mirror of https://github.com/CISOfy/lynis.git
449 lines
31 KiB
Plaintext
449 lines
31 KiB
Plaintext
#TestID:Type:Category:Group:Operating System:Description:
|
|
ACCT-2754:test:security:accounting:FreeBSD:Check for available FreeBSD accounting information:
|
|
ACCT-2760:test:security:accounting:OpenBSD:Check for available OpenBSD accounting information:
|
|
ACCT-9622:test:security:accounting:Linux:Check for available Linux accounting information:
|
|
ACCT-9626:test:security:accounting:Linux:Check for sysstat accounting data:
|
|
ACCT-9628:test:security:accounting:Linux:Check for auditd:
|
|
ACCT-9630:test:security:accounting:Linux:Check for auditd rules:
|
|
ACCT-9632:test:security:accounting:Linux:Check for auditd configuration file:
|
|
ACCT-9634:test:security:accounting:Linux:Check for auditd log file:
|
|
ACCT-9636:test:security:accounting:Linux:Check for Snoopy wrapper and logger:
|
|
ACCT-9650:test:security:accounting:Solaris:Check Solaris audit daemon:
|
|
ACCT-9652:test:security:accounting:Solaris:Check auditd SMF status:
|
|
ACCT-9654:test:security:accounting:Solaris:Check BSM auditing in /etc/system:
|
|
ACCT-9656:test:security:accounting:Solaris:Check BSM auditing in module list:
|
|
ACCT-9660:test:security:accounting:Solaris:Check location of audit events:
|
|
ACCT-9662:test:security:accounting:Solaris:Check Solaris auditing stats:
|
|
ACCT-9670:test:security:accounting:Linux:Check for cmd tooling:
|
|
ACCT-9672:test:security:accounting:Linux:Check cmd configuration file:
|
|
AUTH-9204:test:security:authentication::Check users with an UID of zero:
|
|
AUTH-9208:test:security:authentication::Check non-unique accounts in passwd file:
|
|
AUTH-9212:test:security:authentication::Test group file:
|
|
AUTH-9216:test:security:authentication::Check group and shadow group files:
|
|
AUTH-9218:test:security:authentication:FreeBSD:Check harmful login shells:
|
|
AUTH-9222:test:security:authentication::Check for non unique groups:
|
|
AUTH-9226:test:security:authentication::Check non unique group names:
|
|
AUTH-9228:test:security:authentication::Check password file consistency with pwck:
|
|
AUTH-9229:test:security:authentication::Check password hashing methods:
|
|
AUTH-9230:test:security:authentication::Check group password hashing rounds:
|
|
AUTH-9234:test:security:authentication::Query user accounts:
|
|
AUTH-9240:test:security:authentication::Query NIS+ authentication support:
|
|
AUTH-9242:test:security:authentication::Query NIS authentication support:
|
|
AUTH-9250:test:security:authentication::Checking sudoers file:
|
|
AUTH-9252:test:security:authentication::Check sudoers file:
|
|
AUTH-9254:test:security:authentication:Solaris:Solaris passwordless accounts:
|
|
AUTH-9262:test:security:authentication::Checking presence password strength testing tools (PAM):
|
|
AUTH-9264:test:security:authentication::Checking presence pam.conf:
|
|
AUTH-9266:test:security:authentication::Checking presence pam.d files:
|
|
AUTH-9268:test:security:authentication::Checking presence pam.d files:
|
|
AUTH-9278:test:security:authentication::Checking LDAP pam status:
|
|
AUTH-9282:test:security:authentication::Checking password protected account without expire date:
|
|
AUTH-9283:test:security:authentication::Checking accounts without password:
|
|
AUTH-9284:test:security:authentication::Checking locked user accounts in /etc/passwd:
|
|
AUTH-9286:test:security:authentication::Checking user password aging:
|
|
AUTH-9288:test:security:authentication::Checking for expired passwords:
|
|
AUTH-9304:test:security:authentication:Solaris:Check single user login configuration:
|
|
AUTH-9306:test:security:authentication:HP-UX:Check single boot authentication:
|
|
AUTH-9308:test:security:authentication:Linux:Check single user login configuration:
|
|
AUTH-9328:test:security:authentication::Default umask values:
|
|
AUTH-9340:test:security:authentication:Solaris:Solaris account locking:
|
|
AUTH-9402:test:security:authentication::Query LDAP authentication support:
|
|
AUTH-9406:test:security:authentication::Query LDAP servers in client configuration:
|
|
AUTH-9408:test:security:authentication::Logging of failed login attempts via /etc/login.defs:
|
|
AUTH-9409:test:security:authentication:OpenBSD:Check for doas file:
|
|
AUTH-9410:test:security:authentication:OpenBSD:Check for doas file permissions:
|
|
BANN-7113:test:security:banners:FreeBSD:Check COPYRIGHT banner file:
|
|
BANN-7124:test:security:banners::Check issue banner file:
|
|
BANN-7126:test:security:banners::Check issue banner file contents:
|
|
BANN-7128:test:security:banners::Check issue.net banner file:
|
|
BANN-7130:test:security:banners::Check issue.net banner file contents:
|
|
BOOT-5102:test:security:boot_services:AIX:Check for AIX boot device:
|
|
BOOT-5104:test:security:boot_services::Determine service manager:
|
|
BOOT-5106:test:security:boot_services:MacOS:Check EFI boot file on macOS:
|
|
BOOT-5108:test:security:boot_services:Linux:Test Syslinux boot loader:
|
|
BOOT-5109:test:security:boot_services:Linux:Test rEFInd boot loader:
|
|
BOOT-5116:test:security:boot_services::Check if system is booted in UEFI mode:
|
|
BOOT-5117:test:security:boot_services:Linux:Check for systemd-boot boot loader:
|
|
BOOT-5121:test:security:boot_services::Check for GRUB boot loader presence:
|
|
BOOT-5122:test:security:boot_services::Check for GRUB boot password:
|
|
BOOT-5124:test:security:boot_services:FreeBSD:Check for FreeBSD boot loader presence:
|
|
BOOT-5126:test:security:boot_services:NetBSD:Check for NetBSD boot loader presence:
|
|
BOOT-5139:test:security:boot_services::Check for LILO boot loader presence:
|
|
BOOT-5140:test:security:boot_services::Check for ELILO boot loader presence:
|
|
BOOT-5142:test:security:boot_services::Check SPARC Improved boot loader (SILO):
|
|
BOOT-5155:test:security:boot_services::Check for YABOOT boot loader configuration file:
|
|
BOOT-5159:test:security:boot_services:OpenBSD:Check for OpenBSD boot loader presence:
|
|
BOOT-5165:test:security:boot_services:FreeBSD:Check for FreeBSD boot services:
|
|
BOOT-5170:test:security:boot_services:Solaris:Check for Solaris boot daemons:
|
|
BOOT-5177:test:security:boot_services:Linux:Check for Linux boot and running services:
|
|
BOOT-5180:test:security:boot_services:Linux:Check for Linux boot services (Debian style):
|
|
BOOT-5184:test:security:boot_services::Check permissions for boot files/scripts:
|
|
BOOT-5202:test:security:boot_services::Check uptime of system:
|
|
BOOT-5260:test:security:boot_services::Check single user mode for systemd:
|
|
BOOT-5261:test:security:boot_services:DragonFly:Check for DragonFly boot loader presence:
|
|
BOOT-5262:test:security:boot_services:OpenBSD:Check for OpenBSD boot daemons:
|
|
BOOT-5263:test:security:boot_services:OpenBSD:Check permissions for boot files/scripts:
|
|
BOOT-5264:test:security:boot_services:Linux:Run systemd-analyze security:
|
|
CONT-8004:test:security:containers:Solaris:Query running Solaris zones:
|
|
CONT-8102:test:security:containers::Checking Docker status and information:
|
|
CONT-8104:test:security:containers::Checking Docker info for any warnings:
|
|
CONT-8106:test:security:containers::Gather basic stats from Docker:
|
|
CONT-8107:test:performance:containers::Check number of unused Docker containers:
|
|
CONT-8108:test:security:containers::Check file permissions for Docker files:
|
|
CORE-1000:test:performance:system_integrity::Check all system binaries:
|
|
CRYP-7902:test:security:crypto::Check expire date of SSL certificates:
|
|
CRYP-7930:test:security:crypto:Linux:Determine if system uses LUKS encryption:
|
|
CRYP-7931:test:security:crypto:Linux:Determine if system uses encrypted swap:
|
|
CRYP-8002:test:security:crypto:Linux:Gather kernel entropy:
|
|
CRYP-8004:test:security:crypto:Linux:Presence of hardware random number generators:
|
|
CRYP-8005:test:security:crypto:Linux:Presence of software pseudo random number generators:
|
|
CRYP-8006:test:security:crypto:Linux:Check MemoryOverwriteRequest bit to protect against cold-boot attacks:
|
|
DNS-1600:test:security:dns::Validating that the DNSSEC signatures are checked:
|
|
DBS-1804:test:security:databases::Checking active MySQL process:
|
|
DBS-1816:test:security:databases::Checking MySQL root password:
|
|
DBS-1818:test:security:databases::MongoDB status:
|
|
DBS-1820:test:security:databases::Check MongoDB authentication:
|
|
DBS-1826:test:security:databases::Checking active PostgreSQL processes:
|
|
DBS-1828:test:security:databases::PostgreSQL configuration files:
|
|
DBS-1840:test:security:databases::Checking active Oracle processes:
|
|
DBS-1860:test:security:databases::Checking active DB2 instances:
|
|
DBS-1880:test:security:databases::Checking active Redis processes:
|
|
DBS-1882:test:security:databases::Redis configuration file:
|
|
DBS-1884:test:security:databases::Redis configuration (requirepass):
|
|
DBS-1886:test:security:databases::Redis configuration (CONFIG command renamed):
|
|
DBS-1888:test:security:databases::Redis configuration (bind on localhost):
|
|
FILE-6310:test:security:filesystems::Checking /tmp, /home and /var directory:
|
|
FILE-6311:test:security:filesystems::Checking LVM volume groups:
|
|
FILE-6312:test:security:filesystems::Checking LVM volumes:
|
|
FILE-6323:test:security:filesystems:Linux:Checking EXT file systems:
|
|
FILE-6329:test:security:filesystems::Checking FFS/UFS file systems:
|
|
FILE-6330:test:security:filesystems:FreeBSD:Checking ZFS file systems:
|
|
FILE-6332:test:security:filesystems::Checking swap partitions:
|
|
FILE-6336:test:security:filesystems::Checking swap mount options:
|
|
FILE-6344:test:security:filesystems:Linux:Checking proc mount options:
|
|
FILE-6354:test:security:filesystems::Searching for old files in /tmp:
|
|
FILE-6362:test:security:filesystems::Checking /tmp sticky bit:
|
|
FILE-6363:test:security:filesystems::Checking /var/tmp sticky bit:
|
|
FILE-6368:test:security:filesystems:Linux:Checking ACL support on root file system:
|
|
FILE-6372:test:security:filesystems:Linux:Checking / mount options:
|
|
FILE-6374:test:security:filesystems:Linux:Linux mount options:
|
|
FILE-6376:test:security:filesystems:Linux:Determine if /var/tmp is bound to /tmp:
|
|
FILE-6394:test:performance:filesystems:Linux:Test swappiness of virtual memory:
|
|
FILE-6410:test:security:filesystems::Checking Locate database:
|
|
FILE-6430:test:security:filesystems::Disable mounting of some filesystems:
|
|
FILE-6439:test:security:filesystems:DragonFly:Checking HAMMER PFS mounts:
|
|
FILE-7524:test:security:file_permissions::Perform file permissions check:
|
|
FINT-4310:test:security:file_integrity::AFICK availability:
|
|
FINT-4314:test:security:file_integrity::AIDE availability:
|
|
FINT-4315:test:security:file_integrity::Check AIDE configuration file:
|
|
FINT-4316:test:security:file_integrity::Presence of AIDE database and size check:
|
|
FINT-4318:test:security:file_integrity::Osiris availability:
|
|
FINT-4322:test:security:file_integrity::Samhain availability:
|
|
FINT-4326:test:security:file_integrity::Tripwire availability:
|
|
FINT-4328:test:security:file_integrity::OSSEC syscheck daemon running:
|
|
FINT-4330:test:security:file_integrity::mtree availability:
|
|
FINT-4334:test:security:file_integrity::Check lfd daemon status:
|
|
FINT-4336:test:security:file_integrity::Check lfd configuration status:
|
|
FINT-4338:test:security:file_integrity::osqueryd syscheck daemon running:
|
|
FINT-4339:test:security:file_integrity:Linux:Check IMA/EVM Status
|
|
FINT-4340:test:security:file_integrity:Linux:Check dm-integrity status
|
|
FINT-4341:test:security:file_integrity:Linux:Check dm-verity status
|
|
FINT-4344:test:security:file_integrity::Wazuh syscheck daemon running:
|
|
FINT-4350:test:security:file_integrity::File integrity software installed:
|
|
FINT-4402:test:security:file_integrity::Checksums (SHA256 or SHA512):
|
|
FIRE-4502:test:security:firewalls:Linux:Check iptables kernel module:
|
|
FIRE-4508:test:security:firewalls::Check used policies of iptables chains:
|
|
FIRE-4512:test:security:firewalls::Check iptables for empty ruleset:
|
|
FIRE-4513:test:security:firewalls::Check iptables for unused rules:
|
|
FIRE-4518:test:security:firewalls::Check pf firewall components:
|
|
FIRE-4520:test:security:firewalls::Check pf configuration consistency:
|
|
FIRE-4524:test:security:firewalls::Check for CSF presence:
|
|
FIRE-4526:test:security:firewalls:Solaris:Check ipf status:
|
|
FIRE-4530:test:security:firewalls:FreeBSD:Check IPFW status:
|
|
FIRE-4532:test:security:firewalls:MacOS:Check macOS application firewall:
|
|
FIRE-4534:test:security:firewalls:MacOS:Check for outbound firewalls:
|
|
FIRE-4536:test:security:firewalls:Linux:Check nftables status:
|
|
FIRE-4538:test:security:firewalls:Linux:Check nftables basic configuration:
|
|
FIRE-4540:test:security:firewalls:Linux:Test for empty nftables configuration:
|
|
FIRE-4586:test:security:firewalls::Check firewall logging:
|
|
FIRE-4590:test:security:firewalls::Check firewall status:
|
|
FIRE-4594:test:security:firewalls::Check for APF presence:
|
|
HOME-9302:test:security:homedirs::Create list with home directories:
|
|
HOME-9304:test:security:homedirs::Test permissions of user home directories:
|
|
HOME-9306:test:security:homedirs::Test ownership of user home directories:
|
|
HOME-9310:test:security:homedirs::Checking for suspicious shell history files:
|
|
HOME-9350:test:security:homedirs::Collecting information from home directories:
|
|
HRDN-7220:test:security:hardening::Check if one or more compilers are installed:
|
|
HRDN-7222:test:security:hardening::Check compiler permissions:
|
|
HRDN-7230:test:security:hardening::Check for malware scanner:
|
|
HRDN-7231:test:security:hardening:Linux:Check for registered non-native binary formats:
|
|
HTTP-6622:test:security:webservers::Checking Apache presence:
|
|
HTTP-6624:test:security:webservers::Testing main Apache configuration file:
|
|
HTTP-6626:test:security:webservers::Testing other Apache configuration file:
|
|
HTTP-6632:test:security:webservers::Determining all available Apache modules:
|
|
HTTP-6640:test:security:webservers::Determining existence of specific Apache modules:
|
|
HTTP-6641:test:security:webservers::Determining existence of specific Apache modules:
|
|
HTTP-6643:test:security:webservers::Determining existence of specific Apache modules:
|
|
HTTP-6702:test:security:webservers::Check nginx process:
|
|
HTTP-6704:test:security:webservers::Check nginx configuration file:
|
|
HTTP-6706:test:security:webservers::Check for additional nginx configuration files:
|
|
HTTP-6708:test:security:webservers::Check discovered nginx configuration settings:
|
|
HTTP-6710:test:security:webservers::Check nginx SSL configuration settings:
|
|
HTTP-6712:test:security:webservers::Check nginx access logging:
|
|
HTTP-6714:test:security:webservers::Check for missing error logs in nginx:
|
|
HTTP-6716:test:security:webservers::Check for debug mode on error log in nginx:
|
|
HTTP-6720:test:security:webservers::Check Nginx log files:
|
|
INSE-8000:test:security:insecure_services::Installed inetd package:
|
|
INSE-8002:test:security:insecure_services::Status of inet daemon:
|
|
INSE-8004:test:security:insecure_services::Presence of inetd configuration file:
|
|
INSE-8006:test:security:insecure_services::Check configuration of inetd when it is disabled:
|
|
INSE-8016:test:security:insecure_services::Check for telnet via inetd:
|
|
INSE-8050:test:security:insecure_services:MacOS:Check for insecure services on macOS systems:
|
|
INSE-8100:test:security:insecure_services::Installed xinetd package:
|
|
INSE-8116:test:security:insecure_services::Insecure services enabled via xinetd:
|
|
INSE-8200:test:security:insecure_services::Usage of TCP wrappers:
|
|
INSE-8300:test:security:insecure_services::Presence of rsh client:
|
|
INSE-8302:test:security:insecure_services::Presence of rsh server:
|
|
INSE-8310:test:security:insecure_services::Presence of telnet client:
|
|
INSE-8322:test:security:insecure_services::Presence of telnet server:
|
|
INSE-8314:test:security:insecure_services::Presence of NIS client:
|
|
INSE-8316:test:security:insecure_services::Presence of NIS server:
|
|
INSE-8318:test:security:insecure_services::Presence of TFTP client:
|
|
INSE-8320:test:security:insecure_services::Presence of TFTP server:
|
|
KRNL-5622:test:security:kernel:Linux:Determine Linux default run level:
|
|
KRNL-5677:test:security:kernel:Linux:Check CPU options and support:
|
|
KRNL-5695:test:security:kernel:Linux:Determine Linux kernel version and release number:
|
|
KRNL-5723:test:security:kernel:Linux:Determining if Linux kernel is monolithic:
|
|
KRNL-5726:test:security:kernel:Linux:Checking Linux loaded kernel modules:
|
|
KRNL-5728:test:security:kernel:Linux:Checking Linux kernel config:
|
|
KRNL-5730:test:security:kernel:Linux:Checking disk I/O kernel scheduler:
|
|
KRNL-5745:test:security:kernel:FreeBSD:Checking FreeBSD loaded kernel modules:
|
|
KRNL-5770:test:security:kernel:Solaris:Checking active kernel modules:
|
|
KRNL-5788:test:security:kernel:Linux:Checking availability new Linux kernel:
|
|
KRNL-5820:test:security:kernel:Linux:Checking core dumps configuration:
|
|
KRNL-5830:test:security:kernel:Linux:Checking if system is running on the latest installed kernel:
|
|
KRNL-5831:test:security:kernel:DragonFly:Checking DragonFly loaded kernel modules:
|
|
KRNL-6000:test:security:kernel_hardening::Check sysctl key pairs in scan profile:
|
|
LDAP-2219:test:security:ldap::Check running OpenLDAP instance:
|
|
LDAP-2224:test:security:ldap::Check presence slapd.conf:
|
|
LOGG-2130:test:security:logging::Check for running syslog daemon:
|
|
LOGG-2132:test:security:logging::Check for running syslog-ng daemon:
|
|
LOGG-2134:test:security:logging::Checking Syslog-NG configuration file consistency:
|
|
LOGG-2136:test:security:logging::Check for running systemd journal daemon:
|
|
LOGG-2138:test:security:logging:Linux:Checking kernel logger daemon on Linux:
|
|
LOGG-2142:test:security:logging:Linux:Checking minilog daemon:
|
|
LOGG-2146:test:security:logging::Checking logrotate.conf and logrotate.d:
|
|
LOGG-2148:test:security:logging::Checking logrotated files:
|
|
LOGG-2150:test:security:logging::Checking directories in logrotate configuration:
|
|
LOGG-2152:test:security:logging::Checking loghost:
|
|
LOGG-2153:test:security:logging::Checking loghost is not localhost:
|
|
LOGG-2154:test:security:logging::Checking syslog configuration file:
|
|
LOGG-2160:test:security:logging::Checking /etc/newsyslog.conf:
|
|
LOGG-2162:test:security:logging::Checking directories in /etc/newsyslog.conf:
|
|
LOGG-2164:test:security:logging::Checking files specified /etc/newsyslog.conf:
|
|
LOGG-2170:test:security:logging::Checking log paths:
|
|
LOGG-2180:test:security:logging::Checking open log files:
|
|
LOGG-2190:test:security:logging::Checking for deleted files in use:
|
|
LOGG-2192:test:security:logging::Checking for opened log files that are empty:
|
|
LOGG-2210:test:security:logging::Check for running metalog daemon:
|
|
LOGG-2230:test:security:logging::Check for running RSyslog daemon:
|
|
LOGG-2240:test:security:logging::Check for running RFC 3195 compliant daemon:
|
|
MACF-6204:test:security:mac_frameworks::Check AppArmor presence:
|
|
MACF-6208:test:security:mac_frameworks::Check if AppArmor is enabled:
|
|
MACF-6232:test:security:mac_frameworks::Check SELINUX presence:
|
|
MACF-6234:test:security:mac_frameworks::Check SELINUX status:
|
|
MACF-6240:test:security:mac_frameworks::Detection of TOMOYO binary:
|
|
MACF-6242:test:security:mac_frameworks::Status of TOMOYO MAC framework:
|
|
MACF-6290:test:security:mac_frameworks::Check for implemented MAC framework:
|
|
MAIL-8802:test:security:mail_messaging::Check Exim status:
|
|
MAIL-8804:test:security:mail_messaging::Exim configuration:
|
|
MAIL-8814:test:security:mail_messaging::Check postfix process status:
|
|
MAIL-8816:test:security:mail_messaging::Check Postfix configuration:
|
|
MAIL-8817:test:security:mail_messaging::Check Postfix configuration errors:
|
|
MAIL-8818:test:security:mail_messaging::Postfix banner:
|
|
MAIL-8820:test:security:mail_messaging::Postfix configuration:
|
|
MAIL-8838:test:security:mail_messaging::Check dovecot process:
|
|
MAIL-8860:test:security:mail_messaging::Check Qmail status:
|
|
MAIL-8880:test:security:mail_messaging::Check Sendmail status:
|
|
MAIL-8920:test:security:mail_messaging::Check OpenSMTPD status:
|
|
MALW-3274:test:security:malware::Check for McAfee VirusScan Command Line Scanner:
|
|
MALW-3275:test:security:malware::Check for chkrootkit:
|
|
MALW-3276:test:security:malware::Check for Rootkit Hunter:
|
|
MALW-3278:test:security:malware::Check for LMD:
|
|
MALW-3280:test:security:malware::Check if anti-virus tool is installed:
|
|
MALW-3282:test:security:malware::Check for clamscan:
|
|
MALW-3284:test:security:malware::Check for clamd:
|
|
MALW-3286:test:security:malware::Check for freshclam:
|
|
MALW-3288:test:security:malware::Check for ClamXav:
|
|
MALW-3290:test:security:malware::Presence of malware scanner:
|
|
NAME-4016:test:security:nameservices::Check /etc/resolv.conf default domain:
|
|
NAME-4018:test:security:nameservices::Check /etc/resolv.conf search domains:
|
|
NAME-4020:test:security:nameservices::Check non default options:
|
|
NAME-4024:test:security:nameservices:Solaris:Solaris uname -n output:
|
|
NAME-4026:test:security:nameservices:Solaris:Check /etc/nodename:
|
|
NAME-4028:test:security:nameservices::Check domain name:
|
|
NAME-4032:test:security:nameservices::Check nscd status:
|
|
NAME-4034:test:security:nameservices::Check Unbound status:
|
|
NAME-4036:test:security:nameservices::Check Unbound configuration file:
|
|
NAME-4202:test:security:nameservices::Check BIND status:
|
|
NAME-4204:test:security:nameservices::Search BIND configuration file:
|
|
NAME-4206:test:security:nameservices::Check BIND configuration consistency:
|
|
NAME-4210:test:security:nameservices::Check DNS banner:
|
|
NAME-4230:test:security:nameservices::Check PowerDNS status:
|
|
NAME-4232:test:security:nameservices::Search PowerDNS configuration file:
|
|
NAME-4236:test:security:nameservices::Check PowerDNS backends:
|
|
NAME-4238:test:security:nameservices::Check PowerDNS authoritative status:
|
|
NAME-4304:test:security:nameservices::Check NIS ypbind status:
|
|
NAME-4306:test:security:nameservices::Check NIS domain:
|
|
NAME-4402:test:security:nameservices::Check duplicate line in /etc/hosts:
|
|
NAME-4404:test:security:nameservices::Check /etc/hosts contains an entry for this server name:
|
|
NAME-4406:test:security:nameservices::Check server hostname mapping:
|
|
NAME-4408:test:security:nameservices::Check localhost to IP mapping:
|
|
NETW-2400:test:basics:networking::Test hostname for valid characters and length:
|
|
NETW-2600:test:security:networking:Linux:Checking IPv6 configuration:
|
|
NETW-2704:test:security:networking::Basic nameserver configuration tests:
|
|
NETW-2705:test:security:networking::Check availability two nameservers:
|
|
NETW-2706:test:security:networking::Check DNSSEC status:
|
|
NETW-3001:test:security:networking::Find default gateway (route):
|
|
NETW-3004:test:security:networking::Search available network interfaces:
|
|
NETW-3006:test:security:networking::Get network MAC addresses:
|
|
NETW-3008:test:security:networking::Get network IP addresses:
|
|
NETW-3012:test:security:networking::Check listening ports:
|
|
NETW-3014:test:security:networking::Checking promiscuous interfaces (BSD):
|
|
NETW-3015:test:security:networking:Linux:Checking promiscuous interfaces (Linux):
|
|
NETW-3028:test:security:networking::Checking connections in WAIT state:
|
|
NETW-3030:test:security:networking::Checking DHCP client status:
|
|
NETW-3032:test:security:networking:Linux:Checking for ARP monitoring software:
|
|
NETW-3200:test:security:networking::Determine available network protocols:
|
|
PHP-2211:test:security:php::Check php.ini presence:
|
|
PHP-2320:test:security:php::Check PHP disabled functions:
|
|
PHP-2368:test:security:php::Check PHP register_globals option:
|
|
PHP-2372:test:security:php::Check PHP expose_php option:
|
|
PHP-2374:test:security:php::Check PHP enable_dl option:
|
|
PHP-2376:test:security:php::Check PHP allow_url_fopen option:
|
|
PHP-2378:test:security:php::Check PHP allow_url_include option:
|
|
PHP-2379:test:security:php::Check PHP suhosin extension status:
|
|
PHP-2382:test:security:php::Check PHP listen option:
|
|
PKGS-7200:test:security:ports_packages:Linux:Check Alpine Package Keeper (apk):
|
|
PKGS-7301:test:security:ports_packages::Query NetBSD pkg:
|
|
PKGS-7302:test:security:ports_packages::Query FreeBSD/NetBSD pkg_info:
|
|
PKGS-7303:test:security:ports_packages::Query brew package manager:
|
|
PKGS-7304:test:security:ports_packages::Querying Gentoo packages:
|
|
PKGS-7306:test:security:ports_packages:Solaris:Querying Solaris packages:
|
|
PKGS-7308:test:security:ports_packages::Checking package list with RPM:
|
|
PKGS-7310:test:security:ports_packages::Checking package list with pacman:
|
|
PKGS-7312:test:security:ports_packages::Checking available updates for pacman based system:
|
|
PKGS-7314:test:security:ports_packages::Checking pacman configuration options:
|
|
PKGS-7320:test:security:ports_packages:Linux:Check presence of arch-audit for Arch Linux:
|
|
PKGS-7322:test:security:ports_packages:Linux:Discover vulnerable packages on Arch Linux:
|
|
PKGS-7328:test:security:ports_packages::Querying Zypper for installed packages:
|
|
PKGS-7330:test:security:ports_packages::Querying Zypper for vulnerable packages:
|
|
PKGS-7332:test:security:ports_packages::Detection of macOS ports and packages:
|
|
PKGS-7334:test:security:ports_packages::Detection of available updates for macOS ports:
|
|
PKGS-7345:test:security:ports_packages::Querying dpkg:
|
|
PKGS-7346:test:security:ports_packages::Search unpurged packages on system:
|
|
PKGS-7348:test:security:ports_packages:FreeBSD:Check for old distfiles:
|
|
PKGS-7350:test:security:ports_packages::Checking for installed packages with DNF utility:
|
|
PKGS-7352:test:security:ports_packages::Checking for security updates with DNF utility:
|
|
PKGS-7354:test:security:ports_packages::Checking package database integrity:
|
|
PKGS-7366:test:security:ports_packages::Checking for debsecan utility:
|
|
PKGS-7370:test:security:ports_packages::Checking for debsums utility:
|
|
PKGS-7378:test:security:ports_packages::Query portmaster for port upgrades:
|
|
PKGS-7380:test:security:ports_packages:NetBSD:Check for vulnerable NetBSD packages:
|
|
PKGS-7381:test:security:ports_packages::Check for vulnerable FreeBSD packages with pkg:
|
|
PKGS-7382:test:security:ports_packages::Check for vulnerable FreeBSD packages with portaudit:
|
|
PKGS-7383:test:security:ports_packages::Check for YUM package Update management:
|
|
PKGS-7384:test:security:ports_packages::Check for YUM utils package:
|
|
PKGS-7386:test:security:ports_packages::Check for YUM security package:
|
|
PKGS-7387:test:security:ports_packages::Check for GPG signing in YUM security package:
|
|
PKGS-7388:test:security:ports_packages::Check security repository in Debian/ubuntu apt sources.list file:
|
|
PKGS-7390:test:security:ports_packages:Linux:Check Ubuntu database consistency:
|
|
PKGS-7392:test:security:ports_packages:Linux:Check for Debian/Ubuntu security updates:
|
|
PKGS-7393:test:security:ports_packages::Check for Gentoo vulnerable packages:
|
|
PKGS-7394:test:security:ports_packages:Linux:Check for Ubuntu updates:
|
|
PKGS-7395:test:security:ports_packages:Linux:Check Alpine upgradeable packages:
|
|
PKGS-7398:test:security:ports_packages::Check for package audit tool:
|
|
PKGS-7410:test:security:ports_packages::Count installed kernel packages:
|
|
PKGS-7420:test:security:ports_packages::Detect toolkit to automatically download and apply upgrades:
|
|
PRNT-2302:test:security:printers_spools:FreeBSD:Check for printcap consistency:
|
|
PRNT-2304:test:security:printers_spools::Check cupsd status:
|
|
PRNT-2306:test:security:printers_spools::Check CUPSd configuration file:
|
|
PRNT-2307:test:security:printers_spools::Check CUPSd configuration file permissions:
|
|
PRNT-2308:test:security:printers_spools::Check CUPSd network configuration:
|
|
PRNT-2314:test:security:printers_spools::Check lpd status:
|
|
PRNT-2316:test:security:printers_spools:AIX:Checking /etc/qconfig file:
|
|
PRNT-2418:test:security:printers_spools:AIX:Checking qdaemon printer spooler status:
|
|
PRNT-2420:test:security:printers_spools:AIX:Checking old print jobs:
|
|
PROC-3602:test:security:memory_processes:Linux:Checking /proc/meminfo for memory details:
|
|
PROC-3604:test:security:memory_processes:Solaris:Query prtconf for memory details:
|
|
PROC-3612:test:security:memory_processes::Check dead or zombie processes:
|
|
PROC-3614:test:security:memory_processes::Check heavy IO waiting based processes:
|
|
PROC-3802:test:security:memory_processes::Check presence of prelink tooling:
|
|
RBAC-6272:test:security:mac_frameworks::Check grsecurity presence:
|
|
SCHD-7702:test:security:scheduling::Check status of cron daemon:
|
|
SCHD-7704:test:security:scheduling::Check crontab/cronjobs:
|
|
SCHD-7718:test:security:scheduling::Check at users:
|
|
SCHD-7720:test:security:scheduling::Check at users:
|
|
SCHD-7724:test:security:scheduling::Check at jobs:
|
|
SHLL-6202:test:security:shells:FreeBSD:Check console TTYs:
|
|
SHLL-6211:test:security:shells::Checking available and valid shells:
|
|
SHLL-6220:test:security:shells::Checking available and valid shells:
|
|
SHLL-6230:test:security:shells::Perform umask check for shell configurations:
|
|
SINT-7010:test:security:system_integrity:MacOS:System Integrity Status:
|
|
SNMP-3302:test:security:snmp::Check for running SNMP daemon:
|
|
SNMP-3304:test:security:snmp::Check SNMP daemon file location:
|
|
SNMP-3306:test:security:snmp::Check SNMP communities:
|
|
SQD-3602:test:security:squid::Check for running Squid daemon:
|
|
SQD-3604:test:security:squid::Check Squid daemon file location:
|
|
SQD-3606:test:security:squid::Check Squid version:
|
|
SQD-3610:test:security:squid::Check Squid version:
|
|
SQD-3613:test:security:squid::Check Squid file permissions:
|
|
SQD-3614:test:security:squid::Check Squid authentication methods:
|
|
SQD-3616:test:security:squid::Check external Squid authentication:
|
|
SQD-3620:test:security:squid::Check Squid access control lists:
|
|
SQD-3624:test:security:squid::Check Squid safe ports:
|
|
SQD-3630:test:security:squid::Check Squid reply_body_max_size option:
|
|
SQD-3680:test:security:squid::Check Squid version suppression:
|
|
SSH-7402:test:security:ssh::Check for running SSH daemon:
|
|
SSH-7404:test:security:ssh::Check SSH daemon file location:
|
|
SSH-7406:test:security:ssh::Detection of OpenSSH server version:
|
|
SSH-7408:test:security:ssh::Check SSH specific defined options:
|
|
SSH-7440:test:security:ssh::AllowUsers and AllowGroups:
|
|
STRG-1846:test:security:storage:Linux:Check if firewire storage is disabled:
|
|
STRG-1902:test:security:storage_nfs::Check rpcinfo registered programs:
|
|
STRG-1904:test:security:storage_nfs::Check nfs rpc:
|
|
STRG-1906:test:security:storage_nfs::Check nfs rpc:
|
|
STRG-1920:test:security:storage_nfs::Checking NFS daemon:
|
|
STRG-1926:test:security:storage_nfs::Checking NFS exports:
|
|
STRG-1928:test:security:storage_nfs::Checking empty /etc/exports:
|
|
STRG-1930:test:security:storage_nfs::Check client access to nfs share:
|
|
TIME-3104:test:security:time::Check for running NTP daemon or client:
|
|
TIME-3106:test:security:time::Check systemd NTP time synchronization status:
|
|
TIME-3112:test:security:time::Check active NTP associations ID's:
|
|
TIME-3116:test:security:time::Check peers with stratum value of 16:
|
|
TIME-3120:test:security:time::Check unreliable NTP peers:
|
|
TIME-3124:test:security:time::Check selected time source:
|
|
TIME-3128:test:security:time::Check preffered time source:
|
|
TIME-3132:test:security:time::Check NTP falsetickers:
|
|
TIME-3136:test:security:time:Linux:Check NTP protocol version:
|
|
TIME-3148:test:performance:time:Linux:Check TZ variable:
|
|
TIME-3160:test:security:time:Linux:Check empty NTP step-tickers:
|
|
TIME-3170:test:security:time::Check configuration files:
|
|
TIME-3180:test:security:time::Report if ntpctl cannot communicate with OpenNTPD:
|
|
TIME-3181:test:security:time::Check status of OpenNTPD time synchronisation
|
|
TIME-3182:test:security:time::Check OpenNTPD has working peers
|
|
TIME-3185:test:security:time::Check systemd-timesyncd synchronized time
|
|
TOOL-5002:test:security:tooling::Checking for automation tools:
|
|
TOOL-5102:test:security:tooling::Check for presence of Fail2ban:
|
|
TOOL-5104:test:security:tooling::Enabled tests for Fail2ban:
|
|
TOOL-5120:test:security:tooling::Presence of Snort IDS:
|
|
TOOL-5122:test:security:tooling::Snort IDS configuration file:
|
|
TOOL-5128:test:security:tooling::Check for active Wazuh daemon:
|
|
TOOL-5130:test:security:tooling::Check for active Suricata daemon:
|
|
TOOL-5126:test:security:tooling::Check for active OSSEC daemon:
|
|
TOOL-5190:test:security:tooling::Check presence of available IDS/IPS tooling:
|
|
USB-1000:test:security:storage:Linux:Check if USB storage is disabled:
|
|
USB-2000:test:security:storage:Linux:Check USB authorizations:
|
|
USB-3000:test:security:storage:Linux:Check for presence of USBGuard:
|
|
# EOF
|