tyler.durden
/
lynis
mirror of https://github.com/CISOfy/lynis.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
3,771 Commits 2 Branches 62 Tags 17 MiB
Commit Graph

115 Commits

Author SHA1 Message Date
Michael Boelen 699ec384d2
[FILE-6398] Only perform test if we know if Linux kernel is monolithic/modular 2024-09-30 10:00:55 +00:00
Stefan Baumgartner 9eafa7913c
Update tests_filesystems 
More elegant regex to accommodate for tabs and spaces.
 2024-05-24 08:18:16 +02:00
Stefan Baumgartner 0515094a33
Fix REGEX in FILE-6430 2024-05-19 12:34:57 +02:00
Michael Boelen 65ac3e65b4
Merge pull request #1388 from xnoguer/issue-1367 
Fixing test on kernel major and minor version (FILE-6344). Issue 1367
 2024-05-14 14:39:00 +02:00
Michael Boelen fd62c192fe
Merge pull request #1156 from sanderu/FILE-6398 
Added FILE-6398 test
 2024-05-14 11:57:43 +02:00
xnoguer 68da1d2b92 Fixing test on kernel major and minor version 2023-04-26 17:38:42 -04:00
xnoguer 6f1797fb59 Using grep -E 2023-04-23 17:38:21 -04:00
Thomas Sjögren 975712a616 add plocate 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2022-05-15 23:58:43 +02:00
Thomas Sjögren 9819ac4023 allow unknown number of spaces in modprobe blacklists 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2021-10-26 10:53:33 +02:00
Rob Chekaluk b556450364 FILE-6344: support hidepid textual values 2021-06-21 08:53:43 -04:00
Sander 0298f51940 Added FILE-6398 test 2021-05-15 19:22:17 +00:00
Michael Boelen 0506d4467a
Merge pull request #1105 from afunix/1103-blacklisted-modules 
1103: FILE-6430 reports suggestion only when at least one kernel module is not in the blacklist
 2021-04-28 09:41:59 +02:00
Michael Boelen aab6af4017
Merge pull request #1118 from steph78630/master 
Add translated status
 2021-04-01 13:34:20 +02:00
Stéphane 3683ffd3c4
Add translated status 2021-03-02 23:31:41 +01:00
Pavel Malyshev fba5120f3f 1103: FILE-6430 reports suggestion only when at least one kernel module is not in the blacklist 2021-01-07 17:29:06 -06:00
Michael Boelen da1c1eca10
Preparation for release 3.0.3 2021-01-07 15:22:19 +01:00
Stéphane f1604c2e55
Add and improvements strings 2021-01-05 11:53:11 +01:00
Michael Boelen 01c970f73f
Merge pull request #1044 from delscate/master 
Fix wc and head cmd when using busybox
 2020-10-22 13:24:56 +02:00
Stéphane 67d04f2536
Add translate function for all sections 
+ add EN and FR up to date languages files
 2020-10-22 00:13:42 +02:00
Fabien Lehoussel 537624da15 Fix wc command with --lines argument to be used with busybox 2020-10-19 15:02:48 +02:00
Kepi 9d52395952 [FILE-6430] Don't grep nonexistant modprobe.d files 
We don't want to grep files in modprobe.d when dir is empty. Uses same approach
as in USB-1000.
 2020-07-02 18:22:03 +02:00
Michael Boelen 05ea9f873d
[FILE-6330] corrected description 2020-06-02 16:34:35 +02:00
Michael Boelen b285623ac2
Remove double space 2020-06-02 16:30:43 +02:00
Michael Boelen f232b4f9bb
Added quotes 2020-04-01 16:18:03 +02:00
Sander 4732b640ae Adding test FILE-6394 2020-03-28 19:23:00 +00:00
Topi Miettinen 339e0c3207
[FILE-6374]: Summarize unhardened file system 
Report total numbers of unhardened filesystems.

Signed-off-by: Topi Miettinen <toiwoton@gmail.com>
 2020-03-25 09:18:16 +02:00
Michael Boelen 3c8e3b0adb
Merge pull request #862 from topimiettinen/blacklist-fs 
FS module tests: check if modules are blacklisted
 2020-03-24 13:34:05 +01:00
Michael Boelen f83025a283
Merge pull request #860 from topimiettinen/harden-mount-options 
Harden mount options for /var, check also /dev and /run
 2020-03-24 13:27:50 +01:00
Topi Miettinen 0da82a18cb
FS module tests: check if modules are blacklisted 
Check if FS modules are blacklisted.

Signed-off-by: Topi Miettinen <toiwoton@gmail.com>
 2020-03-23 17:43:53 +02:00
Michael Boelen 38310223a6
Updated date/year 2020-03-20 14:50:25 +01:00
Topi Miettinen 72e8f572bf
Harden mount options for /var, check also /dev and /run 
There should not be any need for char/block devices in /var, so
propose nodev. Sockets are not affected.

Check also /dev for noexec,nosuid and /run for
nodev,nosuid. Historically there was /dev/MAKEDEV script but that's
long gone.

In case a file system is not found in /etc/fstab, check if they are
mounted otherwise (e.g. via systemd mount units).

Signed-off-by: Topi Miettinen <toiwoton@gmail.com>
 2020-03-19 16:39:02 +02:00
gfelkel d3287bd7ef
FILE-6310 for HP-UX 
HP-UX: /usr/sbin/mount reports "/home on /dev/…", so $1 has to be used
 2020-01-22 16:31:49 +01:00
Michael Boelen 35d248b74c
[FILE-6430] minor code improvements and show suggestion with more details 2019-12-18 19:20:48 +01:00
Michael Boelen 09f29a5e64
Code style improvement: quote argument 2019-12-18 12:17:46 +01:00
Michael Boelen f188bac7e8
Update description for FILE-6374 2019-10-08 15:10:02 +02:00
Michael Boelen ca0239b4d9
[FILE-6374] corrected defaults flag, added root directory, and changed logging 2019-09-12 16:34:45 +02:00
Michael Boelen fa8bad20db
Use -n instead of ! -z 2019-07-16 13:20:30 +02:00
Michael Boelen 61d8c91eeb
[FILE-6310] filter on correct field for AIX 2019-06-06 14:20:12 +02:00
Michael Boelen 256bc1da0f
Undoed submitted pull request as it breaks testing at least on Ubuntu system 2019-04-08 11:07:41 +02:00
Capashenn 137dc6f0cc fix FILE-6374 (#672) 2019-04-08 10:36:17 +02:00
Michael Boelen 2c83037cba
Minor cleanup 2019-04-02 07:58:10 +02:00
Capashenn 7b7086566d Add test FILE-6324 check XFS file systems (#699) 2019-04-02 07:46:04 +02:00
Michael Boelen 66066ae226
Changed year and preparing for new release 2019-01-31 14:47:35 +01:00
Michael Boelen d0f4a90c00
Grammar change 2018-09-06 07:55:58 +02:00
Katarina Durechova 993edc9738 [FILE-6363] Check for sticky bit on /var/tmp (#473) 2018-01-24 17:08:21 +01:00
Michael Boelen 66f8cb2441
Changed year 2018-01-11 09:50:26 +01:00
Michael Boelen dbec83566b
[FILE-6310] match mount points by exact name 2017-07-28 10:42:17 +02:00
Michael Boelen 4ecb9d4d05
[bulk change] cleaning up, code enhancements, initialization of variables, and new tests 2017-04-30 17:59:35 +02:00
hlein b595cc0fb5 Various cleanups (#363) 
* Typo fix.

* Style change: always use $(), never ``.

The Lynis code already mostly used $(), but backticks were sprinkled
around.  Converted all of them.

* Lots of minor spelling/typo fixes.

FWIW these were found with:

  find . -type f -print0 | xargs -0 cat | aspell list | sort -u | egrep '^[a-z]+$' | less

And then reviewing the list to pick out things that looked like
misspelled words as opposed to variables, etc., and then manual
inspection of context to determine the intention.
 2017-03-06 07:41:21 +00:00
Michael Boelen 295fe93ca6 [FILE-6372] Properly deal with comments in /etc/fstab 2017-03-01 16:11:17 +01:00