tyler.durden
/
lynis
mirror of https://github.com/CISOfy/lynis.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
684 Commits 2 Branches 63 Tags 18 MiB
Commit Graph

471 Commits

Author SHA1 Message Date
mboelen d786c687a1 Added variables which were not initialized before 2015-09-16 17:00:12 +02:00
Alexander Lobodzinski 37f9dcb8cc Bugfix for BSD: unrelated variable got logged instead of umask 2015-09-14 19:38:00 +02:00
mboelen df5ff883da Merge branch 'master' of https://github.com/CISOfy/Lynis 2015-09-12 15:19:29 +02:00
mboelen 6fbe0e95c5 Changes to comments only 2015-09-12 15:19:21 +02:00
Alexander Lobodzinski d2c0e7491e In quiet mode, hardening index was not written to log and report files 2015-09-11 14:54:38 +02:00
mboelen 78f32c2f28 Added screen output for /etc/login.conf 2015-09-10 21:46:23 +02:00
mboelen 7d0759297e Corrected case function 2015-09-10 21:42:30 +02:00
mboelen 21d305b689 Add support for testing umask value in /etc/login.conf like FreeBSD systems 2015-09-10 21:07:06 +02:00
mboelen 0b9c6132c6 Add test [SHLL-6230] to test for umask values in common shell configuration files 2015-09-10 21:06:40 +02:00
mboelen fa98d9bba2 Import of tool tips section 2015-09-10 21:05:04 +02:00
mboelen b43bf17954 Remove tool tips section from report 2015-09-10 21:04:18 +02:00
mboelen 28d9a49a5f Renamed BINPATHS to BIN_PATHS 2015-09-10 19:45:12 +02:00
mboelen 0db8eca467 Count total amount of suggestions and warnings 2015-09-10 09:18:20 +02:00
mboelen 7feb7e9a6c Show amount of suggestions and warnings 2015-09-10 09:18:03 +02:00
mboelen b6c0736d6e Added counters for suggestions and warnings 2015-09-10 08:35:57 +02:00
mboelen a8972b7b7f Changed exit codes when using incorrect parameters 2015-09-10 08:35:40 +02:00
mboelen 7f4ee7ba56 Added ExitCustom function and notes for virtualization 2015-09-10 08:35:09 +02:00
mboelen 090bb2d4eb Extended virtualization tests and logging 2015-09-09 20:24:48 +02:00
mboelen 5f2ef483f6 Improved tests and logging for automation tools 2015-09-08 16:02:41 +02:00
Michael Boelen e1c2891db9 Merge pull request #74 from alobodzinski/tooling-cf3 
CFEngine 3 detection
 2015-09-08 15:08:49 +02:00
mboelen 174172eeba Simplify: clarify if a particular set of module is not available, instead of showing cross 2015-09-08 14:59:25 +02:00
mboelen e9373b59b0 Cleanup: Don't show pflogd status on screen, when pf is not available 2015-09-08 14:49:42 +02:00
Alexander Lobodzinski 66ff2a9229 Fixed typos 2015-09-08 14:28:24 +02:00
Alexander Lobodzinski 2d72fe18d3 Detect automation with Cfengine 3 2015-09-08 14:19:11 +02:00
mboelen 1316fdf38b Changed identation for GRUB2 test 2015-09-07 21:13:12 +02:00
Michael Boelen 59390f1717 Merge pull request #73 from laurentquillerou/nginx-conf 
Include main nginx.conf file in parsing.
 2015-09-07 21:06:08 +02:00
Michael Boelen 48fd39c570 Merge pull request #71 from alobodzinski/openbsd-httpd 
merging pull request to skip httpd on OpenBSD systems.
 2015-09-07 20:58:55 +02:00
Laurent Quillerou b83c3fbb10 Include main nginx.conf so that it generate nginx_config_option 2015-09-07 18:52:19 +03:00
mboelen e50eef0c19 Added hint for possible extension to kernel scheduler 2015-09-07 17:43:00 +02:00
mboelen d23ef2db0b Changed screen identation of GRUB2 test 2015-09-07 17:42:29 +02:00
mboelen 1283ccc061 Added new test for UEFI detection [BOOT-5116] and storing data in report 2015-09-07 17:41:05 +02:00
mboelen 919995eb5a Added UEFI_BOOTED_SECURE 2015-09-07 17:40:26 +02:00
mboelen 429fb62fd7 Added UEFI_BOOTED 2015-09-07 17:40:03 +02:00
Laurent Quillerou 3cdd9ea949 Delete trailing whitespace 2015-09-07 18:35:07 +03:00
Alexander Lobodzinski f7ec431a65 /usr/sbin/httpd on OpenBSD is builtin non-Apache webserver, do not run with -v 
If Apache is installed it is detected in /usr/local/sbin/httpd nevertheless
 2015-09-07 17:31:18 +02:00
Michael Boelen a90d225bf4 Merge pull request #68 from d4t4king/master 
include/tests_filesystems tweak
 2015-09-07 12:06:06 +02:00
mboelen 84baf688c8 Renumber test and search for explicit yes value, log status 2015-09-07 11:26:09 +02:00
Michael Boelen f471bf9d96 Merge pull request #70 from kboratynski/auth-9407 
Wrote 'AUTH-9407' - logging failed login attempts.
 2015-09-07 11:19:40 +02:00
mboelen 5165e57b86 Added report option to store logging status of failed logins 2015-09-07 11:17:38 +02:00
mboelen 53840a4cfb Added variable for logging status of failed logins 2015-09-07 11:17:08 +02:00
mboelen fc27379452 Minor cleaning up and improved comment 2015-09-07 10:13:20 +02:00
Kamil Boratyński 0e97f7936f Wrote 'AUTH-9407' - logging failed login attempts. 2015-09-07 04:12:58 +02:00
mboelen a42e8feac2 Added Unbound status and configuration check, logging name cacher status to report file 2015-09-06 21:38:21 +02:00
mboelen 88caa85f59 Added default values for name cachers and Unbound status 2015-09-06 21:37:26 +02:00
mboelen 4a354c8479 Change ipfw to IPFW, change exeception ID for IPFW test 2015-09-06 17:42:56 +02:00
mboelen 10a300ddb7 Don't show pf status on screen when it is not available 2015-09-06 17:38:15 +02:00
Michael Boelen 8ab314cf07 Merge pull request #43 from rsmith-nl/ipfw 
Add test for 'ipfw' firewall on FreeBSD.
 2015-09-06 17:34:36 +02:00
mboelen 05dd1a6814 Remove systemctl to detect virtualization, use systemd-detect-virt instead 2015-09-05 18:51:36 +02:00
mboelen 461920ff72 Enabled dmidecode for virtualization detection 2015-09-05 18:41:04 +02:00
Michael Boelen 2fd7788b9b Merge pull request #58 from markruys/master 
More reliable and often faster check to determine virtualization.
 2015-09-05 17:34:18 +02:00
squid-cache-object 12d9b38288 Update tests_filesystems 2015-09-03 14:14:02 -07:00
Michael Boelen 3927d60b8e Merge pull request #69 from alobodzinski/name-4406-hostname-clash 
Do not let a hostname that is contained in "localhost" like "cal" tri…
 2015-09-03 17:35:25 +02:00
Alexander Lobodzinski e1a87794bc Do not let a hostname that is contained in "localhost" like "cal" trigger a false positive 2015-09-03 17:20:34 +02:00
mboelen d9b7d9a9fd Combined several potential mount option tests into 1 unit 2015-09-03 15:44:10 +02:00
mboelen f4c2bd52fb Ensure that docker is a file, not directory in /usr/libexec 2015-09-03 15:43:33 +02:00
mboelen 235b228fe2 Added vmtoolsd detection 2015-09-03 11:15:55 +02:00
dataking e37446521d include/tests_filesystems tweak 2015-09-01 11:50:07 -07:00
mboelen 2577caf66d Only show suggestion for ntpdate if ntpd isn't running 2015-09-01 17:40:05 +02:00
mboelen d2aaa9662e Changed test description 2015-09-01 16:10:16 +02:00
mboelen 18d97ce60e Use different status for unused firewall rules 2015-09-01 15:50:14 +02:00
mboelen 8cefc0f7b9 Show different status on screen when expired SSL certificates were found 2015-09-01 15:49:50 +02:00
mboelen d4b1812962 Changed screen output when finding old files in /tmp 2015-09-01 15:47:32 +02:00
mboelen 401bf26c91 NIS improvement for test 2015-09-01 13:37:55 +02:00
mboelen 7cb9e364c7 Proper filtering for IPv6 addresses 2015-08-31 13:23:17 +02:00
mboelen d1ae757240 Replaced -z for empty string testing 2015-08-20 18:50:30 +02:00
Michael Boelen afe30cf3a7 Merge pull request #56 from mpepping/master 
Comparison error when Docker is present, but the daemon is not running (or unset).
 2015-08-20 18:48:32 +02:00
mboelen 210ba41a3c Improved umask detection and logging 2015-08-20 18:46:06 +02:00
mboelen 649f0cfb3c Improved BOOT-5180 detection for newer systems like Debian 8 and screen output enhancement 2015-08-20 18:37:03 +02:00
mboelen 7bd91675fe Improved debug logging 2015-08-19 16:20:21 +02:00
mboelen 0c2a9daef9 Show help on screen 2015-08-19 16:19:14 +02:00
mboelen 8c1e1f29a3 Additional logging 2015-08-19 16:02:50 +02:00
mboelen 2e87b8fde9 Apply additional checks on first cURL command execution 2015-08-19 15:51:52 +02:00
mboelen c153344240 Capture self-signed certificates during upload with cURL 2015-08-19 15:31:24 +02:00
Mark Ruys 919e48001d More reliable and often faster check to determine virtualization. 2015-07-27 12:38:13 +02:00
Martijn Pepping 25c8567b57 Fixed an comparison error when Docker is present, but the daemon is not running (or unset). 2015-07-24 23:58:50 +02:00
Mark Ruys c998924b51 Fix STRG-1840 (Check for disabled USB storage) 2015-07-24 15:11:39 +02:00
mboelen dd66273f41 Removed unused categories 2015-07-22 18:28:34 +02:00
mboelen db131518f0 Clean up code 2015-07-22 17:37:39 +02:00
mboelen afd01ece5d Remove incomplete tests, code enhancements 2015-07-22 17:37:11 +02:00
mboelen 66fb369593 Copyright line changes and cleanups 2015-07-22 16:28:11 +02:00
mboelen 17c44ced52 Include examples and clarify usage 2015-07-22 14:57:57 +02:00
mboelen 8f9a616854 Add more descriptive text to the template 2015-07-22 14:26:25 +02:00
mboelen 2b1061ef14 Added suggestions for Solaris auditing 2015-07-22 13:47:44 +02:00
mboelen fd5c968d16 Cleaning up some lines 2015-07-22 13:44:30 +02:00
mboelen afaecd9512 Removing deprecated strings and cleaning up 2015-07-22 12:21:36 +02:00
mboelen 95d08a735a Optimizing code, cleaning up 2015-07-22 12:20:27 +02:00
mboelen e06d706c83 Optimizing code, cleaning up 2015-07-22 12:20:03 +02:00
mboelen 6857f01500 Added LDAP configuration file location to report, and code cleanups 2015-07-16 17:02:15 +02:00
James White f341b01e4d Fix false positive matches with unsafe ports on SQD-3624 
The grep statement needs to be modified to prevent tagging port values that contains a value in `SQUID_DAEMON_UNSAFE_PORTS_LIST` but aren't actually the listed port.
 2015-07-15 11:50:56 +01:00
Michael Boelen 4266992f6b Merge pull request #39 from aneeshusa/check-locate-preqs 
Prevent the locate test from running spuriously when locate is not present.
 2015-07-14 00:55:47 +02:00
Michael Boelen 6694add635 Merge pull request #38 from aneeshusa/update-systemd-sulogin-detection 
Update check for sulogin under systemd.
 2015-07-14 00:49:40 +02:00
mboelen e8111a124f Increase default minimum amount of connections before alerting 2015-07-14 00:31:59 +02:00
mboelen 7d30538311 Added missing bracket 2015-06-17 17:13:44 +02:00
mboelen b947bb085c Changed detection, added examples of fstab entries 2015-06-17 17:06:51 +02:00
mboelen f34e59663f Report hardening index, even when report is not shown 2015-06-11 20:50:19 +02:00
mboelen f0026427bb Textual changes 2015-06-11 13:58:30 +02:00
mboelen 0d4b25d308 Disable suggestion for this test 2015-06-11 13:58:16 +02:00
mboelen e13a9087ea Added compilers to report 2015-06-11 13:57:57 +02:00
mboelen 72feac9638 Added additional legal words for banner usage 2015-06-11 13:57:37 +02:00
mboelen 785ac74f91 Moved tests to new container group 2015-05-27 12:36:34 +02:00