tyler.durden
/
lynis
mirror of https://github.com/CISOfy/lynis.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
1,811 Commits 2 Branches 63 Tags 18 MiB
Commit Graph

1811 Commits

Author SHA1 Message Date
guyav a0849ac053 Added quote marks on SSH commands (#372) 
Added quote marks for the SSH commands in steps and 6.
 2017-03-27 09:19:01 +02:00
Michael Boelen 2b14437494 Release 2.4.7 2017-03-22 11:54:05 +01:00
Michael Boelen db0e35c4fb Updated log 2017-03-20 13:40:27 +01:00
Michael Boelen 57770fe332 [HTTP-6641] support Apache mod_reqtimeout module 2017-03-20 13:40:00 +01:00
Michael Boelen 69224716f6 Updated logging 2017-03-20 13:13:01 +01:00
Michael Boelen 90e240cfb5 [CUPS-2308] removed exception handler, improved logging 2017-03-20 13:12:55 +01:00
Michael Boelen 72aed70677 Updated log 2017-03-17 19:00:20 +01:00
Yaisel Hurtado 4368013b43 Fixed detection of security repositories (#370) 2017-03-17 17:59:21 +00:00
Michael Boelen 7b28803a06 Updated log 2017-03-17 10:37:31 +01:00
Michael Boelen cba08e8002 Move to development release 2017-03-17 10:37:25 +01:00
Michael Boelen 9ff31074a1 Added more banner words 2017-03-17 10:37:14 +01:00
Michael Boelen 5693a6c196 Release 2.4.6 2017-03-15 10:35:12 +01:00
Michael Boelen 4d2e0e5aab Added another certificate path for Plesk 2017-03-14 16:47:01 +01:00
Michael Boelen ba7d13b4e4 Updated log 2017-03-14 16:43:00 +01:00
Michael Boelen 35440d437c Support for Plesk certificates path 2017-03-14 16:42:51 +01:00
Michael Boelen d8e41ca118 [CRYP-7902] Support for Plesk file names 2017-03-14 16:42:39 +01:00
Michael Boelen 70607daa65 Cleanups 2017-03-14 16:41:47 +01:00
Michael Boelen 352ea8c21c Added missing pipe 2017-03-13 19:55:00 +01:00
Michael Boelen b67d9233eb Added more logging 2017-03-13 19:53:56 +01:00
Michael Boelen cfc3fae91c Updated log 2017-03-13 19:48:10 +01:00
Michael Boelen e4474320ee [PKGS-7387] check all repositories for usage of gpg signing 2017-03-13 19:47:06 +01:00
Michael Boelen cd63e2389e [FILE-7524] Do not show missing files or paths by default 2017-03-13 16:26:26 +01:00
Michael Boelen 8cfd05fdef Updated log 2017-03-13 15:51:42 +01:00
Michael Boelen 4be6b958e4 [MALW-3280] added Avira detection 2017-03-13 15:51:13 +01:00
Michael Boelen 61f96d9b1c Updated log 2017-03-13 12:09:36 +01:00
Michael Boelen 6083f6d9ff [SCHD-7704] permission checks and minor code cleanups 2017-03-13 12:00:27 +01:00
Michael Boelen 320a397772 [TIME-3104] Test permissions before opening files 2017-03-13 11:59:05 +01:00
Michael Boelen 7d17bfbbd7 Escape file when needed to test if it is readable 2017-03-13 11:57:23 +01:00
noci2012 ad779f29eb Added new php paths (#369) 
removed php5.4,  added 7.0 and 7.1 and the flavours that are known on gentoo
(apache2, cgi, cli, embed,  fpm)
 2017-03-13 09:50:09 +00:00
Michael Boelen fa6f3f3278 Updated log 2017-03-12 19:27:22 +01:00
Michael Boelen de84454d3f Cleanup 2017-03-12 19:27:16 +01:00
Michael Boelen b66e1402df Support for Manjaro Linux 2017-03-12 19:27:04 +01:00
Michael Boelen 7135154420 Updated log 2017-03-12 17:02:03 +01:00
Michael Boelen 814f2355ca [NAME-4018] only perform test when /etc/resolv.conf exists 2017-03-12 17:01:58 +01:00
Michael Boelen 5df7773464 Updated log 2017-03-12 16:43:47 +01:00
Michael Boelen c2b7c76f97 Mark OS version of Arch Linux as rolling release 2017-03-12 16:42:44 +01:00
Michael Boelen 78b6a6b49f Remove lines related to report 2017-03-12 16:37:43 +01:00
Michael Boelen 369f0b82d7 Move to development version 2017-03-12 16:36:12 +01:00
Michael Boelen 88b37d16ca Added FileInstalledByPackage function 2017-03-12 16:36:02 +01:00
Michael Boelen 32b9af0767 [CRYP-7902] Test certificates with extension crt and pem, only if not part of a package 2017-03-12 16:35:50 +01:00
Michael Boelen a70cfd0a70 Improve message 2017-03-09 12:32:32 +01:00
Michael Boelen 26d155e012 Moving to 2.4.5 release 2017-03-09 12:29:09 +01:00
Michael Boelen bb83598ff1 [DBS-1882] include redis.conf 2017-03-09 12:28:05 +01:00
Michael Boelen 336dcb4811 [PKGS-7381] Enhanced FreeBSD pkg audit testing 2017-03-09 12:27:38 +01:00
Michael Boelen e082b8af08 Updated log 2017-03-08 21:19:20 +01:00
Michael Boelen d7d9539547 Updated log 2017-03-08 20:16:15 +01:00
Michael Boelen 658bbc6eba Rename host_alias to hostname_alias 2017-03-08 20:16:00 +01:00
hlein 62d9a18861 A bunch of Solaris compatibility tweaks (#367) 
* Work around Solaris' /bin/sh not being POSIX.

If /usr/xpg4/bin/sh is present, we are (definitely?) on Solaris or
a derivative, and /bin/sh cannot be trusted to support POSIX, but
/usr/xpg4/bin/sh can be.  Exec it right away.

* Work around Solaris 'which' command oddity.

Solaris' (at least) 'which' command outputs not-found errors to STDOUT
instead of STDERR.

This makes "did we get any output from which" checks insufficient;
piping to grep -v the "no foo in ..." message should work.

Note that this patch set includes all such uses of which that I could
find, including ones that should never be reached on Solaris (i.e. only
executed on some other OS) just for consistency.

* Improved alternate-sh exec to avoid looping.

* Solaris' /usr/ucb/echo supports -n.

* Check for the best hash type that openssl supports.

When using openssl to generate hashes, do not assume it supports
sha256; try that, then sha1, then give up and use md5.

* Solaris does not support sed -i; use a tempfile.

* Use the full path for modinfo.

When running as non-root, /usr/sbin/ might not be in PATH.
include/tests_accounting already calls modinfo by full path, but
include/tests_kernel did not.

* Solaris find does not support -maxdepth.

This mirrors the logic already in tests_homedirs.

* Use PSBINARY instead of ps.

* Work around Solaris' date not supporting +%s.

Printing nawk's srand value is a bizarre but apparently once popular
workaround for there being no normal userland command to print
UNIX epoch seconds.  A perl one-liner is the other common approach,
but nawk may be more reliably present on Solaris than perl.

* Revert to using sha1 for HOSTID.

* Whitespace cleanup for openssl hash tests.
 2017-03-08 16:24:24 +00:00
hlein e054e9757c Lots of cleanups (#366) 
* Description fix: SafePerms works on files not dirs.

All uses of SafePerms are on files (and indeed, it would reject
directories which would have +x set).

* Lots of whitespace cleanups.

Enforce everywhere(?) the same indentations for if/fi blocks.
The standard for the Lynis codebase is 4 spaces.  But sometimes
it's 1, sometimes 3, sometimes 8.

These patches standardize all(?) if blocks but _not_ else's (which
are usually indented 2, but sometimes zero); I was too lazy to
identify those (see below).

This diff is giant, but should not change code behavior at all;
diff -w shows no changes apart from whitespace.

FWIW I identified instances to check by using:

  perl -ne 'if ($oldfile ne $ARGV) { $.=1; $oldfile=$ARGV; }; chomp; if ($spaces) { next unless /^( *)([^ ]+)/; $newspaces=length($1); $firsttok = $2; next unless defined($firsttok); $offset = ($firsttok eq "elif" ? 0 : 4); if ($newspaces != $spaces + $offset) { print "$ARGV:$ifline\n$ARGV:$.:$_\n\n" }; $ifline=""; $spaces="";  } if (/^( *)if (?!.*[; ]fi)/) { $ifline = "$.:$_"; $spaces = length($1); }' $(find . -type f -print0 | xargs -0 file | egrep shell | cut -d: -f1)

Which produced output like:

  ./extras/build-lynis.sh:217:            if [ ${VERSION_IN_SPECFILE} = "" -o ! "${VERSION_IN_SPECFILE}" = "${LYNIS_VERSION}" ]; then
  ./extras/build-lynis.sh:218:               echo "[X] Version in specfile is outdated"

  ./plugins/plugin_pam_phase1:69:        if [ -d ${PAM_DIRECTORY} ]; then
  ./plugins/plugin_pam_phase1:70:                LogText "Result: /etc/pam.d exists"

...There's probably formal shellscript-beautification tools that
I'm oblivious about.

* More whitespace standardization.

* Fix a syntax error.

This looks like an if [ foo -o bar ]; was converted to if .. elif,
but incompletely.

* Add whitespace before closing ].

Without it, the shell thinks the ] is part of the last string, and
emits warnings like:

  .../lynis/include/tests_authentication: line 1028: [: missing `]'
 2017-03-07 19:23:08 +00:00
Michael Boelen 7e915df1ee Updated log 2017-03-06 15:42:47 +01:00