-09-19 16:28:53 +02:00
mboelen 1b881ec957 Added ss binary 2014-09-19 16:20:24 +02:00
mboelen 475b6c3799 Added usage of ss to gather listening ports in NETW-3012 2014-09-19 16:18:09 +02:00
mboelen 94efdd0af1 Check if ifconfig exists before using it in tests (e.g. Arch Linux) 2014-09-19 11:45:19 +02:00
mboelen d3d630258f Added extra permission to CUPS test 2014-09-19 11:44:43 +02:00
mboelen e12b95ba88 Added support for /boot/config.gz file 2014-09-19 02:23:07 +02:00
mboelen 1267f89e5b Added zgrep detection 2014-09-19 02:14:16 +02:00
mboelen 2530256d85 Small textual replacements for logging purposes 2014-09-19 02:02:22 +02:00
mboelen fb52ee9239 Added more extensions for virtual machine detection 2014-09-19 01:55:55 +02:00
mboelen fb53e586fe Added /proc/modules as dependency to KRNL-5723 and KRNL-5726 2014-09-19 01:46:40 +02:00
mboelen bba133afbb Generic code enhancements 2014-09-19 01:19:07 +02:00
mboelen 6b7362cefd Generic code enhancements 2014-09-19 01:17:05 +02:00
mboelen 805cdf6bf5 Generic code enhancements 2014-09-19 01:10:43 +02:00
mboelen cac6a8e438 Generic code enhancements 2014-09-19 01:07:34 +02:00
mboelen 94387348f0 Generic code enhancements 2014-09-19 00:56:51 +02:00
mboelen a145b0091a Code cleanup 2014-09-19 00:35:24 +02:00
mboelen 8a637d588b Better logging of kernel IO scheduler 2014-09-19 00:12:04 +02:00
mboelen 1ed24265e3 Adjusted normal user ID detection and added exception for currently unsupported operating systems 2014-09-18 23:56:16 +02:00
mboelen 28fc31fdaf Remove carriage return of SSH version output 2014-09-18 23:42:35 +02:00
mboelen d4b445c316 Check Linux kernel version and properly display short version 2014-09-18 22:22:11 +02:00
mboelen c4aad72201 Improved reboot check to support Linux in general [KRNL-5830] 2014-09-18 22:20:15 +02:00
mboelen f69fc779c2 Added SaltStack tooling 2014-09-18 11:06:29 +02:00
mboelen 1915bd884e Added SaltStack tooling 2014-09-18 11:04:22 +02:00
mboelen 5b0944057b Added FileIsEmpty function and small adjustments to other functions 2014-09-17 09:59:18 +02:00
mboelen c9fde8c2d1 Code cleanup and small enhancements 2014-09-15 12:01:09 +02:00
mboelen 35d32fb5e4 Add pre-test before running test [PKGS-7388] 2014-09-15 11:17:26 +02:00
mboelen bce234fa00 Removed warnings, updated changelog 2014-09-15 10:52:06 +02:00
mboelen 3cc696edfc Adjusted suggestion call for [FILE-6354] 2014-09-15 10:42:11 +02:00
mboelen 59ad28795e Extended telnet in inetd test [INSE-8016] 2014-09-15 10:38:13 +02:00
mboelen f5f0f02777 Prevent false positive between inetd and xinetd 2014-09-15 10:32:36 +02:00
mboelen 8a9abeb81f Updated log 2014-09-12 17:24:29 +02:00
mboelen 83f4fb9ff4 Set default binary for ps variable 2014-09-12 17:04:27 +02:00
mboelen 97e0dc9e30 Added ShowSymlinkPath function 2014-09-12 15:33:28 +02:00
mboelen 4287a6f1e9 Added proper description for zvm 2014-09-12 15:19:43 +02:00
mboelen 8dc9b2080d Removed individual warnings for BOOT-5184 2014-09-12 14:58:43 +02:00