tyler.durden
/
lynis
mirror of https://github.com/CISOfy/lynis.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
2,273 Commits 2 Branches 62 Tags 17 MiB
Commit Graph

2273 Commits

Author SHA1 Message Date
Capashenn f9bcf26f25 fix issue #612 (#677) 
LDAP support for Red Hat and others (fix issue #612)
 2019-03-29 12:26:12 +01:00
Michael Boelen 20da48bdfe
Switch to development version 2019-03-29 12:24:01 +01:00
Michael Boelen de2ef2c3e7
Add apt and dpkg binaries 2019-03-29 12:23:45 +01:00
Michael Boelen 605c381eb6
[PKGS-7410] add support for DPKG-based systems to gather installed kernel packages 2019-03-29 12:22:20 +01:00
Michael Boelen 09e2de2ea5
Release 2.7.3 2019-03-21 09:35:30 +01:00
Michael Boelen ea8c032ea9
[NETW-3015] added support for ip binary 2019-03-21 09:34:26 +01:00
Michael Boelen 943e09db01
[LOGG-2180] minor cleanup 2019-03-21 09:07:05 +01:00
Michael Boelen 928023ec6a
[HTTP-6624] improved logging for test 2019-03-19 13:07:12 +01:00
Michael Boelen 888df98af4
Updated log 2019-03-19 13:06:31 +01:00
Michael Boelen 303050dda3
[LOGG-2154] Adjusted test to search in configuration file correctly 2019-03-15 14:25:00 +01:00
Michael Boelen 306d9eaab6
Updated log 2019-03-15 14:24:42 +01:00
Michael Boelen a350dfec1b
Updated log 2019-03-15 14:01:48 +01:00
Michael Boelen 048815abc0
[SSH-7408] Increased values for MaxAuthRetries as sometimes SSH key-based authentication may need it 2019-03-15 14:00:47 +01:00
Michael Boelen b6b1f10901
Updated log 2019-03-15 13:53:06 +01:00
Michael Boelen 4a47bde240
Adjusted descriptions 2019-03-15 13:52:55 +01:00
Michael Boelen 89782f1e98
Add logging status of tool tips 2019-03-14 14:15:59 +01:00
Michael Boelen dac92d27bb
Updated log 2019-03-14 13:15:32 +01:00
Michael Boelen 703a856e82
Corrected blkid detection 2019-03-14 13:15:07 +01:00
Warren 0e8a12e208 Quote WORKDIR directory existence in lynis (#653) 
Quote both "${WORKDIR}/include" and "${WORKDIR}/db" directory existence check in if-statements to avoid "Fatal error: can't find directory" in case of a space-character in the ${WORKDIR} path.
 2019-03-14 12:34:17 +01:00
Michael Boelen 820666f448
Updated log 2019-03-14 12:33:35 +01:00
Michael Boelen 48195ce221
Initial work to detect Lynis in cronjobs 2019-03-14 12:32:19 +01:00
Michael Boelen 3e7b319ec7
Readability changes and show when plugin execution is skipped 2019-03-14 12:31:39 +01:00
Michael Boelen 3cf64ff5a6
Preparations for user tips to improve usage of tool 2019-03-14 12:30:37 +01:00
Michael Boelen f828a06bec
Corrected file location for tips 2019-03-14 10:45:08 +01:00
Michael Boelen 95c11f8270
[KRNL-5820] Changed color for default value - fixes GitHub #655 2019-03-11 14:06:17 +01:00
Michael Boelen a4b179e4ef
Switch to development for 2.7.3 2019-03-07 12:11:33 +01:00
Michael Boelen 0154473219
Release 2.7.2 2019-03-07 11:55:21 +01:00
Michael Boelen c83f87853f
Add new tests 2019-03-07 11:01:33 +01:00
Michael Boelen ec4d89b978
[BOOT-5122] don't use WARNING, but show NONE if no protection is implemented 2019-03-07 10:15:16 +01:00
chr0mag e33ca1ec58 [BOOT 5177] Simplify service filter & support multiple periods in names (#633) 
* Handle service names with multiple periods

The current awk filter produces truncated output if the service
name contains multiple periods.

eg. dbus-org.freedesktop.resolve1.service and
dbus-org.freedesktop.network1.service both appear as 'dbus-org' in
the resulting service list.

This change addresses this by filtering on '.service' instead.

* Simplify systemd service filtering

Added systemctl switches to filter the output based on enabled
or running services. This removes the need for one of the awk
statements.
 2019-03-07 10:10:21 +01:00
chr0mag 341612418f BOOT-5117 adds systemd-boot bootloader detection (#634) 
Adds a test to detect systemd-boot. The 'bootctl' binary is also
added as this is the utility used to inspect the systemd-boot
configuration.

This test is only executed if systemd is installed, the bootctl
utility exists and the system is booted in UEFI mode.
 2019-03-07 10:07:52 +01:00
silentcreek fb567465c9 [KRNL-5788] Fix false positive warning on missing /vmlinuz (#650) 
Not all architectures use a /vmlinuz symlink in Debian. For instance,
armhf systems may only provide a symlink in /boot/vmlinuz. Fall back to
testing /boot/vmlinuz if /vmlinuz is not found.

Signed-off-by: Timo Sigurdsson <public_timo.s@silentcreek.de>
 2019-03-07 10:05:12 +01:00
silentcreek 17f2e34660 [PKGS-7388] Fix false positive warning on missing security archive (#651) 
Currently the check for the security archive in Debian/Ubuntu fails, if
the archive is not hosted on security.{debian,ubuntu}.org and the URL
does have trailing slash, such as this:
  deb http://deb.debian.org/debian-security/ stretch/updates main

Change the regular expression to allow for a trailing slash in the URL
when filtering the package sources lists.

Signed-off-by: Timo Sigurdsson <public_timo.s@silentcreek.de>
 2019-03-07 10:03:11 +01:00
Jerry Park 89bf607498 Added Korean translation (#652) 
* Korean translation for ko-KR

Translation in Korean

* changed ko-KR to ko
 2019-03-07 10:01:02 +01:00
Michael Boelen 8888b01dcd
Store date and timestamp for EOL 2019-03-05 19:31:36 +01:00
Michael Boelen 32fc4a01b0
Corrected FreeBSD, added CentOS and OpenBSD 2019-03-05 19:31:11 +01:00
Michael Boelen 9b5ef7c80f
Updated log 2019-03-05 19:30:53 +01:00
jirib 0dafe4a02b better OpenBSD support (#641) 2019-03-05 19:03:44 +01:00
chr0mag 06bf77cb30 [FIRE-4540] Modify test to better measure rules (#636) 
This test was previously measuring the number of bytes (wc -c)
in the exported JSON which is likely not what was intended and
will lead to false positives anytime the number of bytes exceeds
16.

The export feature is poorly documented and requires the jansson
package on the target system to export as JSON - which may not
always be the case.

Lastly, 16 is an arbitrary and uncessarily high number. A simple
workstation firewall can have only 3 rules and be effective.

This commit makes use of 'nft list ruleset' instead of the export
command, strips out blank lines as well as table & chain headers
before measuring the number of lines in the output. Any result
with more than 3 rules is now considered non-empty. This is more
consistent with the equivalent iptables test case.
 2019-03-05 18:57:58 +01:00
Michael Boelen 19f38bc1ef
Updated entries 2019-03-04 13:40:40 +01:00
Michael Boelen 1214c24363
Updated log 2019-03-04 12:33:50 +01:00
Michael Boelen ff6446a5bc
Added 'show eol' command 2019-03-04 12:33:25 +01:00
Michael Boelen f7a291a62f
Use datestamps instead of date, due to compatibility with other platforms 2019-03-04 12:33:03 +01:00
Michael Boelen 9d8b12e0f8
Initial lookup with awk corrected 2019-03-04 12:13:47 +01:00
Michael Boelen e0b93ed0cc
Replace awk statement with grep to simplify search 2019-03-04 12:08:47 +01:00
Michael Boelen ab9a53169b
Updated log 2019-02-28 10:20:26 +01:00
Michael Boelen 19921ab001
Style improvements, typo, variable usage 2019-02-28 10:19:09 +01:00
chr0mag 353cf84413 [AUTH-9252] Sudo configuration file/folder check improvements (#637) 
* [AUTH-9252] Adds support for files in sudoers.d

This commit adds permission checks for files found in 'sudoers.d'.
Previously only the main 'sudoers' file is checked. Fixes #600.

* [AUTH-9252] Check drop-in directory permissions

The test case currently only checks file permissions. This adds
logic to check the drop-in directory permissions as well.

* [AUTH-9252] Check file/folder ownership

This test currently only checks file/directory permissions. This
commit adds checks to ensure sudo configuration files/folders are
owned with UID=0 and GID=0.
 2019-02-28 10:15:57 +01:00
dataking 76ec39176a Fix #638. (#640) 
* fix for issue #453; simply add RPi/Raspian path to PAM_FILE_LOCATIONS

* Only use data before # to handle inline comments in /etc/resolv.conf.
 2019-02-28 09:51:57 +01:00
Michael Boelen 7ae90d6405
Updated log 2019-02-26 16:16:35 +01:00