tyler.durden
/
lynis
mirror of https://github.com/CISOfy/lynis.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
2,391 Commits 2 Branches 62 Tags 17 MiB
Commit Graph

2391 Commits

Author SHA1 Message Date
silentcreek 17f2e34660 [PKGS-7388] Fix false positive warning on missing security archive (#651) 
Currently the check for the security archive in Debian/Ubuntu fails, if
the archive is not hosted on security.{debian,ubuntu}.org and the URL
does have trailing slash, such as this:
  deb http://deb.debian.org/debian-security/ stretch/updates main

Change the regular expression to allow for a trailing slash in the URL
when filtering the package sources lists.

Signed-off-by: Timo Sigurdsson <public_timo.s@silentcreek.de>
 2019-03-07 10:03:11 +01:00
Jerry Park 89bf607498 Added Korean translation (#652) 
* Korean translation for ko-KR

Translation in Korean

* changed ko-KR to ko
 2019-03-07 10:01:02 +01:00
Michael Boelen 8888b01dcd
Store date and timestamp for EOL 2019-03-05 19:31:36 +01:00
Michael Boelen 32fc4a01b0
Corrected FreeBSD, added CentOS and OpenBSD 2019-03-05 19:31:11 +01:00
Michael Boelen 9b5ef7c80f
Updated log 2019-03-05 19:30:53 +01:00
jirib 0dafe4a02b better OpenBSD support (#641) 2019-03-05 19:03:44 +01:00
chr0mag 06bf77cb30 [FIRE-4540] Modify test to better measure rules (#636) 
This test was previously measuring the number of bytes (wc -c)
in the exported JSON which is likely not what was intended and
will lead to false positives anytime the number of bytes exceeds
16.

The export feature is poorly documented and requires the jansson
package on the target system to export as JSON - which may not
always be the case.

Lastly, 16 is an arbitrary and uncessarily high number. A simple
workstation firewall can have only 3 rules and be effective.

This commit makes use of 'nft list ruleset' instead of the export
command, strips out blank lines as well as table & chain headers
before measuring the number of lines in the output. Any result
with more than 3 rules is now considered non-empty. This is more
consistent with the equivalent iptables test case.
 2019-03-05 18:57:58 +01:00
Michael Boelen 19f38bc1ef
Updated entries 2019-03-04 13:40:40 +01:00
Michael Boelen 1214c24363
Updated log 2019-03-04 12:33:50 +01:00
Michael Boelen ff6446a5bc
Added 'show eol' command 2019-03-04 12:33:25 +01:00
Michael Boelen f7a291a62f
Use datestamps instead of date, due to compatibility with other platforms 2019-03-04 12:33:03 +01:00
Michael Boelen 9d8b12e0f8
Initial lookup with awk corrected 2019-03-04 12:13:47 +01:00
Michael Boelen e0b93ed0cc
Replace awk statement with grep to simplify search 2019-03-04 12:08:47 +01:00
Michael Boelen ab9a53169b
Updated log 2019-02-28 10:20:26 +01:00
Michael Boelen 19921ab001
Style improvements, typo, variable usage 2019-02-28 10:19:09 +01:00
chr0mag 353cf84413 [AUTH-9252] Sudo configuration file/folder check improvements (#637) 
* [AUTH-9252] Adds support for files in sudoers.d

This commit adds permission checks for files found in 'sudoers.d'.
Previously only the main 'sudoers' file is checked. Fixes #600.

* [AUTH-9252] Check drop-in directory permissions

The test case currently only checks file permissions. This adds
logic to check the drop-in directory permissions as well.

* [AUTH-9252] Check file/folder ownership

This test currently only checks file/directory permissions. This
commit adds checks to ensure sudo configuration files/folders are
owned with UID=0 and GID=0.
 2019-02-28 10:15:57 +01:00
dataking 76ec39176a Fix #638. (#640) 
* fix for issue #453; simply add RPi/Raspian path to PAM_FILE_LOCATIONS

* Only use data before # to handle inline comments in /etc/resolv.conf.
 2019-02-28 09:51:57 +01:00
Michael Boelen 7ae90d6405
Updated log 2019-02-26 16:16:35 +01:00
Michael Boelen ba26eeb263
Switch to dev for 2.7.2 2019-02-26 16:15:47 +01:00
Michael Boelen 34a2742cdb
Initial support for end-of-life OS detection 2019-02-26 16:15:15 +01:00
Michael Boelen 672677bae1
Release 2.7.1 2019-01-31 14:49:12 +01:00
Michael Boelen 08ed748a86
Disable logging of virtual host to report due to length 2019-01-31 14:49:00 +01:00
Michael Boelen 66066ae226
Changed year and preparing for new release 2019-01-31 14:47:35 +01:00
TheFlipside 7fded881d8 Update tests_system_integrity (#627) 
https://github.com/CISOfy/lynis/issues/626
 2019-01-31 14:28:18 +01:00
Michael Boelen 7d3ba95854
Updated log 2019-01-31 14:27:45 +01:00
Michael Boelen 41d5d61a16
Removed non-compatible code (eg AIX) 2019-01-31 14:27:36 +01:00
Michael Boelen bca2d00ad7
Added STATUS_WEAK 2019-01-14 18:49:49 +01:00
Michael Boelen 750f55bd27
Minor changes and remarks regarding HostID 2019-01-14 11:13:37 +01:00
Michael Boelen 11368b4ca8
Added STATUS_WEAK 2019-01-14 11:13:03 +01:00
Michael Boelen d2c03c05df
Updated log 2018-12-31 10:03:34 +01:00
Michael Boelen 533a0631e7
Remove unneeded variable for firewall as data is stored in report 2018-12-31 10:03:26 +01:00
Michael Boelen 0b6a14b643
Updated log 2018-12-29 17:10:15 +01:00
Michael Boelen 21956cc42c
[LOGG-2190] added filter for MariaDB, tested onCentOS 2018-12-29 17:10:06 +01:00
Michael Boelen c7eb855ff0
Updated log 2018-12-17 09:59:28 +01:00
Michael Boelen e014e12310
Remove FIND1 variable, as we prefer FIND to limit number of variables 2018-12-17 09:58:57 +01:00
Capashenn 47e37bf058 [AUTH-9282][AUTH-9283] Add support for RedHad and clones (#609) 
[AUTH-9282][AUTH-9283] Add support for Red Hat and clones
 2018-12-17 09:55:41 +01:00
theycallhimpat d024d5296e Fix error printed to screen when run from shell without "command" (#601) 
Issue is present on busybox ash shell without "command" builtin. Fix
issue by redirecting errors to /dev/null
 2018-12-17 09:54:44 +01:00
theycallhimpat 0f32d2725c Fix printed error when wget comes from busybox (#602) 
Busybox's wget does't provide the -V parameter to get the version, so
redirect stderr to /dev/null to hide the printed error message
 2018-12-17 09:53:27 +01:00
Michael Boelen a026681a06
Changed version example 2018-12-15 15:42:46 +01:00
Michael Boelen 40f3770453
Updated log 2018-12-14 13:22:42 +01:00
Michael Boelen b9c3590f41
[FIRE-4534] Additional support for Hands Off!, LuLu, and Radio Silence 2018-12-14 13:22:23 +01:00
marcinozga b98217aba9 Update tests_firewalls (#599) 
Added detection of Little Snitch alternative firewalls: Hands Off!, LuLu, and Radio Silence.
 2018-12-14 13:20:01 +01:00
Michael Boelen 18b2745bab
Updated log 2018-12-14 13:18:10 +01:00
Michael Boelen 81f67584cb
[BOOT-5177] changed note to a hint 2018-12-14 13:17:46 +01:00
Michael Boelen ae0915899e
Updated log 2018-12-13 12:14:51 +01:00
Katarina Durechova 2fb4ae4987 [SHLL-6230] Add etc/bash.bashrc.local to umask check (#595) 2018-12-13 12:13:27 +01:00
柯豪 760ed040c8 Fix MacOS Mojave detect pattern (#603) 2018-12-13 12:12:26 +01:00
Katarina Durechova 50e147a1e6 Add Slovak translation (#596) 2018-12-13 12:11:16 +01:00
Michael Boelen 0308823966
Switch to development release 2018-10-30 13:39:59 +01:00
Michael Boelen 28a2580a36
Detection added for macOS Mojave 2018-10-30 13:39:47 +01:00