tyler.durden
/
lynis
mirror of https://github.com/CISOfy/lynis.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
2,874 Commits 2 Branches 62 Tags 17 MiB
Commit Graph

2874 Commits

Author SHA1 Message Date
Michael Boelen e481d5a173
Merge pull request #888 from bginsbach/fix-auth-9230 
Fix AUTH-9230 for systems without /etc/login.defs
 2020-03-31 11:22:31 +02:00
Michael Boelen 6442dcc363
Merge pull request #891 from bginsbach/fix-pkgs-7301 
Fix PKGS-7301 message nit
 2020-03-31 11:21:40 +02:00
Brian Ginsbach 94915ac2fe Fix PKGS-7301 message nit 
The comment is correct. It is FreeBSD pkg not NetBSD pkg.
 2020-03-30 14:23:58 -05:00
Michael Boelen 9a1bbbc69a
Updated log 2020-03-30 16:08:31 +02:00
Michael Boelen 7d544d9d79
Merge pull request #889 from bginsbach/fix-proc-3802 
PROC-3802 Only check for prelink package on Linux
 2020-03-30 16:07:25 +02:00
Michael Boelen 49b8779cb5
Improved text about software packages 2020-03-30 12:14:40 +02:00
Michael Boelen 677f0c32fa
Move Repology link and text change for packages 2020-03-30 12:11:58 +02:00
Michael Boelen 064a123c63
Merge pull request #884 from topimiettinen/add-repology-badge 
README.md: add repology badge
 2020-03-30 12:06:51 +02:00
Brian Ginsbach f13d919dfa PROC-3802 Only check for prelink package on Linux 
The prelink package is Linux specific no need to check for it on
non-Linux systems.
 2020-03-29 16:19:25 -05:00
Brian Ginsbach 90b17121ba Fix AUTH-9230 for systems without /etc/login.defs 
This fixes a bug where it was determined that /etc/login.defs didn't
exist as a prerequisite but then wasn't used to skip the test. Prevents
warnings from `grep(1)` for "no such file or directory".
 2020-03-29 15:31:41 -05:00
Topi Miettinen e7da240022
README.md: add repology badge 
Show downstream usage for various versions of Lynis.

Signed-off-by: Topi Miettinen <toiwoton@gmail.com>
 2020-03-28 13:40:36 +02:00
Michael Boelen 603d5b16a2
[FINT-4339] define what file to check for 2020-03-25 19:40:05 +01:00
Michael Boelen b8cdb04772
Corrected requirements to run tests 2020-03-25 19:33:55 +01:00
Michael Boelen daa9c42ec0
Updated log 2020-03-25 15:19:30 +01:00
Michael Boelen 1e52ed0c0d
Added notes to NETW-3200 for future extending this test 2020-03-25 15:19:21 +01:00
Michael Boelen 04c969752a
[NETW-3200] corrected test 2020-03-25 15:15:42 +01:00
Michael Boelen 9b978a3581
Add specific control ID for warnings regarding usage of deprecated options 2020-03-25 15:03:21 +01:00
Michael Boelen db117ae644
Merge branch 'master' of https://github.com/CISOfy/lynis 2020-03-25 10:11:34 +01:00
Michael Boelen f644927a42
Improved warning message with 'how to resolve' 2020-03-25 10:11:25 +01:00
Michael Boelen 4d9e7a158f
Merge pull request #881 from topimiettinen/enhance-fs-totals 
[FILE-6374]: Summarize unhardened file system
 2020-03-25 10:10:46 +01:00
Topi Miettinen 339e0c3207
[FILE-6374]: Summarize unhardened file system 
Report total numbers of unhardened filesystems.

Signed-off-by: Topi Miettinen <toiwoton@gmail.com>
 2020-03-25 09:18:16 +02:00
Michael Boelen 3c8e3b0adb
Merge pull request #862 from topimiettinen/blacklist-fs 
FS module tests: check if modules are blacklisted
 2020-03-24 13:34:05 +01:00
Michael Boelen 5e821687af
Added new tests 2020-03-24 13:33:24 +01:00
Michael Boelen 3c3feecbfb
Merge pull request #824 from Varbin/master 
Add detection of OpenNTPD
 2020-03-24 13:29:02 +01:00
Michael Boelen f83025a283
Merge pull request #860 from topimiettinen/harden-mount-options 
Harden mount options for /var, check also /dev and /run
 2020-03-24 13:27:50 +01:00
Michael Boelen dbfadc5446
Merge pull request #879 from topimiettinen/enhance-tomoyo-check 
Enhance TOMOYO Linux check
 2020-03-24 13:26:33 +01:00
Michael Boelen 1d9a887406
Updated log 2020-03-24 13:25:22 +01:00
Michael Boelen 18a570c0b8
Merge pull request #880 from konstruktoid/grphashrounds 
Add test for group password hash rounds
 2020-03-24 13:24:12 +01:00
Michael Boelen a9db6e0794
Merge pull request #866 from topimiettinen/run-systemd-analyze-security 
Run 'systemd-analyze security'
 2020-03-24 13:17:04 +01:00
Thomas Sjögren bc09f921f0 fix indentation 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2020-03-24 11:53:50 +01:00
Thomas Sjögren 0b9e2d85d6 fix tabs 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2020-03-24 11:45:05 +01:00
Thomas Sjögren 5341fa7b29 AUTH-9229 isnt related to login.defs, add AUTH-9230 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2020-03-24 11:44:14 +01:00
Thomas Sjögren 6818db5e12 add AUTH-9230 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2020-03-24 11:43:34 +01:00
Topi Miettinen e09fe98b89 Enhance TOMOYO Linux check 
Count and log unconfined processes, which are not using policy
profile 3.

Signed-off-by: Topi Miettinen <toiwoton@gmail.com>
 2020-03-23 18:44:21 +02:00
Topi Miettinen 0da82a18cb
FS module tests: check if modules are blacklisted 
Check if FS modules are blacklisted.

Signed-off-by: Topi Miettinen <toiwoton@gmail.com>
 2020-03-23 17:43:53 +02:00
Topi Miettinen 8913374092 Run 'systemd-analyze security' 
'systemd-analyze security' (available since systemd v240) makes a nice
overall evaluation of hardening levels of services in a system. More
details can be found with 'systemd-analyze security SERVICE' for each
service.

Signed-off-by: Topi Miettinen <toiwoton@gmail.com>
 2020-03-23 17:31:32 +02:00
Michael Boelen 7bba7bd4af
Removed incorrect process name from list, enable --full as it is required for matching jitterentropy-rngd 2020-03-23 16:13:39 +01:00
Michael Boelen dcddfdb6cc
Merge branch 'master' of https://github.com/CISOfy/lynis 2020-03-23 15:56:03 +01:00
Michael Boelen 1e74f9be9a
Fixed 'lynis show details' output 2020-03-23 15:55:40 +01:00
Michael Boelen 8f77116ce7
Merge pull request #876 from topimiettinen/enhance-apparmor-check 
Enhance AppArmor check
 2020-03-23 15:24:52 +01:00
Michael Boelen 7d1fe1231a
[CRYP-8005] added haveged, match against process name instead of full command line, code cleanup 2020-03-23 14:29:47 +01:00
Michael Boelen 08f57c557d
Updated log 2020-03-23 13:20:41 +01:00
Michael Boelen 1eb9218986
Merge branch 'master' of https://github.com/CISOfy/lynis 2020-03-23 13:19:29 +01:00
Michael Boelen 17bbaa8f7a
[AUTH-9229] make test only available for root 2020-03-23 13:19:10 +01:00
Michael Boelen 32cefdea0a
Merge pull request #878 from topimiettinen/check-ima-evm 
Check IMA/EVM, dm-integrity and dm-verity statuses
 2020-03-23 13:18:16 +01:00
Michael Boelen 4e35b91ab2
Updated log 2020-03-23 12:50:31 +01:00
Michael Boelen 122619d01f
Merge pull request #874 from topimiettinen/check-password-hashing-methods 
Check password hashing methods
 2020-03-23 12:49:20 +01:00
Michael Boelen 410206619a
Removed restriction for using the plugin and code style improvements 2020-03-23 11:30:10 +01:00
Michael Boelen 98fb272501
Merge pull request #865 from topimiettinen/journald-fix-disk-usage 
Fix journalctl output parsing for recent journalctls
 2020-03-23 11:18:45 +01:00
Michael Boelen 17ac4d2c1c
[AUTH-9252] corrected permission check 2020-03-23 10:44:45 +01:00