tyler.durden
/
lynis
mirror of https://github.com/CISOfy/lynis.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
2,183 Commits 2 Branches 62 Tags 17 MiB
Commit Graph

1458 Commits

Author SHA1 Message Date
Michael Boelen 532c1a9bb6
Add TOMOYO tests 2018-10-18 11:01:30 +02:00
Katarina Durechova 631853a924 [BOOT-5260] Make "sulogin" more generic for systemd rescue.service (#590) 2018-10-17 14:21:30 +02:00
Deon Spengler 72796f5757 Added support for TOMOYO Linux Mandatory Access Control (#589) 
* Added binary for TOMOYO Linux

* Added support for TOMOYO Linux Mandatory Access Control
 2018-10-17 14:20:52 +02:00
Michael Boelen 823ebd8268
Replaced 'warning' status to 'found' 2018-10-17 14:16:54 +02:00
Jesus Christian Cruz Acono 414be240e8 Update tests_ports_packages (#586) 
change " " <- space for [[:blank:]] (to clean all pausible spaces)
 2018-10-05 10:23:19 +02:00
Przemysław Dąbek fd75c9fd0f typo fix in warning message (#585) 2018-10-05 10:19:23 +02:00
Michael Boelen c1f9417792
Initialise some variables for uploading 2018-10-05 10:17:26 +02:00
Michael Boelen c50db85aaa
[DBS-1882] added support for QNAP path 2018-09-19 13:29:03 +02:00
Michael Boelen c34c8265ad
Detection for QNAP devices 2018-09-19 13:28:46 +02:00
Michael Boelen 7e41339d95
Added QNAP device variable 2018-09-19 13:26:27 +02:00
Michael Boelen bf1e99f3cd
[DBS-1882] added /usr/local/redis/etc path 2018-09-19 13:23:27 +02:00
Michael Boelen f8697db25b
[TIME-3104] added more logging 2018-09-19 13:19:57 +02:00
Michael Boelen 7635d58fe3
Add TODO for BusyBox support 2018-09-17 11:47:07 +02:00
Michael Boelen f0c84e3d01
[KRNL-5788] ignore exception when no vmlinuz file was discovered 2018-09-17 11:46:36 +02:00
Michael Boelen b4e93d4fcc
[PKGS-7322] Updated solution text 2018-09-17 09:23:04 +02:00
Michael Boelen 1d52e57e45
Changed output for remote system audit 2018-09-08 11:22:28 +02:00
Michael Boelen d0f4a90c00
Grammar change 2018-09-06 07:55:58 +02:00
superpoussin22 2334bba492 avoid “can't shift that many” error (#571) 
got this error on debian auditing a docker file when testing an ubuntu Dockerfile when lynis try to find KEY_USED
 2018-09-06 07:48:40 +02:00
Wagner 47de2dc4bf fix opensuse os detection with os-release (#578) 2018-09-06 07:47:38 +02:00
superpoussin22 9fe6dcde76 detect if latest TAG is used (#575) 
that's always better to specify the version, latest desn't mean latest version 
it can be a suggestion if you prefer
 2018-08-28 08:45:04 +02:00
Michael Boelen 91c6314a1a
Minor cleanups 2018-08-27 14:51:28 +02:00
Michael Boelen 67f9d25461
Updated list of options and man page 2018-08-27 14:25:59 +02:00
Michael Boelen 4df28ca659
[PHP-2372] test all PHP files for expose_php and improved logging 2018-08-23 12:23:48 +02:00
Michael Boelen afaae50989
[BOOT-5104] extended logging 2018-08-22 16:38:54 +02:00
Michael Boelen b005effc32
[BOOT-5104] improved parsing parameters to init process 2018-08-22 16:33:50 +02:00
superpoussin22 3b537fd8e8 Missing quotes and better display (#570) 
for KEY_USED
 2018-08-15 13:56:56 +02:00
superpoussin22 6ba7bad34e add a few basic test (#572) 2018-08-15 13:54:56 +02:00
superpoussin22 6567b16730 add alpine support (#569) 
also initialize a few variables which wasn't initialyzed
 2018-08-15 13:47:17 +02:00
superpoussin22 839977c3f6 Update helper_audit_dockerfile (#568) 
To support LABEL maintainer="toto" and LABEL maintainer "toto"
correct syntax from docker is LABEL maintainer="xxxxxxxxxxxxxxx"
 2018-08-07 14:46:47 +02:00
Michael Boelen 7ebccab207
Updated URL for Lynis controls 2018-08-03 11:20:31 +02:00
Michael Boelen 3f9d1308bb
[SSH-7408] adjusted classification of root login with keys 2018-07-25 13:35:00 +02:00
Michael Boelen 4ad2ee4ba2
[BOOT-5104] added busybox to service managers 2018-07-25 13:24:11 +02:00
Michael Boelen 7181b94382
[KRNL-5677] Limit PAE and no-execute test to AMD64 hardware only 2018-07-25 12:25:00 +02:00
Michael Boelen 54e8020edb
[LOGG-2190] ignore /dev/zero and /dev/[aio] as deleted files 2018-07-25 12:13:06 +02:00
Bernhard R. Fischer c024ce31d8 added path information for correct detection of config files and modules of Apache 2.4 (standard installation from ports tree) on FreeBSD (#562) 2018-07-24 19:08:45 +02:00
gkrystev 13d631781c Fix for umask check in case of multiple files (#560) 
In case when umask is checked in multiple files and in some of the files except the last one a weak umask is found, the tool reports weak mask for the rest of the files. In the example bellow, the weak umask is only in /etc/csh.cshrc. However, the check /etc/profile is reported weak as well.

Expected:

Checking default umask values
Checking default umask in /etc/bashrc [ OK ]
Checking default umask in /etc/csh.cshrc [ WEAK ]
Checking default umask in /etc/profile [ OK ]
Actual:

Checking default umask values
Checking default umask in /etc/bashrc [ OK ]
Chhhhecking default umask in /etc/csh.cshrc [ WEAK ]
Chhhhecking default umask in /etc/profile [ WEAK ]
 2018-07-24 19:08:08 +02:00
Michael Boelen 81ea5df3b3
Fix: extra operand error 2018-07-05 15:57:19 +02:00
Michael Boelen 1bf09ad60a
[KRNL-5830] improved text in log 2018-07-02 14:52:29 +02:00
Michael Boelen 65190d214c
Move reporting of hostid2 to main section to ensure it is added to report 2018-06-28 16:29:16 +02:00
Michael Boelen 85feee25d5
Merge branch 'master' of https://github.com/CISOfy/lynis 2018-06-26 11:37:18 +02:00
Thomas Sjögren 8321da24c7 query DNS with FQDN (#555) 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2018-06-26 11:36:55 +02:00
Michael Boelen d80ec9d084
Removed 'update release' from help text 2018-06-26 11:35:02 +02:00
Michael Boelen 34813302b4
Changed number of Exim test and minor changes 2018-06-26 11:34:09 +02:00
Dave Vehrs c11177f98b Initial Tests for Exim (#539) 
* Added kernel.dmesg_restrict to sysctl checks.

* Extending Exim Tests, round 1

* fixed a few string comparisons

* fixed old test

* Cleans to Exim options tests
 2018-06-26 11:27:26 +02:00
aram535 1caf9ad12d Updated tests_ssh, removed extra ssh in the test (#557) 
Seems like in the patch there was an extra 'ssh' added in the command line, which is breaking the ssh tests.  Removing the ssh keyword... -T -C ... fixes the problem.
 2018-06-22 12:29:25 +02:00
Carsten Grohmann bf2462272e [TIME-3160] Extend check for step-tickers file for RedHat (#553) 
On RedHat if the step-tickers file exists but empty, the ntp start
script uses the servers listed in ntp.conf for the initial time
synchronization.
 2018-06-06 13:59:07 +02:00
Michael Boelen 84faf57b30
[SSH-7402] when SSH configuration has Match block, allow evaluation of full configuration 2018-05-14 08:29:30 +02:00
Michael Boelen 4efe5dd363
[DNS-1600] Test is disabled until domain is configured 2018-05-02 13:35:46 +02:00
Michael Boelen 235ec1c8d4
Merge branch 'master' of https://github.com/CISOfy/lynis 2018-05-02 13:19:32 +02:00
kisst 039945bde6 DNS-1600 Check for DNSSEC validation (#535) 2018-05-02 13:19:01 +02:00