tyler.durden
/
lynis
mirror of https://github.com/CISOfy/lynis.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
965 Commits 2 Branches 62 Tags 17 MiB
Commit Graph

698 Commits

Author SHA1 Message Date
Michael Boelen beb02e2c3d Merge pull request #142 from kboratynski/features/sshd 
features/sshd
 2016-03-30 11:55:58 +02:00
cnrat fcaa7ffe8b Bug fixed 
echo /etc/fstab is wrong.
 2016-03-29 16:35:39 +08:00
mboelen 0e9b63a6ed Adjusted variable to properly check systemd directory 2016-03-24 17:28:53 +01:00
mboelen 0779005b46 [AUTH-9308] Skip testing some files when systemd is used 2016-03-24 17:16:14 +01:00
mboelen d7c8233dd4 Check for systemd 2016-03-24 17:15:39 +01:00
mboelen 0d2be381f9 [AUTH-9308] Test systemd targets 2016-03-24 16:46:54 +01:00
mboelen 95df056ca8 Don't use type -p, as it won't work on all systems 2016-03-24 14:35:12 +01:00
mboelen 45f6bcc601 Minor text changes 2016-03-24 11:11:40 +01:00
Michael Boelen d1bb7855df Merge pull request #139 from rhyven/patch-2 
AUTH-9262 - restructure + pwquality
 2016-03-24 10:52:20 +01:00
Michael Boelen 30dae85a63 Merge pull request #141 from kboratynski/features/macosx_brew 
Added brew as package manager.
 2016-03-24 10:48:03 +01:00
mboelen a3084da623 Improved templates and examples 2016-03-24 10:34:16 +01:00
Kamil Boratyński 1f320f68c2 Fixed IsTcpUdpListening function 2016-03-22 23:57:09 +01:00
Kamil Boratyński 232419df8c Modified SSH service checking. 2016-03-22 23:54:38 +01:00
Kamil Boratyński 3e5555fb12 Added listening function. 
Listening functions checks whether there exist a service listening
on specified protocol and port.
 2016-03-22 23:53:58 +01:00
Kamil Boratyński 85236bb996 Added brew as package manager. 2016-03-22 23:06:10 +01:00
Kamil Boratyński 89cb26c1f1 Added OSX default php.ini location. 2016-03-22 22:21:55 +01:00
Eric Light fad4dfc0cc Modified AUTH-9262 
Added pwquality (default in some Ubuntu variants) to accepted password-quality modules.  Reworked test so that full points are possible (passwdqc and cracklib incompatible).
 2016-03-22 16:30:47 +13:00
Eric Light 2a2c094825 Hide fail2ban open+deleted file warning with grsec 
One of the features in grsecurity also prevents Fail2Ban from creating a temp file under /var/tmp.  I've been unable to pinpoint the line in fail2ban which causes the issue, but have confirmed it's related to Fail2Ban.

Note: disabling the PaX MPROTECT function on /usr/bin/python will also resolve this issue, but it's better to keep MPROTECT on.
 2016-03-22 15:28:21 +13:00
Erwin Vrolijk 7c2b8b90d9 Added ini dir of EL6 
On my EL6 systems PHP uses an ini directory of /etc/php.d, added this to the php test.
 2016-03-21 11:20:30 +01:00
mboelen c3d5dabb49 Move stderr redirection to sysctl command instead of grep, to prevent errors displaying on screen 2016-03-17 21:02:28 +01:00
mboelen e949e560d7 Improve systemd detection on Fedora 2016-03-17 20:57:31 +01:00
mboelen b9dba2f3be Don't show umask exception, as it will trigger on Debian 8 2016-03-17 20:54:28 +01:00
mboelen a427eb6fa7 Rewrote test to determine system manager 2016-03-17 20:32:21 +01:00
mboelen abbcd2f97e Added additional logging for KRNL-5830 2016-03-17 19:39:36 +01:00
mboelen 39f24a57b9 Add Gentoo as Linux version 2016-03-17 18:11:03 +01:00
mboelen 9689417aec Add missing fi 2016-03-17 16:43:33 +01:00
mboelen a33b3c828f Check system manager and allow init as option in /proc/1/cmdline 2016-03-17 16:40:53 +01:00
mboelen 7adf2425a6 Added STRG-1842 to check for authorized USB devices 2016-03-17 16:36:52 +01:00
mboelen 237c0f87a7 BOOT-5104: Rewrote test to detect service manager 2016-03-16 12:10:10 +01:00
mboelen 488c08c3f3 Add better description of hardening points assignment 2016-03-16 11:19:17 +01:00
Michael Boelen 2fe5fa2cc6 Merge pull request #135 from rhyven/patch-5 
Accept apt-get as a package audit tool
 2016-03-16 11:02:35 +01:00
Michael Boelen a629248048 Merge pull request #134 from rhyven/patch-4 
Make AddHP identify non-optimal HP in logfile entries
 2016-03-16 11:02:15 +01:00
mboelen 322c7354d9 Added alternative location for dmidecode 2016-03-16 10:54:49 +01:00
mboelen bdc0f010c1 Set fixed dmidecode location 2016-03-16 09:54:54 +01:00
Eric Light a97bcb2142 Accept apt-get as a package audit tool 2016-03-14 12:02:18 +13:00
Eric Light 2ff7ce26c9 Make AddHP identify non-optimal HP in logfile entries 2016-03-14 10:35:57 +13:00
mboelen b8df6c4204 DBS-1816: Removed suggestion 2016-03-13 16:49:08 +01:00
mboelen 8cc47819b4 Removed copyright line, added description 2016-03-13 16:03:46 +01:00
mboelen 6197ac08e7 Added link to website, blog, github 2016-03-13 16:00:39 +01:00
mboelen dcb7f311fa Changed text and links 2016-03-13 15:48:03 +01:00
mboelen cf553b543c Added missing } 2016-03-12 20:50:28 +01:00
mboelen 89fbdd2feb HTTP-6622: Determine Apache version and store in report 2016-03-12 20:45:37 +01:00
mboelen 6d2770ede6 Added FreeBSD path for namedb configuration file 2016-03-12 20:19:12 +01:00
mboelen e88f15fd82 Removed tabs 2016-03-12 19:08:53 +01:00
mboelen bd833057e1 NAME-4406: adjusted filter for localhost detection + logging 2016-03-12 19:08:23 +01:00
mboelen 7f34f9dece AUTH-9288: ignore add include/tests_authentication 2016-03-08 12:01:11 +01:00
mboelen 6ec3e5b39d Added suggestion for file systems which are symlinked 2016-03-08 11:35:15 +01:00
mboelen 4874c80186 HTTP-6624: ignore wildcard and default entries as ServerName 2016-03-08 11:34:33 +01:00
mboelen ebdd946570 STRG-1840: disabled suggestion as this is considered high secure item 2016-03-08 09:50:28 +01:00
mboelen 62f31a8b82 SSH-7408: use only the last occurrence of a configured option 2016-03-08 08:47:25 +01:00
Michael Boelen e9edd2dd09 Merge pull request #129 from rhyven/patch-3 
Make NAME-4404 case-insensitive
 2016-03-08 08:08:31 +01:00
Eric Light e40a3562fb Make NAME-4404 case-insensitive 2016-03-07 15:15:22 +13:00
Eric Light 34c88e0c05 Removed errant semicolon which broke uploads 
Resolves below error:
   ./lynis: 25: ./include/data_upload: Syntax error: ";" unexpected
 2016-03-04 15:06:32 +13:00
mboelen 2b95019b62 Use proper variable for cURL 2016-03-03 12:50:43 +01:00
mboelen 09193d8ba9 Add support for FreeBSD to detect PAM files 2016-03-03 12:48:42 +01:00
mboelen a67a8f89bc Added space when upload options are used 2016-03-03 10:20:23 +01:00
mboelen 54ab91f87e Renamed FINT-4351 to FINT-4338 2016-03-01 16:30:48 +01:00
Toni de la Fuente 617ede8686 Update tests_file_integrity 2016-02-29 17:27:07 -05:00
Toni de la Fuente cb73eed69b added support to osquery 2016-02-29 17:16:50 -05:00
mboelen 13cfbd3019 Make IPv6 check compatible for all systems 2016-02-25 14:24:50 +01:00
mboelen f6c84785e7 Changed exception of missing eth0 interface into an informational message 2016-02-24 19:59:23 +01:00
mboelen 75ca02d1a5 Allow proxy usage during license check 2016-02-15 13:50:03 +01:00
mboelen 2aa9b9a9b1 Changed custom URLs for hardening tips 2016-02-15 12:39:06 +01:00
Eric Light 4f38eb4739 Removed ServerAliveInterval 
Belongs in ssh_config instead.  Ref issue #120
 2016-02-10 09:24:19 +13:00
mboelen c4888fbb8e Added value for ServerAliveInterval setting 2016-02-09 15:53:11 +01:00
mboelen b1f655ca1e Merge branch 'master' of https://github.com/CISOfy/Lynis 2016-02-09 13:02:50 +01:00
Michael Boelen fde45eafd4 Merge pull request #113 from pyllyukko/fix_LogText 
Fix "/etc/inittab" -> "/etc/sysconfig/init"
 2016-02-09 13:03:08 +01:00
mboelen 820c24c347 Added OpenBSD for [NETW-3004] 2016-02-09 13:00:29 +01:00
Michael Boelen 44752440e8 Merge pull request #115 from alobodzinski/master 
Change text and add account test for OpenBSD
 2016-02-09 12:59:10 +01:00
mboelen a3b4705508 Reordered SSH options, added ServerAliveInterval, changed TCPKeepAlive suggestion 2016-02-09 12:54:47 +01:00
mboelen 66d8ea418f Improve log file for data uploads 2016-02-02 17:08:53 +01:00
mboelen 4923ce9cb4 Added comment 2016-02-02 17:07:44 +01:00
mboelen ac5c98d76c Show what profile is used when using --config 2016-02-02 17:07:20 +01:00
mboelen 647b482c53 Use the right columns from DNF to split package name and version 2016-01-25 15:47:24 +01:00
mboelen d3e58a0537 Adjusted stderr redirecting and improve logging of packages 2016-01-25 15:38:46 +01:00
mboelen 5c53d16189 Show on screen if vulnerable packages are found 2016-01-25 15:04:46 +01:00
mboelen acafb316d3 Add warning if DNF found vulnerable packages 2016-01-25 13:57:31 +01:00
mboelen 3999be2300 Avoid errors on screen if sysctl keys are not readable 2016-01-25 13:54:09 +01:00
mboelen 727ff26283 Show on screen that DNF is being used 2016-01-25 13:52:58 +01:00
mboelen e3c88fe766 Additional DNF tests 2016-01-25 13:43:05 +01:00
mboelen 1e12852b12 Initial support for DNF package manager 2016-01-25 13:18:59 +01:00
Alexander Lobodzinski 6309588246 [ACCT-2760]: Check availability OpenBSD accounting data 2016-01-22 11:52:34 +01:00
Alexander Lobodzinski 089f7013c1 [PRNT-2302]: Description text was obviously wrong 2016-01-22 11:23:49 +01:00
pyllyukko 71aa47cbf4
Fix "/etc/inittab" -> "/etc/sysconfig/init" 2016-01-16 21:14:38 +02:00
mboelen 6bab259a5e [AUTH-9234] Gather users on AIX, and rewriting of tests 2016-01-11 01:31:08 +01:00
mboelen 5e5507a1cd Use CreateTempFile for temporary file creation 2016-01-11 01:30:06 +01:00
mboelen e0e56f2cdc Use CreateTempFile for creation of temporary files 2016-01-11 01:04:38 +01:00
mboelen 1cb90916ee Added functions and variables for creation of temporary files 2016-01-11 01:04:04 +01:00
mboelen d5867762c6 Use CreateTempFile function for temporary files 2016-01-11 00:24:00 +01:00
mboelen f313b2edf8 Allow defining a proxy for data uploads 2016-01-07 12:57:24 +01:00
mboelen 4736ad87b9 Replacement of functions and adding newlines 2016-01-07 12:56:46 +01:00
asiebelt a095ba64a0 Fix scoring logic for "<" 2016-01-02 18:13:07 +01:00
asiebelt 7f462d0a41 Fix typo 2016-01-02 18:07:02 +01:00
asiebelt 81bac124ee Fix Scoring for "<" 2016-01-02 18:03:11 +01:00
asiebelt 99fd20aae0 Fix Test Definition 2016-01-02 17:49:01 +01:00
asiebelt 4234a646ed Update tests_ssh 2016-01-02 17:39:25 +01:00
mboelen d167fe2782 Added test NETW-2600 to collect IPv6 configuration 2016-01-01 21:38:47 +01:00
mboelen 0116dac1d2 Add more aliases to --dumpoptions 2016-01-01 15:44:32 +01:00
mboelen 70c90bc8fa Added new function TestValue 2016-01-01 14:56:09 +01:00
mboelen 5b25317767 New tests and renumbering 2015-12-30 14:33:50 +01:00