tyler.durden
/
lynis
mirror of https://github.com/CISOfy/lynis.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
3,220 Commits 2 Branches 63 Tags 18 MiB
Commit Graph

2115 Commits

Author SHA1 Message Date
Simon Biewald e917269d01 Reduce tr hostname checking expression 
Solaris' tr does not support full regular expressions.
 2020-10-25 20:25:31 +00:00
Simon Biewald 1a75d66ad9 Use netstat on Solaris to gather listening ports 2020-10-25 20:21:33 +00:00
Simon Biewald 8ee60cea35 Test if /etc/grub.d is a directory, instead always true 2020-10-25 20:14:08 +00:00
Michael Boelen 499cf1cdb9
Small code enhancements 2020-10-25 18:48:42 +01:00
Michael Boelen e66709e13b
Merge pull request #1011 from Varbin/986-sysstat-systemd 
[ACCT-9626] Detect sysstat systemd unit
 2020-10-25 18:47:01 +01:00
Michael Boelen 43d0c6a8fd
Merge branch 'master' into add-suricata-ids-ips-test 2020-10-25 12:50:25 +01:00
Michael Boelen bd6e1d5d39
Include AUTH-9284 and minor changes 2020-10-22 14:17:01 +02:00
Michael Boelen e67f786caa
Merge pull request #1009 from danielorihuela/feature/get-info-on-locked-accounts 
[AUTH-9284] Feature: gather locked accounts info
 2020-10-22 14:13:34 +02:00
Michael Boelen 1fe12c0023
Merge pull request #1008 from kolenichsj/master 
Alpine Improvements
 2020-10-22 13:28:05 +02:00
Michael Boelen 01c970f73f
Merge pull request #1044 from delscate/master 
Fix wc and head cmd when using busybox
 2020-10-22 13:24:56 +02:00
Thomas Sjögren 4671fb7fb9 add Synology Antivirus Essential malware scanner 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2020-10-22 12:10:01 +02:00
Michael Boelen 7930644b6c
Merge branch 'master' into fix_nginx_parser 2020-10-22 08:43:44 +02:00
Stéphane 67d04f2536
Add translate function for all sections 
+ add EN and FR up to date languages files
 2020-10-22 00:13:42 +02:00
Michael Boelen 4aeb244789
Merge pull request #1048 from konstruktoid/pgrep 
require pgrep before usage
 2020-10-21 15:08:21 +02:00
Michael Boelen 8e07c3e9dc
Merge pull request #1013 from Jimver/timesyncd_fix 
[TIME-3185]: Change timesyncd synchronization file
 2020-10-21 15:02:03 +02:00
Michael Boelen 71c474f455
[KRNL-5830] ignore rescue kernel on systems such as CentOS 2020-10-21 14:40:30 +02:00
Thomas Sjögren 3124a04ce9 require pgrep before usage 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2020-10-21 11:27:44 +02:00
Michael Boelen 92df49d08e
Merge pull request #973 from igloonet/fix/functions-parse-nginx-abs-path 
Support absolute paths in nginx includes and fix ls warning on empty directories
 2020-10-20 13:38:08 +02:00
Michael Boelen 4a99f3bdad
Merge pull request #1017 from Varbin/1014-flatcar-detection 
Add support for Flatcar Container Linux
 2020-10-20 13:14:18 +02:00
Michael Boelen 551429d85b
Merge pull request #1042 from steph78630/master 
Add missing constants (CISOfy #1035)
 2020-10-20 13:13:00 +02:00
Michael Boelen 3dd8fba196
Merge pull request #1043 from konstruktoid/mageia 
Mageia got /etc/os-release and add Mageia EOL dates
 2020-10-20 13:11:54 +02:00
Michael Boelen 77b93ae73d
Added SLES detection via /etc/os-release 2020-10-20 13:06:40 +02:00
Thomas Sjögren bc85cbb0ba add Void Linux 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2020-10-20 11:49:05 +02:00
Fabien Lehoussel ae7be7599e Fix head cmd with busybox 2020-10-19 15:09:43 +02:00
Fabien Lehoussel 537624da15 Fix wc command with --lines argument to be used with busybox 2020-10-19 15:02:48 +02:00
Thomas Sjögren 68e8ef862e mageia got /etc/os-release 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2020-10-19 12:38:59 +02:00
Thomas Sjögren f0ded6c2a3 add Mageia EOL dates and grep /etc/mageia-release 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2020-10-19 12:07:16 +02:00
Stéphane af57959d6a
Add missing constants 
From #1035 issue
 2020-10-19 00:41:11 +02:00
Michael Boelen 61c6d5df8d
[PKGS-7410] Don't show exception if no kernels were found on the disk 2020-10-17 13:40:09 +02:00
Michael Boelen 6238f5bc8f
Define RHEL as 'RHEL' 2020-10-17 13:26:11 +02:00
Michael Boelen 4a21fd9a5c
Merge branch 'master' into master 2020-10-17 13:23:08 +02:00
Michael Boelen 791800f95d
Added Zorin OS detection 2020-10-17 13:15:06 +02:00
Michael Boelen 760460528b
Added variable 2020-10-17 12:55:20 +02:00
Michael Boelen ba1cff941f
Improved detection of kernel by ignoring known incorrect values 2020-10-16 13:02:01 +02:00
Timo Sigurdsson 15799cf57e Add test for Suricata IDS/IPS 
Commit 94e0a4e added a test for the Suricata binary, but the result appears to
be used nowhere. Add a proper test for an active Suricata daemon in the
IDS/IPS tooling section.

Signed-off-by: Timo Sigurdsson <public_timo.s@silentcreek.de>
 2020-10-11 02:25:37 +02:00
Sergey Zhemoitel 85d36db113 Add ROSA Linux detection 2020-10-08 23:06:35 +03:00
Michael Boelen c6bd185fd7
Resolved merge conflict 2020-10-02 11:05:04 +02:00
Michael Boelen 5e0a4e685d
Added CloudLinux 2020-10-02 10:57:58 +02:00
Michael Boelen 768d8a62e8
Updated log 2020-10-02 10:55:36 +02:00
Michael Boelen a1f794cc75
Don't provide suggestion to install pseudo rng at this moment 2020-09-03 10:54:21 +02:00
danielorihuelarodriguez@gmail.com 5ca6b7ed79 feature: take into account LK 
Some distributions like CentOS 8 contains "LK" instead of "L" for
locked users.
 2020-08-28 23:19:37 +02:00
Simon Biewald 93a71539d5
Add support for Flatcar Container Linux 
Fixes cisofy/lynis#1014.

Flatcar is a for of CoreOS. Thus the variable LINUX_VERSION_LIKE
(introduced with #1004) for Flatcar is CoreOS.
 2020-08-27 21:49:17 +02:00
Jimver 554dd2d5e9
Better log message 2020-08-27 12:57:22 +02:00
Jimver e6891feeb4
Remove newline 2020-08-27 12:52:59 +02:00
Jimver cd94da3449
Use shell wildcard expansion now 2020-08-27 12:50:48 +02:00
Jimver 6f6e21add2
Fix wildcard expansion, absolute path handling and output to stderr 2020-08-26 16:38:35 +02:00
Jim 84fd612c91
Add check for other clock files for earlier systemd versions 2020-08-24 17:59:06 +02:00
Jim dabac5bf89
Change timesync sync file, fixes #1012 2020-08-23 22:41:19 +02:00
danielorihuelarodriguez@gmail.com c857ee7cf2 fix: take into account unlocked system accounts 2020-08-23 19:54:59 +02:00
Simon Biewald bd7131f6db Detect sysstat systemd unit 2020-08-19 20:47:09 +00:00
danielorihuelarodriguez@gmail.com 6bad6b058b feature: gather locked accounts info 2020-08-10 19:27:43 +02:00
Steve Kolenich f65f4d011b Improve detecting kernel version on disk 
Improve handling of kenrel files
/boot/vmlinuz-linux-lts
/boot/vmlinuz-linux
/boot/vmlinuz-lts
by updateing RegEx and adding elif
this corrects issue where version is identified
as 'linux' or 'lts' causing false report that a
reboot is needed
 2020-08-10 12:27:30 -04:00
Michael Boelen 792a202934
Merge pull request #913 from topimiettinen/check-der-certs 
[CRYP-7902] Check also certificates in DER format
 2020-08-07 11:54:39 +02:00
Michael Boelen 4206177081
Merge pull request #981 from Varbin/openntpd-equals 
[TIME-3180, TIME-3181, TIME-3182] Fix OpenNTPD tests
 2020-08-07 11:50:22 +02:00
Michael Boelen 30e0fed04f
Merge pull request #993 from Varbin/more-cron-ntp 
[TIME-3104] Find more time synchronization commands
 2020-08-07 11:46:51 +02:00
Michael Boelen 21311364e7
Merge pull request #980 from Varbin/953-timesyncd-no-dbus 
Fix timesyncd detection on systems without dbus.
 2020-08-07 11:44:06 +02:00
Michael Boelen 343e9bdc1c
Merge pull request #974 from igloonet/feature/warn-slow-settting 
Command line option for slow test threshold
 2020-08-07 11:39:39 +02:00
Steve Kolenich 33d8e8e00b Adding Alpine Linux to OSDetection 2020-08-06 20:15:18 -04:00
Michael Boelen 30c8a92594
Merge pull request #994 from konstruktoid/issue992 
add Microsoft Defender ATP, malware scanner
 2020-08-05 11:49:32 +02:00
0ri0n f988e573db
Add missing PHP 7.4 check for BSD 2020-07-27 13:59:46 -04:00
0ri0n 9b388518de
Add PHP 7.4 Detection Paths 2020-07-26 23:33:34 -04:00
Thomas Sjögren baf5f7ad4d add Microsoft Defender ATP, malware scanner 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2020-07-21 23:56:47 +02:00
Simon Biewald e27208a342
use STATBINARY, put filename in variable 2020-07-10 00:48:12 +02:00
Simon Biewald 7ba220811f
use = instead of == 2020-07-10 00:41:45 +02:00
Simon Biewald 092fe08c40
shellcheck: check exit code directly 2020-07-10 00:40:36 +02:00
Simon Biewald d4639b3c6a
find more cron ntp clients, iterate over cron files with glob 2020-07-10 00:29:35 +02:00
Simon Biewald 9107867fa1
use correct regex and comparison to match peers 2020-07-09 18:57:01 +02:00
Simon Biewald df7c6257a5
compare correct stuff in openntpd tests 
I accidentially compared rubbish in the openntpd tests,
thus they were not executed at all.
Additionally, == was used instead of =.
 2020-07-09 18:41:09 +02:00
Simon Biewald 38b6105c60
add new test to test database 2020-07-09 18:27:02 +02:00
Simon Biewald b2be7c160e
detect and test for timesyncd w/o working timedatectl 
On systems without dbus timedatectl does not work.

Thus it is checked if timesyncd currently runs and when
/run/systemd/timesyncd/synchronized was last modified.
Timesyncd touches this file on any sucessfull synchronization.
This is documented in systemd-timesyncd(8).

The new test for successfull documentation has the id TIME-3185.
 2020-07-09 18:19:35 +02:00
Kepi a2e752a8db [functions] ParseNginx: Ignore empty included wildcards 
Its ok to have empty directories included. We should not output errors with
lsbinary unable to find anything there.
 2020-07-07 15:38:19 +02:00
Kepi de18ddc2c0 [functions] ParseNginx: Support include on absolute paths 
Includes can be absolute paths too. This is quick fix counting on fact that
absolute paths have slash at start.
 2020-07-07 15:37:56 +02:00
Michael Boelen 9165cb76fa
Merge pull request #972 from igloonet/fix/FILE-6425-no-modprobe-d 
[FILE-6430] Don't grep nonexistant modprobe.d files
 2020-07-07 12:29:11 +02:00
Michael Boelen 6eae35e564
Fix for too short IDs due to hexdump output missing leading or trailing zeroes 2020-07-06 09:26:27 +02:00
Kepi f94817f66f Command line option for slow test threshold 
IMHO it should be OK to run long tests if we count with it.

Example:

    lynis audit system --slow-warning 300

Will warn when test takes longer than 300 seconds, instead of default 10.
 2020-07-02 23:42:28 +02:00
Kepi 9d52395952 [FILE-6430] Don't grep nonexistant modprobe.d files 
We don't want to grep files in modprobe.d when dir is empty. Uses same approach
as in USB-1000.
 2020-07-02 18:22:03 +02:00
Michael Boelen ea38da3439
Add /etc/os-release detection of Linux Mint 2020-06-28 14:58:23 +02:00
Chris Lynch 5b11c468eb Fix for Issues #964 - Pop!_OS added to osdetection 2020-06-27 10:44:31 +01:00
Michael Boelen 96e7ba5aaa
Activate test for all operating systems, remove function keyword 2020-06-27 10:21:24 +02:00
Wes Price dcf9bd0938 [AUTH-9229] resolving syntax error on MacOS Catalina 2020-06-26 12:29:40 -10:00
Michael Boelen e6c6fdc9a8
[AUTH-9229] Undo escaping exclamation mark and disabling test for AIX and macOS 2020-06-26 10:24:37 +02:00
Michael Boelen 871f95cbf3
Use BSD style format when calling stat 2020-06-26 09:53:23 +02:00
Michael Boelen 9f0bbf52ea
[FIRE-4534] set initial state 2020-06-26 09:44:39 +02:00
Michael Boelen 68c6bdff16
[AUTH-9229] escaped exclamation mark 2020-06-26 09:34:40 +02:00
Michael Boelen 8a5b2a4099
Merge pull request #920 from jsrc27/Fix-KRNL-5730 
Fix KRNL-5730 to properly check /proc/config.gz
 2020-06-24 09:21:32 +02:00
Michael Boelen c707b7d100
[MALW-3280] added additional BitDefender process 2020-06-24 08:09:12 +02:00
Michael Boelen 36f86d76c4
[AUTH-9229] added option to look for LOCKED accounts 2020-06-23 13:57:14 +02:00
Michael Boelen 610f70d5aa
[INSE-8312] corrected text 2020-06-23 13:56:13 +02:00
Alexander Lackner d7870e3f5c Added macOS Big Sur (11.0) 2020-06-22 20:44:58 +02:00
Michael Boelen b980223d42
Merge pull request #958 from Steve8291/patch-2 
fix stderr output from cryptsetup status
 2020-06-22 14:26:47 +02:00
Michael Boelen 75738ceeab
Fix for language detection, unset LANG as right place 2020-06-22 10:25:02 +02:00
Michael Boelen a2f8bdc5f8
[BOOT-5122] presence check for grub.d added 2020-06-22 10:18:01 +02:00
Steve8291 c02ce49ce3
fix stderr output from cryptsetup status 
Redirected stderr to /dev/null to silence output of `cryptsetup status /swap.img`
This was causing error output from my cron script.
Otherwise, if the swap file is not encrypted then the following error will be printed:
`Device swap.img not found`
 2020-06-21 10:47:28 -04:00
Michael Boelen 6d9b530bf4
[KRNL-5830] improved detection for non-symlinked kernel on disk 2020-06-21 13:14:08 +02:00
Michael Boelen aebd5ed9b3
Remove unneeded line in log to prevent double entry 2020-06-21 12:57:05 +02:00
Michael Boelen b2350f2f6c
Add log entry to help troubleshooting users that still use old-style configuration entries in profile 2020-06-21 12:52:50 +02:00
Michael Boelen 6a9e94befb
Reordered items, added Kali Linux, improved exception message 2020-06-19 11:10:22 +02:00
Michael Boelen 3b9eda53cc
CVE-2019-13033 - Discovered by Sander Bos 2020-06-18 12:36:04 +02:00
Michael Boelen 2398c74783
Merge pull request #941 from iain-cuthbertson-siftware/bugfix/allow-mixed-case-hostnames 
Adds uppercase option to the hostname validation regex
 2020-06-02 18:50:35 +02:00
Michael Boelen 05ea9f873d
[FILE-6330] corrected description 2020-06-02 16:34:35 +02:00