tyler.durden
/
lynis
mirror of https://github.com/CISOfy/lynis.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
3,241 Commits 2 Branches 62 Tags 17 MiB
Commit Graph

3241 Commits

Author SHA1 Message Date
Daniel Fernandez b74977db53
Update HAPPY_USERS.md 2020-05-15 23:57:31 -05:00
Daniel Fernandez 859298cc2a
Update README.md 2020-05-15 23:56:43 -05:00
Michael Boelen 11cfa7c18d
Merge pull request #925 from ajshastri/master 
Added OS detection for Oracle Linux
 2020-05-15 11:30:33 +02:00
Aditya Shastri 2b0a0ba2e1 Addedd OS detection for Oracle Linux 2020-05-14 20:51:11 -07:00
Michael Boelen e410d68ce6
Merge pull request #912 from konstruktoid/fileperms 
accept more restrictive file permissions
 2020-05-07 08:53:26 +02:00
Jeremias Cordoba f081a9ed7e Fix KRNL-5730 to properly check /proc/config.gz 
When KRNL-5728 locates the kernel config it does not properly set LINUXCONFIGFILE
if config is found as /proc/config.gz. This causes KRNL-5730 to fail due to missing prereqs,
despite a kernel config existing.

Signed-off-by: Jeremias Cordoba <js.cordoba8321@gmail.com>
 2020-05-04 15:51:03 -07:00
Topi Miettinen fcdc07f8d9
[CRYP-7902] Check also certificates in DER format 
Check also certificates in DER (*.cer, *.der) format. Add
/etc/refind.d/keys to list of certificate paths.

Signed-off-by: Topi Miettinen <toiwoton@gmail.com>
 2020-04-25 00:06:58 +03:00
Thomas Sjögren 51dfc34663 accept more restrictive file permissions 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2020-04-22 10:34:58 +02:00
Michael Boelen ce3c80b44f
Merge pull request #883 from topimiettinen/check-encrypted-swap-devices 
Check if system uses encrypted swap devices
 2020-04-12 16:22:22 +02:00
Topi Miettinen de848cb76a
Check for registered non-native binary formats 
Examine /proc/sys/fs/binfmt_misc (Linux) for additional registered
binary formats. Those are probably emulated and their emulation could
be less tested, more buggy and more vulnerable than native binary
formats, so they should be disabled when not needed.

Signed-off-by: Topi Miettinen <toiwoton@gmail.com>
 2020-04-10 12:54:48 +03:00
Michael Boelen a166691199
Merge pull request #882 from topimiettinen/check-package-certificates 
[CRYP-7902] Check also certificates provided by packages
 2020-04-09 11:01:39 +02:00
Michael Boelen 1163648d89
Merge pull request #896 from Schmuuu/feature/raspi-detect-required-reboot 
extended test KRNL-5830 to detect required reboots on Raspbian
 2020-04-09 09:58:48 +02:00
Michael Boelen 0019cf3297
Merge pull request #904 from bginsbach/krnl-5677 
KRNL-5677 use platform instead of preqs-met
 2020-04-09 09:55:28 +02:00
Brian Ginsbach 95b1ae044b KRNL-5677 use platform instead of preqs-met 2020-04-08 15:55:45 -05:00
Michael Boelen 110cc5a264
Merge pull request #903 from church1e/master 
[CRYP-7902] Fixes issue #902
 2020-04-08 14:20:05 +02:00
Martin Churchill e4d491d574
[CRYP-7902] Fixes issue #902 
[CRYP-7902] Checks for SSL_CERTIFICATE_PATHS_TO_IGNORE fails to ignore sub-directories #902
 2020-04-08 10:02:18 +01:00
Michael Boelen be75a089a7
[PROC-3802] added package manager routine as dependency 2020-04-07 10:53:39 +02:00
Michael Boelen c368846a08
Added support to require a detected and known package manager 2020-04-06 20:47:45 +02:00
Michael Boelen 798f5322f6
Updated log 2020-04-06 16:23:31 +02:00
Michael Boelen eb8a490a4a
Merge pull request #901 from 0xD503/ru-lang 
Add Russian translation
 2020-04-06 16:22:12 +02:00
0xD503 49549f9155 Added Russian translation 
Added Russian localization
 2020-04-05 22:01:29 +01:00
Michael Boelen 9da0665929
[NETW-2400] Improved logging 2020-04-04 15:56:00 +02:00
Michael Boelen 032bb6988e
Added new test NETW-2400 2020-04-04 15:28:04 +02:00
Michael Boelen 4680f94d11
[NETW-2706] allow usage of systemd-resolve and resolvectl, improved screen output and logging 2020-04-03 14:02:52 +02:00
Michael Boelen 235dbd3805
Updated log 2020-04-03 09:50:03 +02:00
Michael Boelen 5288479296
Merge pull request #899 from bginsbach/auth-9218 
AUTH-9218 Improvements
 2020-04-03 09:48:39 +02:00
Michael Boelen e2ad71ffe5
Updated log 2020-04-03 09:46:56 +02:00
Michael Boelen f92fe4e03f
Merge pull request #898 from bginsbach/auth-9268 
AUTH-9268 Add DragonFly
 2020-04-03 09:45:21 +02:00
Michael Boelen 84fb16fa9e
Merge branch 'master' of https://github.com/CISOfy/lynis 2020-04-03 09:40:55 +02:00
Michael Boelen f25ffdbb1f
[NETW-2706] redirect errors to stderr 2020-04-03 09:40:30 +02:00
Michael Boelen ddb7ff1762
[NETW-2706] redirect errors to stderr 2020-04-03 09:37:52 +02:00
Brian Ginsbach ac7ad92f22 AUTH-9218 add NetBSD and OpenBSD 
All of the BSDs have `/etc/master.passwd`.
 2020-04-02 20:09:34 -05:00
Brian Ginsbach 50a60fed87 AUTH-9218 add requires root 
The `/etc/master.passwd` file on BSD systems is (or should be) read/write
root only. Skip the test if not being run as root.
 2020-04-02 20:09:15 -05:00
Brian Ginsbach 6308682cae Combine AUTH-9218 and AUTH-9489 
These two tests are essentially identical. There is no need separate
the DragonFly and FreeBSD tests. This will make it easier to add
support for other BSD systems.
 2020-04-02 20:09:01 -05:00
Brian Ginsbach 4bcd695428 AUTH-9268 Add DragonFly 
DragonFly also supports PAM. Rework to use the `--os` option of `Register`
rather than `--preqs-met` as the former can support a list.
 2020-04-02 15:59:11 -05:00
Kristian S 52b72e7b0f extended test KRNL-5830 to detect required reboots on Raspbian 2020-04-02 21:45:40 +02:00
Michael Boelen 38a5c2cb79
Added new test PHP-2382 2020-04-02 19:46:58 +02:00
Michael Boelen 64033da973
Updated log 2020-04-02 14:46:42 +02:00
Michael Boelen 6eb204a85d
[PRNT-2308] check for Port statement and minor adjustments to test 2020-04-02 14:45:44 +02:00
Michael Boelen ca6fc134dd
Renamed spools to spoolers 2020-04-02 13:20:06 +02:00
Michael Boelen 4fe1cb92a5
[PRNT-2308] check also SSLListen statements 2020-04-02 13:15:03 +02:00
Michael Boelen 1996b7e0c6
Updated log 2020-04-02 13:14:51 +02:00
Topi Miettinen 9642bcffc8
[CRYP-7902] Optionally check also certificates provided by packages 
The package maintainers are not immune to mistakes or they might not
always provide timely updates, so let's check (optionally) more
certificates even if they are delivered by packages.

I found three expired certificates in my Debian/unstable system,
thanks to changed Lynis.

Signed-off-by: Topi Miettinen <toiwoton@gmail.com>
 2020-04-02 12:52:13 +03:00
Michael Boelen b5a2d11738
Added fallback for awk/tr, small code enhancement, added note 2020-04-02 09:28:41 +02:00
Michael Boelen 156f740ff2
The IsRunning function may have not everything defined early on, so added a fallback 2020-04-01 19:02:11 +02:00
Michael Boelen 2c4ed62ef6
Updated log 2020-04-01 16:32:59 +02:00
Michael Boelen 4432f93044
[LOGG-2190] skip mysqld related entries 2020-04-01 16:32:52 +02:00
Michael Boelen c309ad7bdc
Updated log 2020-04-01 16:19:54 +02:00
Michael Boelen 4cf21ebdcc
Added FILE-6394 2020-04-01 16:19:09 +02:00
Michael Boelen f232b4f9bb
Added quotes 2020-04-01 16:18:03 +02:00