tyler.durden
/
lynis
mirror of https://github.com/CISOfy/lynis.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
3,246 Commits 2 Branches 62 Tags 17 MiB
Commit Graph

307 Commits

Author SHA1 Message Date
Michael Boelen f76cf70651
Missing } 2019-08-04 19:40:02 +02:00
Michael Boelen 48ba463376
Added support for swupd (Clear Linux OS) 2019-08-04 19:37:55 +02:00
Michael Boelen da055ae0aa
More standardization of text and adding deprecated functions for transition period 2019-08-01 14:59:03 +02:00
David Marzal 28801e7ad7 Clean up of not used legacy functions and not used broken functions 2019-07-31 22:29:26 +02:00
Michael Boelen 2ec0268692
Merge pull request #732 from Marzal/Marzal-FILE-7524 
Changes for new profile format
 2019-07-26 11:33:38 +02:00
Michael Boelen b384fa2887
New option: --usecwd to run from current working directory 2019-07-25 11:34:58 +02:00
David b8a0190e82
Fix grep in PROFILEVALUE 
Make it work with new profile format
 2019-07-18 18:58:11 +02:00
Michael Boelen d6cce1cd08
Test if profiles provided using the command line are readable 2019-07-18 11:54:11 +02:00
David 06413994cf
Initialize some vars to allow strict mode to work 
IsRunning():
To check if $users is empty in strict mode we need the var to be initializez

ReportException:
Some test call this function without the second parameter, this is not allowed in strict mode if we don't initialize the variable
 2019-07-17 23:16:47 +02:00
Michael Boelen d696d521c1
Extended IsRunning function to allow for searching by a combination of process name and user. 2019-07-16 19:04:53 +02:00
Michael Boelen fa8bad20db
Use -n instead of ! -z 2019-07-16 13:20:30 +02:00
Michael Boelen c074c81897
Initial work on GetReportData function 2019-07-14 15:12:25 +02:00
Michael Boelen 26fca99c40
Textual changes 2019-07-14 11:49:14 +02:00
Michael Boelen c31c6a5a9e
Add timing measurement of individual tests and report them 2019-07-12 14:20:32 +02:00
Michael Boelen aaba4932b0
Show name of deprecated function on screen output 2019-07-12 13:13:39 +02:00
Michael Boelen 0f80fa07aa
New function SafeFile 2019-07-12 13:05:43 +02:00
Michael Boelen ce263f8cd6
Textual changes 2019-07-10 20:22:31 +02:00
Michael Boelen f5adb68e00
First round of cleanups and textual improvements 2019-07-10 19:36:51 +02:00
Michael Boelen 1854e51e7e
New function: Equals 2019-07-08 15:05:28 +02:00
Michael Boelen 7a816ece8a
Added DisplayWarning function 2019-07-07 18:47:55 +02:00
Michael Boelen 8d4fd1a7aa
Add Readonly() function 2019-07-05 18:35:45 +02:00
Michael Boelen 2e1ec2c32f
Change variable name to better indicate what it does 2019-07-03 15:07:46 +02:00
Michael Boelen 76c3ea0edb
Fall back to echo if ECHOCMD is empty early during execution of program 2019-06-30 20:38:05 +02:00
Michael Boelen 08e8e59197
New function: SafeInput 2019-06-29 19:34:12 +02:00
Michael Boelen d0377c563d
Added TLSv1 as weak protocol (nginx) 2019-06-24 15:40:18 +02:00
Michael Boelen 2d0c684931
Added new 'generate' command 2019-04-13 13:26:56 +02:00
Michael Boelen fd8b1e790d
Improved PackageIsInstalled function and its usage 2019-04-08 15:09:18 +02:00
Michael Boelen 71a0c79053
Corrected stdout/stderr redirection for FreeBSD pkg tool 2019-04-08 07:53:04 +02:00
Michael Boelen 08ecd91180
Use ps instead of pgrep on AIX 2019-04-07 19:03:21 +02:00
Michael Boelen 1e134bc1b3
Extended function with more package managers 2019-04-07 15:52:52 +02:00
Michael Boelen 247eb7d9a6
Corrected if-statement 2019-04-03 12:46:03 +02:00
Michael Boelen 66066ae226
Changed year and preparing for new release 2019-01-31 14:47:35 +01:00
Michael Boelen 41d5d61a16
Removed non-compatible code (eg AIX) 2019-01-31 14:27:36 +01:00
Michael Boelen 750f55bd27
Minor changes and remarks regarding HostID 2019-01-14 11:13:37 +01:00
superpoussin22 2334bba492 avoid “can't shift that many” error (#571) 
got this error on debian auditing a docker file when testing an ubuntu Dockerfile when lynis try to find KEY_USED
 2018-09-06 07:48:40 +02:00
Michael Boelen 91c6314a1a
Minor cleanups 2018-08-27 14:51:28 +02:00
Michael Boelen 81ea5df3b3
Fix: extra operand error 2018-07-05 15:57:19 +02:00
Michael Boelen 65190d214c
Move reporting of hostid2 to main section to ensure it is added to report 2018-06-28 16:29:16 +02:00
Michael Boelen 40d6a853d5
Changed file permissions 2018-04-23 10:56:26 +02:00
John Eismeier c5dcbe8c31 Propose fix some typos (#538) 2018-04-23 10:54:44 +02:00
Michael Boelen f0ef7fb785
Initial version of PackageIsInstalled function 2018-02-19 15:01:26 +01:00
Michael Boelen 5e9253e8f4
Add host identifier options and use manual configured setting in function 2018-02-16 19:29:08 +01:00
Michael Boelen 1bf789861d
Add possibility to define an array of allowed operating systems for a test 2018-01-18 20:26:19 +01:00
Michael Boelen 503b2662c6
Implemented NetBSD patch: use correct syntax to compare values 2018-01-18 16:50:23 +01:00
Michael Boelen 8934042473
Code enhancements 2018-01-17 17:26:30 +01:00
mslifcak 25b3c4f1eb VBoxService running is another VirtualBox clue (#505) 2018-01-17 17:19:51 +01:00
Michael Boelen 00ad535c6b
Use different variable in for loop 2018-01-11 10:37:56 +01:00
Michael Boelen 66f8cb2441
Changed year 2018-01-11 09:50:26 +01:00
Michael Boelen c487bcb277
\-C flag of ps is different on BSD 2017-12-24 14:05:55 +01:00
Katarina Durechova 09de901d11 Check zero size of files correctly (#487) 
from man test:
-s FILE
    FILE exists and has a size greater than zero

-z STRING
    the length of STRING is zero
 2017-10-31 09:05:29 +01:00
Michael Boelen e5c11991ef
Code enhancements and textual change 2017-10-29 11:26:25 +01:00
Michael Boelen ebf16462a8
Improve IsRunning function to match full process names 2017-10-29 10:54:40 +01:00
Michael Boelen 9d238f6e78
Added HP-UX routine for GetHostID 2017-10-19 19:37:25 +02:00
Michael Boelen 499f7d5015
Improve process detection 2017-09-16 14:08:26 +02:00
FlorentCoppint ccf9db18f8 Improved IsRunning() process matching (#463) 2017-09-16 13:58:04 +02:00
Michael Boelen 2451029a6e
Allow for files with spaces 2017-09-06 12:55:56 +02:00
Bruno Vernay 6cf1c324f8 Support spaces in file names (#445) 
* Support spaces in file names

File names may contain spaces

* Fixed 2more cases
 2017-08-29 14:33:18 +02:00
Michael Boelen 358dc46b81
Ignore file access errors when trying to access them 2017-08-17 14:18:29 +02:00
Michael Boelen 4660362e74
Redirect errors like file permissions 2017-08-08 14:52:11 +02:00
Stéphane BARBARAY 9ca2d640b8 Enhanced detection for LXC and LXC over VM (#426) 
* Update functions

* Update functions

* Update tests_shells

* Update tests_shells

* Update IsVirtualMachine

extra check on /proc/1/environ existence + Log result
 2017-07-31 12:51:19 +02:00
mslifcak af60a2463a 250 fixes (#393) 
* restore use of lshw

* add ROOTDIR to restore lost PHP file ref

* refactor certificate search to benefit older "find" command
 2017-05-23 14:56:25 +02:00
Michael Boelen 4ecb9d4d05
[bulk change] cleaning up, code enhancements, initialization of variables, and new tests 2017-04-30 17:59:35 +02:00
Michael Boelen 2340e7bbbc
Added HasData and IsEmpty function 2017-04-23 20:19:18 +02:00
Michael Boelen 7d17bfbbd7 Escape file when needed to test if it is readable 2017-03-13 11:57:23 +01:00
Michael Boelen 88b37d16ca Added FileInstalledByPackage function 2017-03-12 16:36:02 +01:00
hlein 62d9a18861 A bunch of Solaris compatibility tweaks (#367) 
* Work around Solaris' /bin/sh not being POSIX.

If /usr/xpg4/bin/sh is present, we are (definitely?) on Solaris or
a derivative, and /bin/sh cannot be trusted to support POSIX, but
/usr/xpg4/bin/sh can be.  Exec it right away.

* Work around Solaris 'which' command oddity.

Solaris' (at least) 'which' command outputs not-found errors to STDOUT
instead of STDERR.

This makes "did we get any output from which" checks insufficient;
piping to grep -v the "no foo in ..." message should work.

Note that this patch set includes all such uses of which that I could
find, including ones that should never be reached on Solaris (i.e. only
executed on some other OS) just for consistency.

* Improved alternate-sh exec to avoid looping.

* Solaris' /usr/ucb/echo supports -n.

* Check for the best hash type that openssl supports.

When using openssl to generate hashes, do not assume it supports
sha256; try that, then sha1, then give up and use md5.

* Solaris does not support sed -i; use a tempfile.

* Use the full path for modinfo.

When running as non-root, /usr/sbin/ might not be in PATH.
include/tests_accounting already calls modinfo by full path, but
include/tests_kernel did not.

* Solaris find does not support -maxdepth.

This mirrors the logic already in tests_homedirs.

* Use PSBINARY instead of ps.

* Work around Solaris' date not supporting +%s.

Printing nawk's srand value is a bizarre but apparently once popular
workaround for there being no normal userland command to print
UNIX epoch seconds.  A perl one-liner is the other common approach,
but nawk may be more reliably present on Solaris than perl.

* Revert to using sha1 for HOSTID.

* Whitespace cleanup for openssl hash tests.
 2017-03-08 16:24:24 +00:00
hlein e054e9757c Lots of cleanups (#366) 
* Description fix: SafePerms works on files not dirs.

All uses of SafePerms are on files (and indeed, it would reject
directories which would have +x set).

* Lots of whitespace cleanups.

Enforce everywhere(?) the same indentations for if/fi blocks.
The standard for the Lynis codebase is 4 spaces.  But sometimes
it's 1, sometimes 3, sometimes 8.

These patches standardize all(?) if blocks but _not_ else's (which
are usually indented 2, but sometimes zero); I was too lazy to
identify those (see below).

This diff is giant, but should not change code behavior at all;
diff -w shows no changes apart from whitespace.

FWIW I identified instances to check by using:

  perl -ne 'if ($oldfile ne $ARGV) { $.=1; $oldfile=$ARGV; }; chomp; if ($spaces) { next unless /^( *)([^ ]+)/; $newspaces=length($1); $firsttok = $2; next unless defined($firsttok); $offset = ($firsttok eq "elif" ? 0 : 4); if ($newspaces != $spaces + $offset) { print "$ARGV:$ifline\n$ARGV:$.:$_\n\n" }; $ifline=""; $spaces="";  } if (/^( *)if (?!.*[; ]fi)/) { $ifline = "$.:$_"; $spaces = length($1); }' $(find . -type f -print0 | xargs -0 file | egrep shell | cut -d: -f1)

Which produced output like:

  ./extras/build-lynis.sh:217:            if [ ${VERSION_IN_SPECFILE} = "" -o ! "${VERSION_IN_SPECFILE}" = "${LYNIS_VERSION}" ]; then
  ./extras/build-lynis.sh:218:               echo "[X] Version in specfile is outdated"

  ./plugins/plugin_pam_phase1:69:        if [ -d ${PAM_DIRECTORY} ]; then
  ./plugins/plugin_pam_phase1:70:                LogText "Result: /etc/pam.d exists"

...There's probably formal shellscript-beautification tools that
I'm oblivious about.

* More whitespace standardization.

* Fix a syntax error.

This looks like an if [ foo -o bar ]; was converted to if .. elif,
but incompletely.

* Add whitespace before closing ].

Without it, the shell thinks the ] is part of the last string, and
emits warnings like:

  .../lynis/include/tests_authentication: line 1028: [: missing `]'
 2017-03-07 19:23:08 +00:00
hlein b595cc0fb5 Various cleanups (#363) 
* Typo fix.

* Style change: always use $(), never ``.

The Lynis code already mostly used $(), but backticks were sprinkled
around.  Converted all of them.

* Lots of minor spelling/typo fixes.

FWIW these were found with:

  find . -type f -print0 | xargs -0 cat | aspell list | sort -u | egrep '^[a-z]+$' | less

And then reviewing the list to pick out things that looked like
misspelled words as opposed to variables, etc., and then manual
inspection of context to determine the intention.
 2017-03-06 07:41:21 +00:00
Michael Boelen 44f5209cb9 Add description of CheckItem 2017-03-05 15:12:01 +01:00
Michael Boelen 34ba1ba184 Changed date and preparing for release 2017-02-09 13:35:40 +01:00
Michael Boelen ed45fe7b29 Use the data from machine ID when no SSH keys are available 2017-01-28 12:11:38 +01:00
Michael Boelen 670b18b6f5 Strip out any comments at end of nginx configuration lines 2017-01-27 14:36:55 +01:00
Andres Gomez Casanova 145e1164be Variable name in reportWarning function (#342) 
* Variable name

* Update functions

* Update functions
 2017-01-16 11:03:07 +00:00
Michael Boelen aadd58e6a6 Allow option to configure host IDs via profile 2016-12-02 13:19:29 +01:00
Michael Boelen f16325ff55 Only show non-privileged tests that were skipped if they are applicable to our platform 2016-11-19 15:38:32 +01:00
Zach Crownover 659d3e42c5 Improve DragonFly support (#329) 
* Update facter location for BSDs

BSDs tend to place third party binaries in /usr/local rather than /usr

* Add support for DragonFly boot loader detection

DragonFly BSD has the same file paths for the bootloader as FreeBSD

* Add kernel module checking for DragonFly

DragonFly BSD checks kernel modules the same way as FreeBSD

* Add DragonFly check for login shells

DragonFly's login files are the same as FreeBSD's

* Add HAMMER PFS Detection

All PFS mounts in HAMMER systems for DragonFly will be detected now
 2016-11-19 12:39:57 +00:00
Justin P 50b06efd30 macOS Refactoring (#311) 
* Default all macOS `OS` names as macOS. Added comments to specify `uname` outputs for better understanding.

* Refactored all `Mac` instances referring to macOS over to `macOS` formatting.

Tested on my own machine, unable to find any errors outside of normal parameters.
 2016-11-05 11:53:22 +01:00
Michael Boelen 1641f4c88f Use machine ID if we have no suitable other string yet 2016-10-17 17:16:36 +02:00
Michael Boelen 404bd9ad4c Correct path to cgroup file 2016-10-16 15:51:30 +02:00
Michael Boelen 27054e2f2e Improve logging for non-privileged users 2016-10-16 15:29:50 +02:00
Michael Boelen d0eae6480d Support for Docker container detection 2016-10-16 15:13:04 +02:00
Michael Boelen c87e423196 Added HOSTID2 for macOS platform 2016-10-14 08:49:00 +02:00
alobodzinski 639c5adc72 Fixed cut-and-paste error (#265) 2016-08-29 19:31:06 +02:00
Michael Boelen fdf3ded89f New command 'lynis show details' to display test details 2016-08-26 14:05:20 +02:00
Michael Boelen c11f7fc1ce Do not show update message when using 'show' helper 2016-08-23 20:21:26 +02:00
Michael Boelen 0dab1e9308 Allow multiple level of includes 2016-08-16 08:36:42 +02:00
Michael Boelen 4b96452dab Clean out unneeded file 2016-08-16 08:11:51 +02:00
Michael Boelen c730a3185e Add StoreNginxSettings function to store parsed nginx configuration 2016-08-16 08:07:08 +02:00
Michael Boelen e06db1477d Add notebook hardware detection 2016-08-13 16:38:07 +02:00
Michael Boelen d5a5cc3173 Allow logging a custom reason to skip a test 2016-08-13 10:16:15 +02:00
Michael Boelen 300ab03abc Improved SearchItem function and allow masking of sensitive details 2016-08-11 19:52:15 +02:00
Michael Boelen fa8826f59a Corrected text 2016-08-11 19:29:57 +02:00
Michael Boelen e78e7801ab Allow ExitFatal with text and test for input file on other tests 2016-08-11 19:03:01 +02:00
Michael Boelen bba7cfe200 Add return value to SearchItem() function 2016-08-11 18:46:17 +02:00
Michael Boelen 4f72cdf711 Mark VM type as OpenStack 2016-08-11 10:01:57 +02:00
Liao Tonglang b1c432c3e0 Make IsVirtualMachine detect centos6.8 on openstack (#258) 
These function made mistake in centos 6.8 virtual machine. Only dmicecode work
on these environment and it return Openstack Nova. A openstack case is needed
in codes that check $SHORT codes.
 2016-08-11 09:41:07 +02:00
Michael Boelen 3c46482a9e Readability and style improvements 2016-07-31 21:20:38 +02:00
Michael Boelen 9874530615 Override reading of files when we are root 2016-07-31 21:18:56 +02:00
Michael Boelen 9ae1aa749d Properly replace setting gathered from profiles 2016-07-31 17:18:36 +02:00
Michael Boelen 8ee6cb42a3 DisplayError can now use an optional exit code to quit the program 2016-07-31 11:46:41 +02:00