Commit Graph

36 Commits

Author SHA1 Message Date
Michael Boelen da1c1eca10
Preparation for release 3.0.3 2021-01-07 15:22:19 +01:00
Michael Boelen 01c970f73f
Merge pull request #1044 from delscate/master
Fix wc and head cmd when using busybox
2020-10-22 13:24:56 +02:00
Stéphane 67d04f2536
Add translate function for all sections
+ add EN and FR up to date languages files
2020-10-22 00:13:42 +02:00
Fabien Lehoussel 537624da15 Fix wc command with --lines argument to be used with busybox 2020-10-19 15:02:48 +02:00
Topi Miettinen e09fe98b89 Enhance TOMOYO Linux check
Count and log unconfined processes, which are not using policy
profile 3.

Signed-off-by: Topi Miettinen <toiwoton@gmail.com>
2020-03-23 18:44:21 +02:00
Topi Miettinen e0e2096a25
Enhance AppArmor check
Count and log unconfined processes which have no AppArmor profile
applied.

Signed-off-by: Topi Miettinen <toiwoton@gmail.com>
2020-03-21 17:14:55 +02:00
Michael Boelen 38310223a6
Updated date/year 2020-03-20 14:50:25 +01:00
Topi Miettinen fb9cdb5c43
Enhance SELinux checks
Display and log: permissive types (rules are not enforced), unconfined
processes (not confined by rules) and processes with initrc_t
type (generic type with weak rules).

Signed-off-by: Topi Miettinen <toiwoton@gmail.com>
2020-03-19 19:45:37 +02:00
Michael Boelen 09f29a5e64
Code style improvement: quote argument 2019-12-18 12:17:46 +01:00
pyllyukko b771437cd0
Redirect gradm stderr to /dev/null
If the tool exists but the kernel doesn't have grsec, you'll get the
following error into stderr:

Could not open /dev/grsec.
open: No such file or directory
2019-10-08 20:52:55 +03:00
Michael Boelen fa8bad20db
Use -n instead of ! -z 2019-07-16 13:20:30 +02:00
Michael Boelen 66066ae226
Changed year and preparing for new release 2019-01-31 14:47:35 +01:00
Michael Boelen 532c1a9bb6
Add TOMOYO tests 2018-10-18 11:01:30 +02:00
Deon Spengler 72796f5757 Added support for TOMOYO Linux Mandatory Access Control (#589)
* Added binary for TOMOYO Linux

* Added support for TOMOYO Linux Mandatory Access Control
2018-10-17 14:20:52 +02:00
Michael Boelen 66f8cb2441
Changed year 2018-01-11 09:50:26 +01:00
Michael Boelen 4ecb9d4d05
[bulk change] cleaning up, code enhancements, initialization of variables, and new tests 2017-04-30 17:59:35 +02:00
hlein e054e9757c Lots of cleanups (#366)
* Description fix: SafePerms works on files not dirs.

All uses of SafePerms are on files (and indeed, it would reject
directories which would have +x set).

* Lots of whitespace cleanups.

Enforce everywhere(?) the same indentations for if/fi blocks.
The standard for the Lynis codebase is 4 spaces.  But sometimes
it's 1, sometimes 3, sometimes 8.

These patches standardize all(?) if blocks but _not_ else's (which
are usually indented 2, but sometimes zero); I was too lazy to
identify those (see below).

This diff is giant, but should not change code behavior at all;
diff -w shows no changes apart from whitespace.

FWIW I identified instances to check by using:

  perl -ne 'if ($oldfile ne $ARGV) { $.=1; $oldfile=$ARGV; }; chomp; if ($spaces) { next unless /^( *)([^ ]+)/; $newspaces=length($1); $firsttok = $2; next unless defined($firsttok); $offset = ($firsttok eq "elif" ? 0 : 4); if ($newspaces != $spaces + $offset) { print "$ARGV:$ifline\n$ARGV:$.:$_\n\n" }; $ifline=""; $spaces="";  } if (/^( *)if (?!.*[; ]fi)/) { $ifline = "$.:$_"; $spaces = length($1); }' $(find . -type f -print0 | xargs -0 file | egrep shell | cut -d: -f1)

Which produced output like:

  ./extras/build-lynis.sh:217:            if [ ${VERSION_IN_SPECFILE} = "" -o ! "${VERSION_IN_SPECFILE}" = "${LYNIS_VERSION}" ]; then
  ./extras/build-lynis.sh:218:               echo "[X] Version in specfile is outdated"

  ./plugins/plugin_pam_phase1:69:        if [ -d ${PAM_DIRECTORY} ]; then
  ./plugins/plugin_pam_phase1:70:                LogText "Result: /etc/pam.d exists"

...There's probably formal shellscript-beautification tools that
I'm oblivious about.

* More whitespace standardization.

* Fix a syntax error.

This looks like an if [ foo -o bar ]; was converted to if .. elif,
but incompletely.

* Add whitespace before closing ].

Without it, the shell thinks the ] is part of the last string, and
emits warnings like:

  .../lynis/include/tests_authentication: line 1028: [: missing `]'
2017-03-07 19:23:08 +00:00
Michael Boelen 34ba1ba184 Changed date and preparing for release 2017-02-09 13:35:40 +01:00
pyllyukko d25dcd09ef Set MAC_FRAMEWORK_ACTIVE=1 if grsecurity's RBAC is enabled (#348)
* Look for gradm utility

* Set MAC_FRAMEWORK_ACTIVE=1 if grsec's RBAC is enabled
2017-01-16 11:02:03 +00:00
Michael Boelen b9561b515b [MACF-6208] Allow non-privileged execution and filter permission issues 2016-10-15 16:08:59 +02:00
Michael Boelen 903016df36 Code cleanups and generic enhancements 2016-09-10 16:12:44 +02:00
Michael Boelen 679e8c628e Use detected binaries 2016-08-25 15:31:33 +02:00
Michael Boelen c061d31bde Change text of AppArmor test and add more details to report 2016-08-22 12:12:38 +02:00
Michael Boelen 3c4aee1358 Removed unneeded field for warnings and suggestions 2016-08-10 07:12:54 +02:00
Michael Boelen 2f4c854ba7 Rename of categories, introduction of groups 2016-07-24 17:22:00 +02:00
Michael Boelen 983e293eb1 Replaced text strings to allow translations 2016-06-18 11:14:01 +02:00
Michael Boelen 924e53ed76 Do an earlier detection of grsecurity and store result, so tests can be simplified 2016-05-03 10:58:05 +02:00
mboelen 42607ceaf5 Replaced old function names with new ones 2016-04-28 12:31:57 +02:00
mboelen 8cc47819b4 Removed copyright line, added description 2016-03-13 16:03:46 +01:00
mboelen 6197ac08e7 Added link to website, blog, github 2016-03-13 16:00:39 +01:00
mboelen d16b38eff8 Rename of logtext and report functions, upcoming year change 2015-12-21 21:17:15 +01:00
Laurent Quillerou 3cdd9ea949 Delete trailing whitespace 2015-09-07 18:35:07 +03:00
mboelen 66fb369593 Copyright line changes and cleanups 2015-07-22 16:28:11 +02:00
mboelen 5caf4ddc4f Update of the files to reflect HTTPS version of website and 2015. Happy New Year! 2015-01-03 12:45:22 +01:00
mboelen 56cc2df2c2 Adjustments to allow non-privileged scan and reduce errors on screen 2014-09-08 23:51:27 +02:00
mboelen c0ae2e217b Initial import 2014-08-26 17:33:55 +02:00