tyler.durden
/
lynis
mirror of https://github.com/CISOfy/lynis.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
2,986 Commits 2 Branches 62 Tags 17 MiB
Commit Graph

73 Commits

Author SHA1 Message Date
Steve8291 10402538fa
Fix typo in kernel options description 2020-06-11 10:46:55 -04:00
Topi Miettinen 9642bcffc8
[CRYP-7902] Optionally check also certificates provided by packages 
The package maintainers are not immune to mistakes or they might not
always provide timely updates, so let's check (optionally) more
certificates even if they are delivered by packages.

I found three expired certificates in my Debian/unstable system,
thanks to changed Lynis.

Signed-off-by: Topi Miettinen <toiwoton@gmail.com>
 2020-04-02 12:52:13 +03:00
Michael Boelen d6324ee29a
Disabled shadow files in default profile as each Linux distribution has its own default 2019-09-14 13:20:26 +02:00
Michael Boelen f49f0a2029
Altered order of entries 2019-07-26 11:59:19 +02:00
Michael Boelen 76e84f4b56
Run non-interactive by default, use --wait to enforce waiting after finishing a group of tests 2019-07-12 14:38:52 +02:00
Michael Boelen 2c17c14c3b
New profile option to ignore specified certificate directories 2019-07-08 15:08:56 +02:00
Michael Boelen 007faf47c3
Cleanup of default profile and migration of permdir/permfile 2019-07-07 18:46:23 +02:00
Michael Boelen 3c7576f36b
Changed description and added note about strict checking 2019-07-07 16:19:10 +02:00
Michael Boelen 34ecd072b1
Merge branch 'master' of https://github.com/CISOfy/lynis 2019-07-03 15:40:37 +02:00
Michael Boelen ade3117307
New option to disable plugins via profile 2019-07-03 15:39:26 +02:00
Capashenn 5dbe4f20fc Add some default permfile/permdir 2019-03-25 10:58:19 +01:00
Michael Boelen 2c9116dc0c
Changed action from flush to clear 2018-03-03 14:42:54 +01:00
Michael Boelen 5711868d9e
Extended help 2018-03-03 14:39:25 +01:00
Michael Boelen 5e9253e8f4
Add host identifier options and use manual configured setting in function 2018-02-16 19:29:08 +01:00
Michael Boelen 35e8c0ab3a
Added kernel.yama.ptrace_scope 2018-01-23 15:09:59 +01:00
Michael Boelen 2bf6a5e038
Overhaul of default profile settings and parsing 2018-01-23 15:01:02 +01:00
Michael Boelen 1504370e41
Added solution, extended timestamps key values, allow multiple values 2018-01-11 10:19:16 +01:00
Michael Boelen 4042c45954
Changes for new plugin class 'hardware' 2017-12-08 09:37:55 +01:00
Michael Boelen e4cb190237
Support for allow-auto-purge option in profiles 2017-11-25 16:11:04 +01:00
Michael Boelen f903b6f079
Allow tags and system-customer-name to be specified 2017-06-22 10:15:39 +02:00
Dave Vehrs 933b01ea1f Added kernel.dmesg_restrict to sysctl checks. (#404) 2017-06-14 14:06:04 +02:00
0ri0n 9e10fdfbc8 Adds Protected Links Checks (#389) 
Fixes #386
 2017-05-03 09:20:35 +02:00
Michael Boelen 4d2e0e5aab Added another certificate path for Plesk 2017-03-14 16:47:01 +01:00
Michael Boelen 35440d437c Support for Plesk certificates path 2017-03-14 16:42:51 +01:00
Michael Boelen a19a34cbf3 Allow data uploads to be configured in profile 2017-02-21 15:40:06 +01:00
Michael Boelen 8d6bc1ad21 Allow colored output to be configured from profile 2017-02-16 10:27:54 +01:00
Michael Boelen a7838f4d08 Added authentication plugin 2017-02-14 20:06:02 +01:00
Michael Boelen 304a5c20a9 Added paths for SSL certificates 2016-11-29 14:28:16 +01:00
Michael Boelen 13d4d3d6b7 Add remark for automatic updates and packages 2016-11-08 09:03:17 +01:00
marcus-cr 56ce017b4f Updated profiles (#300) 
* Updated profiles

Added “personal” machine-role, changed “desktop” to “workstation”.

* Changed Default Profile

Amended roles of system: changed “desktop” to “workstation”, and added
“personal”.
 2016-10-26 12:35:47 +02:00
Michael Boelen b6a9d294d8 Added missing separator 2016-10-15 15:15:40 +02:00
Michael Boelen 2cc3adf7ac Added new sysctl values 2016-10-05 09:50:34 +02:00
Michael Boelen 870ac295c6 Show possible solution with findings 2016-09-24 15:51:05 +02:00
Michael Boelen ad678eca74 Changed suggested value for kernel.randomize_va_space 2016-09-13 17:26:44 +02:00
Michael Boelen af00c1e8d1 Added more sysctl keys 2016-08-18 14:52:15 +02:00
Michael Boelen d95ab3d253 Support sysctl checks with multiple profiles 2016-08-18 14:35:20 +02:00
Michael Boelen e176011912 Allow repository update to be disabled 2016-08-11 10:01:29 +02:00
Michael Boelen 07a113e46e Set initial value for language and improve auto detection 2016-07-12 20:32:15 +02:00
Lukas Pirl 77634d578c expect value of sysctl:kernel.kptr_restrict to be 2 (#224) 
from https://lwn.net/Articles/420403/:
  """
  The %pK format specifier is designed to hide exposed kernel
  pointers, specifically via /proc interfaces.  Exposing these
  pointers provides an easy target for kernel write vulnerabilities,
  since they reveal the locations of writable structures containing
  easily triggerable function pointers.  The behavior of %pK depends
  on the kptr_restrict sysctl. […] If kptr_restrict is set to 2,
  kernel pointers using %pK are printed as 0's regardless of
  privileges.
  """
 2016-07-11 10:11:18 +02:00
Michael Boelen e22322920f More reorganizing as options will be deprecated 2016-07-05 19:57:43 +02:00
Michael Boelen bac442c6fe Migrate to new options, including skip-plugins 2016-07-05 17:26:27 +02:00
Michael Boelen cb73cbb968 Migration of several settings to new format 2016-07-05 16:49:50 +02:00
Michael Boelen 3ef81ed20d Textual change related to languages 2016-06-21 08:08:00 +02:00
Michael Boelen f851834dbd Added support for multiple languages 2016-06-11 14:09:41 +02:00
mboelen 4dcb9eccff Allow skipping of plugins with --skip-plugins or skip-plugins 2016-04-25 16:00:10 +02:00
mboelen a3075d2e8f Added error-on-warnings 2016-04-25 10:17:14 +02:00
mboelen f1a5c41b87 Add note and changed example of quick 2016-04-19 19:43:25 +02:00
mboelen 89efa9fae8 Added new profile option: quick 2016-04-19 12:03:04 +02:00
mboelen 9192f4bbb8 Changed sections into comment lines 2016-04-13 16:08:57 +02:00
mboelen c70be62f4e Added Let's Encrypt path /etc/letsencrypt 2016-03-24 13:44:28 +01:00