tyler.durden
/
lynis
mirror of https://github.com/CISOfy/lynis.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
2,569 Commits 2 Branches 62 Tags 17 MiB
Commit Graph

44 Commits

Author SHA1 Message Date
Michael Boelen 605e515c31
Updated forensics variable 2019-08-21 14:00:20 +02:00
Michael Boelen d395e1a2da
[CRYP-7930] extend test to use cryptsetup/lsblk or crypttab file 2019-08-21 13:50:01 +02:00
Michael Boelen a714568842
Merge pull request #731 from chr0mag/cryp-7930 
[CRYP-7930] Modify to use 'lsblk' and 'cryptsetup'
 2019-08-21 12:31:36 +02:00
Michael Boelen 9605f0fa80
Combined sort and uniq to sort -u 2019-07-26 15:34:02 +02:00
Julian Phillips e293af16aa Add FOUND var to unset list 2019-07-17 18:01:44 -07:00
Julian Phillips 84dd024887 [CRYP-7930] Modify to use 'lsblk' and 'cryptsetup' 
There are several challenges with the existing method of using
/etc/crypttab:

1)encrypted rootfs partitions are not typically listed in this
file (users are prompted for password in early boot instead)

2)the 'luks' option is the default option so it is possible for
/etc/crypttab entries to never have this set explicitly and any
block device configured as such will be missed currently

3)any device mounted manually, or using any other mechanism aside
from /etc/crypttab will be missed

This commit executes 'cryptsetup isLuks' on every block device in
the system to determine whether it is a LUKS device. This handles
all 3 cases mentioned above.

Test case wording was also updated to reflect the fact that it
only checks for LUKS entrypted block devices. So, plain dm-crypt
and TrueCrypt/VeraCrypt block device encryption is not detected.
Nor is any file system level encryption such as eCryptfs, EncFs,
gocryptfs.
 2019-07-17 16:18:12 -07:00
Michael Boelen fa8bad20db
Use -n instead of ! -z 2019-07-16 13:20:30 +02:00
Michael Boelen 09d8832a0b
[CRYP-7903] enhanced test to properly work 2019-07-09 11:42:04 +02:00
Michael Boelen 6891f64c39
Added CRYP-7930 2019-07-09 10:33:51 +02:00
Michael Boelen f3f6be6630
Fix for incorrect subdirectory retrieval and adding enhancement to reduce number of evaluations needed 2019-07-08 21:20:45 +02:00
Michael Boelen 2c17c14c3b
New profile option to ignore specified certificate directories 2019-07-08 15:08:56 +02:00
Michael Boelen 66066ae226
Changed year and preparing for new release 2019-01-31 14:47:35 +01:00
Michael Boelen 211fb9117c
[CRYP-7902] - Do prevalidation for certificates before testing them 2018-03-05 11:32:23 +01:00
Michael Boelen 66f8cb2441
Changed year 2018-01-11 09:50:26 +01:00
Michael Boelen c248ab6a16
[CRYP-7902] fix for bourne shell and rewrite 2017-09-06 12:56:32 +02:00
Bruno Vernay 4107d8a461 Support spaces in file names (#444) 
File names may contain spaces
 2017-08-29 14:32:42 +02:00
Michael Boelen 1190efac2b
[CRYP-7902] add a test to filter out non-certificate files 2017-08-18 19:19:15 +02:00
Michael Boelen 4a673aebc7
[CRYP-7902] certificate validation changed 2017-08-18 14:14:28 +02:00
Michael Boelen 60f94fef47
[CRYP-7902] prevent test from showing error on screen related to wrong certificate file 2017-07-18 11:51:45 +02:00
mslifcak 8d2b3a202f A250 2 (#398) 
* fix missing ROOTDIR prefix

* sort list of services before processing

* sort list of certificates before processing

* sort list of startup scripts before processing

* spell check

* remove possessive pronoun
 2017-05-31 15:40:39 +02:00
mslifcak af60a2463a 250 fixes (#393) 
* restore use of lshw

* add ROOTDIR to restore lost PHP file ref

* refactor certificate search to benefit older "find" command
 2017-05-23 14:56:25 +02:00
Michael Boelen d8e41ca118 [CRYP-7902] Support for Plesk file names 2017-03-14 16:42:39 +01:00
Michael Boelen 32b9af0767 [CRYP-7902] Test certificates with extension crt and pem, only if not part of a package 2017-03-12 16:35:50 +01:00
Michael Boelen 34ba1ba184 Changed date and preparing for release 2017-02-09 13:35:40 +01:00
Michael Boelen 81d8486cb0 [CRYP-7902] Gather more certificate details and style improvements 2016-09-08 21:04:02 +02:00
Michael Boelen 679e8c628e Use detected binaries 2016-08-25 15:31:33 +02:00
Michael Boelen 2f4c854ba7 Rename of categories, introduction of groups 2016-07-24 17:22:00 +02:00
Michael Boelen 8b8a1a9b66 [CRYP-7902] Use SSL paths as configured by profile 2016-07-05 16:46:50 +02:00
Michael Boelen 983e293eb1 Replaced text strings to allow translations 2016-06-18 11:14:01 +02:00
mboelen 42607ceaf5 Replaced old function names with new ones 2016-04-28 12:31:57 +02:00
mboelen 015287e963 [CRYP-7902] Added support for multiple profiles 2016-04-13 19:49:30 +02:00
mboelen 8cc47819b4 Removed copyright line, added description 2016-03-13 16:03:46 +01:00
mboelen 6197ac08e7 Added link to website, blog, github 2016-03-13 16:00:39 +01:00
mboelen d16b38eff8 Rename of logtext and report functions, upcoming year change 2015-12-21 21:17:15 +01:00
Laurent Quillerou 3cdd9ea949 Delete trailing whitespace 2015-09-07 18:35:07 +03:00
mboelen 8cefc0f7b9 Show different status on screen when expired SSL certificates were found 2015-09-01 15:49:50 +02:00
mboelen 66fb369593 Copyright line changes and cleanups 2015-07-22 16:28:11 +02:00
mboelen 5caf4ddc4f Update of the files to reflect HTTPS version of website and 2015. Happy New Year! 2015-01-03 12:45:22 +01:00
mboelen 1759f66181 Removed warning for expired SSL certificate, added suggestion instead 2014-12-03 14:13:29 +01:00
mboelen c9fde8c2d1 Code cleanup and small enhancements 2014-09-15 12:01:09 +02:00
mboelen bce234fa00 Removed warnings, updated changelog 2014-09-15 10:52:06 +02:00
mboelen dd2ea3efaf Made adjustments to run in non-privileged scans 2014-09-09 14:49:37 +02:00
mboelen 56cc2df2c2 Adjustments to allow non-privileged scan and reduce errors on screen 2014-09-08 23:51:27 +02:00
mboelen c0ae2e217b Initial import 2014-08-26 17:33:55 +02:00