tyler.durden
/
lynis
mirror of https://github.com/CISOfy/lynis.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
3,283 Commits 2 Branches 62 Tags 17 MiB
Commit Graph

2157 Commits

Author SHA1 Message Date
d4t4king 111097506f Tweaked nginx protocol check so it actually works. Added insecure protocol detection. 2014-10-08 22:04:29 +00:00
mboelen 3d0fb8d529 Improved boot loader detection for Grub2 [BOOT-5121] 2014-10-06 21:27:23 +02:00
mboelen 81d910c050 When searching for bash shell, skip comment lines and only take first hit (e.g. Fedora has multiple hits) [SHLL-6290] 2014-10-06 20:57:56 +02:00
mboelen 74f7cfec84 Added Shellshock test improvements 2014-10-06 13:41:55 +02:00
d4t4king ef6de1eddc Added shellshocker checks. 2014-10-06 11:49:20 +02:00
mboelen ac2b2fc548 Added new test to determine if Snoopy is used [ACCT-9636] 2014-10-06 11:30:15 +02:00
mboelen ebe29bc148 Log discovered pam_modules to report 2014-10-06 11:29:31 +02:00
mboelen aeddf84aed Added SSH without-password option for PermitRootLogin 2014-10-06 11:29:04 +02:00
mboelen f3a7921a3d Improved ShowSymlinkPath function and optimized FileIsReadable function 2014-10-03 19:16:13 +02:00
mboelen 616209560f Use quiet mode when checking emerge-webrsync 2014-09-25 19:10:58 +02:00
mboelen c5ce09af9f Added ClamXav test 2014-09-25 19:08:47 +02:00
mboelen ab71616900 Added Mac OS uptime test [BOOT-5202] 2014-09-25 19:00:36 +02:00
mboelen 348d024dd4 Set found status when a possible match for boot loader has been found 2014-09-25 17:57:59 +02:00
mboelen 9067551508 Improved GetHostID if only ip binary is available 2014-09-25 17:57:25 +02:00
mboelen 27973d5c18 Adjust text and GRUB2 check to work properly 2014-09-25 17:51:08 +02:00
mboelen 08f77d2531 Added GRUB2 detection on empty /boot 2014-09-25 17:47:23 +02:00
mboelen f0292d3653 Missing binary in variable 2014-09-25 17:47:05 +02:00
mboelen 6f321b6a08 Added grub2-install 2014-09-25 17:42:57 +02:00
mboelen e209b1046b Changed addresses 2014-09-25 17:32:50 +02:00
mboelen 0dd484f22e Extended logging 2014-09-25 17:00:31 +02:00
mboelen b36be2f82c Missing -eq statement 2014-09-25 16:55:47 +02:00
mboelen a0f0e895eb Minor code adjustments 2014-09-25 16:55:23 +02:00
mboelen 7f7d869ae5 Improvements to kernel detection (e.g. Gentoo) [KRNL-5830] 2014-09-25 16:55:02 +02:00
mboelen 10dc6d3930 Added privileged mode 2014-09-25 11:25:07 +02:00
mboelen 17a6aa3691 Improved detection of mod_evasive 2014-09-23 23:27:01 +02:00
mboelen c257882a24 Improved log output for CheckItem function 2014-09-23 23:26:34 +02:00
mboelen 6dbeb9f6cb Gentoo updates to gather packages and test for vulnerabilities 2014-09-23 22:54:38 +02:00
mboelen e9557423cc Gentoo updates to gather packages and test for vulnerabilities 2014-09-23 22:48:20 +02:00
mboelen 6fbcf20c96 Added new tests for pacman based systems 2014-09-22 23:40:53 +02:00
mboelen 47cfff0e16 Improvements to boot loader tests 2014-09-22 23:39:31 +02:00
mboelen 2006838144 Added drill binary to list to determine latest version 2014-09-22 04:07:46 +02:00
mboelen 595f84ae45 Altered /boot/config.gz into /proc/config.gz as target 2014-09-22 03:46:13 +02:00
mboelen ad4a4cc1a5 Proper sort kernel versions on disk for test KERN-5830 2014-09-22 00:57:34 +02:00
mboelen f3f829c7bc Adjusted logging 2014-09-21 13:05:14 +02:00
mboelen 98a68c52ef Added /usr/libexec/apache as search location for Mac OS 2014-09-21 13:03:40 +02:00
mboelen 911a5e88f6 Mac OS improvement for test NETW-3012 2014-09-21 13:01:29 +02:00
mboelen 116b1eab97 Added support for Mac OS to gather information 2014-09-21 12:58:08 +02:00
mboelen b0e739a15d Support /boot/vmlinuz-linux for Arch systems to determine kernel version 2014-09-19 17:55:00 +02:00
mboelen 74fc711965 Removed unneeded exception line 2014-09-19 16:46:35 +02:00
mboelen 40f210ae74 Added detection for machine ID 2014-09-19 16:44:22 +02:00
mboelen d99dbc7406 Added detection for machine ID 2014-09-19 16:43:20 +02:00
mboelen f5dcb5e7f1 Added usage of ip to NETW-3006 and NETW-3008 2014-09-19 16:28:53 +02:00
mboelen 1b881ec957 Added ss binary 2014-09-19 16:20:24 +02:00
mboelen 475b6c3799 Added usage of ss to gather listening ports in NETW-3012 2014-09-19 16:18:09 +02:00
mboelen 94efdd0af1 Check if ifconfig exists before using it in tests (e.g. Arch Linux) 2014-09-19 11:45:19 +02:00
mboelen d3d630258f Added extra permission to CUPS test 2014-09-19 11:44:43 +02:00
mboelen e12b95ba88 Added support for /boot/config.gz file 2014-09-19 02:23:07 +02:00
mboelen 1267f89e5b Added zgrep detection 2014-09-19 02:14:16 +02:00
mboelen 2530256d85 Small textual replacements for logging purposes 2014-09-19 02:02:22 +02:00
mboelen fb52ee9239 Added more extensions for virtual machine detection 2014-09-19 01:55:55 +02:00
mboelen fb53e586fe Added /proc/modules as dependency to KRNL-5723 and KRNL-5726 2014-09-19 01:46:40 +02:00
mboelen bba133afbb Generic code enhancements 2014-09-19 01:19:07 +02:00
mboelen 6b7362cefd Generic code enhancements 2014-09-19 01:17:05 +02:00
mboelen 805cdf6bf5 Generic code enhancements 2014-09-19 01:10:43 +02:00
mboelen cac6a8e438 Generic code enhancements 2014-09-19 01:07:34 +02:00
mboelen 94387348f0 Generic code enhancements 2014-09-19 00:56:51 +02:00
mboelen a145b0091a Code cleanup 2014-09-19 00:35:24 +02:00
mboelen 8a637d588b Better logging of kernel IO scheduler 2014-09-19 00:12:04 +02:00
mboelen 1ed24265e3 Adjusted normal user ID detection and added exception for currently unsupported operating systems 2014-09-18 23:56:16 +02:00
mboelen 28fc31fdaf Remove carriage return of SSH version output 2014-09-18 23:42:35 +02:00
mboelen d4b445c316 Check Linux kernel version and properly display short version 2014-09-18 22:22:11 +02:00
mboelen c4aad72201 Improved reboot check to support Linux in general [KRNL-5830] 2014-09-18 22:20:15 +02:00
mboelen f69fc779c2 Added SaltStack tooling 2014-09-18 11:06:29 +02:00
mboelen 1915bd884e Added SaltStack tooling 2014-09-18 11:04:22 +02:00
mboelen 5b0944057b Added FileIsEmpty function and small adjustments to other functions 2014-09-17 09:59:18 +02:00
mboelen c9fde8c2d1 Code cleanup and small enhancements 2014-09-15 12:01:09 +02:00
mboelen 35d32fb5e4 Add pre-test before running test [PKGS-7388] 2014-09-15 11:17:26 +02:00
mboelen bce234fa00 Removed warnings, updated changelog 2014-09-15 10:52:06 +02:00
mboelen 3cc696edfc Adjusted suggestion call for [FILE-6354] 2014-09-15 10:42:11 +02:00
mboelen 59ad28795e Extended telnet in inetd test [INSE-8016] 2014-09-15 10:38:13 +02:00
mboelen f5f0f02777 Prevent false positive between inetd and xinetd 2014-09-15 10:32:36 +02:00
mboelen 8a9abeb81f Updated log 2014-09-12 17:24:29 +02:00
mboelen 83f4fb9ff4 Set default binary for ps variable 2014-09-12 17:04:27 +02:00
mboelen 97e0dc9e30 Added ShowSymlinkPath function 2014-09-12 15:33:28 +02:00
mboelen 4287a6f1e9 Added proper description for zvm 2014-09-12 15:19:43 +02:00
mboelen 8dc9b2080d Removed individual warnings for BOOT-5184 2014-09-12 14:58:43 +02:00
mboelen ef3f7f1ebf Added new function IsVirtualMachine() 2014-09-12 14:56:19 +02:00
mboelen 07e77ed4e1 Added timedatectl detection 2014-09-12 13:52:01 +02:00
mboelen b9a9aea340 Adjusted file permissions, permissions check and storage of PID file 2014-09-11 16:11:43 +02:00
mboelen dd2ea3efaf Made adjustments to run in non-privileged scans 2014-09-09 14:49:37 +02:00
mboelen 3beae44e92 Do not scan symlinked binary directories 2014-09-09 14:49:14 +02:00
mboelen 56cc2df2c2 Adjustments to allow non-privileged scan and reduce errors on screen 2014-09-08 23:51:27 +02:00
mboelen 691019f9ae Added FileIsReadable function 2014-09-08 21:30:54 +02:00
mboelen c3494b32d1 Properly check if CheckUpdates output is usable for display 2014-09-08 19:59:01 +02:00
mboelen 2ce4cf5c57 Redirect stderr for host command 2014-09-08 19:39:11 +02:00
mboelen 3f7d0260e5 Do not set logfile and reportfile for pentesting mode in this file. Perform check later in lynis file 2014-09-08 15:52:21 +02:00
mboelen f5ec6027b9 Add root-only to some tests 2014-09-08 15:41:57 +02:00
mboelen 310febde05 Log what tests are skipped to be root-only 2014-09-08 15:19:58 +02:00
mboelen 0da19d1297 Changes to allow non-privileged scans 2014-09-08 15:19:37 +02:00
mboelen 2644399057 Display skipped root-only tests 2014-09-08 15:19:13 +02:00
mboelen ac54b4fe83 Capture all skip tests which require root permissions 2014-09-08 15:13:14 +02:00
mboelen 5c4c0f0ac0 Added root-only tests variable 2014-09-08 15:12:44 +02:00
mboelen 5fbc1ab471 Extended Register function to allow the definition of root-only tests 2014-09-08 15:03:22 +02:00
mboelen cf9a44cd41 Changed file permissions check to allow non-privileged mode 2014-09-08 14:55:37 +02:00
mboelen d983b6ba48 Fixed statement to check swap 2014-09-08 14:53:44 +02:00
mboelen fe08018029 Added --pentest parameter to run without root privileges 2014-09-08 13:58:46 +02:00
mboelen 3731da54df Added pentesting mode variable 2014-09-08 13:58:24 +02:00
mboelen 7af9a9e88c Fixed typo when searching for swap partition 2014-09-04 20:38:57 +02:00
mboelen b121be4317 Improved vulnerable packages test when using apt-check 2014-09-04 20:38:21 +02:00
mboelen e0be20e699 Let SafePerms function also check for UID 2014-09-04 15:32:59 +02:00
mboelen 5d730bf9b0 Allow swap partitions to have swap in 4th column 2014-09-02 14:00:36 +02:00
mboelen 0575468980 Log proper daemon qmail/sendmail 2014-08-28 14:03:31 +02:00
mboelen 09d1ca7fd6 No direct calls to netstat binary, but first determine if the binary was found (e.g. for Arch Linux) 2014-08-28 13:59:30 +02:00
mboelen 5d1ef9f3cd Test if there are files in /etc/modprobe.d before grepping in it 2014-08-28 13:58:41 +02:00
mboelen 0228bd5317 Changed some report calls to ReportException 2014-08-28 13:50:08 +02:00
mboelen 64c48d5559 Extended GetHostID function, ip binary preferred for detection 2014-08-27 12:53:09 +02:00
mboelen c0ae2e217b Initial import 2014-08-26 17:33:55 +02:00