tyler.durden
/
lynis
mirror of https://github.com/CISOfy/lynis.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
lynis/plugins
History
Brian Ginsbach 8e97fc5625 Various PAM cleanups for FreeBSD, NetBSD, and macOS. (#454) 
* Use PAM_DIRECTORY variable where appropriate

* Skip checking FreeBSD/NetBSD pam.d/README as a PAM file

FreeBSD and NetBSD install a README file in /etc/pam.d.  Attempting
to check this file as a PAM file just generates a lot of garbage
exceptions in the log.

* Handle 'include' as a PAM control-flag

OpenPAM and some versions of Linux PAM can have a configuration
where the control-flag is 'include'.  Skip further processing as
these files will be processed separately.

* Add missing commonly seen specific PAMs

Add some missing commonly seen specific PAMs from FreeBSD, NetBSD,
and OS X/macOS. The OS X/macOS PAMs were taken from a 10.5 (Leopard)
and 10.10 (Yosemite) system respectively.

Both FreeBSD and NetBSD come with a pam_ssh PAM.  Add a warning
when found confitured as it presents a potential security risk (see
pam_ssh(8) on FreeBSD/NetBSD).
 		2017-09-04 15:32:57 +02:00
..
README Added note about community plugins and support address 2015-02-25 20:38:20 +01:00
custom_plugin.template [bulk change] cleaning up, code enhancements, initialization of variables, and new tests 2017-04-30 17:59:35 +02:00
plugin_pam_phase1 Various PAM cleanups for FreeBSD, NetBSD, and macOS. (#454) 2017-09-04 15:32:57 +02:00
plugin_systemd_phase1 [bulk change] cleaning up, code enhancements, initialization of variables, and new tests 2017-04-30 17:59:35 +02:00

README 

##########################################################################
#
# This directory contains plugins
#
##########################################################################


  General notes
  ---------------

  Custom plugins should be added to this directory, so they are included
  in an audit.

  Notes:

    - File permissions of a plugin should be 600, 640 or the least
      restrictive 400.
    - Each plugin should be enabled in the profile, before it will be
      activated.
    - Custom plugins should use a test ID's with a "CUS-" prefix.

    A generic example can be found in the custom_plugin.template file,
    which includes several code snippets to assist in creating customer
    plugins.

    Community plugins are available under a restricted license.


**************************************************************************
    Would your plugin or individual test benefit Lynis and others?
   Share and be part of the Free and Open Source Software community!

   Support address: lynis-dev@cisofy.com
**************************************************************************