mirror of
https://github.com/CISOfy/lynis.git
synced 2025-12-08 05:30:12 +01:00
8e97fc5625
* Use PAM_DIRECTORY variable where appropriate * Skip checking FreeBSD/NetBSD pam.d/README as a PAM file FreeBSD and NetBSD install a README file in /etc/pam.d. Attempting to check this file as a PAM file just generates a lot of garbage exceptions in the log. * Handle 'include' as a PAM control-flag OpenPAM and some versions of Linux PAM can have a configuration where the control-flag is 'include'. Skip further processing as these files will be processed separately. * Add missing commonly seen specific PAMs Add some missing commonly seen specific PAMs from FreeBSD, NetBSD, and OS X/macOS. The OS X/macOS PAMs were taken from a 10.5 (Leopard) and 10.10 (Yosemite) system respectively. Both FreeBSD and NetBSD come with a pam_ssh PAM. Add a warning when found confitured as it presents a potential security risk (see pam_ssh(8) on FreeBSD/NetBSD).
##########################################################################
#
# This directory contains plugins
#
##########################################################################
General notes
---------------
Custom plugins should be added to this directory, so they are included
in an audit.
Notes:
- File permissions of a plugin should be 600, 640 or the least
restrictive 400.
- Each plugin should be enabled in the profile, before it will be
activated.
- Custom plugins should use a test ID's with a "CUS-" prefix.
A generic example can be found in the custom_plugin.template file,
which includes several code snippets to assist in creating customer
plugins.
Community plugins are available under a restricted license.
**************************************************************************
Would your plugin or individual test benefit Lynis and others?
Share and be part of the Free and Open Source Software community!
Support address: lynis-dev@cisofy.com
**************************************************************************