mboelen
89fbdd2feb
HTTP-6622: Determine Apache version and store in report
2016-03-12 20:45:37 +01:00
mboelen
6d2770ede6
Added FreeBSD path for namedb configuration file
2016-03-12 20:19:12 +01:00
mboelen
e88f15fd82
Removed tabs
2016-03-12 19:08:53 +01:00
mboelen
bd833057e1
NAME-4406: adjusted filter for localhost detection + logging
2016-03-12 19:08:23 +01:00
mboelen
7f34f9dece
AUTH-9288: ignore add include/tests_authentication
2016-03-08 12:01:11 +01:00
mboelen
6ec3e5b39d
Added suggestion for file systems which are symlinked
2016-03-08 11:35:15 +01:00
mboelen
4874c80186
HTTP-6624: ignore wildcard and default entries as ServerName
2016-03-08 11:34:33 +01:00
mboelen
ebdd946570
STRG-1840: disabled suggestion as this is considered high secure item
2016-03-08 09:50:28 +01:00
mboelen
62f31a8b82
SSH-7408: use only the last occurrence of a configured option
2016-03-08 08:47:25 +01:00
Michael Boelen
e9edd2dd09
Merge pull request #129 from rhyven/patch-3
...
Make NAME-4404 case-insensitive
2016-03-08 08:08:31 +01:00
Eric Light
e40a3562fb
Make NAME-4404 case-insensitive
2016-03-07 15:15:22 +13:00
Eric Light
34c88e0c05
Removed errant semicolon which broke uploads
...
Resolves below error:
./lynis: 25: ./include/data_upload: Syntax error: ";" unexpected
2016-03-04 15:06:32 +13:00
mboelen
2b95019b62
Use proper variable for cURL
2016-03-03 12:50:43 +01:00
mboelen
09193d8ba9
Add support for FreeBSD to detect PAM files
2016-03-03 12:48:42 +01:00
mboelen
a67a8f89bc
Added space when upload options are used
2016-03-03 10:20:23 +01:00
mboelen
54ab91f87e
Renamed FINT-4351 to FINT-4338
2016-03-01 16:30:48 +01:00
Toni de la Fuente
617ede8686
Update tests_file_integrity
2016-02-29 17:27:07 -05:00
Toni de la Fuente
cb73eed69b
added support to osquery
2016-02-29 17:16:50 -05:00
mboelen
13cfbd3019
Make IPv6 check compatible for all systems
2016-02-25 14:24:50 +01:00
mboelen
f6c84785e7
Changed exception of missing eth0 interface into an informational message
2016-02-24 19:59:23 +01:00
mboelen
75ca02d1a5
Allow proxy usage during license check
2016-02-15 13:50:03 +01:00
mboelen
2aa9b9a9b1
Changed custom URLs for hardening tips
2016-02-15 12:39:06 +01:00
Eric Light
4f38eb4739
Removed ServerAliveInterval
...
Belongs in ssh_config instead. Ref issue #120
2016-02-10 09:24:19 +13:00
mboelen
c4888fbb8e
Added value for ServerAliveInterval setting
2016-02-09 15:53:11 +01:00
mboelen
b1f655ca1e
Merge branch 'master' of https://github.com/CISOfy/Lynis
2016-02-09 13:02:50 +01:00
Michael Boelen
fde45eafd4
Merge pull request #113 from pyllyukko/fix_LogText
...
Fix "/etc/inittab" -> "/etc/sysconfig/init"
2016-02-09 13:03:08 +01:00
mboelen
820c24c347
Added OpenBSD for [NETW-3004]
2016-02-09 13:00:29 +01:00
Michael Boelen
44752440e8
Merge pull request #115 from alobodzinski/master
...
Change text and add account test for OpenBSD
2016-02-09 12:59:10 +01:00
mboelen
a3b4705508
Reordered SSH options, added ServerAliveInterval, changed TCPKeepAlive suggestion
2016-02-09 12:54:47 +01:00
mboelen
66d8ea418f
Improve log file for data uploads
2016-02-02 17:08:53 +01:00
mboelen
4923ce9cb4
Added comment
2016-02-02 17:07:44 +01:00
mboelen
ac5c98d76c
Show what profile is used when using --config
2016-02-02 17:07:20 +01:00
mboelen
647b482c53
Use the right columns from DNF to split package name and version
2016-01-25 15:47:24 +01:00
mboelen
d3e58a0537
Adjusted stderr redirecting and improve logging of packages
2016-01-25 15:38:46 +01:00
mboelen
5c53d16189
Show on screen if vulnerable packages are found
2016-01-25 15:04:46 +01:00
mboelen
acafb316d3
Add warning if DNF found vulnerable packages
2016-01-25 13:57:31 +01:00
mboelen
3999be2300
Avoid errors on screen if sysctl keys are not readable
2016-01-25 13:54:09 +01:00
mboelen
727ff26283
Show on screen that DNF is being used
2016-01-25 13:52:58 +01:00
mboelen
e3c88fe766
Additional DNF tests
2016-01-25 13:43:05 +01:00
mboelen
1e12852b12
Initial support for DNF package manager
2016-01-25 13:18:59 +01:00
Alexander Lobodzinski
6309588246
[ACCT-2760]: Check availability OpenBSD accounting data
2016-01-22 11:52:34 +01:00
Alexander Lobodzinski
089f7013c1
[PRNT-2302]: Description text was obviously wrong
2016-01-22 11:23:49 +01:00
pyllyukko
71aa47cbf4
Fix "/etc/inittab" -> "/etc/sysconfig/init"
2016-01-16 21:14:38 +02:00
mboelen
6bab259a5e
[AUTH-9234] Gather users on AIX, and rewriting of tests
2016-01-11 01:31:08 +01:00
mboelen
5e5507a1cd
Use CreateTempFile for temporary file creation
2016-01-11 01:30:06 +01:00
mboelen
e0e56f2cdc
Use CreateTempFile for creation of temporary files
2016-01-11 01:04:38 +01:00
mboelen
1cb90916ee
Added functions and variables for creation of temporary files
2016-01-11 01:04:04 +01:00
mboelen
d5867762c6
Use CreateTempFile function for temporary files
2016-01-11 00:24:00 +01:00
mboelen
f313b2edf8
Allow defining a proxy for data uploads
2016-01-07 12:57:24 +01:00
mboelen
4736ad87b9
Replacement of functions and adding newlines
2016-01-07 12:56:46 +01:00
asiebelt
a095ba64a0
Fix scoring logic for "<"
2016-01-02 18:13:07 +01:00
asiebelt
7f462d0a41
Fix typo
2016-01-02 18:07:02 +01:00
asiebelt
81bac124ee
Fix Scoring for "<"
2016-01-02 18:03:11 +01:00
asiebelt
99fd20aae0
Fix Test Definition
2016-01-02 17:49:01 +01:00
asiebelt
4234a646ed
Update tests_ssh
2016-01-02 17:39:25 +01:00
mboelen
d167fe2782
Added test NETW-2600 to collect IPv6 configuration
2016-01-01 21:38:47 +01:00
mboelen
0116dac1d2
Add more aliases to --dumpoptions
2016-01-01 15:44:32 +01:00
mboelen
70c90bc8fa
Added new function TestValue
2016-01-01 14:56:09 +01:00
mboelen
5b25317767
New tests and renumbering
2015-12-30 14:33:50 +01:00
mboelen
6b3c32b61f
Added NETW-3032 to test for ARP monitoring software like arpwatch
2015-12-29 16:30:31 +01:00
mboelen
31b5c0bb42
Merged changes for ARPwatch
2015-12-29 16:28:18 +01:00
Michael Boelen
142fc100c4
Merge pull request #108 from alobodzinski/dovecot
...
MAIL-8838: dovecot does not have postfix as a prerequisite
2015-12-29 16:23:01 +01:00
mboelen
72b0f65438
[LOGG-2154] Check for remote syslogging, more in-depth testing
2015-12-22 16:56:15 +01:00
mboelen
95832c61d1
Update to reflect renamed functions logtext and report
2015-12-22 16:02:32 +01:00
mboelen
ae6ca56581
Show warning for writable configuration file
2015-12-22 16:01:30 +01:00
mboelen
6520400ca4
[AUTH-9288] New test to determine expired passwords
2015-12-22 16:00:51 +01:00
mboelen
d16b38eff8
Rename of logtext and report functions, upcoming year change
2015-12-21 21:17:15 +01:00
mboelen
83a44827e0
Define queryformat for rpm command
2015-12-21 19:20:34 +01:00
mboelen
ddfd21b696
Added test for gzip to allow compression of report file
2015-12-21 19:13:50 +01:00
mboelen
360e6b66f6
Split name and version information for RPM based package manager
2015-12-21 19:10:22 +01:00
mboelen
6815c9a915
Redirect errors from postconf output
2015-12-21 17:07:31 +01:00
mboelen
9451e633da
[AUTH-9308] Test for respawn option on SUSE-based systems
2015-12-21 15:17:25 +01:00
mboelen
c12a4403aa
Preparations for compressed uploads
2015-12-21 15:15:51 +01:00
mboelen
040c2efc1c
Perform compressed uploads by default
2015-12-21 12:08:47 +01:00
mboelen
ad87a83bbc
Add upload_compressed option to profile
2015-12-21 11:37:16 +01:00
mboelen
4b9b8a0bc7
New option for compressed uploads
2015-12-21 11:35:38 +01:00
mboelen
a59731405f
Comment out unused function RealFilename
2015-12-21 11:26:00 +01:00
mboelen
526c519300
Retrieve cURL version number
2015-12-21 11:25:38 +01:00
mboelen
c68771a57a
Ensure that readlink only is used when it is available
2015-12-21 10:03:51 +01:00
mboelen
7cf247bf21
Added VMware detection for ESXi
2015-12-16 13:40:28 +01:00
Alexander Lobodzinski
fccf889936
dovecot does not have postfix as a prerequisite
...
fixed some spelling
2015-12-14 16:14:38 +01:00
Michael Boelen
c96e9f079e
Merge pull request #83 from alobodzinski/auth-openbsd
...
Authentication fixes for OpenBSD
2015-12-09 22:51:00 +01:00
Michael Boelen
502f106f9a
Merge pull request #96 from kboratynski/issue_11-str_1840
...
Authorization check for storage devices. Approved.
2015-12-09 22:49:23 +01:00
Michael Boelen
494ba68a6b
Merge pull request #105 from kboratynski/features/ssh_refactor
...
Implementation of several SSH related configuration items.
2015-12-08 18:49:58 +01:00
mboelen
2be968eb2c
Add new test BOOT-5106 to check for boot.efi on Mac OS X
2015-12-08 18:41:43 +01:00
Kamil Boratyński
8c544846ab
Improved [SSH-7408] with 'AllowTcpForwarding'.
2015-12-07 07:15:48 +01:00
Kamil Boratyński
785119824e
Improved [SSH-7408] with 'PermitTunnel'.
2015-12-07 07:15:03 +01:00
Kamil Boratyński
490fd6d5ec
Improved [SSH-7408] with 'GatewayPorts'.
2015-12-07 07:14:19 +01:00
Kamil Boratyński
3817ffd299
Improved [SSH-7408] with 'PermitUserEnvironment'.
2015-12-06 01:46:47 +01:00
Kamil Boratyński
5487401aba
Improved [SSH-7408] with 'MaxSessions'.
2015-12-06 01:46:47 +01:00
Kamil Boratyński
47576a1bd0
Improved [SSH-7408] with 'MaxStartups'.
2015-12-06 01:46:35 +01:00
Kamil Boratyński
35b663cff9
Improved [SSH-7408] with 'LoginGraceTime'.
2015-12-06 01:45:31 +01:00
Kamil Boratyński
96dfb5cf15
Improved [SSH-7408] with 'Port'.
2015-12-06 01:41:23 +01:00
Kamil Boratyński
c394024769
[SSH-7408]: Implemented '!' test type.
2015-12-05 21:46:03 +01:00
Kamil Boratyński
d191bed2d7
Improved [SSH-7408] with 'ClientAliveInterval'.
2015-12-05 21:37:27 +01:00
Kamil Boratyński
7bcf442a1e
Improved [SSH-7408] with 'ClientAliveCountMax'.
2015-12-05 21:36:13 +01:00
Kamil Boratyński
c252b9b376
Improved [SSH-7408] with 'MaxAuthTries'.
2015-12-05 21:18:35 +01:00
Kamil Boratyński
2e37c17675
[SSH-7408]: Implemented '>' test type.
2015-12-05 21:18:35 +01:00
Kamil Boratyński
9a30640327
[SSH-7408]: Implemented '<' test type.
2015-12-05 21:18:32 +01:00
Kamil Boratyński
013886ec16
Refactorized [SSH-7408].
...
First step for differents types of tests.
2015-12-05 20:39:30 +01:00
Alexander Lobodzinski
199483bd1e
Remote syslog server not detected for syslog-ng
2015-12-04 15:43:20 +01:00
mboelen
3e94c4a8f0
Added ssh_host_ed25519_key and ssh_host_ed25519_key.pub as sources to create Host ID
2015-12-04 14:25:24 +01:00
Michael Boelen
e227b42eaf
Merge pull request #84 from laurentquillerou/master
...
Added firewire-core module detection and improvement to egrep statement
2015-12-04 14:21:57 +01:00
mboelen
386d7701f3
New SSH options added and small changes to improve output on screen and in log file
2015-12-04 11:05:13 +01:00
Kamil Boratyński
9421feb704
Improved [SSH-7408] with 'Compression'.
2015-12-04 09:29:54 +01:00
Kamil Boratyński
201a6728b8
Improved [SSH-7408] with 'TCPKeepAlive'.
2015-12-04 02:30:28 +01:00
Kamil Boratyński
11c6b06c91
Improved [SSH-7408] with 'FingerprintHash'.
2015-12-04 02:29:18 +01:00
mboelen
7d0f5acc54
No warnings for SSH configuration, instead only use suggestions. Plus logging of details.
2015-12-03 12:15:49 +01:00
mboelen
e75569babf
If a suggestion has specific details, show it on screen
2015-12-03 12:14:39 +01:00
Kamil Boratyński
10b9edd8ef
Improved [SSH-7408] with 'PrintLastLog'.
2015-12-03 02:37:56 +01:00
Kamil Boratyński
42a5df3796
Improved [SSH-7408] with 'X11Forwarding'.
2015-12-03 02:29:57 +01:00
Kamil Boratyński
cd3cd74b8e
Improved [SSH-7408] with 'UseDNS'.
2015-12-03 02:29:57 +01:00
Kamil Boratyński
e656111c75
Improved [SSH-7408] with 'IgnoreRhosts'.
2015-12-03 02:29:57 +01:00
Kamil Boratyński
37ab68d501
Improved [SSH-7408] with 'PermitEmptyPasswords'.
...
[SSH-7408] will verify 'PermitEmptyPasswords' option too.
2015-12-03 02:29:57 +01:00
Kamil Boratyński
66b0ee3977
Moved [SSH-7416] into [SSH-7408].
2015-12-03 02:29:56 +01:00
Kamil Boratyński
a07c7ae4f9
Moved [SSH-7412] into [SSH-7408].
2015-12-03 02:29:56 +01:00
Kamil Boratyński
dcd8f89256
Moved [SSH-7414] into [SSH-7408].
2015-12-03 02:29:56 +01:00
Kamil Boratyński
f28fd77583
Modified [SSH-7408] -- made it widely usable.
...
Modified [SSH-7408] in such a way that every option for SSH server might
be added in SSHOPS with expected (and wrong) values
(like it was described in comment).
2015-12-03 02:29:54 +01:00
Michael Boelen
9ca47fd220
Merge pull request #86 from RebuiltBits/master
...
Add Python version 2/3 detection and report it
2015-12-02 18:06:33 +01:00
mboelen
d73e79193a
Test for longer status string
2015-12-02 17:50:35 +01:00
mboelen
2b101e75e8
Audit status of application firewall and added test for Mac OS X (FIRE-4532)
2015-12-02 17:37:58 +01:00
mboelen
4ab96e4f39
Improved test FIRE-4512 so that it also triggers if no more than 10 rules are found
2015-12-02 16:55:41 +01:00
mboelen
54e7f62d9a
Enhancements to retrieve file permissions and related logging
2015-12-01 12:38:40 +01:00
Kamil Boratyński
c1c0d722d0
Implemented ISSUE: #11
...
Test [STRG-1840] checks authorization.
2015-12-01 01:18:46 +01:00
mboelen
c79a1ea3a4
Show error on screen if license server can not be contacted
2015-11-22 20:43:06 +01:00
mboelen
c3054de0fe
Added details to logging if upload fails
2015-11-22 19:35:34 +01:00
mboelen
391f67e7c2
Show warning if any error happened during license check
2015-11-22 19:25:32 +01:00
mboelen
ce0955d05c
Show warning when upload was not succesful
2015-11-22 19:05:25 +01:00
mboelen
756c09cb4a
Added YUM details
2015-11-18 15:57:33 +01:00
mboelen
c68b70ff2e
Extended YUM test for security plugin testing
2015-11-18 15:55:49 +01:00
Jason Novinger
e5cc018ad1
Add python2/3 detection and report version
...
Add support for checking generic Python, Python 2.x, and Python 3.x with
version reporting.
2015-11-07 18:16:23 -06:00
mboelen
510de19ce9
NETW-3004 now collects interfaces from most common operating systems
2015-10-27 13:33:16 +01:00
mboelen
7b3299fcb9
Changes to AUTH-9286 to check for minimum age as well
2015-10-27 12:42:41 +01:00
Laurent Quillerou
18eef30c12
Added firewire-core module detection
2015-10-25 18:00:58 +02:00
mboelen
a98f377f4d
Test for blacklisted host ID values
2015-10-23 13:42:23 +02:00
mboelen
d058ba8bfc
Added password history tests to PAM plugin
2015-10-22 15:55:14 +02:00
mboelen
ebc7cb113e
Create a host ID by using SSH keys, when possible
2015-10-22 15:54:51 +02:00
mboelen
69cbabfed2
Log when vulnerable packages are found
2015-10-21 21:45:53 +02:00
Alexander Lobodzinski
250d5b3e0c
ypldap on OpenBSD
2015-10-16 11:52:25 +02:00
Alexander Lobodzinski
34eb749636
Authentication fixes for OpenBSD
2015-10-16 11:24:23 +02:00
mboelen
a5583da5c3
Adding correct variables for proper logging and testing
2015-10-15 15:57:27 +02:00
mboelen
9d1cec8a9b
Changes to check for presence BusyBox, to better support platforms using this as primary shell
2015-10-14 16:49:57 +02:00
Michael Boelen
776a70d6cf
Merge pull request #82 from SiemKorteweg/master
...
Optimized use of cat, grep and awk.
2015-10-14 10:55:33 +02:00
mboelen
6bea4e0334
Use POSIX compatible flag, so it also works on BusyBox
2015-10-14 10:28:27 +02:00
mboelen
b1437a05ef
For exceptions the lynis.log file is a better source
2015-10-14 10:27:37 +02:00
SiemKorteweg
0c48fc3880
Optimized use of cat, grep and awk.
...
Detection of duplicate entries in /etc/hosts is now more robust.
On CentOS7 the SERVICE_MANAGER is detected correctly.
2015-10-10 13:25:14 +02:00
Michael Boelen
c0378f38f5
Merge pull request #80 from SiemKorteweg/master
...
Combine "sort | uniq" to "sort -u" and sorting data first before making it unique.
2015-10-08 22:46:21 +02:00
mboelen
a99a3d348e
Added audit daemon and PAM variables
2015-10-08 16:25:35 +02:00
mboelen
fb1cf9e547
Rename PCI-DSS to PCI DSS
2015-10-08 16:25:09 +02:00
SiemKorteweg
b7d24c3413
Make sure that the input of "uniq -d" is sorted to avoid that duplicate UID's and hosts entries are missed.
2015-10-06 20:02:33 +02:00
SiemKorteweg
bf1da50c14
Combine "sort | uniq" into "sort -u" to reduce the number of processes used for running Lynis. The busybox version of sort also supports the -u option.
2015-10-04 17:59:28 +02:00
mboelen
009a363550
Properly show compliance status now
2015-10-01 22:40:49 +02:00
mboelen
ac87ce4c79
Added DisplayManual function, friendly name for compliance, minor enhancements
2015-10-01 22:40:29 +02:00
mboelen
3f8b826585
Renaming of variables for clarity
2015-10-01 22:39:01 +02:00
mboelen
385e62b6a5
Compliance variables
2015-10-01 22:38:29 +02:00
mboelen
d6a8a3c425
Correct testing for disabled/blacklisted USB storage driver
2015-10-01 19:56:39 +02:00
mboelen
a6ac097a93
Redirect possible errors instead of display on screen
2015-10-01 16:06:27 +02:00
mboelen
85f6c555b2
Minor cleanup and redirecting possible errors
2015-10-01 16:02:09 +02:00
mboelen
2b5c63bff9
Added ShowComplianceFinding function to display any non-compliance with security standards
2015-10-01 13:16:27 +02:00
mboelen
55ee1e90bc
Check correct variable for enabled compliance standards
2015-10-01 12:59:15 +02:00
mboelen
9505a10dd7
Add profile setting compliance_standards to define which ones are enabled
2015-10-01 11:59:50 +02:00
mboelen
4c0fa90478
Added variables for compliance standards like HIPAA, ISO27001/ISO27002 and PCI-DSS
2015-10-01 11:58:34 +02:00
mboelen
c9c78f751d
Added plugin phase variable and specific PAM settings
2015-10-01 11:49:30 +02:00
mboelen
fee1961eed
Added DigitsOnly function to extract only numbers from a text string
2015-09-30 18:34:16 +02:00
mboelen
cf11b95c3f
Added detection of ESET products and logging of malware scanner to report
2015-09-28 11:00:34 +02:00
mboelen
adb5948b30
Properly parse updated way of storing warnings and suggestions
2015-09-24 21:42:21 +02:00
mboelen
cc4feee4e5
New way of reporting a warning
2015-09-24 21:41:48 +02:00
mboelen
784224f4e7
Uniform way of saving warnings and suggestions to the log for later parsing
2015-09-24 21:40:54 +02:00
mboelen
5dfb031e4d
Removed bracket
2015-09-24 21:26:55 +02:00
mboelen
1edaba4d71
Added new test [CONT-8108] to check file permissions of Docker files
2015-09-24 20:29:05 +02:00
mboelen
5fe1e6dd65
Corrected logging for tests related to /etc/newsyslog.conf parsing
2015-09-24 20:27:49 +02:00
mboelen
41e08807c9
Changed description of place holder
2015-09-24 20:27:17 +02:00
mboelen
8b5b8b4a01
Added new parameters to ReportSuggestion and ReportWarning functions
2015-09-24 20:26:32 +02:00
mboelen
84821a4ed0
Removed [AUTH-9230] and merged it into [AUTH-9228]
2015-09-24 20:24:46 +02:00
mboelen
31363e9b39
Extended description for vulnerable package tests on FreeBSD
2015-09-24 20:14:59 +02:00
mboelen
2bcb519123
Changed test IDs of place holders
2015-09-24 20:13:05 +02:00
mboelen
9023f17662
Changed test IDs of place holders
2015-09-24 20:12:19 +02:00
mboelen
c17fcfd92d
Corrected PKGS-7380 and undoubled PKGS-7381
2015-09-24 20:10:30 +02:00
mboelen
1b9b084c03
Changed lmd to maldet, as LMD detection
2015-09-24 17:45:11 +02:00
mboelen
4f5eedabfc
Added the detection of LMD, or Linux Malware Detect tooling
2015-09-24 16:45:03 +02:00
Alexander Lobodzinski
d80bf2f437
Bugfix: wrong logtext for HRDN-7230
2015-09-22 12:00:44 +02:00
Alexander Lobodzinski
adc57330f6
Bugfix: nginx SSL detection worked on Linux only (only GNU sed understands \t on the command line)
2015-09-21 13:04:44 +02:00
Michael Boelen
14a79d8a63
Merge pull request #78 from rsmith-nl/freebsd-services
...
Improvements for FreeBSD services
2015-09-16 23:35:54 +02:00
Roland Smith
f11783dbdf
Merge branch 'master' into freebsd-services
2015-09-16 20:29:51 +02:00
mboelen
32226d145f
Merged patch to properly log umask value
2015-09-16 17:03:13 +02:00
mboelen
91c9760598
Add hardening points properly to umask tests
2015-09-16 17:01:17 +02:00
mboelen
d786c687a1
Added variables which were not initialized before
2015-09-16 17:00:12 +02:00
Alexander Lobodzinski
37f9dcb8cc
Bugfix for BSD: unrelated variable got logged instead of umask
2015-09-14 19:38:00 +02:00
mboelen
df5ff883da
Merge branch 'master' of https://github.com/CISOfy/Lynis
2015-09-12 15:19:29 +02:00
mboelen
6fbe0e95c5
Changes to comments only
2015-09-12 15:19:21 +02:00
Alexander Lobodzinski
d2c0e7491e
In quiet mode, hardening index was not written to log and report files
2015-09-11 14:54:38 +02:00
mboelen
78f32c2f28
Added screen output for /etc/login.conf
2015-09-10 21:46:23 +02:00
mboelen
7d0759297e
Corrected case function
2015-09-10 21:42:30 +02:00
mboelen
21d305b689
Add support for testing umask value in /etc/login.conf like FreeBSD systems
2015-09-10 21:07:06 +02:00
mboelen
0b9c6132c6
Add test [SHLL-6230] to test for umask values in common shell configuration files
2015-09-10 21:06:40 +02:00
mboelen
fa98d9bba2
Import of tool tips section
2015-09-10 21:05:04 +02:00
mboelen
b43bf17954
Remove tool tips section from report
2015-09-10 21:04:18 +02:00
mboelen
28d9a49a5f
Renamed BINPATHS to BIN_PATHS
2015-09-10 19:45:12 +02:00
mboelen
0db8eca467
Count total amount of suggestions and warnings
2015-09-10 09:18:20 +02:00
mboelen
7feb7e9a6c
Show amount of suggestions and warnings
2015-09-10 09:18:03 +02:00
mboelen
b6c0736d6e
Added counters for suggestions and warnings
2015-09-10 08:35:57 +02:00
mboelen
a8972b7b7f
Changed exit codes when using incorrect parameters
2015-09-10 08:35:40 +02:00
mboelen
7f4ee7ba56
Added ExitCustom function and notes for virtualization
2015-09-10 08:35:09 +02:00
mboelen
090bb2d4eb
Extended virtualization tests and logging
2015-09-09 20:24:48 +02:00
mboelen
5f2ef483f6
Improved tests and logging for automation tools
2015-09-08 16:02:41 +02:00
Michael Boelen
e1c2891db9
Merge pull request #74 from alobodzinski/tooling-cf3
...
CFEngine 3 detection
2015-09-08 15:08:49 +02:00
mboelen
174172eeba
Simplify: clarify if a particular set of module is not available, instead of showing cross
2015-09-08 14:59:25 +02:00
mboelen
e9373b59b0
Cleanup: Don't show pflogd status on screen, when pf is not available
2015-09-08 14:49:42 +02:00
Alexander Lobodzinski
66ff2a9229
Fixed typos
2015-09-08 14:28:24 +02:00
Alexander Lobodzinski
2d72fe18d3
Detect automation with Cfengine 3
2015-09-08 14:19:11 +02:00
mboelen
1316fdf38b
Changed identation for GRUB2 test
2015-09-07 21:13:12 +02:00
Michael Boelen
59390f1717
Merge pull request #73 from laurentquillerou/nginx-conf
...
Include main nginx.conf file in parsing.
2015-09-07 21:06:08 +02:00
Michael Boelen
48fd39c570
Merge pull request #71 from alobodzinski/openbsd-httpd
...
merging pull request to skip httpd on OpenBSD systems.
2015-09-07 20:58:55 +02:00
Laurent Quillerou
b83c3fbb10
Include main nginx.conf so that it generate nginx_config_option
2015-09-07 18:52:19 +03:00
mboelen
e50eef0c19
Added hint for possible extension to kernel scheduler
2015-09-07 17:43:00 +02:00
mboelen
d23ef2db0b
Changed screen identation of GRUB2 test
2015-09-07 17:42:29 +02:00
mboelen
1283ccc061
Added new test for UEFI detection [BOOT-5116] and storing data in report
2015-09-07 17:41:05 +02:00
mboelen
919995eb5a
Added UEFI_BOOTED_SECURE
2015-09-07 17:40:26 +02:00
mboelen
429fb62fd7
Added UEFI_BOOTED
2015-09-07 17:40:03 +02:00
Laurent Quillerou
3cdd9ea949
Delete trailing whitespace
2015-09-07 18:35:07 +03:00
Alexander Lobodzinski
f7ec431a65
/usr/sbin/httpd on OpenBSD is builtin non-Apache webserver, do not run with -v
...
If Apache is installed it is detected in /usr/local/sbin/httpd nevertheless
2015-09-07 17:31:18 +02:00
Michael Boelen
a90d225bf4
Merge pull request #68 from d4t4king/master
...
include/tests_filesystems tweak
2015-09-07 12:06:06 +02:00
mboelen
84baf688c8
Renumber test and search for explicit yes value, log status
2015-09-07 11:26:09 +02:00
Michael Boelen
f471bf9d96
Merge pull request #70 from kboratynski/auth-9407
...
Wrote 'AUTH-9407' - logging failed login attempts.
2015-09-07 11:19:40 +02:00
mboelen
5165e57b86
Added report option to store logging status of failed logins
2015-09-07 11:17:38 +02:00
mboelen
53840a4cfb
Added variable for logging status of failed logins
2015-09-07 11:17:08 +02:00
mboelen
fc27379452
Minor cleaning up and improved comment
2015-09-07 10:13:20 +02:00
Kamil Boratyński
0e97f7936f
Wrote 'AUTH-9407' - logging failed login attempts.
2015-09-07 04:12:58 +02:00
mboelen
a42e8feac2
Added Unbound status and configuration check, logging name cacher status to report file
2015-09-06 21:38:21 +02:00
mboelen
88caa85f59
Added default values for name cachers and Unbound status
2015-09-06 21:37:26 +02:00
mboelen
4a354c8479
Change ipfw to IPFW, change exeception ID for IPFW test
2015-09-06 17:42:56 +02:00
mboelen
10a300ddb7
Don't show pf status on screen when it is not available
2015-09-06 17:38:15 +02:00
Michael Boelen
8ab314cf07
Merge pull request #43 from rsmith-nl/ipfw
...
Add test for 'ipfw' firewall on FreeBSD.
2015-09-06 17:34:36 +02:00
mboelen
05dd1a6814
Remove systemctl to detect virtualization, use systemd-detect-virt instead
2015-09-05 18:51:36 +02:00
mboelen
461920ff72
Enabled dmidecode for virtualization detection
2015-09-05 18:41:04 +02:00
Michael Boelen
2fd7788b9b
Merge pull request #58 from markruys/master
...
More reliable and often faster check to determine virtualization.
2015-09-05 17:34:18 +02:00
squid-cache-object
12d9b38288
Update tests_filesystems
2015-09-03 14:14:02 -07:00
Michael Boelen
3927d60b8e
Merge pull request #69 from alobodzinski/name-4406-hostname-clash
...
Do not let a hostname that is contained in "localhost" like "cal" tri…
2015-09-03 17:35:25 +02:00
Alexander Lobodzinski
e1a87794bc
Do not let a hostname that is contained in "localhost" like "cal" trigger a false positive
2015-09-03 17:20:34 +02:00
mboelen
d9b7d9a9fd
Combined several potential mount option tests into 1 unit
2015-09-03 15:44:10 +02:00
mboelen
f4c2bd52fb
Ensure that docker is a file, not directory in /usr/libexec
2015-09-03 15:43:33 +02:00
mboelen
235b228fe2
Added vmtoolsd detection
2015-09-03 11:15:55 +02:00
dataking
e37446521d
include/tests_filesystems tweak
2015-09-01 11:50:07 -07:00
mboelen
2577caf66d
Only show suggestion for ntpdate if ntpd isn't running
2015-09-01 17:40:05 +02:00
mboelen
d2aaa9662e
Changed test description
2015-09-01 16:10:16 +02:00
mboelen
18d97ce60e
Use different status for unused firewall rules
2015-09-01 15:50:14 +02:00
mboelen
8cefc0f7b9
Show different status on screen when expired SSL certificates were found
2015-09-01 15:49:50 +02:00
mboelen
d4b1812962
Changed screen output when finding old files in /tmp
2015-09-01 15:47:32 +02:00
mboelen
401bf26c91
NIS improvement for test
2015-09-01 13:37:55 +02:00
mboelen
7cb9e364c7
Proper filtering for IPv6 addresses
2015-08-31 13:23:17 +02:00
mboelen
d1ae757240
Replaced -z for empty string testing
2015-08-20 18:50:30 +02:00
Michael Boelen
afe30cf3a7
Merge pull request #56 from mpepping/master
...
Comparison error when Docker is present, but the daemon is not running (or unset).
2015-08-20 18:48:32 +02:00
mboelen
210ba41a3c
Improved umask detection and logging
2015-08-20 18:46:06 +02:00
mboelen
649f0cfb3c
Improved BOOT-5180 detection for newer systems like Debian 8 and screen output enhancement
2015-08-20 18:37:03 +02:00
mboelen
7bd91675fe
Improved debug logging
2015-08-19 16:20:21 +02:00
mboelen
0c2a9daef9
Show help on screen
2015-08-19 16:19:14 +02:00
mboelen
8c1e1f29a3
Additional logging
2015-08-19 16:02:50 +02:00
mboelen
2e87b8fde9
Apply additional checks on first cURL command execution
2015-08-19 15:51:52 +02:00
mboelen
c153344240
Capture self-signed certificates during upload with cURL
2015-08-19 15:31:24 +02:00
Mark Ruys
919e48001d
More reliable and often faster check to determine virtualization.
2015-07-27 12:38:13 +02:00
Martijn Pepping
25c8567b57
Fixed an comparison error when Docker is present, but the daemon is not running (or unset).
2015-07-24 23:58:50 +02:00
Mark Ruys
c998924b51
Fix STRG-1840 (Check for disabled USB storage)
2015-07-24 15:11:39 +02:00
mboelen
dd66273f41
Removed unused categories
2015-07-22 18:28:34 +02:00
mboelen
db131518f0
Clean up code
2015-07-22 17:37:39 +02:00
mboelen
afd01ece5d
Remove incomplete tests, code enhancements
2015-07-22 17:37:11 +02:00
mboelen
66fb369593
Copyright line changes and cleanups
2015-07-22 16:28:11 +02:00
mboelen
17c44ced52
Include examples and clarify usage
2015-07-22 14:57:57 +02:00
mboelen
8f9a616854
Add more descriptive text to the template
2015-07-22 14:26:25 +02:00
mboelen
2b1061ef14
Added suggestions for Solaris auditing
2015-07-22 13:47:44 +02:00
mboelen
fd5c968d16
Cleaning up some lines
2015-07-22 13:44:30 +02:00
mboelen
afaecd9512
Removing deprecated strings and cleaning up
2015-07-22 12:21:36 +02:00
mboelen
95d08a735a
Optimizing code, cleaning up
2015-07-22 12:20:27 +02:00
mboelen
e06d706c83
Optimizing code, cleaning up
2015-07-22 12:20:03 +02:00
mboelen
6857f01500
Added LDAP configuration file location to report, and code cleanups
2015-07-16 17:02:15 +02:00
James White
f341b01e4d
Fix false positive matches with unsafe ports on SQD-3624
...
The grep statement needs to be modified to prevent tagging port values that contains a value in `SQUID_DAEMON_UNSAFE_PORTS_LIST` but aren't actually the listed port.
2015-07-15 11:50:56 +01:00
Michael Boelen
4266992f6b
Merge pull request #39 from aneeshusa/check-locate-preqs
...
Prevent the locate test from running spuriously when locate is not present.
2015-07-14 00:55:47 +02:00
Michael Boelen
6694add635
Merge pull request #38 from aneeshusa/update-systemd-sulogin-detection
...
Update check for sulogin under systemd.
2015-07-14 00:49:40 +02:00
mboelen
e8111a124f
Increase default minimum amount of connections before alerting
2015-07-14 00:31:59 +02:00
mboelen
7d30538311
Added missing bracket
2015-06-17 17:13:44 +02:00
mboelen
b947bb085c
Changed detection, added examples of fstab entries
2015-06-17 17:06:51 +02:00
mboelen
f34e59663f
Report hardening index, even when report is not shown
2015-06-11 20:50:19 +02:00
mboelen
f0026427bb
Textual changes
2015-06-11 13:58:30 +02:00
mboelen
0d4b25d308
Disable suggestion for this test
2015-06-11 13:58:16 +02:00
mboelen
e13a9087ea
Added compilers to report
2015-06-11 13:57:57 +02:00
mboelen
72feac9638
Added additional legal words for banner usage
2015-06-11 13:57:37 +02:00
mboelen
785ac74f91
Moved tests to new container group
2015-05-27 12:36:34 +02:00
mboelen
5f3c47df68
Added debsecan, debsums and kernel package counting
2015-05-27 12:35:56 +02:00
mboelen
7f0fbcf359
Initial import for container category
2015-05-27 12:34:01 +02:00
mboelen
f60011eb1b
Removing tests which were already performed in authentication section.
2015-05-27 11:43:08 +02:00
mboelen
917c790ecc
Changed text
2015-05-27 11:42:31 +02:00
mboelen
fe636c7d6c
Docker support
2015-05-27 11:25:35 +02:00
mboelen
30b9b1edd9
Added support for Docker binary
2015-05-27 11:25:07 +02:00
mboelen
bb696a04f1
Improved detection of directories in logrotate
2015-05-26 11:13:47 +02:00
mboelen
c70f3e93cd
Cleanup of screen output, with focus on minimum output
2015-05-26 11:13:23 +02:00
mboelen
a1095ef941
Improved swap detection and added UUID check
2015-05-26 11:12:36 +02:00
mboelen
3c3bb2d0db
Do not show auditd suggestion for OpenVZ systems
2015-05-26 11:11:42 +02:00
mboelen
1a04109dad
Extended descriptions
2015-05-26 11:11:15 +02:00
mboelen
52b8c3a6a7
Added VMTYPE
2015-05-26 11:10:50 +02:00
mboelen
b885b9f84f
Add missing pipe
2015-05-25 23:20:52 +02:00
mboelen
1d1aa3c966
Improved kernel detection on Slackware
2015-05-25 23:17:42 +02:00
mboelen
2f0e9f0981
Changed last line
2015-05-25 23:17:21 +02:00
mboelen
ef2b12e218
Added block and character type devices as symlinks
2015-05-25 23:17:08 +02:00
mboelen
3f3ced806e
Changed last line
2015-05-25 23:16:45 +02:00
mboelen
7854eeae20
Chronyd support, finishing test
2015-05-25 17:45:41 +02:00
mboelen
1c07e6fa2c
New test TIME-3106, Chronyd and systemd-timesyncd support
2015-05-25 17:33:51 +02:00
mboelen
45114e6557
Chef support added
2015-05-25 17:20:58 +02:00
mboelen
f3bd9ca9ad
Display only the tools actually found, to keep screen output as clean as possible
2015-05-17 23:22:54 +02:00
mboelen
46f9a3dec8
Log file integrity monitoring tool, adding support for lfd (CSF) tool
2015-05-17 23:01:38 +02:00
mboelen
283e198c23
Improved detection of blacklisted/disabled modules
2015-05-17 23:00:28 +02:00
mboelen
893e17d982
Added new AddSystemGroup function
2015-05-13 14:45:50 +02:00
mboelen
5729189349
Added additional legal words for banners
2015-05-13 14:45:16 +02:00
mboelen
c37e2eb9eb
Extended Sophos detection
2015-05-04 13:37:36 +02:00
mboelen
22810e58e7
Replace existing update check options with new helper utility
2015-04-30 01:28:33 +02:00
mboelen
943b944a13
New profile options for automatic updates
2015-04-30 01:28:05 +02:00
mboelen
0e581e6ad7
Initial import of helper for automatic updates
2015-04-30 01:27:36 +02:00
mboelen
8ae3cfd5ad
Remove unused variable
2015-04-30 01:25:18 +02:00
mboelen
1ece78f1a8
Set default for showing program details at start
2015-04-30 01:23:47 +02:00
mboelen
508cf7ac71
Added missing space
2015-04-29 19:58:13 +02:00
mboelen
6a0417da8b
Added Python and updated PHP description
2015-04-29 14:20:46 +02:00
mboelen
70e20d514c
Ensure that only one value is provided
2015-04-29 13:53:40 +02:00
mboelen
2cd57933b6
Correction of Display function
2015-04-29 11:57:57 +02:00
mboelen
aa8410477e
Performance tuning by removing full listing of binaries from log
2015-04-29 11:57:30 +02:00
Roland Smith
1bb5b4b0a6
FreeBSD uses the bsdrc service manager.
...
With this patch, a run on my machine returns:
[+] Initializing program
------------------------------------
- Detecting OS... [ DONE ]
---------------------------------------------------
Program version: 2.1.1
Operating system: FreeBSD
Operating system name: FreeBSD
...
[+] Boot and services
------------------------------------
- Service Manager [ bsdrc ]
2015-04-27 20:09:18 +02:00
Roland Smith
db828b5e03
Used service(8) to discover running services.
...
On all supported FreeBSD releases, the service(8) program can be used to
discover which services are running. This program has been added to the test
for binaries. If available, it will be used to test for services. If not, the
original code that parses /etc/rc.conf is used.
On my system, the following information is produced in the logfile:
[19:51:22] Performing test ID BOOT-5165 (Check for FreeBSD boot services)
[19:51:22] Searching for services at startup (service)
[19:51:23] Found service (service/rc.conf): bgfsck
[19:51:23] Found service (service/rc.conf): cleanvar
[19:51:23] Found service (service/rc.conf): cron
[19:51:23] Found service (service/rc.conf): cupsd
[19:51:23] Found service (service/rc.conf): dbus
[19:51:23] Found service (service/rc.conf): devd
[19:51:23] Found service (service/rc.conf): dmesg
[19:51:23] Found service (service/rc.conf): dnsmasq
[19:51:23] Found service (service/rc.conf): gptboot
[19:51:23] Found service (service/rc.conf): hostid
[19:51:23] Found service (service/rc.conf): hostid_save
[19:51:23] Found service (service/rc.conf): ip6addrctl
[19:51:23] Found service (service/rc.conf): ipfw
[19:51:23] Found service (service/rc.conf): mixer
[19:51:23] Found service (service/rc.conf): motd
[19:51:23] Found service (service/rc.conf): newsyslog
[19:51:23] Found service (service/rc.conf): nginx
[19:51:23] Found service (service/rc.conf): openntpd
[19:51:23] Found service (service/rc.conf): postfix
[19:51:23] Found service (service/rc.conf): powerd
[19:51:23] Found service (service/rc.conf): sendmail
[19:51:23] Found service (service/rc.conf): smartd
[19:51:23] Found service (service/rc.conf): syslogd
[19:51:23] Found service (service/rc.conf): virecover
[19:51:23] Found 24 services/options to run at startup
The report shows:
[+] Boot and services
------------------------------------
- Service Manager [ UNKNOWN ]
- Checking presence FreeBSD loader [ FOUND ]
- Checking services at startup (service/rc.conf) [ DONE ]
Result: found 24 services/options set
2015-04-27 19:58:07 +02:00
Roland Smith
4d94227a08
Find FreeBSD service binary.
2015-04-27 19:33:11 +02:00
Roland Smith
a0b20fcfe3
Wrap ipfw test in SKIPTEST block.
2015-04-27 18:26:39 +02:00
Roland Smith
ded7e95a14
Check if ipfw is enabled in rc.conf.
2015-04-27 18:24:18 +02:00
Roland Smith
5d7dc80481
Initial version of IPFW test (FreeBSD).
2015-04-27 18:24:11 +02:00
Aneesh Agrawal
bfd24585cf
Pass information about locate prereqs to Register.
...
Prevent the locate test from running spuriously when locate is not
present
2015-04-27 03:31:43 -04:00
Aneesh Agrawal
d282fbfc9c
Update check for sulogin under systemd.
...
The default rescue.service unit file was updated
in the systemd repo on Jan 23, 2015
to allow for sulogin location variability.
2015-04-27 03:13:42 -04:00
mboelen
474d69dfd6
Added /usr/lib64/apache2 as search path
2015-04-24 13:31:49 +02:00
mboelen
cd78379906
Extended screen output when upload fails
2015-04-22 11:02:22 +02:00
mboelen
ec5e9cbecf
Extending ShowSymlinkPath function to account for missing -f option
2015-04-22 00:57:58 +02:00
mboelen
c397b20b68
Initialize some variables for cleaner output
2015-04-22 00:57:35 +02:00
mboelen
0d900536a5
Remove priority label
2015-04-21 16:03:14 +02:00
mboelen
94607e4ae4
Redirect sysctl errors properly
2015-04-20 11:35:02 +02:00
mboelen
a6290d1bec
Enhance screen output on Mac OS
2015-04-19 22:10:27 +02:00
mboelen
4c8a6dc3d2
Rename of package auditing tool, for upcoming plugin/module
2015-04-17 15:50:46 +02:00
mboelen
a29335823f
Improved core dump checking
2015-04-16 20:00:09 +02:00
mboelen
017c145357
Zypper enhancements
2015-04-16 19:59:51 +02:00
mboelen
3bce5191ef
Apply group check on all groups when using AIX
2015-04-16 19:00:03 +02:00
mboelen
de60926705
Changed sed statement
2015-04-13 22:06:14 +02:00
mboelen
95d5cabdb2
Ensure sysctl is present before calling it
2015-04-07 17:20:11 +02:00
mboelen
7ad2dd5480
Change pf firewall detection
2015-04-07 17:19:49 +02:00
mboelen
e21e8679e0
Check also /var and assign hardening points
2015-04-07 17:19:25 +02:00
mboelen
7785c5a610
Improved report output
2015-04-07 17:18:54 +02:00
mboelen
f85d33fe42
Improved text for malware scanner suggestion
2015-04-07 17:17:35 +02:00
mboelen
d5bdde7a93
Changed counting with -m to support locale
2015-04-02 13:29:18 +02:00
mboelen
d2175e833d
Change description of test
2015-04-01 14:45:12 +02:00
mboelen
c2bbf4a0a7
Improved detection for McAfee anti-virus (cma)
2015-04-01 14:22:53 +02:00
mboelen
003d4857bb
Updated last line
2015-03-31 19:20:57 +02:00
mboelen
d16732a47a
Smart replacement does not work on Solaris, rewriting domain extraction from FQDN
2015-03-31 19:20:42 +02:00
mboelen
f9c79007b8
Updated functions for checking permissions on files
2015-03-25 17:31:47 +01:00
mboelen
9978e5c824
Using return codes and minor cleanups of code
2015-03-25 17:31:17 +01:00
mboelen
30bc903c5a
Using return codes for file permission checks
2015-03-25 17:30:13 +01:00
mboelen
c94269c1d1
Add lynis audit dockerfile as option
2015-03-25 16:49:02 +01:00
mboelen
e1d96752f2
Removed variable
2015-03-25 16:48:39 +01:00
mboelen
5ecbaafa4f
Use improved function with return values
2015-03-25 16:47:37 +01:00
mboelen
355bf37459
Changed copyright line
2015-03-25 15:55:46 +01:00
mboelen
7f97bfa973
Typos corrected
2015-03-25 15:55:29 +01:00
mboelen
3cda4cf562
Added CUPS location for Mac OS
2015-03-23 21:38:37 +01:00
mboelen
bdf8347162
Don't require sha1sum AND openssl AND csum, but just one of them to exist
2015-03-19 00:03:58 +01:00
mboelen
9932e878b1
Clarified message
2015-03-18 16:06:02 +01:00
mboelen
0e321e1c6b
Improved host ID generation on AIX systems
2015-03-18 15:35:37 +01:00
mboelen
e1a3d59f8d
Added csum binary detection for AIX systems
2015-03-18 15:35:11 +01:00
mboelen
8b2da6329e
Changed path names into variables
2015-03-18 10:40:59 +01:00
mboelen
49414f8b06
Check if value after access_log option is filled
2015-03-17 19:02:46 +01:00
mboelen
a12876e472
Test for presence of CSF
2015-03-17 18:06:00 +01:00
mboelen
8201510d6a
Check timeout sessions and if they are readonly
2015-03-17 17:58:58 +01:00
mboelen
332277b7e1
Enhance timeout check and ensure there are .sh files in /etc/profile.d
2015-03-17 14:55:03 +01:00
mboelen
c8e17e317d
Redirect sysctl error output
2015-03-09 14:09:59 +01:00
mboelen
7e912be0af
Clarify the main purpose of the tooling
2015-02-25 20:33:48 +01:00
mboelen
6521ced36f
Remove suggestion
2015-02-25 20:33:21 +01:00
mboelen
209e1991d2
Test for presence php.ini file
2015-02-15 23:50:28 +01:00
mboelen
d56d33a63d
Added /etc/php5/fpm/php.ini to PHP locations
2015-02-15 23:02:46 +01:00
mboelen
e6d7da4885
No error display when file is uploaded and exit code is 0
2015-02-13 15:10:27 +01:00
mboelen
3ae5c61839
Support openSUSE location of sulogin binary
2015-02-13 15:09:37 +01:00
mboelen
7723f85d5c
Replacing /usr/lib/apache2/modules with /usr/lib/apache2
2015-02-03 18:30:15 +01:00
mboelen
e3206dd343
Adding new options for defining upload options and server
2015-02-03 18:28:03 +01:00
mboelen
db46a375c6
Cleaning up parameters and moving them to profile
2015-02-03 18:27:13 +01:00
mboelen
5686b82f17
Allow overriding of the upload and license server
2015-02-03 18:26:30 +01:00
mboelen
f5550fa5d2
Adding upload options and audit scan mode
2015-01-30 19:59:48 +01:00
mboelen
42e3f46a28
Allowing URLs to control information to be adjusted for CUST tests
2015-01-30 19:59:17 +01:00
mboelen
902eafeca9
Do not show exception in different scan modes
2015-01-30 19:58:29 +01:00
mboelen
554d8bd857
Allow overriding CURL options with parameter and exit cleanly when license is not found
2015-01-30 19:58:00 +01:00
mboelen
b41d12d077
Decrease screen output when scanning for binaries
2015-01-30 19:57:18 +01:00
mboelen
2e0c90079b
Added custom appending/prepending of URLs for control information
2015-01-30 18:09:46 +01:00
mboelen
391476f38e
Improvements to report output, including custom URLs
2015-01-30 18:09:18 +01:00
mboelen
0a196b7e79
Updated copyright lines
2015-01-30 18:04:30 +01:00
mboelen
da0cc9d403
Added helper, report and upload related defaults
2015-01-30 13:14:18 +01:00
mboelen
ac8b4d27b5
Adding helper tool for Dockerfile auditing
2015-01-30 13:13:38 +01:00
mboelen
2b075c24b0
Avoid hanging PHP test [PHP-2368]
2015-01-16 00:15:20 +01:00
mboelen
ef531081bc
Only show suggestion when shell does not exist [AUTH-9218]
2015-01-15 23:21:17 +01:00
mboelen
44a530719c
Disabling Shellshock test as it gives false positives
2015-01-15 22:06:34 +01:00
mboelen
5caf4ddc4f
Update of the files to reflect HTTPS version of website and 2015. Happy New Year!
2015-01-03 12:45:22 +01:00
mboelen
afa2d50aac
Improved screen output on FreeBSD and enhanced version detection on Gentoo
2014-12-10 11:08:15 +01:00
mboelen
d2b7d3ed00
Changed header
2014-12-09 18:11:38 +01:00
mboelen
c7a242a020
New single user mode test for systemd, improvements for FreeBSD and better detection of init process on Linux
2014-12-09 18:11:21 +01:00
mboelen
4a5fe6d201
Check ntpdate for other systems than only FreeBSD, NTP no longer required for virtual machines
2014-12-08 23:57:47 +01:00
mboelen
8efbb80497
Starting user ID 1000 for Linux systems
2014-12-05 20:08:10 +01:00
mboelen
1fa4416a7a
Check for /var/db/pkg/pkgs-vulnerabilities presence before performing audit with pkg_admin [PKGS-7381]
2014-12-05 19:43:35 +01:00
mboelen
951afea1f3
Enhanced reboot test to work on Arch Linux and others [KRNL-5830]
2014-12-05 19:42:12 +01:00
mboelen
dbf9bfd173
Enhancements for DragonFly BSD
2014-12-05 17:11:59 +01:00
mboelen
3802a934c6
Check if hostname is set for NAME-4404 and NAME-4404 tests
2014-12-05 17:11:34 +01:00
mboelen
40e93c9b45
Enhance screen output for DragonFly BSD
2014-12-05 17:03:04 +01:00
mboelen
7f45bb5d85
Only include numeric characters in latest version string
2014-12-05 16:01:41 +01:00
mboelen
defecac381
Small change regarding logging item to report
2014-12-05 13:29:26 +01:00
mboelen
50907dd21a
Remove suggestion from control, as it will be checked in HRDN-7222
2014-12-05 13:28:53 +01:00
mboelen
767a8cf053
Removed warning for missing swap partition as this is more common now
2014-12-05 13:28:22 +01:00
mboelen
3bc7f1fb02
Added additional process check for OpenSMTPD
2014-12-05 13:27:29 +01:00
mboelen
a70e0558c8
Log status of Salt tools and add them to report
2014-12-05 12:41:33 +01:00
mboelen
f0ae9d015c
Extended PHP search path for NetBSD systems
2014-12-05 12:29:18 +01:00
mboelen
cbf96e156f
Allow Lynis Enterprise users to provide an URL to upload to
2014-12-05 12:28:44 +01:00
mboelen
841c99cc30
Added comm (file comparing)
2014-12-05 12:28:13 +01:00
mboelen
2a586d1326
Changes to allow uploading to different server via parameters
2014-12-05 12:06:41 +01:00
mboelen
f16c4f1d80
Added journalctl (systemd)
2014-12-05 12:06:05 +01:00
mboelen
7995e1e2c7
Changed update check location from previous website to cisofy.com
2014-12-03 23:43:48 +01:00
mboelen
747fd5bb19
Changed status of file integrity tool in report
2014-12-03 22:51:19 +01:00
mboelen
7537419a68
Improvement for SuSE based systems when detecting Linux kernel on disk
2014-12-03 22:50:25 +01:00
mboelen
44cde264a2
Changed website address
2014-12-03 22:49:46 +01:00
mboelen
df0da8b0c4
Improve output on NetBSD by using a non-break version of echo as well
2014-12-03 22:49:22 +01:00
mboelen
26a6e33637
Changed the way how progress is displayed and improved virtual machine detection
2014-12-03 22:45:23 +01:00
mboelen
f9d5f9f017
Added NetBSD paths and changed copyright line
2014-12-03 22:44:31 +01:00
mboelen
a5a702a1da
Added pkg_admin binary
2014-12-03 14:50:55 +01:00
mboelen
639fd1d96a
Extended detection for service manager and NetBSD uptime support
2014-12-03 14:22:58 +01:00
mboelen
1759f66181
Removed warning for expired SSL certificate, added suggestion instead
2014-12-03 14:13:29 +01:00
mboelen
92660aec3c
Added comments
2014-12-03 14:11:38 +01:00
mboelen
358ea148ca
Added additional virtualization detection for NetBSD and OpenBSD
2014-12-03 14:10:52 +01:00
mboelen
9a8ea8584a
Updated copyright line
2014-12-03 14:10:22 +01:00
mboelen
f60b00e6f0
Added dpkg binary
2014-12-02 21:38:51 +01:00
mboelen
89217d7ade
Testing for service/job manager [BOOT-5104]
2014-12-02 13:55:06 +01:00
mboelen
2bdc4d7742
Fixed typo in report
2014-12-02 13:54:13 +01:00
mboelen
98abf325e4
Cleaning up code a little bit
2014-11-29 16:25:18 +01:00
mboelen
b25fa10b1d
Do not check for klogd when systemd-journal is being used
2014-11-29 16:23:52 +01:00
mboelen
19cf98dd82
Show if compliance tests have been performed in report output
2014-11-29 16:22:59 +01:00
mboelen
376b37f250
Added proper check for smtpctl binary
2014-11-29 16:22:36 +01:00
mboelen
9beee9a514
Added smtpctl for OpenSMTPD
2014-11-29 16:21:49 +01:00
mboelen
68234525a3
New variables
2014-11-29 16:21:13 +01:00
mboelen
33720a54ac
Check for OpenSMTPD on all platforms, but only if smtpctl is found
2014-11-29 16:20:20 +01:00
mboelen
36c9f435f7
Added initctl, launchctl, nft binaries and textual improvements
2014-11-28 23:51:16 +01:00
mboelen
87994330f1
Added test for systemd journal daemon [LOGG-2136]
2014-11-28 23:50:07 +01:00
mboelen
f826a4f63f
Added Progress function, --progress to Register function and docker detection
2014-11-25 14:22:52 +01:00
mboelen
ccf849f214
Properly log as binary
2014-11-25 14:21:23 +01:00
mboelen
b9c7a2857e
Changed links
2014-11-25 14:20:45 +01:00
mboelen
76a6d1a263
Added --manpage and --dumpoptions
2014-11-14 16:15:35 +01:00
mboelen
2938a2d5af
GRUB2 password protection test
2014-11-13 00:58:11 +01:00
mboelen
f50595d4e2
Show only unique files for deleted files [LOGG-2190]
2014-11-13 00:57:36 +01:00
mboelen
64d3464543
Use ReportException function
2014-11-11 19:03:57 +01:00
mboelen
16eab10590
Check for rootsh binary
2014-11-04 14:17:18 +01:00
mboelen
a1d8ee1e13
Changes to uptime calculation for OpenBSD
2014-11-04 02:23:43 +01:00
mboelen
160f727709
Try to use OpenSSL for SHA1 related functions if sha1/sha1sum are not present
2014-11-04 02:08:56 +01:00
mboelen
6eedbdd176
Do not run Apache test on OpenBSD and strip control chars [HTTP-6624]
2014-11-04 02:08:29 +01:00
mboelen
dcef76d250
Allow OpenBSD boot loader test for all platforms
2014-11-04 01:36:56 +01:00
mboelen
525c430d84
Minor improvements to Shellshock test
2014-11-04 01:34:14 +01:00
mboelen
5439083b4e
Added uptime detection for OpenBSD systems [BOOT-5202]
2014-11-04 01:04:28 +01:00
mboelen
3609da194a
Properly parse PAM lines and add them to report [AUTH-9264]
2014-11-04 00:42:37 +01:00
mboelen
28b31b95c8
Add OpenBSD support to gather UDP/TCP ports which listen on network
2014-11-04 00:30:08 +01:00
mboelen
0a3482b968
OpenBSD support for boot loader detection
2014-11-04 00:29:44 +01:00
mboelen
9f1f006005
Check if Linux config file is set, before executing other tests
2014-10-30 18:09:47 +01:00
mboelen
c8189d05e8
Improvements for file systems, with focus on ext2, ext3 and ext4
2014-10-30 18:09:03 +01:00
mboelen
183be1a45a
Log license key to report
2014-10-30 13:05:06 +01:00
mboelen
4dfcce354c
Don't show error when file system can not be opened by tune2fs
2014-10-29 23:07:59 +01:00
mboelen
e176c0028a
Added getcap binary check
2014-10-27 23:11:37 +01:00
mboelen
ca6c6d14fb
Small changes in naming, added binary paths to report file
2014-10-27 23:10:28 +01:00
mboelen
77e2705eb7
Perform configuration integrity test for AIDE
2014-10-27 00:28:28 +01:00
mboelen
46de3f8d99
Hide RPM related database errors, show suggestion instead
2014-10-26 23:33:26 +01:00
mboelen
410861f4df
Added AIX support for volume groups
2014-10-26 23:33:08 +01:00
mboelen
16b25ceda3
Added lsvg detection
2014-10-26 23:32:51 +01:00
mboelen
f465da5351
Small adjustment to avoid getting error when no files are in APT sources.list.d directory
2014-10-24 01:23:35 +02:00
mboelen
6f6d51a11a
Minor textual changes
2014-10-23 23:06:46 +02:00
mboelen
75c2d0ab15
Changed qdaemon test
2014-10-21 00:03:42 +02:00
mboelen
067360db1b
Improved qdaemon printer detection
2014-10-19 12:43:15 +02:00
mboelen
8bf76a9a0f
Improved Shellshock test by searching for bash via which if /etc/shell is not present
2014-10-19 12:39:37 +02:00
mboelen
47b2a7df33
Redirect errors when searching for readlink binary
2014-10-19 12:30:26 +02:00
mboelen
84c51eead7
Boot loader detection for AIX [BOOT-5102]
2014-10-19 12:25:40 +02:00
mboelen
1e624d5f2e
Improved text
2014-10-14 10:54:02 +02:00
mboelen
bd5c9ddd7b
Textual improvement on screen for Apache configuration test
2014-10-14 10:40:00 +02:00
mboelen
d6dbbeedb5
Added warning when GLSA finds security updates
2014-10-14 10:39:34 +02:00
mboelen
a6f50356d9
Added new tests
2014-10-14 10:03:54 +02:00
mboelen
4fa5139bfa
Improve function to search for kernels on disk and checking results
2014-10-14 10:03:29 +02:00
mboelen
f5399981c2
When searching for a swap partition in /etd/fstab, use sw as search string, instead of matching sw or swap
2014-10-14 10:02:41 +02:00
mboelen
1f032c767f
Directories will be skipped when searching for nginx log files
2014-10-14 10:01:46 +02:00
mboelen
b31a6c4659
Textual changes
2014-10-13 22:39:16 +02:00
mboelen
381fbf25d0
Escaping --security option as string search
2014-10-13 20:47:42 +02:00
mboelen
20815d8133
Changed typo cly.py to cli.py
2014-10-13 20:45:43 +02:00
mboelen
19fd348249
Changed typo cly.py to cli.py
2014-10-13 20:43:46 +02:00
mboelen
5e840367ca
Test for built-in security measures in YUM [PKGS-7386]
2014-10-13 20:36:09 +02:00
mboelen
34b177547f
Added better text for discovered directories which have symlink
2014-10-13 20:35:14 +02:00
mboelen
5ac6812ba5
Skip directory if it has already been found, or its symlink
2014-10-13 20:07:19 +02:00
mboelen
8454ac7baf
Set temporary readlink function if binary scan is not finished yet
2014-10-13 19:57:15 +02:00
mboelen
a68b226d3a
Added BINARY_SCAN_FINISHED
2014-10-13 19:56:44 +02:00
mboelen
3b7e1a63ae
Mark when binary scan is complete
2014-10-13 19:55:49 +02:00
mboelen
badd27ac7e
Added additional debug information for symlink function
2014-10-13 19:51:20 +02:00
mboelen
6f893ea3b4
Improved symlink detection and reporting
2014-10-13 19:45:14 +02:00
mboelen
ebdee5b0d2
Altered symlink function, message display, small cleanups
2014-10-13 19:36:36 +02:00
mboelen
0378677ea9
Cleanup of test and properly show status of timedated [TIME-3104]
2014-10-13 19:19:40 +02:00
mboelen
f7bcf60640
Changed copyright line
2014-10-13 10:43:37 +02:00
mboelen
7797c32d76
Only extract unique name servers [NAME-2704]
2014-10-13 10:42:07 +02:00
d4t4king
fab2ea5e5e
Minor tweak to glsa-check to show '0' when all tests are compliant
2014-10-13 00:19:59 -07:00
mboelen
2bf7e35bf2
Added missing -f for GRUB2 bootloader test [BOOT-5121]
2014-10-09 00:41:06 +02:00
d4t4king
111097506f
Tweaked nginx protocol check so it actually works. Added insecure protocol detection.
2014-10-08 22:04:29 +00:00
mboelen
3d0fb8d529
Improved boot loader detection for Grub2 [BOOT-5121]
2014-10-06 21:27:23 +02:00
mboelen
81d910c050
When searching for bash shell, skip comment lines and only take first hit (e.g. Fedora has multiple hits) [SHLL-6290]
2014-10-06 20:57:56 +02:00
mboelen
74f7cfec84
Added Shellshock test improvements
2014-10-06 13:41:55 +02:00
d4t4king
ef6de1eddc
Added shellshocker checks.
2014-10-06 11:49:20 +02:00
mboelen
ac2b2fc548
Added new test to determine if Snoopy is used [ACCT-9636]
2014-10-06 11:30:15 +02:00
mboelen
ebe29bc148
Log discovered pam_modules to report
2014-10-06 11:29:31 +02:00
mboelen
aeddf84aed
Added SSH without-password option for PermitRootLogin
2014-10-06 11:29:04 +02:00
mboelen
f3a7921a3d
Improved ShowSymlinkPath function and optimized FileIsReadable function
2014-10-03 19:16:13 +02:00
mboelen
616209560f
Use quiet mode when checking emerge-webrsync
2014-09-25 19:10:58 +02:00
mboelen
c5ce09af9f
Added ClamXav test
2014-09-25 19:08:47 +02:00
mboelen
ab71616900
Added Mac OS uptime test [BOOT-5202]
2014-09-25 19:00:36 +02:00
mboelen
348d024dd4
Set found status when a possible match for boot loader has been found
2014-09-25 17:57:59 +02:00
mboelen
9067551508
Improved GetHostID if only ip binary is available
2014-09-25 17:57:25 +02:00
mboelen
27973d5c18
Adjust text and GRUB2 check to work properly
2014-09-25 17:51:08 +02:00
mboelen
08f77d2531
Added GRUB2 detection on empty /boot
2014-09-25 17:47:23 +02:00
mboelen
f0292d3653
Missing binary in variable
2014-09-25 17:47:05 +02:00
mboelen
6f321b6a08
Added grub2-install
2014-09-25 17:42:57 +02:00
mboelen
e209b1046b
Changed addresses
2014-09-25 17:32:50 +02:00
mboelen
0dd484f22e
Extended logging
2014-09-25 17:00:31 +02:00
mboelen
b36be2f82c
Missing -eq statement
2014-09-25 16:55:47 +02:00
mboelen
a0f0e895eb
Minor code adjustments
2014-09-25 16:55:23 +02:00
mboelen
7f7d869ae5
Improvements to kernel detection (e.g. Gentoo) [KRNL-5830]
2014-09-25 16:55:02 +02:00
mboelen
10dc6d3930
Added privileged mode
2014-09-25 11:25:07 +02:00
mboelen
17a6aa3691
Improved detection of mod_evasive
2014-09-23 23:27:01 +02:00
mboelen
c257882a24
Improved log output for CheckItem function
2014-09-23 23:26:34 +02:00
mboelen
6dbeb9f6cb
Gentoo updates to gather packages and test for vulnerabilities
2014-09-23 22:54:38 +02:00
mboelen
e9557423cc
Gentoo updates to gather packages and test for vulnerabilities
2014-09-23 22:48:20 +02:00
mboelen
6fbcf20c96
Added new tests for pacman based systems
2014-09-22 23:40:53 +02:00
mboelen
47cfff0e16
Improvements to boot loader tests
2014-09-22 23:39:31 +02:00
mboelen
2006838144
Added drill binary to list to determine latest version
2014-09-22 04:07:46 +02:00
mboelen
595f84ae45
Altered /boot/config.gz into /proc/config.gz as target
2014-09-22 03:46:13 +02:00
mboelen
ad4a4cc1a5
Proper sort kernel versions on disk for test KERN-5830
2014-09-22 00:57:34 +02:00
mboelen
f3f829c7bc
Adjusted logging
2014-09-21 13:05:14 +02:00
mboelen
98a68c52ef
Added /usr/libexec/apache as search location for Mac OS
2014-09-21 13:03:40 +02:00
mboelen
911a5e88f6
Mac OS improvement for test NETW-3012
2014-09-21 13:01:29 +02:00
mboelen
116b1eab97
Added support for Mac OS to gather information
2014-09-21 12:58:08 +02:00
mboelen
b0e739a15d
Support /boot/vmlinuz-linux for Arch systems to determine kernel version
2014-09-19 17:55:00 +02:00
mboelen
74fc711965
Removed unneeded exception line
2014-09-19 16:46:35 +02:00
mboelen
40f210ae74
Added detection for machine ID
2014-09-19 16:44:22 +02:00
mboelen
d99dbc7406
Added detection for machine ID
2014-09-19 16:43:20 +02:00
mboelen
f5dcb5e7f1
Added usage of ip to NETW-3006 and NETW-3008
2014-09-19 16:28:53 +02:00
mboelen
1b881ec957
Added ss binary
2014-09-19 16:20:24 +02:00
mboelen
475b6c3799
Added usage of ss to gather listening ports in NETW-3012
2014-09-19 16:18:09 +02:00
mboelen
94efdd0af1
Check if ifconfig exists before using it in tests (e.g. Arch Linux)
2014-09-19 11:45:19 +02:00
mboelen
d3d630258f
Added extra permission to CUPS test
2014-09-19 11:44:43 +02:00
mboelen
e12b95ba88
Added support for /boot/config.gz file
2014-09-19 02:23:07 +02:00
mboelen
1267f89e5b
Added zgrep detection
2014-09-19 02:14:16 +02:00
mboelen
2530256d85
Small textual replacements for logging purposes
2014-09-19 02:02:22 +02:00
mboelen
fb52ee9239
Added more extensions for virtual machine detection
2014-09-19 01:55:55 +02:00
mboelen
fb53e586fe
Added /proc/modules as dependency to KRNL-5723 and KRNL-5726
2014-09-19 01:46:40 +02:00
mboelen
bba133afbb
Generic code enhancements
2014-09-19 01:19:07 +02:00
mboelen
6b7362cefd
Generic code enhancements
2014-09-19 01:17:05 +02:00
mboelen
805cdf6bf5
Generic code enhancements
2014-09-19 01:10:43 +02:00
mboelen
cac6a8e438
Generic code enhancements
2014-09-19 01:07:34 +02:00
mboelen
94387348f0
Generic code enhancements
2014-09-19 00:56:51 +02:00
mboelen
a145b0091a
Code cleanup
2014-09-19 00:35:24 +02:00
mboelen
8a637d588b
Better logging of kernel IO scheduler
2014-09-19 00:12:04 +02:00
mboelen
1ed24265e3
Adjusted normal user ID detection and added exception for currently unsupported operating systems
2014-09-18 23:56:16 +02:00
mboelen
28fc31fdaf
Remove carriage return of SSH version output
2014-09-18 23:42:35 +02:00
mboelen
d4b445c316
Check Linux kernel version and properly display short version
2014-09-18 22:22:11 +02:00
mboelen
c4aad72201
Improved reboot check to support Linux in general [KRNL-5830]
2014-09-18 22:20:15 +02:00
mboelen
f69fc779c2
Added SaltStack tooling
2014-09-18 11:06:29 +02:00
mboelen
1915bd884e
Added SaltStack tooling
2014-09-18 11:04:22 +02:00
mboelen
5b0944057b
Added FileIsEmpty function and small adjustments to other functions
2014-09-17 09:59:18 +02:00
mboelen
c9fde8c2d1
Code cleanup and small enhancements
2014-09-15 12:01:09 +02:00
mboelen
35d32fb5e4
Add pre-test before running test [PKGS-7388]
2014-09-15 11:17:26 +02:00
mboelen
bce234fa00
Removed warnings, updated changelog
2014-09-15 10:52:06 +02:00
mboelen
3cc696edfc
Adjusted suggestion call for [FILE-6354]
2014-09-15 10:42:11 +02:00
mboelen
59ad28795e
Extended telnet in inetd test [INSE-8016]
2014-09-15 10:38:13 +02:00
mboelen
f5f0f02777
Prevent false positive between inetd and xinetd
2014-09-15 10:32:36 +02:00
mboelen
8a9abeb81f
Updated log
2014-09-12 17:24:29 +02:00
mboelen
83f4fb9ff4
Set default binary for ps variable
2014-09-12 17:04:27 +02:00
mboelen
97e0dc9e30
Added ShowSymlinkPath function
2014-09-12 15:33:28 +02:00
mboelen
4287a6f1e9
Added proper description for zvm
2014-09-12 15:19:43 +02:00
mboelen
8dc9b2080d
Removed individual warnings for BOOT-5184
2014-09-12 14:58:43 +02:00
mboelen
ef3f7f1ebf
Added new function IsVirtualMachine()
2014-09-12 14:56:19 +02:00
mboelen
07e77ed4e1
Added timedatectl detection
2014-09-12 13:52:01 +02:00
mboelen
b9a9aea340
Adjusted file permissions, permissions check and storage of PID file
2014-09-11 16:11:43 +02:00
mboelen
dd2ea3efaf
Made adjustments to run in non-privileged scans
2014-09-09 14:49:37 +02:00
mboelen
3beae44e92
Do not scan symlinked binary directories
2014-09-09 14:49:14 +02:00
mboelen
56cc2df2c2
Adjustments to allow non-privileged scan and reduce errors on screen
2014-09-08 23:51:27 +02:00
mboelen
691019f9ae
Added FileIsReadable function
2014-09-08 21:30:54 +02:00
mboelen
c3494b32d1
Properly check if CheckUpdates output is usable for display
2014-09-08 19:59:01 +02:00
mboelen
2ce4cf5c57
Redirect stderr for host command
2014-09-08 19:39:11 +02:00
mboelen
3f7d0260e5
Do not set logfile and reportfile for pentesting mode in this file. Perform check later in lynis file
2014-09-08 15:52:21 +02:00
mboelen
f5ec6027b9
Add root-only to some tests
2014-09-08 15:41:57 +02:00
mboelen
310febde05
Log what tests are skipped to be root-only
2014-09-08 15:19:58 +02:00
mboelen
0da19d1297
Changes to allow non-privileged scans
2014-09-08 15:19:37 +02:00
mboelen
2644399057
Display skipped root-only tests
2014-09-08 15:19:13 +02:00
mboelen
ac54b4fe83
Capture all skip tests which require root permissions
2014-09-08 15:13:14 +02:00
mboelen
5c4c0f0ac0
Added root-only tests variable
2014-09-08 15:12:44 +02:00
mboelen
5fbc1ab471
Extended Register function to allow the definition of root-only tests
2014-09-08 15:03:22 +02:00
mboelen
cf9a44cd41
Changed file permissions check to allow non-privileged mode
2014-09-08 14:55:37 +02:00
mboelen
d983b6ba48
Fixed statement to check swap
2014-09-08 14:53:44 +02:00
mboelen
fe08018029
Added --pentest parameter to run without root privileges
2014-09-08 13:58:46 +02:00
mboelen
3731da54df
Added pentesting mode variable
2014-09-08 13:58:24 +02:00
mboelen
7af9a9e88c
Fixed typo when searching for swap partition
2014-09-04 20:38:57 +02:00
mboelen
b121be4317
Improved vulnerable packages test when using apt-check
2014-09-04 20:38:21 +02:00
mboelen
e0be20e699
Let SafePerms function also check for UID
2014-09-04 15:32:59 +02:00
mboelen
5d730bf9b0
Allow swap partitions to have swap in 4th column
2014-09-02 14:00:36 +02:00
mboelen
0575468980
Log proper daemon qmail/sendmail
2014-08-28 14:03:31 +02:00
mboelen
09d1ca7fd6
No direct calls to netstat binary, but first determine if the binary was found (e.g. for Arch Linux)
2014-08-28 13:59:30 +02:00
mboelen
5d1ef9f3cd
Test if there are files in /etc/modprobe.d before grepping in it
2014-08-28 13:58:41 +02:00
mboelen
0228bd5317
Changed some report calls to ReportException
2014-08-28 13:50:08 +02:00
mboelen
64c48d5559
Extended GetHostID function, ip binary preferred for detection
2014-08-27 12:53:09 +02:00
mboelen
c0ae2e217b
Initial import
2014-08-26 17:33:55 +02:00