tyler.durden
/
lynis
mirror of https://github.com/CISOfy/lynis.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
3,660 Commits 2 Branches 62 Tags 17 MiB
Commit Graph

2371 Commits

Author SHA1 Message Date
Michael Boelen c869eb92bc
Merge pull request #1337 from Ximalas/redis-configuration-file-FreeBSD 
Update tests_database: Redis configuration file
 2024-03-12 08:38:09 +01:00
Florian Sonnenschein e23898b52b Added PKGS-7305 
Query macOS Apps in /Applications and Apple CoreServices and add them to the Report
 2024-03-11 14:38:41 +01:00
Florian Sonnenschein 0b7e8c3bfe Added CRYP-7932 to determine if the system has enabled macOS FileVault. 2024-03-11 14:37:07 +01:00
Florian Sonnenschein 126b8053aa PKGS-7303: Added version numbers to brew packages. 
This allows lynis enterprise to render the software  packages in the webinterface.
 2024-03-11 14:35:24 +01:00
Thomas Sjögren df2e839c2c
Merge branch 'master' into issue1286 2023-12-21 23:29:54 +01:00
Hugo Rodrigues 90ece54445
Fixed Alpine Linux installed package detection 2023-12-13 12:40:05 +00:00
D3vil0p3r 83e9ee4e0c
added Athena OS detection 2023-10-01 13:15:37 +02:00
Xavier Noguer a5dbda51b9 Reverting change from another PR 2023-09-19 16:47:23 +00:00
Xavier Noguer 04a73a9c19 Reverting change from another PR 2023-09-19 16:46:20 +00:00
Xavier Noguer bc36b3ec63 Avoiding warning because of hyphen. Due to changes in grep 3.8 2023-09-19 16:12:52 +00:00
xnoguer 1e53af9a83
Merge branch 'CISOfy:master' into master 2023-09-19 08:02:22 -03:00
Stefan Baumgartner bf197ffd7f
Update tests_malware 
Fix incorrect "IsRunning" invocations for SentinelOne detection.
 2023-09-17 10:24:52 +02:00
Michael Boelen 74fa9ab164
Merge branch 'master' into issue-1397 2023-09-13 16:15:05 +02:00
Michael Boelen 23bed418e5
Merge pull request #1396 from xnoguer/issue-1300 
Replacing deprecated option -i. Issue 1300
 2023-09-13 16:10:04 +02:00
Michael Boelen 9a19aa6a5b
Merge pull request #1404 from avenjamin/sentinelone-malware 
Add malware detection support for SentinelOne
 2023-09-13 16:08:36 +02:00
Michael Boelen 1bfcc9b146
Update tests_malware 
Corrected variable
 2023-09-13 16:07:41 +02:00
Michael Boelen 7b98ad465e
Merge pull request #1405 from xnoguer/issue-1277 
Updating parsing of arch-audit since arch-audit modified its output. Issue 1277
 2023-09-13 16:04:58 +02:00
Michael Boelen 4b912ab357
Merge pull request #1399 from xnoguer/issue-1319 
Added tests considering Wazuh for file integrity and tooling
 2023-09-13 16:04:04 +02:00
Michael Boelen 20a6c2b774
Merge pull request #1403 from xnoguer/fix_test_names 
Fixing missing or erroneous test number comments
 2023-09-13 16:00:02 +02:00
Michael Boelen 2c313249de
Merge pull request #1372 from al-lac/os-detection-mac-os-ventura 
osdetection: add macOS Ventura and Sonoma
 2023-09-13 13:34:41 +02:00
Michael Boelen fd067df465
Merge pull request #1390 from akuster/master 
osdetection: add OpenEmbedded and Poky
 2023-09-13 13:08:33 +02:00
Michael Boelen 986237f557
Merge pull request #1408 from digitalcheetah/guix 
Adding Guix to detected OSes
 2023-09-13 13:07:08 +02:00
Michael Boelen 111494f972
Merge pull request #1409 from digitalcheetah/lsdk 
Update osdetection with LSDK
 2023-09-13 13:05:43 +02:00
Michael Boelen 0d77a367c5
[MALW-3280] Correction to detect com.avast.daemon 2023-08-08 11:15:34 +00:00
Michael Boelen 9d9cedee4e
Only quote binary, not the option -E 2023-08-08 09:11:02 +00:00
Michael Boelen d0c855d19b
Merge branch 'master' into issue-1338 2023-08-07 10:06:12 +02:00
al-lac 461edd3e1f Add OS support for macOS Sonoma (14.x) 2023-08-07 09:55:28 +02:00
rpmbuild 6e3cea8c87 use grep -E instead of egrep if possible 2023-07-30 09:37:10 +02:00
Jay Keller 5214132e97
Update osdetection with LSDK 
This should close issue #1393.
 2023-06-10 11:20:10 +00:00
Jay Keller be5a63a45b
Update osdetection with Guix 
Closes issue #1379
 2023-06-10 11:03:48 +00:00
Xavier Noguer d26a98ca19 Checking debsums default file to make sure cron jobs are enabled 2023-06-02 09:16:28 +00:00
Xavier Noguer 6963e4e408 Updating parsing of arch-audit since arch-audit modified its output 2023-05-30 14:56:11 +00:00
Ben Perry aa7085bf92
Update tests_malware 2023-05-30 18:19:46 +10:00
Xavier Noguer 1e70cd0b92 Fixing missing or erroneous test number comments 2023-05-30 08:04:36 +00:00
Xavier Noguer 9f36e17ee0 Added tests considering Wazuh for file integrity and tooling 2023-05-23 15:07:42 +00:00
Xavier Noguer dbf263dbbd Looking for configuration files in all /usr/local/pgsql/data* directories 2023-05-20 15:58:12 +00:00
Xavier Noguer 6fdfa0a012 Replacing deprecated option -i 2023-05-19 23:12:39 +00:00
Xavier Noguer ae129b24be Adding missing test number for suggestion 2023-05-18 22:02:30 +00:00
Ian Chesal 1aba2b1409 feat(cos): Add detection for Google's Container-Optimized OS 2023-05-10 17:04:57 -04:00
Armin Kuster 2b82fa6eba osdetection: add OpenEmbedded and Poky 
Signed-off-by: Armin Kuster <akuster@mvista.com>
 2023-05-03 07:38:38 -04:00
xnoguer e1cb35f28f Adding package libpam-passwdqc as suggestion 2023-04-27 17:31:32 -04:00
xnoguer 68da1d2b92 Fixing test on kernel major and minor version 2023-04-26 17:38:42 -04:00
xnoguer 7d494da5c4 Checking for errors, not only warning in docker info output 2023-04-25 10:06:02 -04:00
xnoguer c845cecb6f Fixing test 2023-04-23 19:00:16 -04:00
xnoguer c7b73837db Removing changes from another branch 2023-04-23 17:44:44 -04:00
xnoguer 6f1797fb59 Using grep -E 2023-04-23 17:38:21 -04:00
xnoguer fd64aa24d6 Adding test MALW-3291 in order to solve issue 1322 (related to issue 994) 2023-04-18 16:46:19 -04:00
xnoguer 833508a590 Adding php.ini files for versions 8.0, 8.1 and 8.2 2023-04-05 15:58:26 -04:00
Johannes Segitz 349975103f tests_mac_frameworks: check for existance of semanage binary. It's not 
installed everywhere, causing this error message:
/usr/share/lynis/include/tests_mac_frameworks: line 161: permissive: command not found
/usr/share/lynis/include/tests_mac_frameworks: line 162: permissive: command not found
 2023-02-23 14:15:16 +01:00
al-lac ef3a8338a0 osdetection: add macOS Ventura 2023-01-27 15:12:17 +01:00
pyllyukko 31c22f2daa
Added "prosecute" & "report" to LEGAL_BANNER_STRINGS 
https://xkcd.com/838/
 2023-01-05 14:43:29 +02:00
pyllyukko 051052cc15
Added Slackware support for PackageIsInstalled() function 2022-11-17 18:47:44 +02:00
Alan Gonzalez 4edbce250b
Update profiles 2022-10-28 14:45:05 -04:00
Alan Gonzalez 8e9a95d887
Update profiles 2022-10-28 14:08:26 -04:00
HansHoogerwerf bbe135d56f
Fix space 2022-10-17 16:27:21 +02:00
HansHoogerwerf ff26dca83a
Fix simple mistake 2022-10-17 16:24:59 +02:00
HansHoogerwerf 98ac5a562a
Verify the linux OS supports nanoseconds 
Add extra check to verify the linux OS supports nanoseconds. This might not be the case with certain busybox implementations.
 2022-10-17 15:46:40 +02:00
Michael Boelen 490d39f580
Merge pull request #1292 from konstruktoid/issue1291 
Only test Compression if sshd version < 7.4
 2022-10-12 10:51:31 +02:00
Michael Boelen bf4fa9fabf
Merge pull request #1294 from konstruktoid/issue1288 
add plocate
 2022-10-12 10:48:25 +02:00
Ximalas 49bbf25abe
Update tests_database: Redis configuration file 
On FreeBSD the Redis configuration file is typically stored as /usr/local/etc/redis.conf.
 2022-09-26 10:05:39 +02:00
Michael Boelen 73d43c25eb
Moved section to discover current timestamp related to issue #1329 2022-09-17 14:49:26 +00:00
Zafer Balkan 2788d9fff3
Merge branch 'CISOfy:master' into wazuh-malware-scan 2022-08-29 15:40:23 +03:00
Michael Boelen 622f53247d
[DBS-1820] added newer style format for Mongo authorization setting 2022-08-24 11:42:22 +00:00
Thomas Sjögren 4f6eeb7537 remove file from path 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2022-08-24 10:17:54 +02:00
Thomas Sjögren fc62b39f34 find redis.conf if /snap directory exists 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2022-08-23 11:57:05 +02:00
Thomas Sjögren fe5990f208 remove whitespaces 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2022-08-23 11:56:25 +02:00
Zafer Balkan 3140a245da
Added wazuh-agent as a remote syslog capability 2022-08-05 15:45:35 +03:00
Zafer Balkan 32a39eaaf8
Added Wazuh agent as a rootkit scanner 
Wazuh is a fork of OSSEC and is being actively maintained. Wazuh agent has capabilities to detect and prevent rootkits. Therefore, it seems feasible to add wazuh-agent to the accepted rootkit detection products.

https://documentation.wazuh.com/current/pci-dss/rootkit-detection.html
 2022-07-20 21:50:26 +03:00
Zafer Balkan e4cd5eaede
Added Wazuh Agent as a malware scanner/antivirus 
Solves https://github.com/CISOfy/lynis/issues/1304

Wazuh is a fork of OSSEC and is being actively maintained. Wazuh agent has capabilities to detect and prevent malware acting as an EDR. Therefore, it seems feasible to add wazuh-agent to the accepted antivirus products.

https://documentation.wazuh.com/current/user-manual/capabilities/anomalies-detection/index.html
https://documentation.wazuh.com/current/pci-dss/rootkit-detection.html
 2022-07-20 21:41:55 +03:00
Thomas Sjögren b3436629ce add check for ESET oaeventd 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2022-06-20 09:54:29 +02:00
Thomas Sjögren 225338a923 use systemctl get-default instead of following links 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2022-05-18 18:02:34 +02:00
Thomas Sjögren 975712a616 add plocate 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2022-05-15 23:58:43 +02:00
Thomas Sjögren e124499e27 Only test Compression if sshd version < 7.4 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2022-05-04 10:51:35 +02:00
mab974 f315c0b325
osdetection: add Koozali #1274 2022-04-13 13:42:21 +04:00
Skia 34d99f72f6 osdetection: add PostmarketOS 2022-03-17 23:28:34 +01:00
Michael Boelen 0664dea946
Merge branch 'master' into symlink_file 2022-03-14 11:54:03 +01:00
Michael Boelen e2781677ba
[KRNL-5820] small changes to prevent using ROOTDIR and resetting it, also showing additional paths in screen output 2022-03-14 11:48:30 +01:00
Michael Boelen ff3f24bbba
Merge pull request #1265 from rfrohl/alternative_path_security-limits 
[KRNL-5820] additional path for security/limits.conf
 2022-03-14 11:30:29 +01:00
Wojciech Banaś 4098236412 #1270 added finding configuration files in the "etc" directory, even if they are symlinks 2022-02-14 13:23:20 +01:00
Michael Boelen 4f382331b3
Renumbered new test PKGS-7346 to PKGS-7200 2022-02-10 14:26:38 +01:00
Michael Boelen 8afa7d93fe
Merge pull request #1254 from pyllyukko/pam_faillock 
Check for pam_faillock in AUTH-9408
 2022-02-10 14:18:19 +01:00
Michael Boelen 59d1d8acd8
Merge pull request #1247 from devnull-hub-lab/patch-1 
Update mod_security module version
 2022-02-10 12:05:43 +01:00
Michael Boelen 0830a745cc
Merge pull request #1250 from JensChrG/master 
Dont write over FIND variable. Fixes #1021
 2022-02-10 12:03:46 +01:00
Michael Boelen cd433e928e
Merge pull request #1205 from kolenichsj/alpine_apk 
Adding support for Alpine Package Keeper
 2022-02-10 12:00:38 +01:00
Michael Boelen e0b5dcf7d4
Merge pull request #1226 from konstruktoid/1220 
Extend HasCorrectCheckPermissions logging
 2022-02-10 11:52:11 +01:00
Michael Boelen 7fbcede421
Merge pull request #1235 from zwack-am/master 
Updated PAM_FILES_LOCATION for AARCH64
 2022-02-10 11:49:21 +01:00
Michael Boelen 66f93f0275
Removed bashism: == 2022-02-10 09:35:41 +01:00
Michael Boelen 4ecd03598f
Merge pull request #1225 from konstruktoid/ISSUE1214 
add symlink support to HasCorrectFilePermissions and IsWorldWritable
 2022-02-08 11:27:29 +01:00
Robert Frohl 14fd7dabc8
[KRNL-5820] additional path for security/limits.conf 
Changes the user facing output to display a full path, allowing the user to
better grasp which security/limits.conf file is affected.

fix issue #1264
 2022-02-04 13:51:36 +01:00
Michael Boelen b0ca58895b
[KRNL-5788] Only run relevant tests and improved logging 2022-01-31 17:07:41 +01:00
Michael Boelen 8604431e19
Merge pull request #1261 from jsegitz/reboot_test 
check /boot/vmlinuz as a symlink in the reboot test
 2022-01-31 16:38:38 +01:00
Steve Kolenich eb46f39c44 Merge remote-tracking branch 'origin/master' into alpine_apk 2022-01-31 10:05:26 -05:00
Michael Boelen a0e9e3d363
Merge pull request #1263 from pyllyukko/needs_restarting 
KRNL-5830: Check for /var/run/needs_restarting
 2022-01-31 15:07:50 +01:00
Michael Boelen e5f5750bfa
Improved log message 2022-01-31 13:55:55 +01:00
Michael Boelen 98f57d6d76
Added MALW-3274 to detect McAfee VirusScan Command Line Scanner 2022-01-31 13:29:11 +01:00
pyllyukko 12ad1ca6bd KRNL-5830: Check for /var/run/needs_restarting 
Creating this file was introduced in slackpkg version 15.0.10.
 2022-01-25 18:59:36 +02:00
Johannes Segitz 521487310f check /boot/vmlinuz as a symlink in the reboot test 2022-01-25 09:55:52 +01:00
Michael Boelen 28409265db
Switch to array type for account_without_password 2022-01-18 14:23:39 +01:00
pyllyukko 3153c89c87
Check for pam_faillock in AUTH-9408 
pam_tally2 was removed in PAM 1.5.0 and pam_faillock has replaced it.
 2022-01-12 19:09:42 +02:00
Steve Kolenich 302b52c55d Merge remote-tracking branch 'upstream/master' into alpine_apk 2022-01-11 09:19:19 -05:00