tyler.durden
/
lynis
mirror of https://github.com/CISOfy/lynis.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
2,143 Commits 2 Branches 63 Tags 18 MiB
Commit Graph

1430 Commits

Author SHA1 Message Date
superpoussin22 839977c3f6 Update helper_audit_dockerfile (#568) 
To support LABEL maintainer="toto" and LABEL maintainer "toto"
correct syntax from docker is LABEL maintainer="xxxxxxxxxxxxxxx"
 2018-08-07 14:46:47 +02:00
Michael Boelen 7ebccab207
Updated URL for Lynis controls 2018-08-03 11:20:31 +02:00
Michael Boelen 3f9d1308bb
[SSH-7408] adjusted classification of root login with keys 2018-07-25 13:35:00 +02:00
Michael Boelen 4ad2ee4ba2
[BOOT-5104] added busybox to service managers 2018-07-25 13:24:11 +02:00
Michael Boelen 7181b94382
[KRNL-5677] Limit PAE and no-execute test to AMD64 hardware only 2018-07-25 12:25:00 +02:00
Michael Boelen 54e8020edb
[LOGG-2190] ignore /dev/zero and /dev/[aio] as deleted files 2018-07-25 12:13:06 +02:00
Bernhard R. Fischer c024ce31d8 added path information for correct detection of config files and modules of Apache 2.4 (standard installation from ports tree) on FreeBSD (#562) 2018-07-24 19:08:45 +02:00
gkrystev 13d631781c Fix for umask check in case of multiple files (#560) 
In case when umask is checked in multiple files and in some of the files except the last one a weak umask is found, the tool reports weak mask for the rest of the files. In the example bellow, the weak umask is only in /etc/csh.cshrc. However, the check /etc/profile is reported weak as well.

Expected:

Checking default umask values
Checking default umask in /etc/bashrc [ OK ]
Checking default umask in /etc/csh.cshrc [ WEAK ]
Checking default umask in /etc/profile [ OK ]
Actual:

Checking default umask values
Checking default umask in /etc/bashrc [ OK ]
Chhhhecking default umask in /etc/csh.cshrc [ WEAK ]
Chhhhecking default umask in /etc/profile [ WEAK ]
 2018-07-24 19:08:08 +02:00
Michael Boelen 81ea5df3b3
Fix: extra operand error 2018-07-05 15:57:19 +02:00
Michael Boelen 1bf09ad60a
[KRNL-5830] improved text in log 2018-07-02 14:52:29 +02:00
Michael Boelen 65190d214c
Move reporting of hostid2 to main section to ensure it is added to report 2018-06-28 16:29:16 +02:00
Michael Boelen 85feee25d5
Merge branch 'master' of https://github.com/CISOfy/lynis 2018-06-26 11:37:18 +02:00
Thomas Sjögren 8321da24c7 query DNS with FQDN (#555) 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2018-06-26 11:36:55 +02:00
Michael Boelen d80ec9d084
Removed 'update release' from help text 2018-06-26 11:35:02 +02:00
Michael Boelen 34813302b4
Changed number of Exim test and minor changes 2018-06-26 11:34:09 +02:00
Dave Vehrs c11177f98b Initial Tests for Exim (#539) 
* Added kernel.dmesg_restrict to sysctl checks.

* Extending Exim Tests, round 1

* fixed a few string comparisons

* fixed old test

* Cleans to Exim options tests
 2018-06-26 11:27:26 +02:00
aram535 1caf9ad12d Updated tests_ssh, removed extra ssh in the test (#557) 
Seems like in the patch there was an extra 'ssh' added in the command line, which is breaking the ssh tests.  Removing the ssh keyword... -T -C ... fixes the problem.
 2018-06-22 12:29:25 +02:00
Carsten Grohmann bf2462272e [TIME-3160] Extend check for step-tickers file for RedHat (#553) 
On RedHat if the step-tickers file exists but empty, the ntp start
script uses the servers listed in ntp.conf for the initial time
synchronization.
 2018-06-06 13:59:07 +02:00
Michael Boelen 84faf57b30
[SSH-7402] when SSH configuration has Match block, allow evaluation of full configuration 2018-05-14 08:29:30 +02:00
Michael Boelen 4efe5dd363
[DNS-1600] Test is disabled until domain is configured 2018-05-02 13:35:46 +02:00
Michael Boelen 235ec1c8d4
Merge branch 'master' of https://github.com/CISOfy/lynis 2018-05-02 13:19:32 +02:00
kisst 039945bde6 DNS-1600 Check for DNSSEC validation (#535) 2018-05-02 13:19:01 +02:00
Michael Boelen 08ee8136d5
Check for available parameter when using profile or plugindir 2018-05-02 12:48:05 +02:00
Matyáš Koc 7fd8189907 Update for PHP 7.2 (#546) 
Added php.ini paths used on Ubuntu with PHP 7.1/7.2
 2018-05-02 11:14:20 +02:00
Michael Boelen 170e427595
[NETW-2704] added support for local resolver used on Ubuntu 18.04 2018-05-01 19:57:23 +02:00
Michael Boelen 8077d24432
[PHP-2379] Suhosin test disabled 2018-04-23 11:06:36 +02:00
Michael Boelen 105befb2e9
[AUTH-9308] Made 'sulogin' more generic for systemd rescue shell 2018-04-23 11:01:18 +02:00
Michael Boelen e858233eb6
Merge branch 'master' of https://github.com/CISOfy/lynis 2018-04-23 10:57:59 +02:00
Thomas Sjögren c25910cb31 delayed is a legacy synonym (#531) 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2018-04-23 10:57:27 +02:00
Michael Boelen 40d6a853d5
Changed file permissions 2018-04-23 10:56:26 +02:00
John Eismeier c5dcbe8c31 Propose fix some typos (#538) 2018-04-23 10:54:44 +02:00
Oliver Mueller 7e0b300e27 Issue/288 (#530) 
* enhanced check "DBS-1816: mysql root user with empty password" to avoid false positived when authentication plugins are used

* fixed indent to spaces
 2018-03-22 09:07:48 +01:00
Michael Boelen 40282cde49
[TIME-3160] improvements to detect step-ticker file and entries 2018-03-10 12:26:09 +01:00
James White 1d982a26d0 Add remi repo php.ini paths (#529) 2018-03-10 12:07:29 +01:00
Michael Boelen a7845b6748
[NAME-4402] Enhanced test to filter out empty lines 2018-03-05 11:43:33 +01:00
Michael Boelen dabf7d3e80
Merge branch 'master' of https://github.com/CISOfy/lynis 2018-03-05 11:32:40 +01:00
Michael Boelen 211fb9117c
[CRYP-7902] - Do prevalidation for certificates before testing them 2018-03-05 11:32:23 +01:00
Jason Soto 94e4fb4bd9 Solved null byte bash warning (#523) 2018-03-05 11:19:57 +01:00
Michael Boelen 73a4e92a7b
[HRDN-7222] enhanced compiler permission test 2018-03-04 17:52:15 +01:00
Michael Boelen e210d7f3b6
[PKGS-7384] changes to detect yum-utils package and related tooling 2018-02-19 15:01:59 +01:00
Michael Boelen f0ef7fb785
Initial version of PackageIsInstalled function 2018-02-19 15:01:26 +01:00
Michael Boelen 5e9253e8f4
Add host identifier options and use manual configured setting in function 2018-02-16 19:29:08 +01:00
mslifcak c170f1fc0a Pin db sync (#519) 
* fix testname in one Register and four comments

* remove db dup MAIL-8816; add db AUTH-9489 BOOT-5261 CORE-1000 FILE-6363 FILE-6439 KRNL-5831 MAIL-8817 SINT-7010 USB-3000

* fix description PLGN-3856
 2018-02-09 12:37:10 +01:00
Michael Boelen c53072e31e
Ensure a parent directory with binaries is scanned - issue #517 on GitHub 2018-02-06 10:45:41 +01:00
Michael Boelen a5cbc12734
Include location when uploading data 2018-02-06 10:44:30 +01:00
Michael Boelen 96b21da96a
Removed brackets while searching for home directory entries 2018-01-26 13:00:24 +01:00
Michael Boelen ce6693e873
Use existing IDs for tests, renumbering will happen later 2018-01-26 12:36:33 +01:00
Michael Boelen 0d3b89e254
Minor changes 2018-01-26 12:28:52 +01:00
Dave Vehrs a30d429315 tests_usb updates (#514) 
* Added kernel.dmesg_restrict to sysctl checks.

* Moved usb-storage and autthorization tests tests_usb

* Limit Suggestions when USBGuard installed

* Changed usb_devices to usb
 2018-01-26 12:24:33 +01:00
Michael Boelen 7b664a7560
Reverse PATH search 2018-01-25 19:43:51 +01:00