tyler.durden
/
lynis
mirror of https://github.com/CISOfy/lynis.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
2,313 Commits 2 Branches 63 Tags 18 MiB
Commit Graph

1535 Commits

Author SHA1 Message Date
Michael Boelen e0b93ed0cc
Replace awk statement with grep to simplify search 2019-03-04 12:08:47 +01:00
Michael Boelen 19921ab001
Style improvements, typo, variable usage 2019-02-28 10:19:09 +01:00
chr0mag 353cf84413 [AUTH-9252] Sudo configuration file/folder check improvements (#637) 
* [AUTH-9252] Adds support for files in sudoers.d

This commit adds permission checks for files found in 'sudoers.d'.
Previously only the main 'sudoers' file is checked. Fixes #600.

* [AUTH-9252] Check drop-in directory permissions

The test case currently only checks file permissions. This adds
logic to check the drop-in directory permissions as well.

* [AUTH-9252] Check file/folder ownership

This test currently only checks file/directory permissions. This
commit adds checks to ensure sudo configuration files/folders are
owned with UID=0 and GID=0.
 2019-02-28 10:15:57 +01:00
dataking 76ec39176a Fix #638. (#640) 
* fix for issue #453; simply add RPi/Raspian path to PAM_FILE_LOCATIONS

* Only use data before # to handle inline comments in /etc/resolv.conf.
 2019-02-28 09:51:57 +01:00
Michael Boelen 34a2742cdb
Initial support for end-of-life OS detection 2019-02-26 16:15:15 +01:00
Michael Boelen 08ed748a86
Disable logging of virtual host to report due to length 2019-01-31 14:49:00 +01:00
Michael Boelen 66066ae226
Changed year and preparing for new release 2019-01-31 14:47:35 +01:00
TheFlipside 7fded881d8 Update tests_system_integrity (#627) 
https://github.com/CISOfy/lynis/issues/626
 2019-01-31 14:28:18 +01:00
Michael Boelen 41d5d61a16
Removed non-compatible code (eg AIX) 2019-01-31 14:27:36 +01:00
Michael Boelen bca2d00ad7
Added STATUS_WEAK 2019-01-14 18:49:49 +01:00
Michael Boelen 750f55bd27
Minor changes and remarks regarding HostID 2019-01-14 11:13:37 +01:00
Michael Boelen 11368b4ca8
Added STATUS_WEAK 2019-01-14 11:13:03 +01:00
Michael Boelen 533a0631e7
Remove unneeded variable for firewall as data is stored in report 2018-12-31 10:03:26 +01:00
Michael Boelen 21956cc42c
[LOGG-2190] added filter for MariaDB, tested onCentOS 2018-12-29 17:10:06 +01:00
Michael Boelen e014e12310
Remove FIND1 variable, as we prefer FIND to limit number of variables 2018-12-17 09:58:57 +01:00
Capashenn 47e37bf058 [AUTH-9282][AUTH-9283] Add support for RedHad and clones (#609) 
[AUTH-9282][AUTH-9283] Add support for Red Hat and clones
 2018-12-17 09:55:41 +01:00
theycallhimpat 0f32d2725c Fix printed error when wget comes from busybox (#602) 
Busybox's wget does't provide the -V parameter to get the version, so
redirect stderr to /dev/null to hide the printed error message
 2018-12-17 09:53:27 +01:00
marcinozga b98217aba9 Update tests_firewalls (#599) 
Added detection of Little Snitch alternative firewalls: Hands Off!, LuLu, and Radio Silence.
 2018-12-14 13:20:01 +01:00
Michael Boelen 81f67584cb
[BOOT-5177] changed note to a hint 2018-12-14 13:17:46 +01:00
Katarina Durechova 2fb4ae4987 [SHLL-6230] Add etc/bash.bashrc.local to umask check (#595) 2018-12-13 12:13:27 +01:00
柯豪 760ed040c8 Fix MacOS Mojave detect pattern (#603) 2018-12-13 12:12:26 +01:00
Michael Boelen 28a2580a36
Detection added for macOS Mojave 2018-10-30 13:39:47 +01:00
Michael Boelen 5028aa2f70
Added SSH-7406 to detect OpenSSH version + condition based checking in SSH-7408 2018-10-23 17:14:47 +02:00
Michael Boelen d44f51a353
Added and changed description for TOOL-5160 2018-10-23 13:00:16 +02:00
Michael Boelen 361ad7d9da
Renamed variable 2018-10-23 12:58:40 +02:00
Michael Boelen de7d64a8a0
[TOOL-5160] OSSEC detection test 2018-10-23 12:58:22 +02:00
Wagner c94b97bd9e osdetection: ignore quotes in OS_ID (#593) 2018-10-23 12:16:36 +02:00
Michael Boelen 532c1a9bb6
Add TOMOYO tests 2018-10-18 11:01:30 +02:00
Katarina Durechova 631853a924 [BOOT-5260] Make "sulogin" more generic for systemd rescue.service (#590) 2018-10-17 14:21:30 +02:00
Deon Spengler 72796f5757 Added support for TOMOYO Linux Mandatory Access Control (#589) 
* Added binary for TOMOYO Linux

* Added support for TOMOYO Linux Mandatory Access Control
 2018-10-17 14:20:52 +02:00
Michael Boelen 823ebd8268
Replaced 'warning' status to 'found' 2018-10-17 14:16:54 +02:00
Jesus Christian Cruz Acono 414be240e8 Update tests_ports_packages (#586) 
change " " <- space for [[:blank:]] (to clean all pausible spaces)
 2018-10-05 10:23:19 +02:00
Przemysław Dąbek fd75c9fd0f typo fix in warning message (#585) 2018-10-05 10:19:23 +02:00
Michael Boelen c1f9417792
Initialise some variables for uploading 2018-10-05 10:17:26 +02:00
Michael Boelen c50db85aaa
[DBS-1882] added support for QNAP path 2018-09-19 13:29:03 +02:00
Michael Boelen c34c8265ad
Detection for QNAP devices 2018-09-19 13:28:46 +02:00
Michael Boelen 7e41339d95
Added QNAP device variable 2018-09-19 13:26:27 +02:00
Michael Boelen bf1e99f3cd
[DBS-1882] added /usr/local/redis/etc path 2018-09-19 13:23:27 +02:00
Michael Boelen f8697db25b
[TIME-3104] added more logging 2018-09-19 13:19:57 +02:00
Michael Boelen 7635d58fe3
Add TODO for BusyBox support 2018-09-17 11:47:07 +02:00
Michael Boelen f0c84e3d01
[KRNL-5788] ignore exception when no vmlinuz file was discovered 2018-09-17 11:46:36 +02:00
Michael Boelen b4e93d4fcc
[PKGS-7322] Updated solution text 2018-09-17 09:23:04 +02:00
Michael Boelen 1d52e57e45
Changed output for remote system audit 2018-09-08 11:22:28 +02:00
Michael Boelen d0f4a90c00
Grammar change 2018-09-06 07:55:58 +02:00
superpoussin22 2334bba492 avoid “can't shift that many” error (#571) 
got this error on debian auditing a docker file when testing an ubuntu Dockerfile when lynis try to find KEY_USED
 2018-09-06 07:48:40 +02:00
Wagner 47de2dc4bf fix opensuse os detection with os-release (#578) 2018-09-06 07:47:38 +02:00
superpoussin22 9fe6dcde76 detect if latest TAG is used (#575) 
that's always better to specify the version, latest desn't mean latest version 
it can be a suggestion if you prefer
 2018-08-28 08:45:04 +02:00
Michael Boelen 91c6314a1a
Minor cleanups 2018-08-27 14:51:28 +02:00
Michael Boelen 67f9d25461
Updated list of options and man page 2018-08-27 14:25:59 +02:00
Michael Boelen 4df28ca659
[PHP-2372] test all PHP files for expose_php and improved logging 2018-08-23 12:23:48 +02:00
Michael Boelen afaae50989
[BOOT-5104] extended logging 2018-08-22 16:38:54 +02:00
Michael Boelen b005effc32
[BOOT-5104] improved parsing parameters to init process 2018-08-22 16:33:50 +02:00
superpoussin22 3b537fd8e8 Missing quotes and better display (#570) 
for KEY_USED
 2018-08-15 13:56:56 +02:00
superpoussin22 6ba7bad34e add a few basic test (#572) 2018-08-15 13:54:56 +02:00
superpoussin22 6567b16730 add alpine support (#569) 
also initialize a few variables which wasn't initialyzed
 2018-08-15 13:47:17 +02:00
superpoussin22 839977c3f6 Update helper_audit_dockerfile (#568) 
To support LABEL maintainer="toto" and LABEL maintainer "toto"
correct syntax from docker is LABEL maintainer="xxxxxxxxxxxxxxx"
 2018-08-07 14:46:47 +02:00
Michael Boelen 7ebccab207
Updated URL for Lynis controls 2018-08-03 11:20:31 +02:00
Michael Boelen 3f9d1308bb
[SSH-7408] adjusted classification of root login with keys 2018-07-25 13:35:00 +02:00
Michael Boelen 4ad2ee4ba2
[BOOT-5104] added busybox to service managers 2018-07-25 13:24:11 +02:00
Michael Boelen 7181b94382
[KRNL-5677] Limit PAE and no-execute test to AMD64 hardware only 2018-07-25 12:25:00 +02:00
Michael Boelen 54e8020edb
[LOGG-2190] ignore /dev/zero and /dev/[aio] as deleted files 2018-07-25 12:13:06 +02:00
Bernhard R. Fischer c024ce31d8 added path information for correct detection of config files and modules of Apache 2.4 (standard installation from ports tree) on FreeBSD (#562) 2018-07-24 19:08:45 +02:00
gkrystev 13d631781c Fix for umask check in case of multiple files (#560) 
In case when umask is checked in multiple files and in some of the files except the last one a weak umask is found, the tool reports weak mask for the rest of the files. In the example bellow, the weak umask is only in /etc/csh.cshrc. However, the check /etc/profile is reported weak as well.

Expected:

Checking default umask values
Checking default umask in /etc/bashrc [ OK ]
Checking default umask in /etc/csh.cshrc [ WEAK ]
Checking default umask in /etc/profile [ OK ]
Actual:

Checking default umask values
Checking default umask in /etc/bashrc [ OK ]
Chhhhecking default umask in /etc/csh.cshrc [ WEAK ]
Chhhhecking default umask in /etc/profile [ WEAK ]
 2018-07-24 19:08:08 +02:00
Michael Boelen 81ea5df3b3
Fix: extra operand error 2018-07-05 15:57:19 +02:00
Michael Boelen 1bf09ad60a
[KRNL-5830] improved text in log 2018-07-02 14:52:29 +02:00
Michael Boelen 65190d214c
Move reporting of hostid2 to main section to ensure it is added to report 2018-06-28 16:29:16 +02:00
Michael Boelen 85feee25d5
Merge branch 'master' of https://github.com/CISOfy/lynis 2018-06-26 11:37:18 +02:00
Thomas Sjögren 8321da24c7 query DNS with FQDN (#555) 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2018-06-26 11:36:55 +02:00
Michael Boelen d80ec9d084
Removed 'update release' from help text 2018-06-26 11:35:02 +02:00
Michael Boelen 34813302b4
Changed number of Exim test and minor changes 2018-06-26 11:34:09 +02:00
Dave Vehrs c11177f98b Initial Tests for Exim (#539) 
* Added kernel.dmesg_restrict to sysctl checks.

* Extending Exim Tests, round 1

* fixed a few string comparisons

* fixed old test

* Cleans to Exim options tests
 2018-06-26 11:27:26 +02:00
aram535 1caf9ad12d Updated tests_ssh, removed extra ssh in the test (#557) 
Seems like in the patch there was an extra 'ssh' added in the command line, which is breaking the ssh tests.  Removing the ssh keyword... -T -C ... fixes the problem.
 2018-06-22 12:29:25 +02:00
Carsten Grohmann bf2462272e [TIME-3160] Extend check for step-tickers file for RedHat (#553) 
On RedHat if the step-tickers file exists but empty, the ntp start
script uses the servers listed in ntp.conf for the initial time
synchronization.
 2018-06-06 13:59:07 +02:00
Michael Boelen 84faf57b30
[SSH-7402] when SSH configuration has Match block, allow evaluation of full configuration 2018-05-14 08:29:30 +02:00
Michael Boelen 4efe5dd363
[DNS-1600] Test is disabled until domain is configured 2018-05-02 13:35:46 +02:00
Michael Boelen 235ec1c8d4
Merge branch 'master' of https://github.com/CISOfy/lynis 2018-05-02 13:19:32 +02:00
kisst 039945bde6 DNS-1600 Check for DNSSEC validation (#535) 2018-05-02 13:19:01 +02:00
Michael Boelen 08ee8136d5
Check for available parameter when using profile or plugindir 2018-05-02 12:48:05 +02:00
Matyáš Koc 7fd8189907 Update for PHP 7.2 (#546) 
Added php.ini paths used on Ubuntu with PHP 7.1/7.2
 2018-05-02 11:14:20 +02:00
Michael Boelen 170e427595
[NETW-2704] added support for local resolver used on Ubuntu 18.04 2018-05-01 19:57:23 +02:00
Michael Boelen 8077d24432
[PHP-2379] Suhosin test disabled 2018-04-23 11:06:36 +02:00
Michael Boelen 105befb2e9
[AUTH-9308] Made 'sulogin' more generic for systemd rescue shell 2018-04-23 11:01:18 +02:00
Michael Boelen e858233eb6
Merge branch 'master' of https://github.com/CISOfy/lynis 2018-04-23 10:57:59 +02:00
Thomas Sjögren c25910cb31 delayed is a legacy synonym (#531) 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2018-04-23 10:57:27 +02:00
Michael Boelen 40d6a853d5
Changed file permissions 2018-04-23 10:56:26 +02:00
John Eismeier c5dcbe8c31 Propose fix some typos (#538) 2018-04-23 10:54:44 +02:00
Oliver Mueller 7e0b300e27 Issue/288 (#530) 
* enhanced check "DBS-1816: mysql root user with empty password" to avoid false positived when authentication plugins are used

* fixed indent to spaces
 2018-03-22 09:07:48 +01:00
Michael Boelen 40282cde49
[TIME-3160] improvements to detect step-ticker file and entries 2018-03-10 12:26:09 +01:00
James White 1d982a26d0 Add remi repo php.ini paths (#529) 2018-03-10 12:07:29 +01:00
Michael Boelen a7845b6748
[NAME-4402] Enhanced test to filter out empty lines 2018-03-05 11:43:33 +01:00
Michael Boelen dabf7d3e80
Merge branch 'master' of https://github.com/CISOfy/lynis 2018-03-05 11:32:40 +01:00
Michael Boelen 211fb9117c
[CRYP-7902] - Do prevalidation for certificates before testing them 2018-03-05 11:32:23 +01:00
Jason Soto 94e4fb4bd9 Solved null byte bash warning (#523) 2018-03-05 11:19:57 +01:00
Michael Boelen 73a4e92a7b
[HRDN-7222] enhanced compiler permission test 2018-03-04 17:52:15 +01:00
Michael Boelen e210d7f3b6
[PKGS-7384] changes to detect yum-utils package and related tooling 2018-02-19 15:01:59 +01:00
Michael Boelen f0ef7fb785
Initial version of PackageIsInstalled function 2018-02-19 15:01:26 +01:00
Michael Boelen 5e9253e8f4
Add host identifier options and use manual configured setting in function 2018-02-16 19:29:08 +01:00
mslifcak c170f1fc0a Pin db sync (#519) 
* fix testname in one Register and four comments

* remove db dup MAIL-8816; add db AUTH-9489 BOOT-5261 CORE-1000 FILE-6363 FILE-6439 KRNL-5831 MAIL-8817 SINT-7010 USB-3000

* fix description PLGN-3856
 2018-02-09 12:37:10 +01:00
Michael Boelen c53072e31e
Ensure a parent directory with binaries is scanned - issue #517 on GitHub 2018-02-06 10:45:41 +01:00
Michael Boelen a5cbc12734
Include location when uploading data 2018-02-06 10:44:30 +01:00