tyler.durden
/
lynis
mirror of https://github.com/CISOfy/lynis.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
3,451 Commits 2 Branches 62 Tags 17 MiB
Commit Graph

212 Commits

Author SHA1 Message Date
Claudia 48e794574a
Add macOS EOL 
Apple doesn’t disclose when it stops providing security updates for
macOS versions. There’s no consensus on when the exact EOL date is.

Lacking that information, I applied the following ruleset, which is
driven by what people have observed, and seems pragmatic enough:

- From Mac OS X 10.0 through 10.4, a version 10.N would be considered
  EOL on the day the first patch-level update 10.(N+2).1 for its
  N+2 successor was released.

- Starting with 10.5, Apple began to support three versions at the same
  time. For 10.5 itself, the EOL date is difficult to pin down so I
  went with 2011-06-23, the date given by the English-language
  Wikipedia.

- From 10.6 through 10.11, a version 10.N would be considered EOL on
  the day the first patch-level update 10.(N+3).1 for its N+3 successor
  was released.

- Starting with macOS Sierra (10.12), Lynis counts the patch level.
  Any version 10.N.P can be considered EOL on the day 10.N.(P+1)
  is released. If that hasn’t happened, the EOL date is the day
  10.(N+3).1 is released. If neither has been released, 10.N.P has
  no EOL date.
 2020-08-08 19:11:44 +02:00
Simon Biewald 38b6105c60
add new test to test database 2020-07-09 18:27:02 +02:00
Michael Boelen 1da058d6de
Corrected Amazon Linux entries 
Switched entries and added a note. Due to matching by regular expression, the shortest match would otherwise always win.
 2020-06-30 09:01:29 +02:00
Thomas Sjögren e3ccca4ac0 add SUSE Linux Enterprise Server EOL 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2020-06-25 15:33:31 +02:00
Michael Boelen d1cb4d71cd
Merge pull request #951 from al-lac/master 
Update language files (de, de-AT, en)
 2020-06-22 14:14:50 +02:00
Michael Boelen 22644edc50
Added missing colons 2020-06-21 12:40:43 +02:00
Michael Boelen f855fe7a04
Added Linux Mint 2020-06-21 12:40:03 +02:00
Michael Boelen 06b3cbe529
Reordered items 2020-06-21 12:36:36 +02:00
Alexander L dfb02e4179
Update de 
Sorting
 2020-06-20 14:23:17 +02:00
Alexander L 4a71989d2e
Update en 
Sorting
 2020-06-20 14:20:58 +02:00
Alexander Lackner 6aa63f1c95 Update language files (de, de-AT, en) 2020-06-20 02:12:57 +02:00
Thomas Sjögren 78e7ce36af add RHEL 6,7,8 EOL dates 
(cherry picked from commit 6ce0aa41c6)
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2020-06-18 10:15:13 +02:00
Thomas Sjögren 41ad9d380c update all EOL dates to seconds to epoch 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2020-06-16 09:05:55 +02:00
Thomas Sjögren ca6326a12b
Update db/software-eol.db 
Co-authored-by: Jaimie <59117167+Jaimie85@users.noreply.github.com>
 2020-06-15 07:40:57 +00:00
Thomas Sjögren b3e1fc67c8 add Fedora EOL, update other releases 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2020-06-15 01:35:00 +02:00
Jaimie f072f808a2
Update nl 2020-05-20 15:41:46 +02:00
Michael Boelen ce3c80b44f
Merge pull request #883 from topimiettinen/check-encrypted-swap-devices 
Check if system uses encrypted swap devices
 2020-04-12 16:22:22 +02:00
Topi Miettinen de848cb76a
Check for registered non-native binary formats 
Examine /proc/sys/fs/binfmt_misc (Linux) for additional registered
binary formats. Those are probably emulated and their emulation could
be less tested, more buggy and more vulnerable than native binary
formats, so they should be disabled when not needed.

Signed-off-by: Topi Miettinen <toiwoton@gmail.com>
 2020-04-10 12:54:48 +03:00
0xD503 49549f9155 Added Russian translation 
Added Russian localization
 2020-04-05 22:01:29 +01:00
Michael Boelen 032bb6988e
Added new test NETW-2400 2020-04-04 15:28:04 +02:00
Michael Boelen 5288479296
Merge pull request #899 from bginsbach/auth-9218 
AUTH-9218 Improvements
 2020-04-03 09:48:39 +02:00
Brian Ginsbach 6308682cae Combine AUTH-9218 and AUTH-9489 
These two tests are essentially identical. There is no need separate
the DragonFly and FreeBSD tests. This will make it easier to add
support for other BSD systems.
 2020-04-02 20:09:01 -05:00
Michael Boelen 38a5c2cb79
Added new test PHP-2382 2020-04-02 19:46:58 +02:00
Michael Boelen 4cf21ebdcc
Added FILE-6394 2020-04-01 16:19:09 +02:00
Topi Miettinen 5c5cc43c6f
Check if system uses encrypted swap devices 
Add test CRYP-7931 to check if the system uses any encrypted swap
devices.

Signed-off-by: Topi Miettinen <toiwoton@gmail.com>
 2020-03-27 13:05:56 +02:00
Michael Boelen 5e821687af
Added new tests 2020-03-24 13:33:24 +01:00
Michael Boelen 18a570c0b8
Merge pull request #880 from konstruktoid/grphashrounds 
Add test for group password hash rounds
 2020-03-24 13:24:12 +01:00
Thomas Sjögren 6818db5e12 add AUTH-9230 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2020-03-24 11:43:34 +01:00
Topi Miettinen 8913374092 Run 'systemd-analyze security' 
'systemd-analyze security' (available since systemd v240) makes a nice
overall evaluation of hardening levels of services in a system. More
details can be found with 'systemd-analyze security SERVICE' for each
service.

Signed-off-by: Topi Miettinen <toiwoton@gmail.com>
 2020-03-23 17:31:32 +02:00
Michael Boelen 32cefdea0a
Merge pull request #878 from topimiettinen/check-ima-evm 
Check IMA/EVM, dm-integrity and dm-verity statuses
 2020-03-23 13:18:16 +01:00
Michael Boelen 122619d01f
Merge pull request #874 from topimiettinen/check-password-hashing-methods 
Check password hashing methods
 2020-03-23 12:49:20 +01:00
Topi Miettinen 8ea39314f2
Check for dm-integrity and dm-verity 
Detect tools for dm-integrity and dm-verity, check if some devices
in /dev/mapper/* use them and especially the system root device.

Signed-off-by: Topi Miettinen <toiwoton@gmail.com>
 2020-03-23 10:35:38 +02:00
Topi Miettinen 203a4d3480
Check IMA/EVM status 
Check for evmctl (Extended Verification Module) tool and system IMA (Integrity Measurement
Architecture) status.

Signed-off-by: Topi Miettinen <toiwoton@gmail.com>
 2020-03-22 11:21:52 +02:00
Topi Miettinen 26a54991ba
Check for software pseudo random number generators 
Check for running audio-entropyd, havegd or jitterentropy-rngd.

Signed-off-by: Topi Miettinen <toiwoton@gmail.com>
 2020-03-21 16:26:30 +02:00
Michael Boelen 6e9482a571
Merge branch 'master' into netbsd-eol 2020-03-21 13:34:41 +01:00
Topi Miettinen 4a51ad031b
Check password hashing methods 
Manual page crypt(5) gives recommendations for choosing password
hashing methods, so let's check if there are weakly encrypted
passwords in the system.

Signed-off-by: Topi Miettinen <toiwoton@gmail.com>
 2020-03-21 12:50:38 +02:00
Brian Ginsbach 50fc3f816a Add NetBSD EOL data 2020-03-20 13:42:28 -05:00
Brian Ginsbach 52344913d3 Add a way to signify undetermined EOL 
Replace setting an artificaly high date and converted date for
operating systems with no EOL (rolling) or the EOL is still to
be determined. This makes it easier for humans and saves making
a comparison (when using an artifically high converted time)
will always be false (EOL=0).

An example entry

        os:AGreatOS 2.0:👎

The converted time (seconds since the epoch) could be specified as
zero but this typically means the OS is out of date (now), A value
of -1 is a convention indicating no EOL.
 2020-03-20 13:42:28 -05:00
Michael Boelen af03c07d9f
Shortened CentOS 7/8 strings to allow match and added note 2020-03-20 19:39:49 +01:00
Michael Boelen 724acf1be5
Added CentOS 8 end-of-life 2020-03-20 19:33:10 +01:00
Michael Boelen 27cdcec741
Add CentOS 7 (Core) 2020-03-20 14:57:28 +01:00
Michael Boelen 8f37edb626
Update tests.db 
Corrected test ID
 2020-03-20 09:46:08 +01:00
Topi Miettinen 820d2ec607
Check DNSSEC status with resolvectl when available 
'resolvectl statistics' shows if DNSSEC is supported by
systemd-resolved and upstream DNS servers.

Signed-off-by: Topi Miettinen <toiwoton@gmail.com>
 2020-03-19 23:56:24 +02:00
Topi Miettinen 3aaeeea856
Check for rEFInd boot loader 
Detect rEFInd boot loader (https://www.rodsbooks.com/refind/).

Signed-off-by: Topi Miettinen <toiwoton@gmail.com>
 2020-03-19 15:44:30 +02:00
Michael Boelen 3bbe34ea73
[CRYP-8004] enhanced after pulling in initital test 2020-02-15 14:09:56 +01:00
pyllyukko c88953a815
Test SINT-7010 in macOS only 2019-10-08 20:31:35 +03:00
Michael Boelen 87f5596952
Added new test DBS-1828 2019-10-08 15:15:18 +02:00
Michael Boelen f188bac7e8
Update description for FILE-6374 2019-10-08 15:10:02 +02:00
Michael Boelen 157c23e892
Added additional string 2019-09-12 11:14:44 +02:00
Michael Boelen b3cb6e91f0
Ordering of entries 2019-09-03 10:55:05 +02:00
2*yo b8c3c55d68
Add Debian EOL 2019-09-03 10:41:13 +02:00
Michael Boelen a87c2b10f9
Added CRYP-8002 2019-08-29 10:39:43 +02:00
Michael Boelen 1e4e00adea
Changed description of TOOL-5160 2019-08-28 15:37:35 +02:00
Michael Boelen f89aa98408
Added FINT-4316 2019-08-26 08:02:11 +02:00
Michael Boelen d2deb63ebb
Added NETW-3200 2019-08-22 14:12:53 +02:00
Michael Boelen d3464d88b1
[CRYP-7930] changed description 2019-08-21 14:08:17 +02:00
Michael Boelen e5b8047133
Added data and detection of Amazon Linux 2019-08-13 22:00:30 +02:00
Michael Boelen 3e392c8e6c
Added end-of-life data for Arch Linux (rolling) 2019-08-13 21:40:29 +02:00
Michael Boelen a510c1c136
Sorting and added new strings 2019-08-08 12:38:46 +02:00
Michael Boelen 0a6417423f
Added HOME-9304 and HOME-9306 2019-07-26 14:15:09 +02:00
Michael Boelen 3213cadd5a
Added new tests INSE-8318 and INSE-8320 2019-07-16 13:13:25 +02:00
Michael Boelen 27b2a4dc7a
Renamed STRG-1840 and STRG-1842 2019-07-15 20:04:59 +02:00
Michael Boelen 7d33b59b0c
Added tests 2019-07-14 13:19:11 +02:00
Michael Boelen e4498be840
Added new test: PROC-3802 2019-07-10 20:12:43 +02:00
Michael Boelen 6891f64c39
Added CRYP-7930 2019-07-09 10:33:51 +02:00
Michael Boelen a49ea33fea
Changed Ubuntu 18.10 period 2019-07-07 18:47:35 +02:00
pyllyukko 2065b06e95
Added Slackware Linux EOLs 2019-06-12 11:44:22 +03:00
Patark a64e3966c9 Add danish language support (#718) 2019-05-30 12:38:11 +02:00
Thomas Sjögren 4370c4a241 update CentOS releases in software-eol.db (#721) 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2019-05-30 12:36:26 +02:00
Michael Boelen 2855e8503e
Corrected CentOS entries 2019-04-15 19:20:43 +02:00
Michael Boelen 7ebfd3015c
Added new tests 2019-04-04 14:42:06 +02:00
Michael Boelen f2e6b23c9f
Added PKGS-7420 2019-04-02 11:14:49 +02:00
Michael Boelen c83f87853f
Add new tests 2019-03-07 11:01:33 +01:00
Jerry Park 89bf607498 Added Korean translation (#652) 
* Korean translation for ko-KR

Translation in Korean

* changed ko-KR to ko
 2019-03-07 10:01:02 +01:00
Michael Boelen 32fc4a01b0
Corrected FreeBSD, added CentOS and OpenBSD 2019-03-05 19:31:11 +01:00
jirib 0dafe4a02b better OpenBSD support (#641) 2019-03-05 19:03:44 +01:00
Michael Boelen 19f38bc1ef
Updated entries 2019-03-04 13:40:40 +01:00
Michael Boelen f7a291a62f
Use datestamps instead of date, due to compatibility with other platforms 2019-03-04 12:33:03 +01:00
Michael Boelen 34a2742cdb
Initial support for end-of-life OS detection 2019-02-26 16:15:15 +01:00
Michael Boelen 11368b4ca8
Added STATUS_WEAK 2019-01-14 11:13:03 +01:00
Michael Boelen b9c3590f41
[FIRE-4534] Additional support for Hands Off!, LuLu, and Radio Silence 2018-12-14 13:22:23 +01:00
Katarina Durechova 50e147a1e6 Add Slovak translation (#596) 2018-12-13 12:11:16 +01:00
Michael Boelen 5028aa2f70
Added SSH-7406 to detect OpenSSH version + condition based checking in SSH-7408 2018-10-23 17:14:47 +02:00
Michael Boelen d44f51a353
Added and changed description for TOOL-5160 2018-10-23 13:00:16 +02:00
Michael Boelen 532c1a9bb6
Add TOMOYO tests 2018-10-18 11:01:30 +02:00
Michael Boelen 19b999dc79
[MAIL-8804] added 2018-06-26 11:34:32 +02:00
Ozgur 6f7feed172 add AZ translate (#551) 2018-05-27 09:13:25 +02:00
kisst 039945bde6 DNS-1600 Check for DNSSEC validation (#535) 2018-05-02 13:19:01 +02:00
John Eismeier c5dcbe8c31 Propose fix some typos (#538) 2018-04-23 10:54:44 +02:00
Michael Boelen a8ead02183
Removed SHLL-6290 from database 2018-02-09 12:43:19 +01:00
mslifcak c170f1fc0a Pin db sync (#519) 
* fix testname in one Register and four comments

* remove db dup MAIL-8816; add db AUTH-9489 BOOT-5261 CORE-1000 FILE-6363 FILE-6439 KRNL-5831 MAIL-8817 SINT-7010 USB-3000

* fix description PLGN-3856
 2018-02-09 12:37:10 +01:00
Michael Boelen 1637619351
Renamed language file 2018-01-17 16:06:14 +01:00
alphaomicron a12dfa0847 Create GR (#508) 2018-01-17 13:50:07 +01:00
Ygor Maximo a20fd448ab Update pt (#482) 
Fixed typos. Update made based on information from 'en' file
 2017-10-29 10:21:44 +01:00
aolivac ac524617e5 replace invalid quotes ,error lynis/db/languages/es: Syntax error: Unterminated quoted string (#477) 2017-10-19 09:55:52 +02:00
Michael Boelen 5768d39e16
Updated translations 2017-09-18 08:01:00 +02:00
Michael Boelen 01a806dd45
Extended and activated languages 2017-09-17 20:15:39 +02:00
Jesus Christian Cruz Acono 159477ca6d Update es (#464) 
added more strings
 2017-09-17 20:02:22 +02:00
bruberg 9ddf9e7335 Add Norwegian language file (#450) 2017-09-01 16:23:39 +02:00
(╯°□°)╯︵ uᴉǝssnH ɐɟɐʇsoW 3b66a22f39 Firewall check updates (#414) 
* Check if CSF is running

* Check for APF presence
 2017-07-10 15:23:32 +02:00