tyler.durden
/
lynis
mirror of https://github.com/CISOfy/lynis.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
2,488 Commits 2 Branches 63 Tags 18 MiB
Commit Graph

1651 Commits

Author SHA1 Message Date
Michael Boelen 703a856e82
Corrected blkid detection 2019-03-14 13:15:07 +01:00
Michael Boelen 48195ce221
Initial work to detect Lynis in cronjobs 2019-03-14 12:32:19 +01:00
Michael Boelen 3e7b319ec7
Readability changes and show when plugin execution is skipped 2019-03-14 12:31:39 +01:00
Michael Boelen 3cf64ff5a6
Preparations for user tips to improve usage of tool 2019-03-14 12:30:37 +01:00
Michael Boelen 95c11f8270
[KRNL-5820] Changed color for default value - fixes GitHub #655 2019-03-11 14:06:17 +01:00
Michael Boelen ec4d89b978
[BOOT-5122] don't use WARNING, but show NONE if no protection is implemented 2019-03-07 10:15:16 +01:00
chr0mag e33ca1ec58 [BOOT 5177] Simplify service filter & support multiple periods in names (#633) 
* Handle service names with multiple periods

The current awk filter produces truncated output if the service
name contains multiple periods.

eg. dbus-org.freedesktop.resolve1.service and
dbus-org.freedesktop.network1.service both appear as 'dbus-org' in
the resulting service list.

This change addresses this by filtering on '.service' instead.

* Simplify systemd service filtering

Added systemctl switches to filter the output based on enabled
or running services. This removes the need for one of the awk
statements.
 2019-03-07 10:10:21 +01:00
chr0mag 341612418f BOOT-5117 adds systemd-boot bootloader detection (#634) 
Adds a test to detect systemd-boot. The 'bootctl' binary is also
added as this is the utility used to inspect the systemd-boot
configuration.

This test is only executed if systemd is installed, the bootctl
utility exists and the system is booted in UEFI mode.
 2019-03-07 10:07:52 +01:00
silentcreek fb567465c9 [KRNL-5788] Fix false positive warning on missing /vmlinuz (#650) 
Not all architectures use a /vmlinuz symlink in Debian. For instance,
armhf systems may only provide a symlink in /boot/vmlinuz. Fall back to
testing /boot/vmlinuz if /vmlinuz is not found.

Signed-off-by: Timo Sigurdsson <public_timo.s@silentcreek.de>
 2019-03-07 10:05:12 +01:00
silentcreek 17f2e34660 [PKGS-7388] Fix false positive warning on missing security archive (#651) 
Currently the check for the security archive in Debian/Ubuntu fails, if
the archive is not hosted on security.{debian,ubuntu}.org and the URL
does have trailing slash, such as this:
  deb http://deb.debian.org/debian-security/ stretch/updates main

Change the regular expression to allow for a trailing slash in the URL
when filtering the package sources lists.

Signed-off-by: Timo Sigurdsson <public_timo.s@silentcreek.de>
 2019-03-07 10:03:11 +01:00
Michael Boelen 8888b01dcd
Store date and timestamp for EOL 2019-03-05 19:31:36 +01:00
jirib 0dafe4a02b better OpenBSD support (#641) 2019-03-05 19:03:44 +01:00
chr0mag 06bf77cb30 [FIRE-4540] Modify test to better measure rules (#636) 
This test was previously measuring the number of bytes (wc -c)
in the exported JSON which is likely not what was intended and
will lead to false positives anytime the number of bytes exceeds
16.

The export feature is poorly documented and requires the jansson
package on the target system to export as JSON - which may not
always be the case.

Lastly, 16 is an arbitrary and uncessarily high number. A simple
workstation firewall can have only 3 rules and be effective.

This commit makes use of 'nft list ruleset' instead of the export
command, strips out blank lines as well as table & chain headers
before measuring the number of lines in the output. Any result
with more than 3 rules is now considered non-empty. This is more
consistent with the equivalent iptables test case.
 2019-03-05 18:57:58 +01:00
Michael Boelen ff6446a5bc
Added 'show eol' command 2019-03-04 12:33:25 +01:00
Michael Boelen f7a291a62f
Use datestamps instead of date, due to compatibility with other platforms 2019-03-04 12:33:03 +01:00
Michael Boelen 9d8b12e0f8
Initial lookup with awk corrected 2019-03-04 12:13:47 +01:00
Michael Boelen e0b93ed0cc
Replace awk statement with grep to simplify search 2019-03-04 12:08:47 +01:00
Michael Boelen 19921ab001
Style improvements, typo, variable usage 2019-02-28 10:19:09 +01:00
chr0mag 353cf84413 [AUTH-9252] Sudo configuration file/folder check improvements (#637) 
* [AUTH-9252] Adds support for files in sudoers.d

This commit adds permission checks for files found in 'sudoers.d'.
Previously only the main 'sudoers' file is checked. Fixes #600.

* [AUTH-9252] Check drop-in directory permissions

The test case currently only checks file permissions. This adds
logic to check the drop-in directory permissions as well.

* [AUTH-9252] Check file/folder ownership

This test currently only checks file/directory permissions. This
commit adds checks to ensure sudo configuration files/folders are
owned with UID=0 and GID=0.
 2019-02-28 10:15:57 +01:00
dataking 76ec39176a Fix #638. (#640) 
* fix for issue #453; simply add RPi/Raspian path to PAM_FILE_LOCATIONS

* Only use data before # to handle inline comments in /etc/resolv.conf.
 2019-02-28 09:51:57 +01:00
Michael Boelen 34a2742cdb
Initial support for end-of-life OS detection 2019-02-26 16:15:15 +01:00
Michael Boelen 08ed748a86
Disable logging of virtual host to report due to length 2019-01-31 14:49:00 +01:00
Michael Boelen 66066ae226
Changed year and preparing for new release 2019-01-31 14:47:35 +01:00
TheFlipside 7fded881d8 Update tests_system_integrity (#627) 
https://github.com/CISOfy/lynis/issues/626
 2019-01-31 14:28:18 +01:00
Michael Boelen 41d5d61a16
Removed non-compatible code (eg AIX) 2019-01-31 14:27:36 +01:00
Michael Boelen bca2d00ad7
Added STATUS_WEAK 2019-01-14 18:49:49 +01:00
Michael Boelen 750f55bd27
Minor changes and remarks regarding HostID 2019-01-14 11:13:37 +01:00
Michael Boelen 11368b4ca8
Added STATUS_WEAK 2019-01-14 11:13:03 +01:00
Michael Boelen 533a0631e7
Remove unneeded variable for firewall as data is stored in report 2018-12-31 10:03:26 +01:00
Michael Boelen 21956cc42c
[LOGG-2190] added filter for MariaDB, tested onCentOS 2018-12-29 17:10:06 +01:00
Michael Boelen e014e12310
Remove FIND1 variable, as we prefer FIND to limit number of variables 2018-12-17 09:58:57 +01:00
Capashenn 47e37bf058 [AUTH-9282][AUTH-9283] Add support for RedHad and clones (#609) 
[AUTH-9282][AUTH-9283] Add support for Red Hat and clones
 2018-12-17 09:55:41 +01:00
theycallhimpat 0f32d2725c Fix printed error when wget comes from busybox (#602) 
Busybox's wget does't provide the -V parameter to get the version, so
redirect stderr to /dev/null to hide the printed error message
 2018-12-17 09:53:27 +01:00
marcinozga b98217aba9 Update tests_firewalls (#599) 
Added detection of Little Snitch alternative firewalls: Hands Off!, LuLu, and Radio Silence.
 2018-12-14 13:20:01 +01:00
Michael Boelen 81f67584cb
[BOOT-5177] changed note to a hint 2018-12-14 13:17:46 +01:00
Katarina Durechova 2fb4ae4987 [SHLL-6230] Add etc/bash.bashrc.local to umask check (#595) 2018-12-13 12:13:27 +01:00
柯豪 760ed040c8 Fix MacOS Mojave detect pattern (#603) 2018-12-13 12:12:26 +01:00
Michael Boelen 28a2580a36
Detection added for macOS Mojave 2018-10-30 13:39:47 +01:00
Michael Boelen 5028aa2f70
Added SSH-7406 to detect OpenSSH version + condition based checking in SSH-7408 2018-10-23 17:14:47 +02:00
Michael Boelen d44f51a353
Added and changed description for TOOL-5160 2018-10-23 13:00:16 +02:00
Michael Boelen 361ad7d9da
Renamed variable 2018-10-23 12:58:40 +02:00
Michael Boelen de7d64a8a0
[TOOL-5160] OSSEC detection test 2018-10-23 12:58:22 +02:00
Wagner c94b97bd9e osdetection: ignore quotes in OS_ID (#593) 2018-10-23 12:16:36 +02:00
Michael Boelen 532c1a9bb6
Add TOMOYO tests 2018-10-18 11:01:30 +02:00
Katarina Durechova 631853a924 [BOOT-5260] Make "sulogin" more generic for systemd rescue.service (#590) 2018-10-17 14:21:30 +02:00
Deon Spengler 72796f5757 Added support for TOMOYO Linux Mandatory Access Control (#589) 
* Added binary for TOMOYO Linux

* Added support for TOMOYO Linux Mandatory Access Control
 2018-10-17 14:20:52 +02:00
Michael Boelen 823ebd8268
Replaced 'warning' status to 'found' 2018-10-17 14:16:54 +02:00
Jesus Christian Cruz Acono 414be240e8 Update tests_ports_packages (#586) 
change " " <- space for [[:blank:]] (to clean all pausible spaces)
 2018-10-05 10:23:19 +02:00
Przemysław Dąbek fd75c9fd0f typo fix in warning message (#585) 2018-10-05 10:19:23 +02:00
Michael Boelen c1f9417792
Initialise some variables for uploading 2018-10-05 10:17:26 +02:00
Michael Boelen c50db85aaa
[DBS-1882] added support for QNAP path 2018-09-19 13:29:03 +02:00
Michael Boelen c34c8265ad
Detection for QNAP devices 2018-09-19 13:28:46 +02:00
Michael Boelen 7e41339d95
Added QNAP device variable 2018-09-19 13:26:27 +02:00
Michael Boelen bf1e99f3cd
[DBS-1882] added /usr/local/redis/etc path 2018-09-19 13:23:27 +02:00
Michael Boelen f8697db25b
[TIME-3104] added more logging 2018-09-19 13:19:57 +02:00
Michael Boelen 7635d58fe3
Add TODO for BusyBox support 2018-09-17 11:47:07 +02:00
Michael Boelen f0c84e3d01
[KRNL-5788] ignore exception when no vmlinuz file was discovered 2018-09-17 11:46:36 +02:00
Michael Boelen b4e93d4fcc
[PKGS-7322] Updated solution text 2018-09-17 09:23:04 +02:00
Michael Boelen 1d52e57e45
Changed output for remote system audit 2018-09-08 11:22:28 +02:00
Michael Boelen d0f4a90c00
Grammar change 2018-09-06 07:55:58 +02:00
superpoussin22 2334bba492 avoid “can't shift that many” error (#571) 
got this error on debian auditing a docker file when testing an ubuntu Dockerfile when lynis try to find KEY_USED
 2018-09-06 07:48:40 +02:00
Wagner 47de2dc4bf fix opensuse os detection with os-release (#578) 2018-09-06 07:47:38 +02:00
superpoussin22 9fe6dcde76 detect if latest TAG is used (#575) 
that's always better to specify the version, latest desn't mean latest version 
it can be a suggestion if you prefer
 2018-08-28 08:45:04 +02:00
Michael Boelen 91c6314a1a
Minor cleanups 2018-08-27 14:51:28 +02:00
Michael Boelen 67f9d25461
Updated list of options and man page 2018-08-27 14:25:59 +02:00
Michael Boelen 4df28ca659
[PHP-2372] test all PHP files for expose_php and improved logging 2018-08-23 12:23:48 +02:00
Michael Boelen afaae50989
[BOOT-5104] extended logging 2018-08-22 16:38:54 +02:00
Michael Boelen b005effc32
[BOOT-5104] improved parsing parameters to init process 2018-08-22 16:33:50 +02:00
superpoussin22 3b537fd8e8 Missing quotes and better display (#570) 
for KEY_USED
 2018-08-15 13:56:56 +02:00
superpoussin22 6ba7bad34e add a few basic test (#572) 2018-08-15 13:54:56 +02:00
superpoussin22 6567b16730 add alpine support (#569) 
also initialize a few variables which wasn't initialyzed
 2018-08-15 13:47:17 +02:00
superpoussin22 839977c3f6 Update helper_audit_dockerfile (#568) 
To support LABEL maintainer="toto" and LABEL maintainer "toto"
correct syntax from docker is LABEL maintainer="xxxxxxxxxxxxxxx"
 2018-08-07 14:46:47 +02:00
Michael Boelen 7ebccab207
Updated URL for Lynis controls 2018-08-03 11:20:31 +02:00
Michael Boelen 3f9d1308bb
[SSH-7408] adjusted classification of root login with keys 2018-07-25 13:35:00 +02:00
Michael Boelen 4ad2ee4ba2
[BOOT-5104] added busybox to service managers 2018-07-25 13:24:11 +02:00
Michael Boelen 7181b94382
[KRNL-5677] Limit PAE and no-execute test to AMD64 hardware only 2018-07-25 12:25:00 +02:00
Michael Boelen 54e8020edb
[LOGG-2190] ignore /dev/zero and /dev/[aio] as deleted files 2018-07-25 12:13:06 +02:00
Bernhard R. Fischer c024ce31d8 added path information for correct detection of config files and modules of Apache 2.4 (standard installation from ports tree) on FreeBSD (#562) 2018-07-24 19:08:45 +02:00
gkrystev 13d631781c Fix for umask check in case of multiple files (#560) 
In case when umask is checked in multiple files and in some of the files except the last one a weak umask is found, the tool reports weak mask for the rest of the files. In the example bellow, the weak umask is only in /etc/csh.cshrc. However, the check /etc/profile is reported weak as well.

Expected:

Checking default umask values
Checking default umask in /etc/bashrc [ OK ]
Checking default umask in /etc/csh.cshrc [ WEAK ]
Checking default umask in /etc/profile [ OK ]
Actual:

Checking default umask values
Checking default umask in /etc/bashrc [ OK ]
Chhhhecking default umask in /etc/csh.cshrc [ WEAK ]
Chhhhecking default umask in /etc/profile [ WEAK ]
 2018-07-24 19:08:08 +02:00
Michael Boelen 81ea5df3b3
Fix: extra operand error 2018-07-05 15:57:19 +02:00
Michael Boelen 1bf09ad60a
[KRNL-5830] improved text in log 2018-07-02 14:52:29 +02:00
Michael Boelen 65190d214c
Move reporting of hostid2 to main section to ensure it is added to report 2018-06-28 16:29:16 +02:00
Michael Boelen 85feee25d5
Merge branch 'master' of https://github.com/CISOfy/lynis 2018-06-26 11:37:18 +02:00
Thomas Sjögren 8321da24c7 query DNS with FQDN (#555) 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2018-06-26 11:36:55 +02:00
Michael Boelen d80ec9d084
Removed 'update release' from help text 2018-06-26 11:35:02 +02:00
Michael Boelen 34813302b4
Changed number of Exim test and minor changes 2018-06-26 11:34:09 +02:00
Dave Vehrs c11177f98b Initial Tests for Exim (#539) 
* Added kernel.dmesg_restrict to sysctl checks.

* Extending Exim Tests, round 1

* fixed a few string comparisons

* fixed old test

* Cleans to Exim options tests
 2018-06-26 11:27:26 +02:00
aram535 1caf9ad12d Updated tests_ssh, removed extra ssh in the test (#557) 
Seems like in the patch there was an extra 'ssh' added in the command line, which is breaking the ssh tests.  Removing the ssh keyword... -T -C ... fixes the problem.
 2018-06-22 12:29:25 +02:00
Carsten Grohmann bf2462272e [TIME-3160] Extend check for step-tickers file for RedHat (#553) 
On RedHat if the step-tickers file exists but empty, the ntp start
script uses the servers listed in ntp.conf for the initial time
synchronization.
 2018-06-06 13:59:07 +02:00
Michael Boelen 84faf57b30
[SSH-7402] when SSH configuration has Match block, allow evaluation of full configuration 2018-05-14 08:29:30 +02:00
Michael Boelen 4efe5dd363
[DNS-1600] Test is disabled until domain is configured 2018-05-02 13:35:46 +02:00
Michael Boelen 235ec1c8d4
Merge branch 'master' of https://github.com/CISOfy/lynis 2018-05-02 13:19:32 +02:00
kisst 039945bde6 DNS-1600 Check for DNSSEC validation (#535) 2018-05-02 13:19:01 +02:00
Michael Boelen 08ee8136d5
Check for available parameter when using profile or plugindir 2018-05-02 12:48:05 +02:00
Matyáš Koc 7fd8189907 Update for PHP 7.2 (#546) 
Added php.ini paths used on Ubuntu with PHP 7.1/7.2
 2018-05-02 11:14:20 +02:00
Michael Boelen 170e427595
[NETW-2704] added support for local resolver used on Ubuntu 18.04 2018-05-01 19:57:23 +02:00
Michael Boelen 8077d24432
[PHP-2379] Suhosin test disabled 2018-04-23 11:06:36 +02:00
Michael Boelen 105befb2e9
[AUTH-9308] Made 'sulogin' more generic for systemd rescue shell 2018-04-23 11:01:18 +02:00
Michael Boelen e858233eb6
Merge branch 'master' of https://github.com/CISOfy/lynis 2018-04-23 10:57:59 +02:00
Thomas Sjögren c25910cb31 delayed is a legacy synonym (#531) 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2018-04-23 10:57:27 +02:00
Michael Boelen 40d6a853d5
Changed file permissions 2018-04-23 10:56:26 +02:00
John Eismeier c5dcbe8c31 Propose fix some typos (#538) 2018-04-23 10:54:44 +02:00
Oliver Mueller 7e0b300e27 Issue/288 (#530) 
* enhanced check "DBS-1816: mysql root user with empty password" to avoid false positived when authentication plugins are used

* fixed indent to spaces
 2018-03-22 09:07:48 +01:00
Michael Boelen 40282cde49
[TIME-3160] improvements to detect step-ticker file and entries 2018-03-10 12:26:09 +01:00
James White 1d982a26d0 Add remi repo php.ini paths (#529) 2018-03-10 12:07:29 +01:00
Michael Boelen a7845b6748
[NAME-4402] Enhanced test to filter out empty lines 2018-03-05 11:43:33 +01:00
Michael Boelen dabf7d3e80
Merge branch 'master' of https://github.com/CISOfy/lynis 2018-03-05 11:32:40 +01:00
Michael Boelen 211fb9117c
[CRYP-7902] - Do prevalidation for certificates before testing them 2018-03-05 11:32:23 +01:00
Jason Soto 94e4fb4bd9 Solved null byte bash warning (#523) 2018-03-05 11:19:57 +01:00
Michael Boelen 73a4e92a7b
[HRDN-7222] enhanced compiler permission test 2018-03-04 17:52:15 +01:00
Michael Boelen e210d7f3b6
[PKGS-7384] changes to detect yum-utils package and related tooling 2018-02-19 15:01:59 +01:00
Michael Boelen f0ef7fb785
Initial version of PackageIsInstalled function 2018-02-19 15:01:26 +01:00
Michael Boelen 5e9253e8f4
Add host identifier options and use manual configured setting in function 2018-02-16 19:29:08 +01:00
mslifcak c170f1fc0a Pin db sync (#519) 
* fix testname in one Register and four comments

* remove db dup MAIL-8816; add db AUTH-9489 BOOT-5261 CORE-1000 FILE-6363 FILE-6439 KRNL-5831 MAIL-8817 SINT-7010 USB-3000

* fix description PLGN-3856
 2018-02-09 12:37:10 +01:00
Michael Boelen c53072e31e
Ensure a parent directory with binaries is scanned - issue #517 on GitHub 2018-02-06 10:45:41 +01:00
Michael Boelen a5cbc12734
Include location when uploading data 2018-02-06 10:44:30 +01:00
Michael Boelen 96b21da96a
Removed brackets while searching for home directory entries 2018-01-26 13:00:24 +01:00
Michael Boelen ce6693e873
Use existing IDs for tests, renumbering will happen later 2018-01-26 12:36:33 +01:00
Michael Boelen 0d3b89e254
Minor changes 2018-01-26 12:28:52 +01:00
Dave Vehrs a30d429315 tests_usb updates (#514) 
* Added kernel.dmesg_restrict to sysctl checks.

* Moved usb-storage and autthorization tests tests_usb

* Limit Suggestions when USBGuard installed

* Changed usb_devices to usb
 2018-01-26 12:24:33 +01:00
Michael Boelen 7b664a7560
Reverse PATH search 2018-01-25 19:43:51 +01:00
Michael Boelen 3a4bc4db9c
Use binary paths from both PATH and predefined list to improve detection on all platforms 2018-01-25 19:14:58 +01:00
Michael Boelen eb8b467915
Add TODO for PAM checks on AUTH-9286 2018-01-24 19:41:15 +01:00
Michael Boelen 2ec24e73ed
Initial import for USB group 2018-01-24 19:39:06 +01:00
Michael Boelen 6259e27b0b
Initial value for PHPVERSION 2018-01-24 19:38:36 +01:00
Dave Vehrs 8f689d4723 Adding USBGuard to checks for USB Devices. (#499) 
* Added kernel.dmesg_restrict to sysctl checks.

* Initial addition of tests_usb_devices

* More updates for tests_usb_devices

* More updates

* Updated logging and other output.
 2018-01-24 19:29:50 +01:00
Katarina Durechova 993edc9738 [FILE-6363] Check for sticky bit on /var/tmp (#473) 2018-01-24 17:08:21 +01:00
Michael Boelen 4ba9882335
Added notes 2018-01-23 17:37:27 +01:00
mslifcak 84ea9530d7 restore UsePrivilegeSeparation to list of ssh daemon checks (#509) 2018-01-23 17:35:34 +01:00
Michael Boelen 2bf6a5e038
Overhaul of default profile settings and parsing 2018-01-23 15:01:02 +01:00
Michael Boelen 6192cbd8fa
Update tests to reflect new style profile configuration 2018-01-23 15:00:34 +01:00
Michael Boelen 18bd61ebec
Deprecate internal updater options 2018-01-23 14:37:02 +01:00
Michael Boelen 85c83102df
Add 'compliance-standards' as profile option, compliance_standards will be deprecated 2018-01-23 14:36:04 +01:00
Michael Boelen 3ba399c4c3
Mark deprecated options as a warning 2018-01-23 14:29:37 +01:00
melak 0b2cd02f0d Fix/amend DHCP client detection (#513) 
- dhcpd is a server; the client is dhcpcd

- While here, add udhcpc to the list of recognised DHCP clients
 2018-01-21 12:29:49 +01:00
mslifcak e0e76c97df also find exim4 in MAIL-8802 (#512) 2018-01-20 17:32:26 +01:00
Michael Boelen 3da779f62c
Added 'system-groups' option for Enterprise users 2018-01-19 20:01:06 +01:00
Michael Boelen 1bf789861d
Add possibility to define an array of allowed operating systems for a test 2018-01-18 20:26:19 +01:00
Michael Boelen 18feb2356b
[TIME-3170] Chrony NetBSD support 2018-01-18 20:14:38 +01:00
Michael Boelen c6269941b3
Added lsmod binary 2018-01-18 16:54:45 +01:00
Michael Boelen fcb421e458
Added vgdisplay binary 2018-01-18 16:53:39 +01:00
Michael Boelen cb8ab96308
Added GRUB conf file 2018-01-18 16:52:30 +01:00
Michael Boelen 503b2662c6
Implemented NetBSD patch: use correct syntax to compare values 2018-01-18 16:50:23 +01:00
mslifcak 6c257d6224 touchup BOOT_LOADER_SEARCHED setting for BOOT-5106 and BOOT-5108 (#511) 2018-01-18 16:36:43 +01:00
Michael Boelen 6e549eb545
Set ip binary 2018-01-18 16:23:55 +01:00
Michael Boelen 3957ca32cd
Minor code enhancements 2018-01-18 16:23:23 +01:00
Michael Boelen 173068b402
Added getcap and grpck back 2018-01-18 11:10:11 +01:00
Michael Boelen 4f751c9037
Remove service manager reference from systemctl, minor cleanup 2018-01-18 10:23:39 +01:00
Michael Boelen 182ce09bc1
Additional code enhancements 2018-01-18 09:19:06 +01:00
Michael Boelen 8934042473
Code enhancements 2018-01-17 17:26:30 +01:00
mslifcak 25b3c4f1eb VBoxService running is another VirtualBox clue (#505) 2018-01-17 17:19:51 +01:00
BlessJah d7d42d9103 remove non printable characters from code (#470) 
Non printable ESC character is required to obtain terminal escape
sequence i.e. for changing output color.

Such sequences (especially ESC character) were replaced by command
substitution producing exactly same result (variable value), but using
only "safe" characters.

Use of printf and especialy '\033' or '\0ddd' sequences is described
here:
http://pubs.opengroup.org/onlinepubs/9699919799/utilities/printf.html#tag_20_94_13

Use of $(command) or command substitution is described here:
http://pubs.opengroup.org/onlinepubs/9699919799/utilities/V3_chap02.html#tag_18_06_03

Verbatim TAB characters were replaced with \t escape sequence as
described to avoid problems with editors silently replacing them or
developer accidentialy messing up the regex.
 2018-01-17 17:12:36 +01:00
mslifcak 173843bdfd Pin svc mgr (#506) 
* systemctl does not mean systemd is used

* Check for systemd active

* determine service manager if not already set
 2018-01-17 15:56:19 +01:00
Michael Boelen 9ba5d200ad
Enhancements to reduce file access and removing unneeded variables 2018-01-17 14:46:29 +01:00
mslifcak 2c774b8795 sort BIN_PATHS before process (#510) 2018-01-17 13:49:07 +01:00
Jason Soto 73e0e7b5e4 Changed Process name search for Bitdefender test. (#503) 
* Added php.ini locations for Ubuntu 16.04LTS

* Switched Process name Search Bitdefender

* Switched Process name Search Bitdefender
 2018-01-13 12:55:16 +01:00
Michael Boelen b236e7d95d
[PHP-2379] added quotes 2018-01-13 12:53:50 +01:00
Michael Boelen b4758e0b23
Use PATH variable as first method to scan directories 2018-01-11 12:05:21 +01:00
Michael Boelen 541996f672
Rename variable 2018-01-11 10:38:11 +01:00
Michael Boelen 00ad535c6b
Use different variable in for loop 2018-01-11 10:37:56 +01:00
Michael Boelen 35a1524d07
Added alias for skipping plugins 2018-01-11 10:19:29 +01:00
Michael Boelen 1504370e41
Added solution, extended timestamps key values, allow multiple values 2018-01-11 10:19:16 +01:00
Michael Boelen 66f8cb2441
Changed year 2018-01-11 09:50:26 +01:00
n[oO]ne aebb0c8ed4 lynis should not suggest suhosin for PHP 7 (#498) 2018-01-11 09:47:47 +01:00
Michael Boelen c487bcb277
\-C flag of ps is different on BSD 2017-12-24 14:05:55 +01:00
Michael Boelen 4042c45954
Changes for new plugin class 'hardware' 2017-12-08 09:37:55 +01:00
Shaleen Jain 21b129f947 Fix detecting systemd timedate deamon (#494) 
Fix detecting systemd timedate daemon
 2017-11-29 15:59:07 +01:00
Michael Boelen e4cb190237
Support for allow-auto-purge option in profiles 2017-11-25 16:11:04 +01:00
wschaft c453331265 fixing "Repository listed more than once" issue (#449) (#490) 2017-11-08 19:20:20 +01:00
Katarina Durechova 09de901d11 Check zero size of files correctly (#487) 
from man test:
-s FILE
    FILE exists and has a size greater than zero

-z STRING
    the length of STRING is zero
 2017-10-31 09:05:29 +01:00
Michael Boelen e5c11991ef
Code enhancements and textual change 2017-10-29 11:26:25 +01:00
Michael Boelen ebf16462a8
Improve IsRunning function to match full process names 2017-10-29 10:54:40 +01:00
Michael Boelen 011e6248c2
Use full match for Little Snitch 2017-10-29 10:54:16 +01:00
Michael Boelen 764c18c218
Code enhancements, improve detection for Puppet 2017-10-29 10:52:42 +01:00
Michael Boelen 331422384a
Added --silent as parameter for --quiet 2017-10-29 10:26:18 +01:00
Michael Boelen d13cdda1e3
Filter only relevant messages for report 2017-10-26 08:23:15 +02:00
Michael Boelen b29732bf5f
Spacing and readability 2017-10-24 14:15:59 +02:00
Michael Boelen c5e014eaf4
Corrected description 2017-10-24 13:39:41 +02:00
James White 45748184a8 Add additional DirectAdmin paths for php.ini (#479) 2017-10-24 13:16:59 +02:00
Michael Boelen 539fe2242a
Merge branch 'master' of https://github.com/CISOfy/lynis 2017-10-19 19:38:36 +02:00
Michael Boelen 9d238f6e78
Added HP-UX routine for GetHostID 2017-10-19 19:37:25 +02:00
dataking 099c3b4468 fix for issue #453; simply add RPi/Raspian path to PAM_FILE_LOCATIONS (#475) 2017-10-19 11:33:09 +02:00
vins1993 6a74a8727f Fix displayed result for signing keys check (#466) 
The result of the signing keys check is saved under KEYS_USED variable,
but SSL_USED was used to present the result to the end user.
 2017-09-21 15:09:57 +02:00
Michael Boelen 19bbc4272f
[SHLL-6220] Improved detection of shell settings like TMOUT 2017-09-18 19:50:41 +02:00
Michael Boelen 76b4afb14d
[SSH-7408] set default 'delayed' compression as a sane value 2017-09-18 19:18:11 +02:00
Michael Boelen 94f656bf65
Add 127.0.1.1 to NETW-2704 test 2017-09-17 20:01:07 +02:00
Michael Boelen 3670e0c5c9
Minor changes to using local resolvers 2017-09-16 14:25:01 +02:00
Michael Boelen 83ce145f1b
Merge branch 'master' of https://github.com/CISOfy/lynis 2017-09-16 14:10:20 +02:00
Ben Abrams 192cc494ed [NETW-2705] This is related to #437 and resolvconf but is split up. (#459) 
This specifically makes it so that when `/etc/resolv.conf` has one or more nameservers matching `127.0.[0-1].1` it should not warn as it is using local resolvers.

We are simply using `grep -c "127.0.[0-1].1" /etc/resolv.conf` to determine this.
 2017-09-16 14:09:32 +02:00
Michael Boelen 11f81345ee
Code enhancement 2017-09-16 14:08:38 +02:00
Michael Boelen 499f7d5015
Improve process detection 2017-09-16 14:08:26 +02:00
FlorentCoppint ccf9db18f8 Improved IsRunning() process matching (#463) 2017-09-16 13:58:04 +02:00
Michael Boelen 79278c32ef
Added extra legal words for banners 2017-09-12 15:23:37 +02:00
Michael Boelen c248ab6a16
[CRYP-7902] fix for bourne shell and rewrite 2017-09-06 12:56:32 +02:00
Michael Boelen 2451029a6e
Allow for files with spaces 2017-09-06 12:55:56 +02:00
Michael Boelen 77400d3952
Improve logging 2017-09-05 13:29:21 +02:00
Brian Ginsbach 30c58dd1ed Don't assume sshd version is in first line (#452) 
There are some versions of OpenSSH where the version information
isn't in the first line (like NetBSD's with the HPN patches).
 2017-09-04 15:33:28 +02:00
Tom Reynolds 41174afda6 Do not limit debsums to Debian systems (#457) 
Debsums is supported on Debian and other systems as per GitHub issue #446. 
Undo commit d1969001c6.
 2017-09-04 15:30:25 +02:00
Michael Boelen 0fc8adb3c5
When providing suggestion related to hostid, append to file instead of overwriting 2017-08-31 17:11:15 +02:00
Michael Boelen 769b1f49e2
Detection of Linux Mint missed right field 2017-08-31 17:04:17 +02:00