tyler.durden
/
lynis
mirror of https://github.com/CISOfy/lynis.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
1,324 Commits 2 Branches 63 Tags 18 MiB
Commit Graph

929 Commits

Author SHA1 Message Date
mboelen c3d5dabb49 Move stderr redirection to sysctl command instead of grep, to prevent errors displaying on screen 2016-03-17 21:02:28 +01:00
mboelen e949e560d7 Improve systemd detection on Fedora 2016-03-17 20:57:31 +01:00
mboelen b9dba2f3be Don't show umask exception, as it will trigger on Debian 8 2016-03-17 20:54:28 +01:00
mboelen a427eb6fa7 Rewrote test to determine system manager 2016-03-17 20:32:21 +01:00
mboelen abbcd2f97e Added additional logging for KRNL-5830 2016-03-17 19:39:36 +01:00
mboelen 39f24a57b9 Add Gentoo as Linux version 2016-03-17 18:11:03 +01:00
mboelen 9689417aec Add missing fi 2016-03-17 16:43:33 +01:00
mboelen a33b3c828f Check system manager and allow init as option in /proc/1/cmdline 2016-03-17 16:40:53 +01:00
mboelen 7adf2425a6 Added STRG-1842 to check for authorized USB devices 2016-03-17 16:36:52 +01:00
mboelen 237c0f87a7 BOOT-5104: Rewrote test to detect service manager 2016-03-16 12:10:10 +01:00
mboelen 488c08c3f3 Add better description of hardening points assignment 2016-03-16 11:19:17 +01:00
Michael Boelen 2fe5fa2cc6 Merge pull request #135 from rhyven/patch-5 
Accept apt-get as a package audit tool
 2016-03-16 11:02:35 +01:00
Michael Boelen a629248048 Merge pull request #134 from rhyven/patch-4 
Make AddHP identify non-optimal HP in logfile entries
 2016-03-16 11:02:15 +01:00
mboelen 322c7354d9 Added alternative location for dmidecode 2016-03-16 10:54:49 +01:00
mboelen bdc0f010c1 Set fixed dmidecode location 2016-03-16 09:54:54 +01:00
Eric Light a97bcb2142 Accept apt-get as a package audit tool 2016-03-14 12:02:18 +13:00
Eric Light 2ff7ce26c9 Make AddHP identify non-optimal HP in logfile entries 2016-03-14 10:35:57 +13:00
mboelen b8df6c4204 DBS-1816: Removed suggestion 2016-03-13 16:49:08 +01:00
mboelen 8cc47819b4 Removed copyright line, added description 2016-03-13 16:03:46 +01:00
mboelen 6197ac08e7 Added link to website, blog, github 2016-03-13 16:00:39 +01:00
mboelen dcb7f311fa Changed text and links 2016-03-13 15:48:03 +01:00
mboelen cf553b543c Added missing } 2016-03-12 20:50:28 +01:00
mboelen 89fbdd2feb HTTP-6622: Determine Apache version and store in report 2016-03-12 20:45:37 +01:00
mboelen 6d2770ede6 Added FreeBSD path for namedb configuration file 2016-03-12 20:19:12 +01:00
mboelen e88f15fd82 Removed tabs 2016-03-12 19:08:53 +01:00
mboelen bd833057e1 NAME-4406: adjusted filter for localhost detection + logging 2016-03-12 19:08:23 +01:00
mboelen 7f34f9dece AUTH-9288: ignore add include/tests_authentication 2016-03-08 12:01:11 +01:00
mboelen 6ec3e5b39d Added suggestion for file systems which are symlinked 2016-03-08 11:35:15 +01:00
mboelen 4874c80186 HTTP-6624: ignore wildcard and default entries as ServerName 2016-03-08 11:34:33 +01:00
mboelen ebdd946570 STRG-1840: disabled suggestion as this is considered high secure item 2016-03-08 09:50:28 +01:00
mboelen 62f31a8b82 SSH-7408: use only the last occurrence of a configured option 2016-03-08 08:47:25 +01:00
Michael Boelen e9edd2dd09 Merge pull request #129 from rhyven/patch-3 
Make NAME-4404 case-insensitive
 2016-03-08 08:08:31 +01:00
Eric Light e40a3562fb Make NAME-4404 case-insensitive 2016-03-07 15:15:22 +13:00
Eric Light 34c88e0c05 Removed errant semicolon which broke uploads 
Resolves below error:
   ./lynis: 25: ./include/data_upload: Syntax error: ";" unexpected
 2016-03-04 15:06:32 +13:00
mboelen 2b95019b62 Use proper variable for cURL 2016-03-03 12:50:43 +01:00
mboelen 09193d8ba9 Add support for FreeBSD to detect PAM files 2016-03-03 12:48:42 +01:00
mboelen a67a8f89bc Added space when upload options are used 2016-03-03 10:20:23 +01:00
mboelen 54ab91f87e Renamed FINT-4351 to FINT-4338 2016-03-01 16:30:48 +01:00
Toni de la Fuente 617ede8686 Update tests_file_integrity 2016-02-29 17:27:07 -05:00
Toni de la Fuente cb73eed69b added support to osquery 2016-02-29 17:16:50 -05:00
mboelen 13cfbd3019 Make IPv6 check compatible for all systems 2016-02-25 14:24:50 +01:00
mboelen f6c84785e7 Changed exception of missing eth0 interface into an informational message 2016-02-24 19:59:23 +01:00
mboelen 75ca02d1a5 Allow proxy usage during license check 2016-02-15 13:50:03 +01:00
mboelen 2aa9b9a9b1 Changed custom URLs for hardening tips 2016-02-15 12:39:06 +01:00
Eric Light 4f38eb4739 Removed ServerAliveInterval 
Belongs in ssh_config instead.  Ref issue #120
 2016-02-10 09:24:19 +13:00
mboelen c4888fbb8e Added value for ServerAliveInterval setting 2016-02-09 15:53:11 +01:00
mboelen b1f655ca1e Merge branch 'master' of https://github.com/CISOfy/Lynis 2016-02-09 13:02:50 +01:00
Michael Boelen fde45eafd4 Merge pull request #113 from pyllyukko/fix_LogText 
Fix "/etc/inittab" -> "/etc/sysconfig/init"
 2016-02-09 13:03:08 +01:00
mboelen 820c24c347 Added OpenBSD for [NETW-3004] 2016-02-09 13:00:29 +01:00
Michael Boelen 44752440e8 Merge pull request #115 from alobodzinski/master 
Change text and add account test for OpenBSD
 2016-02-09 12:59:10 +01:00
mboelen a3b4705508 Reordered SSH options, added ServerAliveInterval, changed TCPKeepAlive suggestion 2016-02-09 12:54:47 +01:00
mboelen 66d8ea418f Improve log file for data uploads 2016-02-02 17:08:53 +01:00
mboelen 4923ce9cb4 Added comment 2016-02-02 17:07:44 +01:00
mboelen ac5c98d76c Show what profile is used when using --config 2016-02-02 17:07:20 +01:00
mboelen 647b482c53 Use the right columns from DNF to split package name and version 2016-01-25 15:47:24 +01:00
mboelen d3e58a0537 Adjusted stderr redirecting and improve logging of packages 2016-01-25 15:38:46 +01:00
mboelen 5c53d16189 Show on screen if vulnerable packages are found 2016-01-25 15:04:46 +01:00
mboelen acafb316d3 Add warning if DNF found vulnerable packages 2016-01-25 13:57:31 +01:00
mboelen 3999be2300 Avoid errors on screen if sysctl keys are not readable 2016-01-25 13:54:09 +01:00
mboelen 727ff26283 Show on screen that DNF is being used 2016-01-25 13:52:58 +01:00
mboelen e3c88fe766 Additional DNF tests 2016-01-25 13:43:05 +01:00
mboelen 1e12852b12 Initial support for DNF package manager 2016-01-25 13:18:59 +01:00
Alexander Lobodzinski 6309588246 [ACCT-2760]: Check availability OpenBSD accounting data 2016-01-22 11:52:34 +01:00
Alexander Lobodzinski 089f7013c1 [PRNT-2302]: Description text was obviously wrong 2016-01-22 11:23:49 +01:00
pyllyukko 71aa47cbf4
Fix "/etc/inittab" -> "/etc/sysconfig/init" 2016-01-16 21:14:38 +02:00
mboelen 6bab259a5e [AUTH-9234] Gather users on AIX, and rewriting of tests 2016-01-11 01:31:08 +01:00
mboelen 5e5507a1cd Use CreateTempFile for temporary file creation 2016-01-11 01:30:06 +01:00
mboelen e0e56f2cdc Use CreateTempFile for creation of temporary files 2016-01-11 01:04:38 +01:00
mboelen 1cb90916ee Added functions and variables for creation of temporary files 2016-01-11 01:04:04 +01:00
mboelen d5867762c6 Use CreateTempFile function for temporary files 2016-01-11 00:24:00 +01:00
mboelen f313b2edf8 Allow defining a proxy for data uploads 2016-01-07 12:57:24 +01:00
mboelen 4736ad87b9 Replacement of functions and adding newlines 2016-01-07 12:56:46 +01:00
asiebelt a095ba64a0 Fix scoring logic for "<" 2016-01-02 18:13:07 +01:00
asiebelt 7f462d0a41 Fix typo 2016-01-02 18:07:02 +01:00
asiebelt 81bac124ee Fix Scoring for "<" 2016-01-02 18:03:11 +01:00
asiebelt 99fd20aae0 Fix Test Definition 2016-01-02 17:49:01 +01:00
asiebelt 4234a646ed Update tests_ssh 2016-01-02 17:39:25 +01:00
mboelen d167fe2782 Added test NETW-2600 to collect IPv6 configuration 2016-01-01 21:38:47 +01:00
mboelen 0116dac1d2 Add more aliases to --dumpoptions 2016-01-01 15:44:32 +01:00
mboelen 70c90bc8fa Added new function TestValue 2016-01-01 14:56:09 +01:00
mboelen 5b25317767 New tests and renumbering 2015-12-30 14:33:50 +01:00
mboelen 6b3c32b61f Added NETW-3032 to test for ARP monitoring software like arpwatch 2015-12-29 16:30:31 +01:00
mboelen 31b5c0bb42 Merged changes for ARPwatch 2015-12-29 16:28:18 +01:00
Michael Boelen 142fc100c4 Merge pull request #108 from alobodzinski/dovecot 
MAIL-8838: dovecot does not have postfix as a prerequisite
 2015-12-29 16:23:01 +01:00
mboelen 72b0f65438 [LOGG-2154] Check for remote syslogging, more in-depth testing 2015-12-22 16:56:15 +01:00
mboelen 95832c61d1 Update to reflect renamed functions logtext and report 2015-12-22 16:02:32 +01:00
mboelen ae6ca56581 Show warning for writable configuration file 2015-12-22 16:01:30 +01:00
mboelen 6520400ca4 [AUTH-9288] New test to determine expired passwords 2015-12-22 16:00:51 +01:00
mboelen d16b38eff8 Rename of logtext and report functions, upcoming year change 2015-12-21 21:17:15 +01:00
mboelen 83a44827e0 Define queryformat for rpm command 2015-12-21 19:20:34 +01:00
mboelen ddfd21b696 Added test for gzip to allow compression of report file 2015-12-21 19:13:50 +01:00
mboelen 360e6b66f6 Split name and version information for RPM based package manager 2015-12-21 19:10:22 +01:00
mboelen 6815c9a915 Redirect errors from postconf output 2015-12-21 17:07:31 +01:00
mboelen 9451e633da [AUTH-9308] Test for respawn option on SUSE-based systems 2015-12-21 15:17:25 +01:00
mboelen c12a4403aa Preparations for compressed uploads 2015-12-21 15:15:51 +01:00
mboelen 040c2efc1c Perform compressed uploads by default 2015-12-21 12:08:47 +01:00
mboelen ad87a83bbc Add upload_compressed option to profile 2015-12-21 11:37:16 +01:00
mboelen 4b9b8a0bc7 New option for compressed uploads 2015-12-21 11:35:38 +01:00
mboelen a59731405f Comment out unused function RealFilename 2015-12-21 11:26:00 +01:00
mboelen 526c519300 Retrieve cURL version number 2015-12-21 11:25:38 +01:00
mboelen c68771a57a Ensure that readlink only is used when it is available 2015-12-21 10:03:51 +01:00
mboelen 7cf247bf21 Added VMware detection for ESXi 2015-12-16 13:40:28 +01:00
Alexander Lobodzinski fccf889936 dovecot does not have postfix as a prerequisite 
fixed some spelling
 2015-12-14 16:14:38 +01:00
Michael Boelen c96e9f079e Merge pull request #83 from alobodzinski/auth-openbsd 
Authentication fixes for OpenBSD
 2015-12-09 22:51:00 +01:00
Michael Boelen 502f106f9a Merge pull request #96 from kboratynski/issue_11-str_1840 
Authorization check for storage devices. Approved.
 2015-12-09 22:49:23 +01:00
Michael Boelen 494ba68a6b Merge pull request #105 from kboratynski/features/ssh_refactor 
Implementation of several SSH related configuration items.
 2015-12-08 18:49:58 +01:00
mboelen 2be968eb2c Add new test BOOT-5106 to check for boot.efi on Mac OS X 2015-12-08 18:41:43 +01:00
Kamil Boratyński 8c544846ab Improved [SSH-7408] with 'AllowTcpForwarding'. 2015-12-07 07:15:48 +01:00
Kamil Boratyński 785119824e Improved [SSH-7408] with 'PermitTunnel'. 2015-12-07 07:15:03 +01:00
Kamil Boratyński 490fd6d5ec Improved [SSH-7408] with 'GatewayPorts'. 2015-12-07 07:14:19 +01:00
Kamil Boratyński 3817ffd299 Improved [SSH-7408] with 'PermitUserEnvironment'. 2015-12-06 01:46:47 +01:00
Kamil Boratyński 5487401aba Improved [SSH-7408] with 'MaxSessions'. 2015-12-06 01:46:47 +01:00
Kamil Boratyński 47576a1bd0 Improved [SSH-7408] with 'MaxStartups'. 2015-12-06 01:46:35 +01:00
Kamil Boratyński 35b663cff9 Improved [SSH-7408] with 'LoginGraceTime'. 2015-12-06 01:45:31 +01:00
Kamil Boratyński 96dfb5cf15 Improved [SSH-7408] with 'Port'. 2015-12-06 01:41:23 +01:00
Kamil Boratyński c394024769 [SSH-7408]: Implemented '!' test type. 2015-12-05 21:46:03 +01:00
Kamil Boratyński d191bed2d7 Improved [SSH-7408] with 'ClientAliveInterval'. 2015-12-05 21:37:27 +01:00
Kamil Boratyński 7bcf442a1e Improved [SSH-7408] with 'ClientAliveCountMax'. 2015-12-05 21:36:13 +01:00
Kamil Boratyński c252b9b376 Improved [SSH-7408] with 'MaxAuthTries'. 2015-12-05 21:18:35 +01:00
Kamil Boratyński 2e37c17675 [SSH-7408]: Implemented '>' test type. 2015-12-05 21:18:35 +01:00
Kamil Boratyński 9a30640327 [SSH-7408]: Implemented '<' test type. 2015-12-05 21:18:32 +01:00
Kamil Boratyński 013886ec16 Refactorized [SSH-7408]. 
First step for differents types of tests.
 2015-12-05 20:39:30 +01:00
Alexander Lobodzinski 199483bd1e Remote syslog server not detected for syslog-ng 2015-12-04 15:43:20 +01:00
mboelen 3e94c4a8f0 Added ssh_host_ed25519_key and ssh_host_ed25519_key.pub as sources to create Host ID 2015-12-04 14:25:24 +01:00
Michael Boelen e227b42eaf Merge pull request #84 from laurentquillerou/master 
Added firewire-core module detection and improvement to egrep statement
 2015-12-04 14:21:57 +01:00
mboelen 386d7701f3 New SSH options added and small changes to improve output on screen and in log file 2015-12-04 11:05:13 +01:00
Kamil Boratyński 9421feb704 Improved [SSH-7408] with 'Compression'. 2015-12-04 09:29:54 +01:00
Kamil Boratyński 201a6728b8 Improved [SSH-7408] with 'TCPKeepAlive'. 2015-12-04 02:30:28 +01:00
Kamil Boratyński 11c6b06c91 Improved [SSH-7408] with 'FingerprintHash'. 2015-12-04 02:29:18 +01:00
mboelen 7d0f5acc54 No warnings for SSH configuration, instead only use suggestions. Plus logging of details. 2015-12-03 12:15:49 +01:00
mboelen e75569babf If a suggestion has specific details, show it on screen 2015-12-03 12:14:39 +01:00
Kamil Boratyński 10b9edd8ef Improved [SSH-7408] with 'PrintLastLog'. 2015-12-03 02:37:56 +01:00
Kamil Boratyński 42a5df3796 Improved [SSH-7408] with 'X11Forwarding'. 2015-12-03 02:29:57 +01:00
Kamil Boratyński cd3cd74b8e Improved [SSH-7408] with 'UseDNS'. 2015-12-03 02:29:57 +01:00
Kamil Boratyński e656111c75 Improved [SSH-7408] with 'IgnoreRhosts'. 2015-12-03 02:29:57 +01:00
Kamil Boratyński 37ab68d501 Improved [SSH-7408] with 'PermitEmptyPasswords'. 
[SSH-7408] will verify 'PermitEmptyPasswords' option too.
 2015-12-03 02:29:57 +01:00
Kamil Boratyński 66b0ee3977 Moved [SSH-7416] into [SSH-7408]. 2015-12-03 02:29:56 +01:00
Kamil Boratyński a07c7ae4f9 Moved [SSH-7412] into [SSH-7408]. 2015-12-03 02:29:56 +01:00
Kamil Boratyński dcd8f89256 Moved [SSH-7414] into [SSH-7408]. 2015-12-03 02:29:56 +01:00
Kamil Boratyński f28fd77583 Modified [SSH-7408] -- made it widely usable. 
Modified [SSH-7408] in such a way that every option for SSH server might
be added in SSHOPS with expected (and wrong) values
(like it was described in comment).
 2015-12-03 02:29:54 +01:00
Michael Boelen 9ca47fd220 Merge pull request #86 from RebuiltBits/master 
Add Python version 2/3 detection and report it
 2015-12-02 18:06:33 +01:00
mboelen d73e79193a Test for longer status string 2015-12-02 17:50:35 +01:00
mboelen 2b101e75e8 Audit status of application firewall and added test for Mac OS X (FIRE-4532) 2015-12-02 17:37:58 +01:00
mboelen 4ab96e4f39 Improved test FIRE-4512 so that it also triggers if no more than 10 rules are found 2015-12-02 16:55:41 +01:00
mboelen 54e7f62d9a Enhancements to retrieve file permissions and related logging 2015-12-01 12:38:40 +01:00
Kamil Boratyński c1c0d722d0 Implemented ISSUE: #11 
Test [STRG-1840] checks authorization.
 2015-12-01 01:18:46 +01:00
mboelen c79a1ea3a4 Show error on screen if license server can not be contacted 2015-11-22 20:43:06 +01:00
mboelen c3054de0fe Added details to logging if upload fails 2015-11-22 19:35:34 +01:00
mboelen 391f67e7c2 Show warning if any error happened during license check 2015-11-22 19:25:32 +01:00
mboelen ce0955d05c Show warning when upload was not succesful 2015-11-22 19:05:25 +01:00
mboelen 756c09cb4a Added YUM details 2015-11-18 15:57:33 +01:00
mboelen c68b70ff2e Extended YUM test for security plugin testing 2015-11-18 15:55:49 +01:00
Jason Novinger e5cc018ad1 Add python2/3 detection and report version 
Add support for checking generic Python, Python 2.x, and Python 3.x with
version reporting.
 2015-11-07 18:16:23 -06:00
mboelen 510de19ce9 NETW-3004 now collects interfaces from most common operating systems 2015-10-27 13:33:16 +01:00
mboelen 7b3299fcb9 Changes to AUTH-9286 to check for minimum age as well 2015-10-27 12:42:41 +01:00
Laurent Quillerou 18eef30c12 Added firewire-core module detection 2015-10-25 18:00:58 +02:00
mboelen a98f377f4d Test for blacklisted host ID values 2015-10-23 13:42:23 +02:00
mboelen d058ba8bfc Added password history tests to PAM plugin 2015-10-22 15:55:14 +02:00
mboelen ebc7cb113e Create a host ID by using SSH keys, when possible 2015-10-22 15:54:51 +02:00
mboelen 69cbabfed2 Log when vulnerable packages are found 2015-10-21 21:45:53 +02:00
Alexander Lobodzinski 250d5b3e0c ypldap on OpenBSD 2015-10-16 11:52:25 +02:00
Alexander Lobodzinski 34eb749636 Authentication fixes for OpenBSD 2015-10-16 11:24:23 +02:00
mboelen a5583da5c3 Adding correct variables for proper logging and testing 2015-10-15 15:57:27 +02:00
mboelen 9d1cec8a9b Changes to check for presence BusyBox, to better support platforms using this as primary shell 2015-10-14 16:49:57 +02:00
Michael Boelen 776a70d6cf Merge pull request #82 from SiemKorteweg/master 
Optimized use of cat, grep and awk.
 2015-10-14 10:55:33 +02:00
mboelen 6bea4e0334 Use POSIX compatible flag, so it also works on BusyBox 2015-10-14 10:28:27 +02:00
mboelen b1437a05ef For exceptions the lynis.log file is a better source 2015-10-14 10:27:37 +02:00
SiemKorteweg 0c48fc3880 Optimized use of cat, grep and awk. 
Detection of duplicate entries in /etc/hosts is now more robust.
On CentOS7 the SERVICE_MANAGER is detected correctly.
 2015-10-10 13:25:14 +02:00
Michael Boelen c0378f38f5 Merge pull request #80 from SiemKorteweg/master 
Combine "sort | uniq" to "sort -u" and sorting data first before making it unique.
 2015-10-08 22:46:21 +02:00
mboelen a99a3d348e Added audit daemon and PAM variables 2015-10-08 16:25:35 +02:00
mboelen fb1cf9e547 Rename PCI-DSS to PCI DSS 2015-10-08 16:25:09 +02:00
SiemKorteweg b7d24c3413 Make sure that the input of "uniq -d" is sorted to avoid that duplicate UID's and hosts entries are missed. 2015-10-06 20:02:33 +02:00
SiemKorteweg bf1da50c14 Combine "sort | uniq" into "sort -u" to reduce the number of processes used for running Lynis. The busybox version of sort also supports the -u option. 2015-10-04 17:59:28 +02:00
mboelen 009a363550 Properly show compliance status now 2015-10-01 22:40:49 +02:00
mboelen ac87ce4c79 Added DisplayManual function, friendly name for compliance, minor enhancements 2015-10-01 22:40:29 +02:00
mboelen 3f8b826585 Renaming of variables for clarity 2015-10-01 22:39:01 +02:00
mboelen 385e62b6a5 Compliance variables 2015-10-01 22:38:29 +02:00
mboelen d6a8a3c425 Correct testing for disabled/blacklisted USB storage driver 2015-10-01 19:56:39 +02:00
mboelen a6ac097a93 Redirect possible errors instead of display on screen 2015-10-01 16:06:27 +02:00
mboelen 85f6c555b2 Minor cleanup and redirecting possible errors 2015-10-01 16:02:09 +02:00
mboelen 2b5c63bff9 Added ShowComplianceFinding function to display any non-compliance with security standards 2015-10-01 13:16:27 +02:00
mboelen 55ee1e90bc Check correct variable for enabled compliance standards 2015-10-01 12:59:15 +02:00
mboelen 9505a10dd7 Add profile setting compliance_standards to define which ones are enabled 2015-10-01 11:59:50 +02:00
mboelen 4c0fa90478 Added variables for compliance standards like HIPAA, ISO27001/ISO27002 and PCI-DSS 2015-10-01 11:58:34 +02:00
mboelen c9c78f751d Added plugin phase variable and specific PAM settings 2015-10-01 11:49:30 +02:00
mboelen fee1961eed Added DigitsOnly function to extract only numbers from a text string 2015-09-30 18:34:16 +02:00
mboelen cf11b95c3f Added detection of ESET products and logging of malware scanner to report 2015-09-28 11:00:34 +02:00
mboelen adb5948b30 Properly parse updated way of storing warnings and suggestions 2015-09-24 21:42:21 +02:00
mboelen cc4feee4e5 New way of reporting a warning 2015-09-24 21:41:48 +02:00
mboelen 784224f4e7 Uniform way of saving warnings and suggestions to the log for later parsing 2015-09-24 21:40:54 +02:00
mboelen 5dfb031e4d Removed bracket 2015-09-24 21:26:55 +02:00
mboelen 1edaba4d71 Added new test [CONT-8108] to check file permissions of Docker files 2015-09-24 20:29:05 +02:00
mboelen 5fe1e6dd65 Corrected logging for tests related to /etc/newsyslog.conf parsing 2015-09-24 20:27:49 +02:00
mboelen 41e08807c9 Changed description of place holder 2015-09-24 20:27:17 +02:00
mboelen 8b5b8b4a01 Added new parameters to ReportSuggestion and ReportWarning functions 2015-09-24 20:26:32 +02:00
mboelen 84821a4ed0 Removed [AUTH-9230] and merged it into [AUTH-9228] 2015-09-24 20:24:46 +02:00
mboelen 31363e9b39 Extended description for vulnerable package tests on FreeBSD 2015-09-24 20:14:59 +02:00
mboelen 2bcb519123 Changed test IDs of place holders 2015-09-24 20:13:05 +02:00
mboelen 9023f17662 Changed test IDs of place holders 2015-09-24 20:12:19 +02:00
mboelen c17fcfd92d Corrected PKGS-7380 and undoubled PKGS-7381 2015-09-24 20:10:30 +02:00
mboelen 1b9b084c03 Changed lmd to maldet, as LMD detection 2015-09-24 17:45:11 +02:00
mboelen 4f5eedabfc Added the detection of LMD, or Linux Malware Detect tooling 2015-09-24 16:45:03 +02:00
Alexander Lobodzinski d80bf2f437 Bugfix: wrong logtext for HRDN-7230 2015-09-22 12:00:44 +02:00
Alexander Lobodzinski adc57330f6 Bugfix: nginx SSL detection worked on Linux only (only GNU sed understands \t on the command line) 2015-09-21 13:04:44 +02:00
Michael Boelen 14a79d8a63 Merge pull request #78 from rsmith-nl/freebsd-services 
Improvements for FreeBSD services
 2015-09-16 23:35:54 +02:00
Roland Smith f11783dbdf Merge branch 'master' into freebsd-services 2015-09-16 20:29:51 +02:00
mboelen 32226d145f Merged patch to properly log umask value 2015-09-16 17:03:13 +02:00
mboelen 91c9760598 Add hardening points properly to umask tests 2015-09-16 17:01:17 +02:00
mboelen d786c687a1 Added variables which were not initialized before 2015-09-16 17:00:12 +02:00
Alexander Lobodzinski 37f9dcb8cc Bugfix for BSD: unrelated variable got logged instead of umask 2015-09-14 19:38:00 +02:00
mboelen df5ff883da Merge branch 'master' of https://github.com/CISOfy/Lynis 2015-09-12 15:19:29 +02:00
mboelen 6fbe0e95c5 Changes to comments only 2015-09-12 15:19:21 +02:00
Alexander Lobodzinski d2c0e7491e In quiet mode, hardening index was not written to log and report files 2015-09-11 14:54:38 +02:00
mboelen 78f32c2f28 Added screen output for /etc/login.conf 2015-09-10 21:46:23 +02:00
mboelen 7d0759297e Corrected case function 2015-09-10 21:42:30 +02:00
mboelen 21d305b689 Add support for testing umask value in /etc/login.conf like FreeBSD systems 2015-09-10 21:07:06 +02:00
mboelen 0b9c6132c6 Add test [SHLL-6230] to test for umask values in common shell configuration files 2015-09-10 21:06:40 +02:00
mboelen fa98d9bba2 Import of tool tips section 2015-09-10 21:05:04 +02:00
mboelen b43bf17954 Remove tool tips section from report 2015-09-10 21:04:18 +02:00
mboelen 28d9a49a5f Renamed BINPATHS to BIN_PATHS 2015-09-10 19:45:12 +02:00
mboelen 0db8eca467 Count total amount of suggestions and warnings 2015-09-10 09:18:20 +02:00
mboelen 7feb7e9a6c Show amount of suggestions and warnings 2015-09-10 09:18:03 +02:00
mboelen b6c0736d6e Added counters for suggestions and warnings 2015-09-10 08:35:57 +02:00
mboelen a8972b7b7f Changed exit codes when using incorrect parameters 2015-09-10 08:35:40 +02:00
mboelen 7f4ee7ba56 Added ExitCustom function and notes for virtualization 2015-09-10 08:35:09 +02:00
mboelen 090bb2d4eb Extended virtualization tests and logging 2015-09-09 20:24:48 +02:00
mboelen 5f2ef483f6 Improved tests and logging for automation tools 2015-09-08 16:02:41 +02:00
Michael Boelen e1c2891db9 Merge pull request #74 from alobodzinski/tooling-cf3 
CFEngine 3 detection
 2015-09-08 15:08:49 +02:00
mboelen 174172eeba Simplify: clarify if a particular set of module is not available, instead of showing cross 2015-09-08 14:59:25 +02:00
mboelen e9373b59b0 Cleanup: Don't show pflogd status on screen, when pf is not available 2015-09-08 14:49:42 +02:00
Alexander Lobodzinski 66ff2a9229 Fixed typos 2015-09-08 14:28:24 +02:00
Alexander Lobodzinski 2d72fe18d3 Detect automation with Cfengine 3 2015-09-08 14:19:11 +02:00
mboelen 1316fdf38b Changed identation for GRUB2 test 2015-09-07 21:13:12 +02:00
Michael Boelen 59390f1717 Merge pull request #73 from laurentquillerou/nginx-conf 
Include main nginx.conf file in parsing.
 2015-09-07 21:06:08 +02:00
Michael Boelen 48fd39c570 Merge pull request #71 from alobodzinski/openbsd-httpd 
merging pull request to skip httpd on OpenBSD systems.
 2015-09-07 20:58:55 +02:00
Laurent Quillerou b83c3fbb10 Include main nginx.conf so that it generate nginx_config_option 2015-09-07 18:52:19 +03:00
mboelen e50eef0c19 Added hint for possible extension to kernel scheduler 2015-09-07 17:43:00 +02:00
mboelen d23ef2db0b Changed screen identation of GRUB2 test 2015-09-07 17:42:29 +02:00
mboelen 1283ccc061 Added new test for UEFI detection [BOOT-5116] and storing data in report 2015-09-07 17:41:05 +02:00
mboelen 919995eb5a Added UEFI_BOOTED_SECURE 2015-09-07 17:40:26 +02:00
mboelen 429fb62fd7 Added UEFI_BOOTED 2015-09-07 17:40:03 +02:00
Laurent Quillerou 3cdd9ea949 Delete trailing whitespace 2015-09-07 18:35:07 +03:00
Alexander Lobodzinski f7ec431a65 /usr/sbin/httpd on OpenBSD is builtin non-Apache webserver, do not run with -v 
If Apache is installed it is detected in /usr/local/sbin/httpd nevertheless
 2015-09-07 17:31:18 +02:00
Michael Boelen a90d225bf4 Merge pull request #68 from d4t4king/master 
include/tests_filesystems tweak
 2015-09-07 12:06:06 +02:00
mboelen 84baf688c8 Renumber test and search for explicit yes value, log status 2015-09-07 11:26:09 +02:00
Michael Boelen f471bf9d96 Merge pull request #70 from kboratynski/auth-9407 
Wrote 'AUTH-9407' - logging failed login attempts.
 2015-09-07 11:19:40 +02:00
mboelen 5165e57b86 Added report option to store logging status of failed logins 2015-09-07 11:17:38 +02:00
mboelen 53840a4cfb Added variable for logging status of failed logins 2015-09-07 11:17:08 +02:00
mboelen fc27379452 Minor cleaning up and improved comment 2015-09-07 10:13:20 +02:00
Kamil Boratyński 0e97f7936f Wrote 'AUTH-9407' - logging failed login attempts. 2015-09-07 04:12:58 +02:00
mboelen a42e8feac2 Added Unbound status and configuration check, logging name cacher status to report file 2015-09-06 21:38:21 +02:00
mboelen 88caa85f59 Added default values for name cachers and Unbound status 2015-09-06 21:37:26 +02:00
mboelen 4a354c8479 Change ipfw to IPFW, change exeception ID for IPFW test 2015-09-06 17:42:56 +02:00
mboelen 10a300ddb7 Don't show pf status on screen when it is not available 2015-09-06 17:38:15 +02:00
Michael Boelen 8ab314cf07 Merge pull request #43 from rsmith-nl/ipfw 
Add test for 'ipfw' firewall on FreeBSD.
 2015-09-06 17:34:36 +02:00
mboelen 05dd1a6814 Remove systemctl to detect virtualization, use systemd-detect-virt instead 2015-09-05 18:51:36 +02:00
mboelen 461920ff72 Enabled dmidecode for virtualization detection 2015-09-05 18:41:04 +02:00
Michael Boelen 2fd7788b9b Merge pull request #58 from markruys/master 
More reliable and often faster check to determine virtualization.
 2015-09-05 17:34:18 +02:00
squid-cache-object 12d9b38288 Update tests_filesystems 2015-09-03 14:14:02 -07:00
Michael Boelen 3927d60b8e Merge pull request #69 from alobodzinski/name-4406-hostname-clash 
Do not let a hostname that is contained in "localhost" like "cal" tri…
 2015-09-03 17:35:25 +02:00
Alexander Lobodzinski e1a87794bc Do not let a hostname that is contained in "localhost" like "cal" trigger a false positive 2015-09-03 17:20:34 +02:00
mboelen d9b7d9a9fd Combined several potential mount option tests into 1 unit 2015-09-03 15:44:10 +02:00
mboelen f4c2bd52fb Ensure that docker is a file, not directory in /usr/libexec 2015-09-03 15:43:33 +02:00
mboelen 235b228fe2 Added vmtoolsd detection 2015-09-03 11:15:55 +02:00
dataking e37446521d include/tests_filesystems tweak 2015-09-01 11:50:07 -07:00
mboelen 2577caf66d Only show suggestion for ntpdate if ntpd isn't running 2015-09-01 17:40:05 +02:00
mboelen d2aaa9662e Changed test description 2015-09-01 16:10:16 +02:00
mboelen 18d97ce60e Use different status for unused firewall rules 2015-09-01 15:50:14 +02:00
mboelen 8cefc0f7b9 Show different status on screen when expired SSL certificates were found 2015-09-01 15:49:50 +02:00
mboelen d4b1812962 Changed screen output when finding old files in /tmp 2015-09-01 15:47:32 +02:00
mboelen 401bf26c91 NIS improvement for test 2015-09-01 13:37:55 +02:00
mboelen 7cb9e364c7 Proper filtering for IPv6 addresses 2015-08-31 13:23:17 +02:00
mboelen d1ae757240 Replaced -z for empty string testing 2015-08-20 18:50:30 +02:00
Michael Boelen afe30cf3a7 Merge pull request #56 from mpepping/master 
Comparison error when Docker is present, but the daemon is not running (or unset).
 2015-08-20 18:48:32 +02:00
mboelen 210ba41a3c Improved umask detection and logging 2015-08-20 18:46:06 +02:00
mboelen 649f0cfb3c Improved BOOT-5180 detection for newer systems like Debian 8 and screen output enhancement 2015-08-20 18:37:03 +02:00
mboelen 7bd91675fe Improved debug logging 2015-08-19 16:20:21 +02:00
mboelen 0c2a9daef9 Show help on screen 2015-08-19 16:19:14 +02:00
mboelen 8c1e1f29a3 Additional logging 2015-08-19 16:02:50 +02:00
mboelen 2e87b8fde9 Apply additional checks on first cURL command execution 2015-08-19 15:51:52 +02:00
mboelen c153344240 Capture self-signed certificates during upload with cURL 2015-08-19 15:31:24 +02:00
Mark Ruys 919e48001d More reliable and often faster check to determine virtualization. 2015-07-27 12:38:13 +02:00
Martijn Pepping 25c8567b57 Fixed an comparison error when Docker is present, but the daemon is not running (or unset). 2015-07-24 23:58:50 +02:00
Mark Ruys c998924b51 Fix STRG-1840 (Check for disabled USB storage) 2015-07-24 15:11:39 +02:00
mboelen dd66273f41 Removed unused categories 2015-07-22 18:28:34 +02:00
mboelen db131518f0 Clean up code 2015-07-22 17:37:39 +02:00
mboelen afd01ece5d Remove incomplete tests, code enhancements 2015-07-22 17:37:11 +02:00
mboelen 66fb369593 Copyright line changes and cleanups 2015-07-22 16:28:11 +02:00
mboelen 17c44ced52 Include examples and clarify usage 2015-07-22 14:57:57 +02:00
mboelen 8f9a616854 Add more descriptive text to the template 2015-07-22 14:26:25 +02:00
mboelen 2b1061ef14 Added suggestions for Solaris auditing 2015-07-22 13:47:44 +02:00
mboelen fd5c968d16 Cleaning up some lines 2015-07-22 13:44:30 +02:00
mboelen afaecd9512 Removing deprecated strings and cleaning up 2015-07-22 12:21:36 +02:00
mboelen 95d08a735a Optimizing code, cleaning up 2015-07-22 12:20:27 +02:00
mboelen e06d706c83 Optimizing code, cleaning up 2015-07-22 12:20:03 +02:00
mboelen 6857f01500 Added LDAP configuration file location to report, and code cleanups 2015-07-16 17:02:15 +02:00
James White f341b01e4d Fix false positive matches with unsafe ports on SQD-3624 
The grep statement needs to be modified to prevent tagging port values that contains a value in `SQUID_DAEMON_UNSAFE_PORTS_LIST` but aren't actually the listed port.
 2015-07-15 11:50:56 +01:00
Michael Boelen 4266992f6b Merge pull request #39 from aneeshusa/check-locate-preqs 
Prevent the locate test from running spuriously when locate is not present.
 2015-07-14 00:55:47 +02:00
Michael Boelen 6694add635 Merge pull request #38 from aneeshusa/update-systemd-sulogin-detection 
Update check for sulogin under systemd.
 2015-07-14 00:49:40 +02:00
mboelen e8111a124f Increase default minimum amount of connections before alerting 2015-07-14 00:31:59 +02:00
mboelen 7d30538311 Added missing bracket 2015-06-17 17:13:44 +02:00
mboelen b947bb085c Changed detection, added examples of fstab entries 2015-06-17 17:06:51 +02:00
mboelen f34e59663f Report hardening index, even when report is not shown 2015-06-11 20:50:19 +02:00
mboelen f0026427bb Textual changes 2015-06-11 13:58:30 +02:00
mboelen 0d4b25d308 Disable suggestion for this test 2015-06-11 13:58:16 +02:00
mboelen e13a9087ea Added compilers to report 2015-06-11 13:57:57 +02:00
mboelen 72feac9638 Added additional legal words for banner usage 2015-06-11 13:57:37 +02:00
mboelen 785ac74f91 Moved tests to new container group 2015-05-27 12:36:34 +02:00
mboelen 5f3c47df68 Added debsecan, debsums and kernel package counting 2015-05-27 12:35:56 +02:00
mboelen 7f0fbcf359 Initial import for container category 2015-05-27 12:34:01 +02:00
mboelen f60011eb1b Removing tests which were already performed in authentication section. 2015-05-27 11:43:08 +02:00
mboelen 917c790ecc Changed text 2015-05-27 11:42:31 +02:00
mboelen fe636c7d6c Docker support 2015-05-27 11:25:35 +02:00
mboelen 30b9b1edd9 Added support for Docker binary 2015-05-27 11:25:07 +02:00
mboelen bb696a04f1 Improved detection of directories in logrotate 2015-05-26 11:13:47 +02:00
mboelen c70f3e93cd Cleanup of screen output, with focus on minimum output 2015-05-26 11:13:23 +02:00
mboelen a1095ef941 Improved swap detection and added UUID check 2015-05-26 11:12:36 +02:00
mboelen 3c3bb2d0db Do not show auditd suggestion for OpenVZ systems 2015-05-26 11:11:42 +02:00
mboelen 1a04109dad Extended descriptions 2015-05-26 11:11:15 +02:00
mboelen 52b8c3a6a7 Added VMTYPE 2015-05-26 11:10:50 +02:00
mboelen b885b9f84f Add missing pipe 2015-05-25 23:20:52 +02:00
mboelen 1d1aa3c966 Improved kernel detection on Slackware 2015-05-25 23:17:42 +02:00
mboelen 2f0e9f0981 Changed last line 2015-05-25 23:17:21 +02:00
mboelen ef2b12e218 Added block and character type devices as symlinks 2015-05-25 23:17:08 +02:00
mboelen 3f3ced806e Changed last line 2015-05-25 23:16:45 +02:00
mboelen 7854eeae20 Chronyd support, finishing test 2015-05-25 17:45:41 +02:00
mboelen 1c07e6fa2c New test TIME-3106, Chronyd and systemd-timesyncd support 2015-05-25 17:33:51 +02:00
mboelen 45114e6557 Chef support added 2015-05-25 17:20:58 +02:00
mboelen f3bd9ca9ad Display only the tools actually found, to keep screen output as clean as possible 2015-05-17 23:22:54 +02:00
mboelen 46f9a3dec8 Log file integrity monitoring tool, adding support for lfd (CSF) tool 2015-05-17 23:01:38 +02:00
mboelen 283e198c23 Improved detection of blacklisted/disabled modules 2015-05-17 23:00:28 +02:00
mboelen 893e17d982 Added new AddSystemGroup function 2015-05-13 14:45:50 +02:00
mboelen 5729189349 Added additional legal words for banners 2015-05-13 14:45:16 +02:00
mboelen c37e2eb9eb Extended Sophos detection 2015-05-04 13:37:36 +02:00
mboelen 22810e58e7 Replace existing update check options with new helper utility 2015-04-30 01:28:33 +02:00
mboelen 943b944a13 New profile options for automatic updates 2015-04-30 01:28:05 +02:00
mboelen 0e581e6ad7 Initial import of helper for automatic updates 2015-04-30 01:27:36 +02:00
mboelen 8ae3cfd5ad Remove unused variable 2015-04-30 01:25:18 +02:00
mboelen 1ece78f1a8 Set default for showing program details at start 2015-04-30 01:23:47 +02:00
mboelen 508cf7ac71 Added missing space 2015-04-29 19:58:13 +02:00
mboelen 6a0417da8b Added Python and updated PHP description 2015-04-29 14:20:46 +02:00
mboelen 70e20d514c Ensure that only one value is provided 2015-04-29 13:53:40 +02:00
mboelen 2cd57933b6 Correction of Display function 2015-04-29 11:57:57 +02:00
mboelen aa8410477e Performance tuning by removing full listing of binaries from log 2015-04-29 11:57:30 +02:00
Roland Smith 1bb5b4b0a6 FreeBSD uses the bsdrc service manager. 
With this patch, a run on my machine returns:

    [+] Initializing program
    ------------------------------------
    - Detecting OS...  [ DONE ]

    ---------------------------------------------------
    Program version:           2.1.1
    Operating system:          FreeBSD
    Operating system name:     FreeBSD
    ...

    [+] Boot and services
    ------------------------------------
    - Service Manager [ bsdrc ]
 2015-04-27 20:09:18 +02:00
Roland Smith db828b5e03 Used service(8) to discover running services. 
On all supported FreeBSD releases, the service(8) program can be used to
discover which services are running. This program has been added to the test
for binaries. If available, it will be used to test for services. If not, the
original code that parses /etc/rc.conf is used.

On my system, the following information is produced in the logfile:

    [19:51:22] Performing test ID BOOT-5165 (Check for FreeBSD boot services)
    [19:51:22] Searching for services at startup (service)
    [19:51:23] Found service (service/rc.conf): bgfsck
    [19:51:23] Found service (service/rc.conf): cleanvar
    [19:51:23] Found service (service/rc.conf): cron
    [19:51:23] Found service (service/rc.conf): cupsd
    [19:51:23] Found service (service/rc.conf): dbus
    [19:51:23] Found service (service/rc.conf): devd
    [19:51:23] Found service (service/rc.conf): dmesg
    [19:51:23] Found service (service/rc.conf): dnsmasq
    [19:51:23] Found service (service/rc.conf): gptboot
    [19:51:23] Found service (service/rc.conf): hostid
    [19:51:23] Found service (service/rc.conf): hostid_save
    [19:51:23] Found service (service/rc.conf): ip6addrctl
    [19:51:23] Found service (service/rc.conf): ipfw
    [19:51:23] Found service (service/rc.conf): mixer
    [19:51:23] Found service (service/rc.conf): motd
    [19:51:23] Found service (service/rc.conf): newsyslog
    [19:51:23] Found service (service/rc.conf): nginx
    [19:51:23] Found service (service/rc.conf): openntpd
    [19:51:23] Found service (service/rc.conf): postfix
    [19:51:23] Found service (service/rc.conf): powerd
    [19:51:23] Found service (service/rc.conf): sendmail
    [19:51:23] Found service (service/rc.conf): smartd
    [19:51:23] Found service (service/rc.conf): syslogd
    [19:51:23] Found service (service/rc.conf): virecover
    [19:51:23] Found 24 services/options to run at startup

The report shows:

    [+] Boot and services
    ------------------------------------
    - Service Manager [ UNKNOWN ]
    - Checking presence FreeBSD loader [ FOUND ]
    - Checking services at startup (service/rc.conf) [ DONE ]
    Result: found 24 services/options set
 2015-04-27 19:58:07 +02:00
Roland Smith 4d94227a08 Find FreeBSD service binary. 2015-04-27 19:33:11 +02:00
Roland Smith a0b20fcfe3 Wrap ipfw test in SKIPTEST block. 2015-04-27 18:26:39 +02:00
Roland Smith ded7e95a14 Check if ipfw is enabled in rc.conf. 2015-04-27 18:24:18 +02:00
Roland Smith 5d7dc80481 Initial version of IPFW test (FreeBSD). 2015-04-27 18:24:11 +02:00