Commit Graph

72 Commits

Author SHA1 Message Date
Michael Boelen 36627a4eb7
Style improvements 2019-09-19 14:05:15 +02:00
Michael Boelen 17137408d2
Use IsRunning exit code instead of variable 2019-07-26 11:32:48 +02:00
Michael Boelen fa8bad20db
Use -n instead of ! -z 2019-07-16 13:20:30 +02:00
Michael Boelen 8e61275ff4
Move state recording to report section 2019-05-16 15:23:23 +02:00
chr0mag 06bf77cb30 [FIRE-4540] Modify test to better measure rules (#636)
This test was previously measuring the number of bytes (wc -c)
in the exported JSON which is likely not what was intended and
will lead to false positives anytime the number of bytes exceeds
16.

The export feature is poorly documented and requires the jansson
package on the target system to export as JSON - which may not
always be the case.

Lastly, 16 is an arbitrary and uncessarily high number. A simple
workstation firewall can have only 3 rules and be effective.

This commit makes use of 'nft list ruleset' instead of the export
command, strips out blank lines as well as table & chain headers
before measuring the number of lines in the output. Any result
with more than 3 rules is now considered non-empty. This is more
consistent with the equivalent iptables test case.
2019-03-05 18:57:58 +01:00
Michael Boelen 66066ae226
Changed year and preparing for new release 2019-01-31 14:47:35 +01:00
Michael Boelen 533a0631e7
Remove unneeded variable for firewall as data is stored in report 2018-12-31 10:03:26 +01:00
marcinozga b98217aba9 Update tests_firewalls (#599)
Added detection of Little Snitch alternative firewalls: Hands Off!, LuLu, and Radio Silence.
2018-12-14 13:20:01 +01:00
Michael Boelen 7635d58fe3
Add TODO for BusyBox support 2018-09-17 11:47:07 +02:00
Jason Soto 94e4fb4bd9 Solved null byte bash warning (#523) 2018-03-05 11:19:57 +01:00
mslifcak c170f1fc0a Pin db sync (#519)
* fix testname in one Register and four comments

* remove db dup MAIL-8816; add db AUTH-9489 BOOT-5261 CORE-1000 FILE-6363 FILE-6439 KRNL-5831 MAIL-8817 SINT-7010 USB-3000

* fix description PLGN-3856
2018-02-09 12:37:10 +01:00
Michael Boelen 66f8cb2441
Changed year 2018-01-11 09:50:26 +01:00
Michael Boelen 011e6248c2
Use full match for Little Snitch 2017-10-29 10:54:16 +01:00
Michael Boelen c5e014eaf4
Corrected description 2017-10-24 13:39:41 +02:00
Michael Boelen 77400d3952
Improve logging 2017-09-05 13:29:21 +02:00
(╯°□°)╯︵ uᴉǝssnH ɐɟɐʇsoW 3b66a22f39 Firewall check updates (#414)
* Check if CSF is running

* Check for APF presence
2017-07-10 15:23:32 +02:00
Michael Boelen 0e535c851a
Small style improvement 2017-05-31 15:47:21 +02:00
(╯°□°)╯︵ uᴉǝssnH ɐɟɐʇsoW 360be2a700 Add a check for csf testing mode (#399) 2017-05-31 15:37:22 +02:00
Michael Boelen 4ecb9d4d05
[bulk change] cleaning up, code enhancements, initialization of variables, and new tests 2017-04-30 17:59:35 +02:00
Michael Boelen e082b8af08 Updated log 2017-03-08 21:19:20 +01:00
hlein e054e9757c Lots of cleanups (#366)
* Description fix: SafePerms works on files not dirs.

All uses of SafePerms are on files (and indeed, it would reject
directories which would have +x set).

* Lots of whitespace cleanups.

Enforce everywhere(?) the same indentations for if/fi blocks.
The standard for the Lynis codebase is 4 spaces.  But sometimes
it's 1, sometimes 3, sometimes 8.

These patches standardize all(?) if blocks but _not_ else's (which
are usually indented 2, but sometimes zero); I was too lazy to
identify those (see below).

This diff is giant, but should not change code behavior at all;
diff -w shows no changes apart from whitespace.

FWIW I identified instances to check by using:

  perl -ne 'if ($oldfile ne $ARGV) { $.=1; $oldfile=$ARGV; }; chomp; if ($spaces) { next unless /^( *)([^ ]+)/; $newspaces=length($1); $firsttok = $2; next unless defined($firsttok); $offset = ($firsttok eq "elif" ? 0 : 4); if ($newspaces != $spaces + $offset) { print "$ARGV:$ifline\n$ARGV:$.:$_\n\n" }; $ifline=""; $spaces="";  } if (/^( *)if (?!.*[; ]fi)/) { $ifline = "$.:$_"; $spaces = length($1); }' $(find . -type f -print0 | xargs -0 file | egrep shell | cut -d: -f1)

Which produced output like:

  ./extras/build-lynis.sh:217:            if [ ${VERSION_IN_SPECFILE} = "" -o ! "${VERSION_IN_SPECFILE}" = "${LYNIS_VERSION}" ]; then
  ./extras/build-lynis.sh:218:               echo "[X] Version in specfile is outdated"

  ./plugins/plugin_pam_phase1:69:        if [ -d ${PAM_DIRECTORY} ]; then
  ./plugins/plugin_pam_phase1:70:                LogText "Result: /etc/pam.d exists"

...There's probably formal shellscript-beautification tools that
I'm oblivious about.

* More whitespace standardization.

* Fix a syntax error.

This looks like an if [ foo -o bar ]; was converted to if .. elif,
but incompletely.

* Add whitespace before closing ].

Without it, the shell thinks the ] is part of the last string, and
emits warnings like:

  .../lynis/include/tests_authentication: line 1028: [: missing `]'
2017-03-07 19:23:08 +00:00
hlein b595cc0fb5 Various cleanups (#363)
* Typo fix.

* Style change: always use $(), never ``.

The Lynis code already mostly used $(), but backticks were sprinkled
around.  Converted all of them.

* Lots of minor spelling/typo fixes.

FWIW these were found with:

  find . -type f -print0 | xargs -0 cat | aspell list | sort -u | egrep '^[a-z]+$' | less

And then reviewing the list to pick out things that looked like
misspelled words as opposed to variables, etc., and then manual
inspection of context to determine the intention.
2017-03-06 07:41:21 +00:00
Michael Boelen 30d9c2b72d [FIRE-4512] lowered number of minimum rules 2017-02-14 16:19:44 +01:00
Michael Boelen bfbe35055a [FIRE-4586] escape search string 2017-02-10 11:14:01 +01:00
Michael Boelen 34ba1ba184 Changed date and preparing for release 2017-02-09 13:35:40 +01:00
Michael Boelen 103ed2afb3 Added FIRE-4586 2017-01-28 15:46:42 +01:00
Justin P 50b06efd30 macOS Refactoring (#311)
* Default all macOS `OS` names as macOS. Added comments to specify `uname` outputs for better understanding.

* Refactored all `Mac` instances referring to macOS over to `macOS` formatting.

Tested on my own machine, unable to find any errors outside of normal parameters.
2016-11-05 11:53:22 +01:00
Michael Boelen a1f9f902a1 [FIRE-4518] mark as a root-only test - correction 2016-10-27 10:08:43 +02:00
Michael Boelen 3a57b628d6 [FIRE-4518] mark as a root-only test 2016-10-27 10:07:03 +02:00
Michael Boelen b936f3b05b [FIRE-4530] Don't show error on screen for missing IPFW sysctl key 2016-10-15 15:34:03 +02:00
Michael Boelen c4b6aab8c7 Reversed file check on /dev/pf 2016-10-15 15:28:22 +02:00
Michael Boelen 81024635aa Improve detection of pf on FreeBSD 2016-10-15 15:26:15 +02:00
Michael Boelen 6b79f38b82 Add then statement 2016-10-15 11:35:07 +02:00
Michael Boelen 76277f1bf9 Added process detection for Little Snitch 2016-10-15 11:30:12 +02:00
Michael Boelen fba5140150 [FIRE-4534] detection of Little Snitch 2016-10-15 11:26:51 +02:00
Michael Boelen 903016df36 Code cleanups and generic enhancements 2016-09-10 16:12:44 +02:00
Michael Boelen 82ededed31 Style improvements and command replacements 2016-09-08 21:04:17 +02:00
BlueC0re a596bdc349 added TRBINARY + fix nftables check (#276)
fixes #273
2016-09-06 20:58:30 +02:00
Michael Boelen 737b9359ae Renamed tr command 2016-09-05 22:01:02 +02:00
Michael Boelen 2942b4196b Added test FIRE-4540 and textual changes 2016-09-05 12:29:04 +02:00
Michael Boelen 04f9fae67c [FIRE-4520] Use discovered pfctl binary and style improvement 2016-09-05 11:22:39 +02:00
Michael Boelen 042e52c0b9 [FIRE-4520] Remove suggestion 2016-09-05 11:21:27 +02:00
Michael Boelen 679e8c628e Use detected binaries 2016-08-25 15:31:33 +02:00
Michael Boelen f9b2993f35 Removed unneeded field 2016-08-10 07:24:10 +02:00
Michael Boelen 2f4c854ba7 Rename of categories, introduction of groups 2016-07-24 17:22:00 +02:00
Michael Boelen 983e293eb1 Replaced text strings to allow translations 2016-06-18 11:14:01 +02:00
Yann ILAS e8d6308d82 use ${LSMODBINARY} instead of lsmod (#200) 2016-05-19 17:34:35 +02:00
mboelen 42607ceaf5 Replaced old function names with new ones 2016-04-28 12:31:57 +02:00
mboelen b453190cd7 Added firewall_software[] to report 2016-04-27 10:52:45 +02:00
mboelen 8cc47819b4 Removed copyright line, added description 2016-03-13 16:03:46 +01:00