tyler.durden
/
lynis
mirror of https://github.com/CISOfy/lynis.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
3,612 Commits 2 Branches 62 Tags 17 MiB
Commit Graph

57 Commits

Author SHA1 Message Date
Michael Boelen 4b912ab357
Merge pull request #1399 from xnoguer/issue-1319 
Added tests considering Wazuh for file integrity and tooling
 2023-09-13 16:04:04 +02:00
Michael Boelen 20a6c2b774
Merge pull request #1403 from xnoguer/fix_test_names 
Fixing missing or erroneous test number comments
 2023-09-13 16:00:02 +02:00
Xavier Noguer 1e70cd0b92 Fixing missing or erroneous test number comments 2023-05-30 08:04:36 +00:00
Xavier Noguer 9f36e17ee0 Added tests considering Wazuh for file integrity and tooling 2023-05-23 15:07:42 +00:00
xnoguer 6f1797fb59 Using grep -E 2023-04-23 17:38:21 -04:00
Michael Boelen da1c1eca10
Preparation for release 3.0.3 2021-01-07 15:22:19 +01:00
Michael Boelen 43d0c6a8fd
Merge branch 'master' into add-suricata-ids-ips-test 2020-10-25 12:50:25 +01:00
Stéphane 67d04f2536
Add translate function for all sections 
+ add EN and FR up to date languages files
 2020-10-22 00:13:42 +02:00
Timo Sigurdsson 15799cf57e Add test for Suricata IDS/IPS 
Commit 94e0a4e added a test for the Suricata binary, but the result appears to
be used nowhere. Add a proper test for an active Suricata daemon in the
IDS/IPS tooling section.

Signed-off-by: Timo Sigurdsson <public_timo.s@silentcreek.de>
 2020-10-11 02:25:37 +02:00
Michael Boelen 38310223a6
Updated date/year 2020-03-20 14:50:25 +01:00
Michael Boelen 09f29a5e64
Code style improvement: quote argument 2019-12-18 12:17:46 +01:00
Michael Boelen 98017c78ca
Implemented several code style improvements 2019-09-17 14:04:30 +02:00
Michael Boelen 61404c1bf3
[TOOL-5160] added support for OSSEC agent daemon 2019-08-28 15:36:59 +02:00
Michael Boelen a4d15f77b5
Differentiate between a discovered binary and running process 2019-07-16 19:10:04 +02:00
Michael Boelen fa8bad20db
Use -n instead of ! -z 2019-07-16 13:20:30 +02:00
Michael Boelen 66066ae226
Changed year and preparing for new release 2019-01-31 14:47:35 +01:00
Michael Boelen d44f51a353
Added and changed description for TOOL-5160 2018-10-23 13:00:16 +02:00
Michael Boelen 361ad7d9da
Renamed variable 2018-10-23 12:58:40 +02:00
Michael Boelen de7d64a8a0
[TOOL-5160] OSSEC detection test 2018-10-23 12:58:22 +02:00
Michael Boelen 66f8cb2441
Changed year 2018-01-11 09:50:26 +01:00
Michael Boelen 764c18c218
Code enhancements, improve detection for Puppet 2017-10-29 10:52:42 +01:00
Michael Boelen c0a6aaf855
[TOOL-5002] performance enhancement to reduce number of dirs/files to check 2017-08-17 20:10:51 +02:00
Michael Boelen 5be81289ee
[TOOL-5002] rewrite of Ansible detection 2017-08-17 20:06:41 +02:00
Michael Boelen 43228c2ca7
[TOOL-5002] Ansible detection added 2017-08-17 14:20:54 +02:00
Michael Boelen 4ecb9d4d05
[bulk change] cleaning up, code enhancements, initialization of variables, and new tests 2017-04-30 17:59:35 +02:00
Michael Boelen 70ea29483a
Code enhancements 2017-04-23 20:06:54 +02:00
Michael Boelen e14376cdab Minor cleanups 2017-03-27 12:23:27 +02:00
Michael Boelen b306ab891f Add additional check for Puppet tool 2017-03-27 12:21:42 +02:00
hlein 62d9a18861 A bunch of Solaris compatibility tweaks (#367) 
* Work around Solaris' /bin/sh not being POSIX.

If /usr/xpg4/bin/sh is present, we are (definitely?) on Solaris or
a derivative, and /bin/sh cannot be trusted to support POSIX, but
/usr/xpg4/bin/sh can be.  Exec it right away.

* Work around Solaris 'which' command oddity.

Solaris' (at least) 'which' command outputs not-found errors to STDOUT
instead of STDERR.

This makes "did we get any output from which" checks insufficient;
piping to grep -v the "no foo in ..." message should work.

Note that this patch set includes all such uses of which that I could
find, including ones that should never be reached on Solaris (i.e. only
executed on some other OS) just for consistency.

* Improved alternate-sh exec to avoid looping.

* Solaris' /usr/ucb/echo supports -n.

* Check for the best hash type that openssl supports.

When using openssl to generate hashes, do not assume it supports
sha256; try that, then sha1, then give up and use md5.

* Solaris does not support sed -i; use a tempfile.

* Use the full path for modinfo.

When running as non-root, /usr/sbin/ might not be in PATH.
include/tests_accounting already calls modinfo by full path, but
include/tests_kernel did not.

* Solaris find does not support -maxdepth.

This mirrors the logic already in tests_homedirs.

* Use PSBINARY instead of ps.

* Work around Solaris' date not supporting +%s.

Printing nawk's srand value is a bizarre but apparently once popular
workaround for there being no normal userland command to print
UNIX epoch seconds.  A perl one-liner is the other common approach,
but nawk may be more reliably present on Solaris than perl.

* Revert to using sha1 for HOSTID.

* Whitespace cleanup for openssl hash tests.
 2017-03-08 16:24:24 +00:00
hlein b595cc0fb5 Various cleanups (#363) 
* Typo fix.

* Style change: always use $(), never ``.

The Lynis code already mostly used $(), but backticks were sprinkled
around.  Converted all of them.

* Lots of minor spelling/typo fixes.

FWIW these were found with:

  find . -type f -print0 | xargs -0 cat | aspell list | sort -u | egrep '^[a-z]+$' | less

And then reviewing the list to pick out things that looked like
misspelled words as opposed to variables, etc., and then manual
inspection of context to determine the intention.
 2017-03-06 07:41:21 +00:00
Michael Boelen 34ba1ba184 Changed date and preparing for release 2017-02-09 13:35:40 +01:00
Florian Heigl 343eb5304f Add support for Rudder configuration management (#284) 
Rudder (http://www.rudder-project.org) is a config management tool with automatic reporting / dynamic policy adjustment.
The "dynamic" bit happens using FusionInventory.
The config management part uses CFEngine under the hood.
I don't know if hw/os inventory tools also matter in the Lynis report, if yes, I can look into that too.

This patch extends the path searched to detect a running CFEngine agent (and fileserver daemon)
Since the agent is the same, this should immediately detect it.
 2016-09-26 10:34:38 +02:00
Michael Boelen 82ededed31 Style improvements and command replacements 2016-09-08 21:04:17 +02:00
Michael Boelen 679e8c628e Use detected binaries 2016-08-25 15:31:33 +02:00
Michael Boelen f1dc6be5bf Start of refactor fail2ban tests and splitting them into different test areas 2016-07-30 12:06:30 +02:00
Michael Boelen 2f4c854ba7 Rename of categories, introduction of groups 2016-07-24 17:22:00 +02:00
Michael Boelen 983e293eb1 Replaced text strings to allow translations 2016-06-18 11:14:01 +02:00
mboelen 42607ceaf5 Replaced old function names with new ones 2016-04-28 12:31:57 +02:00
mboelen 9e312f5a5f Replaced functions and minor cleanups 2016-04-28 09:15:54 +02:00
mboelen 1205511c9d Change of variables for IDS/IPS and layout changes 2016-04-15 20:07:20 +02:00
mboelen e86f0522bf [TOOL-5102] Imported Fail2ban support and minor improvements 2016-04-15 14:51:53 +02:00
Eric Light 9c2229483f Replaced call to iptables with $IPTABLESBINARY (#167) 
* Replaced call to iptables with $IPTABLESBINARY

* Check for iptables before checking Fail2Ban chain
 2016-04-15 14:18:11 +02:00
Eric Light 3b3a852122 Added tooling tests for Fail2Ban (#162) 
* Added binary for Fail2Ban

* Added test for Fail2Ban (presence and configuration)

* Added test to check for enabled Fail2Ban jails

* Added test to confirm at least one enabled jail. Fixed regex.

* Added check to confirm iptables has a fail2ban chain
 2016-04-13 08:12:26 +02:00
mboelen 8cc47819b4 Removed copyright line, added description 2016-03-13 16:03:46 +01:00
mboelen 6197ac08e7 Added link to website, blog, github 2016-03-13 16:00:39 +01:00
mboelen d16b38eff8 Rename of logtext and report functions, upcoming year change 2015-12-21 21:17:15 +01:00
mboelen 5f2ef483f6 Improved tests and logging for automation tools 2015-09-08 16:02:41 +02:00
Alexander Lobodzinski 66ff2a9229 Fixed typos 2015-09-08 14:28:24 +02:00
Alexander Lobodzinski 2d72fe18d3 Detect automation with Cfengine 3 2015-09-08 14:19:11 +02:00
mboelen afd01ece5d Remove incomplete tests, code enhancements 2015-07-22 17:37:11 +02:00