tyler.durden
/
lynis
mirror of https://github.com/CISOfy/lynis.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
3,283 Commits 2 Branches 62 Tags 17 MiB
Commit Graph

2157 Commits

Author SHA1 Message Date
Michael Boelen cb59e92441
[MALW-3280] Added support for falcon-sensor by CrowdStrike 2019-12-18 12:22:51 +01:00
Michael Boelen 09f29a5e64
Code style improvement: quote argument 2019-12-18 12:17:46 +01:00
Michael Boelen 94ba30e765
[INSE-8050] corrected function call for showing suggestion 2019-12-18 12:04:32 +01:00
Michael Boelen c4b24c48a9
[INSE-8314] changed text of suggestion 2019-12-18 12:01:32 +01:00
Michael Boelen 2dfb901bcb
[PKGS-7410] Use multiple package managers when they are available on system. Also added support for Zypper for this test 2019-12-17 08:23:12 +01:00
Michael Boelen 11f8ce2361
[KRNL-5830] Use symlink, only test for 'version' keyword if needed, adjusted exception message 2019-12-17 08:03:51 +01:00
Michael Boelen 4e255617d3
[KRNL-5830] Fetch target for symlinked kernel 2019-12-16 09:47:40 +01:00
Michael Boelen d680fe549f
Switched from warnings to suggestions, corrected path selection for DIR variable 2019-12-13 12:59:43 +01:00
Michael Boelen f35a08ad28
Quoting should not be used when globbing 2019-12-13 12:40:29 +01:00
Michael Boelen 1b4b02d813
Decrease length of line breaks between tests 2019-12-13 12:36:19 +01:00
Michael Boelen bf4374bb19
[KRNL-5830] skip test partially if non-privileged 2019-12-13 12:35:38 +01:00
Michael Boelen fd84be485b
Improved permission check for BSD systems 2019-12-13 12:34:56 +01:00
Michael Boelen f00447fd1b
Style change, add curly brackets 2019-12-06 15:55:59 +01:00
Michael Boelen c7c44535e7
Merge pull request #800 from Schmuuu/core/fix-relative-path-detection 
don't fail relative paths check with spaces in PATH
 2019-12-06 15:39:55 +01:00
Michael Boelen 24c5a9fcea
Merge branch 'master' into master 2019-12-06 15:35:46 +01:00
Michael Boelen 6421c2e419
[BANN-7126] additional words for login banner are accepted 2019-12-06 09:49:06 +01:00
Michael Boelen 15ae5ea0c1
Added alias --use-cwd as that is more in line with other options (instead of --usecwd) 2019-12-04 08:01:56 +01:00
Michael Boelen c67696455f
Merge pull request #797 from Schmuuu/KRNL-5840/find-more-kernels 
KRNL-5840: add detection for proxmox and raspi kernel
 2019-12-03 14:32:52 +01:00
Michael Boelen 3e9902b35e
Merge pull request #798 from Schmuuu/OS-detection/detect-raspbian 
OS-Detection: add raspian detection
 2019-11-28 15:42:45 +01:00
Michael Boelen dd2cb31c7f
Merge pull request #799 from Schmuuu/ntp/set-NTP_CONFIG_FOUND 
do set variable NTP_CONFIG_FOUND if ntp config is found
 2019-11-28 15:05:01 +01:00
Michael Boelen ea03723093
Merge pull request #803 from dvehrs/PermTests 
Updated tests for file permissions to case statements
 2019-11-25 15:32:06 +01:00
Michael Boelen cad55d8bec
Merge pull request #802 from dvehrs/HCFP 
Updated permissions checks
 2019-11-25 15:28:00 +01:00
Michael Boelen 65f88e148b
Merge pull request #804 from Schmuuu/krnl/fix-wrong-limits-subfolder 
fix left over test folder with correct folder from variable
 2019-11-25 15:23:47 +01:00
Michael Boelen 35ca01eaac
Merge pull request #805 from Schmuuu/tests_php/add_some_php72_and_php73_support 
added additional php folders to check, plus added PHP72 and PHP73
 2019-11-25 15:23:11 +01:00
Michael Boelen f81ff3d7d6
Removed empty lines 2019-11-18 10:20:31 +01:00
Michael Boelen ffc9309338
Merge branch 'master' of https://github.com/CISOfy/lynis 2019-11-18 10:19:58 +01:00
Michael Boelen a07fcb3348
Add USR1 trap to show status such as active test 2019-11-18 10:19:43 +01:00
Michael Boelen 421b42c5b0
Merge pull request #809 from Marzal/master 
First fix in order make lynis work OK in AIX
 2019-11-13 11:21:43 +01:00
Michael Boelen 6d594b899f
Merge pull request #810 from neilmayhew/fix/773-home-9306 
Fix for false positive for some users on HOME-9306
 2019-11-13 11:18:04 +01:00
fbomj 2b8f761efa MALW-3280: Kaspersky detection 2019-11-06 21:49:54 +01:00
János Márkus d9013b13ac Fixes CISOfy/lynis#773 2019-11-03 11:48:03 +01:00
Neil Mayhew 9de8227674 Fix for false positive for some users on HOME-9306 
Closes #773

Patch from @church1e
 2019-11-01 18:12:33 -06:00
Marzal 8353483d1d grep doesn't work with '\|' in AIX. grep -E is more POSIX compliant. 2019-10-29 18:47:07 +01:00
Kristian Schuster d97221b851
added additional php folders to check, plus added PHP72 and PHP73 2019-10-24 00:14:42 +02:00
Kristian Schuster 32ee016810
fix: forgot to replace test folder with correct folder from variable 2019-10-23 23:06:03 +02:00
Dave Vehrs e6bf111f41 Updated tests for file permissions to case statements 2019-10-23 14:47:03 -06:00
Dave Vehrs 6dad2f476e Updated permissions checks 2019-10-23 12:31:20 -06:00
Kristian Schuster 4898e48e16
don't fail relative paths check with spaces in PATH 2019-10-22 21:43:37 +02:00
Kristian Schuster 62feaf3fff
do set variable NTP_CONFIG_FOUND if ntp config is found 2019-10-22 20:07:56 +02:00
Kristian Schuster 66a754fa18
OS-Detection: add raspian detection 2019-10-20 20:21:54 +02:00
Kristian Schuster ace2e27237
KRNL-5840: add detection for proxmox and raspi kernel 2019-10-20 19:55:34 +02:00
Kristian Schuster 62419033f5
fix for #781 - run lsblk without --paths 2019-10-19 00:34:25 +02:00
Michael Boelen c16133b255
Merge pull request #772 from Marzal/Marzal-test_storage 
Clean shellcheck warnings in STRG-1846
 2019-10-16 14:49:46 +02:00
Kristian Schuster 4eeb2899cc
add missing variables and replace '\s' to be posix conform 2019-10-15 21:52:53 +02:00
Michael Boelen 7932daca8f
Merge pull request #784 from Schmuuu/krnl/disabled-coredumps-detection 
KRNL-5820: add checks for disabled coredumps in systemd & etc/profile
 2019-10-15 16:06:44 +02:00
Michael Boelen 7ce61bb5dd
Merge pull request #778 from pyllyukko/SINT-7010-MacOS 
Test SINT-7010 in macOS only
 2019-10-15 15:43:26 +02:00
Michael Boelen 6c3fc531ec
Merge pull request #779 from pyllyukko/gradm-stderr 
Redirect gradm stderr to /dev/null
 2019-10-15 15:42:08 +02:00
Michael Boelen fda0d3cf4a
Merge pull request #770 from Schmuuu/master 
nginx-test: add log file detection for relative paths
 2019-10-15 15:40:30 +02:00
Michael Boelen 1f4092d8e0
Merge pull request #777 from pyllyukko/osdetection-slackware 
Slackware Linux OS detection
 2019-10-15 15:36:31 +02:00
Katarina Durechova 4bb78d721e Databases - variables initialization 2019-10-14 21:50:22 +02:00
Kristian Schuster 3bc70b425e
fix old limits check not working in a few cases 2019-10-13 23:08:19 +02:00
Kristian Schuster 7b52ff52c7
add check for disabled coredumps in etc/profile and systemd 2019-10-13 22:06:50 +02:00
pyllyukko b771437cd0
Redirect gradm stderr to /dev/null 
If the tool exists but the kernel doesn't have grsec, you'll get the
following error into stderr:

Could not open /dev/grsec.
open: No such file or directory
 2019-10-08 20:52:55 +03:00
pyllyukko c88953a815
Test SINT-7010 in macOS only 2019-10-08 20:31:35 +03:00
pyllyukko 52cef0ed87
Slackware Linux OS detection 2019-10-08 20:19:30 +03:00
Michael Boelen 52e1231433
Additional check to ensure pacman package manager is used instead of pacman game 2019-10-08 16:43:09 +02:00
Michael Boelen 87f5596952
Added new test DBS-1828 2019-10-08 15:15:18 +02:00
Michael Boelen f188bac7e8
Update description for FILE-6374 2019-10-08 15:10:02 +02:00
Marzal f77e56ed4b Prefer [ p ] && [ q ] as [ p -a q ] is not well defined. SC2166 2019-09-29 21:17:52 +02:00
Marzal a052a107d3 SC2086 2019-09-29 21:15:29 +02:00
Marzal 7d430d5abc rephrasing comment to avioid false positive in lynis-sdk 2019-09-29 21:13:47 +02:00
Kristian Schuster 51d3c56842
crypto-test: suppress errors when devs are not accessible for cryptsetup 2019-09-29 17:44:15 +02:00
Kristian Schuster 001cd85183
kernel-test: additional improvements for required reboot detection 2019-09-29 17:42:07 +02:00
Kristian Schuster 364b770c64
kernel-test: determine reboot requirement for more distros. Plus a few fixes 2019-09-28 00:39:12 +02:00
Kristian Schuster b38031803d
kernel-test: avoid grep errors if etc/security/limits.d does not exist 2019-09-27 00:07:45 +02:00
Kristian Schuster 07084501b6
kernel-test: add linux-lts detection for arch 2019-09-26 23:26:08 +02:00
Kristian Schuster d17d30d6a7
nginx-test: add log file detection for relative paths 2019-09-26 21:24:15 +02:00
Michael Boelen e64e49a551
Merge pull request #763 from Marzal/Marzal-F_isRunning 
Second version of #740 without shellcheck directives
 2019-09-22 15:07:53 +02:00
Michael Boelen a1b6d463b2
Fixed a typo 2019-09-21 16:31:06 +02:00
Michael Boelen 2c32e8e04d
Merge pull request #765 from Marzal/Marzal-AUTH-9282 
Fix auth-9282
 2019-09-21 15:49:58 +02:00
Michael Boelen ca1d7ace1d
Merge branch 'master' of https://github.com/CISOfy/lynis 2019-09-21 10:10:09 +02:00
Mike Robinson 8088d0ab77
Update tests_ldap 
Check was backwards
 2019-09-19 18:14:06 -06:00
Marzal 0e1e80bacf Double quote to prevent globbing and word splitting.SC2086 2019-09-19 23:36:36 +02:00
Marzal 42ac40aad6 Change variable name from FIND to FIND_P so is not reset by Register 2019-09-19 23:33:19 +02:00
Marzal ddd87371b5 Double quote to prevent globbing and word splitting.SC2086 Info 2019-09-19 20:01:31 +02:00
Marzal 09a60783a6 Prefer [ p ] && [ q ] as [ p -a q ] is not well defined.SC2166 2019-09-19 20:00:12 +02:00
Michael Boelen e48df09c4c
Fixed typo found by SDK 2019-09-19 19:10:13 +02:00
Michael Boelen 187016a051
Changed spacing 2019-09-19 15:23:37 +02:00
Michael Boelen c0f9c0ab84
Style and log improvements 2019-09-19 14:34:06 +02:00
Michael Boelen f389cc5d99
Merge pull request #761 from Schmuuu/master 
enhance nginx include config detection …
 2019-09-19 14:21:32 +02:00
Michael Boelen 36627a4eb7
Style improvements 2019-09-19 14:05:15 +02:00
Kristian Schuster ccb8b2b615
enhance nginx config detection to correctly include confs via relative path and wildcards 2019-09-18 20:47:09 +02:00
Michael Boelen 6cf0b28f2c
Bugfix: line had double print with incorrect quote 2019-09-17 20:13:14 +02:00
Michael Boelen 98017c78ca
Implemented several code style improvements 2019-09-17 14:04:30 +02:00
Michael Boelen 95e9e80834
Moved function 2019-09-14 13:23:28 +02:00
Michael Boelen 13a4dff7fe
Improved logging of HasCorrectFilePermissions function and use correct value when data has a value of zero 2019-09-14 13:22:50 +02:00
Michael Boelen 5c38a0bdb4
Tests using lsof may ignore threads (if supported) 2019-09-13 11:47:39 +02:00
Michael Boelen ca0239b4d9
[FILE-6374] corrected defaults flag, added root directory, and changed logging 2019-09-12 16:34:45 +02:00
Michael Boelen 79e5b52419
[SSH-7408] added forced-commands-only 2019-09-12 11:17:18 +02:00
Michael Boelen fa9fdd4322
[MAIL-8804] replaced static strings with translation-aware strings 2019-09-12 11:13:39 +02:00
lowkey 0fc887e830 Removed WARNINGs from unset certificate and private key 2019-09-11 10:47:28 -06:00
Michael Boelen fbcfab1adc
[LOGG-2154] support new-style rsyslog configuration for remote targets 2019-09-10 14:52:20 +02:00
Michael Boelen 9041517e2a
Added Debian and standardized others 2019-09-03 10:06:26 +02:00
Michael Boelen 0d58ee77a0
[CRYP-7930] replaced incorrect PATH column with alternative 2019-09-02 19:20:16 +02:00
Michael Boelen a87c2b10f9
Added CRYP-8002 2019-08-29 10:39:43 +02:00
Michael Boelen 4932ab8351
Disabled suggestion for now, as some people will just install a suggested tool to comply instead of determining if it really makes sense. So this suggestion requires more explanation before people turning it on. Also, promisc mode may be impacted, so users see a new issue show up while they just resolved another. 2019-08-28 15:43:10 +02:00
Michael Boelen 61404c1bf3
[TOOL-5160] added support for OSSEC agent daemon 2019-08-28 15:36:59 +02:00
Michael Boelen 7469b4aa72
[CONT-8106] support for newer 'docker info' output that includes additional space 2019-08-26 20:27:00 +02:00
Michael Boelen f89aa98408
Added FINT-4316 2019-08-26 08:02:11 +02:00
Michael Boelen 22a7f4fd6d
Combine multiple unsets into a single command 2019-08-26 08:01:43 +02:00
Michael Boelen d703d160ff
Added RHEL, renamed CentOS Linux name, reordered items 2019-08-22 14:20:30 +02:00
Michael Boelen d2deb63ebb
Added NETW-3200 2019-08-22 14:12:53 +02:00
Michael Boelen a72650252f
When audit target is missing, stop execution 2019-08-22 14:11:22 +02:00
Michael Boelen 2c4e7711db
Added CentOS and trigger an exception when a system has /etc/os-release but is not defined yet 2019-08-21 14:51:20 +02:00
Michael Boelen 4e39bafd78
New function to display exceptions 2019-08-21 14:50:32 +02:00
Michael Boelen 605e515c31
Updated forensics variable 2019-08-21 14:00:20 +02:00
Michael Boelen 65f1a5e811
Added initial support for DevOps mode to improve continuous integration 2019-08-21 13:59:28 +02:00
Michael Boelen d395e1a2da
[CRYP-7930] extend test to use cryptsetup/lsblk or crypttab file 2019-08-21 13:50:01 +02:00
Michael Boelen 3db7a3b944
Move -c also to list of deprecated items 2019-08-21 13:48:36 +02:00
Michael Boelen ee18e76e97
Preparations for forensics scan mode 2019-08-21 13:41:23 +02:00
Michael Boelen a714568842
Merge pull request #731 from chr0mag/cryp-7930 
[CRYP-7930] Modify to use 'lsblk' and 'cryptsetup'
 2019-08-21 12:31:36 +02:00
Michael Boelen 7dfd580320
Only escape backslash, question mark is not needed 2019-08-20 16:22:00 +02:00
Michael Boelen 8a7f8038b5
Do not show a tool tip if quiet option is used 2019-08-20 16:01:10 +02:00
Michael Boelen 32a895c843
Do not use find command when busybox is used 2019-08-20 15:57:04 +02:00
Michael Boelen e685182b18
Put in fail-safe options for systems using AIX or busybox 2019-08-20 14:49:34 +02:00
Michael Boelen a310c43176
Set hyphen as last character to allow it being matched 2019-08-20 14:24:06 +02:00
Michael Boelen e7d6aaa44d
Stop execution if unexpected characters were found. Also move hyphen to end to list, otherwise it may not work as a matchin character 2019-08-20 14:17:05 +02:00
Michael Boelen 3407a1dbe6
[FILE-7524] optimized test with new function and changed warning to suggestion 2019-08-17 16:49:11 +02:00
Michael Boelen 0a3f42afbc
New function HasCorrectFilePermissions 2019-08-17 16:48:46 +02:00
Yoni Weill 6164b41836 [HOME-9306] s/git-shell/git 2019-08-15 13:27:59 +03:00
Yoni Weill 8c3417dcc2 [HOME-9304] s/git-shell/git 2019-08-15 13:27:19 +03:00
Michael Boelen a4f13a8ab2
Only do Amazon Linux version detection if /etc/os-release does not exist 2019-08-13 22:09:06 +02:00
Michael Boelen e5b8047133
Added data and detection of Amazon Linux 2019-08-13 22:00:30 +02:00
Michael Boelen 914f343635
Corrected variable 2019-08-13 21:00:43 +02:00
Michael Boelen 2af2d0a895
[HOME-9306] Added git-shell to ignore list 2019-08-13 20:05:09 +02:00
Michael Boelen 368989d5c4
[HOME-9304] Added git-shell to ignore list 2019-08-13 20:04:14 +02:00
Michael Boelen 1930dbe6c2
Added support for pacman 2019-08-13 20:02:49 +02:00
Michael Boelen 3006b8dd26
[AUTH-9408] both backslash and brackets needs to be individually escaped 2019-08-08 15:05:23 +02:00
Michael Boelen fdc2977575
[AUTH-9408] corrected description 2019-08-08 13:28:17 +02:00
Michael Boelen b9fa5bce14
Added more text output for data uploads 2019-08-08 12:38:25 +02:00
Michael Boelen c86e24fced
Added missing $ 2019-08-08 12:10:30 +02:00
Michael Boelen f76cf70651
Missing } 2019-08-04 19:40:02 +02:00
Michael Boelen 48ba463376
Added support for swupd (Clear Linux OS) 2019-08-04 19:37:55 +02:00
Michael Boelen 04d2cb838b
Test for presence of /etc/hosts (e.g. Clear Linux OS), changed screen and log output 2019-08-04 19:20:16 +02:00
Michael Boelen d3355937a4
Don't quote in for loop to prevent glueing individual lines together 2019-08-04 19:19:12 +02:00
Michael Boelen f2b385fbf7
Initial support for Clear Linux OS 2019-08-04 19:18:16 +02:00
Michael Boelen da055ae0aa
More standardization of text and adding deprecated functions for transition period 2019-08-01 14:59:03 +02:00
David Marzal 28801e7ad7 Clean up of not used legacy functions and not used broken functions 2019-07-31 22:29:26 +02:00
Michael Boelen 3ea66d4298
[LOGG-2154] corrected output of files in /etc/rsyslog.d directory 2019-07-31 08:17:15 +02:00
Michael Boelen 4b77e27495
Reversed if/then to show correct status of minilogd 2019-07-31 08:03:21 +02:00
David Marzal 000838b154 Document --usecwd in helper_show and man 2019-07-29 15:22:48 +02:00
Michael Boelen 429ad46649
[LOGG-2154] added support for rsyslog configurations 2019-07-26 20:07:14 +02:00
Michael Boelen fa064a824b
[FINT-4334] improved process detection for lfd 2019-07-26 16:14:26 +02:00
Michael Boelen 9605f0fa80
Combined sort and uniq to sort -u 2019-07-26 15:34:02 +02:00
Michael Boelen 7f1742fc54
Replaced direct calls to tools 2019-07-26 14:14:54 +02:00
Michael Boelen 1c79357526
Merge pull request #720 from dvehrs/exim4 
Added certificate tests for Exim
 2019-07-26 14:07:39 +02:00
Michael Boelen 3af72e41c7
Improved selection of home directories for normal users in HOME-9304 and HOME-9306 2019-07-26 11:59:03 +02:00
Michael Boelen 2ec0268692
Merge pull request #732 from Marzal/Marzal-FILE-7524 
Changes for new profile format
 2019-07-26 11:33:38 +02:00
Michael Boelen 17137408d2
Use IsRunning exit code instead of variable 2019-07-26 11:32:48 +02:00
Michael Boelen 8321b98689
[AUTH-9408] double escape to prevent error message (awk: warning: escape sequence '\[' treated as plain '[') 2019-07-26 11:11:03 +02:00
Michael Boelen b7fb98a47f
[AUTH-9266] skip .pam-old files in /etc/pam.d (used by Ubuntu) 2019-07-26 10:57:44 +02:00
Michael Boelen d621355b7e
Set variable instead of using return, otherwise other parameters won't be checked 2019-07-26 09:00:47 +02:00
Michael Boelen b384fa2887
New option: --usecwd to run from current working directory 2019-07-25 11:34:58 +02:00
David b8a0190e82
Fix grep in PROFILEVALUE 
Make it work with new profile format
 2019-07-18 18:58:11 +02:00
David 4d5a0c59c7
Fix find fields in new profile format 
New format uses permfile= so it needs a new cut to filter the name file
 2019-07-18 18:52:36 +02:00
Michael Boelen d6cce1cd08
Test if profiles provided using the command line are readable 2019-07-18 11:54:11 +02:00
Michael Boelen dcd829076b
Move this check to the DiscoverProfiles function 2019-07-18 11:48:00 +02:00
Michael Boelen 4b0f5517f7
Textual change 2019-07-18 11:47:24 +02:00
Michael Boelen b53b894f33
Added file check when a profile is provided 2019-07-18 11:42:26 +02:00
Michael Boelen b7f7179f1e
Moved variables 2019-07-18 11:42:01 +02:00
Michael Boelen 0e9e0fab36
Merge pull request #730 from Marzal/Marzal-PRIVILEGED 
Fix $privileged var being overwrite
 2019-07-18 11:36:47 +02:00
Michael Boelen 87fef1c27b
Merge pull request #729 from Marzal/Marzal-strictmode 
strictmode fixes
 2019-07-18 11:36:23 +02:00
Michael Boelen 63043b536d
[AUTH-9408] added support for pam_tally2 to log failed logins 2019-07-18 11:33:28 +02:00
Julian Phillips e293af16aa Add FOUND var to unset list 2019-07-17 18:01:44 -07:00
Julian Phillips 84dd024887 [CRYP-7930] Modify to use 'lsblk' and 'cryptsetup' 
There are several challenges with the existing method of using
/etc/crypttab:

1)encrypted rootfs partitions are not typically listed in this
file (users are prompted for password in early boot instead)

2)the 'luks' option is the default option so it is possible for
/etc/crypttab entries to never have this set explicitly and any
block device configured as such will be missed currently

3)any device mounted manually, or using any other mechanism aside
from /etc/crypttab will be missed

This commit executes 'cryptsetup isLuks' on every block device in
the system to determine whether it is a LUKS device. This handles
all 3 cases mentioned above.

Test case wording was also updated to reflect the fact that it
only checks for LUKS entrypted block devices. So, plain dm-crypt
and TrueCrypt/VeraCrypt block device encryption is not detected.
Nor is any file system level encryption such as eCryptfs, EncFs,
gocryptfs.
 2019-07-17 16:18:12 -07:00
David d1cb74e7d9
Delete PRIVILEGED var from this file 
if PRIVILEGED is set in the file, it will overwrite the value in the main program always to 0.
This change depends in the other commit that set the variable in both cases.
 2019-07-17 23:28:51 +02:00
David 06413994cf
Initialize some vars to allow strict mode to work 
IsRunning():
To check if $users is empty in strict mode we need the var to be initializez

ReportException:
Some test call this function without the second parameter, this is not allowed in strict mode if we don't initialize the variable
 2019-07-17 23:16:47 +02:00
David 250fb965d3
Strict mode needs this vars initialized 2019-07-17 23:08:20 +02:00
Michael Boelen a4d15f77b5
Differentiate between a discovered binary and running process 2019-07-16 19:10:04 +02:00
Michael Boelen 9e56706aa6
Formatting and improved logging 2019-07-16 19:06:31 +02:00
Michael Boelen 2bd1b1b590
Format change 2019-07-16 19:05:28 +02:00
Michael Boelen d696d521c1
Extended IsRunning function to allow for searching by a combination of process name and user. 2019-07-16 19:04:53 +02:00
Michael Boelen 5869fa4eb1
[INSE-8050] added com.apple.ftp-proxy and improved text output 2019-07-16 14:35:00 +02:00
Michael Boelen a2c57e0b75
Added missing 'then' 2019-07-16 13:21:32 +02:00
Michael Boelen fa8bad20db
Use -n instead of ! -z 2019-07-16 13:20:30 +02:00
Michael Boelen a12aaa2d3a
Added quotes 2019-07-16 13:13:15 +02:00
Michael Boelen 2e192788bb
Added new tests INSE-8318 and INSE-8320 2019-07-16 13:12:17 +02:00
Michael Boelen f8564f2923
[STRG-1840] renamed to USB-1000 2019-07-15 20:04:38 +02:00
Michael Boelen 52610e1abe
[STRG-1842] renamed to USB-2000 2019-07-15 20:00:14 +02:00
Michael Boelen 7ec81715aa
Minor cleanup 2019-07-15 19:57:23 +02:00
Michael Boelen 08cbc6fe2e
Merge pull request #680 from Capashenn/patch_12 
fix issue #610 STRG-1842
 2019-07-15 19:53:33 +02:00
Michael Boelen 455fc26bf7
Small code enhancements 2019-07-15 19:39:04 +02:00
Michael Boelen 2e7c6c7816
[FINT-4328] correct text in log 2019-07-15 19:34:37 +02:00
Michael Boelen c1cf106d03
Show location for Lynis package and new documentation 2019-07-15 19:05:57 +02:00
Michael Boelen 7728213ac4
Merge branch 'master' into docu 2019-07-15 18:55:10 +02:00
Michael Boelen c074c81897
Initial work on GetReportData function 2019-07-14 15:12:25 +02:00
Michael Boelen ced78b52b0
Small markup changes 2019-07-14 15:11:45 +02:00
Michael Boelen 591bc05f4d
[SSH-7408] changed text in suggestion and report 2019-07-14 14:43:35 +02:00
Michael Boelen dbc6f9bc4c
[SCHD-7702] removed hardening points 2019-07-14 13:40:55 +02:00
Michael Boelen b025b3301a
Define relative or absolute path, depending on directory/file or being a binary 2019-07-14 13:36:45 +02:00
Michael Boelen 1df9630bcf
Merge pull request #676 from Capashenn/patch_8 
fix issue #659
 2019-07-14 13:30:16 +02:00
Michael Boelen 4b68c22f30
Use relative paths 2019-07-14 13:27:08 +02:00
David 8400849c58
Add missing commands to show command helper 
configure,generate,update,upload-only
 2019-07-14 13:26:03 +02:00
Michael Boelen 9ebddf0e0c
Merge pull request #675 from Capashenn/patch_7 
fix issues #666 #667
 2019-07-14 13:21:40 +02:00
Michael Boelen ceb9ea193d
Renamed INSE-8342 to INSE-8304 2019-07-14 13:16:48 +02:00
Michael Boelen 93e311e52e
Added INSE-8314 and INSE-8316 for NIS client and server 2019-07-14 13:13:02 +02:00
Michael Boelen 3f04235353
[INSE-8116] added rsync service 2019-07-14 13:06:23 +02:00
Michael Boelen 96434508d4
Disable testing for other tools, as xxd is not present on all systems by default 2019-07-14 12:18:22 +02:00
Michael Boelen ba32b1a001
Use xxd or hexdump, depending on OS 2019-07-14 12:18:05 +02:00
Michael Boelen 4829ae9722
Long format for od does not exist on BSD 2019-07-14 11:57:44 +02:00
Michael Boelen 34f306eb0b
Internal reorganization 2019-07-14 11:50:02 +02:00
Michael Boelen 26fca99c40
Textual changes 2019-07-14 11:49:14 +02:00
Michael Boelen 1a512984c1
[SSH-7406] instead of just carriage return, strip all control characters 2019-07-14 08:43:06 +02:00
Michael Boelen 0bdcb57763
Merge branch 'master' into patch_3 2019-07-14 08:36:47 +02:00
Michael Boelen 82b1c63341
[NETW-3032] small rewrite of test and extended with addrwatch 2019-07-14 08:28:49 +02:00
Michael Boelen 96b9fc33e4
Add generator/version for future 2019-07-13 20:12:38 +02:00
Michael Boelen 6096db8828
Merge pull request #727 from Marzal/showhelperversion 
Prepend sed to discard '## ' in CHANGELOG.md
 2019-07-13 20:05:37 +02:00
Michael Boelen 9f7e0775a5
New command: lynis generate systemd-units 2019-07-13 20:03:30 +02:00
David 2dcf816e86
Prepend sed to discard '## ' in CHANGELOG.md 
Since version 2.6.6 CHANGELOG.md has markdown formatting. This breaks the show changelog command.
This is a workaound to "fix" the issue without changing all the versions in CHANGELOG.md
 2019-07-13 12:41:10 +02:00
Michael Boelen 76e84f4b56
Run non-interactive by default, use --wait to enforce waiting after finishing a group of tests 2019-07-12 14:38:52 +02:00
Michael Boelen c31c6a5a9e
Add timing measurement of individual tests and report them 2019-07-12 14:20:32 +02:00
Michael Boelen aaba4932b0
Show name of deprecated function on screen output 2019-07-12 13:13:39 +02:00
Michael Boelen b9a13893b9
[NAME-4408] corrected Report function call 2019-07-12 13:12:59 +02:00
Michael Boelen 0f80fa07aa
New function SafeFile 2019-07-12 13:05:43 +02:00
Michael Boelen ce263f8cd6
Textual changes 2019-07-10 20:22:31 +02:00
Michael Boelen f40b4287eb
Show 'Not found' instead of 'OK' 2019-07-10 20:12:17 +02:00
Michael Boelen afba58e743
[PROC-3802] test for presence of prelink tooling 2019-07-10 20:10:31 +02:00
Michael Boelen 1a57b41bdd
[PROC-3602] Use ROOTDIR 2019-07-10 20:00:52 +02:00
Michael Boelen f5adb68e00
First round of cleanups and textual improvements 2019-07-10 19:36:51 +02:00
Michael Boelen 83d510934d
Quote file name as it may include spaces 2019-07-10 19:36:19 +02:00
Michael Boelen c97dc3044a
Use exit code instead of ITEM_FOUND value 2019-07-10 19:35:51 +02:00
Michael Boelen 09d8832a0b
[CRYP-7903] enhanced test to properly work 2019-07-09 11:42:04 +02:00
Michael Boelen ae474c72c6
[SSH-7402] detect other SSH daemons like dropbear and split SSH daemon from OpenSSH daemon 2019-07-09 11:16:59 +02:00
Michael Boelen 6891f64c39
Added CRYP-7930 2019-07-09 10:33:51 +02:00
Michael Boelen f3f6be6630
Fix for incorrect subdirectory retrieval and adding enhancement to reduce number of evaluations needed 2019-07-08 21:20:45 +02:00
Michael Boelen 054ca21ee3
Fix: split directories 2019-07-08 21:19:28 +02:00
Michael Boelen 2c17c14c3b
New profile option to ignore specified certificate directories 2019-07-08 15:08:56 +02:00
Michael Boelen 1854e51e7e
New function: Equals 2019-07-08 15:05:28 +02:00
Michael Boelen 16146aabc0
Added option: ssl-certificate-paths-to-ignore 2019-07-08 14:27:40 +02:00
Michael Boelen 5217db95b1
Add deprecation message for old format and added check for unexpected/invalid characters in profile (additional security measure) 2019-07-07 18:49:01 +02:00
Michael Boelen 7a816ece8a
Added DisplayWarning function 2019-07-07 18:47:55 +02:00
Michael Boelen 05012f60fd
Added new colors and regrouping 2019-07-07 18:46:55 +02:00
Michael Boelen 007faf47c3
Cleanup of default profile and migration of permdir/permfile 2019-07-07 18:46:23 +02:00
Michael Boelen c639cb4f6e
Only check empty binaries when we did a full scan, as for some commands the binary scanning is not performed 2019-07-05 18:37:10 +02:00
Michael Boelen 8d4fd1a7aa
Add Readonly() function 2019-07-05 18:35:45 +02:00
Michael Boelen 0443d643da
Show tip to use 'lynis generate hostids' when they are missing 2019-07-05 18:35:10 +02:00
Michael Boelen ade3117307
New option to disable plugins via profile 2019-07-03 15:39:26 +02:00
Michael Boelen 2e1ec2c32f
Change variable name to better indicate what it does 2019-07-03 15:07:46 +02:00
Michael Boelen bc88775d0e
When PATH is defined, only locations from variable 2019-07-01 07:39:32 +02:00
Michael Boelen 76c3ea0edb
Fall back to echo if ECHOCMD is empty early during execution of program 2019-06-30 20:38:05 +02:00
Michael Boelen cb77d5a3f7
Show text when stopping execution 2019-06-30 20:37:33 +02:00
Michael Boelen cfaea21430
Security: test all parameters and arguments for the presence of control characters 2019-06-30 19:29:48 +02:00
Michael Boelen fdacc00b45
Security: test PATH and warn or exit on discovery of dangerous location 2019-06-30 19:21:07 +02:00
Michael Boelen 5e4e44bdf3
Added check to ensure that common system tools are defined as extra safety measure 2019-06-30 18:27:31 +02:00
Michael Boelen 08e8e59197
New function: SafeInput 2019-06-29 19:34:12 +02:00
Michael Boelen dde57ce870
Merge branch 'master' of https://github.com/CISOfy/lynis 2019-06-24 15:47:39 +02:00
Michael Boelen ec519dc976
Minor cleanups 2019-06-24 15:40:38 +02:00
Michael Boelen d0377c563d
Added TLSv1 as weak protocol (nginx) 2019-06-24 15:40:18 +02:00
Michael Boelen 94e0a4e40d
Added Suricata (IDS) 2019-06-24 15:38:34 +02:00
Michael Boelen 8d16a62bbd
Added Bro (IDS) 2019-06-24 15:37:40 +02:00
Michael Boelen b0f966ae48
Check number of arguments for 'audit dockerfile' 2019-06-24 15:33:42 +02:00
Michael Boelen 6f3c268c57
Non-functional code removed as it does not work as intended and lacks required validation controls - Thanks to Sander Bos for reporting 2019-06-24 15:23:30 +02:00
Michael Boelen a312968dd6
Merge pull request #714 from deltablot/issue628 
Add PHP ini file locations for Ubuntu 18.04. Fix #628
 2019-06-24 13:46:30 +02:00
Michael Boelen f6f7a69857
Merge pull request #713 from bcs016/patch-1 
Update tests_authentication - AUTH-9402
 2019-06-24 13:43:19 +02:00
Michael Boelen 6cd903e079
Merge pull request #722 from pyllyukko/linux-bsdrc.d 
Detect BSD-style (rc.d) init in Linux systems
 2019-06-24 13:42:17 +02:00
Michael Boelen ef89ee3fc9
[NETW-3012] make ss command output preferred for Linux system and changed output format 2019-06-24 13:39:30 +02:00
Michael Boelen 6d55767c18
Include 'generate' command 2019-06-17 12:16:29 +02:00
pyllyukko 9b02934339
Detect BSD-style (rc.d) init in Linux systems 2019-06-06 15:41:29 +03:00
Michael Boelen 61d8c91eeb
[FILE-6310] filter on correct field for AIX 2019-06-06 14:20:12 +02:00
Michael Boelen 59b102989f
[AUTH-9268] AIX find does not support maxdepth 2019-06-06 14:13:05 +02:00
lowkey a271cb90c8 Added certificate tests for Exim 2019-05-23 14:31:36 -06:00
Michael Boelen 8e61275ff4
Move state recording to report section 2019-05-16 15:23:23 +02:00
Nicolas CARPi 6ca24aae8b Add PHP ini file locations for Ubuntu 18.04. Fix #628 2019-05-08 01:01:43 +02:00
bcs016 10b8da1c6a
Update tests_authentication 
Update AUTH-9402, change name to check in etc/passwd file when device is a QNAP
 2019-04-29 11:47:11 +02:00
Michael Boelen 96c1ea8b0e
[PKGS-7386] Removed suggestion as a warning is already displayed when vulnerable packages were discovered 2019-04-20 14:31:11 +02:00
Michael Boelen 017103e20c
[PKGS-7392] - Skip test for Zypper-based systems 2019-04-17 15:26:43 +02:00
Michael Boelen 121c861446
Non-interactive mode for zypper 2019-04-17 15:07:07 +02:00
Michael Boelen bf5219d9b9
[PKGS-7328/PKGS-7330] added non-interactive global option 2019-04-15 19:30:21 +02:00
Michael Boelen dba2dcb918
Added missing variables 2019-04-15 19:20:31 +02:00
Michael Boelen 2d0c684931
Added new 'generate' command 2019-04-13 13:26:56 +02:00
Michael Boelen e195e7c8e0
Corrected lsvg binary detection 2019-04-09 08:26:16 +02:00
Michael Boelen d90c43d06c
Updated descriptions 2019-04-09 06:52:00 +02:00
Capashenn fe09e4ebaa fix SHLL-6220 description (#673) 2019-04-09 06:49:33 +02:00
Michael Boelen fd8b1e790d
Improved PackageIsInstalled function and its usage 2019-04-08 15:09:18 +02:00
Michael Boelen 256bc1da0f
Undoed submitted pull request as it breaks testing at least on Ubuntu system 2019-04-08 11:07:41 +02:00
Capashenn 137dc6f0cc fix FILE-6374 (#672) 2019-04-08 10:36:17 +02:00
Michael Boelen 71a0c79053
Corrected stdout/stderr redirection for FreeBSD pkg tool 2019-04-08 07:53:04 +02:00
Michael Boelen 08ecd91180
Use ps instead of pgrep on AIX 2019-04-07 19:03:21 +02:00
Michael Boelen 1e134bc1b3
Extended function with more package managers 2019-04-07 15:52:52 +02:00
Michael Boelen f8b390617b
Changed screen output 2019-04-07 15:51:25 +02:00
Michael Boelen 2750e9b7b8
Detect equery binary 2019-04-07 15:50:46 +02:00
Michael Boelen 72ba872a2f
Improve text output for AIX systems 2019-04-04 19:04:42 +02:00
Michael Boelen 9936224278
Merge of several tests, cleanup, minor code enhancements and restructure 2019-04-04 14:42:39 +02:00
Michael Boelen 247eb7d9a6
Corrected if-statement 2019-04-03 12:46:03 +02:00
Capashenn e0ca517aaa Add tests INSE-8310 INSE-8312 (telnet) (#693) 
* Add test INSE-8000

* Add xinetd support in insecure_services

* fix issue #662

* Check for talk via xinetd

* Check for chargen via xinetd

* Check for daytime via xinetd

* Check discard via xinetd

* Check echo via xinatd

* Check time via xinetd

* Check tftp via xinetd

* Check rsync via xinetd

* Add test INSE-8200

* Add test INSE-8300 INSE-8302 INSE-8304 (rsh)

* Add tests INSE-8310 INSE-8312 (telnet)
 2019-04-02 11:15:31 +02:00
Michael Boelen 2c83037cba
Minor cleanup 2019-04-02 07:58:10 +02:00
Capashenn 7b7086566d Add test FILE-6324 check XFS file systems (#699) 2019-04-02 07:46:04 +02:00
Michael Boelen d0df518426
[PKGS-7420] corrected typo 2019-03-30 13:58:23 +01:00
Michael Boelen 3660043308
[PKGS-7420] limit test to specific OS, add dnf-automatic support, extend logging 2019-03-30 13:31:03 +01:00
Capashenn 295a2699d3 bugfix HOME-9304 HOME-9306 2019-03-29 16:37:30 +01:00
Michael Boelen 3702ae67b5
[PKGS-7420] Detect toolkit to automatically download and apply upgrades 2019-03-29 12:53:13 +01:00
Michael Boelen 8a9edeb40b
[AUTH-9278] style change, description, allow different root directory 2019-03-29 12:30:12 +01:00
Capashenn f9bcf26f25 fix issue #612 (#677) 
LDAP support for Red Hat and others (fix issue #612)
 2019-03-29 12:26:12 +01:00
Michael Boelen de2ef2c3e7
Add apt and dpkg binaries 2019-03-29 12:23:45 +01:00
Michael Boelen 605c381eb6
[PKGS-7410] add support for DPKG-based systems to gather installed kernel packages 2019-03-29 12:22:20 +01:00
Capashenn 3ba94b9700 fix issue #610 STRG-1842 2019-03-25 18:37:06 +01:00
Capashenn 06cdf6c50f fix issue #659 2019-03-25 14:48:43 +01:00
Capashenn c8af37c069 fix issues #666 #667 2019-03-25 14:10:20 +01:00
Capashenn 52dd096e0f fix issue #621 2019-03-25 10:53:46 +01:00
Michael Boelen ea8c032ea9
[NETW-3015] added support for ip binary 2019-03-21 09:34:26 +01:00
Michael Boelen 943e09db01
[LOGG-2180] minor cleanup 2019-03-21 09:07:05 +01:00
Michael Boelen 928023ec6a
[HTTP-6624] improved logging for test 2019-03-19 13:07:12 +01:00
Michael Boelen 303050dda3
[LOGG-2154] Adjusted test to search in configuration file correctly 2019-03-15 14:25:00 +01:00
Michael Boelen 048815abc0
[SSH-7408] Increased values for MaxAuthRetries as sometimes SSH key-based authentication may need it 2019-03-15 14:00:47 +01:00
Michael Boelen 4a47bde240
Adjusted descriptions 2019-03-15 13:52:55 +01:00
Michael Boelen 89782f1e98
Add logging status of tool tips 2019-03-14 14:15:59 +01:00
Michael Boelen 703a856e82
Corrected blkid detection 2019-03-14 13:15:07 +01:00
Michael Boelen 48195ce221
Initial work to detect Lynis in cronjobs 2019-03-14 12:32:19 +01:00
Michael Boelen 3e7b319ec7
Readability changes and show when plugin execution is skipped 2019-03-14 12:31:39 +01:00
Michael Boelen 3cf64ff5a6
Preparations for user tips to improve usage of tool 2019-03-14 12:30:37 +01:00
Michael Boelen 95c11f8270
[KRNL-5820] Changed color for default value - fixes GitHub #655 2019-03-11 14:06:17 +01:00
Michael Boelen ec4d89b978
[BOOT-5122] don't use WARNING, but show NONE if no protection is implemented 2019-03-07 10:15:16 +01:00
chr0mag e33ca1ec58 [BOOT 5177] Simplify service filter & support multiple periods in names (#633) 
* Handle service names with multiple periods

The current awk filter produces truncated output if the service
name contains multiple periods.

eg. dbus-org.freedesktop.resolve1.service and
dbus-org.freedesktop.network1.service both appear as 'dbus-org' in
the resulting service list.

This change addresses this by filtering on '.service' instead.

* Simplify systemd service filtering

Added systemctl switches to filter the output based on enabled
or running services. This removes the need for one of the awk
statements.
 2019-03-07 10:10:21 +01:00
chr0mag 341612418f BOOT-5117 adds systemd-boot bootloader detection (#634) 
Adds a test to detect systemd-boot. The 'bootctl' binary is also
added as this is the utility used to inspect the systemd-boot
configuration.

This test is only executed if systemd is installed, the bootctl
utility exists and the system is booted in UEFI mode.
 2019-03-07 10:07:52 +01:00
silentcreek fb567465c9 [KRNL-5788] Fix false positive warning on missing /vmlinuz (#650) 
Not all architectures use a /vmlinuz symlink in Debian. For instance,
armhf systems may only provide a symlink in /boot/vmlinuz. Fall back to
testing /boot/vmlinuz if /vmlinuz is not found.

Signed-off-by: Timo Sigurdsson <public_timo.s@silentcreek.de>
 2019-03-07 10:05:12 +01:00
silentcreek 17f2e34660 [PKGS-7388] Fix false positive warning on missing security archive (#651) 
Currently the check for the security archive in Debian/Ubuntu fails, if
the archive is not hosted on security.{debian,ubuntu}.org and the URL
does have trailing slash, such as this:
  deb http://deb.debian.org/debian-security/ stretch/updates main

Change the regular expression to allow for a trailing slash in the URL
when filtering the package sources lists.

Signed-off-by: Timo Sigurdsson <public_timo.s@silentcreek.de>
 2019-03-07 10:03:11 +01:00
Michael Boelen 8888b01dcd
Store date and timestamp for EOL 2019-03-05 19:31:36 +01:00
jirib 0dafe4a02b better OpenBSD support (#641) 2019-03-05 19:03:44 +01:00
chr0mag 06bf77cb30 [FIRE-4540] Modify test to better measure rules (#636) 
This test was previously measuring the number of bytes (wc -c)
in the exported JSON which is likely not what was intended and
will lead to false positives anytime the number of bytes exceeds
16.

The export feature is poorly documented and requires the jansson
package on the target system to export as JSON - which may not
always be the case.

Lastly, 16 is an arbitrary and uncessarily high number. A simple
workstation firewall can have only 3 rules and be effective.

This commit makes use of 'nft list ruleset' instead of the export
command, strips out blank lines as well as table & chain headers
before measuring the number of lines in the output. Any result
with more than 3 rules is now considered non-empty. This is more
consistent with the equivalent iptables test case.
 2019-03-05 18:57:58 +01:00
Michael Boelen ff6446a5bc
Added 'show eol' command 2019-03-04 12:33:25 +01:00
Michael Boelen f7a291a62f
Use datestamps instead of date, due to compatibility with other platforms 2019-03-04 12:33:03 +01:00
Michael Boelen 9d8b12e0f8
Initial lookup with awk corrected 2019-03-04 12:13:47 +01:00
Michael Boelen e0b93ed0cc
Replace awk statement with grep to simplify search 2019-03-04 12:08:47 +01:00
Michael Boelen 19921ab001
Style improvements, typo, variable usage 2019-02-28 10:19:09 +01:00
chr0mag 353cf84413 [AUTH-9252] Sudo configuration file/folder check improvements (#637) 
* [AUTH-9252] Adds support for files in sudoers.d

This commit adds permission checks for files found in 'sudoers.d'.
Previously only the main 'sudoers' file is checked. Fixes #600.

* [AUTH-9252] Check drop-in directory permissions

The test case currently only checks file permissions. This adds
logic to check the drop-in directory permissions as well.

* [AUTH-9252] Check file/folder ownership

This test currently only checks file/directory permissions. This
commit adds checks to ensure sudo configuration files/folders are
owned with UID=0 and GID=0.
 2019-02-28 10:15:57 +01:00
dataking 76ec39176a Fix #638. (#640) 
* fix for issue #453; simply add RPi/Raspian path to PAM_FILE_LOCATIONS

* Only use data before # to handle inline comments in /etc/resolv.conf.
 2019-02-28 09:51:57 +01:00
Michael Boelen 34a2742cdb
Initial support for end-of-life OS detection 2019-02-26 16:15:15 +01:00
Michael Boelen 08ed748a86
Disable logging of virtual host to report due to length 2019-01-31 14:49:00 +01:00
Michael Boelen 66066ae226
Changed year and preparing for new release 2019-01-31 14:47:35 +01:00
TheFlipside 7fded881d8 Update tests_system_integrity (#627) 
https://github.com/CISOfy/lynis/issues/626
 2019-01-31 14:28:18 +01:00
Michael Boelen 41d5d61a16
Removed non-compatible code (eg AIX) 2019-01-31 14:27:36 +01:00
Michael Boelen bca2d00ad7
Added STATUS_WEAK 2019-01-14 18:49:49 +01:00
Michael Boelen 750f55bd27
Minor changes and remarks regarding HostID 2019-01-14 11:13:37 +01:00
Michael Boelen 11368b4ca8
Added STATUS_WEAK 2019-01-14 11:13:03 +01:00
Michael Boelen 533a0631e7
Remove unneeded variable for firewall as data is stored in report 2018-12-31 10:03:26 +01:00
Michael Boelen 21956cc42c
[LOGG-2190] added filter for MariaDB, tested onCentOS 2018-12-29 17:10:06 +01:00
Michael Boelen e014e12310
Remove FIND1 variable, as we prefer FIND to limit number of variables 2018-12-17 09:58:57 +01:00
Capashenn 47e37bf058 [AUTH-9282][AUTH-9283] Add support for RedHad and clones (#609) 
[AUTH-9282][AUTH-9283] Add support for Red Hat and clones
 2018-12-17 09:55:41 +01:00
theycallhimpat 0f32d2725c Fix printed error when wget comes from busybox (#602) 
Busybox's wget does't provide the -V parameter to get the version, so
redirect stderr to /dev/null to hide the printed error message
 2018-12-17 09:53:27 +01:00
marcinozga b98217aba9 Update tests_firewalls (#599) 
Added detection of Little Snitch alternative firewalls: Hands Off!, LuLu, and Radio Silence.
 2018-12-14 13:20:01 +01:00
Michael Boelen 81f67584cb
[BOOT-5177] changed note to a hint 2018-12-14 13:17:46 +01:00
Katarina Durechova 2fb4ae4987 [SHLL-6230] Add etc/bash.bashrc.local to umask check (#595) 2018-12-13 12:13:27 +01:00
柯豪 760ed040c8 Fix MacOS Mojave detect pattern (#603) 2018-12-13 12:12:26 +01:00
Michael Boelen 28a2580a36
Detection added for macOS Mojave 2018-10-30 13:39:47 +01:00
Michael Boelen 5028aa2f70
Added SSH-7406 to detect OpenSSH version + condition based checking in SSH-7408 2018-10-23 17:14:47 +02:00
Michael Boelen d44f51a353
Added and changed description for TOOL-5160 2018-10-23 13:00:16 +02:00
Michael Boelen 361ad7d9da
Renamed variable 2018-10-23 12:58:40 +02:00
Michael Boelen de7d64a8a0
[TOOL-5160] OSSEC detection test 2018-10-23 12:58:22 +02:00
Wagner c94b97bd9e osdetection: ignore quotes in OS_ID (#593) 2018-10-23 12:16:36 +02:00
Michael Boelen 532c1a9bb6
Add TOMOYO tests 2018-10-18 11:01:30 +02:00
Katarina Durechova 631853a924 [BOOT-5260] Make "sulogin" more generic for systemd rescue.service (#590) 2018-10-17 14:21:30 +02:00
Deon Spengler 72796f5757 Added support for TOMOYO Linux Mandatory Access Control (#589) 
* Added binary for TOMOYO Linux

* Added support for TOMOYO Linux Mandatory Access Control
 2018-10-17 14:20:52 +02:00
Michael Boelen 823ebd8268
Replaced 'warning' status to 'found' 2018-10-17 14:16:54 +02:00
Jesus Christian Cruz Acono 414be240e8 Update tests_ports_packages (#586) 
change " " <- space for [[:blank:]] (to clean all pausible spaces)
 2018-10-05 10:23:19 +02:00
Przemysław Dąbek fd75c9fd0f typo fix in warning message (#585) 2018-10-05 10:19:23 +02:00
Michael Boelen c1f9417792
Initialise some variables for uploading 2018-10-05 10:17:26 +02:00
Michael Boelen c50db85aaa
[DBS-1882] added support for QNAP path 2018-09-19 13:29:03 +02:00
Michael Boelen c34c8265ad
Detection for QNAP devices 2018-09-19 13:28:46 +02:00
Michael Boelen 7e41339d95
Added QNAP device variable 2018-09-19 13:26:27 +02:00
Michael Boelen bf1e99f3cd
[DBS-1882] added /usr/local/redis/etc path 2018-09-19 13:23:27 +02:00
Michael Boelen f8697db25b
[TIME-3104] added more logging 2018-09-19 13:19:57 +02:00
Michael Boelen 7635d58fe3
Add TODO for BusyBox support 2018-09-17 11:47:07 +02:00
Michael Boelen f0c84e3d01
[KRNL-5788] ignore exception when no vmlinuz file was discovered 2018-09-17 11:46:36 +02:00
Michael Boelen b4e93d4fcc
[PKGS-7322] Updated solution text 2018-09-17 09:23:04 +02:00
Michael Boelen 1d52e57e45
Changed output for remote system audit 2018-09-08 11:22:28 +02:00
Michael Boelen d0f4a90c00
Grammar change 2018-09-06 07:55:58 +02:00
superpoussin22 2334bba492 avoid “can't shift that many” error (#571) 
got this error on debian auditing a docker file when testing an ubuntu Dockerfile when lynis try to find KEY_USED
 2018-09-06 07:48:40 +02:00
Wagner 47de2dc4bf fix opensuse os detection with os-release (#578) 2018-09-06 07:47:38 +02:00
superpoussin22 9fe6dcde76 detect if latest TAG is used (#575) 
that's always better to specify the version, latest desn't mean latest version 
it can be a suggestion if you prefer
 2018-08-28 08:45:04 +02:00
Michael Boelen 91c6314a1a
Minor cleanups 2018-08-27 14:51:28 +02:00
Michael Boelen 67f9d25461
Updated list of options and man page 2018-08-27 14:25:59 +02:00
Michael Boelen 4df28ca659
[PHP-2372] test all PHP files for expose_php and improved logging 2018-08-23 12:23:48 +02:00
Michael Boelen afaae50989
[BOOT-5104] extended logging 2018-08-22 16:38:54 +02:00
Michael Boelen b005effc32
[BOOT-5104] improved parsing parameters to init process 2018-08-22 16:33:50 +02:00
superpoussin22 3b537fd8e8 Missing quotes and better display (#570) 
for KEY_USED
 2018-08-15 13:56:56 +02:00
superpoussin22 6ba7bad34e add a few basic test (#572) 2018-08-15 13:54:56 +02:00
superpoussin22 6567b16730 add alpine support (#569) 
also initialize a few variables which wasn't initialyzed
 2018-08-15 13:47:17 +02:00
superpoussin22 839977c3f6 Update helper_audit_dockerfile (#568) 
To support LABEL maintainer="toto" and LABEL maintainer "toto"
correct syntax from docker is LABEL maintainer="xxxxxxxxxxxxxxx"
 2018-08-07 14:46:47 +02:00
Michael Boelen 7ebccab207
Updated URL for Lynis controls 2018-08-03 11:20:31 +02:00
Michael Boelen 3f9d1308bb
[SSH-7408] adjusted classification of root login with keys 2018-07-25 13:35:00 +02:00
Michael Boelen 4ad2ee4ba2
[BOOT-5104] added busybox to service managers 2018-07-25 13:24:11 +02:00
Michael Boelen 7181b94382
[KRNL-5677] Limit PAE and no-execute test to AMD64 hardware only 2018-07-25 12:25:00 +02:00
Michael Boelen 54e8020edb
[LOGG-2190] ignore /dev/zero and /dev/[aio] as deleted files 2018-07-25 12:13:06 +02:00
Bernhard R. Fischer c024ce31d8 added path information for correct detection of config files and modules of Apache 2.4 (standard installation from ports tree) on FreeBSD (#562) 2018-07-24 19:08:45 +02:00
gkrystev 13d631781c Fix for umask check in case of multiple files (#560) 
In case when umask is checked in multiple files and in some of the files except the last one a weak umask is found, the tool reports weak mask for the rest of the files. In the example bellow, the weak umask is only in /etc/csh.cshrc. However, the check /etc/profile is reported weak as well.

Expected:

Checking default umask values
Checking default umask in /etc/bashrc [ OK ]
Checking default umask in /etc/csh.cshrc [ WEAK ]
Checking default umask in /etc/profile [ OK ]
Actual:

Checking default umask values
Checking default umask in /etc/bashrc [ OK ]
Chhhhecking default umask in /etc/csh.cshrc [ WEAK ]
Chhhhecking default umask in /etc/profile [ WEAK ]
 2018-07-24 19:08:08 +02:00
Michael Boelen 81ea5df3b3
Fix: extra operand error 2018-07-05 15:57:19 +02:00
Michael Boelen 1bf09ad60a
[KRNL-5830] improved text in log 2018-07-02 14:52:29 +02:00
Michael Boelen 65190d214c
Move reporting of hostid2 to main section to ensure it is added to report 2018-06-28 16:29:16 +02:00
Michael Boelen 85feee25d5
Merge branch 'master' of https://github.com/CISOfy/lynis 2018-06-26 11:37:18 +02:00
Thomas Sjögren 8321da24c7 query DNS with FQDN (#555) 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2018-06-26 11:36:55 +02:00
Michael Boelen d80ec9d084
Removed 'update release' from help text 2018-06-26 11:35:02 +02:00
Michael Boelen 34813302b4
Changed number of Exim test and minor changes 2018-06-26 11:34:09 +02:00
Dave Vehrs c11177f98b Initial Tests for Exim (#539) 
* Added kernel.dmesg_restrict to sysctl checks.

* Extending Exim Tests, round 1

* fixed a few string comparisons

* fixed old test

* Cleans to Exim options tests
 2018-06-26 11:27:26 +02:00
aram535 1caf9ad12d Updated tests_ssh, removed extra ssh in the test (#557) 
Seems like in the patch there was an extra 'ssh' added in the command line, which is breaking the ssh tests.  Removing the ssh keyword... -T -C ... fixes the problem.
 2018-06-22 12:29:25 +02:00
Carsten Grohmann bf2462272e [TIME-3160] Extend check for step-tickers file for RedHat (#553) 
On RedHat if the step-tickers file exists but empty, the ntp start
script uses the servers listed in ntp.conf for the initial time
synchronization.
 2018-06-06 13:59:07 +02:00
Michael Boelen 84faf57b30
[SSH-7402] when SSH configuration has Match block, allow evaluation of full configuration 2018-05-14 08:29:30 +02:00
Michael Boelen 4efe5dd363
[DNS-1600] Test is disabled until domain is configured 2018-05-02 13:35:46 +02:00
Michael Boelen 235ec1c8d4
Merge branch 'master' of https://github.com/CISOfy/lynis 2018-05-02 13:19:32 +02:00
kisst 039945bde6 DNS-1600 Check for DNSSEC validation (#535) 2018-05-02 13:19:01 +02:00
Michael Boelen 08ee8136d5
Check for available parameter when using profile or plugindir 2018-05-02 12:48:05 +02:00