Commit Graph

46 Commits

Author SHA1 Message Date
Michael Boelen 4b912ab357
Merge pull request #1399 from xnoguer/issue-1319
Added tests considering Wazuh for file integrity and tooling
2023-09-13 16:04:04 +02:00
Xavier Noguer 9f36e17ee0 Added tests considering Wazuh for file integrity and tooling 2023-05-23 15:07:42 +00:00
xnoguer 6f1797fb59 Using grep -E 2023-04-23 17:38:21 -04:00
Thomas Sjögren ed3d75872e add support for additional Aide db paths
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
2021-04-30 22:07:42 +02:00
Michael Boelen da1c1eca10
Preparation for release 3.0.3 2021-01-07 15:22:19 +01:00
Stéphane 67d04f2536
Add translate function for all sections
+ add EN and FR up to date languages files
2020-10-22 00:13:42 +02:00
Michael Boelen 603d5b16a2
[FINT-4339] define what file to check for 2020-03-25 19:40:05 +01:00
Topi Miettinen 8ea39314f2
Check for dm-integrity and dm-verity
Detect tools for dm-integrity and dm-verity, check if some devices
in /dev/mapper/* use them and especially the system root device.

Signed-off-by: Topi Miettinen <toiwoton@gmail.com>
2020-03-23 10:35:38 +02:00
Topi Miettinen 203a4d3480
Check IMA/EVM status
Check for evmctl (Extended Verification Module) tool and system IMA (Integrity Measurement
Architecture) status.

Signed-off-by: Topi Miettinen <toiwoton@gmail.com>
2020-03-22 11:21:52 +02:00
Michael Boelen 38310223a6
Updated date/year 2020-03-20 14:50:25 +01:00
Michael Boelen 09f29a5e64
Code style improvement: quote argument 2019-12-18 12:17:46 +01:00
Michael Boelen f89aa98408
Added FINT-4316 2019-08-26 08:02:11 +02:00
Michael Boelen fa064a824b
[FINT-4334] improved process detection for lfd 2019-07-26 16:14:26 +02:00
Michael Boelen fa8bad20db
Use -n instead of ! -z 2019-07-16 13:20:30 +02:00
Michael Boelen 455fc26bf7
Small code enhancements 2019-07-15 19:39:04 +02:00
Michael Boelen 2e7c6c7816
[FINT-4328] correct text in log 2019-07-15 19:34:37 +02:00
Michael Boelen 66066ae226
Changed year and preparing for new release 2019-01-31 14:47:35 +01:00
Michael Boelen 66f8cb2441
Changed year 2018-01-11 09:50:26 +01:00
Michael Boelen 70ea29483a
Code enhancements 2017-04-23 20:06:54 +02:00
Michael Boelen 78b6a6b49f Remove lines related to report 2017-03-12 16:37:43 +01:00
hlein e054e9757c Lots of cleanups (#366)
* Description fix: SafePerms works on files not dirs.

All uses of SafePerms are on files (and indeed, it would reject
directories which would have +x set).

* Lots of whitespace cleanups.

Enforce everywhere(?) the same indentations for if/fi blocks.
The standard for the Lynis codebase is 4 spaces.  But sometimes
it's 1, sometimes 3, sometimes 8.

These patches standardize all(?) if blocks but _not_ else's (which
are usually indented 2, but sometimes zero); I was too lazy to
identify those (see below).

This diff is giant, but should not change code behavior at all;
diff -w shows no changes apart from whitespace.

FWIW I identified instances to check by using:

  perl -ne 'if ($oldfile ne $ARGV) { $.=1; $oldfile=$ARGV; }; chomp; if ($spaces) { next unless /^( *)([^ ]+)/; $newspaces=length($1); $firsttok = $2; next unless defined($firsttok); $offset = ($firsttok eq "elif" ? 0 : 4); if ($newspaces != $spaces + $offset) { print "$ARGV:$ifline\n$ARGV:$.:$_\n\n" }; $ifline=""; $spaces="";  } if (/^( *)if (?!.*[; ]fi)/) { $ifline = "$.:$_"; $spaces = length($1); }' $(find . -type f -print0 | xargs -0 file | egrep shell | cut -d: -f1)

Which produced output like:

  ./extras/build-lynis.sh:217:            if [ ${VERSION_IN_SPECFILE} = "" -o ! "${VERSION_IN_SPECFILE}" = "${LYNIS_VERSION}" ]; then
  ./extras/build-lynis.sh:218:               echo "[X] Version in specfile is outdated"

  ./plugins/plugin_pam_phase1:69:        if [ -d ${PAM_DIRECTORY} ]; then
  ./plugins/plugin_pam_phase1:70:                LogText "Result: /etc/pam.d exists"

...There's probably formal shellscript-beautification tools that
I'm oblivious about.

* More whitespace standardization.

* Fix a syntax error.

This looks like an if [ foo -o bar ]; was converted to if .. elif,
but incompletely.

* Add whitespace before closing ].

Without it, the shell thinks the ] is part of the last string, and
emits warnings like:

  .../lynis/include/tests_authentication: line 1028: [: missing `]'
2017-03-07 19:23:08 +00:00
Michael Boelen 34ba1ba184 Changed date and preparing for release 2017-02-09 13:35:40 +01:00
marcus-cr 6c02d49de0 Warning added for missing AIDE config file (#303)
Warning given if AIDE is detected but no configuration file found.
Without configuration file AIDE will not work.
2016-10-26 12:28:47 +02:00
Michael Boelen 903016df36 Code cleanups and generic enhancements 2016-09-10 16:12:44 +02:00
Michael Boelen 82ededed31 Style improvements and command replacements 2016-09-08 21:04:17 +02:00
Michael Boelen 679e8c628e Use detected binaries 2016-08-25 15:31:33 +02:00
Michael Boelen 052350feb4 [FINT-4402] Use correct variable 2016-07-28 10:38:10 +02:00
Michael Boelen 532e242a2f Style changes 2016-07-26 14:58:04 +02:00
Michael Boelen 019203e7e8 Typo fix 2016-07-26 14:35:47 +02:00
Michael Boelen 2f4c854ba7 Rename of categories, introduction of groups 2016-07-24 17:22:00 +02:00
Michael Boelen 983e293eb1 Replaced text strings to allow translations 2016-06-18 11:14:01 +02:00
Michael Boelen f7e353fe17 Report multiple file integrity tools, clean ups, and renumber FINT-4316 to FINT-4402 2016-05-16 20:55:42 +02:00
mboelen 42607ceaf5 Replaced old function names with new ones 2016-04-28 12:31:57 +02:00
mboelen 6197ac08e7 Added link to website, blog, github 2016-03-13 16:00:39 +01:00
mboelen 54ab91f87e Renamed FINT-4351 to FINT-4338 2016-03-01 16:30:48 +01:00
Toni de la Fuente 617ede8686 Update tests_file_integrity 2016-02-29 17:27:07 -05:00
Toni de la Fuente cb73eed69b added support to osquery 2016-02-29 17:16:50 -05:00
mboelen d16b38eff8 Rename of logtext and report functions, upcoming year change 2015-12-21 21:17:15 +01:00
Laurent Quillerou 3cdd9ea949 Delete trailing whitespace 2015-09-07 18:35:07 +03:00
mboelen f3bd9ca9ad Display only the tools actually found, to keep screen output as clean as possible 2015-05-17 23:22:54 +02:00
mboelen 46f9a3dec8 Log file integrity monitoring tool, adding support for lfd (CSF) tool 2015-05-17 23:01:38 +02:00
mboelen 5caf4ddc4f Update of the files to reflect HTTPS version of website and 2015. Happy New Year! 2015-01-03 12:45:22 +01:00
mboelen 747fd5bb19 Changed status of file integrity tool in report 2014-12-03 22:51:19 +01:00
mboelen 77e2705eb7 Perform configuration integrity test for AIDE 2014-10-27 00:28:28 +01:00
mboelen c9fde8c2d1 Code cleanup and small enhancements 2014-09-15 12:01:09 +02:00
mboelen c0ae2e217b Initial import 2014-08-26 17:33:55 +02:00