tyler.durden
/
lynis
mirror of https://github.com/CISOfy/lynis.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
1,825 Commits 2 Branches 62 Tags 17 MiB
Commit Graph

71 Commits

Author SHA1 Message Date
hlein e054e9757c Lots of cleanups (#366) 
* Description fix: SafePerms works on files not dirs.

All uses of SafePerms are on files (and indeed, it would reject
directories which would have +x set).

* Lots of whitespace cleanups.

Enforce everywhere(?) the same indentations for if/fi blocks.
The standard for the Lynis codebase is 4 spaces.  But sometimes
it's 1, sometimes 3, sometimes 8.

These patches standardize all(?) if blocks but _not_ else's (which
are usually indented 2, but sometimes zero); I was too lazy to
identify those (see below).

This diff is giant, but should not change code behavior at all;
diff -w shows no changes apart from whitespace.

FWIW I identified instances to check by using:

  perl -ne 'if ($oldfile ne $ARGV) { $.=1; $oldfile=$ARGV; }; chomp; if ($spaces) { next unless /^( *)([^ ]+)/; $newspaces=length($1); $firsttok = $2; next unless defined($firsttok); $offset = ($firsttok eq "elif" ? 0 : 4); if ($newspaces != $spaces + $offset) { print "$ARGV:$ifline\n$ARGV:$.:$_\n\n" }; $ifline=""; $spaces="";  } if (/^( *)if (?!.*[; ]fi)/) { $ifline = "$.:$_"; $spaces = length($1); }' $(find . -type f -print0 | xargs -0 file | egrep shell | cut -d: -f1)

Which produced output like:

  ./extras/build-lynis.sh:217:            if [ ${VERSION_IN_SPECFILE} = "" -o ! "${VERSION_IN_SPECFILE}" = "${LYNIS_VERSION}" ]; then
  ./extras/build-lynis.sh:218:               echo "[X] Version in specfile is outdated"

  ./plugins/plugin_pam_phase1:69:        if [ -d ${PAM_DIRECTORY} ]; then
  ./plugins/plugin_pam_phase1:70:                LogText "Result: /etc/pam.d exists"

...There's probably formal shellscript-beautification tools that
I'm oblivious about.

* More whitespace standardization.

* Fix a syntax error.

This looks like an if [ foo -o bar ]; was converted to if .. elif,
but incompletely.

* Add whitespace before closing ].

Without it, the shell thinks the ] is part of the last string, and
emits warnings like:

  .../lynis/include/tests_authentication: line 1028: [: missing `]'
 2017-03-07 19:23:08 +00:00
hlein b595cc0fb5 Various cleanups (#363) 
* Typo fix.

* Style change: always use $(), never ``.

The Lynis code already mostly used $(), but backticks were sprinkled
around.  Converted all of them.

* Lots of minor spelling/typo fixes.

FWIW these were found with:

  find . -type f -print0 | xargs -0 cat | aspell list | sort -u | egrep '^[a-z]+$' | less

And then reviewing the list to pick out things that looked like
misspelled words as opposed to variables, etc., and then manual
inspection of context to determine the intention.
 2017-03-06 07:41:21 +00:00
Michael Boelen d15ba9607f [SSH-7408] Corrected variable and allow a few more retries to prevent issues with public key authentication 2017-03-01 16:07:32 +01:00
Michael Boelen a817bf2f1b [SSH-7408] allow filtering for multiple options and new SSH value for PermitRootLogin 2017-02-15 13:14:54 +01:00
Michael Boelen 34ba1ba184 Changed date and preparing for release 2017-02-09 13:35:40 +01:00
Michael Boelen 82ededed31 Style improvements and command replacements 2016-09-08 21:04:17 +02:00
Michael Boelen 679e8c628e Use detected binaries 2016-08-25 15:31:33 +02:00
Michael Boelen 2f4c854ba7 Rename of categories, introduction of groups 2016-07-24 17:22:00 +02:00
Lukas Pirl f19f5927a5 added test for AllowAgentForwarding being turned off (#222) 
for reasons, see links below:
  https://wiki.mozilla.org/Security/Guidelines/OpenSSH#SSH_agent_forwarding
  https://heipei.github.io/2015/02/26/SSH-Agent-Forwarding-considered-harmful/
 2016-07-11 11:25:51 +02:00
Michael Boelen 983e293eb1 Replaced text strings to allow translations 2016-06-18 11:14:01 +02:00
Michael Boelen 52ad74c5ce [SSH-7408] Show SSH items as a suggestion on screen, like in the report 2016-06-11 14:45:17 +02:00
Eric Light 47748c8fd8 UseDNS = No is a safer configuration (#204) 
See Issue #197.  

References:
 - https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/424371/comments/11
 - https://unix.stackexchange.com/questions/56941/what-is-the-point-of-sshd-usedns-option
 - https://security.googleblog.com/2016/02/cve-2015-7547-glibc-getaddrinfo-stack.html
 2016-05-19 19:58:52 +02:00
mboelen 6e2640c4d5 Retrieve SSH settings from active configuration and store earlier, test with lowercase settings for other tests 2016-05-02 15:04:40 +02:00
mboelen 42607ceaf5 Replaced old function names with new ones 2016-04-28 12:31:57 +02:00
mboelen 5757837e28 Show skipped items when running in verbose mode 2016-04-20 12:08:10 +02:00
Eric Light a6393bd8a0 Display skipped atomic tests (#169) 
Added section to log & display skipped atomic tests.
 2016-04-20 10:46:40 +02:00
mboelen a2594fc370 [SSH-7408] Allow skipping some of the SSH tests 2016-04-19 12:37:40 +02:00
mboelen 0783b2fd4b Use SSH configuration from sshd instead of configuration file, add more details to report 2016-04-19 12:04:51 +02:00
mboelen 2c815129e4 Added details and changed suggestion text 2016-04-19 09:54:18 +02:00
mboelen 4d52e64b2a Match sshd process running and/or port 22 listening 2016-03-30 13:48:18 +02:00
Kamil Boratyński 232419df8c Modified SSH service checking. 2016-03-22 23:54:38 +01:00
mboelen 8cc47819b4 Removed copyright line, added description 2016-03-13 16:03:46 +01:00
mboelen 6197ac08e7 Added link to website, blog, github 2016-03-13 16:00:39 +01:00
mboelen 62f31a8b82 SSH-7408: use only the last occurrence of a configured option 2016-03-08 08:47:25 +01:00
Eric Light 4f38eb4739 Removed ServerAliveInterval 
Belongs in ssh_config instead.  Ref issue #120
 2016-02-10 09:24:19 +13:00
mboelen c4888fbb8e Added value for ServerAliveInterval setting 2016-02-09 15:53:11 +01:00
mboelen a3b4705508 Reordered SSH options, added ServerAliveInterval, changed TCPKeepAlive suggestion 2016-02-09 12:54:47 +01:00
asiebelt a095ba64a0 Fix scoring logic for "<" 2016-01-02 18:13:07 +01:00
asiebelt 7f462d0a41 Fix typo 2016-01-02 18:07:02 +01:00
asiebelt 81bac124ee Fix Scoring for "<" 2016-01-02 18:03:11 +01:00
asiebelt 99fd20aae0 Fix Test Definition 2016-01-02 17:49:01 +01:00
asiebelt 4234a646ed Update tests_ssh 2016-01-02 17:39:25 +01:00
mboelen d16b38eff8 Rename of logtext and report functions, upcoming year change 2015-12-21 21:17:15 +01:00
Kamil Boratyński 8c544846ab Improved [SSH-7408] with 'AllowTcpForwarding'. 2015-12-07 07:15:48 +01:00
Kamil Boratyński 785119824e Improved [SSH-7408] with 'PermitTunnel'. 2015-12-07 07:15:03 +01:00
Kamil Boratyński 490fd6d5ec Improved [SSH-7408] with 'GatewayPorts'. 2015-12-07 07:14:19 +01:00
Kamil Boratyński 3817ffd299 Improved [SSH-7408] with 'PermitUserEnvironment'. 2015-12-06 01:46:47 +01:00
Kamil Boratyński 5487401aba Improved [SSH-7408] with 'MaxSessions'. 2015-12-06 01:46:47 +01:00
Kamil Boratyński 47576a1bd0 Improved [SSH-7408] with 'MaxStartups'. 2015-12-06 01:46:35 +01:00
Kamil Boratyński 35b663cff9 Improved [SSH-7408] with 'LoginGraceTime'. 2015-12-06 01:45:31 +01:00
Kamil Boratyński 96dfb5cf15 Improved [SSH-7408] with 'Port'. 2015-12-06 01:41:23 +01:00
Kamil Boratyński c394024769 [SSH-7408]: Implemented '!' test type. 2015-12-05 21:46:03 +01:00
Kamil Boratyński d191bed2d7 Improved [SSH-7408] with 'ClientAliveInterval'. 2015-12-05 21:37:27 +01:00
Kamil Boratyński 7bcf442a1e Improved [SSH-7408] with 'ClientAliveCountMax'. 2015-12-05 21:36:13 +01:00
Kamil Boratyński c252b9b376 Improved [SSH-7408] with 'MaxAuthTries'. 2015-12-05 21:18:35 +01:00
Kamil Boratyński 2e37c17675 [SSH-7408]: Implemented '>' test type. 2015-12-05 21:18:35 +01:00
Kamil Boratyński 9a30640327 [SSH-7408]: Implemented '<' test type. 2015-12-05 21:18:32 +01:00
Kamil Boratyński 013886ec16 Refactorized [SSH-7408]. 
First step for differents types of tests.
 2015-12-05 20:39:30 +01:00
mboelen 386d7701f3 New SSH options added and small changes to improve output on screen and in log file 2015-12-04 11:05:13 +01:00
Kamil Boratyński 9421feb704 Improved [SSH-7408] with 'Compression'. 2015-12-04 09:29:54 +01:00