View | Details | Raw Unified | Return to bug 46322
Collapse All | Expand All

(-)lynis-3.0.0/CHANGELOG.md (-19 / +198 lines)
Lines 1-5 Link Here
1
# Lynis Changelog
1
# Lynis Changelog
2
2
3
## Lynis 3.0.8 (2022-05-17)
4
5
### Added
6
- MALW-3274 - Detect McAfee VirusScan Command Line Scanner
7
- PKGS-7346 Check Alpine Package Keeper (apk)
8
- PKGS-7395 Check Alpine upgradeable packages
9
- EOL for Alpine Linux 3.14 and 3.15
10
11
### Changed
12
- AUTH-9408 - Check for pam_faillock as well (replacement for pam_tally2)
13
- FILE-7524 - Test enhanced to support symlinks
14
- HTTP-6643 - Support ModSecurity version 2 and 3
15
- KRNL-5788 - Only run relevant tests and improved logging
16
- KRNL-5820 - Additional path for security/limits.conf
17
- KRNL-5830 - Check for /var/run/needs_restarting (Slackware)
18
- KRNL-5830 - Add a presence check for /boot/vmlinuz
19
- PRNT-2308 - Bugfix that prevented test from storing values correctly
20
- Extended location of PAM files for AARCH64
21
- Some messages in log improved
22
23
---------------------------------------------------------------------------------
24
25
## Lynis 3.0.7 (2022-01-18)
26
27
### Added
28
- MALW-3290 - Show status of malware components
29
- OS detection for RHEL 6 and Funtoo Linux
30
- Added service manager openrc
31
32
### Changed
33
- DBS-1804 - Added alias for MariaDB
34
- FINT-4316 - Support for newer Ubuntu versions
35
- MALW-3280 - Added Trend Micro malware agent
36
- NETW-3200 - Allow unknown number of spaces in modprobe blacklists
37
- PKGS-7320 - Support for Garuda Linux and arch-audit
38
- Several improvements for busybox shell
39
- Russian translation of Lynis extended
40
41
---------------------------------------------------------------------------------
42
43
## Lynis 3.0.6 (2021-07-22)
44
45
### Added
46
- OS detection: Artix Linux, macOS Monterey, NethServer, openSUSE MicroOS
47
- Check for outdated translation files
48
49
### Changed
50
- DBS-1826 - Check if PostgreSQL is being used
51
- DBS-1828 - Test multiple PostgreSQL configuration file(s)
52
- KRNL-5830 - Sort kernels by version instead of modification date
53
- PKGS-7410 - Don't show exception for systems using LXC
54
- GetHostID function: fallback options added for Linux systems
55
- Fix: macOS Big Sur detection
56
- Fix: show correct text when egrep is missing
57
- Fix: variable name for PostgreSQL
58
- German and Spanish translations extended
59
60
---------------------------------------------------------------------------------
61
62
## Lynis 3.0.5 (2021-07-02)
63
64
### Added
65
- OS detection of Arch Linux 32, BunsenLabs Linux, and Rocky Linux
66
- CRYP-8006 - Check MemoryOverwriteRequest bit to protect against cold-boot attacks (Linux)
67
68
### Changed
69
- ACCT-9622 - Corrected typo
70
- HRDN-7231 - When calling wc, use the short -l flag instead of --lines (Busybox compatibility)
71
- PKGS-7320 - extended to Arch Linux 32
72
- Generation of host identifiers (hostid/hostid2) extended
73
- Linux host identifiers are now using ip as preferred input source
74
- Improved logging in several areas
75
76
---------------------------------------------------------------------------------
77
78
## Lynis 3.0.4 (2021-05-11)
79
80
### Added
81
- ACCT-9670 - Detection of cmd tooling
82
- ACCT-9672 - Test cmd configuration file
83
- BOOT-5140 - Check for ELILO boot loader presence
84
- OS detection of AlmaLinux, Garuda Linux, Manjaro (ARM), and others
85
86
### Changed
87
- BOOT-5104 - Add service manager detection support for runit
88
- FILE-6430 - Report suggestion only when at least one kernel module is not in the blacklist
89
- FIRE-4540 - Corrected nftables empy ruleset test
90
- LOGG-2138 - Do not check for klogd when metalog is being used
91
- TIME-3185 - Improved support for Debian stretch
92
- Corrected issue when Lynis is not executed directly from lynis directory
93
94
---------------------------------------------------------------------------------
95
96
## Lynis 3.0.3 (2021-01-07)
97
98
### Added
99
- HRDN-7231 - Check for registered non-native binary formats
100
- OS detection of Parrot GNU/Linux
101
102
### Changed
103
- DBS-1816  - Force test to check only password authentication
104
- KRNL-5677 - Support for NetBSD
105
- Bugfix: command 'configure settings' did not work as intended
106
107
---------------------------------------------------------------------------------
108
109
## Lynis 3.0.2 (2020-12-24)
110
111
### Added
112
- AUTH-9284 - Scan for locked user accounts in /etc/passwd
113
- LOGG-2153 - Loghost configuration
114
- TOOL-5130 - Check for active Suricata daemon
115
- OS detection of Flatcar, IPFire, Mageia, NixOS, ROSA Linux, SLES (extended), Void Linux, Zorin OS
116
- OS detection of OpenIndiana (Hipster and Legacy), Shillix, SmartOS, Tribblix, and others
117
- EOL dates for Alpine, macOS, Mageia, OmniosCE, and Solaris 11
118
- Support for Solaris svcs (service manager)
119
- Enumeration of Solaris services
120
121
### Changed
122
- ACCT-9626 - Detect sysstat systemd unit
123
- AUTH-9230 - Only fail if both SHA_CRYPT_MIN_ROUNDS and SHA_CRYPT_MAX_ROUNDS are undefined
124
- BOOT-5184 - Support for Solaris
125
- KRNL-5830 - Improved reboot test by ignoring known bad values
126
- KRNL-5830 - Ignore rescue kernel such as on CentOS systems
127
- KRNL-5830 - Detection of Alpine Linux kernel
128
- NETW-2400 - Compatibility change for hostname check
129
- NETW-3012 - Support for Solaris
130
- PKGS-7410 - Don't show exception if no kernels were found on the disk
131
- TIME-3185 - Supports now checking files at multiple locations (systemd)
132
- ParseNginx function: Support include on absolute paths
133
- ParseNginx function: Ignore empty included wildcards
134
- Set 'RHEL' as OS_NAME for Red Hat Enterprise Linux
135
- HostID: Use first e1000 interface and break after match
136
- Translations extended and updated
137
- Test if pgrep exists before using it
138
- Better support for busybox shell
139
- Small code enhancements
140
141
---------------------------------------------------------------------------------
142
143
## Lynis 3.0.1 (2020-10-05)
144
145
### Added
146
- Detection of Alpine Linux
147
- Detection of CloudLinux
148
- Detection of Kali Linux
149
- Detection of Linux Mint
150
- Detection of macOS Big Sur (11.0)
151
- Detection of Pop!_OS
152
- Detection of PHP 7.4
153
- Malware detection tool: Microsoft Defender ATP
154
- New flag: --slow-warning to allow tests more time before showing a warning
155
- Test TIME-3185 to check systemd-timesyncd synchronized time
156
- rsh host file permissions
157
158
### Changed
159
- AUTH-9229 - Added option for LOCKED accounts and bugfix for older bash versions
160
- BOOT-5122 - Presence check for grub.d added
161
- CRYP-7902 - Added support for certificates in DER format
162
- CRYP-7931 - Added data to report
163
- CRYP-7931 - Redirect errors (e.g. when swap is not encrypted)
164
- FILE-6430 - Don't grep nonexistent modprobe.d files
165
- FIRE-4535 - Set initial firewall state
166
- INSE-8312 - Corrected text on screen
167
- KRNL-5728 - Handle zipped kernel configuration correctly
168
- KRNL-5830 - Improved version detection for non-symlinked kernel
169
- MALW-3280 - Extended detection of BitDefender
170
- TIME-3104 - Find more time synchronization commands
171
- TIME-3182 - Corrected detection of time peers
172
- Fix: hostid generation routine would sometimes show too short IDs
173
- Fix: language detection
174
- Generic improvements for macOS
175
- German translation updated
176
- End-of-life database updated
177
- Several minor code enhancements
178
179
---------------------------------------------------------------------------------
180
3
## Lynis 3.0.0 (2020-06-18)
181
## Lynis 3.0.0 (2020-06-18)
4
182
5
This is a major release of Lynis and includes several big changes.
183
This is a major release of Lynis and includes several big changes.
Lines 101-107 Link Here
101
- AUTH-9268 - Perform test also on DragonFly, FreeBSD, and NetBSD
279
- AUTH-9268 - Perform test also on DragonFly, FreeBSD, and NetBSD
102
- AUTH-9282 - fix: temporary variable was overwritten
280
- AUTH-9282 - fix: temporary variable was overwritten
103
- AUTH-9408 - added support for pam_tally2 to log failed logins
281
- AUTH-9408 - added support for pam_tally2 to log failed logins
104
- AUTH-9489 - test removedd as it is merged with AUTH-9218
282
- AUTH-9489 - test removed as it is merged with AUTH-9218
105
- BANN-7126 - additional words for login banner are accepted
283
- BANN-7126 - additional words for login banner are accepted
106
- BOOT-5122 - check for defined password in all GRUB configuration files
284
- BOOT-5122 - check for defined password in all GRUB configuration files
107
- CONT-8106 - support newer 'docker info' output
285
- CONT-8106 - support newer 'docker info' output
Lines 128-133 Link Here
128
- KRNL-5820 - extended check to include limits.d directory
306
- KRNL-5820 - extended check to include limits.d directory
129
- KRNL-5830 - skip test partially when running non-privileged
307
- KRNL-5830 - skip test partially when running non-privileged
130
- KRNL-5830 - detect required reboots on Raspbian
308
- KRNL-5830 - detect required reboots on Raspbian
309
- KRNL-6000 - check more sysctls
131
- LOGG-2154 - added support for rsyslog configurations
310
- LOGG-2154 - added support for rsyslog configurations
132
- LOGG-2190 - skip mysqld related entries
311
- LOGG-2190 - skip mysqld related entries
133
- MACF-6234 - SELinux tests extended
312
- MACF-6234 - SELinux tests extended
Lines 387-393 Link Here
387
* [AUTH-9308] - Made 'sulogin' more generic for systemd rescue shell
566
* [AUTH-9308] - Made 'sulogin' more generic for systemd rescue shell
388
* [DNS-1600]  - Initial work on DNSSEC validation testing
567
* [DNS-1600]  - Initial work on DNSSEC validation testing
389
* [NETW-2704] - Added support for local resolver 127.0.0.53
568
* [NETW-2704] - Added support for local resolver 127.0.0.53
390
* [PHP-2379]  - Suhosin test disbled
569
* [PHP-2379]  - Suhosin test disabled
391
* [SSH-7408]  - Removed 'DELAYED' from OpenSSH Compression setting
570
* [SSH-7408]  - Removed 'DELAYED' from OpenSSH Compression setting
392
* [TIME-3160] - Improvements to detect step-tickers file and entries
571
* [TIME-3160] - Improvements to detect step-tickers file and entries
393
572
Lines 634-640 Link Here
634
* Renamed some variables to better indicate their purpose (counting, data type)
813
* Renamed some variables to better indicate their purpose (counting, data type)
635
* Removal of unused code and comments
814
* Removal of unused code and comments
636
* Deleted unused tests from database file
815
* Deleted unused tests from database file
637
* Correct levels of identation
816
* Correct levels of indentation
638
* Support for older mac OS X versions (Lion and Mountain Lion)
817
* Support for older mac OS X versions (Lion and Mountain Lion)
639
* Initialized variables for more binaries
818
* Initialized variables for more binaries
640
* Additional sysctls are tested
819
* Additional sysctls are tested
Lines 1295-1301 Link Here
1295
* AddSetting            - New function to store settings (lynis show settings)
1474
* AddSetting            - New function to store settings (lynis show settings)
1296
* ContainsString        - New function to search for a string in another one
1475
* ContainsString        - New function to search for a string in another one
1297
* Display               - Added --debug, showing details on screen in debug mode
1476
* Display               - Added --debug, showing details on screen in debug mode
1298
                        - Reset identation for lines which are too long
1477
                        - Reset indentation for lines which are too long
1299
* DisplayToolTip        - New function to display tooltips
1478
* DisplayToolTip        - New function to display tooltips
1300
* IsDebug               - Check for usage of --debug
1479
* IsDebug               - Check for usage of --debug
1301
* IsDeveloperMode       - Status for development and debugging (--developer)
1480
* IsDeveloperMode       - Status for development and debugging (--developer)
Lines 1368-1374 Link Here
1368
------------
1547
------------
1369
The biggest change in this release is the optimization of several functions. It
1548
The biggest change in this release is the optimization of several functions. It
1370
allows for better detection, and dealing with the quirks, of every single
1549
allows for better detection, and dealing with the quirks, of every single
1371
operating system. Some functions were fortified to handle unexcepted results
1550
operating system. Some functions were fortified to handle unexpected results
1372
better, like missing a particular binary, or not returning the hostname.
1551
better, like missing a particular binary, or not returning the hostname.
1373
1552
1374
This release also enables tests to be shorter, by adding new functions. Some
1553
This release also enables tests to be shorter, by adding new functions. Some
Lines 1646-1652 Link Here
1646
files. Related tests are FINT-4334 and FINT-4336.
1825
files. Related tests are FINT-4334 and FINT-4336.
1647
1826
1648
Added support for Chrony time daemon and timesync daemon. Additionally NTP
1827
Added support for Chrony time daemon and timesync daemon. Additionally NTP
1649
sychronization status is checked when it is enabled.
1828
synchronization status is checked when it is enabled.
1650
1829
1651
Improved single user mode protection on the rescue.service file.
1830
Improved single user mode protection on the rescue.service file.
1652
1831
Lines 2228-2234 Link Here
2228
 Changes:
2407
 Changes:
2229
 - Ignore interfaces aliases for HostID
2408
 - Ignore interfaces aliases for HostID
2230
 - Extended umask tests with pam_umask entries [AUTH-9328]
2409
 - Extended umask tests with pam_umask entries [AUTH-9328]
2231
 - Check for supressed version on Squid [SQD-3680]
2410
 - Check for suppressed version on Squid [SQD-3680]
2232
2411
2233
---------------------------------------------------------------------------------
2412
---------------------------------------------------------------------------------
2234
2413
Lines 2241-2247 Link Here
2241
 - Added 64 bits locations for Apache modules
2420
 - Added 64 bits locations for Apache modules
2242
 - Add start of new category to logfile
2421
 - Add start of new category to logfile
2243
 - Extended sysstat test with /etc/cron.d/sysstat [ACCT-9626]
2422
 - Extended sysstat test with /etc/cron.d/sysstat [ACCT-9626]
2244
 - Extended cron job tests with entries start with asterix (*) [SCHD-7704]
2423
 - Extended cron job tests with entries start with asterisk (*) [SCHD-7704]
2245
 - Additional check for multiple umask entries (like RHEL 6.x) [AUTH-9328]
2424
 - Additional check for multiple umask entries (like RHEL 6.x) [AUTH-9328]
2246
 - Adjusted PHP test for register_globals (explicit test) [PHP-2368]
2425
 - Adjusted PHP test for register_globals (explicit test) [PHP-2368]
2247
 - Small adjustments for upcoming plugin support
2426
 - Small adjustments for upcoming plugin support
Lines 2368-2374 Link Here
2368
 - Adjusted PHP check to find ini files [PHP-2211]
2547
 - Adjusted PHP check to find ini files [PHP-2211]
2369
 - Skip Apache test for NetBSD [HTTP-6622]
2548
 - Skip Apache test for NetBSD [HTTP-6622]
2370
 - Skip test http version check for NetBSD [HTTP-6624]
2549
 - Skip test http version check for NetBSD [HTTP-6624]
2371
 - Additional check to supress sort error [HTTP-6626]
2550
 - Additional check to suppress sort error [HTTP-6626]
2372
 - Improved the way binaries are checked (less disk reads)
2551
 - Improved the way binaries are checked (less disk reads)
2373
 - Adjusted ReportWarning() function to skip impact rating
2552
 - Adjusted ReportWarning() function to skip impact rating
2374
 - Improved report on screen by leaving out date/time and type
2553
 - Improved report on screen by leaving out date/time and type
Lines 2404-2410 Link Here
2404
 - Added suggestion about BIND version [NAME-4210]
2583
 - Added suggestion about BIND version [NAME-4210]
2405
 - Merged test NTP daemon test TIME-3108 into TIME-3104
2584
 - Merged test NTP daemon test TIME-3108 into TIME-3104
2406
 - Improved support for Arch Linux (output, detection)
2585
 - Improved support for Arch Linux (output, detection)
2407
 - Extended common list of directories with SSL certifcates in profile
2586
 - Extended common list of directories with SSL certificates in profile
2408
 - New function GetHostID() to determine an unique identifier of the machine
2587
 - New function GetHostID() to determine an unique identifier of the machine
2409
 - Added a tests_custom file template
2588
 - Added a tests_custom file template
2410
 - Perform file permissions test on tests_custom file
2589
 - Perform file permissions test on tests_custom file
Lines 2447-2453 Link Here
2447
Lynis 1.3.2 (2013-10-09)
2626
Lynis 1.3.2 (2013-10-09)
2448
2627
2449
 New:
2628
 New:
2450
 - Test for PowerDNS authoritive servers (master/slave status) [NAME-4238]
2629
 - Test for PowerDNS authoritative servers (master/slave status) [NAME-4238]
2451
2630
2452
 Changes:
2631
 Changes:
2453
 - CUPS test extended with hardening rules [PRNT-2308]
2632
 - CUPS test extended with hardening rules [PRNT-2308]
Lines 2494-2500 Link Here
2494
 - Fixed incorrect warning for single user mode [AUTH-9308]
2673
 - Fixed incorrect warning for single user mode [AUTH-9308]
2495
 - Improved output for stratum 16 time servers [TIME-3116]
2674
 - Improved output for stratum 16 time servers [TIME-3116]
2496
 - Added suggestion and screen output for kernel hardening [KRNL-6000]
2675
 - Added suggestion and screen output for kernel hardening [KRNL-6000]
2497
 - Screen layout optimalizations and log file improvements
2676
 - Screen layout optimizations and log file improvements
2498
 - Improved list/layout of scan options
2677
 - Improved list/layout of scan options
2499
 - Improved binary check for compilers
2678
 - Improved binary check for compilers
2500
 - Added configuration option in scan profile (show_tool_tips, default true)
2679
 - Added configuration option in scan profile (show_tool_tips, default true)
Lines 3057-3063 Link Here
3057
 - Improved FreeBSD pkg_info output, logging output and report data [PKG-7302]
3236
 - Improved FreeBSD pkg_info output, logging output and report data [PKG-7302]
3058
 - Changed shell history file test, searching files with maxdepth 1 [HOME-9310]
3237
 - Changed shell history file test, searching files with maxdepth 1 [HOME-9310]
3059
 - Extended iptables test, to check Linux kernel configuration file [FIRE-4511]
3238
 - Extended iptables test, to check Linux kernel configuration file [FIRE-4511]
3060
 - Added report warning to promicuous test [NETW-3014]
3239
 - Added report warning to promiscuous test [NETW-3014]
3061
 - Fixed yellow color when being used at text display
3240
 - Fixed yellow color when being used at text display
3062
 - Several logging improvements and cleanups
3241
 - Several logging improvements and cleanups
3063
3242
Lines 3126-3136 Link Here
3126
 - Improved LILO test and removed double message
3305
 - Improved LILO test and removed double message
3127
 - Fixed incorrect message when using --help parameter
3306
 - Fixed incorrect message when using --help parameter
3128
 - Improved portaudit test (FreeBSD) to show unique packages only
3307
 - Improved portaudit test (FreeBSD) to show unique packages only
3129
 - Updated man page, FAQ, extended documention with plugin information
3308
 - Updated man page, FAQ, extended documentation with plugin information
3130
 - Added several php.ini file locations (MacOS X, OpenBSD, OpenSuSE)
3309
 - Added several php.ini file locations (MacOS X, OpenBSD, OpenSuSE)
3131
3310
3132
 ** Special release notes [package/ports]: **
3311
 ** Special release notes [package/ports]: **
3133
 - Added several default paths to check for usuable an INCLUDE directory. This
3312
 - Added several default paths to check for usable INCLUDE directory. This
3134
   should make packaging Lynis easier for downstream package providers.
3313
   should make packaging Lynis easier for downstream package providers.
3135
 - When no profile is set, Lynis will check first /etc/lynis/default.prf,
3314
 - When no profile is set, Lynis will check first /etc/lynis/default.prf,
3136
   before setting default.prf (in current work directory) as profile to use.
3315
   before setting default.prf (in current work directory) as profile to use.
Lines 3189-3195 Link Here
3189
 - Added available shells from /etc/shells to report file
3368
 - Added available shells from /etc/shells to report file
3190
 - Updated man page
3369
 - Updated man page
3191
 - Fixed option in main help window for --man option
3370
 - Fixed option in main help window for --man option
3192
 - Code improvement, splitting up sections to seperated files
3371
 - Code improvement, splitting up sections to separated files
3193
3372
3194
---------------------------------------------------------------------------------
3373
---------------------------------------------------------------------------------
3195
3374
Lines 3205-3211 Link Here
3205
 - Changed old temporary files check
3384
 - Changed old temporary files check
3206
 - Changed test to include ubuntu security repository
3385
 - Changed test to include ubuntu security repository
3207
 - Moved UID check to avoid PID creation as non root user
3386
 - Moved UID check to avoid PID creation as non root user
3208
 - Moved most functions to seperated files and several code cleanups
3387
 - Moved most functions to separated files and several code cleanups
3209
 - Improved logging output
3388
 - Improved logging output
3210
 - Extended FreeBSD (Copyright file) test
3389
 - Extended FreeBSD (Copyright file) test
3211
 - Changed indentation for many tests
3390
 - Changed indentation for many tests
Lines 3249-3255 Link Here
3249
 - Updated year number in program and support files
3428
 - Updated year number in program and support files
3250
 - Added new function Display, to use indentation within lines
3429
 - Added new function Display, to use indentation within lines
3251
 - Added function RemovePIDFile before some exit routines, to clean up PID file
3430
 - Added function RemovePIDFile before some exit routines, to clean up PID file
3252
 - Extracted profile support, parameter support to seperated files
3431
 - Extracted profile support, parameter support to separated files
3253
 - Created file tests_ports_packages for Ports and Packages
3432
 - Created file tests_ports_packages for Ports and Packages
3254
 - Deleted lynis.spec file, since it was not working and will be rewritten later
3433
 - Deleted lynis.spec file, since it was not working and will be rewritten later
3255
3434
Lines 3402-3408 Link Here
3402
 - Test: query nameservers and test connectivity
3581
 - Test: query nameservers and test connectivity
3403
 - Test: check promiscuous interfaces (FreeBSD)
3582
 - Test: check promiscuous interfaces (FreeBSD)
3404
 - Test: check sticky bit on /tmp directory
3583
 - Test: check sticky bit on /tmp directory
3405
 - Test: check debian.org security brance in /etc/apt/sources.list
3584
 - Test: check debian.org security branch in /etc/apt/sources.list
3406
 - Test: check kernel update on Debian
3585
 - Test: check kernel update on Debian
3407
 - Test: query default Linux run level
3586
 - Test: query default Linux run level
3408
 - Test: query chkconfig to see which services start at boot
3587
 - Test: query chkconfig to see which services start at boot
(-)lynis-3.0.0/CONTRIBUTING.md (-2 / +2 lines)
Lines 27-33 Link Here
27
## Code Guidelines
27
## Code Guidelines
28
28
29
### General
29
### General
30
Identation should be 4 spaces (no tab character).
30
Indentation should be 4 spaces (no tab character).
31
31
32
### Comments
32
### Comments
33
Comments: use # sign followed by a space. When needed, create a comment block.
33
Comments: use # sign followed by a space. When needed, create a comment block.
Lines 68-73 Link Here
68
and for any purpose whatsoever, and to have or authorize others to do so.
68
and for any purpose whatsoever, and to have or authorize others to do so.
69
69
70
If you want to be named in as a contributor in the CONTRIBUTOR file, then include
70
If you want to be named in as a contributor in the CONTRIBUTOR file, then include
71
this notition in your pull request. Preferred format: Full Name, and your e-mail
71
this notation in your pull request. Preferred format: Full Name, and your e-mail
72
address).
72
address).
73
73
(-)lynis-3.0.0/CONTRIBUTORS.md (+1 lines)
Lines 46-51 Link Here
46
* Mikko Lehtisalo, Finland
46
* Mikko Lehtisalo, Finland
47
* Steve Bosek, France
47
* Steve Bosek, France
48
* Thomas Siebel, Germany
48
* Thomas Siebel, Germany
49
* Thomas Sjögren, Sweden
49
* Topi Miettinen, Finland
50
* Topi Miettinen, Finland
50
* Zach Crownover
51
* Zach Crownover
51
52
(-)lynis-3.0.0/FAQ (-5 / +6 lines)
Lines 26-33 Link Here
26
     website: https://cisofy.com/support/
26
     website: https://cisofy.com/support/
27
27
28
  Q: I can't find any configuration file for Lynis, where is it?
28
  Q: I can't find any configuration file for Lynis, where is it?
29
  A: Lynis uses profiles. They are similar to a configuration file and determine
29
  A: Lynis uses profiles. A profile is similar to a configuration file and
30
     how a security scan should be performed.
30
     determines how a security scan should be performed. Profiles are usually
31
     stored in /etc/lynis or can be found using 'lynis show profiles'.
31
32
32
  Q: My version is outdated, what can I do to upgrade?
33
  Q: My version is outdated, what can I do to upgrade?
33
     Check out the upgrade guide: https://cisofy.com/documentation/lynis/upgrading/
34
     Check out the upgrade guide: https://cisofy.com/documentation/lynis/upgrading/
Lines 73-83 Link Here
73
  Q: When running Lynis, it shows me the usage help even while using correct
74
  Q: When running Lynis, it shows me the usage help even while using correct
74
     parameters, why?
75
     parameters, why?
75
  A: This can happen with alternative shells. Try using a different shell to
76
  A: This can happen with alternative shells. Try using a different shell to
76
     invoke Lynis (example: bash lynis -c).
77
     invoke Lynis (example: bash lynis audit system).
77
78
78
  Q: One or more tests are giving incorrect output. How to solve that?
79
  Q: One or more tests are giving incorrect output. How to solve that?
79
  A: Check the log file. If that also has incorrect data, let us know via GitHub
80
  A: Check the log file. If that also has incorrect data, let us know via GitHub
80
     or the developer e-mail address.
81
     or use the developer e-mail address.
81
82
82
  Q: The program takes long to complete and also uses too much resources. Can it
83
  Q: The program takes long to complete and also uses too much resources. Can it
83
     be tuned?
84
     be tuned?
Lines 98-101 Link Here
98
99
99
100
100
================================================================================
101
================================================================================
101
 Lynis - Copyright 2007-2020, Michael Boelen, CISOfy - https://cisofy.com
102
 Lynis - Copyright 2007-2021, Michael Boelen, CISOfy - https://cisofy.com
(-)lynis-3.0.0/HAPPY_USERS.md (+5 lines)
Lines 33-35 Link Here
33
valuable feedback and contributions give me the energy to continue to work on
33
valuable feedback and contributions give me the energy to continue to work on
34
its development, even after 12+ years!
34
its development, even after 12+ years!
35
35
36
* Catalyst.net IT - January 2020
37
Lynis gave us great insight in to the security state of our systems, as well as where we can improve.
38
39
* David Osipov - October 2021
40
Lynis opened my eyes on Linux security hardening best practices. As a newbie, I learn a lot about Linux system architecture while trying to harden my system.
(-)lynis-3.0.0/INSTALL (-1 / +1 lines)
Lines 48-51 Link Here
48
48
49
49
50
================================================================================
50
================================================================================
51
 Lynis - Copyright 2007-2020, Michael Boelen, CISOfy - https://cisofy.com
51
 Lynis - Copyright 2007-2021, Michael Boelen, CISOfy - https://cisofy.com
(-)lynis-3.0.0/db/languages/az (-6 / +74 lines)
Lines 10-39 Link Here
10
GEN_UPDATE_AVAILABLE="Yeniləmə mövcud"
10
GEN_UPDATE_AVAILABLE="Yeniləmə mövcud"
11
GEN_VERBOSE_MODE="Etraflı"
11
GEN_VERBOSE_MODE="Etraflı"
12
GEN_WHAT_TO_DO="edilecekler"
12
GEN_WHAT_TO_DO="edilecekler"
13
NOTE_EXCEPTIONS_FOUND="İstisnalar tapıldı"
14
NOTE_EXCEPTIONS_FOUND_DETAILED="Bazı istisnai durumlar və məlumatlar tapıldı"
13
NOTE_EXCEPTIONS_FOUND_DETAILED="Bazı istisnai durumlar və məlumatlar tapıldı"
14
NOTE_EXCEPTIONS_FOUND="İstisnalar tapıldı"
15
NOTE_PLUGINS_TAKE_TIME="Qeyd: Uzantılar daha ətraflı testlər içermektedir və tamamlanmaları uzun davam edəbilər"
15
NOTE_PLUGINS_TAKE_TIME="Qeyd: Uzantılar daha ətraflı testlər içermektedir və tamamlanmaları uzun davam edəbilər"
16
NOTE_SKIPPED_TESTS_NON_PRIVILEGED="Səlahiyyət lazımlı testlər"
16
NOTE_SKIPPED_TESTS_NON_PRIVILEGED="Səlahiyyət lazımlı testlər"
17
#SECTION_ACCOUNTING="Accounting"
18
#SECTION_BANNERS_AND_IDENTIFICATION="Banners and identification"
19
#SECTION_BASICS="Basics"
20
#SECTION_BOOT_AND_SERVICES="Boot and services"
21
#SECTION_CONTAINERS="Containers"
22
#SECTION_CRYPTOGRAPHY="Cryptography"
17
SECTION_CUSTOM_TESTS="Xususi testlər"
23
SECTION_CUSTOM_TESTS="Xususi testlər"
24
#SECTION_DATABASES="Databases"
25
#SECTION_DATA_UPLOAD="Data upload"
26
#SECTION_DOWNLOADS="Downloads"
27
#SECTION_EMAIL_AND_MESSAGING="Software: e-mail and messaging"
28
#SECTION_FILE_INTEGRITY="Software: file integrity"
29
#SECTION_FILE_PERMISSIONS="File Permissions"
30
#SECTION_FILE_SYSTEMS="File systems"
31
#SECTION_FIREWALLS="Software: firewalls"
32
#SECTION_GENERAL="General"
33
#SECTION_HARDENING="Hardening"
34
#SECTION_HOME_DIRECTORIES="Home directories"
35
#SECTION_IMAGE="Image"
36
#SECTION_INITIALIZING_PROGRAM="Initializing program"
37
#SECTION_INSECURE_SERVICES="Insecure services"
38
#SECTION_KERNEL_HARDENING="Kernel Hardening"
39
#SECTION_KERNEL="Kernel"
40
#SECTION_LDAP_SERVICES="LDAP Services"
41
#SECTION_LOGGING_AND_FILES="Logging and files"
18
SECTION_MALWARE="Pis proqram"
42
SECTION_MALWARE="Pis proqram"
19
SECTION_MEMORY_AND_PROCESSES="Yaddaş ve prosesler"
43
SECTION_MEMORY_AND_PROCESSES="Yaddaş ve prosesler"
44
#SECTION_NAME_SERVICES="Name services"
45
#SECTION_NETWORKING="Networking"
46
#SECTION_PERMISSIONS="Permissions"
47
#SECTION_PORTS_AND_PACKAGES="Ports and packages"
48
#SECTION_PRINTERS_AND_SPOOLS="Printers and Spools"
49
#SECTION_PROGRAM_DETAILS="Program Details"
50
#SECTION_SCHEDULED_TASKS="Scheduled tasks"
51
#SECTION_SECURITY_FRAMEWORKS="Security frameworks"
52
#SECTION_SHELLS="Shells"
53
#SECTION_SNMP_SUPPORT="SNMP Support"
54
#SECTION_SOFTWARE="Software"
55
#SECTION_SQUID_SUPPORT="Squid Support"
56
#SECTION_SSH_SUPPORT="SSH Support"
57
#SECTION_STORAGE="Storage"
58
#SECTION_SYSTEM_INTEGRITY="Software: System integrity"
59
#SECTION_SYSTEM_TOOLING="Software: System tooling"
60
#SECTION_SYSTEM_TOOLS="System tools"
61
#SECTION_TIME_AND_SYNCHRONIZATION="Time and Synchronization"
62
#SECTION_USB_DEVICES="USB Devices"
63
#SECTION_USERS_GROUPS_AND_AUTHENTICATION="Users, Groups and Authentication"
64
#SECTION_VIRTUALIZATION="Virtualization"
65
#SECTION_WEBSERVER="Software: webserver"
66
#STATUS_ACTIVE="ACTIVE"
67
#STATUS_CHECK_NEEDED="CHECK NEEDED"
68
#STATUS_DEBUG="DEBUG"
69
#STATUS_DEFAULT="DEFAULT"
70
#STATUS_DIFFERENT="DIFFERENT"
20
STATUS_DISABLED="Təsirsiz"
71
STATUS_DISABLED="Təsirsiz"
21
STATUS_DONE="Bitdi"
72
STATUS_DONE="Bitdi"
22
STATUS_ENABLED="Təsirli"
73
STATUS_ENABLED="Təsirli"
23
STATUS_ERROR="Səhv"
74
STATUS_ERROR="Səhv"
75
#STATUS_EXPOSED="EXPOSED"
76
#STATUS_FAILED="FAILED"
77
#STATUS_FILES_FOUND="FILES FOUND"
24
STATUS_FOUND="Tapıldı"
78
STATUS_FOUND="Tapıldı"
25
STATUS_YES="Bəli"
79
#STATUS_HARDENED="HARDENED"
80
#STATUS_INSTALLED="INSTALLED"
81
#STATUS_LOCAL_ONLY="LOCAL ONLY"
82
#STATUS_MEDIUM="MEDIUM"
83
#STATUS_NON_DEFAULT="NON DEFAULT"
84
STATUS_NONE="Yox"
85
#STATUS_NOT_CONFIGURED="NOT CONFIGURED"
86
#STATUS_NOT_DISABLED="NOT DISABLED"
87
#STATUS_NOT_ENABLED="NOT ENABLED"
88
STATUS_NOT_FOUND="Tapılmadı"
89
STATUS_NOT_RUNNING="Çalışmayıb"
90
#STATUS_NO_UPDATE="NO UPDATE"
26
STATUS_NO="Xeyr"
91
STATUS_NO="Xeyr"
27
STATUS_OFF="Bağlı"
92
STATUS_OFF="Bağlı"
28
STATUS_OK="Əvət"
93
STATUS_OK="Əvət"
29
STATUS_ON="Açıq"
94
STATUS_ON="Açıq"
30
STATUS_NONE="Yox"
95
#STATUS_PARTIALLY_HARDENED="PARTIALLY HARDENED"
31
STATUS_NOT_FOUND="Tapılmadı"
96
#STATUS_PROTECTED="PROTECTED"
32
STATUS_NOT_RUNNING="Çalışmayıb"
33
STATUS_RUNNING="İşleyib"
97
STATUS_RUNNING="İşleyib"
34
STATUS_SKIPPED="Atlandı"
98
STATUS_SKIPPED="Atlandı"
35
STATUS_SUGGESTION="Teklif"
99
STATUS_SUGGESTION="Teklif"
36
STATUS_UNKNOWN="Bilinmeyib"
100
STATUS_UNKNOWN="Bilinmeyib"
101
#STATUS_UNSAFE="UNSAFE"
102
#STATUS_UPDATE_AVAILABLE="UPDATE AVAILABLE"
37
STATUS_WARNING="Xəbərdarlıq"
103
STATUS_WARNING="Xəbərdarlıq"
38
TEXT_YOU_CAN_HELP_LOGFILE="qeydləri gönderib kömek eyleyin"
104
#STATUS_WEAK="WEAK"
105
STATUS_YES="Bəli"
39
TEXT_UPDATE_AVAILABLE="yeniləmə mövcud"
106
TEXT_UPDATE_AVAILABLE="yeniləmə mövcud"
107
TEXT_YOU_CAN_HELP_LOGFILE="qeydləri gönderib kömek eyleyin"
(-)lynis-3.0.0/db/languages/br (-6 / +74 lines)
Lines 10-39 Link Here
10
GEN_UPDATE_AVAILABLE="Atualização disponível"
10
GEN_UPDATE_AVAILABLE="Atualização disponível"
11
GEN_VERBOSE_MODE="Modo verbose"
11
GEN_VERBOSE_MODE="Modo verbose"
12
GEN_WHAT_TO_DO="O que fazer"
12
GEN_WHAT_TO_DO="O que fazer"
13
NOTE_EXCEPTIONS_FOUND="Exceptions encontradas"
14
NOTE_EXCEPTIONS_FOUND_DETAILED="Alguns eventos ou informações excepcionais foram encontrados"
13
NOTE_EXCEPTIONS_FOUND_DETAILED="Alguns eventos ou informações excepcionais foram encontrados"
14
NOTE_EXCEPTIONS_FOUND="Exceptions encontradas"
15
NOTE_PLUGINS_TAKE_TIME="Nota: plugins requerem testes mais extensivos e podem levar vários minutos para completar"
15
NOTE_PLUGINS_TAKE_TIME="Nota: plugins requerem testes mais extensivos e podem levar vários minutos para completar"
16
NOTE_SKIPPED_TESTS_NON_PRIVILEGED="Testes ignorados devido ao modo sem privilégios"
16
NOTE_SKIPPED_TESTS_NON_PRIVILEGED="Testes ignorados devido ao modo sem privilégios"
17
#SECTION_ACCOUNTING="Accounting"
18
#SECTION_BANNERS_AND_IDENTIFICATION="Banners and identification"
19
#SECTION_BASICS="Basics"
20
#SECTION_BOOT_AND_SERVICES="Boot and services"
21
#SECTION_CONTAINERS="Containers"
22
#SECTION_CRYPTOGRAPHY="Cryptography"
17
SECTION_CUSTOM_TESTS="Testes personalizados"
23
SECTION_CUSTOM_TESTS="Testes personalizados"
24
#SECTION_DATABASES="Databases"
25
#SECTION_DATA_UPLOAD="Data upload"
26
#SECTION_DOWNLOADS="Downloads"
27
#SECTION_EMAIL_AND_MESSAGING="Software: e-mail and messaging"
28
#SECTION_FILE_INTEGRITY="Software: file integrity"
29
#SECTION_FILE_PERMISSIONS="File Permissions"
30
#SECTION_FILE_SYSTEMS="File systems"
31
#SECTION_FIREWALLS="Software: firewalls"
32
#SECTION_GENERAL="General"
33
#SECTION_HARDENING="Hardening"
34
#SECTION_HOME_DIRECTORIES="Home directories"
35
#SECTION_IMAGE="Image"
36
#SECTION_INITIALIZING_PROGRAM="Initializing program"
37
#SECTION_INSECURE_SERVICES="Insecure services"
38
#SECTION_KERNEL_HARDENING="Kernel Hardening"
39
#SECTION_KERNEL="Kernel"
40
#SECTION_LDAP_SERVICES="LDAP Services"
41
#SECTION_LOGGING_AND_FILES="Logging and files"
18
SECTION_MALWARE="Malware"
42
SECTION_MALWARE="Malware"
19
SECTION_MEMORY_AND_PROCESSES="Memória e Processos"
43
SECTION_MEMORY_AND_PROCESSES="Memória e Processos"
44
#SECTION_NAME_SERVICES="Name services"
45
#SECTION_NETWORKING="Networking"
46
#SECTION_PERMISSIONS="Permissions"
47
#SECTION_PORTS_AND_PACKAGES="Ports and packages"
48
#SECTION_PRINTERS_AND_SPOOLS="Printers and Spools"
49
#SECTION_PROGRAM_DETAILS="Program Details"
50
#SECTION_SCHEDULED_TASKS="Scheduled tasks"
51
#SECTION_SECURITY_FRAMEWORKS="Security frameworks"
52
#SECTION_SHELLS="Shells"
53
#SECTION_SNMP_SUPPORT="SNMP Support"
54
#SECTION_SOFTWARE="Software"
55
#SECTION_SQUID_SUPPORT="Squid Support"
56
#SECTION_SSH_SUPPORT="SSH Support"
57
#SECTION_STORAGE="Storage"
58
#SECTION_SYSTEM_INTEGRITY="Software: System integrity"
59
#SECTION_SYSTEM_TOOLING="Software: System tooling"
60
#SECTION_SYSTEM_TOOLS="System tools"
61
#SECTION_TIME_AND_SYNCHRONIZATION="Time and Synchronization"
62
#SECTION_USB_DEVICES="USB Devices"
63
#SECTION_USERS_GROUPS_AND_AUTHENTICATION="Users, Groups and Authentication"
64
#SECTION_VIRTUALIZATION="Virtualization"
65
#SECTION_WEBSERVER="Software: webserver"
66
#STATUS_ACTIVE="ACTIVE"
67
#STATUS_CHECK_NEEDED="CHECK NEEDED"
68
#STATUS_DEBUG="DEBUG"
69
#STATUS_DEFAULT="DEFAULT"
70
#STATUS_DIFFERENT="DIFFERENT"
20
STATUS_DISABLED="DESABILITADO"
71
STATUS_DISABLED="DESABILITADO"
21
STATUS_DONE="FEITO"
72
STATUS_DONE="FEITO"
22
STATUS_ENABLED="HABILITADO"
73
STATUS_ENABLED="HABILITADO"
23
STATUS_ERROR="ERRO"
74
STATUS_ERROR="ERRO"
75
#STATUS_EXPOSED="EXPOSED"
76
#STATUS_FAILED="FAILED"
77
#STATUS_FILES_FOUND="FILES FOUND"
24
STATUS_FOUND="ENCONTRADO"
78
STATUS_FOUND="ENCONTRADO"
25
STATUS_YES="SIM"
79
#STATUS_HARDENED="HARDENED"
80
#STATUS_INSTALLED="INSTALLED"
81
#STATUS_LOCAL_ONLY="LOCAL ONLY"
82
#STATUS_MEDIUM="MEDIUM"
26
STATUS_NO="NÃO"
83
STATUS_NO="NÃO"
27
STATUS_OFF="OFF"
84
#STATUS_NON_DEFAULT="NON DEFAULT"
28
STATUS_OK="OK"
29
STATUS_ON="ON"
30
STATUS_NONE="NENHUM"
85
STATUS_NONE="NENHUM"
86
#STATUS_NOT_CONFIGURED="NOT CONFIGURED"
87
#STATUS_NOT_DISABLED="NOT DISABLED"
88
#STATUS_NOT_ENABLED="NOT ENABLED"
31
STATUS_NOT_FOUND="NÃO ENCONTRADO"
89
STATUS_NOT_FOUND="NÃO ENCONTRADO"
32
STATUS_NOT_RUNNING="PARADO"
90
STATUS_NOT_RUNNING="PARADO"
91
#STATUS_NO_UPDATE="NO UPDATE"
92
STATUS_OFF="OFF"
93
STATUS_OK="OK"
94
STATUS_ON="ON"
95
#STATUS_PARTIALLY_HARDENED="PARTIALLY HARDENED"
96
#STATUS_PROTECTED="PROTECTED"
33
STATUS_RUNNING="EM EXECUÇÃO"
97
STATUS_RUNNING="EM EXECUÇÃO"
34
STATUS_SKIPPED="IGNORADO"
98
STATUS_SKIPPED="IGNORADO"
35
STATUS_SUGGESTION="SUGESTÃO"
99
STATUS_SUGGESTION="SUGESTÃO"
36
STATUS_UNKNOWN="DESCONHECIDO"
100
STATUS_UNKNOWN="DESCONHECIDO"
101
#STATUS_UNSAFE="UNSAFE"
102
#STATUS_UPDATE_AVAILABLE="UPDATE AVAILABLE"
37
STATUS_WARNING="ATENÇÃO"
103
STATUS_WARNING="ATENÇÃO"
38
TEXT_YOU_CAN_HELP_LOGFILE="Você pode ajudar fornecendo seu arquivo de log"
104
#STATUS_WEAK="WEAK"
105
STATUS_YES="SIM"
39
TEXT_UPDATE_AVAILABLE="Atualização disponível"
106
TEXT_UPDATE_AVAILABLE="Atualização disponível"
107
TEXT_YOU_CAN_HELP_LOGFILE="Você pode ajudar fornecendo seu arquivo de log"
(-)lynis-3.0.0/db/languages/cn (-13 / +81 lines)
Lines 1-3 Link Here
1
ERROR_NO_LICENSE="没有配置的许可证密钥"
2
ERROR_NO_UPLOAD_SERVER="没有配置的上传服务器"
1
GEN_CHECKING="检查中"
3
GEN_CHECKING="检查中"
2
GEN_CURRENT_VERSION="当前版本"
4
GEN_CURRENT_VERSION="当前版本"
3
GEN_DEBUG_MODE="调试模式"
5
GEN_DEBUG_MODE="调试模式"
Lines 5-40 Link Here
5
GEN_LATEST_VERSION="最新版本"
7
GEN_LATEST_VERSION="最新版本"
6
GEN_PHASE="阶段"
8
GEN_PHASE="阶段"
7
GEN_PLUGINS_ENABLED="插件已开启"
9
GEN_PLUGINS_ENABLED="插件已开启"
8
GEN_VERBOSE_MODE="详述模式"
9
GEN_UPDATE_AVAILABLE="有可以更新的版本"
10
GEN_UPDATE_AVAILABLE="有可以更新的版本"
11
GEN_VERBOSE_MODE="详述模式"
10
GEN_WHAT_TO_DO="做什么"
12
GEN_WHAT_TO_DO="做什么"
11
NOTE_EXCEPTIONS_FOUND="发现异常"
12
NOTE_EXCEPTIONS_FOUND_DETAILED="发现一些异常的事件或者信息"
13
NOTE_EXCEPTIONS_FOUND_DETAILED="发现一些异常的事件或者信息"
14
NOTE_EXCEPTIONS_FOUND="发现异常"
13
NOTE_PLUGINS_TAKE_TIME="注意:插件有更多的测试可能会需要几分钟才能完成"
15
NOTE_PLUGINS_TAKE_TIME="注意:插件有更多的测试可能会需要几分钟才能完成"
14
NOTE_SKIPPED_SKIPPED_TESTS_NON_PRIVILEGED="因非特权模式而跳过的测试"
16
NOTE_SKIPPED_SKIPPED_TESTS_NON_PRIVILEGED="因非特权模式而跳过的测试"
17
NOTE_SKIPPED_TESTS_NON_PRIVILEGED="因非特权模式而跳过的测试"
18
#SECTION_ACCOUNTING="Accounting"
19
#SECTION_BANNERS_AND_IDENTIFICATION="Banners and identification"
20
#SECTION_BASICS="Basics"
21
#SECTION_BOOT_AND_SERVICES="Boot and services"
22
#SECTION_CONTAINERS="Containers"
23
#SECTION_CRYPTOGRAPHY="Cryptography"
15
SECTION_CUSTOM_TESTS="自定义测试"
24
SECTION_CUSTOM_TESTS="自定义测试"
25
#SECTION_DATABASES="Databases"
26
#SECTION_DATA_UPLOAD="Data upload"
27
#SECTION_DOWNLOADS="Downloads"
28
#SECTION_EMAIL_AND_MESSAGING="Software: e-mail and messaging"
29
#SECTION_FILE_INTEGRITY="Software: file integrity"
30
#SECTION_FILE_PERMISSIONS="File Permissions"
31
#SECTION_FILE_SYSTEMS="File systems"
32
#SECTION_FIREWALLS="Software: firewalls"
33
#SECTION_GENERAL="General"
34
#SECTION_HARDENING="Hardening"
35
#SECTION_HOME_DIRECTORIES="Home directories"
36
#SECTION_IMAGE="Image"
37
#SECTION_INITIALIZING_PROGRAM="Initializing program"
38
#SECTION_INSECURE_SERVICES="Insecure services"
39
#SECTION_KERNEL_HARDENING="Kernel Hardening"
40
#SECTION_KERNEL="Kernel"
41
#SECTION_LDAP_SERVICES="LDAP Services"
42
#SECTION_LOGGING_AND_FILES="Logging and files"
16
SECTION_MALWARE="恶意软件"
43
SECTION_MALWARE="恶意软件"
17
SECTION_MEMORY_AND_PROCESSES="内存与进程"
44
SECTION_MEMORY_AND_PROCESSES="内存与进程"
45
#SECTION_NAME_SERVICES="Name services"
46
#SECTION_NETWORKING="Networking"
47
#SECTION_PERMISSIONS="Permissions"
48
#SECTION_PORTS_AND_PACKAGES="Ports and packages"
49
#SECTION_PRINTERS_AND_SPOOLS="Printers and Spools"
50
#SECTION_PROGRAM_DETAILS="Program Details"
51
#SECTION_SCHEDULED_TASKS="Scheduled tasks"
52
#SECTION_SECURITY_FRAMEWORKS="Security frameworks"
53
#SECTION_SHELLS="Shells"
54
#SECTION_SNMP_SUPPORT="SNMP Support"
55
#SECTION_SOFTWARE="Software"
56
#SECTION_SQUID_SUPPORT="Squid Support"
57
#SECTION_SSH_SUPPORT="SSH Support"
58
#SECTION_STORAGE="Storage"
59
#SECTION_SYSTEM_INTEGRITY="Software: System integrity"
60
#SECTION_SYSTEM_TOOLING="Software: System tooling"
61
#SECTION_SYSTEM_TOOLS="System tools"
62
#SECTION_TIME_AND_SYNCHRONIZATION="Time and Synchronization"
63
#SECTION_USB_DEVICES="USB Devices"
64
#SECTION_USERS_GROUPS_AND_AUTHENTICATION="Users, Groups and Authentication"
65
#SECTION_VIRTUALIZATION="Virtualization"
66
#SECTION_WEBSERVER="Software: webserver"
67
#STATUS_ACTIVE="ACTIVE"
68
#STATUS_CHECK_NEEDED="CHECK NEEDED"
69
#STATUS_DEBUG="DEBUG"
70
#STATUS_DEFAULT="DEFAULT"
71
#STATUS_DIFFERENT="DIFFERENT"
72
STATUS_DISABLED="禁用"
18
STATUS_DONE="完成"
73
STATUS_DONE="完成"
74
STATUS_ENABLED="可用"
75
STATUS_ERROR="错误"
76
#STATUS_EXPOSED="EXPOSED"
77
#STATUS_FAILED="FAILED"
78
#STATUS_FILES_FOUND="FILES FOUND"
19
STATUS_FOUND="找到"
79
STATUS_FOUND="找到"
20
STATUS_YES="是"
80
#STATUS_HARDENED="HARDENED"
81
#STATUS_INSTALLED="INSTALLED"
82
#STATUS_LOCAL_ONLY="LOCAL ONLY"
83
#STATUS_MEDIUM="MEDIUM"
84
#STATUS_NON_DEFAULT="NON DEFAULT"
85
STATUS_NONE="没有"
86
#STATUS_NOT_CONFIGURED="NOT CONFIGURED"
87
#STATUS_NOT_DISABLED="NOT DISABLED"
88
#STATUS_NOT_ENABLED="NOT ENABLED"
89
STATUS_NOT_FOUND="没有找到"
90
STATUS_NOT_RUNNING="没有运行"
91
#STATUS_NO_UPDATE="NO UPDATE"
21
STATUS_NO="不是"
92
STATUS_NO="不是"
22
STATUS_OFF="关闭"
93
STATUS_OFF="关闭"
23
STATUS_OK="正常"
94
STATUS_OK="正常"
24
STATUS_ON="开启"
95
STATUS_ON="开启"
25
STATUS_NONE="没有"
96
#STATUS_PARTIALLY_HARDENED="PARTIALLY HARDENED"
26
STATUS_NOT_FOUND="没有找到"
97
#STATUS_PROTECTED="PROTECTED"
27
STATUS_NOT_RUNNING="没有运行"
28
STATUS_RUNNING="运行"
98
STATUS_RUNNING="运行"
29
STATUS_SKIPPED="跳过"
99
STATUS_SKIPPED="跳过"
30
STATUS_SUGGESTION="建议"
100
STATUS_SUGGESTION="建议"
31
STATUS_UNKNOWN="未知"
101
STATUS_UNKNOWN="未知"
102
#STATUS_UNSAFE="UNSAFE"
103
#STATUS_UPDATE_AVAILABLE="UPDATE AVAILABLE"
32
STATUS_WARNING="警告"
104
STATUS_WARNING="警告"
33
TEXT_YOU_CAN_HELP_LOGFILE="你可以通过记录日志来帮忙"
105
#STATUS_WEAK="WEAK"
106
STATUS_YES="是"
34
TEXT_UPDATE_AVAILABLE="有可以更新的版本"
107
TEXT_UPDATE_AVAILABLE="有可以更新的版本"
35
NOTE_SKIPPED_TESTS_NON_PRIVILEGED="因非特权模式而跳过的测试"
108
TEXT_YOU_CAN_HELP_LOGFILE="你可以通过记录日志来帮忙"
36
STATUS_DISABLED="禁用"
37
STATUS_ENABLED="可用"
38
STATUS_ERROR="错误"
39
ERROR_NO_LICENSE="没有配置的许可证密钥"
40
ERROR_NO_UPLOAD_SERVER="没有配置的上传服务器"
(-)lynis-3.0.0/db/languages/da (-7 / +73 lines)
Lines 10-41 Link Here
10
GEN_UPDATE_AVAILABLE="opdatering tilgængelig"
10
GEN_UPDATE_AVAILABLE="opdatering tilgængelig"
11
GEN_VERBOSE_MODE="Detaljeret tilstand"
11
GEN_VERBOSE_MODE="Detaljeret tilstand"
12
GEN_WHAT_TO_DO="At gøre"
12
GEN_WHAT_TO_DO="At gøre"
13
NOTE_EXCEPTIONS_FOUND="Undtagelser fundet"
14
NOTE_EXCEPTIONS_FOUND_DETAILED="Nogle usædvanlige hændelser eller information var fundet"
13
NOTE_EXCEPTIONS_FOUND_DETAILED="Nogle usædvanlige hændelser eller information var fundet"
14
NOTE_EXCEPTIONS_FOUND="Undtagelser fundet"
15
NOTE_PLUGINS_TAKE_TIME="Bemærk: plugins har mere omfattende tests og kan tage flere minutter at fuldføre"
15
NOTE_PLUGINS_TAKE_TIME="Bemærk: plugins har mere omfattende tests og kan tage flere minutter at fuldføre"
16
NOTE_SKIPPED_TESTS_NON_PRIVILEGED="Sprang over tests på grund af ikke-privilegeret tilstand"
16
NOTE_SKIPPED_TESTS_NON_PRIVILEGED="Sprang over tests på grund af ikke-privilegeret tilstand"
17
#SECTION_ACCOUNTING="Accounting"
18
#SECTION_BANNERS_AND_IDENTIFICATION="Banners and identification"
19
#SECTION_BASICS="Basics"
20
#SECTION_BOOT_AND_SERVICES="Boot and services"
21
#SECTION_CONTAINERS="Containers"
22
#SECTION_CRYPTOGRAPHY="Cryptography"
17
SECTION_CUSTOM_TESTS="Brugerdefinerede Tests"
23
SECTION_CUSTOM_TESTS="Brugerdefinerede Tests"
24
#SECTION_DATABASES="Databases"
25
#SECTION_DATA_UPLOAD="Data upload"
26
#SECTION_DOWNLOADS="Downloads"
27
#SECTION_EMAIL_AND_MESSAGING="Software: e-mail and messaging"
28
#SECTION_FILE_INTEGRITY="Software: file integrity"
29
#SECTION_FILE_PERMISSIONS="File Permissions"
30
#SECTION_FILE_SYSTEMS="File systems"
31
#SECTION_FIREWALLS="Software: firewalls"
32
#SECTION_GENERAL="General"
33
#SECTION_HARDENING="Hardening"
34
#SECTION_HOME_DIRECTORIES="Home directories"
35
#SECTION_IMAGE="Image"
36
#SECTION_INITIALIZING_PROGRAM="Initializing program"
37
#SECTION_INSECURE_SERVICES="Insecure services"
38
#SECTION_KERNEL_HARDENING="Kernel Hardening"
39
#SECTION_KERNEL="Kernel"
40
#SECTION_LDAP_SERVICES="LDAP Services"
41
#SECTION_LOGGING_AND_FILES="Logging and files"
18
SECTION_MALWARE="Malware"
42
SECTION_MALWARE="Malware"
19
SECTION_MEMORY_AND_PROCESSES="Hukommelse og Processer"
43
SECTION_MEMORY_AND_PROCESSES="Hukommelse og Processer"
44
#SECTION_NAME_SERVICES="Name services"
45
#SECTION_NETWORKING="Networking"
46
#SECTION_PERMISSIONS="Permissions"
47
#SECTION_PORTS_AND_PACKAGES="Ports and packages"
48
#SECTION_PRINTERS_AND_SPOOLS="Printers and Spools"
49
#SECTION_PROGRAM_DETAILS="Program Details"
50
#SECTION_SCHEDULED_TASKS="Scheduled tasks"
51
#SECTION_SECURITY_FRAMEWORKS="Security frameworks"
52
#SECTION_SHELLS="Shells"
53
#SECTION_SNMP_SUPPORT="SNMP Support"
54
#SECTION_SOFTWARE="Software"
55
#SECTION_SQUID_SUPPORT="Squid Support"
56
#SECTION_SSH_SUPPORT="SSH Support"
57
#SECTION_STORAGE="Storage"
58
#SECTION_SYSTEM_INTEGRITY="Software: System integrity"
59
#SECTION_SYSTEM_TOOLING="Software: System tooling"
60
#SECTION_SYSTEM_TOOLS="System tools"
61
#SECTION_TIME_AND_SYNCHRONIZATION="Time and Synchronization"
62
#SECTION_USB_DEVICES="USB Devices"
63
#SECTION_USERS_GROUPS_AND_AUTHENTICATION="Users, Groups and Authentication"
64
#SECTION_VIRTUALIZATION="Virtualization"
65
#SECTION_WEBSERVER="Software: webserver"
66
#STATUS_ACTIVE="ACTIVE"
67
#STATUS_CHECK_NEEDED="CHECK NEEDED"
68
#STATUS_DEBUG="DEBUG"
69
#STATUS_DEFAULT="DEFAULT"
70
#STATUS_DIFFERENT="DIFFERENT"
20
STATUS_DISABLED="DEAKTIVERET"
71
STATUS_DISABLED="DEAKTIVERET"
21
STATUS_DONE="FÆRDIG"
72
STATUS_DONE="FÆRDIG"
22
STATUS_ENABLED="AKTIVERET"
73
STATUS_ENABLED="AKTIVERET"
23
STATUS_NOT_ENABLED="IKKE AKTIVERET"
24
STATUS_ERROR="FEJL"
74
STATUS_ERROR="FEJL"
75
#STATUS_EXPOSED="EXPOSED"
76
#STATUS_FAILED="FAILED"
77
#STATUS_FILES_FOUND="FILES FOUND"
25
STATUS_FOUND="FUNDET"
78
STATUS_FOUND="FUNDET"
26
STATUS_YES="JA"
79
#STATUS_HARDENED="HARDENED"
80
#STATUS_INSTALLED="INSTALLED"
81
#STATUS_LOCAL_ONLY="LOCAL ONLY"
82
#STATUS_MEDIUM="MEDIUM"
83
#STATUS_NON_DEFAULT="NON DEFAULT"
84
STATUS_NONE="INGEN"
27
STATUS_NO="NEJ"
85
STATUS_NO="NEJ"
86
#STATUS_NOT_CONFIGURED="NOT CONFIGURED"
87
#STATUS_NOT_DISABLED="NOT DISABLED"
88
STATUS_NOT_ENABLED="IKKE AKTIVERET"
89
STATUS_NOT_FOUND="IKKE FUNDET"
90
STATUS_NOT_RUNNING="KØRER IKKE"
91
#STATUS_NO_UPDATE="NO UPDATE"
28
STATUS_OFF="FRA"
92
STATUS_OFF="FRA"
29
STATUS_OK="OK"
93
STATUS_OK="OK"
30
STATUS_ON="TIL"
94
STATUS_ON="TIL"
31
STATUS_NONE="INGEN"
95
#STATUS_PARTIALLY_HARDENED="PARTIALLY HARDENED"
32
STATUS_NOT_FOUND="IKKE FUNDET"
96
#STATUS_PROTECTED="PROTECTED"
33
STATUS_NOT_RUNNING="KØRER IKKE"
34
STATUS_RUNNING="KØRER"
97
STATUS_RUNNING="KØRER"
35
STATUS_SKIPPED="SPRUNGET OVER"
98
STATUS_SKIPPED="SPRUNGET OVER"
36
STATUS_SUGGESTION="FORSLAG"
99
STATUS_SUGGESTION="FORSLAG"
37
STATUS_UNKNOWN="UKENDT"
100
STATUS_UNKNOWN="UKENDT"
101
#STATUS_UNSAFE="UNSAFE"
102
#STATUS_UPDATE_AVAILABLE="UPDATE AVAILABLE"
38
STATUS_WARNING="ADVARSEL"
103
STATUS_WARNING="ADVARSEL"
39
STATUS_WEAK="SVAG"
104
STATUS_WEAK="SVAG"
40
TEXT_YOU_CAN_HELP_LOGFILE="Du kan hjælpe ved at bidrage med din logfil"
105
STATUS_YES="JA"
41
TEXT_UPDATE_AVAILABLE="opdatering tilgængelig"
106
TEXT_UPDATE_AVAILABLE="opdatering tilgængelig"
107
TEXT_YOU_CAN_HELP_LOGFILE="Du kan hjælpe ved at bidrage med din logfil"
(-)lynis-3.0.0/db/languages/de (-16 / +85 lines)
Lines 1-38 Link Here
1
GEN_PHASE="Phase"
1
ERROR_NO_LICENSE="Kein Lizenzschlüssel eingerichtet"
2
ERROR_NO_UPLOAD_SERVER="Kein Upload-Server eingerichtet"
2
GEN_CHECKING="Überprüfung"
3
GEN_CHECKING="Überprüfung"
3
GEN_CURRENT_VERSION="Aktuelle Version"
4
GEN_CURRENT_VERSION="Aktuelle Version"
4
GEN_DEBUG_MODE="Debug-Modus"
5
GEN_DEBUG_MODE="Debug-Modus"
5
GEN_INITIALIZE_PROGRAM="Initiiere Programm"
6
GEN_INITIALIZE_PROGRAM="Initialisiere Programm"
7
GEN_LATEST_VERSION="Aktuellste Version"
8
GEN_PHASE="Phase"
6
GEN_PLUGINS_ENABLED="Plugins aktiviert"
9
GEN_PLUGINS_ENABLED="Plugins aktiviert"
7
GEN_VERBOSE_MODE="Ausführlicher Modus"
8
GEN_UPDATE_AVAILABLE="Aktualisierung verfügbar"
10
GEN_UPDATE_AVAILABLE="Aktualisierung verfügbar"
11
GEN_VERBOSE_MODE="Ausführlicher Modus"
9
GEN_WHAT_TO_DO="Was zu tun ist"
12
GEN_WHAT_TO_DO="Was zu tun ist"
10
NOTE_EXCEPTIONS_FOUND="Abweichungen gefunden"
13
NOTE_EXCEPTIONS_FOUND="Abweichungen gefunden"
11
NOTE_EXCEPTIONS_FOUND_DETAILED="Einige außergewöhnliche Ereignisse oder Informationen wurden gefunden"
14
NOTE_EXCEPTIONS_FOUND_DETAILED="Einige außergewöhnliche Ereignisse oder Informationen wurden gefunden"
12
NOTE_PLUGINS_TAKE_TIME="Beachte: Plugins beinhalten eingehendere Tests und können mehrere Minuten benötigen, bis sie abgeschlossen sind"
15
NOTE_PLUGINS_TAKE_TIME="Beachte: Plugins beinhalten eingehendere Tests und können mehrere Minuten benötigen, bis sie abgeschlossen sind"
16
NOTE_SKIPPED_TESTS_NON_PRIVILEGED="Übersprungene Tests aufgrund nicht privilegiertem Modus"
17
SECTION_ACCOUNTING="Accounting"
18
SECTION_BANNERS_AND_IDENTIFICATION="Banner und Identifizierung"
19
SECTION_BASICS="Grundlegendes"
20
SECTION_BOOT_AND_SERVICES="Systemstart und Dienste"
21
SECTION_CONTAINERS="Container"
22
SECTION_CRYPTOGRAPHY="Kryptographie"
13
SECTION_CUSTOM_TESTS="Benutzerdefinierte Tests"
23
SECTION_CUSTOM_TESTS="Benutzerdefinierte Tests"
14
SECTION_MALWARE="Malware"
24
SECTION_DATA_UPLOAD="Daten hochladen"
15
SECTION_MEMORY_AND_PROCESSES="Speicher und Prozesse"
25
SECTION_DATABASES="Datenbanken"
26
SECTION_DOWNLOADS="Downloads"
27
SECTION_EMAIL_AND_MESSAGING="Software: E-Mail und Messaging"
28
SECTION_FILE_INTEGRITY="Software: Dateintegrität"
29
SECTION_FILE_PERMISSIONS="Dateiberechtigungen"
30
SECTION_FILE_SYSTEMS="Dateisysteme"
31
SECTION_FIREWALLS="Software: Firewalls"
32
SECTION_GENERAL="Allgemein"
33
SECTION_HARDENING="Härtung"
34
SECTION_HOME_DIRECTORIES="Heimatverzeichnisse"
35
SECTION_IMAGE="Image"
36
SECTION_INITIALIZING_PROGRAM="Initialisiere Programm"
37
SECTION_INSECURE_SERVICES="Unsichere Dienste"
38
SECTION_KERNEL="Kernel"
39
SECTION_KERNEL_HARDENING="Kernelhärtung"
40
SECTION_LDAP_SERVICES="LDAP Dienste"
41
SECTION_LOGGING_AND_FILES="Logs und Logdateien"
42
SECTION_MALWARE="Software: Malware"
43
SECTION_MEMORY_AND_PROCESSES="Software: Speicher und Prozesse"
44
SECTION_NAME_SERVICES="Namensauflösung"
45
SECTION_NETWORKING="Netzwerk"
46
SECTION_PERMISSIONS="Berechtigungen"
47
SECTION_PORTS_AND_PACKAGES="Ports und Pakete"
48
SECTION_PRINTERS_AND_SPOOLS="Drucker und Warteschlange"
49
SECTION_PROGRAM_DETAILS="Programmdetails"
50
SECTION_SCHEDULED_TASKS="Geplante Aufgaben"
51
SECTION_SECURITY_FRAMEWORKS="Sicherheitsframeworks"
52
SECTION_SHELLS="Shells"
53
SECTION_SNMP_SUPPORT="SNMP Unterstützung"
54
SECTION_SOFTWARE="Software"
55
SECTION_SQUID_SUPPORT="Squid"
56
SECTION_SSH_SUPPORT="SSH"
57
SECTION_STORAGE="Speicher"
58
SECTION_SYSTEM_INTEGRITY="Software: Systemintegrität"
59
SECTION_SYSTEM_TOOLING="Software: Systemwerkzeuge"
60
SECTION_SYSTEM_TOOLS="Systemwerkzeuge"
61
SECTION_TIME_AND_SYNCHRONIZATION="Zeit und Zeitsynchronisierung"
62
SECTION_USB_DEVICES="USB Geräte"
63
SECTION_USERS_GROUPS_AND_AUTHENTICATION="Benutzer, Gruppen und Authentifizierung"
64
SECTION_VIRTUALIZATION="Virtualisierung"
65
SECTION_WEBSERVER="Software: Webserver"
66
STATUS_ACTIVE="AKTIV"
67
STATUS_CHECK_NEEDED="ÜBERPRÜFUNG BENÖTIGT"
68
STATUS_DEBUG="DEBUG"
69
STATUS_DEFAULT="STANDARD"
70
STATUS_DIFFERENT="UNTERSCHIEDLICH"
71
STATUS_DISABLED="DEAKTIVIERT"
16
STATUS_DONE="FERTIG"
72
STATUS_DONE="FERTIG"
73
STATUS_ENABLED="AKTIVIERT"
74
STATUS_ERROR="FEHLER"
75
STATUS_EXPOSED="VERWUNDBAR"
76
STATUS_FAILED="FEHLERHAFT"
77
STATUS_FILES_FOUND="DATEIEN GEFUNDEN"
17
STATUS_FOUND="GEFUNDEN"
78
STATUS_FOUND="GEFUNDEN"
18
STATUS_YES="JA"
79
STATUS_HARDENED="GEHÄRTET"
80
STATUS_INSTALLED="INSTALLIERT"
81
STATUS_LOCAL_ONLY="NUR LOKAL"
82
STATUS_MEDIUM="MITTEL"
19
STATUS_NO="NEIN"
83
STATUS_NO="NEIN"
20
STATUS_OFF="AUS"
84
STATUS_NO_UPDATE="KEINE AKTUALISIERUNG"
21
STATUS_OK="OK"
85
STATUS_NON_DEFAULT="NICHT STANDARD"
22
STATUS_ON="AN"
23
STATUS_NONE="NICHTS"
86
STATUS_NONE="NICHTS"
87
STATUS_NOT_CONFIGURED="NICHT KONFIGURIERT"
88
STATUS_NOT_DISABLED="NICHT DEAKTIVIERT"
89
STATUS_NOT_ENABLED="NICHT AKTIVIERT"
24
STATUS_NOT_FOUND="NICHT GEFUNDEN"
90
STATUS_NOT_FOUND="NICHT GEFUNDEN"
25
STATUS_NOT_RUNNING="LÄUFT NICHT"
91
STATUS_NOT_RUNNING="LÄUFT NICHT"
92
STATUS_OFF="AUS"
93
STATUS_OK="OK"
94
STATUS_ON="AN"
95
STATUS_PARTIALLY_HARDENED="TEILWEISE GEHÄRTET"
96
STATUS_PROTECTED="GESCHÜTZT"
26
STATUS_RUNNING="LÄUFT"
97
STATUS_RUNNING="LÄUFT"
27
STATUS_SKIPPED="ÜBERSPRUNGEN"
98
STATUS_SKIPPED="ÜBERSPRUNGEN"
28
STATUS_SUGGESTION="VORSCHLAG"
99
STATUS_SUGGESTION="VORSCHLAG"
29
STATUS_UNKNOWN="UNBEKANNT"
100
STATUS_UNKNOWN="UNBEKANNT"
101
STATUS_UNSAFE="UNSICHER"
102
STATUS_UPDATE_AVAILABLE="AKTUALISIERUNG VERFÜGBAR"
30
STATUS_WARNING="WARNUNG"
103
STATUS_WARNING="WARNUNG"
31
TEXT_YOU_CAN_HELP_LOGFILE="Sie können durch Übermittlung Ihrer Logdatei helfen"
104
STATUS_WEAK="SCHWACH"
105
STATUS_YES="JA"
32
TEXT_UPDATE_AVAILABLE="Aktualisierung verfügbar"
106
TEXT_UPDATE_AVAILABLE="Aktualisierung verfügbar"
33
NOTE_SKIPPED_TESTS_NON_PRIVILEGED="Übersprungene Tests aufgrund nicht privilegiertem Modus"
107
TEXT_YOU_CAN_HELP_LOGFILE="Sie können durch Übermittlung Ihrer Logdatei helfen"
34
STATUS_DISABLED="DEAKTIVIERT"
35
STATUS_ENABLED="AKTIVIERT"
36
STATUS_ERROR="FEHLER"
37
ERROR_NO_LICENSE="Kein Lizenzschlüssel eingerichtet"
38
ERROR_NO_UPLOAD_SERVER="Kein Upload-Server eingerichtet"
(-)lynis-3.0.0/db/languages/en (-5 / +67 lines)
Lines 14-45 Link Here
14
NOTE_EXCEPTIONS_FOUND_DETAILED="Some exceptional events or information was found"
14
NOTE_EXCEPTIONS_FOUND_DETAILED="Some exceptional events or information was found"
15
NOTE_PLUGINS_TAKE_TIME="Note: plugins have more extensive tests and may take several minutes to complete"
15
NOTE_PLUGINS_TAKE_TIME="Note: plugins have more extensive tests and may take several minutes to complete"
16
NOTE_SKIPPED_TESTS_NON_PRIVILEGED="Skipped tests due to non-privileged mode"
16
NOTE_SKIPPED_TESTS_NON_PRIVILEGED="Skipped tests due to non-privileged mode"
17
SECTION_ACCOUNTING="Accounting"
18
SECTION_BANNERS_AND_IDENTIFICATION="Banners and identification"
19
SECTION_BASICS="Basics"
20
SECTION_BOOT_AND_SERVICES="Boot and services"
21
SECTION_CONTAINERS="Containers"
22
SECTION_CRYPTOGRAPHY="Cryptography"
17
SECTION_CUSTOM_TESTS="Custom tests"
23
SECTION_CUSTOM_TESTS="Custom tests"
18
SECTION_DATA_UPLOAD="Data upload"
24
SECTION_DATA_UPLOAD="Data upload"
25
SECTION_DATABASES="Databases"
26
SECTION_DOWNLOADS="Downloads"
27
SECTION_EMAIL_AND_MESSAGING="Software: e-mail and messaging"
28
SECTION_FILE_INTEGRITY="Software: file integrity"
29
SECTION_FILE_PERMISSIONS="File Permissions"
30
SECTION_FILE_SYSTEMS="File systems"
31
SECTION_FIREWALLS="Software: firewalls"
32
SECTION_GENERAL="General"
33
SECTION_HARDENING="Hardening"
34
SECTION_HOME_DIRECTORIES="Home directories"
35
SECTION_IMAGE="Image"
19
SECTION_INITIALIZING_PROGRAM="Initializing program"
36
SECTION_INITIALIZING_PROGRAM="Initializing program"
20
SECTION_MALWARE="Malware"
37
SECTION_INSECURE_SERVICES="Insecure services"
38
SECTION_KERNEL="Kernel"
39
SECTION_KERNEL_HARDENING="Kernel Hardening"
40
SECTION_LDAP_SERVICES="LDAP Services"
41
SECTION_LOGGING_AND_FILES="Logging and files"
42
SECTION_MALWARE="Software: Malware"
21
SECTION_MEMORY_AND_PROCESSES="Memory and Processes"
43
SECTION_MEMORY_AND_PROCESSES="Memory and Processes"
44
SECTION_NAME_SERVICES="Name services"
45
SECTION_NETWORKING="Networking"
46
SECTION_PERMISSIONS="Permissions"
47
SECTION_PORTS_AND_PACKAGES="Ports and packages"
48
SECTION_PRINTERS_AND_SPOOLS="Printers and Spools"
49
SECTION_PROGRAM_DETAILS="Program Details"
50
SECTION_SCHEDULED_TASKS="Scheduled tasks"
51
SECTION_SECURITY_FRAMEWORKS="Security frameworks"
52
SECTION_SHELLS="Shells"
53
SECTION_SNMP_SUPPORT="SNMP Support"
54
SECTION_SOFTWARE="Software"
55
SECTION_SQUID_SUPPORT="Squid Support"
56
SECTION_SSH_SUPPORT="SSH Support"
57
SECTION_STORAGE="Storage"
58
SECTION_SYSTEM_INTEGRITY="Software: System integrity"
59
SECTION_SYSTEM_TOOLING="Software: System tooling"
22
SECTION_SYSTEM_TOOLS="System tools"
60
SECTION_SYSTEM_TOOLS="System tools"
61
SECTION_TIME_AND_SYNCHRONIZATION="Time and Synchronization"
62
SECTION_USB_DEVICES="USB Devices"
63
SECTION_USERS_GROUPS_AND_AUTHENTICATION="Users, Groups and Authentication"
64
SECTION_VIRTUALIZATION="Virtualization"
65
SECTION_WEBSERVER="Software: webserver"
66
STATUS_ACTIVE="ACTIVE"
67
STATUS_CHECK_NEEDED="CHECK NEEDED"
68
STATUS_DEBUG="DEBUG"
69
STATUS_DEFAULT="DEFAULT"
70
STATUS_DIFFERENT="DIFFERENT"
23
STATUS_DISABLED="DISABLED"
71
STATUS_DISABLED="DISABLED"
24
STATUS_DONE="DONE"
72
STATUS_DONE="DONE"
25
STATUS_ENABLED="ENABLED"
73
STATUS_ENABLED="ENABLED"
26
STATUS_ERROR="ERROR"
74
STATUS_ERROR="ERROR"
75
STATUS_EXPOSED="EXPOSED"
27
STATUS_FAILED="FAILED"
76
STATUS_FAILED="FAILED"
77
STATUS_FILES_FOUND="FILES FOUND"
28
STATUS_FOUND="FOUND"
78
STATUS_FOUND="FOUND"
29
STATUS_OFF="OFF"
79
STATUS_HARDENED="HARDENED"
30
STATUS_OK="OK"
80
STATUS_INSTALLED="INSTALLED"
31
STATUS_ON="ON"
81
STATUS_LOCAL_ONLY="LOCAL ONLY"
82
STATUS_MEDIUM="MEDIUM"
32
STATUS_NO="NO"
83
STATUS_NO="NO"
84
STATUS_NO_UPDATE="NO UPDATE"
85
STATUS_NON_DEFAULT="NON DEFAULT"
33
STATUS_NONE="NONE"
86
STATUS_NONE="NONE"
34
STATUS_NOT_CONFIGURED="NOT CONFIGURED"
87
STATUS_NOT_CONFIGURED="NOT CONFIGURED"
88
STATUS_NOT_DISABLED="NOT DISABLED"
89
STATUS_NOT_ENABLED="NOT ENABLED"
35
STATUS_NOT_FOUND="NOT FOUND"
90
STATUS_NOT_FOUND="NOT FOUND"
36
STATUS_NOT_RUNNING="NOT RUNNING"
91
STATUS_NOT_RUNNING="NOT RUNNING"
92
STATUS_OFF="OFF"
93
STATUS_OK="OK"
94
STATUS_ON="ON"
95
STATUS_PARTIALLY_HARDENED="PARTIALLY HARDENED"
96
STATUS_PROTECTED="PROTECTED"
37
STATUS_RUNNING="RUNNING"
97
STATUS_RUNNING="RUNNING"
38
STATUS_SKIPPED="SKIPPED"
98
STATUS_SKIPPED="SKIPPED"
39
STATUS_SUGGESTION="SUGGESTION"
99
STATUS_SUGGESTION="SUGGESTION"
40
STATUS_UNKNOWN="UNKNOWN"
100
STATUS_UNKNOWN="UNKNOWN"
101
STATUS_UNSAFE="UNSAFE"
102
STATUS_UPDATE_AVAILABLE="UPDATE AVAILABLE"
41
STATUS_WARNING="WARNING"
103
STATUS_WARNING="WARNING"
42
STATUS_WEAK="WEAK"
104
STATUS_WEAK="WEAK"
43
STATUS_YES="YES"
105
STATUS_YES="YES"
44
TEXT_YOU_CAN_HELP_LOGFILE="You can help by providing your log file"
45
TEXT_UPDATE_AVAILABLE="update available"
106
TEXT_UPDATE_AVAILABLE="update available"
107
TEXT_YOU_CAN_HELP_LOGFILE="You can help by providing your log file"
(-)lynis-3.0.0/db/languages/en-GB (-5 / +67 lines)
Lines 14-45 Link Here
14
NOTE_EXCEPTIONS_FOUND_DETAILED="Some exceptional events or information was found"
14
NOTE_EXCEPTIONS_FOUND_DETAILED="Some exceptional events or information was found"
15
NOTE_PLUGINS_TAKE_TIME="Note: plugins have more extensive tests and may take several minutes to complete"
15
NOTE_PLUGINS_TAKE_TIME="Note: plugins have more extensive tests and may take several minutes to complete"
16
NOTE_SKIPPED_TESTS_NON_PRIVILEGED="Skipped tests due to non-privileged mode"
16
NOTE_SKIPPED_TESTS_NON_PRIVILEGED="Skipped tests due to non-privileged mode"
17
SECTION_ACCOUNTING="Accounting"
18
SECTION_BANNERS_AND_IDENTIFICATION="Banners and identification"
19
SECTION_BASICS="Basics"
20
SECTION_BOOT_AND_SERVICES="Boot and services"
21
SECTION_CONTAINERS="Containers"
22
SECTION_CRYPTOGRAPHY="Cryptography"
17
SECTION_CUSTOM_TESTS="Custom tests"
23
SECTION_CUSTOM_TESTS="Custom tests"
18
SECTION_DATA_UPLOAD="Data upload"
24
SECTION_DATA_UPLOAD="Data upload"
25
SECTION_DATABASES="Databases"
26
SECTION_DOWNLOADS="Downloads"
27
SECTION_EMAIL_AND_MESSAGING="Software: e-mail and messaging"
28
SECTION_FILE_INTEGRITY="Software: file integrity"
29
SECTION_FILE_PERMISSIONS="File Permissions"
30
SECTION_FILE_SYSTEMS="File systems"
31
SECTION_FIREWALLS="Software: firewalls"
32
SECTION_GENERAL="General"
33
SECTION_HARDENING="Hardening"
34
SECTION_HOME_DIRECTORIES="Home directories"
35
SECTION_IMAGE="Image"
19
SECTION_INITIALIZING_PROGRAM="Initializing program"
36
SECTION_INITIALIZING_PROGRAM="Initializing program"
20
SECTION_MALWARE="Malware"
37
SECTION_INSECURE_SERVICES="Insecure services"
38
SECTION_KERNEL="Kernel"
39
SECTION_KERNEL_HARDENING="Kernel Hardening"
40
SECTION_LDAP_SERVICES="LDAP Services"
41
SECTION_LOGGING_AND_FILES="Logging and files"
42
SECTION_MALWARE="Software: Malware"
21
SECTION_MEMORY_AND_PROCESSES="Memory and Processes"
43
SECTION_MEMORY_AND_PROCESSES="Memory and Processes"
44
SECTION_NAME_SERVICES="Name services"
45
SECTION_NETWORKING="Networking"
46
SECTION_PERMISSIONS="Permissions"
47
SECTION_PORTS_AND_PACKAGES="Ports and packages"
48
SECTION_PRINTERS_AND_SPOOLS="Printers and Spools"
49
SECTION_PROGRAM_DETAILS="Program Details"
50
SECTION_SCHEDULED_TASKS="Scheduled tasks"
51
SECTION_SECURITY_FRAMEWORKS="Security frameworks"
52
SECTION_SHELLS="Shells"
53
SECTION_SNMP_SUPPORT="SNMP Support"
54
SECTION_SOFTWARE="Software"
55
SECTION_SQUID_SUPPORT="Squid Support"
56
SECTION_SSH_SUPPORT="SSH Support"
57
SECTION_STORAGE="Storage"
58
SECTION_SYSTEM_INTEGRITY="Software: System integrity"
59
SECTION_SYSTEM_TOOLING="Software: System tooling"
22
SECTION_SYSTEM_TOOLS="System tools"
60
SECTION_SYSTEM_TOOLS="System tools"
61
SECTION_TIME_AND_SYNCHRONIZATION="Time and Synchronization"
62
SECTION_USB_DEVICES="USB Devices"
63
SECTION_USERS_GROUPS_AND_AUTHENTICATION="Users, Groups and Authentication"
64
SECTION_VIRTUALIZATION="Virtualization"
65
SECTION_WEBSERVER="Software: webserver"
66
STATUS_ACTIVE="ACTIVE"
67
STATUS_CHECK_NEEDED="CHECK NEEDED"
68
STATUS_DEBUG="DEBUG"
69
STATUS_DEFAULT="DEFAULT"
70
STATUS_DIFFERENT="DIFFERENT"
23
STATUS_DISABLED="DISABLED"
71
STATUS_DISABLED="DISABLED"
24
STATUS_DONE="DONE"
72
STATUS_DONE="DONE"
25
STATUS_ENABLED="ENABLED"
73
STATUS_ENABLED="ENABLED"
26
STATUS_ERROR="ERROR"
74
STATUS_ERROR="ERROR"
75
STATUS_EXPOSED="EXPOSED"
27
STATUS_FAILED="FAILED"
76
STATUS_FAILED="FAILED"
77
STATUS_FILES_FOUND="FILES FOUND"
28
STATUS_FOUND="FOUND"
78
STATUS_FOUND="FOUND"
29
STATUS_OFF="OFF"
79
STATUS_HARDENED="HARDENED"
30
STATUS_OK="OK"
80
STATUS_INSTALLED="INSTALLED"
31
STATUS_ON="ON"
81
STATUS_LOCAL_ONLY="LOCAL ONLY"
82
STATUS_MEDIUM="MEDIUM"
32
STATUS_NO="NO"
83
STATUS_NO="NO"
84
STATUS_NO_UPDATE="NO UPDATE"
85
STATUS_NON_DEFAULT="NON DEFAULT"
33
STATUS_NONE="NONE"
86
STATUS_NONE="NONE"
34
STATUS_NOT_CONFIGURED="NOT CONFIGURED"
87
STATUS_NOT_CONFIGURED="NOT CONFIGURED"
88
STATUS_NOT_DISABLED="NOT DISABLED"
89
STATUS_NOT_ENABLED="NOT ENABLED"
35
STATUS_NOT_FOUND="NOT FOUND"
90
STATUS_NOT_FOUND="NOT FOUND"
36
STATUS_NOT_RUNNING="NOT RUNNING"
91
STATUS_NOT_RUNNING="NOT RUNNING"
92
STATUS_OFF="OFF"
93
STATUS_OK="OK"
94
STATUS_ON="ON"
95
STATUS_PARTIALLY_HARDENED="PARTIALLY HARDENED"
96
STATUS_PROTECTED="PROTECTED"
37
STATUS_RUNNING="RUNNING"
97
STATUS_RUNNING="RUNNING"
38
STATUS_SKIPPED="SKIPPED"
98
STATUS_SKIPPED="SKIPPED"
39
STATUS_SUGGESTION="SUGGESTION"
99
STATUS_SUGGESTION="SUGGESTION"
40
STATUS_UNKNOWN="UNKNOWN"
100
STATUS_UNKNOWN="UNKNOWN"
101
STATUS_UNSAFE="UNSAFE"
102
STATUS_UPDATE_AVAILABLE="UPDATE AVAILABLE"
41
STATUS_WARNING="WARNING"
103
STATUS_WARNING="WARNING"
42
STATUS_WEAK="WEAK"
104
STATUS_WEAK="WEAK"
43
STATUS_YES="YES"
105
STATUS_YES="YES"
44
TEXT_YOU_CAN_HELP_LOGFILE="You can help by providing your log file"
45
TEXT_UPDATE_AVAILABLE="update available"
106
TEXT_UPDATE_AVAILABLE="update available"
107
TEXT_YOU_CAN_HELP_LOGFILE="You can help by providing your log file"
(-)lynis-3.0.0/db/languages/en-US (-5 / +67 lines)
Lines 14-45 Link Here
14
NOTE_EXCEPTIONS_FOUND_DETAILED="Some exceptional events or information was found"
14
NOTE_EXCEPTIONS_FOUND_DETAILED="Some exceptional events or information was found"
15
NOTE_PLUGINS_TAKE_TIME="Note: plugins have more extensive tests and may take several minutes to complete"
15
NOTE_PLUGINS_TAKE_TIME="Note: plugins have more extensive tests and may take several minutes to complete"
16
NOTE_SKIPPED_TESTS_NON_PRIVILEGED="Skipped tests due to non-privileged mode"
16
NOTE_SKIPPED_TESTS_NON_PRIVILEGED="Skipped tests due to non-privileged mode"
17
SECTION_ACCOUNTING="Accounting"
18
SECTION_BANNERS_AND_IDENTIFICATION="Banners and identification"
19
SECTION_BASICS="Basics"
20
SECTION_BOOT_AND_SERVICES="Boot and services"
21
SECTION_CONTAINERS="Containers"
22
SECTION_CRYPTOGRAPHY="Cryptography"
17
SECTION_CUSTOM_TESTS="Custom tests"
23
SECTION_CUSTOM_TESTS="Custom tests"
18
SECTION_DATA_UPLOAD="Data upload"
24
SECTION_DATA_UPLOAD="Data upload"
25
SECTION_DATABASES="Databases"
26
SECTION_DOWNLOADS="Downloads"
27
SECTION_EMAIL_AND_MESSAGING="Software: e-mail and messaging"
28
SECTION_FILE_INTEGRITY="Software: file integrity"
29
SECTION_FILE_PERMISSIONS="File Permissions"
30
SECTION_FILE_SYSTEMS="File systems"
31
SECTION_FIREWALLS="Software: firewalls"
32
SECTION_GENERAL="General"
33
SECTION_HARDENING="Hardening"
34
SECTION_HOME_DIRECTORIES="Home directories"
35
SECTION_IMAGE="Image"
19
SECTION_INITIALIZING_PROGRAM="Initializing program"
36
SECTION_INITIALIZING_PROGRAM="Initializing program"
20
SECTION_MALWARE="Malware"
37
SECTION_INSECURE_SERVICES="Insecure services"
38
SECTION_KERNEL="Kernel"
39
SECTION_KERNEL_HARDENING="Kernel Hardening"
40
SECTION_LDAP_SERVICES="LDAP Services"
41
SECTION_LOGGING_AND_FILES="Logging and files"
42
SECTION_MALWARE="Software: Malware"
21
SECTION_MEMORY_AND_PROCESSES="Memory and Processes"
43
SECTION_MEMORY_AND_PROCESSES="Memory and Processes"
44
SECTION_NAME_SERVICES="Name services"
45
SECTION_NETWORKING="Networking"
46
SECTION_PERMISSIONS="Permissions"
47
SECTION_PORTS_AND_PACKAGES="Ports and packages"
48
SECTION_PRINTERS_AND_SPOOLS="Printers and Spools"
49
SECTION_PROGRAM_DETAILS="Program Details"
50
SECTION_SCHEDULED_TASKS="Scheduled tasks"
51
SECTION_SECURITY_FRAMEWORKS="Security frameworks"
52
SECTION_SHELLS="Shells"
53
SECTION_SNMP_SUPPORT="SNMP Support"
54
SECTION_SOFTWARE="Software"
55
SECTION_SQUID_SUPPORT="Squid Support"
56
SECTION_SSH_SUPPORT="SSH Support"
57
SECTION_STORAGE="Storage"
58
SECTION_SYSTEM_INTEGRITY="Software: System integrity"
59
SECTION_SYSTEM_TOOLING="Software: System tooling"
22
SECTION_SYSTEM_TOOLS="System tools"
60
SECTION_SYSTEM_TOOLS="System tools"
61
SECTION_TIME_AND_SYNCHRONIZATION="Time and Synchronization"
62
SECTION_USB_DEVICES="USB Devices"
63
SECTION_USERS_GROUPS_AND_AUTHENTICATION="Users, Groups and Authentication"
64
SECTION_VIRTUALIZATION="Virtualization"
65
SECTION_WEBSERVER="Software: webserver"
66
STATUS_ACTIVE="ACTIVE"
67
STATUS_CHECK_NEEDED="CHECK NEEDED"
68
STATUS_DEBUG="DEBUG"
69
STATUS_DEFAULT="DEFAULT"
70
STATUS_DIFFERENT="DIFFERENT"
23
STATUS_DISABLED="DISABLED"
71
STATUS_DISABLED="DISABLED"
24
STATUS_DONE="DONE"
72
STATUS_DONE="DONE"
25
STATUS_ENABLED="ENABLED"
73
STATUS_ENABLED="ENABLED"
26
STATUS_ERROR="ERROR"
74
STATUS_ERROR="ERROR"
75
STATUS_EXPOSED="EXPOSED"
27
STATUS_FAILED="FAILED"
76
STATUS_FAILED="FAILED"
77
STATUS_FILES_FOUND="FILES FOUND"
28
STATUS_FOUND="FOUND"
78
STATUS_FOUND="FOUND"
29
STATUS_OFF="OFF"
79
STATUS_HARDENED="HARDENED"
30
STATUS_OK="OK"
80
STATUS_INSTALLED="INSTALLED"
31
STATUS_ON="ON"
81
STATUS_LOCAL_ONLY="LOCAL ONLY"
82
STATUS_MEDIUM="MEDIUM"
32
STATUS_NO="NO"
83
STATUS_NO="NO"
84
STATUS_NO_UPDATE="NO UPDATE"
85
STATUS_NON_DEFAULT="NON DEFAULT"
33
STATUS_NONE="NONE"
86
STATUS_NONE="NONE"
34
STATUS_NOT_CONFIGURED="NOT CONFIGURED"
87
STATUS_NOT_CONFIGURED="NOT CONFIGURED"
88
STATUS_NOT_DISABLED="NOT DISABLED"
89
STATUS_NOT_ENABLED="NOT ENABLED"
35
STATUS_NOT_FOUND="NOT FOUND"
90
STATUS_NOT_FOUND="NOT FOUND"
36
STATUS_NOT_RUNNING="NOT RUNNING"
91
STATUS_NOT_RUNNING="NOT RUNNING"
92
STATUS_OFF="OFF"
93
STATUS_OK="OK"
94
STATUS_ON="ON"
95
STATUS_PARTIALLY_HARDENED="PARTIALLY HARDENED"
96
STATUS_PROTECTED="PROTECTED"
37
STATUS_RUNNING="RUNNING"
97
STATUS_RUNNING="RUNNING"
38
STATUS_SKIPPED="SKIPPED"
98
STATUS_SKIPPED="SKIPPED"
39
STATUS_SUGGESTION="SUGGESTION"
99
STATUS_SUGGESTION="SUGGESTION"
40
STATUS_UNKNOWN="UNKNOWN"
100
STATUS_UNKNOWN="UNKNOWN"
101
STATUS_UNSAFE="UNSAFE"
102
STATUS_UPDATE_AVAILABLE="UPDATE AVAILABLE"
41
STATUS_WARNING="WARNING"
103
STATUS_WARNING="WARNING"
42
STATUS_WEAK="WEAK"
104
STATUS_WEAK="WEAK"
43
STATUS_YES="YES"
105
STATUS_YES="YES"
44
TEXT_YOU_CAN_HELP_LOGFILE="You can help by providing your log file"
45
TEXT_UPDATE_AVAILABLE="update available"
106
TEXT_UPDATE_AVAILABLE="update available"
107
TEXT_YOU_CAN_HELP_LOGFILE="You can help by providing your log file"
(-)lynis-3.0.0/db/languages/es (-16 / +86 lines)
Lines 1-38 Link Here
1
GEN_PHASE="fase"
1
ERROR_NO_LICENSE="No se ha configurado una clave de licencia"
2
ERROR_NO_UPLOAD_SERVER="No se ha configurado un servidor para subidas"
2
GEN_CHECKING="Revisando"
3
GEN_CHECKING="Revisando"
3
GEN_CURRENT_VERSION="Versión actual"
4
GEN_CURRENT_VERSION="Versión actual"
4
GEN_DEBUG_MODE="Modo de depuración"
5
GEN_DEBUG_MODE="Modo de depuración"
5
GEN_INITIALIZE_PROGRAM="Iniciando la aplicación"
6
GEN_INITIALIZE_PROGRAM="Iniciando la aplicación"
7
GEN_LATEST_VERSION="Última versión"
8
GEN_PHASE="fase"
6
GEN_PLUGINS_ENABLED="Plugins activados"
9
GEN_PLUGINS_ENABLED="Plugins activados"
7
GEN_VERBOSE_MODE="Modo detallado"
8
GEN_UPDATE_AVAILABLE="Actualización disponible"
10
GEN_UPDATE_AVAILABLE="Actualización disponible"
11
GEN_VERBOSE_MODE="Modo detallado"
9
GEN_WHAT_TO_DO="Qué hacer"
12
GEN_WHAT_TO_DO="Qué hacer"
10
NOTE_EXCEPTIONS_FOUND="Excepciones Encontradas"
11
NOTE_EXCEPTIONS_FOUND_DETAILED="Se encontró alguna excepción o evento extraordinario"
13
NOTE_EXCEPTIONS_FOUND_DETAILED="Se encontró alguna excepción o evento extraordinario"
14
NOTE_EXCEPTIONS_FOUND="Excepciones encontradas"
12
NOTE_PLUGINS_TAKE_TIME="Nota: los plugins contienen pruebas más extensivas y toman más tiempo"
15
NOTE_PLUGINS_TAKE_TIME="Nota: los plugins contienen pruebas más extensivas y toman más tiempo"
16
NOTE_SKIPPED_TESTS_NON_PRIVILEGED="Pruebas omitidas, debido a que el modo no privilegiado está activo"
17
SECTION_ACCOUNTING="Contabilidad"
18
SECTION_BANNERS_AND_IDENTIFICATION="Banners e identificación"
19
SECTION_BASICS="Básicos"
20
SECTION_BOOT_AND_SERVICES="Arranque y servicios"
21
SECTION_CONTAINERS="Contenedores"
22
SECTION_CRYPTOGRAPHY="Criptografía"
13
SECTION_CUSTOM_TESTS="Pruebas personalizadas"
23
SECTION_CUSTOM_TESTS="Pruebas personalizadas"
24
SECTION_DATA_UPLOAD="Subida de datos"
25
SECTION_DATABASES="Bases de datos"
26
SECTION_DOWNLOADS="Descargas"
27
SECTION_EMAIL_AND_MESSAGING="Software: correo electrónico y mensajería"
28
SECTION_FILE_INTEGRITY="Software: integridad de ficheros"
29
SECTION_FILE_PERMISSIONS="Permisos de ficheros"
30
SECTION_FILE_SYSTEMS="Sistemas de ficheros"
31
SECTION_FIREWALLS="Software: firewalls"
32
SECTION_GENERAL="General"
33
SECTION_HARDENING="Bastionado"
34
SECTION_HOME_DIRECTORIES="Directorios de inicio"
35
SECTION_IMAGE="Imagen"
36
SECTION_INITIALIZING_PROGRAM="Inicializando programa"
37
SECTION_INSECURE_SERVICES="Servicios inseguros"
38
SECTION_KERNEL_HARDENING="Bastionado del kernel"
39
SECTION_KERNEL="Kernel"
40
SECTION_LDAP_SERVICES="Servicios LDAP"
41
SECTION_LOGGING_AND_FILES="Logging y ficheros"
14
SECTION_MALWARE="Malware"
42
SECTION_MALWARE="Malware"
15
SECTION_MEMORY_AND_PROCESSES="Memoria y  Procesos"
43
SECTION_MALWARE="Software: Malware"
44
SECTION_MEMORY_AND_PROCESSES="Memoria y procesos"
45
SECTION_NAME_SERVICES="Servicios de nombres"
46
SECTION_NETWORKING="Conectividad"
47
SECTION_PERMISSIONS="Permisos"
48
SECTION_PORTS_AND_PACKAGES="Puertos y paquetes"
49
SECTION_PRINTERS_AND_SPOOLS="Impresoras y spools"
50
SECTION_PROGRAM_DETAILS="Detalles del programa"
51
SECTION_SCHEDULED_TASKS="Tareas programadas"
52
SECTION_SECURITY_FRAMEWORKS="Frameworks de seguridad"
53
SECTION_SHELLS="Shells"
54
SECTION_SNMP_SUPPORT="Soporte SNMP"
55
SECTION_SOFTWARE="Software"
56
SECTION_SQUID_SUPPORT="Soporte Squid"
57
SECTION_SSH_SUPPORT="Soporte SSH"
58
SECTION_STORAGE="Almacenamiento"
59
SECTION_SYSTEM_INTEGRITY="Software: Integridad del sistema"
60
SECTION_SYSTEM_TOOLING="Software: Herramientas del sistema"
61
SECTION_SYSTEM_TOOLS="Herramientas del sistema"
62
SECTION_TIME_AND_SYNCHRONIZATION="Tiempo y sincronización"
63
SECTION_USB_DEVICES="Dispositivos USB"
64
SECTION_USERS_GROUPS_AND_AUTHENTICATION="Usuarios, grupos y autenticación"
65
SECTION_VIRTUALIZATION="Virtualización"
66
SECTION_WEBSERVER="Software: servidor web"
67
STATUS_ACTIVE="ACTIVO"
68
STATUS_CHECK_NEEDED="NECESITA VERIFICACIÓN"
69
STATUS_DEBUG="DEPURACIÓN"
70
STATUS_DEFAULT="POR DEFECTO"
71
STATUS_DIFFERENT="DIFERENTE"
72
STATUS_DISABLED="DESHABILITADO"
16
STATUS_DONE="HECHO"
73
STATUS_DONE="HECHO"
74
STATUS_ENABLED="HABILITADO"
75
STATUS_ERROR="ERROR"
76
STATUS_EXPOSED="EXPUESTO"
77
STATUS_FAILED="FALLADO"
78
STATUS_FILES_FOUND="ARCHIVOS ENCONTRADOS"
17
STATUS_FOUND="ENCONTRADO"
79
STATUS_FOUND="ENCONTRADO"
18
STATUS_YES="SI"
80
STATUS_HARDENED="BASTIONADO"
81
STATUS_INSTALLED="INSTALADO"
82
STATUS_LOCAL_ONLY="SOLO LOCAL"
83
STATUS_MEDIUM="MEDIO"
84
STATUS_NO_UPDATE="SIN ACTUALIZACIÓN"
19
STATUS_NO="NO"
85
STATUS_NO="NO"
20
STATUS_OFF="OFF"
86
STATUS_NON_DEFAULT="NO POR DEFECTO"
21
STATUS_OK="OK"
87
STATUS_NONE="NINGUNO"
22
STATUS_ON="ON"
88
STATUS_NOT_CONFIGURED="NO CONFIGURADO"
23
STATUS_NONE="NONE"
89
STATUS_NOT_DISABLED="NO DESHABILITADO"
90
STATUS_NOT_ENABLED="NO HABILITADO"
24
STATUS_NOT_FOUND="NO ENCONTRADO"
91
STATUS_NOT_FOUND="NO ENCONTRADO"
25
STATUS_NOT_RUNNING="NO ESTÁ CORRIENDO"
92
STATUS_NOT_RUNNING="NO ESTÁ CORRIENDO"
93
STATUS_OFF="APAGADO"
94
STATUS_OK="OK"
95
STATUS_ON="ENCENDIDO"
96
STATUS_PARTIALLY_HARDENED="PARCIALMENTE BASTIONADO"
97
STATUS_PROTECTED="PROTEGIDO"
26
STATUS_RUNNING="CORRIENDO"
98
STATUS_RUNNING="CORRIENDO"
27
STATUS_SKIPPED="OMITIDO"
99
STATUS_SKIPPED="OMITIDO"
28
STATUS_SUGGESTION="SUGERENCIA"
100
STATUS_SUGGESTION="SUGERENCIA"
29
STATUS_UNKNOWN="DESCONOCIDO"
101
STATUS_UNKNOWN="DESCONOCIDO"
102
STATUS_UNSAFE="INSEGURO"
103
STATUS_UPDATE_AVAILABLE="ACTUALIZACIÓN DISPONIBLE"
30
STATUS_WARNING="PELIGRO"
104
STATUS_WARNING="PELIGRO"
31
TEXT_YOU_CAN_HELP_LOGFILE="Puedes ayudar compartiendo tu archivo de log"
105
STATUS_WEAK="DÉBIL"
106
STATUS_YES="SÍ"
32
TEXT_UPDATE_AVAILABLE="Actualización disponible"
107
TEXT_UPDATE_AVAILABLE="Actualización disponible"
33
NOTE_SKIPPED_TESTS_NON_PRIVILEGED="Pruebas omitidas, debido a que el modo no privilegiado está activo"
108
TEXT_YOU_CAN_HELP_LOGFILE="Puedes ayudar compartiendo tu archivo de registro"
34
STATUS_DISABLED="DESACTIVADO"
35
STATUS_ENABLED="ENABLED"
36
STATUS_ERROR="ERROR"
37
ERROR_NO_LICENSE="No se ha configurado una clave de licencia"
38
ERROR_NO_UPLOAD_SERVER="No se ha configurado un servidor para subidas"
(-)lynis-3.0.0/db/languages/fi (-6 / +74 lines)
Lines 10-39 Link Here
10
GEN_UPDATE_AVAILABLE="päivitys saatavilla"
10
GEN_UPDATE_AVAILABLE="päivitys saatavilla"
11
GEN_VERBOSE_MODE="Puhelias tila"
11
GEN_VERBOSE_MODE="Puhelias tila"
12
GEN_WHAT_TO_DO="Mitä tehdä"
12
GEN_WHAT_TO_DO="Mitä tehdä"
13
NOTE_EXCEPTIONS_FOUND="Virheitä löytynyt"
14
NOTE_EXCEPTIONS_FOUND_DETAILED="Joitakin poikkeuksellisia tapahtumia tai tietoja löytynyt"
13
NOTE_EXCEPTIONS_FOUND_DETAILED="Joitakin poikkeuksellisia tapahtumia tai tietoja löytynyt"
14
NOTE_EXCEPTIONS_FOUND="Virheitä löytynyt"
15
NOTE_PLUGINS_TAKE_TIME="Huomio: liitännäisillä on kattavampia testejä joiden suorittaminen voi viedä muutaman minuutin"
15
NOTE_PLUGINS_TAKE_TIME="Huomio: liitännäisillä on kattavampia testejä joiden suorittaminen voi viedä muutaman minuutin"
16
NOTE_SKIPPED_TESTS_NON_PRIVILEGED="Testejä jätetty suorittamatta ei-etuoikeutetun tilan vuoksi"
16
NOTE_SKIPPED_TESTS_NON_PRIVILEGED="Testejä jätetty suorittamatta ei-etuoikeutetun tilan vuoksi"
17
#SECTION_ACCOUNTING="Accounting"
18
#SECTION_BANNERS_AND_IDENTIFICATION="Banners and identification"
19
#SECTION_BASICS="Basics"
20
#SECTION_BOOT_AND_SERVICES="Boot and services"
21
#SECTION_CONTAINERS="Containers"
22
#SECTION_CRYPTOGRAPHY="Cryptography"
17
SECTION_CUSTOM_TESTS="Kustomoidut testit"
23
SECTION_CUSTOM_TESTS="Kustomoidut testit"
24
#SECTION_DATABASES="Databases"
25
#SECTION_DATA_UPLOAD="Data upload"
26
#SECTION_DOWNLOADS="Downloads"
27
#SECTION_EMAIL_AND_MESSAGING="Software: e-mail and messaging"
28
#SECTION_FILE_INTEGRITY="Software: file integrity"
29
#SECTION_FILE_PERMISSIONS="File Permissions"
30
#SECTION_FILE_SYSTEMS="File systems"
31
#SECTION_FIREWALLS="Software: firewalls"
32
#SECTION_GENERAL="General"
33
#SECTION_HARDENING="Hardening"
34
#SECTION_HOME_DIRECTORIES="Home directories"
35
#SECTION_IMAGE="Image"
36
#SECTION_INITIALIZING_PROGRAM="Initializing program"
37
#SECTION_INSECURE_SERVICES="Insecure services"
38
#SECTION_KERNEL_HARDENING="Kernel Hardening"
39
#SECTION_KERNEL="Kernel"
40
#SECTION_LDAP_SERVICES="LDAP Services"
41
#SECTION_LOGGING_AND_FILES="Logging and files"
18
SECTION_MALWARE="Haittaohjelma"
42
SECTION_MALWARE="Haittaohjelma"
19
SECTION_MEMORY_AND_PROCESSES="Muisti ja prosessit"
43
SECTION_MEMORY_AND_PROCESSES="Muisti ja prosessit"
44
#SECTION_NAME_SERVICES="Name services"
45
#SECTION_NETWORKING="Networking"
46
#SECTION_PERMISSIONS="Permissions"
47
#SECTION_PORTS_AND_PACKAGES="Ports and packages"
48
#SECTION_PRINTERS_AND_SPOOLS="Printers and Spools"
49
#SECTION_PROGRAM_DETAILS="Program Details"
50
#SECTION_SCHEDULED_TASKS="Scheduled tasks"
51
#SECTION_SECURITY_FRAMEWORKS="Security frameworks"
52
#SECTION_SHELLS="Shells"
53
#SECTION_SNMP_SUPPORT="SNMP Support"
54
#SECTION_SOFTWARE="Software"
55
#SECTION_SQUID_SUPPORT="Squid Support"
56
#SECTION_SSH_SUPPORT="SSH Support"
57
#SECTION_STORAGE="Storage"
58
#SECTION_SYSTEM_INTEGRITY="Software: System integrity"
59
#SECTION_SYSTEM_TOOLING="Software: System tooling"
60
#SECTION_SYSTEM_TOOLS="System tools"
61
#SECTION_TIME_AND_SYNCHRONIZATION="Time and Synchronization"
62
#SECTION_USB_DEVICES="USB Devices"
63
#SECTION_USERS_GROUPS_AND_AUTHENTICATION="Users, Groups and Authentication"
64
#SECTION_VIRTUALIZATION="Virtualization"
65
#SECTION_WEBSERVER="Software: webserver"
66
#STATUS_ACTIVE="ACTIVE"
67
#STATUS_CHECK_NEEDED="CHECK NEEDED"
68
#STATUS_DEBUG="DEBUG"
69
#STATUS_DEFAULT="DEFAULT"
70
#STATUS_DIFFERENT="DIFFERENT"
20
STATUS_DISABLED="EI PÄÄLLÄ"
71
STATUS_DISABLED="EI PÄÄLLÄ"
21
STATUS_DONE="VALMIS"
72
STATUS_DONE="VALMIS"
22
STATUS_ENABLED="PÄÄLLÄ"
73
STATUS_ENABLED="PÄÄLLÄ"
23
STATUS_ERROR="VIRHE"
74
STATUS_ERROR="VIRHE"
75
#STATUS_EXPOSED="EXPOSED"
76
#STATUS_FAILED="FAILED"
77
#STATUS_FILES_FOUND="FILES FOUND"
24
STATUS_FOUND="LÖYTYNYT"
78
STATUS_FOUND="LÖYTYNYT"
25
STATUS_YES="KYLLÄ"
79
#STATUS_HARDENED="HARDENED"
80
#STATUS_INSTALLED="INSTALLED"
81
#STATUS_LOCAL_ONLY="LOCAL ONLY"
82
#STATUS_MEDIUM="MEDIUM"
26
STATUS_NO="EI"
83
STATUS_NO="EI"
27
STATUS_OFF="EI PÄÄLLÄ"
84
#STATUS_NON_DEFAULT="NON DEFAULT"
28
STATUS_OK="OK"
29
STATUS_ON="PÄÄLLÄ"
30
STATUS_NONE="EI MITÄÄN"
85
STATUS_NONE="EI MITÄÄN"
86
#STATUS_NOT_CONFIGURED="NOT CONFIGURED"
87
#STATUS_NOT_DISABLED="NOT DISABLED"
88
#STATUS_NOT_ENABLED="NOT ENABLED"
31
STATUS_NOT_FOUND="EI LÖYTYNYT"
89
STATUS_NOT_FOUND="EI LÖYTYNYT"
32
STATUS_NOT_RUNNING="EI OLE KÄYNNISSÄ"
90
STATUS_NOT_RUNNING="EI OLE KÄYNNISSÄ"
91
#STATUS_NO_UPDATE="NO UPDATE"
92
STATUS_OFF="EI PÄÄLLÄ"
93
STATUS_OK="OK"
94
STATUS_ON="PÄÄLLÄ"
95
#STATUS_PARTIALLY_HARDENED="PARTIALLY HARDENED"
96
#STATUS_PROTECTED="PROTECTED"
33
STATUS_RUNNING="KÄYNNISSÄ"
97
STATUS_RUNNING="KÄYNNISSÄ"
34
STATUS_SKIPPED="OHITETTU"
98
STATUS_SKIPPED="OHITETTU"
35
STATUS_SUGGESTION="EHDOTUS"
99
STATUS_SUGGESTION="EHDOTUS"
36
STATUS_UNKNOWN="TUNTEMATON"
100
STATUS_UNKNOWN="TUNTEMATON"
101
#STATUS_UNSAFE="UNSAFE"
102
#STATUS_UPDATE_AVAILABLE="UPDATE AVAILABLE"
37
STATUS_WARNING="VAROITUS"
103
STATUS_WARNING="VAROITUS"
38
TEXT_YOU_CAN_HELP_LOGFILE="Voit auttaa toimittamalla lokitiedoston"
104
#STATUS_WEAK="WEAK"
105
STATUS_YES="KYLLÄ"
39
TEXT_UPDATE_AVAILABLE="päivitys saatavilla"
106
TEXT_UPDATE_AVAILABLE="päivitys saatavilla"
107
TEXT_YOU_CAN_HELP_LOGFILE="Voit auttaa toimittamalla lokitiedoston"
(-)lynis-3.0.0/db/languages/fr (-18 / +87 lines)
Lines 1-38 Link Here
1
ERROR_NO_LICENSE="Pas de clé de licence configurée"
2
ERROR_NO_UPLOAD_SERVER="Pas de serveur de transfert configuré"
1
GEN_CHECKING="Vérification"
3
GEN_CHECKING="Vérification"
2
GEN_CURRENT_VERSION="Version actuelle"
4
GEN_CURRENT_VERSION="Version actuelle"
3
GEN_DEBUG_MODE="mode debug"
5
GEN_DEBUG_MODE="mode débug"
4
GEN_INITIALIZE_PROGRAM="Initialisation"
6
GEN_INITIALIZE_PROGRAM="Initialisation"
7
GEN_LATEST_VERSION="Dernière version"
5
GEN_PHASE="phase"
8
GEN_PHASE="phase"
6
GEN_PLUGINS_ENABLED="Plugins activés"
9
GEN_PLUGINS_ENABLED="Plugins activés"
7
GEN_VERBOSE_MODE="mode verbeux"
8
GEN_UPDATE_AVAILABLE="mise à jour disponible"
10
GEN_UPDATE_AVAILABLE="mise à jour disponible"
11
GEN_VERBOSE_MODE="mode verbeux"
9
GEN_WHAT_TO_DO="Que faire"
12
GEN_WHAT_TO_DO="Que faire"
10
NOTE_EXCEPTIONS_FOUND="Exceptions trouvées"
13
NOTE_EXCEPTIONS_FOUND="Exceptions trouvées"
11
NOTE_EXCEPTIONS_FOUND_DETAILED="Des événements ou informations exceptionnels ont été trouvés"
14
NOTE_EXCEPTIONS_FOUND_DETAILED="Des événements ou informations exceptionnels ont été trouvés"
12
NOTE_PLUGINS_TAKE_TIME="Note: les plugins ont des tests plus poussés et peuvent prendre plusieurs minutes"
15
NOTE_PLUGINS_TAKE_TIME="Note : Les plugins ont des tests plus poussés qui peuvent prendre plusieurs minutes"
13
NOTE_SKIPPED_TESTS_NON_PRIVILEGED="Tests ignorés faute de privilèges"
16
NOTE_SKIPPED_TESTS_NON_PRIVILEGED="Tests ignorés faute de privilèges"
14
SECTION_CUSTOM_TESTS="Tests Personnalisés"
17
SECTION_ACCOUNTING="Comptes"
15
SECTION_MALWARE="Malware"
18
SECTION_BANNERS_AND_IDENTIFICATION="Bannières et identification"
16
SECTION_MEMORY_AND_PROCESSES="Mémoire et Processus"
19
SECTION_BASICS="Basics"
20
SECTION_BOOT_AND_SERVICES="Démarrage et services"
21
SECTION_CONTAINERS="Conteneurs"
22
SECTION_CRYPTOGRAPHY="Cryptographie"
23
SECTION_CUSTOM_TESTS="Tests personnalisés"
24
SECTION_DATA_UPLOAD="Téléchargement de données"
25
SECTION_DATABASES="Bases de données"
26
SECTION_DOWNLOADS="Téléchargements"
27
SECTION_EMAIL_AND_MESSAGING="Logiciel : Email et messagerie"
28
SECTION_FILE_INTEGRITY="Logiciel : Intégrité de fichier"
29
SECTION_FILE_PERMISSIONS="Permissions de fichier"
30
SECTION_FILE_SYSTEMS="Systèmes de fichier"
31
SECTION_FIREWALLS="Logiciel : Pare-feu"
32
SECTION_GENERAL="Général"
33
SECTION_HARDENING="Hardening"
34
SECTION_HOME_DIRECTORIES="Dossiers personnels"
35
SECTION_IMAGE="Image"
36
SECTION_INITIALIZING_PROGRAM="Initialisation du programme"
37
SECTION_INSECURE_SERVICES="Services non sécurisés"
38
SECTION_KERNEL="Noyau"
39
SECTION_KERNEL_HARDENING="Kernel Hardening"
40
SECTION_LDAP_SERVICES="Services LDAP"
41
SECTION_LOGGING_AND_FILES="Journalisation et fichiers"
42
SECTION_MALWARE="Logiciel : Malveillants"
43
SECTION_MEMORY_AND_PROCESSES="Mémoire et processus"
44
SECTION_NAME_SERVICES="Services de noms"
45
SECTION_NETWORKING="Mise en réseau"
46
SECTION_PERMISSIONS="Permissions"
47
SECTION_PORTS_AND_PACKAGES="Ports et packages"
48
SECTION_PRINTERS_AND_SPOOLS="Imprimantes et serveurs d'impression"
49
SECTION_PROGRAM_DETAILS="Détails du programme"
50
SECTION_SCHEDULED_TASKS="Tâches planifiées"
51
SECTION_SECURITY_FRAMEWORKS="Frameworks de sécurité"
52
SECTION_SHELLS="Shells"
53
SECTION_SNMP_SUPPORT="Prise en charge SNMP"
54
SECTION_SOFTWARE="Logiciel"
55
SECTION_SQUID_SUPPORT="Prise en charge Squid"
56
SECTION_SSH_SUPPORT="Prise en charge SSH"
57
SECTION_STORAGE="Stockage"
58
SECTION_SYSTEM_INTEGRITY="Logiciel : Intégrité du système"
59
SECTION_SYSTEM_TOOLING="Logiciel : System tooling"
60
SECTION_SYSTEM_TOOLS="Outils système"
61
SECTION_TIME_AND_SYNCHRONIZATION="Heure et synchronisation"
62
SECTION_USB_DEVICES="Périphériques USB"
63
SECTION_USERS_GROUPS_AND_AUTHENTICATION="Utilisateurs, groupes et authentification"
64
SECTION_VIRTUALIZATION="Virtualisation"
65
SECTION_WEBSERVER="Logiciel : Serveur web"
66
STATUS_ACTIVE="ACTIF"
67
STATUS_CHECK_NEEDED="VÉRIFICATION NÉCESSAIRE"
68
STATUS_DEBUG="DÉBUG"
69
STATUS_DEFAULT="PAR DÉFAUT"
70
STATUS_DIFFERENT="DIFFÉRENT"
71
STATUS_DISABLED="DÉSACTIVÉ"
17
STATUS_DONE="FAIT"
72
STATUS_DONE="FAIT"
73
STATUS_ENABLED="ACTIVÉ"
74
STATUS_ERROR="ERREUR"
75
STATUS_EXPOSED="EXPOSÉ"
76
STATUS_FAILED="ÉCHOUÉ"
77
STATUS_FILES_FOUND="FICHIERS TROUVÉS"
18
STATUS_FOUND="TROUVÉ"
78
STATUS_FOUND="TROUVÉ"
19
STATUS_YES="OUI"
79
STATUS_HARDENED="RENFORCÉ"
80
STATUS_INSTALLED="INSTALLÉ"
81
STATUS_LOCAL_ONLY="LOCAL SEULEMENT"
82
STATUS_MEDIUM="MOYEN"
20
STATUS_NO="NON"
83
STATUS_NO="NON"
21
STATUS_OFF="OFF"
84
STATUS_NO_UPDATE="PAS DE MISE A JOUR"
22
STATUS_OK="OK"
85
STATUS_NON_DEFAULT="PAS PAR DÉFAUT"
23
STATUS_ON="ON"
24
STATUS_NONE="AUCUN"
86
STATUS_NONE="AUCUN"
87
STATUS_NOT_CONFIGURED="NON CONFIGURÉ"
88
STATUS_NOT_DISABLED="NON DESACTIVÉ"
89
STATUS_NOT_ENABLED="NON ACTIVÉ"
25
STATUS_NOT_FOUND="NON TROUVÉ"
90
STATUS_NOT_FOUND="NON TROUVÉ"
26
STATUS_NOT_RUNNING="NON LANCÉ"
91
STATUS_NOT_RUNNING="NON LANCÉ"
27
STATUS_RUNNING="EN COURS":
92
STATUS_OFF="OFF"
93
STATUS_OK="OK"
94
STATUS_ON="ON"
95
STATUS_PARTIALLY_HARDENED="PARTIELLEMENT RENFORCÉ"
96
STATUS_PROTECTED="PROTÉGÉ"
97
STATUS_RUNNING="EN COURS"
28
STATUS_SKIPPED="IGNORÉ"
98
STATUS_SKIPPED="IGNORÉ"
29
STATUS_SUGGESTION="SUGGESTION"
99
STATUS_SUGGESTION="SUGGESTION"
30
STATUS_UNKNOWN="INCONNU"
100
STATUS_UNKNOWN="INCONNU"
31
STATUS_WARNING="ATTENTION"
101
STATUS_UNSAFE="RISQUÉ"
32
TEXT_YOU_CAN_HELP_LOGFILE="Vous pouvez aider en envoyant votre fichier journal"
102
STATUS_UPDATE_AVAILABLE="MISE A JOUR DISPONIBLE"
103
STATUS_WARNING="AVERTISSEMENT"
104
STATUS_WEAK="FAIBLE"
105
STATUS_YES="OUI"
33
TEXT_UPDATE_AVAILABLE="Mise à jour disponible"
106
TEXT_UPDATE_AVAILABLE="Mise à jour disponible"
34
STATUS_DISABLED="DÉSACTIVÉ"
107
TEXT_YOU_CAN_HELP_LOGFILE="Vous pouvez aider en envoyant votre fichier journal"
35
STATUS_ENABLED="ACTIVÉ"
36
STATUS_ERROR="ERREUR"
37
ERROR_NO_LICENSE="Pas de clé de licence configurée"
38
ERROR_NO_UPLOAD_SERVER="Pas de serveur de transfert configuré"
(-)lynis-3.0.0/db/languages/gr (-6 / +74 lines)
Lines 10-39 Link Here
10
GEN_UPDATE_AVAILABLE="διαθέσιμη ενημέρωση"
10
GEN_UPDATE_AVAILABLE="διαθέσιμη ενημέρωση"
11
GEN_VERBOSE_MODE="Verbose mode"
11
GEN_VERBOSE_MODE="Verbose mode"
12
GEN_WHAT_TO_DO="Τι να κάνεις"
12
GEN_WHAT_TO_DO="Τι να κάνεις"
13
NOTE_EXCEPTIONS_FOUND="Βρέθηκαν Εξαιρέσεις"
14
NOTE_EXCEPTIONS_FOUND_DETAILED="Εντοπίστηκαν μερικά εξαιρετικά γεγονότα ή πληροφορίες"
13
NOTE_EXCEPTIONS_FOUND_DETAILED="Εντοπίστηκαν μερικά εξαιρετικά γεγονότα ή πληροφορίες"
14
NOTE_EXCEPTIONS_FOUND="Βρέθηκαν Εξαιρέσεις"
15
NOTE_PLUGINS_TAKE_TIME="Note: Τα plugins έχουν πιο εκτεταμένες δοκιμές και μπορεί να διαρκέσουν αρκετά λεπτά για να ολοκληρωθούν"
15
NOTE_PLUGINS_TAKE_TIME="Note: Τα plugins έχουν πιο εκτεταμένες δοκιμές και μπορεί να διαρκέσουν αρκετά λεπτά για να ολοκληρωθούν"
16
NOTE_SKIPPED_TESTS_NON_PRIVILEGED="Παράλειψη δοκιμών λόγω μη προνομιακής λειτουργίας"
16
NOTE_SKIPPED_TESTS_NON_PRIVILEGED="Παράλειψη δοκιμών λόγω μη προνομιακής λειτουργίας"
17
#SECTION_ACCOUNTING="Accounting"
18
#SECTION_BANNERS_AND_IDENTIFICATION="Banners and identification"
19
#SECTION_BASICS="Basics"
20
#SECTION_BOOT_AND_SERVICES="Boot and services"
21
#SECTION_CONTAINERS="Containers"
22
#SECTION_CRYPTOGRAPHY="Cryptography"
17
SECTION_CUSTOM_TESTS="Προσαρμοσμένες δοκιμές"
23
SECTION_CUSTOM_TESTS="Προσαρμοσμένες δοκιμές"
24
#SECTION_DATABASES="Databases"
25
#SECTION_DATA_UPLOAD="Data upload"
26
#SECTION_DOWNLOADS="Downloads"
27
#SECTION_EMAIL_AND_MESSAGING="Software: e-mail and messaging"
28
#SECTION_FILE_INTEGRITY="Software: file integrity"
29
#SECTION_FILE_PERMISSIONS="File Permissions"
30
#SECTION_FILE_SYSTEMS="File systems"
31
#SECTION_FIREWALLS="Software: firewalls"
32
#SECTION_GENERAL="General"
33
#SECTION_HARDENING="Hardening"
34
#SECTION_HOME_DIRECTORIES="Home directories"
35
#SECTION_IMAGE="Image"
36
#SECTION_INITIALIZING_PROGRAM="Initializing program"
37
#SECTION_INSECURE_SERVICES="Insecure services"
38
#SECTION_KERNEL_HARDENING="Kernel Hardening"
39
#SECTION_KERNEL="Kernel"
40
#SECTION_LDAP_SERVICES="LDAP Services"
41
#SECTION_LOGGING_AND_FILES="Logging and files"
18
SECTION_MALWARE="Κακόβουλο λογισμικό"
42
SECTION_MALWARE="Κακόβουλο λογισμικό"
19
SECTION_MEMORY_AND_PROCESSES="Μνήμη και διεργασίες"
43
SECTION_MEMORY_AND_PROCESSES="Μνήμη και διεργασίες"
44
#SECTION_NAME_SERVICES="Name services"
45
#SECTION_NETWORKING="Networking"
46
#SECTION_PERMISSIONS="Permissions"
47
#SECTION_PORTS_AND_PACKAGES="Ports and packages"
48
#SECTION_PRINTERS_AND_SPOOLS="Printers and Spools"
49
#SECTION_PROGRAM_DETAILS="Program Details"
50
#SECTION_SCHEDULED_TASKS="Scheduled tasks"
51
#SECTION_SECURITY_FRAMEWORKS="Security frameworks"
52
#SECTION_SHELLS="Shells"
53
#SECTION_SNMP_SUPPORT="SNMP Support"
54
#SECTION_SOFTWARE="Software"
55
#SECTION_SQUID_SUPPORT="Squid Support"
56
#SECTION_SSH_SUPPORT="SSH Support"
57
#SECTION_STORAGE="Storage"
58
#SECTION_SYSTEM_INTEGRITY="Software: System integrity"
59
#SECTION_SYSTEM_TOOLING="Software: System tooling"
60
#SECTION_SYSTEM_TOOLS="System tools"
61
#SECTION_TIME_AND_SYNCHRONIZATION="Time and Synchronization"
62
#SECTION_USB_DEVICES="USB Devices"
63
#SECTION_USERS_GROUPS_AND_AUTHENTICATION="Users, Groups and Authentication"
64
#SECTION_VIRTUALIZATION="Virtualization"
65
#SECTION_WEBSERVER="Software: webserver"
66
#STATUS_ACTIVE="ACTIVE"
67
#STATUS_CHECK_NEEDED="CHECK NEEDED"
68
#STATUS_DEBUG="DEBUG"
69
#STATUS_DEFAULT="DEFAULT"
70
#STATUS_DIFFERENT="DIFFERENT"
20
STATUS_DISABLED="DISABLED"
71
STATUS_DISABLED="DISABLED"
21
STATUS_DONE="DONE"
72
STATUS_DONE="DONE"
22
STATUS_ENABLED="ENABLED"
73
STATUS_ENABLED="ENABLED"
23
STATUS_ERROR="ΣΦΑΛΜΑ"
74
STATUS_ERROR="ΣΦΑΛΜΑ"
75
#STATUS_EXPOSED="EXPOSED"
76
#STATUS_FAILED="FAILED"
77
#STATUS_FILES_FOUND="FILES FOUND"
24
STATUS_FOUND="ΒΡΕΘΗΚΕ"
78
STATUS_FOUND="ΒΡΕΘΗΚΕ"
25
STATUS_YES="ΝΑΙ"
79
#STATUS_HARDENED="HARDENED"
80
#STATUS_INSTALLED="INSTALLED"
81
#STATUS_LOCAL_ONLY="LOCAL ONLY"
82
#STATUS_MEDIUM="MEDIUM"
83
#STATUS_NON_DEFAULT="NON DEFAULT"
84
STATUS_NONE="ΚΑΝΕΝΑ"
85
#STATUS_NOT_CONFIGURED="NOT CONFIGURED"
86
#STATUS_NOT_DISABLED="NOT DISABLED"
87
#STATUS_NOT_ENABLED="NOT ENABLED"
88
STATUS_NOT_FOUND="ΔΕΝ ΒΡΕΘΗΚΕ"
89
STATUS_NOT_RUNNING="ΔΕΝ ΤΡΕΧΕΙ"
90
#STATUS_NO_UPDATE="NO UPDATE"
26
STATUS_NO="ΟΧΙ"
91
STATUS_NO="ΟΧΙ"
27
STATUS_OFF="OFF"
92
STATUS_OFF="OFF"
28
STATUS_OK="OK"
93
STATUS_OK="OK"
29
STATUS_ON="ON"
94
STATUS_ON="ON"
30
STATUS_NONE="ΚΑΝΕΝΑ"
95
#STATUS_PARTIALLY_HARDENED="PARTIALLY HARDENED"
31
STATUS_NOT_FOUND="ΔΕΝ ΒΡΕΘΗΚΕ"
96
#STATUS_PROTECTED="PROTECTED"
32
STATUS_NOT_RUNNING="ΔΕΝ ΤΡΕΧΕΙ"
33
STATUS_RUNNING="ΤΡΕΧΕΙ"
97
STATUS_RUNNING="ΤΡΕΧΕΙ"
34
STATUS_SKIPPED="ΞΕΠΕΡΑΣΤΗΚΕ"
98
STATUS_SKIPPED="ΞΕΠΕΡΑΣΤΗΚΕ"
35
STATUS_SUGGESTION="ΠΡΟΤΑΣΗ"
99
STATUS_SUGGESTION="ΠΡΟΤΑΣΗ"
36
STATUS_UNKNOWN="ΑΓΝΩΣΤΟ"
100
STATUS_UNKNOWN="ΑΓΝΩΣΤΟ"
101
#STATUS_UNSAFE="UNSAFE"
102
#STATUS_UPDATE_AVAILABLE="UPDATE AVAILABLE"
37
STATUS_WARNING="ΠΡΟΣΟΧΗ"
103
STATUS_WARNING="ΠΡΟΣΟΧΗ"
38
TEXT_YOU_CAN_HELP_LOGFILE="Μπορείτε να βοηθήσετε παρέχοντας το αρχείο καταγραφής"
104
#STATUS_WEAK="WEAK"
105
STATUS_YES="ΝΑΙ"
39
TEXT_UPDATE_AVAILABLE="διαθέσιμη ενημέρωση"
106
TEXT_UPDATE_AVAILABLE="διαθέσιμη ενημέρωση"
107
TEXT_YOU_CAN_HELP_LOGFILE="Μπορείτε να βοηθήσετε παρέχοντας το αρχείο καταγραφής"
(-)lynis-3.0.0/db/languages/he (-6 / +74 lines)
Lines 10-39 Link Here
10
GEN_UPDATE_AVAILABLE="עדכון זמין"
10
GEN_UPDATE_AVAILABLE="עדכון זמין"
11
GEN_VERBOSE_MODE="מצב ארכני"
11
GEN_VERBOSE_MODE="מצב ארכני"
12
GEN_WHAT_TO_DO="לביצוע"
12
GEN_WHAT_TO_DO="לביצוע"
13
NOTE_EXCEPTIONS_FOUND="נמצאו אירועים חריגים"
14
NOTE_EXCEPTIONS_FOUND_DETAILED="אירועים חריגים או מידע חריג נמצא"
13
NOTE_EXCEPTIONS_FOUND_DETAILED="אירועים חריגים או מידע חריג נמצא"
14
NOTE_EXCEPTIONS_FOUND="נמצאו אירועים חריגים"
15
NOTE_PLUGINS_TAKE_TIME="לידיעה: חלק מהבדיקות יקחו זמן רב יותר מהרגיל"
15
NOTE_PLUGINS_TAKE_TIME="לידיעה: חלק מהבדיקות יקחו זמן רב יותר מהרגיל"
16
NOTE_SKIPPED_TESTS_NON_PRIVILEGED="מדלג על בדיקה עקב אי פריבילגיות"
16
NOTE_SKIPPED_TESTS_NON_PRIVILEGED="מדלג על בדיקה עקב אי פריבילגיות"
17
#SECTION_ACCOUNTING="Accounting"
18
#SECTION_BANNERS_AND_IDENTIFICATION="Banners and identification"
19
#SECTION_BASICS="Basics"
20
#SECTION_BOOT_AND_SERVICES="Boot and services"
21
#SECTION_CONTAINERS="Containers"
22
#SECTION_CRYPTOGRAPHY="Cryptography"
17
SECTION_CUSTOM_TESTS="בדיקה מותאמות"
23
SECTION_CUSTOM_TESTS="בדיקה מותאמות"
24
#SECTION_DATABASES="Databases"
25
#SECTION_DATA_UPLOAD="Data upload"
26
#SECTION_DOWNLOADS="Downloads"
27
#SECTION_EMAIL_AND_MESSAGING="Software: e-mail and messaging"
28
#SECTION_FILE_INTEGRITY="Software: file integrity"
29
#SECTION_FILE_PERMISSIONS="File Permissions"
30
#SECTION_FILE_SYSTEMS="File systems"
31
#SECTION_FIREWALLS="Software: firewalls"
32
#SECTION_GENERAL="General"
33
#SECTION_HARDENING="Hardening"
34
#SECTION_HOME_DIRECTORIES="Home directories"
35
#SECTION_IMAGE="Image"
36
#SECTION_INITIALIZING_PROGRAM="Initializing program"
37
#SECTION_INSECURE_SERVICES="Insecure services"
38
#SECTION_KERNEL_HARDENING="Kernel Hardening"
39
#SECTION_KERNEL="Kernel"
40
#SECTION_LDAP_SERVICES="LDAP Services"
41
#SECTION_LOGGING_AND_FILES="Logging and files"
18
SECTION_MALWARE="תוכנה זדונית"
42
SECTION_MALWARE="תוכנה זדונית"
19
SECTION_MEMORY_AND_PROCESSES="זיכרון ותהליכים"
43
SECTION_MEMORY_AND_PROCESSES="זיכרון ותהליכים"
44
#SECTION_NAME_SERVICES="Name services"
45
#SECTION_NETWORKING="Networking"
46
#SECTION_PERMISSIONS="Permissions"
47
#SECTION_PORTS_AND_PACKAGES="Ports and packages"
48
#SECTION_PRINTERS_AND_SPOOLS="Printers and Spools"
49
#SECTION_PROGRAM_DETAILS="Program Details"
50
#SECTION_SCHEDULED_TASKS="Scheduled tasks"
51
#SECTION_SECURITY_FRAMEWORKS="Security frameworks"
52
#SECTION_SHELLS="Shells"
53
#SECTION_SNMP_SUPPORT="SNMP Support"
54
#SECTION_SOFTWARE="Software"
55
#SECTION_SQUID_SUPPORT="Squid Support"
56
#SECTION_SSH_SUPPORT="SSH Support"
57
#SECTION_STORAGE="Storage"
58
#SECTION_SYSTEM_INTEGRITY="Software: System integrity"
59
#SECTION_SYSTEM_TOOLING="Software: System tooling"
60
#SECTION_SYSTEM_TOOLS="System tools"
61
#SECTION_TIME_AND_SYNCHRONIZATION="Time and Synchronization"
62
#SECTION_USB_DEVICES="USB Devices"
63
#SECTION_USERS_GROUPS_AND_AUTHENTICATION="Users, Groups and Authentication"
64
#SECTION_VIRTUALIZATION="Virtualization"
65
#SECTION_WEBSERVER="Software: webserver"
66
#STATUS_ACTIVE="ACTIVE"
67
#STATUS_CHECK_NEEDED="CHECK NEEDED"
68
#STATUS_DEBUG="DEBUG"
69
#STATUS_DEFAULT="DEFAULT"
70
#STATUS_DIFFERENT="DIFFERENT"
20
STATUS_DISABLED="לא זמין"
71
STATUS_DISABLED="לא זמין"
21
STATUS_DONE="סיום"
72
STATUS_DONE="סיום"
22
STATUS_ENABLED="זמין"
73
STATUS_ENABLED="זמין"
23
STATUS_ERROR="שגיאה"
74
STATUS_ERROR="שגיאה"
75
#STATUS_EXPOSED="EXPOSED"
76
#STATUS_FAILED="FAILED"
77
#STATUS_FILES_FOUND="FILES FOUND"
24
STATUS_FOUND="נמצא"
78
STATUS_FOUND="נמצא"
25
STATUS_YES="כן"
79
#STATUS_HARDENED="HARDENED"
80
#STATUS_INSTALLED="INSTALLED"
81
#STATUS_LOCAL_ONLY="LOCAL ONLY"
82
#STATUS_MEDIUM="MEDIUM"
83
#STATUS_NON_DEFAULT="NON DEFAULT"
84
STATUS_NONE="אין כלל"
85
#STATUS_NOT_CONFIGURED="NOT CONFIGURED"
86
#STATUS_NOT_DISABLED="NOT DISABLED"
87
#STATUS_NOT_ENABLED="NOT ENABLED"
88
STATUS_NOT_FOUND="לא נמצא"
89
STATUS_NOT_RUNNING="לא רץ"
90
#STATUS_NO_UPDATE="NO UPDATE"
26
STATUS_NO="לא"
91
STATUS_NO="לא"
27
STATUS_OFF="כבוי"
92
STATUS_OFF="כבוי"
28
STATUS_OK="או קי"
93
STATUS_OK="או קי"
29
STATUS_ON="פועל"
94
STATUS_ON="פועל"
30
STATUS_NONE="אין כלל"
95
#STATUS_PARTIALLY_HARDENED="PARTIALLY HARDENED"
31
STATUS_NOT_FOUND="לא נמצא"
96
#STATUS_PROTECTED="PROTECTED"
32
STATUS_NOT_RUNNING="לא רץ"
33
STATUS_RUNNING="בהרצה"
97
STATUS_RUNNING="בהרצה"
34
STATUS_SKIPPED="דולג"
98
STATUS_SKIPPED="דולג"
35
STATUS_SUGGESTION="הצעה"
99
STATUS_SUGGESTION="הצעה"
36
STATUS_UNKNOWN="לא ידוע"
100
STATUS_UNKNOWN="לא ידוע"
101
#STATUS_UNSAFE="UNSAFE"
102
#STATUS_UPDATE_AVAILABLE="UPDATE AVAILABLE"
37
STATUS_WARNING="אזהרה"
103
STATUS_WARNING="אזהרה"
38
TEXT_YOU_CAN_HELP_LOGFILE="ניתן לעזור על ידי שליחת קובץ הלוג"
104
#STATUS_WEAK="WEAK"
105
STATUS_YES="כן"
39
TEXT_UPDATE_AVAILABLE="עדכון זמין"
106
TEXT_UPDATE_AVAILABLE="עדכון זמין"
107
TEXT_YOU_CAN_HELP_LOGFILE="ניתן לעזור על ידי שליחת קובץ הלוג"
(-)lynis-3.0.0/db/languages/hu (-7 / +76 lines)
Lines 4-38 Link Here
4
GEN_CURRENT_VERSION="Jelenlegi verzió"
4
GEN_CURRENT_VERSION="Jelenlegi verzió"
5
GEN_DEBUG_MODE="Debug mode"
5
GEN_DEBUG_MODE="Debug mode"
6
GEN_INITIALIZE_PROGRAM="Initializing program"
6
GEN_INITIALIZE_PROGRAM="Initializing program"
7
#GEN_LATEST_VERSION="Latest version"
7
GEN_PHASE="szakasz"
8
GEN_PHASE="szakasz"
8
GEN_PLUGINS_ENABLED="Bővitmények engedelyézve"
9
GEN_PLUGINS_ENABLED="Bővitmények engedelyézve"
9
GEN_VERBOSE_MODE="Verbose mode"
10
GEN_UPDATE_AVAILABLE="frissítés elérhető"
10
GEN_UPDATE_AVAILABLE="frissítés elérhető"
11
GEN_VERBOSE_MODE="Verbose mode"
11
GEN_WHAT_TO_DO="What to do"
12
GEN_WHAT_TO_DO="What to do"
12
NOTE_EXCEPTIONS_FOUND="Exceptions found"
13
NOTE_EXCEPTIONS_FOUND_DETAILED="Some exceptional events or information was found"
13
NOTE_EXCEPTIONS_FOUND_DETAILED="Some exceptional events or information was found"
14
NOTE_EXCEPTIONS_FOUND="Exceptions found"
14
NOTE_PLUGINS_TAKE_TIME="Note: plugins have more extensive tests and may take several minutes to complete"
15
NOTE_PLUGINS_TAKE_TIME="Note: plugins have more extensive tests and may take several minutes to complete"
15
NOTE_SKIPPED_TESTS_NON_PRIVILEGED="Skipped tests due to non-privileged mode"
16
NOTE_SKIPPED_TESTS_NON_PRIVILEGED="Skipped tests due to non-privileged mode"
17
#SECTION_ACCOUNTING="Accounting"
18
#SECTION_BANNERS_AND_IDENTIFICATION="Banners and identification"
19
#SECTION_BASICS="Basics"
20
#SECTION_BOOT_AND_SERVICES="Boot and services"
21
#SECTION_CONTAINERS="Containers"
22
#SECTION_CRYPTOGRAPHY="Cryptography"
16
SECTION_CUSTOM_TESTS="Egyedi Tesztek"
23
SECTION_CUSTOM_TESTS="Egyedi Tesztek"
24
#SECTION_DATABASES="Databases"
25
#SECTION_DATA_UPLOAD="Data upload"
26
#SECTION_DOWNLOADS="Downloads"
27
#SECTION_EMAIL_AND_MESSAGING="Software: e-mail and messaging"
28
#SECTION_FILE_INTEGRITY="Software: file integrity"
29
#SECTION_FILE_PERMISSIONS="File Permissions"
30
#SECTION_FILE_SYSTEMS="File systems"
31
#SECTION_FIREWALLS="Software: firewalls"
32
#SECTION_GENERAL="General"
33
#SECTION_HARDENING="Hardening"
34
#SECTION_HOME_DIRECTORIES="Home directories"
35
#SECTION_IMAGE="Image"
36
#SECTION_INITIALIZING_PROGRAM="Initializing program"
37
#SECTION_INSECURE_SERVICES="Insecure services"
38
#SECTION_KERNEL_HARDENING="Kernel Hardening"
39
#SECTION_KERNEL="Kernel"
40
#SECTION_LDAP_SERVICES="LDAP Services"
41
#SECTION_LOGGING_AND_FILES="Logging and files"
17
SECTION_MALWARE="Malware"
42
SECTION_MALWARE="Malware"
18
SECTION_MEMORY_AND_PROCESSES="Memória és Folyamatok"
43
SECTION_MEMORY_AND_PROCESSES="Memória és Folyamatok"
44
#SECTION_NAME_SERVICES="Name services"
45
#SECTION_NETWORKING="Networking"
46
#SECTION_PERMISSIONS="Permissions"
47
#SECTION_PORTS_AND_PACKAGES="Ports and packages"
48
#SECTION_PRINTERS_AND_SPOOLS="Printers and Spools"
49
#SECTION_PROGRAM_DETAILS="Program Details"
50
#SECTION_SCHEDULED_TASKS="Scheduled tasks"
51
#SECTION_SECURITY_FRAMEWORKS="Security frameworks"
52
#SECTION_SHELLS="Shells"
53
#SECTION_SNMP_SUPPORT="SNMP Support"
54
#SECTION_SOFTWARE="Software"
55
#SECTION_SQUID_SUPPORT="Squid Support"
56
#SECTION_SSH_SUPPORT="SSH Support"
57
#SECTION_STORAGE="Storage"
58
#SECTION_SYSTEM_INTEGRITY="Software: System integrity"
59
#SECTION_SYSTEM_TOOLING="Software: System tooling"
60
#SECTION_SYSTEM_TOOLS="System tools"
61
#SECTION_TIME_AND_SYNCHRONIZATION="Time and Synchronization"
62
#SECTION_USB_DEVICES="USB Devices"
63
#SECTION_USERS_GROUPS_AND_AUTHENTICATION="Users, Groups and Authentication"
64
#SECTION_VIRTUALIZATION="Virtualization"
65
#SECTION_WEBSERVER="Software: webserver"
66
#STATUS_ACTIVE="ACTIVE"
67
#STATUS_CHECK_NEEDED="CHECK NEEDED"
68
#STATUS_DEBUG="DEBUG"
69
#STATUS_DEFAULT="DEFAULT"
70
#STATUS_DIFFERENT="DIFFERENT"
19
STATUS_DISABLED="LETILTOTT"
71
STATUS_DISABLED="LETILTOTT"
20
STATUS_DONE="KÉSZ"
72
STATUS_DONE="KÉSZ"
21
STATUS_ENABLED="ENGEDÉLYEZETT"
73
STATUS_ENABLED="ENGEDÉLYEZETT"
22
STATUS_ERROR="HIBA"
74
STATUS_ERROR="HIBA"
75
#STATUS_EXPOSED="EXPOSED"
76
#STATUS_FAILED="FAILED"
77
#STATUS_FILES_FOUND="FILES FOUND"
23
STATUS_FOUND="FOUND"
78
STATUS_FOUND="FOUND"
24
STATUS_YES="IGEN"
79
#STATUS_HARDENED="HARDENED"
80
#STATUS_INSTALLED="INSTALLED"
81
#STATUS_LOCAL_ONLY="LOCAL ONLY"
82
#STATUS_MEDIUM="MEDIUM"
83
#STATUS_NON_DEFAULT="NON DEFAULT"
25
STATUS_NO="NEM"
84
STATUS_NO="NEM"
26
STATUS_OFF="KI"
27
STATUS_OK="OK"
28
STATUS_ON="BE"
29
STATUS_NONE="NONE"
85
STATUS_NONE="NONE"
86
#STATUS_NOT_CONFIGURED="NOT CONFIGURED"
87
#STATUS_NOT_DISABLED="NOT DISABLED"
88
#STATUS_NOT_ENABLED="NOT ENABLED"
30
STATUS_NOT_FOUND="NOT FOUND"
89
STATUS_NOT_FOUND="NOT FOUND"
31
STATUS_NOT_RUNNING="NOT RUNNING"
90
STATUS_NOT_RUNNING="NOT RUNNING"
91
#STATUS_NO_UPDATE="NO UPDATE"
92
STATUS_OFF="KI"
93
STATUS_OK="OK"
94
STATUS_ON="BE"
95
#STATUS_PARTIALLY_HARDENED="PARTIALLY HARDENED"
96
#STATUS_PROTECTED="PROTECTED"
32
STATUS_RUNNING="RUNNING"
97
STATUS_RUNNING="RUNNING"
33
STATUS_SKIPPED="SKIPPED"
98
STATUS_SKIPPED="SKIPPED"
34
STATUS_SUGGESTION="JAVASLAT"
99
STATUS_SUGGESTION="JAVASLAT"
35
STATUS_UNKNOWN="UNKNOWN"
100
STATUS_UNKNOWN="UNKNOWN"
101
#STATUS_UNSAFE="UNSAFE"
102
#STATUS_UPDATE_AVAILABLE="UPDATE AVAILABLE"
36
STATUS_WARNING="FIGYELMEZTETÉS"
103
STATUS_WARNING="FIGYELMEZTETÉS"
37
TEXT_YOU_CAN_HELP_LOGFILE="You can help by providing your log file"
104
#STATUS_WEAK="WEAK"
105
STATUS_YES="IGEN"
38
TEXT_UPDATE_AVAILABLE="frissítés elérhető"
106
TEXT_UPDATE_AVAILABLE="frissítés elérhető"
107
TEXT_YOU_CAN_HELP_LOGFILE="You can help by providing your log file"
(-)lynis-3.0.0/db/languages/it (-13 / +82 lines)
Lines 1-38 Link Here
1
ERROR_NO_LICENSE="Nessuna chiave di licenza configurata"
2
ERROR_NO_UPLOAD_SERVER="Nessun server di upload configurato"
1
GEN_CHECKING="Controllo"
3
GEN_CHECKING="Controllo"
2
GEN_CURRENT_VERSION="Versione corrente"
4
GEN_CURRENT_VERSION="Versione corrente"
3
GEN_DEBUG_MODE="Modalità Debug"
5
GEN_DEBUG_MODE="Modalità Debug"
4
GEN_INITIALIZE_PROGRAM="Inizializzando il programma"
6
GEN_INITIALIZE_PROGRAM="Inizializzando il programma"
7
GEN_LATEST_VERSION="Versione ultima"
5
GEN_PHASE="fase"
8
GEN_PHASE="fase"
6
GEN_PLUGINS_ENABLED="Plugin abilitati"
9
GEN_PLUGINS_ENABLED="Plugin abilitati"
7
GEN_VERBOSE_MODE="Modalità Verbose"
8
GEN_UPDATE_AVAILABLE="aggiornamento disponibile"
10
GEN_UPDATE_AVAILABLE="aggiornamento disponibile"
11
GEN_VERBOSE_MODE="Modalità Verbose"
9
GEN_WHAT_TO_DO="Cosa fare"
12
GEN_WHAT_TO_DO="Cosa fare"
10
NOTE_EXCEPTIONS_FOUND="Trovate Eccezioni"
11
NOTE_EXCEPTIONS_FOUND_DETAILED="Sono stati rilevati alcuni eventi o informazioni eccezionali"
13
NOTE_EXCEPTIONS_FOUND_DETAILED="Sono stati rilevati alcuni eventi o informazioni eccezionali"
14
NOTE_EXCEPTIONS_FOUND="Trovate Eccezioni"
12
NOTE_PLUGINS_TAKE_TIME="Nota: i plugin sono sottoposti a test più estesi e possono richiedere alcuni minuti per il completamento"
15
NOTE_PLUGINS_TAKE_TIME="Nota: i plugin sono sottoposti a test più estesi e possono richiedere alcuni minuti per il completamento"
16
NOTE_SKIPPED_TESTS_NON_PRIVILEGED="Test saltati a causa della modalità di esecuzione non privilegiata"
17
#SECTION_ACCOUNTING="Accounting"
18
#SECTION_BANNERS_AND_IDENTIFICATION="Banners and identification"
19
#SECTION_BASICS="Basics"
20
#SECTION_BOOT_AND_SERVICES="Boot and services"
21
#SECTION_CONTAINERS="Containers"
22
#SECTION_CRYPTOGRAPHY="Cryptography"
13
SECTION_CUSTOM_TESTS="Test su misura (Custom)"
23
SECTION_CUSTOM_TESTS="Test su misura (Custom)"
24
#SECTION_DATABASES="Databases"
25
#SECTION_DATA_UPLOAD="Data upload"
26
SECTION_DOWNLOADS="Scaricamenti"
27
#SECTION_EMAIL_AND_MESSAGING="Software: e-mail and messaging"
28
#SECTION_FILE_INTEGRITY="Software: file integrity"
29
#SECTION_FILE_PERMISSIONS="File Permissions"
30
#SECTION_FILE_SYSTEMS="File systems"
31
#SECTION_FIREWALLS="Software: firewalls"
32
SECTION_GENERAL="Generale"
33
#SECTION_HARDENING="Hardening"
34
#SECTION_HOME_DIRECTORIES="Home directories"
35
#SECTION_IMAGE="Image"
36
SECTION_INITIALIZING_PROGRAM="Inizializzando il programma"
37
SECTION_INSECURE_SERVICES="Service insicuri"
38
#SECTION_KERNEL_HARDENING="Kernel Hardening"
39
#SECTION_KERNEL="Kernel"
40
#SECTION_LDAP_SERVICES="LDAP Services"
41
#SECTION_LOGGING_AND_FILES="Logging and files"
14
SECTION_MALWARE="Malware"
42
SECTION_MALWARE="Malware"
15
SECTION_MEMORY_AND_PROCESSES="Memoria e Processi"
43
SECTION_MEMORY_AND_PROCESSES="Memoria e Processi"
44
#SECTION_NAME_SERVICES="Name services"
45
#SECTION_NETWORKING="Networking"
46
#SECTION_PERMISSIONS="Permissions"
47
#SECTION_PORTS_AND_PACKAGES="Ports and packages"
48
#SECTION_PRINTERS_AND_SPOOLS="Printers and Spools"
49
#SECTION_PROGRAM_DETAILS="Program Details"
50
#SECTION_SCHEDULED_TASKS="Scheduled tasks"
51
#SECTION_SECURITY_FRAMEWORKS="Security frameworks"
52
#SECTION_SHELLS="Shells"
53
#SECTION_SNMP_SUPPORT="SNMP Support"
54
#SECTION_SOFTWARE="Software"
55
#SECTION_SQUID_SUPPORT="Squid Support"
56
#SECTION_SSH_SUPPORT="SSH Support"
57
SECTION_STORAGE="Spazio di archiviazione"
58
#SECTION_SYSTEM_INTEGRITY="Software: System integrity"
59
#SECTION_SYSTEM_TOOLING="Software: System tooling"
60
#SECTION_SYSTEM_TOOLS="System tools"
61
SECTION_TIME_AND_SYNCHRONIZATION="Tempo and Sincronizzazione"
62
#SECTION_USB_DEVICES="USB Devices"
63
#SECTION_USERS_GROUPS_AND_AUTHENTICATION="Users, Groups and Authentication"
64
#SECTION_VIRTUALIZATION="Virtualization"
65
#SECTION_WEBSERVER="Software: webserver"
66
#STATUS_ACTIVE="ACTIVE"
67
#STATUS_CHECK_NEEDED="CHECK NEEDED"
68
#STATUS_DEBUG="DEBUG"
69
#STATUS_DEFAULT="DEFAULT"
70
#STATUS_DIFFERENT="DIFFERENT"
71
STATUS_DISABLED="DISABILITATO"
16
STATUS_DONE="FATTO"
72
STATUS_DONE="FATTO"
73
STATUS_ENABLED="ABILITATO"
74
STATUS_ERROR="ERRORE"
75
#STATUS_EXPOSED="EXPOSED"
76
STATUS_FAILED="FALLITO"
77
#STATUS_FILES_FOUND="FILES FOUND"
17
STATUS_FOUND="TROVATO"
78
STATUS_FOUND="TROVATO"
18
STATUS_YES="SI"
79
#STATUS_HARDENED="HARDENED"
80
#STATUS_INSTALLED="INSTALLED"
81
#STATUS_LOCAL_ONLY="LOCAL ONLY"
82
#STATUS_MEDIUM="MEDIUM"
83
#STATUS_NON_DEFAULT="NON DEFAULT"
84
STATUS_NONE="NESSUNO"
19
STATUS_NO="NO"
85
STATUS_NO="NO"
86
STATUS_NOT_CONFIGURED="NON CONFIGURATO"
87
#STATUS_NOT_DISABLED="NOT DISABLED"
88
#STATUS_NOT_ENABLED="NOT ENABLED"
89
STATUS_NOT_FOUND="NON TROVATO"
90
STATUS_NOT_RUNNING="NON IN ESECUZIONE"
91
#STATUS_NO_UPDATE="NO UPDATE"
20
STATUS_OFF="OFF"
92
STATUS_OFF="OFF"
21
STATUS_OK="OK"
93
STATUS_OK="OK"
22
STATUS_ON="ON"
94
STATUS_ON="ON"
23
STATUS_NONE="NESSUNO"
95
#STATUS_PARTIALLY_HARDENED="PARTIALLY HARDENED"
24
STATUS_NOT_FOUND="NON TROVATO"
96
#STATUS_PROTECTED="PROTECTED"
25
STATUS_NOT_RUNNING="NON IN ESECUZIONE"
26
STATUS_RUNNING="IN ESECUZIONE"
97
STATUS_RUNNING="IN ESECUZIONE"
27
STATUS_SKIPPED="SALTATO"
98
STATUS_SKIPPED="SALTATO"
28
STATUS_SUGGESTION="SUGGERIMENTO"
99
STATUS_SUGGESTION="SUGGERIMENTO"
29
STATUS_UNKNOWN="SCONOSCIUTO"
100
STATUS_UNKNOWN="SCONOSCIUTO"
101
#STATUS_UNSAFE="UNSAFE"
102
#STATUS_UPDATE_AVAILABLE="UPDATE AVAILABLE"
30
STATUS_WARNING="ATTENZIONE"
103
STATUS_WARNING="ATTENZIONE"
31
TEXT_YOU_CAN_HELP_LOGFILE="Puoi aiutare fornendoci il tuo file di log"
104
STATUS_WEAK="DEBOLE"
105
STATUS_YES="SI"
32
TEXT_UPDATE_AVAILABLE="aggiornamento disponibile"
106
TEXT_UPDATE_AVAILABLE="aggiornamento disponibile"
33
NOTE_SKIPPED_TESTS_NON_PRIVILEGED="Test saltati a causa della modalità di esecuzione non privilegiata"
107
TEXT_YOU_CAN_HELP_LOGFILE="Puoi aiutare fornendoci il tuo file di log"
34
STATUS_DISABLED="DISABILITATO"
35
STATUS_ENABLED="ABILITATO"
36
STATUS_ERROR="ERRORE"
37
ERROR_NO_LICENSE="Nessuna chiave di licenza configurata"
38
ERROR_NO_UPLOAD_SERVER="Nessun server di upload configurato"
(-)lynis-3.0.0/db/languages/ja (-7 / +81 lines)
Lines 1-33 Link Here
1
#ERROR_NO_LICENSE="No license key configured"
2
#ERROR_NO_UPLOAD_SERVER="No upload server configured"
1
GEN_CHECKING="チェック中"
3
GEN_CHECKING="チェック中"
2
GEN_CURRENT_VERSION="現在のバージョン"
4
GEN_CURRENT_VERSION="現在のバージョン"
3
GEN_DEBUG_MODE="デバッグモード"
5
GEN_DEBUG_MODE="デバッグモード"
4
GEN_INITIALIZE_PROGRAM="プログラムを初期化しています"
6
GEN_INITIALIZE_PROGRAM="プログラムを初期化しています"
7
#GEN_LATEST_VERSION="Latest version"
5
GEN_PHASE="フェーズ"
8
GEN_PHASE="フェーズ"
6
GEN_PLUGINS_ENABLED="プラグインが有効"
9
GEN_PLUGINS_ENABLED="プラグインが有効"
7
GEN_VERBOSE_MODE="詳細モード"
8
GEN_UPDATE_AVAILABLE="アップデートが利用可能"
10
GEN_UPDATE_AVAILABLE="アップデートが利用可能"
11
GEN_VERBOSE_MODE="詳細モード"
9
GEN_WHAT_TO_DO="What to do"
12
GEN_WHAT_TO_DO="What to do"
10
NOTE_EXCEPTIONS_FOUND="例外が見つかりました"
11
NOTE_EXCEPTIONS_FOUND_DETAILED="例外的なイベントや情報が見つかりました"
13
NOTE_EXCEPTIONS_FOUND_DETAILED="例外的なイベントや情報が見つかりました"
14
NOTE_EXCEPTIONS_FOUND="例外が見つかりました"
12
NOTE_PLUGINS_TAKE_TIME="注意:プラグインはより広範なテストがあり、完了までに数分かかる場合があります"
15
NOTE_PLUGINS_TAKE_TIME="注意:プラグインはより広範なテストがあり、完了までに数分かかる場合があります"
13
NOTE_SKIPPED_TESTS_NON_PRIVILEGED="非特権モードのためテストをスキップしました"
16
NOTE_SKIPPED_TESTS_NON_PRIVILEGED="非特権モードのためテストをスキップしました"
17
#SECTION_ACCOUNTING="Accounting"
18
#SECTION_BANNERS_AND_IDENTIFICATION="Banners and identification"
19
#SECTION_BASICS="Basics"
20
#SECTION_BOOT_AND_SERVICES="Boot and services"
21
#SECTION_CONTAINERS="Containers"
22
#SECTION_CRYPTOGRAPHY="Cryptography"
14
SECTION_CUSTOM_TESTS="カスタムテスト"
23
SECTION_CUSTOM_TESTS="カスタムテスト"
24
#SECTION_DATABASES="Databases"
25
#SECTION_DATA_UPLOAD="Data upload"
26
#SECTION_DOWNLOADS="Downloads"
27
#SECTION_EMAIL_AND_MESSAGING="Software: e-mail and messaging"
28
#SECTION_FILE_INTEGRITY="Software: file integrity"
29
#SECTION_FILE_PERMISSIONS="File Permissions"
30
#SECTION_FILE_SYSTEMS="File systems"
31
#SECTION_FIREWALLS="Software: firewalls"
32
#SECTION_GENERAL="General"
33
#SECTION_HARDENING="Hardening"
34
#SECTION_HOME_DIRECTORIES="Home directories"
35
#SECTION_IMAGE="Image"
36
#SECTION_INITIALIZING_PROGRAM="Initializing program"
37
#SECTION_INSECURE_SERVICES="Insecure services"
38
#SECTION_KERNEL_HARDENING="Kernel Hardening"
39
#SECTION_KERNEL="Kernel"
40
#SECTION_LDAP_SERVICES="LDAP Services"
41
#SECTION_LOGGING_AND_FILES="Logging and files"
15
SECTION_MALWARE="マルウェア"
42
SECTION_MALWARE="マルウェア"
16
SECTION_MEMORY_AND_PROCESSES="メモリーとプロセス"
43
SECTION_MEMORY_AND_PROCESSES="メモリーとプロセス"
44
#SECTION_NAME_SERVICES="Name services"
45
#SECTION_NETWORKING="Networking"
46
#SECTION_PERMISSIONS="Permissions"
47
#SECTION_PORTS_AND_PACKAGES="Ports and packages"
48
#SECTION_PRINTERS_AND_SPOOLS="Printers and Spools"
49
#SECTION_PROGRAM_DETAILS="Program Details"
50
#SECTION_SCHEDULED_TASKS="Scheduled tasks"
51
#SECTION_SECURITY_FRAMEWORKS="Security frameworks"
52
#SECTION_SHELLS="Shells"
53
#SECTION_SNMP_SUPPORT="SNMP Support"
54
#SECTION_SOFTWARE="Software"
55
#SECTION_SQUID_SUPPORT="Squid Support"
56
#SECTION_SSH_SUPPORT="SSH Support"
57
#SECTION_STORAGE="Storage"
58
#SECTION_SYSTEM_INTEGRITY="Software: System integrity"
59
#SECTION_SYSTEM_TOOLING="Software: System tooling"
60
#SECTION_SYSTEM_TOOLS="System tools"
61
#SECTION_TIME_AND_SYNCHRONIZATION="Time and Synchronization"
62
#SECTION_USB_DEVICES="USB Devices"
63
#SECTION_USERS_GROUPS_AND_AUTHENTICATION="Users, Groups and Authentication"
64
#SECTION_VIRTUALIZATION="Virtualization"
65
#SECTION_WEBSERVER="Software: webserver"
66
#STATUS_ACTIVE="ACTIVE"
67
#STATUS_CHECK_NEEDED="CHECK NEEDED"
68
#STATUS_DEBUG="DEBUG"
69
#STATUS_DEFAULT="DEFAULT"
70
#STATUS_DIFFERENT="DIFFERENT"
71
#STATUS_DISABLED="DISABLED"
17
STATUS_DONE="完了"
72
STATUS_DONE="完了"
73
#STATUS_ENABLED="ENABLED"
74
#STATUS_ERROR="ERROR"
75
#STATUS_EXPOSED="EXPOSED"
76
#STATUS_FAILED="FAILED"
77
#STATUS_FILES_FOUND="FILES FOUND"
18
STATUS_FOUND="見つかりました"
78
STATUS_FOUND="見つかりました"
19
STATUS_YES="はい"
79
#STATUS_HARDENED="HARDENED"
80
#STATUS_INSTALLED="INSTALLED"
81
#STATUS_LOCAL_ONLY="LOCAL ONLY"
82
#STATUS_MEDIUM="MEDIUM"
20
STATUS_NO="いいえ"
83
STATUS_NO="いいえ"
21
STATUS_OFF="オフ"
84
#STATUS_NON_DEFAULT="NON DEFAULT"
22
STATUS_OK="OK"
23
STATUS_ON="オン"
24
STATUS_NONE="なし"
85
STATUS_NONE="なし"
86
#STATUS_NOT_CONFIGURED="NOT CONFIGURED"
87
#STATUS_NOT_DISABLED="NOT DISABLED"
88
#STATUS_NOT_ENABLED="NOT ENABLED"
25
STATUS_NOT_FOUND="見つかりません"
89
STATUS_NOT_FOUND="見つかりません"
26
STATUS_NOT_RUNNING="起動していません"
90
STATUS_NOT_RUNNING="起動していません"
91
#STATUS_NO_UPDATE="NO UPDATE"
92
STATUS_OFF="オフ"
93
STATUS_OK="OK"
94
STATUS_ON="オン"
95
#STATUS_PARTIALLY_HARDENED="PARTIALLY HARDENED"
96
#STATUS_PROTECTED="PROTECTED"
27
STATUS_RUNNING="起動中"
97
STATUS_RUNNING="起動中"
28
STATUS_SKIPPED="スキップ"
98
STATUS_SKIPPED="スキップ"
29
STATUS_SUGGESTION="提言があります"
99
STATUS_SUGGESTION="提言があります"
30
STATUS_UNKNOWN="不明"
100
STATUS_UNKNOWN="不明"
101
#STATUS_UNSAFE="UNSAFE"
102
#STATUS_UPDATE_AVAILABLE="UPDATE AVAILABLE"
31
STATUS_WARNING="警告"
103
STATUS_WARNING="警告"
32
TEXT_YOU_CAN_HELP_LOGFILE="You can help by providing your log file"
104
#STATUS_WEAK="WEAK"
105
STATUS_YES="はい"
33
TEXT_UPDATE_AVAILABLE="アップデートが利用可能"
106
TEXT_UPDATE_AVAILABLE="アップデートが利用可能"
107
TEXT_YOU_CAN_HELP_LOGFILE="You can help by providing your log file"
(-)lynis-3.0.0/db/languages/ko (-5 / +72 lines)
Lines 14-40 Link Here
14
NOTE_EXCEPTIONS_FOUND_DETAILED="몇 가지 예외 이벤트나 정보가 발견되었습니다"
14
NOTE_EXCEPTIONS_FOUND_DETAILED="몇 가지 예외 이벤트나 정보가 발견되었습니다"
15
NOTE_PLUGINS_TAKE_TIME="참고: 플러그인은 광범위한 테스트를 거치며 완료될 때까지 몇 분의 시간이 소요됩니다"
15
NOTE_PLUGINS_TAKE_TIME="참고: 플러그인은 광범위한 테스트를 거치며 완료될 때까지 몇 분의 시간이 소요됩니다"
16
NOTE_SKIPPED_TESTS_NON_PRIVILEGED="비특권 모드로 인해 테스트를 생략했습니다"
16
NOTE_SKIPPED_TESTS_NON_PRIVILEGED="비특권 모드로 인해 테스트를 생략했습니다"
17
#SECTION_ACCOUNTING="Accounting"
18
#SECTION_BANNERS_AND_IDENTIFICATION="Banners and identification"
19
#SECTION_BASICS="Basics"
20
#SECTION_BOOT_AND_SERVICES="Boot and services"
21
#SECTION_CONTAINERS="Containers"
22
#SECTION_CRYPTOGRAPHY="Cryptography"
17
SECTION_CUSTOM_TESTS="사용자정의 테스트"
23
SECTION_CUSTOM_TESTS="사용자정의 테스트"
24
#SECTION_DATABASES="Databases"
25
#SECTION_DATA_UPLOAD="Data upload"
26
#SECTION_DOWNLOADS="Downloads"
27
#SECTION_EMAIL_AND_MESSAGING="Software: e-mail and messaging"
28
#SECTION_FILE_INTEGRITY="Software: file integrity"
29
#SECTION_FILE_PERMISSIONS="File Permissions"
30
#SECTION_FILE_SYSTEMS="File systems"
31
#SECTION_FIREWALLS="Software: firewalls"
32
#SECTION_GENERAL="General"
33
#SECTION_HARDENING="Hardening"
34
#SECTION_HOME_DIRECTORIES="Home directories"
35
#SECTION_IMAGE="Image"
36
#SECTION_INITIALIZING_PROGRAM="Initializing program"
37
#SECTION_INSECURE_SERVICES="Insecure services"
38
#SECTION_KERNEL_HARDENING="Kernel Hardening"
39
#SECTION_KERNEL="Kernel"
40
#SECTION_LDAP_SERVICES="LDAP Services"
41
#SECTION_LOGGING_AND_FILES="Logging and files"
18
SECTION_MALWARE="악성코드"
42
SECTION_MALWARE="악성코드"
19
SECTION_MEMORY_AND_PROCESSES="메모리와 프로세스"
43
SECTION_MEMORY_AND_PROCESSES="메모리와 프로세스"
44
#SECTION_NAME_SERVICES="Name services"
45
#SECTION_NETWORKING="Networking"
46
#SECTION_PERMISSIONS="Permissions"
47
#SECTION_PORTS_AND_PACKAGES="Ports and packages"
48
#SECTION_PRINTERS_AND_SPOOLS="Printers and Spools"
49
#SECTION_PROGRAM_DETAILS="Program Details"
50
#SECTION_SCHEDULED_TASKS="Scheduled tasks"
51
#SECTION_SECURITY_FRAMEWORKS="Security frameworks"
52
#SECTION_SHELLS="Shells"
53
#SECTION_SNMP_SUPPORT="SNMP Support"
54
#SECTION_SOFTWARE="Software"
55
#SECTION_SQUID_SUPPORT="Squid Support"
56
#SECTION_SSH_SUPPORT="SSH Support"
57
#SECTION_STORAGE="Storage"
58
#SECTION_SYSTEM_INTEGRITY="Software: System integrity"
59
#SECTION_SYSTEM_TOOLING="Software: System tooling"
60
#SECTION_SYSTEM_TOOLS="System tools"
61
#SECTION_TIME_AND_SYNCHRONIZATION="Time and Synchronization"
62
#SECTION_USB_DEVICES="USB Devices"
63
#SECTION_USERS_GROUPS_AND_AUTHENTICATION="Users, Groups and Authentication"
64
#SECTION_VIRTUALIZATION="Virtualization"
65
#SECTION_WEBSERVER="Software: webserver"
66
#STATUS_ACTIVE="ACTIVE"
67
#STATUS_CHECK_NEEDED="CHECK NEEDED"
68
#STATUS_DEBUG="DEBUG"
69
#STATUS_DEFAULT="DEFAULT"
70
#STATUS_DIFFERENT="DIFFERENT"
20
STATUS_DISABLED="비활성화됨"
71
STATUS_DISABLED="비활성화됨"
21
STATUS_DONE="완료"
72
STATUS_DONE="완료"
22
STATUS_ENABLED="활성화됨"
73
STATUS_ENABLED="활성화됨"
23
STATUS_ERROR="에러"
74
STATUS_ERROR="에러"
75
#STATUS_EXPOSED="EXPOSED"
76
#STATUS_FAILED="FAILED"
77
#STATUS_FILES_FOUND="FILES FOUND"
24
STATUS_FOUND="발견"
78
STATUS_FOUND="발견"
25
STATUS_YES="예"
79
#STATUS_HARDENED="HARDENED"
80
#STATUS_INSTALLED="INSTALLED"
81
#STATUS_LOCAL_ONLY="LOCAL ONLY"
82
#STATUS_MEDIUM="MEDIUM"
26
STATUS_NO="아니오"
83
STATUS_NO="아니오"
27
STATUS_OFF="끔"
84
#STATUS_NON_DEFAULT="NON DEFAULT"
28
STATUS_OK="OK"
29
STATUS_ON="켬"
30
STATUS_NONE="없음"
85
STATUS_NONE="없음"
86
#STATUS_NOT_CONFIGURED="NOT CONFIGURED"
87
#STATUS_NOT_DISABLED="NOT DISABLED"
88
#STATUS_NOT_ENABLED="NOT ENABLED"
31
STATUS_NOT_FOUND="발견되지않음"
89
STATUS_NOT_FOUND="발견되지않음"
32
STATUS_NOT_RUNNING="동작하지않음"
90
STATUS_NOT_RUNNING="동작하지않음"
91
#STATUS_NO_UPDATE="NO UPDATE"
92
STATUS_OFF="끔"
93
STATUS_OK="OK"
94
STATUS_ON="켬"
95
#STATUS_PARTIALLY_HARDENED="PARTIALLY HARDENED"
96
#STATUS_PROTECTED="PROTECTED"
33
STATUS_RUNNING="동작중"
97
STATUS_RUNNING="동작중"
34
STATUS_SKIPPED="생략"
98
STATUS_SKIPPED="생략"
35
STATUS_SUGGESTION="추천"
99
STATUS_SUGGESTION="추천"
36
STATUS_UNKNOWN="알수없음"
100
STATUS_UNKNOWN="알수없음"
101
#STATUS_UNSAFE="UNSAFE"
102
#STATUS_UPDATE_AVAILABLE="UPDATE AVAILABLE"
37
STATUS_WARNING="경고"
103
STATUS_WARNING="경고"
38
STATUS_WEAK="취약"
104
STATUS_WEAK="취약"
39
TEXT_YOU_CAN_HELP_LOGFILE="로그 파일을 제공하면 도움을 받을 수 있습니다"
105
STATUS_YES="예"
40
TEXT_UPDATE_AVAILABLE="업데이트 가능"
106
TEXT_UPDATE_AVAILABLE="업데이트 가능"
107
TEXT_YOU_CAN_HELP_LOGFILE="로그 파일을 제공하면 도움을 받을 수 있습니다"
(-)lynis-3.0.0/db/languages/nb-NO (-5 / +73 lines)
Lines 14-39 Link Here
14
NOTE_EXCEPTIONS_FOUND_DETAILED="Avvikshendelser eller -informasjon er funnet"
14
NOTE_EXCEPTIONS_FOUND_DETAILED="Avvikshendelser eller -informasjon er funnet"
15
NOTE_PLUGINS_TAKE_TIME="OBS: utvidelser har omfattende tester og kan ta flere minutter å gjennomføre"
15
NOTE_PLUGINS_TAKE_TIME="OBS: utvidelser har omfattende tester og kan ta flere minutter å gjennomføre"
16
NOTE_SKIPPED_TESTS_NON_PRIVILEGED="Tester utelatt pga manglende rettigheter"
16
NOTE_SKIPPED_TESTS_NON_PRIVILEGED="Tester utelatt pga manglende rettigheter"
17
#SECTION_ACCOUNTING="Accounting"
18
#SECTION_BANNERS_AND_IDENTIFICATION="Banners and identification"
19
#SECTION_BASICS="Basics"
20
#SECTION_BOOT_AND_SERVICES="Boot and services"
21
#SECTION_CONTAINERS="Containers"
22
#SECTION_CRYPTOGRAPHY="Cryptography"
17
SECTION_CUSTOM_TESTS="Tilpassede tester"
23
SECTION_CUSTOM_TESTS="Tilpassede tester"
24
#SECTION_DATABASES="Databases"
25
#SECTION_DATA_UPLOAD="Data upload"
26
#SECTION_DOWNLOADS="Downloads"
27
#SECTION_EMAIL_AND_MESSAGING="Software: e-mail and messaging"
28
#SECTION_FILE_INTEGRITY="Software: file integrity"
29
#SECTION_FILE_PERMISSIONS="File Permissions"
30
#SECTION_FILE_SYSTEMS="File systems"
31
#SECTION_FIREWALLS="Software: firewalls"
32
#SECTION_GENERAL="General"
33
#SECTION_HARDENING="Hardening"
34
#SECTION_HOME_DIRECTORIES="Home directories"
35
#SECTION_IMAGE="Image"
36
#SECTION_INITIALIZING_PROGRAM="Initializing program"
37
#SECTION_INSECURE_SERVICES="Insecure services"
38
#SECTION_KERNEL_HARDENING="Kernel Hardening"
39
#SECTION_KERNEL="Kernel"
40
#SECTION_LDAP_SERVICES="LDAP Services"
41
#SECTION_LOGGING_AND_FILES="Logging and files"
18
SECTION_MALWARE="Skadevare"
42
SECTION_MALWARE="Skadevare"
19
SECTION_MEMORY_AND_PROCESSES="Minne og prosesser"
43
SECTION_MEMORY_AND_PROCESSES="Minne og prosesser"
44
#SECTION_NAME_SERVICES="Name services"
45
#SECTION_NETWORKING="Networking"
46
#SECTION_PERMISSIONS="Permissions"
47
#SECTION_PORTS_AND_PACKAGES="Ports and packages"
48
#SECTION_PRINTERS_AND_SPOOLS="Printers and Spools"
49
#SECTION_PROGRAM_DETAILS="Program Details"
50
#SECTION_SCHEDULED_TASKS="Scheduled tasks"
51
#SECTION_SECURITY_FRAMEWORKS="Security frameworks"
52
#SECTION_SHELLS="Shells"
53
#SECTION_SNMP_SUPPORT="SNMP Support"
54
#SECTION_SOFTWARE="Software"
55
#SECTION_SQUID_SUPPORT="Squid Support"
56
#SECTION_SSH_SUPPORT="SSH Support"
57
#SECTION_STORAGE="Storage"
58
#SECTION_SYSTEM_INTEGRITY="Software: System integrity"
59
#SECTION_SYSTEM_TOOLING="Software: System tooling"
60
#SECTION_SYSTEM_TOOLS="System tools"
61
#SECTION_TIME_AND_SYNCHRONIZATION="Time and Synchronization"
62
#SECTION_USB_DEVICES="USB Devices"
63
#SECTION_USERS_GROUPS_AND_AUTHENTICATION="Users, Groups and Authentication"
64
#SECTION_VIRTUALIZATION="Virtualization"
65
#SECTION_WEBSERVER="Software: webserver"
66
#STATUS_ACTIVE="ACTIVE"
67
#STATUS_CHECK_NEEDED="CHECK NEEDED"
68
#STATUS_DEBUG="DEBUG"
69
#STATUS_DEFAULT="DEFAULT"
70
#STATUS_DIFFERENT="DIFFERENT"
20
STATUS_DISABLED="DEAKTIVERT"
71
STATUS_DISABLED="DEAKTIVERT"
21
STATUS_DONE="FERDIG"
72
STATUS_DONE="FERDIG"
22
STATUS_ENABLED="AKTIVERT"
73
STATUS_ENABLED="AKTIVERT"
23
STATUS_ERROR="FEIL"
74
STATUS_ERROR="FEIL"
75
#STATUS_EXPOSED="EXPOSED"
76
#STATUS_FAILED="FAILED"
77
#STATUS_FILES_FOUND="FILES FOUND"
24
STATUS_FOUND="FUNNET"
78
STATUS_FOUND="FUNNET"
25
STATUS_YES="JA"
79
#STATUS_HARDENED="HARDENED"
80
#STATUS_INSTALLED="INSTALLED"
81
#STATUS_LOCAL_ONLY="LOCAL ONLY"
82
#STATUS_MEDIUM="MEDIUM"
83
#STATUS_NON_DEFAULT="NON DEFAULT"
26
STATUS_NO="NEI"
84
STATUS_NO="NEI"
27
STATUS_OFF="AV"
28
STATUS_OK="OK"
29
STATUS_ON="PÅ"
30
STATUS_NONE="INGEN"
85
STATUS_NONE="INGEN"
86
#STATUS_NOT_CONFIGURED="NOT CONFIGURED"
87
#STATUS_NOT_DISABLED="NOT DISABLED"
88
#STATUS_NOT_ENABLED="NOT ENABLED"
31
STATUS_NOT_FOUND="IKKE FUNNET"
89
STATUS_NOT_FOUND="IKKE FUNNET"
32
STATUS_NOT_RUNNING="KJØRER IKKE"
90
STATUS_NOT_RUNNING="KJØRER IKKE"
91
#STATUS_NO_UPDATE="NO UPDATE"
92
STATUS_OFF="AV"
93
STATUS_OK="OK"
94
STATUS_ON="PÅ"
95
#STATUS_PARTIALLY_HARDENED="PARTIALLY HARDENED"
96
#STATUS_PROTECTED="PROTECTED"
33
STATUS_RUNNING="KJØRER"
97
STATUS_RUNNING="KJØRER"
34
STATUS_SKIPPED="UTELATT"
98
STATUS_SKIPPED="UTELATT"
35
STATUS_SUGGESTION="FORSLAG"
99
STATUS_SUGGESTION="FORSLAG"
36
STATUS_UNKNOWN="UKJENT"
100
STATUS_UNKNOWN="UKJENT"
101
#STATUS_UNSAFE="UNSAFE"
102
#STATUS_UPDATE_AVAILABLE="UPDATE AVAILABLE"
37
STATUS_WARNING="ADVARSEL"
103
STATUS_WARNING="ADVARSEL"
38
TEXT_YOU_CAN_HELP_LOGFILE="Du kan bidra ved å laste opp din loggfil"
104
#STATUS_WEAK="WEAK"
105
STATUS_YES="JA"
39
TEXT_UPDATE_AVAILABLE="oppdatering tilgjengelig"
106
TEXT_UPDATE_AVAILABLE="oppdatering tilgjengelig"
107
TEXT_YOU_CAN_HELP_LOGFILE="Du kan bidra ved å laste opp din loggfil"
(-)lynis-3.0.0/db/languages/nl (-5 / +67 lines)
Lines 7-45 Link Here
7
GEN_LATEST_VERSION="Laatste versie"
7
GEN_LATEST_VERSION="Laatste versie"
8
GEN_PHASE="fase"
8
GEN_PHASE="fase"
9
GEN_PLUGINS_ENABLED="Plugins geactiveerd"
9
GEN_PLUGINS_ENABLED="Plugins geactiveerd"
10
GEN_VERBOSE_MODE="Verbose modus"
11
GEN_UPDATE_AVAILABLE="Update beschikbaar"
10
GEN_UPDATE_AVAILABLE="Update beschikbaar"
11
GEN_VERBOSE_MODE="Verbose modus"
12
GEN_WHAT_TO_DO="Wat te doen"
12
GEN_WHAT_TO_DO="Wat te doen"
13
NOTE_EXCEPTIONS_FOUND="Bijzonderheden gevonden"
13
NOTE_EXCEPTIONS_FOUND="Bijzonderheden gevonden"
14
NOTE_EXCEPTIONS_FOUND_DETAILED="Enkele bijzondere gebeurtenissen of informatie gevonden"
14
NOTE_EXCEPTIONS_FOUND_DETAILED="Enkele bijzondere gebeurtenissen of informatie gevonden"
15
NOTE_PLUGINS_TAKE_TIME="Let op: plugins hebben uitgebreidere testen en kunnen daardoor enkele minuten duren"
15
NOTE_PLUGINS_TAKE_TIME="Let op: plugins hebben uitgebreidere testen en kunnen daardoor enkele minuten duren"
16
NOTE_SKIPPED_TESTS_NON_PRIVILEGED="Overgeslagen testen vanwege beperkte rechten"
16
NOTE_SKIPPED_TESTS_NON_PRIVILEGED="Overgeslagen testen vanwege beperkte rechten"
17
#SECTION_ACCOUNTING="Accounting"
18
#SECTION_BANNERS_AND_IDENTIFICATION="Banners and identification"
19
#SECTION_BASICS="Basics"
20
#SECTION_BOOT_AND_SERVICES="Boot and services"
21
#SECTION_CONTAINERS="Containers"
22
#SECTION_CRYPTOGRAPHY="Cryptography"
17
SECTION_CUSTOM_TESTS="Eigen testen"
23
SECTION_CUSTOM_TESTS="Eigen testen"
24
#SECTION_DATABASES="Databases"
18
SECTION_DATA_UPLOAD="Data upload"
25
SECTION_DATA_UPLOAD="Data upload"
26
#SECTION_DOWNLOADS="Downloads"
27
#SECTION_EMAIL_AND_MESSAGING="Software: e-mail and messaging"
28
#SECTION_FILE_INTEGRITY="Software: file integrity"
29
#SECTION_FILE_PERMISSIONS="File Permissions"
30
#SECTION_FILE_SYSTEMS="File systems"
31
#SECTION_FIREWALLS="Software: firewalls"
32
#SECTION_GENERAL="General"
33
#SECTION_HARDENING="Hardening"
34
#SECTION_HOME_DIRECTORIES="Home directories"
35
#SECTION_IMAGE="Image"
19
SECTION_INITIALIZING_PROGRAM="Programma initialiseren"
36
SECTION_INITIALIZING_PROGRAM="Programma initialiseren"
37
#SECTION_INSECURE_SERVICES="Insecure services"
38
#SECTION_KERNEL_HARDENING="Kernel Hardening"
39
#SECTION_KERNEL="Kernel"
40
#SECTION_LDAP_SERVICES="LDAP Services"
41
#SECTION_LOGGING_AND_FILES="Logging and files"
20
SECTION_MALWARE="Kwaadaardige software (malware)"
42
SECTION_MALWARE="Kwaadaardige software (malware)"
21
SECTION_MEMORY_AND_PROCESSES="Geheugen en Processen"
43
SECTION_MEMORY_AND_PROCESSES="Geheugen en Processen"
44
#SECTION_NAME_SERVICES="Name services"
45
#SECTION_NETWORKING="Networking"
46
#SECTION_PERMISSIONS="Permissions"
47
#SECTION_PORTS_AND_PACKAGES="Ports and packages"
48
#SECTION_PRINTERS_AND_SPOOLS="Printers and Spools"
49
#SECTION_PROGRAM_DETAILS="Program Details"
50
#SECTION_SCHEDULED_TASKS="Scheduled tasks"
51
#SECTION_SECURITY_FRAMEWORKS="Security frameworks"
52
#SECTION_SHELLS="Shells"
53
#SECTION_SNMP_SUPPORT="SNMP Support"
54
#SECTION_SOFTWARE="Software"
55
#SECTION_SQUID_SUPPORT="Squid Support"
56
#SECTION_SSH_SUPPORT="SSH Support"
57
#SECTION_STORAGE="Storage"
58
#SECTION_SYSTEM_INTEGRITY="Software: System integrity"
59
#SECTION_SYSTEM_TOOLING="Software: System tooling"
22
SECTION_SYSTEM_TOOLS="Systeem gereedschap"
60
SECTION_SYSTEM_TOOLS="Systeem gereedschap"
61
#SECTION_TIME_AND_SYNCHRONIZATION="Time and Synchronization"
62
#SECTION_USB_DEVICES="USB Devices"
63
#SECTION_USERS_GROUPS_AND_AUTHENTICATION="Users, Groups and Authentication"
64
#SECTION_VIRTUALIZATION="Virtualization"
65
#SECTION_WEBSERVER="Software: webserver"
66
#STATUS_ACTIVE="ACTIVE"
67
#STATUS_CHECK_NEEDED="CHECK NEEDED"
68
#STATUS_DEBUG="DEBUG"
69
#STATUS_DEFAULT="DEFAULT"
70
#STATUS_DIFFERENT="DIFFERENT"
23
STATUS_DISABLED="UITGESCHAKELD"
71
STATUS_DISABLED="UITGESCHAKELD"
24
STATUS_DONE="KLAAR"
72
STATUS_DONE="KLAAR"
25
STATUS_ENABLED="INGESCHAKELD"
73
STATUS_ENABLED="INGESCHAKELD"
26
STATUS_ERROR="FOUT"
74
STATUS_ERROR="FOUT"
75
#STATUS_EXPOSED="EXPOSED"
27
STATUS_FAILED="MISLUKT"
76
STATUS_FAILED="MISLUKT"
77
#STATUS_FILES_FOUND="FILES FOUND"
28
STATUS_FOUND="GEVONDEN"
78
STATUS_FOUND="GEVONDEN"
29
STATUS_OFF="UIT"
79
#STATUS_HARDENED="HARDENED"
30
STATUS_OK="OK"
80
#STATUS_INSTALLED="INSTALLED"
31
STATUS_ON="AAN"
81
#STATUS_LOCAL_ONLY="LOCAL ONLY"
82
#STATUS_MEDIUM="MEDIUM"
83
#STATUS_NON_DEFAULT="NON DEFAULT"
32
STATUS_NO="NEE"
84
STATUS_NO="NEE"
33
STATUS_NONE="GEEN"
85
STATUS_NONE="GEEN"
34
STATUS_NOT_CONFIGURED="NIET GECONFIGUREERD"
86
STATUS_NOT_CONFIGURED="NIET GECONFIGUREERD"
87
#STATUS_NOT_DISABLED="NOT DISABLED"
88
#STATUS_NOT_ENABLED="NOT ENABLED"
35
STATUS_NOT_FOUND="NIET GEVONDEN"
89
STATUS_NOT_FOUND="NIET GEVONDEN"
36
STATUS_NOT_RUNNING="NIET ACTIEF"
90
STATUS_NOT_RUNNING="NIET ACTIEF"
91
#STATUS_NO_UPDATE="NO UPDATE"
92
STATUS_OFF="UIT"
93
STATUS_OK="OK"
94
STATUS_ON="AAN"
95
#STATUS_PARTIALLY_HARDENED="PARTIALLY HARDENED"
96
#STATUS_PROTECTED="PROTECTED"
37
STATUS_RUNNING="ACTIEF"
97
STATUS_RUNNING="ACTIEF"
38
STATUS_SKIPPED="OVERGESLAGEN"
98
STATUS_SKIPPED="OVERGESLAGEN"
39
STATUS_SUGGESTION="SUGGESTIE"
99
STATUS_SUGGESTION="SUGGESTIE"
40
STATUS_UNKNOWN="ONBEKEND"
100
STATUS_UNKNOWN="ONBEKEND"
101
#STATUS_UNSAFE="UNSAFE"
102
#STATUS_UPDATE_AVAILABLE="UPDATE AVAILABLE"
41
STATUS_WARNING="WAARSCHUWING"
103
STATUS_WARNING="WAARSCHUWING"
42
STATUS_WEAK="ZWAK"
104
STATUS_WEAK="ZWAK"
43
STATUS_YES="JA"
105
STATUS_YES="JA"
44
TEXT_YOU_CAN_HELP_LOGFILE="Help mee door je logbestand te delen"
45
TEXT_UPDATE_AVAILABLE="update beschikbaar"
106
TEXT_UPDATE_AVAILABLE="update beschikbaar"
107
TEXT_YOU_CAN_HELP_LOGFILE="Help mee door je logbestand te delen"
(-)lynis-3.0.0/db/languages/nl-BE (-5 / +67 lines)
Lines 7-45 Link Here
7
GEN_LATEST_VERSION="Laatste versie"
7
GEN_LATEST_VERSION="Laatste versie"
8
GEN_PHASE="fase"
8
GEN_PHASE="fase"
9
GEN_PLUGINS_ENABLED="Plugins geactiveerd"
9
GEN_PLUGINS_ENABLED="Plugins geactiveerd"
10
GEN_VERBOSE_MODE="Verbose modus"
11
GEN_UPDATE_AVAILABLE="Update beschikbaar"
10
GEN_UPDATE_AVAILABLE="Update beschikbaar"
11
GEN_VERBOSE_MODE="Verbose modus"
12
GEN_WHAT_TO_DO="Wat te doen"
12
GEN_WHAT_TO_DO="Wat te doen"
13
NOTE_EXCEPTIONS_FOUND="Bijzonderheden gevonden"
13
NOTE_EXCEPTIONS_FOUND="Bijzonderheden gevonden"
14
NOTE_EXCEPTIONS_FOUND_DETAILED="Enkele bijzondere gebeurtenissen of informatie gevonden"
14
NOTE_EXCEPTIONS_FOUND_DETAILED="Enkele bijzondere gebeurtenissen of informatie gevonden"
15
NOTE_PLUGINS_TAKE_TIME="Let op: plugins hebben uitgebreidere testen en kunnen daardoor enkele minuten duren"
15
NOTE_PLUGINS_TAKE_TIME="Let op: plugins hebben uitgebreidere testen en kunnen daardoor enkele minuten duren"
16
NOTE_SKIPPED_TESTS_NON_PRIVILEGED="Overgeslagen testen vanwege beperkte rechten"
16
NOTE_SKIPPED_TESTS_NON_PRIVILEGED="Overgeslagen testen vanwege beperkte rechten"
17
#SECTION_ACCOUNTING="Accounting"
18
#SECTION_BANNERS_AND_IDENTIFICATION="Banners and identification"
19
#SECTION_BASICS="Basics"
20
#SECTION_BOOT_AND_SERVICES="Boot and services"
21
#SECTION_CONTAINERS="Containers"
22
#SECTION_CRYPTOGRAPHY="Cryptography"
17
SECTION_CUSTOM_TESTS="Eigen testen"
23
SECTION_CUSTOM_TESTS="Eigen testen"
24
#SECTION_DATABASES="Databases"
18
SECTION_DATA_UPLOAD="Data upload"
25
SECTION_DATA_UPLOAD="Data upload"
26
#SECTION_DOWNLOADS="Downloads"
27
#SECTION_EMAIL_AND_MESSAGING="Software: e-mail and messaging"
28
#SECTION_FILE_INTEGRITY="Software: file integrity"
29
#SECTION_FILE_PERMISSIONS="File Permissions"
30
#SECTION_FILE_SYSTEMS="File systems"
31
#SECTION_FIREWALLS="Software: firewalls"
32
#SECTION_GENERAL="General"
33
#SECTION_HARDENING="Hardening"
34
#SECTION_HOME_DIRECTORIES="Home directories"
35
#SECTION_IMAGE="Image"
19
SECTION_INITIALIZING_PROGRAM="Programma initialiseren"
36
SECTION_INITIALIZING_PROGRAM="Programma initialiseren"
37
#SECTION_INSECURE_SERVICES="Insecure services"
38
#SECTION_KERNEL_HARDENING="Kernel Hardening"
39
#SECTION_KERNEL="Kernel"
40
#SECTION_LDAP_SERVICES="LDAP Services"
41
#SECTION_LOGGING_AND_FILES="Logging and files"
20
SECTION_MALWARE="Kwaadaardige software (malware)"
42
SECTION_MALWARE="Kwaadaardige software (malware)"
21
SECTION_MEMORY_AND_PROCESSES="Geheugen en Processen"
43
SECTION_MEMORY_AND_PROCESSES="Geheugen en Processen"
44
#SECTION_NAME_SERVICES="Name services"
45
#SECTION_NETWORKING="Networking"
46
#SECTION_PERMISSIONS="Permissions"
47
#SECTION_PORTS_AND_PACKAGES="Ports and packages"
48
#SECTION_PRINTERS_AND_SPOOLS="Printers and Spools"
49
#SECTION_PROGRAM_DETAILS="Program Details"
50
#SECTION_SCHEDULED_TASKS="Scheduled tasks"
51
#SECTION_SECURITY_FRAMEWORKS="Security frameworks"
52
#SECTION_SHELLS="Shells"
53
#SECTION_SNMP_SUPPORT="SNMP Support"
54
#SECTION_SOFTWARE="Software"
55
#SECTION_SQUID_SUPPORT="Squid Support"
56
#SECTION_SSH_SUPPORT="SSH Support"
57
#SECTION_STORAGE="Storage"
58
#SECTION_SYSTEM_INTEGRITY="Software: System integrity"
59
#SECTION_SYSTEM_TOOLING="Software: System tooling"
22
SECTION_SYSTEM_TOOLS="Systeem gereedschap"
60
SECTION_SYSTEM_TOOLS="Systeem gereedschap"
61
#SECTION_TIME_AND_SYNCHRONIZATION="Time and Synchronization"
62
#SECTION_USB_DEVICES="USB Devices"
63
#SECTION_USERS_GROUPS_AND_AUTHENTICATION="Users, Groups and Authentication"
64
#SECTION_VIRTUALIZATION="Virtualization"
65
#SECTION_WEBSERVER="Software: webserver"
66
#STATUS_ACTIVE="ACTIVE"
67
#STATUS_CHECK_NEEDED="CHECK NEEDED"
68
#STATUS_DEBUG="DEBUG"
69
#STATUS_DEFAULT="DEFAULT"
70
#STATUS_DIFFERENT="DIFFERENT"
23
STATUS_DISABLED="UITGESCHAKELD"
71
STATUS_DISABLED="UITGESCHAKELD"
24
STATUS_DONE="KLAAR"
72
STATUS_DONE="KLAAR"
25
STATUS_ENABLED="INGESCHAKELD"
73
STATUS_ENABLED="INGESCHAKELD"
26
STATUS_ERROR="FOUT"
74
STATUS_ERROR="FOUT"
75
#STATUS_EXPOSED="EXPOSED"
27
STATUS_FAILED="MISLUKT"
76
STATUS_FAILED="MISLUKT"
77
#STATUS_FILES_FOUND="FILES FOUND"
28
STATUS_FOUND="GEVONDEN"
78
STATUS_FOUND="GEVONDEN"
29
STATUS_OFF="UIT"
79
#STATUS_HARDENED="HARDENED"
30
STATUS_OK="OK"
80
#STATUS_INSTALLED="INSTALLED"
31
STATUS_ON="AAN"
81
#STATUS_LOCAL_ONLY="LOCAL ONLY"
82
#STATUS_MEDIUM="MEDIUM"
83
#STATUS_NON_DEFAULT="NON DEFAULT"
32
STATUS_NO="NEE"
84
STATUS_NO="NEE"
33
STATUS_NONE="GEEN"
85
STATUS_NONE="GEEN"
34
STATUS_NOT_CONFIGURED="NIET GECONFIGUREERD"
86
STATUS_NOT_CONFIGURED="NIET GECONFIGUREERD"
87
#STATUS_NOT_DISABLED="NOT DISABLED"
88
#STATUS_NOT_ENABLED="NOT ENABLED"
35
STATUS_NOT_FOUND="NIET GEVONDEN"
89
STATUS_NOT_FOUND="NIET GEVONDEN"
36
STATUS_NOT_RUNNING="NIET ACTIEF"
90
STATUS_NOT_RUNNING="NIET ACTIEF"
91
#STATUS_NO_UPDATE="NO UPDATE"
92
STATUS_OFF="UIT"
93
STATUS_OK="OK"
94
STATUS_ON="AAN"
95
#STATUS_PARTIALLY_HARDENED="PARTIALLY HARDENED"
96
#STATUS_PROTECTED="PROTECTED"
37
STATUS_RUNNING="ACTIEF"
97
STATUS_RUNNING="ACTIEF"
38
STATUS_SKIPPED="OVERGESLAGEN"
98
STATUS_SKIPPED="OVERGESLAGEN"
39
STATUS_SUGGESTION="SUGGESTIE"
99
STATUS_SUGGESTION="SUGGESTIE"
40
STATUS_UNKNOWN="ONBEKEND"
100
STATUS_UNKNOWN="ONBEKEND"
101
#STATUS_UNSAFE="UNSAFE"
102
#STATUS_UPDATE_AVAILABLE="UPDATE AVAILABLE"
41
STATUS_WARNING="WAARSCHUWING"
103
STATUS_WARNING="WAARSCHUWING"
42
STATUS_WEAK="ZWAK"
104
STATUS_WEAK="ZWAK"
43
STATUS_YES="JA"
105
STATUS_YES="JA"
44
TEXT_YOU_CAN_HELP_LOGFILE="Help mee door je logbestand te delen"
45
TEXT_UPDATE_AVAILABLE="update beschikbaar"
106
TEXT_UPDATE_AVAILABLE="update beschikbaar"
107
TEXT_YOU_CAN_HELP_LOGFILE="Help mee door je logbestand te delen"
(-)lynis-3.0.0/db/languages/nl-NL (-5 / +67 lines)
Lines 7-45 Link Here
7
GEN_LATEST_VERSION="Laatste versie"
7
GEN_LATEST_VERSION="Laatste versie"
8
GEN_PHASE="fase"
8
GEN_PHASE="fase"
9
GEN_PLUGINS_ENABLED="Plugins geactiveerd"
9
GEN_PLUGINS_ENABLED="Plugins geactiveerd"
10
GEN_VERBOSE_MODE="Verbose modus"
11
GEN_UPDATE_AVAILABLE="Update beschikbaar"
10
GEN_UPDATE_AVAILABLE="Update beschikbaar"
11
GEN_VERBOSE_MODE="Verbose modus"
12
GEN_WHAT_TO_DO="Wat te doen"
12
GEN_WHAT_TO_DO="Wat te doen"
13
NOTE_EXCEPTIONS_FOUND="Bijzonderheden gevonden"
13
NOTE_EXCEPTIONS_FOUND="Bijzonderheden gevonden"
14
NOTE_EXCEPTIONS_FOUND_DETAILED="Enkele bijzondere gebeurtenissen of informatie gevonden"
14
NOTE_EXCEPTIONS_FOUND_DETAILED="Enkele bijzondere gebeurtenissen of informatie gevonden"
15
NOTE_PLUGINS_TAKE_TIME="Let op: plugins hebben uitgebreidere testen en kunnen daardoor enkele minuten duren"
15
NOTE_PLUGINS_TAKE_TIME="Let op: plugins hebben uitgebreidere testen en kunnen daardoor enkele minuten duren"
16
NOTE_SKIPPED_TESTS_NON_PRIVILEGED="Overgeslagen testen vanwege beperkte rechten"
16
NOTE_SKIPPED_TESTS_NON_PRIVILEGED="Overgeslagen testen vanwege beperkte rechten"
17
#SECTION_ACCOUNTING="Accounting"
18
#SECTION_BANNERS_AND_IDENTIFICATION="Banners and identification"
19
#SECTION_BASICS="Basics"
20
#SECTION_BOOT_AND_SERVICES="Boot and services"
21
#SECTION_CONTAINERS="Containers"
22
#SECTION_CRYPTOGRAPHY="Cryptography"
17
SECTION_CUSTOM_TESTS="Eigen testen"
23
SECTION_CUSTOM_TESTS="Eigen testen"
24
#SECTION_DATABASES="Databases"
18
SECTION_DATA_UPLOAD="Data upload"
25
SECTION_DATA_UPLOAD="Data upload"
26
#SECTION_DOWNLOADS="Downloads"
27
#SECTION_EMAIL_AND_MESSAGING="Software: e-mail and messaging"
28
#SECTION_FILE_INTEGRITY="Software: file integrity"
29
#SECTION_FILE_PERMISSIONS="File Permissions"
30
#SECTION_FILE_SYSTEMS="File systems"
31
#SECTION_FIREWALLS="Software: firewalls"
32
#SECTION_GENERAL="General"
33
#SECTION_HARDENING="Hardening"
34
#SECTION_HOME_DIRECTORIES="Home directories"
35
#SECTION_IMAGE="Image"
19
SECTION_INITIALIZING_PROGRAM="Programma initialiseren"
36
SECTION_INITIALIZING_PROGRAM="Programma initialiseren"
37
#SECTION_INSECURE_SERVICES="Insecure services"
38
#SECTION_KERNEL_HARDENING="Kernel Hardening"
39
#SECTION_KERNEL="Kernel"
40
#SECTION_LDAP_SERVICES="LDAP Services"
41
#SECTION_LOGGING_AND_FILES="Logging and files"
20
SECTION_MALWARE="Kwaadaardige software (malware)"
42
SECTION_MALWARE="Kwaadaardige software (malware)"
21
SECTION_MEMORY_AND_PROCESSES="Geheugen en Processen"
43
SECTION_MEMORY_AND_PROCESSES="Geheugen en Processen"
44
#SECTION_NAME_SERVICES="Name services"
45
#SECTION_NETWORKING="Networking"
46
#SECTION_PERMISSIONS="Permissions"
47
#SECTION_PORTS_AND_PACKAGES="Ports and packages"
48
#SECTION_PRINTERS_AND_SPOOLS="Printers and Spools"
49
#SECTION_PROGRAM_DETAILS="Program Details"
50
#SECTION_SCHEDULED_TASKS="Scheduled tasks"
51
#SECTION_SECURITY_FRAMEWORKS="Security frameworks"
52
#SECTION_SHELLS="Shells"
53
#SECTION_SNMP_SUPPORT="SNMP Support"
54
#SECTION_SOFTWARE="Software"
55
#SECTION_SQUID_SUPPORT="Squid Support"
56
#SECTION_SSH_SUPPORT="SSH Support"
57
#SECTION_STORAGE="Storage"
58
#SECTION_SYSTEM_INTEGRITY="Software: System integrity"
59
#SECTION_SYSTEM_TOOLING="Software: System tooling"
22
SECTION_SYSTEM_TOOLS="Systeem gereedschap"
60
SECTION_SYSTEM_TOOLS="Systeem gereedschap"
61
#SECTION_TIME_AND_SYNCHRONIZATION="Time and Synchronization"
62
#SECTION_USB_DEVICES="USB Devices"
63
#SECTION_USERS_GROUPS_AND_AUTHENTICATION="Users, Groups and Authentication"
64
#SECTION_VIRTUALIZATION="Virtualization"
65
#SECTION_WEBSERVER="Software: webserver"
66
#STATUS_ACTIVE="ACTIVE"
67
#STATUS_CHECK_NEEDED="CHECK NEEDED"
68
#STATUS_DEBUG="DEBUG"
69
#STATUS_DEFAULT="DEFAULT"
70
#STATUS_DIFFERENT="DIFFERENT"
23
STATUS_DISABLED="UITGESCHAKELD"
71
STATUS_DISABLED="UITGESCHAKELD"
24
STATUS_DONE="KLAAR"
72
STATUS_DONE="KLAAR"
25
STATUS_ENABLED="INGESCHAKELD"
73
STATUS_ENABLED="INGESCHAKELD"
26
STATUS_ERROR="FOUT"
74
STATUS_ERROR="FOUT"
75
#STATUS_EXPOSED="EXPOSED"
27
STATUS_FAILED="MISLUKT"
76
STATUS_FAILED="MISLUKT"
77
#STATUS_FILES_FOUND="FILES FOUND"
28
STATUS_FOUND="GEVONDEN"
78
STATUS_FOUND="GEVONDEN"
29
STATUS_OFF="UIT"
79
#STATUS_HARDENED="HARDENED"
30
STATUS_OK="OK"
80
#STATUS_INSTALLED="INSTALLED"
31
STATUS_ON="AAN"
81
#STATUS_LOCAL_ONLY="LOCAL ONLY"
82
#STATUS_MEDIUM="MEDIUM"
83
#STATUS_NON_DEFAULT="NON DEFAULT"
32
STATUS_NO="NEE"
84
STATUS_NO="NEE"
33
STATUS_NONE="GEEN"
85
STATUS_NONE="GEEN"
34
STATUS_NOT_CONFIGURED="NIET GECONFIGUREERD"
86
STATUS_NOT_CONFIGURED="NIET GECONFIGUREERD"
87
#STATUS_NOT_DISABLED="NOT DISABLED"
88
#STATUS_NOT_ENABLED="NOT ENABLED"
35
STATUS_NOT_FOUND="NIET GEVONDEN"
89
STATUS_NOT_FOUND="NIET GEVONDEN"
36
STATUS_NOT_RUNNING="NIET ACTIEF"
90
STATUS_NOT_RUNNING="NIET ACTIEF"
91
#STATUS_NO_UPDATE="NO UPDATE"
92
STATUS_OFF="UIT"
93
STATUS_OK="OK"
94
STATUS_ON="AAN"
95
#STATUS_PARTIALLY_HARDENED="PARTIALLY HARDENED"
96
#STATUS_PROTECTED="PROTECTED"
37
STATUS_RUNNING="ACTIEF"
97
STATUS_RUNNING="ACTIEF"
38
STATUS_SKIPPED="OVERGESLAGEN"
98
STATUS_SKIPPED="OVERGESLAGEN"
39
STATUS_SUGGESTION="SUGGESTIE"
99
STATUS_SUGGESTION="SUGGESTIE"
40
STATUS_UNKNOWN="ONBEKEND"
100
STATUS_UNKNOWN="ONBEKEND"
101
#STATUS_UNSAFE="UNSAFE"
102
#STATUS_UPDATE_AVAILABLE="UPDATE AVAILABLE"
41
STATUS_WARNING="WAARSCHUWING"
103
STATUS_WARNING="WAARSCHUWING"
42
STATUS_WEAK="ZWAK"
104
STATUS_WEAK="ZWAK"
43
STATUS_YES="JA"
105
STATUS_YES="JA"
44
TEXT_YOU_CAN_HELP_LOGFILE="Help mee door je logbestand te delen"
45
TEXT_UPDATE_AVAILABLE="update beschikbaar"
106
TEXT_UPDATE_AVAILABLE="update beschikbaar"
107
TEXT_YOU_CAN_HELP_LOGFILE="Help mee door je logbestand te delen"
(-)lynis-3.0.0/db/languages/pl (-7 / +76 lines)
Lines 4-38 Link Here
4
#GEN_CURRENT_VERSION="Current version"
4
#GEN_CURRENT_VERSION="Current version"
5
#GEN_DEBUG_MODE="Debug mode"
5
#GEN_DEBUG_MODE="Debug mode"
6
#GEN_INITIALIZE_PROGRAM="Initializing program"
6
#GEN_INITIALIZE_PROGRAM="Initializing program"
7
#GEN_LATEST_VERSION="Latest version"
7
#GEN_PHASE="phase"
8
#GEN_PHASE="phase"
8
#GEN_PLUGINS_ENABLED="Plugins enabled"
9
#GEN_PLUGINS_ENABLED="Plugins enabled"
9
#GEN_VERBOSE_MODE="Verbose mode"
10
#GEN_UPDATE_AVAILABLE="update available"
10
#GEN_UPDATE_AVAILABLE="update available"
11
#GEN_VERBOSE_MODE="Verbose mode"
11
#GEN_WHAT_TO_DO="What to do"
12
#GEN_WHAT_TO_DO="What to do"
12
#NOTE_EXCEPTIONS_FOUND="Exceptions found"
13
#NOTE_EXCEPTIONS_FOUND_DETAILED="Some exceptional events or information was found"
13
#NOTE_EXCEPTIONS_FOUND_DETAILED="Some exceptional events or information was found"
14
#NOTE_EXCEPTIONS_FOUND="Exceptions found"
14
#NOTE_PLUGINS_TAKE_TIME="Note: plugins have more extensive tests and may take several minutes to complete"
15
#NOTE_PLUGINS_TAKE_TIME="Note: plugins have more extensive tests and may take several minutes to complete"
15
#NOTE_SKIPPED_TESTS_NON_PRIVILEGED="Skipped tests due to non-privileged mode"
16
#NOTE_SKIPPED_TESTS_NON_PRIVILEGED="Skipped tests due to non-privileged mode"
17
#SECTION_ACCOUNTING="Accounting"
18
#SECTION_BANNERS_AND_IDENTIFICATION="Banners and identification"
19
#SECTION_BASICS="Basics"
20
#SECTION_BOOT_AND_SERVICES="Boot and services"
21
#SECTION_CONTAINERS="Containers"
22
#SECTION_CRYPTOGRAPHY="Cryptography"
16
#SECTION_CUSTOM_TESTS="Custom Tests"
23
#SECTION_CUSTOM_TESTS="Custom Tests"
24
#SECTION_DATABASES="Databases"
25
#SECTION_DATA_UPLOAD="Data upload"
26
#SECTION_DOWNLOADS="Downloads"
27
#SECTION_EMAIL_AND_MESSAGING="Software: e-mail and messaging"
28
#SECTION_FILE_INTEGRITY="Software: file integrity"
29
#SECTION_FILE_PERMISSIONS="File Permissions"
30
#SECTION_FILE_SYSTEMS="File systems"
31
#SECTION_FIREWALLS="Software: firewalls"
32
#SECTION_GENERAL="General"
33
#SECTION_HARDENING="Hardening"
34
#SECTION_HOME_DIRECTORIES="Home directories"
35
#SECTION_IMAGE="Image"
36
#SECTION_INITIALIZING_PROGRAM="Initializing program"
37
#SECTION_INSECURE_SERVICES="Insecure services"
38
#SECTION_KERNEL_HARDENING="Kernel Hardening"
39
#SECTION_KERNEL="Kernel"
40
#SECTION_LDAP_SERVICES="LDAP Services"
41
#SECTION_LOGGING_AND_FILES="Logging and files"
17
#SECTION_MALWARE="Malware"
42
#SECTION_MALWARE="Malware"
18
#SECTION_MEMORY_AND_PROCESSES="Memory and Processes"
43
#SECTION_MEMORY_AND_PROCESSES="Memory and Processes"
44
#SECTION_NAME_SERVICES="Name services"
45
#SECTION_NETWORKING="Networking"
46
#SECTION_PERMISSIONS="Permissions"
47
#SECTION_PORTS_AND_PACKAGES="Ports and packages"
48
#SECTION_PRINTERS_AND_SPOOLS="Printers and Spools"
49
#SECTION_PROGRAM_DETAILS="Program Details"
50
#SECTION_SCHEDULED_TASKS="Scheduled tasks"
51
#SECTION_SECURITY_FRAMEWORKS="Security frameworks"
52
#SECTION_SHELLS="Shells"
53
#SECTION_SNMP_SUPPORT="SNMP Support"
54
#SECTION_SOFTWARE="Software"
55
#SECTION_SQUID_SUPPORT="Squid Support"
56
#SECTION_SSH_SUPPORT="SSH Support"
57
#SECTION_STORAGE="Storage"
58
#SECTION_SYSTEM_INTEGRITY="Software: System integrity"
59
#SECTION_SYSTEM_TOOLING="Software: System tooling"
60
#SECTION_SYSTEM_TOOLS="System tools"
61
#SECTION_TIME_AND_SYNCHRONIZATION="Time and Synchronization"
62
#SECTION_USB_DEVICES="USB Devices"
63
#SECTION_USERS_GROUPS_AND_AUTHENTICATION="Users, Groups and Authentication"
64
#SECTION_VIRTUALIZATION="Virtualization"
65
#SECTION_WEBSERVER="Software: webserver"
66
#STATUS_ACTIVE="ACTIVE"
67
#STATUS_CHECK_NEEDED="CHECK NEEDED"
68
#STATUS_DEBUG="DEBUG"
69
#STATUS_DEFAULT="DEFAULT"
70
#STATUS_DIFFERENT="DIFFERENT"
19
#STATUS_DISABLED="DISABLED"
71
#STATUS_DISABLED="DISABLED"
20
#STATUS_DONE="DONE"
72
#STATUS_DONE="DONE"
21
#STATUS_ENABLED="ENABLED"
73
#STATUS_ENABLED="ENABLED"
22
#STATUS_ERROR="ERROR"
74
#STATUS_ERROR="ERROR"
75
#STATUS_EXPOSED="EXPOSED"
76
#STATUS_FAILED="FAILED"
77
#STATUS_FILES_FOUND="FILES FOUND"
23
#STATUS_FOUND="FOUND"
78
#STATUS_FOUND="FOUND"
24
#STATUS_YES="YES"
79
#STATUS_HARDENED="HARDENED"
80
#STATUS_INSTALLED="INSTALLED"
81
#STATUS_LOCAL_ONLY="LOCAL ONLY"
82
#STATUS_MEDIUM="MEDIUM"
83
#STATUS_NON_DEFAULT="NON DEFAULT"
84
#STATUS_NONE="NONE"
25
#STATUS_NO="NO"
85
#STATUS_NO="NO"
86
#STATUS_NOT_CONFIGURED="NOT CONFIGURED"
87
#STATUS_NOT_DISABLED="NOT DISABLED"
88
#STATUS_NOT_ENABLED="NOT ENABLED"
89
#STATUS_NOT_FOUND="NOT FOUND"
90
#STATUS_NOT_RUNNING="NOT RUNNING"
91
#STATUS_NO_UPDATE="NO UPDATE"
26
#STATUS_OFF="OFF"
92
#STATUS_OFF="OFF"
27
#STATUS_OK="OK"
93
#STATUS_OK="OK"
28
#STATUS_ON="ON"
94
#STATUS_ON="ON"
29
#STATUS_NONE="NONE"
95
#STATUS_PARTIALLY_HARDENED="PARTIALLY HARDENED"
30
#STATUS_NOT_FOUND="NOT FOUND"
96
#STATUS_PROTECTED="PROTECTED"
31
#STATUS_NOT_RUNNING="NOT RUNNING"
32
#STATUS_RUNNING="RUNNING"
97
#STATUS_RUNNING="RUNNING"
33
#STATUS_SKIPPED="SKIPPED"
98
#STATUS_SKIPPED="SKIPPED"
34
#STATUS_SUGGESTION="SUGGESTION"
99
#STATUS_SUGGESTION="SUGGESTION"
35
#STATUS_UNKNOWN="UNKNOWN"
100
#STATUS_UNKNOWN="UNKNOWN"
101
#STATUS_UNSAFE="UNSAFE"
102
#STATUS_UPDATE_AVAILABLE="UPDATE AVAILABLE"
36
#STATUS_WARNING="WARNING"
103
#STATUS_WARNING="WARNING"
37
#TEXT_YOU_CAN_HELP_LOGFILE="You can help by providing your log file"
104
#STATUS_WEAK="WEAK"
105
#STATUS_YES="YES"
38
#TEXT_UPDATE_AVAILABLE="update available"
106
#TEXT_UPDATE_AVAILABLE="update available"
107
#TEXT_YOU_CAN_HELP_LOGFILE="You can help by providing your log file"
(-)lynis-3.0.0/db/languages/pt (-6 / +74 lines)
Lines 10-39 Link Here
10
GEN_UPDATE_AVAILABLE="Atualização disponível"
10
GEN_UPDATE_AVAILABLE="Atualização disponível"
11
GEN_VERBOSE_MODE="Modo verbose"
11
GEN_VERBOSE_MODE="Modo verbose"
12
GEN_WHAT_TO_DO="O que fazer"
12
GEN_WHAT_TO_DO="O que fazer"
13
NOTE_EXCEPTIONS_FOUND="Exceptions encontradas"
14
NOTE_EXCEPTIONS_FOUND_DETAILED="Alguns eventos ou informações excepcionais foram encontrados"
13
NOTE_EXCEPTIONS_FOUND_DETAILED="Alguns eventos ou informações excepcionais foram encontrados"
14
NOTE_EXCEPTIONS_FOUND="Exceptions encontradas"
15
NOTE_PLUGINS_TAKE_TIME="Nota: plugins requerem testes mais extensivos e podem levar vários minutos para completar"
15
NOTE_PLUGINS_TAKE_TIME="Nota: plugins requerem testes mais extensivos e podem levar vários minutos para completar"
16
NOTE_SKIPPED_TESTS_NON_PRIVILEGED="Testes ignorados devido ao modo sem privilégios"
16
NOTE_SKIPPED_TESTS_NON_PRIVILEGED="Testes ignorados devido ao modo sem privilégios"
17
#SECTION_ACCOUNTING="Accounting"
18
#SECTION_BANNERS_AND_IDENTIFICATION="Banners and identification"
19
#SECTION_BASICS="Basics"
20
#SECTION_BOOT_AND_SERVICES="Boot and services"
21
#SECTION_CONTAINERS="Containers"
22
#SECTION_CRYPTOGRAPHY="Cryptography"
17
SECTION_CUSTOM_TESTS="Testes personalizados"
23
SECTION_CUSTOM_TESTS="Testes personalizados"
24
#SECTION_DATABASES="Databases"
25
#SECTION_DATA_UPLOAD="Data upload"
26
#SECTION_DOWNLOADS="Downloads"
27
#SECTION_EMAIL_AND_MESSAGING="Software: e-mail and messaging"
28
#SECTION_FILE_INTEGRITY="Software: file integrity"
29
#SECTION_FILE_PERMISSIONS="File Permissions"
30
#SECTION_FILE_SYSTEMS="File systems"
31
#SECTION_FIREWALLS="Software: firewalls"
32
#SECTION_GENERAL="General"
33
#SECTION_HARDENING="Hardening"
34
#SECTION_HOME_DIRECTORIES="Home directories"
35
#SECTION_IMAGE="Image"
36
#SECTION_INITIALIZING_PROGRAM="Initializing program"
37
#SECTION_INSECURE_SERVICES="Insecure services"
38
#SECTION_KERNEL_HARDENING="Kernel Hardening"
39
#SECTION_KERNEL="Kernel"
40
#SECTION_LDAP_SERVICES="LDAP Services"
41
#SECTION_LOGGING_AND_FILES="Logging and files"
18
SECTION_MALWARE="Malware"
42
SECTION_MALWARE="Malware"
19
SECTION_MEMORY_AND_PROCESSES="Memória e Processos"
43
SECTION_MEMORY_AND_PROCESSES="Memória e Processos"
44
#SECTION_NAME_SERVICES="Name services"
45
#SECTION_NETWORKING="Networking"
46
#SECTION_PERMISSIONS="Permissions"
47
#SECTION_PORTS_AND_PACKAGES="Ports and packages"
48
#SECTION_PRINTERS_AND_SPOOLS="Printers and Spools"
49
#SECTION_PROGRAM_DETAILS="Program Details"
50
#SECTION_SCHEDULED_TASKS="Scheduled tasks"
51
#SECTION_SECURITY_FRAMEWORKS="Security frameworks"
52
#SECTION_SHELLS="Shells"
53
#SECTION_SNMP_SUPPORT="SNMP Support"
54
#SECTION_SOFTWARE="Software"
55
#SECTION_SQUID_SUPPORT="Squid Support"
56
#SECTION_SSH_SUPPORT="SSH Support"
57
#SECTION_STORAGE="Storage"
58
#SECTION_SYSTEM_INTEGRITY="Software: System integrity"
59
#SECTION_SYSTEM_TOOLING="Software: System tooling"
60
#SECTION_SYSTEM_TOOLS="System tools"
61
#SECTION_TIME_AND_SYNCHRONIZATION="Time and Synchronization"
62
#SECTION_USB_DEVICES="USB Devices"
63
#SECTION_USERS_GROUPS_AND_AUTHENTICATION="Users, Groups and Authentication"
64
#SECTION_VIRTUALIZATION="Virtualization"
65
#SECTION_WEBSERVER="Software: webserver"
66
#STATUS_ACTIVE="ACTIVE"
67
#STATUS_CHECK_NEEDED="CHECK NEEDED"
68
#STATUS_DEBUG="DEBUG"
69
#STATUS_DEFAULT="DEFAULT"
70
#STATUS_DIFFERENT="DIFFERENT"
20
STATUS_DISABLED="DESABILITADO"
71
STATUS_DISABLED="DESABILITADO"
21
STATUS_DONE="FEITO"
72
STATUS_DONE="FEITO"
22
STATUS_ENABLED="HABILITADO"
73
STATUS_ENABLED="HABILITADO"
23
STATUS_ERROR="ERRO"
74
STATUS_ERROR="ERRO"
75
#STATUS_EXPOSED="EXPOSED"
76
#STATUS_FAILED="FAILED"
77
#STATUS_FILES_FOUND="FILES FOUND"
24
STATUS_FOUND="ENCONTRADO"
78
STATUS_FOUND="ENCONTRADO"
25
STATUS_YES="SIM"
79
#STATUS_HARDENED="HARDENED"
80
#STATUS_INSTALLED="INSTALLED"
81
#STATUS_LOCAL_ONLY="LOCAL ONLY"
82
#STATUS_MEDIUM="MEDIUM"
26
STATUS_NO="NÃO"
83
STATUS_NO="NÃO"
27
STATUS_OFF="OFF"
84
#STATUS_NON_DEFAULT="NON DEFAULT"
28
STATUS_OK="OK"
29
STATUS_ON="ON"
30
STATUS_NONE="NENHUM"
85
STATUS_NONE="NENHUM"
86
#STATUS_NOT_CONFIGURED="NOT CONFIGURED"
87
#STATUS_NOT_DISABLED="NOT DISABLED"
88
#STATUS_NOT_ENABLED="NOT ENABLED"
31
STATUS_NOT_FOUND="NÃO ENCONTRADO"
89
STATUS_NOT_FOUND="NÃO ENCONTRADO"
32
STATUS_NOT_RUNNING="PARADO"
90
STATUS_NOT_RUNNING="PARADO"
91
#STATUS_NO_UPDATE="NO UPDATE"
92
STATUS_OFF="OFF"
93
STATUS_OK="OK"
94
STATUS_ON="ON"
95
#STATUS_PARTIALLY_HARDENED="PARTIALLY HARDENED"
96
#STATUS_PROTECTED="PROTECTED"
33
STATUS_RUNNING="EM EXECUÇÃO"
97
STATUS_RUNNING="EM EXECUÇÃO"
34
STATUS_SKIPPED="IGNORADO"
98
STATUS_SKIPPED="IGNORADO"
35
STATUS_SUGGESTION="SUGESTÃO"
99
STATUS_SUGGESTION="SUGESTÃO"
36
STATUS_UNKNOWN="DESCONHECIDO"
100
STATUS_UNKNOWN="DESCONHECIDO"
101
#STATUS_UNSAFE="UNSAFE"
102
#STATUS_UPDATE_AVAILABLE="UPDATE AVAILABLE"
37
STATUS_WARNING="ATENÇÃO"
103
STATUS_WARNING="ATENÇÃO"
38
TEXT_YOU_CAN_HELP_LOGFILE="Você pode ajudar fornecendo seu arquivo de log"
104
#STATUS_WEAK="WEAK"
105
STATUS_YES="SIM"
39
TEXT_UPDATE_AVAILABLE="Atualização disponível"
106
TEXT_UPDATE_AVAILABLE="Atualização disponível"
107
TEXT_YOU_CAN_HELP_LOGFILE="Você pode ajudar fornecendo seu arquivo de log"
(-)lynis-3.0.0/db/languages/ru (-13 / +82 lines)
Lines 1-38 Link Here
1
ERROR_NO_LICENSE="Лицензионный ключ не настроен"
2
ERROR_NO_UPLOAD_SERVER="Загрузочный сервер не настроен"
1
GEN_CHECKING="Проверка"
3
GEN_CHECKING="Проверка"
2
GEN_CURRENT_VERSION="Текущая версия"
4
GEN_CURRENT_VERSION="Текущая версия"
3
GEN_DEBUG_MODE="Режим отладки"
5
GEN_DEBUG_MODE="Режим отладки"
4
GEN_INITIALIZE_PROGRAM="Инициализация программы"
6
GEN_INITIALIZE_PROGRAM="Инициализация программы"
7
GEN_LATEST_VERSION="Последняя версия"
5
GEN_PHASE="Стадия"
8
GEN_PHASE="Стадия"
6
GEN_PLUGINS_ENABLED="Плагины включены"
9
GEN_PLUGINS_ENABLED="Плагины включены"
7
GEN_VERBOSE_MODE="Подробный режим"
8
GEN_UPDATE_AVAILABLE="доступно обновление"
10
GEN_UPDATE_AVAILABLE="доступно обновление"
11
GEN_VERBOSE_MODE="Подробный режим"
9
GEN_WHAT_TO_DO="Что сделать"
12
GEN_WHAT_TO_DO="Что сделать"
10
NOTE_EXCEPTIONS_FOUND="Найдены исключения"
11
NOTE_EXCEPTIONS_FOUND_DETAILED="Были найдены некоторые исключительные события или информация"
13
NOTE_EXCEPTIONS_FOUND_DETAILED="Были найдены некоторые исключительные события или информация"
14
NOTE_EXCEPTIONS_FOUND="Найдены исключения"
12
NOTE_PLUGINS_TAKE_TIME="Примечание: плагины имеют более обширные тесты и могут занять несколько минут до завершения"
15
NOTE_PLUGINS_TAKE_TIME="Примечание: плагины имеют более обширные тесты и могут занять несколько минут до завершения"
16
NOTE_SKIPPED_TESTS_NON_PRIVILEGED="Тесты пропущены из-за использования непривилегированного режима"
17
SECTION_ACCOUNTING="Учёт"
18
SECTION_BANNERS_AND_IDENTIFICATION="Баннеры и идентификаторы"
19
SECTION_BASICS="Основное"
20
SECTION_BOOT_AND_SERVICES="Загрузка и сервисы"
21
SECTION_CONTAINERS="Контейнеры"
22
SECTION_CRYPTOGRAPHY="Криптография"
13
SECTION_CUSTOM_TESTS="Пользовательские тесты"
23
SECTION_CUSTOM_TESTS="Пользовательские тесты"
24
SECTION_DATABASES="Базы данных"
25
SECTION_DATA_UPLOAD="Отправка данных"
26
SECTION_DOWNLOADS="Загрузки"
27
SECTION_EMAIL_AND_MESSAGING="Программное обеспечение: e-mail и отправка сообщений"
28
SECTION_FILE_INTEGRITY="Программное обеспечение: целостность файлов"
29
SECTION_FILE_PERMISSIONS="Права доступа к файлам"
30
SECTION_FILE_SYSTEMS="Файловые системы"
31
SECTION_FIREWALLS="Программное обеспечение: firewall"
32
SECTION_GENERAL="Общее"
33
SECTION_HARDENING="Усиление"
34
SECTION_HOME_DIRECTORIES="Домашние директории"
35
SECTION_IMAGE="Образы"
36
SECTION_INITIALIZING_PROGRAM="Инициализация программы"
37
SECTION_INSECURE_SERVICES="Небезопасные сервисы"
38
SECTION_KERNEL_HARDENING="УСиления ядра"
39
SECTION_KERNEL="Ядро"
40
SECTION_LDAP_SERVICES="Сервисы LDAP"
41
SECTION_LOGGING_AND_FILES="Логирование и файлы"
14
SECTION_MALWARE="Вредоносное ПО"
42
SECTION_MALWARE="Вредоносное ПО"
15
SECTION_MEMORY_AND_PROCESSES="Память и процессы"
43
SECTION_MEMORY_AND_PROCESSES="Память и процессы"
44
SECTION_NAME_SERVICES="Серверы имён"
45
SECTION_NETWORKING="Сети"
46
SECTION_PERMISSIONS="Права доступа"
47
SECTION_PORTS_AND_PACKAGES="Пакеты"
48
SECTION_PRINTERS_AND_SPOOLS="Принтеры и спулеры"
49
SECTION_PROGRAM_DETAILS="Подробности о программе"
50
SECTION_SCHEDULED_TASKS="Запланированные задачи"
51
SECTION_SECURITY_FRAMEWORKS="Фреймворки"
52
SECTION_SHELLS="Командные оболочки"
53
SECTION_SNMP_SUPPORT="Поддержка SNMP"
54
SECTION_SOFTWARE="Программное обеспечение"
55
SECTION_SQUID_SUPPORT="Поддержка Squid"
56
SECTION_SSH_SUPPORT="Поддержка SSH"
57
SECTION_STORAGE="Хранилище"
58
SECTION_SYSTEM_INTEGRITY="Программное обеспечение: целостность системы"
59
SECTION_SYSTEM_TOOLING="SПрограммное обеспечение: системные инструменты"
60
SECTION_SYSTEM_TOOLS="Системные утилиты"
61
SECTION_TIME_AND_SYNCHRONIZATION="Время и его синхронизация"
62
SECTION_USB_DEVICES="USB Устройства"
63
SECTION_USERS_GROUPS_AND_AUTHENTICATION="Пользователи, группы и Аутентификация"
64
SECTION_VIRTUALIZATION="Виртуализация"
65
SECTION_WEBSERVER="Программное обеспечение: веб-серверы"
66
STATUS_ACTIVE="АКТИВЕН"
67
STATUS_CHECK_NEEDED="ТРЕБУЕТСЯ ПРОВЕРКА"
68
STATUS_DEBUG="ОТЛАДКА"
69
STATUS_DEFAULT="ПО УМОЛЧАНИЮ"
70
STATUS_DIFFERENT="ОТЛИЧАЕТСЯ"
71
STATUS_DISABLED="ОТКЛЮЧЕНО"
16
STATUS_DONE="Завершено"
72
STATUS_DONE="Завершено"
73
STATUS_ENABLED="ВКЛЮЧЕНО"
74
STATUS_ERROR="ОШИБКА"
75
STATUS_EXPOSED="УЯЗВИМО"
76
STATUS_FAILED="ПРОВАЛЕНО"
77
STATUS_FILES_FOUND="ФАЙЛЫ НАЙДЕНЫ"
17
STATUS_FOUND="Найдено"
78
STATUS_FOUND="Найдено"
18
STATUS_YES="ДА"
79
STATUS_HARDENED="УСИЛЕНО"
80
STATUS_INSTALLED="УСТАНОВЛЕНО"
81
STATUS_LOCAL_ONLY="ТОЛЬКО ЛОКАЛЬНО"
82
STATUS_MEDIUM="СРЕДНИЙ"
83
STATUS_NON_DEFAULT="НЕ ПО УМОЛЧАНИЮ"
84
STATUS_NONE="Отсутствует"
85
STATUS_NOT_CONFIGURED="НЕ СКОНФИГУРИРОВАНО"
86
STATUS_NOT_DISABLED="НЕ ОТКЛЮЧЕНО"
87
STATUS_NOT_ENABLED="НЕ ВКЛЮЧЕНО"
88
STATUS_NOT_FOUND="НЕ НАЙДЕНО"
89
STATUS_NOT_RUNNING="НЕ ЗАПУЩЕНО"
90
STATUS_NO_UPDATE="ОБНОВЛЕНИЙ НЕТ"
19
STATUS_NO="НЕТ"
91
STATUS_NO="НЕТ"
20
STATUS_OFF="Выключено"
92
STATUS_OFF="Выключено"
21
STATUS_OK="ОК"
93
STATUS_OK="ОК"
22
STATUS_ON="Включено"
94
STATUS_ON="Включено"
23
STATUS_NONE="Отсутствует"
95
STATUS_PARTIALLY_HARDENED="ЧАСТИЧНО УСИЛЕНО"
24
STATUS_NOT_FOUND="НЕ НАЙДЕНО"
96
STATUS_PROTECTED="ЗАЩИЩЕНО"
25
STATUS_NOT_RUNNING="НЕ ЗАПУЩЕНО"
26
STATUS_RUNNING="ЗАПУЩЕНО"
97
STATUS_RUNNING="ЗАПУЩЕНО"
27
STATUS_SKIPPED="ПРОПУЩЕНО"
98
STATUS_SKIPPED="ПРОПУЩЕНО"
28
STATUS_SUGGESTION="ПРЕДЛОЖЕНИЕ"
99
STATUS_SUGGESTION="ПРЕДЛОЖЕНИЕ"
29
STATUS_UNKNOWN="НЕИЗВЕСТНО"
100
STATUS_UNKNOWN="НЕИЗВЕСТНО"
101
STATUS_UNSAFE="НЕБЕЗОПАСНО"
102
STATUS_UPDATE_AVAILABLE="ДОСТУПНЫ ОБНОВЛЕНИЯ"
30
STATUS_WARNING="ПРЕДУПРЕЖДЕНИЕ"
103
STATUS_WARNING="ПРЕДУПРЕЖДЕНИЕ"
31
TEXT_YOU_CAN_HELP_LOGFILE="Вы можете помочь предоставив ваш лог-файл"
104
STATUS_WEAK="СЛАБЫЙ"
105
STATUS_YES="ДА"
32
TEXT_UPDATE_AVAILABLE="доступно обновление"
106
TEXT_UPDATE_AVAILABLE="доступно обновление"
33
NOTE_SKIPPED_TESTS_NON_PRIVILEGED="Тесты пропущены из-за использования непривилегированного режима"
107
TEXT_YOU_CAN_HELP_LOGFILE="Вы можете помочь, предоставив ваш лог-файл"
34
STATUS_DISABLED="ОТКЛЮЧЕНО"
35
STATUS_ENABLED="ВКЛЮЧЕНО"
36
STATUS_ERROR="ОШИБКА"
37
ERROR_NO_LICENSE="Лицензионный ключ не настроен"
38
ERROR_NO_UPLOAD_SERVER="Загрузочный сервер не настроен"
(-)lynis-3.0.0/db/languages/se (-2 / +70 lines)
Lines 10-39 Link Here
10
GEN_UPDATE_AVAILABLE="uppdatering tillgänglig"
10
GEN_UPDATE_AVAILABLE="uppdatering tillgänglig"
11
GEN_VERBOSE_MODE="Detaljerat läge"
11
GEN_VERBOSE_MODE="Detaljerat läge"
12
GEN_WHAT_TO_DO="Åtgärd"
12
GEN_WHAT_TO_DO="Åtgärd"
13
NOTE_EXCEPTIONS_FOUND="Undantag hittade"
14
NOTE_EXCEPTIONS_FOUND_DETAILED="En del ovanliga händelser eller uppgifter konstaterades"
13
NOTE_EXCEPTIONS_FOUND_DETAILED="En del ovanliga händelser eller uppgifter konstaterades"
14
NOTE_EXCEPTIONS_FOUND="Undantag hittade"
15
NOTE_PLUGINS_TAKE_TIME="Obs: plugins har mer omfattande tester och kan ta flera minuter att slutföra"
15
NOTE_PLUGINS_TAKE_TIME="Obs: plugins har mer omfattande tester och kan ta flera minuter att slutföra"
16
NOTE_SKIPPED_TESTS_NON_PRIVILEGED="Undantagna tester på grund av icke-privilegierat läge"
16
NOTE_SKIPPED_TESTS_NON_PRIVILEGED="Undantagna tester på grund av icke-privilegierat läge"
17
#SECTION_ACCOUNTING="Accounting"
18
#SECTION_BANNERS_AND_IDENTIFICATION="Banners and identification"
19
#SECTION_BASICS="Basics"
20
#SECTION_BOOT_AND_SERVICES="Boot and services"
21
#SECTION_CONTAINERS="Containers"
22
#SECTION_CRYPTOGRAPHY="Cryptography"
17
SECTION_CUSTOM_TESTS="Anpassade Tester"
23
SECTION_CUSTOM_TESTS="Anpassade Tester"
24
#SECTION_DATABASES="Databases"
25
#SECTION_DATA_UPLOAD="Data upload"
26
#SECTION_DOWNLOADS="Downloads"
27
#SECTION_EMAIL_AND_MESSAGING="Software: e-mail and messaging"
28
#SECTION_FILE_INTEGRITY="Software: file integrity"
29
#SECTION_FILE_PERMISSIONS="File Permissions"
30
#SECTION_FILE_SYSTEMS="File systems"
31
#SECTION_FIREWALLS="Software: firewalls"
32
#SECTION_GENERAL="General"
33
#SECTION_HARDENING="Hardening"
34
#SECTION_HOME_DIRECTORIES="Home directories"
35
#SECTION_IMAGE="Image"
36
#SECTION_INITIALIZING_PROGRAM="Initializing program"
37
#SECTION_INSECURE_SERVICES="Insecure services"
38
#SECTION_KERNEL_HARDENING="Kernel Hardening"
39
#SECTION_KERNEL="Kernel"
40
#SECTION_LDAP_SERVICES="LDAP Services"
41
#SECTION_LOGGING_AND_FILES="Logging and files"
18
SECTION_MALWARE="Malware"
42
SECTION_MALWARE="Malware"
19
SECTION_MEMORY_AND_PROCESSES="Minne och Processer"
43
SECTION_MEMORY_AND_PROCESSES="Minne och Processer"
44
#SECTION_NAME_SERVICES="Name services"
45
#SECTION_NETWORKING="Networking"
46
#SECTION_PERMISSIONS="Permissions"
47
#SECTION_PORTS_AND_PACKAGES="Ports and packages"
48
#SECTION_PRINTERS_AND_SPOOLS="Printers and Spools"
49
#SECTION_PROGRAM_DETAILS="Program Details"
50
#SECTION_SCHEDULED_TASKS="Scheduled tasks"
51
#SECTION_SECURITY_FRAMEWORKS="Security frameworks"
52
#SECTION_SHELLS="Shells"
53
#SECTION_SNMP_SUPPORT="SNMP Support"
54
#SECTION_SOFTWARE="Software"
55
#SECTION_SQUID_SUPPORT="Squid Support"
56
#SECTION_SSH_SUPPORT="SSH Support"
57
#SECTION_STORAGE="Storage"
58
#SECTION_SYSTEM_INTEGRITY="Software: System integrity"
59
#SECTION_SYSTEM_TOOLING="Software: System tooling"
60
#SECTION_SYSTEM_TOOLS="System tools"
61
#SECTION_TIME_AND_SYNCHRONIZATION="Time and Synchronization"
62
#SECTION_USB_DEVICES="USB Devices"
63
#SECTION_USERS_GROUPS_AND_AUTHENTICATION="Users, Groups and Authentication"
64
#SECTION_VIRTUALIZATION="Virtualization"
65
#SECTION_WEBSERVER="Software: webserver"
66
#STATUS_ACTIVE="ACTIVE"
67
#STATUS_CHECK_NEEDED="CHECK NEEDED"
68
#STATUS_DEBUG="DEBUG"
69
#STATUS_DEFAULT="DEFAULT"
70
#STATUS_DIFFERENT="DIFFERENT"
20
STATUS_DISABLED="AVAKTIVERAD"
71
STATUS_DISABLED="AVAKTIVERAD"
21
STATUS_DONE="KLAR"
72
STATUS_DONE="KLAR"
22
STATUS_ENABLED="AKTIVERAD"
73
STATUS_ENABLED="AKTIVERAD"
23
STATUS_ERROR="FEL"
74
STATUS_ERROR="FEL"
75
#STATUS_EXPOSED="EXPOSED"
76
#STATUS_FAILED="FAILED"
77
#STATUS_FILES_FOUND="FILES FOUND"
24
STATUS_FOUND="HITTAD"
78
STATUS_FOUND="HITTAD"
25
STATUS_NO="NEJ"
79
#STATUS_HARDENED="HARDENED"
80
#STATUS_INSTALLED="INSTALLED"
81
#STATUS_LOCAL_ONLY="LOCAL ONLY"
82
#STATUS_MEDIUM="MEDIUM"
83
#STATUS_NON_DEFAULT="NON DEFAULT"
26
STATUS_NONE="INGEN"
84
STATUS_NONE="INGEN"
85
STATUS_NO="NEJ"
86
#STATUS_NOT_CONFIGURED="NOT CONFIGURED"
87
#STATUS_NOT_DISABLED="NOT DISABLED"
88
#STATUS_NOT_ENABLED="NOT ENABLED"
27
STATUS_NOT_FOUND="EJ HITTAD"
89
STATUS_NOT_FOUND="EJ HITTAD"
28
STATUS_NOT_RUNNING="KÖRS INTE"
90
STATUS_NOT_RUNNING="KÖRS INTE"
91
#STATUS_NO_UPDATE="NO UPDATE"
29
STATUS_OFF="AV"
92
STATUS_OFF="AV"
30
STATUS_OK="OK"
93
STATUS_OK="OK"
31
STATUS_ON="PÅ"
94
STATUS_ON="PÅ"
95
#STATUS_PARTIALLY_HARDENED="PARTIALLY HARDENED"
96
#STATUS_PROTECTED="PROTECTED"
32
STATUS_RUNNING="KÖRS"
97
STATUS_RUNNING="KÖRS"
33
STATUS_SKIPPED="ÖVERHOPPAD"
98
STATUS_SKIPPED="ÖVERHOPPAD"
34
STATUS_SUGGESTION="FÖRSLAG"
99
STATUS_SUGGESTION="FÖRSLAG"
35
STATUS_UNKNOWN="OKÄND"
100
STATUS_UNKNOWN="OKÄND"
101
#STATUS_UNSAFE="UNSAFE"
102
#STATUS_UPDATE_AVAILABLE="UPDATE AVAILABLE"
36
STATUS_WARNING="VARNING"
103
STATUS_WARNING="VARNING"
104
#STATUS_WEAK="WEAK"
37
STATUS_YES="JA"
105
STATUS_YES="JA"
38
TEXT_UPDATE_AVAILABLE="uppdatering tillgänglig"
106
TEXT_UPDATE_AVAILABLE="uppdatering tillgänglig"
39
TEXT_YOU_CAN_HELP_LOGFILE="Du kan hjälpa till genom att bidra med din loggfil"
107
TEXT_YOU_CAN_HELP_LOGFILE="Du kan hjälpa till genom att bidra med din loggfil"
(-)lynis-3.0.0/db/languages/sk (-6 / +74 lines)
Lines 10-39 Link Here
10
GEN_UPDATE_AVAILABLE="aktualizácia k dispozícii"
10
GEN_UPDATE_AVAILABLE="aktualizácia k dispozícii"
11
GEN_VERBOSE_MODE="Detailný mód"
11
GEN_VERBOSE_MODE="Detailný mód"
12
GEN_WHAT_TO_DO="Čo robiť"
12
GEN_WHAT_TO_DO="Čo robiť"
13
NOTE_EXCEPTIONS_FOUND="Našli sa výnimky"
14
NOTE_EXCEPTIONS_FOUND_DETAILED="Vyskytli sa niektoré výnimočné udalosti alebo informácie"
13
NOTE_EXCEPTIONS_FOUND_DETAILED="Vyskytli sa niektoré výnimočné udalosti alebo informácie"
14
NOTE_EXCEPTIONS_FOUND="Našli sa výnimky"
15
NOTE_PLUGINS_TAKE_TIME="Poznámka: Pluginy majú rozsiahlejšie testy a dokončenie môže trvať niekoľko minút"
15
NOTE_PLUGINS_TAKE_TIME="Poznámka: Pluginy majú rozsiahlejšie testy a dokončenie môže trvať niekoľko minút"
16
NOTE_SKIPPED_TESTS_NON_PRIVILEGED="Preskočené testy v dôsledku neprivilegovaného režimu"
16
NOTE_SKIPPED_TESTS_NON_PRIVILEGED="Preskočené testy v dôsledku neprivilegovaného režimu"
17
#SECTION_ACCOUNTING="Accounting"
18
#SECTION_BANNERS_AND_IDENTIFICATION="Banners and identification"
19
#SECTION_BASICS="Basics"
20
#SECTION_BOOT_AND_SERVICES="Boot and services"
21
#SECTION_CONTAINERS="Containers"
22
#SECTION_CRYPTOGRAPHY="Cryptography"
17
SECTION_CUSTOM_TESTS="Vlastné testy"
23
SECTION_CUSTOM_TESTS="Vlastné testy"
24
#SECTION_DATABASES="Databases"
25
#SECTION_DATA_UPLOAD="Data upload"
26
#SECTION_DOWNLOADS="Downloads"
27
#SECTION_EMAIL_AND_MESSAGING="Software: e-mail and messaging"
28
#SECTION_FILE_INTEGRITY="Software: file integrity"
29
#SECTION_FILE_PERMISSIONS="File Permissions"
30
#SECTION_FILE_SYSTEMS="File systems"
31
#SECTION_FIREWALLS="Software: firewalls"
32
#SECTION_GENERAL="General"
33
#SECTION_HARDENING="Hardening"
34
#SECTION_HOME_DIRECTORIES="Home directories"
35
#SECTION_IMAGE="Image"
36
#SECTION_INITIALIZING_PROGRAM="Initializing program"
37
#SECTION_INSECURE_SERVICES="Insecure services"
38
#SECTION_KERNEL_HARDENING="Kernel Hardening"
39
#SECTION_KERNEL="Kernel"
40
#SECTION_LDAP_SERVICES="LDAP Services"
41
#SECTION_LOGGING_AND_FILES="Logging and files"
18
SECTION_MALWARE="Malware"
42
SECTION_MALWARE="Malware"
19
SECTION_MEMORY_AND_PROCESSES="Pamäť a procesy"
43
SECTION_MEMORY_AND_PROCESSES="Pamäť a procesy"
44
#SECTION_NAME_SERVICES="Name services"
45
#SECTION_NETWORKING="Networking"
46
#SECTION_PERMISSIONS="Permissions"
47
#SECTION_PORTS_AND_PACKAGES="Ports and packages"
48
#SECTION_PRINTERS_AND_SPOOLS="Printers and Spools"
49
#SECTION_PROGRAM_DETAILS="Program Details"
50
#SECTION_SCHEDULED_TASKS="Scheduled tasks"
51
#SECTION_SECURITY_FRAMEWORKS="Security frameworks"
52
#SECTION_SHELLS="Shells"
53
#SECTION_SNMP_SUPPORT="SNMP Support"
54
#SECTION_SOFTWARE="Software"
55
#SECTION_SQUID_SUPPORT="Squid Support"
56
#SECTION_SSH_SUPPORT="SSH Support"
57
#SECTION_STORAGE="Storage"
58
#SECTION_SYSTEM_INTEGRITY="Software: System integrity"
59
#SECTION_SYSTEM_TOOLING="Software: System tooling"
60
#SECTION_SYSTEM_TOOLS="System tools"
61
#SECTION_TIME_AND_SYNCHRONIZATION="Time and Synchronization"
62
#SECTION_USB_DEVICES="USB Devices"
63
#SECTION_USERS_GROUPS_AND_AUTHENTICATION="Users, Groups and Authentication"
64
#SECTION_VIRTUALIZATION="Virtualization"
65
#SECTION_WEBSERVER="Software: webserver"
66
#STATUS_ACTIVE="ACTIVE"
67
#STATUS_CHECK_NEEDED="CHECK NEEDED"
68
#STATUS_DEBUG="DEBUG"
69
#STATUS_DEFAULT="DEFAULT"
70
#STATUS_DIFFERENT="DIFFERENT"
20
STATUS_DISABLED="ZABLOKOVANÉ"
71
STATUS_DISABLED="ZABLOKOVANÉ"
21
STATUS_DONE="HOTOVO"
72
STATUS_DONE="HOTOVO"
22
STATUS_ENABLED="POVOLENÉ"
73
STATUS_ENABLED="POVOLENÉ"
23
STATUS_ERROR="CHYBA"
74
STATUS_ERROR="CHYBA"
75
#STATUS_EXPOSED="EXPOSED"
76
#STATUS_FAILED="FAILED"
77
#STATUS_FILES_FOUND="FILES FOUND"
24
STATUS_FOUND="NÁJDENÉ"
78
STATUS_FOUND="NÁJDENÉ"
25
STATUS_YES="ÁNO"
79
#STATUS_HARDENED="HARDENED"
80
#STATUS_INSTALLED="INSTALLED"
81
#STATUS_LOCAL_ONLY="LOCAL ONLY"
82
#STATUS_MEDIUM="MEDIUM"
83
#STATUS_NON_DEFAULT="NON DEFAULT"
84
STATUS_NONE="ŽIADNE"
26
STATUS_NO="NIE"
85
STATUS_NO="NIE"
86
#STATUS_NOT_CONFIGURED="NOT CONFIGURED"
87
#STATUS_NOT_DISABLED="NOT DISABLED"
88
#STATUS_NOT_ENABLED="NOT ENABLED"
89
STATUS_NOT_FOUND="NENÁJDENÉ"
90
STATUS_NOT_RUNNING="NEBEŽÍ"
91
#STATUS_NO_UPDATE="NO UPDATE"
27
STATUS_OFF="VYPNUTÉ"
92
STATUS_OFF="VYPNUTÉ"
28
STATUS_OK="OK"
93
STATUS_OK="OK"
29
STATUS_ON="ZAPNUTÉ"
94
STATUS_ON="ZAPNUTÉ"
30
STATUS_NONE="ŽIADNE"
95
#STATUS_PARTIALLY_HARDENED="PARTIALLY HARDENED"
31
STATUS_NOT_FOUND="NENÁJDENÉ"
96
#STATUS_PROTECTED="PROTECTED"
32
STATUS_NOT_RUNNING="NEBEŽÍ"
33
STATUS_RUNNING="BEŽÍ"
97
STATUS_RUNNING="BEŽÍ"
34
STATUS_SKIPPED="PRESKOČENÉ"
98
STATUS_SKIPPED="PRESKOČENÉ"
35
STATUS_SUGGESTION="NÁVRH"
99
STATUS_SUGGESTION="NÁVRH"
36
STATUS_UNKNOWN="NEZNÁME"
100
STATUS_UNKNOWN="NEZNÁME"
101
#STATUS_UNSAFE="UNSAFE"
102
#STATUS_UPDATE_AVAILABLE="UPDATE AVAILABLE"
37
STATUS_WARNING="VAROVANIE"
103
STATUS_WARNING="VAROVANIE"
38
TEXT_YOU_CAN_HELP_LOGFILE="Môžete pomôcť poskytnutím log súboru"
104
#STATUS_WEAK="WEAK"
105
STATUS_YES="ÁNO"
39
TEXT_UPDATE_AVAILABLE="aktualizácia k dispozícii"
106
TEXT_UPDATE_AVAILABLE="aktualizácia k dispozícii"
107
TEXT_YOU_CAN_HELP_LOGFILE="Môžete pomôcť poskytnutím log súboru"
(-)lynis-3.0.0/db/languages/tr (-6 / +74 lines)
Lines 10-39 Link Here
10
GEN_UPDATE_AVAILABLE="güncelleme mevcut"
10
GEN_UPDATE_AVAILABLE="güncelleme mevcut"
11
GEN_VERBOSE_MODE="Detay modu"
11
GEN_VERBOSE_MODE="Detay modu"
12
GEN_WHAT_TO_DO="Yapılması gerekenler"
12
GEN_WHAT_TO_DO="Yapılması gerekenler"
13
NOTE_EXCEPTIONS_FOUND="İstisnalar bulundu"
14
NOTE_EXCEPTIONS_FOUND_DETAILED="Bazı istisnai durumlar ve bilgiler bulundu"
13
NOTE_EXCEPTIONS_FOUND_DETAILED="Bazı istisnai durumlar ve bilgiler bulundu"
14
NOTE_EXCEPTIONS_FOUND="İstisnalar bulundu"
15
NOTE_PLUGINS_TAKE_TIME="Not: eklentiler daha detaylı testler içermektedir ve tamamlanmaları uzun sürebilir"
15
NOTE_PLUGINS_TAKE_TIME="Not: eklentiler daha detaylı testler içermektedir ve tamamlanmaları uzun sürebilir"
16
NOTE_SKIPPED_TESTS_NON_PRIVILEGED="Yetkisiz çalışma nedeniyle atlanan testler"
16
NOTE_SKIPPED_TESTS_NON_PRIVILEGED="Yetkisiz çalışma nedeniyle atlanan testler"
17
#SECTION_ACCOUNTING="Accounting"
18
#SECTION_BANNERS_AND_IDENTIFICATION="Banners and identification"
19
#SECTION_BASICS="Basics"
20
#SECTION_BOOT_AND_SERVICES="Boot and services"
21
#SECTION_CONTAINERS="Containers"
22
#SECTION_CRYPTOGRAPHY="Cryptography"
17
SECTION_CUSTOM_TESTS="Özel testler"
23
SECTION_CUSTOM_TESTS="Özel testler"
24
#SECTION_DATABASES="Databases"
25
#SECTION_DATA_UPLOAD="Data upload"
26
#SECTION_DOWNLOADS="Downloads"
27
#SECTION_EMAIL_AND_MESSAGING="Software: e-mail and messaging"
28
#SECTION_FILE_INTEGRITY="Software: file integrity"
29
#SECTION_FILE_PERMISSIONS="File Permissions"
30
#SECTION_FILE_SYSTEMS="File systems"
31
#SECTION_FIREWALLS="Software: firewalls"
32
#SECTION_GENERAL="General"
33
#SECTION_HARDENING="Hardening"
34
#SECTION_HOME_DIRECTORIES="Home directories"
35
#SECTION_IMAGE="Image"
36
#SECTION_INITIALIZING_PROGRAM="Initializing program"
37
#SECTION_INSECURE_SERVICES="Insecure services"
38
#SECTION_KERNEL_HARDENING="Kernel Hardening"
39
#SECTION_KERNEL="Kernel"
40
#SECTION_LDAP_SERVICES="LDAP Services"
41
#SECTION_LOGGING_AND_FILES="Logging and files"
18
SECTION_MALWARE="Kötücül yazılım"
42
SECTION_MALWARE="Kötücül yazılım"
19
SECTION_MEMORY_AND_PROCESSES="Bellek ve Prosesler"
43
SECTION_MEMORY_AND_PROCESSES="Bellek ve Prosesler"
44
#SECTION_NAME_SERVICES="Name services"
45
#SECTION_NETWORKING="Networking"
46
#SECTION_PERMISSIONS="Permissions"
47
#SECTION_PORTS_AND_PACKAGES="Ports and packages"
48
#SECTION_PRINTERS_AND_SPOOLS="Printers and Spools"
49
#SECTION_PROGRAM_DETAILS="Program Details"
50
#SECTION_SCHEDULED_TASKS="Scheduled tasks"
51
#SECTION_SECURITY_FRAMEWORKS="Security frameworks"
52
#SECTION_SHELLS="Shells"
53
#SECTION_SNMP_SUPPORT="SNMP Support"
54
#SECTION_SOFTWARE="Software"
55
#SECTION_SQUID_SUPPORT="Squid Support"
56
#SECTION_SSH_SUPPORT="SSH Support"
57
#SECTION_STORAGE="Storage"
58
#SECTION_SYSTEM_INTEGRITY="Software: System integrity"
59
#SECTION_SYSTEM_TOOLING="Software: System tooling"
60
#SECTION_SYSTEM_TOOLS="System tools"
61
#SECTION_TIME_AND_SYNCHRONIZATION="Time and Synchronization"
62
#SECTION_USB_DEVICES="USB Devices"
63
#SECTION_USERS_GROUPS_AND_AUTHENTICATION="Users, Groups and Authentication"
64
#SECTION_VIRTUALIZATION="Virtualization"
65
#SECTION_WEBSERVER="Software: webserver"
66
#STATUS_ACTIVE="ACTIVE"
67
#STATUS_CHECK_NEEDED="CHECK NEEDED"
68
#STATUS_DEBUG="DEBUG"
69
#STATUS_DEFAULT="DEFAULT"
70
#STATUS_DIFFERENT="DIFFERENT"
20
STATUS_DISABLED="ETKİSİZLEŞTİRİLMİŞ"
71
STATUS_DISABLED="ETKİSİZLEŞTİRİLMİŞ"
21
STATUS_DONE="TAMAMLANDI"
72
STATUS_DONE="TAMAMLANDI"
22
STATUS_ENABLED="ETKİNLEŞTİRİLMİŞ"
73
STATUS_ENABLED="ETKİNLEŞTİRİLMİŞ"
23
STATUS_ERROR="HATA"
74
STATUS_ERROR="HATA"
75
#STATUS_EXPOSED="EXPOSED"
76
#STATUS_FAILED="FAILED"
77
#STATUS_FILES_FOUND="FILES FOUND"
24
STATUS_FOUND="BULUNDU"
78
STATUS_FOUND="BULUNDU"
25
STATUS_YES="EVET"
79
#STATUS_HARDENED="HARDENED"
80
#STATUS_INSTALLED="INSTALLED"
81
#STATUS_LOCAL_ONLY="LOCAL ONLY"
82
#STATUS_MEDIUM="MEDIUM"
26
STATUS_NO="HAYIR"
83
STATUS_NO="HAYIR"
27
STATUS_OFF="KAPALI"
84
#STATUS_NON_DEFAULT="NON DEFAULT"
28
STATUS_OK="TAMAM"
29
STATUS_ON="AÇIK"
30
STATUS_NONE="YOK"
85
STATUS_NONE="YOK"
86
#STATUS_NOT_CONFIGURED="NOT CONFIGURED"
87
#STATUS_NOT_DISABLED="NOT DISABLED"
88
#STATUS_NOT_ENABLED="NOT ENABLED"
31
STATUS_NOT_FOUND="BULUNAMADI"
89
STATUS_NOT_FOUND="BULUNAMADI"
32
STATUS_NOT_RUNNING="ÇALIŞMIYOR"
90
STATUS_NOT_RUNNING="ÇALIŞMIYOR"
91
#STATUS_NO_UPDATE="NO UPDATE"
92
STATUS_OFF="KAPALI"
93
STATUS_OK="TAMAM"
94
STATUS_ON="AÇIK"
95
#STATUS_PARTIALLY_HARDENED="PARTIALLY HARDENED"
96
#STATUS_PROTECTED="PROTECTED"
33
STATUS_RUNNING="ÇALIŞIYOR"
97
STATUS_RUNNING="ÇALIŞIYOR"
34
STATUS_SKIPPED="ATLANDI"
98
STATUS_SKIPPED="ATLANDI"
35
STATUS_SUGGESTION="ÖNERİ"
99
STATUS_SUGGESTION="ÖNERİ"
36
STATUS_UNKNOWN="BİLİNMİYOR"
100
STATUS_UNKNOWN="BİLİNMİYOR"
101
#STATUS_UNSAFE="UNSAFE"
102
#STATUS_UPDATE_AVAILABLE="UPDATE AVAILABLE"
37
STATUS_WARNING="UYARI"
103
STATUS_WARNING="UYARI"
38
TEXT_YOU_CAN_HELP_LOGFILE="Log dosyanızı göndererek yardımcı olabilirsiniz"
104
#STATUS_WEAK="WEAK"
105
STATUS_YES="EVET"
39
TEXT_UPDATE_AVAILABLE="güncelleme mevcut"
106
TEXT_UPDATE_AVAILABLE="güncelleme mevcut"
107
TEXT_YOU_CAN_HELP_LOGFILE="Log dosyanızı göndererek yardımcı olabilirsiniz"
(-)lynis-3.0.0/db/software-eol.db (-23 / +120 lines)
Lines 14-23 Link Here
14
# For rolling releases or releases that do not (currently have an EOL date, leave field three empty and set field four to -1.
14
# For rolling releases or releases that do not (currently have an EOL date, leave field three empty and set field four to -1.
15
# Full string for CentOS can be something like 'CentOS Linux 8 (Core)'. As this does not correctly match, shorter string is used for matching.
15
# Full string for CentOS can be something like 'CentOS Linux 8 (Core)'. As this does not correctly match, shorter string is used for matching.
16
#
16
#
17
# Alpine - https://alpinelinux.org/releases/
18
#
19
os:Alpine 3.15:2023-11-01:1698793200
20
os:Alpine 3.14:2023-05-01:1682899200
21
os:Alpine 3.13:2022-11-01:1667275200
22
os:Alpine 3.12:2022-05-01:1651377600
23
os:Alpine 3.11:2021-11-01:1635739200
24
os:Alpine 3.10:2021-05-01:1619841600
25
os:Alpine 3.9:2020-11-01:1604203200
26
os:Alpine 3.8:2020-05-01:1588305600
27
#
17
# Amazon Linux
28
# Amazon Linux
18
#
29
#
19
os:Amazon Linux:2020-06-30:1593468000:
30
# Note: shortest entry is listed at end due to regular expression matching being used
20
os:Amazon Linux 2:2023-06-26:1687730400:
31
os:Amazon Linux 2:2023-06-26:1687730400:
32
os:Amazon Linux:2020-06-30:1593468000:
21
#
33
#
22
# Arch Linux
34
# Arch Linux
23
#
35
#
Lines 39-44 Link Here
39
os:Debian 9:2022-01-01:1640991600:
51
os:Debian 9:2022-01-01:1640991600:
40
os:Debian 10:2022-01-01:1640991600:
52
os:Debian 10:2022-01-01:1640991600:
41
#
53
#
54
# Fedora - https://fedoraproject.org/wiki/End_of_life
55
#
56
os:Fedora release 25:2017-12-12:1513033200:
57
os:Fedora release 26:2018-05-29:1527544800:
58
os:Fedora release 27:2018-11-30:1543532400:
59
os:Fedora release 28:2019-05-28:1558994400:
60
os:Fedora release 29:2019-11-26:1574722800:
61
os:Fedora release 30:2020-05-26:1590444000:
62
#
42
# FreeBSD - https://www.freebsd.org/security/unsupported.html
63
# FreeBSD - https://www.freebsd.org/security/unsupported.html
43
#
64
#
44
os:FreeBSD 9.3:2014-12-31:1419980400:
65
os:FreeBSD 9.3:2014-12-31:1419980400:
Lines 52-57 Link Here
52
os:FreeBSD 11.2:2019-10-31:1572476400:
73
os:FreeBSD 11.2:2019-10-31:1572476400:
53
os:FreeBSD 12.0:2020-02-29:1582930800:
74
os:FreeBSD 12.0:2020-02-29:1582930800:
54
#
75
#
76
# Linux Mint
77
#
78
os:Linux Mint 18:2021-04-01:1617228000:
79
os:Linux Mint 19:2023-04-01:1680300000:
80
os:Linux Mint 20:2025-04-01:1743458400:
81
#
82
# macOS - https://support.apple.com/en_US/downloads/macos and
83
#         https://apple.stackexchange.com/a/282788 and
84
#         https://en.wikipedia.org/wiki/Category:MacOS_versions
85
#
86
os:Mac OS X 10.0 \(Cheetah\):2002-09-18:1032300000:
87
os:Mac OS X 10.1 \(Puma\):2003-11-10:1068418800:
88
os:Mac OS X 10.2 \(Jaguar\):2005-05-16:1116194400:
89
os:Mac OS X 10.3 \(Panther\):2007-11-15:1195081200:
90
os:Mac OS X 10.4 \(Tiger\):2009-09-10:1252533600:
91
os:Mac OS X 10.5 \(Leopard\):2011-06-23:1308780000:
92
os:Mac OS X 10.6 \(Snow Leopard\):2013-12-16:1387148400:
93
os:Mac OS X 10.7 \(Lion\):2014-11-17:1416178800:
94
os:Mac OS X 10.8 \(Mountain Lion\):2015-10-21:1445378400:
95
os:Mac OS X 10.9 \(Mavericks\):2016-10-24:1477260000:
96
os:Mac OS X 10.10 \(Yosemite\):2017-10-31:1509404400:
97
os:Mac OS X 10.11 \(El Capitan\):2018-10-30:1540854000:
98
os:macOS Sierra \(10.12\):2016-10-24:1477260000:
99
os:macOS Sierra \(10.12.1\):2016-12-13:1481583600:
100
os:macOS Sierra \(10.12.2\):2017-01-23:1485126000:
101
os:macOS Sierra \(10.12.3\):2017-03-27:1490565600:
102
os:macOS Sierra \(10.12.4\):2017-05-15:1494799200:
103
os:macOS Sierra \(10.12.5\):2017-07-19:1500415200:
104
os:macOS Sierra \(10.12.6\):2019-10-29:1572303600:
105
os:macOS High Sierra \(10.13\):2017-10-31:1509404400:
106
os:macOS High Sierra \(10.13.1\):2017-12-06:1512514800:
107
os:macOS High Sierra \(10.13.2\):2018-01-23:1516662000:
108
os:macOS High Sierra \(10.13.3\):2018-03-29:1522274400:
109
os:macOS High Sierra \(10.13.4\):2018-06-01:1527804000:
110
os:macOS High Sierra \(10.13.5\):2018-07-09:1531087200:
111
os:macOS High Sierra \(10.13.6\)::-1:
112
os:macOS Mojave \(10.14\):2018-10-30:1540854000:
113
os:macOS Mojave \(10.14.1\):2018-12-05:1543964400:
114
os:macOS Mojave \(10.14.2\):2019-01-22:1548111600:
115
os:macOS Mojave \(10.14.3\):2019-03-25:1553468400:
116
os:macOS Mojave \(10.14.4\):2019-05-13:1557698400:
117
os:macOS Mojave \(10.14.5\):2019-07-22:1563746400:
118
os:macOS Mojave \(10.14.6\)::-1:
119
os:macOS Catalina \(10.15\):2019-10-29:1572303600:
120
os:macOS Catalina \(10.15.1\):2019-12-10:1575932400:
121
os:macOS Catalina \(10.15.2\):2020-01-28:1580166000:
122
os:macOS Catalina \(10.15.3\):2020-03-24:1585004400:
123
os:macOS Catalina \(10.15.4\):2020-05-26:1590444000:
124
os:macOS Catalina \(10.15.5\):2020-07-15:1594764000:
125
os:macOS Catalina \(10.15.6\):2020-09-24:1600898400:
126
os:macOS Catalina \(10.15.7\)::-1:
127
#
128
# Mageia - https://www.mageia.org/en/support/
129
#
130
os:Mageia 1:2012-12-01:1354316400
131
os:Mageia 2:2013-11-22:1385074800
132
os:Mageia 3:2014-11-26:1416956400
133
os:Mageia 4:2015-09-19:1442613600
134
os:Mageia 5:2017-12-31:1514674800
135
os:Mageia 6:2019-09-30:1569794400
136
os:Mageia 7:2020-12-30:1609282800
137
#
55
# NetBSD - https://www.netbsd.org/support/security/release.html and
138
# NetBSD - https://www.netbsd.org/support/security/release.html and
56
#          https://www.netbsd.org/releases/formal.html
139
#          https://www.netbsd.org/releases/formal.html
57
#
140
#
Lines 120-125 Link Here
120
os:Red Hat Enterprise Linux 7:2024-06-30:1719698400:
203
os:Red Hat Enterprise Linux 7:2024-06-30:1719698400:
121
os:Red Hat Enterprise Linux 8:2029-05-07:1872799200:
204
os:Red Hat Enterprise Linux 8:2029-05-07:1872799200:
122
#
205
#
206
# Slackware - https://en.wikipedia.org/wiki/Slackware#Releases
207
#
208
os:Slackware Linux 8.1:2012-08-01:1343768400:
209
os:Slackware Linux 9.0:2012-08-01:1343768400:
210
os:Slackware Linux 9.1:2012-08-01:1343768400:
211
os:Slackware Linux 10.0:2012-08-01:1343768400:
212
os:Slackware Linux 10.1:2012-08-01:1343768400:
213
os:Slackware Linux 10.2:2012-08-01:1343768400:
214
os:Slackware Linux 11.0:2012-08-01:1343768400:
215
os:Slackware Linux 12.0:2012-08-01:1343768400:
216
os:Slackware Linux 12.1:2013-12-09:1386540000:
217
os:Slackware Linux 12.2:2013-12-09:1386540000:
218
os:Slackware Linux 13.0:2018-07-05:1530738000:
219
os:Slackware Linux 13.1:2018-07-05:1530738000:
220
os:Slackware Linux 13.37:2018-07-05:1530738000:
221
#
222
# SuSE - https://www.suse.com/lifecycle/
223
#
224
os:SUSE Linux Enterprise Server 12:2024-10-31:1730329200:
225
os:SUSE Linux Enterprise Server 15:2028-07-31:1848607200:
226
#
123
# Ubuntu - https://wiki.ubuntu.com/Kernel/LTSEnablementStack and
227
# Ubuntu - https://wiki.ubuntu.com/Kernel/LTSEnablementStack and
124
#          https://wiki.ubuntu.com/Releases
228
#          https://wiki.ubuntu.com/Releases
125
#
229
#
Lines 134-162 Link Here
134
os:Ubuntu 18.04:2023-05-01:1682892000:
238
os:Ubuntu 18.04:2023-05-01:1682892000:
135
os:Ubuntu 18.10:2019-07-18:1563400800:
239
os:Ubuntu 18.10:2019-07-18:1563400800:
136
os:Ubuntu 19.04:2020-01-01:1577833200:
240
os:Ubuntu 19.04:2020-01-01:1577833200:
137
os:Ubuntu 20.04:2025-04-01:1743458400
241
os:Ubuntu 20.04:2025-04-01:1743458400:
138
#
242
#
139
# Slackware - https://en.wikipedia.org/wiki/Slackware#Releases
243
# OmniosCE - https://omniosce.org/releasenotes.html
140
#
244
#
141
os:Slackware Linux 8.1:2012-08-01:1343768400:
245
os:OmniOS Community Edition v11 r151022:2020-05-11:1589148000:
142
os:Slackware Linux 9.0:2012-08-01:1343768400:
246
os:OmniOS Community Edition v11 r151024:2018-11-04:1541286000:
143
os:Slackware Linux 9.1:2012-08-01:1343768400:
247
os:OmniOS Community Edition v11 r151026:2019-05-05:1557007200:
144
os:Slackware Linux 10.0:2012-08-01:1343768400:
248
os:OmniOS Community Edition v11 r151028:2019-11-04:1572822000:
145
os:Slackware Linux 10.1:2012-08-01:1343768400:
249
os:OmniOS Community Edition v11 r151030::-1:
146
os:Slackware Linux 10.2:2012-08-01:1343768400:
250
os:OmniOS Community Edition v11 r151032:2020-11-03:1604358000:
147
os:Slackware Linux 11.0:2012-08-01:1343768400:
251
os:OmniOS Community Edition v11 r151034::-1:
148
os:Slackware Linux 12.0:2012-08-01:1343768400:
149
os:Slackware Linux 12.1:2013-12-09:1386540000:
150
os:Slackware Linux 12.2:2013-12-09:1386540000:
151
os:Slackware Linux 13.0:2018-07-05:1530738000:
152
os:Slackware Linux 13.1:2018-07-05:1530738000:
153
os:Slackware Linux 13.37:2018-07-05:1530738000:
154
#
252
#
155
# Fedora - https://fedoraproject.org/wiki/End_of_life
253
## Oracle Solaris - https://www.oracle.com/us/support/library/lifetime-support-hardware-301321.pdf (p. 34)
254
#                   The list below contains Premier Support End only
156
#
255
#
157
os:Fedora release 25:2017-12-12:1513033200
256
os:Oracle Solaris 11.3:2021-01-01:1609455600:
158
os:Fedora release 26:2018-05-29:1527544800
257
os:Oracle Solaris 11.4:2031-11-01:1951254000:
159
os:Fedora release 27:2018-11-30:1543532400
258
#
160
os:Fedora release 28:2019-05-28:1558994400
259
# EOF
161
os:Fedora release 29:2019-11-26:1574722800
162
os:Fedora release 30:2020-05-26:1590444000
(-)lynis-3.0.0/db/tests.db (-2 / +16 lines)
Lines 14-19 Link Here
14
ACCT-9656:test:security:accounting:Solaris:Check BSM auditing in module list:
14
ACCT-9656:test:security:accounting:Solaris:Check BSM auditing in module list:
15
ACCT-9660:test:security:accounting:Solaris:Check location of audit events:
15
ACCT-9660:test:security:accounting:Solaris:Check location of audit events:
16
ACCT-9662:test:security:accounting:Solaris:Check Solaris auditing stats:
16
ACCT-9662:test:security:accounting:Solaris:Check Solaris auditing stats:
17
ACCT-9670:test:security:accounting:Linux:Check for cmd tooling:
18
ACCT-9672:test:security:accounting:Linux:Check cmd configuration file:
17
AUTH-9204:test:security:authentication::Check users with an UID of zero:
19
AUTH-9204:test:security:authentication::Check users with an UID of zero:
18
AUTH-9208:test:security:authentication::Check non-unique accounts in passwd file:
20
AUTH-9208:test:security:authentication::Check non-unique accounts in passwd file:
19
AUTH-9212:test:security:authentication::Test group file:
21
AUTH-9212:test:security:authentication::Test group file:
Lines 37-42 Link Here
37
AUTH-9278:test:security:authentication::Checking LDAP pam status:
39
AUTH-9278:test:security:authentication::Checking LDAP pam status:
38
AUTH-9282:test:security:authentication::Checking password protected account without expire date:
40
AUTH-9282:test:security:authentication::Checking password protected account without expire date:
39
AUTH-9283:test:security:authentication::Checking accounts without password:
41
AUTH-9283:test:security:authentication::Checking accounts without password:
42
AUTH-9284:test:security:authentication::Checking locked user accounts in /etc/passwd:
40
AUTH-9286:test:security:authentication::Checking user password aging:
43
AUTH-9286:test:security:authentication::Checking user password aging:
41
AUTH-9288:test:security:authentication::Checking for expired passwords:
44
AUTH-9288:test:security:authentication::Checking for expired passwords:
42
AUTH-9304:test:security:authentication:Solaris:Check single user login configuration:
45
AUTH-9304:test:security:authentication:Solaris:Check single user login configuration:
Lines 66-78 Link Here
66
BOOT-5124:test:security:boot_services:FreeBSD:Check for FreeBSD boot loader presence:
69
BOOT-5124:test:security:boot_services:FreeBSD:Check for FreeBSD boot loader presence:
67
BOOT-5126:test:security:boot_services:NetBSD:Check for NetBSD boot loader presence:
70
BOOT-5126:test:security:boot_services:NetBSD:Check for NetBSD boot loader presence:
68
BOOT-5139:test:security:boot_services::Check for LILO boot loader presence:
71
BOOT-5139:test:security:boot_services::Check for LILO boot loader presence:
72
BOOT-5140:test:security:boot_services::Check for ELILO boot loader presence:
69
BOOT-5142:test:security:boot_services::Check SPARC Improved boot loader (SILO):
73
BOOT-5142:test:security:boot_services::Check SPARC Improved boot loader (SILO):
70
BOOT-5155:test:security:boot_services::Check for YABOOT boot loader configuration file:
74
BOOT-5155:test:security:boot_services::Check for YABOOT boot loader configuration file:
71
BOOT-5159:test:security:boot_services:OpenBSD:Check for OpenBSD boot loader presence:
75
BOOT-5159:test:security:boot_services:OpenBSD:Check for OpenBSD boot loader presence:
72
BOOT-5165:test:security:boot_services:FreeBSD:Check for FreeBSD boot services:
76
BOOT-5165:test:security:boot_services:FreeBSD:Check for FreeBSD boot services:
77
BOOT-5170:test:security:boot_services:Solaris:Check for Solaris boot daemons:
73
BOOT-5177:test:security:boot_services:Linux:Check for Linux boot and running services:
78
BOOT-5177:test:security:boot_services:Linux:Check for Linux boot and running services:
74
BOOT-5180:test:security:boot_services:Linux:Check for Linux boot services (Debian style):
79
BOOT-5180:test:security:boot_services:Linux:Check for Linux boot services (Debian style):
75
BOOT-5184:test:security:boot_services:Linux:Check permissions for boot files/scripts:
80
BOOT-5184:test:security:boot_services::Check permissions for boot files/scripts:
76
BOOT-5202:test:security:boot_services::Check uptime of system:
81
BOOT-5202:test:security:boot_services::Check uptime of system:
77
BOOT-5260:test:security:boot_services::Check single user mode for systemd:
82
BOOT-5260:test:security:boot_services::Check single user mode for systemd:
78
BOOT-5261:test:security:boot_services:DragonFly:Check for DragonFly boot loader presence:
83
BOOT-5261:test:security:boot_services:DragonFly:Check for DragonFly boot loader presence:
Lines 92-97 Link Here
92
CRYP-8002:test:security:crypto:Linux:Gather kernel entropy:
97
CRYP-8002:test:security:crypto:Linux:Gather kernel entropy:
93
CRYP-8004:test:security:crypto:Linux:Presence of hardware random number generators:
98
CRYP-8004:test:security:crypto:Linux:Presence of hardware random number generators:
94
CRYP-8005:test:security:crypto:Linux:Presence of software pseudo random number generators:
99
CRYP-8005:test:security:crypto:Linux:Presence of software pseudo random number generators:
100
CRYP-8006:test:security:crypto:Linux:Check MemoryOverwriteRequest bit to protect against cold-boot attacks:
95
DNS-1600:test:security:dns::Validating that the DNSSEC signatures are checked:
101
DNS-1600:test:security:dns::Validating that the DNSSEC signatures are checked:
96
DBS-1804:test:security:databases::Checking active MySQL process:
102
DBS-1804:test:security:databases::Checking active MySQL process:
97
DBS-1816:test:security:databases::Checking MySQL root password:
103
DBS-1816:test:security:databases::Checking MySQL root password:
Lines 169-174 Link Here
169
HRDN-7220:test:security:hardening::Check if one or more compilers are installed:
175
HRDN-7220:test:security:hardening::Check if one or more compilers are installed:
170
HRDN-7222:test:security:hardening::Check compiler permissions:
176
HRDN-7222:test:security:hardening::Check compiler permissions:
171
HRDN-7230:test:security:hardening::Check for malware scanner:
177
HRDN-7230:test:security:hardening::Check for malware scanner:
178
HRDN-7231:test:security:hardening:Linux:Check for registered non-native binary formats:
172
HTTP-6622:test:security:webservers::Checking Apache presence:
179
HTTP-6622:test:security:webservers::Checking Apache presence:
173
HTTP-6624:test:security:webservers::Testing main Apache configuration file:
180
HTTP-6624:test:security:webservers::Testing main Apache configuration file:
174
HTTP-6626:test:security:webservers::Testing other Apache configuration file:
181
HTTP-6626:test:security:webservers::Testing other Apache configuration file:
Lines 228-233 Link Here
228
LOGG-2148:test:security:logging::Checking logrotated files:
235
LOGG-2148:test:security:logging::Checking logrotated files:
229
LOGG-2150:test:security:logging::Checking directories in logrotate configuration:
236
LOGG-2150:test:security:logging::Checking directories in logrotate configuration:
230
LOGG-2152:test:security:logging::Checking loghost:
237
LOGG-2152:test:security:logging::Checking loghost:
238
LOGG-2153:test:security:logging::Checking loghost is not localhost:
231
LOGG-2154:test:security:logging::Checking syslog configuration file:
239
LOGG-2154:test:security:logging::Checking syslog configuration file:
232
LOGG-2160:test:security:logging::Checking /etc/newsyslog.conf:
240
LOGG-2160:test:security:logging::Checking /etc/newsyslog.conf:
233
LOGG-2162:test:security:logging::Checking directories in /etc/newsyslog.conf:
241
LOGG-2162:test:security:logging::Checking directories in /etc/newsyslog.conf:
Lines 257-262 Link Here
257
MAIL-8860:test:security:mail_messaging::Check Qmail status:
265
MAIL-8860:test:security:mail_messaging::Check Qmail status:
258
MAIL-8880:test:security:mail_messaging::Check Sendmail status:
266
MAIL-8880:test:security:mail_messaging::Check Sendmail status:
259
MAIL-8920:test:security:mail_messaging::Check OpenSMTPD status:
267
MAIL-8920:test:security:mail_messaging::Check OpenSMTPD status:
268
MALW-3274:test:security:malware::Check for McAfee VirusScan Command Line Scanner:
260
MALW-3275:test:security:malware::Check for chkrootkit:
269
MALW-3275:test:security:malware::Check for chkrootkit:
261
MALW-3276:test:security:malware::Check for Rootkit Hunter:
270
MALW-3276:test:security:malware::Check for Rootkit Hunter:
262
MALW-3278:test:security:malware::Check for LMD:
271
MALW-3278:test:security:malware::Check for LMD:
Lines 265-270 Link Here
265
MALW-3284:test:security:malware::Check for clamd:
274
MALW-3284:test:security:malware::Check for clamd:
266
MALW-3286:test:security:malware::Check for freshclam:
275
MALW-3286:test:security:malware::Check for freshclam:
267
MALW-3288:test:security:malware::Check for ClamXav:
276
MALW-3288:test:security:malware::Check for ClamXav:
277
MALW-3290:test:security:malware::Presence of malware scanner:
268
NAME-4016:test:security:nameservices::Check /etc/resolv.conf default domain:
278
NAME-4016:test:security:nameservices::Check /etc/resolv.conf default domain:
269
NAME-4018:test:security:nameservices::Check /etc/resolv.conf search domains:
279
NAME-4018:test:security:nameservices::Check /etc/resolv.conf search domains:
270
NAME-4020:test:security:nameservices::Check non default options:
280
NAME-4020:test:security:nameservices::Check non default options:
Lines 281-287 Link Here
281
NAME-4230:test:security:nameservices::Check PowerDNS status:
291
NAME-4230:test:security:nameservices::Check PowerDNS status:
282
NAME-4232:test:security:nameservices::Search PowerDNS configuration file:
292
NAME-4232:test:security:nameservices::Search PowerDNS configuration file:
283
NAME-4236:test:security:nameservices::Check PowerDNS backends:
293
NAME-4236:test:security:nameservices::Check PowerDNS backends:
284
NAME-4238:test:security:nameservices::Check PowerDNS authoritive status:
294
NAME-4238:test:security:nameservices::Check PowerDNS authoritative status:
285
NAME-4304:test:security:nameservices::Check NIS ypbind status:
295
NAME-4304:test:security:nameservices::Check NIS ypbind status:
286
NAME-4306:test:security:nameservices::Check NIS domain:
296
NAME-4306:test:security:nameservices::Check NIS domain:
287
NAME-4402:test:security:nameservices::Check duplicate line in /etc/hosts:
297
NAME-4402:test:security:nameservices::Check duplicate line in /etc/hosts:
Lines 313-318 Link Here
313
PHP-2378:test:security:php::Check PHP allow_url_include option:
323
PHP-2378:test:security:php::Check PHP allow_url_include option:
314
PHP-2379:test:security:php::Check PHP suhosin extension status:
324
PHP-2379:test:security:php::Check PHP suhosin extension status:
315
PHP-2382:test:security:php::Check PHP listen option:
325
PHP-2382:test:security:php::Check PHP listen option:
326
PKGS-7200:test:security:ports_packages:Linux:Check Alpine Package Keeper (apk):
316
PKGS-7301:test:security:ports_packages::Query NetBSD pkg:
327
PKGS-7301:test:security:ports_packages::Query NetBSD pkg:
317
PKGS-7302:test:security:ports_packages::Query FreeBSD/NetBSD pkg_info:
328
PKGS-7302:test:security:ports_packages::Query FreeBSD/NetBSD pkg_info:
318
PKGS-7303:test:security:ports_packages::Query brew package manager:
329
PKGS-7303:test:security:ports_packages::Query brew package manager:
Lines 349-354 Link Here
349
PKGS-7392:test:security:ports_packages:Linux:Check for Debian/Ubuntu security updates:
360
PKGS-7392:test:security:ports_packages:Linux:Check for Debian/Ubuntu security updates:
350
PKGS-7393:test:security:ports_packages::Check for Gentoo vulnerable packages:
361
PKGS-7393:test:security:ports_packages::Check for Gentoo vulnerable packages:
351
PKGS-7394:test:security:ports_packages:Linux:Check for Ubuntu updates:
362
PKGS-7394:test:security:ports_packages:Linux:Check for Ubuntu updates:
363
PKGS-7395:test:security:ports_packages:Linux:Check Alpine upgradeable packages:
352
PKGS-7398:test:security:ports_packages::Check for package audit tool:
364
PKGS-7398:test:security:ports_packages::Check for package audit tool:
353
PKGS-7410:test:security:ports_packages::Count installed kernel packages:
365
PKGS-7410:test:security:ports_packages::Count installed kernel packages:
354
PKGS-7420:test:security:ports_packages::Detect toolkit to automatically download and apply upgrades:
366
PKGS-7420:test:security:ports_packages::Detect toolkit to automatically download and apply upgrades:
Lines 419-429 Link Here
419
TIME-3180:test:security:time::Report if ntpctl cannot communicate with OpenNTPD:
431
TIME-3180:test:security:time::Report if ntpctl cannot communicate with OpenNTPD:
420
TIME-3181:test:security:time::Check status of OpenNTPD time synchronisation
432
TIME-3181:test:security:time::Check status of OpenNTPD time synchronisation
421
TIME-3182:test:security:time::Check OpenNTPD has working peers
433
TIME-3182:test:security:time::Check OpenNTPD has working peers
434
TIME-3185:test:security:time::Check systemd-timesyncd synchronized time
422
TOOL-5002:test:security:tooling::Checking for automation tools:
435
TOOL-5002:test:security:tooling::Checking for automation tools:
423
TOOL-5102:test:security:tooling::Check for presence of Fail2ban:
436
TOOL-5102:test:security:tooling::Check for presence of Fail2ban:
424
TOOL-5104:test:security:tooling::Enabled tests for Fail2ban:
437
TOOL-5104:test:security:tooling::Enabled tests for Fail2ban:
425
TOOL-5120:test:security:tooling::Presence of Snort IDS:
438
TOOL-5120:test:security:tooling::Presence of Snort IDS:
426
TOOL-5122:test:security:tooling::Snort IDS configuration file:
439
TOOL-5122:test:security:tooling::Snort IDS configuration file:
440
TOOL-5130:test:security:tooling::Check for active Suricata daemon:
427
TOOL-5160:test:security:tooling::Check for active OSSEC daemon:
441
TOOL-5160:test:security:tooling::Check for active OSSEC daemon:
428
TOOL-5190:test:security:tooling::Check presence of available IDS/IPS tooling:
442
TOOL-5190:test:security:tooling::Check presence of available IDS/IPS tooling:
429
USB-1000:test:security:storage:Linux:Check if USB storage is disabled:
443
USB-1000:test:security:storage:Linux:Check if USB storage is disabled:
(-)lynis-3.0.0/default.prf (-2 / +14 lines)
Lines 93-99 Link Here
93
#skip-upgrade-test=yes
93
#skip-upgrade-test=yes
94
94
95
# Locations where to search for SSL certificates (separate paths with a colon)
95
# Locations where to search for SSL certificates (separate paths with a colon)
96
ssl-certificate-paths=/etc/apache2:/etc/dovecot:/etc/httpd:/etc/letsencrypt:/etc/pki:/etc/postfix:/etc/ssl:/opt/psa/var/certificates:/usr/local/psa/var/certificates:/usr/local/share/ca-certificates:/usr/share/ca-certificates:/usr/share/gnupg:/var/www:/srv/www
96
ssl-certificate-paths=/etc/apache2:/etc/dovecot:/etc/httpd:/etc/letsencrypt:/etc/pki:/etc/postfix:/etc/refind.d/keys:/etc/ssl:/opt/psa/var/certificates:/usr/local/psa/var/certificates:/usr/local/share/ca-certificates:/usr/share/ca-certificates:/usr/share/gnupg:/var/www:/srv/www
97
ssl-certificate-paths-to-ignore=/etc/letsencrypt/archive:
97
ssl-certificate-paths-to-ignore=/etc/letsencrypt/archive:
98
ssl-certificate-include-packages=no
98
ssl-certificate-include-packages=no
99
99
Lines 152-158 Link Here
152
#
152
#
153
# Kernel options
153
# Kernel options
154
# ---------------
154
# ---------------
155
# configdate=, followed by:
155
# config-data=, followed by:
156
#
156
#
157
# - Type                     = Set to 'sysctl'
157
# - Type                     = Set to 'sysctl'
158
# - Setting                  = value of sysctl key (e.g. kernel.sysrq)
158
# - Setting                  = value of sysctl key (e.g. kernel.sysrq)
Lines 182-188 Link Here
182
182
183
# Kernel
183
# Kernel
184
config-data=sysctl;fs.suid_dumpable;0;1;Restrict core dumps;sysctl -a;url:https;//www.kernel.org/doc/Documentation/sysctl/fs.txt;category:security;
184
config-data=sysctl;fs.suid_dumpable;0;1;Restrict core dumps;sysctl -a;url:https;//www.kernel.org/doc/Documentation/sysctl/fs.txt;category:security;
185
config-data=sysctl;fs.protected_fifos;2;1;Restrict FIFO special device creation behavior;sysctl -a;url:https;//www.kernel.org/doc/Documentation/sysctl/fs.txt;category:security;
185
config-data=sysctl;fs.protected_hardlinks;1;1;Restrict hardlink creation behavior;sysctl -a;url:https;//www.kernel.org/doc/Documentation/sysctl/fs.txt;category:security;
186
config-data=sysctl;fs.protected_hardlinks;1;1;Restrict hardlink creation behavior;sysctl -a;url:https;//www.kernel.org/doc/Documentation/sysctl/fs.txt;category:security;
187
config-data=sysctl;fs.protected_regular;2;1;Restrict regular files creation behavior;sysctl -a;url:https;//www.kernel.org/doc/Documentation/sysctl/fs.txt;category:security;
186
config-data=sysctl;fs.protected_symlinks;1;1;Restrict symlink following behavior;sysctl -a;url:https;//www.kernel.org/doc/Documentation/sysctl/fs.txt;category:security;
188
config-data=sysctl;fs.protected_symlinks;1;1;Restrict symlink following behavior;sysctl -a;url:https;//www.kernel.org/doc/Documentation/sysctl/fs.txt;category:security;
187
#config-data=sysctl;kern.randompid=2345;Randomize PID numbers with a specific modulus;sysctl -a;-;category:security;
189
#config-data=sysctl;kern.randompid=2345;Randomize PID numbers with a specific modulus;sysctl -a;-;category:security;
188
config-data=sysctl;kern.sugid_coredump;0;1;No description;sysctl -a;url:https;//kernel.org/doc/Documentation/sysctl/kernel.txt;category:security;
190
config-data=sysctl;kern.sugid_coredump;0;1;No description;sysctl -a;url:https;//kernel.org/doc/Documentation/sysctl/kernel.txt;category:security;
Lines 194-206 Link Here
194
config-data=sysctl;kernel.exec-shield;1;1;No description;sysctl -a;url:https;//kernel.org/doc/Documentation/sysctl/kernel.txt;category:security;
196
config-data=sysctl;kernel.exec-shield;1;1;No description;sysctl -a;url:https;//kernel.org/doc/Documentation/sysctl/kernel.txt;category:security;
195
config-data=sysctl;kernel.kptr_restrict;2;1;Restrict access to kernel symbols;sysctl -a;url:https;//kernel.org/doc/Documentation/sysctl/kernel.txt;category:security;
197
config-data=sysctl;kernel.kptr_restrict;2;1;Restrict access to kernel symbols;sysctl -a;url:https;//kernel.org/doc/Documentation/sysctl/kernel.txt;category:security;
196
config-data=sysctl;kernel.maps_protect;1;1;Restrict access to /proc/[pid]/maps;sysctl -a;url:https;//kernel.org/doc/Documentation/sysctl/kernel.txt;category:security;
198
config-data=sysctl;kernel.maps_protect;1;1;Restrict access to /proc/[pid]/maps;sysctl -a;url:https;//kernel.org/doc/Documentation/sysctl/kernel.txt;category:security;
199
config-data=sysctl;kernel.modules_disabled;1;1;Restrict module loading once this sysctl value is loaded;sysctl -a;url:https;//kernel.org/doc/Documentation/sysctl/kernel.txt;category:security;
200
config-data=sysctl;kernel.perf_event_paranoid;3;1;Restrict unprivileged access to the perf_event_open() system call.;sysctl -a;url:https;//kernel.org/doc/Documentation/sysctl/kernel.txt;category:security;
197
config-data=sysctl;kernel.randomize_va_space;2;1;Randomize of memory address locations (ASLR);sysctl -a;url:https;//kernel.org/doc/Documentation/sysctl/kernel.txt;category:security;
201
config-data=sysctl;kernel.randomize_va_space;2;1;Randomize of memory address locations (ASLR);sysctl -a;url:https;//kernel.org/doc/Documentation/sysctl/kernel.txt;category:security;
198
config-data=sysctl;kernel.suid_dumpable;0;1;Restrict core dumps;sysctl -a;url:https;//kernel.org/doc/Documentation/sysctl/kernel.txt;category:security;
202
config-data=sysctl;kernel.suid_dumpable;0;1;Restrict core dumps;sysctl -a;url:https;//kernel.org/doc/Documentation/sysctl/kernel.txt;category:security;
199
config-data=sysctl;kernel.sysrq;0;1;Disable magic SysRQ;sysctl -a;url:https;//kernel.org/doc/Documentation/sysctl/kernel.txt;category:security;
203
config-data=sysctl;kernel.sysrq;0;1;Disable magic SysRQ;sysctl -a;url:https;//kernel.org/doc/Documentation/sysctl/kernel.txt;category:security;
204
config-data=sysctl;kernel.unprivileged_bpf_disabled;1;1;Restrict BPF for unprivileged users;sysctl -a;url:https;//kernel.org/doc/Documentation/sysctl/kernel.txt;category:security;
200
config-data=sysctl;kernel.use-nx;0;1;No description;sysctl -a;url:https;//kernel.org/doc/Documentation/sysctl/kernel.txt;category:security;
205
config-data=sysctl;kernel.use-nx;0;1;No description;sysctl -a;url:https;//kernel.org/doc/Documentation/sysctl/kernel.txt;category:security;
201
config-data=sysctl;kernel.yama.ptrace_scope;1|2|3;1;Disable process tracing for everyone;-;category:security;
206
config-data=sysctl;kernel.yama.ptrace_scope;1|2|3;1;Disable process tracing for everyone;-;category:security;
202
207
203
# Network
208
# Network
209
config-data=sysctl;net.core.bpf_jit_harden;2;1;Hardened BPF JIT compilation;sysctl -a;url:https;//kernel.org/doc/Documentation/sysctl/kernel.txt;category:security;
204
config-data=sysctl;net.inet.ip.linklocal.in.allowbadttl;0;
210
config-data=sysctl;net.inet.ip.linklocal.in.allowbadttl;0;
205
config-data=sysctl;net.inet.tcp.always_keepalive;0;1;Disable TCP keep alive detection for dead peers as the keepalive can be spoofed;-;category:security;
211
config-data=sysctl;net.inet.tcp.always_keepalive;0;1;Disable TCP keep alive detection for dead peers as the keepalive can be spoofed;-;category:security;
206
#config-data=sysctl;net.inet.tcp.fast_finwait2_recycle;1;1;Recycle FIN/WAIT states more quickly (DoS mitigation step, with risk of false RST);-;category:security;
212
#config-data=sysctl;net.inet.tcp.fast_finwait2_recycle;1;1;Recycle FIN/WAIT states more quickly (DoS mitigation step, with risk of false RST);-;category:security;
Lines 250-255 Link Here
250
config-data=sysctl;net.ipv6.conf.default.accept_source_route;0;1;Disable IP source routing;-;category:security;
256
config-data=sysctl;net.ipv6.conf.default.accept_source_route;0;1;Disable IP source routing;-;category:security;
251
257
252
# Other
258
# Other
259
config-data=sysctl;dev.tty.ldisc_autoload;0;1;Disable loading of TTY line disciplines;-;category:security;
253
config-data=sysctl;hw.kbd.keymap_restrict_change;4;1;Disable changing the keymap by non-privileged users;-;category:security;
260
config-data=sysctl;hw.kbd.keymap_restrict_change;4;1;Disable changing the keymap by non-privileged users;-;category:security;
254
#sysctl;kern.securelevel;1^2^3;1;FreeBSD security level;
261
#sysctl;kern.securelevel;1^2^3;1;FreeBSD security level;
255
#security.jail.jailed; 0
262
#security.jail.jailed; 0
Lines 303-308 Link Here
303
permfile=/etc/passwd:rw-r--r--:root:-:WARN:
310
permfile=/etc/passwd:rw-r--r--:root:-:WARN:
304
permfile=/etc/passwd-:rw-r--r--:root:-:WARN:
311
permfile=/etc/passwd-:rw-r--r--:root:-:WARN:
305
permfile=/etc/ssh/sshd_config:rw-------:root:-:WARN:
312
permfile=/etc/ssh/sshd_config:rw-------:root:-:WARN:
313
permfile=/etc/hosts.equiv:rw-r--r--:root:root:WARN:
314
permfile=/etc/shosts.equiv:rw-r--r--:root:root:WARN:
315
permfile=/root/.rhosts:rw-------:root:root:WARN:
316
permfile=/root/.rlogin:rw-------:root:root:WARN:
317
permfile=/root/.shosts:rw-------:root:root:WARN:
306
318
307
# These permissions differ by OS
319
# These permissions differ by OS
308
#permfile=/etc/gshadow:---------:root:-:WARN:
320
#permfile=/etc/gshadow:---------:root:-:WARN:
(-)lynis-3.0.0/extras/bash_completion.d/lynis (-2 / +2 lines)
Lines 126-132 Link Here
126
        report)
126
        report)
127
            return 0
127
            return 0
128
            ;;
128
            ;;
129
        settiings)
129
        settings)
130
            return 0
130
            return 0
131
            ;;
131
            ;;
132
        tests)
132
        tests)
Lines 179-185 Link Here
179
        *)
179
        *)
180
            COMPREPLY=( $( compgen -W ' \
180
            COMPREPLY=( $( compgen -W ' \
181
                --auditor --cronjob --debug --quick --quiet --logfile --no-colors --no-log --pentest --reverse-colors \
181
                --auditor --cronjob --debug --quick --quiet --logfile --no-colors --no-log --pentest --reverse-colors \
182
                --tests --tests-from-category --tests-from-group --upload --verbose' -- "$cur" ) )
182
                --tests --tests-from-category --tests-from-group --upload --verbose --slow-warning' -- "$cur" ) )
183
            ;;
183
            ;;
184
    esac
184
    esac
185
185
(-)lynis-3.0.0/include/binaries (-6 / +11 lines)
Lines 6-12 Link Here
6
# ------------------
6
# ------------------
7
#
7
#
8
# Copyright 2007-2013, Michael Boelen
8
# Copyright 2007-2013, Michael Boelen
9
# Copyright 2007-2020, CISOfy
9
# Copyright 2007-2021, CISOfy
10
#
10
#
11
# Website  : https://cisofy.com
11
# Website  : https://cisofy.com
12
# Blog     : http://linux-audit.com
12
# Blog     : http://linux-audit.com
Lines 30-36 Link Here
30
#################################################################################
30
#################################################################################
31
#
31
#
32
    if [ ${CHECK_BINARIES} -eq 1 ]; then
32
    if [ ${CHECK_BINARIES} -eq 1 ]; then
33
        InsertSection "System Tools"
33
        InsertSection "${SECTION_SYSTEM_TOOLS}"
34
        Display --indent 2 --text "- Scanning available tools..."
34
        Display --indent 2 --text "- Scanning available tools..."
35
        LogText "Start scanning for available audit binaries and tools..."
35
        LogText "Start scanning for available audit binaries and tools..."
36
36
Lines 119-129 Link Here
119
                        COUNT=$((COUNT + 1))
119
                        COUNT=$((COUNT + 1))
120
                        BINARY="${SCANDIR}/${FILENAME}"
120
                        BINARY="${SCANDIR}/${FILENAME}"
121
                        DISCOVERED_BINARIES="${DISCOVERED_BINARIES}${BINARY} "
121
                        DISCOVERED_BINARIES="${DISCOVERED_BINARIES}${BINARY} "
122
                        if [ -u ${BINARY} ]; then
122
                        if [ -u "${BINARY}" ]; then
123
                            NSUID_BINARIES=$((NSUID_BINARIES + 1))
123
                            NSUID_BINARIES=$((NSUID_BINARIES + 1))
124
                            SUID_BINARIES="${SUID_BINARIES}${BINARY} "
124
                            SUID_BINARIES="${SUID_BINARIES}${BINARY} "
125
                        fi
125
                        fi
126
                        if [ -g ${BINARY} ]; then
126
                        if [ -g "${BINARY}" ]; then
127
                            NSGID_BINARIES=$((NSGID_BINARIES + 1))
127
                            NSGID_BINARIES=$((NSGID_BINARIES + 1))
128
                            SGID_BINARIES="${SGID_BINARIES}${BINARY} "
128
                            SGID_BINARIES="${SGID_BINARIES}${BINARY} "
129
                        fi
129
                        fi
Lines 134-139 Link Here
134
                            aide)                   AIDEBINARY=${BINARY};              LogText "  Found known binary: aide (file integrity checker) - ${BINARY}" ;;
134
                            aide)                   AIDEBINARY=${BINARY};              LogText "  Found known binary: aide (file integrity checker) - ${BINARY}" ;;
135
                            apache2)                HTTPDBINARY=${BINARY};             LogText "  Found known binary: apache2 (web server) - ${BINARY}" ;;
135
                            apache2)                HTTPDBINARY=${BINARY};             LogText "  Found known binary: apache2 (web server) - ${BINARY}" ;;
136
                            apt)                    APTBINARY=${BINARY};               LogText "  Found known binary: apt (package manager) - ${BINARY}" ;;
136
                            apt)                    APTBINARY=${BINARY};               LogText "  Found known binary: apt (package manager) - ${BINARY}" ;;
137
                            apk)                    APKBINARY=${BINARY};               LogText "  Found known binary: apk (package manager) - ${BINARY}" ;;
137
                            arch-audit)             ARCH_AUDIT_BINARY="${BINARY}";     LogText "  Found known binary: arch-audit (auditing utility to test for vulnerable packages) - ${BINARY}" ;;
138
                            arch-audit)             ARCH_AUDIT_BINARY="${BINARY}";     LogText "  Found known binary: arch-audit (auditing utility to test for vulnerable packages) - ${BINARY}" ;;
138
                            auditd)                 AUDITDBINARY=${BINARY};            LogText "  Found known binary: auditd (audit framework) - ${BINARY}" ;;
139
                            auditd)                 AUDITDBINARY=${BINARY};            LogText "  Found known binary: auditd (audit framework) - ${BINARY}" ;;
139
                            awk)                    AWKBINARY=${BINARY};               LogText "  Found known binary: awk (string tool) - ${BINARY}" ;;
140
                            awk)                    AWKBINARY=${BINARY};               LogText "  Found known binary: awk (string tool) - ${BINARY}" ;;
Lines 152-157 Link Here
152
                            clang)                  CLANGBINARY=${BINARY};             COMPILER_INSTALLED=1;  LogText "  Found known binary: clang (compiler) - ${BINARY}" ;;
153
                            clang)                  CLANGBINARY=${BINARY};             COMPILER_INSTALLED=1;  LogText "  Found known binary: clang (compiler) - ${BINARY}" ;;
153
                            cfagent)                CFAGENTBINARY="${BINARY}";         FILE_INT_TOOL_FOUND=1;                 LogText "  Found known binary: cfengine agent (configuration tool) - ${BINARY}" ;;
154
                            cfagent)                CFAGENTBINARY="${BINARY}";         FILE_INT_TOOL_FOUND=1;                 LogText "  Found known binary: cfengine agent (configuration tool) - ${BINARY}" ;;
154
                            chkrootkit)             CHKROOTKITBINARY="${BINARY}";      MALWARE_SCANNER_INSTALLED=1;           LogText "  Found known binary: chkrootkit (malware scanner) - ${BINARY}" ;;
155
                            chkrootkit)             CHKROOTKITBINARY="${BINARY}";      MALWARE_SCANNER_INSTALLED=1;           LogText "  Found known binary: chkrootkit (malware scanner) - ${BINARY}" ;;
156
                            cmd_daemon)             CMDBINARY=${BINARY};               LogText "  Found known binary: cmd (audit framework) - ${BINARY}" ;;
155
                            comm)                   COMMBINARY="${BINARY}";            LogText "  Found known binary: comm (file compare) - ${BINARY}" ;;
157
                            comm)                   COMMBINARY="${BINARY}";            LogText "  Found known binary: comm (file compare) - ${BINARY}" ;;
156
                            cryptsetup)             CRYPTSETUPBINARY="${BINARY}";      LogText "  Found known binary: cryptsetup (block device encryption) - ${BINARY}" ;;
158
                            cryptsetup)             CRYPTSETUPBINARY="${BINARY}";      LogText "  Found known binary: cryptsetup (block device encryption) - ${BINARY}" ;;
157
                            csum)                   CSUMBINARY="${BINARY}";            LogText "  Found known binary: csum (hashing tool on AIX) - ${BINARY}" ;;
159
                            csum)                   CSUMBINARY="${BINARY}";            LogText "  Found known binary: csum (hashing tool on AIX) - ${BINARY}" ;;
Lines 202-208 Link Here
202
                            logrotate)              LOGROTATEBINARY="${BINARY}";       LogText "  Found known binary: logrotate (log rotation tool) - ${BINARY}" ;;
204
                            logrotate)              LOGROTATEBINARY="${BINARY}";       LogText "  Found known binary: logrotate (log rotation tool) - ${BINARY}" ;;
203
                            ls)                     LSBINARY="${BINARY}";              LogText "  Found known binary: ls (file listing) - ${BINARY}" ;;
205
                            ls)                     LSBINARY="${BINARY}";              LogText "  Found known binary: ls (file listing) - ${BINARY}" ;;
204
                            lsattr)                 LSATTRBINARY="${BINARY}";          LogText "  Found known binary: lsattr (file attributes) - ${BINARY}" ;;
206
                            lsattr)                 LSATTRBINARY="${BINARY}";          LogText "  Found known binary: lsattr (file attributes) - ${BINARY}" ;;
205
                            lsblk)		            LSBLKBINARY="${BINARY}";	       LogText "  Found known binary: lsblk (block devices) - ${BINARY}" ;;
207
                            lsblk)                  LSBLKBINARY="${BINARY}";           LogText "  Found known binary: lsblk (block devices) - ${BINARY}" ;;
206
                            lsmod)                  LSMODBINARY="${BINARY}";           LogText "  Found known binary: lsmod (kernel modules) - ${BINARY}" ;;
208
                            lsmod)                  LSMODBINARY="${BINARY}";           LogText "  Found known binary: lsmod (kernel modules) - ${BINARY}" ;;
207
                            lsof)
209
                            lsof)
208
                                LSOFBINARY="${BINARY}"
210
                                LSOFBINARY="${BINARY}"
Lines 219-224 Link Here
219
                            maldet)                 LMDBINARY="${BINARY}";             MALWARE_SCANNER_INSTALLED=1;           LogText "  Found known binary: maldet (Linux Malware Detect, malware scanner) - ${BINARY}" ;;
221
                            maldet)                 LMDBINARY="${BINARY}";             MALWARE_SCANNER_INSTALLED=1;           LogText "  Found known binary: maldet (Linux Malware Detect, malware scanner) - ${BINARY}" ;;
220
                            md5)                    MD5BINARY="${BINARY}";             LogText "  Found known binary: md5 (hash tool) - ${BINARY}" ;;
222
                            md5)                    MD5BINARY="${BINARY}";             LogText "  Found known binary: md5 (hash tool) - ${BINARY}" ;;
221
                            md5sum)                 MD5BINARY="${BINARY}";             LogText "  Found known binary: md5sum (hash tool) - ${BINARY}" ;;
223
                            md5sum)                 MD5BINARY="${BINARY}";             LogText "  Found known binary: md5sum (hash tool) - ${BINARY}" ;;
224
                            mdatp)                  MDATPBINARY="${BINARY}";           MALWARE_SCANNER_INSTALLED=1;           LogText "  Found known binary: mdatp (Microsoft Defender ATP, malware scanner) - ${BINARY}" ;;
222
                            modprobe)               MODPROBEBINARY="${BINARY}";        LogText "  Found known binary: modprobe (kernel modules) - ${BINARY}" ;;
225
                            modprobe)               MODPROBEBINARY="${BINARY}";        LogText "  Found known binary: modprobe (kernel modules) - ${BINARY}" ;;
223
                            mount)                  MOUNTBINARY="${BINARY}";           LogText "  Found known binary: mount (disk utility) - ${BINARY}" ;;
226
                            mount)                  MOUNTBINARY="${BINARY}";           LogText "  Found known binary: mount (disk utility) - ${BINARY}" ;;
224
                            mtree)                  MTREEBINARY="${BINARY}";           LogText "  Found known binary: mtree (mapping directory tree) - ${BINARY}" ;;
227
                            mtree)                  MTREEBINARY="${BINARY}";           LogText "  Found known binary: mtree (mapping directory tree) - ${BINARY}" ;;
Lines 285-291 Link Here
285
                            ssh-keyscan)            SSHKEYSCANBINARY="${BINARY}";      LogText "  Found known binary: ssh-keyscan (scanner for SSH keys) - ${BINARY}" ;;
288
                            ssh-keyscan)            SSHKEYSCANBINARY="${BINARY}";      LogText "  Found known binary: ssh-keyscan (scanner for SSH keys) - ${BINARY}" ;;
286
                            suricata)               SURICATABINARY="${BINARY}";        LogText "  Found known binary: suricata (IDS) - ${BINARY}" ;;
289
                            suricata)               SURICATABINARY="${BINARY}";        LogText "  Found known binary: suricata (IDS) - ${BINARY}" ;;
287
                            swapon)                 SWAPONBINARY="${BINARY}";          LogText "  Found known binary: swapon (swap device tool) - ${BINARY}" ;;
290
                            swapon)                 SWAPONBINARY="${BINARY}";          LogText "  Found known binary: swapon (swap device tool) - ${BINARY}" ;;
291
                            svcs)                   SVCSBINARY="${BINARY}" ;           LogText "  Found known binary: svcs (service manager) - ${BINARY}" ;;
288
                            swupd)                  SWUPDBINARY="${BINARY}";           LogText "  Found known binary: swupd (package manager) - ${BINARY}" ;;
292
                            swupd)                  SWUPDBINARY="${BINARY}";           LogText "  Found known binary: swupd (package manager) - ${BINARY}" ;;
293
                            synoavd)                SYNOAVDBINARY=${BINARY};           LogText "  Found known binary: synoavd (Synology AV scanner) - ${BINARY}" ;;
289
                            sysctl)                 SYSCTLBINARY="${BINARY}";          LogText "  Found known binary: sysctl (kernel parameters) - ${BINARY}" ;;
294
                            sysctl)                 SYSCTLBINARY="${BINARY}";          LogText "  Found known binary: sysctl (kernel parameters) - ${BINARY}" ;;
290
                            syslog-ng)              SYSLOGNGBINARY="${BINARY}";        SYSLOGNGVERSION=$(${BINARY} -V 2>&1 | grep "^syslog-ng" | awk '{ print $2 }'); LogText "Found ${BINARY} (version ${SYSLOGNGVERSION})" ;;
295
                            syslog-ng)              SYSLOGNGBINARY="${BINARY}";        SYSLOGNGVERSION=$(${BINARY} -V 2>&1 | grep "^syslog-ng" | awk '{ print $2 }'); LogText "Found ${BINARY} (version ${SYSLOGNGVERSION})" ;;
291
                            systemctl)              SYSTEMCTLBINARY="${BINARY}";       LogText "  Found known binary: systemctl (client to systemd) - ${BINARY}" ;;
296
                            systemctl)              SYSTEMCTLBINARY="${BINARY}";       LogText "  Found known binary: systemctl (client to systemd) - ${BINARY}" ;;
Lines 336-342 Link Here
336
        [ "${AWKBINARY:-}" ] || ExitFatal "awk binary not found"
341
        [ "${AWKBINARY:-}" ] || ExitFatal "awk binary not found"
337
        [ "${CAT_BINARY:-}" ] || ExitFatal "cat binary not found"
342
        [ "${CAT_BINARY:-}" ] || ExitFatal "cat binary not found"
338
        [ "${CUTBINARY:-}" ] || ExitFatal "cut binary not found"
343
        [ "${CUTBINARY:-}" ] || ExitFatal "cut binary not found"
339
        [ "${EGREPBINARY:-}" ] || ExitFatal "grep binary not found"
344
        [ "${EGREPBINARY:-}" ] || ExitFatal "egrep binary not found"
340
        [ "${FINDBINARY:-}" ] || ExitFatal "find binary not found"
345
        [ "${FINDBINARY:-}" ] || ExitFatal "find binary not found"
341
        [ "${GREPBINARY:-}" ] || ExitFatal "grep binary not found"
346
        [ "${GREPBINARY:-}" ] || ExitFatal "grep binary not found"
342
        [ "${HEADBINARY:-}" ] || ExitFatal "head binary not found"
347
        [ "${HEADBINARY:-}" ] || ExitFatal "head binary not found"
(-)lynis-3.0.0/include/consts (-6 / +23 lines)
Lines 6-12 Link Here
6
# ------------------
6
# ------------------
7
#
7
#
8
# Copyright 2007-2013, Michael Boelen
8
# Copyright 2007-2013, Michael Boelen
9
# Copyright 2007-2020, CISOfy
9
# Copyright 2007-2021, CISOfy
10
#
10
#
11
# Website  : https://cisofy.com
11
# Website  : https://cisofy.com
12
# Blog     : http://linux-audit.com
12
# Blog     : http://linux-audit.com
Lines 33-42 Link Here
33
33
34
ETC_PATHS="/etc /usr/local/etc"
34
ETC_PATHS="/etc /usr/local/etc"
35
35
36
# Do not use specific language, fall back to default
37
# Some tools with translated strings are very hard to parse
38
unset LANG
39
40
#
36
#
41
#################################################################################
37
#################################################################################
42
#
38
#
Lines 47-52 Link Here
47
# == Variable initializing ==
43
# == Variable initializing ==
48
#
44
#
49
    APTBINARY=""
45
    APTBINARY=""
46
    APKBINARY=""
50
    ARCH_AUDIT_BINARY=""
47
    ARCH_AUDIT_BINARY=""
51
    AUDITORNAME=""
48
    AUDITORNAME=""
52
    AUDITCTLBINARY=""
49
    AUDITCTLBINARY=""
Lines 62-68 Link Here
62
    APPLICATION_FIREWALL_ACTIVE=0
59
    APPLICATION_FIREWALL_ACTIVE=0
63
    BINARY_SCAN_FINISHED=0
60
    BINARY_SCAN_FINISHED=0
64
    BLKIDBINARY=""
61
    BLKIDBINARY=""
62
    BOOTCTLBINARY=""
65
    CAT_BINARY=""
63
    CAT_BINARY=""
64
    CCBINARY=""
66
    CFAGENTBINARY=""
65
    CFAGENTBINARY=""
67
    CHECK=0
66
    CHECK=0
68
    CHECK_BINARIES=1
67
    CHECK_BINARIES=1
Lines 72-77 Link Here
72
    CLAMCONF_BINARY=""
71
    CLAMCONF_BINARY=""
73
    CLAMSCANBINARY=""
72
    CLAMSCANBINARY=""
74
    CLANGBINARY=""
73
    CLANGBINARY=""
74
    CMDBINARY=""
75
    COLORS=1
75
    COLORS=1
76
    COMPLIANCE_ENABLE_CIS=0
76
    COMPLIANCE_ENABLE_CIS=0
77
    COMPLIANCE_ENABLE_HIPAA=0
77
    COMPLIANCE_ENABLE_HIPAA=0
Lines 85-90 Link Here
85
    CONTROL_URL_PROTOCOL=""
85
    CONTROL_URL_PROTOCOL=""
86
    CONTAINER_TYPE=""
86
    CONTAINER_TYPE=""
87
    CREATE_REPORT_FILE=1
87
    CREATE_REPORT_FILE=1
88
    CRYPTSETUPBINARY=""
88
    CSUMBINARY=""
89
    CSUMBINARY=""
89
    CURRENT_TS=0
90
    CURRENT_TS=0
90
    CUSTOM_URL_APPEND=""
91
    CUSTOM_URL_APPEND=""
Lines 103-114 Link Here
103
    DISCOVERED_BINARIES=""
104
    DISCOVERED_BINARIES=""
104
    DMIDECODEBINARY=""
105
    DMIDECODEBINARY=""
105
    DNFBINARY=""
106
    DNFBINARY=""
107
    DNSDOMAINNAMEBINARY=""
106
    DOCKERBINARY=""
108
    DOCKERBINARY=""
107
    DOCKER_DAEMON_RUNNING=0
109
    DOCKER_DAEMON_RUNNING=0
108
    DPKGBINARY=""
110
    DPKGBINARY=""
109
    ECHOCMD=""
111
    ECHOCMD=""
110
    ERROR_ON_WARNINGS=0
112
    ERROR_ON_WARNINGS=0
111
    EQUERYBINARY=""
113
    EQUERYBINARY=""
114
    EVMCTLBINARY=""
112
    EXIMBINARY=""
115
    EXIMBINARY=""
113
    FAIL2BANBINARY=""
116
    FAIL2BANBINARY=""
114
    FILEBINARY=""
117
    FILEBINARY=""
Lines 117-122 Link Here
117
    FIREWALL_ACTIVE=0
120
    FIREWALL_ACTIVE=0
118
    FOUNDPATH=0
121
    FOUNDPATH=0
119
    FORENSICS_MODE=0
122
    FORENSICS_MODE=0
123
    GCCBINARY=""
120
    GETENT_BINARY=""
124
    GETENT_BINARY=""
121
    GRADMBINARY=""
125
    GRADMBINARY=""
122
    GREPBINARY="grep"
126
    GREPBINARY="grep"
Lines 130-139 Link Here
130
    HEADBINARY=""
134
    HEADBINARY=""
131
    HELPER=""
135
    HELPER=""
132
    HOSTID=""
136
    HOSTID=""
137
    HOSTID_GEN="unknown"
133
    HOSTID2=""
138
    HOSTID2=""
139
    HOSTID2_GEN="unknown"
134
    HTTPDBINARY=""
140
    HTTPDBINARY=""
135
    IDS_IPS_TOOL_FOUND=0
141
    IDS_IPS_TOOL_FOUND=0
136
    IFCONFIGBINARY=""
142
    IFCONFIGBINARY=""
143
    INTEGRITYSETUPBINARY=""
137
    IPBINARY=""
144
    IPBINARY=""
138
    IPFBINARY=""
145
    IPFBINARY=""
139
    IPTABLESBINARY=""
146
    IPTABLESBINARY=""
Lines 144-149 Link Here
144
    LICENSE_KEY=""
151
    LICENSE_KEY=""
145
    LICENSE_SERVER=""
152
    LICENSE_SERVER=""
146
    LINUX_VERSION=""
153
    LINUX_VERSION=""
154
    LINUX_VERSION_LIKE=""
147
    LINUXCONFIGFILE=""
155
    LINUXCONFIGFILE=""
148
    LMDBINARY=""
156
    LMDBINARY=""
149
    LMDFOUND=0
157
    LMDFOUND=0
Lines 152-157 Link Here
152
    LOGDIR=""
160
    LOGDIR=""
153
    LOGROTATEBINARY=""
161
    LOGROTATEBINARY=""
154
    LOGTEXT=1
162
    LOGTEXT=1
163
    LSBLKBINARY=""
155
    LSMODBINARY=""
164
    LSMODBINARY=""
156
    LSOFBINARY=""
165
    LSOFBINARY=""
157
    LSOF_EXTRA_OPTIONS=""
166
    LSOF_EXTRA_OPTIONS=""
Lines 195-200 Link Here
195
    NGINX_RETURN_FOUND=0
204
    NGINX_RETURN_FOUND=0
196
    NGINX_ROOT_FOUND=0
205
    NGINX_ROOT_FOUND=0
197
    NGINX_WEAK_SSL_PROTOCOL_FOUND=0
206
    NGINX_WEAK_SSL_PROTOCOL_FOUND=0
207
    NTPCTLBINARY=""
198
    NTPD_ROLE=""
208
    NTPD_ROLE=""
199
    NTPQBINARY=""
209
    NTPQBINARY=""
200
    OPENSSLBINARY=""
210
    OPENSSLBINARY=""
Lines 208-213 Link Here
208
    OS_REDHAT_OR_CLONE=0
218
    OS_REDHAT_OR_CLONE=0
209
    OSIRISBINARY=""
219
    OSIRISBINARY=""
210
    PACMANBINARY=""
220
    PACMANBINARY=""
221
    PAM_PASSWORD_PWHISTORY_AMOUNT=""
211
    PASSWORD_MAXIMUM_DAYS=-1
222
    PASSWORD_MAXIMUM_DAYS=-1
212
    PASSWORD_MINIMUM_DAYS=-1
223
    PASSWORD_MINIMUM_DAYS=-1
213
    PAM_2F_AUTH_ENABLED=0
224
    PAM_2F_AUTH_ENABLED=0
Lines 228-234 Link Here
228
    PLUGINDIR=""
239
    PLUGINDIR=""
229
    PLUGIN_PHASE=0
240
    PLUGIN_PHASE=0
230
    POSTFIXBINARY=""
241
    POSTFIXBINARY=""
231
    POSTGRES_RUNNING=0
242
    POSTGRESQL_RUNNING=0
232
    PREVIOUS_TEST="No test ID"
243
    PREVIOUS_TEST="No test ID"
233
    PREVIOUS_TS=0
244
    PREVIOUS_TS=0
234
    PROFILES=""
245
    PROFILES=""
Lines 242-247 Link Here
242
    REFRESH_REPOSITORIES=1
253
    REFRESH_REPOSITORIES=1
243
    REMOTE_LOGGING_ENABLED=0
254
    REMOTE_LOGGING_ENABLED=0
244
    RESOLV_DOMAINNAME=""
255
    RESOLV_DOMAINNAME=""
256
    RESOLVECTLBINARY=""
245
    RKHUNTERBINARY=""
257
    RKHUNTERBINARY=""
246
    ROOTDIR="/"
258
    ROOTDIR="/"
247
    ROOTSHBINARY=""
259
    ROOTSHBINARY=""
Lines 277-284 Link Here
277
    SKIP_VM_DETECTION=0
289
    SKIP_VM_DETECTION=0
278
    SKIPREASON=""
290
    SKIPREASON=""
279
    SKIPPED_TESTS_ROOTONLY=""
291
    SKIPPED_TESTS_ROOTONLY=""
292
    SLOW_TEST_THRESHOLD=10
280
    SMTPCTLBINARY=""
293
    SMTPCTLBINARY=""
281
    SNORTBINARY=""
294
    SNORTBINARY=""
295
    SSBINARY=""
282
    SSHKEYSCANBINARY=""
296
    SSHKEYSCANBINARY=""
283
    SSHKEYSCANFOUND=0
297
    SSHKEYSCANFOUND=0
284
    SSL_CERTIFICATE_INCLUDE_PACKAGES=0
298
    SSL_CERTIFICATE_INCLUDE_PACKAGES=0
Lines 288-293 Link Here
288
    SWUPDBINARY=""
302
    SWUPDBINARY=""
289
    SYSLOGNGBINARY=""
303
    SYSLOGNGBINARY=""
290
    SYSTEMCTLBINARY=""
304
    SYSTEMCTLBINARY=""
305
    SYSTEMDANALYZEBINARY=""
291
    SYSTEM_IS_NOTEBOOK=255
306
    SYSTEM_IS_NOTEBOOK=255
292
    TEMP_FILE=""
307
    TEMP_FILE=""
293
    TEMP_FILES=""
308
    TEMP_FILES=""
Lines 297-302 Link Here
297
    TEST_GROUP_TO_CHECK="all"
312
    TEST_GROUP_TO_CHECK="all"
298
    TESTS_EXECUTED=""
313
    TESTS_EXECUTED=""
299
    TESTS_SKIPPED=""
314
    TESTS_SKIPPED=""
315
    TIMEDATECTL=""
300
    TMPFILE=""
316
    TMPFILE=""
301
    TOMOYOINITBINARY=""
317
    TOMOYOINITBINARY=""
302
    TOOLTIP_SHOWED=0
318
    TOOLTIP_SHOWED=0
Lines 322-327 Link Here
322
    USBGUARD_ROOT=""
338
    USBGUARD_ROOT=""
323
    VALUE=""
339
    VALUE=""
324
    VERBOSE=0
340
    VERBOSE=0
341
    VERITYSETUPBINARY=""
325
    VGDISPLAYBINARY=""
342
    VGDISPLAYBINARY=""
326
    VMTYPE=""
343
    VMTYPE=""
327
    VULNERABLE_PACKAGES_FOUND=0
344
    VULNERABLE_PACKAGES_FOUND=0
(-)lynis-3.0.0/include/data_upload (-1 / +1 lines)
Lines 6-12 Link Here
6
# ------------------
6
# ------------------
7
#
7
#
8
# Copyright 2007-2013, Michael Boelen
8
# Copyright 2007-2013, Michael Boelen
9
# Copyright 2007-2020, CISOfy
9
# Copyright 2007-2021, CISOfy
10
#
10
#
11
# Website  : https://cisofy.com
11
# Website  : https://cisofy.com
12
# Blog     : http://linux-audit.com
12
# Blog     : http://linux-audit.com
(-)lynis-3.0.0/include/functions (-58 / +128 lines)
Lines 6-12 Link Here
6
# ------------------
6
# ------------------
7
#
7
#
8
# Copyright 2007-2013, Michael Boelen
8
# Copyright 2007-2013, Michael Boelen
9
# Copyright 2007-2020, CISOfy
9
# Copyright 2007-2021, CISOfy
10
#
10
#
11
# Website  : https://cisofy.com
11
# Website  : https://cisofy.com
12
# Blog     : http://linux-audit.com
12
# Blog     : http://linux-audit.com
Lines 38-44 Link Here
38
#    DigitsOnly                 Return only the digits from a string
38
#    DigitsOnly                 Return only the digits from a string
39
#    DirectoryExists            Check if a directory exists on the disk
39
#    DirectoryExists            Check if a directory exists on the disk
40
#    DiscoverProfiles           Determine available profiles on system
40
#    DiscoverProfiles           Determine available profiles on system
41
#    Display                    Output text to screen with colors and identation
41
#    Display                    Output text to screen with colors and indentation
42
#    DisplayError               Show an error on screen
42
#    DisplayError               Show an error on screen
43
#    DisplayException           Show an exception on screen
43
#    DisplayException           Show an exception on screen
44
#    DisplayManual              Output text to screen without any layout
44
#    DisplayManual              Output text to screen without any layout
Lines 899-918 Link Here
899
    ################################################################################
899
    ################################################################################
900
900
901
    GetHostID() {
901
    GetHostID() {
902
903
        if [ ${SKIP_GETHOSTID} -eq 1 ]; then
902
        if [ ${SKIP_GETHOSTID} -eq 1 ]; then
903
            Debug "Skipping HostID generation due to SKIP_GETHOSTID"
904
            return 2
904
            return 2
905
        fi
905
        fi
906
906
907
        if [ -n "${HOSTID}" -a -n "${HOSTID2}" ]; then
907
        if [ -n "${HOSTID}" -a -n "${HOSTID2}" ]; then
908
            Debug "Skipping creation of host identifiers, as they are already configured (via profile)"
908
            Debug "Skipping creation of host identifiers, as they are already configured (via profile)"
909
            HOSTID_GEN="profile"
909
            return 2
910
            return 2
910
        fi
911
        fi
911
912
912
        if [ -f "${ROOTDIR}etc/lynis/hostids" ]; then
913
        if [ -f "${ROOTDIR}etc/lynis/hostids" ]; then
913
            Debug "Used hostids file to fetch values"
914
            HOSTID=$(grep "^hostid=" ${ROOTDIR}etc/lynis/hostids | awk -F= '{print $2}')
914
            HOSTID=$(grep "^hostid=" ${ROOTDIR}etc/lynis/hostids | awk -F= '{print $2}')
915
            HOSTID2=$(grep "^hostid2=" ${ROOTDIR}etc/lynis/hostids | awk -F= '{print $2}')
915
            HOSTID2=$(grep "^hostid2=" ${ROOTDIR}etc/lynis/hostids | awk -F= '{print $2}')
916
            Debug "Used hostids file to fetch values"
917
            HOSTID_GEN="hostids-file"
916
            return 0
918
            return 0
917
        fi
919
        fi
918
920
Lines 940-946 Link Here
940
        fi
942
        fi
941
943
942
        if [ ! "${SHA1SUMBINARY}" = "" -o ! "${OPENSSLBINARY}" = "" -o ! "${CSUMBINARY}" = "" ]; then
944
        if [ ! "${SHA1SUMBINARY}" = "" -o ! "${OPENSSLBINARY}" = "" -o ! "${CSUMBINARY}" = "" ]; then
943
945
            LogText "Info: found hashing tool, start generation of HostID"
944
            case "${OS}" in
946
            case "${OS}" in
945
947
946
                "AIX")
948
                "AIX")
Lines 988-1002 Link Here
988
                ;;
990
                ;;
989
991
990
                "Linux")
992
                "Linux")
993
                    # Try fetching information from /sys in case 'ip' is not available or does not give expected results
994
                    if IsEmpty "${FIND}" && [ -d /sys/class/net ]; then
995
                        NET_INTERFACES=$(${FINDBINARY} /sys/class/net ! -type d -exec realpath {} \; 2> /dev/null | sort | awk -F'/' '!/virtual/ && /devices/ {for (x=1;x<=NF;x++) if ($x~"net") print $(x+1)}')
996
                        for INTERFACE in ${NET_INTERFACES}; do
997
                            if grep -q -s 'up' "/sys/class/net/${INTERFACE}/operstate"; then
998
                                LogText "Interface '${INTERFACE}' is up, fetching MAC address"
999
                                FIND=$(head -1 "/sys/class/net/${INTERFACE}/address" | tr '[:upper:]' '[:lower:]')
1000
                                if HasData "${FIND}"; then
1001
                                    HOSTID_GEN="linux-sys-interface-up"
1002
                                    break
1003
                                fi
1004
                            fi
1005
                        done
1006
                    fi
991
1007
992
                    # Future change
1008
                    # Next is to try ip, as it is available to most modern Linux distributions
993
                    # Show brief output of ip of links that are UP. Filter out items like 'UNKNOWN' in col 2
1009
                    if IsEmpty "${FIND}" && [ -n "${IPBINARY}" ]; then
994
                    # Using the {2} syntax does not work on all systems
1010
                        LogText "Info: trying output from 'ip' to generate HostID"
995
                    # ip -br link show up | sort | awk '$2=="UP" && $3 ~ /^[a-f0-9][a-f0-9]:/ {print $3}'
1011
                        # Determine if we have the common available eth0 interface. If so, give that priority.
1012
                        # Note: apply sorting in case there would be multiple MAC addresses linked to increase predictable end result
1013
                        FIND=$(${IPBINARY} addr show eth0 2> /dev/null | grep -E "link/ether " | awk '{ print $2 }' | tr '[:upper:]' '[:lower:]' | sort | head -1)
1014
                        if HasData "${FIND}"; then
1015
                            HOSTID_GEN="linux-ip-interface-eth0"
1016
                        else
1017
                            # If eth0 does not exist, which is also common, then trying the next option:
1018
                            # 1) First fetch all links that are UP
1019
                            # 2) Filter entries that have a MAC address and filter out Docker related MAC addresses starting with '02:42:'
1020
                            # 3) Convert everything to lowercase
1021
                            # 4) Sort the entries, so that the output is more predictable between runs when the same interfaces are available
1022
                            # 5) Select first entry
1023
                            FIND=$(${IPBINARY} -family link addr show up 2> /dev/null | awk '{if($1=="link/ether" && $2 !~ "^02:42:"){print $2}}' | tr '[:upper:]' '[:lower:]' | sort | head -1)
1024
                            if HasData "${FIND}"; then
1025
                                HOSTID_GEN="linux-ip-interface-up-other"
1026
                            else
1027
                                ReportException "GetHostID" "Can't create hostid (no MAC addresses found)"
1028
                            fi
1029
                        fi
1030
                    fi
996
1031
997
                    # Use ifconfig
1032
                    # Finally try ifconfig
998
                    if [ -n "${IFCONFIGBINARY}" ]; then
1033
                    if IsEmpty "${FIND}" && [ -n "${IFCONFIGBINARY}" ]; then
999
                        # Determine if we have the eth0 interface (not all Linux distro have this, e.g. Arch)
1034
                        LogText "Info: no information found from 'ip' or in /sys, trying output from 'ifconfig'"
1035
                        # Determine if we have the eth0 interface (not all Linux distributions have this, e.g. Arch)
1000
                        HASETH0=$(${IFCONFIGBINARY} | grep "^eth0")
1036
                        HASETH0=$(${IFCONFIGBINARY} | grep "^eth0")
1001
                        # Check if we can find it with HWaddr on the line
1037
                        # Check if we can find it with HWaddr on the line
1002
                        FIND=$(${IFCONFIGBINARY} 2> /dev/null | grep "^eth0" | grep -v "eth0:" | grep HWaddr | awk '{ print $5 }' | tr '[:upper:]' '[:lower:]')
1038
                        FIND=$(${IFCONFIGBINARY} 2> /dev/null | grep "^eth0" | grep -v "eth0:" | grep HWaddr | awk '{ print $5 }' | tr '[:upper:]' '[:lower:]')
Lines 1009-1050 Link Here
1009
                                # If not, then falling back to getting first interface. Better than nothing.
1045
                                # If not, then falling back to getting first interface. Better than nothing.
1010
                                if HasData "${HASETH0}"; then
1046
                                if HasData "${HASETH0}"; then
1011
                                    FIND=$(${IFCONFIGBINARY} eth0 2> /dev/null | grep "ether " | awk '{ print $2 }' | tr '[:upper:]' '[:lower:]')
1047
                                    FIND=$(${IFCONFIGBINARY} eth0 2> /dev/null | grep "ether " | awk '{ print $2 }' | tr '[:upper:]' '[:lower:]')
1048
                                    if HasData "${FIND}"; then
1049
                                        HOSTID_GEN="linux-ifconfig-interface-eth0-ether"
1050
                                    fi
1012
                                else
1051
                                else
1013
                                    FIND=$(${IFCONFIGBINARY} 2> /dev/null | grep "ether " | awk '{ print $2 }' | head -1 | tr '[:upper:]' '[:lower:]')
1052
                                    FIND=$(${IFCONFIGBINARY} 2> /dev/null | grep "ether " | awk '{ print $2 }' | head -1 | tr '[:upper:]' '[:lower:]')
1014
                                    if IsEmpty "${FIND}"; then
1053
                                    if IsEmpty "${FIND}"; then
1015
                                        ReportException "GetHostID" "No eth0 found (and no ether was found with ifconfig)"
1054
                                        ReportException "GetHostID" "No eth0 found (and no ether was found with ifconfig)"
1016
                                    else
1055
                                    else
1017
                                        LogText "Result: No eth0 found (ether found), using first network interface to determine hostid (with ifconfig)"
1056
                                        HOSTID_GEN="linux-ifconfig-interface-first-ether"
1057
                                        LogText "Result: No eth0 found (but ether found), using first network interface to determine hostid (with ifconfig)"
1018
                                    fi
1058
                                    fi
1019
                                fi
1059
                                fi
1020
                            else
1060
                            else
1021
                                FIND=$(${IFCONFIGBINARY} 2> /dev/null | grep HWaddr | head -1 | awk '{ print $5 }' | tr '[:upper:]' '[:lower:]')
1061
                                FIND=$(${IFCONFIGBINARY} 2> /dev/null | grep HWaddr | head -1 | awk '{ print $5 }' | tr '[:upper:]' '[:lower:]')
1022
                                LogText "GetHostID: No eth0 found (but HWaddr was found), using first network interface to determine hostid, with ifconfig"
1062
                                HOSTID_GEN="linux-ifconfig-interface-first-hwaddr"
1023
                            fi
1063
                            fi
1064
                        else
1065
                            HOSTID_GEN="linux-ifconfig-interface-eth0-hwaddr"
1024
                        fi
1066
                        fi
1025
1026
                    elif [ -n "${IPBINARY}" ]; then
1027
                        # Determine if we have the common available eth0 interface
1028
                        FIND=$(${IPBINARY} addr show eth0 2> /dev/null | grep -E "link/ether " | head -1 | awk '{ print $2 }' | tr '[:upper:]' '[:lower:]')
1029
                        if IsEmpty "${FIND}"; then
1030
                            # Determine the MAC address of first interface with the ip command
1031
                            FIND=$(${IPBINARY} addr show 2> /dev/null | grep -E "link/ether " | head -1 | awk '{ print $2 }' | tr '[:upper:]' '[:lower:]')
1032
                            if IsEmpty "${FIND}"; then
1033
                                ReportException "GetHostID" "Can't create hostid (no MAC addresses found)"
1034
                            fi
1035
                        fi
1036
                    else
1037
                        ReportException "GetHostID" "Both ip and ifconfig tools are missing"
1038
1039
                    fi
1067
                    fi
1040
1068
1041
                    # Check if we found a HostID
1069
                    # Check if we found a MAC address to generate the HostID
1042
                    if HasData "${FIND}"; then
1070
                    if HasData "${FIND}"; then
1043
                        LogText "Info: using hardware address ${FIND} to create ID"
1071
                        LogText "Info: using hardware address '${FIND}' to create HostID"
1044
                        HOSTID=$(echo ${FIND} | ${SHA1SUMBINARY} | awk '{ print $1 }')
1072
                        HOSTID=$(echo ${FIND} | ${SHA1SUMBINARY} | awk '{ print $1 }')
1045
                        LogText "Result: Found HostID: ${HOSTID}"
1073
                        LogText "Result: Found HostID: ${HOSTID}"
1046
                    else
1074
                    else
1047
                        ReportException "GetHostID" "Can't create HOSTID, command ip not found"
1075
                        ReportException "GetHostID" "HostID could not be generated"
1048
                    fi
1076
                    fi
1049
                ;;
1077
                ;;
1050
1078
Lines 1089-1113 Link Here
1089
                ;;
1117
                ;;
1090
1118
1091
                "Solaris")
1119
                "Solaris")
1092
                    INTERFACES_TO_TEST="e1000g1 net0"
1120
                    INTERFACES_TO_TEST="net0 e1000g1 e1000g0"
1093
                    FOUND=0
1121
                    FOUND=0
1094
                    for I in ${INTERFACES_TO_TEST}; do
1122
                    for I in ${INTERFACES_TO_TEST}; do
1095
                         FIND=$(${IFCONFIGBINARY} -a | grep "^${I}")
1123
                         FIND=$(${IFCONFIGBINARY} -a | grep "^${I}")
1096
                         if [ ! "${FIND}" = "" ]; then
1124
                         if [ ! "${FIND}" = "" ]; then
1097
                             FOUND=1; LogText "Found interface ${I} on Solaris"
1125
                             FOUND=1; LogText "Found interface ${I} on Solaris"
1126
                             break
1098
                         fi
1127
                         fi
1099
                    done
1128
                    done
1100
                    if [ ${FOUND} -eq 1 ]; then
1129
                    if [ ${FOUND} -eq 1 ]; then
1101
                        FIND=$(${IFCONFIGBINARY} ${I} | grep ether | awk '{ if ($1=="ether") { print $2 }}')
1130
                        FIND=$(${IFCONFIGBINARY} ${I} | grep ether | awk '{ if ($1=="ether") { print $2 }}')
1102
                        if [ ! "${SHA1SUMBINARY}" = "" ]; then
1131
                        if [ -n "${SHA1SUMBINARY}" ]; then
1103
                            HOSTID=$(echo ${FIND} | ${SHA1SUMBINARY} | awk '{ print $1 }')
1132
                            HOSTID=$(echo ${FIND} | ${SHA1SUMBINARY} | awk '{ print $1 }')
1104
                        elif [ ! "${OPENSSLBINARY}" = "" ]; then
1133
                        elif [ -n "${OPENSSLBINARY}" ]; then
1105
                            HOSTID=$(echo ${FIND} | ${OPENSSLBINARY} sha -sha1 | awk '{ print $2 }')
1134
                            HOSTID=$(echo ${FIND} | ${OPENSSLBINARY} sha -sha1 | awk '{ print $2 }')
1106
                        else
1135
                        else
1107
                            ReportException "GetHostID" "Can not find sha1/sha1sum or openssl"
1136
                            ReportException "GetHostID" "Can not find sha1/sha1sum or openssl"
1108
                        fi
1137
                        fi
1109
                    else
1138
                    else
1110
                        ReportException "GetHostID" "No interface found op Solaris to create HostID"
1139
                        ReportException "GetHostID" "No interface found on Solaris to create HostID"
1111
                    fi
1140
                    fi
1112
                ;;
1141
                ;;
1113
1142
Lines 1115-1122 Link Here
1115
                        ReportException "GetHostID" "Can't create HOSTID as OS is not supported yet by this function"
1144
                        ReportException "GetHostID" "Can't create HOSTID as OS is not supported yet by this function"
1116
                ;;
1145
                ;;
1117
            esac
1146
            esac
1147
1118
            # Remove HOSTID if it contains a default MAC address with a related hash value
1148
            # Remove HOSTID if it contains a default MAC address with a related hash value
1119
            if [ ! "${HOSTID}" = "" ]; then
1149
            if [ -n "${HOSTID}" ]; then
1120
                for CHECKHASH in ${BLACKLISTED_HASHES}; do
1150
                for CHECKHASH in ${BLACKLISTED_HASHES}; do
1121
                    if [ "${CHECKHASH}" = "${HOSTID}" ]; then
1151
                    if [ "${CHECKHASH}" = "${HOSTID}" ]; then
1122
                        LogText "Result: hostid is a blacklisted value"
1152
                        LogText "Result: hostid is a blacklisted value"
Lines 1124-1129 Link Here
1124
                    fi
1154
                    fi
1125
                done
1155
                done
1126
            fi
1156
            fi
1157
1127
        else
1158
        else
1128
            ReportException "GetHostID" "Can't create HOSTID as there is no SHA1 hash tool available (sha1, sha1sum, openssl)"
1159
            ReportException "GetHostID" "Can't create HOSTID as there is no SHA1 hash tool available (sha1, sha1sum, openssl)"
1129
        fi
1160
        fi
Lines 1151-1156 Link Here
1151
                            if [ -n "${SHA1SUMBINARY}" ]; then
1182
                            if [ -n "${SHA1SUMBINARY}" ]; then
1152
                                HOSTID=$(${SHA1SUMBINARY} /etc/ssh/${I} | awk '{ print $1 }')
1183
                                HOSTID=$(${SHA1SUMBINARY} /etc/ssh/${I} | awk '{ print $1 }')
1153
                                LogText "result: Created HostID with SSH key ($I): ${HOSTID}"
1184
                                LogText "result: Created HostID with SSH key ($I): ${HOSTID}"
1185
                                HOSTID_GEN="fallback-ssh-public-key"
1154
                            else
1186
                            else
1155
                                ReportException "GetHostID" "Can't create HOSTID with SSH key, as sha1sum binary is missing"
1187
                                ReportException "GetHostID" "Can't create HOSTID with SSH key, as sha1sum binary is missing"
1156
                            fi
1188
                            fi
Lines 1162-1170 Link Here
1162
            fi
1194
            fi
1163
        fi
1195
        fi
1164
1196
1165
        # New style host ID
1197
        # Generation of HostID version 2
1166
        if [ "${HOSTID2}" = "" ]; then
1198
        if [ -z "${HOSTID2}" ]; then
1167
            LogText "Info: creating a HostID (version 2)"
1199
            LogText "Info: start generation of HostID (version 2)"
1168
            FOUND=0
1200
            FOUND=0
1169
            DATA_SSH=""
1201
            DATA_SSH=""
1170
            # Use public keys
1202
            # Use public keys
Lines 1173-1179 Link Here
1173
                for I in ${SSH_KEY_FILES}; do
1205
                for I in ${SSH_KEY_FILES}; do
1174
                    if [ ${FOUND} -eq 0 ]; then
1206
                    if [ ${FOUND} -eq 0 ]; then
1175
                        if [ -f /etc/ssh/${I} ]; then
1207
                        if [ -f /etc/ssh/${I} ]; then
1176
                            LogText "Result: found file ${I} in /etc/ssh, using that to create host identifier"
1208
                            LogText "Result: found file ${I} in /etc/ssh, using that as candidate to create hostid2"
1177
                            DATA_SSH=$(cat /etc/ssh/${I})
1209
                            DATA_SSH=$(cat /etc/ssh/${I})
1178
                            FOUND=1
1210
                            FOUND=1
1179
                        fi
1211
                        fi
Lines 1185-1205 Link Here
1185
1217
1186
            STRING_TO_HASH=""
1218
            STRING_TO_HASH=""
1187
            if [ ${FOUND} -eq 1 -a -n "${DATA_SSH}" ]; then
1219
            if [ ${FOUND} -eq 1 -a -n "${DATA_SSH}" ]; then
1188
                LogText "Using SSH public key to create the second host identifier"
1220
                LogText "Using SSH public key to create hostid2"
1189
                STRING_TO_HASH="${DATA_SSH}"
1221
                STRING_TO_HASH="${DATA_SSH}"
1222
                HOSTID2_GEN="ssh-public-key"
1190
            else
1223
            else
1191
                if [ -n "${MACHINEID}" ]; then
1224
                if [ -n "${MACHINEID}" ]; then
1192
                    LogText "Using the machine ID to create the second host identifier"
1225
                    LogText "Using the machine ID to create hostid2"
1193
                    STRING_TO_HASH="${MACHINEID}"
1226
                    STRING_TO_HASH="${MACHINEID}"
1227
                    HOSTID2_GEN="machine-id"
1194
                fi
1228
                fi
1195
            fi
1229
            fi
1196
            # Check if we have a string to turn into a host identifier
1230
            # Check if we have a string to turn into a host identifier
1197
            if [ -n "${STRING_TO_HASH}" ]; then
1231
            if [ -n "${STRING_TO_HASH}" ]; then
1198
                # Create hashes
1232
                # Create hashes
1199
                if [ ! "${SHA256SUMBINARY}" = "" ]; then
1233
                if [ -n "${SHA256SUMBINARY}" ]; then
1200
                    HASH2=$(echo ${STRING_TO_HASH} | ${SHA256SUMBINARY} | awk '{ print $1 }')
1234
                    HASH2=$(echo ${STRING_TO_HASH} | ${SHA256SUMBINARY} | awk '{ print $1 }')
1201
                    HASH_HOSTNAME=$(echo ${HOSTNAME} | ${SHA256SUMBINARY} | awk '{ print $1 }')
1235
                    HASH_HOSTNAME=$(echo ${HOSTNAME} | ${SHA256SUMBINARY} | awk '{ print $1 }')
1202
                elif [ ! "${OPENSSLBINARY}" = "" ]; then
1236
                elif [ -n "${OPENSSLBINARY}" ]; then
1203
                    HASH2=$(echo ${STRING_TO_HASH} | ${OPENSSLBINARY} dgst -${OPENSSL_HASHTYPE} | awk '{ print $2 }')
1237
                    HASH2=$(echo ${STRING_TO_HASH} | ${OPENSSLBINARY} dgst -${OPENSSL_HASHTYPE} | awk '{ print $2 }')
1204
                    HASH_HOSTNAME=$(echo ${HOSTNAME} | ${OPENSSLBINARY} dgst -${OPENSSL_HASHTYPE} | awk '{ print $2 }')
1238
                    HASH_HOSTNAME=$(echo ${HOSTNAME} | ${OPENSSLBINARY} dgst -${OPENSSL_HASHTYPE} | awk '{ print $2 }')
1205
                fi
1239
                fi
Lines 1272-1277 Link Here
1272
        if [ $# -ne 2 ]; then Fatal "Incorrect usage of HasCorrectFilePermissions"; fi
1306
        if [ $# -ne 2 ]; then Fatal "Incorrect usage of HasCorrectFilePermissions"; fi
1273
        CHECKFILE="$1"
1307
        CHECKFILE="$1"
1274
        CHECKPERMISSION_FULL="$2"
1308
        CHECKPERMISSION_FULL="$2"
1309
        # Check for symlink
1310
        if [ -L ${CHECKFILE} ]; then
1311
            ShowSymlinkPath ${CHECKFILE}
1312
            if [ ! "${SYMLINK}" = "" ]; then CHECKFILE="${SYMLINK}"; fi
1313
        fi
1275
        if [ ! -d ${CHECKFILE} -a ! -f ${CHECKFILE} ]; then
1314
        if [ ! -d ${CHECKFILE} -a ! -f ${CHECKFILE} ]; then
1276
            return 2
1315
            return 2
1277
        else
1316
        else
Lines 1286-1296 Link Here
1286
                CHECK_PERMISSION=$(echo "${CHECK_PERMISSION}" | ${AWKBINARY} '{printf "%03d",$1}')
1325
                CHECK_PERMISSION=$(echo "${CHECK_PERMISSION}" | ${AWKBINARY} '{printf "%03d",$1}')
1287
1326
1288
                # First try stat command
1327
                # First try stat command
1289
                LogText "Test: checking if file ${CHECKFILE} has the permissions set to ${CHECK_PERMISSION} or more restrictive"
1328
                LogText "Test: checking if file ${CHECKFILE} has the permissions set to ${CHECK_PERMISSION} (${CHECKPERMISSION_FULL}) or more restrictive"
1290
                if [ -n "${STATBINARY}" ]; then
1329
                if [ -n "${STATBINARY}" ]; then
1291
1292
                    case ${OS} in
1330
                    case ${OS} in
1293
                        *BSD)
1331
                        *BSD | "macOS")
1332
                            # BSD and macOS have no --format, only short notation
1294
                            DATA=$(${STATBINARY} -f "%OLp" ${CHECKFILE})
1333
                            DATA=$(${STATBINARY} -f "%OLp" ${CHECKFILE})
1295
                        ;;
1334
                        ;;
1296
                        *)
1335
                        *)
Lines 1353-1359 Link Here
1353
                fi
1392
                fi
1354
            done
1393
            done
1355
1394
1356
            LogText "Outcome: permissions of file ${CHECKFILE} are not matching expected value (${DATA} != ${CHECKPERMISSION_FULL})"
1395
            LogText "Outcome: permissions of file ${CHECKFILE} are not matching expected value (${DATA} != ${CHECK_PERMISSION})"
1357
            # No match, return exit code 1
1396
            # No match, return exit code 1
1358
            return 1
1397
            return 1
1359
        fi
1398
        fi
Lines 1546-1553 Link Here
1546
1585
1547
        if [ -z "${search}" ]; then ExitFatal "Missing process to search for when using IsRunning function"; fi
1586
        if [ -z "${search}" ]; then ExitFatal "Missing process to search for when using IsRunning function"; fi
1548
        RUNNING=0
1587
        RUNNING=0
1549
        # AIX does not fully support pgrep options, so using ps instead
1588
        if [ -x "${PGREPBINARY}" ] && [ "${OS}" != "AIX" ]; then
1550
        if [ "${OS}" != "AIX" ]; then
1551
            # When --user is used, perform a search using the -u option
1589
            # When --user is used, perform a search using the -u option
1552
            # Initialize users for strict mode
1590
            # Initialize users for strict mode
1553
            if [ -n "${users:-}" ]; then
1591
            if [ -n "${users:-}" ]; then
Lines 1968-1974 Link Here
1968
        if [ $# -eq 0 ]; then ExitFatal "Missing parameter when calling IsWorldWritable function"; fi
2006
        if [ $# -eq 0 ]; then ExitFatal "Missing parameter when calling IsWorldWritable function"; fi
1969
        sFILE=$1
2007
        sFILE=$1
1970
        FileIsWorldWritable=""
2008
        FileIsWorldWritable=""
1971
2009
        # Check for symlink
2010
        if [ -L ${sFILE} ]; then
2011
            ShowSymlinkPath ${sFILE}
2012
            if [ ! "${SYMLINK}" = "" ]; then sFILE="${SYMLINK}"; fi
2013
        fi
1972
        # Only check if target is a file or directory
2014
        # Only check if target is a file or directory
1973
        if [ -f ${sFILE} -o -d ${sFILE} ]; then
2015
        if [ -f ${sFILE} -o -d ${sFILE} ]; then
1974
            FINDVAL=$(ls -ld ${sFILE} | cut -c 9)
2016
            FINDVAL=$(ls -ld ${sFILE} | cut -c 9)
Lines 2056-2061 Link Here
2056
        elif [ -n "${XBPSBINARY}" ]; then
2098
        elif [ -n "${XBPSBINARY}" ]; then
2057
            output=$(${XBPSBINARY} ${package} 2> /dev/null | ${GREPBINARY} "^ii")
2099
            output=$(${XBPSBINARY} ${package} 2> /dev/null | ${GREPBINARY} "^ii")
2058
            exit_code=$?
2100
            exit_code=$?
2101
        elif [ -n "${APKBINARY}" ]; then
2102
            output=$(${APKBINARY} search ${package} 2> /dev/null | ${GREPBINARY} ${package})
2103
            exit_code=$?
2059
        else
2104
        else
2060
            if [ "${package}" != "__dummy__" ]; then
2105
            if [ "${package}" != "__dummy__" ]; then
2061
                ReportException "PackageIsInstalled:01 (test=${TEST_NO:-unknown})"
2106
                ReportException "PackageIsInstalled:01 (test=${TEST_NO:-unknown})"
Lines 2179-2185 Link Here
2179
        for I in ${FIND}; do
2224
        for I in ${FIND}; do
2180
            I=$(echo ${I} | sed 's/:space:/ /g' | sed 's/;$//' | sed 's/ #.*$//')
2225
            I=$(echo ${I} | sed 's/:space:/ /g' | sed 's/;$//' | sed 's/ #.*$//')
2181
            OPTION=$(echo ${I} | awk '{ print $1 }')
2226
            OPTION=$(echo ${I} | awk '{ print $1 }')
2182
            VALUE=$(echo ${I}| cut -d' ' -f2-)
2227
            # Use quotes here to prevent wildcard expansion
2228
            VALUE=$(echo "${I}"| cut -d' ' -f2-)
2183
            LogText "Result: found option ${OPTION} in ${CONFIG_FILE} with value '${VALUE}'"
2229
            LogText "Result: found option ${OPTION} in ${CONFIG_FILE} with value '${VALUE}'"
2184
            STORE_SETTING=1
2230
            STORE_SETTING=1
2185
            case ${OPTION} in
2231
            case ${OPTION} in
Lines 2302-2310 Link Here
2302
                        done
2348
                        done
2303
                        if [ ${FOUND} -eq 0 ]; then NGINX_CONF_FILES_ADDITIONS="${NGINX_CONF_FILES_ADDITIONS} ${VALUE}"; fi
2349
                        if [ ${FOUND} -eq 0 ]; then NGINX_CONF_FILES_ADDITIONS="${NGINX_CONF_FILES_ADDITIONS} ${VALUE}"; fi
2304
                    # Check for additional config files included as follows
2350
                    # Check for additional config files included as follows
2305
                    # "include sites-enabled/*.conf"
2351
                    # "include sites-enabled/*.conf" (relative path)
2306
                    elif [ $(echo ${VALUE} | grep -F -c "*.conf") -gt 0 ]; then
2352
                    # "include /etc/nginx/sites-enabled/*.conf" (absolute path)
2307
                        for FOUND_CONF in $(ls ${CONFIG_FILE%nginx.conf}${VALUE%;*}); do
2353
                    elif [ $(echo "${VALUE}" | grep -F -c "*.conf") -gt 0 ]; then
2354
                        # Check if path is absolute or relative
2355
                        case $VALUE in
2356
                            /*)
2357
                                # Absolute path, so wildcard pattern is already correct
2358
                                CONF_WILDCARD=${VALUE%;*}
2359
                            ;;
2360
                            *)
2361
                                # Relative path, so construct absolute path for wildcard pattern
2362
                                CONF_WILDCARD=${CONFIG_FILE%nginx.conf}${VALUE%;*}
2363
                            ;;
2364
                        esac
2365
                        for FOUND_CONF in ${CONF_WILDCARD}; do
2366
                            if [ "${FOUND_CONF}" = "${CONF_WILDCARD}" ]; then
2367
                                LogText "Found no match for wildcard pattern: ${CONF_WILDCARD}"
2368
                                break
2369
                            fi
2308
                            FOUND=0
2370
                            FOUND=0
2309
                            for CONF in ${NGINX_CONF_FILES}; do
2371
                            for CONF in ${NGINX_CONF_FILES}; do
2310
                                if [ "${CONF}" = "${FOUND_CONF}" ]; then FOUND=1; LogText "Found this file already in our configuration files array, not adding to queue"; fi
2372
                                if [ "${CONF}" = "${FOUND_CONF}" ]; then FOUND=1; LogText "Found this file already in our configuration files array, not adding to queue"; fi
Lines 2585-2591 Link Here
2585
        CURRENT_TS=$(GetTimestamp)
2647
        CURRENT_TS=$(GetTimestamp)
2586
        if [ ${PREVIOUS_TS} -gt 0 ]; then
2648
        if [ ${PREVIOUS_TS} -gt 0 ]; then
2587
            SLOW_TEST=0
2649
            SLOW_TEST=0
2588
            TIME_THRESHOLD=10  # seconds
2650
            TIME_THRESHOLD=$SLOW_TEST_THRESHOLD  # seconds
2589
2651
2590
            # Calculate timing and determine if we use seconds or nanoseconds (more precise)
2652
            # Calculate timing and determine if we use seconds or nanoseconds (more precise)
2591
            TIME_DIFF=$((CURRENT_TS - PREVIOUS_TS))
2653
            TIME_DIFF=$((CURRENT_TS - PREVIOUS_TS))
Lines 2652-2658 Link Here
2652
        fi
2714
        fi
2653
2715
2654
        # Check for correct hardware platform
2716
        # Check for correct hardware platform
2655
        if [ ${SKIPTEST} -eq 0 -a -n "${TEST_NEED_PLATFORM}" -a ! "${HARDWARE}" = "${TEST_NEED_PLATFORM}" ]; then SKIPTEST=1; SKIPREASON="Incorrect hardware platform"; fi
2717
        if [ ${SKIPTEST} -eq 0 -a -n "${TEST_NEED_PLATFORM}" ]; then
2718
            HASMATCH=0
2719
            for I in ${TEST_NEED_PLATFORM}; do
2720
                if [ "${I}" = "${HARDWARE}" ]; then HASMATCH=1; fi
2721
            done
2722
            if [ ${HASMATCH} -eq 0 ]; then
2723
                SKIPTEST=1; SKIPREASON="Incorrect hardware platform (${TEST_NEED_PLATFORM} only)"
2724
            fi
2725
        fi
2656
2726
2657
        # Check for required (and discovered) package manager
2727
        # Check for required (and discovered) package manager
2658
        if [ ${SKIPTEST} -eq 0 -a ${TEST_NEED_PKG_MGR} -eq 1 -a ${HAS_PACKAGE_MANAGER} -eq 0 ]; then SKIPTEST=1; SKIPREASON="Requires a known package manager to test presence of a particular package"; fi
2728
        if [ ${SKIPTEST} -eq 0 -a ${TEST_NEED_PKG_MGR} -eq 1 -a ${HAS_PACKAGE_MANAGER} -eq 0 ]; then SKIPTEST=1; SKIPREASON="Requires a known package manager to test presence of a particular package"; fi
Lines 3667-3670 Link Here
3667
3737
3668
#================================================================================
3738
#================================================================================
3669
# Lynis is part of Lynis Enterprise and released under GPLv3 license
3739
# Lynis is part of Lynis Enterprise and released under GPLv3 license
3670
# Copyright 2007-2020 - Michael Boelen, CISOfy - https://cisofy.com
3740
# Copyright 2007-2021 - Michael Boelen, CISOfy - https://cisofy.com
(-)lynis-3.0.0/include/helper_audit_dockerfile (-6 / +6 lines)
Lines 6-12 Link Here
6
# ------------------
6
# ------------------
7
#
7
#
8
# Copyright 2007-2013, Michael Boelen
8
# Copyright 2007-2013, Michael Boelen
9
# Copyright 2007-2020, CISOfy
9
# Copyright 2007-2021, CISOfy
10
#
10
#
11
# Website  : https://cisofy.com
11
# Website  : https://cisofy.com
12
# Blog     : http://linux-audit.com
12
# Blog     : http://linux-audit.com
Lines 44-50 Link Here
44
##################################################################################################
44
##################################################################################################
45
#
45
#
46
46
47
    InsertSection "Image"
47
    InsertSection "${SECTION_IMAGE}"
48
48
49
    PKGMGR=""
49
    PKGMGR=""
50
    FIND=$(grep "^FROM" ${AUDIT_FILE} | sed 's/ /:space:/g')
50
    FIND=$(grep "^FROM" ${AUDIT_FILE} | sed 's/ /:space:/g')
Lines 93-99 Link Here
93
#
93
#
94
##################################################################################################
94
##################################################################################################
95
#
95
#
96
    InsertSection "Basics"
96
    InsertSection "${SECTION_BASICS}"
97
97
98
    MAINTAINER=$(grep -E -i "*MAINTAINER" ${AUDIT_FILE} | sed 's/=/ /g' | cut -d'"' -f 2)
98
    MAINTAINER=$(grep -E -i "*MAINTAINER" ${AUDIT_FILE} | sed 's/=/ /g' | cut -d'"' -f 2)
99
    if [ -z "${MAINTAINER}" ]; then
99
    if [ -z "${MAINTAINER}" ]; then
Lines 127-133 Link Here
127
#
127
#
128
##################################################################################################
128
##################################################################################################
129
#
129
#
130
    InsertSection "Software"
130
    InsertSection "${SECTION_SOFTWARE}"
131
131
132
    case $PKGMGR in
132
    case $PKGMGR in
133
    "apt")
133
    "apt")
Lines 166-172 Link Here
166
#
166
#
167
##################################################################################################
167
##################################################################################################
168
#
168
#
169
    InsertSection "Downloads"
169
    InsertSection "${SECTION_DOWNLOADS}"
170
170
171
    FILE_DOWNLOAD=0
171
    FILE_DOWNLOAD=0
172
172
Lines 217-223 Link Here
217
#
217
#
218
##################################################################################################
218
##################################################################################################
219
#
219
#
220
    InsertSection "Permissions"
220
    InsertSection "${SECTION_PERMISSIONS}"
221
221
222
    FIND=$(grep -i "chmod 777" ${AUDIT_FILE})
222
    FIND=$(grep -i "chmod 777" ${AUDIT_FILE})
223
    if HasData "${FIND}"; then
223
    if HasData "${FIND}"; then
(-)lynis-3.0.0/include/helper_configure (-4 / +1 lines)
Lines 6-12 Link Here
6
# ------------------
6
# ------------------
7
#
7
#
8
# Copyright 2007-2013, Michael Boelen
8
# Copyright 2007-2013, Michael Boelen
9
# Copyright 2007-2020, CISOfy
9
# Copyright 2007-2021, CISOfy
10
#
10
#
11
# Website  : https://cisofy.com
11
# Website  : https://cisofy.com
12
# Blog     : http://linux-audit.com
12
# Blog     : http://linux-audit.com
Lines 71-79 Link Here
71
            ${ECHOCMD} "Suggestion: create one with 'touch custom.prf' or 'touch /etc/lynis/custom.prf'"
71
            ${ECHOCMD} "Suggestion: create one with 'touch custom.prf' or 'touch /etc/lynis/custom.prf'"
72
            ExitFatal
72
            ExitFatal
73
        fi
73
        fi
74
75
        FIND=$(echo ${HELPER_PARAMERS} | grep " ")
76
        if [ ! "${FIND}" = "" ]; then ${ECHOCMD} "Found invalid character (space) in configuration string"; ExitFatal; fi
77
74
78
        CONFIGURE_SETTINGS=$(echo $2 | sed 's/:/ /g')
75
        CONFIGURE_SETTINGS=$(echo $2 | sed 's/:/ /g')
79
        for I in ${CONFIGURE_SETTINGS}; do
76
        for I in ${CONFIGURE_SETTINGS}; do
(-)lynis-3.0.0/include/helper_generate (-3 / +5 lines)
Lines 6-12 Link Here
6
# ------------------
6
# ------------------
7
#
7
#
8
# Copyright 2007-2013, Michael Boelen
8
# Copyright 2007-2013, Michael Boelen
9
# Copyright 2007-2020, CISOfy
9
# Copyright 2007-2021, CISOfy
10
#
10
#
11
# Website  : https://cisofy.com
11
# Website  : https://cisofy.com
12
# Blog     : http://linux-audit.com
12
# Blog     : http://linux-audit.com
Lines 51-58 Link Here
51
                ;;
51
                ;;
52
                *)
52
                *)
53
                    # xxd does not exist on FreeBSD
53
                    # xxd does not exist on FreeBSD
54
                    HOSTID=$(head -c20 < /dev/urandom | hexdump -ve '"%.2x"')
54
                    # Note: hexdump may omit leading or trailing zeroes.
55
                    HOSTID2=$(head -c32 < /dev/urandom | hexdump -ve '"%.2x"')
55
                    # Take 100 characters as input, turn to hex, then take first 40/64.
56
                    HOSTID=$(head -c100 < /dev/urandom | hexdump -ve '"%.2x"' | head -c40)
57
                    HOSTID2=$(head -c100 < /dev/urandom | hexdump -ve '"%.2x"' | head -c64)
56
                ;;
58
                ;;
57
            esac
59
            esac
58
60
(-)lynis-3.0.0/include/helper_show (-1 / +1 lines)
Lines 6-12 Link Here
6
# ------------------
6
# ------------------
7
#
7
#
8
# Copyright 2007-2013, Michael Boelen
8
# Copyright 2007-2013, Michael Boelen
9
# Copyright 2007-2020, CISOfy
9
# Copyright 2007-2021, CISOfy
10
#
10
#
11
# Website  : https://cisofy.com
11
# Website  : https://cisofy.com
12
# Blog     : http://linux-audit.com
12
# Blog     : http://linux-audit.com
(-)lynis-3.0.0/include/helper_system_remote_scan (-1 / +1 lines)
Lines 6-12 Link Here
6
# ------------------
6
# ------------------
7
#
7
#
8
# Copyright 2007-2013, Michael Boelen
8
# Copyright 2007-2013, Michael Boelen
9
# Copyright 2007-2020, CISOfy
9
# Copyright 2007-2021, CISOfy
10
#
10
#
11
# Website  : https://cisofy.com
11
# Website  : https://cisofy.com
12
# Blog     : http://linux-audit.com
12
# Blog     : http://linux-audit.com
(-)lynis-3.0.0/include/helper_update (-1 / +1 lines)
Lines 6-12 Link Here
6
# ------------------
6
# ------------------
7
#
7
#
8
# Copyright 2007-2013, Michael Boelen
8
# Copyright 2007-2013, Michael Boelen
9
# Copyright 2007-2020, CISOfy
9
# Copyright 2007-2021, CISOfy
10
#
10
#
11
# Website  : https://cisofy.com
11
# Website  : https://cisofy.com
12
# Blog     : http://linux-audit.com
12
# Blog     : http://linux-audit.com
(-)lynis-3.0.0/include/osdetection (-42 / +275 lines)
Lines 6-12 Link Here
6
# ------------------
6
# ------------------
7
#
7
#
8
# Copyright 2007-2013, Michael Boelen
8
# Copyright 2007-2013, Michael Boelen
9
# Copyright 2007-2020, CISOfy
9
# Copyright 2007-2021, CISOfy
10
#
10
#
11
# Website  : https://cisofy.com
11
# Website  : https://cisofy.com
12
# Blog     : http://linux-audit.com
12
# Blog     : http://linux-audit.com
Lines 62-67 Link Here
62
                    10.13 | 10.13.[0-9]*) OS_FULLNAME="macOS High Sierra (${OS_VERSION})" ;;
62
                    10.13 | 10.13.[0-9]*) OS_FULLNAME="macOS High Sierra (${OS_VERSION})" ;;
63
                    10.14 | 10.14.[0-9]*) OS_FULLNAME="macOS Mojave (${OS_VERSION})" ;;
63
                    10.14 | 10.14.[0-9]*) OS_FULLNAME="macOS Mojave (${OS_VERSION})" ;;
64
                    10.15 | 10.15.[0-9]*) OS_FULLNAME="macOS Catalina (${OS_VERSION})" ;;
64
                    10.15 | 10.15.[0-9]*) OS_FULLNAME="macOS Catalina (${OS_VERSION})" ;;
65
                    11 | 11.[0-9]*) OS_FULLNAME="macOS Big Sur (${OS_VERSION})" ;;
66
                    12 | 12.[0-9]*) OS_FULLNAME="macOS Monterey (${OS_VERSION})" ;;
65
                    *) echo "Unknown macOS version. Do you know what version it is? Create an issue at ${PROGRAM_SOURCE}" ;;
67
                    *) echo "Unknown macOS version. Do you know what version it is? Create an issue at ${PROGRAM_SOURCE}" ;;
66
                esac
68
                esac
67
            else
69
            else
Lines 143-148 Link Here
143
                OS_ID=$(grep "^ID=" /etc/os-release | awk -F= '{print $2}' | tr -d '"')
145
                OS_ID=$(grep "^ID=" /etc/os-release | awk -F= '{print $2}' | tr -d '"')
144
                if [ -n "${OS_ID}" ]; then
146
                if [ -n "${OS_ID}" ]; then
145
                    case ${OS_ID} in
147
                    case ${OS_ID} in
148
                        "almalinux")
149
                            LINUX_VERSION="AlmaLinux"
150
                            OS_NAME=$(grep "^PRETTY_NAME=" /etc/os-release | awk -F= '{print $2}' | tr -d '"')
151
                            OS_REDHAT_OR_CLONE=1
152
                            OS_VERSION=$(grep "^VERSION_ID=" /etc/os-release | awk -F= '{print $2}' | tr -d '"')
153
                            OS_VERSION_FULL=$(grep "^VERSION=" /etc/os-release | awk -F= '{print $2}' | tr -d '"')                           
154
                        ;;
155
                        "alpine")
156
                            LINUX_VERSION="Alpine Linux"
157
                            OS_NAME=$(grep "^PRETTY_NAME=" /etc/os-release | awk -F= '{print $2}' | tr -d '"')
158
                            OS_VERSION=$(grep "^VERSION_ID=" /etc/os-release | awk -F= '{print $2}' | tr -d '"')
159
                            OS_VERSION_FULL=$(grep "^VERSION=" /etc/os-release | awk -F= '{print $2}' | tr -d '"')
160
                        ;;
146
                        "amzn")
161
                        "amzn")
147
                            LINUX_VERSION="Amazon Linux"
162
                            LINUX_VERSION="Amazon Linux"
148
                            OS_NAME="Amazon Linux"
163
                            OS_NAME="Amazon Linux"
Lines 154-159 Link Here
154
                            OS_FULLNAME="Arch Linux"
169
                            OS_FULLNAME="Arch Linux"
155
                            OS_VERSION="Rolling release"
170
                            OS_VERSION="Rolling release"
156
                        ;;
171
                        ;;
172
                        "arch32")
173
                            LINUX_VERSION="Arch Linux 32"
174
                            OS_FULLNAME="Arch Linux 32"
175
                            OS_VERSION="Rolling release"
176
                        ;;
177
                        "artix")
178
                            LINUX_VERSION="Artix Linux"
179
                            OS_FULLNAME="Artix Linux"
180
                            OS_VERSION="Rolling release"
181
                        ;;
182
                        "bunsenlabs")
183
                            LINUX_VERSION="BunsenLabs"
184
                            OS_NAME="BunsenLabs"
185
                            OS_VERSION=$(grep "^VERSION_ID=" /etc/os-release | awk -F= '{print $2}' | tr -d '"')
186
                            OS_VERSION_FULL=$(grep "^VERSION=" /etc/os-release | awk -F= '{print $2}' | tr -d '"')
187
                        ;;  
157
                        "centos")
188
                        "centos")
158
                            LINUX_VERSION="CentOS"
189
                            LINUX_VERSION="CentOS"
159
                            OS_NAME="CentOS Linux"
190
                            OS_NAME="CentOS Linux"
Lines 166-171 Link Here
166
                            OS_REDHAT_OR_CLONE=1
197
                            OS_REDHAT_OR_CLONE=1
167
                            OS_VERSION="Rolling release"
198
                            OS_VERSION="Rolling release"
168
                        ;;
199
                        ;;
200
                        "cloudlinux")
201
                            LINUX_VERSION="CloudLinux"
202
                            OS_NAME="CloudLinux"
203
                            OS_REDHAT_OR_CLONE=1
204
                            OS_VERSION=$(grep "^VERSION_ID=" /etc/os-release | awk -F= '{print $2}' | tr -d '"')
205
                        ;;
169
                        "coreos")
206
                        "coreos")
170
                            LINUX_VERSION="CoreOS"
207
                            LINUX_VERSION="CoreOS"
171
                            OS_NAME="CoreOS Linux"
208
                            OS_NAME="CoreOS Linux"
Lines 176-205 Link Here
176
                            OS_NAME="Debian"
213
                            OS_NAME="Debian"
177
                            OS_VERSION=$(grep "^VERSION_ID=" /etc/os-release | awk -F= '{print $2}' | tr -d '"')
214
                            OS_VERSION=$(grep "^VERSION_ID=" /etc/os-release | awk -F= '{print $2}' | tr -d '"')
178
                            OS_VERSION_FULL=$(grep "^VERSION=" /etc/os-release | awk -F= '{print $2}' | tr -d '"')
215
                            OS_VERSION_FULL=$(grep "^VERSION=" /etc/os-release | awk -F= '{print $2}' | tr -d '"')
216
                        ;;                     
217
                        "devuan")
218
                            LINUX_VERSION="Devuan"
219
                            OS_NAME="Devuan"
220
                            OS_VERSION=$(grep "^VERSION_ID=" /etc/os-release | awk -F= '{print $2}' | tr -d '"')
221
                            OS_VERSION_FULL=$(grep "^VERSION=" /etc/os-release | awk -F= '{print $2}' | tr -d '"')
179
                        ;;
222
                        ;;
223
                        "elementary")
224
                            LINUX_VERSION="elementary OS"
225
                            OS_NAME="elementary OS"
226
                            OS_VERSION=$(grep "^VERSION_ID=" /etc/os-release | awk -F= '{print $2}' | tr -d '"')
227
                            OS_VERSION_FULL=$(grep "^VERSION=" /etc/os-release | awk -F= '{print $2}' | tr -d '"')
228
                        ;;
229
                        "endeavouros")
230
                            LINUX_VERSION="EndeavourOS"
231
                            OS_NAME="EndeavourOS"
232
                            OS_VERSION="Rolling release"
233
                            OS_VERSION_FULL="Rolling release"
234
                        ;;
180
                        "fedora")
235
                        "fedora")
181
                            LINUX_VERSION="Fedora"
236
                            LINUX_VERSION="Fedora"
182
                            OS_NAME="Fedora Linux"
237
                            OS_NAME="Fedora Linux"
183
                            OS_REDHAT_OR_CLONE=1
238
                            OS_REDHAT_OR_CLONE=1
184
                            OS_VERSION=$(grep "^VERSION_ID=" /etc/os-release | awk -F= '{print $2}' | tr -d '"')
239
                            OS_VERSION=$(grep "^VERSION_ID=" /etc/os-release | awk -F= '{print $2}' | tr -d '"')
185
                        ;;
240
                        ;;
241
                        "flatcar")
242
                            LINUX_VERSION="Flatcar"
243
                            LINUX_VERSION_LIKE="CoreOS"
244
                            OS_NAME="Flatcar Linux"
245
                            OS_VERSION=$(grep "^VERSION_ID=" /etc/os-release | awk -F= '{print $2}' | tr -d '"')
246
                        ;;
247
                        "funtoo")
248
                            LINUX_VERSION="Funtoo"
249
                            OS_FULLNAME="Funtoo Linux"
250
                            OS_VERSION="Rolling release"
251
                        ;;
252
                        "garuda")
253
                            LINUX_VERSION="Garuda"
254
                            OS_FULLNAME="Garuda Linux"
255
                            OS_NAME="Garuda"
256
                            OS_VERSION="Rolling release"
257
                        ;;
186
                        "gentoo")
258
                        "gentoo")
187
                            LINUX_VERSION="Gentoo"
259
                            LINUX_VERSION="Gentoo"
188
                            OS_NAME="Gentoo Linux"
260
                            OS_NAME="Gentoo Linux"
189
                            OS_VERSION="Rolling release"
261
                            OS_VERSION="Rolling release"
190
                        ;;
262
                        ;;
191
                        "pureos")
263
                        "ipfire")
192
                            LINUX_VERSION="PureOS"
264
                            LINUX_VERSION="IPFire"
265
                            OS_NAME="IPFire"
266
                            OS_VERSION=$(grep "^VERSION=" /etc/os-release | awk -F= '{print $2}' | tr -d '"')
267
                        ;;
268
                        "kali")
269
                            LINUX_VERSION="Kali"
270
                            LINUX_VERSION_LIKE="Debian"
271
                            OS_NAME="Kali Linux"
272
                            OS_VERSION="Rolling release"
273
                        ;;
274
                        "linuxmint")
275
                            LINUX_VERSION="Linux Mint"
276
                            LINUX_VERSION_LIKE="Ubuntu"
277
                            OS_NAME="Linux Mint"
193
                            OS_VERSION=$(grep "^VERSION_ID=" /etc/os-release | awk -F= '{print $2}' | tr -d '"')
278
                            OS_VERSION=$(grep "^VERSION_ID=" /etc/os-release | awk -F= '{print $2}' | tr -d '"')
194
                            OS_VERSION_FULL=$(grep "^VERSION=" /etc/os-release | awk -F= '{print $2}' | tr -d '"')
279
                            OS_VERSION_FULL=$(grep "^VERSION=" /etc/os-release | awk -F= '{print $2}' | tr -d '"')
195
                            OS_NAME="PureOS"
196
                        ;;
280
                        ;;
197
                        "manjaro")
281
                        "mageia")
282
                            LINUX_VERSION="Mageia"
283
                            OS_NAME="Mageia"
284
                            OS_VERSION=$(grep "^VERSION_ID=" /etc/os-release | awk -F= '{print $2}' | tr -d '"')
285
                            OS_VERSION_FULL=$(grep "^VERSION=" /etc/os-release | awk -F= '{print $2}' | tr -d '"')
286
                        ;;
287
                        "manjaro" | "manjaro-arm")
198
                            LINUX_VERSION="Manjaro"
288
                            LINUX_VERSION="Manjaro"
199
                            OS_FULLNAME="Manjaro Linux"
289
                            OS_FULLNAME="Manjaro Linux"
200
                            OS_NAME="Manjaro"
290
                            OS_NAME="Manjaro"
201
                            OS_VERSION="Rolling release"
291
                            OS_VERSION="Rolling release"
202
                        ;;
292
                        ;;
293
                        "nethserver")
294
                            LINUX_VERSION="NethServer"
295
                            OS_NAME="NethServer"
296
                            OS_REDHAT_OR_CLONE=1
297
                            OS_VERSION=$(grep "^VERSION_ID=" /etc/os-release | awk -F= '{print $2}' | tr -d '"')
298
                        ;;
299
                        "nixos")
300
                            LINUX_VERSION="NixOS"
301
                            OS_NAME="NixOS"
302
                            OS_VERSION=$(grep "^VERSION_ID=" /etc/os-release | awk -F= '{print $2}' | tr -d '"')
303
                            OS_VERSION_FULL=$(grep "^VERSION=" /etc/os-release | awk -F= '{print $2}' | tr -d '"')
304
                        ;;
203
                        "ol")
305
                        "ol")
204
                            LINUX_VERSION="Oracle Linux"
306
                            LINUX_VERSION="Oracle Linux"
205
                            OS_NAME="Oracle Linux"
307
                            OS_NAME="Oracle Linux"
Lines 217-255 Link Here
217
                            OS_VERSION=$(grep "^VERSION_ID=" /etc/os-release | awk -F= '{print $2}' | tr -d '"')
319
                            OS_VERSION=$(grep "^VERSION_ID=" /etc/os-release | awk -F= '{print $2}' | tr -d '"')
218
                            OS_NAME="openSUSE"
320
                            OS_NAME="openSUSE"
219
                        ;;
321
                        ;;
220
                        "ubuntu")
322
                        "opensuse-microos")
221
                            LINUX_VERSION="Ubuntu"
323
                            LINUX_VERSION="openSUSE MicroOS"
222
                            OS_VERSION=$(grep "^VERSION_ID=" /etc/os-release | awk -F= '{print $2}' | tr -d '"')
324
                            OS_VERSION=$(grep "^VERSION_ID=" /etc/os-release | awk -F= '{print $2}' | tr -d '"')
325
                            OS_NAME="openSUSE"
326
                        ;;
327
                        "parrot")
328
                            LINUX_VERSION="Parrot"
329
                            OS_NAME="Parrot GNU/Linux"
330
                            OS_VERSION=$(grep "^VERSION_ID=" /etc/os-release | awk -F= '{print $2}' | tr -d '"')
331
                            OS_VERSION_FULL=$(grep "^PRETTY_NAME=" /etc/os-release | awk -F= '{print $2}' | tr -d '"')
332
                        ;;
333
                        "pop")
334
                            LINUX_VERSION="Pop!_OS"
335
                            LINUX_VERSION_LIKE="Ubuntu"
336
                            OS_VERSION=$(grep "^VERSION_ID=" /etc/os-release | awk -F= '{print $2}' | tr -d '"')
223
                            OS_VERSION_FULL=$(grep "^VERSION=" /etc/os-release | awk -F= '{print $2}' | tr -d '"')
337
                            OS_VERSION_FULL=$(grep "^VERSION=" /etc/os-release | awk -F= '{print $2}' | tr -d '"')
224
                            OS_NAME="Ubuntu"
338
                            OS_NAME="Pop!_OS"
225
                        ;;
339
                        ;;
340
                        "pureos")
341
                            LINUX_VERSION="PureOS"
342
                            LINUX_VERSION_LIKE="Debian"
343
                            OS_VERSION=$(grep "^VERSION_ID=" /etc/os-release | awk -F= '{print $2}' | tr -d '"')
344
                            OS_VERSION_FULL=$(grep "^VERSION=" /etc/os-release | awk -F= '{print $2}' | tr -d '"')
345
                            OS_NAME="PureOS"
346
                        ;;
226
                        "raspbian")
347
                        "raspbian")
227
                            LINUX_VERSION="Raspbian"
348
                            LINUX_VERSION="Raspbian"
349
                            LINUX_VERSION_LIKE="Debian"
228
                            OS_VERSION=$(grep "^VERSION_ID=" /etc/os-release | awk -F= '{print $2}' | tr -d '"')
350
                            OS_VERSION=$(grep "^VERSION_ID=" /etc/os-release | awk -F= '{print $2}' | tr -d '"')
229
                            OS_VERSION_FULL=$(grep "^VERSION=" /etc/os-release | awk -F= '{print $2}' | tr -d '"')
351
                            OS_VERSION_FULL=$(grep "^VERSION=" /etc/os-release | awk -F= '{print $2}' | tr -d '"')
230
                            OS_NAME="Raspbian"
352
                            OS_NAME="Raspbian"
231
                        ;;
353
                        ;;
232
                        "rhel")
354
                        "redhat" | "rhel")
233
                            LINUX_VERSION="RHEL"
355
                            LINUX_VERSION="RHEL"
234
                            OS_NAME=$(grep "^PRETTY_NAME=" /etc/os-release | awk -F= '{print $2}' | tr -d '"')
356
                            OS_NAME="RHEL"
235
                            OS_VERSION=$(grep "^VERSION_ID=" /etc/os-release | awk -F= '{print $2}' | tr -d '"')
357
                            OS_VERSION=$(grep "^VERSION_ID=" /etc/os-release | awk -F= '{print $2}' | tr -d '"')
236
                            OS_VERSION_FULL=$(grep "^VERSION=" /etc/os-release | awk -F= '{print $2}' | tr -d '"')
358
                            OS_VERSION_FULL=$(grep "^VERSION=" /etc/os-release | awk -F= '{print $2}' | tr -d '"')
237
                            OS_FULLNAME="${OS_NAME} ${OS_VERSION_FULL}"
359
                            OS_FULLNAME="${OS_NAME} ${OS_VERSION_FULL}"
238
                            OS_REDHAT_OR_CLONE=1
360
                            OS_REDHAT_OR_CLONE=1
239
                        ;;
361
                        ;;
362
                         "rocky")
363
                            LINUX_VERSION="Rocky Linux"
364
                            OS_NAME="Rocky Linux"
365
                            OS_REDHAT_OR_CLONE=1
366
                            OS_VERSION=$(grep "^VERSION_ID=" /etc/os-release | awk -F= '{print $2}' | tr -d '"')
367
                        ;;
368
                        "rosa")
369
                            LINUX_VERSION="ROSA Linux"
370
                            OS_VERSION=$(grep "^VERSION_ID=" /etc/os-release | awk -F= '{print $2}' | tr -d '"')
371
                            OS_VERSION_FULL=$(grep "^VERSION=" /etc/os-release | awk -F= '{print $2}' | tr -d '"')
372
                            OS_NAME="ROSA Linux"
373
                        ;;
240
                        "slackware")
374
                        "slackware")
241
                            LINUX_VERSION="Slackware"
375
                            LINUX_VERSION="Slackware"
242
                            OS_NAME="Slackware Linux"
376
                            OS_NAME="Slackware Linux"
243
                            OS_VERSION=$(grep "^VERSION_ID=" /etc/os-release | awk -F= '{print $2}' | tr -d '"')
377
                            OS_VERSION=$(grep "^VERSION_ID=" /etc/os-release | awk -F= '{print $2}' | tr -d '"')
244
                            OS_VERSION_FULL=$(grep "^VERSION=" /etc/os-release | awk -F= '{print $2}' | tr -d '"')
378
                            OS_VERSION_FULL=$(grep "^VERSION=" /etc/os-release | awk -F= '{print $2}' | tr -d '"')
245
                        ;;
379
                        ;;
380
                        "sles")
381
                            LINUX_VERSION="SLES"
382
                            OS_NAME="openSUSE"
383
                            OS_VERSION=$(grep "^VERSION_ID=" /etc/os-release | awk -F= '{print $2}' | tr -d '"')
384
                            OS_VERSION_FULL=$(grep "^PRETTY_NAME=" /etc/os-release | awk -F= '{print $2}' | tr -d '"')
385
                        ;;
386
                        "ubuntu")
387
                            LINUX_VERSION="Ubuntu"
388
                            OS_VERSION=$(grep "^VERSION_ID=" /etc/os-release | awk -F= '{print $2}' | tr -d '"')
389
                            OS_VERSION_FULL=$(grep "^VERSION=" /etc/os-release | awk -F= '{print $2}' | tr -d '"')
390
                            OS_NAME="Ubuntu"
391
                        ;;
392
                        "void")
393
                            LINUX_VERSION="Void Linux"
394
                            OS_VERSION="Rolling release"
395
                            OS_NAME="Void Linux"
396
                        ;;
397
                        "zorin")
398
                            LINUX_VERSION="Zorin OS"
399
                            OS_NAME="Zorin OS"
400
                            OS_VERSION=$(grep "^VERSION_ID=" /etc/os-release | awk -F= '{print $2}' | tr -d '"')
401
                            OS_VERSION_FULL=$(grep "^VERSION=" /etc/os-release | awk -F= '{print $2}' | tr -d '"')
402
                        ;;
246
                        *)
403
                        *)
247
                            ReportException "OS Detection" "Unknown OS found in /etc/os-release"
404
                            ReportException "OS Detection" "Unknown OS found in /etc/os-release - Please create an issue on GitHub and share the the contents (cat /etc/os-release): ${PROGRAM_SOURCE}"
248
                        ;;
405
                        ;;
249
                    esac
406
                    esac
250
                fi
407
                fi
251
            fi
408
            fi
252
409
410
            # Alpine
411
            if [ -e "/etc/alpine-release" ]; then LINUX_VERSION="Alpine Linux"; OS_VERSION=$(cat /etc/alpine-release); fi
412
253
            # Amazon
413
            # Amazon
254
            if [ -z "${LINUX_VERSION}" -a -e "/etc/system-release" ]; then
414
            if [ -z "${LINUX_VERSION}" -a -e "/etc/system-release" ]; then
255
                FIND=$(grep "^Amazon" /etc/system-release)
415
                FIND=$(grep "^Amazon" /etc/system-release)
Lines 281-311 Link Here
281
            # CPUBuilders Linux
441
            # CPUBuilders Linux
282
            if [ -e "/etc/cpub-release" ]; then OS_FULLNAME=$(cat /etc/cpub-release); fi
442
            if [ -e "/etc/cpub-release" ]; then OS_FULLNAME=$(cat /etc/cpub-release); fi
283
443
284
            # Debian/Ubuntu (***) - Set first to Debian
444
            if [ -z "${LINUX_VERSION}" ] && [ -e "/etc/debian_version" ]; then
285
            if [ -e "/etc/debian_version" ]; then
445
                # Debian/Ubuntu (***) - Set first to Debian
286
                OS_VERSION=$(cat /etc/debian_version)
446
                OS_VERSION=$(cat /etc/debian_version)
287
                OS_FULLNAME="Debian ${OS_VERSION}"
447
                OS_FULLNAME="Debian ${OS_VERSION}"
288
                LINUX_VERSION="Debian"
448
                LINUX_VERSION="Debian"
289
            fi
290
449
291
            # /etc/lsb-release does not exist on Debian
450
                # /etc/lsb-release does not exist on Debian
292
            if [ -e "/etc/debian_version" -a -e /etc/lsb-release ]; then
451
                if [ -e /etc/lsb-release ]; then
293
                OS_VERSION=$(cat /etc/debian_version)
452
                    OS_VERSION=$(cat /etc/debian_version)
294
                FIND=$(grep "^DISTRIB_ID=" /etc/lsb-release | cut -d '=' -f2 | sed 's/"//g')
453
                    FIND=$(grep "^DISTRIB_ID=" /etc/lsb-release | cut -d '=' -f2 | sed 's/"//g')
295
                if [ "${FIND}" = "Ubuntu" ]; then
454
                    if [ "${FIND}" = "Ubuntu" ]; then
296
                    OS_VERSION=$(grep "^DISTRIB_RELEASE=" /etc/lsb-release | cut -d '=' -f2)
455
                        OS_VERSION=$(grep "^DISTRIB_RELEASE=" /etc/lsb-release | cut -d '=' -f2)
297
                    OS_FULLNAME="Ubuntu ${OS_VERSION}"
456
                        OS_FULLNAME="Ubuntu ${OS_VERSION}"
298
                    LINUX_VERSION="Ubuntu"
457
                        LINUX_VERSION="Ubuntu"
299
                elif [ "${FIND}" = "elementary OS" ]; then
458
                    elif [ "${FIND}" = "elementary OS" ]; then
300
                    LINUX_VERSION="elementary OS"
459
                        LINUX_VERSION="elementary OS"
301
                    OS_VERSION=$(grep "^DISTRIB_RELEASE=" /etc/lsb-release | cut -d '=' -f2)
460
                        LINUX_VERSION_LIKE="Ubuntu"
302
                    OS_FULLNAME=$(grep "^DISTRIB_DESCRIPTION=" /etc/lsb-release | cut -d '=' -f2 | sed 's/"//g')
461
                        OS_VERSION=$(grep "^DISTRIB_RELEASE=" /etc/lsb-release | cut -d '=' -f2)
303
                else
462
                        OS_FULLNAME=$(grep "^DISTRIB_DESCRIPTION=" /etc/lsb-release | cut -d '=' -f2 | sed 's/"//g')
304
                    # Catch all, in case it's unclear what specific release this is.
463
                    else
305
                    OS_FULLNAME="Debian ${OS_VERSION}"
464
                        # Catch all, in case it's unclear what specific release this is.
306
                    LINUX_VERSION="Debian"
465
                        OS_FULLNAME="Debian ${OS_VERSION}"
466
                        LINUX_VERSION="Debian"
467
                    fi
468
                    # Ubuntu test (optional) $(grep "[Uu]buntu" /proc/version)
307
                fi
469
                fi
308
                # Ubuntu test (optional) $(grep "[Uu]buntu" /proc/version)
309
            fi
470
            fi
310
471
311
            # Override for Linux Mint, as that is initially detected as Debian or Ubuntu
472
            # Override for Linux Mint, as that is initially detected as Debian or Ubuntu
Lines 313-318 Link Here
313
                FIND=$(lsb_release --id | awk -F: '{ print $2 }' | awk '{ print $1 }')
474
                FIND=$(lsb_release --id | awk -F: '{ print $2 }' | awk '{ print $1 }')
314
                if [ "${FIND}" = "LinuxMint" ]; then
475
                if [ "${FIND}" = "LinuxMint" ]; then
315
                    LINUX_VERSION="Linux Mint"
476
                    LINUX_VERSION="Linux Mint"
477
                    # LMDE (Linux Mint Debian Edition) should be detected as Debian
478
                    LINUX_VERSION_LIKE="Ubuntu"
316
                    OS_VERSION=$(lsb_release --release | awk '{ print $2 }')
479
                    OS_VERSION=$(lsb_release --release | awk '{ print $2 }')
317
                    OS_FULLNAME="Linux Mint ${OS_VERSION}"
480
                    OS_FULLNAME="Linux Mint ${OS_VERSION}"
318
                fi
481
                fi
Lines 351-363 Link Here
351
                    LINUX_VERSION="Fedora"
514
                    LINUX_VERSION="Fedora"
352
                fi
515
                fi
353
516
354
                # Mageia (has also /etc/megaia-release)
355
                FIND=$(grep "Mageia" /etc/redhat-release)
356
                if [ ! "${FIND}" = "" ]; then
357
                    OS_FULLNAME=$(grep "^Mageia" /etc/redhat-release)
358
                    OS_VERSION=$(grep "^Mageia" /etc/redhat-release | awk '{ if ($2=="release") { print $3 } }')
359
                    LINUX_VERSION="Mageia"
360
                fi
361
517
362
                # Oracle Enterprise Linux
518
                # Oracle Enterprise Linux
363
                FIND=$(grep "Enterprise Linux Enterprise Linux Server" /etc/redhat-release)
519
                FIND=$(grep "Enterprise Linux Enterprise Linux Server" /etc/redhat-release)
Lines 495-506 Link Here
495
            SYSCTL_READKEY=""
651
            SYSCTL_READKEY=""
496
        ;;
652
        ;;
497
653
498
        # Solaris / OpenSolaris
654
        # Solaris / OpenSolaris / Ilumos ...
499
        SunOS)
655
        SunOS)
500
            OS="Solaris"
656
            OS="Solaris"
501
            OS_NAME="Sun Solaris"
657
            OS_KERNELVERSION=$(uname -v)
502
            OS_FULLNAME=$(uname -s -r)
658
            OPENSOLARIS=0
503
            OS_VERSION=$(uname -r)
659
660
            if [ -f /etc/os-release ]; then
661
                OS_ID=$(grep "^ID=" /etc/os-release | awk -F= '{print $2}' | tr -d '"')
662
                OS_VERSION=$(grep "^VERSION=" /etc/os-release | awk -F= '{print $2}' | tr -d '"')
663
                OS_FULLNAME=$(awk -F= '/^PRETTY_NAME=/ {print substr($2,2,length($2)-2)}' /etc/os-release)
664
                case "${OS_ID}" in
665
                    "solaris")
666
                        OS_NAME="Oracle Solaris"
667
                        ;;
668
                    "omnios")
669
                        OS_NAME="OmniOS"
670
                        OPENSOLARIS=1
671
                        ;;
672
                    "tribblix")
673
                        OS_NAME="Tribblix"
674
                        OS_FULLNAME="Tribblix ${OS_VERSION}"
675
                        OPENSOLARIS=1 
676
                        ;;
677
                    "*")
678
                        ReportException "OS Detection" "Unknown OS found in /etc/os-release - Please create issue on GitHub project page: ${PROGRAM_SOURCE}"
679
                        ;;
680
                esac
681
            elif [ "$(uname -o 2> /dev/null)" = "illumos" ]; then
682
                OPENSOLARIS=1
683
        
684
                # Solaris has a free form text file with release information
685
                if grep "OpenIndiana" /etc/release > /dev/null; then
686
                    OS_NAME="OpenIndiana"
687
                    if grep "Hipster" /etc/release > /dev/null; then
688
                        OS_VERSION="$(tr ' ' '\n' < /etc/release  | grep '[[:digit:]]\.[[:digit:]]')"
689
                        OS_FULLNAME="OpenIndiana Hipster $OS_VERSION"
690
                    else
691
                        OS_VERSION="Unknown"
692
                        OS_FULLNAME="OpenIndiana (unknown edition)"
693
                    fi
694
                elif grep "OmniOS" /etc/release > /dev/null; then
695
                    OS_NAME="OmniOS"
696
                    OS_VERSION="$(tr ' ' '\n' < /etc/release  | grep 'r[[:digit:]]')"
697
                    if grep "Community Edition" /etc/release > /dev/null; then
698
                        OS_FULLNAME="OmniOS Community Edition v11 $OS_VERSION"
699
                    fi
700
                elif grep "SmartOS" /etc/release > /dev/null; then
701
                    OS_NAME="SmartOS"
702
                    OS_VERSION="-"
703
                    OS_FULLNAME="SmartOS"
704
                else
705
                    OS_NAME="Unknown Illumos"
706
                fi
707
            elif grep "SchilliX" /etc/release > /dev/null; then
708
                OS_NAME="SchilliX"
709
                OS_FULLNAME="$(head -n 1 /etc/release | xargs)"
710
                OS_VERSION="$(echo "$OS_FULLNAME" | cut -d '-' -f 2)"
711
712
                OPENSOLARIS=1
713
            elif head -n 1 < /etc/release | grep "Oracle Solaris" > /dev/null; then
714
                OS_NAME="Oracle Solaris"
715
                OS_FULLNAME="$(head -n 1 /etc/release | xargs)"
716
                OS_VERSION="$(head -n 1 < /etc/release | xargs | cut -d ' ' -f 3)"
717
            elif head -n 1 < /etc/release | xargs | grep "^Solaris " > /dev/null; then
718
                OS_NAME="Sun Solaris"
719
                # Example of /etc/release:
720
                #   Solaris 10 5/08
721
                #   ...
722
                #   Solaris 10 10/09 (Update 8)
723
                # The first line does not contain the "Update" number,
724
                # only if present.
725
                if tail -1 < /etc/release | xargs | grep "^Solaris " > /dev/null; then
726
                    OS_FULLNAME=$(tail -1 < /etc/release | xargs)
727
                else
728
                    OS_FULLNAME=$(head -1 < /etc/release | xargs)
729
                fi
730
                OS_VERSION=$(echo "$OS_FULLNAME" | cut -d ' ' -f 2,3)
731
            else  # Old behaviour
732
                OS_NAME="Sun Solaris"
733
                OS_FULLNAME=$(uname -s -r)
734
                OS_VERSION=$(uname -r)
735
            fi
736
504
            HARDWARE=$(uname -m)
737
            HARDWARE=$(uname -m)
505
            if [ -x /usr/bin/isainfo ]; then
738
            if [ -x /usr/bin/isainfo ]; then
506
                # Returns 32, 64
739
                # Returns 32, 64
(-)lynis-3.0.0/include/parameters (-1 / +18 lines)
Lines 6-12 Link Here
6
# ------------------
6
# ------------------
7
#
7
#
8
# Copyright 2007-2013, Michael Boelen
8
# Copyright 2007-2013, Michael Boelen
9
# Copyright 2007-2020, CISOfy
9
# Copyright 2007-2021, CISOfy
10
#
10
#
11
# Website  : https://cisofy.com
11
# Website  : https://cisofy.com
12
# Blog     : http://linux-audit.com
12
# Blog     : http://linux-audit.com
Lines 421-426 Link Here
421
            --warnings-only | --show-warnings-only)
421
            --warnings-only | --show-warnings-only)
422
                SHOW_WARNINGS_ONLY=1
422
                SHOW_WARNINGS_ONLY=1
423
                QUIET=1
423
                QUIET=1
424
            ;;
425
426
            # Warning when test is slow
427
            --slow-warning)
428
                if [ $# -gt 1 ]; then
429
                    shift
430
431
                    if [ "$1" -gt 0 ] 2>/dev/null; then
432
                        SLOW_TEST_THRESHOLD="$1"
433
                    else
434
                        echo "Argument has to be number."
435
                        exit 1
436
                    fi
437
                else
438
                    echo "Specify threshold as number of seconds above which should Lynis warn about long test."
439
                    exit 1
440
                fi
424
            ;;
441
            ;;
425
442
426
            --tests-category | --tests-categories | --view-categories | --list-categories | --show-categories)
443
            --tests-category | --tests-categories | --view-categories | --list-categories | --show-categories)
(-)lynis-3.0.0/include/profiles (-6 / +5 lines)
Lines 6-12 Link Here
6
# ------------------
6
# ------------------
7
#
7
#
8
# Copyright 2007-2013, Michael Boelen
8
# Copyright 2007-2013, Michael Boelen
9
# Copyright 2007-2020, CISOfy
9
# Copyright 2007-2021, CISOfy
10
#
10
#
11
# Website  : https://cisofy.com
11
# Website  : https://cisofy.com
12
# Blog     : http://linux-audit.com
12
# Blog     : http://linux-audit.com
Lines 35-41 Link Here
35
35
36
        # Show deprecation message for old config entries such as 'config:' and 'apache:'
36
        # Show deprecation message for old config entries such as 'config:' and 'apache:'
37
        FOUND=0
37
        FOUND=0
38
        DATA=$(grep -E "^[a-z-]{1,}:" ${PROFILE} | od -An -ta | sed 's/ /!space!/g')  # od -An (no file offset), -ta (named character, to be on safe side)
38
        DATA=$(grep -E "^[a-z-]{1,}:" ${PROFILE})
39
        if ! IsEmpty "${DATA}"; then FOUND=1; fi
39
        if ! IsEmpty "${DATA}"; then FOUND=1; fi
40
40
41
        if [ ${FOUND} -eq 1 ]; then
41
        if [ ${FOUND} -eq 1 ]; then
Lines 50-66 Link Here
50
            Display --text " "
50
            Display --text " "
51
            Display --text "=================================================================================================="
51
            Display --text "=================================================================================================="
52
            Display --text " "
52
            Display --text " "
53
            LogText "Insight: Profile '${PROFILE}' contains one or more old-style configuration entries"
53
            ReportWarning "GEN-0020" "Your profile contains one or more old-style configuration entries"
54
            ReportWarning "GEN-0020" "Your profile contains one or more old-style configuration entries"
54
            sleep 10
55
            sleep 10
55
        fi
56
        fi
56
57
57
        # Security check for unexpected and possibly harmful escape characters (hyphen should be listed as first or last character)
58
        # Security check for unexpected and possibly harmful escape characters (hyphen should be listed as first or last character)
58
        DATA=$(grep -Ev '^$|^ |^#|^config:' "${PROFILE}" | tr -d '[:alnum:]/\[\]\(\)_\|,\.:;= \n\r-' | od -An -ta | sed 's/ /!space!/g')
59
        DATA=$(grep -Ev '^$|^ |^#|^config:' "${PROFILE}" | tr -d '[:alnum:]/\[\]\(\)_\|,\.:;= \n\r-')
59
        if ! IsEmpty "${DATA}"; then
60
        if ! IsEmpty "${DATA}"; then
60
            DisplayWarning "Your profile '${PROFILE}' contains unexpected characters. See the log file for more information."
61
            DisplayWarning "Your profile '${PROFILE}' contains unexpected characters. See the log file for more information."
61
            LogText "Found unexpected or possibly harmful characters in profile '${PROFILE}'. See which characters matched in the output below and compare them with your profile."
62
            LogText "Found unexpected or possibly harmful characters in profile '${PROFILE}'. See which characters matched in the output below and compare them with your profile."
62
            for I in ${DATA}; do
63
            for I in $(printf ${DATA} | od -An -ta); do
63
                I=$(echo ${I} | sed 's/!space!/ /g')
64
                LogText "Output: ${I}"
64
                LogText "Output: ${I}"
65
            done
65
            done
66
            LogText "Suggestion: comment incorrect lines with a '#' and try again. Open a GitHub issue if valid characters are blocked"
66
            LogText "Suggestion: comment incorrect lines with a '#' and try again. Open a GitHub issue if valid characters are blocked"
Lines 556-562 Link Here
556
556
557
    Display --indent 2 --text "- Checking profiles..." --result "DONE" --color GREEN
557
    Display --indent 2 --text "- Checking profiles..." --result "DONE" --color GREEN
558
558
559
LogTextBreak
560
559
561
#================================================================================
560
#================================================================================
562
# Lynis - Security Auditing and System Hardening for Linux and UNIX - https://cisofy.com
561
# Lynis - Security Auditing and System Hardening for Linux and UNIX - https://cisofy.com
(-)lynis-3.0.0/include/report (-5 / +5 lines)
Lines 6-12 Link Here
6
# ------------------
6
# ------------------
7
#
7
#
8
# Copyright 2007-2013, Michael Boelen
8
# Copyright 2007-2013, Michael Boelen
9
# Copyright 2007-2020, CISOfy
9
# Copyright 2007-2021, CISOfy
10
#
10
#
11
# Website  : https://cisofy.com
11
# Website  : https://cisofy.com
12
# Blog     : http://linux-audit.com
12
# Blog     : http://linux-audit.com
Lines 151-164 Link Here
151
            fi
151
            fi
152
152
153
            # Show suggestions from logfile
153
            # Show suggestions from logfile
154
            SSUGGESTIONS=$(${GREPBINARY} 'Suggestion: ' ${LOGFILE} | sed 's/ /!space!/g')
154
            SUGGESTIONS=$(${GREPBINARY} 'Suggestion: ' ${LOGFILE} | sed 's/ /!space!/g')
155
155
156
            if [ -z "${SSUGGESTIONS}" ]; then
156
            if [ -z "${SUGGESTIONS}" ]; then
157
                echo "  ${OK}No suggestions${NORMAL}"; echo ""
157
                echo "  ${OK}No suggestions${NORMAL}"; echo ""
158
            else
158
            else
159
                echo "  ${YELLOW}Suggestions${NORMAL} (${TOTAL_SUGGESTIONS}):"
159
                echo "  ${YELLOW}Suggestions${NORMAL} (${TOTAL_SUGGESTIONS}):"
160
                echo "  ${WHITE}----------------------------${NORMAL}"
160
                echo "  ${WHITE}----------------------------${NORMAL}"
161
                for SUGGESTION in ${SSUGGESTIONS}; do
161
                for SUGGESTION in ${SUGGESTIONS}; do
162
                    SOLUTION=""
162
                    SOLUTION=""
163
                    SHOWSUGGESTION=$(echo ${SUGGESTION} | sed 's/!space!/ /g' | sed 's/^.* Suggestion: //' | sed 's/\[details:\(.*\)\] \[solution:\(.*\)\]//' | sed 's/test://')
163
                    SHOWSUGGESTION=$(echo ${SUGGESTION} | sed 's/!space!/ /g' | sed 's/^.* Suggestion: //' | sed 's/\[details:\(.*\)\] \[solution:\(.*\)\]//' | sed 's/test://')
164
                    ADDLINK=$(echo ${SUGGESTION} | sed 's/!space!/ /g' | sed 's/^.* Suggestion: \(.*\)\[test://' | sed 's/\]\(.*\)]//' | ${AWKBINARY} -F: '{print $1}')
164
                    ADDLINK=$(echo ${SUGGESTION} | sed 's/!space!/ /g' | sed 's/^.* Suggestion: \(.*\)\[test://' | sed 's/\]\(.*\)]//' | ${AWKBINARY} -F: '{print $1}')
Lines 183-189 Link Here
183
                done
183
                done
184
            fi
184
            fi
185
            # Show tip on how to continue (next steps)
185
            # Show tip on how to continue (next steps)
186
            if [ ! "${SWARNINGS}" = "" -o ! "${SSUGGESTIONS}" = "" ]; then
186
            if [ ! "${SWARNINGS}" = "" -o ! "${SUGGESTIONS}" = "" ]; then
187
                echo "  ${CYAN}Follow-up${NORMAL}:"
187
                echo "  ${CYAN}Follow-up${NORMAL}:"
188
                echo "  ${WHITE}----------------------------${NORMAL}"
188
                echo "  ${WHITE}----------------------------${NORMAL}"
189
                echo "  ${WHITE}-${NORMAL} Show details of a test (lynis show details TEST-ID)"
189
                echo "  ${WHITE}-${NORMAL} Show details of a test (lynis show details TEST-ID)"
(-)lynis-3.0.0/include/tests_accounting (-5 / +72 lines)
Lines 6-12 Link Here
6
# ------------------
6
# ------------------
7
#
7
#
8
# Copyright 2007-2013, Michael Boelen
8
# Copyright 2007-2013, Michael Boelen
9
# Copyright 2007-2020, CISOfy
9
# Copyright 2007-2021, CISOfy
10
#
10
#
11
# Website  : https://cisofy.com
11
# Website  : https://cisofy.com
12
# Blog     : http://linux-audit.com
12
# Blog     : http://linux-audit.com
Lines 18-30 Link Here
18
#
18
#
19
#################################################################################
19
#################################################################################
20
#
20
#
21
    InsertSection "Accounting"
21
    InsertSection "${SECTION_ACCOUNTING}"
22
#
22
#
23
#################################################################################
23
#################################################################################
24
#
24
#
25
    AUDITD_CONF_LOCS="${ROOTDIR}etc ${ROOTDIR}etc/audit"
25
    AUDITD_CONF_LOCS="${ROOTDIR}etc ${ROOTDIR}etc/audit"
26
    AUDITD_CONF_FILE=""
26
    AUDITD_CONF_FILE=""
27
    CMD_CONF_LOCS="${ROOTDIR}etc ${ROOTDIR}etc/cmd"
28
    CMD_CONF_FILE=""
27
    LINUX_AUDITD_RUNNING=0
29
    LINUX_AUDITD_RUNNING=0
30
    LINUX_CMD_RUNNING=0
28
    AUDIT_DAEMON_RUNNING=0
31
    AUDIT_DAEMON_RUNNING=0
29
    SOLARIS_AUDITD_RUNNING=0
32
    SOLARIS_AUDITD_RUNNING=0
30
#
33
#
Lines 88-94 Link Here
88
            AddHP 3 3
91
            AddHP 3 3
89
        else
92
        else
90
            Display --indent 2 --text "- Checking accounting information" --result "${STATUS_NOT_FOUND}" --color YELLOW
93
            Display --indent 2 --text "- Checking accounting information" --result "${STATUS_NOT_FOUND}" --color YELLOW
91
            LogText "Result: No accounting information available (${ROOTDIR}var/account/pacct, ${ROOTDIR}var/log/account/pact nor ${ROOTDIR}var/log/pact exist)"
94
            LogText "Result: No accounting information available (${ROOTDIR}var/account/pacct, ${ROOTDIR}var/log/account/pacct nor ${ROOTDIR}var/log/pacct exist)"
92
            LogText "Remark: Possibly there is another location where the accounting data is stored"
95
            LogText "Remark: Possibly there is another location where the accounting data is stored"
93
            ReportSuggestion "${TEST_NO}" "Enable process accounting"
96
            ReportSuggestion "${TEST_NO}" "Enable process accounting"
94
            AddHP 2 3
97
            AddHP 2 3
Lines 123-130 Link Here
123
                Display --indent 2 --text "- Checking sysstat accounting data" --result "${STATUS_DISABLED}" --color WHITE
126
                Display --indent 2 --text "- Checking sysstat accounting data" --result "${STATUS_DISABLED}" --color WHITE
124
                ReportSuggestion "${TEST_NO}" "Enable sysstat to collect accounting (cron disabled)"
127
                ReportSuggestion "${TEST_NO}" "Enable sysstat to collect accounting (cron disabled)"
125
            fi
128
            fi
129
        elif [ -f "${ROOTDIR}lib/systemd/system/sysstat.service" ] || [ -f "${ROOTDIR}etc/systemd/system/sysstat.service" ]; then
130
            LogText "Result: sysstat systemd unit found"
131
            if [ -L "${ROOTDIR}etc/systemd/system/multi-user.target.wants/sysstat.service" ]; then
132
                # Assuming -collect.timer and -summary.timer are enabled as well,
133
                # as they are usually in the install section.
134
                LogText "Result: sysstat enabled via systemd"
135
                Display --indent 2 --text "- Checking sysstat accounting data" --result "${STATUS_ENABLED}" --color GREEN
136
            else
137
                LogText "Result: sysstat disabled via systemd"
138
                Display --indent 2 --text "- Checking sysstat accounting data" --result "${STATUS_DISABLED}" --color WHITE
139
            fi
126
        else
140
        else
127
            LogText "Result: sysstat not found via ${ROOTDIR}etc/default/sysstat or ${ROOTDIR}etc/cron.d/sysstat"
141
            LogText "Result: sysstat not found via ${ROOTDIR}etc/default/sysstat or ${ROOTDIR}etc/cron.d/sysstat or as a systemd unit"
128
            Display --indent 2 --text "- Checking sysstat accounting data" --result "${STATUS_NOT_FOUND}" --color YELLOW
142
            Display --indent 2 --text "- Checking sysstat accounting data" --result "${STATUS_NOT_FOUND}" --color YELLOW
129
            ReportSuggestion "${TEST_NO}" "Enable sysstat to collect accounting (no results)"
143
            ReportSuggestion "${TEST_NO}" "Enable sysstat to collect accounting (no results)"
130
        fi
144
        fi
Lines 404-409 Link Here
404
#
418
#
405
#################################################################################
419
#################################################################################
406
#
420
#
421
    # Test        : ACCT-9670
422
    # Description : Check cmd status
423
    if [ -n "${CMDBINARY}" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
424
    Register --test-no ACCT-9670 --os Linux --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check for cmd"
425
    if [ ${SKIPTEST} -eq 0 ]; then
426
        LogText "Test: Check cmd status"
427
        if IsRunning "cmd_daemon"; then
428
            LogText "Result: cmd running"
429
            Display --indent 2 --text "- Checking cmd" --result "${STATUS_ENABLED}" --color GREEN
430
            LINUX_CMD_RUNNING=1
431
            AUDIT_DAEMON_RUNNING=1
432
            Report "audit_trail_tool[]=cmd"
433
            Report "linux_cmd_running=1"
434
            AddHP 4 4
435
        else
436
            LogText "Result: cmd not active"
437
            Display --indent 2 --text "- Checking cmd" --result "${STATUS_NOT_FOUND}" --color WHITE
438
            if [ ! "${VMTYPE}" = "openvz" ]; then
439
                ReportSuggestion "${TEST_NO}" "Install cmd to collect audit information"
440
            fi
441
            AddHP 0 1
442
            Report "linux_cmd_running=0"
443
        fi
444
    fi
445
#
446
#################################################################################
447
#
448
    # Test        : ACCT-9672
449
    # Description : Check cmd configuration file
450
    if [ -n "${CMDBINARY}" -a ${LINUX_CMD_RUNNING} -eq 1 ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
451
    Register --test-no ACCT-9672 --os Linux --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check for cmd configuration file"
452
    if [ ${SKIPTEST} -eq 0 ]; then
453
        LogText "Test: Checking cmd configuration file"
454
        for DIR in ${CMD_CONF_LOCS}; do
455
            if [ -f ${DIR}/config.ini ]; then
456
                CMD_CONF_FILE="${DIR}/config.ini"
457
                LogText "Result: Found ${DIR}/config.ini"
458
            else
459
                LogText "Result: ${DIR}/config.ini not found"
460
            fi
461
        done
462
        # Check if we discovered the configuration file. It should be there is the binaries are available and process is running
463
        if [ -n "${CMD_CONF_FILE}" ]; then
464
            Display --indent 4 --text "- Checking cmd configuration file" --result "${STATUS_OK}" --color GREEN
465
        else
466
            LogText "Result: could not find cmd configuration file"
467
            Display --indent 4 --text "- Checking cmd configuration file" --result "${STATUS_FOUND}" --color RED
468
            ReportSuggestion "${TEST_NO}" "Determine the location of cmd configuration file"
469
        fi
470
    fi
471
#
472
#################################################################################
473
#
407
    Report "audit_daemon_running=${AUDIT_DAEMON_RUNNING}"
474
    Report "audit_daemon_running=${AUDIT_DAEMON_RUNNING}"
408
#
475
#
409
#################################################################################
476
#################################################################################
Lines 413-416 Link Here
413
480
414
#
481
#
415
#================================================================================
482
#================================================================================
416
# Lynis - Copyright 2007-2020, Michael Boelen / CISOfy - https://cisofy.com
483
# Lynis - Copyright 2007-2021, Michael Boelen / CISOfy - https://cisofy.com
(-)lynis-3.0.0/include/tests_authentication (-100 / +159 lines)
Lines 6-12 Link Here
6
# ------------------
6
# ------------------
7
#
7
#
8
# Copyright 2007-2013, Michael Boelen
8
# Copyright 2007-2013, Michael Boelen
9
# Copyright 2007-2020, CISOfy
9
# Copyright 2007-2021, CISOfy
10
#
10
#
11
# Website  : https://cisofy.com
11
# Website  : https://cisofy.com
12
# Blog     : http://linux-audit.com
12
# Blog     : http://linux-audit.com
Lines 25-37 Link Here
25
    LDAP_AUTH_ENABLED=0
25
    LDAP_AUTH_ENABLED=0
26
    LDAP_PAM_ENABLED=0
26
    LDAP_PAM_ENABLED=0
27
    LDAP_CONF_LOCATIONS="${ROOTDIR}etc/ldap.conf ${ROOTDIR}etc/ldap/ldap.conf ${ROOTDIR}etc/openldap/ldap.conf ${ROOTDIR}usr/local/etc/ldap.conf ${ROOTDIR}usr/local/etc/openldap/ldap.conf"
27
    LDAP_CONF_LOCATIONS="${ROOTDIR}etc/ldap.conf ${ROOTDIR}etc/ldap/ldap.conf ${ROOTDIR}etc/openldap/ldap.conf ${ROOTDIR}usr/local/etc/ldap.conf ${ROOTDIR}usr/local/etc/openldap/ldap.conf"
28
    PAM_FILE_LOCATIONS="${ROOTDIR}lib/arm-linux-gnueabihf/security ${ROOTDIR}lib/i386-linux-gnu/security ${ROOTDIR}lib/security ${ROOTDIR}lib/x86_64-linux-gnu/security ${ROOTDIR}lib64/security ${ROOTDIR}usr/lib /usr/lib/security"
28
    PAM_FILE_LOCATIONS="${ROOTDIR}usr/lib/aarch64-linux-gnu/security ${ROOTDIR}lib/arm-linux-gnueabihf/security ${ROOTDIR}lib/i386-linux-gnu/security ${ROOTDIR}lib/security ${ROOTDIR}lib/x86_64-linux-gnu/security ${ROOTDIR}lib64/security ${ROOTDIR}usr/lib /usr/lib/security"
29
    SUDOERS_LOCATIONS="${ROOTDIR}etc/sudoers ${ROOTDIR}usr/local/etc/sudoers ${ROOTDIR}usr/pkg/etc/sudoers"
29
    SUDOERS_LOCATIONS="${ROOTDIR}etc/sudoers ${ROOTDIR}usr/local/etc/sudoers ${ROOTDIR}usr/pkg/etc/sudoers"
30
    SUDOERS_FILE=""
30
    SUDOERS_FILE=""
31
#
31
#
32
#################################################################################
32
#################################################################################
33
#
33
#
34
    InsertSection "Users, Groups and Authentication"
34
    InsertSection "${SECTION_USERS_GROUPS_AND_AUTHENTICATION}"
35
35
36
    # Test        : AUTH-9204
36
    # Test        : AUTH-9204
37
    # Description : Check users with UID zero (0)
37
    # Description : Check users with UID zero (0)
Lines 286-335 Link Here
286
    # Description : Check password hashing methods vs. recommendations in crypt(5)
286
    # Description : Check password hashing methods vs. recommendations in crypt(5)
287
    # Notes       : Applicable to all Unix-like OS
287
    # Notes       : Applicable to all Unix-like OS
288
    #               Requires read access to /etc/shadow (if it exists)
288
    #               Requires read access to /etc/shadow (if it exists)
289
290
    ParsePasswordEntry() {
291
        METHOD=$1
292
        case ${METHOD} in
293
            1:\* | 1:x | 0: | *:!* | *LOCK*)
294
                # disabled | shadowed | no password | locked account (can be literal *LOCK* or something like LOCKED)
295
                ;;
296
            *:\$5\$*| *:\$6\$*)
297
                # sha256crypt | sha512crypt: check number of rounds, should be >=5000
298
                ROUNDS=$(echo "${METHOD}" | sed -n 's/.*rounds=\([0-9]*\)\$.*/\1/gp')
299
                if [ -z "${ROUNDS}" ]; then
300
                    echo 'sha256crypt/sha512crypt(default=5000rounds)'
301
                elif [ "${ROUNDS}" -lt 5000 ]; then
302
                    echo 'sha256crypt/sha512crypt(<5000rounds)'
303
                fi
304
                ;;
305
            *:\$y\$* | *:\$gy\$* | *:\$2b\$* | *:\$7\$*)
306
                # yescrypt | gost-yescrypt | bcrypt | scrypt
307
                ;;
308
            *:_*)
309
                echo bsdicrypt
310
                ;;
311
            *:\$1\$*)
312
                echo md5crypt
313
                ;;
314
            *:\$3\$*)
315
                echo NT
316
                ;;
317
            *:\$md5*)
318
                echo SunMD5
319
                ;;
320
            *:\$sha1*)
321
                echo sha1crypt
322
                ;;
323
            13:* | 178:*)
324
                echo bigcrypt/descrypt
325
                ;;
326
            *)
327
                echo "Unknown password hashing method ${METHOD}. Please report to lynis-dev@cisofy.com"
328
                ;;
329
        esac
330
    }
331
289
    Register --test-no AUTH-9229 --root-only YES --weight L --network NO --category security --description "Check password hashing methods"
332
    Register --test-no AUTH-9229 --root-only YES --weight L --network NO --category security --description "Check password hashing methods"
290
    if [ ${SKIPTEST} -eq 0 ]; then
333
    if [ ${SKIPTEST} -eq 0 ]; then
291
        LogText "Test: Checking password hashing methods"
334
        LogText "Test: Checking password hashing methods"
292
        SHADOW="";
335
        SHADOW="";
293
        if [ -e ${ROOTDIR}etc/shadow ]; then SHADOW="${ROOTDIR}etc/shadow"; fi
336
        if [ -e ${ROOTDIR}etc/shadow ]; then SHADOW="${ROOTDIR}etc/shadow"; fi
294
        FIND=$(${CAT_BINARY} ${ROOTDIR}etc/passwd ${SHADOW} | ${AWKBINARY} -F : '{print length($2) ":" $2 }' | while read METHOD; do
337
        FIND=$(${CAT_BINARY} ${ROOTDIR}etc/passwd ${SHADOW} | ${AWKBINARY} -F : '{print length($2) ":" $2 }' | while read METHOD; do
295
            case ${METHOD} in
338
            ParsePasswordEntry ${METHOD}
296
                1:\* | 1:x | 0: | *:!*)
297
                    # disabled | shadowed | no password | locked account
298
                    ;;
299
                *:\$5\$*| *:\$6\$*)
300
                    # sha256crypt | sha512crypt: check number of rounds, should be >5000
301
                    ROUNDS=$(echo "${METHOD}" | sed -n 's/.*rounds=\([0-9]*\)\$.*/\1/gp')
302
                    if [ -z "${ROUNDS}" ]; then
303
                        echo 'sha256crypt/sha512crypt(default<=5000rounds)'
304
                    elif [ "${ROUNDS}" -le 5000 ]; then
305
                        echo 'sha256crypt/sha512crypt(<=5000rounds)'
306
                    fi
307
                    ;;
308
                *:\$y\$* | *:\$gy\$* | *:\$2b\$* | *:\$7\$*)
309
                    # yescrypt | gost-yescrypt | bcrypt | scrypt
310
                    ;;
311
                *:_*)
312
                    echo bsdicrypt
313
                    ;;
314
                *:\$1\$*)
315
                    echo md5crypt
316
                    ;;
317
                *:\$3\$*)
318
                    echo NT
319
                    ;;
320
                *:\$md5*)
321
                    echo SunMD5
322
                    ;;
323
                *:\$sha1*)
324
                    echo sha1crypt
325
                    ;;
326
                13:* | 178:*)
327
                    echo bigcrypt/descrypt
328
                    ;;
329
                *)
330
                    echo "Unknown password hashing method ${METHOD}. Please report to lynis-dev@cisofy.com"
331
                    ;;
332
            esac
333
        done | ${SORTBINARY} -u | ${TRBINARY} '\n' ' ')
339
        done | ${SORTBINARY} -u | ${TRBINARY} '\n' ' ')
334
        if [ -z "${FIND}" ]; then
340
        if [ -z "${FIND}" ]; then
335
            Display --indent 2 --text "- Password hashing methods" --result "${STATUS_OK}" --color GREEN
341
            Display --indent 2 --text "- Password hashing methods" --result "${STATUS_OK}" --color GREEN
Lines 346-396 Link Here
346
#################################################################################
352
#################################################################################
347
#
353
#
348
    # Test        : AUTH-9230
354
    # Test        : AUTH-9230
349
    # Description : Check group password hashing rounds in login.defs
355
    # Description : Check password hashing rounds in login.defs
350
    # Notes       : Applicable to all Unix-like OS
356
    # Notes       : Applicable to all Unix-like OS
351
    PREQS_MET="NO"
357
    PREQS_MET="NO"
352
    if [ -f ${ROOTDIR}etc/login.defs ]; then
358
    if [ -f ${ROOTDIR}etc/login.defs ]; then
353
        PREQS_MET="YES"
359
        PREQS_MET="YES"
354
    fi
360
    fi
355
    Register --test-no AUTH-9230 --preqs-met ${PREQS_MET} --root-only NO --weight L --network NO --category security --description "Check group password hashing rounds"
361
    Register --test-no AUTH-9230 --preqs-met ${PREQS_MET} --root-only NO --weight L --network NO --category security --description "Check password hashing rounds"
356
    if [ ${SKIPTEST} -eq 0 ]; then
362
    if [ ${SKIPTEST} -eq 0 ]; then
357
        LogText "Test: Checking SHA_CRYPT_MIN_ROUNDS option in ${ROOTDIR}etc/login.defs"
363
        SHA_CRYPT_MIN_ROUNDS_FIND=$(${GREPBINARY} "^SHA_CRYPT_MIN_ROUNDS" ${ROOTDIR}etc/login.defs | ${AWKBINARY} '{ if ($1=="SHA_CRYPT_MIN_ROUNDS") { print $2 } }')
358
        FIND=$(${GREPBINARY} "^SHA_CRYPT_MIN_ROUNDS" ${ROOTDIR}etc/login.defs | ${AWKBINARY} '{ if ($1=="SHA_CRYPT_MIN_ROUNDS") { print $2 } }')
364
        SHA_CRYPT_MAX_ROUNDS_FIND=$(${GREPBINARY} "^SHA_CRYPT_MAX_ROUNDS" ${ROOTDIR}etc/login.defs | ${AWKBINARY} '{ if ($1=="SHA_CRYPT_MAX_ROUNDS") { print $2 } }')
359
        if [ -z "${FIND}" -o "${FIND}" = "0" ]; then
365
        SHA_CRYPT_ROUNDS=0
360
            LogText "Result: number of minimum rounds used by the encryption algorithm is not configured"
366
361
            Display --indent 2 --text "- Checking minimum group password hashing rounds" --result "${STATUS_DISABLED}" --color YELLOW
367
        if [ -n "${SHA_CRYPT_MIN_ROUNDS_FIND}" -a -n "${SHA_CRYPT_MAX_ROUNDS_FIND}" ]; then
362
            ReportSuggestion "${TEST_NO}" "Configure minimum encryption algorithm rounds in /etc/login.defs"
368
            if [ ${SHA_CRYPT_MIN_ROUNDS_FIND} -lt ${SHA_CRYPT_MAX_ROUNDS_FIND} ]; then
363
            AddHP 0 2
369
                SHA_CRYPT_ROUNDS=${SHA_CRYPT_MIN_ROUNDS_FIND}
364
        elif [ "${FIND}" -lt 5000 ]; then
370
            else
365
            LogText "Result: low number of minimum encryption algorithm rounds found: ${FIND}"
371
                SHA_CRYPT_ROUNDS=${SHA_CRYPT_MAX_ROUNDS_FIND}
366
            PASSWORD_MINIMUM_ROUNDS=${FIND}
372
            fi
367
            Display --indent 2 --text "- Group password hashing rounds (minimum)"  --result "${STATUS_SUGGESTION}" --color YELLOW
373
        elif [ -z "${SHA_CRYPT_MIN_ROUNDS_FIND}" -a -n "${SHA_CRYPT_MAX_ROUNDS_FIND}" ]; then
368
            AddHP 1 2
374
            SHA_CRYPT_ROUNDS=${SHA_CRYPT_MAX_ROUNDS_FIND}
375
        elif [ -n "${SHA_CRYPT_MIN_ROUNDS_FIND}" -a -z "${SHA_CRYPT_MAX_ROUNDS_FIND}" ]; then
376
            SHA_CRYPT_ROUNDS=${SHA_CRYPT_MIN_ROUNDS_FIND}
369
        else
377
        else
370
            LogText "Result: number of encryption algorithm rounds is ${FIND}"
378
            SHA_CRYPT_ROUNDS=0
371
            PASSWORD_MINIMUM_ROUNDS=${FIND}
372
            Display --indent 2 --text "- Group password hashing rounds (minimum)" --result CONFIGURED --color GREEN
373
            AddHP 2 2
374
        fi
379
        fi
375
380
376
        LogText "Test: Checking SHA_CRYPT_MAX_ROUNDS option in ${ROOTDIR}etc/login.defs"
381
        LogText "Test: Checking SHA_CRYPT_{MIN,MAX}_ROUNDS option in ${ROOTDIR}etc/login.defs"
377
        FIND=$(${GREPBINARY} "^SHA_CRYPT_MAX_ROUNDS" ${ROOTDIR}etc/login.defs | ${AWKBINARY} '{ if ($1=="SHA_CRYPT_MAX_ROUNDS") { print $2 } }')
382
        if [ ${SHA_CRYPT_ROUNDS} -eq 0 ]; then
378
        if [ -z "${FIND}" -o "${FIND}" = "0" ]; then
383
            LogText "Result: number of password hashing rounds is not configured"
379
            LogText "Result: number of maximum rounds used by the encryption algorithm is not configured"
384
            Display --indent 2 --text "- Checking password hashing rounds" --result "${STATUS_DISABLED}" --color YELLOW
380
            Display --indent 2 --text "- Checking maximum group password hashing rounds" --result "${STATUS_DISABLED}" --color YELLOW
385
            ReportSuggestion "${TEST_NO}" "Configure password hashing rounds in /etc/login.defs"
381
            ReportSuggestion "${TEST_NO}" "Configure maximum encryption algorithm rounds in /etc/login.defs"
382
            AddHP 0 2
386
            AddHP 0 2
383
        elif [ "${FIND}" -lt 10000 ]; then
384
            LogText "Result: low number of maximum encryption algorithm rounds found: ${FIND}"
385
            PASSWORD_MINIMUM_ROUNDS=${FIND}
386
            Display --indent 2 --text "- Group password hashing rounds (maximum)"  --result "${STATUS_SUGGESTION}" --color YELLOW
387
            AddHP 1 2
388
        else
389
            LogText "Result: number of encryption algorithm rounds is ${FIND}"
390
            PASSWORD_MINIMUM_ROUNDS=${FIND}
391
            Display --indent 2 --text "- Group password hashing rounds (maximum)" --result CONFIGURED --color GREEN
392
            AddHP 2 2
393
        fi
387
        fi
388
389
        if [ -n "${SHA_CRYPT_ROUNDS}" ] && [ ${SHA_CRYPT_ROUNDS} -gt 0 ]; then
390
            if [ ${SHA_CRYPT_ROUNDS} -lt 5000 ]; then
391
                LogText "Result: low number of password hashing rounds found: ${SHA_CRYPT_ROUNDS}"
392
                Display --indent 2 --text "- Password hashing rounds (minimum)"  --result "${STATUS_SUGGESTION}" --color YELLOW
393
                AddHP 1 2
394
            else
395
                LogText "Result: number of password hashing rounds is ${SHA_CRYPT_ROUNDS}"
396
                Display --indent 2 --text "- Password hashing rounds (minimum)" --result CONFIGURED --color GREEN
397
                AddHP 2 2
398
            fi
399
        fi
394
    fi
400
    fi
395
#
401
#
396
#################################################################################
402
#################################################################################
Lines 496-502 Link Here
496
            FIND=$(${EGREPBINARY} "^passwd" /etc/nsswitch.conf | ${EGREPBINARY} "compat|nisplus")
502
            FIND=$(${EGREPBINARY} "^passwd" /etc/nsswitch.conf | ${EGREPBINARY} "compat|nisplus")
497
            if [ -z "${FIND}" ]; then
503
            if [ -z "${FIND}" ]; then
498
                LogText "Result: NIS+ authentication not enabled"
504
                LogText "Result: NIS+ authentication not enabled"
499
                Display --indent 2 --text "- NIS+ authentication support" --result "NOT ENABLED" --color WHITE
505
                Display --indent 2 --text "- NIS+ authentication support" --result "${STATUS_NOT_ENABLED}" --color WHITE
500
            else
506
            else
501
                FIND2=$(${EGREPBINARY} "^passwd_compat" ${ROOTDIR}etc/nsswitch.conf | ${GREPBINARY} "nisplus")
507
                FIND2=$(${EGREPBINARY} "^passwd_compat" ${ROOTDIR}etc/nsswitch.conf | ${GREPBINARY} "nisplus")
502
                FIND3=$(${EGREPBINARY} "^passwd" ${ROOTDIR}etc/nsswitch.conf | ${GREPBINARY} "nisplus")
508
                FIND3=$(${EGREPBINARY} "^passwd" ${ROOTDIR}etc/nsswitch.conf | ${GREPBINARY} "nisplus")
Lines 505-511 Link Here
505
                    Display --indent 2 --text "- NIS+ authentication support" --result "${STATUS_ENABLED}" --color GREEN
511
                    Display --indent 2 --text "- NIS+ authentication support" --result "${STATUS_ENABLED}" --color GREEN
506
                else
512
                else
507
                    LogText "Result: NIS+ authentication not enabled"
513
                    LogText "Result: NIS+ authentication not enabled"
508
                    Display --indent 2 --text "- NIS+ authentication support" --result "NOT ENABLED" --color WHITE
514
                    Display --indent 2 --text "- NIS+ authentication support" --result "${STATUS_NOT_ENABLED}" --color WHITE
509
                fi
515
                fi
510
            fi
516
            fi
511
          else
517
          else
Lines 523-529 Link Here
523
            FIND=$(${EGREPBINARY} "^passwd" /etc/nsswitch.conf | ${EGREPBINARY} "compat|nis" | ${GREPBINARY} -v "nisplus")
529
            FIND=$(${EGREPBINARY} "^passwd" /etc/nsswitch.conf | ${EGREPBINARY} "compat|nis" | ${GREPBINARY} -v "nisplus")
524
            if [ -z "${FIND}" ]; then
530
            if [ -z "${FIND}" ]; then
525
                LogText "Result: NIS authentication not enabled"
531
                LogText "Result: NIS authentication not enabled"
526
                Display --indent 2 --text "- NIS authentication support" --result "NOT ENABLED" --color WHITE
532
                Display --indent 2 --text "- NIS authentication support" --result "${STATUS_NOT_ENABLED}" --color WHITE
527
            else
533
            else
528
                FIND2=$(${EGREPBINARY} "^passwd_compat" /etc/nsswitch.conf | ${GREPBINARY} "nis" | ${GREPBINARY} -v "nisplus")
534
                FIND2=$(${EGREPBINARY} "^passwd_compat" /etc/nsswitch.conf | ${GREPBINARY} "nis" | ${GREPBINARY} -v "nisplus")
529
                FIND3=$(${EGREPBINARY} "^passwd" /etc/nsswitch.conf | ${GREPBINARY} "nis" | ${GREPBINARY} -v "nisplus")
535
                FIND3=$(${EGREPBINARY} "^passwd" /etc/nsswitch.conf | ${GREPBINARY} "nis" | ${GREPBINARY} -v "nisplus")
Lines 532-538 Link Here
532
                    Display --indent 2 --text "- NIS authentication support" --result "${STATUS_ENABLED}" --color GREEN
538
                    Display --indent 2 --text "- NIS authentication support" --result "${STATUS_ENABLED}" --color GREEN
533
                else
539
                else
534
                    LogText "Result: NIS authentication not enabled"
540
                    LogText "Result: NIS authentication not enabled"
535
                    Display --indent 2 --text "- NIS authentication support" --result "NOT ENABLED" --color WHITE
541
                    Display --indent 2 --text "- NIS authentication support" --result "${STATUS_NOT_ENABLED}" --color WHITE
536
                fi
542
                fi
537
            fi
543
            fi
538
        else
544
        else
Lines 601-607 Link Here
601
                    Display --indent 4 --text "- Permissions for directory: ${SUDOERS_D}" --result "${STATUS_WARNING}" --color RED
607
                    Display --indent 4 --text "- Permissions for directory: ${SUDOERS_D}" --result "${STATUS_WARNING}" --color RED
602
                    ;;
608
                    ;;
603
            esac
609
            esac
604
            SUDO_CONFIG_FILES="${SUDO_CONFIG_FILES} $(${FINDBINARY} ${SUDOERS_D} -type f -print)"
610
            SUDO_CONFIG_FILES="${SUDO_CONFIG_FILES} $(${FINDBINARY} -L ${SUDOERS_D} -type f -print)"
605
        fi
611
        fi
606
        for f in ${SUDO_CONFIG_FILES}; do
612
        for f in ${SUDO_CONFIG_FILES}; do
607
            LogText "Test: checking file (${f})"
613
            LogText "Test: checking file (${f})"
Lines 758-764 Link Here
758
            LogText "Result: directory /etc/pam.d exists"
764
            LogText "Result: directory /etc/pam.d exists"
759
            Display --indent 2 --text "- PAM configuration files (pam.d)" --result "${STATUS_FOUND}" --color GREEN
765
            Display --indent 2 --text "- PAM configuration files (pam.d)" --result "${STATUS_FOUND}" --color GREEN
760
            LogText "Test: searching PAM configuration files"
766
            LogText "Test: searching PAM configuration files"
761
            FIND=$(${FINDBINARY} ${ROOTDIR}etc/pam.d \! -name "*.pam-old" -type f -print | sort)
767
            FIND=$(${FINDBINARY} -L ${ROOTDIR}etc/pam.d \! -name "*.pam-old" -type f -print | sort)
762
            for FILE in ${FIND}; do
768
            for FILE in ${FIND}; do
763
                LogText "Found file: ${FILE}"
769
                LogText "Found file: ${FILE}"
764
            done
770
            done
Lines 843-849 Link Here
843
#
849
#
844
#################################################################################
850
#################################################################################
845
#
851
#
846
    # Test        : AUTH-9282 and AUTH-9283
852
    # Test        : AUTH-9282, AUTH-9283, and AUTH-9284
847
    # Note        : Every Linux based operating system seem to have different passwd
853
    # Note        : Every Linux based operating system seem to have different passwd
848
    #               options, so we have to check the version first.
854
    #               options, so we have to check the version first.
849
    if [ "${OS}" = "Linux" ]; then
855
    if [ "${OS}" = "Linux" ]; then
Lines 853-877 Link Here
853
                    PREQS_MET="YES"
859
                    PREQS_MET="YES"
854
                    FIND_P=$(passwd -a -S 2> /dev/null | ${AWKBINARY} '{ if ($2=="P" && $5=="99999") print $1 }')
860
                    FIND_P=$(passwd -a -S 2> /dev/null | ${AWKBINARY} '{ if ($2=="P" && $5=="99999") print $1 }')
855
                    FIND2=$(passwd -a -S 2> /dev/null | ${AWKBINARY} '{ if ($2=="NP") print $1 }')
861
                    FIND2=$(passwd -a -S 2> /dev/null | ${AWKBINARY} '{ if ($2=="NP") print $1 }')
862
                    FIND3=$(passwd -a -S 2> /dev/null | ${AWKBINARY} '{ if ($2=="L") print $1 }' | sort | uniq)
856
                    ;;
863
                    ;;
857
                *)
864
                *)
858
                    PREQS_MET="YES"
865
                    PREQS_MET="YES"
859
                    FIND_P=$(passwd --all --status 2> /dev/null | ${AWKBINARY} '{ if ($2=="P" && $5=="99999") print $1 }')
866
                    FIND_P=$(passwd --all --status 2> /dev/null | ${AWKBINARY} '{ if ($2=="P" && $5=="99999") print $1 }')
860
                    FIND2=$(passwd --all --status 2> /dev/null | ${AWKBINARY} '{ if ($2=="NP") print $1 }')
867
                    FIND2=$(passwd --all --status 2> /dev/null | ${AWKBINARY} '{ if ($2=="NP") print $1 }')
868
                    FIND3=$(passwd --all --status 2> /dev/null | ${AWKBINARY} '{ if ($2=="L") print $1 }' | sort | uniq)
861
                    ;;
869
                    ;;
862
            esac
870
            esac
863
        elif [ "${OS_REDHAT_OR_CLONE}" -eq 1 ]; then
871
        elif [ "${OS_REDHAT_OR_CLONE}" -eq 1 ]; then
864
            PREQS_MET="YES"
872
            PREQS_MET="YES"
865
            FIND_P=$(for I in $(${AWKBINARY} -F: '{print $1}' "${ROOTDIR}etc/passwd") ; do passwd -S "$I" | ${AWKBINARY} '{ if ($2=="PS" && $5=="99999") print $1 }' ; done)
873
            FIND_P=$(for I in $(${AWKBINARY} -F: '{print $1}' "${ROOTDIR}etc/passwd") ; do passwd -S "$I" | ${AWKBINARY} '{ if ($2=="PS" && $5=="99999") print $1 }' ; done)
866
            FIND2=$(for I in $(${AWKBINARY} -F: '{print $1}' "${ROOTDIR}etc/passwd") ; do passwd -S "$I" | ${AWKBINARY} '{ if ($2=="NP") print $1 }' ; done)
874
            FIND2=$(for I in $(${AWKBINARY} -F: '{print $1}' "${ROOTDIR}etc/passwd") ; do passwd -S "$I" | ${AWKBINARY} '{ if ($2=="NP") print $1 }' ; done)
875
            FIND3=$(for I in $(${AWKBINARY} -F: '{print $1}' "${ROOTDIR}etc/passwd") ; do passwd -S "$I" | ${AWKBINARY} '{ if ($2=="L" || $2=="LK") print $1 }' | sort | uniq ; done)
867
        else
876
        else
868
            LogText "Result: skipping test for this Linux version"
877
            LogText "Result: skipping test for this Linux version"
869
            ReportManual "AUTH-9282:01"
878
            ReportManual "AUTH-9282:01"
870
            PREQS_MET="NO"
879
            PREQS_MET="NO"
871
            FIND_P=""
880
            FIND_P=""
872
            FIND2=""
881
            FIND2=""
882
            FIND3=""
873
        fi
883
        fi
874
     else
884
    else
875
        PREQS_MET="NO"
885
        PREQS_MET="NO"
876
    fi
886
    fi
877
887
Lines 892-902 Link Here
892
            ReportSuggestion "${TEST_NO}" "When possible set expire dates for all password protected accounts"
902
            ReportSuggestion "${TEST_NO}" "When possible set expire dates for all password protected accounts"
893
        fi
903
        fi
894
    fi
904
    fi
895
#
905
896
#################################################################################
897
#
898
    # Test        : AUTH-9283
906
    # Test        : AUTH-9283
899
    # Description : Search passwordless accounts
907
    # Description : Search passwordless accounts
908
    # Notes       : requires FIND2 variable
900
    Register --test-no AUTH-9283 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Checking accounts without password"
909
    Register --test-no AUTH-9283 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Checking accounts without password"
901
    if [ "${SKIPTEST}" -eq 0 ]; then
910
    if [ "${SKIPTEST}" -eq 0 ]; then
902
        LogText "Test: Checking passwordless accounts"
911
        LogText "Test: Checking passwordless accounts"
Lines 907-918 Link Here
907
            LogText "Result: found one or more accounts without password"
916
            LogText "Result: found one or more accounts without password"
908
            for I in ${FIND2}; do
917
            for I in ${FIND2}; do
909
                LogText "Account without password: ${I}"
918
                LogText "Account without password: ${I}"
910
                Report "account_without_password=${I}"
919
                Report "account_without_password[]=${I}"
911
            done
920
            done
912
            Display --indent 2 --text "- Accounts without password" --result "${STATUS_WARNING}" --color RED
921
            Display --indent 2 --text "- Accounts without password" --result "${STATUS_WARNING}" --color RED
913
            ReportWarning "${TEST_NO}" "Found accounts without password"
922
            ReportWarning "${TEST_NO}" "Found accounts without password"
914
        fi
923
        fi
915
    fi
924
    fi
925
926
    # Test        : AUTH-9284
927
    # Description : Check locked user accounts in /etc/passwd
928
    # Notes       : requires FIND3 variable
929
    Register --test-no AUTH-9284 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check locked user accounts in /etc/passwd"
930
    if [ "${SKIPTEST}" -eq 0 ]; then
931
        LogText "Test: Checking locked accounts"
932
        NON_SYSTEM_ACCOUNTS=$(${AWKBINARY} -F : '$3 > 999 && $3 != 65534 {print $1}' ${ROOTDIR}etc/passwd | ${SORTBINARY} | ${UNIQBINARY})
933
        LOCKED_NON_SYSTEM_ACCOUNTS=0
934
        for account in ${FIND3}; do
935
            if echo "${NON_SYSTEM_ACCOUNTS}" | ${GREPBINARY} -w "${account}" > /dev/null ; then
936
                LOCKED_NON_SYSTEM_ACCOUNTS=$((LOCKED_NON_SYSTEM_ACCOUNTS + 1))
937
            fi
938
        done
939
        if [ ${LOCKED_NON_SYSTEM_ACCOUNTS} -eq 0 ]; then
940
            LogText "Result: all accounts seem to be unlocked"
941
            Display --indent 2 --text "- Locked accounts" --result "${STATUS_OK}" --color GREEN
942
        else
943
            LogText "Result: found one or more locked accounts"
944
            for account in ${FIND3}; do
945
                if echo "${NON_SYSTEM_ACCOUNTS}" | ${GREPBINARY} -w "${account}" > /dev/null ; then
946
                    LogText "Locked account: ${account}"
947
                    Report "locked_account[]=${account}"
948
                fi
949
            done
950
            Display --indent 2 --text "- Locked accounts" --result "${STATUS_FOUND}" --color RED
951
            ReportSuggestion "${TEST_NO}" "Look at the locked accounts and consider removing them"
952
        fi
953
        unset account LOCKED_NON_SYSTEM_ACCOUNTS NON_SYSTEM_ACCOUNTS
954
    fi
955
956
    unset FIND1 FIND2 FIND3
916
#
957
#
917
#################################################################################
958
#################################################################################
918
#
959
#
Lines 1027-1033 Link Here
1027
    # Test        : AUTH-9306
1068
    # Test        : AUTH-9306
1028
    # Description : Check if authentication is needed to boot the system
1069
    # Description : Check if authentication is needed to boot the system
1029
    # Notes       : :d_boot_authenticate: is a good option for production machines to
1070
    # Notes       : :d_boot_authenticate: is a good option for production machines to
1030
    #               avoid unauthorized booting of systems. Option :d_boot_autentication@:
1071
    #               avoid unauthorized booting of systems. Option :d_boot_authentication@:
1031
    #               disabled a required login.
1072
    #               disabled a required login.
1032
    Register --test-no AUTH-9306 --os HP-UX --weight L --network NO --category security --description "Check single boot authentication"
1073
    Register --test-no AUTH-9306 --os HP-UX --weight L --network NO --category security --description "Check single boot authentication"
1033
    if [ ${SKIPTEST} -eq 0 ]; then
1074
    if [ ${SKIPTEST} -eq 0 ]; then
Lines 1434-1440 Link Here
1434
        if [ ${FOUND} -eq 1 ]; then
1475
        if [ ${FOUND} -eq 1 ]; then
1435
            Display --indent 2 --text "- Checking account locking" --result "${STATUS_ENABLED}" --color GREEN
1476
            Display --indent 2 --text "- Checking account locking" --result "${STATUS_ENABLED}" --color GREEN
1436
        else
1477
        else
1437
            Display --indent 2 --text "- Checking account locking" --result "NOT ENABLED" --color YELLOW
1478
            Display --indent 2 --text "- Checking account locking" --result "${STATUS_NOT_ENABLED}" --color YELLOW
1438
        fi
1479
        fi
1439
    fi
1480
    fi
1440
#
1481
#
Lines 1448-1454 Link Here
1448
            FIND=$(${EGREPBINARY} "^passwd" ${ROOTDIR}etc/nsswitch.conf | ${GREPBINARY} "ldap")
1489
            FIND=$(${EGREPBINARY} "^passwd" ${ROOTDIR}etc/nsswitch.conf | ${GREPBINARY} "ldap")
1449
            if [ "${FIND}" = "" ]; then
1490
            if [ "${FIND}" = "" ]; then
1450
                LogText "Result: LDAP authentication not enabled"
1491
                LogText "Result: LDAP authentication not enabled"
1451
                Display --indent 2 --text "- LDAP authentication support" --result "NOT ENABLED" --color WHITE
1492
                Display --indent 2 --text "- LDAP authentication support" --result "${STATUS_NOT_ENABLED}" --color WHITE
1452
            else
1493
            else
1453
                LogText "Result: LDAP authentication enabled"
1494
                LogText "Result: LDAP authentication enabled"
1454
                Display --indent 2 --text "- LDAP authentication support" --result "${STATUS_ENABLED}" --color GREEN
1495
                Display --indent 2 --text "- LDAP authentication support" --result "${STATUS_ENABLED}" --color GREEN
Lines 1492-1522 Link Here
1492
    # Description : Logging of failed login attempts
1533
    # Description : Logging of failed login attempts
1493
    Register --test-no AUTH-9408 --weight L --network NO --category security --description "Logging of failed login attempts"
1534
    Register --test-no AUTH-9408 --weight L --network NO --category security --description "Logging of failed login attempts"
1494
    if [ ${SKIPTEST} -eq 0 ]; then
1535
    if [ ${SKIPTEST} -eq 0 ]; then
1495
        if [ -f "${ROOTDIR}etc/pam.conf" ]; then
1536
        if [ -f "${ROOTDIR}etc/pam.conf" -o -d "${ROOTDIR}etc/pam.d" ]; then
1496
            FOUND_PAM_TALLY2=0
1537
            FOUND_PAM_TALLY2=0
1497
            FOUND_TALLYLOG=0
1538
            FOUND_TALLYLOG=0
1498
            if [ -s "${ROOTDIR}var/log/tallylog" ]; then
1539
            FOUND_PAM_FAILLOCK=0
1540
            FOUND_FAILLOCKDIR=0
1541
            if [ -d "${ROOTDIR}var/run/faillock" ]; then
1542
                FOUND_FAILLOCKDIR=1
1543
                LogText "Result: found ${ROOTDIR}var/run/faillock directory"
1544
            elif [ -s "${ROOTDIR}var/log/tallylog" ]; then
1499
                FOUND_TALLYLOG=1
1545
                FOUND_TALLYLOG=1
1500
                LogText "Result: found ${ROOTDIR}var/log/tallylog with a size bigger than zero"
1546
                LogText "Result: found ${ROOTDIR}var/log/tallylog with a size bigger than zero"
1501
            else
1547
            else
1502
                LogText "Result: did not find ${ROOTDIR}var/log/tallylog on disk or its file size is zero bytes"
1548
                LogText "Result: did not find ${ROOTDIR}var/run/faillock directory or ${ROOTDIR}var/log/tallylog file on disk or its file size is zero bytes"
1503
            fi
1549
            fi
1504
            # Determine if pam_tally2 is available
1550
            # Determine if pam_faillock is available
1505
            for D in $(GetReportData --key "pam_module\\\[\\\]"); do
1551
            for D in $(GetReportData --key "pam_module\\\[\\\]"); do
1506
                if ContainsString "pam_tally2" "${D}"; then
1552
                if ContainsString "pam_faillock" "${D}"; then
1507
                    LogText "Result: found pam_tally2 module on disk"
1553
                    LogText "Result: found pam_faillock module on disk"
1508
                    FOUND_PAM_TALLY2=1
1554
                    FOUND_PAM_FAILLOCK=1
1509
                fi
1555
                fi
1510
            done
1556
            done
1511
            if [ ${FOUND_PAM_TALLY2} -eq 1 -a ${FOUND_TALLYLOG} -eq 1 ]; then
1557
            if [ ${FOUND_PAM_FAILLOCK} -eq 0 ]; then
1558
                # Determine if pam_tally2 is available
1559
                for D in $(GetReportData --key "pam_module\\\[\\\]"); do
1560
                    if ContainsString "pam_tally2" "${D}"; then
1561
                        LogText "Result: found pam_tally2 module on disk"
1562
                        FOUND_PAM_TALLY2=1
1563
                    fi
1564
                done
1565
            fi
1566
            if [ ${FOUND_PAM_FAILLOCK} -eq 1 -a ${FOUND_FAILLOCKDIR} -eq 1 ]; then
1567
                LogText "Outcome: authentication failures are logged using pam_faillock"
1568
                AUTH_FAILED_LOGINS_LOGGED=1
1569
                Report "auth_failed_logins_tooling[]=pam_faillock"
1570
            elif [ ${FOUND_PAM_TALLY2} -eq 1 -a ${FOUND_TALLYLOG} -eq 1 ]; then
1512
                LogText "Outcome: authentication failures are logged using pam_tally2"
1571
                LogText "Outcome: authentication failures are logged using pam_tally2"
1513
                AUTH_FAILED_LOGINS_LOGGED=1
1572
                AUTH_FAILED_LOGINS_LOGGED=1
1514
                Report "auth_failed_logins_tooling[]=pam_tally2"
1573
                Report "auth_failed_logins_tooling[]=pam_tally2"
1515
            else
1574
            else
1516
                LogText "Outcome: it looks like pam_tally2 is not configured to log failed login attempts"
1575
                LogText "Outcome: it looks like pam_faillock or pam_tally2 is not configured to log failed login attempts"
1517
            fi
1576
            fi
1518
1577
1519
            unset FOUND_PAM_TALLY2 FOUND_TALLYLOG
1578
            unset FOUND_PAM_TALLY2 FOUND_TALLYLOG FOUND_PAM_FAILLOCK FOUND_FAILLOCKDIR
1520
        fi
1579
        fi
1521
        # Also check /etc/logins.defs, although its usage decreased over the years
1580
        # Also check /etc/logins.defs, although its usage decreased over the years
1522
        if [ -f ${ROOTDIR}etc/login.defs ]; then
1581
        if [ -f ${ROOTDIR}etc/login.defs ]; then
(-)lynis-3.0.0/include/tests_banners (-2 / +2 lines)
Lines 6-12 Link Here
6
# ------------------
6
# ------------------
7
#
7
#
8
# Copyright 2007-2013, Michael Boelen
8
# Copyright 2007-2013, Michael Boelen
9
# Copyright 2007-2020, CISOfy
9
# Copyright 2007-2021, CISOfy
10
#
10
#
11
# Website  : https://cisofy.com
11
# Website  : https://cisofy.com
12
# Blog     : http://linux-audit.com
12
# Blog     : http://linux-audit.com
Lines 22-28 Link Here
22
#
22
#
23
#################################################################################
23
#################################################################################
24
#
24
#
25
    InsertSection "Banners and identification"
25
    InsertSection "${SECTION_BANNERS_AND_IDENTIFICATION}"
26
#
26
#
27
#################################################################################
27
#################################################################################
28
#
28
#
(-)lynis-3.0.0/include/tests_boot_services (-12 / +109 lines)
Lines 6-12 Link Here
6
# ------------------
6
# ------------------
7
#
7
#
8
# Copyright 2007-2013, Michael Boelen
8
# Copyright 2007-2013, Michael Boelen
9
# Copyright 2007-2020, CISOfy
9
# Copyright 2007-2021, CISOfy
10
#
10
#
11
# Website  : https://cisofy.com
11
# Website  : https://cisofy.com
12
# Blog     : http://linux-audit.com
12
# Blog     : http://linux-audit.com
Lines 22-28 Link Here
22
#
22
#
23
#################################################################################
23
#################################################################################
24
#
24
#
25
    InsertSection "Boot and services"
25
    InsertSection "${SECTION_BOOT_AND_SERVICES}"
26
#
26
#
27
#################################################################################
27
#################################################################################
28
#
28
#
Lines 63-68 Link Here
63
    # Description : Determine service manager
63
    # Description : Determine service manager
64
    # Notes       :
64
    # Notes       :
65
    # initscripts     - Used by Arch before
65
    # initscripts     - Used by Arch before
66
    # runit           - Used by Artix, Devuan, Dragora and Void
66
    # systemd         - Common option with more Linux distros implementing it
67
    # systemd         - Common option with more Linux distros implementing it
67
    # upstart         - Used by Debian/Ubuntu
68
    # upstart         - Used by Debian/Ubuntu
68
    Register --test-no BOOT-5104 --weight L --network NO --category security --description "Determine service manager"
69
    Register --test-no BOOT-5104 --weight L --network NO --category security --description "Determine service manager"
Lines 71-77 Link Here
71
        case ${OS} in
72
        case ${OS} in
72
            "Linux")
73
            "Linux")
73
                if [ -f /proc/1/cmdline ]; then
74
                if [ -f /proc/1/cmdline ]; then
74
                    OUTPUT=$(${AWKBINARY} '/(^\/|init)/ { print $1 }' /proc/1/cmdline | ${TRBINARY} '\0' ' ' | ${SEDBINARY} 's/ $//')
75
                    OUTPUT=$(${AWKBINARY} '/(^\/|init|runit)/ { print $1 }' /proc/1/cmdline | ${TRBINARY} '\0' ' ' | ${SEDBINARY} 's/ $//')
75
                    LogText "Result: cmdline found = ${OUTPUT}"
76
                    LogText "Result: cmdline found = ${OUTPUT}"
76
                    FILENAME=$(echo "${OUTPUT}" | ${AWKBINARY} '{print $1}')
77
                    FILENAME=$(echo "${OUTPUT}" | ${AWKBINARY} '{print $1}')
77
                    LogText "Result: file on disk = ${FILENAME}"
78
                    LogText "Result: file on disk = ${FILENAME}"
Lines 108-113 Link Here
108
                                upstart)
109
                                upstart)
109
                                    SERVICE_MANAGER="upstart"
110
                                    SERVICE_MANAGER="upstart"
110
                                ;;
111
                                ;;
112
                                runit)
113
                                    SERVICE_MANAGER="runit"
114
                                ;;
115
				openrc-init)
116
                                    SERVICE_MANAGER="openrc"
117
                                ;;
111
                                *)
118
                                *)
112
                                    CONTAINS_SYSTEMD=$(echo ${SHORTNAME} | ${GREPBINARY} "systemd")
119
                                    CONTAINS_SYSTEMD=$(echo ${SHORTNAME} | ${GREPBINARY} "systemd")
113
                                    if [ -n "${CONTAINS_SYSTEMD}" ]; then
120
                                    if [ -n "${CONTAINS_SYSTEMD}" ]; then
Lines 139-144 Link Here
139
                    SERVICE_MANAGER="launchd"
146
                    SERVICE_MANAGER="launchd"
140
                fi
147
                fi
141
            ;;
148
            ;;
149
            "Solaris")
150
                if [ -n "${ROOTDIR}usr/bin/svcs" ]; then
151
                    SERVICE_MANAGER="SMF (svcs)"
152
                elif [ -d "${ROOTDIR}etc/init.d" ]; then
153
                    SERVICE_MANAGER="SysV Init"
154
                fi
155
            ;;
142
            *)
156
            *)
143
                LogText "Result: unknown service manager"
157
                LogText "Result: unknown service manager"
144
            ;;
158
            ;;
Lines 332-339 Link Here
332
    if [ ${SKIPTEST} -eq 0 ]; then
346
    if [ ${SKIPTEST} -eq 0 ]; then
333
        FOUND=0
347
        FOUND=0
334
348
335
        CONF_FILES=$(${FINDBINARY} /etc/grub.d -type f -name "[0-9][0-9]*" -print0 | ${TRBINARY} '\0' ' ' | ${TRBINARY} -d '[:cntrl:]')
349
        if [ -d "${ROOTDIR}etc/grub.d" ]; then
336
        CONF_FILES="${GRUBCONFFILE} ${ROOTDIR}boot/grub/custom.cfg ${CONF_FILES}"
350
            CONF_FILES=$(${FINDBINARY} -L "${ROOTDIR}etc/grub.d" -type f -name "[0-9][0-9]*" -print0 | ${TRBINARY} '\0' ' ' | ${TRBINARY} -d '[:cntrl:]')
351
            CONF_FILES="${GRUBCONFFILE} ${ROOTDIR}boot/grub/custom.cfg ${CONF_FILES}"
352
        else
353
            CONF_FILES="${GRUBCONFFILE} ${ROOTDIR}boot/grub/custom.cfg"
354
        fi
337
355
338
        for FILE in ${CONF_FILES}; do
356
        for FILE in ${CONF_FILES}; do
339
            if [ -f "${FILE}" ]; then
357
            if [ -f "${FILE}" ]; then
Lines 473-478 Link Here
473
#
491
#
474
#################################################################################
492
#################################################################################
475
#
493
#
494
    # Test        : BOOT-5140
495
    # Description : Check for ELILO boot loader
496
    Register --test-no BOOT-5140 --os "Linux" --weight L --network NO --root-only YES --category security --description "Check for ELILO boot loader presence"
497
    if [ ${SKIPTEST} -eq 0 ]; then
498
        BOOT_LOADER_SEARCHED=1
499
        CONF_FILES="${ROOTDIR}etc/elilo.conf ${ROOTDIR}boot/efi/EFI/${LINUX_VERSION}/elilo.conf"
500
        for FILE in ${CONF_FILES}; do
501
            FileExists ${FILE}
502
            if [ ${FILE_FOUND} -eq 1 ]; then
503
                Display --indent 2 --text "- Checking boot loader ELILO" --result "${STATUS_FOUND}" --color GREEN
504
                LogText "Result: found ELILO boot loader"
505
                BOOT_LOADER="ELILO"
506
                BOOT_LOADER_FOUND=1
507
            fi
508
        done
509
    fi
510
#
511
#################################################################################
512
#
476
    # Test        : BOOT-5142
513
    # Test        : BOOT-5142
477
    # Description : Check for SILO boot loader
514
    # Description : Check for SILO boot loader
478
    Register --test-no BOOT-5142 --weight L --network NO --category security --description "Check SPARC Improved boot loader (SILO)"
515
    Register --test-no BOOT-5142 --weight L --network NO --category security --description "Check SPARC Improved boot loader (SILO)"
Lines 583-588 Link Here
583
#
620
#
584
#################################################################################
621
#################################################################################
585
#
622
#
623
    # Test        : BOOT-5170
624
    # Description : Check for Solaris boot daemons
625
    Register --test-no BOOT-5170 --os Solaris --weight L --network NO --category security --description "Check for Solaris boot daemons"
626
    if [ ${SKIPTEST} -eq 0 ]; then
627
        if [ -n "${SVCSBINARY}" ]; then
628
            LogText "Result: Using svcs binary to check for daemons"
629
            LogText "SysV style services may be incorrectly counted as running."
630
631
            Report "running_service_tool=svcs"
632
633
            # For the documentation of the states (field $1) see
634
            # "Managing System Services in Oracle Solaris 11.4" pp. 24, available
635
            # at https://docs.oracle.com/cd/E37838_01/pdf/E60998.pdf
636
637
            FIND=$("${SVCSBINARY}" -Ha | ${AWKBINARY} '{ if ($1 == "online" || $1 == "legacy_run") print $3 }')
638
            COUNT=0
639
            for ITEM in ${FIND}; do
640
                LogText "Found running daemon: ${ITEM}"
641
                Report "running_service[]=${ITEM}"
642
                COUNT=$((COUNT + 1 ))
643
            done
644
            Display --indent 2 --text "- Check running daemons (svcs)" --result "${STATUS_DONE}" --color GREEN
645
            Display --indent 8 --text "Result: found ${COUNT} running daemons"
646
            LogText "Result: Found ${COUNT} running daemons"
647
648
            LogText "Searching for enabled daemons (svcs)"
649
            Report "boot_service_tool=svcs"
650
651
            FIND=$("${SVCSBINARY}" -Ha | ${AWKBINARY} '{ if ($1 != "disabled" && $1 != "uninitialized") print $3 }')
652
            COUNT=0
653
            for ITEM in ${FIND}; do
654
                LogText "Found enabled daemon at boot: ${ITEM}"
655
                Report "boot_service[]=${ITEM}"
656
                COUNT=$((COUNT + 1 ))
657
            done
658
            LogText "Note: Run svcs -a see all services"
659
            Display --indent 2 --text "- Check enabled daemons at boot (svcs)" --result "${STATUS_DONE}" --color GREEN
660
            Display --indent 8 --text "Result: found ${COUNT} enabled daemons at boot"
661
            LogText "Result: Found ${COUNT} enabled daemons at boot"
662
        fi
663
    fi
664
#
665
#################################################################################
666
#
667
    # Test        : BOOT-5171
668
    # Description : Check for services with errors on solaris
669
#
670
#################################################################################
671
#
586
    # Test        : BOOT-5177
672
    # Test        : BOOT-5177
587
    # Description : Check for Linux boot services (systemd and chkconfig)
673
    # Description : Check for Linux boot services (systemd and chkconfig)
588
    # Notes       : We skip using chkconfig if systemd is being used.
674
    # Notes       : We skip using chkconfig if systemd is being used.
Lines 652-658 Link Here
652
    # Test        : BOOT-5180
738
    # Test        : BOOT-5180
653
    # Description : Check for Linux boot services (Debian style)
739
    # Description : Check for Linux boot services (Debian style)
654
    # Notes       : Debian 8+ shows runlevel 5
740
    # Notes       : Debian 8+ shows runlevel 5
655
    if [ "${LINUX_VERSION}" = "Debian" -o "${LINUX_VERSION}" = "Ubuntu" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
741
    if [ "${LINUX_VERSION}" = "Debian" ] || [ "${LINUX_VERSION}" = "Ubuntu" ] ||
742
           [ "${LINUX_VERSION_LIKE}" = "Debian" ] || [ "${LINUX_VERSION_LIKE}" = "Ubuntu" ]; then
743
        PREQS_MET="YES"
744
    else
745
        PREQS_MET="NO"
746
    fi
747
656
    Register --test-no BOOT-5180 --os Linux --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check for Linux boot services (Debian style)"
748
    Register --test-no BOOT-5180 --os Linux --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check for Linux boot services (Debian style)"
657
    if [ ${SKIPTEST} -eq 0 ]; then
749
    if [ ${SKIPTEST} -eq 0 ]; then
658
        # Runlevel check
750
        # Runlevel check
Lines 682-688 Link Here
682
#
774
#
683
    # Test        : BOOT-5184
775
    # Test        : BOOT-5184
684
    # Description : Check world writable startup scripts
776
    # Description : Check world writable startup scripts
685
    Register --test-no BOOT-5184 --os Linux --weight L --network NO --category security --description "Check permissions for boot files/scripts"
777
    Register --test-no BOOT-5184 --os "Linux Solaris" --weight L --network NO --category security --description "Check permissions for boot files/scripts"
686
    if [ ${SKIPTEST} -eq 0 ]; then
778
    if [ ${SKIPTEST} -eq 0 ]; then
687
        FOUND=0
779
        FOUND=0
688
        CHECKDIRS="${ROOTDIR}etc/init.d ${ROOTDIR}etc/rc.d ${ROOTDIR}etc/rcS.d"
780
        CHECKDIRS="${ROOTDIR}etc/init.d ${ROOTDIR}etc/rc.d ${ROOTDIR}etc/rcS.d"
Lines 693-699 Link Here
693
            if [ -d ${DIR} ]; then
785
            if [ -d ${DIR} ]; then
694
                LogText "Result: directory ${DIR} found"
786
                LogText "Result: directory ${DIR} found"
695
                LogText "Test: checking for available files in directory"
787
                LogText "Test: checking for available files in directory"
696
                FIND=$(${FINDBINARY} ${DIR} -type f -print | ${SORTBINARY})
788
                FIND=$(${FINDBINARY} -L ${DIR} -type f -print | ${SORTBINARY})
697
                if [ -n "${FIND}" ]; then
789
                if [ -n "${FIND}" ]; then
698
                    LogText "Result: found files in directory, checking permissions now"
790
                    LogText "Result: found files in directory, checking permissions now"
699
                    for FILE in ${FIND}; do
791
                    for FILE in ${FIND}; do
Lines 717-723 Link Here
717
        for NO in 0 1 2 3 4 5 6; do
809
        for NO in 0 1 2 3 4 5 6; do
718
            LogText "Test: Checking ${ROOTDIR}etc/rc${NO}.d scripts for writable bit"
810
            LogText "Test: Checking ${ROOTDIR}etc/rc${NO}.d scripts for writable bit"
719
            if [ -d ${ROOTDIR}etc/rc${NO}.d ]; then
811
            if [ -d ${ROOTDIR}etc/rc${NO}.d ]; then
720
                FIND=$(${FINDBINARY} ${ROOTDIR}etc/rc${NO}.d -type f -print | ${SORTBINARY})
812
                FIND=$(${FINDBINARY} -L ${ROOTDIR}etc/rc${NO}.d -type f -print | ${SORTBINARY})
721
                for I in ${FIND}; do
813
                for I in ${FIND}; do
722
                    if IsWorldWritable ${I}; then
814
                    if IsWorldWritable ${I}; then
723
                        FOUND=1
815
                        FOUND=1
Lines 925-931 Link Here
925
            LogText "Result: directory ${DIR} found"
1017
            LogText "Result: directory ${DIR} found"
926
            LogText "Test: checking for available files in directory"
1018
            LogText "Test: checking for available files in directory"
927
            # OpenBSD uses symlinks to create another instance of daemons
1019
            # OpenBSD uses symlinks to create another instance of daemons
928
            FIND=$(${FINDBINARY} ${CHECKDIR} \( -type f -o -type l \) -print | ${SORTBINARY})
1020
            FIND=$(${FINDBINARY} -L ${CHECKDIR} -type f -print | ${SORTBINARY})
929
            if [ -n "${FIND}" ]; then
1021
            if [ -n "${FIND}" ]; then
930
                LogText "Result: found files in directory, checking permissions now"
1022
                LogText "Result: found files in directory, checking permissions now"
931
                for FILE in ${FIND}; do
1023
                for FILE in ${FIND}; do
Lines 1002-1024 Link Here
1002
            if [ "${UNIT}" = "UNIT" ]; then
1094
            if [ "${UNIT}" = "UNIT" ]; then
1003
                continue
1095
                continue
1004
            fi
1096
            fi
1097
            STATUS="UNKNOWN"
1005
            COLOR="BLACK"
1098
            COLOR="BLACK"
1006
            case ${PREDICATE} in
1099
            case ${PREDICATE} in
1007
                PERFECT | SAFE | OK)
1100
                PERFECT | SAFE | OK)
1101
                    STATUS="${STATUS_PROTECTED}"
1008
                    COLOR=GREEN
1102
                    COLOR=GREEN
1009
                ;;
1103
                ;;
1010
                MEDIUM)
1104
                MEDIUM)
1105
                    STATUS="${STATUS_MEDIUM}"
1011
                    COLOR=WHITE
1106
                    COLOR=WHITE
1012
                ;;
1107
                ;;
1013
                EXPOSED)
1108
                EXPOSED)
1109
                    STATUS="${STATUS_EXPOSED}"
1014
                    COLOR=YELLOW
1110
                    COLOR=YELLOW
1015
                ;;
1111
                ;;
1016
                UNSAFE | DANGEROUS)
1112
                UNSAFE | DANGEROUS)
1113
                    STATUS="${STATUS_UNSAFE}"
1017
                    COLOR=RED
1114
                    COLOR=RED
1018
                ;;
1115
                ;;
1019
            esac
1116
            esac
1020
            Display --indent 8 --text "- ${UNIT}:" --result "${PREDICATE}" --color "${COLOR}"
1117
            Display --indent 8 --text "- ${UNIT}:" --result "${STATUS}" --color "${COLOR}"
1021
            LogText "Result: ${UNIT}: ${EXPOSURE} ${PREDICATE}"
1118
            LogText "Result: ${UNIT}: ${EXPOSURE} ${STATUS}"
1022
        done
1119
        done
1023
        ReportSuggestion "${TEST_NO}" "Consider hardening system services" "Run '${SYSTEMDANALYZEBINARY} security SERVICE' for each service"
1120
        ReportSuggestion "${TEST_NO}" "Consider hardening system services" "Run '${SYSTEMDANALYZEBINARY} security SERVICE' for each service"
1024
    fi
1121
    fi
(-)lynis-3.0.0/include/tests_containers (-3 / +3 lines)
Lines 6-12 Link Here
6
# ------------------
6
# ------------------
7
#
7
#
8
# Copyright 2007-2013, Michael Boelen
8
# Copyright 2007-2013, Michael Boelen
9
# Copyright 2007-2020, CISOfy
9
# Copyright 2007-2021, CISOfy
10
#
10
#
11
# Website  : https://cisofy.com
11
# Website  : https://cisofy.com
12
# Blog     : http://linux-audit.com
12
# Blog     : http://linux-audit.com
Lines 22-28 Link Here
22
#
22
#
23
#################################################################################
23
#################################################################################
24
#
24
#
25
    InsertSection "Containers"
25
    InsertSection "${SECTION_CONTAINERS}"
26
#
26
#
27
#################################################################################
27
#################################################################################
28
#
28
#
Lines 226-229 Link Here
226
226
227
#
227
#
228
#================================================================================
228
#================================================================================
229
# Lynis - Copyright 2007-2020, CISOfy - https://cisofy.com
229
# Lynis - Copyright 2007-2021, CISOfy - https://cisofy.com
(-)lynis-3.0.0/include/tests_crypto (-24 / +75 lines)
Lines 6-12 Link Here
6
# ------------------
6
# ------------------
7
#
7
#
8
# Copyright 2007-2013, Michael Boelen
8
# Copyright 2007-2013, Michael Boelen
9
# Copyright 2007-2020, CISOfy
9
# Copyright 2007-2021, CISOfy
10
#
10
#
11
# Website  : https://cisofy.com
11
# Website  : https://cisofy.com
12
# Blog     : http://linux-audit.com
12
# Blog     : http://linux-audit.com
Lines 22-31 Link Here
22
#
22
#
23
#################################################################################
23
#################################################################################
24
#
24
#
25
    InsertSection "Cryptography"
25
    RNG_FOUND=0
26
#
26
#
27
#################################################################################
27
#################################################################################
28
#
28
#
29
    InsertSection "${SECTION_CRYPTOGRAPHY}"
30
#
31
#################################################################################
32
#
29
    # Test        : CRYP-7902
33
    # Test        : CRYP-7902
30
    # Description : check for expired SSL certificates
34
    # Description : check for expired SSL certificates
31
    if [ -n "${OPENSSLBINARY}" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
35
    if [ -n "${OPENSSLBINARY}" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
Lines 50-56 Link Here
50
                    LASTSUBDIR=""
54
                    LASTSUBDIR=""
51
                    LogText "Result: found directory ${DIR}"
55
                    LogText "Result: found directory ${DIR}"
52
                    # Search for certificate files
56
                    # Search for certificate files
53
                    FILES=$(${FINDBINARY} ${DIR} -type f 2> /dev/null | ${EGREPBINARY} ".crt$|.pem$|^cert" | ${SORTBINARY} | ${SEDBINARY} 's/ /__space__/g')
57
                    FILES=$(${FINDBINARY} ${DIR} -type f 2> /dev/null | ${EGREPBINARY} ".cer$|.crt$|.der$|.pem$|^cert" | ${SORTBINARY} | ${SEDBINARY} 's/ /__space__/g')
54
                    for FILE in ${FILES}; do
58
                    for FILE in ${FILES}; do
55
                        FILE=$(echo ${FILE} | ${SEDBINARY} 's/__space__/ /g')
59
                        FILE=$(echo ${FILE} | ${SEDBINARY} 's/__space__/ /g')
56
                        # See if we need to skip this path
60
                        # See if we need to skip this path
Lines 76-91 Link Here
76
                            if [ ${CANREAD} -eq 1 ]; then
80
                            if [ ${CANREAD} -eq 1 ]; then
77
                                # Only check the files that are not installed by a package, unless enabled by profile
81
                                # Only check the files that are not installed by a package, unless enabled by profile
78
                                if [ ${SSL_CERTIFICATE_INCLUDE_PACKAGES} -eq 1 ] || ! FileInstalledByPackage "${FILE}"; then
82
                                if [ ${SSL_CERTIFICATE_INCLUDE_PACKAGES} -eq 1 ] || ! FileInstalledByPackage "${FILE}"; then
83
                                    echo ${FILE} | ${EGREPBINARY} -q ".cer$|.der$"
84
                                    CER_DER=$?
79
                                    OUTPUT=$(${GREPBINARY} -q 'BEGIN CERT' "${FILE}")
85
                                    OUTPUT=$(${GREPBINARY} -q 'BEGIN CERT' "${FILE}")
80
                                    if [ $? -eq 0 ]; then
86
                                    if [ $? -eq 0 -o ${CER_DER} -eq 0 ]; then
81
                                        LogText "Result: file is a certificate file"
87
                                        LogText "Result: file is a certificate file"
82
                                        FIND=$(${OPENSSLBINARY} x509 -noout -in "${FILE}" -enddate 2> /dev/null | ${GREPBINARY} "^notAfter")
88
                                        if [ ${CER_DER} -eq 0 ]; then
89
                                            SSL_DER_OPT="-inform der"
90
                                        else
91
                                            SSL_DER_OPT=
92
                                        fi
93
                                        FIND=$(${OPENSSLBINARY} x509 -noout ${SSL_DER_OPT} -in "${FILE}" -enddate 2> /dev/null | ${GREPBINARY} "^notAfter")
83
                                        if [ $? -eq 0 ]; then
94
                                        if [ $? -eq 0 ]; then
84
                                            # Check certificate where 'end date' has been expired
95
                                            # Check certificate where 'end date' has been expired
85
                                            FIND=$(${OPENSSLBINARY} x509 -noout -checkend 0 -in "${FILE}" -enddate 2> /dev/null)
96
                                            FIND=$(${OPENSSLBINARY} x509 -noout ${SSL_DER_OPT} -checkend 0 -in "${FILE}" -enddate 2> /dev/null)
86
                                            EXIT_CODE=$?
97
                                            EXIT_CODE=$?
87
                                            CERT_CN=$(${OPENSSLBINARY} x509 -noout -subject -in "${FILE}" 2> /dev/null | ${SEDBINARY} -e 's/^subject.*CN=\([a-zA-Z0-9\.\-\*]*\).*$/\1/')
98
                                            CERT_CN=$(${OPENSSLBINARY} x509 -noout ${SSL_DER_OPT} -subject -in "${FILE}" 2> /dev/null | ${SEDBINARY} -e 's/^subject.*CN=\([a-zA-Z0-9\.\-\*]*\).*$/\1/')
88
                                            CERT_NOTAFTER=$(${OPENSSLBINARY} x509 -noout -enddate -in "${FILE}" 2> /dev/null | ${AWKBINARY} -F= '{if ($1=="notAfter") { print $2 }}')
99
                                            CERT_NOTAFTER=$(${OPENSSLBINARY} x509 -noout ${SSL_DER_OPT} -enddate -in "${FILE}" 2> /dev/null | ${AWKBINARY} -F= '{if ($1=="notAfter") { print $2 }}')
89
                                            Report "certificate[]=${FILE}|${EXIT_CODE}|cn:${CERT_CN};notafter:${CERT_NOTAFTER};|"
100
                                            Report "certificate[]=${FILE}|${EXIT_CODE}|cn:${CERT_CN};notafter:${CERT_NOTAFTER};|"
90
                                            if [ ${EXIT_CODE} -eq 0 ]; then 
101
                                            if [ ${EXIT_CODE} -eq 0 ]; then 
91
                                                LogText "Result: certificate ${FILE} seems to be correct and still valid"
102
                                                LogText "Result: certificate ${FILE} seems to be correct and still valid"
Lines 181-200 Link Here
181
    if [ ${SKIPTEST} -eq 0 ]; then
192
    if [ ${SKIPTEST} -eq 0 ]; then
182
        ENCRYPTED_SWAPS=0
193
        ENCRYPTED_SWAPS=0
183
        UNENCRYPTED_SWAPS=0
194
        UNENCRYPTED_SWAPS=0
184
        SWAPS=$(${SWAPONBINARY} --show=NAME --noheadings)
195
        # Redirect errors, as RHEL 5/6 and others don't have the --show option
185
        for BLOCK_DEV in ${SWAPS}; do
196
        SWAPS=$(${SWAPONBINARY} --show=NAME --noheadings 2> /dev/null)
186
            if ${CRYPTSETUPBINARY} isLuks "${BLOCK_DEV}" 2> /dev/null; then
197
        if [ $? -eq 0 ]; then
187
                LogText "Result: Found LUKS encrypted swap device: ${BLOCK_DEV}"
198
            for BLOCK_DEV in ${SWAPS}; do
188
                ENCRYPTED_SWAPS=$((ENCRYPTED_SWAPS +1))
199
                if ${CRYPTSETUPBINARY} isLuks "${BLOCK_DEV}" 2> /dev/null; then
189
            elif ${CRYPTSETUPBINARY} status "${BLOCK_DEV}" | ${GREPBINARY} --quiet "cipher:"; then
200
                    LogText "Result: Found LUKS encrypted swap device: ${BLOCK_DEV}"
190
                LogText "Result: Found non-LUKS encrypted swap device: ${BLOCK_DEV}"
201
                    ENCRYPTED_SWAPS=$((ENCRYPTED_SWAPS + 1))
191
                ENCRYPTED_SWAPS=$((ENCRYPTED_SWAPS +1))
202
                    Report "encrypted_swap[]=${BLOCK_DEV},LUKS"
192
            else
203
                elif ${CRYPTSETUPBINARY} status "${BLOCK_DEV}" 2> /dev/null | ${GREPBINARY} -q "cipher:"; then
193
                LogText "Result: Found unencrypted swap device: ${BLOCK_DEV}"
204
                    LogText "Result: Found non-LUKS encrypted swap device: ${BLOCK_DEV}"
194
                UNENCRYPTED_SWAPS=$((UNENCRYPTED_SWAPS +1))
205
                    ENCRYPTED_SWAPS=$((ENCRYPTED_SWAPS + 1))
195
            fi
206
                    Report "encrypted_swap[]=${BLOCK_DEV},other"
196
        done
207
                else
197
        Display --indent 2 --text "- Found ${ENCRYPTED_SWAPS} encrypted and ${UNENCRYPTED_SWAPS} unencrypted swap devices in use." --result OK --color WHITE
208
                    LogText "Result: Found unencrypted swap device: ${BLOCK_DEV}"
209
                    UNENCRYPTED_SWAPS=$((UNENCRYPTED_SWAPS +1))
210
                    Report "non_encrypted_swap[]=${BLOCK_DEV}"
211
                fi
212
            done
213
            Display --indent 2 --text "- Found ${ENCRYPTED_SWAPS} encrypted and ${UNENCRYPTED_SWAPS} unencrypted swap devices in use." --result OK --color WHITE
214
        else
215
            LogText "Result: skipping testing as swapon returned an error."
216
        fi
198
    fi
217
    fi
199
#
218
#
200
#################################################################################
219
#################################################################################
Lines 226-237 Link Here
226
    if [ ${SKIPTEST} -eq 0 ]; then
245
    if [ ${SKIPTEST} -eq 0 ]; then
227
        LogText "Test: looking for ${ROOTDIR}sys/class/misc/hw_random/rng_current"
246
        LogText "Test: looking for ${ROOTDIR}sys/class/misc/hw_random/rng_current"
228
        if [ -f "${ROOTDIR}sys/class/misc/hw_random/rng_current" ]; then
247
        if [ -f "${ROOTDIR}sys/class/misc/hw_random/rng_current" ]; then
229
            DATA=$(${HEADBINARY} --lines=1 ${ROOTDIR}sys/class/misc/hw_random/rng_current | ${TRBINARY} -d '[[:cntrl:]]')
248
            DATA=$(${HEADBINARY} -n 1 ${ROOTDIR}sys/class/misc/hw_random/rng_current | ${TRBINARY} -d '[[:cntrl:]]')
230
            if [ "${DATA}" != "none" ]; then
249
            if [ "${DATA}" != "none" ]; then
231
                LogText "Result: positive match, found RNG: ${DATA}"
250
                LogText "Result: positive match, found RNG: ${DATA}"
232
                if IsRunning "rngd"; then
251
                if IsRunning "rngd"; then
233
                    Display --indent 2 --text "- HW RNG & rngd" --result "${STATUS_YES}" --color GREEN
252
                    Display --indent 2 --text "- HW RNG & rngd" --result "${STATUS_YES}" --color GREEN
234
                    LogText "Result: rngd is running"
253
                    LogText "Result: rngd is running"
254
                    RNG_FOUND=1
235
                else
255
                else
236
                    Display --indent 2 --text "- HW RNG & rngd" --result "${STATUS_NO}" --color YELLOW
256
                    Display --indent 2 --text "- HW RNG & rngd" --result "${STATUS_NO}" --color YELLOW
237
                    # TODO - enable suggestion when website has listing for this control
257
                    # TODO - enable suggestion when website has listing for this control
Lines 263-274 Link Here
263
        done
283
        done
264
        if [ -z "${FOUND}" ]; then
284
        if [ -z "${FOUND}" ]; then
265
            Display --indent 2 --text "- SW prng" --result "${STATUS_NO}" --color YELLOW
285
            Display --indent 2 --text "- SW prng" --result "${STATUS_NO}" --color YELLOW
266
            ReportSuggestion "${TEST_NO}" "Utilize software pseudo random number generators"
286
            # ReportSuggestion "${TEST_NO}" "Utilize software pseudo random number generators"
267
        else
287
        else
288
            RNG_FOUND=1
268
            Display --indent 2 --text "- SW prng" --result "${STATUS_YES}" --color GREEN
289
            Display --indent 2 --text "- SW prng" --result "${STATUS_YES}" --color GREEN
269
            LogText "Result: found ${FOUND} running"
290
            LogText "Result: found ${FOUND} running"
270
        fi
291
        fi
271
    fi
292
    fi
293
#
294
#################################################################################
295
#
296
    # Test        : CRYP-8006
297
    # Description : Check that the MemoryOverwriteRequest-bit is set to protect against cold-boot attacks
298
    Register --test-no CRYP-8006 --os Linux --weight L --network NO --root-only NO --category security --description "MemoryOverwriteRequest-bit set"
299
    if [ ${SKIPTEST} -eq 0 ]; then
300
        MOR_CONTROL="${ROOTDIR}sys/firmware/efi/efivars/MemoryOverwriteRequestControl-e20939be-32d4-41be-a150-897f85d49829"
301
        LogText "Test: looking for ${MOR_CONTROL}"
302
        if [ -f "${MOR_CONTROL}" ]; then
303
            DATA=$(od -An --skip-bytes=4 "$MOR_CONTROL")
304
            if [ "$DATA" = " 000001" ]; then
305
                LogText "Result: MOR-bit set"
306
                Display --indent 2 --text "MOR-bit set" --result "${STATUS_YES}" --color GREEN
307
            elif [ "$DATA" = " 000000" ]; then
308
                LogText "Result: MOR-bit not set!"
309
                Display --indent 2 --text "MOR-bit set" --result "${STATUS_NO}" --color RED
310
            else
311
                LogText "Result: MOR-bit unknown. Found: $DATA"
312
                Display --indent 2 --text "MOR-bit set" --result "${STATUS_UNKNOWN}" --color YELLOW
313
            fi
314
        else
315
            LogText "Result: could not find ${MOR_CONTROL}"
316
            Display --indent 2 --text "- MOR variable not found" --result "${STATUS_WEAK}" --color WHITE
317
        fi
318
    fi
319
#
320
#################################################################################
321
#
322
    Report "rng_found=${RNG_FOUND}"
272
#
323
#
273
#################################################################################
324
#################################################################################
274
#
325
#
(-)lynis-3.0.0/include/tests_databases (-7 / +13 lines)
Lines 6-12 Link Here
6
# ------------------
6
# ------------------
7
#
7
#
8
# Copyright 2007-2013, Michael Boelen
8
# Copyright 2007-2013, Michael Boelen
9
# Copyright 2007-2020, CISOfy
9
# Copyright 2007-2021, CISOfy
10
#
10
#
11
# Website  : https://cisofy.com
11
# Website  : https://cisofy.com
12
# Blog     : http://linux-audit.com
12
# Blog     : http://linux-audit.com
Lines 39-51 Link Here
39
#
39
#
40
#################################################################################
40
#################################################################################
41
#
41
#
42
    InsertSection "Databases"
42
    InsertSection "${SECTION_DATABASES}"
43
43
44
    # Test        : DBS-1804
44
    # Test        : DBS-1804
45
    # Description : Check if MySQL is being used
45
    # Description : Check if MySQL is being used
46
    Register --test-no DBS-1804 --weight L --network NO --category security --description "Checking active MySQL process"
46
    Register --test-no DBS-1804 --weight L --network NO --category security --description "Checking active MySQL process"
47
    if [ ${SKIPTEST} -eq 0 ]; then
47
    if [ ${SKIPTEST} -eq 0 ]; then
48
        FIND=$(${PSBINARY} ax | ${EGREPBINARY} "mysqld|mysqld_safe" | ${GREPBINARY} -v "grep")
48
        FIND=$(${PSBINARY} ax | ${EGREPBINARY} "mariadb|mysqld|mysqld_safe" | ${GREPBINARY} -v "grep")
49
        if [ -z "${FIND}" ]; then
49
        if [ -z "${FIND}" ]; then
50
            if [ ${DEBUG} -eq 1 ]; then Display --indent 2 --text "- MySQL process status" --result "${STATUS_NOT_FOUND}" --color WHITE --debug; fi
50
            if [ ${DEBUG} -eq 1 ]; then Display --indent 2 --text "- MySQL process status" --result "${STATUS_NOT_FOUND}" --color WHITE --debug; fi
51
            LogText "Result: MySQL process not active"
51
            LogText "Result: MySQL process not active"
Lines 86-92 Link Here
86
86
87
        # "-u root --password=" avoids ~/.my.cnf authentication settings
87
        # "-u root --password=" avoids ~/.my.cnf authentication settings
88
        # "plugin = 'mysql_native_password' AND authentication_string = ''" avoids false positives when secure plugins are used 
88
        # "plugin = 'mysql_native_password' AND authentication_string = ''" avoids false positives when secure plugins are used 
89
        FIND=$(${MYSQLCLIENTBINARY} --no-defaults -u root --password= --silent --batch --execute="SELECT count(*) FROM mysql.user WHERE user = 'root' AND plugin = 'mysql_native_password' AND authentication_string = ''" mysql 2>/dev/null; echo $?)
89
        FIND=$(${MYSQLCLIENTBINARY} --default-auth=mysql_native_password  --no-defaults -u root --password= --silent --batch --execute="SELECT count(*) FROM mysql.user WHERE user = 'root' AND plugin = 'mysql_native_password' AND authentication_string = ''" mysql > /dev/null 2>&1; echo $?)
90
        if [ "${FIND}" = "0" ]; then
90
        if [ "${FIND}" = "0" ]; then
91
           LogText "Result: Login succeeded, no MySQL root password set!"
91
           LogText "Result: Login succeeded, no MySQL root password set!"
92
           ReportWarning "${TEST_NO}" "No MySQL root password set"
92
           ReportWarning "${TEST_NO}" "No MySQL root password set"
Lines 174-180 Link Here
174
    # Description : Check if PostgreSQL is being used
174
    # Description : Check if PostgreSQL is being used
175
    Register --test-no DBS-1826 --weight L --network NO --category security --description "Checking active PostgreSQL processes"
175
    Register --test-no DBS-1826 --weight L --network NO --category security --description "Checking active PostgreSQL processes"
176
    if [ ${SKIPTEST} -eq 0 ]; then
176
    if [ ${SKIPTEST} -eq 0 ]; then
177
        if IsRunning "postgres:"; then
177
        if IsRunning "postgres"; then
178
            Display --indent 2 --text "- PostgreSQL processes status" --result "${STATUS_FOUND}" --color GREEN
178
            Display --indent 2 --text "- PostgreSQL processes status" --result "${STATUS_FOUND}" --color GREEN
179
            LogText "Result: PostgreSQL is active"
179
            LogText "Result: PostgreSQL is active"
180
            POSTGRESQL_RUNNING=1
180
            POSTGRESQL_RUNNING=1
Lines 203-213 Link Here
203
203
204
    Register --test-no DBS-1828 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Test PostgreSQL configuration"
204
    Register --test-no DBS-1828 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Test PostgreSQL configuration"
205
    if [ ${SKIPTEST} -eq 0 ]; then
205
    if [ ${SKIPTEST} -eq 0 ]; then
206
        FIND_PATHS="${ROOTDIR}etc/postgres ${ROOTDIR}var/lib/postgres/data"
206
        FIND_PATHS="${ROOTDIR}etc/postgres ${ROOTDIR}var/lib/postgres/data ${ROOTDIR}usr/local/pgsql/data"
207
        CONFIG_FILES=$(${FINDBINARY} ${FIND_PATHS} -type f -name "postgresql.conf" -print0 2> /dev/null | ${TRBINARY} -cd '[:print:]\0' | ${TRBINARY} -d '\n' | ${TRBINARY} '\0' '\n' | xargs -i sh -c 'test -r "{}" && echo "{}" | ${SEDBINARY} "s/ /:space:/g"')
207
        CONFIG_FILES=$(${FINDBINARY} -L ${FIND_PATHS} -type f -name "*.conf" -print0 2> /dev/null | ${TRBINARY} -cd '[:print:]\0' | ${TRBINARY} -d '\n' | ${TRBINARY} '\0' '\n' | xargs -i sh -c 'test -r "{}" && echo "{}"' | ${SEDBINARY} "s/ /:space:/g")
208
        for CF in ${CONFIG_FILES}; do
208
        for CF in ${CONFIG_FILES}; do
209
            Report "postgresql_config_file[]=${CF}"
209
            Report "postgresql_config_file[]=${CF}"
210
            LogText "Found configuration file (${CF})"
210
            LogText "Found configuration file (${CF})"
211
            if IsWorldReadable ${CF}; then
212
                LogText "Result: configuration file ${CF} is world readable, this might leak sensitive information!"
213
                ReportWarning "${TEST_NO}" "PostgreSQL configuration file ${CF} is world readable and might leak sensitive details" "${CF}" "Use chmod 600 to change file permissions"
214
            else
215
                LogText "Result: great, configuration file ${CF} is not world readable"
216
            fi            
211
        done
217
        done
212
    fi
218
    fi
213
#
219
#
(-)lynis-3.0.0/include/tests_dns (-3 / +3 lines)
Lines 6-12 Link Here
6
# ------------------
6
# ------------------
7
#
7
#
8
# Copyright 2007-2013, Michael Boelen
8
# Copyright 2007-2013, Michael Boelen
9
# Copyright 2007-2020, CISOfy
9
# Copyright 2007-2021, CISOfy
10
#
10
#
11
# Website  : https://cisofy.com
11
# Website  : https://cisofy.com
12
# Blog     : http://linux-audit.com
12
# Blog     : http://linux-audit.com
Lines 45-55 Link Here
45
#
45
#
46
#            if [ "${GOOD}" = "${TIMEOUT}" -a "${BAD}" = "${TIMEOUT}" ]; then
46
#            if [ "${GOOD}" = "${TIMEOUT}" -a "${BAD}" = "${TIMEOUT}" ]; then
47
#                LogText "Result: received timeout, can't determine DNSSEC validation"
47
#                LogText "Result: received timeout, can't determine DNSSEC validation"
48
#                Display --indent 4 --text "- Checking DNSSEC validation" --result "${STATUS_UNKOWN}" --color YELLOW
48
#                Display --indent 4 --text "- Checking DNSSEC validation" --result "${STATUS_UNKNOWN}" --color YELLOW
49
#                #ReportException "${TEST_NO}" "Exception found, both query failed, due to connection timeout"
49
#                #ReportException "${TEST_NO}" "Exception found, both query failed, due to connection timeout"
50
#            elif [ -z "${GOOD}" -a -n "${BAD}" ]; then
50
#            elif [ -z "${GOOD}" -a -n "${BAD}" ]; then
51
#                LogText "Result: good signature failed, yet bad signature was accepted"
51
#                LogText "Result: good signature failed, yet bad signature was accepted"
52
#                Display --indent 4 --text "- Checking DNSSEC validation" --result "${STATUS_UNKOWN}" --color YELLOW
52
#                Display --indent 4 --text "- Checking DNSSEC validation" --result "${STATUS_UNKNOWN}" --color YELLOW
53
#                #ReportException "${TEST_NO}" "Exception found, OK failed, bad signature was accepted"
53
#                #ReportException "${TEST_NO}" "Exception found, OK failed, bad signature was accepted"
54
#            elif [ -n "${GOOD}" -a -n "${BAD}" ]; then
54
#            elif [ -n "${GOOD}" -a -n "${BAD}" ]; then
55
#                Display --indent 4 --text "- Checking DNSSEC validation" --result "${STATUS_SUGGESTION}" --color YELLOW
55
#                Display --indent 4 --text "- Checking DNSSEC validation" --result "${STATUS_SUGGESTION}" --color YELLOW
(-)lynis-3.0.0/include/tests_file_integrity (-4 / +4 lines)
Lines 6-12 Link Here
6
# ------------------
6
# ------------------
7
#
7
#
8
# Copyright 2007-2013, Michael Boelen
8
# Copyright 2007-2013, Michael Boelen
9
# Copyright 2007-2020, CISOfy
9
# Copyright 2007-2021, CISOfy
10
#
10
#
11
# Website  : https://cisofy.com
11
# Website  : https://cisofy.com
12
# Blog     : http://linux-audit.com
12
# Blog     : http://linux-audit.com
Lines 25-31 Link Here
25
#
25
#
26
#################################################################################
26
#################################################################################
27
#
27
#
28
    InsertSection "Software: file integrity"
28
    InsertSection "${SECTION_FILE_INTEGRITY}"
29
    Display --indent 2 --text "- Checking file integrity tools"
29
    Display --indent 2 --text "- Checking file integrity tools"
30
#
30
#
31
#################################################################################
31
#################################################################################
Lines 104-110 Link Here
104
    if [ -n "${AIDEBINARY}" -a -n "${AIDECONFIG}" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
104
    if [ -n "${AIDEBINARY}" -a -n "${AIDECONFIG}" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
105
    Register --test-no FINT-4316 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Presence of AIDE database and size check"
105
    Register --test-no FINT-4316 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Presence of AIDE database and size check"
106
    if [ ${SKIPTEST} -eq 0 ]; then
106
    if [ ${SKIPTEST} -eq 0 ]; then
107
        AIDE_DB=$(${GREPBINARY} ^database= ${AIDECONFIG} | ${SEDBINARY} "s/.*://")
107
        AIDE_DB=$(${EGREPBINARY} '(^database|^database_in)=' ${AIDECONFIG} | ${SEDBINARY} "s/.*://")
108
        if case ${AIDE_DB} in @@*) ;; *) false;; esac; then
108
        if case ${AIDE_DB} in @@*) ;; *) false;; esac; then
109
            I=$(${GREPBINARY} "@@define.*DBDIR" ${AIDECONFIG} | ${AWKBINARY} '{print $3}')
109
            I=$(${GREPBINARY} "@@define.*DBDIR" ${AIDECONFIG} | ${AWKBINARY} '{print $3}')
110
            AIDE_DB=$(echo ${AIDE_DB} | ${SEDBINARY} "s#.*}#${I}#")
110
            AIDE_DB=$(echo ${AIDE_DB} | ${SEDBINARY} "s#.*}#${I}#")
Lines 441-444 Link Here
441
    WaitForKeyPress
441
    WaitForKeyPress
442
#
442
#
443
#================================================================================
443
#================================================================================
444
# Lynis - Copyright 2007-2020 Michael Boelen, CISOfy - https://cisofy.com
444
# Lynis - Copyright 2007-2021 Michael Boelen, CISOfy - https://cisofy.com
(-)lynis-3.0.0/include/tests_file_permissions (-3 / +3 lines)
Lines 6-12 Link Here
6
# ------------------
6
# ------------------
7
#
7
#
8
# Copyright 2007-2013, Michael Boelen
8
# Copyright 2007-2013, Michael Boelen
9
# Copyright 2007-2020, CISOfy
9
# Copyright 2007-2021, CISOfy
10
#
10
#
11
# Website  : https://cisofy.com
11
# Website  : https://cisofy.com
12
# Blog     : http://linux-audit.com
12
# Blog     : http://linux-audit.com
Lines 22-28 Link Here
22
#
22
#
23
#################################################################################
23
#################################################################################
24
#
24
#
25
    InsertSection "File Permissions"
25
    InsertSection "${SECTION_FILE_PERMISSIONS}"
26
#
26
#
27
#################################################################################
27
#################################################################################
28
#
28
#
Lines 72-75 Link Here
72
72
73
#
73
#
74
#================================================================================
74
#================================================================================
75
# Lynis - Copyright 2007-2020, CISOfy - https://cisofy.com
75
# Lynis - Copyright 2007-2021, CISOfy - https://cisofy.com
(-)lynis-3.0.0/include/tests_filesystems (-27 / +35 lines)
Lines 6-12 Link Here
6
# ------------------
6
# ------------------
7
#
7
#
8
# Copyright 2007-2013, Michael Boelen
8
# Copyright 2007-2013, Michael Boelen
9
# Copyright 2007-2020, CISOfy
9
# Copyright 2007-2021, CISOfy
10
#
10
#
11
# Website  : https://cisofy.com
11
# Website  : https://cisofy.com
12
# Blog     : http://linux-audit.com
12
# Blog     : http://linux-audit.com
Lines 28-34 Link Here
28
#
28
#
29
#################################################################################
29
#################################################################################
30
#
30
#
31
    InsertSection "File systems"
31
    InsertSection "${SECTION_FILE_SYSTEMS}"
32
#
32
#
33
#################################################################################
33
#################################################################################
34
#
34
#
Lines 327-333 Link Here
327
            Display --indent 2 --text "- Testing swap partitions" --result "${STATUS_OK}" --color GREEN
327
            Display --indent 2 --text "- Testing swap partitions" --result "${STATUS_OK}" --color GREEN
328
            LogText "Result: all swap partitions have correct options (sw or swap)"
328
            LogText "Result: all swap partitions have correct options (sw or swap)"
329
        else
329
        else
330
            Display --indent 2 --text "- Testing swap partitions" --result "CHECK NEEDED" --color YELLOW
330
            Display --indent 2 --text "- Testing swap partitions" --result "${STATUS_CHECK_NEEDED}" --color YELLOW
331
            LogText "Result: possible incorrect mount options used for mounting swap partition (${FIND})"
331
            LogText "Result: possible incorrect mount options used for mounting swap partition (${FIND})"
332
            #ReportWarning "${TEST_NO}" "Possible incorrect mount options used for swap partition (${FIND})"
332
            #ReportWarning "${TEST_NO}" "Possible incorrect mount options used for swap partition (${FIND})"
333
            ReportSuggestion "${TEST_NO}" "Check your /etc/fstab file for swap partition mount options"
333
            ReportSuggestion "${TEST_NO}" "Check your /etc/fstab file for swap partition mount options"
Lines 339-344 Link Here
339
#
339
#
340
    # Test        : FILE-6344
340
    # Test        : FILE-6344
341
    # Description : Check proc mount options (Linux >=3.3 only)
341
    # Description : Check proc mount options (Linux >=3.3 only)
342
    #               hidepid textual values available kernel >= 5.8 only)
342
    # Examples    : proc /proc proc defaults,hidepid=2 0 0
343
    # Examples    : proc /proc proc defaults,hidepid=2 0 0
343
    # Goal        : Users should not be able to see processes of other users
344
    # Goal        : Users should not be able to see processes of other users
344
    if [ "${OS}" = "Linux" -a -f ${ROOTDIR}proc/version ]; then
345
    if [ "${OS}" = "Linux" -a -f ${ROOTDIR}proc/version ]; then
Lines 353-367 Link Here
353
    Register --test-no FILE-6344 --os Linux --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Checking proc mount options"
354
    Register --test-no FILE-6344 --os Linux --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Checking proc mount options"
354
    if [ ${SKIPTEST} -eq 0 ]; then
355
    if [ ${SKIPTEST} -eq 0 ]; then
355
        # Proc should be mounted with 'hidepid=2' or 'hidepid=1' at least
356
        # Proc should be mounted with 'hidepid=2' or 'hidepid=1' at least
357
        # https://www.kernel.org/doc/html/latest/filesystems/proc.html#chapter-4-configuring-procfs
356
        LogText "Test: check proc mount with incorrect mount options"
358
        LogText "Test: check proc mount with incorrect mount options"
357
        FIND=$(${MOUNTBINARY} | ${EGREPBINARY} "${ROOTDIR}proc " | ${EGREPBINARY} -o "hidepid=[0-9]")
359
        FIND=$(${MOUNTBINARY} | ${EGREPBINARY} "${ROOTDIR}proc " | ${EGREPBINARY} -o "hidepid=([0-9]|[a-z][a-z]*)")
358
        if [ "${FIND}" = "hidepid=2" ]; then
360
        if [ "${FIND}" = "hidepid=4" -o "${FIND}" = "hidepid=ptraceable" ]; then  # https://lwn.net/Articles/817137/
359
            Display --indent 2 --text "- Testing /proc mount (hidepid)" --result "${STATUS_OK}" --color GREEN
361
            Display --indent 2 --text "- Testing /proc mount (hidepid)" --result "${STATUS_OK}" --color GREEN
360
            LogText "Result: proc mount mounted with hidepid=2"
362
            LogText "Result: proc mount mounted with ${FIND}"
361
            AddHP 3 3
363
            AddHP 3 3
362
        elif [ "${FIND}" = "hidepid=1" ]; then
364
        elif [ "${FIND}" = "hidepid=2" -o "${FIND}" = "hidepid=invisible" ]; then
363
            Display --indent 2 --text "- Testing /proc mount (hidepid)" --result "${STATUS_OK}" --color GREEN
365
            Display --indent 2 --text "- Testing /proc mount (hidepid)" --result "${STATUS_OK}" --color GREEN
364
            LogText "Result: proc mount mounted with hidepid=1"
366
            LogText "Result: proc mount mounted with ${FIND}"
367
            AddHP 3 3
368
        elif [ "${FIND}" = "hidepid=1" -o "${FIND}" = "hidepid=noaccess" ]; then
369
            Display --indent 2 --text "- Testing /proc mount (hidepid)" --result "${STATUS_OK}" --color GREEN
370
            LogText "Result: proc mount mounted with ${FIND}"
365
            AddHP 2 3
371
            AddHP 2 3
366
        elif [ -z "${FIND}" ]; then
372
        elif [ -z "${FIND}" ]; then
367
            # HIDEPID1_SUGGESTION=" (or at least hidepid=1)"
373
            # HIDEPID1_SUGGESTION=" (or at least hidepid=1)"
Lines 535-541 Link Here
535
                if [ "${FIND}" = "defaults" ]; then
541
                if [ "${FIND}" = "defaults" ]; then
536
                    Display --indent 2 --text "- Mount options of /" --result "${STATUS_OK}" --color GREEN
542
                    Display --indent 2 --text "- Mount options of /" --result "${STATUS_OK}" --color GREEN
537
                else
543
                else
538
                    Display --indent 2 --text "- Mount options of /" --result "NON DEFAULT" --color YELLOW
544
                    Display --indent 2 --text "- Mount options of /" --result "${STATUS_NON_DEFAULT}" --color YELLOW
539
                fi
545
                fi
540
            else
546
            else
541
                LogText "Result: no mount point / or expected options found"
547
                LogText "Result: no mount point / or expected options found"
Lines 606-626 Link Here
606
                    done
612
                    done
607
                    if [ ${FULLY_HARDENED} -eq 1 ]; then
613
                    if [ ${FULLY_HARDENED} -eq 1 ]; then
608
                        LogText "Result: marked ${FILESYSTEM} as fully hardened"
614
                        LogText "Result: marked ${FILESYSTEM} as fully hardened"
609
                        Display --indent 2 --text "- Mount options of ${FILESYSTEM}" --result HARDENED --color GREEN
615
                        Display --indent 2 --text "- Mount options of ${FILESYSTEM}" --result "${STATUS_HARDENED}" --color GREEN
610
                        AddHP 5 5
616
                        AddHP 5 5
611
                    elif [ ${PARTIALLY_HARDENED} -eq 1 ]; then
617
                    elif [ ${PARTIALLY_HARDENED} -eq 1 ]; then
612
                        LogText "Result: marked ${FILESYSTEM} as partially hardened"
618
                        LogText "Result: marked ${FILESYSTEM} as partially hardened"
613
                        Display --indent 2 --text "- Mount options of ${FILESYSTEM}" --result "PARTIALLY HARDENED" --color YELLOW
619
                        Display --indent 2 --text "- Mount options of ${FILESYSTEM}" --result "${STATUS_PARTIALLY_HARDENED}" --color YELLOW
614
                        AddHP 4 5
620
                        AddHP 4 5
615
                    else
621
                    else
616
                        # if 
617
                        if ContainsString "defaults" "${FOUND_FLAGS}"; then
622
                        if ContainsString "defaults" "${FOUND_FLAGS}"; then
618
                            LogText "Result: marked ${FILESYSTEM} options as default (not hardened)"
623
                            LogText "Result: marked ${FILESYSTEM} options as default (not hardened)"
619
                            Display --indent 2 --text "- Mount options of ${FILESYSTEM}" --result DEFAULT --color YELLOW
624
                            Display --indent 2 --text "- Mount options of ${FILESYSTEM}" --result "${STATUS_DEFAULT}" --color YELLOW
620
                            AddHP 3 5
625
                            AddHP 3 5
621
                        else
626
                        else
622
                            LogText "Result: marked ${FILESYSTEM} options as non-default (unclear about hardening)"
627
                            LogText "Result: marked ${FILESYSTEM} options as non-default (unclear about hardening)"
623
                            Display --indent 2 --text "- Mount options of ${FILESYSTEM}" --result "NON DEFAULT" --color YELLOW
628
                            Display --indent 2 --text "- Mount options of ${FILESYSTEM}" --result "${STATUS_NON_DEFAULT}" --color YELLOW
624
                            AddHP 4 5
629
                            AddHP 4 5
625
                        fi
630
                        fi
626
                    fi
631
                    fi
Lines 629-639 Link Here
629
                fi
634
                fi
630
            done
635
            done
631
        fi
636
        fi
632
        NMOUNTS=$(mount | ${WCBINARY} --lines)
637
        NMOUNTS=$(mount | ${WCBINARY} -l)
633
        NDEVMOUNTS=$(mount | ${AWKBINARY} '{print $6}' | ${GREPBINARY} -v nodev | ${WCBINARY} --lines)
638
        NDEVMOUNTS=$(mount | ${AWKBINARY} '{print $6}' | ${GREPBINARY} -v nodev | ${WCBINARY} -l)
634
        NEXECMOUNTS=$(mount | ${AWKBINARY} '{print $6}' | ${GREPBINARY} -v noexec | ${WCBINARY} --lines)
639
        NEXECMOUNTS=$(mount | ${AWKBINARY} '{print $6}' | ${GREPBINARY} -v noexec | ${WCBINARY} -l)
635
        NSUIDMOUNTS=$(mount | ${AWKBINARY} '{print $6}' | ${GREPBINARY} -v nosuid | ${WCBINARY} --lines)
640
        NSUIDMOUNTS=$(mount | ${AWKBINARY} '{print $6}' | ${GREPBINARY} -v nosuid | ${WCBINARY} -l)
636
        NWRITEANDEXECMOUNTS=$(mount | ${AWKBINARY} '{print $6}' | ${GREPBINARY} -v noexec | ${EGREPBINARY} -v '^\(ro[,)]' | ${WCBINARY} --lines)
641
        NWRITEANDEXECMOUNTS=$(mount | ${AWKBINARY} '{print $6}' | ${GREPBINARY} -v noexec | ${EGREPBINARY} -v '^\(ro[,)]' | ${WCBINARY} -l)
637
        LogText "Result: Total without nodev:${NDEVMOUNTS} noexec:${NEXECMOUNTS} nosuid:${NSUIDMOUNTS} ro or noexec (W^X): ${NWRITEANDEXECMOUNTS}, of total ${NMOUNTS}"
642
        LogText "Result: Total without nodev:${NDEVMOUNTS} noexec:${NEXECMOUNTS} nosuid:${NSUIDMOUNTS} ro or noexec (W^X): ${NWRITEANDEXECMOUNTS}, of total ${NMOUNTS}"
638
        Display --indent 2 --text "- Total without nodev:${NDEVMOUNTS} noexec:${NEXECMOUNTS} nosuid:${NSUIDMOUNTS} ro or noexec (W^X): ${NWRITEANDEXECMOUNTS} of total ${NMOUNTS}"
643
        Display --indent 2 --text "- Total without nodev:${NDEVMOUNTS} noexec:${NEXECMOUNTS} nosuid:${NSUIDMOUNTS} ro or noexec (W^X): ${NWRITEANDEXECMOUNTS} of total ${NMOUNTS}"
639
    fi
644
    fi
Lines 653-659 Link Here
653
                    Display --indent 2 --text "- /var/tmp is bound to /tmp" --result "${STATUS_OK}" --color GREEN
658
                    Display --indent 2 --text "- /var/tmp is bound to /tmp" --result "${STATUS_OK}" --color GREEN
654
                    LogText "Result : /var/tmp is bind to /tmp"
659
                    LogText "Result : /var/tmp is bind to /tmp"
655
                else
660
                else
656
                    Display --indent 2 --text "- /var/tmp is not bound to /tmp" --result "NON DEFAULT" --color YELLOW
661
                    Display --indent 2 --text "- /var/tmp is not bound to /tmp" --result "${STATUS_NON_DEFAULT}" --color YELLOW
657
                    LogText "Result: /var/tmp is not bind to /tmp"
662
                    LogText "Result: /var/tmp is not bind to /tmp"
658
                fi
663
                fi
659
            else
664
            else
Lines 820-840 Link Here
820
                        LogText "Result: module ${FS} is currently not loaded in the kernel."
825
                        LogText "Result: module ${FS} is currently not loaded in the kernel."
821
                        AddHP 2 3
826
                        AddHP 2 3
822
                        if IsDebug; then Display --indent 6 --text "- Module ${FS} not loaded (lsmod)" --result OK --color GREEN; fi
827
                        if IsDebug; then Display --indent 6 --text "- Module ${FS} not loaded (lsmod)" --result OK --color GREEN; fi
823
                        FOUND=1
824
                        AVAILABLE_MODPROBE_FS="${AVAILABLE_MODPROBE_FS}${FS} "
825
                    else
828
                    else
826
                        LogText "Result: module ${FS} is loaded in the kernel"
829
                        LogText "Result: module ${FS} is loaded in the kernel"
827
                        Display --indent 4 --text "- Module $FS loaded in the kernel (lsmod)" --result "FOUND" --color WHITE
830
                        Display --indent 4 --text "- Module $FS loaded in the kernel (lsmod)" --result "FOUND" --color WHITE
831
                        FOUND=1
832
                        AVAILABLE_MODPROBE_FS="${AVAILABLE_MODPROBE_FS}${FS} "
828
                    fi
833
                    fi
829
                else
834
                else
830
                    AddHP 3 3
835
                    AddHP 3 3
831
                    if IsDebug; then Display --indent 6 --text "- Module ${FS} not present in the kernel" --result OK --color GREEN; fi
836
                    if IsDebug; then Display --indent 6 --text "- Module ${FS} not present in the kernel" --result OK --color GREEN; fi
832
                fi
837
                fi
833
                FIND1=$(${EGREPBINARY} "blacklist ${FS}" ${ROOTDIR}etc/modprobe.d/* | ${GREPBINARY} -v "#")
838
                FIND=$(${LSBINARY} ${ROOTDIR}etc/modprobe.d/* 2> /dev/null)
834
                FIND2=$(${EGREPBINARY} "install ${FS} /bin/true" ${ROOTDIR}etc/modprobe.d/* | ${GREPBINARY} -v "#")
839
                if [ -n "${FIND}" ]; then
835
                if [ -n "${FIND1}" ] || [ -n "${FIND2}" ]; then
840
                    FIND1=$(${EGREPBINARY} "^blacklist \+${FS}$" ${ROOTDIR}etc/modprobe.d/* | ${GREPBINARY} -v "#")
836
                    Display --indent 4 --text "- Module $FS is blacklisted" --result "OK" --color GREEN
841
                    FIND2=$(${EGREPBINARY} "^install \+${FS} \+/bin/true$" ${ROOTDIR}etc/modprobe.d/* | ${GREPBINARY} -v "#")
837
                    LogText "Result: module ${FS} is blacklisted"
842
                        if [ -n "${FIND1}" ] || [ -n "${FIND2}" ]; then
843
                            Display --indent 4 --text "- Module $FS is blacklisted" --result "OK" --color GREEN
844
                            LogText "Result: module ${FS} is blacklisted"
845
                        fi
838
                fi
846
                fi
839
            done
847
            done
840
            if [ ${FOUND} -eq 1 ]; then
848
            if [ ${FOUND} -eq 1 ]; then
(-)lynis-3.0.0/include/tests_firewalls (-5 / +7 lines)
Lines 6-12 Link Here
6
# ------------------
6
# ------------------
7
#
7
#
8
# Copyright 2007-2013, Michael Boelen
8
# Copyright 2007-2013, Michael Boelen
9
# Copyright 2007-2020, CISOfy
9
# Copyright 2007-2021, CISOfy
10
#
10
#
11
# Website  : https://cisofy.com
11
# Website  : https://cisofy.com
12
# Blog     : http://linux-audit.com
12
# Blog     : http://linux-audit.com
Lines 22-28 Link Here
22
#
22
#
23
#################################################################################
23
#################################################################################
24
#
24
#
25
    InsertSection "Software: firewalls"
25
    InsertSection "${SECTION_FIREWALLS}"
26
#
26
#
27
#################################################################################
27
#################################################################################
28
#
28
#
Lines 407-412 Link Here
407
    Register --test-no FIRE-4534 --weight L --os "macOS" --network NO --category security --description "Check for presence of outbound firewalls on macOS"
407
    Register --test-no FIRE-4534 --weight L --os "macOS" --network NO --category security --description "Check for presence of outbound firewalls on macOS"
408
    if [ ${SKIPTEST} -eq 0 ]; then
408
    if [ ${SKIPTEST} -eq 0 ]; then
409
409
410
        FOUND=0
411
410
        # Little Snitch Daemon (macOS)
412
        # Little Snitch Daemon (macOS)
411
        LogText "Test: checking process Little Snitch Daemon"
413
        LogText "Test: checking process Little Snitch Daemon"
412
        if IsRunning --full "Little Snitch Daemon"; then
414
        if IsRunning --full "Little Snitch Daemon"; then
Lines 504-510 Link Here
504
    Register --test-no FIRE-4540 --os Linux --preqs-met ${PREQS_MET} --weight L --network NO --root-only YES --category security --description "Check for empty nftables configuration"
506
    Register --test-no FIRE-4540 --os Linux --preqs-met ${PREQS_MET} --weight L --network NO --root-only YES --category security --description "Check for empty nftables configuration"
505
    if [ ${SKIPTEST} -eq 0 ]; then
507
    if [ ${SKIPTEST} -eq 0 ]; then
506
        # Check for empty ruleset
508
        # Check for empty ruleset
507
        NFT_RULES_LENGTH=$(${NFTBINARY} list ruleset --stateless 2> /dev/null | ${EGREPBINARY} -v "table|chain|;$|}$|^$" | ${WCBINARY} -l)
509
        NFT_RULES_LENGTH=$(${NFTBINARY} --stateless list ruleset 2> /dev/null | ${EGREPBINARY} -v "table|chain|;$|}$|^$" | ${WCBINARY} -l)
508
        if [ ${NFT_RULES_LENGTH} -le 3 ]; then
510
        if [ ${NFT_RULES_LENGTH} -le 3 ]; then
509
            FIREWALL_EMPTY_RULESET=1
511
            FIREWALL_EMPTY_RULESET=1
510
            LogText "Result: this firewall set has 3 rules or less and is considered to be empty"
512
            LogText "Result: this firewall set has 3 rules or less and is considered to be empty"
Lines 537-543 Link Here
537
    Register --test-no FIRE-4590 --weight L --network NO --category security --description "Check firewall status"
539
    Register --test-no FIRE-4590 --weight L --network NO --category security --description "Check firewall status"
538
    if [ ${SKIPTEST} -eq 0 ]; then
540
    if [ ${SKIPTEST} -eq 0 ]; then
539
        if [ ${FIREWALL_ACTIVE} -eq 1 ]; then
541
        if [ ${FIREWALL_ACTIVE} -eq 1 ]; then
540
            Display --indent 2 --text "- Checking host based firewall" --result "ACTIVE" --color GREEN
542
            Display --indent 2 --text "- Checking host based firewall" --result "${STATUS_ACTIVE}" --color GREEN
541
            LogText "Result: host based firewall or packet filter is active"
543
            LogText "Result: host based firewall or packet filter is active"
542
            Report "manual[]=Verify if there is a formal process for testing and applying firewall rules"
544
            Report "manual[]=Verify if there is a formal process for testing and applying firewall rules"
543
            Report "manual[]=Verify all traffic is filtered the right way between the different security zones"
545
            Report "manual[]=Verify all traffic is filtered the right way between the different security zones"
Lines 546-552 Link Here
546
            Report "manual[]=Make sure an explicit deny all is the default policy for all unmatched traffic"
548
            Report "manual[]=Make sure an explicit deny all is the default policy for all unmatched traffic"
547
            AddHP 5 5
549
            AddHP 5 5
548
        else
550
        else
549
            Display --indent 2 --text "- Checking host based firewall" --result "NOT ACTIVE" --color YELLOW
551
            Display --indent 2 --text "- Checking host based firewall" --result "${STATUS_NOT_ACTIVE}" --color YELLOW
550
            LogText "Result: no host based firewall/packet filter found or configured"
552
            LogText "Result: no host based firewall/packet filter found or configured"
551
            ReportSuggestion "${TEST_NO}" "Configure a firewall/packet filter to filter incoming and outgoing traffic"
553
            ReportSuggestion "${TEST_NO}" "Configure a firewall/packet filter to filter incoming and outgoing traffic"
552
            AddHP 0 5
554
            AddHP 0 5
(-)lynis-3.0.0/include/tests_hardening (-2 / +23 lines)
Lines 6-12 Link Here
6
# ------------------
6
# ------------------
7
#
7
#
8
# Copyright 2007-2013, Michael Boelen
8
# Copyright 2007-2013, Michael Boelen
9
# Copyright 2007-2020, CISOfy
9
# Copyright 2007-2021, CISOfy
10
#
10
#
11
# Website  : https://cisofy.com
11
# Website  : https://cisofy.com
12
# Blog     : http://linux-audit.com
12
# Blog     : http://linux-audit.com
Lines 18-24 Link Here
18
#
18
#
19
#################################################################################
19
#################################################################################
20
#
20
#
21
    InsertSection "Hardening"
21
    InsertSection "${SECTION_HARDENING}"
22
22
23
    # COMPILER_INSTALLED is initialized before
23
    # COMPILER_INSTALLED is initialized before
24
    HARDEN_COMPILERS_NEEDED=0
24
    HARDEN_COMPILERS_NEEDED=0
Lines 102-107 Link Here
102
            ReportSuggestion "${TEST_NO}" "Harden the system by installing at least one malware scanner, to perform periodic file system scans" "-" "Install a tool like rkhunter, chkrootkit, OSSEC"
102
            ReportSuggestion "${TEST_NO}" "Harden the system by installing at least one malware scanner, to perform periodic file system scans" "-" "Install a tool like rkhunter, chkrootkit, OSSEC"
103
            AddHP 1 3
103
            AddHP 1 3
104
            LogText "Result: no malware scanner found"
104
            LogText "Result: no malware scanner found"
105
        fi
106
    fi
107
#
108
#################################################################################
109
#
110
    # Test        : HRDN-7231
111
    # Description : Check for registered non-native binary formats
112
    Register --test-no HRDN-7231  --os Linux --weight L --network NO --category security --description "Check for registered non-native binary formats"
113
    if [ ${SKIPTEST} -eq 0 ]; then
114
        LogText "Test: Check for registered non-native binary formats"
115
        NFORMATS=0
116
        if [ -d /proc/sys/fs/binfmt_misc ]; then
117
            NFORMATS=$(${FINDBINARY} /proc/sys/fs/binfmt_misc -type f -not -name register -not -name status | ${WCBINARY} -l)
118
        fi
119
        if [ ${NFORMATS} -eq 0 ]; then
120
            LogText "Result: no non-native binary formats found"
121
            Display --indent 4 --text "- Non-native binary formats" --result "${STATUS_NOT_FOUND}" --color GREEN
122
        else
123
            FORMATS=$(${FINDBINARY} /proc/sys/fs/binfmt_misc -type f -not -name register -not -name status -printf '%f ')
124
            LogText "Result: found ${NFORMATS} non-native binary formats registered: ${FORMATS}"
125
            Display --indent 4 --text "- Non-native binary formats" --result "${STATUS_FOUND}" --color RED
105
        fi
126
        fi
106
    fi
127
    fi
107
#
128
#
(-)lynis-3.0.0/include/tests_homedirs (-2 / +2 lines)
Lines 6-12 Link Here
6
# ------------------
6
# ------------------
7
#
7
#
8
# Copyright 2007-2013, Michael Boelen
8
# Copyright 2007-2013, Michael Boelen
9
# Copyright 2007-2020, CISOfy
9
# Copyright 2007-2021, CISOfy
10
#
10
#
11
# Website  : https://cisofy.com
11
# Website  : https://cisofy.com
12
# Blog     : http://linux-audit.com
12
# Blog     : http://linux-audit.com
Lines 22-28 Link Here
22
#
22
#
23
#################################################################################
23
#################################################################################
24
#
24
#
25
    InsertSection "Home directories"
25
    InsertSection "${SECTION_HOME_DIRECTORIES}"
26
#
26
#
27
#################################################################################
27
#################################################################################
28
#
28
#
(-)lynis-3.0.0/include/tests_insecure_services (-7 / +7 lines)
Lines 6-12 Link Here
6
# ------------------
6
# ------------------
7
#
7
#
8
# Copyright 2007-2013, Michael Boelen
8
# Copyright 2007-2013, Michael Boelen
9
# Copyright 2007-2020, CISOfy
9
# Copyright 2007-2021, CISOfy
10
#
10
#
11
# Website  : https://cisofy.com
11
# Website  : https://cisofy.com
12
# Blog     : http://linux-audit.com
12
# Blog     : http://linux-audit.com
Lines 22-28 Link Here
22
#
22
#
23
#################################################################################
23
#################################################################################
24
#
24
#
25
    InsertSection "Insecure services"
25
    InsertSection "${SECTION_INSECURE_SERVICES}"
26
#
26
#
27
#################################################################################
27
#################################################################################
28
#
28
#
Lines 63-73 Link Here
63
        LogText "Test: Searching for active inet daemon"
63
        LogText "Test: Searching for active inet daemon"
64
        if IsRunning "inetd"; then
64
        if IsRunning "inetd"; then
65
            LogText "Result: inetd is running"
65
            LogText "Result: inetd is running"
66
            Display --indent 4 --text "- inetd status" --result "ACTIVE" --color GREEN
66
            Display --indent 4 --text "- inetd status" --result "${STATUS_ACTIVE}" --color GREEN
67
            INETD_ACTIVE=1
67
            INETD_ACTIVE=1
68
        else
68
        else
69
            LogText "Result: inetd is NOT running"
69
            LogText "Result: inetd is NOT running"
70
            Display --indent 4 --text "- inetd status" --result "NOT ACTIVE" --color GREEN
70
            Display --indent 4 --text "- inetd status" --result "${STATUS_NOT_ACTIVE}" --color GREEN
71
        fi
71
        fi
72
    fi
72
    fi
73
#
73
#
Lines 158-168 Link Here
158
        LogText "Test: Searching for active extended internet services daemon (xinetd)"
158
        LogText "Test: Searching for active extended internet services daemon (xinetd)"
159
        if IsRunning "xinetd"; then
159
        if IsRunning "xinetd"; then
160
            LogText "Result: xinetd is running"
160
            LogText "Result: xinetd is running"
161
            Display --indent 4 --text "- xinetd status" --result "ACTIVE" --color GREEN
161
            Display --indent 4 --text "- xinetd status" --result "${STATUS_ACTIVE}" --color GREEN
162
            XINETD_ACTIVE=1
162
            XINETD_ACTIVE=1
163
        else
163
        else
164
            LogText "Result: xinetd is NOT running"
164
            LogText "Result: xinetd is NOT running"
165
            Display --indent 4 --text "- xinetd status" --result "NOT ACTIVE" --color GREEN
165
            Display --indent 4 --text "- xinetd status" --result "${STATUS_NOT_ACTIVE}" --color GREEN
166
        fi
166
        fi
167
    fi
167
    fi
168
#
168
#
Lines 385-391 Link Here
385
        if [ ${FOUND} -eq 1 ]; then
385
        if [ ${FOUND} -eq 1 ]; then
386
            LogText "Result: telnet server is installed"
386
            LogText "Result: telnet server is installed"
387
            Display --indent 2 --text "- Installed telnet server package" --result "${STATUS_FOUND}" --color YELLOW
387
            Display --indent 2 --text "- Installed telnet server package" --result "${STATUS_FOUND}" --color YELLOW
388
            ReportSuggestion "${TEST_NO}" "Removing the ${FOUND} package and replace with SSH when possible"
388
            ReportSuggestion "${TEST_NO}" "Removing the telnet server package and replace with SSH when possible"
389
            Report "insecure_service[]=telnet-server"
389
            Report "insecure_service[]=telnet-server"
390
        else
390
        else
391
            LogText "Result: telnet server is NOT installed"
391
            LogText "Result: telnet server is NOT installed"
(-)lynis-3.0.0/include/tests_kernel (-125 / +168 lines)
Lines 6-12 Link Here
6
# ------------------
6
# ------------------
7
#
7
#
8
# Copyright 2007-2013, Michael Boelen
8
# Copyright 2007-2013, Michael Boelen
9
# Copyright 2007-2020, CISOfy
9
# Copyright 2007-2021, CISOfy
10
#
10
#
11
# Website  : https://cisofy.com
11
# Website  : https://cisofy.com
12
# Blog     : http://linux-audit.com
12
# Blog     : http://linux-audit.com
Lines 22-28 Link Here
22
#
22
#
23
#################################################################################
23
#################################################################################
24
#
24
#
25
    InsertSection "Kernel"
25
    InsertSection "${SECTION_KERNEL}"
26
#
26
#
27
#################################################################################
27
#################################################################################
28
#
28
#
Lines 81-87 Link Here
81
                fi
81
                fi
82
            else
82
            else
83
                LogText "Result: file ${ROOTDIR}etc/inittab not found"
83
                LogText "Result: file ${ROOTDIR}etc/inittab not found"
84
                if [ "${LINUX_VERSION}" = "Debian" -o "${LINUX_VERSION}" = "Ubuntu" ]; then
84
                if [ "${LINUX_VERSION}" = "Debian" ] || [ "${LINUX_VERSION}" = "Ubuntu" ] || [ "${LINUX_VERSION_LIKE}" = "Debian" ] || [ "${LINUX_VERSION_LIKE}" = "Ubuntu" ]; then
85
                    LogText "Test: Checking run level with who -r, for Debian based systems"
85
                    LogText "Test: Checking run level with who -r, for Debian based systems"
86
                    FIND=$(who -r | ${AWKBINARY} '{ if ($1=="run-level") { print $2 } }')
86
                    FIND=$(who -r | ${AWKBINARY} '{ if ($1=="run-level") { print $2 } }')
87
                    if HasData "${FIND}"; then
87
                    if HasData "${FIND}"; then
Lines 103-109 Link Here
103
    # Description : Check CPU options and support (PAE, No eXecute, eXecute Disable)
103
    # Description : Check CPU options and support (PAE, No eXecute, eXecute Disable)
104
    # More info   : pae and nx bit are both visible on AMD and Intel CPU's if supported
104
    # More info   : pae and nx bit are both visible on AMD and Intel CPU's if supported
105
105
106
    Register --test-no KRNL-5677 --platform x86_64 --os Linux --weight L --network NO --category security --description "Check CPU options and support"
106
    Register --test-no KRNL-5677 --platform "x86_64 amd64" --os "Linux NetBSD" --weight L --network NO --category security --description "Check CPU options and support"
107
    if [ ${SKIPTEST} -eq 0 ]; then
107
    if [ ${SKIPTEST} -eq 0 ]; then
108
        Display --indent 2 --text "- Checking CPU support (NX/PAE)"
108
        Display --indent 2 --text "- Checking CPU support (NX/PAE)"
109
        LogText "Test: Checking /proc/cpuinfo"
109
        LogText "Test: Checking /proc/cpuinfo"
Lines 235-246 Link Here
235
    Register --test-no KRNL-5728 --os Linux --weight L --network NO --category security --description "Checking Linux kernel config"
235
    Register --test-no KRNL-5728 --os Linux --weight L --network NO --category security --description "Checking Linux kernel config"
236
    if [ ${SKIPTEST} -eq 0 ]; then
236
    if [ ${SKIPTEST} -eq 0 ]; then
237
        CHECKFILE="${ROOTDIR}boot/config-$(uname -r)"
237
        CHECKFILE="${ROOTDIR}boot/config-$(uname -r)"
238
        CHECKFILE_ZIPPED="${ROOTDIR}proc/config.gz"
238
        if [ -f ${CHECKFILE} ]; then
239
        if [ -f ${CHECKFILE} ]; then
239
            LINUXCONFIGFILE="${CHECKFILE}"
240
            LINUXCONFIGFILE="${CHECKFILE}"
240
            LogText "Result: found config (${LINUXCONFIGFILE})"
241
            LogText "Result: found config (${LINUXCONFIGFILE})"
241
            Display --indent 2 --text "- Checking Linux kernel configuration file" --result "${STATUS_FOUND}" --color GREEN
242
            Display --indent 2 --text "- Checking Linux kernel configuration file" --result "${STATUS_FOUND}" --color GREEN
242
        elif [ -f ${ROOTDIR}proc/config.gz ]; then
243
        elif [ -f ${CHECKFILE_ZIPPED} ]; then
243
            LINUXCONFIGFILE="${CHECKFILE}"
244
            LINUXCONFIGFILE="${CHECKFILE_ZIPPED}"
244
            LINUXCONFIGFILE_ZIPPED=1
245
            LINUXCONFIGFILE_ZIPPED=1
245
            LogText "Result: found config: ${ROOTDIR}proc/config.gz (compressed)"
246
            LogText "Result: found config: ${ROOTDIR}proc/config.gz (compressed)"
246
            Display --indent 2 --text "- Checking Linux kernel configuration file" --result "${STATUS_FOUND}" --color GREEN
247
            Display --indent 2 --text "- Checking Linux kernel configuration file" --result "${STATUS_FOUND}" --color GREEN
Lines 367-375 Link Here
367
#
368
#
368
    # Test        : KRNL-5788
369
    # Test        : KRNL-5788
369
    # Description : Checking availability new kernel
370
    # Description : Checking availability new kernel
370
    if [ "${LINUX_VERSION}" = "Debian" -o "${LINUX_VERSION}" = "Ubuntu" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
371
    if [ "${LINUX_VERSION}" = "Debian" ] || [ "${LINUX_VERSION}" = "Ubuntu" ] || [ "${LINUX_VERSION_LIKE}" = "Debian" ] || [ "${LINUX_VERSION_LIKE}" = "Ubuntu" ]; then
372
        PREQS_MET="YES"
373
    else
374
        PREQS_MET="NO"
375
    fi
371
    Register --test-no KRNL-5788 --os Linux --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Checking availability new Linux kernel"
376
    Register --test-no KRNL-5788 --os Linux --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Checking availability new Linux kernel"
372
    if [ ${SKIPTEST} -eq 0 ]; then
377
    if [ ${SKIPTEST} -eq 0 ]; then
378
        FINDKERNEL=""
373
        HAS_VMLINUZ=0
379
        HAS_VMLINUZ=0
374
        LogText "Test: Searching apt-cache, to determine if a newer kernel is available"
380
        LogText "Test: Searching apt-cache, to determine if a newer kernel is available"
375
        if [ -x ${ROOTDIR}usr/bin/apt-cache ]; then
381
        if [ -x ${ROOTDIR}usr/bin/apt-cache ]; then
Lines 378-439 Link Here
378
            if [ -f ${ROOTDIR}vmlinuz -o -f ${ROOTDIR}boot/vmlinuz ]; then
384
            if [ -f ${ROOTDIR}vmlinuz -o -f ${ROOTDIR}boot/vmlinuz ]; then
379
                HAS_VMLINUZ=1
385
                HAS_VMLINUZ=1
380
                if [ -f ${ROOTDIR}vmlinuz ]; then
386
                if [ -f ${ROOTDIR}vmlinuz ]; then
381
                    FINDVMLINUZ=${ROOTDIR}vmlinuz
387
                    FINDVMLINUZ="${ROOTDIR}vmlinuz"
382
                else
388
                else
383
                    FINDVMLINUZ=${ROOTDIR}boot/vmlinuz
389
                    FINDVMLINUZ="${ROOTDIR}boot/vmlinuz"
384
                fi
390
                fi
385
                LogText "Result: found ${FINDVMLINUZ}"
391
                LogText "Result: found ${FINDVMLINUZ}"
386
                LogText "Test: checking readlink location of ${FINDVMLINUZ}"
392
                LogText "Test: checking readlink location of ${FINDVMLINUZ}"
387
                FINDKERNFILE=$(readlink -f ${FINDVMLINUZ})
393
                FINDKERNFILE=$(readlink -f ${FINDVMLINUZ})
388
                LogText "Output: readlink reported file ${FINDKERNFILE}"
394
                LogText "Output: readlink reported file ${FINDKERNFILE}"
389
                LogText "Test: checking package from dpkg -S"
395
                LogText "Test: checking relevant package using output from dpkg -S"
390
                FINDKERNEL=$(dpkg -S ${FINDKERNFILE} 2> /dev/null | ${AWKBINARY} -F : '{print $1}')
396
                FINDKERNEL=$(dpkg -S ${FINDKERNFILE} 2> /dev/null | ${AWKBINARY} -F : '{print $1}')
391
                LogText "Output: dpkg -S reported package ${FINDKERNEL}"
397
                LogText "Output: dpkg -S reported package ${FINDKERNEL}"
392
            elif [ -e ${ROOTDIR}dev/grsec ]; then
398
            elif [ -e ${ROOTDIR}dev/grsec ]; then
393
                FINDKERNEL=linux-image-$(uname -r)
399
                FINDKERNEL="linux-image-$(uname -r)"
394
                LogText "Result: ${ROOTDIR}vmlinuz missing due to grsecurity; assuming ${FINDKERNEL}"
400
                LogText "Result: ${ROOTDIR}vmlinuz missing due to grsecurity; assuming ${FINDKERNEL}"
395
            elif [ -e ${ROOTDIR}etc/rpi-issue ]; then
401
            elif [ -e ${ROOTDIR}etc/rpi-issue ]; then
396
                FINDKERNEL=raspberrypi-kernel
402
                FINDKERNEL="raspberrypi-kernel"
397
                LogText "Result: ${ROOTDIR}vmlinuz missing due to Raspbian"
403
                LogText "Result: ${ROOTDIR}vmlinuz missing due to Raspbian"
398
            elif `${EGREPBINARY} -q 'do_symlinks.*=.*No' ${ROOTDIR}etc/kernel-img.conf`; then
404
            elif $(${EGREPBINARY} -q 'do_symlinks.*=.*No' ${ROOTDIR}etc/kernel-img.conf); then
399
                FINDKERNEL=linux-image-$(uname -r)
405
                FINDKERNEL="linux-image-$(uname -r)"
400
                LogText "Result: ${ROOTDIR}vmlinuz missing due to /etc/kernel-img.conf item do_symlinks = No"
406
                LogText "Result: ${ROOTDIR}vmlinuz missing due to /etc/kernel-img.conf item do_symlinks = No"
401
            else
407
            else
402
                LogText "This system is missing ${ROOTDIR}vmlinuz or ${ROOTDIR}boot/vmlinuz.  Unable to check whether kernel is up-to-date."
408
                LogText "This system is missing ${ROOTDIR}vmlinuz or ${ROOTDIR}boot/vmlinuz. Unable to check whether kernel is up-to-date."
403
                ReportSuggestion "${TEST_NO}" "Determine why ${ROOTDIR}vmlinuz or ${ROOTDIR}boot/vmlinuz is missing on this Debian/Ubuntu system." "/vmlinuz or /boot/vmlinuz"
409
                ReportSuggestion "${TEST_NO}" "Determine why ${ROOTDIR}vmlinuz or ${ROOTDIR}boot/vmlinuz is missing on this Debian/Ubuntu system." "/vmlinuz or /boot/vmlinuz"
404
            fi
410
            fi
405
            LogText "Test: Using apt-cache policy to determine if there is an update available"
411
406
            FINDINST=$(apt-cache policy ${FINDKERNEL} | ${EGREPBINARY} 'Installed' | ${CUTBINARY} -d ':' -f2 | ${TRBINARY} -d ' ')
412
            if IsEmpty "${FINDKERNEL}"; then
407
            FINDCAND=$(apt-cache policy ${FINDKERNEL} | ${EGREPBINARY} 'Candidate' | ${CUTBINARY} -d ':' -f2 | ${TRBINARY} -d ' ')
413
                LogText "Result: could not check kernel update status as kernel is unknown"
408
            LogText "Kernel installed: ${FINDINST}"
409
            LogText "Kernel candidate: ${FINDCAND}"
410
            if IsEmpty "${FINDINST}"; then
411
                Display --indent 2 --text "- Checking for available kernel update" --result "${STATUS_UNKNOWN}" --color YELLOW
412
                LogText "Result: Exception occurred, no output from apt-cache policy"
413
                if [ ${HAS_VMLINUZ} -eq 1 ]; then
414
                    ReportException "${TEST_NO}:01"
415
                    ReportSuggestion "${TEST_NO}" "Check the output of apt-cache policy to determine why its output is empty"
416
                fi
417
                LogText "Result: apt-cache policy did not return an installed kernel version"
418
            else
414
            else
419
                if [ "${FINDINST}" = "${FINDCAND}" ]; then
415
                LogText "Result: found kernel '${FINDKERNEL}' which will be used for further testing"
420
                    if [ -e /dev/grsec ]; then
416
                LogText "Test: Using apt-cache policy to determine if there is an update available"
421
                        Display --indent 2 --text "- Checking for available kernel update" --result GRSEC --color GREEN
417
                FINDINSTALLED=$(apt-cache policy ${FINDKERNEL} | ${EGREPBINARY} 'Installed' | ${CUTBINARY} -d ':' -f2 | ${TRBINARY} -d ' ')
422
                        LogText "Result: Grsecurity is installed; unable to determine if there's a newer kernel available"
418
                FINDCANDIDATE=$(apt-cache policy ${FINDKERNEL} | ${EGREPBINARY} 'Candidate' | ${CUTBINARY} -d ':' -f2 | ${TRBINARY} -d ' ')
423
                        ReportManual "Manually check to confirm you're using a recent kernel and grsecurity patch"
419
                LogText "Kernel installed: ${FINDINSTALLED}"
424
                    else
420
                LogText "Kernel candidate: ${FINDCANDIDATE}"
425
                        Display --indent 2 --text "- Checking for available kernel update" --result "${STATUS_OK}" --color GREEN
421
                if IsEmpty "${FINDINSTALLED}"; then
426
                        LogText "Result: no kernel update available"
422
                    Display --indent 2 --text "- Checking for available kernel update" --result "${STATUS_UNKNOWN}" --color YELLOW
423
                    LogText "Result: Exception occurred, no output from apt-cache policy"
424
                    if [ ${HAS_VMLINUZ} -eq 1 ]; then
425
                        ReportException "${TEST_NO}:01" "Found vmlinuz (${FINDVMLINUZ}) but could not determine the installed kernel using apt-cache policy"
426
                        ReportSuggestion "${TEST_NO}" "Check the output of apt-cache policy to determine why its output is empty"
427
                    fi
427
                    fi
428
                    LogText "Result: apt-cache policy did not return an installed kernel version"
428
                else
429
                else
429
                    Display --indent 2 --text "- Checking for available kernel update" --result "UPDATE AVAILABLE" --color YELLOW
430
                    if [ "${FINDINSTALLED}" = "${FINDCANDIDATE}" ]; then
430
                    LogText "Result: kernel update available according 'apt-cache policy'."
431
                        if [ -e /dev/grsec ]; then
431
                    ReportSuggestion "${TEST_NO}" "Determine priority for available kernel update"
432
                            Display --indent 2 --text "- Checking for available kernel update" --result GRSEC --color GREEN
433
                            LogText "Result: Grsecurity is installed; unable to determine if there's a newer kernel available"
434
                            ReportManual "Manually check to confirm you're using a recent kernel and grsecurity patch"
435
                        else
436
                            Display --indent 2 --text "- Checking for available kernel update" --result "${STATUS_OK}" --color GREEN
437
                            LogText "Result: no kernel update available"
438
                        fi
439
                    else
440
                        Display --indent 2 --text "- Checking for available kernel update" --result "UPDATE AVAILABLE" --color YELLOW
441
                        LogText "Result: kernel update available according 'apt-cache policy'."
442
                        ReportSuggestion "${TEST_NO}" "Determine priority for available kernel update"
443
                    fi
432
                fi
444
                fi
433
            fi
445
            fi
434
        else
446
        else
435
            LogText "Result: could NOT find /usr/bin/apt-cache, skipped other tests."
447
            LogText "Result: could NOT find ${ROOTDIR}usr/bin/apt-cache, skipped other tests."
436
        fi
448
        fi
449
        unset FINDCANDIDATE FINDINSTALLED FINDKERNEL HAS_VMLINUZ
437
    fi
450
    fi
438
#
451
#
439
#################################################################################
452
#################################################################################
Lines 457-465 Link Here
457
            # check conf files in possibly existing coredump.conf.d folders 
470
            # check conf files in possibly existing coredump.conf.d folders 
458
            # using find instead of grep -r to stay POSIX compliant. On AIX and HPUX grep -r is not available.
471
            # using find instead of grep -r to stay POSIX compliant. On AIX and HPUX grep -r is not available.
459
            # while there could be multiple files overwriting each other, we are checking the number of occurrences
472
            # while there could be multiple files overwriting each other, we are checking the number of occurrences
460
            SYSD_CORED_SUB_PROCSIZEMAX_NR_DISABLED=$(${FINDBINARY} /etc/systemd/coredump.conf.d/ /run/systemd/coredump.conf.d/ /usr/lib/systemd/coredump.conf.d/ -type f -iname "*.conf" -exec ${SEDBINARY} 's/^ *//g' {} \; 2> /dev/null | ${GREPBINARY} -i "^ProcessSizeMax=" | ${CUTBINARY} -d'=' -f2 | ${SEDBINARY} 's/ .*$//g ; s/\([A-Z][a-z]*\)*$//g' | ${GREPBINARY} "^0 *$" | ${WCBINARY} -l)
473
            SYSD_CORED_SUB_PROCSIZEMAX_NR_DISABLED=$(${FINDBINARY} -L /etc/systemd/coredump.conf.d/ /run/systemd/coredump.conf.d/ /usr/lib/systemd/coredump.conf.d/ -type f -iname "*.conf" -exec ${SEDBINARY} 's/^ *//g' {} \; 2> /dev/null | ${GREPBINARY} -i "^ProcessSizeMax=" | ${CUTBINARY} -d'=' -f2 | ${SEDBINARY} 's/ .*$//g ; s/\([A-Z][a-z]*\)*$//g' | ${GREPBINARY} "^0 *$" | ${WCBINARY} -l)
461
            SYSD_CORED_SUB_PROCSIZEMAX_NR_ENABLED=$(${FINDBINARY} /etc/systemd/coredump.conf.d/ /run/systemd/coredump.conf.d/ /usr/lib/systemd/coredump.conf.d/ -type f -iname "*.conf" -exec ${SEDBINARY} 's/^ *//g' {} \; 2> /dev/null | ${GREPBINARY} -i "^ProcessSizeMax=" | ${CUTBINARY} -d'=' -f2 | ${SEDBINARY} 's/ .*$//g ; s/\([A-Z][a-z]*\)*$//g' | ${GREPBINARY} -v "^0 *$" | ${WCBINARY} -l)
474
            SYSD_CORED_SUB_PROCSIZEMAX_NR_ENABLED=$(${FINDBINARY} -L /etc/systemd/coredump.conf.d/ /run/systemd/coredump.conf.d/ /usr/lib/systemd/coredump.conf.d/ -type f -iname "*.conf" -exec ${SEDBINARY} 's/^ *//g' {} \; 2> /dev/null | ${GREPBINARY} -i "^ProcessSizeMax=" | ${CUTBINARY} -d'=' -f2 | ${SEDBINARY} 's/ .*$//g ; s/\([A-Z][a-z]*\)*$//g' | ${GREPBINARY} -v "^0 *$" | ${WCBINARY} -l)
462
            SYSD_CORED_SUB_STORAGE_FOUND=$(${FINDBINARY} /etc/systemd/coredump.conf.d/ /run/systemd/coredump.conf.d/ /usr/lib/systemd/coredump.conf.d/ -type f -iname "*.conf" -exec ${SEDBINARY} 's/^ *//g' {} \; 2> /dev/null | ${GREPBINARY} -i "^Storage=" | ${CUTBINARY} -d'=' -f2 | ${SEDBINARY} 's/ .*$//g')
475
            SYSD_CORED_SUB_STORAGE_FOUND=$(${FINDBINARY} -L /etc/systemd/coredump.conf.d/ /run/systemd/coredump.conf.d/ /usr/lib/systemd/coredump.conf.d/ -type f -iname "*.conf" -exec ${SEDBINARY} 's/^ *//g' {} \; 2> /dev/null | ${GREPBINARY} -i "^Storage=" | ${CUTBINARY} -d'=' -f2 | ${SEDBINARY} 's/ .*$//g')
463
            SYSD_CORED_SUB_STORAGE_NR_ENABLED=$(${ECHOCMD} "${SYSD_CORED_SUB_STORAGE_FOUND}" | ${SEDBINARY} 's/none//g' | ${WCBINARY} | ${AWKBINARY} '{print $2}')
476
            SYSD_CORED_SUB_STORAGE_NR_ENABLED=$(${ECHOCMD} "${SYSD_CORED_SUB_STORAGE_FOUND}" | ${SEDBINARY} 's/none//g' | ${WCBINARY} | ${AWKBINARY} '{print $2}')
464
            SYSD_CORED_SUB_STORAGE_NR_DISABLED=$(${ECHOCMD} "${SYSD_CORED_SUB_STORAGE_FOUND}" | ${GREPBINARY} -o "none" | ${WCBINARY} | ${AWKBINARY} '{print $2}')
477
            SYSD_CORED_SUB_STORAGE_NR_DISABLED=$(${ECHOCMD} "${SYSD_CORED_SUB_STORAGE_FOUND}" | ${GREPBINARY} -o "none" | ${WCBINARY} | ${AWKBINARY} '{print $2}')
465
            if ( [ ${SYSD_CORED_BASE_PROCSIZEMAX_NR_DISABLED} -ge 1 ] && [ ${SYSD_CORED_BASE_STORAGE_NR_DISABLED} -ge 1 ] && [ ${SYSD_CORED_SUB_PROCSIZEMAX_NR_ENABLED} -eq 0 ] && [ ${SYSD_CORED_SUB_STORAGE_NR_ENABLED} -eq 0 ] ) || \
478
            if ( [ ${SYSD_CORED_BASE_PROCSIZEMAX_NR_DISABLED} -ge 1 ] && [ ${SYSD_CORED_BASE_STORAGE_NR_DISABLED} -ge 1 ] && [ ${SYSD_CORED_SUB_PROCSIZEMAX_NR_ENABLED} -eq 0 ] && [ ${SYSD_CORED_SUB_STORAGE_NR_ENABLED} -eq 0 ] ) || \
Lines 484-496 Link Here
484
                 ( [ ${SYSD_CORED_BASE_PROCSIZEMAX_NR_ENABLED} -ge 1 ] && [ ${SYSD_CORED_SUB_STORAGE_NR_ENABLED} -ge 1 ] ) || \
497
                 ( [ ${SYSD_CORED_BASE_PROCSIZEMAX_NR_ENABLED} -ge 1 ] && [ ${SYSD_CORED_SUB_STORAGE_NR_ENABLED} -ge 1 ] ) || \
485
                 ( [ ${SYSD_CORED_BASE_STORAGE_NR_ENABLED} -ge 1 ] && [ ${SYSD_CORED_SUB_PROCSIZEMAX_NR_ENABLED} -ge 1 ] ) || \
498
                 ( [ ${SYSD_CORED_BASE_STORAGE_NR_ENABLED} -ge 1 ] && [ ${SYSD_CORED_SUB_PROCSIZEMAX_NR_ENABLED} -ge 1 ] ) || \
486
                 ( [ ${SYSD_CORED_SUB_PROCSIZEMAX_NR_ENABLED} -ge 1 ] && [ ${SYSD_CORED_SUB_STORAGE_NR_ENABLED} -ge 1 ] ); then
499
                 ( [ ${SYSD_CORED_SUB_PROCSIZEMAX_NR_ENABLED} -ge 1 ] && [ ${SYSD_CORED_SUB_STORAGE_NR_ENABLED} -ge 1 ] ); then
487
                LogText "Result: core dumps are explicitely enabled in systemd configuration files"
500
                LogText "Result: core dumps are explicitly enabled in systemd configuration files"
488
                ReportSuggestion "${TEST_NO}" "If not required, consider explicit disabling of core dump in ${ROOTDIR}etc/systemd/coredump.conf ('ProcessSizeMax=0', 'Storage=none')"
501
                ReportSuggestion "${TEST_NO}" "If not required, consider explicit disabling of core dump in ${ROOTDIR}etc/systemd/coredump.conf ('ProcessSizeMax=0', 'Storage=none')"
489
                Display --indent 4 --text "- configuration in systemd conf files" --result "${STATUS_ENABLED}" --color RED
502
                Display --indent 4 --text "- configuration in systemd conf files" --result "${STATUS_ENABLED}" --color RED
490
                AddHP 0 1
503
                AddHP 0 1
491
            else
504
            else
492
                LogText "Result: core dumps are not disabled in systemd configuration. Didn't find settings 'ProcessSizeMax=0' and 'Storage=none'"
505
                LogText "Result: core dumps are not disabled in systemd configuration. Didn't find settings 'ProcessSizeMax=0' and 'Storage=none'"
493
                Display --indent 4 --text "- configuration in systemd conf files" --result "DEFAULT" --color WHITE
506
                Display --indent 4 --text "- configuration in systemd conf files" --result "${STATUS_DEFAULT}" --color WHITE
494
                AddHP 0 1
507
                AddHP 0 1
495
            fi
508
            fi
496
        fi
509
        fi
Lines 500-580 Link Here
500
            LogText "Test: Checking if 'ulimit -c 0' exists in ${ROOTDIR}etc/profile or ${ROOTDIR}etc/profile.d/*.sh"
513
            LogText "Test: Checking if 'ulimit -c 0' exists in ${ROOTDIR}etc/profile or ${ROOTDIR}etc/profile.d/*.sh"
501
            # use tail -1 in the following commands to get the last entry, which is the one that counts (in case of profile.d/ probably counts)
514
            # use tail -1 in the following commands to get the last entry, which is the one that counts (in case of profile.d/ probably counts)
502
            ULIMIT_C_VALUE="$(${GREPBINARY} "ulimit -c " ${ROOTDIR}etc/profile 2> /dev/null | ${SEDBINARY} 's/^ *//g' | ${GREPBINARY} -v "^#" | ${TAILBINARY} -1 | ${CUTBINARY} -d' ' -f3 | ${SEDBINARY} 's/ .*$//g ; s/\([A-Z][a-z]*\)*$//g')"
515
            ULIMIT_C_VALUE="$(${GREPBINARY} "ulimit -c " ${ROOTDIR}etc/profile 2> /dev/null | ${SEDBINARY} 's/^ *//g' | ${GREPBINARY} -v "^#" | ${TAILBINARY} -1 | ${CUTBINARY} -d' ' -f3 | ${SEDBINARY} 's/ .*$//g ; s/\([A-Z][a-z]*\)*$//g')"
503
            ULIMIT_C_VALUE_SUB="$(${FINDBINARY} ${ROOTDIR}etc/profile.d -name "*.sh" -type f -exec ${CAT_BINARY} {} \; 2> /dev/null | ${GREPBINARY} "ulimit -c " | ${SEDBINARY} 's/^ *//g' | ${GREPBINARY} -v "^#" | ${TAILBINARY} -1 | ${CUTBINARY} -d' ' -f3 | ${SEDBINARY} 's/ .*$//g ; s/\([A-Z][a-z]*\)*$//g')"
516
            ULIMIT_C_VALUE_SUB="$(${FINDBINARY} -L ${ROOTDIR}etc/profile.d -name "*.sh" -type f -exec ${CAT_BINARY} {} \; 2> /dev/null | ${GREPBINARY} "ulimit -c " | ${SEDBINARY} 's/^ *//g' | ${GREPBINARY} -v "^#" | ${TAILBINARY} -1 | ${CUTBINARY} -d' ' -f3 | ${SEDBINARY} 's/ .*$//g ; s/\([A-Z][a-z]*\)*$//g')"
504
            if ( [ -n "${ULIMIT_C_VALUE_SUB}" ] && [ "${ULIMIT_C_VALUE_SUB}" = "0" ] ) || ( [ -n "${ULIMIT_C_VALUE}" ] && [ -z "${ULIMIT_C_VALUE_SUB}" ] && [ "${ULIMIT_C_VALUE}" = "0" ] ); then
517
            if ( [ -n "${ULIMIT_C_VALUE_SUB}" ] && [ "${ULIMIT_C_VALUE_SUB}" = "0" ] ) || ( [ -n "${ULIMIT_C_VALUE}" ] && [ -z "${ULIMIT_C_VALUE_SUB}" ] && [ "${ULIMIT_C_VALUE}" = "0" ] ); then
505
                LogText "Result: core dumps are disabled by 'ulimit -c 0' in ${ROOTDIR}etc/profile or ${ROOTDIR}etc/profile.d/*.sh"
518
                LogText "Result: core dumps are disabled by 'ulimit -c 0' in ${ROOTDIR}etc/profile or ${ROOTDIR}etc/profile.d/*.sh"
506
                Display --indent 4 --text "- configuration in etc/profile" --result "${STATUS_DISABLED}" --color GREEN
519
                Display --indent 4 --text "- configuration in etc/profile" --result "${STATUS_DISABLED}" --color GREEN
507
                AddHP 1 1
520
                AddHP 1 1
508
            elif [ -z "${ULIMIT_C_VALUE_SUB}" ] && [ -z "${ULIMIT_C_VALUE}" ]; then
521
            elif [ -z "${ULIMIT_C_VALUE_SUB}" ] && [ -z "${ULIMIT_C_VALUE}" ]; then
509
                LogText "Result: core dumps are not disabled in ${ROOTDIR}etc/profile or ${ROOTDIR}etc/profile.d/*.sh config files. Didn't find setting 'ulimit -c 0'"
522
                LogText "Result: core dumps are not disabled in ${ROOTDIR}etc/profile or ${ROOTDIR}etc/profile.d/*.sh config files. Didn't find setting 'ulimit -c 0'"
510
                Display --indent 4 --text "- configuration in etc/profile" --result "DEFAULT" --color WHITE
523
                Display --indent 4 --text "- configuration in ${ROOTDIR}etc/profile" --result "${STATUS_DEFAULT}" --color WHITE
511
                AddHP 0 1
524
                AddHP 0 1
512
            elif ( [ -n "${ULIMIT_C_VALUE_SUB}" ] && ( [ "${ULIMIT_C_VALUE_SUB}" = "unlimited" ] || [ "${ULIMIT_C_VALUE_SUB}" != "0" ] ) ) || ( [ -n "${ULIMIT_C_VALUE}" ] && [ -z "${ULIMIT_C_VALUE_SUB}" ] && ( [ "${ULIMIT_C_VALUE}" = "unlimited" ] || [ "${ULIMIT_C_VALUE}" != "0" ] ) ); then
525
            elif ( [ -n "${ULIMIT_C_VALUE_SUB}" ] && ( [ "${ULIMIT_C_VALUE_SUB}" = "unlimited" ] || [ "${ULIMIT_C_VALUE_SUB}" != "0" ] ) ) || ( [ -n "${ULIMIT_C_VALUE}" ] && [ -z "${ULIMIT_C_VALUE_SUB}" ] && ( [ "${ULIMIT_C_VALUE}" = "unlimited" ] || [ "${ULIMIT_C_VALUE}" != "0" ] ) ); then
513
                LogText "Result: core dumps are enabled in ${ROOTDIR}etc/profile or ${ROOTDIR}etc/profile.d/*.sh config files. A value higher than 0 is configured for 'ulimit -c'"
526
                LogText "Result: core dumps are enabled in ${ROOTDIR}etc/profile or ${ROOTDIR}etc/profile.d/*.sh config files. A value higher than 0 is configured for 'ulimit -c'"
514
                Display --indent 4 --text "- configuration in etc/profile" --result "${STATUS_ENABLED}" --color RED
527
                Display --indent 4 --text "- configuration in ${ROOTDIR}etc/profile" --result "${STATUS_ENABLED}" --color RED
515
                AddHP 0 1
528
                AddHP 0 1
516
            else
529
            else
517
                LogText "Result: ERROR - something went wrong. Unexpected result during check of ${ROOTDIR}etc/profile and ${ROOTDIR}etc/profile.d/*.sh config files. Please report on Github!"
530
                LogText "Result: ERROR - something went wrong. Unexpected result during check of ${ROOTDIR}etc/profile and ${ROOTDIR}etc/profile.d/*.sh config files. Please report on Github!"
518
                Display --indent 4 --text "- configuration in etc/profile" --result "ERROR" --color YELLOW
531
                Display --indent 4 --text "- configuration in ${ROOTDIR}etc/profile" --result "${STATUS_ERROR}" --color YELLOW
519
            fi
532
            fi
520
        fi
533
        fi
521
        # Limits option
534
        
522
        LogText "Test: Checking presence ${ROOTDIR}etc/security/limits.conf"
535
        # Limits options
523
        if [ -f "${ROOTDIR}etc/security/limits.conf" ]; then
536
        for DIR in "/" "/usr/"; do
524
            LogText "Result: file ${ROOTDIR}etc/security/limits.conf exists"
537
            LogText "Test: Checking presence ${DIR}etc/security/limits.conf"
525
            LogText "Test: Checking if core dumps are disabled in ${ROOTDIR}etc/security/limits.conf and ${LIMITS_DIRECTORY}/*"
538
            if [ -f "${DIR}etc/security/limits.conf" ]; then
526
            # using find instead of grep -r to stay POSIX compliant. On AIX and HPUX grep -r is not available.
539
                LogText "Result: file ${DIR}etc/security/limits.conf exists"
527
            FIND1=$(${FINDBINARY} "${ROOTDIR}etc/security/limits.conf" "${LIMITS_DIRECTORY}" -type f -exec ${CAT_BINARY} {} \; 2> /dev/null | ${GREPBINARY} -v "^$" | ${AWKBINARY} '{ if ($1=="*" && $2=="soft" && $3=="core" && $4=="0") { print "soft core disabled" } else if ($1=="*" && $2=="soft" && $3=="core" && $4!="0") { print "soft core enabled" } }' | ${TAILBINARY} -1)
540
                LogText "Test: Checking if core dumps are disabled in ${DIR}etc/security/limits.conf and ${LIMITS_DIRECTORY}/*"
528
            FIND2=$(${FINDBINARY} "${ROOTDIR}etc/security/limits.conf" "${LIMITS_DIRECTORY}" -type f -exec ${CAT_BINARY} {} \; 2> /dev/null | ${GREPBINARY} -v "^$" | ${AWKBINARY} '{ if ($1=="*" && $2=="hard" && $3=="core" && $4=="0") { print "hard core disabled" } else if ($1=="*" && $2=="hard" && $3=="core" && $4!="0") { print "hard core enabled" } }' | ${TAILBINARY} -1)
541
                # using find instead of grep -r to stay POSIX compliant. On AIX and HPUX grep -r is not available.
529
            FIND3=$(${FINDBINARY} "${ROOTDIR}etc/security/limits.conf" "${LIMITS_DIRECTORY}" -type f -exec ${CAT_BINARY} {} \; 2> /dev/null | ${GREPBINARY} -v "^$" | ${AWKBINARY} '{ if ($1=="*" && $2=="-" && $3=="core" && $4=="0") { print "core dumps disabled" } else if ($1=="*" && $2=="-" && $3=="core" && $4!="0") { print "core dumps enabled" } }' | ${TAILBINARY} -1)
542
                FIND1=$(${FINDBINARY} -L "${DIR}etc/security/limits.conf" "${LIMITS_DIRECTORY}" -type f -exec ${CAT_BINARY} {} \; 2> /dev/null | ${GREPBINARY} -v "^$" | ${AWKBINARY} '{ if ($1=="*" && $2=="soft" && $3=="core" && $4=="0") { print "soft core disabled" } else if ($1=="*" && $2=="soft" && $3=="core" && $4!="0") { print "soft core enabled" } }' | ${TAILBINARY} -1)
543
                FIND2=$(${FINDBINARY} -L "${DIR}etc/security/limits.conf" "${LIMITS_DIRECTORY}" -type f -exec ${CAT_BINARY} {} \; 2> /dev/null | ${GREPBINARY} -v "^$" | ${AWKBINARY} '{ if ($1=="*" && $2=="hard" && $3=="core" && $4=="0") { print "hard core disabled" } else if ($1=="*" && $2=="hard" && $3=="core" && $4!="0") { print "hard core enabled" } }' | ${TAILBINARY} -1)
544
                FIND3=$(${FINDBINARY} -L "${DIR}etc/security/limits.conf" "${LIMITS_DIRECTORY}" -type f -exec ${CAT_BINARY} {} \; 2> /dev/null | ${GREPBINARY} -v "^$" | ${AWKBINARY} '{ if ($1=="*" && $2=="-" && $3=="core" && $4=="0") { print "core dumps disabled" } else if ($1=="*" && $2=="-" && $3=="core" && $4!="0") { print "core dumps enabled" } }' | ${TAILBINARY} -1)
530
545
531
            # When "* - core [value]" is used, then this sets both soft and core. In that case we set the values, as they the type 'hard' and 'soft' will not be present in the configuration file.
546
                # When "* - core [value]" is used, then this sets both soft and core. In that case we set the values, as they the type 'hard' and 'soft' will not be present in the configuration file.
532
            if [ "${FIND3}" = "core dumps disabled" ]; then
547
                if [ "${FIND3}" = "core dumps disabled" ]; then
533
                FIND1="soft core disabled"
548
                    FIND1="soft core disabled"
534
                FIND2="hard core disabled"
549
                    FIND2="hard core disabled"
535
            elif [ "${FIND3}" = "core dumps enabled" ]; then
550
                elif [ "${FIND3}" = "core dumps enabled" ]; then
536
                FIND1="soft core enabled"
551
                    FIND1="soft core enabled"
537
                FIND2="hard core enabled"
552
                    FIND2="hard core enabled"
538
            fi
553
                fi
539
554
540
            IS_SOFTCORE_DISABLED="$(if [ "${FIND1}" = "soft core disabled" ]; then ${ECHOCMD} DISABLED; elif [ "${FIND1}" = "soft core enabled" ]; then ${ECHOCMD} ENABLED; else ${ECHOCMD} DEFAULT; fi)"
555
                IS_SOFTCORE_DISABLED="$(if [ "${FIND1}" = "soft core disabled" ]; then ${ECHOCMD} DISABLED; elif [ "${FIND1}" = "soft core enabled" ]; then ${ECHOCMD} ENABLED; else ${ECHOCMD} ${STATUS_DEFAULT}; fi)"
541
            IS_HARDCORE_DISABLED="$(if [ "${FIND2}" = "hard core disabled" ]; then ${ECHOCMD} DISABLED; elif [ "${FIND2}" = "hard core enabled" ]; then ${ECHOCMD} ENABLED; else ${ECHOCMD} DEFAULT; fi)"
556
                IS_HARDCORE_DISABLED="$(if [ "${FIND2}" = "hard core disabled" ]; then ${ECHOCMD} DISABLED; elif [ "${FIND2}" = "hard core enabled" ]; then ${ECHOCMD} ENABLED; else ${ECHOCMD} ${STATUS_DEFAULT}; fi)"
542
557
543
            if [ "${FIND2}" = "hard core disabled" ]; then
558
                if [ "${FIND2}" = "hard core disabled" ]; then
544
                LogText "Result: core dumps are hard disabled"
559
                    LogText "Result: core dumps are hard disabled"
545
                Display --indent 4 --text "- 'hard' configuration in security/limits.conf" --result "${IS_HARDCORE_DISABLED}" --color "GREEN"
560
                    Display --indent 4 --text "- 'hard' configuration in ${DIR}etc/security/limits.conf" --result "${IS_HARDCORE_DISABLED}" --color "GREEN"
546
                if [ "${FIND1}" = "soft core disabled" ]; then
561
                    if [ "${FIND1}" = "soft core disabled" ]; then
547
                    Display --indent 4 --text "- 'soft' configuration in security/limits.conf" --result "${IS_SOFTCORE_DISABLED}" --color "GREEN"
562
                        Display --indent 4 --text "- 'soft' configuration in ${DIR}etc/security/limits.conf" --result "${IS_SOFTCORE_DISABLED}" --color "GREEN"
563
                    else
564
                        Display --indent 4 --text "- 'soft' config in ${DIR}etc/security/limits.conf (implicit)" --result "${STATUS_DISABLED}" --color "GREEN"
565
                    fi
566
                    AddHP 3 3
567
                elif [ "${FIND1}" = "soft core enabled" ] && [ "${FIND2}" = "hard core enabled" ]; then
568
                    LogText "Result: core dumps (soft and hard) are enabled"
569
                    Display --indent 4 --text "- 'hard' configuration in ${DIR}etc/security/limits.conf" --result "${STATUS_ENABLED}" --color "RED"
570
                    Display --indent 4 --text "- 'soft' configuration in ${DIR}etc/security/limits.conf" --result "${STATUS_ENABLED}" --color "RED"
571
                    ReportSuggestion "${TEST_NO}" "If not required, consider explicit disabling of core dump in /etc/security/limits.conf file"
572
                    AddHP 0 3
573
                elif [ "${FIND1}" = "soft core disabled" ]; then
574
                    LogText "Result: core dumps are disabled for 'soft' ('hard'=${IS_HARDCORE_DISABLED})"
575
                    Display --indent 4 --text "- 'hard' configuration in ${DIR}etc/security/limits.conf" --result "${IS_HARDCORE_DISABLED}" --color "$(if [ "${IS_HARDCORE_DISABLED}" = "ENABLED" ]; then ${ECHOCMD} RED; elif [ "${IS_HARDCORE_DISABLED}" = "DISABLED" ]; then ${ECHOCMD} GREEN; else ${ECHOCMD} WHITE; fi)"
576
                    Display --indent 4 --text "- 'soft' configuration in ${DIR}etc/security/limits.conf" --result "${IS_SOFTCORE_DISABLED}" --color "GREEN"
577
                    AddHP 2 3
578
                elif [ "${FIND1}" = "soft core enabled" ] || [ "${FIND2}" = "hard core enabled" ]; then
579
                    LogText "Result: core dumps are partially enabled ('hard'=${IS_HARDCORE_DISABLED}, 'soft'=${IS_SOFTCORE_DISABLED})"
580
                    Display --indent 4 --text "- 'hard' configuration in ${DIR}etc/security/limits.conf" --result "${IS_HARDCORE_DISABLED}" --color "$(if [ "${IS_HARDCORE_DISABLED}" = "ENABLED" ]; then ${ECHOCMD} RED; elif [ "${IS_HARDCORE_DISABLED}" = "DISABLED" ]; then ${ECHOCMD} GREEN; else ${ECHOCMD} WHITE; fi)"
581
                    Display --indent 4 --text "- 'soft' configuration in ${DIR}etc/security/limits.conf" --result "${IS_SOFTCORE_DISABLED}" --color "$(if [ "${IS_SOFTCORE_DISABLED}" = "ENABLED" ]; then ${ECHOCMD} RED; elif [ "${IS_SOFTCORE_DISABLED}" = "DISABLED" ]; then ${ECHOCMD} GREEN; else ${ECHOCMD} WHITE; fi)"
582
                    AddHP 0 3
548
                else
583
                else
549
                    Display --indent 4 --text "- 'soft' config in security/limits.conf (implicit)" --result "${STATUS_DISABLED}" --color "GREEN"
584
                    LogText "Result: core dumps are not explicitly disabled"
585
                    Display --indent 4 --text "- 'hard' configuration in ${DIR}etc/security/limits.conf" --result "${IS_HARDCORE_DISABLED}" --color "WHITE"
586
                    Display --indent 4 --text "- 'soft' configuration in ${DIR}etc/security/limits.conf" --result "${IS_HARDCORE_DISABLED}" --color "WHITE"
587
                    ReportSuggestion "${TEST_NO}" "If not required, consider explicit disabling of core dump in ${DIR}etc/security/limits.conf file"
588
                    AddHP 1 3
550
                fi
589
                fi
551
                AddHP 3 3
552
            elif [ "${FIND1}" = "soft core enabled" ] && [ "${FIND2}" = "hard core enabled" ]; then
553
                LogText "Result: core dumps (soft and hard) are enabled"
554
                Display --indent 4 --text "- 'hard' configuration in security/limits.conf" --result "${STATUS_ENABLED}" --color "RED"
555
                Display --indent 4 --text "- 'soft' configuration in security/limits.conf" --result "${STATUS_ENABLED}" --color "RED"
556
                ReportSuggestion "${TEST_NO}" "If not required, consider explicit disabling of core dump in /etc/security/limits.conf file"
557
                AddHP 0 3
558
            elif [ "${FIND1}" = "soft core disabled" ]; then
559
                LogText "Result: core dumps are disabled for 'soft' ('hard'=${IS_HARDCORE_DISABLED})"
560
                Display --indent 4 --text "- 'hard' configuration in security/limits.conf" --result "${IS_HARDCORE_DISABLED}" --color "$(if [ "${IS_HARDCORE_DISABLED}" = "ENABLED" ]; then ${ECHOCMD} RED; elif [ "${IS_HARDCORE_DISABLED}" = "DISABLED" ]; then ${ECHOCMD} GREEN; else ${ECHOCMD} WHITE; fi)"
561
                Display --indent 4 --text "- 'soft' configuration in security/limits.conf" --result "${IS_SOFTCORE_DISABLED}" --color "GREEN"
562
                AddHP 2 3
563
            elif [ "${FIND1}" = "soft core enabled" ] || [ "${FIND2}" = "hard core enabled" ]; then
564
                LogText "Result: core dumps are partially enabled ('hard'=${IS_HARDCORE_DISABLED}, 'soft'=${IS_SOFTCORE_DISABLED})"
565
                Display --indent 4 --text "- 'hard' configuration in security/limits.conf" --result "${IS_HARDCORE_DISABLED}" --color "$(if [ "${IS_HARDCORE_DISABLED}" = "ENABLED" ]; then ${ECHOCMD} RED; elif [ "${IS_HARDCORE_DISABLED}" = "DISABLED" ]; then ${ECHOCMD} GREEN; else ${ECHOCMD} WHITE; fi)"
566
                Display --indent 4 --text "- 'soft' configuration in security/limits.conf" --result "${IS_SOFTCORE_DISABLED}" --color "$(if [ "${IS_SOFTCORE_DISABLED}" = "ENABLED" ]; then ${ECHOCMD} RED; elif [ "${IS_SOFTCORE_DISABLED}" = "DISABLED" ]; then ${ECHOCMD} GREEN; else ${ECHOCMD} WHITE; fi)"
567
                AddHP 0 3
568
            else
590
            else
569
                LogText "Result: core dumps are not explicitly disabled"
591
                LogText "Result: file ${DIR}etc/security/limits.conf does not exist, skipping test for this file"
570
                Display --indent 4 --text "- 'hard' configuration in security/limits.conf" --result "${IS_HARDCORE_DISABLED}" --color "WHITE"
571
                Display --indent 4 --text "- 'soft' configuration in security/limits.conf" --result "${IS_HARDCORE_DISABLED}" --color "WHITE"
572
                ReportSuggestion "${TEST_NO}" "If not required, consider explicit disabling of core dump in ${ROOTDIR}etc/security/limits.conf file"
573
                AddHP 1 3
574
            fi
592
            fi
575
        else
593
        done
576
            LogText "Result: file ${ROOTDIR}etc/security/limits.conf does not exist, skipping test"
577
        fi
578
594
579
        # Sysctl option
595
        # Sysctl option
580
        LogText "Test: Checking sysctl value of fs.suid_dumpable"
596
        LogText "Test: Checking sysctl value of fs.suid_dumpable"
Lines 586-603 Link Here
586
        fi
602
        fi
587
        if [ "${FIND}" = "2" ]; then
603
        if [ "${FIND}" = "2" ]; then
588
            LogText "Result: programs can dump core dump, but only readable by root (value 2, for debugging with file protection)"
604
            LogText "Result: programs can dump core dump, but only readable by root (value 2, for debugging with file protection)"
589
            Display --indent 4 --text "- Checking setuid core dumps configuration" --result PROTECTED --color WHITE
605
            Display --indent 4 --text "- Checking setuid core dumps configuration" --result "${STATUS_PROTECTED}" --color WHITE
590
            AddHP 1 1
606
            AddHP 1 1
591
        elif [ "${FIND}" = "1" ]; then
607
        elif [ "${FIND}" = "1" ]; then
592
            LogText "Result: all programs can perform core dumps (value 1, for debugging)"
608
            LogText "Result: all programs can perform core dumps (value 1, for debugging)"
593
            Display --indent 2 --text "- Checking setuid core dumps configuration" --result DEBUG --color YELLOW
609
            Display --indent 2 --text "- Checking setuid core dumps configuration" --result "${STATUS_DEBUG}" --color YELLOW
594
            ReportSuggestion "${TEST_NO}" "Determine if all binaries need to be able to core dump"
610
            ReportSuggestion "${TEST_NO}" "Determine if all binaries need to be able to core dump"
595
            AddHP 0 1
611
            AddHP 0 1
596
        else
612
        else
597
            # 0 - (default) - traditional behaviour. Any process which has changed privilege levels or is execute only will not be dumped
613
            # 0 - (default) - traditional behaviour. Any process which has changed privilege levels or is execute only will not be dumped
598
            # https://www.kernel.org/doc/Documentation/sysctl/fs.txt
614
            # https://www.kernel.org/doc/Documentation/sysctl/fs.txt
599
            LogText "Result: found default option (0), no execute only program or program with changed privilege levels can dump"
615
            LogText "Result: found default option (0), no execute only program or program with changed privilege levels can dump"
600
            Display --indent 4 --text "- Checking setuid core dumps configuration" --result DISABLED --color GREEN
616
            Display --indent 4 --text "- Checking setuid core dumps configuration" --result "${STATUS_DISABLED}" --color GREEN
601
            AddHP 1 1
617
            AddHP 1 1
602
        fi
618
        fi
603
    fi
619
    fi
Lines 609-633 Link Here
609
    Register --test-no KRNL-5830 --os Linux --weight L --network NO --category security --description "Checking if system is running on the latest installed kernel"
625
    Register --test-no KRNL-5830 --os Linux --weight L --network NO --category security --description "Checking if system is running on the latest installed kernel"
610
    if [ ${SKIPTEST} -eq 0 ]; then
626
    if [ ${SKIPTEST} -eq 0 ]; then
611
        REBOOT_NEEDED=2
627
        REBOOT_NEEDED=2
612
        FILE="${ROOTDIR}var/run/reboot-required.pkgs"
628
        for FILE in "${ROOTDIR}var/run/reboot-required.pkgs" "${ROOTDIR}var/run/needs_restarting"
613
        LogText "Test: Checking presence ${FILE}"
629
        do
614
        if [ -f ${FILE} ]; then
630
            LogText "Test: Checking presence ${FILE}"
615
            LogText "Result: file ${FILE} exists"
631
            if [ -f ${FILE} ]; then
616
            FIND=$(${WCBINARY} -l < ${FILE})
632
                LogText "Result: file ${FILE} exists"
617
            if [ "${FIND}" = "0" ]; then
633
                FIND=$(${WCBINARY} -l < ${FILE})
618
                LogText "Result: No reboot needed (file empty)"
634
                if [ "${FIND}" = "0" ]; then
619
                REBOOT_NEEDED=0
635
                    LogText "Result: No reboot needed (file empty)"
636
                    REBOOT_NEEDED=0
637
                    break
638
                else
639
                    PKGSCOUNT=$(${WCBINARY} -l < ${FILE})
640
                    LogText "Result: reboot is needed, related to ${PKGSCOUNT} packages"
641
                    for I in ${FIND}; do
642
                        LogText "Package: ${I}"
643
                    done
644
                    REBOOT_NEEDED=1
645
                    break
646
                fi
620
            else
647
            else
621
                PKGSCOUNT=$(${WCBINARY} -l < ${FILE})
648
                LogText "Result: file ${FILE} not found"
622
                LogText "Result: reboot is needed, related to ${PKGSCOUNT} packages"
623
                for I in ${FIND}; do
624
                    LogText "Package: ${I}"
625
                done
626
                REBOOT_NEEDED=1
627
            fi
649
            fi
628
        else
650
        done
629
            LogText "Result: file ${FILE} not found"
630
        fi
631
651
632
        # Check if /boot exists
652
        # Check if /boot exists
633
        if [ -d "${ROOTDIR}boot" ]; then
653
        if [ -d "${ROOTDIR}boot" ]; then
Lines 657-671 Link Here
657
                        ReportException "${TEST_NO}:1" "Can't determine kernel version on disk, need debug data"
677
                        ReportException "${TEST_NO}:1" "Can't determine kernel version on disk, need debug data"
658
                    fi
678
                    fi
659
                elif [ -f ${ROOTDIR}boot/vmlinuz-linux ] || [ -f ${ROOTDIR}boot/vmlinuz-linux-lts ] || [ -f "$(${LSBINARY} -t ${ROOTDIR}boot/vm[l0-9]* 2> /dev/null | ${HEADBINARY} -1)" ]; then
679
                elif [ -f ${ROOTDIR}boot/vmlinuz-linux ] || [ -f ${ROOTDIR}boot/vmlinuz-linux-lts ] || [ -f "$(${LSBINARY} -t ${ROOTDIR}boot/vm[l0-9]* 2> /dev/null | ${HEADBINARY} -1)" ]; then
660
                    if [ -f ${ROOTDIR}boot/vmlinuz-linux ]; then
680
                    if [ -f ${ROOTDIR}boot/vmlinuz ]; then
681
                          LogText "Result: found ${ROOTDIR}boot/vmlinuz"
682
                          FOUND_VMLINUZ=${ROOTDIR}boot/vmlinuz
683
                    elif [ -f ${ROOTDIR}boot/vmlinuz-linux ]; then
661
                        LogText "Result: found ${ROOTDIR}boot/vmlinuz-linux"
684
                        LogText "Result: found ${ROOTDIR}boot/vmlinuz-linux"
662
                        FOUND_VMLINUZ=${ROOTDIR}boot/vmlinuz-linux
685
                        FOUND_VMLINUZ=${ROOTDIR}boot/vmlinuz-linux
663
                    elif [ -f ${ROOTDIR}boot/vmlinuz-linux-lts ]; then
686
                    elif [ -f ${ROOTDIR}boot/vmlinuz-linux-lts ]; then
664
                        LogText "Result: found ${ROOTDIR}boot/vmlinuz-linux-lts"
687
                        LogText "Result: found ${ROOTDIR}boot/vmlinuz-linux-lts"
665
                        FOUND_VMLINUZ=${ROOTDIR}boot/vmlinuz-linux-lts
688
                        FOUND_VMLINUZ=${ROOTDIR}boot/vmlinuz-linux-lts
689
                    elif [ -f ${ROOTDIR}boot/vmlinuz-lts ]; then
690
                        LogText "Result: found ${ROOTDIR}boot/vmlinuz-lts"
691
                        FOUND_VMLINUZ=${ROOTDIR}boot/vmlinuz-lts
666
                    else
692
                    else
667
                        # Match on /boot/vm5.3.7 or /boot/vmlinuz-5.3.7-1-default
693
                        # Match on items like /boot/vm5.3.7 or /boot/vmlinuz-5.3.7-1-default. Sort based on versions (-v) and then find the last item
668
                        FOUND_VMLINUZ=$(${LSBINARY} -t ${ROOTDIR}boot/vm[l0-9]* 2> /dev/null | ${HEADBINARY} -1)
694
                        # Note: ignore a rescue kernel (e.g. CentOS)
695
                        FOUND_VMLINUZ=$(${LSBINARY} -v ${ROOTDIR}boot/vm[l0-9]* 2> /dev/null | ${GREPBINARY} -v '\-rescue\-' | ${TAILBINARY} -1)
669
                        LogText "Result: found ${FOUND_VMLINUZ}"
696
                        LogText "Result: found ${FOUND_VMLINUZ}"
670
                    fi
697
                    fi
671
698
Lines 674-683 Link Here
674
                        LogText "Result: found a symlink, retrieving destination"
701
                        LogText "Result: found a symlink, retrieving destination"
675
                        FOUND_VMLINUZ=$(readlink "${FOUND_VMLINUZ}")
702
                        FOUND_VMLINUZ=$(readlink "${FOUND_VMLINUZ}")
676
                        LogText "Result: destination file is ${FOUND_VMLINUZ}"
703
                        LogText "Result: destination file is ${FOUND_VMLINUZ}"
677
                        VERSION_ON_DISK=$(echo ${FOUND_VMLINUZ} | ${SEDBINARY} 's/^vmlinuz-//')
704
                        VERSION_ON_DISK=$(echo ${FOUND_VMLINUZ} | ${SEDBINARY} 's#^/boot/##' | ${SEDBINARY} 's/^vmlinuz-//')
678
                        LogText "Result: version derived from file name is '${VERSION_ON_DISK}'"
705
                        LogText "Result: version derived from file name is '${VERSION_ON_DISK}'"
706
                    elif [ -f "${FOUND_VMLINUZ}" ]; then
707
                        VERSION_ON_DISK=$(echo ${FOUND_VMLINUZ} | ${SEDBINARY} 's#^/boot/##' | ${SEDBINARY} 's/^vmlinuz-//' | ${SEDBINARY} '$s/-\?\(linux\)\?-\?\(lts\)\?//')
708
                        LogText "Result: version derived from file name is '${VERSION_ON_DISK}'"
709
679
                    fi
710
                    fi
680
711
712
                    # Data check: perform reset if we found a version but looks incomplete
713
                    # Example: Arch Linux will return only 'linux' as its version after it discovered /boot/vmlinuz-linux
714
                    case ${VERSION_ON_DISK} in
715
                        "linux" | "linux-lts")
716
                            LogText "Result: reset of version (${VERSION_ON_DISK}) as it looks incomplete"
717
                            VERSION_ON_DISK=""
718
                        ;;
719
                    esac
720
721
                    # If we did not find the version yet, see if we can extract it from the magic data that 'file' returns
681
                    if [ -z "${VERSION_ON_DISK}" ]; then
722
                    if [ -z "${VERSION_ON_DISK}" ]; then
682
                        LogText "Test: checking kernel version on disk"
723
                        LogText "Test: checking kernel version on disk"
683
                        NEXTLINE=0
724
                        NEXTLINE=0
Lines 693-698 Link Here
693
                        done
734
                        done
694
                    fi
735
                    fi
695
736
737
                    # Last check if we finally got a version or not
696
                    if [ -z "${VERSION_ON_DISK}" ]; then
738
                    if [ -z "${VERSION_ON_DISK}" ]; then
697
                        LogText "Result: could not find the version on disk"
739
                        LogText "Result: could not find the version on disk"
698
                        ReportException "${TEST_NO}:4" "Could not find the kernel version"
740
                        ReportException "${TEST_NO}:4" "Could not find the kernel version"
Lines 724-729 Link Here
724
                        done
766
                        done
725
                        # Display kernels, extract version numbers and ${SORTBINARY} them numeric per column (up to 6 numbers)
767
                        # Display kernels, extract version numbers and ${SORTBINARY} them numeric per column (up to 6 numbers)
726
                        # Ignore rescue images. Remove generic. and huge. for Slackware machines
768
                        # Ignore rescue images. Remove generic. and huge. for Slackware machines
769
                        # TODO: see if this can be simplified using ls -v sorting
727
                        LogText "Action: checking relevant kernels"
770
                        LogText "Action: checking relevant kernels"
728
                        KERNELS=$(${LSBINARY} /boot/vmlinuz* | ${GREPBINARY} -v rescue | ${SEDBINARY} 's/vmlinuz-//' | ${SEDBINARY} 's/generic.//' | ${SEDBINARY} 's/huge.//' | ${SEDBINARY} 's/\.[a-z].*.//g' | ${SEDBINARY} 's/-[a-z].*.//g' | ${SEDBINARY} 's./boot/..' | ${SEDBINARY} 's/-/./g' | ${SORTBINARY} -n -k1,1 -k2,2 -k3,3 -k4,4 -k5,5 -k6,6 -t \.)
771
                        KERNELS=$(${LSBINARY} /boot/vmlinuz* | ${GREPBINARY} -v rescue | ${SEDBINARY} 's/vmlinuz-//' | ${SEDBINARY} 's/generic.//' | ${SEDBINARY} 's/huge.//' | ${SEDBINARY} 's/\.[a-z].*.//g' | ${SEDBINARY} 's/-[a-z].*.//g' | ${SEDBINARY} 's./boot/..' | ${SEDBINARY} 's/-/./g' | ${SORTBINARY} -n -k1,1 -k2,2 -k3,3 -k4,4 -k5,5 -k6,6 -t \.)
729
                        KERNELS_ONE_LINE=$(${ECHOCMD} ${KERNELS} | ${TRBINARY} '\n' ' ')
772
                        KERNELS_ONE_LINE=$(${ECHOCMD} ${KERNELS} | ${TRBINARY} '\n' ' ')
Lines 776-782 Link Here
776
        # Attempt to check for Raspbian if reboot is needed
819
        # Attempt to check for Raspbian if reboot is needed
777
        # This check searches for apt package "raspberrypi-kernel-[package-date]", trys to extract the date of packaging from the filename
820
        # This check searches for apt package "raspberrypi-kernel-[package-date]", trys to extract the date of packaging from the filename
778
        # and compares that date with the currently running kernel's build date (uname -v).
821
        # and compares that date with the currently running kernel's build date (uname -v).
779
        # Of course there can be a time difference between kernel build and kernel packaging, therefor a time difference of
822
        # Of course there can be a time difference between kernel build and kernel packaging, therefore a time difference of
780
        # 3 days is accepted and it is assumed with only 3 days apart, this must be the same kernel version.
823
        # 3 days is accepted and it is assumed with only 3 days apart, this must be the same kernel version.
781
        if [ ${REBOOT_NEEDED} -eq 2 ] && [ -d "${APT_ARCHIVE_DIRECTORY}" ]; then
824
        if [ ${REBOOT_NEEDED} -eq 2 ] && [ -d "${APT_ARCHIVE_DIRECTORY}" ]; then
782
            LogText "Result: found folder ${APT_ARCHIVE_DIRECTORY}; assuming this is a debian based distribution"
825
            LogText "Result: found folder ${APT_ARCHIVE_DIRECTORY}; assuming this is a debian based distribution"
Lines 894-897 Link Here
894
937
895
#
938
#
896
#================================================================================
939
#================================================================================
897
# Lynis - Copyright 2007-2020, CISOfy - https://cisofy.com
940
# Lynis - Copyright 2007-2021, CISOfy - https://cisofy.com
(-)lynis-3.0.0/include/tests_kernel_hardening (-4 / +4 lines)
Lines 6-12 Link Here
6
# ------------------
6
# ------------------
7
#
7
#
8
# Copyright 2007-2013, Michael Boelen
8
# Copyright 2007-2013, Michael Boelen
9
# Copyright 2007-2020, CISOfy
9
# Copyright 2007-2021, CISOfy
10
#
10
#
11
# Website  : https://cisofy.com
11
# Website  : https://cisofy.com
12
# Blog     : http://linux-audit.com
12
# Blog     : http://linux-audit.com
Lines 22-34 Link Here
22
#
22
#
23
#################################################################################
23
#################################################################################
24
#
24
#
25
    InsertSection "Kernel Hardening"
25
    InsertSection "${SECTION_KERNEL_HARDENING}"
26
#
26
#
27
#################################################################################
27
#################################################################################
28
#
28
#
29
    # Test        : KRNL-6000
29
    # Test        : KRNL-6000
30
    # Description : Check sysctl parameters
30
    # Description : Check sysctl parameters
31
    # Sysctl      : net.ipv4.icmp_ingore_bogus_error_responses (=1)
31
    # Sysctl      : net.ipv4.icmp_ignore_bogus_error_responses (=1)
32
    if [ ! "${SYSCTL_READKEY}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
32
    if [ ! "${SYSCTL_READKEY}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
33
    Register --test-no KRNL-6000 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check sysctl key pairs in scan profile"
33
    Register --test-no KRNL-6000 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check sysctl key pairs in scan profile"
34
    if [ ${SKIPTEST} -eq 0 ]; then
34
    if [ ${SKIPTEST} -eq 0 ]; then
Lines 89-95 Link Here
89
                        AddHP ${tFINDhp} ${tFINDhp}
89
                        AddHP ${tFINDhp} ${tFINDhp}
90
                    else
90
                    else
91
                        LogText "Result: sysctl key ${tFINDkey} has a different value than expected in scan profile. Expected=${tFINDexpvalue}, Real=${tFINDcurvalue}"
91
                        LogText "Result: sysctl key ${tFINDkey} has a different value than expected in scan profile. Expected=${tFINDexpvalue}, Real=${tFINDcurvalue}"
92
                        Display --indent 4 --text "- ${tFINDkey} (exp: ${tFINDexpvalue})" --result DIFFERENT --color RED
92
                        Display --indent 4 --text "- ${tFINDkey} (exp: ${tFINDexpvalue})" --result "${STATUS_DIFFERENT}" --color RED
93
                        AddHP 0 ${tFINDhp}
93
                        AddHP 0 ${tFINDhp}
94
                        FOUND=1
94
                        FOUND=1
95
                        N=$((N + 1))
95
                        N=$((N + 1))
(-)lynis-3.0.0/include/tests_ldap (-2 / +2 lines)
Lines 6-12 Link Here
6
# ------------------
6
# ------------------
7
#
7
#
8
# Copyright 2007-2013, Michael Boelen
8
# Copyright 2007-2013, Michael Boelen
9
# Copyright 2007-2020, CISOfy
9
# Copyright 2007-2021, CISOfy
10
#
10
#
11
# Website  : https://cisofy.com
11
# Website  : https://cisofy.com
12
# Blog     : http://linux-audit.com
12
# Blog     : http://linux-audit.com
Lines 22-28 Link Here
22
#
22
#
23
#################################################################################
23
#################################################################################
24
#
24
#
25
    InsertSection "LDAP Services"
25
    InsertSection "${SECTION_LDAP_SERVICES}"
26
#
26
#
27
#################################################################################
27
#################################################################################
28
#
28
#
(-)lynis-3.0.0/include/tests_logging (-9 / +38 lines)
Lines 6-12 Link Here
6
# ------------------
6
# ------------------
7
#
7
#
8
# Copyright 2007-2013, Michael Boelen
8
# Copyright 2007-2013, Michael Boelen
9
# Copyright 2007-2020, CISOfy
9
# Copyright 2007-2021, CISOfy
10
#
10
#
11
# Website  : https://cisofy.com
11
# Website  : https://cisofy.com
12
# Blog     : http://linux-audit.com
12
# Blog     : http://linux-audit.com
Lines 28-34 Link Here
28
    METALOG_RUNNING=0
28
    METALOG_RUNNING=0
29
    RFC3195D_RUNNING=0
29
    RFC3195D_RUNNING=0
30
    RSYSLOG_RUNNING=0
30
    RSYSLOG_RUNNING=0
31
    SOLARIS_LOGHOST=""
31
    SOLARIS_LOGHOST_FOUND=0
32
    SOLARIS_LOGHOST_FOUND=0
33
    SOLARIS_LOGHOST_LOCALHOST=0
32
    SYSLOG_DAEMON_PRESENT=0
34
    SYSLOG_DAEMON_PRESENT=0
33
    SYSLOG_DAEMON_RUNNING=0
35
    SYSLOG_DAEMON_RUNNING=0
34
    SYSLOG_NG_RUNNING=0
36
    SYSLOG_NG_RUNNING=0
Lines 36-42 Link Here
36
#
38
#
37
#################################################################################
39
#################################################################################
38
#
40
#
39
    InsertSection "Logging and files"
41
    InsertSection "${SECTION_LOGGING_AND_FILES}"
40
42
41
    # Test        : LOGG-2130
43
    # Test        : LOGG-2130
42
    # Description : Check for a running syslog daemon
44
    # Description : Check for a running syslog daemon
Lines 175-188 Link Here
175
#
177
#
176
    # Test        : LOGG-2138
178
    # Test        : LOGG-2138
177
    # Description : Check for kernel log daemon (klogd) presence on Linux systems
179
    # Description : Check for kernel log daemon (klogd) presence on Linux systems
178
    # Notes       : * When using rsyslog or systemd (systemd-journal), this process is not needed.
180
    # Notes       : * When using metalog, rsyslog or systemd (systemd-journal), this process is not needed.
179
    #               * In combination with syslog-ng, klogd is still an addition to it, since it
181
    #               * In combination with syslog-ng, klogd is still an addition to it, since it
180
    #                 captures kernel related events and send them to syslog-ng.
182
    #                 captures kernel related events and send them to syslog-ng.
181
    #               * This test should be below all other logging daemons
183
    #               * This test should be below all other logging daemons
182
    Register --test-no LOGG-2138 --os Linux --weight L --network NO --category security --description "Checking kernel logger daemon on Linux"
184
    Register --test-no LOGG-2138 --os Linux --weight L --network NO --category security --description "Checking kernel logger daemon on Linux"
183
    if [ ${SKIPTEST} -eq 0 ]; then
185
    if [ ${SKIPTEST} -eq 0 ]; then
184
        LogText "Test: Searching kernel logger daemon (klogd)"
186
        LogText "Test: Searching kernel logger daemon (klogd)"
185
        if [ ${RSYSLOG_RUNNING} -eq 0 -a ${SYSTEMD_JOURNAL_RUNNING} -eq 0 ]; then
187
        if [ ${RSYSLOG_RUNNING} -eq 0 ] && [ ${SYSTEMD_JOURNAL_RUNNING} -eq 0 ] && [ ${METALOG_RUNNING} -eq 0 ]; then
186
            # Search for klogd, but ignore other lines related to klogd (like dd with input/output file)
188
            # Search for klogd, but ignore other lines related to klogd (like dd with input/output file)
187
            #FIND=$(${PSBINARY} ax | ${GREPBINARY} "klogd" | ${GREPBINARY} -v "dd" | ${GREPBINARY} -v "grep")
189
            #FIND=$(${PSBINARY} ax | ${GREPBINARY} "klogd" | ${GREPBINARY} -v "dd" | ${GREPBINARY} -v "grep")
188
            if IsRunning "klogd"; then
190
            if IsRunning "klogd"; then
Lines 305-310 Link Here
305
        LogText "Result: Checking for loghost in /etc/inet/hosts"
307
        LogText "Result: Checking for loghost in /etc/inet/hosts"
306
        FIND=$(${GREPBINARY} loghost /etc/inet/hosts | ${GREPBINARY} -v "^#")
308
        FIND=$(${GREPBINARY} loghost /etc/inet/hosts | ${GREPBINARY} -v "^#")
307
        if [ -n "${FIND}" ]; then
309
        if [ -n "${FIND}" ]; then
310
            SOLARIS_LOGHOST="${FIND}"
308
            SOLARIS_LOGHOST_FOUND=1
311
            SOLARIS_LOGHOST_FOUND=1
309
            LogText "Result: Found loghost entry in /etc/inet/hosts"
312
            LogText "Result: Found loghost entry in /etc/inet/hosts"
310
        else
313
        else
Lines 314-319 Link Here
314
            LogText "Result: Checking for loghost via name resolving"
317
            LogText "Result: Checking for loghost via name resolving"
315
            FIND=$(getent hosts loghost | ${GREPBINARY} loghost)
318
            FIND=$(getent hosts loghost | ${GREPBINARY} loghost)
316
            if [ -n "${FIND}" ]; then
319
            if [ -n "${FIND}" ]; then
320
                SOLARIS_LOGHOST="${FIND}"
317
                SOLARIS_LOGHOST_FOUND=1
321
                SOLARIS_LOGHOST_FOUND=1
318
                LogText "Result: name resolving was successful"
322
                LogText "Result: name resolving was successful"
319
                LogText "Output: ${FIND}"
323
                LogText "Output: ${FIND}"
Lines 335-340 Link Here
335
#
339
#
336
#################################################################################
340
#################################################################################
337
#
341
#
342
    # Test        : LOGG-2153
343
    # Description : Check Solaris 'loghost' entry is not localhost, meaning
344
    #               remote logging is not configured.
345
    if [ ${SOLARIS_LOGHOST_FOUND} -eq 1 ] && [ -n "${SOLARIS_LOGHOST}" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
346
    Register --test-no LOGG-2153 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Checking loghost is localhost"
347
    if [ ${SKIPTEST} -eq 0 ]; then
348
        FIND=$(echo "${SOLARIS_LOGHOST}" | ${AWKBINARY} '{ print $1 }' | ${EGREPBINARY} "::1|127.0.0.1|127.1")
349
        if [ -n "${FIND}" ]; then
350
            SOLARIS_LOGHOST_LOCALHOST=1
351
            LogText "Result: loghost entry is localhost (default)"
352
            Display --indent 4 --text "- Checking loghost entry is localhost" --result "${STATUS_YES}" --color YELLOW
353
            ReportSuggestion "${TEST_NO}" "Set loghost entry to a remote location to enable remote logging."
354
        else
355
            Display --indent 4 --text "- Checking loghost entry is localhost" --result "${STATUS_NO}" --color GREEN
356
        fi
357
    fi
358
359
#
360
#################################################################################
361
#
338
    # Test        : LOGG-2154
362
    # Test        : LOGG-2154
339
    # Description : Check to see if remote logging is enabled
363
    # Description : Check to see if remote logging is enabled
340
    # Notes       : prevent lines showing up with commands in it (like |mail)
364
    # Notes       : prevent lines showing up with commands in it (like |mail)
Lines 363-369 Link Here
363
            fi
387
            fi
364
            TARGET="${ROOTDIR}etc/rsyslog.d"
388
            TARGET="${ROOTDIR}etc/rsyslog.d"
365
            if [ -d ${TARGET} ]; then
389
            if [ -d ${TARGET} ]; then
366
                FILES=$(${FINDBINARY} ${TARGET} -type f -print0 | ${TRBINARY} -cd '[:print:]\0' | ${SEDBINARY} 's/[[:blank:]]/:space:/g' | ${TRBINARY} '\0' ' ')
390
                FILES=$(${FINDBINARY} -L ${TARGET} -type f -print0 | ${TRBINARY} -cd '[:print:]\0' | ${SEDBINARY} 's/[[:blank:]]/:space:/g' | ${TRBINARY} '\0' ' ')
367
                for F in ${FILES}; do
391
                for F in ${FILES}; do
368
                    F=$(echo ${F} | ${SEDBINARY} 's/:space:/ /g')
392
                    F=$(echo ${F} | ${SEDBINARY} 's/:space:/ /g')
369
                    LogText "Test: analyzing file ${F} for remote target"
393
                    LogText "Test: analyzing file ${F} for remote target"
Lines 402-409 Link Here
402
            LogText "Test: check if logs are also logged to a remote logging host"
426
            LogText "Test: check if logs are also logged to a remote logging host"
403
            FIND=$(${EGREPBINARY} "@[a-zA-Z0-9]|destination\s.+(udp|tcp).+\sport" ${SYSLOGD_CONF} | ${GREPBINARY} -v "^#" | ${GREPBINARY} -v "[a-zA-Z0-9]@")
427
            FIND=$(${EGREPBINARY} "@[a-zA-Z0-9]|destination\s.+(udp|tcp).+\sport" ${SYSLOGD_CONF} | ${GREPBINARY} -v "^#" | ${GREPBINARY} -v "[a-zA-Z0-9]@")
404
            if [ -n "${FIND}" ]; then
428
            if [ -n "${FIND}" ]; then
405
                LogText "Result: remote logging enabled"
429
                FIND2=$(echo "${FIND}" | ${GREPBINARY} -v "@loghost")
406
                REMOTE_LOGGING_ENABLED=1
430
                if [ ${SOLARIS_LOGHOST_LOCALHOST} -eq 1 ] && [ -z "${FIND2}" ]; then
431
                    LogText "Result: remote logging enabled to loghost, but loghost is localhost"
432
                else
433
                    LogText "Result: remote logging enabled"
434
                    REMOTE_LOGGING_ENABLED=1
435
                fi
407
            else
436
            else
408
                # Search for configured destinations with an IP address or hostname, then determine which ones are used as a log destination
437
                # Search for configured destinations with an IP address or hostname, then determine which ones are used as a log destination
409
                DESTINATIONS=$(${GREPBINARY} "^destination" ${SYSLOGD_CONF} | ${EGREPBINARY} "(udp|tcp)" | ${GREPBINARY} "port" | ${AWKBINARY} '{print $2}')
438
                DESTINATIONS=$(${GREPBINARY} "^destination" ${SYSLOGD_CONF} | ${EGREPBINARY} "(udp|tcp)" | ${GREPBINARY} "port" | ${AWKBINARY} '{print $2}')
Lines 423-429 Link Here
423
            LogText "Result: no remote logging found"
452
            LogText "Result: no remote logging found"
424
            ReportSuggestion "${TEST_NO}" "Enable logging to an external logging host for archiving purposes and additional protection"
453
            ReportSuggestion "${TEST_NO}" "Enable logging to an external logging host for archiving purposes and additional protection"
425
            AddHP 1 3
454
            AddHP 1 3
426
            Display --indent 2 --text "- Checking remote logging" --result "NOT ENABLED" --color YELLOW
455
            Display --indent 2 --text "- Checking remote logging" --result "${STATUS_NOT_ENABLED}" --color YELLOW
427
        else
456
        else
428
            Report "remote_syslog_configured=1"
457
            Report "remote_syslog_configured=1"
429
            AddHP 5 5
458
            AddHP 5 5
Lines 550-556 Link Here
550
                LogText "Found deleted file: ${I}"
579
                LogText "Found deleted file: ${I}"
551
                Report "deleted_file[]=${I}"
580
                Report "deleted_file[]=${I}"
552
            done
581
            done
553
            Display --indent 2 --text "- Checking deleted files in use" --result "FILES FOUND" --color YELLOW
582
            Display --indent 2 --text "- Checking deleted files in use" --result "${STATUS_FILES_FOUND}" --color YELLOW
554
            ReportSuggestion "${TEST_NO}" "Check what deleted files are still in use and why."
583
            ReportSuggestion "${TEST_NO}" "Check what deleted files are still in use and why."
555
        else
584
        else
556
            LogText "Result: no deleted files found"
585
            LogText "Result: no deleted files found"
(-)lynis-3.0.0/include/tests_mac_frameworks (-7 / +7 lines)
Lines 6-12 Link Here
6
# ------------------
6
# ------------------
7
#
7
#
8
# Copyright 2007-2013, Michael Boelen
8
# Copyright 2007-2013, Michael Boelen
9
# Copyright 2007-2020, CISOfy
9
# Copyright 2007-2021, CISOfy
10
#
10
#
11
# Website  : https://cisofy.com
11
# Website  : https://cisofy.com
12
# Blog     : http://linux-audit.com
12
# Blog     : http://linux-audit.com
Lines 24-30 Link Here
24
    SELINUXFOUND=0
24
    SELINUXFOUND=0
25
    TOMOYOFOUND=0
25
    TOMOYOFOUND=0
26
26
27
    InsertSection "Security frameworks"
27
    InsertSection "${SECTION_SECURITY_FRAMEWORKS}"
28
#
28
#
29
#################################################################################
29
#################################################################################
30
#
30
#
Lines 76-82 Link Here
76
                    Report "apparmor_policy_loaded=1"
76
                    Report "apparmor_policy_loaded=1"
77
                    AddHP 3 3
77
                    AddHP 3 3
78
                    # ignore kernel threads (Parent PID = 2 [kthreadd])
78
                    # ignore kernel threads (Parent PID = 2 [kthreadd])
79
                    NUNCONFINED=$(${PSBINARY} -N --ppid 2 -o label | ${GREPBINARY} '^unconfined' | ${WCBINARY} --lines)
79
                    NUNCONFINED=$(${PSBINARY} -N --ppid 2 -o label | ${GREPBINARY} '^unconfined' | ${WCBINARY} -l)
80
                    Display --indent 8 --text "Found ${NUNCONFINED} unconfined processes"
80
                    Display --indent 8 --text "Found ${NUNCONFINED} unconfined processes"
81
                    for PROCESS in $(${PSBINARY} -N --ppid 2 -o label:1,pid,comm | ${GREPBINARY} '^unconfined' | ${TRBINARY} ' ' ':'); do
81
                    for PROCESS in $(${PSBINARY} -N --ppid 2 -o label:1,pid,comm | ${GREPBINARY} '^unconfined' | ${TRBINARY} ' ' ':'); do
82
                        LogText "Result: Unconfined process: ${PROCESS}"
82
                        LogText "Result: Unconfined process: ${PROCESS}"
Lines 159-171 Link Here
159
            fi
159
            fi
160
            Display --indent 8 --text "Current SELinux mode: ${FIND}"
160
            Display --indent 8 --text "Current SELinux mode: ${FIND}"
161
            PERMISSIVE=$(${SEMANAGEBINARY} permissive --list --noheading | ${TRBINARY} '\n' ' ')
161
            PERMISSIVE=$(${SEMANAGEBINARY} permissive --list --noheading | ${TRBINARY} '\n' ' ')
162
            NPERMISSIVE=$(${SEMANAGEBINARY} permissive --list --noheading | ${WCBINARY} --lines)
162
            NPERMISSIVE=$(${SEMANAGEBINARY} permissive --list --noheading | ${WCBINARY} -l)
163
            Display --indent 8 --text "Found ${NPERMISSIVE} permissive SELinux object types"
163
            Display --indent 8 --text "Found ${NPERMISSIVE} permissive SELinux object types"
164
            LogText "Permissive SELinux object types: ${PERMISSIVE}"
164
            LogText "Permissive SELinux object types: ${PERMISSIVE}"
165
            UNCONFINED=$(${PSBINARY} -eo label,pid,command | ${GREPBINARY} '[u]nconfined_t' | ${TRBINARY} '\n' ' ')
165
            UNCONFINED=$(${PSBINARY} -eo label,pid,command | ${GREPBINARY} '[u]nconfined_t' | ${TRBINARY} '\n' ' ')
166
            INITRC=$(${PSBINARY} -eo label,pid,command | ${GREPBINARY} '[i]nitrc_t' | ${TRBINARY} '\n' ' ')
166
            INITRC=$(${PSBINARY} -eo label,pid,command | ${GREPBINARY} '[i]nitrc_t' | ${TRBINARY} '\n' ' ')
167
            NUNCONFINED=$(${PSBINARY} -eo label | ${GREPBINARY} '[u]nconfined_t' | ${WCBINARY} --lines)
167
            NUNCONFINED=$(${PSBINARY} -eo label | ${GREPBINARY} '[u]nconfined_t' | ${WCBINARY} -l)
168
            NINITRC=$(${PSBINARY} -eo label | ${GREPBINARY} '[i]nitrc_t' | ${WCBINARY} --lines)
168
            NINITRC=$(${PSBINARY} -eo label | ${GREPBINARY} '[i]nitrc_t' | ${WCBINARY} -l)
169
            Display --indent 8 --text "Found ${NUNCONFINED} unconfined and ${NINITRC} initrc_t processes"
169
            Display --indent 8 --text "Found ${NUNCONFINED} unconfined and ${NINITRC} initrc_t processes"
170
            LogText "Unconfined processes: ${UNCONFINED}"
170
            LogText "Unconfined processes: ${UNCONFINED}"
171
            LogText "Processes with initrc_t type: ${INITRC}"
171
            LogText "Processes with initrc_t type: ${INITRC}"
Lines 207-213 Link Here
207
            Display --indent 4 --text "- Checking TOMOYO Linux status" --result "${STATUS_ENABLED}" --color GREEN
207
            Display --indent 4 --text "- Checking TOMOYO Linux status" --result "${STATUS_ENABLED}" --color GREEN
208
            Report "tomoyo_enabled=1"
208
            Report "tomoyo_enabled=1"
209
            if [ ! -z ${TOMOYOPSTREEBINARY} ]; then
209
            if [ ! -z ${TOMOYOPSTREEBINARY} ]; then
210
                NUNCONFINED=$(${TOMOYOPSTREEBINARY} | ${GREPBINARY} -v '^  3 ' | ${WCBINARY} --lines)
210
                NUNCONFINED=$(${TOMOYOPSTREEBINARY} | ${GREPBINARY} -v '^  3 ' | ${WCBINARY} -l)
211
                Display --indent 8 --text "Found ${NUNCONFINED} unconfined (not profile 3) processes"
211
                Display --indent 8 --text "Found ${NUNCONFINED} unconfined (not profile 3) processes"
212
                for PROCESS in $(${TOMOYOPSTREEBINARY} | ${GREPBINARY} -v '^  3 ' | ${SEDBINARY} -e 's/+-//g' -e 's/^ *//g' -e 's/ \+/:/g' | ${SORTBINARY}); do
212
                for PROCESS in $(${TOMOYOPSTREEBINARY} | ${GREPBINARY} -v '^  3 ' | ${SEDBINARY} -e 's/+-//g' -e 's/^ *//g' -e 's/ \+/:/g' | ${SORTBINARY}); do
213
                    LogText "Result: Unconfined process: ${PROCESS}"
213
                    LogText "Result: Unconfined process: ${PROCESS}"
(-)lynis-3.0.0/include/tests_mail_messaging (-2 / +2 lines)
Lines 6-12 Link Here
6
# ------------------
6
# ------------------
7
#
7
#
8
# Copyright 2007-2013, Michael Boelen
8
# Copyright 2007-2013, Michael Boelen
9
# Copyright 2007-2020, CISOfy
9
# Copyright 2007-2021, CISOfy
10
#
10
#
11
# Website  : https://cisofy.com
11
# Website  : https://cisofy.com
12
# Blog     : http://linux-audit.com
12
# Blog     : http://linux-audit.com
Lines 22-28 Link Here
22
#
22
#
23
#################################################################################
23
#################################################################################
24
#
24
#
25
    InsertSection "Software: e-mail and messaging"
25
    InsertSection "${SECTION_EMAIL_AND_MESSAGING}"
26
#
26
#
27
#################################################################################
27
#################################################################################
28
#
28
#
(-)lynis-3.0.0/include/tests_malware (-24 / +109 lines)
Lines 6-12 Link Here
6
# ------------------
6
# ------------------
7
#
7
#
8
# Copyright 2007-2013, Michael Boelen
8
# Copyright 2007-2013, Michael Boelen
9
# Copyright 2007-2020, CISOfy
9
# Copyright 2007-2021, CISOfy
10
#
10
#
11
# Website  : https://cisofy.com
11
# Website  : https://cisofy.com
12
# Blog     : http://linux-audit.com
12
# Blog     : http://linux-audit.com
Lines 22-28 Link Here
22
#
22
#
23
#################################################################################
23
#################################################################################
24
#
24
#
25
    InsertSection "Software: ${SECTION_MALWARE}"
25
    InsertSection "${SECTION_MALWARE}"
26
#
26
#
27
#################################################################################
27
#################################################################################
28
#
28
#
Lines 37-47 Link Here
37
    KASPERSKY_SCANNER_RUNNING=0
37
    KASPERSKY_SCANNER_RUNNING=0
38
    MCAFEE_SCANNER_RUNNING=0
38
    MCAFEE_SCANNER_RUNNING=0
39
    MALWARE_SCANNER_INSTALLED=0
39
    MALWARE_SCANNER_INSTALLED=0
40
    MALWARE_DAEMON_RUNNING=0
41
    ROOTKIT_SCANNER_FOUND=0
40
    SOPHOS_SCANNER_RUNNING=0
42
    SOPHOS_SCANNER_RUNNING=0
41
    SYMANTEC_SCANNER_RUNNING=0
43
    SYMANTEC_SCANNER_RUNNING=0
44
    SYNOLOGY_DAEMON_RUNNING=0
45
    TRENDMICRO_DSA_DAEMON_RUNNING=0
42
#
46
#
43
#################################################################################
47
#################################################################################
44
#
48
#
49
    # Test        : MALW-3274
50
    # Description : Check for installed tool (McAfee VirusScan for Command Line)
51
    Register --test-no MALW-3274 --weight L --network NO --category security --description "Check for McAfee VirusScan Command Line"
52
    if [ ${SKIPTEST} -eq 0 ]; then
53
        LogText "Test: checking presence McAfee VirusScan for Command Line"
54
        if [ -x /usr/local/uvscan/uvscan ]; then
55
            Display --indent 2 --text "- ${GEN_CHECKING} McAfee VirusScan for Command Line" --result "${STATUS_FOUND}" --color GREEN
56
            LogText "Result: Found ${MCAFEECLBINARY}"
57
            MALWARE_SCANNER_INSTALLED=1
58
            AddHP 2 2
59
            Report "malware_scanner[]=mcafeecl"
60
        else
61
            LogText "Result: McAfee VirusScan for Command Line not found"
62
        fi
63
    fi
64
#
65
#################################################################################
66
#
45
    # Test        : MALW-3275
67
    # Test        : MALW-3275
46
    # Description : Check for installed tool (chkrootkit)
68
    # Description : Check for installed tool (chkrootkit)
47
    Register --test-no MALW-3275 --weight L --network NO --category security --description "Check for chkrootkit"
69
    Register --test-no MALW-3275 --weight L --network NO --category security --description "Check for chkrootkit"
Lines 51-56 Link Here
51
            Display --indent 2 --text "- ${GEN_CHECKING} chkrootkit" --result "${STATUS_FOUND}" --color GREEN
73
            Display --indent 2 --text "- ${GEN_CHECKING} chkrootkit" --result "${STATUS_FOUND}" --color GREEN
52
            LogText "Result: Found ${CHKROOTKITBINARY}"
74
            LogText "Result: Found ${CHKROOTKITBINARY}"
53
            MALWARE_SCANNER_INSTALLED=1
75
            MALWARE_SCANNER_INSTALLED=1
76
            ROOTKIT_SCANNER_FOUND=1
54
            AddHP 2 2
77
            AddHP 2 2
55
            Report "malware_scanner[]=chkrootkit"
78
            Report "malware_scanner[]=chkrootkit"
56
        else
79
        else
Lines 69-74 Link Here
69
            Display --indent 2 --text "- ${GEN_CHECKING} Rootkit Hunter" --result "${STATUS_FOUND}" --color GREEN
92
            Display --indent 2 --text "- ${GEN_CHECKING} Rootkit Hunter" --result "${STATUS_FOUND}" --color GREEN
70
            LogText "Result: Found ${RKHUNTERBINARY}"
93
            LogText "Result: Found ${RKHUNTERBINARY}"
71
            MALWARE_SCANNER_INSTALLED=1
94
            MALWARE_SCANNER_INSTALLED=1
95
            ROOTKIT_SCANNER_FOUND=1
72
            AddHP 2 2
96
            AddHP 2 2
73
            Report "malware_scanner[]=rkhunter"
97
            Report "malware_scanner[]=rkhunter"
74
        else
98
        else
Lines 102-134 Link Here
102
    if [ ${SKIPTEST} -eq 0 ]; then
126
    if [ ${SKIPTEST} -eq 0 ]; then
103
        FOUND=0
127
        FOUND=0
104
128
105
        # ESET security products
106
        LogText "Test: checking process esets_daemon"
107
        if IsRunning "esets_daemon"; then
108
            FOUND=1
109
            ESET_DAEMON_RUNNING=1
110
            MALWARE_SCANNER_INSTALLED=1
111
            if IsVerbose; then Display --indent 2 --text "- ${GEN_CHECKING} ESET daemon" --result "${STATUS_FOUND}" --color GREEN; fi
112
            LogText "Result: found ESET security product"
113
            Report "malware_scanner[]=eset"
114
        fi
115
116
        # Bitdefender (macOS)
117
        LogText "Test: checking process epagd"
118
        if IsRunning "epagd"; then
119
            FOUND=1
120
            BITDEFENDER_DAEMON_RUNNING=1
121
            MALWARE_SCANNER_INSTALLED=1
122
            if IsVerbose; then Display --indent 2 --text "- ${GEN_CHECKING} Bitdefender agent" --result "${STATUS_FOUND}" --color GREEN; fi
123
            LogText "Result: found Bitdefender security product"
124
            Report "malware_scanner[]=bitdefender"
125
        fi
126
127
        # Avast (macOS)
129
        # Avast (macOS)
128
        LogText "Test: checking process com.avast.daemon"
130
        LogText "Test: checking process com.avast.daemon"
129
        if IsRunning "com.avast.daemon"; then
131
        if IsRunning "com.avast.daemon"; then
130
            FOUND=1
132
            FOUND=1
131
            AVAST_DAEMON_RUNNING=1
133
            AVAST_DAEMON_RUNNING=1
134
            MALWARE_DAEMON_RUNNING=1
132
            MALWARE_SCANNER_INSTALLED=1
135
            MALWARE_SCANNER_INSTALLED=1
133
            if IsVerbose; then Display --indent 2 --text "- ${GEN_CHECKING} Avast daemon" --result "${STATUS_FOUND}" --color GREEN; fi
136
            if IsVerbose; then Display --indent 2 --text "- ${GEN_CHECKING} Avast daemon" --result "${STATUS_FOUND}" --color GREEN; fi
134
            LogText "Result: found Avast security product"
137
            LogText "Result: found Avast security product"
Lines 140-151 Link Here
140
        if IsRunning "avqmd"; then
143
        if IsRunning "avqmd"; then
141
            FOUND=1
144
            FOUND=1
142
            AVIRA_DAEMON_RUNNING=1
145
            AVIRA_DAEMON_RUNNING=1
146
            MALWARE_DAEMON_RUNNING=1
143
            MALWARE_SCANNER_INSTALLED=1
147
            MALWARE_SCANNER_INSTALLED=1
144
            if IsVerbose; then Display --indent 2 --text "- ${GEN_CHECKING} Avira daemon" --result "${STATUS_FOUND}" --color GREEN; fi
148
            if IsVerbose; then Display --indent 2 --text "- ${GEN_CHECKING} Avira daemon" --result "${STATUS_FOUND}" --color GREEN; fi
145
            LogText "Result: found Avira security product"
149
            LogText "Result: found Avira security product"
146
            Report "malware_scanner[]=avira"
150
            Report "malware_scanner[]=avira"
147
        fi
151
        fi
148
152
153
        # Bitdefender (macOS)
154
        LogText "Test: checking process epagd"
155
        if IsRunning "bdagentd" || IsRunning "epagd"; then
156
            FOUND=1
157
            BITDEFENDER_DAEMON_RUNNING=1
158
            MALWARE_DAEMON_RUNNING=1
159
            MALWARE_SCANNER_INSTALLED=1
160
            if IsVerbose; then Display --indent 2 --text "- ${GEN_CHECKING} Bitdefender agent" --result "${STATUS_FOUND}" --color GREEN; fi
161
            LogText "Result: found Bitdefender security product"
162
            Report "malware_scanner[]=bitdefender"
163
        fi
164
149
        # CrowdStrike falcon-sensor
165
        # CrowdStrike falcon-sensor
150
        LogText "Test: checking process falcon-sensor (CrowdStrike)"
166
        LogText "Test: checking process falcon-sensor (CrowdStrike)"
151
        if IsRunning "falcon-sensor"; then
167
        if IsRunning "falcon-sensor"; then
Lines 164-173 Link Here
164
            if IsVerbose; then Display --indent 2 --text "- ${GEN_CHECKING} CylancePROTECT" --result "${STATUS_FOUND}" --color GREEN; fi
180
            if IsVerbose; then Display --indent 2 --text "- ${GEN_CHECKING} CylancePROTECT" --result "${STATUS_FOUND}" --color GREEN; fi
165
            LogText "Result: found CylancePROTECT service"
181
            LogText "Result: found CylancePROTECT service"
166
            AVAST_DAEMON_RUNNING=1
182
            AVAST_DAEMON_RUNNING=1
183
            MALWARE_DAEMON_RUNNING=1
167
            MALWARE_SCANNER_INSTALLED=1
184
            MALWARE_SCANNER_INSTALLED=1
168
            Report "malware_scanner[]=cylance-protect"
185
            Report "malware_scanner[]=cylance-protect"
169
        fi
186
        fi
170
187
188
        # ESET security products
189
        LogText "Test: checking process esets_daemon"
190
        if IsRunning "esets_daemon"; then
191
            FOUND=1
192
            ESET_DAEMON_RUNNING=1
193
            MALWARE_DAEMON_RUNNING=1
194
            MALWARE_SCANNER_INSTALLED=1
195
            if IsVerbose; then Display --indent 2 --text "- ${GEN_CHECKING} ESET daemon" --result "${STATUS_FOUND}" --color GREEN; fi
196
            LogText "Result: found ESET security product"
197
            Report "malware_scanner[]=eset"
198
        fi
199
171
        # Kaspersky products
200
        # Kaspersky products
172
        LogText "Test: checking process wdserver or klnagent (Kaspersky)"
201
        LogText "Test: checking process wdserver or klnagent (Kaspersky)"
173
        # wdserver is too generic to match on, so we want to ensure that it is related to Kaspersky first
202
        # wdserver is too generic to match on, so we want to ensure that it is related to Kaspersky first
Lines 180-185 Link Here
180
            FOUND=1
209
            FOUND=1
181
            if IsVerbose; then Display --indent 2 --text "- ${GEN_CHECKING} Kaspersky" --result "${STATUS_FOUND}" --color GREEN; fi
210
            if IsVerbose; then Display --indent 2 --text "- ${GEN_CHECKING} Kaspersky" --result "${STATUS_FOUND}" --color GREEN; fi
182
            LogText "Result: Found Kaspersky"
211
            LogText "Result: Found Kaspersky"
212
            MALWARE_DAEMON_RUNNING=1
183
            MALWARE_SCANNER_INSTALLED=1
213
            MALWARE_SCANNER_INSTALLED=1
184
            Report "malware_scanner[]=kaspersky"
214
            Report "malware_scanner[]=kaspersky"
185
        fi
215
        fi
Lines 196-201 Link Here
196
            FOUND=1
226
            FOUND=1
197
            if IsVerbose; then Display --indent 2 --text "- ${GEN_CHECKING} McAfee" --result "${STATUS_FOUND}" --color GREEN; fi
227
            if IsVerbose; then Display --indent 2 --text "- ${GEN_CHECKING} McAfee" --result "${STATUS_FOUND}" --color GREEN; fi
198
            LogText "Result: Found McAfee"
228
            LogText "Result: Found McAfee"
229
            MALWARE_DAEMON_RUNNING=1
199
            MALWARE_SCANNER_INSTALLED=1
230
            MALWARE_SCANNER_INSTALLED=1
200
            Report "malware_scanner[]=mcafee"
231
            Report "malware_scanner[]=mcafee"
201
        fi
232
        fi
Lines 214-219 Link Here
214
        if [ ${SOPHOS_SCANNER_RUNNING} -eq 1 ]; then
245
        if [ ${SOPHOS_SCANNER_RUNNING} -eq 1 ]; then
215
            if IsVerbose; then Display --indent 2 --text "- ${GEN_CHECKING} Sophos" --result "${STATUS_FOUND}" --color GREEN; fi
246
            if IsVerbose; then Display --indent 2 --text "- ${GEN_CHECKING} Sophos" --result "${STATUS_FOUND}" --color GREEN; fi
216
            LogText "Result: Found Sophos"
247
            LogText "Result: Found Sophos"
248
            MALWARE_DAEMON_RUNNING=1
217
            MALWARE_SCANNER_INSTALLED=1
249
            MALWARE_SCANNER_INSTALLED=1
218
            Report "malware_scanner[]=sophos"
250
            Report "malware_scanner[]=sophos"
219
        fi
251
        fi
Lines 234-250 Link Here
234
        if [ ${SYMANTEC_SCANNER_RUNNING} -eq 1 ]; then
266
        if [ ${SYMANTEC_SCANNER_RUNNING} -eq 1 ]; then
235
            if IsVerbose; then Display --indent 2 --text "- ${GEN_CHECKING} Symantec" --result "${STATUS_FOUND}" --color GREEN; fi
267
            if IsVerbose; then Display --indent 2 --text "- ${GEN_CHECKING} Symantec" --result "${STATUS_FOUND}" --color GREEN; fi
236
            LogText "Result: found one or more Symantec components"
268
            LogText "Result: found one or more Symantec components"
269
            MALWARE_DAEMON_RUNNING=1
237
            MALWARE_SCANNER_INSTALLED=1
270
            MALWARE_SCANNER_INSTALLED=1
238
            FOUND=1
271
            FOUND=1
239
            Report "malware_scanner[]=symantec"
272
            Report "malware_scanner[]=symantec"
240
        fi
273
        fi
241
274
275
        # Synology Antivirus Essential
276
        LogText "Test: checking process synoavd"
277
        if IsRunning "synoavd"; then
278
            FOUND=1
279
            SYNOLOGY_DAEMON_RUNNING=1
280
            MALWARE_DAEMON_RUNNING=1
281
            MALWARE_SCANNER_INSTALLED=1
282
            if IsVerbose; then Display --indent 2 --text "- ${GEN_CHECKING} Synology Antivirus Essential" --result "${STATUS_FOUND}" --color GREEN; fi
283
            LogText "Result: found Synology Antivirus Essential"
284
            Report "malware_scanner[]=synoavd"
285
        fi
286
287
        # Trend Micro Anti Malware for Linux
288
        # Typically ds_agent is running as well, the Deep Security Agent
289
        LogText "Test: checking process ds_agent to test for Trend Micro Deep Anti Malware component"
290
        if IsRunning "ds_am"; then
291
            if IsVerbose; then Display --indent 2 --text "- ${GEN_CHECKING} Trend Micro Anti Malware" --result "${STATUS_FOUND}" --color GREEN; fi
292
            LogText "Result: found Trend Micro Anti Malware component"
293
            FOUND=1
294
            MALWARE_SCANNER_INSTALLED=1
295
            MALWARE_DAEMON_RUNNING=1
296
            TRENDMICRO_DSA_DAEMON_RUNNING=1
297
            Report "malware_scanner[]=trend-micro-am"
298
        fi
299
242
        # TrendMicro (macOS)
300
        # TrendMicro (macOS)
243
        LogText "Test: checking process TmccMac to test for Trend Micro anti-virus (macOS)"
301
        LogText "Test: checking process TmccMac to test for Trend Micro anti-virus (macOS)"
244
        if IsRunning "TmccMac"; then
302
        if IsRunning "TmccMac"; then
245
            if IsVerbose; then Display --indent 2 --text "- ${GEN_CHECKING} Trend Micro anti-virus" --result "${STATUS_FOUND}" --color GREEN; fi
303
            if IsVerbose; then Display --indent 2 --text "- ${GEN_CHECKING} Trend Micro anti-virus" --result "${STATUS_FOUND}" --color GREEN; fi
246
            LogText "Result: found Trend Micro component"
304
            LogText "Result: found Trend Micro component"
247
            FOUND=1
305
            FOUND=1
306
            MALWARE_DAEMON_RUNNING=1
248
            MALWARE_SCANNER_INSTALLED=1
307
            MALWARE_SCANNER_INSTALLED=1
249
            Report "malware_scanner[]=trend-micro-av"
308
            Report "malware_scanner[]=trend-micro-av"
250
        fi
309
        fi
Lines 286-291 Link Here
286
        if IsRunning "clamd"; then
345
        if IsRunning "clamd"; then
287
            Display --indent 2 --text "- ${GEN_CHECKING} ClamAV daemon" --result "${STATUS_FOUND}" --color GREEN
346
            Display --indent 2 --text "- ${GEN_CHECKING} ClamAV daemon" --result "${STATUS_FOUND}" --color GREEN
288
            LogText "Result: found running clamd process"
347
            LogText "Result: found running clamd process"
348
            MALWARE_DAEMON_RUNNING=1
289
            MALWARE_SCANNER_INSTALLED=1
349
            MALWARE_SCANNER_INSTALLED=1
290
            CLAMD_RUNNING=1
350
            CLAMD_RUNNING=1
291
        else
351
        else
Lines 342-347 Link Here
342
#
402
#
343
#################################################################################
403
#################################################################################
344
#
404
#
405
    # Test        : MALW-3290
406
    # Description : Presence of malware scanners
407
    Register --test-no MALW-3290 --weight L --network NO --category security --description "Presence of for malware detection"
408
    if [ ${SKIPTEST} -eq 0 ]; then
409
        if [ ${MALWARE_SCANNER_INSTALLED} -eq 0 ]; then
410
            Display --indent 2 --text "- Malware software components" --result "${STATUS_NOT_FOUND}" --color YELLOW
411
        else
412
            Display --indent 2 --text "- Malware software components" --result "${STATUS_FOUND}" --color GREEN
413
            if [ ${MALWARE_DAEMON_RUNNING} -eq 0 ]; then
414
                Display --indent 4 --text "- Active agent" --result "${STATUS_NOT_FOUND}" --color WHITE
415
            else
416
                Display --indent 4 --text "- Active agent" --result "${STATUS_FOUND}" --color GREEN
417
            fi
418
            if [ ${ROOTKIT_SCANNER_FOUND} -eq 0 ]; then
419
                Display --indent 4 --text "- Rootkit scanner" --result "${STATUS_NOT_FOUND}" --color WHITE
420
            else
421
                Display --indent 4 --text "- Rootkit scanner" --result "${STATUS_FOUND}" --color GREEN
422
            fi
423
        fi
424
    fi
425
#
426
#################################################################################
427
#
428
429
345
430
346
Report "malware_scanner_installed=${MALWARE_SCANNER_INSTALLED}"
431
Report "malware_scanner_installed=${MALWARE_SCANNER_INSTALLED}"
347
432
(-)lynis-3.0.0/include/tests_memory_processes (-1 / +1 lines)
Lines 6-12 Link Here
6
# ------------------
6
# ------------------
7
#
7
#
8
# Copyright 2007-2013, Michael Boelen
8
# Copyright 2007-2013, Michael Boelen
9
# Copyright 2007-2020, CISOfy
9
# Copyright 2007-2021, CISOfy
10
#
10
#
11
# Website  : https://cisofy.com
11
# Website  : https://cisofy.com
12
# Blog     : http://linux-audit.com
12
# Blog     : http://linux-audit.com
(-)lynis-3.0.0/include/tests_nameservices (-3 / +3 lines)
Lines 6-12 Link Here
6
# ------------------
6
# ------------------
7
#
7
#
8
# Copyright 2007-2013, Michael Boelen
8
# Copyright 2007-2013, Michael Boelen
9
# Copyright 2007-2020, CISOfy
9
# Copyright 2007-2021, CISOfy
10
#
10
#
11
# Website  : https://cisofy.com
11
# Website  : https://cisofy.com
12
# Blog     : http://linux-audit.com
12
# Blog     : http://linux-audit.com
Lines 22-28 Link Here
22
#
22
#
23
#################################################################################
23
#################################################################################
24
#
24
#
25
    InsertSection "Name services"
25
    InsertSection "${SECTION_NAME_SERVICES}"
26
#
26
#
27
#################################################################################
27
#################################################################################
28
#
28
#
Lines 578-584 Link Here
578
        else
578
        else
579
            LogText "Found duplicate line: ${OUTPUT}"
579
            LogText "Found duplicate line: ${OUTPUT}"
580
            LogText "Result: found duplicate line"
580
            LogText "Result: found duplicate line"
581
            Display --indent 4 --text "- Duplicate entries in hosts file" --result "$STATUS_FOUND}" --color YELLOW
581
            Display --indent 4 --text "- Duplicate entries in hosts file" --result "${STATUS_FOUND}" --color YELLOW
582
            ReportSuggestion "${TEST_NO}" "Remove duplicate lines in ${ROOTDIR}etc/hosts"
582
            ReportSuggestion "${TEST_NO}" "Remove duplicate lines in ${ROOTDIR}etc/hosts"
583
        fi
583
        fi
584
    fi
584
    fi
(-)lynis-3.0.0/include/tests_networking (-7 / +17 lines)
Lines 6-12 Link Here
6
# ------------------
6
# ------------------
7
#
7
#
8
# Copyright 2007-2013, Michael Boelen
8
# Copyright 2007-2013, Michael Boelen
9
# Copyright 2007-2020, CISOfy
9
# Copyright 2007-2021, CISOfy
10
#
10
#
11
# Website  : https://cisofy.com
11
# Website  : https://cisofy.com
12
# Blog     : http://linux-audit.com
12
# Blog     : http://linux-audit.com
Lines 31-37 Link Here
31
#
31
#
32
#################################################################################
32
#################################################################################
33
#
33
#
34
    InsertSection "Networking"
34
    InsertSection "${SECTION_NETWORKING}"
35
#
35
#
36
#################################################################################
36
#################################################################################
37
#
37
#
Lines 70-76 Link Here
70
                LogText "Result: hostnamed is defined and not longer than 63 characters"
70
                LogText "Result: hostnamed is defined and not longer than 63 characters"
71
            fi
71
            fi
72
            # Test valid characters (normally a dot should not be in the name, but we can't be 100% sure we have short name)
72
            # Test valid characters (normally a dot should not be in the name, but we can't be 100% sure we have short name)
73
            FIND=$(echo "${HOSTNAME}" | ${TRBINARY} -d '[a-zA-Z0-9\.\-]')
73
            FIND=$(echo "${HOSTNAME}" | ${TRBINARY} -d '[:alnum:]\.\-')
74
            if [ -z "${FIND}" ]; then
74
            if [ -z "${FIND}" ]; then
75
                LogText "Result: good, no unexpected characters discovered in hostname"
75
                LogText "Result: good, no unexpected characters discovered in hostname"
76
                if IsVerbose; then Display --indent 2 --text "- Hostname (allowed characters)" --result "${STATUS_OK}" --color GREEN; fi
76
                if IsVerbose; then Display --indent 2 --text "- Hostname (allowed characters)" --result "${STATUS_OK}" --color GREEN; fi
Lines 140-146 Link Here
140
            Display --indent 2 --text "- Checking IPv6 configuration" --result "${STATUS_ENABLED}" --color WHITE
140
            Display --indent 2 --text "- Checking IPv6 configuration" --result "${STATUS_ENABLED}" --color WHITE
141
            STATUS=$(echo ${IPV6_MODE} | ${TRBINARY} '[:lower:]' '[:upper:]')
141
            STATUS=$(echo ${IPV6_MODE} | ${TRBINARY} '[:lower:]' '[:upper:]')
142
            Display --indent 6 --text "Configuration method" --result "${STATUS}" --color WHITE
142
            Display --indent 6 --text "Configuration method" --result "${STATUS}" --color WHITE
143
            if [ ${IPV6_ONLY} -eq 1 ]; then STATUS="YES"; else STATUS="NO"; fi
143
            if [ ${IPV6_ONLY} -eq 1 ]; then STATUS="${STATUS_YES}"; else STATUS="${STATUS_NO}"; fi
144
            LogText "Result: IPv6 only configuration: ${STATUS}"
144
            LogText "Result: IPv6 only configuration: ${STATUS}"
145
            Display --indent 6 --text "IPv6 only" --result "${STATUS}" --color WHITE
145
            Display --indent 6 --text "IPv6 only" --result "${STATUS}" --color WHITE
146
        else
146
        else
Lines 512-517 Link Here
512
                    ReportException "${TEST_NO}:3" "netstat missing to gather listening ports"
512
                    ReportException "${TEST_NO}:3" "netstat missing to gather listening ports"
513
                fi
513
                fi
514
            ;;
514
            ;;
515
            Solaris)
516
                if [ -n "${NETSTATBINARY}" ]; then
517
                    LogText "Test: Retrieving netstat information to find listening ports"
518
                    FIND=$(${NETSTATBINARY} -an -P udp | ${AWKBINARY} '{ if($7=="LISTEN") { print $1"|udp|LISTEN|" }}')
519
                    FIND2=$(${NETSTATBINARY} -an -P tcp | ${AWKBINARY} '{ if($7=="LISTEN") { print $1"|tcp|LISTEN|" }}')
520
                else
521
                    ReportException "${TEST_NO}:4" "netstat missing to gather listening ports"
522
                fi
523
            ;;
515
            *)
524
            *)
516
                # Got this exception? Provide your details and output of netstat or any other tool to determine this information.
525
                # Got this exception? Provide your details and output of netstat or any other tool to determine this information.
517
                ReportException "${TEST_NO}:2" "Unclear what method to use, to determine listening port information"
526
                ReportException "${TEST_NO}:2" "Unclear what method to use, to determine listening port information"
Lines 683-689 Link Here
683
            Display --indent 2 --text "- Checking status DHCP client" --result "${STATUS_RUNNING}" --color WHITE
692
            Display --indent 2 --text "- Checking status DHCP client" --result "${STATUS_RUNNING}" --color WHITE
684
            DHCP_CLIENT_RUNNING=1
693
            DHCP_CLIENT_RUNNING=1
685
        else
694
        else
686
            Display --indent 2 --text "- Checking status DHCP client" --result "NOT ACTIVE" --color WHITE
695
            Display --indent 2 --text "- Checking status DHCP client" --result "${STATUS_NOT_ACTIVE}" --color WHITE
687
        fi
696
        fi
688
    fi
697
    fi
689
#
698
#
Lines 741-747 Link Here
741
                        UNCOMMON_PROTOCOL_DISABLED=0
750
                        UNCOMMON_PROTOCOL_DISABLED=0
742
                        # First check modprobe.conf
751
                        # First check modprobe.conf
743
                        if [ -f ${ROOTDIR}etc/modprobe.conf ]; then
752
                        if [ -f ${ROOTDIR}etc/modprobe.conf ]; then
744
                            DATA=$(${GREPBINARY} "^install ${P} /bin/true" ${ROOTDIR}etc/modprobe.conf)
753
                            DATA=$(${GREPBINARY} "^install \+${P} \+/bin/true$" ${ROOTDIR}etc/modprobe.conf)
745
                            if [ -n "${DATA}" ]; then
754
                            if [ -n "${DATA}" ]; then
746
                                LogText "Result: found ${P} module disabled via modprobe.conf"
755
                                LogText "Result: found ${P} module disabled via modprobe.conf"
747
                                UNCOMMON_PROTOCOL_DISABLED=1
756
                                UNCOMMON_PROTOCOL_DISABLED=1
Lines 749-755 Link Here
749
                        fi
758
                        fi
750
                        # Then additional modprobe configuration files
759
                        # Then additional modprobe configuration files
751
                        if [ -d ${ROOTDIR}etc/modprobe.d ]; then
760
                        if [ -d ${ROOTDIR}etc/modprobe.d ]; then
752
                            DATA=$(${GREPBINARY} --files-with-matches --no-messages "^install ${P} /bin/true" ${ROOTDIR}etc/modprobe.d/*)
761
                            # Return file names (-l) and suppress errors (-s)
762
                            DATA=$(${GREPBINARY} -l -s "^install \+${P} \+/bin/true$" ${ROOTDIR}etc/modprobe.d/*)
753
                            if [ -n "${DATA}" ]; then
763
                            if [ -n "${DATA}" ]; then
754
                                UNCOMMON_PROTOCOL_DISABLED=1
764
                                UNCOMMON_PROTOCOL_DISABLED=1
755
                                for F in ${DATA}; do
765
                                for F in ${DATA}; do
(-)lynis-3.0.0/include/tests_php (-13 / +53 lines)
Lines 6-12 Link Here
6
# ------------------
6
# ------------------
7
#
7
#
8
# Copyright 2007-2013, Michael Boelen
8
# Copyright 2007-2013, Michael Boelen
9
# Copyright 2007-2020, CISOfy
9
# Copyright 2007-2021, CISOfy
10
#
10
#
11
# Website  : https://cisofy.com
11
# Website  : https://cisofy.com
12
# Blog     : http://linux-audit.com
12
# Blog     : http://linux-audit.com
Lines 36-41 Link Here
36
                ${ROOTDIR}etc/php7.1/php.ini \
36
                ${ROOTDIR}etc/php7.1/php.ini \
37
                ${ROOTDIR}etc/php7.2/php.ini \
37
                ${ROOTDIR}etc/php7.2/php.ini \
38
                ${ROOTDIR}etc/php7.3/php.ini \
38
                ${ROOTDIR}etc/php7.3/php.ini \
39
                ${ROOTDIR}etc/php7.4/php.ini \
39
                ${ROOTDIR}etc/php/cgi-php5/php.ini \
40
                ${ROOTDIR}etc/php/cgi-php5/php.ini \
40
                ${ROOTDIR}etc/php/cli-php5/php.ini \
41
                ${ROOTDIR}etc/php/cli-php5/php.ini \
41
                ${ROOTDIR}etc/php/apache2-php5/php.ini \
42
                ${ROOTDIR}etc/php/apache2-php5/php.ini \
Lines 45-68 Link Here
45
                ${ROOTDIR}etc/php/apache2-php7.1/php.ini \
46
                ${ROOTDIR}etc/php/apache2-php7.1/php.ini \
46
                ${ROOTDIR}etc/php/apache2-php7.2/php.ini \
47
                ${ROOTDIR}etc/php/apache2-php7.2/php.ini \
47
                ${ROOTDIR}etc/php/apache2-php7.3/php.ini \
48
                ${ROOTDIR}etc/php/apache2-php7.3/php.ini \
49
                ${ROOTDIR}etc/php/apache2-php7.4/php.ini \
48
                ${ROOTDIR}etc/php/cgi-php5.5/php.ini \
50
                ${ROOTDIR}etc/php/cgi-php5.5/php.ini \
49
                ${ROOTDIR}etc/php/cgi-php5.6/php.ini \
51
                ${ROOTDIR}etc/php/cgi-php5.6/php.ini \
50
                ${ROOTDIR}etc/php/cgi-php7.0/php.ini \
52
                ${ROOTDIR}etc/php/cgi-php7.0/php.ini \
51
                ${ROOTDIR}etc/php/cgi-php7.1/php.ini \
53
                ${ROOTDIR}etc/php/cgi-php7.1/php.ini \
52
                ${ROOTDIR}etc/php/cgi-php7.2/php.ini \
54
                ${ROOTDIR}etc/php/cgi-php7.2/php.ini \
53
                ${ROOTDIR}etc/php/cgi-php7.3/php.ini \
55
                ${ROOTDIR}etc/php/cgi-php7.3/php.ini \
56
                ${ROOTDIR}etc/php/cgi-php7.4/php.ini \
54
                ${ROOTDIR}etc/php/cli-php5.5/php.ini \
57
                ${ROOTDIR}etc/php/cli-php5.5/php.ini \
55
                ${ROOTDIR}etc/php/cli-php5.6/php.ini \
58
                ${ROOTDIR}etc/php/cli-php5.6/php.ini \
56
                ${ROOTDIR}etc/php/cli-php7.0/php.ini \
59
                ${ROOTDIR}etc/php/cli-php7.0/php.ini \
57
                ${ROOTDIR}etc/php/cli-php7.1/php.ini \
60
                ${ROOTDIR}etc/php/cli-php7.1/php.ini \
58
                ${ROOTDIR}etc/php/cli-php7.2/php.ini \
61
                ${ROOTDIR}etc/php/cli-php7.2/php.ini \
59
                ${ROOTDIR}etc/php/cli-php7.3/php.ini \
62
                ${ROOTDIR}etc/php/cli-php7.3/php.ini \
63
                ${ROOTDIR}etc/php/cli-php7.4/php.ini \
60
                ${ROOTDIR}etc/php/embed-php5.5/php.ini \
64
                ${ROOTDIR}etc/php/embed-php5.5/php.ini \
61
                ${ROOTDIR}etc/php/embed-php5.6/php.ini \
65
                ${ROOTDIR}etc/php/embed-php5.6/php.ini \
62
                ${ROOTDIR}etc/php/embed-php7.0/php.ini \
66
                ${ROOTDIR}etc/php/embed-php7.0/php.ini \
63
                ${ROOTDIR}etc/php/embed-php7.1/php.ini \
67
                ${ROOTDIR}etc/php/embed-php7.1/php.ini \
64
                ${ROOTDIR}etc/php/embed-php7.2/php.ini \
68
                ${ROOTDIR}etc/php/embed-php7.2/php.ini \
65
                ${ROOTDIR}etc/php/embed-php7.3/php.ini \
69
                ${ROOTDIR}etc/php/embed-php7.3/php.ini \
70
                ${ROOTDIR}etc/php/embed-php7.4/php.ini \
71
                ${ROOTDIR}etc/php/fpm-php7.4/php.ini \
66
                ${ROOTDIR}etc/php/fpm-php7.3/php.ini \
72
                ${ROOTDIR}etc/php/fpm-php7.3/php.ini \
67
                ${ROOTDIR}etc/php/fpm-php7.2/php.ini \
73
                ${ROOTDIR}etc/php/fpm-php7.2/php.ini \
68
                ${ROOTDIR}etc/php/fpm-php7.1/php.ini \
74
                ${ROOTDIR}etc/php/fpm-php7.1/php.ini \
Lines 71-77 Link Here
71
                ${ROOTDIR}etc/php/fpm-php5.6/php.ini \
77
                ${ROOTDIR}etc/php/fpm-php5.6/php.ini \
72
                ${ROOTDIR}etc/php5/cgi/php.ini \
78
                ${ROOTDIR}etc/php5/cgi/php.ini \
73
                ${ROOTDIR}etc/php5/cli/php.ini \
79
                ${ROOTDIR}etc/php5/cli/php.ini \
74
                ${ROOTDIR}etc/php5/cli-php5.4/php.ini ${ROOTDIR}etc/php5/cli-php5.5/php.ini ${ROOTDIR}etc/php5/cli-php5.6/php.ini \
80
                ${ROOTDIR}etc/php5/cli-php5.4/php.ini \
81
                ${ROOTDIR}etc/php5/cli-php5.5/php.ini \
82
                ${ROOTDIR}etc/php5/cli-php5.6/php.ini \
75
                ${ROOTDIR}etc/php5/apache2/php.ini \
83
                ${ROOTDIR}etc/php5/apache2/php.ini \
76
                ${ROOTDIR}etc/php5/fpm/php.ini \
84
                ${ROOTDIR}etc/php5/fpm/php.ini \
77
                ${ROOTDIR}private/etc/php.ini \
85
                ${ROOTDIR}private/etc/php.ini \
Lines 79-90 Link Here
79
                ${ROOTDIR}etc/php/7.1/apache2/php.ini \
87
                ${ROOTDIR}etc/php/7.1/apache2/php.ini \
80
                ${ROOTDIR}etc/php/7.2/apache2/php.ini \
88
                ${ROOTDIR}etc/php/7.2/apache2/php.ini \
81
                ${ROOTDIR}etc/php/7.3/apache2/php.ini \
89
                ${ROOTDIR}etc/php/7.3/apache2/php.ini \
82
                ${ROOTDIR}etc/php/7.0/cli/php.ini ${ROOTDIR}etc/php/7.0/fpm/php.ini \
90
                ${ROOTDIR}etc/php/7.4/apache2/php.ini \
83
                ${ROOTDIR}etc/php/7.1/cli/php.ini ${ROOTDIR}etc/php/7.1/fpm/php.ini \
91
                ${ROOTDIR}etc/php/7.0/cli/php.ini \
84
                ${ROOTDIR}etc/php/7.2/cli/php.ini ${ROOTDIR}etc/php/7.2/fpm/php.ini \
92
                ${ROOTDIR}etc/php/7.0/fpm/php.ini \
85
                ${ROOTDIR}etc/php/7.3/cli/php.ini ${ROOTDIR}etc/php/7.3/fpm/php.ini \
93
                ${ROOTDIR}etc/php/7.1/cli/php.ini \
94
                ${ROOTDIR}etc/php/7.1/fpm/php.ini \
95
                ${ROOTDIR}etc/php/7.2/cli/php.ini \
96
                ${ROOTDIR}etc/php/7.2/fpm/php.ini \
97
                ${ROOTDIR}etc/php/7.3/cli/php.ini \
98
                ${ROOTDIR}etc/php/7.3/fpm/php.ini \
99
                ${ROOTDIR}etc/php/7.4/cli/php.ini \
100
                ${ROOTDIR}etc/php/7.4/fpm/php.ini \
86
                ${ROOTDIR}var/www/conf/php.ini \
101
                ${ROOTDIR}var/www/conf/php.ini \
87
                ${ROOTDIR}usr/local/etc/php.ini ${ROOTDIR}usr/local/lib/php.ini \
102
                ${ROOTDIR}usr/local/etc/php.ini \
103
                ${ROOTDIR}usr/local/lib/php.ini \
88
                ${ROOTDIR}usr/local/etc/php5/cgi/php.ini \
104
                ${ROOTDIR}usr/local/etc/php5/cgi/php.ini \
89
                ${ROOTDIR}usr/local/php54/lib/php.ini \
105
                ${ROOTDIR}usr/local/php54/lib/php.ini \
90
                ${ROOTDIR}usr/local/php56/lib/php.ini \
106
                ${ROOTDIR}usr/local/php56/lib/php.ini \
Lines 92-97 Link Here
92
                ${ROOTDIR}usr/local/php71/lib/php.ini \
108
                ${ROOTDIR}usr/local/php71/lib/php.ini \
93
                ${ROOTDIR}usr/local/php72/lib/php.ini \
109
                ${ROOTDIR}usr/local/php72/lib/php.ini \
94
                ${ROOTDIR}usr/local/php73/lib/php.ini \
110
                ${ROOTDIR}usr/local/php73/lib/php.ini \
111
                ${ROOTDIR}usr/local/php74/lib/php.ini \
95
                ${ROOTDIR}usr/local/zend/etc/php.ini \
112
                ${ROOTDIR}usr/local/zend/etc/php.ini \
96
                ${ROOTDIR}usr/pkg/etc/php.ini \
113
                ${ROOTDIR}usr/pkg/etc/php.ini \
97
                ${ROOTDIR}opt/cpanel/ea-php54/root/etc/php.ini \
114
                ${ROOTDIR}opt/cpanel/ea-php54/root/etc/php.ini \
Lines 101-106 Link Here
101
                ${ROOTDIR}opt/cpanel/ea-php71/root/etc/php.ini \
118
                ${ROOTDIR}opt/cpanel/ea-php71/root/etc/php.ini \
102
                ${ROOTDIR}opt/cpanel/ea-php72/root/etc/php.ini \
119
                ${ROOTDIR}opt/cpanel/ea-php72/root/etc/php.ini \
103
                ${ROOTDIR}opt/cpanel/ea-php73/root/etc/php.ini \
120
                ${ROOTDIR}opt/cpanel/ea-php73/root/etc/php.ini \
121
                ${ROOTDIR}opt/cpanel/ea-php74/root/etc/php.ini \
104
                ${ROOTDIR}opt/alt/php44/etc/php.ini \
122
                ${ROOTDIR}opt/alt/php44/etc/php.ini \
105
                ${ROOTDIR}opt/alt/php51/etc/php.ini \
123
                ${ROOTDIR}opt/alt/php51/etc/php.ini \
106
                ${ROOTDIR}opt/alt/php52/etc/php.ini \
124
                ${ROOTDIR}opt/alt/php52/etc/php.ini \
Lines 112-138 Link Here
112
                ${ROOTDIR}opt/alt/php71/etc/php.ini \
130
                ${ROOTDIR}opt/alt/php71/etc/php.ini \
113
                ${ROOTDIR}opt/alt/php72/etc/php.ini \
131
                ${ROOTDIR}opt/alt/php72/etc/php.ini \
114
                ${ROOTDIR}opt/alt/php73/etc/php.ini \
132
                ${ROOTDIR}opt/alt/php73/etc/php.ini \
133
                ${ROOTDIR}opt/alt/php74/etc/php.ini \
115
                ${ROOTDIR}etc/opt/remi/php56/php.ini \
134
                ${ROOTDIR}etc/opt/remi/php56/php.ini \
116
                ${ROOTDIR}etc/opt/remi/php70/php.ini \
135
                ${ROOTDIR}etc/opt/remi/php70/php.ini \
117
                ${ROOTDIR}etc/opt/remi/php71/php.ini \
136
                ${ROOTDIR}etc/opt/remi/php71/php.ini \
118
                ${ROOTDIR}etc/opt/remi/php72/php.ini \
137
                ${ROOTDIR}etc/opt/remi/php72/php.ini \
119
                ${ROOTDIR}etc/opt/remi/php73/php.ini"
138
                ${ROOTDIR}etc/opt/remi/php73/php.ini \
139
                ${ROOTDIR}etc/opt/remi/php74/php.ini"
120
    # HEADS-UP: OpenBSD, last two releases are supported, and snapshots of -current
140
    # HEADS-UP: OpenBSD, last two releases are supported, and snapshots of -current
121
    PHPINILOCS="${PHPINILOCS} \
141
    PHPINILOCS="${PHPINILOCS} \
122
                ${ROOTDIR}etc/php-5.6.ini ${ROOTDIR}etc/php-7.0.ini ${ROOTDIR}etc/php-7.1.ini ${ROOTDIR}etc/php-7.2.ini ${ROOTDIR}etc/php-7.3.ini"
142
                ${ROOTDIR}etc/php-5.6.ini \
143
                ${ROOTDIR}etc/php-7.0.ini \
144
                ${ROOTDIR}etc/php-7.1.ini \
145
                ${ROOTDIR}etc/php-7.2.ini \
146
                ${ROOTDIR}etc/php-7.3.ini \
147
                ${ROOTDIR}etc/php-7.4.ini"
123
148
124
    PHPINIDIRS="${ROOTDIR}etc/php5/conf.d \
149
    PHPINIDIRS="${ROOTDIR}etc/php5/conf.d \
125
                ${ROOTDIR}etc/php/7.0/cli/conf.d \
150
                ${ROOTDIR}etc/php/7.0/cli/conf.d \
126
                ${ROOTDIR}etc/php/7.1/cli/conf.d \
151
                ${ROOTDIR}etc/php/7.1/cli/conf.d \
127
                ${ROOTDIR}etc/php/7.2/cli/conf.d \
152
                ${ROOTDIR}etc/php/7.2/cli/conf.d \
128
                ${ROOTDIR}etc/php/7.3/cli/conf.d \
153
                ${ROOTDIR}etc/php/7.3/cli/conf.d \
154
                ${ROOTDIR}etc/php/7.4/cli/conf.d \
129
                ${ROOTDIR}etc/php/7.0/fpm/conf.d \
155
                ${ROOTDIR}etc/php/7.0/fpm/conf.d \
130
                ${ROOTDIR}etc/php/7.1/fpm/conf.d \
156
                ${ROOTDIR}etc/php/7.1/fpm/conf.d \
131
                ${ROOTDIR}etc/php/7.2/fpm/conf.d \
157
                ${ROOTDIR}etc/php/7.2/fpm/conf.d \
132
                ${ROOTDIR}etc/php/7.3/fpm/conf.d \
158
                ${ROOTDIR}etc/php/7.3/fpm/conf.d \
159
                ${ROOTDIR}etc/php/7.4/fpm/conf.d \
133
                ${ROOTDIR}etc/php.d \
160
                ${ROOTDIR}etc/php.d \
134
                ${ROOTDIR}opt/cpanel/ea-php54/root/etc/php.d ${ROOTDIR}opt/cpanel/ea-php55/root/etc/php.d ${ROOTDIR}opt/cpanel/ea-php56/root/etc/php.d ${ROOTDIR}opt/cpanel/ea-php70/root/etc/php.d \
161
                ${ROOTDIR}opt/cpanel/ea-php54/root/etc/php.d \
135
                ${ROOTDIR}opt/cpanel/ea-php71/root/etc/php.d ${ROOTDIR}opt/cpanel/ea-php72/root/etc/php.d ${ROOTDIR}opt/cpanel/ea-php73/root/etc/php.d \
162
                ${ROOTDIR}opt/cpanel/ea-php55/root/etc/php.d \
163
                ${ROOTDIR}opt/cpanel/ea-php56/root/etc/php.d \
164
                ${ROOTDIR}opt/cpanel/ea-php70/root/etc/php.d \
165
                ${ROOTDIR}opt/cpanel/ea-php71/root/etc/php.d \
166
                ${ROOTDIR}opt/cpanel/ea-php72/root/etc/php.d \
167
                ${ROOTDIR}opt/cpanel/ea-php73/root/etc/php.d \
168
                ${ROOTDIR}opt/cpanel/ea-php74/root/etc/php.d \
136
                ${ROOTDIR}opt/alt/php44/etc/php.d.all \
169
                ${ROOTDIR}opt/alt/php44/etc/php.d.all \
137
                ${ROOTDIR}opt/alt/php51/etc/php.d.all \
170
                ${ROOTDIR}opt/alt/php51/etc/php.d.all \
138
                ${ROOTDIR}opt/alt/php52/etc/php.d.all \
171
                ${ROOTDIR}opt/alt/php52/etc/php.d.all \
Lines 144-157 Link Here
144
                ${ROOTDIR}opt/alt/php71/etc/php.d.all \
177
                ${ROOTDIR}opt/alt/php71/etc/php.d.all \
145
                ${ROOTDIR}opt/alt/php72/etc/php.d.all \
178
                ${ROOTDIR}opt/alt/php72/etc/php.d.all \
146
                ${ROOTDIR}opt/alt/php73/etc/php.d.all \
179
                ${ROOTDIR}opt/alt/php73/etc/php.d.all \
180
                ${ROOTDIR}opt/alt/php74/etc/php.d.all \
147
                ${ROOTDIR}usr/local/lib/php.conf.d \
181
                ${ROOTDIR}usr/local/lib/php.conf.d \
148
                ${ROOTDIR}usr/local/php70/lib/php.conf.d \
182
                ${ROOTDIR}usr/local/php70/lib/php.conf.d \
149
                ${ROOTDIR}usr/local/php71/lib/php.conf.d \
183
                ${ROOTDIR}usr/local/php71/lib/php.conf.d \
150
                ${ROOTDIR}usr/local/php72/lib/php.conf.d \
184
                ${ROOTDIR}usr/local/php72/lib/php.conf.d \
151
                ${ROOTDIR}usr/local/php73/lib/php.conf.d"
185
                ${ROOTDIR}usr/local/php73/lib/php.conf.d \
186
                ${ROOTDIR}usr/local/php74/lib/php.conf.d"
152
    # HEADS-UP: OpenBSD, last two releases are supported, and snapshots of -current
187
    # HEADS-UP: OpenBSD, last two releases are supported, and snapshots of -current
153
    PHPINIDIRS="${PHPINIDIRS} \
188
    PHPINIDIRS="${PHPINIDIRS} \
154
                ${ROOTDIR}etc/php-5.6 ${ROOTDIR}etc/php-7.0 ${ROOTDIR}etc/php-7.1 ${ROOTDIR}etc/php-7.2 ${ROOTDIR}etc/php-7.3"
189
                ${ROOTDIR}etc/php-5.6 \
190
                ${ROOTDIR}etc/php-7.0 \
191
                ${ROOTDIR}etc/php-7.1 \
192
                ${ROOTDIR}etc/php-7.2 \
193
                ${ROOTDIR}etc/php-7.3 \
194
                ${ROOTDIR}etc/php-7.4"
155
#
195
#
156
#################################################################################
196
#################################################################################
157
#
197
#
(-)lynis-3.0.0/include/tests_ports_packages (-41 / +139 lines)
Lines 6-12 Link Here
6
# ------------------
6
# ------------------
7
#
7
#
8
# Copyright 2007-2013, Michael Boelen
8
# Copyright 2007-2013, Michael Boelen
9
# Copyright 2007-2020, CISOfy
9
# Copyright 2007-2021, CISOfy
10
#
10
#
11
# Website  : https://cisofy.com
11
# Website  : https://cisofy.com
12
# Blog     : http://linux-audit.com
12
# Blog     : http://linux-audit.com
Lines 22-28 Link Here
22
#
22
#
23
#################################################################################
23
#################################################################################
24
#
24
#
25
    InsertSection "Ports and packages"
25
    InsertSection "${SECTION_PORTS_AND_PACKAGES}"
26
    PACKAGE_MGR_PKG=0
26
    PACKAGE_MGR_PKG=0
27
    PACKAGE_AUDIT_TOOL=""
27
    PACKAGE_AUDIT_TOOL=""
28
    PACKAGE_AUDIT_TOOL_FOUND=0
28
    PACKAGE_AUDIT_TOOL_FOUND=0
Lines 35-40 Link Here
35
#
35
#
36
#################################################################################
36
#################################################################################
37
#
37
#
38
    # Test        : PKGS-7200
39
    # Description : Check Alpine Package Keeper (apk)
40
    if [ -x ${ROOTDIR}/sbin/apk ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
41
    Register --test-no PKGS-7200 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Querying apk"
42
    if [ ${SKIPTEST} -eq 0 ]; then
43
        COUNT=0
44
        Display --indent 4 --text "- Searching apk package manager" --result "${STATUS_FOUND}" --color GREEN
45
        LogText "Result: Found apk binary"
46
        Report "package_manager[]=apk"
47
        PACKAGE_MGR_PKG=1
48
        LogText "Test: Querying apk info -v to get package list"
49
        Display --indent 6 --text "- Querying package manager"
50
        LogText "Output:"
51
        SPACKAGES=$(apk info -v | ${SEDBINARY} -r -e 's/([a-z,A-Z,0-9,_,-,.]{1,250})-([a-z,A-Z,0-9,.]+-r[a-z,A-Z,0-9]+)/\1,\2/' | sort)
52
        for J in ${SPACKAGES}; do
53
            COUNT=$((COUNT + 1))
54
            PACKAGE_NAME=$(echo ${J} | ${CUTBINARY} -d ',' -f1)
55
            PACKAGE_VERSION=$(echo ${J} | ${CUTBINARY} -d ',' -f2)
56
            LogText "Found package: ${PACKAGE_NAME} (version: ${PACKAGE_VERSION})"
57
            INSTALLED_PACKAGES="${INSTALLED_PACKAGES}|${PACKAGE_NAME},${PACKAGE_VERSION}"
58
        done
59
        Report "installed_packages=${COUNT}"
60
    else
61
        LogText "Result: apk "${STATUS_NOT_FOUND}", test skipped"
62
    fi
63
#
64
#################################################################################
65
#
38
    # Test        : PKGS-7301
66
    # Test        : PKGS-7301
39
    # Description : Query FreeBSD pkg
67
    # Description : Query FreeBSD pkg
40
    if [ -x ${ROOTDIR}usr/sbin/pkg ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
68
    if [ -x ${ROOTDIR}usr/sbin/pkg ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
Lines 296-302 Link Here
296
#
324
#
297
    # Test        : PKGS-7320
325
    # Test        : PKGS-7320
298
    # Description : Check available of arch-audit
326
    # Description : Check available of arch-audit
299
    if [ "${OS_FULLNAME}" = "Arch Linux" ]; then PREQS_MET="YES"; SKIPREASON=""; else PREQS_MET="NO"; SKIPREASON="Test only applies to Arch Linux"; fi
327
    if [ "${OS_FULLNAME}" = "Arch Linux" ] || [ "${OS_FULLNAME}" = "Arch Linux 32" ] || [ "${OS_FULLNAME}" = "Garuda Linux" ]; then PREQS_MET="YES"; SKIPREASON=""; else PREQS_MET="NO"; SKIPREASON="Test only applies to Arch Linux and Garuda Linux"; fi
300
    Register --test-no PKGS-7320 --os "Linux" --preqs-met ${PREQS_MET} --skip-reason "${SKIPREASON}" --weight L --network NO --category security --description "Checking for arch-audit tooling"
328
    Register --test-no PKGS-7320 --os "Linux" --preqs-met ${PREQS_MET} --skip-reason "${SKIPREASON}" --weight L --network NO --category security --description "Checking for arch-audit tooling"
301
    if [ ${SKIPTEST} -eq 0 ]; then
329
    if [ ${SKIPTEST} -eq 0 ]; then
302
        if [ -z "${ARCH_AUDIT_BINARY}" ]; then
330
        if [ -z "${ARCH_AUDIT_BINARY}" ]; then
Lines 600-607 Link Here
600
#
628
#
601
    # Test        : PKGS-7366
629
    # Test        : PKGS-7366
602
    # Description : Checking if debsecan is installed and enabled on Debian systems
630
    # Description : Checking if debsecan is installed and enabled on Debian systems
603
    if [ -n "${DEBSECANBINARY}" -a "${OS}" = "Linux" -a "${LINUX_VERSION}" = "Debian" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
631
    if [ -n "${DEBSECANBINARY}" ] && ( [ "${LINUX_VERSION}" = "Debian" ] || [ "${LINUX_VERSION_LIKE}" = "Debian" ] ); then PREQS_MET="YES"; else PREQS_MET="NO"; fi
604
    Register --test-no "PKGS-7366" --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Checking for debsecan utility"
632
    Register --test-no "PKGS-7366" --preqs-met ${PREQS_MET} --os Linux --weight L --network NO --category security --description "Checking for debsecan utility"
605
    if [ ${SKIPTEST} -eq 0 ]; then
633
    if [ ${SKIPTEST} -eq 0 ]; then
606
        if [ -n "${DEBSECANBINARY}" ]; then
634
        if [ -n "${DEBSECANBINARY}" ]; then
607
            LogText "Result: debsecan utility is installed"
635
            LogText "Result: debsecan utility is installed"
Lines 986-992 Link Here
986
    PREQS_MET="NO"
1014
    PREQS_MET="NO"
987
    if [ -f ${ROOTDIR}etc/apt/sources.list -a -d ${ROOTDIR}etc/apt/sources.list.d ]; then
1015
    if [ -f ${ROOTDIR}etc/apt/sources.list -a -d ${ROOTDIR}etc/apt/sources.list.d ]; then
988
        case "${LINUX_VERSION}" in
1016
        case "${LINUX_VERSION}" in
989
            "Debian" | "Linux Mint" | "Ubuntu")
1017
            "Debian" | "Linux Mint" | "Ubuntu" | "Pop!_OS")
1018
                # Todo: PureOS (not rolling) has security repositories
1019
                # Todo: Debian sid does not have a security repository.
990
                PREQS_MET="YES"
1020
                PREQS_MET="YES"
991
            ;;
1021
            ;;
992
            *)
1022
            *)
Lines 1042-1048 Link Here
1042
#
1072
#
1043
    # Test        : PKGS-7390
1073
    # Test        : PKGS-7390
1044
    # Description : Check Ubuntu database consistency
1074
    # Description : Check Ubuntu database consistency
1045
    if [ "${LINUX_VERSION}" = "Ubuntu" -a -x ${ROOTDIR}usr/bin/apt-get ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
1075
    if ([ "${LINUX_VERSION}" = "Debian" ] || [ "${LINUX_VERSION}" = "Ubuntu" ] ||
1076
           [ "${LINUX_VERSION_LIKE}" = "Debian" ] ||  [ "${LINUX_VERSION_LIKE}" = "Ubuntu" ]) && [ -x "${ROOTDIR}usr/bin/apt-get" ]; then
1077
        PREQS_MET="YES"
1078
    else
1079
        PREQS_MET="NO"
1080
    fi
1081
1046
    Register --test-no PKGS-7390 --os Linux --preqs-met ${PREQS_MET} --root-only YES --weight L --network NO --category security --description "Check Ubuntu database consistency"
1082
    Register --test-no PKGS-7390 --os Linux --preqs-met ${PREQS_MET} --root-only YES --weight L --network NO --category security --description "Check Ubuntu database consistency"
1047
    if [ ${SKIPTEST} -eq 0 ]; then
1083
    if [ ${SKIPTEST} -eq 0 ]; then
1048
        LogText "Test: Package database consistency by running apt-get check"
1084
        LogText "Test: Package database consistency by running apt-get check"
Lines 1191-1197 Link Here
1191
#
1227
#
1192
    # Test        : PKGS-7394
1228
    # Test        : PKGS-7394
1193
    # Description : Check Ubuntu upgradeable packages
1229
    # Description : Check Ubuntu upgradeable packages
1194
    if [ "${LINUX_VERSION}" = "Ubuntu" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
1230
    if ([ "${LINUX_VERSION}" = "Debian" ] || [ "${LINUX_VERSION}" = "Ubuntu" ] ||
1231
           [ "${LINUX_VERSION_LIKE}" = "Debian" ] ||  [ "${LINUX_VERSION_LIKE}" = "Ubuntu" ]) && [ -x "${ROOTDIR}usr/bin/apt-get" ]; then
1232
        PREQS_MET="YES"
1233
    else
1234
        PREQS_MET="NO"
1235
    fi
1236
1195
    Register --test-no PKGS-7394 --os Linux --preqs-met ${PREQS_MET} --weight L --network YES --category security --description "Check for Ubuntu updates"
1237
    Register --test-no PKGS-7394 --os Linux --preqs-met ${PREQS_MET} --weight L --network YES --category security --description "Check for Ubuntu updates"
1196
    if [ ${SKIPTEST} -eq 0 ]; then
1238
    if [ ${SKIPTEST} -eq 0 ]; then
1197
        LogText "Test: checking ${ROOTDIR}usr/bin/apt-show-versions"
1239
        LogText "Test: checking ${ROOTDIR}usr/bin/apt-show-versions"
Lines 1222-1227 Link Here
1222
#
1264
#
1223
#################################################################################
1265
#################################################################################
1224
#
1266
#
1267
    # Test        : PKGS-7395
1268
    # Description : Check Alpine upgradeable packages
1269
    if [ "${LINUX_VERSION}" = "Alpine Linux" ]  && [ -x "${ROOTDIR}sbin/apk" ]; then
1270
        PREQS_MET="YES"
1271
    else
1272
        PREQS_MET="NO"
1273
    fi
1274
1275
    Register --test-no PKGS-7395 --os Linux --preqs-met ${PREQS_MET} --weight L --network YES --category security --description "Check for Alpine updates"
1276
    if [ ${SKIPTEST} -eq 0 ]; then
1277
        if [ ${REFRESH_REPOSITORIES} -eq 1 ]; then
1278
            LogText "Action: updating package repository with apk"
1279
            ${ROOTDIR}sbin/apk update
1280
            LogText "Result: apk finished"
1281
        else
1282
            LogText "Result: using a possibly outdated repository, as updating is disabled via configuration"
1283
        fi
1284
        LogText "Test: Checking packages which can be upgraded via apk version -l '<'"
1285
        FIND=$(${ROOTDIR}sbin/apk version -l '<' | ${GREPBINARY} '<' | ${SEDBINARY} 's/\s\+<\s/</g')
1286
        if [ -z "${FIND}" ]; then
1287
            LogText "Result: no packages found which can be upgraded"
1288
            Display --indent 2 --text "- Checking upgradeable packages" --result "${STATUS_NONE}" --color GREEN
1289
            AddHP 3 3
1290
        else
1291
            LogText "Result: found one or more packages which can be upgraded"
1292
            Display --indent 2 --text "- Checking upgradeable packages" --result "${STATUS_FOUND}" --color YELLOW
1293
            for ITEM in ${FIND}; do
1294
                ITEM=$(echo ${ITEM} | ${SEDBINARY}  -r -e 's/([a-z,A-Z,0-9,_,-,.]{1,250})-([a-z,A-Z,0-9,.]+-r[a-z,A-Z,0-9]+)<([a-z,A-Z,0-9,-,.]+)/\1 from \2 to \3/')
1295
                LogText "${ITEM}"
1296
            done
1297
        fi
1298
    fi
1299
#
1300
#################################################################################
1301
#
1225
    # Test        : PKGS-7398
1302
    # Test        : PKGS-7398
1226
    # Description : Check package audit tool
1303
    # Description : Check package audit tool
1227
    Register --test-no PKGS-7398 --weight L --network YES --category security --description "Check for package audit tool"
1304
    Register --test-no PKGS-7398 --weight L --network YES --category security --description "Check for package audit tool"
Lines 1232-1238 Link Here
1232
            ReportSuggestion "${TEST_NO}" "Install a package audit tool to determine vulnerable packages"
1309
            ReportSuggestion "${TEST_NO}" "Install a package audit tool to determine vulnerable packages"
1233
            LogText "Result: no package audit tool found"
1310
            LogText "Result: no package audit tool found"
1234
        else
1311
        else
1235
            Display --indent 2 --text "- Checking package audit tool" --result INSTALLED --color GREEN
1312
            Display --indent 2 --text "- Checking package audit tool" --result "${STATUS_INSTALLED}" --color GREEN
1236
            Display --indent 4 --text "Found: ${PACKAGE_AUDIT_TOOL}"
1313
            Display --indent 4 --text "Found: ${PACKAGE_AUDIT_TOOL}"
1237
            LogText "Result: found package audit tool: ${PACKAGE_AUDIT_TOOL}"
1314
            LogText "Result: found package audit tool: ${PACKAGE_AUDIT_TOOL}"
1238
        fi
1315
        fi
Lines 1289-1295 Link Here
1289
            KERNELS=$(${ZYPPERBINARY} --non-interactive -n se --type package --match-exact --installed-only "kernel-default" 2> /dev/null | ${GREPBINARY} "kernel-default" | ${WCBINARY} -l)
1366
            KERNELS=$(${ZYPPERBINARY} --non-interactive -n se --type package --match-exact --installed-only "kernel-default" 2> /dev/null | ${GREPBINARY} "kernel-default" | ${WCBINARY} -l)
1290
            if [ ${KERNELS} -eq 0 ]; then
1367
            if [ ${KERNELS} -eq 0 ]; then
1291
                LogText "Result: found no kernels from zypper output, which is unexpected."
1368
                LogText "Result: found no kernels from zypper output, which is unexpected."
1292
                ReportException "KRNL-5840:3" "Could not find any kernel packages via package manager. Maybe using a different kernel package?"
1369
                ReportException "${TEST_NO}" "Could not find any kernel packages via package manager. Maybe using a different kernel package?"
1293
            elif [ ${KERNELS} -gt 3 ]; then
1370
            elif [ ${KERNELS} -gt 3 ]; then
1294
                LogText "Result: found more than 5 kernel packages on the system, which might indicate lack of regular cleanups"
1371
                LogText "Result: found more than 5 kernel packages on the system, which might indicate lack of regular cleanups"
1295
                ReportSuggestion "${TEST_NO}" "Remove any unneeded kernel packages"
1372
                ReportSuggestion "${TEST_NO}" "Remove any unneeded kernel packages"
Lines 1299-1305 Link Here
1299
        fi
1376
        fi
1300
1377
1301
        if [ ${KERNELS} -eq 0 -a ${TESTED} -eq 1 ]; then
1378
        if [ ${KERNELS} -eq 0 -a ${TESTED} -eq 1 ]; then
1302
            ReportException "KRNL-5840:1" "Could not find any kernel packages via package manager"
1379
            # Only report exception if there are kernels actually there. For example, LXC use the kernel of host system
1380
            case "${OS}" in
1381
                "Linux")
1382
                    case "${CONTAINER_TYPE}" in
1383
                        "LXC")
1384
                            LogText "Info: LXC shares the kernel with host, so skipping further testing"
1385
                        ;;
1386
                        *)
1387
                            if [ -d "${ROOTDIR}boot" ]; then
1388
                                if [ -z "$(${FINDBINARY} /boot -maxdepth 1 -type f -name 'vmlinuz*' -print -quit)" ]; then
1389
                                    ReportException "${TEST_NO}" "Could not find any kernel packages via package manager"
1390
                                fi
1391
                            fi
1392
                        ;;
1393
                    esac
1394
                ;;
1395
                *)
1396
                    ReportException "${TEST_NO}" "Could not find any kernel packages via package manager"
1397
                ;;
1398
            esac
1303
        fi
1399
        fi
1304
1400
1305
        Report "installed_kernel_packages=${KERNELS}"
1401
        Report "installed_kernel_packages=${KERNELS}"
Lines 1317-1353 Link Here
1317
1413
1318
        case "${OS}" in
1414
        case "${OS}" in
1319
            "Linux")
1415
            "Linux")
1320
                case "${LINUX_VERSION}" in
1416
                for DIST in CentOS Debian Fedora RHEL Ubuntu; do
1321
                    "CentOS" | "Debian" | "Fedora" | "RHEL" | "Ubuntu")
1417
                    if [ "${LINUX_VERSION}" = "${DIST}" ] || [ "${LINUX_VERSION_LIKE}" = "${DIST}" ]; then
1322
1323
                        UNATTENDED_UPGRADES_OPTION_AVAILABLE=1
1418
                        UNATTENDED_UPGRADES_OPTION_AVAILABLE=1
1324
                        # Test available tools for Linux
1419
                    fi
1325
                        if [ -f "${ROOTDIR}bin/auter" ]; then
1420
                done
1326
                            UNATTENDED_UPGRADES_TOOL="auter"
1421
1327
                            UNATTENDED_UPGRADES_TOOLKIT=1
1422
                if [ ${UNATTENDED_UPGRADES_OPTION_AVAILABLE} -eq 1 ]; then
1328
                            LogText "Result: found ${UNATTENDED_UPGRADES_TOOL}"
1423
                    # Test available tools for Linux
1329
                            Report "unattended_upgrade_tool[]=${UNATTENDED_UPGRADES_TOOL}"
1424
                    if [ -f "${ROOTDIR}bin/auter" ]; then
1330
                        fi
1425
                        UNATTENDED_UPGRADES_TOOL="auter"
1331
                        if [ -f "${ROOTDIR}sbin/yum-cron" ]; then
1426
                        UNATTENDED_UPGRADES_TOOLKIT=1
1332
                            UNATTENDED_UPGRADES_TOOL="yum-cron"
1427
                        LogText "Result: found ${UNATTENDED_UPGRADES_TOOL}"
1333
                            UNATTENDED_UPGRADES_TOOLKIT=1
1428
                        Report "unattended_upgrade_tool[]=${UNATTENDED_UPGRADES_TOOL}"
1334
                            LogText "Result: found ${UNATTENDED_UPGRADES_TOOL}"
1429
                    fi
1335
                            Report "unattended_upgrade_tool[]=${UNATTENDED_UPGRADES_TOOL}"
1430
                    if [ -f "${ROOTDIR}sbin/yum-cron" ]; then
1336
                        fi
1431
                        UNATTENDED_UPGRADES_TOOL="yum-cron"
1337
                        if [ -f "${ROOTDIR}usr/bin/dnf-automatic" ]; then
1432
                        UNATTENDED_UPGRADES_TOOLKIT=1
1338
                            UNATTENDED_UPGRADES_TOOL="dnf-automatic"
1433
                        LogText "Result: found ${UNATTENDED_UPGRADES_TOOL}"
1339
                            UNATTENDED_UPGRADES_TOOLKIT=1
1434
                        Report "unattended_upgrade_tool[]=${UNATTENDED_UPGRADES_TOOL}"
1340
                            LogText "Result: found ${UNATTENDED_UPGRADES_TOOL}"
1435
                    fi
1341
                            Report "unattended_upgrade_tool[]=${UNATTENDED_UPGRADES_TOOL}"
1436
                    if [ -f "${ROOTDIR}usr/bin/dnf-automatic" ]; then
1342
                        fi
1437
                        UNATTENDED_UPGRADES_TOOL="dnf-automatic"
1343
                        if [ -f "${ROOTDIR}usr/bin/unattended-upgrade" ]; then
1438
                        UNATTENDED_UPGRADES_TOOLKIT=1
1344
                            UNATTENDED_UPGRADES_TOOL="unattended-upgrade"
1439
                        LogText "Result: found ${UNATTENDED_UPGRADES_TOOL}"
1345
                            UNATTENDED_UPGRADES_TOOLKIT=1
1440
                        Report "unattended_upgrade_tool[]=${UNATTENDED_UPGRADES_TOOL}"
1346
                            LogText "Result: found ${UNATTENDED_UPGRADES_TOOL}"
1441
                    fi
1347
                            Report "unattended_upgrade_tool[]=${UNATTENDED_UPGRADES_TOOL}"
1442
                    if [ -f "${ROOTDIR}usr/bin/unattended-upgrade" ]; then
1348
                        fi
1443
                        UNATTENDED_UPGRADES_TOOL="unattended-upgrade"
1349
                    ;;
1444
                        UNATTENDED_UPGRADES_TOOLKIT=1
1350
                esac
1445
                        LogText "Result: found ${UNATTENDED_UPGRADES_TOOL}"
1446
                        Report "unattended_upgrade_tool[]=${UNATTENDED_UPGRADES_TOOL}"
1447
                    fi
1448
                fi
1351
            ;;
1449
            ;;
1352
        esac
1450
        esac
1353
1451
(-)lynis-3.0.0/include/tests_printers_spoolers (-12 / +15 lines)
Lines 6-12 Link Here
6
# ------------------
6
# ------------------
7
#
7
#
8
# Copyright 2007-2013, Michael Boelen
8
# Copyright 2007-2013, Michael Boelen
9
# Copyright 2007-2020, CISOfy
9
# Copyright 2007-2021, CISOfy
10
#
10
#
11
# Website  : https://cisofy.com
11
# Website  : https://cisofy.com
12
# Blog     : http://linux-audit.com
12
# Blog     : http://linux-audit.com
Lines 34-40 Link Here
34
#
34
#
35
#################################################################################
35
#################################################################################
36
#
36
#
37
    InsertSection "Printers and Spools"
37
    InsertSection "${SECTION_PRINTERS_AND_SPOOLS}"
38
#
38
#
39
#################################################################################
39
#################################################################################
40
#
40
#
Lines 139-146 Link Here
139
    Register --test-no PRNT-2308 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check CUPSd network configuration"
139
    Register --test-no PRNT-2308 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check CUPSd network configuration"
140
    if [ ${SKIPTEST} -eq 0 ]; then
140
    if [ ${SKIPTEST} -eq 0 ]; then
141
        FOUND=0
141
        FOUND=0
142
        # Checking network addresses
142
        PORT_FOUND=0
143
143
        LogText "Test: Checking CUPS daemon listening network addresses"
144
        LogText "Test: Checking CUPS daemon listening network addresses"
145
146
        # Search for Port statement
147
        FIND=$(${EGREPBINARY} "^Port 631" ${CUPSD_CONFIG_FILE})
148
        if [ -n "${FIND}" ]; then
149
            LogText "Result: found CUPS listening on port 631 (most likely all interfaces)"
150
            PORT_FOUND=1
151
        fi
152
153
        # Checking network addresses
144
        FIND=$(${EGREPBINARY} "^(SSL)?Listen" ${CUPSD_CONFIG_FILE} | ${GREPBINARY} -v "/" | ${AWKBINARY} '{ print $2 }')
154
        FIND=$(${EGREPBINARY} "^(SSL)?Listen" ${CUPSD_CONFIG_FILE} | ${GREPBINARY} -v "/" | ${AWKBINARY} '{ print $2 }')
145
        COUNT=0
155
        COUNT=0
146
        for ITEM in ${FIND}; do
156
        for ITEM in ${FIND}; do
Lines 149-165 Link Here
149
            FOUND=1
159
            FOUND=1
150
        done
160
        done
151
161
152
        # Search for Port statement
153
        FIND=$(${EGREPBINARY} "^Port 631" ${CUPSD_CONFIG_FILE})
154
        if [ -n "${FIND}" ]; then
155
            LogText "Result: found CUPS listening on port 631 (most likely all interfaces)"
156
            FOUND=1
157
        fi
158
159
        # Check if daemon might be running on localhost
162
        # Check if daemon might be running on localhost
160
        if [ ${FOUND} -eq 0 ]; then
163
        if [ ${FOUND} -eq 0 -a ${PORT_FOUND} -eq 0 ]; then
161
            LogText "Result: CUPS does not look to be listening on a network port"
164
            LogText "Result: CUPS does not look to be listening on a network port"
162
        elif [ ${COUNT} -eq 1 ]; then
165
        elif [ ${COUNT} -eq 1 -a ${PORT_FOUND} -eq 0 ]; then
163
            if [ "${FIND}" = "localhost:631" -o "${FIND}" = "127.0.0.1:631" ]; then
166
            if [ "${FIND}" = "localhost:631" -o "${FIND}" = "127.0.0.1:631" ]; then
164
                LogText "Result: CUPS daemon only running on localhost"
167
                LogText "Result: CUPS daemon only running on localhost"
165
                AddHP 2 2
168
                AddHP 2 2
(-)lynis-3.0.0/include/tests_scheduling (-4 / +4 lines)
Lines 6-12 Link Here
6
# ------------------
6
# ------------------
7
#
7
#
8
# Copyright 2007-2013, Michael Boelen
8
# Copyright 2007-2013, Michael Boelen
9
# Copyright 2007-2020, CISOfy
9
# Copyright 2007-2021, CISOfy
10
#
10
#
11
# Website  : https://cisofy.com
11
# Website  : https://cisofy.com
12
# Blog     : http://linux-audit.com
12
# Blog     : http://linux-audit.com
Lines 22-28 Link Here
22
#
22
#
23
#################################################################################
23
#################################################################################
24
#
24
#
25
    InsertSection "Scheduled tasks"
25
    InsertSection "${SECTION_SCHEDULED_TASKS}"
26
#
26
#
27
#################################################################################
27
#################################################################################
28
#
28
#
Lines 77-83 Link Here
77
                if FileIsReadable ${DIR}; then
77
                if FileIsReadable ${DIR}; then
78
                    LogText "Result: found directory ${DIR}"
78
                    LogText "Result: found directory ${DIR}"
79
                    LogText "Test: searching files in ${DIR}"
79
                    LogText "Test: searching files in ${DIR}"
80
                    FIND=$(${FINDBINARY} ${DIR} -type f -print | ${GREPBINARY} -v ".placeholder")
80
                    FIND=$(${FINDBINARY} -L ${DIR} -type f -print | ${GREPBINARY} -v ".placeholder")
81
                    if IsEmpty "${FIND}"; then
81
                    if IsEmpty "${FIND}"; then
82
                        LogText "Result: no files found in ${DIR}"
82
                        LogText "Result: no files found in ${DIR}"
83
                    else
83
                    else
Lines 112-118 Link Here
112
                LogText "Result: found directory ${I}"
112
                LogText "Result: found directory ${I}"
113
                if FileIsReadable ${I}; then
113
                if FileIsReadable ${I}; then
114
                    LogText "Test: searching files in ${I}"
114
                    LogText "Test: searching files in ${I}"
115
                    FIND=$(${FINDBINARY} ${I} -type f -print 2> /dev/null | ${GREPBINARY} -v ".placeholder")
115
                    FIND=$(${FINDBINARY} -L ${I} -type f -print 2> /dev/null | ${GREPBINARY} -v ".placeholder")
116
                    if [ -z "${FIND}" ]; then
116
                    if [ -z "${FIND}" ]; then
117
                        LogText "Result: no files found in ${I}"
117
                        LogText "Result: no files found in ${I}"
118
                    else
118
                    else
(-)lynis-3.0.0/include/tests_shells (-5 / +5 lines)
Lines 6-12 Link Here
6
# ------------------
6
# ------------------
7
#
7
#
8
# Copyright 2007-2013, Michael Boelen
8
# Copyright 2007-2013, Michael Boelen
9
# Copyright 2007-2020, CISOfy
9
# Copyright 2007-2021, CISOfy
10
#
10
#
11
# Website  : https://cisofy.com
11
# Website  : https://cisofy.com
12
# Blog     : http://linux-audit.com
12
# Blog     : http://linux-audit.com
Lines 23-29 Link Here
23
#################################################################################
23
#################################################################################
24
#
24
#
25
    IDLE_TIMEOUT=0
25
    IDLE_TIMEOUT=0
26
    InsertSection "Shells"
26
    InsertSection "${SECTION_SHELLS}"
27
#
27
#
28
#################################################################################
28
#################################################################################
29
#
29
#
Lines 167-175 Link Here
167
            FIND=$(${LSBINARY} ${ROOTDIR}etc/profile.d/*.sh 2> /dev/null)
167
            FIND=$(${LSBINARY} ${ROOTDIR}etc/profile.d/*.sh 2> /dev/null)
168
            if [ -n "${FIND}" ]; then
168
            if [ -n "${FIND}" ]; then
169
                # Determine if we can find a TMOUT value
169
                # Determine if we can find a TMOUT value
170
                FIND=$(${FINDBINARY} ${ROOTDIR}etc/profile.d -name "*.sh" -type f -exec cat {} \; 2> /dev/null | ${GREPBINARY} 'TMOUT=' | ${TRBINARY} -d ' ' | ${TRBINARY} -d '\t' | ${GREPBINARY} -v "^#" | ${SEDBINARY} 's/export//' | ${SEDBINARY} 's/#.*//' | ${AWKBINARY} -F= '{ print $2 }')
170
                FIND=$(${FINDBINARY} -L ${ROOTDIR}etc/profile.d -name "*.sh" -type f -exec cat {} \; 2> /dev/null | ${GREPBINARY} 'TMOUT=' | ${TRBINARY} -d ' ' | ${TRBINARY} -d '\t' | ${GREPBINARY} -v "^#" | ${SEDBINARY} 's/export//' | ${SEDBINARY} 's/#.*//' | ${AWKBINARY} -F= '{ print $2 }')
171
                # Determine if the value is exported (with export, readonly, or typeset)
171
                # Determine if the value is exported (with export, readonly, or typeset)
172
                FIND2=$(${FINDBINARY} ${ROOTDIR}etc/profile.d -name "*.sh" -type f -exec cat {} \; 2> /dev/null | ${GREPBINARY} '\(export\|readonly\|typeset -r\)[ \t]*TMOUT' | ${GREPBINARY} -v "^#" | ${SEDBINARY} 's/#.*//' | ${AWKBINARY} '{ print $1 }')
172
                FIND2=$(${FINDBINARY} -L ${ROOTDIR}etc/profile.d -name "*.sh" -type f -exec cat {} \; 2> /dev/null | ${GREPBINARY} '\(export\|readonly\|typeset -r\)[ \t]*TMOUT' | ${GREPBINARY} -v "^#" | ${SEDBINARY} 's/#.*//' | ${AWKBINARY} '{ print $1 }')
173
                if [ -n "${FIND}" ]; then
173
                if [ -n "${FIND}" ]; then
174
                    N=0; IDLE_TIMEOUT=1
174
                    N=0; IDLE_TIMEOUT=1
175
                    for I in ${FIND}; do
175
                    for I in ${FIND}; do
Lines 282-285 Link Here
282
282
283
#
283
#
284
#================================================================================
284
#================================================================================
285
# Lynis - Copyright 2007-2020, CISOfy - http://cisofy.com
285
# Lynis - Copyright 2007-2021, CISOfy - http://cisofy.com
(-)lynis-3.0.0/include/tests_snmp (-3 / +3 lines)
Lines 6-12 Link Here
6
# ------------------
6
# ------------------
7
#
7
#
8
# Copyright 2007-2013, Michael Boelen
8
# Copyright 2007-2013, Michael Boelen
9
# Copyright 2007-2020, CISOfy
9
# Copyright 2007-2021, CISOfy
10
#
10
#
11
# Website  : https://cisofy.com
11
# Website  : https://cisofy.com
12
# Blog     : http://linux-audit.com
12
# Blog     : http://linux-audit.com
Lines 28-34 Link Here
28
#
28
#
29
#################################################################################
29
#################################################################################
30
#
30
#
31
    InsertSection "SNMP Support"
31
    InsertSection "${SECTION_SNMP_SUPPORT}"
32
32
33
    # Test        : SNMP-3302
33
    # Test        : SNMP-3302
34
    # Description : Check for a running SNMP daemon
34
    # Description : Check for a running SNMP daemon
Lines 104-107 Link Here
104
104
105
#
105
#
106
#================================================================================
106
#================================================================================
107
# Lynis - Copyright 2007-2020 Michael Boelen, CISOfy - https://cisofy.com
107
# Lynis - Copyright 2007-2021 Michael Boelen, CISOfy - https://cisofy.com
(-)lynis-3.0.0/include/tests_squid (-4 / +4 lines)
Lines 6-12 Link Here
6
# ------------------
6
# ------------------
7
#
7
#
8
# Copyright 2007-2013, Michael Boelen
8
# Copyright 2007-2013, Michael Boelen
9
# Copyright 2007-2020, CISOfy
9
# Copyright 2007-2021, CISOfy
10
#
10
#
11
# Website  : https://cisofy.com
11
# Website  : https://cisofy.com
12
# Blog     : http://linux-audit.com
12
# Blog     : http://linux-audit.com
Lines 29-35 Link Here
29
#
29
#
30
#################################################################################
30
#################################################################################
31
#
31
#
32
    InsertSection "Squid Support"
32
    InsertSection "${SECTION_SQUID_SUPPORT}"
33
#
33
#
34
#################################################################################
34
#################################################################################
35
#
35
#
Lines 131-137 Link Here
131
    Register --test-no SQD-3613 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check Squid file permissions"
131
    Register --test-no SQD-3613 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check Squid file permissions"
132
    if [ ${SKIPTEST} -eq 0 ]; then
132
    if [ ${SKIPTEST} -eq 0 ]; then
133
        LogText "Test: Checking file permissions of ${SQUID_DAEMON_CONFIG}"
133
        LogText "Test: Checking file permissions of ${SQUID_DAEMON_CONFIG}"
134
        FIND=$(find ${SQUID_DAEMON_CONFIG} -type f -a \( -perm -004 -o -perm -002 -o -perm -001 \))
134
        FIND=$(find -L ${SQUID_DAEMON_CONFIG} -type f -a \( -perm -004 -o -perm -002 -o -perm -001 \))
135
        if [ -n "${FIND}" ]; then
135
        if [ -n "${FIND}" ]; then
136
            LogText "Result: file ${SQUID_DAEMON_CONFIG} is world readable, writable or executable and could leak information or passwords"
136
            LogText "Result: file ${SQUID_DAEMON_CONFIG} is world readable, writable or executable and could leak information or passwords"
137
            Display --indent 4 --text "- Checking Squid configuration file permissions" --result "${STATUS_WARNING}" --color RED
137
            Display --indent 4 --text "- Checking Squid configuration file permissions" --result "${STATUS_WARNING}" --color RED
Lines 325-328 Link Here
325
325
326
#
326
#
327
#================================================================================
327
#================================================================================
328
# Lynis - Copyright 2007-2020 Michael Boelen, CISOfy - https://cisofy.com
328
# Lynis - Copyright 2007-2021 Michael Boelen, CISOfy - https://cisofy.com
(-)lynis-3.0.0/include/tests_ssh (-3 / +3 lines)
Lines 6-12 Link Here
6
# ------------------
6
# ------------------
7
#
7
#
8
# Copyright 2007-2013, Michael Boelen
8
# Copyright 2007-2013, Michael Boelen
9
# Copyright 2007-2020, CISOfy
9
# Copyright 2007-2021, CISOfy
10
#
10
#
11
# Website  : https://cisofy.com
11
# Website  : https://cisofy.com
12
# Blog     : http://linux-audit.com
12
# Blog     : http://linux-audit.com
Lines 34-40 Link Here
34
#
34
#
35
#################################################################################
35
#################################################################################
36
#
36
#
37
    InsertSection "SSH Support"
37
    InsertSection "${SECTION_SSH_SUPPORT}"
38
#
38
#
39
#################################################################################
39
#################################################################################
40
#
40
#
Lines 74-80 Link Here
74
                LogText "Result: ${I}/sshd_config exists"
74
                LogText "Result: ${I}/sshd_config exists"
75
                if [ ${FOUND} -eq 1 ]; then
75
                if [ ${FOUND} -eq 1 ]; then
76
                    ReportException "${TEST_NO}:01"
76
                    ReportException "${TEST_NO}:01"
77
                    LogText "Result: we already had found another sshd_config file. Using this new file then."
77
                    LogText "Result: we already found another sshd_config file. Using this new file instead of the previous one."
78
                fi
78
                fi
79
                FileIsReadable ${I}/sshd_config
79
                FileIsReadable ${I}/sshd_config
80
                if [ ${CANREAD} -eq 1 ]; then
80
                if [ ${CANREAD} -eq 1 ]; then
(-)lynis-3.0.0/include/tests_storage (-4 / +4 lines)
Lines 6-12 Link Here
6
# ------------------
6
# ------------------
7
#
7
#
8
# Copyright 2007-2013, Michael Boelen
8
# Copyright 2007-2013, Michael Boelen
9
# Copyright 2007-2020, CISOfy
9
# Copyright 2007-2021, CISOfy
10
#
10
#
11
# Website  : https://cisofy.com
11
# Website  : https://cisofy.com
12
# Blog     : http://linux-audit.com
12
# Blog     : http://linux-audit.com
Lines 18-24 Link Here
18
#
18
#
19
#################################################################################
19
#################################################################################
20
#
20
#
21
    InsertSection "Storage"
21
    InsertSection "${SECTION_STORAGE}"
22
#
22
#
23
#################################################################################
23
#################################################################################
24
#
24
#
Lines 59-65 Link Here
59
59
60
        if [ ${FOUND} -eq 0 ]; then
60
        if [ ${FOUND} -eq 0 ]; then
61
            LogText "Result: firewire ohci driver is not explicitly disabled"
61
            LogText "Result: firewire ohci driver is not explicitly disabled"
62
            Display --indent 2 --text "- Checking firewire ohci driver (modprobe config)" --result "NOT DISABLED" --color WHITE
62
            Display --indent 2 --text "- Checking firewire ohci driver (modprobe config)" --result "${STATUS_NOT_DISABLED}" --color WHITE
63
            ReportSuggestion "${TEST_NO}" "Disable drivers like firewire storage when not used, to prevent unauthorized storage or data theft"
63
            ReportSuggestion "${TEST_NO}" "Disable drivers like firewire storage when not used, to prevent unauthorized storage or data theft"
64
            # after blacklisting modules, make sure to remove them from the initram filesystem: update-initramfs -u
64
            # after blacklisting modules, make sure to remove them from the initram filesystem: update-initramfs -u
65
            AddHP 2 3
65
            AddHP 2 3
Lines 77-80 Link Here
77
77
78
#
78
#
79
#================================================================================
79
#================================================================================
80
# Lynis - Copyright 2007-2020, CISOfy, Michael Boelen - https://cisofy.com
80
# Lynis - Copyright 2007-2021, CISOfy, Michael Boelen - https://cisofy.com
(-)lynis-3.0.0/include/tests_storage_nfs (-1 / +1 lines)
Lines 6-12 Link Here
6
# ------------------
6
# ------------------
7
#
7
#
8
# Copyright 2007-2013, Michael Boelen
8
# Copyright 2007-2013, Michael Boelen
9
# Copyright 2007-2020, CISOfy
9
# Copyright 2007-2021, CISOfy
10
#
10
#
11
# Website  : https://cisofy.com
11
# Website  : https://cisofy.com
12
# Blog     : http://linux-audit.com
12
# Blog     : http://linux-audit.com
(-)lynis-3.0.0/include/tests_system_integrity (-3 / +3 lines)
Lines 6-12 Link Here
6
# ------------------
6
# ------------------
7
#
7
#
8
# Copyright 2007-2013, Michael Boelen
8
# Copyright 2007-2013, Michael Boelen
9
# Copyright 2007-2020, CISOfy
9
# Copyright 2007-2021, CISOfy
10
#
10
#
11
# Website  : https://cisofy.com
11
# Website  : https://cisofy.com
12
# Blog     : http://linux-audit.com
12
# Blog     : http://linux-audit.com
Lines 25-31 Link Here
25
#
25
#
26
#################################################################################
26
#################################################################################
27
#
27
#
28
    InsertSection "Software: system integrity"
28
    InsertSection "${SECTION_SYSTEM_INTEGRITY}"
29
    Display --indent 2 --text "- Checking file integrity tools"
29
    Display --indent 2 --text "- Checking file integrity tools"
30
#
30
#
31
#################################################################################
31
#################################################################################
Lines 51-54 Link Here
51
    WaitForKeyPress
51
    WaitForKeyPress
52
#
52
#
53
#================================================================================
53
#================================================================================
54
# Lynis - Copyright 2007-2020 Michael Boelen, CISOfy - https://cisofy.com
54
# Lynis - Copyright 2007-2021 Michael Boelen, CISOfy - https://cisofy.com
(-)lynis-3.0.0/include/tests_time (-56 / +82 lines)
Lines 6-12 Link Here
6
# ------------------
6
# ------------------
7
#
7
#
8
# Copyright 2007-2013, Michael Boelen
8
# Copyright 2007-2013, Michael Boelen
9
# Copyright 2007-2020, CISOfy
9
# Copyright 2007-2021, CISOfy
10
#
10
#
11
# Website  : https://cisofy.com
11
# Website  : https://cisofy.com
12
# Blog     : http://linux-audit.com
12
# Blog     : http://linux-audit.com
Lines 22-28 Link Here
22
#
22
#
23
#################################################################################
23
#################################################################################
24
#
24
#
25
    InsertSection "Time and Synchronization"
25
    InsertSection "${SECTION_TIME_AND_SYNCHRONIZATION}"
26
#
26
#
27
#################################################################################
27
#################################################################################
28
#
28
#
Lines 86-94 Link Here
86
            # Reason: openntpd syncs only if large time corrections are not required or -s is passed.
86
            # Reason: openntpd syncs only if large time corrections are not required or -s is passed.
87
            #         This might be not intended by the administrator (-s is NOT the default!)
87
            #         This might be not intended by the administrator (-s is NOT the default!)
88
            FIND=$(${PSBINARY} ax | ${GREPBINARY} "ntpd: ntp engine" | ${GREPBINARY} -v "grep")
88
            FIND=$(${PSBINARY} ax | ${GREPBINARY} "ntpd: ntp engine" | ${GREPBINARY} -v "grep")
89
            ${NTPCTLBINARY} -s status > /dev/null 2> /dev/null
89
            # Status code 0 is when communication over the socket is successful
90
            # Status code 0 is when communication over the socket is successfull
90
            if ${NTPCTLBINARY} -s status > /dev/null 2> /dev/null; then
91
            if [ "$?" -eq 0 ]; then
92
                FOUND=1; NTP_DAEMON_RUNNING=1; NTP_CONFIG_TYPE_DAEMON=1; NTP_DAEMON="openntpd"
91
                FOUND=1; NTP_DAEMON_RUNNING=1; NTP_CONFIG_TYPE_DAEMON=1; NTP_DAEMON="openntpd"
93
                LogText "result: found openntpd (method: ntpctl)"
92
                LogText "result: found openntpd (method: ntpctl)"
94
                OPENNTPD_COMMUNICATION=1
93
                OPENNTPD_COMMUNICATION=1
Lines 98-113 Link Here
98
                FOUND=1; NTP_DAEMON_RUNNING=1; NTP_CONFIG_TYPE_DAEMON=1; NTP_DAEMON="openntpd"
97
                FOUND=1; NTP_DAEMON_RUNNING=1; NTP_CONFIG_TYPE_DAEMON=1; NTP_DAEMON="openntpd"
99
                LogText "result: found openntpd (method: ps)"
98
                LogText "result: found openntpd (method: ps)"
100
            else
99
            else
101
                LogText "result: running openntpd not found, but ntpctl is instaalled"
100
                LogText "result: running openntpd not found, but ntpctl is installed"
102
            fi
101
            fi
103
102
104
            if [ "${NTP_DAEMON}" == "openntpd" ]; then
103
            if [ "${NTP_DAEMON}" = "openntpd" ]; then
105
                Display --indent 2 --text "- NTP daemon found: OpenNTPD" --result "${STATUS_FOUND}" --color GREEN
104
                Display --indent 2 --text "- NTP daemon found: OpenNTPD" --result "${STATUS_FOUND}" --color GREEN
106
            fi
105
            fi
107
        fi
106
        fi
108
107
109
        # Check running processes (ntpd from ntp.org)
108
        # Check running processes (ntpd from ntp.org)
110
        # As checking by process name is ambigiouse (openntpd has the same process name),
109
        # As checking by process name is ambiguous (openntpd has the same process name),
111
        # this check will be skipped if openntpd has been found.
110
        # this check will be skipped if openntpd has been found.
112
        FIND=$(${PSBINARY} ax | ${GREPBINARY} "ntpd" | ${GREPBINARY} -v "dntpd" | ${GREPBINARY} -v "ntpd: " | ${GREPBINARY} -v "grep")
111
        FIND=$(${PSBINARY} ax | ${GREPBINARY} "ntpd" | ${GREPBINARY} -v "dntpd" | ${GREPBINARY} -v "ntpd: " | ${GREPBINARY} -v "grep")
113
        if [ "${NTP_DAEMON}" != "openntpd" ] && [  -n "${FIND}" ]; then
112
        if [ "${NTP_DAEMON}" != "openntpd" ] && [  -n "${FIND}" ]; then
Lines 124-162 Link Here
124
        fi
123
        fi
125
124
126
        # Check timedate daemon (systemd)
125
        # Check timedate daemon (systemd)
127
        if [ -n "${TIMEDATECTL}" ]; then
126
        FIND=$(${PSBINARY} ax | ${GREPBINARY} "systemd-timesyncd" | ${GREPBINARY} -v "grep")
128
            FIND=$(${TIMEDATECTL} status | ${EGREPBINARY} "(NTP|System clock) synchronized: yes")
127
        if [  -n "${FIND}" ]; then
129
            if [ -n "${FIND}" ]; then
128
            FOUND=1; NTP_DAEMON_RUNNING=1; NTP_CONFIG_TYPE_DAEMON=1; NTP_DAEMON="systemd-timesyncd"
130
                # Check for systemd-timesyncd
129
            Display --indent 2 --text "- NTP daemon found: systemd (timesyncd)" --result "${STATUS_FOUND}" --color GREEN
131
                if [ -f ${ROOTDIR}etc/systemd/timesyncd.conf ]; then
130
            LogText "Result: Found running systemd-timesyncd in process list"
132
                    LogText "Result: found ${ROOTDIR}etc/systemd/timesyncd.conf"
133
                    FOUND=1; NTP_DAEMON_RUNNING=1; NTP_CONFIG_TYPE_DAEMON=1; NTP_DAEMON="systemd-timesyncd"
134
                    Display --indent 2 --text "- NTP daemon found: systemd (timesyncd)" --result "${STATUS_FOUND}" --color GREEN
135
                    SYSTEMD_NTP_ENABLED=1
136
                else
137
                    LogText "Result: ${ROOTDIR}etc/systemd/timesyncd.conf does not exist"
138
                fi
139
            else
140
                LogText "Result: time synchronization not performed according timedatectl command"
141
            fi
142
        else
143
            LogText "Result: timedatectl command not available on this system"
144
        fi
131
        fi
145
132
146
        # Check crontab for OpenBSD/FreeBSD
133
        # Check crontab for OpenBSD/FreeBSD
147
        # Check anacrontab for Linux
134
        # Check anacrontab for Linux
148
        CRONTAB_FILES="/etc/anacrontab /etc/crontab"
135
        CRONTAB_FILES="/etc/anacrontab /etc/crontab"
136
        # Regex for matching multiple time synchronisation binaries
137
        # Partial sanity check for sntp and ntpdig, but this does not consider all corner cases
138
        CRONTAB_REGEX='ntpdate|rdate|sntp.+-(s|j|--adj)|ntpdig.+-(S|s)'
149
        for I in ${CRONTAB_FILES}; do
139
        for I in ${CRONTAB_FILES}; do
150
            if [ -f ${I} ]; then
140
            if [ -f ${I} ]; then
151
                LogText "Test: checking for ntpdate or rdate in crontab file ${I}"
141
                LogText "Test: checking for ntpdate, rdate, sntp or ntpdig in crontab file ${I}"
152
                FIND=$(${EGREPBINARY} "ntpdate|rdate" ${I} | ${GREPBINARY} -v '^#')
142
                FIND=$(${EGREPBINARY} "${CRONTAB_REGEX}" ${I} | ${GREPBINARY} -v '^#')
153
                if [ -n "${FIND}" ]; then
143
                if [ -n "${FIND}" ]; then
154
                    FOUND=1; NTP_CONFIG_TYPE_SCHEDULED=1
144
                    FOUND=1; NTP_CONFIG_TYPE_SCHEDULED=1
155
                    Display --indent 2 --text "- Checking NTP client in crontab file (${I})" --result "${STATUS_FOUND}" --color GREEN
145
                    Display --indent 2 --text "- Checking NTP client in crontab file (${I})" --result "${STATUS_FOUND}" --color GREEN
156
                    LogText "Result: found ntpdate or rdate reference in crontab file ${I}"
146
                    LogText "Result: found ntpdate, rdate, sntp or ntpdig reference in crontab file ${I}"
157
                else
147
                else
158
                    #Display --indent 2 --text "- Checking NTP client in crontab file (${I})" --result "${STATUS_NOT_FOUND}" --color WHITE
148
                    #Display --indent 2 --text "- Checking NTP client in crontab file (${I})" --result "${STATUS_NOT_FOUND}" --color WHITE
159
                    LogText "Result: no ntpdate or rdate reference found in crontab file ${I}"
149
                    LogText "Result: no ntpdate, rdate, sntp or ntpdig reference found in crontab file ${I}"
160
                fi
150
                fi
161
            else
151
            else
162
                LogText "Result: crontab file ${I} not found"
152
                LogText "Result: crontab file ${I} not found"
Lines 169-199 Link Here
169
159
170
        # Check cron jobs
160
        # Check cron jobs
171
        for I in ${CRON_DIRS}; do
161
        for I in ${CRON_DIRS}; do
172
            if [ -d ${I} ]; then
162
            for J in "${I}"/*; do  # iterate over folders in a safe way
173
                if FileIsReadable ${I}; then
163
                # Check: regular file, readable and not called .placeholder
174
                    FIND=$(${FINDBINARY} ${I} -type f -a ! -name ".placeholder" -print 2> /dev/null | ${SEDBINARY} 's/ /__space__/g' | ${TRBINARY} '\n' '\0' | ${TRBINARY} -cd '[:print:]\0' | ${TRBINARY} '\0' ' ')
164
                FIND=$(echo "${J}" | ${EGREPBINARY} '/.placeholder$')
165
                if [ -f "${J}" ] && [ -r "${J}" ] && [ -z "${FIND}" ]; then
166
                    LogText "Test: checking for ntpdate, rdate, sntp or ntpdig in ${J}"
167
                    FIND=$("${EGREPBINARY}" "${CRONTAB_REGEX}" "${J}" | "${GREPBINARY}" -v "^#")
175
                    if [ -n "${FIND}" ]; then
168
                    if [ -n "${FIND}" ]; then
176
                        for J in ${FIND}; do
169
                        FOUND=1; FOUND_IN_CRON=1; NTP_CONFIG_TYPE_SCHEDULED=1
177
                            # Place back spaces if needed
170
                        LogText "Result: found ntpdate, rdate, sntp or ntpdig in ${J}"
178
                            J=$(echo ${J} | ${SEDBINARY} 's/__space__/ /g')
179
                            LogText "Test: checking for ntpdate or rdate in ${J}"
180
                            if FileIsReadable ${J}; then
181
                                FIND2=$(${EGREPBINARY} "rdate|ntpdate" "${J}" | ${GREPBINARY} -v "^#")
182
                                if [ -n "${FIND2}" ]; then
183
                                    LogText "Positive match found: ${FIND2}"
184
                                    FOUND=1; FOUND_IN_CRON=1; NTP_CONFIG_TYPE_SCHEDULED=1
185
                                fi
186
                            else
187
                                LogText "Result: could not test in file '${J}' as it is not readable"
188
                            fi
189
                        done
190
                    else
191
                        LogText "Result: ${I} is empty, skipping search in directory"
192
                    fi
171
                    fi
193
                else
194
                    LogText "Result: could not search in directory due to permissions"
195
                fi
172
                fi
196
            fi
173
            done
197
        done
174
        done
198
175
199
        if [ ${FOUND_IN_CRON} -eq 1 ]; then
176
        if [ ${FOUND_IN_CRON} -eq 1 ]; then
Lines 532-538 Link Here
532
#
509
#
533
    # Test        : TIME-3180
510
    # Test        : TIME-3180
534
    # Description : Report if ntpctl cannot communicate with OpenNTPD
511
    # Description : Report if ntpctl cannot communicate with OpenNTPD
535
    if [ "${NTPD_RUNNING}" -eq 1 ] && [ -n "${NTPCTLBINARY}" ] && [ "${NTP_DAEMON}" == "openntpd" ]; then
512
    if [ "${NTP_DAEMON_RUNNING}" -eq 1 ] && [ -n "${NTPCTLBINARY}" ] && [ "${NTP_DAEMON}" = "openntpd" ]; then
536
        PREQS_MET="YES"
513
        PREQS_MET="YES"
537
    else
514
    else
538
        PREQS_MET="NO"
515
        PREQS_MET="NO"
Lines 548-554 Link Here
548
#
525
#
549
    # Test        : TIME-3181
526
    # Test        : TIME-3181
550
    # Description : Check status of OpenNTPD time synchronisation
527
    # Description : Check status of OpenNTPD time synchronisation
551
    if [ "${NTPD_RUNNING}" -eq 1 ] && [ -n "${NTPCTLBINARY}" ] && [ "${NTP_DAEMON}" == "openntpd" ] && [ "${OPENNTPD_COMMUNICATION}" -eq 1 ]; then
528
    if [ "${NTP_DAEMON_RUNNING}" -eq 1 ] && [ -n "${NTPCTLBINARY}" ] && [ "${NTP_DAEMON}" = "openntpd" ] && [ "${OPENNTPD_COMMUNICATION}" -eq 1 ]; then
552
        PREQS_MET="YES"
529
        PREQS_MET="YES"
553
    else
530
    else
554
        PREQS_MET="NO"
531
        PREQS_MET="NO"
Lines 567-573 Link Here
567
    # Test        : TIME-3182
544
    # Test        : TIME-3182
568
    # Description : Check OpenNTPD has working peers
545
    # Description : Check OpenNTPD has working peers
569
546
570
    if [ "${NTPD_RUNNING}" -eq 1 ] && [ -n "${NTPCTLBINARY}" ] && [ "${NTP_DAEMON}" == "openntpd" ] && [ "${OPENNTPD_COMMUNICATION}" -eq 1 ]; then
547
    if [ "${NTP_DAEMON_RUNNING}" -eq 1 ] && [ -n "${NTPCTLBINARY}" ] && [ "${NTP_DAEMON}" = "openntpd" ] && [ "${OPENNTPD_COMMUNICATION}" -eq 1 ]; then
571
        PREQS_MET="YES"
548
        PREQS_MET="YES"
572
    else
549
    else
573
        PREQS_MET="NO"
550
        PREQS_MET="NO"
Lines 576-586 Link Here
576
    Register --test-no TIME-3182 --preqs-met "${PREQS_MET}" --weight L --network NO --category security --description "Check OpenNTPD has working peers"
553
    Register --test-no TIME-3182 --preqs-met "${PREQS_MET}" --weight L --network NO --category security --description "Check OpenNTPD has working peers"
577
    if [ ${SKIPTEST} -eq 0 ]; then
554
    if [ ${SKIPTEST} -eq 0 ]; then
578
        # Format is "xx/yy peers valid, ..."
555
        # Format is "xx/yy peers valid, ..."
579
        FIND=$(${NTPCTLBINARY} -s status | ${EGREPBINARY} -o "[0-9]{1,4}/" | ${EGREPBINARY} -o "[0-9]{1,4}" )
556
        FIND=$(${NTPCTLBINARY} -s status | ${EGREPBINARY} -o '[0-9]+/[0-9]+' | ${CUTBINARY} -d '/' -f 1)
580
        if [ -n "${FIND}" ] || [ "${FIND}" -eq 0 ]; then
557
        if [ -z "${FIND}" ] || [ "${FIND}" -eq 0 ]; then
581
            ReportWarning "${TEST_NO}" "OpenNTPD has no peers" "${NTPCTLBINARY} -s status"
558
            ReportWarning "${TEST_NO}" "OpenNTPD has no peers" "${NTPCTLBINARY} -s status"
582
        fi
559
        fi
583
    fi
560
    fi
561
562
#
563
#################################################################################
564
#
565
566
    # Test        : TIME-3185
567
    # Description : Check systemd-timesyncd synchronized time
568
569
    if [ "${NTP_DAEMON}" = "systemd-timesyncd" ]; then
570
        PREQS_MET="YES"
571
    else
572
        PREQS_MET="NO"
573
    fi
574
575
576
    Register --test-no TIME-3185 --preqs-met "${PREQS_MET}" --weight L --network NO --category "security" --description "Check systemd-timesyncd synchronized time"
577
    SYNCHRONIZED_FILE="/run/systemd/timesync/synchronized"
578
       
579
    if [ ${SKIPTEST} -eq 0 ]; then
580
        # On earlier systemd versions (237), '/run/systemd/timesync/synchronized' does not exist, so use '/var/lib/systemd/timesync/clock'
581
        if [ ! -e "${SYNCHRONIZED_FILE}" ]; then
582
            SYNCHRONIZED_FILE="/var/lib/systemd/timesync/clock"
583
        fi
584
        # DynamicUser=yes moves the clock file to '/var/lib/private/systemd/timesync/clock'
585
        if [ ! -e "${SYNCHRONIZED_FILE}" ]; then
586
            SYNCHRONIZED_FILE="/var/lib/private/systemd/timesync/clock"
587
        fi
588
        # Fix for debian stretch
589
        if [ ! -e "${SYNCHRONIZED_FILE}" ]; then
590
            SYNCHRONIZED_FILE="/var/lib/systemd/clock"
591
        fi
592
        if [ -e "${SYNCHRONIZED_FILE}" ]; then
593
           FIND=$(( $(date +%s) - $(${STATBINARY} -L --format %Y "${SYNCHRONIZED_FILE}") ))
594
           # Check if last sync was more than 2048 seconds (= the default of systemd) ago
595
           if [ "${FIND}" -ge 2048 ]; then
596
               COLOR=RED
597
               ReportWarning "${TEST_NO}" "systemd-timesyncd did not synchronized the time recently."
598
           else
599
               COLOR=GREEN
600
           fi
601
           Display --indent 2 --text "- Last time synchronization" --result "${FIND}s" --color "${COLOR}"
602
           LogText "Result: systemd-timesyncd synchronized time ${FIND} seconds ago."
603
        else
604
           Display --indent 2 --text "- Last time synchronization" --result "${STATUS_NOT_FOUND}" --color RED
605
           ReportWarning "${TEST_NO}" "systemd-timesyncd never successfully synchronized time"
606
        fi
607
    fi
608
    unset SYNCHRONIZED_FILE
609
584
#
610
#
585
#################################################################################
611
#################################################################################
586
#
612
#
(-)lynis-3.0.0/include/tests_tooling (-2 / +29 lines)
Lines 6-12 Link Here
6
# ------------------
6
# ------------------
7
#
7
#
8
# Copyright 2007-2013, Michael Boelen
8
# Copyright 2007-2013, Michael Boelen
9
# Copyright 2007-2020, CISOfy
9
# Copyright 2007-2021, CISOfy
10
#
10
#
11
# Website  : https://cisofy.com
11
# Website  : https://cisofy.com
12
# Blog     : http://linux-audit.com
12
# Blog     : http://linux-audit.com
Lines 37-43 Link Here
37
#
37
#
38
#################################################################################
38
#################################################################################
39
#
39
#
40
    InsertSection "Software: System tooling"
40
    InsertSection "${SECTION_SYSTEM_TOOLING}"
41
#
41
#
42
#################################################################################
42
#################################################################################
43
#
43
#
Lines 368-373 Link Here
368
                fi
368
                fi
369
                SNORT=$(which snort 2> /dev/null)
369
                SNORT=$(which snort 2> /dev/null)
370
            fi
370
            fi
371
        fi
372
    fi
373
#
374
#################################################################################
375
#
376
    # Test        : TOOL-5130
377
    # Description : Check for Suricata
378
    Register --test-no TOOL-5130 --weight L --network NO --category security --description "Check for active Suricata daemon"
379
    if [ ${SKIPTEST} -eq 0 ]; then
380
        # Suricata presence
381
        if [ -n "${SURICATABINARY}" ]; then
382
            Report "ids_ips_tooling[]=suricata"
383
            LogText "Result: Suricata is installed (${SURICATABINARY})"
384
            # Suricata status
385
            # Suricata sets its process name to Suricata-Main on Linux, but this might differ on other platforms,
386
            # so fall back to checking the full commandline instead if the first test fails
387
            if IsRunning "Suricata-Main" || IsRunning --full "${SURICATABINARY} "; then
388
                # Only satisfy test TOOL-5190 if Suricata is actually running
389
                IDS_IPS_TOOL_FOUND=1
390
                LogText "Result: Suricata daemon is active"
391
                Display --indent 2 --text "- Checking Suricata status" --result "${STATUS_RUNNING}" --color GREEN
392
            else
393
                LogText "Result: Suricata daemon not active"
394
                Display --indent 2 --text "- Checking Suricata status" --result "${STATUS_NOT_RUNNING}" --color YELLOW
395
            fi
396
        else
397
            LogText "Result: Suricata not installed (suricata not found)"
371
        fi
398
        fi
372
    fi
399
    fi
373
#
400
#
(-)lynis-3.0.0/include/tests_usb (-2 / +2 lines)
Lines 19-25 Link Here
19
#
19
#
20
#################################################################################
20
#################################################################################
21
#
21
#
22
    InsertSection "USB Devices"
22
    InsertSection "${SECTION_USB_DEVICES}"
23
#
23
#
24
#################################################################################
24
#################################################################################
25
#
25
#
Lines 73-79 Link Here
73
        fi
73
        fi
74
        if [ ${FOUND} -eq 0 ]; then
74
        if [ ${FOUND} -eq 0 ]; then
75
            LogText "Result: usb-storage driver is not explicitly disabled"
75
            LogText "Result: usb-storage driver is not explicitly disabled"
76
            Display --indent 2 --text "- Checking usb-storage driver (modprobe config)" --result "NOT DISABLED" --color WHITE
76
            Display --indent 2 --text "- Checking usb-storage driver (modprobe config)" --result "${STATUS_NOT_DISABLED}" --color WHITE
77
            if [ "${USBGUARD_FOUND}" -eq "0" ]; then
77
            if [ "${USBGUARD_FOUND}" -eq "0" ]; then
78
                ReportSuggestion "${TEST_NO}" "Disable drivers like USB storage when not used, to prevent unauthorized storage or data theft"
78
                ReportSuggestion "${TEST_NO}" "Disable drivers like USB storage when not used, to prevent unauthorized storage or data theft"
79
            fi
79
            fi
(-)lynis-3.0.0/include/tests_virtualization (-2 / +2 lines)
Lines 6-12 Link Here
6
# ------------------
6
# ------------------
7
#
7
#
8
# Copyright 2007-2013, Michael Boelen
8
# Copyright 2007-2013, Michael Boelen
9
# Copyright 2007-2020, CISOfy
9
# Copyright 2007-2021, CISOfy
10
#
10
#
11
# Website  : https://cisofy.com
11
# Website  : https://cisofy.com
12
# Blog     : http://linux-audit.com
12
# Blog     : http://linux-audit.com
Lines 22-28 Link Here
22
#
22
#
23
#################################################################################
23
#################################################################################
24
#
24
#
25
    InsertSection "Virtualization"
25
    InsertSection "${SECTION_VIRTUALIZATION}"
26
#
26
#
27
#################################################################################
27
#################################################################################
28
#
28
#
(-)lynis-3.0.0/include/tests_webservers (-3 / +3 lines)
Lines 6-12 Link Here
6
# ------------------
6
# ------------------
7
#
7
#
8
# Copyright 2007-2013, Michael Boelen
8
# Copyright 2007-2013, Michael Boelen
9
# Copyright 2007-2020, CISOfy
9
# Copyright 2007-2021, CISOfy
10
#
10
#
11
# Website  : https://cisofy.com
11
# Website  : https://cisofy.com
12
# Blog     : http://linux-audit.com
12
# Blog     : http://linux-audit.com
Lines 22-28 Link Here
22
#
22
#
23
#################################################################################
23
#################################################################################
24
#
24
#
25
    InsertSection "Software: webserver"
25
    InsertSection "${SECTION_WEBSERVER}"
26
#
26
#
27
#################################################################################
27
#################################################################################
28
#
28
#
Lines 288-294 Link Here
288
    Register --test-no HTTP-6643 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Determining existence of specific Apache modules"
288
    Register --test-no HTTP-6643 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Determining existence of specific Apache modules"
289
    if [ ${SKIPTEST} -eq 0 ]; then
289
    if [ ${SKIPTEST} -eq 0 ]; then
290
        # Check modules, module
290
        # Check modules, module
291
        if CheckItem "apache_module" "/mod_security2.so"; then
291
        if CheckItem "apache_module" "/mod_security(2|3).so" ; then
292
            Display --indent 10 --text "ModSecurity: web application firewall" --result "${STATUS_FOUND}" --color GREEN
292
            Display --indent 10 --text "ModSecurity: web application firewall" --result "${STATUS_FOUND}" --color GREEN
293
            AddHP 3 3
293
            AddHP 3 3
294
        else
294
        else
(-)lynis-3.0.0/include/tool_tips (-1 / +1 lines)
Lines 6-12 Link Here
6
# ------------------
6
# ------------------
7
#
7
#
8
# Copyright 2007-2013, Michael Boelen
8
# Copyright 2007-2013, Michael Boelen
9
# Copyright 2007-2020, CISOfy
9
# Copyright 2007-2021, CISOfy
10
#
10
#
11
# Website  : https://cisofy.com
11
# Website  : https://cisofy.com
12
# Blog     : http://linux-audit.com
12
# Blog     : http://linux-audit.com
(-)lynis-3.0.0/lynis (-36 / +71 lines)
Lines 43-58 Link Here
43
    PROGRAM_WEBSITE="https://cisofy.com/lynis/"
43
    PROGRAM_WEBSITE="https://cisofy.com/lynis/"
44
44
45
    # Version details
45
    # Version details
46
    PROGRAM_RELEASE_DATE="2020-06-18"
46
    PROGRAM_RELEASE_DATE="2022-05-17"
47
    PROGRAM_RELEASE_TIMESTAMP=1592477492
47
    PROGRAM_RELEASE_TIMESTAMP=1652791205
48
    PROGRAM_RELEASE_TYPE="release" # pre-release or release
48
    PROGRAM_RELEASE_TYPE="release" # pre-release or release
49
    PROGRAM_VERSION="3.0.0"
49
    PROGRAM_VERSION="3.0.8"
50
50
51
    # Source, documentation and license
51
    # Source, documentation and license
52
    PROGRAM_SOURCE="https://github.com/CISOfy/lynis"
52
    PROGRAM_SOURCE="https://github.com/CISOfy/lynis"
53
    PROGRAM_PACKAGE="https://packages.cisofy.com/"
53
    PROGRAM_PACKAGE="https://packages.cisofy.com/"
54
    PROGRAM_DOCUMENTATION="https://cisofy.com/docs/"
54
    PROGRAM_DOCUMENTATION="https://cisofy.com/docs/"
55
    PROGRAM_COPYRIGHT="2007-2020, ${PROGRAM_AUTHOR} - ${PROGRAM_WEBSITE}"
55
    PROGRAM_COPYRIGHT="2007-2021, ${PROGRAM_AUTHOR} - ${PROGRAM_WEBSITE}"
56
    PROGRAM_LICENSE="${PROGRAM_NAME} comes with ABSOLUTELY NO WARRANTY. This is free software, and you are
56
    PROGRAM_LICENSE="${PROGRAM_NAME} comes with ABSOLUTELY NO WARRANTY. This is free software, and you are
57
  welcome to redistribute it under the terms of the GNU General Public License.
57
  welcome to redistribute it under the terms of the GNU General Public License.
58
  See the LICENSE file for details about using this software."
58
  See the LICENSE file for details about using this software."
Lines 89-94 Link Here
89
                if [ -d "${WORKDIR}/include" ]; then INCLUDEDIR="${WORKDIR}/include"; fi
89
                if [ -d "${WORKDIR}/include" ]; then INCLUDEDIR="${WORKDIR}/include"; fi
90
            elif [ -d ${I} -a -z "${INCLUDEDIR}" ]; then
90
            elif [ -d ${I} -a -z "${INCLUDEDIR}" ]; then
91
                INCLUDEDIR=${I}
91
                INCLUDEDIR=${I}
92
		break
92
            fi
93
            fi
93
        done
94
        done
94
    fi
95
    fi
Lines 216-222 Link Here
216
217
217
    # Extract the short notation of the language (first two characters).
218
    # Extract the short notation of the language (first two characters).
218
    if [ -x "$(command -v locale 2> /dev/null)" ]; then
219
    if [ -x "$(command -v locale 2> /dev/null)" ]; then
219
        LANGUAGE=$(locale | egrep "^LANG=" | cut -d= -f2 | cut -d_ -f1 | egrep "^[a-z]{2}$")
220
        LANGUAGE=$(locale | egrep "^LANG=" | cut -d= -f2 | cut -d_ -f1 | tr -d '"' | egrep "^[a-z]{2}$")
220
        # Try locale command if shell variable had no value
221
        # Try locale command if shell variable had no value
221
        if [ -z "${DISPLAY_LANG}" ]; then
222
        if [ -z "${DISPLAY_LANG}" ]; then
222
            DISPLAY_LANG=$(locale | egrep "^LANG=" | cut -d= -f2)
223
            DISPLAY_LANG=$(locale | egrep "^LANG=" | cut -d= -f2)
Lines 241-246 Link Here
241
        echo "Could not find languages directory (file: ${DBDIR}/languages/en)"
242
        echo "Could not find languages directory (file: ${DBDIR}/languages/en)"
242
        exit 1
243
        exit 1
243
    fi
244
    fi
245
246
    # Now that we have determined the language, we unset it from shell
247
    # Some tools with translated strings are very hard to parse
248
    unset LANG
249
244
#
250
#
245
#################################################################################
251
#################################################################################
246
#
252
#
Lines 448-453 Link Here
448
    ${GRAY}--verbose${NORMAL}                         : Show more details on screen
454
    ${GRAY}--verbose${NORMAL}                         : Show more details on screen
449
    ${GRAY}--version (-V)${NORMAL}                    : Display version number and quit
455
    ${GRAY}--version (-V)${NORMAL}                    : Display version number and quit
450
    ${GRAY}--wait${NORMAL}                            : Wait between a set of tests
456
    ${GRAY}--wait${NORMAL}                            : Wait between a set of tests
457
    ${GRAY}--slow-warning ${BROWN}<seconds>${NORMAL}  : Threshold for slow test warning in seconds (default 10)
451
458
452
    ${WHITE}Enterprise options${NORMAL}
459
    ${WHITE}Enterprise options${NORMAL}
453
    ${GRAY}--plugindir ${BROWN}<path>${NORMAL}                : Define path of available plugins
460
    ${GRAY}--plugindir ${BROWN}<path>${NORMAL}                : Define path of available plugins
Lines 505-511 Link Here
505
#
512
#
506
    SafePerms ${INCLUDEDIR}/osdetection
513
    SafePerms ${INCLUDEDIR}/osdetection
507
    . ${INCLUDEDIR}/osdetection
514
    . ${INCLUDEDIR}/osdetection
508
    Display --indent 2 --text "- Detecting OS... " --result DONE --color GREEN
515
    Display --indent 2 --text "- Detecting OS... " --result "${STATUS_DONE}" --color GREEN
509
516
510
    # Check hostname
517
    # Check hostname
511
    case ${OS} in
518
    case ${OS} in
Lines 536-542 Link Here
536
    CDATE=$(date "+%Y-%m-%d %H:%M:%S")
543
    CDATE=$(date "+%Y-%m-%d %H:%M:%S")
537
    if [ ${LOGTEXT} -eq 1 ]; then echo "${CDATE} Starting ${PROGRAM_NAME} ${PROGRAM_VERSION} with PID ${OURPID}, build date ${PROGRAM_RELEASE_DATE}" > ${LOGFILE}; fi
544
    if [ ${LOGTEXT} -eq 1 ]; then echo "${CDATE} Starting ${PROGRAM_NAME} ${PROGRAM_VERSION} with PID ${OURPID}, build date ${PROGRAM_RELEASE_DATE}" > ${LOGFILE}; fi
538
    if [ $? -gt 0 ]; then
545
    if [ $? -gt 0 ]; then
539
        Display --indent 2 --text "- Clearing log file (${LOGFILE})... " --result WARNING --color RED
546
        Display --indent 2 --text "- Clearing log file (${LOGFILE})... " --result "${STATUS_WARNING}" --color RED
540
        echo "${WARNING}Fatal error${NORMAL}: problem while writing to log file. Check location and permissions."
547
        echo "${WARNING}Fatal error${NORMAL}: problem while writing to log file. Check location and permissions."
541
        RemovePIDFile
548
        RemovePIDFile
542
        exit 1
549
        exit 1
Lines 583-589 Link Here
583
    if [ ${SET_STRICT} -eq 0 ]; then
590
    if [ ${SET_STRICT} -eq 0 ]; then
584
        set +u  # Allow uninitialized variables
591
        set +u  # Allow uninitialized variables
585
    else
592
    else
586
        set -u  # Do not allow unitialized variables
593
        set -u  # Do not allow uninitialized variables
587
    fi
594
    fi
588
595
589
    # Import a different language when configured
596
    # Import a different language when configured
Lines 592-602 Link Here
592
        Display --indent 2 --text "- Detecting language and localization" --result "${LANGUAGE}" --color WHITE
599
        Display --indent 2 --text "- Detecting language and localization" --result "${LANGUAGE}" --color WHITE
593
        if [ ! -f ${DBDIR}/languages/${LANGUAGE} ]; then
600
        if [ ! -f ${DBDIR}/languages/${LANGUAGE} ]; then
594
            Display --indent 4 --text "${YELLOW}Notice:${NORMAL} no language file found for '${LANGUAGE}' (tried: ${DBDIR}/languages/${LANGUAGE})"
601
            Display --indent 4 --text "${YELLOW}Notice:${NORMAL} no language file found for '${LANGUAGE}' (tried: ${DBDIR}/languages/${LANGUAGE})"
595
            if IsDeveloperVersion; then Display --indent 4 --text "See https://github.com/CISOfy/lynis-sdk/documentation/10-translations.md for more details to help translate Lynis"; fi
602
            if IsDeveloperVersion; then Display --indent 4 --text "See https://github.com/CISOfy/lynis-sdk/blob/master/documentation/10-translations.md for more details to help translate Lynis"; fi
596
            sleep 5
603
            sleep 5
597
        else
604
        else
598
            LogText "Importing language file (${DBDIR}/languages/${LANGUAGE})"
605
            if SafeFile "${DBDIR}/languages/${LANGUAGE}"; then
599
            . ${DBDIR}/languages/${LANGUAGE}
606
                LogText "Importing language file (${DBDIR}/languages/${LANGUAGE})"
607
                . ${DBDIR}/languages/${LANGUAGE}
608
                # Check for missing translations if we are a pre-release or less than a week old
609
                if grep -E -q -s "^#" ${DBDIR}/languages/${LANGUAGE}; then
610
                    TIME_DIFFERENCE_CHECK=604800 # 1 week
611
                    RELEASE_PLUS_TIMEDIFF=$((PROGRAM_RELEASE_TIMESTAMP + TIME_DIFFERENCE_CHECK))
612
                    if IsDeveloperVersion || [ ${NOW} -lt ${RELEASE_PLUS_TIMEDIFF} ]; then
613
                        Display --indent 4 --text "Translation file (db/languages/${LANGUAGE}) needs an update" --result "OUTDATED" --color RED
614
                        Display --indent 4 --text "======================================================================="
615
                        Display --indent 4 --text "Help other users and translate the missing lines:"
616
                        Display --indent 4 --text "1) Go to: https://github.com/CISOfy/lynis/edit/master/db/languages/${LANGUAGE}"
617
                        Display --indent 4 --text "2) Translate (some of) the lines starting with a hash (#) and remove the leading hash"
618
                        Display --indent 4 --text "3) Commit the changes"
619
                        Display --indent 4 --text "Thank you!"
620
                        Display --indent 4 --text "Note: no lines with a hash? Look if the file recently has been changed by another translator."
621
                        Display --indent 4 --text "======================================================================="
622
                        sleep 30
623
                    fi
624
                fi
625
            else
626
                LogText "Could not import language file due to incorrect permissions"
627
            fi
628
600
        fi
629
        fi
601
    fi
630
    fi
602
    LogTextBreak
631
    LogTextBreak
Lines 722-728 Link Here
722
    fi
751
    fi
723
752
724
    if [ -z "${PROGRAM_AC}" -o -z "${PROGRAM_LV}" ]; then
753
    if [ -z "${PROGRAM_AC}" -o -z "${PROGRAM_LV}" ]; then
725
        Display --indent 2 --text "- Program update status... " --result UNKNOWN --color YELLOW
754
        Display --indent 2 --text "- Program update status... " --result "${STATUS_UNKNOWN}" --color YELLOW
726
        LogText "Result: Update check failed. No network connection?"
755
        LogText "Result: Update check failed. No network connection?"
727
        LogText "Info: to perform an automatic update check, outbound DNS connections should be allowed (TXT record)."
756
        LogText "Info: to perform an automatic update check, outbound DNS connections should be allowed (TXT record)."
728
        # Set both to safe values
757
        # Set both to safe values
Lines 735-747 Link Here
735
            PROGRAM_MINVERSION=$((PROGRAM_LV - 10))
764
            PROGRAM_MINVERSION=$((PROGRAM_LV - 10))
736
            LogText "Minimum required version   : ${PROGRAM_MINVERSION}"
765
            LogText "Minimum required version   : ${PROGRAM_MINVERSION}"
737
            if [ ${PROGRAM_MINVERSION} -gt ${PROGRAM_AC} ]; then
766
            if [ ${PROGRAM_MINVERSION} -gt ${PROGRAM_AC} ]; then
738
                Display --indent 2 --text "- Program update status... " --result "WARNING" --color RED
767
                Display --indent 2 --text "- Program update status... " --result "${STATUS_WARNING}" --color RED
739
                LogText "Result: This version is VERY outdated. Newer ${PROGRAM_NAME} release available!"
768
                LogText "Result: This version is VERY outdated. Newer ${PROGRAM_NAME} release available!"
740
                ReportWarning "LYNIS" "Version of Lynis is very old and should be updated"
769
                ReportWarning "LYNIS" "Version of Lynis is very old and should be updated"
741
                Report "lynis_update_available=1"
770
                Report "lynis_update_available=1"
742
                UPDATE_AVAILABLE=1
771
                UPDATE_AVAILABLE=1
743
            else
772
            else
744
                Display --indent 2 --text "- Program update status... " --result "UPDATE AVAILABLE" --color YELLOW
773
                Display --indent 2 --text "- Program update status... " --result "${STATUS_UPDATE_AVAILABLE}" --color YELLOW
745
                LogText "Result: newer ${PROGRAM_NAME} release available!"
774
                LogText "Result: newer ${PROGRAM_NAME} release available!"
746
                ReportSuggestion "LYNIS" "Version of Lynis outdated, consider upgrading to the latest version"
775
                ReportSuggestion "LYNIS" "Version of Lynis outdated, consider upgrading to the latest version"
747
                Report "lynis_update_available=1"
776
                Report "lynis_update_available=1"
Lines 749-759 Link Here
749
            fi
778
            fi
750
        else
779
        else
751
            if [ ${UPDATE_CHECK_SKIPPED} -eq 0 ]; then
780
            if [ ${UPDATE_CHECK_SKIPPED} -eq 0 ]; then
752
                Display --indent 2 --text "- Program update status... " --result "NO UPDATE" --color GREEN
781
                Display --indent 2 --text "- Program update status... " --result "${STATUS_NO_UPDATE}" --color GREEN
753
                LogText "No ${PROGRAM_NAME} update available."
782
                LogText "No ${PROGRAM_NAME} update available."
754
                Report "lynis_update_available=0"
783
                Report "lynis_update_available=0"
755
            else
784
            else
756
                Display --indent 2 --text "- Program update status... " --result "SKIPPED" --color YELLOW
785
                Display --indent 2 --text "- Program update status... " --result "${STATUS_SKIPPED}" --color YELLOW
757
                LogText "Update check skipped due to constraints (e.g. missing dig binary)"
786
                LogText "Update check skipped due to constraints (e.g. missing dig binary)"
758
                Report "lynis_update_available=-1"
787
                Report "lynis_update_available=-1"
759
            fi
788
            fi
Lines 773-779 Link Here
773
    if [ ${NOW} -gt ${RELEASE_PLUS_TIMEDIFF} ]; then
802
    if [ ${NOW} -gt ${RELEASE_PLUS_TIMEDIFF} ]; then
774
        # Show if release is old, only if we didn't show it with normal update check
803
        # Show if release is old, only if we didn't show it with normal update check
775
        if [ ${UPDATE_AVAILABLE} -eq 0 ]; then
804
        if [ ${UPDATE_AVAILABLE} -eq 0 ]; then
776
            ReportSuggestion "LYNIS" "This release is more than 4 months old. Consider upgrading"
805
            ReportSuggestion "LYNIS" "This release is more than 4 months old. Check the website or GitHub to see if there is an update available."
777
        fi
806
        fi
778
        OLD_RELEASE=1
807
        OLD_RELEASE=1
779
    fi
808
    fi
Lines 856-867 Link Here
856
#################################################################################
885
#################################################################################
857
#
886
#
858
    if IsVerbose; then
887
    if IsVerbose; then
859
        InsertSection "Program Details"
888
        InsertSection "${SECTION_PROGRAM_DETAILS}"
860
        Display --indent 2 --text "- ${GEN_VERBOSE_MODE}" --result "YES" --color GREEN
889
        Display --indent 2 --text "- ${GEN_VERBOSE_MODE}" --result "${STATUS_YES}" --color GREEN
861
        if IsDebug; then
890
        if IsDebug; then
862
            Display --indent 2 --text "- ${GEN_DEBUG_MODE}" --result "YES" --color GREEN
891
            Display --indent 2 --text "- ${GEN_DEBUG_MODE}" --result "${STATUS_YES}" --color GREEN
863
        else
892
        else
864
            Display --indent 2 --text "- ${GEN_DEBUG_MODE}" --result "NO" --color RED
893
            Display --indent 2 --text "- ${GEN_DEBUG_MODE}" --result "${STATUS_NO}" --color RED
865
        fi
894
        fi
866
    fi
895
    fi
867
#
896
#
Lines 951-957 Link Here
951
        RunPlugins 1
980
        RunPlugins 1
952
981
953
        if [ ${N_PLUGIN_ENABLED} -eq 0 ]; then
982
        if [ ${N_PLUGIN_ENABLED} -eq 0 ]; then
954
            Display --indent 2 --text "- ${GEN_PLUGINS_ENABLED}" --result "NONE" --color WHITE
983
            Display --indent 2 --text "- ${GEN_PLUGINS_ENABLED}" --result "${STATUS_NONE}" --color WHITE
955
            Report "plugins_enabled=0"
984
            Report "plugins_enabled=0"
956
        else
985
        else
957
            Report "plugins_enabled=1"
986
            Report "plugins_enabled=1"
Lines 963-979 Link Here
963
    # Get host ID
992
    # Get host ID
964
    LogTextBreak
993
    LogTextBreak
965
    GetHostID
994
    GetHostID
995
    LogText "hostid-generation: method ${HOSTID_GEN}"
996
    LogText "hostid2-generation: method ${HOSTID2_GEN}"
966
    # Check if result is not empty (no blank, or hash of blank value, or minus, or zeros)
997
    # Check if result is not empty (no blank, or hash of blank value, or minus, or zeros)
967
    if [ ! "${HOSTID}" = "-" -a ! "${HOSTID}" = "" -a ! "${HOSTID}" = "adc83b19e793491b1c6ea0fd8b46cd9f32e592fc" -a ! "${HOSTID}" = "6ef1338f520d075957424741d7ed35ab5966ae97" ]; then
998
    case ${HOSTID} in
968
        LogText "Info: found valid HostID ${HOSTID}"
999
        "" | "-" | "adc83b19e793491b1c6ea0fd8b46cd9f32e592fc" | "6ef1338f520d075957424741d7ed35ab5966ae97")
969
        Report "hostid=${HOSTID}"
1000
            LogText "Info: no HostID found or invalid one"
970
    else
1001
        ;;
971
        LogText "Info: no HostID found or invalid one"
1002
        *)
972
    fi
1003
            LogText "Info: HostID ${HOSTID} looks to be valid"
973
    if [ ! "${HOSTID2}" = "" ]; then
1004
            Report "hostid=${HOSTID}"
1005
        ;;
1006
    esac
1007
1008
    if [ -n "${HOSTID2}" ]; then
974
        Report "hostid2=${HOSTID2}"
1009
        Report "hostid2=${HOSTID2}"
975
    fi
1010
    fi
976
    if [ ! "${MACHINEID}" = "" ]; then
1011
    if [ -n "${MACHINEID}" ]; then
977
        LogText "Info: found a machine ID ${MACHINEID}"
1012
        LogText "Info: found a machine ID ${MACHINEID}"
978
        Report "machineid=${MACHINEID}"
1013
        Report "machineid=${MACHINEID}"
979
    else
1014
    else
Lines 1011-1018 Link Here
1011
                    LogText "Exception: skipping test category ${INCLUDE_TEST}, file ${INCLUDE_FILE} has bad permissions (should be 640, 600 or 400)"
1046
                    LogText "Exception: skipping test category ${INCLUDE_TEST}, file ${INCLUDE_FILE} has bad permissions (should be 640, 600 or 400)"
1012
                    ReportWarning "NONE" "Invalid permissions on tests file tests_${INCLUDE_TEST}"
1047
                    ReportWarning "NONE" "Invalid permissions on tests file tests_${INCLUDE_TEST}"
1013
                    # Insert a section and warn user also on screen
1048
                    # Insert a section and warn user also on screen
1014
                    InsertSection "General"
1049
                    InsertSection "${SECTION_GENERAL}"
1015
                    Display --indent 2 --text "- Running test category ${INCLUDE_TEST}... " --result "SKIPPED" --color RED
1050
                    Display --indent 2 --text "- Running test category ${INCLUDE_TEST}... " --result "${STATUS_SKIPPED}" --color RED
1016
                fi
1051
                fi
1017
            else
1052
            else
1018
                echo "Error: Can't find file (category: ${INCLUDE_TEST})"
1053
                echo "Error: Can't find file (category: ${INCLUDE_TEST})"
Lines 1037-1046 Link Here
1037
            else
1072
            else
1038
                LogText "Exception: skipping custom tests, file has bad permissions (should be 640, 600 or 400)"
1073
                LogText "Exception: skipping custom tests, file has bad permissions (should be 640, 600 or 400)"
1039
                ReportWarning "NONE" "Invalid permissions on custom tests file"
1074
                ReportWarning "NONE" "Invalid permissions on custom tests file"
1040
                Display --indent 2 --text "- Running custom tests... " --result "WARNING" --color RED
1075
                Display --indent 2 --text "- Running custom tests... " --result "${STATUS_WARNING}" --color RED
1041
            fi
1076
            fi
1042
        else
1077
        else
1043
            Display --indent 2 --text "- Running custom tests... " --result "NONE" --color WHITE
1078
            Display --indent 2 --text "- Running custom tests... " --result "${STATUS_NONE}" --color WHITE
1044
        fi
1079
        fi
1045
    fi
1080
    fi
1046
#
1081
#
Lines 1073-1079 Link Here
1073
    if [ ${SKIP_PLUGINS} -eq 0 ]; then
1108
    if [ ${SKIP_PLUGINS} -eq 0 ]; then
1074
        RunPlugins 2
1109
        RunPlugins 2
1075
        if [ ${N_PLUGIN_ENABLED} -gt 1 ]; then
1110
        if [ ${N_PLUGIN_ENABLED} -gt 1 ]; then
1076
            Display --indent 2 --text "- Plugins (phase 2)" --result "DONE" --color GREEN
1111
            Display --indent 2 --text "- Plugins (phase 2)" --result "${STATUS_DONE}" --color GREEN
1077
        fi
1112
        fi
1078
    fi
1113
    fi
1079
#
1114
#
Lines 1143-1146 Link Here
1143
1178
1144
#
1179
#
1145
#================================================================================
1180
#================================================================================
1146
# Lynis - Copyright 2007-2020, Michael Boelen, CISOfy - https://cisofy.com
1181
# Lynis - Copyright 2007-2021, Michael Boelen, CISOfy - https://cisofy.com

Return to bug 46322