Commit Graph

108 Commits

Author SHA1 Message Date
xnoguer 6f1797fb59 Using grep -E 2023-04-23 17:38:21 -04:00
Thomas Sjögren 975712a616 add plocate
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
2022-05-15 23:58:43 +02:00
Thomas Sjögren 9819ac4023 allow unknown number of spaces in modprobe blacklists
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
2021-10-26 10:53:33 +02:00
Rob Chekaluk b556450364 FILE-6344: support hidepid textual values 2021-06-21 08:53:43 -04:00
Michael Boelen 0506d4467a
Merge pull request #1105 from afunix/1103-blacklisted-modules
1103: FILE-6430 reports suggestion only when at least one kernel module is not in the blacklist
2021-04-28 09:41:59 +02:00
Michael Boelen aab6af4017
Merge pull request #1118 from steph78630/master
Add translated status
2021-04-01 13:34:20 +02:00
Stéphane 3683ffd3c4
Add translated status 2021-03-02 23:31:41 +01:00
Pavel Malyshev fba5120f3f 1103: FILE-6430 reports suggestion only when at least one kernel module is not in the blacklist 2021-01-07 17:29:06 -06:00
Michael Boelen da1c1eca10
Preparation for release 3.0.3 2021-01-07 15:22:19 +01:00
Stéphane f1604c2e55
Add and improvements strings 2021-01-05 11:53:11 +01:00
Michael Boelen 01c970f73f
Merge pull request #1044 from delscate/master
Fix wc and head cmd when using busybox
2020-10-22 13:24:56 +02:00
Stéphane 67d04f2536
Add translate function for all sections
+ add EN and FR up to date languages files
2020-10-22 00:13:42 +02:00
Fabien Lehoussel 537624da15 Fix wc command with --lines argument to be used with busybox 2020-10-19 15:02:48 +02:00
Kepi 9d52395952 [FILE-6430] Don't grep nonexistant modprobe.d files
We don't want to grep files in modprobe.d when dir is empty. Uses same approach
as in USB-1000.
2020-07-02 18:22:03 +02:00
Michael Boelen 05ea9f873d
[FILE-6330] corrected description 2020-06-02 16:34:35 +02:00
Michael Boelen b285623ac2
Remove double space 2020-06-02 16:30:43 +02:00
Michael Boelen f232b4f9bb
Added quotes 2020-04-01 16:18:03 +02:00
Sander 4732b640ae Adding test FILE-6394 2020-03-28 19:23:00 +00:00
Topi Miettinen 339e0c3207
[FILE-6374]: Summarize unhardened file system
Report total numbers of unhardened filesystems.

Signed-off-by: Topi Miettinen <toiwoton@gmail.com>
2020-03-25 09:18:16 +02:00
Michael Boelen 3c8e3b0adb
Merge pull request #862 from topimiettinen/blacklist-fs
FS module tests: check if modules are blacklisted
2020-03-24 13:34:05 +01:00
Michael Boelen f83025a283
Merge pull request #860 from topimiettinen/harden-mount-options
Harden mount options for /var, check also /dev and /run
2020-03-24 13:27:50 +01:00
Topi Miettinen 0da82a18cb
FS module tests: check if modules are blacklisted
Check if FS modules are blacklisted.

Signed-off-by: Topi Miettinen <toiwoton@gmail.com>
2020-03-23 17:43:53 +02:00
Michael Boelen 38310223a6
Updated date/year 2020-03-20 14:50:25 +01:00
Topi Miettinen 72e8f572bf
Harden mount options for /var, check also /dev and /run
There should not be any need for char/block devices in /var, so
propose nodev. Sockets are not affected.

Check also /dev for noexec,nosuid and /run for
nodev,nosuid. Historically there was /dev/MAKEDEV script but that's
long gone.

In case a file system is not found in /etc/fstab, check if they are
mounted otherwise (e.g. via systemd mount units).

Signed-off-by: Topi Miettinen <toiwoton@gmail.com>
2020-03-19 16:39:02 +02:00
gfelkel d3287bd7ef
FILE-6310 for HP-UX
HP-UX: /usr/sbin/mount reports "/home on /dev/…", so $1 has to be used
2020-01-22 16:31:49 +01:00
Michael Boelen 35d248b74c
[FILE-6430] minor code improvements and show suggestion with more details 2019-12-18 19:20:48 +01:00
Michael Boelen 09f29a5e64
Code style improvement: quote argument 2019-12-18 12:17:46 +01:00
Michael Boelen f188bac7e8
Update description for FILE-6374 2019-10-08 15:10:02 +02:00
Michael Boelen ca0239b4d9
[FILE-6374] corrected defaults flag, added root directory, and changed logging 2019-09-12 16:34:45 +02:00
Michael Boelen fa8bad20db
Use -n instead of ! -z 2019-07-16 13:20:30 +02:00
Michael Boelen 61d8c91eeb
[FILE-6310] filter on correct field for AIX 2019-06-06 14:20:12 +02:00
Michael Boelen 256bc1da0f
Undoed submitted pull request as it breaks testing at least on Ubuntu system 2019-04-08 11:07:41 +02:00
Capashenn 137dc6f0cc fix FILE-6374 (#672) 2019-04-08 10:36:17 +02:00
Michael Boelen 2c83037cba
Minor cleanup 2019-04-02 07:58:10 +02:00
Capashenn 7b7086566d Add test FILE-6324 check XFS file systems (#699) 2019-04-02 07:46:04 +02:00
Michael Boelen 66066ae226
Changed year and preparing for new release 2019-01-31 14:47:35 +01:00
Michael Boelen d0f4a90c00
Grammar change 2018-09-06 07:55:58 +02:00
Katarina Durechova 993edc9738 [FILE-6363] Check for sticky bit on /var/tmp (#473) 2018-01-24 17:08:21 +01:00
Michael Boelen 66f8cb2441
Changed year 2018-01-11 09:50:26 +01:00
Michael Boelen dbec83566b
[FILE-6310] match mount points by exact name 2017-07-28 10:42:17 +02:00
Michael Boelen 4ecb9d4d05
[bulk change] cleaning up, code enhancements, initialization of variables, and new tests 2017-04-30 17:59:35 +02:00
hlein b595cc0fb5 Various cleanups (#363)
* Typo fix.

* Style change: always use $(), never ``.

The Lynis code already mostly used $(), but backticks were sprinkled
around.  Converted all of them.

* Lots of minor spelling/typo fixes.

FWIW these were found with:

  find . -type f -print0 | xargs -0 cat | aspell list | sort -u | egrep '^[a-z]+$' | less

And then reviewing the list to pick out things that looked like
misspelled words as opposed to variables, etc., and then manual
inspection of context to determine the intention.
2017-03-06 07:41:21 +00:00
Michael Boelen 295fe93ca6 [FILE-6372] Properly deal with comments in /etc/fstab 2017-03-01 16:11:17 +01:00
Michael Boelen 34ba1ba184 Changed date and preparing for release 2017-02-09 13:35:40 +01:00
Zach Crownover 659d3e42c5 Improve DragonFly support (#329)
* Update facter location for BSDs

BSDs tend to place third party binaries in /usr/local rather than /usr

* Add support for DragonFly boot loader detection

DragonFly BSD has the same file paths for the bootloader as FreeBSD

* Add kernel module checking for DragonFly

DragonFly BSD checks kernel modules the same way as FreeBSD

* Add DragonFly check for login shells

DragonFly's login files are the same as FreeBSD's

* Add HAMMER PFS Detection

All PFS mounts in HAMMER systems for DragonFly will be detected now
2016-11-19 12:39:57 +00:00
Michael Boelen 903016df36 Code cleanups and generic enhancements 2016-09-10 16:12:44 +02:00
Michael Boelen 82ededed31 Style improvements and command replacements 2016-09-08 21:04:17 +02:00
alobodzinski 01c687eb55 FILE-6336: Fixed flawed logic: work correctly even if there is no swap at all (#272) 2016-09-05 19:30:04 +02:00
Michael Boelen 0a0453e1bc [FILE-6344] Adjusted /proc test 2016-09-05 19:28:44 +02:00
Mark Ruys e6a829b6ed GlusterFS mounts are nodev and nosuid by default, and are invalid mount options. So ignore GlusterFS mount points. (#268) 2016-08-29 19:30:48 +02:00