tyler.durden
/
lynis
mirror of https://github.com/CISOfy/lynis.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
2,257 Commits 2 Branches 62 Tags 17 MiB
Commit Graph

1501 Commits

Author SHA1 Message Date
Bruno Vernay 6cf1c324f8 Support spaces in file names (#445) 
* Support spaces in file names

File names may contain spaces

* Fixed 2more cases
 2017-08-29 14:33:18 +02:00
Bruno Vernay 4107d8a461 Support spaces in file names (#444) 
File names may contain spaces
 2017-08-29 14:32:42 +02:00
Brian Ginsbach 3512068a49 [PKGS-7380] Fix NetBSD packages vulnerabilities file name (#443) 
* [PKGS-7380] Fix NetBSD packages vulnerabilities file name

* OS Detection: Add early Mac OS X releases
 2017-08-19 10:53:25 +02:00
Michael Boelen d682673c63
Preparations for APT 2017-08-19 10:51:06 +02:00
Michael Boelen 06491a5b4f
Linux Mint detection 2017-08-19 10:50:53 +02:00
Michael Boelen 1190efac2b
[CRYP-7902] add a test to filter out non-certificate files 2017-08-18 19:19:15 +02:00
Michael Boelen 4a673aebc7
[CRYP-7902] certificate validation changed 2017-08-18 14:14:28 +02:00
Michael Boelen 00648a636c
Improve systemd detection 2017-08-17 20:28:32 +02:00
Michael Boelen c0a6aaf855
[TOOL-5002] performance enhancement to reduce number of dirs/files to check 2017-08-17 20:10:51 +02:00
Michael Boelen 5be81289ee
[TOOL-5002] rewrite of Ansible detection 2017-08-17 20:06:41 +02:00
Michael Boelen 43228c2ca7
[TOOL-5002] Ansible detection added 2017-08-17 14:20:54 +02:00
Michael Boelen 358dc46b81
Ignore file access errors when trying to access them 2017-08-17 14:18:29 +02:00
Michael Boelen 77ebb23320
[HRDN-7230] Show single line when no malware scanner was detected 2017-08-17 14:17:57 +02:00
Lukas Pirl b3dffbf750 remove test for deprecated sshd option UsePrivilegeSeparation (#432) 
see also https://www.openssh.com/txt/release-7.5
 2017-08-16 20:33:33 +02:00
Tom H 3adeac922e Do not unset PHPVERSION after detect it (#438) 2017-08-16 20:33:11 +02:00
Jason Soto 5b81f625a6 Added php.ini locations for Ubuntu 16.04LTS (#439) 2017-08-16 20:32:55 +02:00
Michael Boelen a547953d99
Set default log directory, or allow it be set per OS 2017-08-08 14:52:59 +02:00
Michael Boelen 4660362e74
Redirect errors like file permissions 2017-08-08 14:52:11 +02:00
Michael Boelen 49c1bf8d55
[NETW-3006] Updated detection of MAC addresses on Linux 2017-08-03 20:28:38 +02:00
Michael Boelen 4781b1c170
Added /opt/apache 2017-08-02 13:01:23 +02:00
Stéphane BARBARAY 9ca2d640b8 Enhanced detection for LXC and LXC over VM (#426) 
* Update functions

* Update functions

* Update tests_shells

* Update tests_shells

* Update IsVirtualMachine

extra check on /proc/1/environ existence + Log result
 2017-07-31 12:51:19 +02:00
Michael Boelen dbec83566b
[FILE-6310] match mount points by exact name 2017-07-28 10:42:17 +02:00
Michael Boelen ebc706aa64
Merge branch 'master' of https://github.com/CISOfy/lynis 2017-07-28 10:26:34 +02:00
alobodzinski 6147ebd47b Suhosin is hard linked into PHP on OpenBSD (#423) 2017-07-28 10:14:04 +02:00
Michael Boelen 60f94fef47
[CRYP-7902] prevent test from showing error on screen related to wrong certificate file 2017-07-18 11:51:45 +02:00
James White d7b0c28699 Add /usr/lib/apache module search path for DirectAdmin (#417) 2017-07-11 09:26:00 +02:00
Michael Boelen d1969001c6
[PKGS-7370] only use debsums test for Debian systems 2017-07-10 16:08:32 +02:00
Michael Boelen df32cb29b0
Include instructions if hostid2 is empty 2017-07-10 16:07:39 +02:00
superpoussin22 29f5dc7e53 Update tests_containers (#412) 
last docker version no more use docker -d  sounds better to check dockerd
 2017-07-10 15:24:09 +02:00
(╯°□°)╯︵ uᴉǝssnH ɐɟɐʇsoW 3b66a22f39 Firewall check updates (#414) 
* Check if CSF is running

* Check for APF presence
 2017-07-10 15:23:32 +02:00
(╯°□°)╯︵ uᴉǝssnH ɐɟɐʇsoW 3a6fa0bb6b Suhosin simulation mode status (#411) 
* fix suhsoin check text

* use PHPINI_ALLFILES variable

* Check suhosin simulation mode status

* Small style improvement
 2017-07-10 14:38:42 +02:00
Jeremy Daer f33cdd3a17 OS detection: macOS 10.13, High Sierra (#409) 2017-07-01 10:29:05 +02:00
Michael Boelen f903b6f079
Allow tags and system-customer-name to be specified 2017-06-22 10:15:39 +02:00
Michael Boelen f4b6d8d401
Show full command for remote usage 2017-06-21 14:28:12 +02:00
Daniel Romell 5b12f17e3f Minor fixes for embedded Linux. (#406) 
* Check if the "locale" binary is available before using it.

This is no functional change as it will still fall back to english
when the locale can't be determined. This fix gets rid of the
following error when running on systems without the locale binary:

./lynis: line 112: locale: command not found

Signed-off-by: Daniel Romell <daro@hms.se>

* tests_kernel: KRNL-5677: Fix invalid use of shell test.

This fixes an issue (syntax error) triggered on systems with no PAE or
NX extensions:

- Checking CPU support (NX/PAE)
/usr/libexec/lynis/include/tests_kernel: line 126: [: too many arguments
/usr/libexec/lynis/include/tests_kernel: line 132: [: too many arguments

No need to use [] when only looking at function return values.

Signed-off-by: Daniel Romell <daro@hms.se>
 2017-06-21 14:17:49 +02:00
Athmane Madjoudj ac2c83870b Add lowercase path for changelog search (eg: Fedora/EPEL pkg) (#408) 2017-06-21 14:08:57 +02:00
(╯°□°)╯︵ uᴉǝssnH ɐɟɐʇsoW 98b80f7c49 add ini paths for cloudlinux (#400) 2017-06-14 14:07:37 +02:00
(╯°□°)╯︵ uᴉǝssnH ɐɟɐʇsoW 4cbe8f32c6 add suhosin status test (#401) 
* add suhosin status test

* get matched line only
 2017-06-14 14:06:51 +02:00
Jose Luis Duran 9dc4efefd6 Fix pkg audit option (#403) 
-F, --fetch
       Fetch the database before checking.

[ci skip]
 2017-06-14 14:06:18 +02:00
Michael Boelen 0e535c851a
Small style improvement 2017-05-31 15:47:21 +02:00
mslifcak 8d2b3a202f A250 2 (#398) 
* fix missing ROOTDIR prefix

* sort list of services before processing

* sort list of certificates before processing

* sort list of startup scripts before processing

* spell check

* remove possessive pronoun
 2017-05-31 15:40:39 +02:00
(╯°□°)╯︵ uᴉǝssnH ɐɟɐʇsoW 360be2a700 Add a check for csf testing mode (#399) 2017-05-31 15:37:22 +02:00
mslifcak af60a2463a 250 fixes (#393) 
* restore use of lshw

* add ROOTDIR to restore lost PHP file ref

* refactor certificate search to benefit older "find" command
 2017-05-23 14:56:25 +02:00
Michael Boelen aec9b57c29
Changes to BOOT-5104 and HTTP-6716 2017-05-08 14:56:39 +02:00
Michael Boelen 918b962ae5
Code enhancements 2017-05-03 10:42:34 +02:00
Michael Boelen a9b67dc675
Reinitialize temporary files to prevent possible symlink attack - CVE-2017-8108 2017-05-03 09:47:35 +02:00
Michael Boelen 67333bb09a
[SHLL-6290] Removed ShellShock test as it is no longer needed - CVE-2017-8108 2017-05-03 09:33:40 +02:00
Michael Boelen 4ecb9d4d05
[bulk change] cleaning up, code enhancements, initialization of variables, and new tests 2017-04-30 17:59:35 +02:00
Michael Boelen 5ccd0912cf
[MALW-3280] Added detection of Symantic components 2017-04-29 14:22:40 +02:00
Michael Boelen f39e72dbd5
Remove unused file 2017-04-23 20:19:30 +02:00
Michael Boelen 2340e7bbbc
Added HasData and IsEmpty function 2017-04-23 20:19:18 +02:00
Michael Boelen a04b2da851
Initialize variables 2017-04-23 20:19:02 +02:00
Michael Boelen 70ea29483a
Code enhancements 2017-04-23 20:06:54 +02:00
Michael Boelen 9e9b95e1da
Apply substite for TIME-3148 and first batch of code enhancements 2017-04-23 20:06:24 +02:00
0ri0n b433cf0bac Add Additional php.ini Paths (#377) 2017-04-17 15:38:48 +02:00
Michael Boelen b0b0fd0256 Add atomic tests to report 2017-03-27 17:15:02 +02:00
Michael Boelen e498e6ae64 Remove unused test parts 2017-03-27 17:14:34 +02:00
Michael Boelen 7f06a2c34f Added MAIL-8820 test for Postfix 2017-03-27 17:14:11 +02:00
Michael Boelen e14376cdab Minor cleanups 2017-03-27 12:23:27 +02:00
Michael Boelen b306ab891f Add additional check for Puppet tool 2017-03-27 12:21:42 +02:00
Athmane Madjoudj 5f0b24d2c8 Add support for cPanel PHP (Scl-based pacakging) GHT #340 (#373) 
* Add support for cPanel PHP (Scl-based pacakging) GHT #340

* Add myself to contributors as requested
 2017-03-27 09:21:37 +02:00
pyllyukko 88f39b9540 Fix regex to disregard locked accounts (#371) 
This way, accounts that have ":!!:" in shadow and have an entry in
"Password expires" field don't get flagged with "Result: password of
user XYZ has been expired" by AUTH-9288.

Fixes #362
 2017-03-27 09:19:55 +02:00
guyav a0849ac053 Added quote marks on SSH commands (#372) 
Added quote marks for the SSH commands in steps and 6.
 2017-03-27 09:19:01 +02:00
Michael Boelen 57770fe332 [HTTP-6641] support Apache mod_reqtimeout module 2017-03-20 13:40:00 +01:00
Michael Boelen 90e240cfb5 [CUPS-2308] removed exception handler, improved logging 2017-03-20 13:12:55 +01:00
Yaisel Hurtado 4368013b43 Fixed detection of security repositories (#370) 2017-03-17 17:59:21 +00:00
Michael Boelen 9ff31074a1 Added more banner words 2017-03-17 10:37:14 +01:00
Michael Boelen d8e41ca118 [CRYP-7902] Support for Plesk file names 2017-03-14 16:42:39 +01:00
Michael Boelen 352ea8c21c Added missing pipe 2017-03-13 19:55:00 +01:00
Michael Boelen b67d9233eb Added more logging 2017-03-13 19:53:56 +01:00
Michael Boelen e4474320ee [PKGS-7387] check all repositories for usage of gpg signing 2017-03-13 19:47:06 +01:00
Michael Boelen cd63e2389e [FILE-7524] Do not show missing files or paths by default 2017-03-13 16:26:26 +01:00
Michael Boelen 4be6b958e4 [MALW-3280] added Avira detection 2017-03-13 15:51:13 +01:00
Michael Boelen 6083f6d9ff [SCHD-7704] permission checks and minor code cleanups 2017-03-13 12:00:27 +01:00
Michael Boelen 320a397772 [TIME-3104] Test permissions before opening files 2017-03-13 11:59:05 +01:00
Michael Boelen 7d17bfbbd7 Escape file when needed to test if it is readable 2017-03-13 11:57:23 +01:00
noci2012 ad779f29eb Added new php paths (#369) 
removed php5.4,  added 7.0 and 7.1 and the flavours that are known on gentoo
(apache2, cgi, cli, embed,  fpm)
 2017-03-13 09:50:09 +00:00
Michael Boelen de84454d3f Cleanup 2017-03-12 19:27:16 +01:00
Michael Boelen b66e1402df Support for Manjaro Linux 2017-03-12 19:27:04 +01:00
Michael Boelen 814f2355ca [NAME-4018] only perform test when /etc/resolv.conf exists 2017-03-12 17:01:58 +01:00
Michael Boelen c2b7c76f97 Mark OS version of Arch Linux as rolling release 2017-03-12 16:42:44 +01:00
Michael Boelen 78b6a6b49f Remove lines related to report 2017-03-12 16:37:43 +01:00
Michael Boelen 88b37d16ca Added FileInstalledByPackage function 2017-03-12 16:36:02 +01:00
Michael Boelen 32b9af0767 [CRYP-7902] Test certificates with extension crt and pem, only if not part of a package 2017-03-12 16:35:50 +01:00
Michael Boelen a70cfd0a70 Improve message 2017-03-09 12:32:32 +01:00
Michael Boelen bb83598ff1 [DBS-1882] include redis.conf 2017-03-09 12:28:05 +01:00
Michael Boelen 336dcb4811 [PKGS-7381] Enhanced FreeBSD pkg audit testing 2017-03-09 12:27:38 +01:00
Michael Boelen e082b8af08 Updated log 2017-03-08 21:19:20 +01:00
Michael Boelen 658bbc6eba Rename host_alias to hostname_alias 2017-03-08 20:16:00 +01:00
hlein 62d9a18861 A bunch of Solaris compatibility tweaks (#367) 
* Work around Solaris' /bin/sh not being POSIX.

If /usr/xpg4/bin/sh is present, we are (definitely?) on Solaris or
a derivative, and /bin/sh cannot be trusted to support POSIX, but
/usr/xpg4/bin/sh can be.  Exec it right away.

* Work around Solaris 'which' command oddity.

Solaris' (at least) 'which' command outputs not-found errors to STDOUT
instead of STDERR.

This makes "did we get any output from which" checks insufficient;
piping to grep -v the "no foo in ..." message should work.

Note that this patch set includes all such uses of which that I could
find, including ones that should never be reached on Solaris (i.e. only
executed on some other OS) just for consistency.

* Improved alternate-sh exec to avoid looping.

* Solaris' /usr/ucb/echo supports -n.

* Check for the best hash type that openssl supports.

When using openssl to generate hashes, do not assume it supports
sha256; try that, then sha1, then give up and use md5.

* Solaris does not support sed -i; use a tempfile.

* Use the full path for modinfo.

When running as non-root, /usr/sbin/ might not be in PATH.
include/tests_accounting already calls modinfo by full path, but
include/tests_kernel did not.

* Solaris find does not support -maxdepth.

This mirrors the logic already in tests_homedirs.

* Use PSBINARY instead of ps.

* Work around Solaris' date not supporting +%s.

Printing nawk's srand value is a bizarre but apparently once popular
workaround for there being no normal userland command to print
UNIX epoch seconds.  A perl one-liner is the other common approach,
but nawk may be more reliably present on Solaris than perl.

* Revert to using sha1 for HOSTID.

* Whitespace cleanup for openssl hash tests.
 2017-03-08 16:24:24 +00:00
hlein e054e9757c Lots of cleanups (#366) 
* Description fix: SafePerms works on files not dirs.

All uses of SafePerms are on files (and indeed, it would reject
directories which would have +x set).

* Lots of whitespace cleanups.

Enforce everywhere(?) the same indentations for if/fi blocks.
The standard for the Lynis codebase is 4 spaces.  But sometimes
it's 1, sometimes 3, sometimes 8.

These patches standardize all(?) if blocks but _not_ else's (which
are usually indented 2, but sometimes zero); I was too lazy to
identify those (see below).

This diff is giant, but should not change code behavior at all;
diff -w shows no changes apart from whitespace.

FWIW I identified instances to check by using:

  perl -ne 'if ($oldfile ne $ARGV) { $.=1; $oldfile=$ARGV; }; chomp; if ($spaces) { next unless /^( *)([^ ]+)/; $newspaces=length($1); $firsttok = $2; next unless defined($firsttok); $offset = ($firsttok eq "elif" ? 0 : 4); if ($newspaces != $spaces + $offset) { print "$ARGV:$ifline\n$ARGV:$.:$_\n\n" }; $ifline=""; $spaces="";  } if (/^( *)if (?!.*[; ]fi)/) { $ifline = "$.:$_"; $spaces = length($1); }' $(find . -type f -print0 | xargs -0 file | egrep shell | cut -d: -f1)

Which produced output like:

  ./extras/build-lynis.sh:217:            if [ ${VERSION_IN_SPECFILE} = "" -o ! "${VERSION_IN_SPECFILE}" = "${LYNIS_VERSION}" ]; then
  ./extras/build-lynis.sh:218:               echo "[X] Version in specfile is outdated"

  ./plugins/plugin_pam_phase1:69:        if [ -d ${PAM_DIRECTORY} ]; then
  ./plugins/plugin_pam_phase1:70:                LogText "Result: /etc/pam.d exists"

...There's probably formal shellscript-beautification tools that
I'm oblivious about.

* More whitespace standardization.

* Fix a syntax error.

This looks like an if [ foo -o bar ]; was converted to if .. elif,
but incompletely.

* Add whitespace before closing ].

Without it, the shell thinks the ] is part of the last string, and
emits warnings like:

  .../lynis/include/tests_authentication: line 1028: [: missing `]'
 2017-03-07 19:23:08 +00:00
Jean Prat a53cb004fa umask can be 0027 or 0077 (#364) 
* umask can be 0027 or 0077

* Readme update
 2017-03-06 14:41:11 +00:00
hlein b595cc0fb5 Various cleanups (#363) 
* Typo fix.

* Style change: always use $(), never ``.

The Lynis code already mostly used $(), but backticks were sprinkled
around.  Converted all of them.

* Lots of minor spelling/typo fixes.

FWIW these were found with:

  find . -type f -print0 | xargs -0 cat | aspell list | sort -u | egrep '^[a-z]+$' | less

And then reviewing the list to pick out things that looked like
misspelled words as opposed to variables, etc., and then manual
inspection of context to determine the intention.
 2017-03-06 07:41:21 +00:00
Michael Boelen b0cde02c71 Code enhancements and allow host alias to be defined in profile 2017-03-05 20:45:13 +01:00
Michael Boelen 44f5209cb9 Add description of CheckItem 2017-03-05 15:12:01 +01:00
Michael Boelen 89c3e449ad [BOOT-5104] added initsplash and code enhancements 2017-03-05 13:13:20 +01:00
Michael Boelen 295fe93ca6 [FILE-6372] Properly deal with comments in /etc/fstab 2017-03-01 16:11:17 +01:00
Michael Boelen d15ba9607f [SSH-7408] Corrected variable and allow a few more retries to prevent issues with public key authentication 2017-03-01 16:07:32 +01:00
Mark Janssen 339ddfea83 Add /usr/local/etc/zend/php.ini as possible php path (#360) 
Thanks, merging!
 2017-03-01 14:31:20 +00:00
Michael Boelen 03fd94aafa Code cleanups and removed 'lynis update release' command 2017-03-01 15:27:02 +01:00
Michael Boelen 9cf25723e0 [AUTH-9308] Test for tilde in inittab for Debian systems 2017-02-28 20:18:47 +01:00
Michael Boelen 5668f7bed1 Corrected variable for data uploads 2017-02-28 20:17:49 +01:00
Michael Boelen ed52d0dd41 New test and reduction of output on screen 2017-02-28 20:17:01 +01:00
Michael Boelen b2f13a2f92 [TIME-3148] new test for TZ variable 2017-02-22 15:06:19 +01:00
Michael Boelen 1c59bfd6f1 Set correct variable for data upload mode 2017-02-21 15:40:49 +01:00
Michael Boelen a19a34cbf3 Allow data uploads to be configured in profile 2017-02-21 15:40:06 +01:00
ryneeverett f5d70a6889 Match for sulogin fails to detect inittab entry (#356) 
A valid inittab entry was missed. Gentoo delivers an inittab
containing su1:S:wait:/sbin/sulogin
 2017-02-21 14:26:32 +00:00
alobodzinski 08b6a40751 MAIL-8818: $LINUX_VERSION is not set on every OS (#357) 2017-02-21 14:25:48 +00:00
Michael Boelen 2d8b06678f [TIME-3116] skip stratum 16 items for time pools 2017-02-18 14:28:56 +01:00
Michael Boelen 8d6bc1ad21 Allow colored output to be configured from profile 2017-02-16 10:27:54 +01:00
Michael Boelen a817bf2f1b [SSH-7408] allow filtering for multiple options and new SSH value for PermitRootLogin 2017-02-15 13:14:54 +01:00
Michael Boelen 0209c6ce90 [AUTH-9208] Remove double logging 2017-02-14 20:18:37 +01:00
Michael Boelen f7478bc9e0 Unique sort of systemctl unit files 2017-02-14 20:15:00 +01:00
Michael Boelen 38af9121ea Properly detect SSH version 2017-02-14 20:10:42 +01:00
Michael Boelen ea16e798ee Grammar fix 2017-02-14 20:05:45 +01:00
Michael Boelen 30d9c2b72d [FIRE-4512] lowered number of minimum rules 2017-02-14 16:19:44 +01:00
Michael Boelen c0e604c059 [HRDN-7222] changed reporting key 2017-02-14 15:08:55 +01:00
Michael Boelen a7dd733dc0 Improve logging for group checks 2017-02-11 21:25:25 +01:00
Michael Boelen 36f7bcbf1c Rename authentication to authorization 2017-02-10 17:18:23 +01:00
Michael Boelen a8c021dd9c Status of MongoDB instances 2017-02-10 13:07:53 +01:00
Michael Boelen 2cc3f889c8 [DBS-1818] MongoDB status 2017-02-10 13:07:30 +01:00
Michael Boelen 9c71f6061d Check for pgrep binary 2017-02-10 12:58:59 +01:00
Michael Boelen d27c1eda84 [DBS-1820] Test for MongoDB authentication 2017-02-10 12:58:47 +01:00
Michael Boelen bfbe35055a [FIRE-4586] escape search string 2017-02-10 11:14:01 +01:00
Michael Boelen 34ba1ba184 Changed date and preparing for release 2017-02-09 13:35:40 +01:00
Michael Boelen a7409568c9 Updated commands 2017-02-05 21:08:08 +01:00
Michael Boelen bbe95bb0ff Check for OS name in Postfix banner 2017-01-28 15:48:26 +01:00
Michael Boelen 551f89c63b Log weak banner and code enhancements 2017-01-28 15:47:47 +01:00
Michael Boelen 57dd96f6c6 Added support for iptables-save 2017-01-28 15:46:56 +01:00
Michael Boelen 103ed2afb3 Added FIRE-4586 2017-01-28 15:46:42 +01:00
Michael Boelen ed45fe7b29 Use the data from machine ID when no SSH keys are available 2017-01-28 12:11:38 +01:00
Michael Boelen 670b18b6f5 Strip out any comments at end of nginx configuration lines 2017-01-27 14:36:55 +01:00
Michael Boelen d4f4c2d785 Added support for Trend Micro and Cylance (macOS) 2017-01-24 20:01:22 +01:00
Michael Boelen 338edb4971 Add stderr for other network tests 2017-01-24 19:30:17 +01:00
Michael Boelen d2a80ed789 Add stderr for NETW-3004 2017-01-24 19:28:06 +01:00
Andres Gomez Casanova 145e1164be Variable name in reportWarning function (#342) 
* Variable name

* Update functions

* Update functions
 2017-01-16 11:03:07 +00:00
pyllyukko d25dcd09ef Set MAC_FRAMEWORK_ACTIVE=1 if grsecurity's RBAC is enabled (#348) 
* Look for gradm utility

* Set MAC_FRAMEWORK_ACTIVE=1 if grsec's RBAC is enabled
 2017-01-16 11:02:03 +00:00
Michael Boelen e483d69050 Solved error on AIX 2016-12-02 20:48:37 +01:00
Michael Boelen aadd58e6a6 Allow option to configure host IDs via profile 2016-12-02 13:19:29 +01:00
Michael Boelen c6f80c0a90 Improve output of report 2016-11-20 16:23:25 +01:00
Michael Boelen e7938c19e6 [KRNL-5830] Improved logging 2016-11-20 16:23:17 +01:00
Michael Boelen d7ed46ae9e [KRNL-5788] Remove exception, style improvements 2016-11-20 16:16:02 +01:00
Michael Boelen f16325ff55 Only show non-privileged tests that were skipped if they are applicable to our platform 2016-11-19 15:38:32 +01:00
Zach Crownover 659d3e42c5 Improve DragonFly support (#329) 
* Update facter location for BSDs

BSDs tend to place third party binaries in /usr/local rather than /usr

* Add support for DragonFly boot loader detection

DragonFly BSD has the same file paths for the bootloader as FreeBSD

* Add kernel module checking for DragonFly

DragonFly BSD checks kernel modules the same way as FreeBSD

* Add DragonFly check for login shells

DragonFly's login files are the same as FreeBSD's

* Add HAMMER PFS Detection

All PFS mounts in HAMMER systems for DragonFly will be detected now
 2016-11-19 12:39:57 +00:00
Michael Boelen 40e19b62be Added Arch Linux detection via /etc/os-release 2016-11-08 19:53:11 +01:00
Michael Boelen b5a1deae47 Added variable for readlink binary 2016-11-08 19:47:59 +01:00
alobodzinski 3aa2efba4d Fix for NAME-4408: getent hosts localhost may show two lines on Ope… (#310) 
* Fix for NAME-4408: getent hosts localhost   may show two lines on OpenBSD

* This version does the comparisons in little less awkward way
 2016-11-05 11:55:11 +01:00
Justin P 50b06efd30 macOS Refactoring (#311) 
* Default all macOS `OS` names as macOS. Added comments to specify `uname` outputs for better understanding.

* Refactored all `Mac` instances referring to macOS over to `macOS` formatting.

Tested on my own machine, unable to find any errors outside of normal parameters.
 2016-11-05 11:53:22 +01:00
Michael Mior 0f318a4b7c Fix Dockerfile audit (#313) 2016-11-05 11:52:06 +01:00
Michael Boelen 1cb1fc40ca Added more definitions for tools 2016-10-28 11:48:20 +02:00
Michael Boelen 3c8e93c28e Improve usage and display of update tool 2016-10-28 11:47:31 +02:00
Michael Boelen 7155afa2bb Added missing space 2016-10-27 11:45:21 +02:00
Michael Boelen a1f9f902a1 [FIRE-4518] mark as a root-only test - correction 2016-10-27 10:08:43 +02:00
Michael Boelen 3a57b628d6 [FIRE-4518] mark as a root-only test 2016-10-27 10:07:03 +02:00
Michael Boelen e0ea967f01 [NETW-3004] add macOS support 2016-10-27 10:06:41 +02:00
Michael Boelen e4cc0b1b9b [AUTH-9234] reversed username and uid 2016-10-27 09:40:13 +02:00
Michael Boelen 43d3088a04 Check for presence of custom.prf, otherwise quit with suggestion 2016-10-27 09:30:25 +02:00
Michael Boelen db0ebcd374 Improved logging 2016-10-27 09:21:56 +02:00
Michael Boelen 5488c6fc4b Missing exclamation mark 2016-10-27 09:19:37 +02:00
Michael Boelen 0d66aec62c [AUTH-9234] style and enhanced support for macOS 2016-10-27 09:13:57 +02:00
Michael Boelen ef7a120997 [AUTH-9234] support for macOS user gathering 2016-10-27 08:56:52 +02:00
Justin P e687b20866 Updates to include/tests_authentication (#308) 
* adjusted.
For test number 9234, added comments stating macOS doesn’t use
/etc/passwd for normal users. macOS uses `opendirectoryd` as the
backend for user management. So, `dscacheutil` is the recommended
program to parse that information. I input a sample line as a comment
in the test area.

* Revert "adjusted."

This reverts commit 2166e5da94.

* Test 9208 and 9234 Updated

For test number 9208, the LogText was clumsily written. Text has been adjusted.
For test number 9234, added comments stating macOS doesn’t use `/etc/passwd` for normal users. macOS uses `opendirectoryd` as the backend for user management. So, `dscacheutil` is the recommended
program to parse that information. I input a sample line as a comment in the test area.

* Test 9208 and 9234 Updated

For test number 9208, the LogText was clumsily written. Text has been adjusted.

For test number 9234, added comments stating macOS doesn’t use `/etc/passwd` for normal users. macOS uses `opendirectoryd` as the backend for user management. So, `dscacheutil` is the recommended
program to parse that information. I input a sample line as a comment in the test area.
 2016-10-27 08:46:23 +02:00
Michael Boelen db7bff9cb2 Missing fi in BOOT-5139 2016-10-26 13:31:59 +02:00
Michael Boelen e96a31eab4 Style improvements 2016-10-26 12:58:51 +02:00
Michael Boelen 4886054187 Style improvements 2016-10-26 12:55:46 +02:00
Michael Boelen e54bae0c6d Merge branch 'master' of https://github.com/CISOfy/lynis 2016-10-26 12:54:59 +02:00
marcus-cr 94d31bba22 NETW-3030 - DHCPD Support Added (#299) 
Added support for DHCPD
 2016-10-26 12:37:35 +02:00
marcus-cr 9208125c06 Malware Scanner Colors for Personal Machine Role (#301) 
Results for malware scanner will show  different color for “personal”
machine-roles (in yellow) rather than the other roles (in red).

Added for leniency towards typical personal PC users for not having
malware scanner (should be a suggestion).

Also included log text result if no scanner found, regardless of
machine-role.
 2016-10-26 12:36:31 +02:00
marcus-cr 56ce017b4f Updated profiles (#300) 
* Updated profiles

Added “personal” machine-role, changed “desktop” to “workstation”.

* Changed Default Profile

Amended roles of system: changed “desktop” to “workstation”, and added
“personal”.
 2016-10-26 12:35:47 +02:00
Michael Boelen 9203b01f88 [BOOT-5139] support for roles 2016-10-26 12:34:56 +02:00
marcus-cr b95e44a526 Changed LILO testing depending on server/workstation or personal roles (#302) 
Test will display result in red if no boot loader password set and if
server or workstation role was set. Cosmetic change for log text, one
instead of two log texts.

Test displays result in yellow if using personal machine role as
suggestion for typical users.
 2016-10-26 12:30:31 +02:00
marcus-cr 6c02d49de0 Warning added for missing AIDE config file (#303) 
Warning given if AIDE is detected but no configuration file found.
Without configuration file AIDE will not work.
 2016-10-26 12:28:47 +02:00
Michael Boelen 3a69103a0e Improve versions for macOS 2016-10-26 12:19:01 +02:00
Michael Boelen 9c6864589b Allow x.y.z for macOS versions 2016-10-26 11:53:44 +02:00
Michael Boelen 270f2e4fb1 Improve logging and detection of domain name 2016-10-23 16:25:38 +02:00
Michael Boelen f18ef5c210 [TIME-3104] extended support for Chrony 2016-10-19 11:28:20 +02:00
marcus-cr f93573ff60 [MALW-3280] Bitdefender AV Support (macOS) (#293) 
* Support for Bitdefender AV (Mac OS)

* Update CHANGELOG.md
 2016-10-19 11:17:54 +02:00
marcus-cr 9dabecadbf Update tests_time (#294) 2016-10-19 11:17:33 +02:00
Michael Boelen a60d4b973a Disabled exception for boot loader 2016-10-19 10:07:11 +02:00
Michael Boelen 9a5b5e5a42 [MALW-3280] Added support for Avast on macOS 2016-10-17 20:45:53 +02:00
Michael Boelen 7b8c04c3b1 [BOOT-5202] use generic variables between OSes 2016-10-17 17:24:34 +02:00
Michael Boelen 61fb197638 [BOOT-5202] changes to uptime measurement for macOS and others 2016-10-17 17:18:10 +02:00
Michael Boelen 1641f4c88f Use machine ID if we have no suitable other string yet 2016-10-17 17:16:36 +02:00
Michael Boelen 404bd9ad4c Correct path to cgroup file 2016-10-16 15:51:30 +02:00
Michael Boelen 27054e2f2e Improve logging for non-privileged users 2016-10-16 15:29:50 +02:00
Michael Boelen 99de3bb0b6 Add 'lynis show environment' 2016-10-16 15:23:47 +02:00
Michael Boelen d0eae6480d Support for Docker container detection 2016-10-16 15:13:04 +02:00
Michael Boelen c0e63699e5 Added 'lynis show os' command and detection improvement 2016-10-16 12:01:33 +02:00
Michael Boelen 7cc56cf4ea Use ID from /etc/os-release 2016-10-16 11:57:19 +02:00
Michael Boelen ae02e81101 Improve usage of /etc/os-release 2016-10-16 11:55:11 +02:00
Michael Boelen fc494a6d3f OS detection of CoreOS 2016-10-16 11:50:23 +02:00
Michael Boelen 22d27434c9 Enhance pkg support on FreeBSD 2016-10-15 16:38:33 +02:00
Michael Boelen f1c3c23cae Corrected error redirection 2016-10-15 16:22:18 +02:00
Michael Boelen 8777a5e616 Use rootdir and proper error redirection 2016-10-15 16:20:04 +02:00
Michael Boelen f0b9a64c47 [PKGS-7381] bugfix at detection of pkg tool 2016-10-15 16:16:26 +02:00
Michael Boelen d88f755f40 [PKGS-7381] check pkg audit and report when the vulnerability database is missing 2016-10-15 16:12:49 +02:00
Michael Boelen b9561b515b [MACF-6208] Allow non-privileged execution and filter permission issues 2016-10-15 16:08:59 +02:00
Michael Boelen d0d76c44cb Improved logging 2016-10-15 15:38:06 +02:00
Michael Boelen b936f3b05b [FIRE-4530] Don't show error on screen for missing IPFW sysctl key 2016-10-15 15:34:03 +02:00
Michael Boelen c4b6aab8c7 Reversed file check on /dev/pf 2016-10-15 15:28:22 +02:00
Michael Boelen 81024635aa Improve detection of pf on FreeBSD 2016-10-15 15:26:15 +02:00
Michael Boelen f16315e0d3 Another enhancement for macOS (Sierra) 2016-10-15 11:35:26 +02:00
Michael Boelen 6b79f38b82 Add then statement 2016-10-15 11:35:07 +02:00
Michael Boelen 76277f1bf9 Added process detection for Little Snitch 2016-10-15 11:30:12 +02:00
Michael Boelen 19bfb4a7a4 Version information for macOS 2016-10-15 11:27:04 +02:00
Michael Boelen fba5140150 [FIRE-4534] detection of Little Snitch 2016-10-15 11:26:51 +02:00
Michael Boelen 7dd3c27b97 Improvements for macOS 2016-10-15 10:43:45 +02:00
Michael Boelen 32711e4155 Added missing quote 2016-10-14 08:57:47 +02:00
Michael Boelen c87e423196 Added HOSTID2 for macOS platform 2016-10-14 08:49:00 +02:00
Michael Boelen 063f50f39c Add upload-only command 2016-10-13 20:15:00 +02:00
Michael Boelen 622d15321b Added clamconf binary 2016-10-06 11:15:28 +02:00
Michael Boelen e5e4262fba New group system integrity 2016-10-05 09:50:20 +02:00
Michael Boelen 0cc27b956e New test INSE-8050 2016-10-05 09:50:06 +02:00
Michael Boelen f0cfab3f04 Style changes and improved detection of Red Hat based clones 2016-09-27 11:20:35 +02:00
Michael Boelen 9caf3005b5 Style improvements and hardening points 2016-09-26 12:05:30 +02:00
Florian Heigl 343eb5304f Add support for Rudder configuration management (#284) 
Rudder (http://www.rudder-project.org) is a config management tool with automatic reporting / dynamic policy adjustment.
The "dynamic" bit happens using FusionInventory.
The config management part uses CFEngine under the hood.
I don't know if hw/os inventory tools also matter in the Lynis report, if yes, I can look into that too.

This patch extends the path searched to detect a running CFEngine agent (and fileserver daemon)
Since the agent is the same, this should immediately detect it.
 2016-09-26 10:34:38 +02:00
Michael Boelen a3f57e6d01 Mark tests PKGS-7320 and PKGS-7322 as Linux-only 2016-09-24 16:17:11 +02:00
Michael Boelen 870ac295c6 Show possible solution with findings 2016-09-24 15:51:05 +02:00
Michael Boelen 98d9096739 Mark arch-audit as a package audit tool 2016-09-24 15:36:45 +02:00
Michael Boelen 1418e0404b Extended message for arch-audit 2016-09-24 15:34:31 +02:00
Michael Boelen fb88bcaf1f Style improvements 2016-09-24 15:34:05 +02:00
Michael Boelen 263c0b558b Changes to show more details for warnings 2016-09-24 15:27:42 +02:00
Michael Boelen 1bc29ebb2e Added solution to arch-audit test 2016-09-24 15:20:24 +02:00
Michael Boelen 35ef5988e6 Add details to warnings 2016-09-24 15:16:41 +02:00
Michael Boelen 1063c8f3e8 Replace calls to binaries and changes in output within report 2016-09-24 15:07:20 +02:00
Michael Boelen 780e66ea81 Use OS full name to detect distribution 2016-09-24 14:58:30 +02:00
Michael Boelen db419495bf Added support for arch-audit tooling 2016-09-24 14:49:14 +02:00
Michael Boelen 9d91f7dac7 [PKGS-7381] Improved output of log and warning 2016-09-22 14:54:55 +02:00
Michael Boelen 6a7ec8795a [PKGS-7381] Collect FreeBSD details for vulnerable packages 2016-09-22 14:47:06 +02:00
Alex Zepeda 100afa5f5b Skip NTP checks from within a FreeBSD jail (#281) 2016-09-22 11:39:55 +02:00
Michael Boelen 76aece2e61 Removed warning and added more report data 2016-09-14 13:15:10 +02:00
Michael Boelen df2fff6cc7 Added NAME-4408 to check localhost to IP mapping 2016-09-13 17:27:25 +02:00
Michael Boelen 86051feaf8 Correct ServerAlias test 2016-09-10 16:16:58 +02:00
Michael Boelen 903016df36 Code cleanups and generic enhancements 2016-09-10 16:12:44 +02:00
Michael Boelen 2534fb99a9 Added file, head, mount, uname, uniq, wc, and xargs 2016-09-10 16:12:15 +02:00
Michael Boelen 9e7dfd52d8 Initialize variables for binaries 2016-09-10 16:11:43 +02:00
Michael Boelen 2b005afd04 Add cut and sed to binary list 2016-09-08 21:04:35 +02:00
Michael Boelen 82ededed31 Style improvements and command replacements 2016-09-08 21:04:17 +02:00
Michael Boelen 81d8486cb0 [CRYP-7902] Gather more certificate details and style improvements 2016-09-08 21:04:02 +02:00
BlueC0re a596bdc349 added TRBINARY + fix nftables check (#276) 
fixes #273
 2016-09-06 20:58:30 +02:00
Michael Boelen 5b2d1570db [KRNL-5820] Corrected function and style changes 2016-09-06 20:57:47 +02:00
Michael Boelen 737b9359ae Renamed tr command 2016-09-05 22:01:02 +02:00
Michael Boelen 1a832476bb [TIME-3104] Changed timedatectl test 2016-09-05 19:48:23 +02:00
alobodzinski 01c687eb55 FILE-6336: Fixed flawed logic: work correctly even if there is no swap at all (#272) 2016-09-05 19:30:04 +02:00
Michael Boelen 0a0453e1bc [FILE-6344] Adjusted /proc test 2016-09-05 19:28:44 +02:00
Michael Boelen 2eb6d908e1 Style improvement and extended log messages 2016-09-05 12:56:58 +02:00
Michael Boelen 2942b4196b Added test FIRE-4540 and textual changes 2016-09-05 12:29:04 +02:00
Michael Boelen cbed07cdb2 [LOGG-2146] Changed text and style 2016-09-05 11:54:42 +02:00
Michael Boelen 04f9fae67c [FIRE-4520] Use discovered pfctl binary and style improvement 2016-09-05 11:22:39 +02:00
Michael Boelen 042e52c0b9 [FIRE-4520] Remove suggestion 2016-09-05 11:21:27 +02:00