Commit Graph

1507 Commits

Author SHA1 Message Date
Michael Boelen 6e549eb545
Set ip binary 2018-01-18 16:23:55 +01:00
Michael Boelen 3957ca32cd
Minor code enhancements 2018-01-18 16:23:23 +01:00
Michael Boelen 173068b402
Added getcap and grpck back 2018-01-18 11:10:11 +01:00
Michael Boelen 4f751c9037
Remove service manager reference from systemctl, minor cleanup 2018-01-18 10:23:39 +01:00
Michael Boelen 182ce09bc1
Additional code enhancements 2018-01-18 09:19:06 +01:00
Michael Boelen 8934042473
Code enhancements 2018-01-17 17:26:30 +01:00
mslifcak 25b3c4f1eb VBoxService running is another VirtualBox clue () 2018-01-17 17:19:51 +01:00
BlessJah d7d42d9103 remove non printable characters from code ()
Non printable ESC character is required to obtain terminal escape
sequence i.e. for changing output color.

Such sequences (especially ESC character) were replaced by command
substitution producing exactly same result (variable value), but using
only "safe" characters.

Use of printf and especialy '\033' or '\0ddd' sequences is described
here:
http://pubs.opengroup.org/onlinepubs/9699919799/utilities/printf.html#tag_20_94_13

Use of $(command) or command substitution is described here:
http://pubs.opengroup.org/onlinepubs/9699919799/utilities/V3_chap02.html#tag_18_06_03

Verbatim TAB characters were replaced with \t escape sequence as
described to avoid problems with editors silently replacing them or
developer accidentialy messing up the regex.
2018-01-17 17:12:36 +01:00
mslifcak 173843bdfd Pin svc mgr ()
* systemctl does not mean systemd is used

* Check for systemd active

* determine service manager if not already set
2018-01-17 15:56:19 +01:00
Michael Boelen 9ba5d200ad
Enhancements to reduce file access and removing unneeded variables 2018-01-17 14:46:29 +01:00
mslifcak 2c774b8795 sort BIN_PATHS before process () 2018-01-17 13:49:07 +01:00
Jason Soto 73e0e7b5e4 Changed Process name search for Bitdefender test. ()
* Added php.ini locations for Ubuntu 16.04LTS

* Switched Process name Search Bitdefender

* Switched Process name Search Bitdefender
2018-01-13 12:55:16 +01:00
Michael Boelen b236e7d95d
[PHP-2379] added quotes 2018-01-13 12:53:50 +01:00
Michael Boelen b4758e0b23
Use PATH variable as first method to scan directories 2018-01-11 12:05:21 +01:00
Michael Boelen 541996f672
Rename variable 2018-01-11 10:38:11 +01:00
Michael Boelen 00ad535c6b
Use different variable in for loop 2018-01-11 10:37:56 +01:00
Michael Boelen 35a1524d07
Added alias for skipping plugins 2018-01-11 10:19:29 +01:00
Michael Boelen 1504370e41
Added solution, extended timestamps key values, allow multiple values 2018-01-11 10:19:16 +01:00
Michael Boelen 66f8cb2441
Changed year 2018-01-11 09:50:26 +01:00
n[oO]ne aebb0c8ed4 lynis should not suggest suhosin for PHP 7 () 2018-01-11 09:47:47 +01:00
Michael Boelen c487bcb277
\-C flag of ps is different on BSD 2017-12-24 14:05:55 +01:00
Michael Boelen 4042c45954
Changes for new plugin class 'hardware' 2017-12-08 09:37:55 +01:00
Shaleen Jain 21b129f947 Fix detecting systemd timedate deamon ()
Fix detecting systemd timedate daemon
2017-11-29 15:59:07 +01:00
Michael Boelen e4cb190237
Support for allow-auto-purge option in profiles 2017-11-25 16:11:04 +01:00
wschaft c453331265 fixing "Repository listed more than once" issue () () 2017-11-08 19:20:20 +01:00
Katarina Durechova 09de901d11 Check zero size of files correctly ()
from man test:
-s FILE
    FILE exists and has a size greater than zero

-z STRING
    the length of STRING is zero
2017-10-31 09:05:29 +01:00
Michael Boelen e5c11991ef
Code enhancements and textual change 2017-10-29 11:26:25 +01:00
Michael Boelen ebf16462a8
Improve IsRunning function to match full process names 2017-10-29 10:54:40 +01:00
Michael Boelen 011e6248c2
Use full match for Little Snitch 2017-10-29 10:54:16 +01:00
Michael Boelen 764c18c218
Code enhancements, improve detection for Puppet 2017-10-29 10:52:42 +01:00
Michael Boelen 331422384a
Added --silent as parameter for --quiet 2017-10-29 10:26:18 +01:00
Michael Boelen d13cdda1e3
Filter only relevant messages for report 2017-10-26 08:23:15 +02:00
Michael Boelen b29732bf5f
Spacing and readability 2017-10-24 14:15:59 +02:00
Michael Boelen c5e014eaf4
Corrected description 2017-10-24 13:39:41 +02:00
James White 45748184a8 Add additional DirectAdmin paths for php.ini () 2017-10-24 13:16:59 +02:00
Michael Boelen 539fe2242a
Merge branch 'master' of https://github.com/CISOfy/lynis 2017-10-19 19:38:36 +02:00
Michael Boelen 9d238f6e78
Added HP-UX routine for GetHostID 2017-10-19 19:37:25 +02:00
dataking 099c3b4468 fix for issue ; simply add RPi/Raspian path to PAM_FILE_LOCATIONS () 2017-10-19 11:33:09 +02:00
vins1993 6a74a8727f Fix displayed result for signing keys check ()
The result of the signing keys check is saved under KEYS_USED variable,
but SSL_USED was used to present the result to the end user.
2017-09-21 15:09:57 +02:00
Michael Boelen 19bbc4272f
[SHLL-6220] Improved detection of shell settings like TMOUT 2017-09-18 19:50:41 +02:00
Michael Boelen 76b4afb14d
[SSH-7408] set default 'delayed' compression as a sane value 2017-09-18 19:18:11 +02:00
Michael Boelen 94f656bf65
Add 127.0.1.1 to NETW-2704 test 2017-09-17 20:01:07 +02:00
Michael Boelen 3670e0c5c9
Minor changes to using local resolvers 2017-09-16 14:25:01 +02:00
Michael Boelen 83ce145f1b
Merge branch 'master' of https://github.com/CISOfy/lynis 2017-09-16 14:10:20 +02:00
Ben Abrams 192cc494ed [NETW-2705] This is related to and resolvconf but is split up. ()
This specifically makes it so that when `/etc/resolv.conf` has one or more nameservers matching `127.0.[0-1].1` it should not warn as it is using local resolvers.

We are simply using `grep -c "127.0.[0-1].1" /etc/resolv.conf` to determine this.
2017-09-16 14:09:32 +02:00
Michael Boelen 11f81345ee
Code enhancement 2017-09-16 14:08:38 +02:00
Michael Boelen 499f7d5015
Improve process detection 2017-09-16 14:08:26 +02:00
FlorentCoppint ccf9db18f8 Improved IsRunning() process matching () 2017-09-16 13:58:04 +02:00
Michael Boelen 79278c32ef
Added extra legal words for banners 2017-09-12 15:23:37 +02:00
Michael Boelen c248ab6a16
[CRYP-7902] fix for bourne shell and rewrite 2017-09-06 12:56:32 +02:00
Michael Boelen 2451029a6e
Allow for files with spaces 2017-09-06 12:55:56 +02:00
Michael Boelen 77400d3952
Improve logging 2017-09-05 13:29:21 +02:00
Brian Ginsbach 30c58dd1ed Don't assume sshd version is in first line ()
There are some versions of OpenSSH where the version information
isn't in the first line (like NetBSD's with the HPN patches).
2017-09-04 15:33:28 +02:00
Tom Reynolds 41174afda6 Do not limit debsums to Debian systems ()
Debsums is supported on Debian and other systems as per GitHub issue . 
Undo commit d1969001c6.
2017-09-04 15:30:25 +02:00
Michael Boelen 0fc8adb3c5
When providing suggestion related to hostid, append to file instead of overwriting 2017-08-31 17:11:15 +02:00
Michael Boelen 769b1f49e2
Detection of Linux Mint missed right field 2017-08-31 17:04:17 +02:00
Bruno Vernay 6cf1c324f8 Support spaces in file names ()
* Support spaces in file names

File names may contain spaces

* Fixed 2more cases
2017-08-29 14:33:18 +02:00
Bruno Vernay 4107d8a461 Support spaces in file names ()
File names may contain spaces
2017-08-29 14:32:42 +02:00
Brian Ginsbach 3512068a49 [PKGS-7380] Fix NetBSD packages vulnerabilities file name ()
* [PKGS-7380] Fix NetBSD packages vulnerabilities file name

* OS Detection: Add early Mac OS X releases
2017-08-19 10:53:25 +02:00
Michael Boelen d682673c63
Preparations for APT 2017-08-19 10:51:06 +02:00
Michael Boelen 06491a5b4f
Linux Mint detection 2017-08-19 10:50:53 +02:00
Michael Boelen 1190efac2b
[CRYP-7902] add a test to filter out non-certificate files 2017-08-18 19:19:15 +02:00
Michael Boelen 4a673aebc7
[CRYP-7902] certificate validation changed 2017-08-18 14:14:28 +02:00
Michael Boelen 00648a636c
Improve systemd detection 2017-08-17 20:28:32 +02:00
Michael Boelen c0a6aaf855
[TOOL-5002] performance enhancement to reduce number of dirs/files to check 2017-08-17 20:10:51 +02:00
Michael Boelen 5be81289ee
[TOOL-5002] rewrite of Ansible detection 2017-08-17 20:06:41 +02:00
Michael Boelen 43228c2ca7
[TOOL-5002] Ansible detection added 2017-08-17 14:20:54 +02:00
Michael Boelen 358dc46b81
Ignore file access errors when trying to access them 2017-08-17 14:18:29 +02:00
Michael Boelen 77ebb23320
[HRDN-7230] Show single line when no malware scanner was detected 2017-08-17 14:17:57 +02:00
Lukas Pirl b3dffbf750 remove test for deprecated sshd option UsePrivilegeSeparation ()
see also https://www.openssh.com/txt/release-7.5
2017-08-16 20:33:33 +02:00
Tom H 3adeac922e Do not unset PHPVERSION after detect it () 2017-08-16 20:33:11 +02:00
Jason Soto 5b81f625a6 Added php.ini locations for Ubuntu 16.04LTS () 2017-08-16 20:32:55 +02:00
Michael Boelen a547953d99
Set default log directory, or allow it be set per OS 2017-08-08 14:52:59 +02:00
Michael Boelen 4660362e74
Redirect errors like file permissions 2017-08-08 14:52:11 +02:00
Michael Boelen 49c1bf8d55
[NETW-3006] Updated detection of MAC addresses on Linux 2017-08-03 20:28:38 +02:00
Michael Boelen 4781b1c170
Added /opt/apache 2017-08-02 13:01:23 +02:00
Stéphane BARBARAY 9ca2d640b8 Enhanced detection for LXC and LXC over VM ()
* Update functions

* Update functions

* Update tests_shells

* Update tests_shells

* Update IsVirtualMachine

extra check on /proc/1/environ existence + Log result
2017-07-31 12:51:19 +02:00
Michael Boelen dbec83566b
[FILE-6310] match mount points by exact name 2017-07-28 10:42:17 +02:00
Michael Boelen ebc706aa64
Merge branch 'master' of https://github.com/CISOfy/lynis 2017-07-28 10:26:34 +02:00
alobodzinski 6147ebd47b Suhosin is hard linked into PHP on OpenBSD () 2017-07-28 10:14:04 +02:00
Michael Boelen 60f94fef47
[CRYP-7902] prevent test from showing error on screen related to wrong certificate file 2017-07-18 11:51:45 +02:00
James White d7b0c28699 Add /usr/lib/apache module search path for DirectAdmin () 2017-07-11 09:26:00 +02:00
Michael Boelen d1969001c6
[PKGS-7370] only use debsums test for Debian systems 2017-07-10 16:08:32 +02:00
Michael Boelen df32cb29b0
Include instructions if hostid2 is empty 2017-07-10 16:07:39 +02:00
superpoussin22 29f5dc7e53 Update tests_containers ()
last docker version no more use docker -d  sounds better to check dockerd
2017-07-10 15:24:09 +02:00
(╯°□°)╯︵ uᴉǝssnH ɐɟɐʇsoW 3b66a22f39 Firewall check updates ()
* Check if CSF is running

* Check for APF presence
2017-07-10 15:23:32 +02:00
(╯°□°)╯︵ uᴉǝssnH ɐɟɐʇsoW 3a6fa0bb6b Suhosin simulation mode status ()
* fix suhsoin check text

* use PHPINI_ALLFILES variable

* Check suhosin simulation mode status

* Small style improvement
2017-07-10 14:38:42 +02:00
Jeremy Daer f33cdd3a17 OS detection: macOS 10.13, High Sierra () 2017-07-01 10:29:05 +02:00
Michael Boelen f903b6f079
Allow tags and system-customer-name to be specified 2017-06-22 10:15:39 +02:00
Michael Boelen f4b6d8d401
Show full command for remote usage 2017-06-21 14:28:12 +02:00
Daniel Romell 5b12f17e3f Minor fixes for embedded Linux. ()
* Check if the "locale" binary is available before using it.

This is no functional change as it will still fall back to english
when the locale can't be determined. This fix gets rid of the
following error when running on systems without the locale binary:

./lynis: line 112: locale: command not found

Signed-off-by: Daniel Romell <daro@hms.se>

* tests_kernel: KRNL-5677: Fix invalid use of shell test.

This fixes an issue (syntax error) triggered on systems with no PAE or
NX extensions:

- Checking CPU support (NX/PAE)
/usr/libexec/lynis/include/tests_kernel: line 126: [: too many arguments
/usr/libexec/lynis/include/tests_kernel: line 132: [: too many arguments

No need to use [] when only looking at function return values.

Signed-off-by: Daniel Romell <daro@hms.se>
2017-06-21 14:17:49 +02:00
Athmane Madjoudj ac2c83870b Add lowercase path for changelog search (eg: Fedora/EPEL pkg) () 2017-06-21 14:08:57 +02:00
(╯°□°)╯︵ uᴉǝssnH ɐɟɐʇsoW 98b80f7c49 add ini paths for cloudlinux () 2017-06-14 14:07:37 +02:00
(╯°□°)╯︵ uᴉǝssnH ɐɟɐʇsoW 4cbe8f32c6 add suhosin status test ()
* add suhosin status test

* get matched line only
2017-06-14 14:06:51 +02:00
Jose Luis Duran 9dc4efefd6 Fix pkg audit option ()
-F, --fetch
       Fetch the database before checking.

[ci skip]
2017-06-14 14:06:18 +02:00
Michael Boelen 0e535c851a
Small style improvement 2017-05-31 15:47:21 +02:00
mslifcak 8d2b3a202f A250 2 ()
* fix missing ROOTDIR prefix

* sort list of services before processing

* sort list of certificates before processing

* sort list of startup scripts before processing

* spell check

* remove possessive pronoun
2017-05-31 15:40:39 +02:00
(╯°□°)╯︵ uᴉǝssnH ɐɟɐʇsoW 360be2a700 Add a check for csf testing mode () 2017-05-31 15:37:22 +02:00
mslifcak af60a2463a 250 fixes ()
* restore use of lshw

* add ROOTDIR to restore lost PHP file ref

* refactor certificate search to benefit older "find" command
2017-05-23 14:56:25 +02:00
Michael Boelen aec9b57c29
Changes to BOOT-5104 and HTTP-6716 2017-05-08 14:56:39 +02:00
Michael Boelen 918b962ae5
Code enhancements 2017-05-03 10:42:34 +02:00
Michael Boelen a9b67dc675
Reinitialize temporary files to prevent possible symlink attack - CVE-2017-8108 2017-05-03 09:47:35 +02:00
Michael Boelen 67333bb09a
[SHLL-6290] Removed ShellShock test as it is no longer needed - CVE-2017-8108 2017-05-03 09:33:40 +02:00
Michael Boelen 4ecb9d4d05
[bulk change] cleaning up, code enhancements, initialization of variables, and new tests 2017-04-30 17:59:35 +02:00
Michael Boelen 5ccd0912cf
[MALW-3280] Added detection of Symantic components 2017-04-29 14:22:40 +02:00
Michael Boelen f39e72dbd5
Remove unused file 2017-04-23 20:19:30 +02:00
Michael Boelen 2340e7bbbc
Added HasData and IsEmpty function 2017-04-23 20:19:18 +02:00
Michael Boelen a04b2da851
Initialize variables 2017-04-23 20:19:02 +02:00
Michael Boelen 70ea29483a
Code enhancements 2017-04-23 20:06:54 +02:00
Michael Boelen 9e9b95e1da
Apply substite for TIME-3148 and first batch of code enhancements 2017-04-23 20:06:24 +02:00
0ri0n b433cf0bac Add Additional php.ini Paths () 2017-04-17 15:38:48 +02:00
Michael Boelen b0b0fd0256 Add atomic tests to report 2017-03-27 17:15:02 +02:00
Michael Boelen e498e6ae64 Remove unused test parts 2017-03-27 17:14:34 +02:00
Michael Boelen 7f06a2c34f Added MAIL-8820 test for Postfix 2017-03-27 17:14:11 +02:00
Michael Boelen e14376cdab Minor cleanups 2017-03-27 12:23:27 +02:00
Michael Boelen b306ab891f Add additional check for Puppet tool 2017-03-27 12:21:42 +02:00
Athmane Madjoudj 5f0b24d2c8 Add support for cPanel PHP (Scl-based pacakging) GHT ()
* Add support for cPanel PHP (Scl-based pacakging) GHT 

* Add myself to contributors as requested
2017-03-27 09:21:37 +02:00
pyllyukko 88f39b9540 Fix regex to disregard locked accounts ()
This way, accounts that have ":!!:" in shadow and have an entry in
"Password expires" field don't get flagged with "Result: password of
user XYZ has been expired" by AUTH-9288.

Fixes 
2017-03-27 09:19:55 +02:00
guyav a0849ac053 Added quote marks on SSH commands ()
Added quote marks for the SSH commands in steps and 6.
2017-03-27 09:19:01 +02:00
Michael Boelen 57770fe332 [HTTP-6641] support Apache mod_reqtimeout module 2017-03-20 13:40:00 +01:00
Michael Boelen 90e240cfb5 [CUPS-2308] removed exception handler, improved logging 2017-03-20 13:12:55 +01:00
Yaisel Hurtado 4368013b43 Fixed detection of security repositories () 2017-03-17 17:59:21 +00:00
Michael Boelen 9ff31074a1 Added more banner words 2017-03-17 10:37:14 +01:00
Michael Boelen d8e41ca118 [CRYP-7902] Support for Plesk file names 2017-03-14 16:42:39 +01:00
Michael Boelen 352ea8c21c Added missing pipe 2017-03-13 19:55:00 +01:00
Michael Boelen b67d9233eb Added more logging 2017-03-13 19:53:56 +01:00
Michael Boelen e4474320ee [PKGS-7387] check all repositories for usage of gpg signing 2017-03-13 19:47:06 +01:00
Michael Boelen cd63e2389e [FILE-7524] Do not show missing files or paths by default 2017-03-13 16:26:26 +01:00
Michael Boelen 4be6b958e4 [MALW-3280] added Avira detection 2017-03-13 15:51:13 +01:00
Michael Boelen 6083f6d9ff [SCHD-7704] permission checks and minor code cleanups 2017-03-13 12:00:27 +01:00
Michael Boelen 320a397772 [TIME-3104] Test permissions before opening files 2017-03-13 11:59:05 +01:00
Michael Boelen 7d17bfbbd7 Escape file when needed to test if it is readable 2017-03-13 11:57:23 +01:00
noci2012 ad779f29eb Added new php paths ()
removed php5.4,  added 7.0 and 7.1 and the flavours that are known on gentoo
(apache2, cgi, cli, embed,  fpm)
2017-03-13 09:50:09 +00:00
Michael Boelen de84454d3f Cleanup 2017-03-12 19:27:16 +01:00
Michael Boelen b66e1402df Support for Manjaro Linux 2017-03-12 19:27:04 +01:00
Michael Boelen 814f2355ca [NAME-4018] only perform test when /etc/resolv.conf exists 2017-03-12 17:01:58 +01:00
Michael Boelen c2b7c76f97 Mark OS version of Arch Linux as rolling release 2017-03-12 16:42:44 +01:00
Michael Boelen 78b6a6b49f Remove lines related to report 2017-03-12 16:37:43 +01:00
Michael Boelen 88b37d16ca Added FileInstalledByPackage function 2017-03-12 16:36:02 +01:00
Michael Boelen 32b9af0767 [CRYP-7902] Test certificates with extension crt and pem, only if not part of a package 2017-03-12 16:35:50 +01:00
Michael Boelen a70cfd0a70 Improve message 2017-03-09 12:32:32 +01:00
Michael Boelen bb83598ff1 [DBS-1882] include redis.conf 2017-03-09 12:28:05 +01:00
Michael Boelen 336dcb4811 [PKGS-7381] Enhanced FreeBSD pkg audit testing 2017-03-09 12:27:38 +01:00
Michael Boelen e082b8af08 Updated log 2017-03-08 21:19:20 +01:00
Michael Boelen 658bbc6eba Rename host_alias to hostname_alias 2017-03-08 20:16:00 +01:00
hlein 62d9a18861 A bunch of Solaris compatibility tweaks ()
* Work around Solaris' /bin/sh not being POSIX.

If /usr/xpg4/bin/sh is present, we are (definitely?) on Solaris or
a derivative, and /bin/sh cannot be trusted to support POSIX, but
/usr/xpg4/bin/sh can be.  Exec it right away.

* Work around Solaris 'which' command oddity.

Solaris' (at least) 'which' command outputs not-found errors to STDOUT
instead of STDERR.

This makes "did we get any output from which" checks insufficient;
piping to grep -v the "no foo in ..." message should work.

Note that this patch set includes all such uses of which that I could
find, including ones that should never be reached on Solaris (i.e. only
executed on some other OS) just for consistency.

* Improved alternate-sh exec to avoid looping.

* Solaris' /usr/ucb/echo supports -n.

* Check for the best hash type that openssl supports.

When using openssl to generate hashes, do not assume it supports
sha256; try that, then sha1, then give up and use md5.

* Solaris does not support sed -i; use a tempfile.

* Use the full path for modinfo.

When running as non-root, /usr/sbin/ might not be in PATH.
include/tests_accounting already calls modinfo by full path, but
include/tests_kernel did not.

* Solaris find does not support -maxdepth.

This mirrors the logic already in tests_homedirs.

* Use PSBINARY instead of ps.

* Work around Solaris' date not supporting +%s.

Printing nawk's srand value is a bizarre but apparently once popular
workaround for there being no normal userland command to print
UNIX epoch seconds.  A perl one-liner is the other common approach,
but nawk may be more reliably present on Solaris than perl.

* Revert to using sha1 for HOSTID.

* Whitespace cleanup for openssl hash tests.
2017-03-08 16:24:24 +00:00
hlein e054e9757c Lots of cleanups ()
* Description fix: SafePerms works on files not dirs.

All uses of SafePerms are on files (and indeed, it would reject
directories which would have +x set).

* Lots of whitespace cleanups.

Enforce everywhere(?) the same indentations for if/fi blocks.
The standard for the Lynis codebase is 4 spaces.  But sometimes
it's 1, sometimes 3, sometimes 8.

These patches standardize all(?) if blocks but _not_ else's (which
are usually indented 2, but sometimes zero); I was too lazy to
identify those (see below).

This diff is giant, but should not change code behavior at all;
diff -w shows no changes apart from whitespace.

FWIW I identified instances to check by using:

  perl -ne 'if ($oldfile ne $ARGV) { $.=1; $oldfile=$ARGV; }; chomp; if ($spaces) { next unless /^( *)([^ ]+)/; $newspaces=length($1); $firsttok = $2; next unless defined($firsttok); $offset = ($firsttok eq "elif" ? 0 : 4); if ($newspaces != $spaces + $offset) { print "$ARGV:$ifline\n$ARGV:$.:$_\n\n" }; $ifline=""; $spaces="";  } if (/^( *)if (?!.*[; ]fi)/) { $ifline = "$.:$_"; $spaces = length($1); }' $(find . -type f -print0 | xargs -0 file | egrep shell | cut -d: -f1)

Which produced output like:

  ./extras/build-lynis.sh:217:            if [ ${VERSION_IN_SPECFILE} = "" -o ! "${VERSION_IN_SPECFILE}" = "${LYNIS_VERSION}" ]; then
  ./extras/build-lynis.sh:218:               echo "[X] Version in specfile is outdated"

  ./plugins/plugin_pam_phase1:69:        if [ -d ${PAM_DIRECTORY} ]; then
  ./plugins/plugin_pam_phase1:70:                LogText "Result: /etc/pam.d exists"

...There's probably formal shellscript-beautification tools that
I'm oblivious about.

* More whitespace standardization.

* Fix a syntax error.

This looks like an if [ foo -o bar ]; was converted to if .. elif,
but incompletely.

* Add whitespace before closing ].

Without it, the shell thinks the ] is part of the last string, and
emits warnings like:

  .../lynis/include/tests_authentication: line 1028: [: missing `]'
2017-03-07 19:23:08 +00:00
Jean Prat a53cb004fa umask can be 0027 or 0077 ()
* umask can be 0027 or 0077

* Readme update
2017-03-06 14:41:11 +00:00
hlein b595cc0fb5 Various cleanups ()
* Typo fix.

* Style change: always use $(), never ``.

The Lynis code already mostly used $(), but backticks were sprinkled
around.  Converted all of them.

* Lots of minor spelling/typo fixes.

FWIW these were found with:

  find . -type f -print0 | xargs -0 cat | aspell list | sort -u | egrep '^[a-z]+$' | less

And then reviewing the list to pick out things that looked like
misspelled words as opposed to variables, etc., and then manual
inspection of context to determine the intention.
2017-03-06 07:41:21 +00:00
Michael Boelen b0cde02c71 Code enhancements and allow host alias to be defined in profile 2017-03-05 20:45:13 +01:00
Michael Boelen 44f5209cb9 Add description of CheckItem 2017-03-05 15:12:01 +01:00
Michael Boelen 89c3e449ad [BOOT-5104] added initsplash and code enhancements 2017-03-05 13:13:20 +01:00
Michael Boelen 295fe93ca6 [FILE-6372] Properly deal with comments in /etc/fstab 2017-03-01 16:11:17 +01:00
Michael Boelen d15ba9607f [SSH-7408] Corrected variable and allow a few more retries to prevent issues with public key authentication 2017-03-01 16:07:32 +01:00
Mark Janssen 339ddfea83 Add /usr/local/etc/zend/php.ini as possible php path ()
Thanks, merging!
2017-03-01 14:31:20 +00:00
Michael Boelen 03fd94aafa Code cleanups and removed 'lynis update release' command 2017-03-01 15:27:02 +01:00
Michael Boelen 9cf25723e0 [AUTH-9308] Test for tilde in inittab for Debian systems 2017-02-28 20:18:47 +01:00
Michael Boelen 5668f7bed1 Corrected variable for data uploads 2017-02-28 20:17:49 +01:00
Michael Boelen ed52d0dd41 New test and reduction of output on screen 2017-02-28 20:17:01 +01:00
Michael Boelen b2f13a2f92 [TIME-3148] new test for TZ variable 2017-02-22 15:06:19 +01:00
Michael Boelen 1c59bfd6f1 Set correct variable for data upload mode 2017-02-21 15:40:49 +01:00
Michael Boelen a19a34cbf3 Allow data uploads to be configured in profile 2017-02-21 15:40:06 +01:00
ryneeverett f5d70a6889 Match for sulogin fails to detect inittab entry ()
A valid inittab entry was missed. Gentoo delivers an inittab
containing su1:S:wait:/sbin/sulogin
2017-02-21 14:26:32 +00:00
alobodzinski 08b6a40751 MAIL-8818: $LINUX_VERSION is not set on every OS () 2017-02-21 14:25:48 +00:00
Michael Boelen 2d8b06678f [TIME-3116] skip stratum 16 items for time pools 2017-02-18 14:28:56 +01:00
Michael Boelen 8d6bc1ad21 Allow colored output to be configured from profile 2017-02-16 10:27:54 +01:00
Michael Boelen a817bf2f1b [SSH-7408] allow filtering for multiple options and new SSH value for PermitRootLogin 2017-02-15 13:14:54 +01:00
Michael Boelen 0209c6ce90 [AUTH-9208] Remove double logging 2017-02-14 20:18:37 +01:00
Michael Boelen f7478bc9e0 Unique sort of systemctl unit files 2017-02-14 20:15:00 +01:00
Michael Boelen 38af9121ea Properly detect SSH version 2017-02-14 20:10:42 +01:00
Michael Boelen ea16e798ee Grammar fix 2017-02-14 20:05:45 +01:00
Michael Boelen 30d9c2b72d [FIRE-4512] lowered number of minimum rules 2017-02-14 16:19:44 +01:00
Michael Boelen c0e604c059 [HRDN-7222] changed reporting key 2017-02-14 15:08:55 +01:00
Michael Boelen a7dd733dc0 Improve logging for group checks 2017-02-11 21:25:25 +01:00
Michael Boelen 36f7bcbf1c Rename authentication to authorization 2017-02-10 17:18:23 +01:00
Michael Boelen a8c021dd9c Status of MongoDB instances 2017-02-10 13:07:53 +01:00
Michael Boelen 2cc3f889c8 [DBS-1818] MongoDB status 2017-02-10 13:07:30 +01:00
Michael Boelen 9c71f6061d Check for pgrep binary 2017-02-10 12:58:59 +01:00
Michael Boelen d27c1eda84 [DBS-1820] Test for MongoDB authentication 2017-02-10 12:58:47 +01:00
Michael Boelen bfbe35055a [FIRE-4586] escape search string 2017-02-10 11:14:01 +01:00
Michael Boelen 34ba1ba184 Changed date and preparing for release 2017-02-09 13:35:40 +01:00
Michael Boelen a7409568c9 Updated commands 2017-02-05 21:08:08 +01:00
Michael Boelen bbe95bb0ff Check for OS name in Postfix banner 2017-01-28 15:48:26 +01:00
Michael Boelen 551f89c63b Log weak banner and code enhancements 2017-01-28 15:47:47 +01:00
Michael Boelen 57dd96f6c6 Added support for iptables-save 2017-01-28 15:46:56 +01:00
Michael Boelen 103ed2afb3 Added FIRE-4586 2017-01-28 15:46:42 +01:00
Michael Boelen ed45fe7b29 Use the data from machine ID when no SSH keys are available 2017-01-28 12:11:38 +01:00
Michael Boelen 670b18b6f5 Strip out any comments at end of nginx configuration lines 2017-01-27 14:36:55 +01:00
Michael Boelen d4f4c2d785 Added support for Trend Micro and Cylance (macOS) 2017-01-24 20:01:22 +01:00
Michael Boelen 338edb4971 Add stderr for other network tests 2017-01-24 19:30:17 +01:00
Michael Boelen d2a80ed789 Add stderr for NETW-3004 2017-01-24 19:28:06 +01:00
Andres Gomez Casanova 145e1164be Variable name in reportWarning function ()
* Variable name

* Update functions

* Update functions
2017-01-16 11:03:07 +00:00
pyllyukko d25dcd09ef Set MAC_FRAMEWORK_ACTIVE=1 if grsecurity's RBAC is enabled ()
* Look for gradm utility

* Set MAC_FRAMEWORK_ACTIVE=1 if grsec's RBAC is enabled
2017-01-16 11:02:03 +00:00
Michael Boelen e483d69050 Solved error on AIX 2016-12-02 20:48:37 +01:00
Michael Boelen aadd58e6a6 Allow option to configure host IDs via profile 2016-12-02 13:19:29 +01:00
Michael Boelen c6f80c0a90 Improve output of report 2016-11-20 16:23:25 +01:00
Michael Boelen e7938c19e6 [KRNL-5830] Improved logging 2016-11-20 16:23:17 +01:00
Michael Boelen d7ed46ae9e [KRNL-5788] Remove exception, style improvements 2016-11-20 16:16:02 +01:00
Michael Boelen f16325ff55 Only show non-privileged tests that were skipped if they are applicable to our platform 2016-11-19 15:38:32 +01:00
Zach Crownover 659d3e42c5 Improve DragonFly support ()
* Update facter location for BSDs

BSDs tend to place third party binaries in /usr/local rather than /usr

* Add support for DragonFly boot loader detection

DragonFly BSD has the same file paths for the bootloader as FreeBSD

* Add kernel module checking for DragonFly

DragonFly BSD checks kernel modules the same way as FreeBSD

* Add DragonFly check for login shells

DragonFly's login files are the same as FreeBSD's

* Add HAMMER PFS Detection

All PFS mounts in HAMMER systems for DragonFly will be detected now
2016-11-19 12:39:57 +00:00