tyler.durden
/
lynis
mirror of https://github.com/CISOfy/lynis.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
2,986 Commits 2 Branches 62 Tags 17 MiB
Commit Graph

150 Commits

Author SHA1 Message Date
Michael Boelen 36f86d76c4
[AUTH-9229] added option to look for LOCKED accounts 2020-06-23 13:57:14 +02:00
Michael Boelen 5288479296
Merge pull request #899 from bginsbach/auth-9218 
AUTH-9218 Improvements
 2020-04-03 09:48:39 +02:00
Brian Ginsbach ac7ad92f22 AUTH-9218 add NetBSD and OpenBSD 
All of the BSDs have `/etc/master.passwd`.
 2020-04-02 20:09:34 -05:00
Brian Ginsbach 50a60fed87 AUTH-9218 add requires root 
The `/etc/master.passwd` file on BSD systems is (or should be) read/write
root only. Skip the test if not being run as root.
 2020-04-02 20:09:15 -05:00
Brian Ginsbach 6308682cae Combine AUTH-9218 and AUTH-9489 
These two tests are essentially identical. There is no need separate
the DragonFly and FreeBSD tests. This will make it easier to add
support for other BSD systems.
 2020-04-02 20:09:01 -05:00
Brian Ginsbach 4bcd695428 AUTH-9268 Add DragonFly 
DragonFly also supports PAM. Rework to use the `--os` option of `Register`
rather than `--preqs-met` as the former can support a list.
 2020-04-02 15:59:11 -05:00
Michael Boelen 288bca9334
Merge pull request #887 from bginsbach/fix-auth-9229 
AUTH-9229 Do not use long options for sort
 2020-03-31 16:35:48 +02:00
Brian Ginsbach 90b17121ba Fix AUTH-9230 for systems without /etc/login.defs 
This fixes a bug where it was determined that /etc/login.defs didn't
exist as a prerequisite but then wasn't used to skip the test. Prevents
warnings from `grep(1)` for "no such file or directory".
 2020-03-29 15:31:41 -05:00
Brian Ginsbach 18daa9f495 AUTH-9229 Do not use long options for sort 
Use the standard `sort(1)` short option `-u` rather than `--unique`,
since not all versions support long options.
 2020-03-29 15:06:36 -05:00
Thomas Sjögren bc09f921f0 fix indentation 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2020-03-24 11:53:50 +01:00
Thomas Sjögren 0b9e2d85d6 fix tabs 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2020-03-24 11:45:05 +01:00
Thomas Sjögren 5341fa7b29 AUTH-9229 isnt related to login.defs, add AUTH-9230 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2020-03-24 11:44:14 +01:00
Michael Boelen 17bbaa8f7a
[AUTH-9229] make test only available for root 2020-03-23 13:19:10 +01:00
Michael Boelen 122619d01f
Merge pull request #874 from topimiettinen/check-password-hashing-methods 
Check password hashing methods
 2020-03-23 12:49:20 +01:00
Michael Boelen 17ac4d2c1c
[AUTH-9252] corrected permission check 2020-03-23 10:44:45 +01:00
Michael Boelen 058b071ea2
Merge pull request #877 from bginsbach/auth-9268-add-bsd 
Add FreeBSD and NetBSD to AUTH-9268
 2020-03-22 15:16:09 +01:00
Brian Ginsbach 33ba896b41 Add FreeBSD and NetBSD to AUTH-9268 
Add FreeBSD and NetBSD as both support PAM. Simplify the PREQS_MET
test by using a case rather than a long if or.
 2020-03-21 20:03:37 -05:00
Brian Ginsbach f56c3b5f94 Combine NetBSD and OpenBSD AUTH-9234 check 
Both NetBSD and OpenBSD have `useradd(8)`, so they can share logic
checking `/etc/usermgmt.conf` for the default user UID range.
 2020-03-21 16:16:34 -05:00
Brian Ginsbach 044c78452b Add AUTH-9234 for NetBSD 2020-03-21 16:10:05 -05:00
Topi Miettinen 4a51ad031b
Check password hashing methods 
Manual page crypt(5) gives recommendations for choosing password
hashing methods, so let's check if there are weakly encrypted
passwords in the system.

Signed-off-by: Topi Miettinen <toiwoton@gmail.com>
 2020-03-21 12:50:38 +02:00
Brian Ginsbach 32d1155953 Fix uses of non-standard find not operator 
Use ! rather than the non-standard -not find(1) operator.
 2020-03-20 14:37:56 -05:00
Michael Boelen 38310223a6
Updated date/year 2020-03-20 14:50:25 +01:00
Michael Boelen 0b0b0ea905
Style improvement 2020-03-12 16:01:11 +01:00
gfelkel 5bce9d598c
AUTH-9228 for HP-UX 
HP-UX also has /usr/sbin/pwck. For trusted systems, two additional options -s (check inconsistencies with the protected password database) and -l (check encrypted password lengths that are greater than 8 characters) are available.
 2020-01-23 13:30:46 +01:00
Michael Boelen 09f29a5e64
Code style improvement: quote argument 2019-12-18 12:17:46 +01:00
Dave Vehrs e6bf111f41 Updated tests for file permissions to case statements 2019-10-23 14:47:03 -06:00
Kristian Schuster 364b770c64
kernel-test: determine reboot requirement for more distros. Plus a few fixes 2019-09-28 00:39:12 +02:00
Michael Boelen 2c32e8e04d
Merge pull request #765 from Marzal/Marzal-AUTH-9282 
Fix auth-9282
 2019-09-21 15:49:58 +02:00
Marzal 0e1e80bacf Double quote to prevent globbing and word splitting.SC2086 2019-09-19 23:36:36 +02:00
Marzal 42ac40aad6 Change variable name from FIND to FIND_P so is not reset by Register 2019-09-19 23:33:19 +02:00
Michael Boelen 36627a4eb7
Style improvements 2019-09-19 14:05:15 +02:00
Michael Boelen 22a7f4fd6d
Combine multiple unsets into a single command 2019-08-26 08:01:43 +02:00
Michael Boelen 3006b8dd26
[AUTH-9408] both backslash and brackets needs to be individually escaped 2019-08-08 15:05:23 +02:00
Michael Boelen fdc2977575
[AUTH-9408] corrected description 2019-08-08 13:28:17 +02:00
Michael Boelen 8321b98689
[AUTH-9408] double escape to prevent error message (awk: warning: escape sequence '\[' treated as plain '[') 2019-07-26 11:11:03 +02:00
Michael Boelen b7fb98a47f
[AUTH-9266] skip .pam-old files in /etc/pam.d (used by Ubuntu) 2019-07-26 10:57:44 +02:00
Michael Boelen 63043b536d
[AUTH-9408] added support for pam_tally2 to log failed logins 2019-07-18 11:33:28 +02:00
Michael Boelen 2bd1b1b590
Format change 2019-07-16 19:05:28 +02:00
Michael Boelen fa8bad20db
Use -n instead of ! -z 2019-07-16 13:20:30 +02:00
Michael Boelen f6f7a69857
Merge pull request #713 from bcs016/patch-1 
Update tests_authentication - AUTH-9402
 2019-06-24 13:43:19 +02:00
Michael Boelen 59b102989f
[AUTH-9268] AIX find does not support maxdepth 2019-06-06 14:13:05 +02:00
bcs016 10b8da1c6a
Update tests_authentication 
Update AUTH-9402, change name to check in etc/passwd file when device is a QNAP
 2019-04-29 11:47:11 +02:00
Michael Boelen 8a9edeb40b
[AUTH-9278] style change, description, allow different root directory 2019-03-29 12:30:12 +01:00
Capashenn f9bcf26f25 fix issue #612 (#677) 
LDAP support for Red Hat and others (fix issue #612)
 2019-03-29 12:26:12 +01:00
jirib 0dafe4a02b better OpenBSD support (#641) 2019-03-05 19:03:44 +01:00
Michael Boelen 19921ab001
Style improvements, typo, variable usage 2019-02-28 10:19:09 +01:00
chr0mag 353cf84413 [AUTH-9252] Sudo configuration file/folder check improvements (#637) 
* [AUTH-9252] Adds support for files in sudoers.d

This commit adds permission checks for files found in 'sudoers.d'.
Previously only the main 'sudoers' file is checked. Fixes #600.

* [AUTH-9252] Check drop-in directory permissions

The test case currently only checks file permissions. This adds
logic to check the drop-in directory permissions as well.

* [AUTH-9252] Check file/folder ownership

This test currently only checks file/directory permissions. This
commit adds checks to ensure sudo configuration files/folders are
owned with UID=0 and GID=0.
 2019-02-28 10:15:57 +01:00
Michael Boelen 66066ae226
Changed year and preparing for new release 2019-01-31 14:47:35 +01:00
Michael Boelen bca2d00ad7
Added STATUS_WEAK 2019-01-14 18:49:49 +01:00
Michael Boelen e014e12310
Remove FIND1 variable, as we prefer FIND to limit number of variables 2018-12-17 09:58:57 +01:00