tyler.durden
/
lynis
mirror of https://github.com/CISOfy/lynis.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
3,340 Commits 2 Branches 62 Tags 17 MiB
Commit Graph

2186 Commits

Author SHA1 Message Date
Michael Boelen f0b7f9159d
Merge pull request #1069 from Varbin/1065-opensolaris-invalid-characters 
Use `od` only for displaying invalid characters
 2020-11-09 10:36:37 +01:00
Josh Soref 6435aeba8a spelling: unknown 
Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
 2020-11-08 23:56:31 -05:00
Josh Soref 9d0e1938aa spelling: therefore 
Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
 2020-11-08 23:56:31 -05:00
Josh Soref 7157eb45f0 spelling: suggestions 
Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
 2020-11-08 23:53:09 -05:00
Josh Soref f22e192838 spelling: successful 
Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
 2020-11-08 23:53:09 -05:00
Josh Soref 2b26f13bed spelling: params 
Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
 2020-11-08 23:53:09 -05:00
Josh Soref f14e12f688 spelling: installed 
Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
 2020-11-08 23:38:46 -05:00
Josh Soref eadd2a8ed8 spelling: indentation 
Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
 2020-11-08 23:38:46 -05:00
Josh Soref ab1aa322ac spelling: ignore 
Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
 2020-11-08 23:38:46 -05:00
Josh Soref a007ad2fe0 spelling: explicitly 
Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
 2020-11-08 23:38:46 -05:00
Josh Soref b0a5490a2e spelling: contains 
Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
 2020-11-08 23:38:46 -05:00
Josh Soref 08c8d1b8f3 spelling: authentication 
Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
 2020-11-08 23:35:46 -05:00
Josh Soref acf7943936 spelling: ambiguous 
Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
 2020-11-08 23:28:56 -05:00
Simon Biewald 8895eccea2 Use correct character class 
Signed-off-by: Simon Biewald <simon@fam-biewald.de>
 2020-10-31 17:36:06 +00:00
Simon Biewald 3e3589291f Use `od` only for displaying invalid characters 
The first od is removed, the second time is moved to right before echoing
the characters. On certain OpenSolaris distributions, `od` always outputs
spaces, even if the input is empty. The spaces would have been converted
to !space!, thus Lynis detected invalid characters / old style configuration.

Resolves cisofy/lynis#1065.

Signed-off-by: Simon Biewald <simon@fam-biewald.de>
 2020-10-29 00:06:10 +00:00
Simon Biewald 25278b6b38 Add support for Solaris services, run BOOT-5184 there 
The Solaris IPS service manager (svcs) is now detected, and services
managed with it are enumerated.

Test BOOT-5184 now runs on Solaris, too, as SysV init scripts are
supported as well, even with IPS. SysV Init has been the traditional
init system on Solaris.
 2020-10-25 21:51:12 +00:00
Simon Biewald 1f3d0956a7 Test if loghost is not localhost 
On Solaris, the name loghost can be used to point to remote log servers.
By default loghost is configured to 127.0.0.1, logging to the local
machine.

Thus a new test - LOGG-2153 - is created to test if loghost is not
localhost and LOGG-2154 is modified to ignore @loghost lines if loghost
is localhost.
 2020-10-25 20:28:19 +00:00
Simon Biewald e917269d01 Reduce tr hostname checking expression 
Solaris' tr does not support full regular expressions.
 2020-10-25 20:25:31 +00:00
Simon Biewald 1a75d66ad9 Use netstat on Solaris to gather listening ports 2020-10-25 20:21:33 +00:00
Simon Biewald 8ee60cea35 Test if /etc/grub.d is a directory, instead always true 2020-10-25 20:14:08 +00:00
Michael Boelen 499cf1cdb9
Small code enhancements 2020-10-25 18:48:42 +01:00
Michael Boelen e66709e13b
Merge pull request #1011 from Varbin/986-sysstat-systemd 
[ACCT-9626] Detect sysstat systemd unit
 2020-10-25 18:47:01 +01:00
Michael Boelen 43d0c6a8fd
Merge branch 'master' into add-suricata-ids-ips-test 2020-10-25 12:50:25 +01:00
Michael Boelen bd6e1d5d39
Include AUTH-9284 and minor changes 2020-10-22 14:17:01 +02:00
Michael Boelen e67f786caa
Merge pull request #1009 from danielorihuela/feature/get-info-on-locked-accounts 
[AUTH-9284] Feature: gather locked accounts info
 2020-10-22 14:13:34 +02:00
Michael Boelen 1fe12c0023
Merge pull request #1008 from kolenichsj/master 
Alpine Improvements
 2020-10-22 13:28:05 +02:00
Michael Boelen 01c970f73f
Merge pull request #1044 from delscate/master 
Fix wc and head cmd when using busybox
 2020-10-22 13:24:56 +02:00
Thomas Sjögren 4671fb7fb9 add Synology Antivirus Essential malware scanner 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2020-10-22 12:10:01 +02:00
Michael Boelen 7930644b6c
Merge branch 'master' into fix_nginx_parser 2020-10-22 08:43:44 +02:00
Stéphane 67d04f2536
Add translate function for all sections 
+ add EN and FR up to date languages files
 2020-10-22 00:13:42 +02:00
Michael Boelen 4aeb244789
Merge pull request #1048 from konstruktoid/pgrep 
require pgrep before usage
 2020-10-21 15:08:21 +02:00
Michael Boelen 8e07c3e9dc
Merge pull request #1013 from Jimver/timesyncd_fix 
[TIME-3185]: Change timesyncd synchronization file
 2020-10-21 15:02:03 +02:00
Michael Boelen 71c474f455
[KRNL-5830] ignore rescue kernel on systems such as CentOS 2020-10-21 14:40:30 +02:00
Thomas Sjögren 3124a04ce9 require pgrep before usage 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2020-10-21 11:27:44 +02:00
Michael Boelen 92df49d08e
Merge pull request #973 from igloonet/fix/functions-parse-nginx-abs-path 
Support absolute paths in nginx includes and fix ls warning on empty directories
 2020-10-20 13:38:08 +02:00
Michael Boelen 4a99f3bdad
Merge pull request #1017 from Varbin/1014-flatcar-detection 
Add support for Flatcar Container Linux
 2020-10-20 13:14:18 +02:00
Michael Boelen 551429d85b
Merge pull request #1042 from steph78630/master 
Add missing constants (CISOfy #1035)
 2020-10-20 13:13:00 +02:00
Michael Boelen 3dd8fba196
Merge pull request #1043 from konstruktoid/mageia 
Mageia got /etc/os-release and add Mageia EOL dates
 2020-10-20 13:11:54 +02:00
Michael Boelen 77b93ae73d
Added SLES detection via /etc/os-release 2020-10-20 13:06:40 +02:00
Thomas Sjögren bc85cbb0ba add Void Linux 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2020-10-20 11:49:05 +02:00
Fabien Lehoussel ae7be7599e Fix head cmd with busybox 2020-10-19 15:09:43 +02:00
Fabien Lehoussel 537624da15 Fix wc command with --lines argument to be used with busybox 2020-10-19 15:02:48 +02:00
Thomas Sjögren 68e8ef862e mageia got /etc/os-release 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2020-10-19 12:38:59 +02:00
Thomas Sjögren f0ded6c2a3 add Mageia EOL dates and grep /etc/mageia-release 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2020-10-19 12:07:16 +02:00
Stéphane af57959d6a
Add missing constants 
From #1035 issue
 2020-10-19 00:41:11 +02:00
Michael Boelen 61c6d5df8d
[PKGS-7410] Don't show exception if no kernels were found on the disk 2020-10-17 13:40:09 +02:00
Michael Boelen 6238f5bc8f
Define RHEL as 'RHEL' 2020-10-17 13:26:11 +02:00
Michael Boelen 4a21fd9a5c
Merge branch 'master' into master 2020-10-17 13:23:08 +02:00
Michael Boelen 791800f95d
Added Zorin OS detection 2020-10-17 13:15:06 +02:00
Michael Boelen 760460528b
Added variable 2020-10-17 12:55:20 +02:00
Michael Boelen ba1cff941f
Improved detection of kernel by ignoring known incorrect values 2020-10-16 13:02:01 +02:00
Timo Sigurdsson 15799cf57e Add test for Suricata IDS/IPS 
Commit 94e0a4e added a test for the Suricata binary, but the result appears to
be used nowhere. Add a proper test for an active Suricata daemon in the
IDS/IPS tooling section.

Signed-off-by: Timo Sigurdsson <public_timo.s@silentcreek.de>
 2020-10-11 02:25:37 +02:00
Sergey Zhemoitel 85d36db113 Add ROSA Linux detection 2020-10-08 23:06:35 +03:00
Michael Boelen c6bd185fd7
Resolved merge conflict 2020-10-02 11:05:04 +02:00
Michael Boelen 5e0a4e685d
Added CloudLinux 2020-10-02 10:57:58 +02:00
Michael Boelen 768d8a62e8
Updated log 2020-10-02 10:55:36 +02:00
Michael Boelen a1f794cc75
Don't provide suggestion to install pseudo rng at this moment 2020-09-03 10:54:21 +02:00
danielorihuelarodriguez@gmail.com 5ca6b7ed79 feature: take into account LK 
Some distributions like CentOS 8 contains "LK" instead of "L" for
locked users.
 2020-08-28 23:19:37 +02:00
Simon Biewald 93a71539d5
Add support for Flatcar Container Linux 
Fixes cisofy/lynis#1014.

Flatcar is a for of CoreOS. Thus the variable LINUX_VERSION_LIKE
(introduced with #1004) for Flatcar is CoreOS.
 2020-08-27 21:49:17 +02:00
Jimver 554dd2d5e9
Better log message 2020-08-27 12:57:22 +02:00
Jimver e6891feeb4
Remove newline 2020-08-27 12:52:59 +02:00
Jimver cd94da3449
Use shell wildcard expansion now 2020-08-27 12:50:48 +02:00
Jimver 6f6e21add2
Fix wildcard expansion, absolute path handling and output to stderr 2020-08-26 16:38:35 +02:00
Jim 84fd612c91
Add check for other clock files for earlier systemd versions 2020-08-24 17:59:06 +02:00
Jim dabac5bf89
Change timesync sync file, fixes #1012 2020-08-23 22:41:19 +02:00
danielorihuelarodriguez@gmail.com c857ee7cf2 fix: take into account unlocked system accounts 2020-08-23 19:54:59 +02:00
Simon Biewald bd7131f6db Detect sysstat systemd unit 2020-08-19 20:47:09 +00:00
Simon Biewald 4a03c61343 Check LINUX_VERSION_LIKE in various tests 
This affects:
BOOT-5180, KRNL-5622, KRNL-5788, PKGS-7388, PKGS-7390, PKGS-7394,
PKGS-7366, and PKGS-7420.
 2020-08-15 16:44:34 +01:00
Simon Biewald 3abc39598a Add LINUX_VERSION_LIKE for variations of Linux distribution 
Real Ubuntu and Debian do not have LINUX_VERSION_LIKE set. They are
different enough to consider them as a different distribution.

Tests targetting any of distributions based of those two should check
both, LINUX_VERSION and LINUX_VERSION_LIKE.
 2020-08-15 16:29:20 +01:00
danielorihuelarodriguez@gmail.com 6bad6b058b feature: gather locked accounts info 2020-08-10 19:27:43 +02:00
Steve Kolenich f65f4d011b Improve detecting kernel version on disk 
Improve handling of kenrel files
/boot/vmlinuz-linux-lts
/boot/vmlinuz-linux
/boot/vmlinuz-lts
by updateing RegEx and adding elif
this corrects issue where version is identified
as 'linux' or 'lts' causing false report that a
reboot is needed
 2020-08-10 12:27:30 -04:00
Simon Biewald 529bcb2a60
Test for LINUX_VERSION before setting it again 
Before parsing /etc/debian-release and /etc/lsb-release,
it is now checked if the variable LINUX_VERSION is already set.

This fixes cisofy/lynis#1003, but has some side effects.

This will affects Ubuntu and Debian based distributions, like:
 - Pop!_OS (Ubuntu based)
 - Kali (Debian Based)
 - Raspbian
 - ...

Unfortunately this will likely skip/brake a few tests for those
distributions, as they are not considered to be Ubuntu or Debian
anymore. Linux Mint was already detected properly, but at least some
tests already had support for them (will other tests for Ubuntu are
skipped).

Those are tests I identified that will be skipped incorrectly now:
 - BOOT-5180: Check for Linux boot services (Debian style)
     It was already skipped on Linux Mint.
 - KRNL-5622: Check default run level on Linux machines
     This will only be skipped if systemd is not installed. It is
     already skipped on Linux Mint in this case.
 - KRNL-5788: Checking availability new kernel (sic!)
     This was already skipped on Linux Mint.
 - PKGS-7388: Check security repository (...)
     It will now be skipped for all distributions that do use the
     Debian / Ubuntu security repositories but are not detected as such
     anymore (like Pop!_OS). It will now be correctly skipped on
     Raspbian. This test was already aware of Linux Mint.
 - PKGS-7390: Check Ubuntu database consitency
     I am not sure why this test is Ubuntu only, thus it already
     skipped on Debian and Mint.
 - PKGS-7394: Check Ubuntu upgradeable packages
     I am not sure why this is for Ubuntu only, too.
     I think this should be feature tested instead, as
     apt-show-versions can be installed on any Debian based
     distribution as well..
 - PKGS-7366: Checking if debsecan is installed (...)
     While it may be correct to skip, debsecan remains usefull if
     package versions, patches and vulnerability fixes are very close
     on Debian itself.
     It is the correct behaviour to not do this test on Ubuntu and
     Ubuntu based distributions, as Canonical does not provide the
     required databases.
 - PKGS-7420: (Autoupdates)
     Linux Mint was already skipped on this test.

I think this could be solved by introducing a variable like
LINUX_VERSION_PARENT. On Linux Mint it would be set to Ubuntu, on e.g.
Kali Linux the veriable has the value Debian. Tests can use this variable
to check if it is broadly applicable, and then check if the specific
distribution is excluded.
 2020-08-08 01:39:13 +02:00
Michael Boelen 792a202934
Merge pull request #913 from topimiettinen/check-der-certs 
[CRYP-7902] Check also certificates in DER format
 2020-08-07 11:54:39 +02:00
Michael Boelen 4206177081
Merge pull request #981 from Varbin/openntpd-equals 
[TIME-3180, TIME-3181, TIME-3182] Fix OpenNTPD tests
 2020-08-07 11:50:22 +02:00
Michael Boelen 30e0fed04f
Merge pull request #993 from Varbin/more-cron-ntp 
[TIME-3104] Find more time synchronization commands
 2020-08-07 11:46:51 +02:00
Michael Boelen 21311364e7
Merge pull request #980 from Varbin/953-timesyncd-no-dbus 
Fix timesyncd detection on systems without dbus.
 2020-08-07 11:44:06 +02:00
Michael Boelen 343e9bdc1c
Merge pull request #974 from igloonet/feature/warn-slow-settting 
Command line option for slow test threshold
 2020-08-07 11:39:39 +02:00
Steve Kolenich 33d8e8e00b Adding Alpine Linux to OSDetection 2020-08-06 20:15:18 -04:00
Michael Boelen 30c8a92594
Merge pull request #994 from konstruktoid/issue992 
add Microsoft Defender ATP, malware scanner
 2020-08-05 11:49:32 +02:00
0ri0n f988e573db
Add missing PHP 7.4 check for BSD 2020-07-27 13:59:46 -04:00
0ri0n 9b388518de
Add PHP 7.4 Detection Paths 2020-07-26 23:33:34 -04:00
Thomas Sjögren baf5f7ad4d add Microsoft Defender ATP, malware scanner 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2020-07-21 23:56:47 +02:00
Simon Biewald e27208a342
use STATBINARY, put filename in variable 2020-07-10 00:48:12 +02:00
Simon Biewald 7ba220811f
use = instead of == 2020-07-10 00:41:45 +02:00
Simon Biewald 092fe08c40
shellcheck: check exit code directly 2020-07-10 00:40:36 +02:00
Simon Biewald d4639b3c6a
find more cron ntp clients, iterate over cron files with glob 2020-07-10 00:29:35 +02:00
Simon Biewald 9107867fa1
use correct regex and comparison to match peers 2020-07-09 18:57:01 +02:00
Simon Biewald df7c6257a5
compare correct stuff in openntpd tests 
I accidentially compared rubbish in the openntpd tests,
thus they were not executed at all.
Additionally, == was used instead of =.
 2020-07-09 18:41:09 +02:00
Simon Biewald 38b6105c60
add new test to test database 2020-07-09 18:27:02 +02:00
Simon Biewald b2be7c160e
detect and test for timesyncd w/o working timedatectl 
On systems without dbus timedatectl does not work.

Thus it is checked if timesyncd currently runs and when
/run/systemd/timesyncd/synchronized was last modified.
Timesyncd touches this file on any sucessfull synchronization.
This is documented in systemd-timesyncd(8).

The new test for successfull documentation has the id TIME-3185.
 2020-07-09 18:19:35 +02:00
Kepi a2e752a8db [functions] ParseNginx: Ignore empty included wildcards 
Its ok to have empty directories included. We should not output errors with
lsbinary unable to find anything there.
 2020-07-07 15:38:19 +02:00
Kepi de18ddc2c0 [functions] ParseNginx: Support include on absolute paths 
Includes can be absolute paths too. This is quick fix counting on fact that
absolute paths have slash at start.
 2020-07-07 15:37:56 +02:00
Michael Boelen 9165cb76fa
Merge pull request #972 from igloonet/fix/FILE-6425-no-modprobe-d 
[FILE-6430] Don't grep nonexistant modprobe.d files
 2020-07-07 12:29:11 +02:00
Michael Boelen 6eae35e564
Fix for too short IDs due to hexdump output missing leading or trailing zeroes 2020-07-06 09:26:27 +02:00
Kepi f94817f66f Command line option for slow test threshold 
IMHO it should be OK to run long tests if we count with it.

Example:

    lynis audit system --slow-warning 300

Will warn when test takes longer than 300 seconds, instead of default 10.
 2020-07-02 23:42:28 +02:00
Kepi 9d52395952 [FILE-6430] Don't grep nonexistant modprobe.d files 
We don't want to grep files in modprobe.d when dir is empty. Uses same approach
as in USB-1000.
 2020-07-02 18:22:03 +02:00
Michael Boelen ea38da3439
Add /etc/os-release detection of Linux Mint 2020-06-28 14:58:23 +02:00
Chris Lynch 5b11c468eb Fix for Issues #964 - Pop!_OS added to osdetection 2020-06-27 10:44:31 +01:00
Michael Boelen 96e7ba5aaa
Activate test for all operating systems, remove function keyword 2020-06-27 10:21:24 +02:00
Wes Price dcf9bd0938 [AUTH-9229] resolving syntax error on MacOS Catalina 2020-06-26 12:29:40 -10:00
Michael Boelen e6c6fdc9a8
[AUTH-9229] Undo escaping exclamation mark and disabling test for AIX and macOS 2020-06-26 10:24:37 +02:00
Michael Boelen 871f95cbf3
Use BSD style format when calling stat 2020-06-26 09:53:23 +02:00
Michael Boelen 9f0bbf52ea
[FIRE-4534] set initial state 2020-06-26 09:44:39 +02:00
Michael Boelen 68c6bdff16
[AUTH-9229] escaped exclamation mark 2020-06-26 09:34:40 +02:00
Michael Boelen 8a5b2a4099
Merge pull request #920 from jsrc27/Fix-KRNL-5730 
Fix KRNL-5730 to properly check /proc/config.gz
 2020-06-24 09:21:32 +02:00
Michael Boelen c707b7d100
[MALW-3280] added additional BitDefender process 2020-06-24 08:09:12 +02:00
Michael Boelen 36f86d76c4
[AUTH-9229] added option to look for LOCKED accounts 2020-06-23 13:57:14 +02:00
Michael Boelen 610f70d5aa
[INSE-8312] corrected text 2020-06-23 13:56:13 +02:00
Alexander Lackner d7870e3f5c Added macOS Big Sur (11.0) 2020-06-22 20:44:58 +02:00
Michael Boelen b980223d42
Merge pull request #958 from Steve8291/patch-2 
fix stderr output from cryptsetup status
 2020-06-22 14:26:47 +02:00
Michael Boelen 75738ceeab
Fix for language detection, unset LANG as right place 2020-06-22 10:25:02 +02:00
Michael Boelen a2f8bdc5f8
[BOOT-5122] presence check for grub.d added 2020-06-22 10:18:01 +02:00
Steve8291 c02ce49ce3
fix stderr output from cryptsetup status 
Redirected stderr to /dev/null to silence output of `cryptsetup status /swap.img`
This was causing error output from my cron script.
Otherwise, if the swap file is not encrypted then the following error will be printed:
`Device swap.img not found`
 2020-06-21 10:47:28 -04:00
Michael Boelen 6d9b530bf4
[KRNL-5830] improved detection for non-symlinked kernel on disk 2020-06-21 13:14:08 +02:00
Michael Boelen aebd5ed9b3
Remove unneeded line in log to prevent double entry 2020-06-21 12:57:05 +02:00
Michael Boelen b2350f2f6c
Add log entry to help troubleshooting users that still use old-style configuration entries in profile 2020-06-21 12:52:50 +02:00
Michael Boelen 6a9e94befb
Reordered items, added Kali Linux, improved exception message 2020-06-19 11:10:22 +02:00
Michael Boelen 3b9eda53cc
CVE-2019-13033 - Discovered by Sander Bos 2020-06-18 12:36:04 +02:00
Michael Boelen 2398c74783
Merge pull request #941 from iain-cuthbertson-siftware/bugfix/allow-mixed-case-hostnames 
Adds uppercase option to the hostname validation regex
 2020-06-02 18:50:35 +02:00
Michael Boelen 05ea9f873d
[FILE-6330] corrected description 2020-06-02 16:34:35 +02:00
Iain Cuthbertson 0b8c775a01 Adds uppercase option to the hostname validation regex 2020-06-02 15:33:32 +01:00
Michael Boelen b285623ac2
Remove double space 2020-06-02 16:30:43 +02:00
Michael Boelen 9fdfc062dd
Add Gentoo 2020-06-02 14:09:49 +02:00
Aditya Shastri 2b0a0ba2e1 Addedd OS detection for Oracle Linux 2020-05-14 20:51:11 -07:00
Jeremias Cordoba f081a9ed7e Fix KRNL-5730 to properly check /proc/config.gz 
When KRNL-5728 locates the kernel config it does not properly set LINUXCONFIGFILE
if config is found as /proc/config.gz. This causes KRNL-5730 to fail due to missing prereqs,
despite a kernel config existing.

Signed-off-by: Jeremias Cordoba <js.cordoba8321@gmail.com>
 2020-05-04 15:51:03 -07:00
Topi Miettinen fcdc07f8d9
[CRYP-7902] Check also certificates in DER format 
Check also certificates in DER (*.cer, *.der) format. Add
/etc/refind.d/keys to list of certificate paths.

Signed-off-by: Topi Miettinen <toiwoton@gmail.com>
 2020-04-25 00:06:58 +03:00
Thomas Sjögren 51dfc34663 accept more restrictive file permissions 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2020-04-22 10:34:58 +02:00
Michael Boelen ce3c80b44f
Merge pull request #883 from topimiettinen/check-encrypted-swap-devices 
Check if system uses encrypted swap devices
 2020-04-12 16:22:22 +02:00
Topi Miettinen de848cb76a
Check for registered non-native binary formats 
Examine /proc/sys/fs/binfmt_misc (Linux) for additional registered
binary formats. Those are probably emulated and their emulation could
be less tested, more buggy and more vulnerable than native binary
formats, so they should be disabled when not needed.

Signed-off-by: Topi Miettinen <toiwoton@gmail.com>
 2020-04-10 12:54:48 +03:00
Michael Boelen a166691199
Merge pull request #882 from topimiettinen/check-package-certificates 
[CRYP-7902] Check also certificates provided by packages
 2020-04-09 11:01:39 +02:00
Michael Boelen 1163648d89
Merge pull request #896 from Schmuuu/feature/raspi-detect-required-reboot 
extended test KRNL-5830 to detect required reboots on Raspbian
 2020-04-09 09:58:48 +02:00
Michael Boelen 0019cf3297
Merge pull request #904 from bginsbach/krnl-5677 
KRNL-5677 use platform instead of preqs-met
 2020-04-09 09:55:28 +02:00
Brian Ginsbach 95b1ae044b KRNL-5677 use platform instead of preqs-met 2020-04-08 15:55:45 -05:00
Martin Churchill e4d491d574
[CRYP-7902] Fixes issue #902 
[CRYP-7902] Checks for SSL_CERTIFICATE_PATHS_TO_IGNORE fails to ignore sub-directories #902
 2020-04-08 10:02:18 +01:00
Michael Boelen be75a089a7
[PROC-3802] added package manager routine as dependency 2020-04-07 10:53:39 +02:00
Michael Boelen c368846a08
Added support to require a detected and known package manager 2020-04-06 20:47:45 +02:00
Michael Boelen 9da0665929
[NETW-2400] Improved logging 2020-04-04 15:56:00 +02:00
Michael Boelen 032bb6988e
Added new test NETW-2400 2020-04-04 15:28:04 +02:00
Michael Boelen 4680f94d11
[NETW-2706] allow usage of systemd-resolve and resolvectl, improved screen output and logging 2020-04-03 14:02:52 +02:00
Michael Boelen 5288479296
Merge pull request #899 from bginsbach/auth-9218 
AUTH-9218 Improvements
 2020-04-03 09:48:39 +02:00
Michael Boelen f92fe4e03f
Merge pull request #898 from bginsbach/auth-9268 
AUTH-9268 Add DragonFly
 2020-04-03 09:45:21 +02:00
Michael Boelen f25ffdbb1f
[NETW-2706] redirect errors to stderr 2020-04-03 09:40:30 +02:00
Brian Ginsbach ac7ad92f22 AUTH-9218 add NetBSD and OpenBSD 
All of the BSDs have `/etc/master.passwd`.
 2020-04-02 20:09:34 -05:00
Brian Ginsbach 50a60fed87 AUTH-9218 add requires root 
The `/etc/master.passwd` file on BSD systems is (or should be) read/write
root only. Skip the test if not being run as root.
 2020-04-02 20:09:15 -05:00
Brian Ginsbach 6308682cae Combine AUTH-9218 and AUTH-9489 
These two tests are essentially identical. There is no need separate
the DragonFly and FreeBSD tests. This will make it easier to add
support for other BSD systems.
 2020-04-02 20:09:01 -05:00
Brian Ginsbach 4bcd695428 AUTH-9268 Add DragonFly 
DragonFly also supports PAM. Rework to use the `--os` option of `Register`
rather than `--preqs-met` as the former can support a list.
 2020-04-02 15:59:11 -05:00
Kristian S 52b72e7b0f extended test KRNL-5830 to detect required reboots on Raspbian 2020-04-02 21:45:40 +02:00
Michael Boelen 38a5c2cb79
Added new test PHP-2382 2020-04-02 19:46:58 +02:00
Michael Boelen 6eb204a85d
[PRNT-2308] check for Port statement and minor adjustments to test 2020-04-02 14:45:44 +02:00
Michael Boelen ca6fc134dd
Renamed spools to spoolers 2020-04-02 13:20:06 +02:00