tyler.durden
/
lynis
mirror of https://github.com/CISOfy/lynis.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
3,283 Commits 2 Branches 62 Tags 17 MiB
Commit Graph

2157 Commits

Author SHA1 Message Date
Michael Boelen d703d160ff
Added RHEL, renamed CentOS Linux name, reordered items 2019-08-22 14:20:30 +02:00
Michael Boelen d2deb63ebb
Added NETW-3200 2019-08-22 14:12:53 +02:00
Michael Boelen a72650252f
When audit target is missing, stop execution 2019-08-22 14:11:22 +02:00
Michael Boelen 2c4e7711db
Added CentOS and trigger an exception when a system has /etc/os-release but is not defined yet 2019-08-21 14:51:20 +02:00
Michael Boelen 4e39bafd78
New function to display exceptions 2019-08-21 14:50:32 +02:00
Michael Boelen 605e515c31
Updated forensics variable 2019-08-21 14:00:20 +02:00
Michael Boelen 65f1a5e811
Added initial support for DevOps mode to improve continuous integration 2019-08-21 13:59:28 +02:00
Michael Boelen d395e1a2da
[CRYP-7930] extend test to use cryptsetup/lsblk or crypttab file 2019-08-21 13:50:01 +02:00
Michael Boelen 3db7a3b944
Move -c also to list of deprecated items 2019-08-21 13:48:36 +02:00
Michael Boelen ee18e76e97
Preparations for forensics scan mode 2019-08-21 13:41:23 +02:00
Michael Boelen a714568842
Merge pull request #731 from chr0mag/cryp-7930 
[CRYP-7930] Modify to use 'lsblk' and 'cryptsetup'
 2019-08-21 12:31:36 +02:00
Michael Boelen 7dfd580320
Only escape backslash, question mark is not needed 2019-08-20 16:22:00 +02:00
Michael Boelen 8a7f8038b5
Do not show a tool tip if quiet option is used 2019-08-20 16:01:10 +02:00
Michael Boelen 32a895c843
Do not use find command when busybox is used 2019-08-20 15:57:04 +02:00
Michael Boelen e685182b18
Put in fail-safe options for systems using AIX or busybox 2019-08-20 14:49:34 +02:00
Michael Boelen a310c43176
Set hyphen as last character to allow it being matched 2019-08-20 14:24:06 +02:00
Michael Boelen e7d6aaa44d
Stop execution if unexpected characters were found. Also move hyphen to end to list, otherwise it may not work as a matchin character 2019-08-20 14:17:05 +02:00
Michael Boelen 3407a1dbe6
[FILE-7524] optimized test with new function and changed warning to suggestion 2019-08-17 16:49:11 +02:00
Michael Boelen 0a3f42afbc
New function HasCorrectFilePermissions 2019-08-17 16:48:46 +02:00
Yoni Weill 6164b41836 [HOME-9306] s/git-shell/git 2019-08-15 13:27:59 +03:00
Yoni Weill 8c3417dcc2 [HOME-9304] s/git-shell/git 2019-08-15 13:27:19 +03:00
Michael Boelen a4f13a8ab2
Only do Amazon Linux version detection if /etc/os-release does not exist 2019-08-13 22:09:06 +02:00
Michael Boelen e5b8047133
Added data and detection of Amazon Linux 2019-08-13 22:00:30 +02:00
Michael Boelen 914f343635
Corrected variable 2019-08-13 21:00:43 +02:00
Michael Boelen 2af2d0a895
[HOME-9306] Added git-shell to ignore list 2019-08-13 20:05:09 +02:00
Michael Boelen 368989d5c4
[HOME-9304] Added git-shell to ignore list 2019-08-13 20:04:14 +02:00
Michael Boelen 1930dbe6c2
Added support for pacman 2019-08-13 20:02:49 +02:00
Michael Boelen 3006b8dd26
[AUTH-9408] both backslash and brackets needs to be individually escaped 2019-08-08 15:05:23 +02:00
Michael Boelen fdc2977575
[AUTH-9408] corrected description 2019-08-08 13:28:17 +02:00
Michael Boelen b9fa5bce14
Added more text output for data uploads 2019-08-08 12:38:25 +02:00
Michael Boelen c86e24fced
Added missing $ 2019-08-08 12:10:30 +02:00
Michael Boelen f76cf70651
Missing } 2019-08-04 19:40:02 +02:00
Michael Boelen 48ba463376
Added support for swupd (Clear Linux OS) 2019-08-04 19:37:55 +02:00
Michael Boelen 04d2cb838b
Test for presence of /etc/hosts (e.g. Clear Linux OS), changed screen and log output 2019-08-04 19:20:16 +02:00
Michael Boelen d3355937a4
Don't quote in for loop to prevent glueing individual lines together 2019-08-04 19:19:12 +02:00
Michael Boelen f2b385fbf7
Initial support for Clear Linux OS 2019-08-04 19:18:16 +02:00
Michael Boelen da055ae0aa
More standardization of text and adding deprecated functions for transition period 2019-08-01 14:59:03 +02:00
David Marzal 28801e7ad7 Clean up of not used legacy functions and not used broken functions 2019-07-31 22:29:26 +02:00
Michael Boelen 3ea66d4298
[LOGG-2154] corrected output of files in /etc/rsyslog.d directory 2019-07-31 08:17:15 +02:00
Michael Boelen 4b77e27495
Reversed if/then to show correct status of minilogd 2019-07-31 08:03:21 +02:00
David Marzal 000838b154 Document --usecwd in helper_show and man 2019-07-29 15:22:48 +02:00
Michael Boelen 429ad46649
[LOGG-2154] added support for rsyslog configurations 2019-07-26 20:07:14 +02:00
Michael Boelen fa064a824b
[FINT-4334] improved process detection for lfd 2019-07-26 16:14:26 +02:00
Michael Boelen 9605f0fa80
Combined sort and uniq to sort -u 2019-07-26 15:34:02 +02:00
Michael Boelen 7f1742fc54
Replaced direct calls to tools 2019-07-26 14:14:54 +02:00
Michael Boelen 1c79357526
Merge pull request #720 from dvehrs/exim4 
Added certificate tests for Exim
 2019-07-26 14:07:39 +02:00
Michael Boelen 3af72e41c7
Improved selection of home directories for normal users in HOME-9304 and HOME-9306 2019-07-26 11:59:03 +02:00
Michael Boelen 2ec0268692
Merge pull request #732 from Marzal/Marzal-FILE-7524 
Changes for new profile format
 2019-07-26 11:33:38 +02:00
Michael Boelen 17137408d2
Use IsRunning exit code instead of variable 2019-07-26 11:32:48 +02:00
Michael Boelen 8321b98689
[AUTH-9408] double escape to prevent error message (awk: warning: escape sequence '\[' treated as plain '[') 2019-07-26 11:11:03 +02:00
Michael Boelen b7fb98a47f
[AUTH-9266] skip .pam-old files in /etc/pam.d (used by Ubuntu) 2019-07-26 10:57:44 +02:00
Michael Boelen d621355b7e
Set variable instead of using return, otherwise other parameters won't be checked 2019-07-26 09:00:47 +02:00
Michael Boelen b384fa2887
New option: --usecwd to run from current working directory 2019-07-25 11:34:58 +02:00
David b8a0190e82
Fix grep in PROFILEVALUE 
Make it work with new profile format
 2019-07-18 18:58:11 +02:00
David 4d5a0c59c7
Fix find fields in new profile format 
New format uses permfile= so it needs a new cut to filter the name file
 2019-07-18 18:52:36 +02:00
Michael Boelen d6cce1cd08
Test if profiles provided using the command line are readable 2019-07-18 11:54:11 +02:00
Michael Boelen dcd829076b
Move this check to the DiscoverProfiles function 2019-07-18 11:48:00 +02:00
Michael Boelen 4b0f5517f7
Textual change 2019-07-18 11:47:24 +02:00
Michael Boelen b53b894f33
Added file check when a profile is provided 2019-07-18 11:42:26 +02:00
Michael Boelen b7f7179f1e
Moved variables 2019-07-18 11:42:01 +02:00
Michael Boelen 0e9e0fab36
Merge pull request #730 from Marzal/Marzal-PRIVILEGED 
Fix $privileged var being overwrite
 2019-07-18 11:36:47 +02:00
Michael Boelen 87fef1c27b
Merge pull request #729 from Marzal/Marzal-strictmode 
strictmode fixes
 2019-07-18 11:36:23 +02:00
Michael Boelen 63043b536d
[AUTH-9408] added support for pam_tally2 to log failed logins 2019-07-18 11:33:28 +02:00
Julian Phillips e293af16aa Add FOUND var to unset list 2019-07-17 18:01:44 -07:00
Julian Phillips 84dd024887 [CRYP-7930] Modify to use 'lsblk' and 'cryptsetup' 
There are several challenges with the existing method of using
/etc/crypttab:

1)encrypted rootfs partitions are not typically listed in this
file (users are prompted for password in early boot instead)

2)the 'luks' option is the default option so it is possible for
/etc/crypttab entries to never have this set explicitly and any
block device configured as such will be missed currently

3)any device mounted manually, or using any other mechanism aside
from /etc/crypttab will be missed

This commit executes 'cryptsetup isLuks' on every block device in
the system to determine whether it is a LUKS device. This handles
all 3 cases mentioned above.

Test case wording was also updated to reflect the fact that it
only checks for LUKS entrypted block devices. So, plain dm-crypt
and TrueCrypt/VeraCrypt block device encryption is not detected.
Nor is any file system level encryption such as eCryptfs, EncFs,
gocryptfs.
 2019-07-17 16:18:12 -07:00
David d1cb74e7d9
Delete PRIVILEGED var from this file 
if PRIVILEGED is set in the file, it will overwrite the value in the main program always to 0.
This change depends in the other commit that set the variable in both cases.
 2019-07-17 23:28:51 +02:00
David 06413994cf
Initialize some vars to allow strict mode to work 
IsRunning():
To check if $users is empty in strict mode we need the var to be initializez

ReportException:
Some test call this function without the second parameter, this is not allowed in strict mode if we don't initialize the variable
 2019-07-17 23:16:47 +02:00
David 250fb965d3
Strict mode needs this vars initialized 2019-07-17 23:08:20 +02:00
Michael Boelen a4d15f77b5
Differentiate between a discovered binary and running process 2019-07-16 19:10:04 +02:00
Michael Boelen 9e56706aa6
Formatting and improved logging 2019-07-16 19:06:31 +02:00
Michael Boelen 2bd1b1b590
Format change 2019-07-16 19:05:28 +02:00
Michael Boelen d696d521c1
Extended IsRunning function to allow for searching by a combination of process name and user. 2019-07-16 19:04:53 +02:00
Michael Boelen 5869fa4eb1
[INSE-8050] added com.apple.ftp-proxy and improved text output 2019-07-16 14:35:00 +02:00
Michael Boelen a2c57e0b75
Added missing 'then' 2019-07-16 13:21:32 +02:00
Michael Boelen fa8bad20db
Use -n instead of ! -z 2019-07-16 13:20:30 +02:00
Michael Boelen a12aaa2d3a
Added quotes 2019-07-16 13:13:15 +02:00
Michael Boelen 2e192788bb
Added new tests INSE-8318 and INSE-8320 2019-07-16 13:12:17 +02:00
Michael Boelen f8564f2923
[STRG-1840] renamed to USB-1000 2019-07-15 20:04:38 +02:00
Michael Boelen 52610e1abe
[STRG-1842] renamed to USB-2000 2019-07-15 20:00:14 +02:00
Michael Boelen 7ec81715aa
Minor cleanup 2019-07-15 19:57:23 +02:00
Michael Boelen 08cbc6fe2e
Merge pull request #680 from Capashenn/patch_12 
fix issue #610 STRG-1842
 2019-07-15 19:53:33 +02:00
Michael Boelen 455fc26bf7
Small code enhancements 2019-07-15 19:39:04 +02:00
Michael Boelen 2e7c6c7816
[FINT-4328] correct text in log 2019-07-15 19:34:37 +02:00
Michael Boelen c1cf106d03
Show location for Lynis package and new documentation 2019-07-15 19:05:57 +02:00
Michael Boelen 7728213ac4
Merge branch 'master' into docu 2019-07-15 18:55:10 +02:00
Michael Boelen c074c81897
Initial work on GetReportData function 2019-07-14 15:12:25 +02:00
Michael Boelen ced78b52b0
Small markup changes 2019-07-14 15:11:45 +02:00
Michael Boelen 591bc05f4d
[SSH-7408] changed text in suggestion and report 2019-07-14 14:43:35 +02:00
Michael Boelen dbc6f9bc4c
[SCHD-7702] removed hardening points 2019-07-14 13:40:55 +02:00
Michael Boelen b025b3301a
Define relative or absolute path, depending on directory/file or being a binary 2019-07-14 13:36:45 +02:00
Michael Boelen 1df9630bcf
Merge pull request #676 from Capashenn/patch_8 
fix issue #659
 2019-07-14 13:30:16 +02:00
Michael Boelen 4b68c22f30
Use relative paths 2019-07-14 13:27:08 +02:00
David 8400849c58
Add missing commands to show command helper 
configure,generate,update,upload-only
 2019-07-14 13:26:03 +02:00
Michael Boelen 9ebddf0e0c
Merge pull request #675 from Capashenn/patch_7 
fix issues #666 #667
 2019-07-14 13:21:40 +02:00
Michael Boelen ceb9ea193d
Renamed INSE-8342 to INSE-8304 2019-07-14 13:16:48 +02:00
Michael Boelen 93e311e52e
Added INSE-8314 and INSE-8316 for NIS client and server 2019-07-14 13:13:02 +02:00
Michael Boelen 3f04235353
[INSE-8116] added rsync service 2019-07-14 13:06:23 +02:00
Michael Boelen 96434508d4
Disable testing for other tools, as xxd is not present on all systems by default 2019-07-14 12:18:22 +02:00
Michael Boelen ba32b1a001
Use xxd or hexdump, depending on OS 2019-07-14 12:18:05 +02:00
Michael Boelen 4829ae9722
Long format for od does not exist on BSD 2019-07-14 11:57:44 +02:00
Michael Boelen 34f306eb0b
Internal reorganization 2019-07-14 11:50:02 +02:00
Michael Boelen 26fca99c40
Textual changes 2019-07-14 11:49:14 +02:00
Michael Boelen 1a512984c1
[SSH-7406] instead of just carriage return, strip all control characters 2019-07-14 08:43:06 +02:00
Michael Boelen 0bdcb57763
Merge branch 'master' into patch_3 2019-07-14 08:36:47 +02:00
Michael Boelen 82b1c63341
[NETW-3032] small rewrite of test and extended with addrwatch 2019-07-14 08:28:49 +02:00
Michael Boelen 96b9fc33e4
Add generator/version for future 2019-07-13 20:12:38 +02:00
Michael Boelen 6096db8828
Merge pull request #727 from Marzal/showhelperversion 
Prepend sed to discard '## ' in CHANGELOG.md
 2019-07-13 20:05:37 +02:00
Michael Boelen 9f7e0775a5
New command: lynis generate systemd-units 2019-07-13 20:03:30 +02:00
David 2dcf816e86
Prepend sed to discard '## ' in CHANGELOG.md 
Since version 2.6.6 CHANGELOG.md has markdown formatting. This breaks the show changelog command.
This is a workaound to "fix" the issue without changing all the versions in CHANGELOG.md
 2019-07-13 12:41:10 +02:00
Michael Boelen 76e84f4b56
Run non-interactive by default, use --wait to enforce waiting after finishing a group of tests 2019-07-12 14:38:52 +02:00
Michael Boelen c31c6a5a9e
Add timing measurement of individual tests and report them 2019-07-12 14:20:32 +02:00
Michael Boelen aaba4932b0
Show name of deprecated function on screen output 2019-07-12 13:13:39 +02:00
Michael Boelen b9a13893b9
[NAME-4408] corrected Report function call 2019-07-12 13:12:59 +02:00
Michael Boelen 0f80fa07aa
New function SafeFile 2019-07-12 13:05:43 +02:00
Michael Boelen ce263f8cd6
Textual changes 2019-07-10 20:22:31 +02:00
Michael Boelen f40b4287eb
Show 'Not found' instead of 'OK' 2019-07-10 20:12:17 +02:00
Michael Boelen afba58e743
[PROC-3802] test for presence of prelink tooling 2019-07-10 20:10:31 +02:00
Michael Boelen 1a57b41bdd
[PROC-3602] Use ROOTDIR 2019-07-10 20:00:52 +02:00
Michael Boelen f5adb68e00
First round of cleanups and textual improvements 2019-07-10 19:36:51 +02:00
Michael Boelen 83d510934d
Quote file name as it may include spaces 2019-07-10 19:36:19 +02:00
Michael Boelen c97dc3044a
Use exit code instead of ITEM_FOUND value 2019-07-10 19:35:51 +02:00
Michael Boelen 09d8832a0b
[CRYP-7903] enhanced test to properly work 2019-07-09 11:42:04 +02:00
Michael Boelen ae474c72c6
[SSH-7402] detect other SSH daemons like dropbear and split SSH daemon from OpenSSH daemon 2019-07-09 11:16:59 +02:00
Michael Boelen 6891f64c39
Added CRYP-7930 2019-07-09 10:33:51 +02:00
Michael Boelen f3f6be6630
Fix for incorrect subdirectory retrieval and adding enhancement to reduce number of evaluations needed 2019-07-08 21:20:45 +02:00
Michael Boelen 054ca21ee3
Fix: split directories 2019-07-08 21:19:28 +02:00
Michael Boelen 2c17c14c3b
New profile option to ignore specified certificate directories 2019-07-08 15:08:56 +02:00
Michael Boelen 1854e51e7e
New function: Equals 2019-07-08 15:05:28 +02:00
Michael Boelen 16146aabc0
Added option: ssl-certificate-paths-to-ignore 2019-07-08 14:27:40 +02:00
Michael Boelen 5217db95b1
Add deprecation message for old format and added check for unexpected/invalid characters in profile (additional security measure) 2019-07-07 18:49:01 +02:00
Michael Boelen 7a816ece8a
Added DisplayWarning function 2019-07-07 18:47:55 +02:00
Michael Boelen 05012f60fd
Added new colors and regrouping 2019-07-07 18:46:55 +02:00
Michael Boelen 007faf47c3
Cleanup of default profile and migration of permdir/permfile 2019-07-07 18:46:23 +02:00
Michael Boelen c639cb4f6e
Only check empty binaries when we did a full scan, as for some commands the binary scanning is not performed 2019-07-05 18:37:10 +02:00
Michael Boelen 8d4fd1a7aa
Add Readonly() function 2019-07-05 18:35:45 +02:00
Michael Boelen 0443d643da
Show tip to use 'lynis generate hostids' when they are missing 2019-07-05 18:35:10 +02:00
Michael Boelen ade3117307
New option to disable plugins via profile 2019-07-03 15:39:26 +02:00
Michael Boelen 2e1ec2c32f
Change variable name to better indicate what it does 2019-07-03 15:07:46 +02:00
Michael Boelen bc88775d0e
When PATH is defined, only locations from variable 2019-07-01 07:39:32 +02:00
Michael Boelen 76c3ea0edb
Fall back to echo if ECHOCMD is empty early during execution of program 2019-06-30 20:38:05 +02:00
Michael Boelen cb77d5a3f7
Show text when stopping execution 2019-06-30 20:37:33 +02:00
Michael Boelen cfaea21430
Security: test all parameters and arguments for the presence of control characters 2019-06-30 19:29:48 +02:00
Michael Boelen fdacc00b45
Security: test PATH and warn or exit on discovery of dangerous location 2019-06-30 19:21:07 +02:00
Michael Boelen 5e4e44bdf3
Added check to ensure that common system tools are defined as extra safety measure 2019-06-30 18:27:31 +02:00
Michael Boelen 08e8e59197
New function: SafeInput 2019-06-29 19:34:12 +02:00
Michael Boelen dde57ce870
Merge branch 'master' of https://github.com/CISOfy/lynis 2019-06-24 15:47:39 +02:00
Michael Boelen ec519dc976
Minor cleanups 2019-06-24 15:40:38 +02:00
Michael Boelen d0377c563d
Added TLSv1 as weak protocol (nginx) 2019-06-24 15:40:18 +02:00
Michael Boelen 94e0a4e40d
Added Suricata (IDS) 2019-06-24 15:38:34 +02:00
Michael Boelen 8d16a62bbd
Added Bro (IDS) 2019-06-24 15:37:40 +02:00
Michael Boelen b0f966ae48
Check number of arguments for 'audit dockerfile' 2019-06-24 15:33:42 +02:00
Michael Boelen 6f3c268c57
Non-functional code removed as it does not work as intended and lacks required validation controls - Thanks to Sander Bos for reporting 2019-06-24 15:23:30 +02:00
Michael Boelen a312968dd6
Merge pull request #714 from deltablot/issue628 
Add PHP ini file locations for Ubuntu 18.04. Fix #628
 2019-06-24 13:46:30 +02:00
Michael Boelen f6f7a69857
Merge pull request #713 from bcs016/patch-1 
Update tests_authentication - AUTH-9402
 2019-06-24 13:43:19 +02:00
Michael Boelen 6cd903e079
Merge pull request #722 from pyllyukko/linux-bsdrc.d 
Detect BSD-style (rc.d) init in Linux systems
 2019-06-24 13:42:17 +02:00
Michael Boelen ef89ee3fc9
[NETW-3012] make ss command output preferred for Linux system and changed output format 2019-06-24 13:39:30 +02:00
Michael Boelen 6d55767c18
Include 'generate' command 2019-06-17 12:16:29 +02:00
pyllyukko 9b02934339
Detect BSD-style (rc.d) init in Linux systems 2019-06-06 15:41:29 +03:00
Michael Boelen 61d8c91eeb
[FILE-6310] filter on correct field for AIX 2019-06-06 14:20:12 +02:00
Michael Boelen 59b102989f
[AUTH-9268] AIX find does not support maxdepth 2019-06-06 14:13:05 +02:00
lowkey a271cb90c8 Added certificate tests for Exim 2019-05-23 14:31:36 -06:00
Michael Boelen 8e61275ff4
Move state recording to report section 2019-05-16 15:23:23 +02:00
Nicolas CARPi 6ca24aae8b Add PHP ini file locations for Ubuntu 18.04. Fix #628 2019-05-08 01:01:43 +02:00
bcs016 10b8da1c6a
Update tests_authentication 
Update AUTH-9402, change name to check in etc/passwd file when device is a QNAP
 2019-04-29 11:47:11 +02:00
Michael Boelen 96c1ea8b0e
[PKGS-7386] Removed suggestion as a warning is already displayed when vulnerable packages were discovered 2019-04-20 14:31:11 +02:00
Michael Boelen 017103e20c
[PKGS-7392] - Skip test for Zypper-based systems 2019-04-17 15:26:43 +02:00
Michael Boelen 121c861446
Non-interactive mode for zypper 2019-04-17 15:07:07 +02:00
Michael Boelen bf5219d9b9
[PKGS-7328/PKGS-7330] added non-interactive global option 2019-04-15 19:30:21 +02:00
Michael Boelen dba2dcb918
Added missing variables 2019-04-15 19:20:31 +02:00
Michael Boelen 2d0c684931
Added new 'generate' command 2019-04-13 13:26:56 +02:00
Michael Boelen e195e7c8e0
Corrected lsvg binary detection 2019-04-09 08:26:16 +02:00
Michael Boelen d90c43d06c
Updated descriptions 2019-04-09 06:52:00 +02:00
Capashenn fe09e4ebaa fix SHLL-6220 description (#673) 2019-04-09 06:49:33 +02:00
Michael Boelen fd8b1e790d
Improved PackageIsInstalled function and its usage 2019-04-08 15:09:18 +02:00
Michael Boelen 256bc1da0f
Undoed submitted pull request as it breaks testing at least on Ubuntu system 2019-04-08 11:07:41 +02:00
Capashenn 137dc6f0cc fix FILE-6374 (#672) 2019-04-08 10:36:17 +02:00
Michael Boelen 71a0c79053
Corrected stdout/stderr redirection for FreeBSD pkg tool 2019-04-08 07:53:04 +02:00
Michael Boelen 08ecd91180
Use ps instead of pgrep on AIX 2019-04-07 19:03:21 +02:00
Michael Boelen 1e134bc1b3
Extended function with more package managers 2019-04-07 15:52:52 +02:00
Michael Boelen f8b390617b
Changed screen output 2019-04-07 15:51:25 +02:00
Michael Boelen 2750e9b7b8
Detect equery binary 2019-04-07 15:50:46 +02:00
Michael Boelen 72ba872a2f
Improve text output for AIX systems 2019-04-04 19:04:42 +02:00
Michael Boelen 9936224278
Merge of several tests, cleanup, minor code enhancements and restructure 2019-04-04 14:42:39 +02:00
Michael Boelen 247eb7d9a6
Corrected if-statement 2019-04-03 12:46:03 +02:00
Capashenn e0ca517aaa Add tests INSE-8310 INSE-8312 (telnet) (#693) 
* Add test INSE-8000

* Add xinetd support in insecure_services

* fix issue #662

* Check for talk via xinetd

* Check for chargen via xinetd

* Check for daytime via xinetd

* Check discard via xinetd

* Check echo via xinatd

* Check time via xinetd

* Check tftp via xinetd

* Check rsync via xinetd

* Add test INSE-8200

* Add test INSE-8300 INSE-8302 INSE-8304 (rsh)

* Add tests INSE-8310 INSE-8312 (telnet)
 2019-04-02 11:15:31 +02:00
Michael Boelen 2c83037cba
Minor cleanup 2019-04-02 07:58:10 +02:00
Capashenn 7b7086566d Add test FILE-6324 check XFS file systems (#699) 2019-04-02 07:46:04 +02:00
Michael Boelen d0df518426
[PKGS-7420] corrected typo 2019-03-30 13:58:23 +01:00
Michael Boelen 3660043308
[PKGS-7420] limit test to specific OS, add dnf-automatic support, extend logging 2019-03-30 13:31:03 +01:00
Capashenn 295a2699d3 bugfix HOME-9304 HOME-9306 2019-03-29 16:37:30 +01:00
Michael Boelen 3702ae67b5
[PKGS-7420] Detect toolkit to automatically download and apply upgrades 2019-03-29 12:53:13 +01:00
Michael Boelen 8a9edeb40b
[AUTH-9278] style change, description, allow different root directory 2019-03-29 12:30:12 +01:00
Capashenn f9bcf26f25 fix issue #612 (#677) 
LDAP support for Red Hat and others (fix issue #612)
 2019-03-29 12:26:12 +01:00
Michael Boelen de2ef2c3e7
Add apt and dpkg binaries 2019-03-29 12:23:45 +01:00
Michael Boelen 605c381eb6
[PKGS-7410] add support for DPKG-based systems to gather installed kernel packages 2019-03-29 12:22:20 +01:00
Capashenn 3ba94b9700 fix issue #610 STRG-1842 2019-03-25 18:37:06 +01:00
Capashenn 06cdf6c50f fix issue #659 2019-03-25 14:48:43 +01:00
Capashenn c8af37c069 fix issues #666 #667 2019-03-25 14:10:20 +01:00
Capashenn 52dd096e0f fix issue #621 2019-03-25 10:53:46 +01:00
Michael Boelen ea8c032ea9
[NETW-3015] added support for ip binary 2019-03-21 09:34:26 +01:00
Michael Boelen 943e09db01
[LOGG-2180] minor cleanup 2019-03-21 09:07:05 +01:00
Michael Boelen 928023ec6a
[HTTP-6624] improved logging for test 2019-03-19 13:07:12 +01:00
Michael Boelen 303050dda3
[LOGG-2154] Adjusted test to search in configuration file correctly 2019-03-15 14:25:00 +01:00
Michael Boelen 048815abc0
[SSH-7408] Increased values for MaxAuthRetries as sometimes SSH key-based authentication may need it 2019-03-15 14:00:47 +01:00
Michael Boelen 4a47bde240
Adjusted descriptions 2019-03-15 13:52:55 +01:00
Michael Boelen 89782f1e98
Add logging status of tool tips 2019-03-14 14:15:59 +01:00
Michael Boelen 703a856e82
Corrected blkid detection 2019-03-14 13:15:07 +01:00
Michael Boelen 48195ce221
Initial work to detect Lynis in cronjobs 2019-03-14 12:32:19 +01:00
Michael Boelen 3e7b319ec7
Readability changes and show when plugin execution is skipped 2019-03-14 12:31:39 +01:00
Michael Boelen 3cf64ff5a6
Preparations for user tips to improve usage of tool 2019-03-14 12:30:37 +01:00
Michael Boelen 95c11f8270
[KRNL-5820] Changed color for default value - fixes GitHub #655 2019-03-11 14:06:17 +01:00
Michael Boelen ec4d89b978
[BOOT-5122] don't use WARNING, but show NONE if no protection is implemented 2019-03-07 10:15:16 +01:00
chr0mag e33ca1ec58 [BOOT 5177] Simplify service filter & support multiple periods in names (#633) 
* Handle service names with multiple periods

The current awk filter produces truncated output if the service
name contains multiple periods.

eg. dbus-org.freedesktop.resolve1.service and
dbus-org.freedesktop.network1.service both appear as 'dbus-org' in
the resulting service list.

This change addresses this by filtering on '.service' instead.

* Simplify systemd service filtering

Added systemctl switches to filter the output based on enabled
or running services. This removes the need for one of the awk
statements.
 2019-03-07 10:10:21 +01:00
chr0mag 341612418f BOOT-5117 adds systemd-boot bootloader detection (#634) 
Adds a test to detect systemd-boot. The 'bootctl' binary is also
added as this is the utility used to inspect the systemd-boot
configuration.

This test is only executed if systemd is installed, the bootctl
utility exists and the system is booted in UEFI mode.
 2019-03-07 10:07:52 +01:00
silentcreek fb567465c9 [KRNL-5788] Fix false positive warning on missing /vmlinuz (#650) 
Not all architectures use a /vmlinuz symlink in Debian. For instance,
armhf systems may only provide a symlink in /boot/vmlinuz. Fall back to
testing /boot/vmlinuz if /vmlinuz is not found.

Signed-off-by: Timo Sigurdsson <public_timo.s@silentcreek.de>
 2019-03-07 10:05:12 +01:00
silentcreek 17f2e34660 [PKGS-7388] Fix false positive warning on missing security archive (#651) 
Currently the check for the security archive in Debian/Ubuntu fails, if
the archive is not hosted on security.{debian,ubuntu}.org and the URL
does have trailing slash, such as this:
  deb http://deb.debian.org/debian-security/ stretch/updates main

Change the regular expression to allow for a trailing slash in the URL
when filtering the package sources lists.

Signed-off-by: Timo Sigurdsson <public_timo.s@silentcreek.de>
 2019-03-07 10:03:11 +01:00
Michael Boelen 8888b01dcd
Store date and timestamp for EOL 2019-03-05 19:31:36 +01:00
jirib 0dafe4a02b better OpenBSD support (#641) 2019-03-05 19:03:44 +01:00
chr0mag 06bf77cb30 [FIRE-4540] Modify test to better measure rules (#636) 
This test was previously measuring the number of bytes (wc -c)
in the exported JSON which is likely not what was intended and
will lead to false positives anytime the number of bytes exceeds
16.

The export feature is poorly documented and requires the jansson
package on the target system to export as JSON - which may not
always be the case.

Lastly, 16 is an arbitrary and uncessarily high number. A simple
workstation firewall can have only 3 rules and be effective.

This commit makes use of 'nft list ruleset' instead of the export
command, strips out blank lines as well as table & chain headers
before measuring the number of lines in the output. Any result
with more than 3 rules is now considered non-empty. This is more
consistent with the equivalent iptables test case.
 2019-03-05 18:57:58 +01:00
Michael Boelen ff6446a5bc
Added 'show eol' command 2019-03-04 12:33:25 +01:00
Michael Boelen f7a291a62f
Use datestamps instead of date, due to compatibility with other platforms 2019-03-04 12:33:03 +01:00
Michael Boelen 9d8b12e0f8
Initial lookup with awk corrected 2019-03-04 12:13:47 +01:00
Michael Boelen e0b93ed0cc
Replace awk statement with grep to simplify search 2019-03-04 12:08:47 +01:00
Michael Boelen 19921ab001
Style improvements, typo, variable usage 2019-02-28 10:19:09 +01:00
chr0mag 353cf84413 [AUTH-9252] Sudo configuration file/folder check improvements (#637) 
* [AUTH-9252] Adds support for files in sudoers.d

This commit adds permission checks for files found in 'sudoers.d'.
Previously only the main 'sudoers' file is checked. Fixes #600.

* [AUTH-9252] Check drop-in directory permissions

The test case currently only checks file permissions. This adds
logic to check the drop-in directory permissions as well.

* [AUTH-9252] Check file/folder ownership

This test currently only checks file/directory permissions. This
commit adds checks to ensure sudo configuration files/folders are
owned with UID=0 and GID=0.
 2019-02-28 10:15:57 +01:00
dataking 76ec39176a Fix #638. (#640) 
* fix for issue #453; simply add RPi/Raspian path to PAM_FILE_LOCATIONS

* Only use data before # to handle inline comments in /etc/resolv.conf.
 2019-02-28 09:51:57 +01:00
Michael Boelen 34a2742cdb
Initial support for end-of-life OS detection 2019-02-26 16:15:15 +01:00
Michael Boelen 08ed748a86
Disable logging of virtual host to report due to length 2019-01-31 14:49:00 +01:00
Michael Boelen 66066ae226
Changed year and preparing for new release 2019-01-31 14:47:35 +01:00
TheFlipside 7fded881d8 Update tests_system_integrity (#627) 
https://github.com/CISOfy/lynis/issues/626
 2019-01-31 14:28:18 +01:00
Michael Boelen 41d5d61a16
Removed non-compatible code (eg AIX) 2019-01-31 14:27:36 +01:00
Michael Boelen bca2d00ad7
Added STATUS_WEAK 2019-01-14 18:49:49 +01:00
Michael Boelen 750f55bd27
Minor changes and remarks regarding HostID 2019-01-14 11:13:37 +01:00
Michael Boelen 11368b4ca8
Added STATUS_WEAK 2019-01-14 11:13:03 +01:00
Michael Boelen 533a0631e7
Remove unneeded variable for firewall as data is stored in report 2018-12-31 10:03:26 +01:00
Michael Boelen 21956cc42c
[LOGG-2190] added filter for MariaDB, tested onCentOS 2018-12-29 17:10:06 +01:00
Michael Boelen e014e12310
Remove FIND1 variable, as we prefer FIND to limit number of variables 2018-12-17 09:58:57 +01:00
Capashenn 47e37bf058 [AUTH-9282][AUTH-9283] Add support for RedHad and clones (#609) 
[AUTH-9282][AUTH-9283] Add support for Red Hat and clones
 2018-12-17 09:55:41 +01:00
theycallhimpat 0f32d2725c Fix printed error when wget comes from busybox (#602) 
Busybox's wget does't provide the -V parameter to get the version, so
redirect stderr to /dev/null to hide the printed error message
 2018-12-17 09:53:27 +01:00
marcinozga b98217aba9 Update tests_firewalls (#599) 
Added detection of Little Snitch alternative firewalls: Hands Off!, LuLu, and Radio Silence.
 2018-12-14 13:20:01 +01:00
Michael Boelen 81f67584cb
[BOOT-5177] changed note to a hint 2018-12-14 13:17:46 +01:00
Katarina Durechova 2fb4ae4987 [SHLL-6230] Add etc/bash.bashrc.local to umask check (#595) 2018-12-13 12:13:27 +01:00
柯豪 760ed040c8 Fix MacOS Mojave detect pattern (#603) 2018-12-13 12:12:26 +01:00
Michael Boelen 28a2580a36
Detection added for macOS Mojave 2018-10-30 13:39:47 +01:00
Michael Boelen 5028aa2f70
Added SSH-7406 to detect OpenSSH version + condition based checking in SSH-7408 2018-10-23 17:14:47 +02:00
Michael Boelen d44f51a353
Added and changed description for TOOL-5160 2018-10-23 13:00:16 +02:00
Michael Boelen 361ad7d9da
Renamed variable 2018-10-23 12:58:40 +02:00
Michael Boelen de7d64a8a0
[TOOL-5160] OSSEC detection test 2018-10-23 12:58:22 +02:00
Wagner c94b97bd9e osdetection: ignore quotes in OS_ID (#593) 2018-10-23 12:16:36 +02:00
Michael Boelen 532c1a9bb6
Add TOMOYO tests 2018-10-18 11:01:30 +02:00
Katarina Durechova 631853a924 [BOOT-5260] Make "sulogin" more generic for systemd rescue.service (#590) 2018-10-17 14:21:30 +02:00
Deon Spengler 72796f5757 Added support for TOMOYO Linux Mandatory Access Control (#589) 
* Added binary for TOMOYO Linux

* Added support for TOMOYO Linux Mandatory Access Control
 2018-10-17 14:20:52 +02:00
Michael Boelen 823ebd8268
Replaced 'warning' status to 'found' 2018-10-17 14:16:54 +02:00
Jesus Christian Cruz Acono 414be240e8 Update tests_ports_packages (#586) 
change " " <- space for [[:blank:]] (to clean all pausible spaces)
 2018-10-05 10:23:19 +02:00
Przemysław Dąbek fd75c9fd0f typo fix in warning message (#585) 2018-10-05 10:19:23 +02:00
Michael Boelen c1f9417792
Initialise some variables for uploading 2018-10-05 10:17:26 +02:00
Michael Boelen c50db85aaa
[DBS-1882] added support for QNAP path 2018-09-19 13:29:03 +02:00
Michael Boelen c34c8265ad
Detection for QNAP devices 2018-09-19 13:28:46 +02:00
Michael Boelen 7e41339d95
Added QNAP device variable 2018-09-19 13:26:27 +02:00
Michael Boelen bf1e99f3cd
[DBS-1882] added /usr/local/redis/etc path 2018-09-19 13:23:27 +02:00
Michael Boelen f8697db25b
[TIME-3104] added more logging 2018-09-19 13:19:57 +02:00
Michael Boelen 7635d58fe3
Add TODO for BusyBox support 2018-09-17 11:47:07 +02:00
Michael Boelen f0c84e3d01
[KRNL-5788] ignore exception when no vmlinuz file was discovered 2018-09-17 11:46:36 +02:00
Michael Boelen b4e93d4fcc
[PKGS-7322] Updated solution text 2018-09-17 09:23:04 +02:00
Michael Boelen 1d52e57e45
Changed output for remote system audit 2018-09-08 11:22:28 +02:00
Michael Boelen d0f4a90c00
Grammar change 2018-09-06 07:55:58 +02:00
superpoussin22 2334bba492 avoid “can't shift that many” error (#571) 
got this error on debian auditing a docker file when testing an ubuntu Dockerfile when lynis try to find KEY_USED
 2018-09-06 07:48:40 +02:00
Wagner 47de2dc4bf fix opensuse os detection with os-release (#578) 2018-09-06 07:47:38 +02:00
superpoussin22 9fe6dcde76 detect if latest TAG is used (#575) 
that's always better to specify the version, latest desn't mean latest version 
it can be a suggestion if you prefer
 2018-08-28 08:45:04 +02:00
Michael Boelen 91c6314a1a
Minor cleanups 2018-08-27 14:51:28 +02:00
Michael Boelen 67f9d25461
Updated list of options and man page 2018-08-27 14:25:59 +02:00
Michael Boelen 4df28ca659
[PHP-2372] test all PHP files for expose_php and improved logging 2018-08-23 12:23:48 +02:00
Michael Boelen afaae50989
[BOOT-5104] extended logging 2018-08-22 16:38:54 +02:00
Michael Boelen b005effc32
[BOOT-5104] improved parsing parameters to init process 2018-08-22 16:33:50 +02:00
superpoussin22 3b537fd8e8 Missing quotes and better display (#570) 
for KEY_USED
 2018-08-15 13:56:56 +02:00
superpoussin22 6ba7bad34e add a few basic test (#572) 2018-08-15 13:54:56 +02:00
superpoussin22 6567b16730 add alpine support (#569) 
also initialize a few variables which wasn't initialyzed
 2018-08-15 13:47:17 +02:00
superpoussin22 839977c3f6 Update helper_audit_dockerfile (#568) 
To support LABEL maintainer="toto" and LABEL maintainer "toto"
correct syntax from docker is LABEL maintainer="xxxxxxxxxxxxxxx"
 2018-08-07 14:46:47 +02:00
Michael Boelen 7ebccab207
Updated URL for Lynis controls 2018-08-03 11:20:31 +02:00
Michael Boelen 3f9d1308bb
[SSH-7408] adjusted classification of root login with keys 2018-07-25 13:35:00 +02:00
Michael Boelen 4ad2ee4ba2
[BOOT-5104] added busybox to service managers 2018-07-25 13:24:11 +02:00
Michael Boelen 7181b94382
[KRNL-5677] Limit PAE and no-execute test to AMD64 hardware only 2018-07-25 12:25:00 +02:00
Michael Boelen 54e8020edb
[LOGG-2190] ignore /dev/zero and /dev/[aio] as deleted files 2018-07-25 12:13:06 +02:00
Bernhard R. Fischer c024ce31d8 added path information for correct detection of config files and modules of Apache 2.4 (standard installation from ports tree) on FreeBSD (#562) 2018-07-24 19:08:45 +02:00
gkrystev 13d631781c Fix for umask check in case of multiple files (#560) 
In case when umask is checked in multiple files and in some of the files except the last one a weak umask is found, the tool reports weak mask for the rest of the files. In the example bellow, the weak umask is only in /etc/csh.cshrc. However, the check /etc/profile is reported weak as well.

Expected:

Checking default umask values
Checking default umask in /etc/bashrc [ OK ]
Checking default umask in /etc/csh.cshrc [ WEAK ]
Checking default umask in /etc/profile [ OK ]
Actual:

Checking default umask values
Checking default umask in /etc/bashrc [ OK ]
Chhhhecking default umask in /etc/csh.cshrc [ WEAK ]
Chhhhecking default umask in /etc/profile [ WEAK ]
 2018-07-24 19:08:08 +02:00
Michael Boelen 81ea5df3b3
Fix: extra operand error 2018-07-05 15:57:19 +02:00
Michael Boelen 1bf09ad60a
[KRNL-5830] improved text in log 2018-07-02 14:52:29 +02:00
Michael Boelen 65190d214c
Move reporting of hostid2 to main section to ensure it is added to report 2018-06-28 16:29:16 +02:00
Michael Boelen 85feee25d5
Merge branch 'master' of https://github.com/CISOfy/lynis 2018-06-26 11:37:18 +02:00
Thomas Sjögren 8321da24c7 query DNS with FQDN (#555) 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2018-06-26 11:36:55 +02:00
Michael Boelen d80ec9d084
Removed 'update release' from help text 2018-06-26 11:35:02 +02:00
Michael Boelen 34813302b4
Changed number of Exim test and minor changes 2018-06-26 11:34:09 +02:00
Dave Vehrs c11177f98b Initial Tests for Exim (#539) 
* Added kernel.dmesg_restrict to sysctl checks.

* Extending Exim Tests, round 1

* fixed a few string comparisons

* fixed old test

* Cleans to Exim options tests
 2018-06-26 11:27:26 +02:00
aram535 1caf9ad12d Updated tests_ssh, removed extra ssh in the test (#557) 
Seems like in the patch there was an extra 'ssh' added in the command line, which is breaking the ssh tests.  Removing the ssh keyword... -T -C ... fixes the problem.
 2018-06-22 12:29:25 +02:00
Carsten Grohmann bf2462272e [TIME-3160] Extend check for step-tickers file for RedHat (#553) 
On RedHat if the step-tickers file exists but empty, the ntp start
script uses the servers listed in ntp.conf for the initial time
synchronization.
 2018-06-06 13:59:07 +02:00
Michael Boelen 84faf57b30
[SSH-7402] when SSH configuration has Match block, allow evaluation of full configuration 2018-05-14 08:29:30 +02:00
Michael Boelen 4efe5dd363
[DNS-1600] Test is disabled until domain is configured 2018-05-02 13:35:46 +02:00
Michael Boelen 235ec1c8d4
Merge branch 'master' of https://github.com/CISOfy/lynis 2018-05-02 13:19:32 +02:00
kisst 039945bde6 DNS-1600 Check for DNSSEC validation (#535) 2018-05-02 13:19:01 +02:00
Michael Boelen 08ee8136d5
Check for available parameter when using profile or plugindir 2018-05-02 12:48:05 +02:00
Matyáš Koc 7fd8189907 Update for PHP 7.2 (#546) 
Added php.ini paths used on Ubuntu with PHP 7.1/7.2
 2018-05-02 11:14:20 +02:00
Michael Boelen 170e427595
[NETW-2704] added support for local resolver used on Ubuntu 18.04 2018-05-01 19:57:23 +02:00
Michael Boelen 8077d24432
[PHP-2379] Suhosin test disabled 2018-04-23 11:06:36 +02:00
Michael Boelen 105befb2e9
[AUTH-9308] Made 'sulogin' more generic for systemd rescue shell 2018-04-23 11:01:18 +02:00
Michael Boelen e858233eb6
Merge branch 'master' of https://github.com/CISOfy/lynis 2018-04-23 10:57:59 +02:00
Thomas Sjögren c25910cb31 delayed is a legacy synonym (#531) 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2018-04-23 10:57:27 +02:00
Michael Boelen 40d6a853d5
Changed file permissions 2018-04-23 10:56:26 +02:00
John Eismeier c5dcbe8c31 Propose fix some typos (#538) 2018-04-23 10:54:44 +02:00
Oliver Mueller 7e0b300e27 Issue/288 (#530) 
* enhanced check "DBS-1816: mysql root user with empty password" to avoid false positived when authentication plugins are used

* fixed indent to spaces
 2018-03-22 09:07:48 +01:00
Michael Boelen 40282cde49
[TIME-3160] improvements to detect step-ticker file and entries 2018-03-10 12:26:09 +01:00
James White 1d982a26d0 Add remi repo php.ini paths (#529) 2018-03-10 12:07:29 +01:00
Michael Boelen a7845b6748
[NAME-4402] Enhanced test to filter out empty lines 2018-03-05 11:43:33 +01:00
Michael Boelen dabf7d3e80
Merge branch 'master' of https://github.com/CISOfy/lynis 2018-03-05 11:32:40 +01:00
Michael Boelen 211fb9117c
[CRYP-7902] - Do prevalidation for certificates before testing them 2018-03-05 11:32:23 +01:00
Jason Soto 94e4fb4bd9 Solved null byte bash warning (#523) 2018-03-05 11:19:57 +01:00
Michael Boelen 73a4e92a7b
[HRDN-7222] enhanced compiler permission test 2018-03-04 17:52:15 +01:00
Michael Boelen e210d7f3b6
[PKGS-7384] changes to detect yum-utils package and related tooling 2018-02-19 15:01:59 +01:00
Michael Boelen f0ef7fb785
Initial version of PackageIsInstalled function 2018-02-19 15:01:26 +01:00
Michael Boelen 5e9253e8f4
Add host identifier options and use manual configured setting in function 2018-02-16 19:29:08 +01:00
mslifcak c170f1fc0a Pin db sync (#519) 
* fix testname in one Register and four comments

* remove db dup MAIL-8816; add db AUTH-9489 BOOT-5261 CORE-1000 FILE-6363 FILE-6439 KRNL-5831 MAIL-8817 SINT-7010 USB-3000

* fix description PLGN-3856
 2018-02-09 12:37:10 +01:00
Michael Boelen c53072e31e
Ensure a parent directory with binaries is scanned - issue #517 on GitHub 2018-02-06 10:45:41 +01:00
Michael Boelen a5cbc12734
Include location when uploading data 2018-02-06 10:44:30 +01:00
Michael Boelen 96b21da96a
Removed brackets while searching for home directory entries 2018-01-26 13:00:24 +01:00
Michael Boelen ce6693e873
Use existing IDs for tests, renumbering will happen later 2018-01-26 12:36:33 +01:00
Michael Boelen 0d3b89e254
Minor changes 2018-01-26 12:28:52 +01:00
Dave Vehrs a30d429315 tests_usb updates (#514) 
* Added kernel.dmesg_restrict to sysctl checks.

* Moved usb-storage and autthorization tests tests_usb

* Limit Suggestions when USBGuard installed

* Changed usb_devices to usb
 2018-01-26 12:24:33 +01:00
Michael Boelen 7b664a7560
Reverse PATH search 2018-01-25 19:43:51 +01:00
Michael Boelen 3a4bc4db9c
Use binary paths from both PATH and predefined list to improve detection on all platforms 2018-01-25 19:14:58 +01:00
Michael Boelen eb8b467915
Add TODO for PAM checks on AUTH-9286 2018-01-24 19:41:15 +01:00
Michael Boelen 2ec24e73ed
Initial import for USB group 2018-01-24 19:39:06 +01:00
Michael Boelen 6259e27b0b
Initial value for PHPVERSION 2018-01-24 19:38:36 +01:00
Dave Vehrs 8f689d4723 Adding USBGuard to checks for USB Devices. (#499) 
* Added kernel.dmesg_restrict to sysctl checks.

* Initial addition of tests_usb_devices

* More updates for tests_usb_devices

* More updates

* Updated logging and other output.
 2018-01-24 19:29:50 +01:00
Katarina Durechova 993edc9738 [FILE-6363] Check for sticky bit on /var/tmp (#473) 2018-01-24 17:08:21 +01:00
Michael Boelen 4ba9882335
Added notes 2018-01-23 17:37:27 +01:00
mslifcak 84ea9530d7 restore UsePrivilegeSeparation to list of ssh daemon checks (#509) 2018-01-23 17:35:34 +01:00
Michael Boelen 2bf6a5e038
Overhaul of default profile settings and parsing 2018-01-23 15:01:02 +01:00
Michael Boelen 6192cbd8fa
Update tests to reflect new style profile configuration 2018-01-23 15:00:34 +01:00
Michael Boelen 18bd61ebec
Deprecate internal updater options 2018-01-23 14:37:02 +01:00
Michael Boelen 85c83102df
Add 'compliance-standards' as profile option, compliance_standards will be deprecated 2018-01-23 14:36:04 +01:00
Michael Boelen 3ba399c4c3
Mark deprecated options as a warning 2018-01-23 14:29:37 +01:00
melak 0b2cd02f0d Fix/amend DHCP client detection (#513) 
- dhcpd is a server; the client is dhcpcd

- While here, add udhcpc to the list of recognised DHCP clients
 2018-01-21 12:29:49 +01:00
mslifcak e0e76c97df also find exim4 in MAIL-8802 (#512) 2018-01-20 17:32:26 +01:00
Michael Boelen 3da779f62c
Added 'system-groups' option for Enterprise users 2018-01-19 20:01:06 +01:00
Michael Boelen 1bf789861d
Add possibility to define an array of allowed operating systems for a test 2018-01-18 20:26:19 +01:00
Michael Boelen 18feb2356b
[TIME-3170] Chrony NetBSD support 2018-01-18 20:14:38 +01:00
Michael Boelen c6269941b3
Added lsmod binary 2018-01-18 16:54:45 +01:00
Michael Boelen fcb421e458
Added vgdisplay binary 2018-01-18 16:53:39 +01:00
Michael Boelen cb8ab96308
Added GRUB conf file 2018-01-18 16:52:30 +01:00
Michael Boelen 503b2662c6
Implemented NetBSD patch: use correct syntax to compare values 2018-01-18 16:50:23 +01:00
mslifcak 6c257d6224 touchup BOOT_LOADER_SEARCHED setting for BOOT-5106 and BOOT-5108 (#511) 2018-01-18 16:36:43 +01:00
Michael Boelen 6e549eb545
Set ip binary 2018-01-18 16:23:55 +01:00
Michael Boelen 3957ca32cd
Minor code enhancements 2018-01-18 16:23:23 +01:00
Michael Boelen 173068b402
Added getcap and grpck back 2018-01-18 11:10:11 +01:00
Michael Boelen 4f751c9037
Remove service manager reference from systemctl, minor cleanup 2018-01-18 10:23:39 +01:00
Michael Boelen 182ce09bc1
Additional code enhancements 2018-01-18 09:19:06 +01:00
Michael Boelen 8934042473
Code enhancements 2018-01-17 17:26:30 +01:00
mslifcak 25b3c4f1eb VBoxService running is another VirtualBox clue (#505) 2018-01-17 17:19:51 +01:00
BlessJah d7d42d9103 remove non printable characters from code (#470) 
Non printable ESC character is required to obtain terminal escape
sequence i.e. for changing output color.

Such sequences (especially ESC character) were replaced by command
substitution producing exactly same result (variable value), but using
only "safe" characters.

Use of printf and especialy '\033' or '\0ddd' sequences is described
here:
http://pubs.opengroup.org/onlinepubs/9699919799/utilities/printf.html#tag_20_94_13

Use of $(command) or command substitution is described here:
http://pubs.opengroup.org/onlinepubs/9699919799/utilities/V3_chap02.html#tag_18_06_03

Verbatim TAB characters were replaced with \t escape sequence as
described to avoid problems with editors silently replacing them or
developer accidentialy messing up the regex.
 2018-01-17 17:12:36 +01:00
mslifcak 173843bdfd Pin svc mgr (#506) 
* systemctl does not mean systemd is used

* Check for systemd active

* determine service manager if not already set
 2018-01-17 15:56:19 +01:00
Michael Boelen 9ba5d200ad
Enhancements to reduce file access and removing unneeded variables 2018-01-17 14:46:29 +01:00
mslifcak 2c774b8795 sort BIN_PATHS before process (#510) 2018-01-17 13:49:07 +01:00
Jason Soto 73e0e7b5e4 Changed Process name search for Bitdefender test. (#503) 
* Added php.ini locations for Ubuntu 16.04LTS

* Switched Process name Search Bitdefender

* Switched Process name Search Bitdefender
 2018-01-13 12:55:16 +01:00
Michael Boelen b236e7d95d
[PHP-2379] added quotes 2018-01-13 12:53:50 +01:00
Michael Boelen b4758e0b23
Use PATH variable as first method to scan directories 2018-01-11 12:05:21 +01:00
Michael Boelen 541996f672
Rename variable 2018-01-11 10:38:11 +01:00
Michael Boelen 00ad535c6b
Use different variable in for loop 2018-01-11 10:37:56 +01:00
Michael Boelen 35a1524d07
Added alias for skipping plugins 2018-01-11 10:19:29 +01:00
Michael Boelen 1504370e41
Added solution, extended timestamps key values, allow multiple values 2018-01-11 10:19:16 +01:00
Michael Boelen 66f8cb2441
Changed year 2018-01-11 09:50:26 +01:00
n[oO]ne aebb0c8ed4 lynis should not suggest suhosin for PHP 7 (#498) 2018-01-11 09:47:47 +01:00
Michael Boelen c487bcb277
\-C flag of ps is different on BSD 2017-12-24 14:05:55 +01:00
Michael Boelen 4042c45954
Changes for new plugin class 'hardware' 2017-12-08 09:37:55 +01:00
Shaleen Jain 21b129f947 Fix detecting systemd timedate deamon (#494) 
Fix detecting systemd timedate daemon
 2017-11-29 15:59:07 +01:00
Michael Boelen e4cb190237
Support for allow-auto-purge option in profiles 2017-11-25 16:11:04 +01:00
wschaft c453331265 fixing "Repository listed more than once" issue (#449) (#490) 2017-11-08 19:20:20 +01:00
Katarina Durechova 09de901d11 Check zero size of files correctly (#487) 
from man test:
-s FILE
    FILE exists and has a size greater than zero

-z STRING
    the length of STRING is zero
 2017-10-31 09:05:29 +01:00
Michael Boelen e5c11991ef
Code enhancements and textual change 2017-10-29 11:26:25 +01:00
Michael Boelen ebf16462a8
Improve IsRunning function to match full process names 2017-10-29 10:54:40 +01:00
Michael Boelen 011e6248c2
Use full match for Little Snitch 2017-10-29 10:54:16 +01:00
Michael Boelen 764c18c218
Code enhancements, improve detection for Puppet 2017-10-29 10:52:42 +01:00
Michael Boelen 331422384a
Added --silent as parameter for --quiet 2017-10-29 10:26:18 +01:00
Michael Boelen d13cdda1e3
Filter only relevant messages for report 2017-10-26 08:23:15 +02:00
Michael Boelen b29732bf5f
Spacing and readability 2017-10-24 14:15:59 +02:00
Michael Boelen c5e014eaf4
Corrected description 2017-10-24 13:39:41 +02:00
James White 45748184a8 Add additional DirectAdmin paths for php.ini (#479) 2017-10-24 13:16:59 +02:00
Michael Boelen 539fe2242a
Merge branch 'master' of https://github.com/CISOfy/lynis 2017-10-19 19:38:36 +02:00
Michael Boelen 9d238f6e78
Added HP-UX routine for GetHostID 2017-10-19 19:37:25 +02:00
dataking 099c3b4468 fix for issue #453; simply add RPi/Raspian path to PAM_FILE_LOCATIONS (#475) 2017-10-19 11:33:09 +02:00
vins1993 6a74a8727f Fix displayed result for signing keys check (#466) 
The result of the signing keys check is saved under KEYS_USED variable,
but SSL_USED was used to present the result to the end user.
 2017-09-21 15:09:57 +02:00
Michael Boelen 19bbc4272f
[SHLL-6220] Improved detection of shell settings like TMOUT 2017-09-18 19:50:41 +02:00
Michael Boelen 76b4afb14d
[SSH-7408] set default 'delayed' compression as a sane value 2017-09-18 19:18:11 +02:00
Michael Boelen 94f656bf65
Add 127.0.1.1 to NETW-2704 test 2017-09-17 20:01:07 +02:00
Michael Boelen 3670e0c5c9
Minor changes to using local resolvers 2017-09-16 14:25:01 +02:00
Michael Boelen 83ce145f1b
Merge branch 'master' of https://github.com/CISOfy/lynis 2017-09-16 14:10:20 +02:00
Ben Abrams 192cc494ed [NETW-2705] This is related to #437 and resolvconf but is split up. (#459) 
This specifically makes it so that when `/etc/resolv.conf` has one or more nameservers matching `127.0.[0-1].1` it should not warn as it is using local resolvers.

We are simply using `grep -c "127.0.[0-1].1" /etc/resolv.conf` to determine this.
 2017-09-16 14:09:32 +02:00
Michael Boelen 11f81345ee
Code enhancement 2017-09-16 14:08:38 +02:00
Michael Boelen 499f7d5015
Improve process detection 2017-09-16 14:08:26 +02:00
FlorentCoppint ccf9db18f8 Improved IsRunning() process matching (#463) 2017-09-16 13:58:04 +02:00
Michael Boelen 79278c32ef
Added extra legal words for banners 2017-09-12 15:23:37 +02:00
Michael Boelen c248ab6a16
[CRYP-7902] fix for bourne shell and rewrite 2017-09-06 12:56:32 +02:00
Michael Boelen 2451029a6e
Allow for files with spaces 2017-09-06 12:55:56 +02:00
Michael Boelen 77400d3952
Improve logging 2017-09-05 13:29:21 +02:00
Brian Ginsbach 30c58dd1ed Don't assume sshd version is in first line (#452) 
There are some versions of OpenSSH where the version information
isn't in the first line (like NetBSD's with the HPN patches).
 2017-09-04 15:33:28 +02:00
Tom Reynolds 41174afda6 Do not limit debsums to Debian systems (#457) 
Debsums is supported on Debian and other systems as per GitHub issue #446. 
Undo commit d1969001c6.
 2017-09-04 15:30:25 +02:00
Michael Boelen 0fc8adb3c5
When providing suggestion related to hostid, append to file instead of overwriting 2017-08-31 17:11:15 +02:00
Michael Boelen 769b1f49e2
Detection of Linux Mint missed right field 2017-08-31 17:04:17 +02:00
Bruno Vernay 6cf1c324f8 Support spaces in file names (#445) 
* Support spaces in file names

File names may contain spaces

* Fixed 2more cases
 2017-08-29 14:33:18 +02:00
Bruno Vernay 4107d8a461 Support spaces in file names (#444) 
File names may contain spaces
 2017-08-29 14:32:42 +02:00
Brian Ginsbach 3512068a49 [PKGS-7380] Fix NetBSD packages vulnerabilities file name (#443) 
* [PKGS-7380] Fix NetBSD packages vulnerabilities file name

* OS Detection: Add early Mac OS X releases
 2017-08-19 10:53:25 +02:00
Michael Boelen d682673c63
Preparations for APT 2017-08-19 10:51:06 +02:00
Michael Boelen 06491a5b4f
Linux Mint detection 2017-08-19 10:50:53 +02:00
Michael Boelen 1190efac2b
[CRYP-7902] add a test to filter out non-certificate files 2017-08-18 19:19:15 +02:00
Michael Boelen 4a673aebc7
[CRYP-7902] certificate validation changed 2017-08-18 14:14:28 +02:00
Michael Boelen 00648a636c
Improve systemd detection 2017-08-17 20:28:32 +02:00
Michael Boelen c0a6aaf855
[TOOL-5002] performance enhancement to reduce number of dirs/files to check 2017-08-17 20:10:51 +02:00
Michael Boelen 5be81289ee
[TOOL-5002] rewrite of Ansible detection 2017-08-17 20:06:41 +02:00
Michael Boelen 43228c2ca7
[TOOL-5002] Ansible detection added 2017-08-17 14:20:54 +02:00
Michael Boelen 358dc46b81
Ignore file access errors when trying to access them 2017-08-17 14:18:29 +02:00
Michael Boelen 77ebb23320
[HRDN-7230] Show single line when no malware scanner was detected 2017-08-17 14:17:57 +02:00
Lukas Pirl b3dffbf750 remove test for deprecated sshd option UsePrivilegeSeparation (#432) 
see also https://www.openssh.com/txt/release-7.5
 2017-08-16 20:33:33 +02:00
Tom H 3adeac922e Do not unset PHPVERSION after detect it (#438) 2017-08-16 20:33:11 +02:00
Jason Soto 5b81f625a6 Added php.ini locations for Ubuntu 16.04LTS (#439) 2017-08-16 20:32:55 +02:00
Michael Boelen a547953d99
Set default log directory, or allow it be set per OS 2017-08-08 14:52:59 +02:00
Michael Boelen 4660362e74
Redirect errors like file permissions 2017-08-08 14:52:11 +02:00
Michael Boelen 49c1bf8d55
[NETW-3006] Updated detection of MAC addresses on Linux 2017-08-03 20:28:38 +02:00
Michael Boelen 4781b1c170
Added /opt/apache 2017-08-02 13:01:23 +02:00
Stéphane BARBARAY 9ca2d640b8 Enhanced detection for LXC and LXC over VM (#426) 
* Update functions

* Update functions

* Update tests_shells

* Update tests_shells

* Update IsVirtualMachine

extra check on /proc/1/environ existence + Log result
 2017-07-31 12:51:19 +02:00
Michael Boelen dbec83566b
[FILE-6310] match mount points by exact name 2017-07-28 10:42:17 +02:00
Michael Boelen ebc706aa64
Merge branch 'master' of https://github.com/CISOfy/lynis 2017-07-28 10:26:34 +02:00
alobodzinski 6147ebd47b Suhosin is hard linked into PHP on OpenBSD (#423) 2017-07-28 10:14:04 +02:00
Michael Boelen 60f94fef47
[CRYP-7902] prevent test from showing error on screen related to wrong certificate file 2017-07-18 11:51:45 +02:00
James White d7b0c28699 Add /usr/lib/apache module search path for DirectAdmin (#417) 2017-07-11 09:26:00 +02:00
Michael Boelen d1969001c6
[PKGS-7370] only use debsums test for Debian systems 2017-07-10 16:08:32 +02:00
Michael Boelen df32cb29b0
Include instructions if hostid2 is empty 2017-07-10 16:07:39 +02:00
superpoussin22 29f5dc7e53 Update tests_containers (#412) 
last docker version no more use docker -d  sounds better to check dockerd
 2017-07-10 15:24:09 +02:00
(╯°□°)╯︵ uᴉǝssnH ɐɟɐʇsoW 3b66a22f39 Firewall check updates (#414) 
* Check if CSF is running

* Check for APF presence
 2017-07-10 15:23:32 +02:00
(╯°□°)╯︵ uᴉǝssnH ɐɟɐʇsoW 3a6fa0bb6b Suhosin simulation mode status (#411) 
* fix suhsoin check text

* use PHPINI_ALLFILES variable

* Check suhosin simulation mode status

* Small style improvement
 2017-07-10 14:38:42 +02:00
Jeremy Daer f33cdd3a17 OS detection: macOS 10.13, High Sierra (#409) 2017-07-01 10:29:05 +02:00
Michael Boelen f903b6f079
Allow tags and system-customer-name to be specified 2017-06-22 10:15:39 +02:00
Michael Boelen f4b6d8d401
Show full command for remote usage 2017-06-21 14:28:12 +02:00
Daniel Romell 5b12f17e3f Minor fixes for embedded Linux. (#406) 
* Check if the "locale" binary is available before using it.

This is no functional change as it will still fall back to english
when the locale can't be determined. This fix gets rid of the
following error when running on systems without the locale binary:

./lynis: line 112: locale: command not found

Signed-off-by: Daniel Romell <daro@hms.se>

* tests_kernel: KRNL-5677: Fix invalid use of shell test.

This fixes an issue (syntax error) triggered on systems with no PAE or
NX extensions:

- Checking CPU support (NX/PAE)
/usr/libexec/lynis/include/tests_kernel: line 126: [: too many arguments
/usr/libexec/lynis/include/tests_kernel: line 132: [: too many arguments

No need to use [] when only looking at function return values.

Signed-off-by: Daniel Romell <daro@hms.se>
 2017-06-21 14:17:49 +02:00
Athmane Madjoudj ac2c83870b Add lowercase path for changelog search (eg: Fedora/EPEL pkg) (#408) 2017-06-21 14:08:57 +02:00
(╯°□°)╯︵ uᴉǝssnH ɐɟɐʇsoW 98b80f7c49 add ini paths for cloudlinux (#400) 2017-06-14 14:07:37 +02:00
(╯°□°)╯︵ uᴉǝssnH ɐɟɐʇsoW 4cbe8f32c6 add suhosin status test (#401) 
* add suhosin status test

* get matched line only
 2017-06-14 14:06:51 +02:00
Jose Luis Duran 9dc4efefd6 Fix pkg audit option (#403) 
-F, --fetch
       Fetch the database before checking.

[ci skip]
 2017-06-14 14:06:18 +02:00
Michael Boelen 0e535c851a
Small style improvement 2017-05-31 15:47:21 +02:00
mslifcak 8d2b3a202f A250 2 (#398) 
* fix missing ROOTDIR prefix

* sort list of services before processing

* sort list of certificates before processing

* sort list of startup scripts before processing

* spell check

* remove possessive pronoun
 2017-05-31 15:40:39 +02:00
(╯°□°)╯︵ uᴉǝssnH ɐɟɐʇsoW 360be2a700 Add a check for csf testing mode (#399) 2017-05-31 15:37:22 +02:00
mslifcak af60a2463a 250 fixes (#393) 
* restore use of lshw

* add ROOTDIR to restore lost PHP file ref

* refactor certificate search to benefit older "find" command
 2017-05-23 14:56:25 +02:00
Michael Boelen aec9b57c29
Changes to BOOT-5104 and HTTP-6716 2017-05-08 14:56:39 +02:00
Michael Boelen 918b962ae5
Code enhancements 2017-05-03 10:42:34 +02:00
Michael Boelen a9b67dc675
Reinitialize temporary files to prevent possible symlink attack - CVE-2017-8108 2017-05-03 09:47:35 +02:00
Michael Boelen 67333bb09a
[SHLL-6290] Removed ShellShock test as it is no longer needed - CVE-2017-8108 2017-05-03 09:33:40 +02:00
Michael Boelen 4ecb9d4d05
[bulk change] cleaning up, code enhancements, initialization of variables, and new tests 2017-04-30 17:59:35 +02:00
Michael Boelen 5ccd0912cf
[MALW-3280] Added detection of Symantic components 2017-04-29 14:22:40 +02:00
Michael Boelen f39e72dbd5
Remove unused file 2017-04-23 20:19:30 +02:00
Michael Boelen 2340e7bbbc
Added HasData and IsEmpty function 2017-04-23 20:19:18 +02:00
Michael Boelen a04b2da851
Initialize variables 2017-04-23 20:19:02 +02:00
Michael Boelen 70ea29483a
Code enhancements 2017-04-23 20:06:54 +02:00
Michael Boelen 9e9b95e1da
Apply substite for TIME-3148 and first batch of code enhancements 2017-04-23 20:06:24 +02:00
0ri0n b433cf0bac Add Additional php.ini Paths (#377) 2017-04-17 15:38:48 +02:00
Michael Boelen b0b0fd0256 Add atomic tests to report 2017-03-27 17:15:02 +02:00
Michael Boelen e498e6ae64 Remove unused test parts 2017-03-27 17:14:34 +02:00
Michael Boelen 7f06a2c34f Added MAIL-8820 test for Postfix 2017-03-27 17:14:11 +02:00
Michael Boelen e14376cdab Minor cleanups 2017-03-27 12:23:27 +02:00
Michael Boelen b306ab891f Add additional check for Puppet tool 2017-03-27 12:21:42 +02:00
Athmane Madjoudj 5f0b24d2c8 Add support for cPanel PHP (Scl-based pacakging) GHT #340 (#373) 
* Add support for cPanel PHP (Scl-based pacakging) GHT #340

* Add myself to contributors as requested
 2017-03-27 09:21:37 +02:00
pyllyukko 88f39b9540 Fix regex to disregard locked accounts (#371) 
This way, accounts that have ":!!:" in shadow and have an entry in
"Password expires" field don't get flagged with "Result: password of
user XYZ has been expired" by AUTH-9288.

Fixes #362
 2017-03-27 09:19:55 +02:00
guyav a0849ac053 Added quote marks on SSH commands (#372) 
Added quote marks for the SSH commands in steps and 6.
 2017-03-27 09:19:01 +02:00
Michael Boelen 57770fe332 [HTTP-6641] support Apache mod_reqtimeout module 2017-03-20 13:40:00 +01:00
Michael Boelen 90e240cfb5 [CUPS-2308] removed exception handler, improved logging 2017-03-20 13:12:55 +01:00
Yaisel Hurtado 4368013b43 Fixed detection of security repositories (#370) 2017-03-17 17:59:21 +00:00
Michael Boelen 9ff31074a1 Added more banner words 2017-03-17 10:37:14 +01:00
Michael Boelen d8e41ca118 [CRYP-7902] Support for Plesk file names 2017-03-14 16:42:39 +01:00
Michael Boelen 352ea8c21c Added missing pipe 2017-03-13 19:55:00 +01:00
Michael Boelen b67d9233eb Added more logging 2017-03-13 19:53:56 +01:00
Michael Boelen e4474320ee [PKGS-7387] check all repositories for usage of gpg signing 2017-03-13 19:47:06 +01:00
Michael Boelen cd63e2389e [FILE-7524] Do not show missing files or paths by default 2017-03-13 16:26:26 +01:00
Michael Boelen 4be6b958e4 [MALW-3280] added Avira detection 2017-03-13 15:51:13 +01:00
Michael Boelen 6083f6d9ff [SCHD-7704] permission checks and minor code cleanups 2017-03-13 12:00:27 +01:00
Michael Boelen 320a397772 [TIME-3104] Test permissions before opening files 2017-03-13 11:59:05 +01:00
Michael Boelen 7d17bfbbd7 Escape file when needed to test if it is readable 2017-03-13 11:57:23 +01:00
noci2012 ad779f29eb Added new php paths (#369) 
removed php5.4,  added 7.0 and 7.1 and the flavours that are known on gentoo
(apache2, cgi, cli, embed,  fpm)
 2017-03-13 09:50:09 +00:00
Michael Boelen de84454d3f Cleanup 2017-03-12 19:27:16 +01:00
Michael Boelen b66e1402df Support for Manjaro Linux 2017-03-12 19:27:04 +01:00
Michael Boelen 814f2355ca [NAME-4018] only perform test when /etc/resolv.conf exists 2017-03-12 17:01:58 +01:00
Michael Boelen c2b7c76f97 Mark OS version of Arch Linux as rolling release 2017-03-12 16:42:44 +01:00
Michael Boelen 78b6a6b49f Remove lines related to report 2017-03-12 16:37:43 +01:00
Michael Boelen 88b37d16ca Added FileInstalledByPackage function 2017-03-12 16:36:02 +01:00
Michael Boelen 32b9af0767 [CRYP-7902] Test certificates with extension crt and pem, only if not part of a package 2017-03-12 16:35:50 +01:00
Michael Boelen a70cfd0a70 Improve message 2017-03-09 12:32:32 +01:00
Michael Boelen bb83598ff1 [DBS-1882] include redis.conf 2017-03-09 12:28:05 +01:00
Michael Boelen 336dcb4811 [PKGS-7381] Enhanced FreeBSD pkg audit testing 2017-03-09 12:27:38 +01:00
Michael Boelen e082b8af08 Updated log 2017-03-08 21:19:20 +01:00
Michael Boelen 658bbc6eba Rename host_alias to hostname_alias 2017-03-08 20:16:00 +01:00
hlein 62d9a18861 A bunch of Solaris compatibility tweaks (#367) 
* Work around Solaris' /bin/sh not being POSIX.

If /usr/xpg4/bin/sh is present, we are (definitely?) on Solaris or
a derivative, and /bin/sh cannot be trusted to support POSIX, but
/usr/xpg4/bin/sh can be.  Exec it right away.

* Work around Solaris 'which' command oddity.

Solaris' (at least) 'which' command outputs not-found errors to STDOUT
instead of STDERR.

This makes "did we get any output from which" checks insufficient;
piping to grep -v the "no foo in ..." message should work.

Note that this patch set includes all such uses of which that I could
find, including ones that should never be reached on Solaris (i.e. only
executed on some other OS) just for consistency.

* Improved alternate-sh exec to avoid looping.

* Solaris' /usr/ucb/echo supports -n.

* Check for the best hash type that openssl supports.

When using openssl to generate hashes, do not assume it supports
sha256; try that, then sha1, then give up and use md5.

* Solaris does not support sed -i; use a tempfile.

* Use the full path for modinfo.

When running as non-root, /usr/sbin/ might not be in PATH.
include/tests_accounting already calls modinfo by full path, but
include/tests_kernel did not.

* Solaris find does not support -maxdepth.

This mirrors the logic already in tests_homedirs.

* Use PSBINARY instead of ps.

* Work around Solaris' date not supporting +%s.

Printing nawk's srand value is a bizarre but apparently once popular
workaround for there being no normal userland command to print
UNIX epoch seconds.  A perl one-liner is the other common approach,
but nawk may be more reliably present on Solaris than perl.

* Revert to using sha1 for HOSTID.

* Whitespace cleanup for openssl hash tests.
 2017-03-08 16:24:24 +00:00
hlein e054e9757c Lots of cleanups (#366) 
* Description fix: SafePerms works on files not dirs.

All uses of SafePerms are on files (and indeed, it would reject
directories which would have +x set).

* Lots of whitespace cleanups.

Enforce everywhere(?) the same indentations for if/fi blocks.
The standard for the Lynis codebase is 4 spaces.  But sometimes
it's 1, sometimes 3, sometimes 8.

These patches standardize all(?) if blocks but _not_ else's (which
are usually indented 2, but sometimes zero); I was too lazy to
identify those (see below).

This diff is giant, but should not change code behavior at all;
diff -w shows no changes apart from whitespace.

FWIW I identified instances to check by using:

  perl -ne 'if ($oldfile ne $ARGV) { $.=1; $oldfile=$ARGV; }; chomp; if ($spaces) { next unless /^( *)([^ ]+)/; $newspaces=length($1); $firsttok = $2; next unless defined($firsttok); $offset = ($firsttok eq "elif" ? 0 : 4); if ($newspaces != $spaces + $offset) { print "$ARGV:$ifline\n$ARGV:$.:$_\n\n" }; $ifline=""; $spaces="";  } if (/^( *)if (?!.*[; ]fi)/) { $ifline = "$.:$_"; $spaces = length($1); }' $(find . -type f -print0 | xargs -0 file | egrep shell | cut -d: -f1)

Which produced output like:

  ./extras/build-lynis.sh:217:            if [ ${VERSION_IN_SPECFILE} = "" -o ! "${VERSION_IN_SPECFILE}" = "${LYNIS_VERSION}" ]; then
  ./extras/build-lynis.sh:218:               echo "[X] Version in specfile is outdated"

  ./plugins/plugin_pam_phase1:69:        if [ -d ${PAM_DIRECTORY} ]; then
  ./plugins/plugin_pam_phase1:70:                LogText "Result: /etc/pam.d exists"

...There's probably formal shellscript-beautification tools that
I'm oblivious about.

* More whitespace standardization.

* Fix a syntax error.

This looks like an if [ foo -o bar ]; was converted to if .. elif,
but incompletely.

* Add whitespace before closing ].

Without it, the shell thinks the ] is part of the last string, and
emits warnings like:

  .../lynis/include/tests_authentication: line 1028: [: missing `]'
 2017-03-07 19:23:08 +00:00
Jean Prat a53cb004fa umask can be 0027 or 0077 (#364) 
* umask can be 0027 or 0077

* Readme update
 2017-03-06 14:41:11 +00:00
hlein b595cc0fb5 Various cleanups (#363) 
* Typo fix.

* Style change: always use $(), never ``.

The Lynis code already mostly used $(), but backticks were sprinkled
around.  Converted all of them.

* Lots of minor spelling/typo fixes.

FWIW these were found with:

  find . -type f -print0 | xargs -0 cat | aspell list | sort -u | egrep '^[a-z]+$' | less

And then reviewing the list to pick out things that looked like
misspelled words as opposed to variables, etc., and then manual
inspection of context to determine the intention.
 2017-03-06 07:41:21 +00:00
Michael Boelen b0cde02c71 Code enhancements and allow host alias to be defined in profile 2017-03-05 20:45:13 +01:00