ALT Linux Bugzilla
– Attachment 13315 Details for
Bug 46322
lynis update to 3.0.8 version
New bug
|
Search
|
[?]
|
Help
Register
|
Log In
[x]
|
Forgot Password
Login:
[x]
|
EN
|
RU
[patch]
patch for 3.0.0 => 3.0.8
lynis-3.0.8.patch (text/plain), 450.19 KB, created by
VikaB
on 2023-05-31 09:00:14 MSK
(
hide
)
Description:
patch for 3.0.0 => 3.0.8
Filename:
MIME Type:
Creator:
VikaB
Created:
2023-05-31 09:00:14 MSK
Size:
450.19 KB
patch
obsolete
>diff -ur lynis-3.0.0/CHANGELOG.md lynis-3.0.8/CHANGELOG.md >--- lynis-3.0.0/CHANGELOG.md 2020-06-18 03:00:00 >+++ lynis-3.0.8/CHANGELOG.md 2022-05-17 03:00:00 >@@ -1,5 +1,183 @@ > # Lynis Changelog > >+## Lynis 3.0.8 (2022-05-17) >+ >+### Added >+- MALW-3274 - Detect McAfee VirusScan Command Line Scanner >+- PKGS-7346 Check Alpine Package Keeper (apk) >+- PKGS-7395 Check Alpine upgradeable packages >+- EOL for Alpine Linux 3.14 and 3.15 >+ >+### Changed >+- AUTH-9408 - Check for pam_faillock as well (replacement for pam_tally2) >+- FILE-7524 - Test enhanced to support symlinks >+- HTTP-6643 - Support ModSecurity version 2 and 3 >+- KRNL-5788 - Only run relevant tests and improved logging >+- KRNL-5820 - Additional path for security/limits.conf >+- KRNL-5830 - Check for /var/run/needs_restarting (Slackware) >+- KRNL-5830 - Add a presence check for /boot/vmlinuz >+- PRNT-2308 - Bugfix that prevented test from storing values correctly >+- Extended location of PAM files for AARCH64 >+- Some messages in log improved >+ >+--------------------------------------------------------------------------------- >+ >+## Lynis 3.0.7 (2022-01-18) >+ >+### Added >+- MALW-3290 - Show status of malware components >+- OS detection for RHEL 6 and Funtoo Linux >+- Added service manager openrc >+ >+### Changed >+- DBS-1804 - Added alias for MariaDB >+- FINT-4316 - Support for newer Ubuntu versions >+- MALW-3280 - Added Trend Micro malware agent >+- NETW-3200 - Allow unknown number of spaces in modprobe blacklists >+- PKGS-7320 - Support for Garuda Linux and arch-audit >+- Several improvements for busybox shell >+- Russian translation of Lynis extended >+ >+--------------------------------------------------------------------------------- >+ >+## Lynis 3.0.6 (2021-07-22) >+ >+### Added >+- OS detection: Artix Linux, macOS Monterey, NethServer, openSUSE MicroOS >+- Check for outdated translation files >+ >+### Changed >+- DBS-1826 - Check if PostgreSQL is being used >+- DBS-1828 - Test multiple PostgreSQL configuration file(s) >+- KRNL-5830 - Sort kernels by version instead of modification date >+- PKGS-7410 - Don't show exception for systems using LXC >+- GetHostID function: fallback options added for Linux systems >+- Fix: macOS Big Sur detection >+- Fix: show correct text when egrep is missing >+- Fix: variable name for PostgreSQL >+- German and Spanish translations extended >+ >+--------------------------------------------------------------------------------- >+ >+## Lynis 3.0.5 (2021-07-02) >+ >+### Added >+- OS detection of Arch Linux 32, BunsenLabs Linux, and Rocky Linux >+- CRYP-8006 - Check MemoryOverwriteRequest bit to protect against cold-boot attacks (Linux) >+ >+### Changed >+- ACCT-9622 - Corrected typo >+- HRDN-7231 - When calling wc, use the short -l flag instead of --lines (Busybox compatibility) >+- PKGS-7320 - extended to Arch Linux 32 >+- Generation of host identifiers (hostid/hostid2) extended >+- Linux host identifiers are now using ip as preferred input source >+- Improved logging in several areas >+ >+--------------------------------------------------------------------------------- >+ >+## Lynis 3.0.4 (2021-05-11) >+ >+### Added >+- ACCT-9670 - Detection of cmd tooling >+- ACCT-9672 - Test cmd configuration file >+- BOOT-5140 - Check for ELILO boot loader presence >+- OS detection of AlmaLinux, Garuda Linux, Manjaro (ARM), and others >+ >+### Changed >+- BOOT-5104 - Add service manager detection support for runit >+- FILE-6430 - Report suggestion only when at least one kernel module is not in the blacklist >+- FIRE-4540 - Corrected nftables empy ruleset test >+- LOGG-2138 - Do not check for klogd when metalog is being used >+- TIME-3185 - Improved support for Debian stretch >+- Corrected issue when Lynis is not executed directly from lynis directory >+ >+--------------------------------------------------------------------------------- >+ >+## Lynis 3.0.3 (2021-01-07) >+ >+### Added >+- HRDN-7231 - Check for registered non-native binary formats >+- OS detection of Parrot GNU/Linux >+ >+### Changed >+- DBS-1816 - Force test to check only password authentication >+- KRNL-5677 - Support for NetBSD >+- Bugfix: command 'configure settings' did not work as intended >+ >+--------------------------------------------------------------------------------- >+ >+## Lynis 3.0.2 (2020-12-24) >+ >+### Added >+- AUTH-9284 - Scan for locked user accounts in /etc/passwd >+- LOGG-2153 - Loghost configuration >+- TOOL-5130 - Check for active Suricata daemon >+- OS detection of Flatcar, IPFire, Mageia, NixOS, ROSA Linux, SLES (extended), Void Linux, Zorin OS >+- OS detection of OpenIndiana (Hipster and Legacy), Shillix, SmartOS, Tribblix, and others >+- EOL dates for Alpine, macOS, Mageia, OmniosCE, and Solaris 11 >+- Support for Solaris svcs (service manager) >+- Enumeration of Solaris services >+ >+### Changed >+- ACCT-9626 - Detect sysstat systemd unit >+- AUTH-9230 - Only fail if both SHA_CRYPT_MIN_ROUNDS and SHA_CRYPT_MAX_ROUNDS are undefined >+- BOOT-5184 - Support for Solaris >+- KRNL-5830 - Improved reboot test by ignoring known bad values >+- KRNL-5830 - Ignore rescue kernel such as on CentOS systems >+- KRNL-5830 - Detection of Alpine Linux kernel >+- NETW-2400 - Compatibility change for hostname check >+- NETW-3012 - Support for Solaris >+- PKGS-7410 - Don't show exception if no kernels were found on the disk >+- TIME-3185 - Supports now checking files at multiple locations (systemd) >+- ParseNginx function: Support include on absolute paths >+- ParseNginx function: Ignore empty included wildcards >+- Set 'RHEL' as OS_NAME for Red Hat Enterprise Linux >+- HostID: Use first e1000 interface and break after match >+- Translations extended and updated >+- Test if pgrep exists before using it >+- Better support for busybox shell >+- Small code enhancements >+ >+--------------------------------------------------------------------------------- >+ >+## Lynis 3.0.1 (2020-10-05) >+ >+### Added >+- Detection of Alpine Linux >+- Detection of CloudLinux >+- Detection of Kali Linux >+- Detection of Linux Mint >+- Detection of macOS Big Sur (11.0) >+- Detection of Pop!_OS >+- Detection of PHP 7.4 >+- Malware detection tool: Microsoft Defender ATP >+- New flag: --slow-warning to allow tests more time before showing a warning >+- Test TIME-3185 to check systemd-timesyncd synchronized time >+- rsh host file permissions >+ >+### Changed >+- AUTH-9229 - Added option for LOCKED accounts and bugfix for older bash versions >+- BOOT-5122 - Presence check for grub.d added >+- CRYP-7902 - Added support for certificates in DER format >+- CRYP-7931 - Added data to report >+- CRYP-7931 - Redirect errors (e.g. when swap is not encrypted) >+- FILE-6430 - Don't grep nonexistent modprobe.d files >+- FIRE-4535 - Set initial firewall state >+- INSE-8312 - Corrected text on screen >+- KRNL-5728 - Handle zipped kernel configuration correctly >+- KRNL-5830 - Improved version detection for non-symlinked kernel >+- MALW-3280 - Extended detection of BitDefender >+- TIME-3104 - Find more time synchronization commands >+- TIME-3182 - Corrected detection of time peers >+- Fix: hostid generation routine would sometimes show too short IDs >+- Fix: language detection >+- Generic improvements for macOS >+- German translation updated >+- End-of-life database updated >+- Several minor code enhancements >+ >+--------------------------------------------------------------------------------- >+ > ## Lynis 3.0.0 (2020-06-18) > > This is a major release of Lynis and includes several big changes. >@@ -101,7 +279,7 @@ > - AUTH-9268 - Perform test also on DragonFly, FreeBSD, and NetBSD > - AUTH-9282 - fix: temporary variable was overwritten > - AUTH-9408 - added support for pam_tally2 to log failed logins >-- AUTH-9489 - test removedd as it is merged with AUTH-9218 >+- AUTH-9489 - test removed as it is merged with AUTH-9218 > - BANN-7126 - additional words for login banner are accepted > - BOOT-5122 - check for defined password in all GRUB configuration files > - CONT-8106 - support newer 'docker info' output >@@ -128,6 +306,7 @@ > - KRNL-5820 - extended check to include limits.d directory > - KRNL-5830 - skip test partially when running non-privileged > - KRNL-5830 - detect required reboots on Raspbian >+- KRNL-6000 - check more sysctls > - LOGG-2154 - added support for rsyslog configurations > - LOGG-2190 - skip mysqld related entries > - MACF-6234 - SELinux tests extended >@@ -387,7 +566,7 @@ > * [AUTH-9308] - Made 'sulogin' more generic for systemd rescue shell > * [DNS-1600] - Initial work on DNSSEC validation testing > * [NETW-2704] - Added support for local resolver 127.0.0.53 >-* [PHP-2379] - Suhosin test disbled >+* [PHP-2379] - Suhosin test disabled > * [SSH-7408] - Removed 'DELAYED' from OpenSSH Compression setting > * [TIME-3160] - Improvements to detect step-tickers file and entries > >@@ -634,7 +813,7 @@ > * Renamed some variables to better indicate their purpose (counting, data type) > * Removal of unused code and comments > * Deleted unused tests from database file >-* Correct levels of identation >+* Correct levels of indentation > * Support for older mac OS X versions (Lion and Mountain Lion) > * Initialized variables for more binaries > * Additional sysctls are tested >@@ -1295,7 +1474,7 @@ > * AddSetting - New function to store settings (lynis show settings) > * ContainsString - New function to search for a string in another one > * Display - Added --debug, showing details on screen in debug mode >- - Reset identation for lines which are too long >+ - Reset indentation for lines which are too long > * DisplayToolTip - New function to display tooltips > * IsDebug - Check for usage of --debug > * IsDeveloperMode - Status for development and debugging (--developer) >@@ -1368,7 +1547,7 @@ > ------------ > The biggest change in this release is the optimization of several functions. It > allows for better detection, and dealing with the quirks, of every single >-operating system. Some functions were fortified to handle unexcepted results >+operating system. Some functions were fortified to handle unexpected results > better, like missing a particular binary, or not returning the hostname. > > This release also enables tests to be shorter, by adding new functions. Some >@@ -1646,7 +1825,7 @@ > files. Related tests are FINT-4334 and FINT-4336. > > Added support for Chrony time daemon and timesync daemon. Additionally NTP >-sychronization status is checked when it is enabled. >+synchronization status is checked when it is enabled. > > Improved single user mode protection on the rescue.service file. > >@@ -2228,7 +2407,7 @@ > Changes: > - Ignore interfaces aliases for HostID > - Extended umask tests with pam_umask entries [AUTH-9328] >- - Check for supressed version on Squid [SQD-3680] >+ - Check for suppressed version on Squid [SQD-3680] > > --------------------------------------------------------------------------------- > >@@ -2241,7 +2420,7 @@ > - Added 64 bits locations for Apache modules > - Add start of new category to logfile > - Extended sysstat test with /etc/cron.d/sysstat [ACCT-9626] >- - Extended cron job tests with entries start with asterix (*) [SCHD-7704] >+ - Extended cron job tests with entries start with asterisk (*) [SCHD-7704] > - Additional check for multiple umask entries (like RHEL 6.x) [AUTH-9328] > - Adjusted PHP test for register_globals (explicit test) [PHP-2368] > - Small adjustments for upcoming plugin support >@@ -2368,7 +2547,7 @@ > - Adjusted PHP check to find ini files [PHP-2211] > - Skip Apache test for NetBSD [HTTP-6622] > - Skip test http version check for NetBSD [HTTP-6624] >- - Additional check to supress sort error [HTTP-6626] >+ - Additional check to suppress sort error [HTTP-6626] > - Improved the way binaries are checked (less disk reads) > - Adjusted ReportWarning() function to skip impact rating > - Improved report on screen by leaving out date/time and type >@@ -2404,7 +2583,7 @@ > - Added suggestion about BIND version [NAME-4210] > - Merged test NTP daemon test TIME-3108 into TIME-3104 > - Improved support for Arch Linux (output, detection) >- - Extended common list of directories with SSL certifcates in profile >+ - Extended common list of directories with SSL certificates in profile > - New function GetHostID() to determine an unique identifier of the machine > - Added a tests_custom file template > - Perform file permissions test on tests_custom file >@@ -2447,7 +2626,7 @@ > Lynis 1.3.2 (2013-10-09) > > New: >- - Test for PowerDNS authoritive servers (master/slave status) [NAME-4238] >+ - Test for PowerDNS authoritative servers (master/slave status) [NAME-4238] > > Changes: > - CUPS test extended with hardening rules [PRNT-2308] >@@ -2494,7 +2673,7 @@ > - Fixed incorrect warning for single user mode [AUTH-9308] > - Improved output for stratum 16 time servers [TIME-3116] > - Added suggestion and screen output for kernel hardening [KRNL-6000] >- - Screen layout optimalizations and log file improvements >+ - Screen layout optimizations and log file improvements > - Improved list/layout of scan options > - Improved binary check for compilers > - Added configuration option in scan profile (show_tool_tips, default true) >@@ -3057,7 +3236,7 @@ > - Improved FreeBSD pkg_info output, logging output and report data [PKG-7302] > - Changed shell history file test, searching files with maxdepth 1 [HOME-9310] > - Extended iptables test, to check Linux kernel configuration file [FIRE-4511] >- - Added report warning to promicuous test [NETW-3014] >+ - Added report warning to promiscuous test [NETW-3014] > - Fixed yellow color when being used at text display > - Several logging improvements and cleanups > >@@ -3126,11 +3305,11 @@ > - Improved LILO test and removed double message > - Fixed incorrect message when using --help parameter > - Improved portaudit test (FreeBSD) to show unique packages only >- - Updated man page, FAQ, extended documention with plugin information >+ - Updated man page, FAQ, extended documentation with plugin information > - Added several php.ini file locations (MacOS X, OpenBSD, OpenSuSE) > > ** Special release notes [package/ports]: ** >- - Added several default paths to check for usuable an INCLUDE directory. This >+ - Added several default paths to check for usable INCLUDE directory. This > should make packaging Lynis easier for downstream package providers. > - When no profile is set, Lynis will check first /etc/lynis/default.prf, > before setting default.prf (in current work directory) as profile to use. >@@ -3189,7 +3368,7 @@ > - Added available shells from /etc/shells to report file > - Updated man page > - Fixed option in main help window for --man option >- - Code improvement, splitting up sections to seperated files >+ - Code improvement, splitting up sections to separated files > > --------------------------------------------------------------------------------- > >@@ -3205,7 +3384,7 @@ > - Changed old temporary files check > - Changed test to include ubuntu security repository > - Moved UID check to avoid PID creation as non root user >- - Moved most functions to seperated files and several code cleanups >+ - Moved most functions to separated files and several code cleanups > - Improved logging output > - Extended FreeBSD (Copyright file) test > - Changed indentation for many tests >@@ -3249,7 +3428,7 @@ > - Updated year number in program and support files > - Added new function Display, to use indentation within lines > - Added function RemovePIDFile before some exit routines, to clean up PID file >- - Extracted profile support, parameter support to seperated files >+ - Extracted profile support, parameter support to separated files > - Created file tests_ports_packages for Ports and Packages > - Deleted lynis.spec file, since it was not working and will be rewritten later > >@@ -3402,7 +3581,7 @@ > - Test: query nameservers and test connectivity > - Test: check promiscuous interfaces (FreeBSD) > - Test: check sticky bit on /tmp directory >- - Test: check debian.org security brance in /etc/apt/sources.list >+ - Test: check debian.org security branch in /etc/apt/sources.list > - Test: check kernel update on Debian > - Test: query default Linux run level > - Test: query chkconfig to see which services start at boot >diff -ur lynis-3.0.0/CONTRIBUTING.md lynis-3.0.8/CONTRIBUTING.md >--- lynis-3.0.0/CONTRIBUTING.md 2020-06-18 03:00:00 >+++ lynis-3.0.8/CONTRIBUTING.md 2022-05-17 03:00:00 >@@ -27,7 +27,7 @@ > ## Code Guidelines > > ### General >-Identation should be 4 spaces (no tab character). >+Indentation should be 4 spaces (no tab character). > > ### Comments > Comments: use # sign followed by a space. When needed, create a comment block. >@@ -68,6 +68,6 @@ > and for any purpose whatsoever, and to have or authorize others to do so. > > If you want to be named in as a contributor in the CONTRIBUTOR file, then include >-this notition in your pull request. Preferred format: Full Name, and your e-mail >+this notation in your pull request. Preferred format: Full Name, and your e-mail > address). > >diff -ur lynis-3.0.0/CONTRIBUTORS.md lynis-3.0.8/CONTRIBUTORS.md >--- lynis-3.0.0/CONTRIBUTORS.md 2020-06-18 03:00:00 >+++ lynis-3.0.8/CONTRIBUTORS.md 2022-05-17 03:00:00 >@@ -46,6 +46,7 @@ > * Mikko Lehtisalo, Finland > * Steve Bosek, France > * Thomas Siebel, Germany >+* Thomas Sjögren, Sweden > * Topi Miettinen, Finland > * Zach Crownover > >diff -ur lynis-3.0.0/FAQ lynis-3.0.8/FAQ >--- lynis-3.0.0/FAQ 2020-06-18 03:00:00 >+++ lynis-3.0.8/FAQ 2022-05-17 03:00:00 >@@ -26,8 +26,9 @@ > website: https://cisofy.com/support/ > > Q: I can't find any configuration file for Lynis, where is it? >- A: Lynis uses profiles. They are similar to a configuration file and determine >- how a security scan should be performed. >+ A: Lynis uses profiles. A profile is similar to a configuration file and >+ determines how a security scan should be performed. Profiles are usually >+ stored in /etc/lynis or can be found using 'lynis show profiles'. > > Q: My version is outdated, what can I do to upgrade? > Check out the upgrade guide: https://cisofy.com/documentation/lynis/upgrading/ >@@ -73,11 +74,11 @@ > Q: When running Lynis, it shows me the usage help even while using correct > parameters, why? > A: This can happen with alternative shells. Try using a different shell to >- invoke Lynis (example: bash lynis -c). >+ invoke Lynis (example: bash lynis audit system). > > Q: One or more tests are giving incorrect output. How to solve that? > A: Check the log file. If that also has incorrect data, let us know via GitHub >- or the developer e-mail address. >+ or use the developer e-mail address. > > Q: The program takes long to complete and also uses too much resources. Can it > be tuned? >@@ -98,4 +99,4 @@ > > > ================================================================================ >- Lynis - Copyright 2007-2020, Michael Boelen, CISOfy - https://cisofy.com >+ Lynis - Copyright 2007-2021, Michael Boelen, CISOfy - https://cisofy.com >diff -ur lynis-3.0.0/HAPPY_USERS.md lynis-3.0.8/HAPPY_USERS.md >--- lynis-3.0.0/HAPPY_USERS.md 2020-06-18 03:00:00 >+++ lynis-3.0.8/HAPPY_USERS.md 2022-05-17 03:00:00 >@@ -33,3 +33,8 @@ > valuable feedback and contributions give me the energy to continue to work on > its development, even after 12+ years! > >+* Catalyst.net IT - January 2020 >+Lynis gave us great insight in to the security state of our systems, as well as where we can improve. >+ >+* David Osipov - October 2021 >+Lynis opened my eyes on Linux security hardening best practices. As a newbie, I learn a lot about Linux system architecture while trying to harden my system. >diff -ur lynis-3.0.0/INSTALL lynis-3.0.8/INSTALL >--- lynis-3.0.0/INSTALL 2020-06-18 03:00:00 >+++ lynis-3.0.8/INSTALL 2022-05-17 03:00:00 >@@ -48,4 +48,4 @@ > > > ================================================================================ >- Lynis - Copyright 2007-2020, Michael Boelen, CISOfy - https://cisofy.com >+ Lynis - Copyright 2007-2021, Michael Boelen, CISOfy - https://cisofy.com >Only in lynis-3.0.8: TODO.md >diff -ur lynis-3.0.0/db/languages/az lynis-3.0.8/db/languages/az >--- lynis-3.0.0/db/languages/az 2020-06-18 03:00:00 >+++ lynis-3.0.8/db/languages/az 2022-05-17 03:00:00 >@@ -10,30 +10,98 @@ > GEN_UPDATE_AVAILABLE="YenilÉmÉ mövcud" > GEN_VERBOSE_MODE="Etraflı" > GEN_WHAT_TO_DO="edilecekler" >-NOTE_EXCEPTIONS_FOUND="Ä°stisnalar tapıldı" > NOTE_EXCEPTIONS_FOUND_DETAILED="Bazı istisnai durumlar vÉ mÉlumatlar tapıldı" >+NOTE_EXCEPTIONS_FOUND="Ä°stisnalar tapıldı" > NOTE_PLUGINS_TAKE_TIME="Qeyd: Uzantılar daha Étraflı testlÉr içermektedir vÉ tamamlanmaları uzun davam edÉbilÉr" > NOTE_SKIPPED_TESTS_NON_PRIVILEGED="SÉlahiyyÉt lazımlı testlÉr" >+#SECTION_ACCOUNTING="Accounting" >+#SECTION_BANNERS_AND_IDENTIFICATION="Banners and identification" >+#SECTION_BASICS="Basics" >+#SECTION_BOOT_AND_SERVICES="Boot and services" >+#SECTION_CONTAINERS="Containers" >+#SECTION_CRYPTOGRAPHY="Cryptography" > SECTION_CUSTOM_TESTS="Xususi testlÉr" >+#SECTION_DATABASES="Databases" >+#SECTION_DATA_UPLOAD="Data upload" >+#SECTION_DOWNLOADS="Downloads" >+#SECTION_EMAIL_AND_MESSAGING="Software: e-mail and messaging" >+#SECTION_FILE_INTEGRITY="Software: file integrity" >+#SECTION_FILE_PERMISSIONS="File Permissions" >+#SECTION_FILE_SYSTEMS="File systems" >+#SECTION_FIREWALLS="Software: firewalls" >+#SECTION_GENERAL="General" >+#SECTION_HARDENING="Hardening" >+#SECTION_HOME_DIRECTORIES="Home directories" >+#SECTION_IMAGE="Image" >+#SECTION_INITIALIZING_PROGRAM="Initializing program" >+#SECTION_INSECURE_SERVICES="Insecure services" >+#SECTION_KERNEL_HARDENING="Kernel Hardening" >+#SECTION_KERNEL="Kernel" >+#SECTION_LDAP_SERVICES="LDAP Services" >+#SECTION_LOGGING_AND_FILES="Logging and files" > SECTION_MALWARE="Pis proqram" > SECTION_MEMORY_AND_PROCESSES="YaddaÅ ve prosesler" >+#SECTION_NAME_SERVICES="Name services" >+#SECTION_NETWORKING="Networking" >+#SECTION_PERMISSIONS="Permissions" >+#SECTION_PORTS_AND_PACKAGES="Ports and packages" >+#SECTION_PRINTERS_AND_SPOOLS="Printers and Spools" >+#SECTION_PROGRAM_DETAILS="Program Details" >+#SECTION_SCHEDULED_TASKS="Scheduled tasks" >+#SECTION_SECURITY_FRAMEWORKS="Security frameworks" >+#SECTION_SHELLS="Shells" >+#SECTION_SNMP_SUPPORT="SNMP Support" >+#SECTION_SOFTWARE="Software" >+#SECTION_SQUID_SUPPORT="Squid Support" >+#SECTION_SSH_SUPPORT="SSH Support" >+#SECTION_STORAGE="Storage" >+#SECTION_SYSTEM_INTEGRITY="Software: System integrity" >+#SECTION_SYSTEM_TOOLING="Software: System tooling" >+#SECTION_SYSTEM_TOOLS="System tools" >+#SECTION_TIME_AND_SYNCHRONIZATION="Time and Synchronization" >+#SECTION_USB_DEVICES="USB Devices" >+#SECTION_USERS_GROUPS_AND_AUTHENTICATION="Users, Groups and Authentication" >+#SECTION_VIRTUALIZATION="Virtualization" >+#SECTION_WEBSERVER="Software: webserver" >+#STATUS_ACTIVE="ACTIVE" >+#STATUS_CHECK_NEEDED="CHECK NEEDED" >+#STATUS_DEBUG="DEBUG" >+#STATUS_DEFAULT="DEFAULT" >+#STATUS_DIFFERENT="DIFFERENT" > STATUS_DISABLED="TÉsirsiz" > STATUS_DONE="Bitdi" > STATUS_ENABLED="TÉsirli" > STATUS_ERROR="SÉhv" >+#STATUS_EXPOSED="EXPOSED" >+#STATUS_FAILED="FAILED" >+#STATUS_FILES_FOUND="FILES FOUND" > STATUS_FOUND="Tapıldı" >-STATUS_YES="BÉli" >+#STATUS_HARDENED="HARDENED" >+#STATUS_INSTALLED="INSTALLED" >+#STATUS_LOCAL_ONLY="LOCAL ONLY" >+#STATUS_MEDIUM="MEDIUM" >+#STATUS_NON_DEFAULT="NON DEFAULT" >+STATUS_NONE="Yox" >+#STATUS_NOT_CONFIGURED="NOT CONFIGURED" >+#STATUS_NOT_DISABLED="NOT DISABLED" >+#STATUS_NOT_ENABLED="NOT ENABLED" >+STATUS_NOT_FOUND="Tapılmadı" >+STATUS_NOT_RUNNING="ÃalıÅmayıb" >+#STATUS_NO_UPDATE="NO UPDATE" > STATUS_NO="Xeyr" > STATUS_OFF="BaÄlı" > STATUS_OK="ÆvÉt" > STATUS_ON="Açıq" >-STATUS_NONE="Yox" >-STATUS_NOT_FOUND="Tapılmadı" >-STATUS_NOT_RUNNING="ÃalıÅmayıb" >+#STATUS_PARTIALLY_HARDENED="PARTIALLY HARDENED" >+#STATUS_PROTECTED="PROTECTED" > STATUS_RUNNING="Ä°Åleyib" > STATUS_SKIPPED="Atlandı" > STATUS_SUGGESTION="Teklif" > STATUS_UNKNOWN="Bilinmeyib" >+#STATUS_UNSAFE="UNSAFE" >+#STATUS_UPDATE_AVAILABLE="UPDATE AVAILABLE" > STATUS_WARNING="XÉbÉrdarlıq" >-TEXT_YOU_CAN_HELP_LOGFILE="qeydlÉri gönderib kömek eyleyin" >+#STATUS_WEAK="WEAK" >+STATUS_YES="BÉli" > TEXT_UPDATE_AVAILABLE="yenilÉmÉ mövcud" >+TEXT_YOU_CAN_HELP_LOGFILE="qeydlÉri gönderib kömek eyleyin" >diff -ur lynis-3.0.0/db/languages/br lynis-3.0.8/db/languages/br >--- lynis-3.0.0/db/languages/br 2020-06-18 03:00:00 >+++ lynis-3.0.8/db/languages/br 2022-05-17 03:00:00 >@@ -10,30 +10,98 @@ > GEN_UPDATE_AVAILABLE="Atualização disponÃvel" > GEN_VERBOSE_MODE="Modo verbose" > GEN_WHAT_TO_DO="O que fazer" >-NOTE_EXCEPTIONS_FOUND="Exceptions encontradas" > NOTE_EXCEPTIONS_FOUND_DETAILED="Alguns eventos ou informações excepcionais foram encontrados" >+NOTE_EXCEPTIONS_FOUND="Exceptions encontradas" > NOTE_PLUGINS_TAKE_TIME="Nota: plugins requerem testes mais extensivos e podem levar vários minutos para completar" > NOTE_SKIPPED_TESTS_NON_PRIVILEGED="Testes ignorados devido ao modo sem privilégios" >+#SECTION_ACCOUNTING="Accounting" >+#SECTION_BANNERS_AND_IDENTIFICATION="Banners and identification" >+#SECTION_BASICS="Basics" >+#SECTION_BOOT_AND_SERVICES="Boot and services" >+#SECTION_CONTAINERS="Containers" >+#SECTION_CRYPTOGRAPHY="Cryptography" > SECTION_CUSTOM_TESTS="Testes personalizados" >+#SECTION_DATABASES="Databases" >+#SECTION_DATA_UPLOAD="Data upload" >+#SECTION_DOWNLOADS="Downloads" >+#SECTION_EMAIL_AND_MESSAGING="Software: e-mail and messaging" >+#SECTION_FILE_INTEGRITY="Software: file integrity" >+#SECTION_FILE_PERMISSIONS="File Permissions" >+#SECTION_FILE_SYSTEMS="File systems" >+#SECTION_FIREWALLS="Software: firewalls" >+#SECTION_GENERAL="General" >+#SECTION_HARDENING="Hardening" >+#SECTION_HOME_DIRECTORIES="Home directories" >+#SECTION_IMAGE="Image" >+#SECTION_INITIALIZING_PROGRAM="Initializing program" >+#SECTION_INSECURE_SERVICES="Insecure services" >+#SECTION_KERNEL_HARDENING="Kernel Hardening" >+#SECTION_KERNEL="Kernel" >+#SECTION_LDAP_SERVICES="LDAP Services" >+#SECTION_LOGGING_AND_FILES="Logging and files" > SECTION_MALWARE="Malware" > SECTION_MEMORY_AND_PROCESSES="Memória e Processos" >+#SECTION_NAME_SERVICES="Name services" >+#SECTION_NETWORKING="Networking" >+#SECTION_PERMISSIONS="Permissions" >+#SECTION_PORTS_AND_PACKAGES="Ports and packages" >+#SECTION_PRINTERS_AND_SPOOLS="Printers and Spools" >+#SECTION_PROGRAM_DETAILS="Program Details" >+#SECTION_SCHEDULED_TASKS="Scheduled tasks" >+#SECTION_SECURITY_FRAMEWORKS="Security frameworks" >+#SECTION_SHELLS="Shells" >+#SECTION_SNMP_SUPPORT="SNMP Support" >+#SECTION_SOFTWARE="Software" >+#SECTION_SQUID_SUPPORT="Squid Support" >+#SECTION_SSH_SUPPORT="SSH Support" >+#SECTION_STORAGE="Storage" >+#SECTION_SYSTEM_INTEGRITY="Software: System integrity" >+#SECTION_SYSTEM_TOOLING="Software: System tooling" >+#SECTION_SYSTEM_TOOLS="System tools" >+#SECTION_TIME_AND_SYNCHRONIZATION="Time and Synchronization" >+#SECTION_USB_DEVICES="USB Devices" >+#SECTION_USERS_GROUPS_AND_AUTHENTICATION="Users, Groups and Authentication" >+#SECTION_VIRTUALIZATION="Virtualization" >+#SECTION_WEBSERVER="Software: webserver" >+#STATUS_ACTIVE="ACTIVE" >+#STATUS_CHECK_NEEDED="CHECK NEEDED" >+#STATUS_DEBUG="DEBUG" >+#STATUS_DEFAULT="DEFAULT" >+#STATUS_DIFFERENT="DIFFERENT" > STATUS_DISABLED="DESABILITADO" > STATUS_DONE="FEITO" > STATUS_ENABLED="HABILITADO" > STATUS_ERROR="ERRO" >+#STATUS_EXPOSED="EXPOSED" >+#STATUS_FAILED="FAILED" >+#STATUS_FILES_FOUND="FILES FOUND" > STATUS_FOUND="ENCONTRADO" >-STATUS_YES="SIM" >+#STATUS_HARDENED="HARDENED" >+#STATUS_INSTALLED="INSTALLED" >+#STATUS_LOCAL_ONLY="LOCAL ONLY" >+#STATUS_MEDIUM="MEDIUM" > STATUS_NO="NÃO" >-STATUS_OFF="OFF" >-STATUS_OK="OK" >-STATUS_ON="ON" >+#STATUS_NON_DEFAULT="NON DEFAULT" > STATUS_NONE="NENHUM" >+#STATUS_NOT_CONFIGURED="NOT CONFIGURED" >+#STATUS_NOT_DISABLED="NOT DISABLED" >+#STATUS_NOT_ENABLED="NOT ENABLED" > STATUS_NOT_FOUND="NÃO ENCONTRADO" > STATUS_NOT_RUNNING="PARADO" >+#STATUS_NO_UPDATE="NO UPDATE" >+STATUS_OFF="OFF" >+STATUS_OK="OK" >+STATUS_ON="ON" >+#STATUS_PARTIALLY_HARDENED="PARTIALLY HARDENED" >+#STATUS_PROTECTED="PROTECTED" > STATUS_RUNNING="EM EXECUÃÃO" > STATUS_SKIPPED="IGNORADO" > STATUS_SUGGESTION="SUGESTÃO" > STATUS_UNKNOWN="DESCONHECIDO" >+#STATUS_UNSAFE="UNSAFE" >+#STATUS_UPDATE_AVAILABLE="UPDATE AVAILABLE" > STATUS_WARNING="ATENÃÃO" >-TEXT_YOU_CAN_HELP_LOGFILE="Você pode ajudar fornecendo seu arquivo de log" >+#STATUS_WEAK="WEAK" >+STATUS_YES="SIM" > TEXT_UPDATE_AVAILABLE="Atualização disponÃvel" >+TEXT_YOU_CAN_HELP_LOGFILE="Você pode ajudar fornecendo seu arquivo de log" >diff -ur lynis-3.0.0/db/languages/cn lynis-3.0.8/db/languages/cn >--- lynis-3.0.0/db/languages/cn 2020-06-18 03:00:00 >+++ lynis-3.0.8/db/languages/cn 2022-05-17 03:00:00 >@@ -1,3 +1,5 @@ >+ERROR_NO_LICENSE="没æéç½®ç许å¯è¯å¯é¥" >+ERROR_NO_UPLOAD_SERVER="没æéç½®çä¸ä¼ æå¡å¨" > GEN_CHECKING="æ£æ¥ä¸" > GEN_CURRENT_VERSION="å½åçæ¬" > GEN_DEBUG_MODE="è°è¯æ¨¡å¼" >@@ -5,36 +7,102 @@ > GEN_LATEST_VERSION="ææ°çæ¬" > GEN_PHASE="é¶æ®µ" > GEN_PLUGINS_ENABLED="æ件已å¼å¯" >-GEN_VERBOSE_MODE="详述模å¼" > GEN_UPDATE_AVAILABLE="æå¯ä»¥æ´æ°ççæ¬" >+GEN_VERBOSE_MODE="详述模å¼" > GEN_WHAT_TO_DO="åä»ä¹" >-NOTE_EXCEPTIONS_FOUND="åç°å¼å¸¸" > NOTE_EXCEPTIONS_FOUND_DETAILED="åç°ä¸äºå¼å¸¸çäºä»¶æèä¿¡æ¯" >+NOTE_EXCEPTIONS_FOUND="åç°å¼å¸¸" > NOTE_PLUGINS_TAKE_TIME="注æï¼æ件ææ´å¤çæµè¯å¯è½ä¼éè¦å åéæè½å®æ" > NOTE_SKIPPED_SKIPPED_TESTS_NON_PRIVILEGED="å éç¹æ模å¼èè·³è¿çæµè¯" >+NOTE_SKIPPED_TESTS_NON_PRIVILEGED="å éç¹æ模å¼èè·³è¿çæµè¯" >+#SECTION_ACCOUNTING="Accounting" >+#SECTION_BANNERS_AND_IDENTIFICATION="Banners and identification" >+#SECTION_BASICS="Basics" >+#SECTION_BOOT_AND_SERVICES="Boot and services" >+#SECTION_CONTAINERS="Containers" >+#SECTION_CRYPTOGRAPHY="Cryptography" > SECTION_CUSTOM_TESTS="èªå®ä¹æµè¯" >+#SECTION_DATABASES="Databases" >+#SECTION_DATA_UPLOAD="Data upload" >+#SECTION_DOWNLOADS="Downloads" >+#SECTION_EMAIL_AND_MESSAGING="Software: e-mail and messaging" >+#SECTION_FILE_INTEGRITY="Software: file integrity" >+#SECTION_FILE_PERMISSIONS="File Permissions" >+#SECTION_FILE_SYSTEMS="File systems" >+#SECTION_FIREWALLS="Software: firewalls" >+#SECTION_GENERAL="General" >+#SECTION_HARDENING="Hardening" >+#SECTION_HOME_DIRECTORIES="Home directories" >+#SECTION_IMAGE="Image" >+#SECTION_INITIALIZING_PROGRAM="Initializing program" >+#SECTION_INSECURE_SERVICES="Insecure services" >+#SECTION_KERNEL_HARDENING="Kernel Hardening" >+#SECTION_KERNEL="Kernel" >+#SECTION_LDAP_SERVICES="LDAP Services" >+#SECTION_LOGGING_AND_FILES="Logging and files" > SECTION_MALWARE="æ¶æ软件" > SECTION_MEMORY_AND_PROCESSES="ååä¸è¿ç¨" >+#SECTION_NAME_SERVICES="Name services" >+#SECTION_NETWORKING="Networking" >+#SECTION_PERMISSIONS="Permissions" >+#SECTION_PORTS_AND_PACKAGES="Ports and packages" >+#SECTION_PRINTERS_AND_SPOOLS="Printers and Spools" >+#SECTION_PROGRAM_DETAILS="Program Details" >+#SECTION_SCHEDULED_TASKS="Scheduled tasks" >+#SECTION_SECURITY_FRAMEWORKS="Security frameworks" >+#SECTION_SHELLS="Shells" >+#SECTION_SNMP_SUPPORT="SNMP Support" >+#SECTION_SOFTWARE="Software" >+#SECTION_SQUID_SUPPORT="Squid Support" >+#SECTION_SSH_SUPPORT="SSH Support" >+#SECTION_STORAGE="Storage" >+#SECTION_SYSTEM_INTEGRITY="Software: System integrity" >+#SECTION_SYSTEM_TOOLING="Software: System tooling" >+#SECTION_SYSTEM_TOOLS="System tools" >+#SECTION_TIME_AND_SYNCHRONIZATION="Time and Synchronization" >+#SECTION_USB_DEVICES="USB Devices" >+#SECTION_USERS_GROUPS_AND_AUTHENTICATION="Users, Groups and Authentication" >+#SECTION_VIRTUALIZATION="Virtualization" >+#SECTION_WEBSERVER="Software: webserver" >+#STATUS_ACTIVE="ACTIVE" >+#STATUS_CHECK_NEEDED="CHECK NEEDED" >+#STATUS_DEBUG="DEBUG" >+#STATUS_DEFAULT="DEFAULT" >+#STATUS_DIFFERENT="DIFFERENT" >+STATUS_DISABLED="ç¦ç¨" > STATUS_DONE="å®æ" >+STATUS_ENABLED="å¯ç¨" >+STATUS_ERROR="é误" >+#STATUS_EXPOSED="EXPOSED" >+#STATUS_FAILED="FAILED" >+#STATUS_FILES_FOUND="FILES FOUND" > STATUS_FOUND="æ¾å°" >-STATUS_YES="æ¯" >+#STATUS_HARDENED="HARDENED" >+#STATUS_INSTALLED="INSTALLED" >+#STATUS_LOCAL_ONLY="LOCAL ONLY" >+#STATUS_MEDIUM="MEDIUM" >+#STATUS_NON_DEFAULT="NON DEFAULT" >+STATUS_NONE="没æ" >+#STATUS_NOT_CONFIGURED="NOT CONFIGURED" >+#STATUS_NOT_DISABLED="NOT DISABLED" >+#STATUS_NOT_ENABLED="NOT ENABLED" >+STATUS_NOT_FOUND="没ææ¾å°" >+STATUS_NOT_RUNNING="没æè¿è¡" >+#STATUS_NO_UPDATE="NO UPDATE" > STATUS_NO="ä¸æ¯" > STATUS_OFF="å³é" > STATUS_OK="æ£å¸¸" > STATUS_ON="å¼å¯" >-STATUS_NONE="没æ" >-STATUS_NOT_FOUND="没ææ¾å°" >-STATUS_NOT_RUNNING="没æè¿è¡" >+#STATUS_PARTIALLY_HARDENED="PARTIALLY HARDENED" >+#STATUS_PROTECTED="PROTECTED" > STATUS_RUNNING="è¿è¡" > STATUS_SKIPPED="è·³è¿" > STATUS_SUGGESTION="建议" > STATUS_UNKNOWN="æªç¥" >+#STATUS_UNSAFE="UNSAFE" >+#STATUS_UPDATE_AVAILABLE="UPDATE AVAILABLE" > STATUS_WARNING="è¦å" >-TEXT_YOU_CAN_HELP_LOGFILE="ä½ å¯ä»¥éè¿è®°å½æ¥å¿æ¥å¸®å¿" >+#STATUS_WEAK="WEAK" >+STATUS_YES="æ¯" > TEXT_UPDATE_AVAILABLE="æå¯ä»¥æ´æ°ççæ¬" >-NOTE_SKIPPED_TESTS_NON_PRIVILEGED="å éç¹æ模å¼èè·³è¿çæµè¯" >-STATUS_DISABLED="ç¦ç¨" >-STATUS_ENABLED="å¯ç¨" >-STATUS_ERROR="é误" >-ERROR_NO_LICENSE="没æéç½®ç许å¯è¯å¯é¥" >-ERROR_NO_UPLOAD_SERVER="没æéç½®çä¸ä¼ æå¡å¨" >+TEXT_YOU_CAN_HELP_LOGFILE="ä½ å¯ä»¥éè¿è®°å½æ¥å¿æ¥å¸®å¿" >diff -ur lynis-3.0.0/db/languages/da lynis-3.0.8/db/languages/da >--- lynis-3.0.0/db/languages/da 2020-06-18 03:00:00 >+++ lynis-3.0.8/db/languages/da 2022-05-17 03:00:00 >@@ -10,32 +10,98 @@ > GEN_UPDATE_AVAILABLE="opdatering tilgængelig" > GEN_VERBOSE_MODE="Detaljeret tilstand" > GEN_WHAT_TO_DO="At gøre" >-NOTE_EXCEPTIONS_FOUND="Undtagelser fundet" > NOTE_EXCEPTIONS_FOUND_DETAILED="Nogle usædvanlige hændelser eller information var fundet" >+NOTE_EXCEPTIONS_FOUND="Undtagelser fundet" > NOTE_PLUGINS_TAKE_TIME="Bemærk: plugins har mere omfattende tests og kan tage flere minutter at fuldføre" > NOTE_SKIPPED_TESTS_NON_PRIVILEGED="Sprang over tests pÃ¥ grund af ikke-privilegeret tilstand" >+#SECTION_ACCOUNTING="Accounting" >+#SECTION_BANNERS_AND_IDENTIFICATION="Banners and identification" >+#SECTION_BASICS="Basics" >+#SECTION_BOOT_AND_SERVICES="Boot and services" >+#SECTION_CONTAINERS="Containers" >+#SECTION_CRYPTOGRAPHY="Cryptography" > SECTION_CUSTOM_TESTS="Brugerdefinerede Tests" >+#SECTION_DATABASES="Databases" >+#SECTION_DATA_UPLOAD="Data upload" >+#SECTION_DOWNLOADS="Downloads" >+#SECTION_EMAIL_AND_MESSAGING="Software: e-mail and messaging" >+#SECTION_FILE_INTEGRITY="Software: file integrity" >+#SECTION_FILE_PERMISSIONS="File Permissions" >+#SECTION_FILE_SYSTEMS="File systems" >+#SECTION_FIREWALLS="Software: firewalls" >+#SECTION_GENERAL="General" >+#SECTION_HARDENING="Hardening" >+#SECTION_HOME_DIRECTORIES="Home directories" >+#SECTION_IMAGE="Image" >+#SECTION_INITIALIZING_PROGRAM="Initializing program" >+#SECTION_INSECURE_SERVICES="Insecure services" >+#SECTION_KERNEL_HARDENING="Kernel Hardening" >+#SECTION_KERNEL="Kernel" >+#SECTION_LDAP_SERVICES="LDAP Services" >+#SECTION_LOGGING_AND_FILES="Logging and files" > SECTION_MALWARE="Malware" > SECTION_MEMORY_AND_PROCESSES="Hukommelse og Processer" >+#SECTION_NAME_SERVICES="Name services" >+#SECTION_NETWORKING="Networking" >+#SECTION_PERMISSIONS="Permissions" >+#SECTION_PORTS_AND_PACKAGES="Ports and packages" >+#SECTION_PRINTERS_AND_SPOOLS="Printers and Spools" >+#SECTION_PROGRAM_DETAILS="Program Details" >+#SECTION_SCHEDULED_TASKS="Scheduled tasks" >+#SECTION_SECURITY_FRAMEWORKS="Security frameworks" >+#SECTION_SHELLS="Shells" >+#SECTION_SNMP_SUPPORT="SNMP Support" >+#SECTION_SOFTWARE="Software" >+#SECTION_SQUID_SUPPORT="Squid Support" >+#SECTION_SSH_SUPPORT="SSH Support" >+#SECTION_STORAGE="Storage" >+#SECTION_SYSTEM_INTEGRITY="Software: System integrity" >+#SECTION_SYSTEM_TOOLING="Software: System tooling" >+#SECTION_SYSTEM_TOOLS="System tools" >+#SECTION_TIME_AND_SYNCHRONIZATION="Time and Synchronization" >+#SECTION_USB_DEVICES="USB Devices" >+#SECTION_USERS_GROUPS_AND_AUTHENTICATION="Users, Groups and Authentication" >+#SECTION_VIRTUALIZATION="Virtualization" >+#SECTION_WEBSERVER="Software: webserver" >+#STATUS_ACTIVE="ACTIVE" >+#STATUS_CHECK_NEEDED="CHECK NEEDED" >+#STATUS_DEBUG="DEBUG" >+#STATUS_DEFAULT="DEFAULT" >+#STATUS_DIFFERENT="DIFFERENT" > STATUS_DISABLED="DEAKTIVERET" > STATUS_DONE="FÃRDIG" > STATUS_ENABLED="AKTIVERET" >-STATUS_NOT_ENABLED="IKKE AKTIVERET" > STATUS_ERROR="FEJL" >+#STATUS_EXPOSED="EXPOSED" >+#STATUS_FAILED="FAILED" >+#STATUS_FILES_FOUND="FILES FOUND" > STATUS_FOUND="FUNDET" >-STATUS_YES="JA" >+#STATUS_HARDENED="HARDENED" >+#STATUS_INSTALLED="INSTALLED" >+#STATUS_LOCAL_ONLY="LOCAL ONLY" >+#STATUS_MEDIUM="MEDIUM" >+#STATUS_NON_DEFAULT="NON DEFAULT" >+STATUS_NONE="INGEN" > STATUS_NO="NEJ" >+#STATUS_NOT_CONFIGURED="NOT CONFIGURED" >+#STATUS_NOT_DISABLED="NOT DISABLED" >+STATUS_NOT_ENABLED="IKKE AKTIVERET" >+STATUS_NOT_FOUND="IKKE FUNDET" >+STATUS_NOT_RUNNING="KÃRER IKKE" >+#STATUS_NO_UPDATE="NO UPDATE" > STATUS_OFF="FRA" > STATUS_OK="OK" > STATUS_ON="TIL" >-STATUS_NONE="INGEN" >-STATUS_NOT_FOUND="IKKE FUNDET" >-STATUS_NOT_RUNNING="KÃRER IKKE" >+#STATUS_PARTIALLY_HARDENED="PARTIALLY HARDENED" >+#STATUS_PROTECTED="PROTECTED" > STATUS_RUNNING="KÃRER" > STATUS_SKIPPED="SPRUNGET OVER" > STATUS_SUGGESTION="FORSLAG" > STATUS_UNKNOWN="UKENDT" >+#STATUS_UNSAFE="UNSAFE" >+#STATUS_UPDATE_AVAILABLE="UPDATE AVAILABLE" > STATUS_WARNING="ADVARSEL" > STATUS_WEAK="SVAG" >-TEXT_YOU_CAN_HELP_LOGFILE="Du kan hjælpe ved at bidrage med din logfil" >+STATUS_YES="JA" > TEXT_UPDATE_AVAILABLE="opdatering tilgængelig" >+TEXT_YOU_CAN_HELP_LOGFILE="Du kan hjælpe ved at bidrage med din logfil" >diff -ur lynis-3.0.0/db/languages/de lynis-3.0.8/db/languages/de >--- lynis-3.0.0/db/languages/de 2020-06-18 03:00:00 >+++ lynis-3.0.8/db/languages/de 2022-05-17 03:00:00 >@@ -1,38 +1,107 @@ >-GEN_PHASE="Phase" >+ERROR_NO_LICENSE="Kein Lizenzschlüssel eingerichtet" >+ERROR_NO_UPLOAD_SERVER="Kein Upload-Server eingerichtet" > GEN_CHECKING="Ãberprüfung" > GEN_CURRENT_VERSION="Aktuelle Version" > GEN_DEBUG_MODE="Debug-Modus" >-GEN_INITIALIZE_PROGRAM="Initiiere Programm" >+GEN_INITIALIZE_PROGRAM="Initialisiere Programm" >+GEN_LATEST_VERSION="Aktuellste Version" >+GEN_PHASE="Phase" > GEN_PLUGINS_ENABLED="Plugins aktiviert" >-GEN_VERBOSE_MODE="Ausführlicher Modus" > GEN_UPDATE_AVAILABLE="Aktualisierung verfügbar" >+GEN_VERBOSE_MODE="Ausführlicher Modus" > GEN_WHAT_TO_DO="Was zu tun ist" > NOTE_EXCEPTIONS_FOUND="Abweichungen gefunden" > NOTE_EXCEPTIONS_FOUND_DETAILED="Einige auÃergewöhnliche Ereignisse oder Informationen wurden gefunden" > NOTE_PLUGINS_TAKE_TIME="Beachte: Plugins beinhalten eingehendere Tests und können mehrere Minuten benötigen, bis sie abgeschlossen sind" >+NOTE_SKIPPED_TESTS_NON_PRIVILEGED="Ãbersprungene Tests aufgrund nicht privilegiertem Modus" >+SECTION_ACCOUNTING="Accounting" >+SECTION_BANNERS_AND_IDENTIFICATION="Banner und Identifizierung" >+SECTION_BASICS="Grundlegendes" >+SECTION_BOOT_AND_SERVICES="Systemstart und Dienste" >+SECTION_CONTAINERS="Container" >+SECTION_CRYPTOGRAPHY="Kryptographie" > SECTION_CUSTOM_TESTS="Benutzerdefinierte Tests" >-SECTION_MALWARE="Malware" >-SECTION_MEMORY_AND_PROCESSES="Speicher und Prozesse" >+SECTION_DATA_UPLOAD="Daten hochladen" >+SECTION_DATABASES="Datenbanken" >+SECTION_DOWNLOADS="Downloads" >+SECTION_EMAIL_AND_MESSAGING="Software: E-Mail und Messaging" >+SECTION_FILE_INTEGRITY="Software: Dateintegrität" >+SECTION_FILE_PERMISSIONS="Dateiberechtigungen" >+SECTION_FILE_SYSTEMS="Dateisysteme" >+SECTION_FIREWALLS="Software: Firewalls" >+SECTION_GENERAL="Allgemein" >+SECTION_HARDENING="Härtung" >+SECTION_HOME_DIRECTORIES="Heimatverzeichnisse" >+SECTION_IMAGE="Image" >+SECTION_INITIALIZING_PROGRAM="Initialisiere Programm" >+SECTION_INSECURE_SERVICES="Unsichere Dienste" >+SECTION_KERNEL="Kernel" >+SECTION_KERNEL_HARDENING="Kernelhärtung" >+SECTION_LDAP_SERVICES="LDAP Dienste" >+SECTION_LOGGING_AND_FILES="Logs und Logdateien" >+SECTION_MALWARE="Software: Malware" >+SECTION_MEMORY_AND_PROCESSES="Software: Speicher und Prozesse" >+SECTION_NAME_SERVICES="Namensauflösung" >+SECTION_NETWORKING="Netzwerk" >+SECTION_PERMISSIONS="Berechtigungen" >+SECTION_PORTS_AND_PACKAGES="Ports und Pakete" >+SECTION_PRINTERS_AND_SPOOLS="Drucker und Warteschlange" >+SECTION_PROGRAM_DETAILS="Programmdetails" >+SECTION_SCHEDULED_TASKS="Geplante Aufgaben" >+SECTION_SECURITY_FRAMEWORKS="Sicherheitsframeworks" >+SECTION_SHELLS="Shells" >+SECTION_SNMP_SUPPORT="SNMP Unterstützung" >+SECTION_SOFTWARE="Software" >+SECTION_SQUID_SUPPORT="Squid" >+SECTION_SSH_SUPPORT="SSH" >+SECTION_STORAGE="Speicher" >+SECTION_SYSTEM_INTEGRITY="Software: Systemintegrität" >+SECTION_SYSTEM_TOOLING="Software: Systemwerkzeuge" >+SECTION_SYSTEM_TOOLS="Systemwerkzeuge" >+SECTION_TIME_AND_SYNCHRONIZATION="Zeit und Zeitsynchronisierung" >+SECTION_USB_DEVICES="USB Geräte" >+SECTION_USERS_GROUPS_AND_AUTHENTICATION="Benutzer, Gruppen und Authentifizierung" >+SECTION_VIRTUALIZATION="Virtualisierung" >+SECTION_WEBSERVER="Software: Webserver" >+STATUS_ACTIVE="AKTIV" >+STATUS_CHECK_NEEDED="ÃBERPRÃFUNG BENÃTIGT" >+STATUS_DEBUG="DEBUG" >+STATUS_DEFAULT="STANDARD" >+STATUS_DIFFERENT="UNTERSCHIEDLICH" >+STATUS_DISABLED="DEAKTIVIERT" > STATUS_DONE="FERTIG" >+STATUS_ENABLED="AKTIVIERT" >+STATUS_ERROR="FEHLER" >+STATUS_EXPOSED="VERWUNDBAR" >+STATUS_FAILED="FEHLERHAFT" >+STATUS_FILES_FOUND="DATEIEN GEFUNDEN" > STATUS_FOUND="GEFUNDEN" >-STATUS_YES="JA" >+STATUS_HARDENED="GEHÃRTET" >+STATUS_INSTALLED="INSTALLIERT" >+STATUS_LOCAL_ONLY="NUR LOKAL" >+STATUS_MEDIUM="MITTEL" > STATUS_NO="NEIN" >-STATUS_OFF="AUS" >-STATUS_OK="OK" >-STATUS_ON="AN" >+STATUS_NO_UPDATE="KEINE AKTUALISIERUNG" >+STATUS_NON_DEFAULT="NICHT STANDARD" > STATUS_NONE="NICHTS" >+STATUS_NOT_CONFIGURED="NICHT KONFIGURIERT" >+STATUS_NOT_DISABLED="NICHT DEAKTIVIERT" >+STATUS_NOT_ENABLED="NICHT AKTIVIERT" > STATUS_NOT_FOUND="NICHT GEFUNDEN" > STATUS_NOT_RUNNING="LÃUFT NICHT" >+STATUS_OFF="AUS" >+STATUS_OK="OK" >+STATUS_ON="AN" >+STATUS_PARTIALLY_HARDENED="TEILWEISE GEHÃRTET" >+STATUS_PROTECTED="GESCHÃTZT" > STATUS_RUNNING="LÃUFT" > STATUS_SKIPPED="ÃBERSPRUNGEN" > STATUS_SUGGESTION="VORSCHLAG" > STATUS_UNKNOWN="UNBEKANNT" >+STATUS_UNSAFE="UNSICHER" >+STATUS_UPDATE_AVAILABLE="AKTUALISIERUNG VERFÃGBAR" > STATUS_WARNING="WARNUNG" >-TEXT_YOU_CAN_HELP_LOGFILE="Sie können durch Ãbermittlung Ihrer Logdatei helfen" >+STATUS_WEAK="SCHWACH" >+STATUS_YES="JA" > TEXT_UPDATE_AVAILABLE="Aktualisierung verfügbar" >-NOTE_SKIPPED_TESTS_NON_PRIVILEGED="Ãbersprungene Tests aufgrund nicht privilegiertem Modus" >-STATUS_DISABLED="DEAKTIVIERT" >-STATUS_ENABLED="AKTIVIERT" >-STATUS_ERROR="FEHLER" >-ERROR_NO_LICENSE="Kein Lizenzschlüssel eingerichtet" >-ERROR_NO_UPLOAD_SERVER="Kein Upload-Server eingerichtet" >+TEXT_YOU_CAN_HELP_LOGFILE="Sie können durch Ãbermittlung Ihrer Logdatei helfen" >Only in lynis-3.0.8/db/languages: de-AT >diff -ur lynis-3.0.0/db/languages/en lynis-3.0.8/db/languages/en >--- lynis-3.0.0/db/languages/en 2020-06-18 03:00:00 >+++ lynis-3.0.8/db/languages/en 2022-05-17 03:00:00 >@@ -14,32 +14,94 @@ > NOTE_EXCEPTIONS_FOUND_DETAILED="Some exceptional events or information was found" > NOTE_PLUGINS_TAKE_TIME="Note: plugins have more extensive tests and may take several minutes to complete" > NOTE_SKIPPED_TESTS_NON_PRIVILEGED="Skipped tests due to non-privileged mode" >+SECTION_ACCOUNTING="Accounting" >+SECTION_BANNERS_AND_IDENTIFICATION="Banners and identification" >+SECTION_BASICS="Basics" >+SECTION_BOOT_AND_SERVICES="Boot and services" >+SECTION_CONTAINERS="Containers" >+SECTION_CRYPTOGRAPHY="Cryptography" > SECTION_CUSTOM_TESTS="Custom tests" > SECTION_DATA_UPLOAD="Data upload" >+SECTION_DATABASES="Databases" >+SECTION_DOWNLOADS="Downloads" >+SECTION_EMAIL_AND_MESSAGING="Software: e-mail and messaging" >+SECTION_FILE_INTEGRITY="Software: file integrity" >+SECTION_FILE_PERMISSIONS="File Permissions" >+SECTION_FILE_SYSTEMS="File systems" >+SECTION_FIREWALLS="Software: firewalls" >+SECTION_GENERAL="General" >+SECTION_HARDENING="Hardening" >+SECTION_HOME_DIRECTORIES="Home directories" >+SECTION_IMAGE="Image" > SECTION_INITIALIZING_PROGRAM="Initializing program" >-SECTION_MALWARE="Malware" >+SECTION_INSECURE_SERVICES="Insecure services" >+SECTION_KERNEL="Kernel" >+SECTION_KERNEL_HARDENING="Kernel Hardening" >+SECTION_LDAP_SERVICES="LDAP Services" >+SECTION_LOGGING_AND_FILES="Logging and files" >+SECTION_MALWARE="Software: Malware" > SECTION_MEMORY_AND_PROCESSES="Memory and Processes" >+SECTION_NAME_SERVICES="Name services" >+SECTION_NETWORKING="Networking" >+SECTION_PERMISSIONS="Permissions" >+SECTION_PORTS_AND_PACKAGES="Ports and packages" >+SECTION_PRINTERS_AND_SPOOLS="Printers and Spools" >+SECTION_PROGRAM_DETAILS="Program Details" >+SECTION_SCHEDULED_TASKS="Scheduled tasks" >+SECTION_SECURITY_FRAMEWORKS="Security frameworks" >+SECTION_SHELLS="Shells" >+SECTION_SNMP_SUPPORT="SNMP Support" >+SECTION_SOFTWARE="Software" >+SECTION_SQUID_SUPPORT="Squid Support" >+SECTION_SSH_SUPPORT="SSH Support" >+SECTION_STORAGE="Storage" >+SECTION_SYSTEM_INTEGRITY="Software: System integrity" >+SECTION_SYSTEM_TOOLING="Software: System tooling" > SECTION_SYSTEM_TOOLS="System tools" >+SECTION_TIME_AND_SYNCHRONIZATION="Time and Synchronization" >+SECTION_USB_DEVICES="USB Devices" >+SECTION_USERS_GROUPS_AND_AUTHENTICATION="Users, Groups and Authentication" >+SECTION_VIRTUALIZATION="Virtualization" >+SECTION_WEBSERVER="Software: webserver" >+STATUS_ACTIVE="ACTIVE" >+STATUS_CHECK_NEEDED="CHECK NEEDED" >+STATUS_DEBUG="DEBUG" >+STATUS_DEFAULT="DEFAULT" >+STATUS_DIFFERENT="DIFFERENT" > STATUS_DISABLED="DISABLED" > STATUS_DONE="DONE" > STATUS_ENABLED="ENABLED" > STATUS_ERROR="ERROR" >+STATUS_EXPOSED="EXPOSED" > STATUS_FAILED="FAILED" >+STATUS_FILES_FOUND="FILES FOUND" > STATUS_FOUND="FOUND" >-STATUS_OFF="OFF" >-STATUS_OK="OK" >-STATUS_ON="ON" >+STATUS_HARDENED="HARDENED" >+STATUS_INSTALLED="INSTALLED" >+STATUS_LOCAL_ONLY="LOCAL ONLY" >+STATUS_MEDIUM="MEDIUM" > STATUS_NO="NO" >+STATUS_NO_UPDATE="NO UPDATE" >+STATUS_NON_DEFAULT="NON DEFAULT" > STATUS_NONE="NONE" > STATUS_NOT_CONFIGURED="NOT CONFIGURED" >+STATUS_NOT_DISABLED="NOT DISABLED" >+STATUS_NOT_ENABLED="NOT ENABLED" > STATUS_NOT_FOUND="NOT FOUND" > STATUS_NOT_RUNNING="NOT RUNNING" >+STATUS_OFF="OFF" >+STATUS_OK="OK" >+STATUS_ON="ON" >+STATUS_PARTIALLY_HARDENED="PARTIALLY HARDENED" >+STATUS_PROTECTED="PROTECTED" > STATUS_RUNNING="RUNNING" > STATUS_SKIPPED="SKIPPED" > STATUS_SUGGESTION="SUGGESTION" > STATUS_UNKNOWN="UNKNOWN" >+STATUS_UNSAFE="UNSAFE" >+STATUS_UPDATE_AVAILABLE="UPDATE AVAILABLE" > STATUS_WARNING="WARNING" > STATUS_WEAK="WEAK" > STATUS_YES="YES" >-TEXT_YOU_CAN_HELP_LOGFILE="You can help by providing your log file" > TEXT_UPDATE_AVAILABLE="update available" >+TEXT_YOU_CAN_HELP_LOGFILE="You can help by providing your log file" >diff -ur lynis-3.0.0/db/languages/en-GB lynis-3.0.8/db/languages/en-GB >--- lynis-3.0.0/db/languages/en-GB 2020-06-18 03:00:00 >+++ lynis-3.0.8/db/languages/en-GB 2022-05-17 03:00:00 >@@ -14,32 +14,94 @@ > NOTE_EXCEPTIONS_FOUND_DETAILED="Some exceptional events or information was found" > NOTE_PLUGINS_TAKE_TIME="Note: plugins have more extensive tests and may take several minutes to complete" > NOTE_SKIPPED_TESTS_NON_PRIVILEGED="Skipped tests due to non-privileged mode" >+SECTION_ACCOUNTING="Accounting" >+SECTION_BANNERS_AND_IDENTIFICATION="Banners and identification" >+SECTION_BASICS="Basics" >+SECTION_BOOT_AND_SERVICES="Boot and services" >+SECTION_CONTAINERS="Containers" >+SECTION_CRYPTOGRAPHY="Cryptography" > SECTION_CUSTOM_TESTS="Custom tests" > SECTION_DATA_UPLOAD="Data upload" >+SECTION_DATABASES="Databases" >+SECTION_DOWNLOADS="Downloads" >+SECTION_EMAIL_AND_MESSAGING="Software: e-mail and messaging" >+SECTION_FILE_INTEGRITY="Software: file integrity" >+SECTION_FILE_PERMISSIONS="File Permissions" >+SECTION_FILE_SYSTEMS="File systems" >+SECTION_FIREWALLS="Software: firewalls" >+SECTION_GENERAL="General" >+SECTION_HARDENING="Hardening" >+SECTION_HOME_DIRECTORIES="Home directories" >+SECTION_IMAGE="Image" > SECTION_INITIALIZING_PROGRAM="Initializing program" >-SECTION_MALWARE="Malware" >+SECTION_INSECURE_SERVICES="Insecure services" >+SECTION_KERNEL="Kernel" >+SECTION_KERNEL_HARDENING="Kernel Hardening" >+SECTION_LDAP_SERVICES="LDAP Services" >+SECTION_LOGGING_AND_FILES="Logging and files" >+SECTION_MALWARE="Software: Malware" > SECTION_MEMORY_AND_PROCESSES="Memory and Processes" >+SECTION_NAME_SERVICES="Name services" >+SECTION_NETWORKING="Networking" >+SECTION_PERMISSIONS="Permissions" >+SECTION_PORTS_AND_PACKAGES="Ports and packages" >+SECTION_PRINTERS_AND_SPOOLS="Printers and Spools" >+SECTION_PROGRAM_DETAILS="Program Details" >+SECTION_SCHEDULED_TASKS="Scheduled tasks" >+SECTION_SECURITY_FRAMEWORKS="Security frameworks" >+SECTION_SHELLS="Shells" >+SECTION_SNMP_SUPPORT="SNMP Support" >+SECTION_SOFTWARE="Software" >+SECTION_SQUID_SUPPORT="Squid Support" >+SECTION_SSH_SUPPORT="SSH Support" >+SECTION_STORAGE="Storage" >+SECTION_SYSTEM_INTEGRITY="Software: System integrity" >+SECTION_SYSTEM_TOOLING="Software: System tooling" > SECTION_SYSTEM_TOOLS="System tools" >+SECTION_TIME_AND_SYNCHRONIZATION="Time and Synchronization" >+SECTION_USB_DEVICES="USB Devices" >+SECTION_USERS_GROUPS_AND_AUTHENTICATION="Users, Groups and Authentication" >+SECTION_VIRTUALIZATION="Virtualization" >+SECTION_WEBSERVER="Software: webserver" >+STATUS_ACTIVE="ACTIVE" >+STATUS_CHECK_NEEDED="CHECK NEEDED" >+STATUS_DEBUG="DEBUG" >+STATUS_DEFAULT="DEFAULT" >+STATUS_DIFFERENT="DIFFERENT" > STATUS_DISABLED="DISABLED" > STATUS_DONE="DONE" > STATUS_ENABLED="ENABLED" > STATUS_ERROR="ERROR" >+STATUS_EXPOSED="EXPOSED" > STATUS_FAILED="FAILED" >+STATUS_FILES_FOUND="FILES FOUND" > STATUS_FOUND="FOUND" >-STATUS_OFF="OFF" >-STATUS_OK="OK" >-STATUS_ON="ON" >+STATUS_HARDENED="HARDENED" >+STATUS_INSTALLED="INSTALLED" >+STATUS_LOCAL_ONLY="LOCAL ONLY" >+STATUS_MEDIUM="MEDIUM" > STATUS_NO="NO" >+STATUS_NO_UPDATE="NO UPDATE" >+STATUS_NON_DEFAULT="NON DEFAULT" > STATUS_NONE="NONE" > STATUS_NOT_CONFIGURED="NOT CONFIGURED" >+STATUS_NOT_DISABLED="NOT DISABLED" >+STATUS_NOT_ENABLED="NOT ENABLED" > STATUS_NOT_FOUND="NOT FOUND" > STATUS_NOT_RUNNING="NOT RUNNING" >+STATUS_OFF="OFF" >+STATUS_OK="OK" >+STATUS_ON="ON" >+STATUS_PARTIALLY_HARDENED="PARTIALLY HARDENED" >+STATUS_PROTECTED="PROTECTED" > STATUS_RUNNING="RUNNING" > STATUS_SKIPPED="SKIPPED" > STATUS_SUGGESTION="SUGGESTION" > STATUS_UNKNOWN="UNKNOWN" >+STATUS_UNSAFE="UNSAFE" >+STATUS_UPDATE_AVAILABLE="UPDATE AVAILABLE" > STATUS_WARNING="WARNING" > STATUS_WEAK="WEAK" > STATUS_YES="YES" >-TEXT_YOU_CAN_HELP_LOGFILE="You can help by providing your log file" > TEXT_UPDATE_AVAILABLE="update available" >+TEXT_YOU_CAN_HELP_LOGFILE="You can help by providing your log file" >diff -ur lynis-3.0.0/db/languages/en-US lynis-3.0.8/db/languages/en-US >--- lynis-3.0.0/db/languages/en-US 2020-06-18 03:00:00 >+++ lynis-3.0.8/db/languages/en-US 2022-05-17 03:00:00 >@@ -14,32 +14,94 @@ > NOTE_EXCEPTIONS_FOUND_DETAILED="Some exceptional events or information was found" > NOTE_PLUGINS_TAKE_TIME="Note: plugins have more extensive tests and may take several minutes to complete" > NOTE_SKIPPED_TESTS_NON_PRIVILEGED="Skipped tests due to non-privileged mode" >+SECTION_ACCOUNTING="Accounting" >+SECTION_BANNERS_AND_IDENTIFICATION="Banners and identification" >+SECTION_BASICS="Basics" >+SECTION_BOOT_AND_SERVICES="Boot and services" >+SECTION_CONTAINERS="Containers" >+SECTION_CRYPTOGRAPHY="Cryptography" > SECTION_CUSTOM_TESTS="Custom tests" > SECTION_DATA_UPLOAD="Data upload" >+SECTION_DATABASES="Databases" >+SECTION_DOWNLOADS="Downloads" >+SECTION_EMAIL_AND_MESSAGING="Software: e-mail and messaging" >+SECTION_FILE_INTEGRITY="Software: file integrity" >+SECTION_FILE_PERMISSIONS="File Permissions" >+SECTION_FILE_SYSTEMS="File systems" >+SECTION_FIREWALLS="Software: firewalls" >+SECTION_GENERAL="General" >+SECTION_HARDENING="Hardening" >+SECTION_HOME_DIRECTORIES="Home directories" >+SECTION_IMAGE="Image" > SECTION_INITIALIZING_PROGRAM="Initializing program" >-SECTION_MALWARE="Malware" >+SECTION_INSECURE_SERVICES="Insecure services" >+SECTION_KERNEL="Kernel" >+SECTION_KERNEL_HARDENING="Kernel Hardening" >+SECTION_LDAP_SERVICES="LDAP Services" >+SECTION_LOGGING_AND_FILES="Logging and files" >+SECTION_MALWARE="Software: Malware" > SECTION_MEMORY_AND_PROCESSES="Memory and Processes" >+SECTION_NAME_SERVICES="Name services" >+SECTION_NETWORKING="Networking" >+SECTION_PERMISSIONS="Permissions" >+SECTION_PORTS_AND_PACKAGES="Ports and packages" >+SECTION_PRINTERS_AND_SPOOLS="Printers and Spools" >+SECTION_PROGRAM_DETAILS="Program Details" >+SECTION_SCHEDULED_TASKS="Scheduled tasks" >+SECTION_SECURITY_FRAMEWORKS="Security frameworks" >+SECTION_SHELLS="Shells" >+SECTION_SNMP_SUPPORT="SNMP Support" >+SECTION_SOFTWARE="Software" >+SECTION_SQUID_SUPPORT="Squid Support" >+SECTION_SSH_SUPPORT="SSH Support" >+SECTION_STORAGE="Storage" >+SECTION_SYSTEM_INTEGRITY="Software: System integrity" >+SECTION_SYSTEM_TOOLING="Software: System tooling" > SECTION_SYSTEM_TOOLS="System tools" >+SECTION_TIME_AND_SYNCHRONIZATION="Time and Synchronization" >+SECTION_USB_DEVICES="USB Devices" >+SECTION_USERS_GROUPS_AND_AUTHENTICATION="Users, Groups and Authentication" >+SECTION_VIRTUALIZATION="Virtualization" >+SECTION_WEBSERVER="Software: webserver" >+STATUS_ACTIVE="ACTIVE" >+STATUS_CHECK_NEEDED="CHECK NEEDED" >+STATUS_DEBUG="DEBUG" >+STATUS_DEFAULT="DEFAULT" >+STATUS_DIFFERENT="DIFFERENT" > STATUS_DISABLED="DISABLED" > STATUS_DONE="DONE" > STATUS_ENABLED="ENABLED" > STATUS_ERROR="ERROR" >+STATUS_EXPOSED="EXPOSED" > STATUS_FAILED="FAILED" >+STATUS_FILES_FOUND="FILES FOUND" > STATUS_FOUND="FOUND" >-STATUS_OFF="OFF" >-STATUS_OK="OK" >-STATUS_ON="ON" >+STATUS_HARDENED="HARDENED" >+STATUS_INSTALLED="INSTALLED" >+STATUS_LOCAL_ONLY="LOCAL ONLY" >+STATUS_MEDIUM="MEDIUM" > STATUS_NO="NO" >+STATUS_NO_UPDATE="NO UPDATE" >+STATUS_NON_DEFAULT="NON DEFAULT" > STATUS_NONE="NONE" > STATUS_NOT_CONFIGURED="NOT CONFIGURED" >+STATUS_NOT_DISABLED="NOT DISABLED" >+STATUS_NOT_ENABLED="NOT ENABLED" > STATUS_NOT_FOUND="NOT FOUND" > STATUS_NOT_RUNNING="NOT RUNNING" >+STATUS_OFF="OFF" >+STATUS_OK="OK" >+STATUS_ON="ON" >+STATUS_PARTIALLY_HARDENED="PARTIALLY HARDENED" >+STATUS_PROTECTED="PROTECTED" > STATUS_RUNNING="RUNNING" > STATUS_SKIPPED="SKIPPED" > STATUS_SUGGESTION="SUGGESTION" > STATUS_UNKNOWN="UNKNOWN" >+STATUS_UNSAFE="UNSAFE" >+STATUS_UPDATE_AVAILABLE="UPDATE AVAILABLE" > STATUS_WARNING="WARNING" > STATUS_WEAK="WEAK" > STATUS_YES="YES" >-TEXT_YOU_CAN_HELP_LOGFILE="You can help by providing your log file" > TEXT_UPDATE_AVAILABLE="update available" >+TEXT_YOU_CAN_HELP_LOGFILE="You can help by providing your log file" >diff -ur lynis-3.0.0/db/languages/es lynis-3.0.8/db/languages/es >--- lynis-3.0.0/db/languages/es 2020-06-18 03:00:00 >+++ lynis-3.0.8/db/languages/es 2022-05-17 03:00:00 >@@ -1,38 +1,108 @@ >-GEN_PHASE="fase" >+ERROR_NO_LICENSE="No se ha configurado una clave de licencia" >+ERROR_NO_UPLOAD_SERVER="No se ha configurado un servidor para subidas" > GEN_CHECKING="Revisando" > GEN_CURRENT_VERSION="Versión actual" > GEN_DEBUG_MODE="Modo de depuración" > GEN_INITIALIZE_PROGRAM="Iniciando la aplicación" >+GEN_LATEST_VERSION="Ãltima versión" >+GEN_PHASE="fase" > GEN_PLUGINS_ENABLED="Plugins activados" >-GEN_VERBOSE_MODE="Modo detallado" > GEN_UPDATE_AVAILABLE="Actualización disponible" >+GEN_VERBOSE_MODE="Modo detallado" > GEN_WHAT_TO_DO="Qué hacer" >-NOTE_EXCEPTIONS_FOUND="Excepciones Encontradas" > NOTE_EXCEPTIONS_FOUND_DETAILED="Se encontró alguna excepción o evento extraordinario" >+NOTE_EXCEPTIONS_FOUND="Excepciones encontradas" > NOTE_PLUGINS_TAKE_TIME="Nota: los plugins contienen pruebas más extensivas y toman más tiempo" >+NOTE_SKIPPED_TESTS_NON_PRIVILEGED="Pruebas omitidas, debido a que el modo no privilegiado está activo" >+SECTION_ACCOUNTING="Contabilidad" >+SECTION_BANNERS_AND_IDENTIFICATION="Banners e identificación" >+SECTION_BASICS="Básicos" >+SECTION_BOOT_AND_SERVICES="Arranque y servicios" >+SECTION_CONTAINERS="Contenedores" >+SECTION_CRYPTOGRAPHY="CriptografÃa" > SECTION_CUSTOM_TESTS="Pruebas personalizadas" >+SECTION_DATA_UPLOAD="Subida de datos" >+SECTION_DATABASES="Bases de datos" >+SECTION_DOWNLOADS="Descargas" >+SECTION_EMAIL_AND_MESSAGING="Software: correo electrónico y mensajerÃa" >+SECTION_FILE_INTEGRITY="Software: integridad de ficheros" >+SECTION_FILE_PERMISSIONS="Permisos de ficheros" >+SECTION_FILE_SYSTEMS="Sistemas de ficheros" >+SECTION_FIREWALLS="Software: firewalls" >+SECTION_GENERAL="General" >+SECTION_HARDENING="Bastionado" >+SECTION_HOME_DIRECTORIES="Directorios de inicio" >+SECTION_IMAGE="Imagen" >+SECTION_INITIALIZING_PROGRAM="Inicializando programa" >+SECTION_INSECURE_SERVICES="Servicios inseguros" >+SECTION_KERNEL_HARDENING="Bastionado del kernel" >+SECTION_KERNEL="Kernel" >+SECTION_LDAP_SERVICES="Servicios LDAP" >+SECTION_LOGGING_AND_FILES="Logging y ficheros" > SECTION_MALWARE="Malware" >-SECTION_MEMORY_AND_PROCESSES="Memoria y Procesos" >+SECTION_MALWARE="Software: Malware" >+SECTION_MEMORY_AND_PROCESSES="Memoria y procesos" >+SECTION_NAME_SERVICES="Servicios de nombres" >+SECTION_NETWORKING="Conectividad" >+SECTION_PERMISSIONS="Permisos" >+SECTION_PORTS_AND_PACKAGES="Puertos y paquetes" >+SECTION_PRINTERS_AND_SPOOLS="Impresoras y spools" >+SECTION_PROGRAM_DETAILS="Detalles del programa" >+SECTION_SCHEDULED_TASKS="Tareas programadas" >+SECTION_SECURITY_FRAMEWORKS="Frameworks de seguridad" >+SECTION_SHELLS="Shells" >+SECTION_SNMP_SUPPORT="Soporte SNMP" >+SECTION_SOFTWARE="Software" >+SECTION_SQUID_SUPPORT="Soporte Squid" >+SECTION_SSH_SUPPORT="Soporte SSH" >+SECTION_STORAGE="Almacenamiento" >+SECTION_SYSTEM_INTEGRITY="Software: Integridad del sistema" >+SECTION_SYSTEM_TOOLING="Software: Herramientas del sistema" >+SECTION_SYSTEM_TOOLS="Herramientas del sistema" >+SECTION_TIME_AND_SYNCHRONIZATION="Tiempo y sincronización" >+SECTION_USB_DEVICES="Dispositivos USB" >+SECTION_USERS_GROUPS_AND_AUTHENTICATION="Usuarios, grupos y autenticación" >+SECTION_VIRTUALIZATION="Virtualización" >+SECTION_WEBSERVER="Software: servidor web" >+STATUS_ACTIVE="ACTIVO" >+STATUS_CHECK_NEEDED="NECESITA VERIFICACIÃN" >+STATUS_DEBUG="DEPURACIÃN" >+STATUS_DEFAULT="POR DEFECTO" >+STATUS_DIFFERENT="DIFERENTE" >+STATUS_DISABLED="DESHABILITADO" > STATUS_DONE="HECHO" >+STATUS_ENABLED="HABILITADO" >+STATUS_ERROR="ERROR" >+STATUS_EXPOSED="EXPUESTO" >+STATUS_FAILED="FALLADO" >+STATUS_FILES_FOUND="ARCHIVOS ENCONTRADOS" > STATUS_FOUND="ENCONTRADO" >-STATUS_YES="SI" >+STATUS_HARDENED="BASTIONADO" >+STATUS_INSTALLED="INSTALADO" >+STATUS_LOCAL_ONLY="SOLO LOCAL" >+STATUS_MEDIUM="MEDIO" >+STATUS_NO_UPDATE="SIN ACTUALIZACIÃN" > STATUS_NO="NO" >-STATUS_OFF="OFF" >-STATUS_OK="OK" >-STATUS_ON="ON" >-STATUS_NONE="NONE" >+STATUS_NON_DEFAULT="NO POR DEFECTO" >+STATUS_NONE="NINGUNO" >+STATUS_NOT_CONFIGURED="NO CONFIGURADO" >+STATUS_NOT_DISABLED="NO DESHABILITADO" >+STATUS_NOT_ENABLED="NO HABILITADO" > STATUS_NOT_FOUND="NO ENCONTRADO" > STATUS_NOT_RUNNING="NO ESTà CORRIENDO" >+STATUS_OFF="APAGADO" >+STATUS_OK="OK" >+STATUS_ON="ENCENDIDO" >+STATUS_PARTIALLY_HARDENED="PARCIALMENTE BASTIONADO" >+STATUS_PROTECTED="PROTEGIDO" > STATUS_RUNNING="CORRIENDO" > STATUS_SKIPPED="OMITIDO" > STATUS_SUGGESTION="SUGERENCIA" > STATUS_UNKNOWN="DESCONOCIDO" >+STATUS_UNSAFE="INSEGURO" >+STATUS_UPDATE_AVAILABLE="ACTUALIZACIÃN DISPONIBLE" > STATUS_WARNING="PELIGRO" >-TEXT_YOU_CAN_HELP_LOGFILE="Puedes ayudar compartiendo tu archivo de log" >+STATUS_WEAK="DÃBIL" >+STATUS_YES="SÃ" > TEXT_UPDATE_AVAILABLE="Actualización disponible" >-NOTE_SKIPPED_TESTS_NON_PRIVILEGED="Pruebas omitidas, debido a que el modo no privilegiado está activo" >-STATUS_DISABLED="DESACTIVADO" >-STATUS_ENABLED="ENABLED" >-STATUS_ERROR="ERROR" >-ERROR_NO_LICENSE="No se ha configurado una clave de licencia" >-ERROR_NO_UPLOAD_SERVER="No se ha configurado un servidor para subidas" >+TEXT_YOU_CAN_HELP_LOGFILE="Puedes ayudar compartiendo tu archivo de registro" >diff -ur lynis-3.0.0/db/languages/fi lynis-3.0.8/db/languages/fi >--- lynis-3.0.0/db/languages/fi 2020-06-18 03:00:00 >+++ lynis-3.0.8/db/languages/fi 2022-05-17 03:00:00 >@@ -10,30 +10,98 @@ > GEN_UPDATE_AVAILABLE="päivitys saatavilla" > GEN_VERBOSE_MODE="Puhelias tila" > GEN_WHAT_TO_DO="Mitä tehdä" >-NOTE_EXCEPTIONS_FOUND="Virheitä löytynyt" > NOTE_EXCEPTIONS_FOUND_DETAILED="Joitakin poikkeuksellisia tapahtumia tai tietoja löytynyt" >+NOTE_EXCEPTIONS_FOUND="Virheitä löytynyt" > NOTE_PLUGINS_TAKE_TIME="Huomio: liitännäisillä on kattavampia testejä joiden suorittaminen voi viedä muutaman minuutin" > NOTE_SKIPPED_TESTS_NON_PRIVILEGED="Testejä jätetty suorittamatta ei-etuoikeutetun tilan vuoksi" >+#SECTION_ACCOUNTING="Accounting" >+#SECTION_BANNERS_AND_IDENTIFICATION="Banners and identification" >+#SECTION_BASICS="Basics" >+#SECTION_BOOT_AND_SERVICES="Boot and services" >+#SECTION_CONTAINERS="Containers" >+#SECTION_CRYPTOGRAPHY="Cryptography" > SECTION_CUSTOM_TESTS="Kustomoidut testit" >+#SECTION_DATABASES="Databases" >+#SECTION_DATA_UPLOAD="Data upload" >+#SECTION_DOWNLOADS="Downloads" >+#SECTION_EMAIL_AND_MESSAGING="Software: e-mail and messaging" >+#SECTION_FILE_INTEGRITY="Software: file integrity" >+#SECTION_FILE_PERMISSIONS="File Permissions" >+#SECTION_FILE_SYSTEMS="File systems" >+#SECTION_FIREWALLS="Software: firewalls" >+#SECTION_GENERAL="General" >+#SECTION_HARDENING="Hardening" >+#SECTION_HOME_DIRECTORIES="Home directories" >+#SECTION_IMAGE="Image" >+#SECTION_INITIALIZING_PROGRAM="Initializing program" >+#SECTION_INSECURE_SERVICES="Insecure services" >+#SECTION_KERNEL_HARDENING="Kernel Hardening" >+#SECTION_KERNEL="Kernel" >+#SECTION_LDAP_SERVICES="LDAP Services" >+#SECTION_LOGGING_AND_FILES="Logging and files" > SECTION_MALWARE="Haittaohjelma" > SECTION_MEMORY_AND_PROCESSES="Muisti ja prosessit" >+#SECTION_NAME_SERVICES="Name services" >+#SECTION_NETWORKING="Networking" >+#SECTION_PERMISSIONS="Permissions" >+#SECTION_PORTS_AND_PACKAGES="Ports and packages" >+#SECTION_PRINTERS_AND_SPOOLS="Printers and Spools" >+#SECTION_PROGRAM_DETAILS="Program Details" >+#SECTION_SCHEDULED_TASKS="Scheduled tasks" >+#SECTION_SECURITY_FRAMEWORKS="Security frameworks" >+#SECTION_SHELLS="Shells" >+#SECTION_SNMP_SUPPORT="SNMP Support" >+#SECTION_SOFTWARE="Software" >+#SECTION_SQUID_SUPPORT="Squid Support" >+#SECTION_SSH_SUPPORT="SSH Support" >+#SECTION_STORAGE="Storage" >+#SECTION_SYSTEM_INTEGRITY="Software: System integrity" >+#SECTION_SYSTEM_TOOLING="Software: System tooling" >+#SECTION_SYSTEM_TOOLS="System tools" >+#SECTION_TIME_AND_SYNCHRONIZATION="Time and Synchronization" >+#SECTION_USB_DEVICES="USB Devices" >+#SECTION_USERS_GROUPS_AND_AUTHENTICATION="Users, Groups and Authentication" >+#SECTION_VIRTUALIZATION="Virtualization" >+#SECTION_WEBSERVER="Software: webserver" >+#STATUS_ACTIVE="ACTIVE" >+#STATUS_CHECK_NEEDED="CHECK NEEDED" >+#STATUS_DEBUG="DEBUG" >+#STATUS_DEFAULT="DEFAULT" >+#STATUS_DIFFERENT="DIFFERENT" > STATUS_DISABLED="EI PÃÃLLÃ" > STATUS_DONE="VALMIS" > STATUS_ENABLED="PÃÃLLÃ" > STATUS_ERROR="VIRHE" >+#STATUS_EXPOSED="EXPOSED" >+#STATUS_FAILED="FAILED" >+#STATUS_FILES_FOUND="FILES FOUND" > STATUS_FOUND="LÃYTYNYT" >-STATUS_YES="KYLLÃ" >+#STATUS_HARDENED="HARDENED" >+#STATUS_INSTALLED="INSTALLED" >+#STATUS_LOCAL_ONLY="LOCAL ONLY" >+#STATUS_MEDIUM="MEDIUM" > STATUS_NO="EI" >-STATUS_OFF="EI PÃÃLLÃ" >-STATUS_OK="OK" >-STATUS_ON="PÃÃLLÃ" >+#STATUS_NON_DEFAULT="NON DEFAULT" > STATUS_NONE="EI MITÃÃN" >+#STATUS_NOT_CONFIGURED="NOT CONFIGURED" >+#STATUS_NOT_DISABLED="NOT DISABLED" >+#STATUS_NOT_ENABLED="NOT ENABLED" > STATUS_NOT_FOUND="EI LÃYTYNYT" > STATUS_NOT_RUNNING="EI OLE KÃYNNISSÃ" >+#STATUS_NO_UPDATE="NO UPDATE" >+STATUS_OFF="EI PÃÃLLÃ" >+STATUS_OK="OK" >+STATUS_ON="PÃÃLLÃ" >+#STATUS_PARTIALLY_HARDENED="PARTIALLY HARDENED" >+#STATUS_PROTECTED="PROTECTED" > STATUS_RUNNING="KÃYNNISSÃ" > STATUS_SKIPPED="OHITETTU" > STATUS_SUGGESTION="EHDOTUS" > STATUS_UNKNOWN="TUNTEMATON" >+#STATUS_UNSAFE="UNSAFE" >+#STATUS_UPDATE_AVAILABLE="UPDATE AVAILABLE" > STATUS_WARNING="VAROITUS" >-TEXT_YOU_CAN_HELP_LOGFILE="Voit auttaa toimittamalla lokitiedoston" >+#STATUS_WEAK="WEAK" >+STATUS_YES="KYLLÃ" > TEXT_UPDATE_AVAILABLE="päivitys saatavilla" >+TEXT_YOU_CAN_HELP_LOGFILE="Voit auttaa toimittamalla lokitiedoston" >diff -ur lynis-3.0.0/db/languages/fr lynis-3.0.8/db/languages/fr >--- lynis-3.0.0/db/languages/fr 2020-06-18 03:00:00 >+++ lynis-3.0.8/db/languages/fr 2022-05-17 03:00:00 >@@ -1,38 +1,107 @@ >+ERROR_NO_LICENSE="Pas de clé de licence configurée" >+ERROR_NO_UPLOAD_SERVER="Pas de serveur de transfert configuré" > GEN_CHECKING="Vérification" > GEN_CURRENT_VERSION="Version actuelle" >-GEN_DEBUG_MODE="mode debug" >+GEN_DEBUG_MODE="mode débug" > GEN_INITIALIZE_PROGRAM="Initialisation" >+GEN_LATEST_VERSION="Dernière version" > GEN_PHASE="phase" > GEN_PLUGINS_ENABLED="Plugins activés" >-GEN_VERBOSE_MODE="mode verbeux" > GEN_UPDATE_AVAILABLE="mise à jour disponible" >+GEN_VERBOSE_MODE="mode verbeux" > GEN_WHAT_TO_DO="Que faire" > NOTE_EXCEPTIONS_FOUND="Exceptions trouvées" > NOTE_EXCEPTIONS_FOUND_DETAILED="Des événements ou informations exceptionnels ont été trouvés" >-NOTE_PLUGINS_TAKE_TIME="Note: les plugins ont des tests plus poussés et peuvent prendre plusieurs minutes" >+NOTE_PLUGINS_TAKE_TIME="Note : Les plugins ont des tests plus poussés qui peuvent prendre plusieurs minutes" > NOTE_SKIPPED_TESTS_NON_PRIVILEGED="Tests ignorés faute de privilèges" >-SECTION_CUSTOM_TESTS="Tests Personnalisés" >-SECTION_MALWARE="Malware" >-SECTION_MEMORY_AND_PROCESSES="Mémoire et Processus" >+SECTION_ACCOUNTING="Comptes" >+SECTION_BANNERS_AND_IDENTIFICATION="Bannières et identification" >+SECTION_BASICS="Basics" >+SECTION_BOOT_AND_SERVICES="Démarrage et services" >+SECTION_CONTAINERS="Conteneurs" >+SECTION_CRYPTOGRAPHY="Cryptographie" >+SECTION_CUSTOM_TESTS="Tests personnalisés" >+SECTION_DATA_UPLOAD="Téléchargement de données" >+SECTION_DATABASES="Bases de données" >+SECTION_DOWNLOADS="Téléchargements" >+SECTION_EMAIL_AND_MESSAGING="Logiciel : Email et messagerie" >+SECTION_FILE_INTEGRITY="Logiciel : Intégrité de fichier" >+SECTION_FILE_PERMISSIONS="Permissions de fichier" >+SECTION_FILE_SYSTEMS="Systèmes de fichier" >+SECTION_FIREWALLS="Logiciel : Pare-feu" >+SECTION_GENERAL="Général" >+SECTION_HARDENING="Hardening" >+SECTION_HOME_DIRECTORIES="Dossiers personnels" >+SECTION_IMAGE="Image" >+SECTION_INITIALIZING_PROGRAM="Initialisation du programme" >+SECTION_INSECURE_SERVICES="Services non sécurisés" >+SECTION_KERNEL="Noyau" >+SECTION_KERNEL_HARDENING="Kernel Hardening" >+SECTION_LDAP_SERVICES="Services LDAP" >+SECTION_LOGGING_AND_FILES="Journalisation et fichiers" >+SECTION_MALWARE="Logiciel : Malveillants" >+SECTION_MEMORY_AND_PROCESSES="Mémoire et processus" >+SECTION_NAME_SERVICES="Services de noms" >+SECTION_NETWORKING="Mise en réseau" >+SECTION_PERMISSIONS="Permissions" >+SECTION_PORTS_AND_PACKAGES="Ports et packages" >+SECTION_PRINTERS_AND_SPOOLS="Imprimantes et serveurs d'impression" >+SECTION_PROGRAM_DETAILS="Détails du programme" >+SECTION_SCHEDULED_TASKS="Tâches planifiées" >+SECTION_SECURITY_FRAMEWORKS="Frameworks de sécurité" >+SECTION_SHELLS="Shells" >+SECTION_SNMP_SUPPORT="Prise en charge SNMP" >+SECTION_SOFTWARE="Logiciel" >+SECTION_SQUID_SUPPORT="Prise en charge Squid" >+SECTION_SSH_SUPPORT="Prise en charge SSH" >+SECTION_STORAGE="Stockage" >+SECTION_SYSTEM_INTEGRITY="Logiciel : Intégrité du système" >+SECTION_SYSTEM_TOOLING="Logiciel : System tooling" >+SECTION_SYSTEM_TOOLS="Outils système" >+SECTION_TIME_AND_SYNCHRONIZATION="Heure et synchronisation" >+SECTION_USB_DEVICES="Périphériques USB" >+SECTION_USERS_GROUPS_AND_AUTHENTICATION="Utilisateurs, groupes et authentification" >+SECTION_VIRTUALIZATION="Virtualisation" >+SECTION_WEBSERVER="Logiciel : Serveur web" >+STATUS_ACTIVE="ACTIF" >+STATUS_CHECK_NEEDED="VÃRIFICATION NÃCESSAIRE" >+STATUS_DEBUG="DÃBUG" >+STATUS_DEFAULT="PAR DÃFAUT" >+STATUS_DIFFERENT="DIFFÃRENT" >+STATUS_DISABLED="DÃSACTIVÃ" > STATUS_DONE="FAIT" >+STATUS_ENABLED="ACTIVÃ" >+STATUS_ERROR="ERREUR" >+STATUS_EXPOSED="EXPOSÃ" >+STATUS_FAILED="ÃCHOUÃ" >+STATUS_FILES_FOUND="FICHIERS TROUVÃS" > STATUS_FOUND="TROUVÃ" >-STATUS_YES="OUI" >+STATUS_HARDENED="RENFORCÃ" >+STATUS_INSTALLED="INSTALLÃ" >+STATUS_LOCAL_ONLY="LOCAL SEULEMENT" >+STATUS_MEDIUM="MOYEN" > STATUS_NO="NON" >-STATUS_OFF="OFF" >-STATUS_OK="OK" >-STATUS_ON="ON" >+STATUS_NO_UPDATE="PAS DE MISE A JOUR" >+STATUS_NON_DEFAULT="PAS PAR DÃFAUT" > STATUS_NONE="AUCUN" >+STATUS_NOT_CONFIGURED="NON CONFIGURÃ" >+STATUS_NOT_DISABLED="NON DESACTIVÃ" >+STATUS_NOT_ENABLED="NON ACTIVÃ" > STATUS_NOT_FOUND="NON TROUVÃ" > STATUS_NOT_RUNNING="NON LANCÃ" >-STATUS_RUNNING="EN COURS": >+STATUS_OFF="OFF" >+STATUS_OK="OK" >+STATUS_ON="ON" >+STATUS_PARTIALLY_HARDENED="PARTIELLEMENT RENFORCÃ" >+STATUS_PROTECTED="PROTÃGÃ" >+STATUS_RUNNING="EN COURS" > STATUS_SKIPPED="IGNORÃ" > STATUS_SUGGESTION="SUGGESTION" > STATUS_UNKNOWN="INCONNU" >-STATUS_WARNING="ATTENTION" >-TEXT_YOU_CAN_HELP_LOGFILE="Vous pouvez aider en envoyant votre fichier journal" >+STATUS_UNSAFE="RISQUÃ" >+STATUS_UPDATE_AVAILABLE="MISE A JOUR DISPONIBLE" >+STATUS_WARNING="AVERTISSEMENT" >+STATUS_WEAK="FAIBLE" >+STATUS_YES="OUI" > TEXT_UPDATE_AVAILABLE="Mise à jour disponible" >-STATUS_DISABLED="DÃSACTIVÃ" >-STATUS_ENABLED="ACTIVÃ" >-STATUS_ERROR="ERREUR" >-ERROR_NO_LICENSE="Pas de clé de licence configurée" >-ERROR_NO_UPLOAD_SERVER="Pas de serveur de transfert configuré" >+TEXT_YOU_CAN_HELP_LOGFILE="Vous pouvez aider en envoyant votre fichier journal" >diff -ur lynis-3.0.0/db/languages/gr lynis-3.0.8/db/languages/gr >--- lynis-3.0.0/db/languages/gr 2020-06-18 03:00:00 >+++ lynis-3.0.8/db/languages/gr 2022-05-17 03:00:00 >@@ -10,30 +10,98 @@ > GEN_UPDATE_AVAILABLE="διαθÎÏιμη ενημÎÏÏÏη" > GEN_VERBOSE_MODE="Verbose mode" > GEN_WHAT_TO_DO="Τι να κάνειÏ" >-NOTE_EXCEPTIONS_FOUND="ÎÏÎθηκαν ÎξαιÏÎÏειÏ" > NOTE_EXCEPTIONS_FOUND_DETAILED="ÎνÏοÏίÏÏηκαν μεÏικά εξαιÏεÏικά γεγονÏÏα ή ÏληÏοÏοÏίεÏ" >+NOTE_EXCEPTIONS_FOUND="ÎÏÎθηκαν ÎξαιÏÎÏειÏ" > NOTE_PLUGINS_TAKE_TIME="Note: Τα plugins ÎÏοÏν Ïιο εκÏεÏαμÎÎ½ÎµÏ Î´Î¿ÎºÎ¹Î¼ÎÏ ÎºÎ±Î¹ μÏοÏεί να διαÏκÎÏοÏν αÏκεÏά λεÏÏά για να ολοκληÏÏθοÏν" > NOTE_SKIPPED_TESTS_NON_PRIVILEGED="ΠαÏάλειÏη δοκιμÏν λÏÎ³Ï Î¼Î· ÏÏÎ¿Î½Î¿Î¼Î¹Î±ÎºÎ®Ï Î»ÎµÎ¹ÏοÏÏγίαÏ" >+#SECTION_ACCOUNTING="Accounting" >+#SECTION_BANNERS_AND_IDENTIFICATION="Banners and identification" >+#SECTION_BASICS="Basics" >+#SECTION_BOOT_AND_SERVICES="Boot and services" >+#SECTION_CONTAINERS="Containers" >+#SECTION_CRYPTOGRAPHY="Cryptography" > SECTION_CUSTOM_TESTS="Î ÏοÏαÏμοÏμÎÎ½ÎµÏ Î´Î¿ÎºÎ¹Î¼ÎÏ" >+#SECTION_DATABASES="Databases" >+#SECTION_DATA_UPLOAD="Data upload" >+#SECTION_DOWNLOADS="Downloads" >+#SECTION_EMAIL_AND_MESSAGING="Software: e-mail and messaging" >+#SECTION_FILE_INTEGRITY="Software: file integrity" >+#SECTION_FILE_PERMISSIONS="File Permissions" >+#SECTION_FILE_SYSTEMS="File systems" >+#SECTION_FIREWALLS="Software: firewalls" >+#SECTION_GENERAL="General" >+#SECTION_HARDENING="Hardening" >+#SECTION_HOME_DIRECTORIES="Home directories" >+#SECTION_IMAGE="Image" >+#SECTION_INITIALIZING_PROGRAM="Initializing program" >+#SECTION_INSECURE_SERVICES="Insecure services" >+#SECTION_KERNEL_HARDENING="Kernel Hardening" >+#SECTION_KERNEL="Kernel" >+#SECTION_LDAP_SERVICES="LDAP Services" >+#SECTION_LOGGING_AND_FILES="Logging and files" > SECTION_MALWARE="ÎακÏβοÏλο λογιÏμικÏ" > SECTION_MEMORY_AND_PROCESSES="Îνήμη και διεÏγαÏίεÏ" >+#SECTION_NAME_SERVICES="Name services" >+#SECTION_NETWORKING="Networking" >+#SECTION_PERMISSIONS="Permissions" >+#SECTION_PORTS_AND_PACKAGES="Ports and packages" >+#SECTION_PRINTERS_AND_SPOOLS="Printers and Spools" >+#SECTION_PROGRAM_DETAILS="Program Details" >+#SECTION_SCHEDULED_TASKS="Scheduled tasks" >+#SECTION_SECURITY_FRAMEWORKS="Security frameworks" >+#SECTION_SHELLS="Shells" >+#SECTION_SNMP_SUPPORT="SNMP Support" >+#SECTION_SOFTWARE="Software" >+#SECTION_SQUID_SUPPORT="Squid Support" >+#SECTION_SSH_SUPPORT="SSH Support" >+#SECTION_STORAGE="Storage" >+#SECTION_SYSTEM_INTEGRITY="Software: System integrity" >+#SECTION_SYSTEM_TOOLING="Software: System tooling" >+#SECTION_SYSTEM_TOOLS="System tools" >+#SECTION_TIME_AND_SYNCHRONIZATION="Time and Synchronization" >+#SECTION_USB_DEVICES="USB Devices" >+#SECTION_USERS_GROUPS_AND_AUTHENTICATION="Users, Groups and Authentication" >+#SECTION_VIRTUALIZATION="Virtualization" >+#SECTION_WEBSERVER="Software: webserver" >+#STATUS_ACTIVE="ACTIVE" >+#STATUS_CHECK_NEEDED="CHECK NEEDED" >+#STATUS_DEBUG="DEBUG" >+#STATUS_DEFAULT="DEFAULT" >+#STATUS_DIFFERENT="DIFFERENT" > STATUS_DISABLED="DISABLED" > STATUS_DONE="DONE" > STATUS_ENABLED="ENABLED" > STATUS_ERROR="ΣΦÎÎÎÎ" >+#STATUS_EXPOSED="EXPOSED" >+#STATUS_FAILED="FAILED" >+#STATUS_FILES_FOUND="FILES FOUND" > STATUS_FOUND="ÎΡÎÎÎÎÎ" >-STATUS_YES="ÎÎÎ" >+#STATUS_HARDENED="HARDENED" >+#STATUS_INSTALLED="INSTALLED" >+#STATUS_LOCAL_ONLY="LOCAL ONLY" >+#STATUS_MEDIUM="MEDIUM" >+#STATUS_NON_DEFAULT="NON DEFAULT" >+STATUS_NONE="ÎÎÎÎÎÎ" >+#STATUS_NOT_CONFIGURED="NOT CONFIGURED" >+#STATUS_NOT_DISABLED="NOT DISABLED" >+#STATUS_NOT_ENABLED="NOT ENABLED" >+STATUS_NOT_FOUND="ÎÎÎ ÎΡÎÎÎÎÎ" >+STATUS_NOT_RUNNING="ÎÎΠΤΡÎΧÎÎ" >+#STATUS_NO_UPDATE="NO UPDATE" > STATUS_NO="ÎΧÎ" > STATUS_OFF="OFF" > STATUS_OK="OK" > STATUS_ON="ON" >-STATUS_NONE="ÎÎÎÎÎÎ" >-STATUS_NOT_FOUND="ÎÎÎ ÎΡÎÎÎÎÎ" >-STATUS_NOT_RUNNING="ÎÎΠΤΡÎΧÎÎ" >+#STATUS_PARTIALLY_HARDENED="PARTIALLY HARDENED" >+#STATUS_PROTECTED="PROTECTED" > STATUS_RUNNING="ΤΡÎΧÎÎ" > STATUS_SKIPPED="ÎÎÎ ÎΡÎΣΤÎÎÎ" > STATUS_SUGGESTION="ΠΡÎΤÎΣÎ" > STATUS_UNKNOWN="ÎÎÎΩΣΤÎ" >+#STATUS_UNSAFE="UNSAFE" >+#STATUS_UPDATE_AVAILABLE="UPDATE AVAILABLE" > STATUS_WARNING="ΠΡÎΣÎΧÎ" >-TEXT_YOU_CAN_HELP_LOGFILE="ÎÏοÏείÏε να βοηθήÏεÏε ÏαÏÎÏονÏÎ±Ï Ïο αÏÏείο καÏαγÏαÏήÏ" >+#STATUS_WEAK="WEAK" >+STATUS_YES="ÎÎÎ" > TEXT_UPDATE_AVAILABLE="διαθÎÏιμη ενημÎÏÏÏη" >+TEXT_YOU_CAN_HELP_LOGFILE="ÎÏοÏείÏε να βοηθήÏεÏε ÏαÏÎÏονÏÎ±Ï Ïο αÏÏείο καÏαγÏαÏήÏ" >diff -ur lynis-3.0.0/db/languages/he lynis-3.0.8/db/languages/he >--- lynis-3.0.0/db/languages/he 2020-06-18 03:00:00 >+++ lynis-3.0.8/db/languages/he 2022-05-17 03:00:00 >@@ -10,30 +10,98 @@ > GEN_UPDATE_AVAILABLE="×¢×××× ××××" > GEN_VERBOSE_MODE="××¦× ×ר×× ×" > GEN_WHAT_TO_DO="×××צ××¢" >-NOTE_EXCEPTIONS_FOUND="× ×צ×× ××ר××¢×× ×ר××××" > NOTE_EXCEPTIONS_FOUND_DETAILED="××ר××¢×× ×ר×××× ×× ××××¢ ×ר×× × ×צ×" >+NOTE_EXCEPTIONS_FOUND="× ×צ×× ××ר××¢×× ×ר××××" > NOTE_PLUGINS_TAKE_TIME="×××××¢×: ××ק ×××××ק×ת ×ק×× ××× ×¨× ××תר ××ר×××" > NOTE_SKIPPED_TESTS_NON_PRIVILEGED="×××× ×¢× ××××§× ×¢×§× ×× ×¤×¨×××××××ת" >+#SECTION_ACCOUNTING="Accounting" >+#SECTION_BANNERS_AND_IDENTIFICATION="Banners and identification" >+#SECTION_BASICS="Basics" >+#SECTION_BOOT_AND_SERVICES="Boot and services" >+#SECTION_CONTAINERS="Containers" >+#SECTION_CRYPTOGRAPHY="Cryptography" > SECTION_CUSTOM_TESTS="××××§× ××ת×××ת" >+#SECTION_DATABASES="Databases" >+#SECTION_DATA_UPLOAD="Data upload" >+#SECTION_DOWNLOADS="Downloads" >+#SECTION_EMAIL_AND_MESSAGING="Software: e-mail and messaging" >+#SECTION_FILE_INTEGRITY="Software: file integrity" >+#SECTION_FILE_PERMISSIONS="File Permissions" >+#SECTION_FILE_SYSTEMS="File systems" >+#SECTION_FIREWALLS="Software: firewalls" >+#SECTION_GENERAL="General" >+#SECTION_HARDENING="Hardening" >+#SECTION_HOME_DIRECTORIES="Home directories" >+#SECTION_IMAGE="Image" >+#SECTION_INITIALIZING_PROGRAM="Initializing program" >+#SECTION_INSECURE_SERVICES="Insecure services" >+#SECTION_KERNEL_HARDENING="Kernel Hardening" >+#SECTION_KERNEL="Kernel" >+#SECTION_LDAP_SERVICES="LDAP Services" >+#SECTION_LOGGING_AND_FILES="Logging and files" > SECTION_MALWARE="ת××× × ×××× ×ת" > SECTION_MEMORY_AND_PROCESSES="×××ר×× ×ת××××××" >+#SECTION_NAME_SERVICES="Name services" >+#SECTION_NETWORKING="Networking" >+#SECTION_PERMISSIONS="Permissions" >+#SECTION_PORTS_AND_PACKAGES="Ports and packages" >+#SECTION_PRINTERS_AND_SPOOLS="Printers and Spools" >+#SECTION_PROGRAM_DETAILS="Program Details" >+#SECTION_SCHEDULED_TASKS="Scheduled tasks" >+#SECTION_SECURITY_FRAMEWORKS="Security frameworks" >+#SECTION_SHELLS="Shells" >+#SECTION_SNMP_SUPPORT="SNMP Support" >+#SECTION_SOFTWARE="Software" >+#SECTION_SQUID_SUPPORT="Squid Support" >+#SECTION_SSH_SUPPORT="SSH Support" >+#SECTION_STORAGE="Storage" >+#SECTION_SYSTEM_INTEGRITY="Software: System integrity" >+#SECTION_SYSTEM_TOOLING="Software: System tooling" >+#SECTION_SYSTEM_TOOLS="System tools" >+#SECTION_TIME_AND_SYNCHRONIZATION="Time and Synchronization" >+#SECTION_USB_DEVICES="USB Devices" >+#SECTION_USERS_GROUPS_AND_AUTHENTICATION="Users, Groups and Authentication" >+#SECTION_VIRTUALIZATION="Virtualization" >+#SECTION_WEBSERVER="Software: webserver" >+#STATUS_ACTIVE="ACTIVE" >+#STATUS_CHECK_NEEDED="CHECK NEEDED" >+#STATUS_DEBUG="DEBUG" >+#STATUS_DEFAULT="DEFAULT" >+#STATUS_DIFFERENT="DIFFERENT" > STATUS_DISABLED="×× ××××" > STATUS_DONE="ס×××" > STATUS_ENABLED="××××" > STATUS_ERROR="ש××××" >+#STATUS_EXPOSED="EXPOSED" >+#STATUS_FAILED="FAILED" >+#STATUS_FILES_FOUND="FILES FOUND" > STATUS_FOUND="× ×צ×" >-STATUS_YES="××" >+#STATUS_HARDENED="HARDENED" >+#STATUS_INSTALLED="INSTALLED" >+#STATUS_LOCAL_ONLY="LOCAL ONLY" >+#STATUS_MEDIUM="MEDIUM" >+#STATUS_NON_DEFAULT="NON DEFAULT" >+STATUS_NONE="××× ×××" >+#STATUS_NOT_CONFIGURED="NOT CONFIGURED" >+#STATUS_NOT_DISABLED="NOT DISABLED" >+#STATUS_NOT_ENABLED="NOT ENABLED" >+STATUS_NOT_FOUND="×× × ×צ×" >+STATUS_NOT_RUNNING="×× ×¨×¥" >+#STATUS_NO_UPDATE="NO UPDATE" > STATUS_NO="××" > STATUS_OFF="××××" > STATUS_OK="×× ×§×" > STATUS_ON="פ××¢×" >-STATUS_NONE="××× ×××" >-STATUS_NOT_FOUND="×× × ×צ×" >-STATUS_NOT_RUNNING="×× ×¨×¥" >+#STATUS_PARTIALLY_HARDENED="PARTIALLY HARDENED" >+#STATUS_PROTECTED="PROTECTED" > STATUS_RUNNING="××רצ×" > STATUS_SKIPPED="××××" > STATUS_SUGGESTION="×צע×" > STATUS_UNKNOWN="×× ××××¢" >+#STATUS_UNSAFE="UNSAFE" >+#STATUS_UPDATE_AVAILABLE="UPDATE AVAILABLE" > STATUS_WARNING="×××ר×" >-TEXT_YOU_CAN_HELP_LOGFILE="× ××ª× ××¢××ר ×¢× ××× ×©×××ת ק×××¥ ××××" >+#STATUS_WEAK="WEAK" >+STATUS_YES="××" > TEXT_UPDATE_AVAILABLE="×¢×××× ××××" >+TEXT_YOU_CAN_HELP_LOGFILE="× ××ª× ××¢××ר ×¢× ××× ×©×××ת ק×××¥ ××××" >diff -ur lynis-3.0.0/db/languages/hu lynis-3.0.8/db/languages/hu >--- lynis-3.0.0/db/languages/hu 2020-06-18 03:00:00 >+++ lynis-3.0.8/db/languages/hu 2022-05-17 03:00:00 >@@ -4,35 +4,104 @@ > GEN_CURRENT_VERSION="Jelenlegi verzió" > GEN_DEBUG_MODE="Debug mode" > GEN_INITIALIZE_PROGRAM="Initializing program" >+#GEN_LATEST_VERSION="Latest version" > GEN_PHASE="szakasz" > GEN_PLUGINS_ENABLED="BÅvitmények engedelyézve" >-GEN_VERBOSE_MODE="Verbose mode" > GEN_UPDATE_AVAILABLE="frissÃtés elérhetÅ" >+GEN_VERBOSE_MODE="Verbose mode" > GEN_WHAT_TO_DO="What to do" >-NOTE_EXCEPTIONS_FOUND="Exceptions found" > NOTE_EXCEPTIONS_FOUND_DETAILED="Some exceptional events or information was found" >+NOTE_EXCEPTIONS_FOUND="Exceptions found" > NOTE_PLUGINS_TAKE_TIME="Note: plugins have more extensive tests and may take several minutes to complete" > NOTE_SKIPPED_TESTS_NON_PRIVILEGED="Skipped tests due to non-privileged mode" >+#SECTION_ACCOUNTING="Accounting" >+#SECTION_BANNERS_AND_IDENTIFICATION="Banners and identification" >+#SECTION_BASICS="Basics" >+#SECTION_BOOT_AND_SERVICES="Boot and services" >+#SECTION_CONTAINERS="Containers" >+#SECTION_CRYPTOGRAPHY="Cryptography" > SECTION_CUSTOM_TESTS="Egyedi Tesztek" >+#SECTION_DATABASES="Databases" >+#SECTION_DATA_UPLOAD="Data upload" >+#SECTION_DOWNLOADS="Downloads" >+#SECTION_EMAIL_AND_MESSAGING="Software: e-mail and messaging" >+#SECTION_FILE_INTEGRITY="Software: file integrity" >+#SECTION_FILE_PERMISSIONS="File Permissions" >+#SECTION_FILE_SYSTEMS="File systems" >+#SECTION_FIREWALLS="Software: firewalls" >+#SECTION_GENERAL="General" >+#SECTION_HARDENING="Hardening" >+#SECTION_HOME_DIRECTORIES="Home directories" >+#SECTION_IMAGE="Image" >+#SECTION_INITIALIZING_PROGRAM="Initializing program" >+#SECTION_INSECURE_SERVICES="Insecure services" >+#SECTION_KERNEL_HARDENING="Kernel Hardening" >+#SECTION_KERNEL="Kernel" >+#SECTION_LDAP_SERVICES="LDAP Services" >+#SECTION_LOGGING_AND_FILES="Logging and files" > SECTION_MALWARE="Malware" > SECTION_MEMORY_AND_PROCESSES="Memória és Folyamatok" >+#SECTION_NAME_SERVICES="Name services" >+#SECTION_NETWORKING="Networking" >+#SECTION_PERMISSIONS="Permissions" >+#SECTION_PORTS_AND_PACKAGES="Ports and packages" >+#SECTION_PRINTERS_AND_SPOOLS="Printers and Spools" >+#SECTION_PROGRAM_DETAILS="Program Details" >+#SECTION_SCHEDULED_TASKS="Scheduled tasks" >+#SECTION_SECURITY_FRAMEWORKS="Security frameworks" >+#SECTION_SHELLS="Shells" >+#SECTION_SNMP_SUPPORT="SNMP Support" >+#SECTION_SOFTWARE="Software" >+#SECTION_SQUID_SUPPORT="Squid Support" >+#SECTION_SSH_SUPPORT="SSH Support" >+#SECTION_STORAGE="Storage" >+#SECTION_SYSTEM_INTEGRITY="Software: System integrity" >+#SECTION_SYSTEM_TOOLING="Software: System tooling" >+#SECTION_SYSTEM_TOOLS="System tools" >+#SECTION_TIME_AND_SYNCHRONIZATION="Time and Synchronization" >+#SECTION_USB_DEVICES="USB Devices" >+#SECTION_USERS_GROUPS_AND_AUTHENTICATION="Users, Groups and Authentication" >+#SECTION_VIRTUALIZATION="Virtualization" >+#SECTION_WEBSERVER="Software: webserver" >+#STATUS_ACTIVE="ACTIVE" >+#STATUS_CHECK_NEEDED="CHECK NEEDED" >+#STATUS_DEBUG="DEBUG" >+#STATUS_DEFAULT="DEFAULT" >+#STATUS_DIFFERENT="DIFFERENT" > STATUS_DISABLED="LETILTOTT" > STATUS_DONE="KÃSZ" > STATUS_ENABLED="ENGEDÃLYEZETT" > STATUS_ERROR="HIBA" >+#STATUS_EXPOSED="EXPOSED" >+#STATUS_FAILED="FAILED" >+#STATUS_FILES_FOUND="FILES FOUND" > STATUS_FOUND="FOUND" >-STATUS_YES="IGEN" >+#STATUS_HARDENED="HARDENED" >+#STATUS_INSTALLED="INSTALLED" >+#STATUS_LOCAL_ONLY="LOCAL ONLY" >+#STATUS_MEDIUM="MEDIUM" >+#STATUS_NON_DEFAULT="NON DEFAULT" > STATUS_NO="NEM" >-STATUS_OFF="KI" >-STATUS_OK="OK" >-STATUS_ON="BE" > STATUS_NONE="NONE" >+#STATUS_NOT_CONFIGURED="NOT CONFIGURED" >+#STATUS_NOT_DISABLED="NOT DISABLED" >+#STATUS_NOT_ENABLED="NOT ENABLED" > STATUS_NOT_FOUND="NOT FOUND" > STATUS_NOT_RUNNING="NOT RUNNING" >+#STATUS_NO_UPDATE="NO UPDATE" >+STATUS_OFF="KI" >+STATUS_OK="OK" >+STATUS_ON="BE" >+#STATUS_PARTIALLY_HARDENED="PARTIALLY HARDENED" >+#STATUS_PROTECTED="PROTECTED" > STATUS_RUNNING="RUNNING" > STATUS_SKIPPED="SKIPPED" > STATUS_SUGGESTION="JAVASLAT" > STATUS_UNKNOWN="UNKNOWN" >+#STATUS_UNSAFE="UNSAFE" >+#STATUS_UPDATE_AVAILABLE="UPDATE AVAILABLE" > STATUS_WARNING="FIGYELMEZTETÃS" >-TEXT_YOU_CAN_HELP_LOGFILE="You can help by providing your log file" >+#STATUS_WEAK="WEAK" >+STATUS_YES="IGEN" > TEXT_UPDATE_AVAILABLE="frissÃtés elérhetÅ" >+TEXT_YOU_CAN_HELP_LOGFILE="You can help by providing your log file" >diff -ur lynis-3.0.0/db/languages/it lynis-3.0.8/db/languages/it >--- lynis-3.0.0/db/languages/it 2020-06-18 03:00:00 >+++ lynis-3.0.8/db/languages/it 2022-05-17 03:00:00 >@@ -1,38 +1,107 @@ >+ERROR_NO_LICENSE="Nessuna chiave di licenza configurata" >+ERROR_NO_UPLOAD_SERVER="Nessun server di upload configurato" > GEN_CHECKING="Controllo" > GEN_CURRENT_VERSION="Versione corrente" > GEN_DEBUG_MODE="Modalità Debug" > GEN_INITIALIZE_PROGRAM="Inizializzando il programma" >+GEN_LATEST_VERSION="Versione ultima" > GEN_PHASE="fase" > GEN_PLUGINS_ENABLED="Plugin abilitati" >-GEN_VERBOSE_MODE="Modalità Verbose" > GEN_UPDATE_AVAILABLE="aggiornamento disponibile" >+GEN_VERBOSE_MODE="Modalità Verbose" > GEN_WHAT_TO_DO="Cosa fare" >-NOTE_EXCEPTIONS_FOUND="Trovate Eccezioni" > NOTE_EXCEPTIONS_FOUND_DETAILED="Sono stati rilevati alcuni eventi o informazioni eccezionali" >+NOTE_EXCEPTIONS_FOUND="Trovate Eccezioni" > NOTE_PLUGINS_TAKE_TIME="Nota: i plugin sono sottoposti a test più estesi e possono richiedere alcuni minuti per il completamento" >+NOTE_SKIPPED_TESTS_NON_PRIVILEGED="Test saltati a causa della modalità di esecuzione non privilegiata" >+#SECTION_ACCOUNTING="Accounting" >+#SECTION_BANNERS_AND_IDENTIFICATION="Banners and identification" >+#SECTION_BASICS="Basics" >+#SECTION_BOOT_AND_SERVICES="Boot and services" >+#SECTION_CONTAINERS="Containers" >+#SECTION_CRYPTOGRAPHY="Cryptography" > SECTION_CUSTOM_TESTS="Test su misura (Custom)" >+#SECTION_DATABASES="Databases" >+#SECTION_DATA_UPLOAD="Data upload" >+SECTION_DOWNLOADS="Scaricamenti" >+#SECTION_EMAIL_AND_MESSAGING="Software: e-mail and messaging" >+#SECTION_FILE_INTEGRITY="Software: file integrity" >+#SECTION_FILE_PERMISSIONS="File Permissions" >+#SECTION_FILE_SYSTEMS="File systems" >+#SECTION_FIREWALLS="Software: firewalls" >+SECTION_GENERAL="Generale" >+#SECTION_HARDENING="Hardening" >+#SECTION_HOME_DIRECTORIES="Home directories" >+#SECTION_IMAGE="Image" >+SECTION_INITIALIZING_PROGRAM="Inizializzando il programma" >+SECTION_INSECURE_SERVICES="Service insicuri" >+#SECTION_KERNEL_HARDENING="Kernel Hardening" >+#SECTION_KERNEL="Kernel" >+#SECTION_LDAP_SERVICES="LDAP Services" >+#SECTION_LOGGING_AND_FILES="Logging and files" > SECTION_MALWARE="Malware" > SECTION_MEMORY_AND_PROCESSES="Memoria e Processi" >+#SECTION_NAME_SERVICES="Name services" >+#SECTION_NETWORKING="Networking" >+#SECTION_PERMISSIONS="Permissions" >+#SECTION_PORTS_AND_PACKAGES="Ports and packages" >+#SECTION_PRINTERS_AND_SPOOLS="Printers and Spools" >+#SECTION_PROGRAM_DETAILS="Program Details" >+#SECTION_SCHEDULED_TASKS="Scheduled tasks" >+#SECTION_SECURITY_FRAMEWORKS="Security frameworks" >+#SECTION_SHELLS="Shells" >+#SECTION_SNMP_SUPPORT="SNMP Support" >+#SECTION_SOFTWARE="Software" >+#SECTION_SQUID_SUPPORT="Squid Support" >+#SECTION_SSH_SUPPORT="SSH Support" >+SECTION_STORAGE="Spazio di archiviazione" >+#SECTION_SYSTEM_INTEGRITY="Software: System integrity" >+#SECTION_SYSTEM_TOOLING="Software: System tooling" >+#SECTION_SYSTEM_TOOLS="System tools" >+SECTION_TIME_AND_SYNCHRONIZATION="Tempo and Sincronizzazione" >+#SECTION_USB_DEVICES="USB Devices" >+#SECTION_USERS_GROUPS_AND_AUTHENTICATION="Users, Groups and Authentication" >+#SECTION_VIRTUALIZATION="Virtualization" >+#SECTION_WEBSERVER="Software: webserver" >+#STATUS_ACTIVE="ACTIVE" >+#STATUS_CHECK_NEEDED="CHECK NEEDED" >+#STATUS_DEBUG="DEBUG" >+#STATUS_DEFAULT="DEFAULT" >+#STATUS_DIFFERENT="DIFFERENT" >+STATUS_DISABLED="DISABILITATO" > STATUS_DONE="FATTO" >+STATUS_ENABLED="ABILITATO" >+STATUS_ERROR="ERRORE" >+#STATUS_EXPOSED="EXPOSED" >+STATUS_FAILED="FALLITO" >+#STATUS_FILES_FOUND="FILES FOUND" > STATUS_FOUND="TROVATO" >-STATUS_YES="SI" >+#STATUS_HARDENED="HARDENED" >+#STATUS_INSTALLED="INSTALLED" >+#STATUS_LOCAL_ONLY="LOCAL ONLY" >+#STATUS_MEDIUM="MEDIUM" >+#STATUS_NON_DEFAULT="NON DEFAULT" >+STATUS_NONE="NESSUNO" > STATUS_NO="NO" >+STATUS_NOT_CONFIGURED="NON CONFIGURATO" >+#STATUS_NOT_DISABLED="NOT DISABLED" >+#STATUS_NOT_ENABLED="NOT ENABLED" >+STATUS_NOT_FOUND="NON TROVATO" >+STATUS_NOT_RUNNING="NON IN ESECUZIONE" >+#STATUS_NO_UPDATE="NO UPDATE" > STATUS_OFF="OFF" > STATUS_OK="OK" > STATUS_ON="ON" >-STATUS_NONE="NESSUNO" >-STATUS_NOT_FOUND="NON TROVATO" >-STATUS_NOT_RUNNING="NON IN ESECUZIONE" >+#STATUS_PARTIALLY_HARDENED="PARTIALLY HARDENED" >+#STATUS_PROTECTED="PROTECTED" > STATUS_RUNNING="IN ESECUZIONE" > STATUS_SKIPPED="SALTATO" > STATUS_SUGGESTION="SUGGERIMENTO" > STATUS_UNKNOWN="SCONOSCIUTO" >+#STATUS_UNSAFE="UNSAFE" >+#STATUS_UPDATE_AVAILABLE="UPDATE AVAILABLE" > STATUS_WARNING="ATTENZIONE" >-TEXT_YOU_CAN_HELP_LOGFILE="Puoi aiutare fornendoci il tuo file di log" >+STATUS_WEAK="DEBOLE" >+STATUS_YES="SI" > TEXT_UPDATE_AVAILABLE="aggiornamento disponibile" >-NOTE_SKIPPED_TESTS_NON_PRIVILEGED="Test saltati a causa della modalità di esecuzione non privilegiata" >-STATUS_DISABLED="DISABILITATO" >-STATUS_ENABLED="ABILITATO" >-STATUS_ERROR="ERRORE" >-ERROR_NO_LICENSE="Nessuna chiave di licenza configurata" >-ERROR_NO_UPLOAD_SERVER="Nessun server di upload configurato" >+TEXT_YOU_CAN_HELP_LOGFILE="Puoi aiutare fornendoci il tuo file di log" >diff -ur lynis-3.0.0/db/languages/ja lynis-3.0.8/db/languages/ja >--- lynis-3.0.0/db/languages/ja 2020-06-18 03:00:00 >+++ lynis-3.0.8/db/languages/ja 2022-05-17 03:00:00 >@@ -1,33 +1,107 @@ >+#ERROR_NO_LICENSE="No license key configured" >+#ERROR_NO_UPLOAD_SERVER="No upload server configured" > GEN_CHECKING="ãã§ãã¯ä¸" > GEN_CURRENT_VERSION="ç¾å¨ã®ãã¼ã¸ã§ã³" > GEN_DEBUG_MODE="ãããã°ã¢ã¼ã" > GEN_INITIALIZE_PROGRAM="ããã°ã©ã ãåæåãã¦ãã¾ã" >+#GEN_LATEST_VERSION="Latest version" > GEN_PHASE="ãã§ã¼ãº" > GEN_PLUGINS_ENABLED="ãã©ã°ã¤ã³ãæå¹" >-GEN_VERBOSE_MODE="詳細ã¢ã¼ã" > GEN_UPDATE_AVAILABLE="ã¢ãããã¼ããå©ç¨å¯è½" >+GEN_VERBOSE_MODE="詳細ã¢ã¼ã" > GEN_WHAT_TO_DO="What to do" >-NOTE_EXCEPTIONS_FOUND="ä¾å¤ãè¦ã¤ããã¾ãã" > NOTE_EXCEPTIONS_FOUND_DETAILED="ä¾å¤çãªã¤ãã³ããæå ±ãè¦ã¤ããã¾ãã" >+NOTE_EXCEPTIONS_FOUND="ä¾å¤ãè¦ã¤ããã¾ãã" > NOTE_PLUGINS_TAKE_TIME="注æï¼ãã©ã°ã¤ã³ã¯ããåºç¯ãªãã¹ãããããå®äºã¾ã§ã«æ°åãããå ´åãããã¾ã" > NOTE_SKIPPED_TESTS_NON_PRIVILEGED="éç¹æ¨©ã¢ã¼ãã®ãããã¹ããã¹ããããã¾ãã" >+#SECTION_ACCOUNTING="Accounting" >+#SECTION_BANNERS_AND_IDENTIFICATION="Banners and identification" >+#SECTION_BASICS="Basics" >+#SECTION_BOOT_AND_SERVICES="Boot and services" >+#SECTION_CONTAINERS="Containers" >+#SECTION_CRYPTOGRAPHY="Cryptography" > SECTION_CUSTOM_TESTS="ã«ã¹ã¿ã ãã¹ã" >+#SECTION_DATABASES="Databases" >+#SECTION_DATA_UPLOAD="Data upload" >+#SECTION_DOWNLOADS="Downloads" >+#SECTION_EMAIL_AND_MESSAGING="Software: e-mail and messaging" >+#SECTION_FILE_INTEGRITY="Software: file integrity" >+#SECTION_FILE_PERMISSIONS="File Permissions" >+#SECTION_FILE_SYSTEMS="File systems" >+#SECTION_FIREWALLS="Software: firewalls" >+#SECTION_GENERAL="General" >+#SECTION_HARDENING="Hardening" >+#SECTION_HOME_DIRECTORIES="Home directories" >+#SECTION_IMAGE="Image" >+#SECTION_INITIALIZING_PROGRAM="Initializing program" >+#SECTION_INSECURE_SERVICES="Insecure services" >+#SECTION_KERNEL_HARDENING="Kernel Hardening" >+#SECTION_KERNEL="Kernel" >+#SECTION_LDAP_SERVICES="LDAP Services" >+#SECTION_LOGGING_AND_FILES="Logging and files" > SECTION_MALWARE="ãã«ã¦ã§ã¢" > SECTION_MEMORY_AND_PROCESSES="ã¡ã¢ãªã¼ã¨ããã»ã¹" >+#SECTION_NAME_SERVICES="Name services" >+#SECTION_NETWORKING="Networking" >+#SECTION_PERMISSIONS="Permissions" >+#SECTION_PORTS_AND_PACKAGES="Ports and packages" >+#SECTION_PRINTERS_AND_SPOOLS="Printers and Spools" >+#SECTION_PROGRAM_DETAILS="Program Details" >+#SECTION_SCHEDULED_TASKS="Scheduled tasks" >+#SECTION_SECURITY_FRAMEWORKS="Security frameworks" >+#SECTION_SHELLS="Shells" >+#SECTION_SNMP_SUPPORT="SNMP Support" >+#SECTION_SOFTWARE="Software" >+#SECTION_SQUID_SUPPORT="Squid Support" >+#SECTION_SSH_SUPPORT="SSH Support" >+#SECTION_STORAGE="Storage" >+#SECTION_SYSTEM_INTEGRITY="Software: System integrity" >+#SECTION_SYSTEM_TOOLING="Software: System tooling" >+#SECTION_SYSTEM_TOOLS="System tools" >+#SECTION_TIME_AND_SYNCHRONIZATION="Time and Synchronization" >+#SECTION_USB_DEVICES="USB Devices" >+#SECTION_USERS_GROUPS_AND_AUTHENTICATION="Users, Groups and Authentication" >+#SECTION_VIRTUALIZATION="Virtualization" >+#SECTION_WEBSERVER="Software: webserver" >+#STATUS_ACTIVE="ACTIVE" >+#STATUS_CHECK_NEEDED="CHECK NEEDED" >+#STATUS_DEBUG="DEBUG" >+#STATUS_DEFAULT="DEFAULT" >+#STATUS_DIFFERENT="DIFFERENT" >+#STATUS_DISABLED="DISABLED" > STATUS_DONE="å®äº" >+#STATUS_ENABLED="ENABLED" >+#STATUS_ERROR="ERROR" >+#STATUS_EXPOSED="EXPOSED" >+#STATUS_FAILED="FAILED" >+#STATUS_FILES_FOUND="FILES FOUND" > STATUS_FOUND="è¦ã¤ããã¾ãã" >-STATUS_YES="ã¯ã" >+#STATUS_HARDENED="HARDENED" >+#STATUS_INSTALLED="INSTALLED" >+#STATUS_LOCAL_ONLY="LOCAL ONLY" >+#STATUS_MEDIUM="MEDIUM" > STATUS_NO="ããã" >-STATUS_OFF="ãªã" >-STATUS_OK="OK" >-STATUS_ON="ãªã³" >+#STATUS_NON_DEFAULT="NON DEFAULT" > STATUS_NONE="ãªã" >+#STATUS_NOT_CONFIGURED="NOT CONFIGURED" >+#STATUS_NOT_DISABLED="NOT DISABLED" >+#STATUS_NOT_ENABLED="NOT ENABLED" > STATUS_NOT_FOUND="è¦ã¤ããã¾ãã" > STATUS_NOT_RUNNING="èµ·åãã¦ãã¾ãã" >+#STATUS_NO_UPDATE="NO UPDATE" >+STATUS_OFF="ãªã" >+STATUS_OK="OK" >+STATUS_ON="ãªã³" >+#STATUS_PARTIALLY_HARDENED="PARTIALLY HARDENED" >+#STATUS_PROTECTED="PROTECTED" > STATUS_RUNNING="èµ·åä¸" > STATUS_SKIPPED="ã¹ããã" > STATUS_SUGGESTION="æè¨ãããã¾ã" > STATUS_UNKNOWN="ä¸æ" >+#STATUS_UNSAFE="UNSAFE" >+#STATUS_UPDATE_AVAILABLE="UPDATE AVAILABLE" > STATUS_WARNING="è¦å" >-TEXT_YOU_CAN_HELP_LOGFILE="You can help by providing your log file" >+#STATUS_WEAK="WEAK" >+STATUS_YES="ã¯ã" > TEXT_UPDATE_AVAILABLE="ã¢ãããã¼ããå©ç¨å¯è½" >+TEXT_YOU_CAN_HELP_LOGFILE="You can help by providing your log file" >diff -ur lynis-3.0.0/db/languages/ko lynis-3.0.8/db/languages/ko >--- lynis-3.0.0/db/languages/ko 2020-06-18 03:00:00 >+++ lynis-3.0.8/db/languages/ko 2022-05-17 03:00:00 >@@ -14,27 +14,94 @@ > NOTE_EXCEPTIONS_FOUND_DETAILED="ëª ê°ì§ ìì¸ ì´ë²¤í¸ë ì ë³´ê° ë°ê²¬ëììµëë¤" > NOTE_PLUGINS_TAKE_TIME="ì°¸ê³ : íë¬ê·¸ì¸ì ê´ë²ìí íì¤í¸ë¥¼ ê±°ì¹ë©° ìë£ë ëê¹ì§ ëª ë¶ì ìê°ì´ ììë©ëë¤" > NOTE_SKIPPED_TESTS_NON_PRIVILEGED="ë¹í¹ê¶ 모ëë¡ ì¸í´ íì¤í¸ë¥¼ ìëµíìµëë¤" >+#SECTION_ACCOUNTING="Accounting" >+#SECTION_BANNERS_AND_IDENTIFICATION="Banners and identification" >+#SECTION_BASICS="Basics" >+#SECTION_BOOT_AND_SERVICES="Boot and services" >+#SECTION_CONTAINERS="Containers" >+#SECTION_CRYPTOGRAPHY="Cryptography" > SECTION_CUSTOM_TESTS="ì¬ì©ìì ì íì¤í¸" >+#SECTION_DATABASES="Databases" >+#SECTION_DATA_UPLOAD="Data upload" >+#SECTION_DOWNLOADS="Downloads" >+#SECTION_EMAIL_AND_MESSAGING="Software: e-mail and messaging" >+#SECTION_FILE_INTEGRITY="Software: file integrity" >+#SECTION_FILE_PERMISSIONS="File Permissions" >+#SECTION_FILE_SYSTEMS="File systems" >+#SECTION_FIREWALLS="Software: firewalls" >+#SECTION_GENERAL="General" >+#SECTION_HARDENING="Hardening" >+#SECTION_HOME_DIRECTORIES="Home directories" >+#SECTION_IMAGE="Image" >+#SECTION_INITIALIZING_PROGRAM="Initializing program" >+#SECTION_INSECURE_SERVICES="Insecure services" >+#SECTION_KERNEL_HARDENING="Kernel Hardening" >+#SECTION_KERNEL="Kernel" >+#SECTION_LDAP_SERVICES="LDAP Services" >+#SECTION_LOGGING_AND_FILES="Logging and files" > SECTION_MALWARE="ìì±ì½ë" > SECTION_MEMORY_AND_PROCESSES="ë©ëª¨ë¦¬ì íë¡ì¸ì¤" >+#SECTION_NAME_SERVICES="Name services" >+#SECTION_NETWORKING="Networking" >+#SECTION_PERMISSIONS="Permissions" >+#SECTION_PORTS_AND_PACKAGES="Ports and packages" >+#SECTION_PRINTERS_AND_SPOOLS="Printers and Spools" >+#SECTION_PROGRAM_DETAILS="Program Details" >+#SECTION_SCHEDULED_TASKS="Scheduled tasks" >+#SECTION_SECURITY_FRAMEWORKS="Security frameworks" >+#SECTION_SHELLS="Shells" >+#SECTION_SNMP_SUPPORT="SNMP Support" >+#SECTION_SOFTWARE="Software" >+#SECTION_SQUID_SUPPORT="Squid Support" >+#SECTION_SSH_SUPPORT="SSH Support" >+#SECTION_STORAGE="Storage" >+#SECTION_SYSTEM_INTEGRITY="Software: System integrity" >+#SECTION_SYSTEM_TOOLING="Software: System tooling" >+#SECTION_SYSTEM_TOOLS="System tools" >+#SECTION_TIME_AND_SYNCHRONIZATION="Time and Synchronization" >+#SECTION_USB_DEVICES="USB Devices" >+#SECTION_USERS_GROUPS_AND_AUTHENTICATION="Users, Groups and Authentication" >+#SECTION_VIRTUALIZATION="Virtualization" >+#SECTION_WEBSERVER="Software: webserver" >+#STATUS_ACTIVE="ACTIVE" >+#STATUS_CHECK_NEEDED="CHECK NEEDED" >+#STATUS_DEBUG="DEBUG" >+#STATUS_DEFAULT="DEFAULT" >+#STATUS_DIFFERENT="DIFFERENT" > STATUS_DISABLED="ë¹íì±íë¨" > STATUS_DONE="ìë£" > STATUS_ENABLED="íì±íë¨" > STATUS_ERROR="ìë¬" >+#STATUS_EXPOSED="EXPOSED" >+#STATUS_FAILED="FAILED" >+#STATUS_FILES_FOUND="FILES FOUND" > STATUS_FOUND="ë°ê²¬" >-STATUS_YES="ì" >+#STATUS_HARDENED="HARDENED" >+#STATUS_INSTALLED="INSTALLED" >+#STATUS_LOCAL_ONLY="LOCAL ONLY" >+#STATUS_MEDIUM="MEDIUM" > STATUS_NO="ìëì¤" >-STATUS_OFF="ë" >-STATUS_OK="OK" >-STATUS_ON="켬" >+#STATUS_NON_DEFAULT="NON DEFAULT" > STATUS_NONE="ìì" >+#STATUS_NOT_CONFIGURED="NOT CONFIGURED" >+#STATUS_NOT_DISABLED="NOT DISABLED" >+#STATUS_NOT_ENABLED="NOT ENABLED" > STATUS_NOT_FOUND="ë°ê²¬ëì§ìì" > STATUS_NOT_RUNNING="ëìíì§ìì" >+#STATUS_NO_UPDATE="NO UPDATE" >+STATUS_OFF="ë" >+STATUS_OK="OK" >+STATUS_ON="켬" >+#STATUS_PARTIALLY_HARDENED="PARTIALLY HARDENED" >+#STATUS_PROTECTED="PROTECTED" > STATUS_RUNNING="ëìì¤" > STATUS_SKIPPED="ìëµ" > STATUS_SUGGESTION="ì¶ì²" > STATUS_UNKNOWN="ìììì" >+#STATUS_UNSAFE="UNSAFE" >+#STATUS_UPDATE_AVAILABLE="UPDATE AVAILABLE" > STATUS_WARNING="ê²½ê³ " > STATUS_WEAK="ì·¨ì½" >-TEXT_YOU_CAN_HELP_LOGFILE="ë¡ê·¸ íì¼ì ì ê³µíë©´ ëìì ë°ì ì ììµëë¤" >+STATUS_YES="ì" > TEXT_UPDATE_AVAILABLE="ìë°ì´í¸ ê°ë¥" >+TEXT_YOU_CAN_HELP_LOGFILE="ë¡ê·¸ íì¼ì ì ê³µíë©´ ëìì ë°ì ì ììµëë¤" >diff -ur lynis-3.0.0/db/languages/nb-NO lynis-3.0.8/db/languages/nb-NO >--- lynis-3.0.0/db/languages/nb-NO 2020-06-18 03:00:00 >+++ lynis-3.0.8/db/languages/nb-NO 2022-05-17 03:00:00 >@@ -14,26 +14,94 @@ > NOTE_EXCEPTIONS_FOUND_DETAILED="Avvikshendelser eller -informasjon er funnet" > NOTE_PLUGINS_TAKE_TIME="OBS: utvidelser har omfattende tester og kan ta flere minutter Ã¥ gjennomføre" > NOTE_SKIPPED_TESTS_NON_PRIVILEGED="Tester utelatt pga manglende rettigheter" >+#SECTION_ACCOUNTING="Accounting" >+#SECTION_BANNERS_AND_IDENTIFICATION="Banners and identification" >+#SECTION_BASICS="Basics" >+#SECTION_BOOT_AND_SERVICES="Boot and services" >+#SECTION_CONTAINERS="Containers" >+#SECTION_CRYPTOGRAPHY="Cryptography" > SECTION_CUSTOM_TESTS="Tilpassede tester" >+#SECTION_DATABASES="Databases" >+#SECTION_DATA_UPLOAD="Data upload" >+#SECTION_DOWNLOADS="Downloads" >+#SECTION_EMAIL_AND_MESSAGING="Software: e-mail and messaging" >+#SECTION_FILE_INTEGRITY="Software: file integrity" >+#SECTION_FILE_PERMISSIONS="File Permissions" >+#SECTION_FILE_SYSTEMS="File systems" >+#SECTION_FIREWALLS="Software: firewalls" >+#SECTION_GENERAL="General" >+#SECTION_HARDENING="Hardening" >+#SECTION_HOME_DIRECTORIES="Home directories" >+#SECTION_IMAGE="Image" >+#SECTION_INITIALIZING_PROGRAM="Initializing program" >+#SECTION_INSECURE_SERVICES="Insecure services" >+#SECTION_KERNEL_HARDENING="Kernel Hardening" >+#SECTION_KERNEL="Kernel" >+#SECTION_LDAP_SERVICES="LDAP Services" >+#SECTION_LOGGING_AND_FILES="Logging and files" > SECTION_MALWARE="Skadevare" > SECTION_MEMORY_AND_PROCESSES="Minne og prosesser" >+#SECTION_NAME_SERVICES="Name services" >+#SECTION_NETWORKING="Networking" >+#SECTION_PERMISSIONS="Permissions" >+#SECTION_PORTS_AND_PACKAGES="Ports and packages" >+#SECTION_PRINTERS_AND_SPOOLS="Printers and Spools" >+#SECTION_PROGRAM_DETAILS="Program Details" >+#SECTION_SCHEDULED_TASKS="Scheduled tasks" >+#SECTION_SECURITY_FRAMEWORKS="Security frameworks" >+#SECTION_SHELLS="Shells" >+#SECTION_SNMP_SUPPORT="SNMP Support" >+#SECTION_SOFTWARE="Software" >+#SECTION_SQUID_SUPPORT="Squid Support" >+#SECTION_SSH_SUPPORT="SSH Support" >+#SECTION_STORAGE="Storage" >+#SECTION_SYSTEM_INTEGRITY="Software: System integrity" >+#SECTION_SYSTEM_TOOLING="Software: System tooling" >+#SECTION_SYSTEM_TOOLS="System tools" >+#SECTION_TIME_AND_SYNCHRONIZATION="Time and Synchronization" >+#SECTION_USB_DEVICES="USB Devices" >+#SECTION_USERS_GROUPS_AND_AUTHENTICATION="Users, Groups and Authentication" >+#SECTION_VIRTUALIZATION="Virtualization" >+#SECTION_WEBSERVER="Software: webserver" >+#STATUS_ACTIVE="ACTIVE" >+#STATUS_CHECK_NEEDED="CHECK NEEDED" >+#STATUS_DEBUG="DEBUG" >+#STATUS_DEFAULT="DEFAULT" >+#STATUS_DIFFERENT="DIFFERENT" > STATUS_DISABLED="DEAKTIVERT" > STATUS_DONE="FERDIG" > STATUS_ENABLED="AKTIVERT" > STATUS_ERROR="FEIL" >+#STATUS_EXPOSED="EXPOSED" >+#STATUS_FAILED="FAILED" >+#STATUS_FILES_FOUND="FILES FOUND" > STATUS_FOUND="FUNNET" >-STATUS_YES="JA" >+#STATUS_HARDENED="HARDENED" >+#STATUS_INSTALLED="INSTALLED" >+#STATUS_LOCAL_ONLY="LOCAL ONLY" >+#STATUS_MEDIUM="MEDIUM" >+#STATUS_NON_DEFAULT="NON DEFAULT" > STATUS_NO="NEI" >-STATUS_OFF="AV" >-STATUS_OK="OK" >-STATUS_ON="PÃ" > STATUS_NONE="INGEN" >+#STATUS_NOT_CONFIGURED="NOT CONFIGURED" >+#STATUS_NOT_DISABLED="NOT DISABLED" >+#STATUS_NOT_ENABLED="NOT ENABLED" > STATUS_NOT_FOUND="IKKE FUNNET" > STATUS_NOT_RUNNING="KJÃRER IKKE" >+#STATUS_NO_UPDATE="NO UPDATE" >+STATUS_OFF="AV" >+STATUS_OK="OK" >+STATUS_ON="PÃ" >+#STATUS_PARTIALLY_HARDENED="PARTIALLY HARDENED" >+#STATUS_PROTECTED="PROTECTED" > STATUS_RUNNING="KJÃRER" > STATUS_SKIPPED="UTELATT" > STATUS_SUGGESTION="FORSLAG" > STATUS_UNKNOWN="UKJENT" >+#STATUS_UNSAFE="UNSAFE" >+#STATUS_UPDATE_AVAILABLE="UPDATE AVAILABLE" > STATUS_WARNING="ADVARSEL" >-TEXT_YOU_CAN_HELP_LOGFILE="Du kan bidra ved Ã¥ laste opp din loggfil" >+#STATUS_WEAK="WEAK" >+STATUS_YES="JA" > TEXT_UPDATE_AVAILABLE="oppdatering tilgjengelig" >+TEXT_YOU_CAN_HELP_LOGFILE="Du kan bidra ved Ã¥ laste opp din loggfil" >diff -ur lynis-3.0.0/db/languages/nl lynis-3.0.8/db/languages/nl >--- lynis-3.0.0/db/languages/nl 2020-06-18 03:00:00 >+++ lynis-3.0.8/db/languages/nl 2022-05-17 03:00:00 >@@ -7,39 +7,101 @@ > GEN_LATEST_VERSION="Laatste versie" > GEN_PHASE="fase" > GEN_PLUGINS_ENABLED="Plugins geactiveerd" >-GEN_VERBOSE_MODE="Verbose modus" > GEN_UPDATE_AVAILABLE="Update beschikbaar" >+GEN_VERBOSE_MODE="Verbose modus" > GEN_WHAT_TO_DO="Wat te doen" > NOTE_EXCEPTIONS_FOUND="Bijzonderheden gevonden" > NOTE_EXCEPTIONS_FOUND_DETAILED="Enkele bijzondere gebeurtenissen of informatie gevonden" > NOTE_PLUGINS_TAKE_TIME="Let op: plugins hebben uitgebreidere testen en kunnen daardoor enkele minuten duren" > NOTE_SKIPPED_TESTS_NON_PRIVILEGED="Overgeslagen testen vanwege beperkte rechten" >+#SECTION_ACCOUNTING="Accounting" >+#SECTION_BANNERS_AND_IDENTIFICATION="Banners and identification" >+#SECTION_BASICS="Basics" >+#SECTION_BOOT_AND_SERVICES="Boot and services" >+#SECTION_CONTAINERS="Containers" >+#SECTION_CRYPTOGRAPHY="Cryptography" > SECTION_CUSTOM_TESTS="Eigen testen" >+#SECTION_DATABASES="Databases" > SECTION_DATA_UPLOAD="Data upload" >+#SECTION_DOWNLOADS="Downloads" >+#SECTION_EMAIL_AND_MESSAGING="Software: e-mail and messaging" >+#SECTION_FILE_INTEGRITY="Software: file integrity" >+#SECTION_FILE_PERMISSIONS="File Permissions" >+#SECTION_FILE_SYSTEMS="File systems" >+#SECTION_FIREWALLS="Software: firewalls" >+#SECTION_GENERAL="General" >+#SECTION_HARDENING="Hardening" >+#SECTION_HOME_DIRECTORIES="Home directories" >+#SECTION_IMAGE="Image" > SECTION_INITIALIZING_PROGRAM="Programma initialiseren" >+#SECTION_INSECURE_SERVICES="Insecure services" >+#SECTION_KERNEL_HARDENING="Kernel Hardening" >+#SECTION_KERNEL="Kernel" >+#SECTION_LDAP_SERVICES="LDAP Services" >+#SECTION_LOGGING_AND_FILES="Logging and files" > SECTION_MALWARE="Kwaadaardige software (malware)" > SECTION_MEMORY_AND_PROCESSES="Geheugen en Processen" >+#SECTION_NAME_SERVICES="Name services" >+#SECTION_NETWORKING="Networking" >+#SECTION_PERMISSIONS="Permissions" >+#SECTION_PORTS_AND_PACKAGES="Ports and packages" >+#SECTION_PRINTERS_AND_SPOOLS="Printers and Spools" >+#SECTION_PROGRAM_DETAILS="Program Details" >+#SECTION_SCHEDULED_TASKS="Scheduled tasks" >+#SECTION_SECURITY_FRAMEWORKS="Security frameworks" >+#SECTION_SHELLS="Shells" >+#SECTION_SNMP_SUPPORT="SNMP Support" >+#SECTION_SOFTWARE="Software" >+#SECTION_SQUID_SUPPORT="Squid Support" >+#SECTION_SSH_SUPPORT="SSH Support" >+#SECTION_STORAGE="Storage" >+#SECTION_SYSTEM_INTEGRITY="Software: System integrity" >+#SECTION_SYSTEM_TOOLING="Software: System tooling" > SECTION_SYSTEM_TOOLS="Systeem gereedschap" >+#SECTION_TIME_AND_SYNCHRONIZATION="Time and Synchronization" >+#SECTION_USB_DEVICES="USB Devices" >+#SECTION_USERS_GROUPS_AND_AUTHENTICATION="Users, Groups and Authentication" >+#SECTION_VIRTUALIZATION="Virtualization" >+#SECTION_WEBSERVER="Software: webserver" >+#STATUS_ACTIVE="ACTIVE" >+#STATUS_CHECK_NEEDED="CHECK NEEDED" >+#STATUS_DEBUG="DEBUG" >+#STATUS_DEFAULT="DEFAULT" >+#STATUS_DIFFERENT="DIFFERENT" > STATUS_DISABLED="UITGESCHAKELD" > STATUS_DONE="KLAAR" > STATUS_ENABLED="INGESCHAKELD" > STATUS_ERROR="FOUT" >+#STATUS_EXPOSED="EXPOSED" > STATUS_FAILED="MISLUKT" >+#STATUS_FILES_FOUND="FILES FOUND" > STATUS_FOUND="GEVONDEN" >-STATUS_OFF="UIT" >-STATUS_OK="OK" >-STATUS_ON="AAN" >+#STATUS_HARDENED="HARDENED" >+#STATUS_INSTALLED="INSTALLED" >+#STATUS_LOCAL_ONLY="LOCAL ONLY" >+#STATUS_MEDIUM="MEDIUM" >+#STATUS_NON_DEFAULT="NON DEFAULT" > STATUS_NO="NEE" > STATUS_NONE="GEEN" > STATUS_NOT_CONFIGURED="NIET GECONFIGUREERD" >+#STATUS_NOT_DISABLED="NOT DISABLED" >+#STATUS_NOT_ENABLED="NOT ENABLED" > STATUS_NOT_FOUND="NIET GEVONDEN" > STATUS_NOT_RUNNING="NIET ACTIEF" >+#STATUS_NO_UPDATE="NO UPDATE" >+STATUS_OFF="UIT" >+STATUS_OK="OK" >+STATUS_ON="AAN" >+#STATUS_PARTIALLY_HARDENED="PARTIALLY HARDENED" >+#STATUS_PROTECTED="PROTECTED" > STATUS_RUNNING="ACTIEF" > STATUS_SKIPPED="OVERGESLAGEN" > STATUS_SUGGESTION="SUGGESTIE" > STATUS_UNKNOWN="ONBEKEND" >+#STATUS_UNSAFE="UNSAFE" >+#STATUS_UPDATE_AVAILABLE="UPDATE AVAILABLE" > STATUS_WARNING="WAARSCHUWING" > STATUS_WEAK="ZWAK" > STATUS_YES="JA" >-TEXT_YOU_CAN_HELP_LOGFILE="Help mee door je logbestand te delen" > TEXT_UPDATE_AVAILABLE="update beschikbaar" >+TEXT_YOU_CAN_HELP_LOGFILE="Help mee door je logbestand te delen" >diff -ur lynis-3.0.0/db/languages/nl-BE lynis-3.0.8/db/languages/nl-BE >--- lynis-3.0.0/db/languages/nl-BE 2020-06-18 03:00:00 >+++ lynis-3.0.8/db/languages/nl-BE 2022-05-17 03:00:00 >@@ -7,39 +7,101 @@ > GEN_LATEST_VERSION="Laatste versie" > GEN_PHASE="fase" > GEN_PLUGINS_ENABLED="Plugins geactiveerd" >-GEN_VERBOSE_MODE="Verbose modus" > GEN_UPDATE_AVAILABLE="Update beschikbaar" >+GEN_VERBOSE_MODE="Verbose modus" > GEN_WHAT_TO_DO="Wat te doen" > NOTE_EXCEPTIONS_FOUND="Bijzonderheden gevonden" > NOTE_EXCEPTIONS_FOUND_DETAILED="Enkele bijzondere gebeurtenissen of informatie gevonden" > NOTE_PLUGINS_TAKE_TIME="Let op: plugins hebben uitgebreidere testen en kunnen daardoor enkele minuten duren" > NOTE_SKIPPED_TESTS_NON_PRIVILEGED="Overgeslagen testen vanwege beperkte rechten" >+#SECTION_ACCOUNTING="Accounting" >+#SECTION_BANNERS_AND_IDENTIFICATION="Banners and identification" >+#SECTION_BASICS="Basics" >+#SECTION_BOOT_AND_SERVICES="Boot and services" >+#SECTION_CONTAINERS="Containers" >+#SECTION_CRYPTOGRAPHY="Cryptography" > SECTION_CUSTOM_TESTS="Eigen testen" >+#SECTION_DATABASES="Databases" > SECTION_DATA_UPLOAD="Data upload" >+#SECTION_DOWNLOADS="Downloads" >+#SECTION_EMAIL_AND_MESSAGING="Software: e-mail and messaging" >+#SECTION_FILE_INTEGRITY="Software: file integrity" >+#SECTION_FILE_PERMISSIONS="File Permissions" >+#SECTION_FILE_SYSTEMS="File systems" >+#SECTION_FIREWALLS="Software: firewalls" >+#SECTION_GENERAL="General" >+#SECTION_HARDENING="Hardening" >+#SECTION_HOME_DIRECTORIES="Home directories" >+#SECTION_IMAGE="Image" > SECTION_INITIALIZING_PROGRAM="Programma initialiseren" >+#SECTION_INSECURE_SERVICES="Insecure services" >+#SECTION_KERNEL_HARDENING="Kernel Hardening" >+#SECTION_KERNEL="Kernel" >+#SECTION_LDAP_SERVICES="LDAP Services" >+#SECTION_LOGGING_AND_FILES="Logging and files" > SECTION_MALWARE="Kwaadaardige software (malware)" > SECTION_MEMORY_AND_PROCESSES="Geheugen en Processen" >+#SECTION_NAME_SERVICES="Name services" >+#SECTION_NETWORKING="Networking" >+#SECTION_PERMISSIONS="Permissions" >+#SECTION_PORTS_AND_PACKAGES="Ports and packages" >+#SECTION_PRINTERS_AND_SPOOLS="Printers and Spools" >+#SECTION_PROGRAM_DETAILS="Program Details" >+#SECTION_SCHEDULED_TASKS="Scheduled tasks" >+#SECTION_SECURITY_FRAMEWORKS="Security frameworks" >+#SECTION_SHELLS="Shells" >+#SECTION_SNMP_SUPPORT="SNMP Support" >+#SECTION_SOFTWARE="Software" >+#SECTION_SQUID_SUPPORT="Squid Support" >+#SECTION_SSH_SUPPORT="SSH Support" >+#SECTION_STORAGE="Storage" >+#SECTION_SYSTEM_INTEGRITY="Software: System integrity" >+#SECTION_SYSTEM_TOOLING="Software: System tooling" > SECTION_SYSTEM_TOOLS="Systeem gereedschap" >+#SECTION_TIME_AND_SYNCHRONIZATION="Time and Synchronization" >+#SECTION_USB_DEVICES="USB Devices" >+#SECTION_USERS_GROUPS_AND_AUTHENTICATION="Users, Groups and Authentication" >+#SECTION_VIRTUALIZATION="Virtualization" >+#SECTION_WEBSERVER="Software: webserver" >+#STATUS_ACTIVE="ACTIVE" >+#STATUS_CHECK_NEEDED="CHECK NEEDED" >+#STATUS_DEBUG="DEBUG" >+#STATUS_DEFAULT="DEFAULT" >+#STATUS_DIFFERENT="DIFFERENT" > STATUS_DISABLED="UITGESCHAKELD" > STATUS_DONE="KLAAR" > STATUS_ENABLED="INGESCHAKELD" > STATUS_ERROR="FOUT" >+#STATUS_EXPOSED="EXPOSED" > STATUS_FAILED="MISLUKT" >+#STATUS_FILES_FOUND="FILES FOUND" > STATUS_FOUND="GEVONDEN" >-STATUS_OFF="UIT" >-STATUS_OK="OK" >-STATUS_ON="AAN" >+#STATUS_HARDENED="HARDENED" >+#STATUS_INSTALLED="INSTALLED" >+#STATUS_LOCAL_ONLY="LOCAL ONLY" >+#STATUS_MEDIUM="MEDIUM" >+#STATUS_NON_DEFAULT="NON DEFAULT" > STATUS_NO="NEE" > STATUS_NONE="GEEN" > STATUS_NOT_CONFIGURED="NIET GECONFIGUREERD" >+#STATUS_NOT_DISABLED="NOT DISABLED" >+#STATUS_NOT_ENABLED="NOT ENABLED" > STATUS_NOT_FOUND="NIET GEVONDEN" > STATUS_NOT_RUNNING="NIET ACTIEF" >+#STATUS_NO_UPDATE="NO UPDATE" >+STATUS_OFF="UIT" >+STATUS_OK="OK" >+STATUS_ON="AAN" >+#STATUS_PARTIALLY_HARDENED="PARTIALLY HARDENED" >+#STATUS_PROTECTED="PROTECTED" > STATUS_RUNNING="ACTIEF" > STATUS_SKIPPED="OVERGESLAGEN" > STATUS_SUGGESTION="SUGGESTIE" > STATUS_UNKNOWN="ONBEKEND" >+#STATUS_UNSAFE="UNSAFE" >+#STATUS_UPDATE_AVAILABLE="UPDATE AVAILABLE" > STATUS_WARNING="WAARSCHUWING" > STATUS_WEAK="ZWAK" > STATUS_YES="JA" >-TEXT_YOU_CAN_HELP_LOGFILE="Help mee door je logbestand te delen" > TEXT_UPDATE_AVAILABLE="update beschikbaar" >+TEXT_YOU_CAN_HELP_LOGFILE="Help mee door je logbestand te delen" >diff -ur lynis-3.0.0/db/languages/nl-NL lynis-3.0.8/db/languages/nl-NL >--- lynis-3.0.0/db/languages/nl-NL 2020-06-18 03:00:00 >+++ lynis-3.0.8/db/languages/nl-NL 2022-05-17 03:00:00 >@@ -7,39 +7,101 @@ > GEN_LATEST_VERSION="Laatste versie" > GEN_PHASE="fase" > GEN_PLUGINS_ENABLED="Plugins geactiveerd" >-GEN_VERBOSE_MODE="Verbose modus" > GEN_UPDATE_AVAILABLE="Update beschikbaar" >+GEN_VERBOSE_MODE="Verbose modus" > GEN_WHAT_TO_DO="Wat te doen" > NOTE_EXCEPTIONS_FOUND="Bijzonderheden gevonden" > NOTE_EXCEPTIONS_FOUND_DETAILED="Enkele bijzondere gebeurtenissen of informatie gevonden" > NOTE_PLUGINS_TAKE_TIME="Let op: plugins hebben uitgebreidere testen en kunnen daardoor enkele minuten duren" > NOTE_SKIPPED_TESTS_NON_PRIVILEGED="Overgeslagen testen vanwege beperkte rechten" >+#SECTION_ACCOUNTING="Accounting" >+#SECTION_BANNERS_AND_IDENTIFICATION="Banners and identification" >+#SECTION_BASICS="Basics" >+#SECTION_BOOT_AND_SERVICES="Boot and services" >+#SECTION_CONTAINERS="Containers" >+#SECTION_CRYPTOGRAPHY="Cryptography" > SECTION_CUSTOM_TESTS="Eigen testen" >+#SECTION_DATABASES="Databases" > SECTION_DATA_UPLOAD="Data upload" >+#SECTION_DOWNLOADS="Downloads" >+#SECTION_EMAIL_AND_MESSAGING="Software: e-mail and messaging" >+#SECTION_FILE_INTEGRITY="Software: file integrity" >+#SECTION_FILE_PERMISSIONS="File Permissions" >+#SECTION_FILE_SYSTEMS="File systems" >+#SECTION_FIREWALLS="Software: firewalls" >+#SECTION_GENERAL="General" >+#SECTION_HARDENING="Hardening" >+#SECTION_HOME_DIRECTORIES="Home directories" >+#SECTION_IMAGE="Image" > SECTION_INITIALIZING_PROGRAM="Programma initialiseren" >+#SECTION_INSECURE_SERVICES="Insecure services" >+#SECTION_KERNEL_HARDENING="Kernel Hardening" >+#SECTION_KERNEL="Kernel" >+#SECTION_LDAP_SERVICES="LDAP Services" >+#SECTION_LOGGING_AND_FILES="Logging and files" > SECTION_MALWARE="Kwaadaardige software (malware)" > SECTION_MEMORY_AND_PROCESSES="Geheugen en Processen" >+#SECTION_NAME_SERVICES="Name services" >+#SECTION_NETWORKING="Networking" >+#SECTION_PERMISSIONS="Permissions" >+#SECTION_PORTS_AND_PACKAGES="Ports and packages" >+#SECTION_PRINTERS_AND_SPOOLS="Printers and Spools" >+#SECTION_PROGRAM_DETAILS="Program Details" >+#SECTION_SCHEDULED_TASKS="Scheduled tasks" >+#SECTION_SECURITY_FRAMEWORKS="Security frameworks" >+#SECTION_SHELLS="Shells" >+#SECTION_SNMP_SUPPORT="SNMP Support" >+#SECTION_SOFTWARE="Software" >+#SECTION_SQUID_SUPPORT="Squid Support" >+#SECTION_SSH_SUPPORT="SSH Support" >+#SECTION_STORAGE="Storage" >+#SECTION_SYSTEM_INTEGRITY="Software: System integrity" >+#SECTION_SYSTEM_TOOLING="Software: System tooling" > SECTION_SYSTEM_TOOLS="Systeem gereedschap" >+#SECTION_TIME_AND_SYNCHRONIZATION="Time and Synchronization" >+#SECTION_USB_DEVICES="USB Devices" >+#SECTION_USERS_GROUPS_AND_AUTHENTICATION="Users, Groups and Authentication" >+#SECTION_VIRTUALIZATION="Virtualization" >+#SECTION_WEBSERVER="Software: webserver" >+#STATUS_ACTIVE="ACTIVE" >+#STATUS_CHECK_NEEDED="CHECK NEEDED" >+#STATUS_DEBUG="DEBUG" >+#STATUS_DEFAULT="DEFAULT" >+#STATUS_DIFFERENT="DIFFERENT" > STATUS_DISABLED="UITGESCHAKELD" > STATUS_DONE="KLAAR" > STATUS_ENABLED="INGESCHAKELD" > STATUS_ERROR="FOUT" >+#STATUS_EXPOSED="EXPOSED" > STATUS_FAILED="MISLUKT" >+#STATUS_FILES_FOUND="FILES FOUND" > STATUS_FOUND="GEVONDEN" >-STATUS_OFF="UIT" >-STATUS_OK="OK" >-STATUS_ON="AAN" >+#STATUS_HARDENED="HARDENED" >+#STATUS_INSTALLED="INSTALLED" >+#STATUS_LOCAL_ONLY="LOCAL ONLY" >+#STATUS_MEDIUM="MEDIUM" >+#STATUS_NON_DEFAULT="NON DEFAULT" > STATUS_NO="NEE" > STATUS_NONE="GEEN" > STATUS_NOT_CONFIGURED="NIET GECONFIGUREERD" >+#STATUS_NOT_DISABLED="NOT DISABLED" >+#STATUS_NOT_ENABLED="NOT ENABLED" > STATUS_NOT_FOUND="NIET GEVONDEN" > STATUS_NOT_RUNNING="NIET ACTIEF" >+#STATUS_NO_UPDATE="NO UPDATE" >+STATUS_OFF="UIT" >+STATUS_OK="OK" >+STATUS_ON="AAN" >+#STATUS_PARTIALLY_HARDENED="PARTIALLY HARDENED" >+#STATUS_PROTECTED="PROTECTED" > STATUS_RUNNING="ACTIEF" > STATUS_SKIPPED="OVERGESLAGEN" > STATUS_SUGGESTION="SUGGESTIE" > STATUS_UNKNOWN="ONBEKEND" >+#STATUS_UNSAFE="UNSAFE" >+#STATUS_UPDATE_AVAILABLE="UPDATE AVAILABLE" > STATUS_WARNING="WAARSCHUWING" > STATUS_WEAK="ZWAK" > STATUS_YES="JA" >-TEXT_YOU_CAN_HELP_LOGFILE="Help mee door je logbestand te delen" > TEXT_UPDATE_AVAILABLE="update beschikbaar" >+TEXT_YOU_CAN_HELP_LOGFILE="Help mee door je logbestand te delen" >diff -ur lynis-3.0.0/db/languages/pl lynis-3.0.8/db/languages/pl >--- lynis-3.0.0/db/languages/pl 2020-06-18 03:00:00 >+++ lynis-3.0.8/db/languages/pl 2022-05-17 03:00:00 >@@ -4,35 +4,104 @@ > #GEN_CURRENT_VERSION="Current version" > #GEN_DEBUG_MODE="Debug mode" > #GEN_INITIALIZE_PROGRAM="Initializing program" >+#GEN_LATEST_VERSION="Latest version" > #GEN_PHASE="phase" > #GEN_PLUGINS_ENABLED="Plugins enabled" >-#GEN_VERBOSE_MODE="Verbose mode" > #GEN_UPDATE_AVAILABLE="update available" >+#GEN_VERBOSE_MODE="Verbose mode" > #GEN_WHAT_TO_DO="What to do" >-#NOTE_EXCEPTIONS_FOUND="Exceptions found" > #NOTE_EXCEPTIONS_FOUND_DETAILED="Some exceptional events or information was found" >+#NOTE_EXCEPTIONS_FOUND="Exceptions found" > #NOTE_PLUGINS_TAKE_TIME="Note: plugins have more extensive tests and may take several minutes to complete" > #NOTE_SKIPPED_TESTS_NON_PRIVILEGED="Skipped tests due to non-privileged mode" >+#SECTION_ACCOUNTING="Accounting" >+#SECTION_BANNERS_AND_IDENTIFICATION="Banners and identification" >+#SECTION_BASICS="Basics" >+#SECTION_BOOT_AND_SERVICES="Boot and services" >+#SECTION_CONTAINERS="Containers" >+#SECTION_CRYPTOGRAPHY="Cryptography" > #SECTION_CUSTOM_TESTS="Custom Tests" >+#SECTION_DATABASES="Databases" >+#SECTION_DATA_UPLOAD="Data upload" >+#SECTION_DOWNLOADS="Downloads" >+#SECTION_EMAIL_AND_MESSAGING="Software: e-mail and messaging" >+#SECTION_FILE_INTEGRITY="Software: file integrity" >+#SECTION_FILE_PERMISSIONS="File Permissions" >+#SECTION_FILE_SYSTEMS="File systems" >+#SECTION_FIREWALLS="Software: firewalls" >+#SECTION_GENERAL="General" >+#SECTION_HARDENING="Hardening" >+#SECTION_HOME_DIRECTORIES="Home directories" >+#SECTION_IMAGE="Image" >+#SECTION_INITIALIZING_PROGRAM="Initializing program" >+#SECTION_INSECURE_SERVICES="Insecure services" >+#SECTION_KERNEL_HARDENING="Kernel Hardening" >+#SECTION_KERNEL="Kernel" >+#SECTION_LDAP_SERVICES="LDAP Services" >+#SECTION_LOGGING_AND_FILES="Logging and files" > #SECTION_MALWARE="Malware" > #SECTION_MEMORY_AND_PROCESSES="Memory and Processes" >+#SECTION_NAME_SERVICES="Name services" >+#SECTION_NETWORKING="Networking" >+#SECTION_PERMISSIONS="Permissions" >+#SECTION_PORTS_AND_PACKAGES="Ports and packages" >+#SECTION_PRINTERS_AND_SPOOLS="Printers and Spools" >+#SECTION_PROGRAM_DETAILS="Program Details" >+#SECTION_SCHEDULED_TASKS="Scheduled tasks" >+#SECTION_SECURITY_FRAMEWORKS="Security frameworks" >+#SECTION_SHELLS="Shells" >+#SECTION_SNMP_SUPPORT="SNMP Support" >+#SECTION_SOFTWARE="Software" >+#SECTION_SQUID_SUPPORT="Squid Support" >+#SECTION_SSH_SUPPORT="SSH Support" >+#SECTION_STORAGE="Storage" >+#SECTION_SYSTEM_INTEGRITY="Software: System integrity" >+#SECTION_SYSTEM_TOOLING="Software: System tooling" >+#SECTION_SYSTEM_TOOLS="System tools" >+#SECTION_TIME_AND_SYNCHRONIZATION="Time and Synchronization" >+#SECTION_USB_DEVICES="USB Devices" >+#SECTION_USERS_GROUPS_AND_AUTHENTICATION="Users, Groups and Authentication" >+#SECTION_VIRTUALIZATION="Virtualization" >+#SECTION_WEBSERVER="Software: webserver" >+#STATUS_ACTIVE="ACTIVE" >+#STATUS_CHECK_NEEDED="CHECK NEEDED" >+#STATUS_DEBUG="DEBUG" >+#STATUS_DEFAULT="DEFAULT" >+#STATUS_DIFFERENT="DIFFERENT" > #STATUS_DISABLED="DISABLED" > #STATUS_DONE="DONE" > #STATUS_ENABLED="ENABLED" > #STATUS_ERROR="ERROR" >+#STATUS_EXPOSED="EXPOSED" >+#STATUS_FAILED="FAILED" >+#STATUS_FILES_FOUND="FILES FOUND" > #STATUS_FOUND="FOUND" >-#STATUS_YES="YES" >+#STATUS_HARDENED="HARDENED" >+#STATUS_INSTALLED="INSTALLED" >+#STATUS_LOCAL_ONLY="LOCAL ONLY" >+#STATUS_MEDIUM="MEDIUM" >+#STATUS_NON_DEFAULT="NON DEFAULT" >+#STATUS_NONE="NONE" > #STATUS_NO="NO" >+#STATUS_NOT_CONFIGURED="NOT CONFIGURED" >+#STATUS_NOT_DISABLED="NOT DISABLED" >+#STATUS_NOT_ENABLED="NOT ENABLED" >+#STATUS_NOT_FOUND="NOT FOUND" >+#STATUS_NOT_RUNNING="NOT RUNNING" >+#STATUS_NO_UPDATE="NO UPDATE" > #STATUS_OFF="OFF" > #STATUS_OK="OK" > #STATUS_ON="ON" >-#STATUS_NONE="NONE" >-#STATUS_NOT_FOUND="NOT FOUND" >-#STATUS_NOT_RUNNING="NOT RUNNING" >+#STATUS_PARTIALLY_HARDENED="PARTIALLY HARDENED" >+#STATUS_PROTECTED="PROTECTED" > #STATUS_RUNNING="RUNNING" > #STATUS_SKIPPED="SKIPPED" > #STATUS_SUGGESTION="SUGGESTION" > #STATUS_UNKNOWN="UNKNOWN" >+#STATUS_UNSAFE="UNSAFE" >+#STATUS_UPDATE_AVAILABLE="UPDATE AVAILABLE" > #STATUS_WARNING="WARNING" >-#TEXT_YOU_CAN_HELP_LOGFILE="You can help by providing your log file" >+#STATUS_WEAK="WEAK" >+#STATUS_YES="YES" > #TEXT_UPDATE_AVAILABLE="update available" >+#TEXT_YOU_CAN_HELP_LOGFILE="You can help by providing your log file" >diff -ur lynis-3.0.0/db/languages/pt lynis-3.0.8/db/languages/pt >--- lynis-3.0.0/db/languages/pt 2020-06-18 03:00:00 >+++ lynis-3.0.8/db/languages/pt 2022-05-17 03:00:00 >@@ -10,30 +10,98 @@ > GEN_UPDATE_AVAILABLE="Atualização disponÃvel" > GEN_VERBOSE_MODE="Modo verbose" > GEN_WHAT_TO_DO="O que fazer" >-NOTE_EXCEPTIONS_FOUND="Exceptions encontradas" > NOTE_EXCEPTIONS_FOUND_DETAILED="Alguns eventos ou informações excepcionais foram encontrados" >+NOTE_EXCEPTIONS_FOUND="Exceptions encontradas" > NOTE_PLUGINS_TAKE_TIME="Nota: plugins requerem testes mais extensivos e podem levar vários minutos para completar" > NOTE_SKIPPED_TESTS_NON_PRIVILEGED="Testes ignorados devido ao modo sem privilégios" >+#SECTION_ACCOUNTING="Accounting" >+#SECTION_BANNERS_AND_IDENTIFICATION="Banners and identification" >+#SECTION_BASICS="Basics" >+#SECTION_BOOT_AND_SERVICES="Boot and services" >+#SECTION_CONTAINERS="Containers" >+#SECTION_CRYPTOGRAPHY="Cryptography" > SECTION_CUSTOM_TESTS="Testes personalizados" >+#SECTION_DATABASES="Databases" >+#SECTION_DATA_UPLOAD="Data upload" >+#SECTION_DOWNLOADS="Downloads" >+#SECTION_EMAIL_AND_MESSAGING="Software: e-mail and messaging" >+#SECTION_FILE_INTEGRITY="Software: file integrity" >+#SECTION_FILE_PERMISSIONS="File Permissions" >+#SECTION_FILE_SYSTEMS="File systems" >+#SECTION_FIREWALLS="Software: firewalls" >+#SECTION_GENERAL="General" >+#SECTION_HARDENING="Hardening" >+#SECTION_HOME_DIRECTORIES="Home directories" >+#SECTION_IMAGE="Image" >+#SECTION_INITIALIZING_PROGRAM="Initializing program" >+#SECTION_INSECURE_SERVICES="Insecure services" >+#SECTION_KERNEL_HARDENING="Kernel Hardening" >+#SECTION_KERNEL="Kernel" >+#SECTION_LDAP_SERVICES="LDAP Services" >+#SECTION_LOGGING_AND_FILES="Logging and files" > SECTION_MALWARE="Malware" > SECTION_MEMORY_AND_PROCESSES="Memória e Processos" >+#SECTION_NAME_SERVICES="Name services" >+#SECTION_NETWORKING="Networking" >+#SECTION_PERMISSIONS="Permissions" >+#SECTION_PORTS_AND_PACKAGES="Ports and packages" >+#SECTION_PRINTERS_AND_SPOOLS="Printers and Spools" >+#SECTION_PROGRAM_DETAILS="Program Details" >+#SECTION_SCHEDULED_TASKS="Scheduled tasks" >+#SECTION_SECURITY_FRAMEWORKS="Security frameworks" >+#SECTION_SHELLS="Shells" >+#SECTION_SNMP_SUPPORT="SNMP Support" >+#SECTION_SOFTWARE="Software" >+#SECTION_SQUID_SUPPORT="Squid Support" >+#SECTION_SSH_SUPPORT="SSH Support" >+#SECTION_STORAGE="Storage" >+#SECTION_SYSTEM_INTEGRITY="Software: System integrity" >+#SECTION_SYSTEM_TOOLING="Software: System tooling" >+#SECTION_SYSTEM_TOOLS="System tools" >+#SECTION_TIME_AND_SYNCHRONIZATION="Time and Synchronization" >+#SECTION_USB_DEVICES="USB Devices" >+#SECTION_USERS_GROUPS_AND_AUTHENTICATION="Users, Groups and Authentication" >+#SECTION_VIRTUALIZATION="Virtualization" >+#SECTION_WEBSERVER="Software: webserver" >+#STATUS_ACTIVE="ACTIVE" >+#STATUS_CHECK_NEEDED="CHECK NEEDED" >+#STATUS_DEBUG="DEBUG" >+#STATUS_DEFAULT="DEFAULT" >+#STATUS_DIFFERENT="DIFFERENT" > STATUS_DISABLED="DESABILITADO" > STATUS_DONE="FEITO" > STATUS_ENABLED="HABILITADO" > STATUS_ERROR="ERRO" >+#STATUS_EXPOSED="EXPOSED" >+#STATUS_FAILED="FAILED" >+#STATUS_FILES_FOUND="FILES FOUND" > STATUS_FOUND="ENCONTRADO" >-STATUS_YES="SIM" >+#STATUS_HARDENED="HARDENED" >+#STATUS_INSTALLED="INSTALLED" >+#STATUS_LOCAL_ONLY="LOCAL ONLY" >+#STATUS_MEDIUM="MEDIUM" > STATUS_NO="NÃO" >-STATUS_OFF="OFF" >-STATUS_OK="OK" >-STATUS_ON="ON" >+#STATUS_NON_DEFAULT="NON DEFAULT" > STATUS_NONE="NENHUM" >+#STATUS_NOT_CONFIGURED="NOT CONFIGURED" >+#STATUS_NOT_DISABLED="NOT DISABLED" >+#STATUS_NOT_ENABLED="NOT ENABLED" > STATUS_NOT_FOUND="NÃO ENCONTRADO" > STATUS_NOT_RUNNING="PARADO" >+#STATUS_NO_UPDATE="NO UPDATE" >+STATUS_OFF="OFF" >+STATUS_OK="OK" >+STATUS_ON="ON" >+#STATUS_PARTIALLY_HARDENED="PARTIALLY HARDENED" >+#STATUS_PROTECTED="PROTECTED" > STATUS_RUNNING="EM EXECUÃÃO" > STATUS_SKIPPED="IGNORADO" > STATUS_SUGGESTION="SUGESTÃO" > STATUS_UNKNOWN="DESCONHECIDO" >+#STATUS_UNSAFE="UNSAFE" >+#STATUS_UPDATE_AVAILABLE="UPDATE AVAILABLE" > STATUS_WARNING="ATENÃÃO" >-TEXT_YOU_CAN_HELP_LOGFILE="Você pode ajudar fornecendo seu arquivo de log" >+#STATUS_WEAK="WEAK" >+STATUS_YES="SIM" > TEXT_UPDATE_AVAILABLE="Atualização disponÃvel" >+TEXT_YOU_CAN_HELP_LOGFILE="Você pode ajudar fornecendo seu arquivo de log" >diff -ur lynis-3.0.0/db/languages/ru lynis-3.0.8/db/languages/ru >--- lynis-3.0.0/db/languages/ru 2020-06-18 03:00:00 >+++ lynis-3.0.8/db/languages/ru 2022-05-17 03:00:00 >@@ -1,38 +1,107 @@ >+ERROR_NO_LICENSE="ÐиÑензионнÑй клÑÑ Ð½Ðµ наÑÑÑоен" >+ERROR_NO_UPLOAD_SERVER="ÐагÑÑзоÑнÑй ÑеÑÐ²ÐµÑ Ð½Ðµ наÑÑÑоен" > GEN_CHECKING="ÐÑовеÑка" > GEN_CURRENT_VERSION="ТекÑÑÐ°Ñ Ð²ÐµÑÑиÑ" > GEN_DEBUG_MODE="Режим оÑладки" > GEN_INITIALIZE_PROGRAM="ÐниÑиализаÑÐ¸Ñ Ð¿ÑогÑаммÑ" >+GEN_LATEST_VERSION="ÐоÑледнÑÑ Ð²ÐµÑÑиÑ" > GEN_PHASE="СÑадиÑ" > GEN_PLUGINS_ENABLED="ÐÐ»Ð°Ð³Ð¸Ð½Ñ Ð²ÐºÐ»ÑÑенÑ" >-GEN_VERBOSE_MODE="ÐодÑобнÑй Ñежим" > GEN_UPDATE_AVAILABLE="доÑÑÑпно обновление" >+GEN_VERBOSE_MODE="ÐодÑобнÑй Ñежим" > GEN_WHAT_TO_DO="ЧÑо ÑделаÑÑ" >-NOTE_EXCEPTIONS_FOUND="ÐÐ°Ð¹Ð´ÐµÐ½Ñ Ð¸ÑклÑÑениÑ" > NOTE_EXCEPTIONS_FOUND_DETAILED="ÐÑли Ð½Ð°Ð¹Ð´ÐµÐ½Ñ Ð½ÐµÐºÐ¾ÑоÑÑе иÑклÑÑиÑелÑнÑе ÑобÑÑÐ¸Ñ Ð¸Ð»Ð¸ инÑоÑмаÑиÑ" >+NOTE_EXCEPTIONS_FOUND="ÐÐ°Ð¹Ð´ÐµÐ½Ñ Ð¸ÑклÑÑениÑ" > NOTE_PLUGINS_TAKE_TIME="ÐÑимеÑание: Ð¿Ð»Ð°Ð³Ð¸Ð½Ñ Ð¸Ð¼ÐµÑÑ Ð±Ð¾Ð»ÐµÐµ обÑиÑнÑе ÑеÑÑÑ Ð¸ могÑÑ Ð·Ð°Ð½ÑÑÑ Ð½ÐµÑколÑко минÑÑ Ð´Ð¾ завеÑÑениÑ" >+NOTE_SKIPPED_TESTS_NON_PRIVILEGED="ТеÑÑÑ Ð¿ÑопÑÑÐµÐ½Ñ Ð¸Ð·-за иÑполÑÐ·Ð¾Ð²Ð°Ð½Ð¸Ñ Ð½ÐµÐ¿ÑивилегиÑованного Ñежима" >+SECTION_ACCOUNTING="УÑÑÑ" >+SECTION_BANNERS_AND_IDENTIFICATION="ÐаннеÑÑ Ð¸ иденÑиÑикаÑоÑÑ" >+SECTION_BASICS="ÐÑновное" >+SECTION_BOOT_AND_SERVICES="ÐагÑÑзка и ÑеÑвиÑÑ" >+SECTION_CONTAINERS="ÐонÑейнеÑÑ" >+SECTION_CRYPTOGRAPHY="ÐÑипÑогÑаÑиÑ" > SECTION_CUSTOM_TESTS="ÐолÑзоваÑелÑÑкие ÑеÑÑÑ" >+SECTION_DATABASES="ÐÐ°Ð·Ñ Ð´Ð°Ð½Ð½ÑÑ" >+SECTION_DATA_UPLOAD="ÐÑпÑавка даннÑÑ" >+SECTION_DOWNLOADS="ÐагÑÑзки" >+SECTION_EMAIL_AND_MESSAGING="ÐÑогÑаммное обеÑпеÑение: e-mail и оÑпÑавка ÑообÑений" >+SECTION_FILE_INTEGRITY="ÐÑогÑаммное обеÑпеÑение: ÑелоÑÑноÑÑÑ Ñайлов" >+SECTION_FILE_PERMISSIONS="ÐÑава доÑÑÑпа к Ñайлам" >+SECTION_FILE_SYSTEMS="ФайловÑе ÑиÑÑемÑ" >+SECTION_FIREWALLS="ÐÑогÑаммное обеÑпеÑение: firewall" >+SECTION_GENERAL="ÐбÑее" >+SECTION_HARDENING="УÑиление" >+SECTION_HOME_DIRECTORIES="ÐомаÑние диÑекÑоÑии" >+SECTION_IMAGE="ÐбÑазÑ" >+SECTION_INITIALIZING_PROGRAM="ÐниÑиализаÑÐ¸Ñ Ð¿ÑогÑаммÑ" >+SECTION_INSECURE_SERVICES="ÐебезопаÑнÑе ÑеÑвиÑÑ" >+SECTION_KERNEL_HARDENING="Ð£Ð¡Ð¸Ð»ÐµÐ½Ð¸Ñ ÑдÑа" >+SECTION_KERNEL="ЯдÑо" >+SECTION_LDAP_SERVICES="СеÑвиÑÑ LDAP" >+SECTION_LOGGING_AND_FILES="ÐогиÑование и ÑайлÑ" > SECTION_MALWARE="ÐÑедоноÑное ÐÐ" > SECTION_MEMORY_AND_PROCESSES="ÐамÑÑÑ Ð¸ пÑоÑеÑÑÑ" >+SECTION_NAME_SERVICES="СеÑвеÑÑ Ð¸Ð¼Ñн" >+SECTION_NETWORKING="СеÑи" >+SECTION_PERMISSIONS="ÐÑава доÑÑÑпа" >+SECTION_PORTS_AND_PACKAGES="ÐакеÑÑ" >+SECTION_PRINTERS_AND_SPOOLS="ÐÑинÑеÑÑ Ð¸ ÑпÑлеÑÑ" >+SECTION_PROGRAM_DETAILS="ÐодÑобноÑÑи о пÑогÑамме" >+SECTION_SCHEDULED_TASKS="ÐапланиÑованнÑе задаÑи" >+SECTION_SECURITY_FRAMEWORKS="ФÑеймвоÑки" >+SECTION_SHELLS="ÐоманднÑе оболоÑки" >+SECTION_SNMP_SUPPORT="ÐоддеÑжка SNMP" >+SECTION_SOFTWARE="ÐÑогÑаммное обеÑпеÑение" >+SECTION_SQUID_SUPPORT="ÐоддеÑжка Squid" >+SECTION_SSH_SUPPORT="ÐоддеÑжка SSH" >+SECTION_STORAGE="Ð¥ÑанилиÑе" >+SECTION_SYSTEM_INTEGRITY="ÐÑогÑаммное обеÑпеÑение: ÑелоÑÑноÑÑÑ ÑиÑÑемÑ" >+SECTION_SYSTEM_TOOLING="SÐÑогÑаммное обеÑпеÑение: ÑиÑÑемнÑе инÑÑÑÑменÑÑ" >+SECTION_SYSTEM_TOOLS="СиÑÑемнÑе ÑÑилиÑÑ" >+SECTION_TIME_AND_SYNCHRONIZATION="ÐÑÐµÐ¼Ñ Ð¸ его ÑинÑÑонизаÑиÑ" >+SECTION_USB_DEVICES="USB УÑÑÑойÑÑва" >+SECTION_USERS_GROUPS_AND_AUTHENTICATION="ÐолÑзоваÑели, гÑÑÐ¿Ð¿Ñ Ð¸ ÐÑÑенÑиÑикаÑиÑ" >+SECTION_VIRTUALIZATION="ÐиÑÑÑализаÑиÑ" >+SECTION_WEBSERVER="ÐÑогÑаммное обеÑпеÑение: веб-ÑеÑвеÑÑ" >+STATUS_ACTIVE="ÐÐТÐÐÐÐ" >+STATUS_CHECK_NEEDED="ТРÐÐУÐТСЯ ÐÐ ÐÐÐÐ ÐÐ" >+STATUS_DEBUG="ÐТÐÐÐÐÐ" >+STATUS_DEFAULT="ÐРУÐÐÐЧÐÐÐЮ" >+STATUS_DIFFERENT="ÐТÐÐЧÐÐТСЯ" >+STATUS_DISABLED="ÐТÐÐЮЧÐÐÐ" > STATUS_DONE="ÐавеÑÑено" >+STATUS_ENABLED="ÐÐÐЮЧÐÐÐ" >+STATUS_ERROR="ÐШÐÐÐÐ" >+STATUS_EXPOSED="УЯÐÐÐÐÐ" >+STATUS_FAILED="ÐÐ ÐÐÐÐÐÐÐ" >+STATUS_FILES_FOUND="ФÐÐÐЫ ÐÐÐÐÐÐЫ" > STATUS_FOUND="Ðайдено" >-STATUS_YES="ÐÐ" >+STATUS_HARDENED="УСÐÐÐÐÐ" >+STATUS_INSTALLED="УСТÐÐÐÐÐÐÐÐ" >+STATUS_LOCAL_ONLY="ТÐÐЬÐÐ ÐÐÐÐÐЬÐÐ" >+STATUS_MEDIUM="СРÐÐÐÐÐ" >+STATUS_NON_DEFAULT="ÐÐ ÐРУÐÐÐЧÐÐÐЮ" >+STATUS_NONE="ÐÑÑÑÑÑÑвÑеÑ" >+STATUS_NOT_CONFIGURED="ÐРСÐÐÐФÐÐУРÐÐ ÐÐÐÐÐ" >+STATUS_NOT_DISABLED="ÐÐ ÐТÐÐЮЧÐÐÐ" >+STATUS_NOT_ENABLED="ÐÐ ÐÐÐЮЧÐÐÐ" >+STATUS_NOT_FOUND="ÐÐ ÐÐÐÐÐÐÐ" >+STATUS_NOT_RUNNING="ÐÐ ÐÐÐУЩÐÐÐ" >+STATUS_NO_UPDATE="ÐÐÐÐÐÐÐÐÐÐ ÐÐТ" > STATUS_NO="ÐÐТ" > STATUS_OFF="ÐÑклÑÑено" > STATUS_OK="ÐÐ" > STATUS_ON="ÐклÑÑено" >-STATUS_NONE="ÐÑÑÑÑÑÑвÑеÑ" >-STATUS_NOT_FOUND="ÐÐ ÐÐÐÐÐÐÐ" >-STATUS_NOT_RUNNING="ÐÐ ÐÐÐУЩÐÐÐ" >+STATUS_PARTIALLY_HARDENED="ЧÐСТÐЧÐРУСÐÐÐÐÐ" >+STATUS_PROTECTED="ÐÐЩÐЩÐÐÐ" > STATUS_RUNNING="ÐÐÐУЩÐÐÐ" > STATUS_SKIPPED="ÐÐ ÐÐУЩÐÐÐ" > STATUS_SUGGESTION="ÐÐ ÐÐÐÐÐÐÐÐÐ" > STATUS_UNKNOWN="ÐÐÐÐÐÐСТÐÐ" >+STATUS_UNSAFE="ÐÐÐÐÐÐÐÐСÐÐ" >+STATUS_UPDATE_AVAILABLE="ÐÐСТУÐÐЫ ÐÐÐÐÐÐÐÐÐЯ" > STATUS_WARNING="ÐÐ ÐÐУÐÐ ÐÐÐÐÐÐÐ" >-TEXT_YOU_CAN_HELP_LOGFILE="ÐÑ Ð¼Ð¾Ð¶ÐµÑе помоÑÑ Ð¿ÑедоÑÑавив Ð²Ð°Ñ Ð»Ð¾Ð³-Ñайл" >+STATUS_WEAK="СÐÐÐЫÐ" >+STATUS_YES="ÐÐ" > TEXT_UPDATE_AVAILABLE="доÑÑÑпно обновление" >-NOTE_SKIPPED_TESTS_NON_PRIVILEGED="ТеÑÑÑ Ð¿ÑопÑÑÐµÐ½Ñ Ð¸Ð·-за иÑполÑÐ·Ð¾Ð²Ð°Ð½Ð¸Ñ Ð½ÐµÐ¿ÑивилегиÑованного Ñежима" >-STATUS_DISABLED="ÐТÐÐЮЧÐÐÐ" >-STATUS_ENABLED="ÐÐÐЮЧÐÐÐ" >-STATUS_ERROR="ÐШÐÐÐÐ" >-ERROR_NO_LICENSE="ÐиÑензионнÑй клÑÑ Ð½Ðµ наÑÑÑоен" >-ERROR_NO_UPLOAD_SERVER="ÐагÑÑзоÑнÑй ÑеÑÐ²ÐµÑ Ð½Ðµ наÑÑÑоен" >+TEXT_YOU_CAN_HELP_LOGFILE="ÐÑ Ð¼Ð¾Ð¶ÐµÑе помоÑÑ, пÑедоÑÑавив Ð²Ð°Ñ Ð»Ð¾Ð³-Ñайл" >diff -ur lynis-3.0.0/db/languages/se lynis-3.0.8/db/languages/se >--- lynis-3.0.0/db/languages/se 2020-06-18 03:00:00 >+++ lynis-3.0.8/db/languages/se 2022-05-17 03:00:00 >@@ -10,30 +10,98 @@ > GEN_UPDATE_AVAILABLE="uppdatering tillgänglig" > GEN_VERBOSE_MODE="Detaljerat läge" > GEN_WHAT_TO_DO="Ãtgärd" >-NOTE_EXCEPTIONS_FOUND="Undantag hittade" > NOTE_EXCEPTIONS_FOUND_DETAILED="En del ovanliga händelser eller uppgifter konstaterades" >+NOTE_EXCEPTIONS_FOUND="Undantag hittade" > NOTE_PLUGINS_TAKE_TIME="Obs: plugins har mer omfattande tester och kan ta flera minuter att slutföra" > NOTE_SKIPPED_TESTS_NON_PRIVILEGED="Undantagna tester pÃ¥ grund av icke-privilegierat läge" >+#SECTION_ACCOUNTING="Accounting" >+#SECTION_BANNERS_AND_IDENTIFICATION="Banners and identification" >+#SECTION_BASICS="Basics" >+#SECTION_BOOT_AND_SERVICES="Boot and services" >+#SECTION_CONTAINERS="Containers" >+#SECTION_CRYPTOGRAPHY="Cryptography" > SECTION_CUSTOM_TESTS="Anpassade Tester" >+#SECTION_DATABASES="Databases" >+#SECTION_DATA_UPLOAD="Data upload" >+#SECTION_DOWNLOADS="Downloads" >+#SECTION_EMAIL_AND_MESSAGING="Software: e-mail and messaging" >+#SECTION_FILE_INTEGRITY="Software: file integrity" >+#SECTION_FILE_PERMISSIONS="File Permissions" >+#SECTION_FILE_SYSTEMS="File systems" >+#SECTION_FIREWALLS="Software: firewalls" >+#SECTION_GENERAL="General" >+#SECTION_HARDENING="Hardening" >+#SECTION_HOME_DIRECTORIES="Home directories" >+#SECTION_IMAGE="Image" >+#SECTION_INITIALIZING_PROGRAM="Initializing program" >+#SECTION_INSECURE_SERVICES="Insecure services" >+#SECTION_KERNEL_HARDENING="Kernel Hardening" >+#SECTION_KERNEL="Kernel" >+#SECTION_LDAP_SERVICES="LDAP Services" >+#SECTION_LOGGING_AND_FILES="Logging and files" > SECTION_MALWARE="Malware" > SECTION_MEMORY_AND_PROCESSES="Minne och Processer" >+#SECTION_NAME_SERVICES="Name services" >+#SECTION_NETWORKING="Networking" >+#SECTION_PERMISSIONS="Permissions" >+#SECTION_PORTS_AND_PACKAGES="Ports and packages" >+#SECTION_PRINTERS_AND_SPOOLS="Printers and Spools" >+#SECTION_PROGRAM_DETAILS="Program Details" >+#SECTION_SCHEDULED_TASKS="Scheduled tasks" >+#SECTION_SECURITY_FRAMEWORKS="Security frameworks" >+#SECTION_SHELLS="Shells" >+#SECTION_SNMP_SUPPORT="SNMP Support" >+#SECTION_SOFTWARE="Software" >+#SECTION_SQUID_SUPPORT="Squid Support" >+#SECTION_SSH_SUPPORT="SSH Support" >+#SECTION_STORAGE="Storage" >+#SECTION_SYSTEM_INTEGRITY="Software: System integrity" >+#SECTION_SYSTEM_TOOLING="Software: System tooling" >+#SECTION_SYSTEM_TOOLS="System tools" >+#SECTION_TIME_AND_SYNCHRONIZATION="Time and Synchronization" >+#SECTION_USB_DEVICES="USB Devices" >+#SECTION_USERS_GROUPS_AND_AUTHENTICATION="Users, Groups and Authentication" >+#SECTION_VIRTUALIZATION="Virtualization" >+#SECTION_WEBSERVER="Software: webserver" >+#STATUS_ACTIVE="ACTIVE" >+#STATUS_CHECK_NEEDED="CHECK NEEDED" >+#STATUS_DEBUG="DEBUG" >+#STATUS_DEFAULT="DEFAULT" >+#STATUS_DIFFERENT="DIFFERENT" > STATUS_DISABLED="AVAKTIVERAD" > STATUS_DONE="KLAR" > STATUS_ENABLED="AKTIVERAD" > STATUS_ERROR="FEL" >+#STATUS_EXPOSED="EXPOSED" >+#STATUS_FAILED="FAILED" >+#STATUS_FILES_FOUND="FILES FOUND" > STATUS_FOUND="HITTAD" >-STATUS_NO="NEJ" >+#STATUS_HARDENED="HARDENED" >+#STATUS_INSTALLED="INSTALLED" >+#STATUS_LOCAL_ONLY="LOCAL ONLY" >+#STATUS_MEDIUM="MEDIUM" >+#STATUS_NON_DEFAULT="NON DEFAULT" > STATUS_NONE="INGEN" >+STATUS_NO="NEJ" >+#STATUS_NOT_CONFIGURED="NOT CONFIGURED" >+#STATUS_NOT_DISABLED="NOT DISABLED" >+#STATUS_NOT_ENABLED="NOT ENABLED" > STATUS_NOT_FOUND="EJ HITTAD" > STATUS_NOT_RUNNING="KÃRS INTE" >+#STATUS_NO_UPDATE="NO UPDATE" > STATUS_OFF="AV" > STATUS_OK="OK" > STATUS_ON="PÃ" >+#STATUS_PARTIALLY_HARDENED="PARTIALLY HARDENED" >+#STATUS_PROTECTED="PROTECTED" > STATUS_RUNNING="KÃRS" > STATUS_SKIPPED="ÃVERHOPPAD" > STATUS_SUGGESTION="FÃRSLAG" > STATUS_UNKNOWN="OKÃND" >+#STATUS_UNSAFE="UNSAFE" >+#STATUS_UPDATE_AVAILABLE="UPDATE AVAILABLE" > STATUS_WARNING="VARNING" >+#STATUS_WEAK="WEAK" > STATUS_YES="JA" > TEXT_UPDATE_AVAILABLE="uppdatering tillgänglig" > TEXT_YOU_CAN_HELP_LOGFILE="Du kan hjälpa till genom att bidra med din loggfil" >diff -ur lynis-3.0.0/db/languages/sk lynis-3.0.8/db/languages/sk >--- lynis-3.0.0/db/languages/sk 2020-06-18 03:00:00 >+++ lynis-3.0.8/db/languages/sk 2022-05-17 03:00:00 >@@ -10,30 +10,98 @@ > GEN_UPDATE_AVAILABLE="aktualizácia k dispozÃcii" > GEN_VERBOSE_MODE="Detailný mód" > GEN_WHAT_TO_DO="Äo robiÅ¥" >-NOTE_EXCEPTIONS_FOUND="NaÅ¡li sa výnimky" > NOTE_EXCEPTIONS_FOUND_DETAILED="Vyskytli sa niektoré výnimoÄné udalosti alebo informácie" >+NOTE_EXCEPTIONS_FOUND="NaÅ¡li sa výnimky" > NOTE_PLUGINS_TAKE_TIME="Poznámka: Pluginy majú rozsiahlejÅ¡ie testy a dokonÄenie môže trvaÅ¥ niekoľko minút" > NOTE_SKIPPED_TESTS_NON_PRIVILEGED="PreskoÄené testy v dôsledku neprivilegovaného režimu" >+#SECTION_ACCOUNTING="Accounting" >+#SECTION_BANNERS_AND_IDENTIFICATION="Banners and identification" >+#SECTION_BASICS="Basics" >+#SECTION_BOOT_AND_SERVICES="Boot and services" >+#SECTION_CONTAINERS="Containers" >+#SECTION_CRYPTOGRAPHY="Cryptography" > SECTION_CUSTOM_TESTS="Vlastné testy" >+#SECTION_DATABASES="Databases" >+#SECTION_DATA_UPLOAD="Data upload" >+#SECTION_DOWNLOADS="Downloads" >+#SECTION_EMAIL_AND_MESSAGING="Software: e-mail and messaging" >+#SECTION_FILE_INTEGRITY="Software: file integrity" >+#SECTION_FILE_PERMISSIONS="File Permissions" >+#SECTION_FILE_SYSTEMS="File systems" >+#SECTION_FIREWALLS="Software: firewalls" >+#SECTION_GENERAL="General" >+#SECTION_HARDENING="Hardening" >+#SECTION_HOME_DIRECTORIES="Home directories" >+#SECTION_IMAGE="Image" >+#SECTION_INITIALIZING_PROGRAM="Initializing program" >+#SECTION_INSECURE_SERVICES="Insecure services" >+#SECTION_KERNEL_HARDENING="Kernel Hardening" >+#SECTION_KERNEL="Kernel" >+#SECTION_LDAP_SERVICES="LDAP Services" >+#SECTION_LOGGING_AND_FILES="Logging and files" > SECTION_MALWARE="Malware" > SECTION_MEMORY_AND_PROCESSES="Pamäť a procesy" >+#SECTION_NAME_SERVICES="Name services" >+#SECTION_NETWORKING="Networking" >+#SECTION_PERMISSIONS="Permissions" >+#SECTION_PORTS_AND_PACKAGES="Ports and packages" >+#SECTION_PRINTERS_AND_SPOOLS="Printers and Spools" >+#SECTION_PROGRAM_DETAILS="Program Details" >+#SECTION_SCHEDULED_TASKS="Scheduled tasks" >+#SECTION_SECURITY_FRAMEWORKS="Security frameworks" >+#SECTION_SHELLS="Shells" >+#SECTION_SNMP_SUPPORT="SNMP Support" >+#SECTION_SOFTWARE="Software" >+#SECTION_SQUID_SUPPORT="Squid Support" >+#SECTION_SSH_SUPPORT="SSH Support" >+#SECTION_STORAGE="Storage" >+#SECTION_SYSTEM_INTEGRITY="Software: System integrity" >+#SECTION_SYSTEM_TOOLING="Software: System tooling" >+#SECTION_SYSTEM_TOOLS="System tools" >+#SECTION_TIME_AND_SYNCHRONIZATION="Time and Synchronization" >+#SECTION_USB_DEVICES="USB Devices" >+#SECTION_USERS_GROUPS_AND_AUTHENTICATION="Users, Groups and Authentication" >+#SECTION_VIRTUALIZATION="Virtualization" >+#SECTION_WEBSERVER="Software: webserver" >+#STATUS_ACTIVE="ACTIVE" >+#STATUS_CHECK_NEEDED="CHECK NEEDED" >+#STATUS_DEBUG="DEBUG" >+#STATUS_DEFAULT="DEFAULT" >+#STATUS_DIFFERENT="DIFFERENT" > STATUS_DISABLED="ZABLOKOVANÃ" > STATUS_DONE="HOTOVO" > STATUS_ENABLED="POVOLENÃ" > STATUS_ERROR="CHYBA" >+#STATUS_EXPOSED="EXPOSED" >+#STATUS_FAILED="FAILED" >+#STATUS_FILES_FOUND="FILES FOUND" > STATUS_FOUND="NÃJDENÃ" >-STATUS_YES="ÃNO" >+#STATUS_HARDENED="HARDENED" >+#STATUS_INSTALLED="INSTALLED" >+#STATUS_LOCAL_ONLY="LOCAL ONLY" >+#STATUS_MEDIUM="MEDIUM" >+#STATUS_NON_DEFAULT="NON DEFAULT" >+STATUS_NONE="ŽIADNE" > STATUS_NO="NIE" >+#STATUS_NOT_CONFIGURED="NOT CONFIGURED" >+#STATUS_NOT_DISABLED="NOT DISABLED" >+#STATUS_NOT_ENABLED="NOT ENABLED" >+STATUS_NOT_FOUND="NENÃJDENÃ" >+STATUS_NOT_RUNNING="NEBEŽÃ" >+#STATUS_NO_UPDATE="NO UPDATE" > STATUS_OFF="VYPNUTÃ" > STATUS_OK="OK" > STATUS_ON="ZAPNUTÃ" >-STATUS_NONE="ŽIADNE" >-STATUS_NOT_FOUND="NENÃJDENÃ" >-STATUS_NOT_RUNNING="NEBEŽÃ" >+#STATUS_PARTIALLY_HARDENED="PARTIALLY HARDENED" >+#STATUS_PROTECTED="PROTECTED" > STATUS_RUNNING="BEŽÃ" > STATUS_SKIPPED="PRESKOÄENÃ" > STATUS_SUGGESTION="NÃVRH" > STATUS_UNKNOWN="NEZNÃME" >+#STATUS_UNSAFE="UNSAFE" >+#STATUS_UPDATE_AVAILABLE="UPDATE AVAILABLE" > STATUS_WARNING="VAROVANIE" >-TEXT_YOU_CAN_HELP_LOGFILE="Môžete pomôcÅ¥ poskytnutÃm log súboru" >+#STATUS_WEAK="WEAK" >+STATUS_YES="ÃNO" > TEXT_UPDATE_AVAILABLE="aktualizácia k dispozÃcii" >+TEXT_YOU_CAN_HELP_LOGFILE="Môžete pomôcÅ¥ poskytnutÃm log súboru" >diff -ur lynis-3.0.0/db/languages/tr lynis-3.0.8/db/languages/tr >--- lynis-3.0.0/db/languages/tr 2020-06-18 03:00:00 >+++ lynis-3.0.8/db/languages/tr 2022-05-17 03:00:00 >@@ -10,30 +10,98 @@ > GEN_UPDATE_AVAILABLE="güncelleme mevcut" > GEN_VERBOSE_MODE="Detay modu" > GEN_WHAT_TO_DO="Yapılması gerekenler" >-NOTE_EXCEPTIONS_FOUND="Ä°stisnalar bulundu" > NOTE_EXCEPTIONS_FOUND_DETAILED="Bazı istisnai durumlar ve bilgiler bulundu" >+NOTE_EXCEPTIONS_FOUND="Ä°stisnalar bulundu" > NOTE_PLUGINS_TAKE_TIME="Not: eklentiler daha detaylı testler içermektedir ve tamamlanmaları uzun sürebilir" > NOTE_SKIPPED_TESTS_NON_PRIVILEGED="Yetkisiz çalıÅma nedeniyle atlanan testler" >+#SECTION_ACCOUNTING="Accounting" >+#SECTION_BANNERS_AND_IDENTIFICATION="Banners and identification" >+#SECTION_BASICS="Basics" >+#SECTION_BOOT_AND_SERVICES="Boot and services" >+#SECTION_CONTAINERS="Containers" >+#SECTION_CRYPTOGRAPHY="Cryptography" > SECTION_CUSTOM_TESTS="Ãzel testler" >+#SECTION_DATABASES="Databases" >+#SECTION_DATA_UPLOAD="Data upload" >+#SECTION_DOWNLOADS="Downloads" >+#SECTION_EMAIL_AND_MESSAGING="Software: e-mail and messaging" >+#SECTION_FILE_INTEGRITY="Software: file integrity" >+#SECTION_FILE_PERMISSIONS="File Permissions" >+#SECTION_FILE_SYSTEMS="File systems" >+#SECTION_FIREWALLS="Software: firewalls" >+#SECTION_GENERAL="General" >+#SECTION_HARDENING="Hardening" >+#SECTION_HOME_DIRECTORIES="Home directories" >+#SECTION_IMAGE="Image" >+#SECTION_INITIALIZING_PROGRAM="Initializing program" >+#SECTION_INSECURE_SERVICES="Insecure services" >+#SECTION_KERNEL_HARDENING="Kernel Hardening" >+#SECTION_KERNEL="Kernel" >+#SECTION_LDAP_SERVICES="LDAP Services" >+#SECTION_LOGGING_AND_FILES="Logging and files" > SECTION_MALWARE="Kötücül yazılım" > SECTION_MEMORY_AND_PROCESSES="Bellek ve Prosesler" >+#SECTION_NAME_SERVICES="Name services" >+#SECTION_NETWORKING="Networking" >+#SECTION_PERMISSIONS="Permissions" >+#SECTION_PORTS_AND_PACKAGES="Ports and packages" >+#SECTION_PRINTERS_AND_SPOOLS="Printers and Spools" >+#SECTION_PROGRAM_DETAILS="Program Details" >+#SECTION_SCHEDULED_TASKS="Scheduled tasks" >+#SECTION_SECURITY_FRAMEWORKS="Security frameworks" >+#SECTION_SHELLS="Shells" >+#SECTION_SNMP_SUPPORT="SNMP Support" >+#SECTION_SOFTWARE="Software" >+#SECTION_SQUID_SUPPORT="Squid Support" >+#SECTION_SSH_SUPPORT="SSH Support" >+#SECTION_STORAGE="Storage" >+#SECTION_SYSTEM_INTEGRITY="Software: System integrity" >+#SECTION_SYSTEM_TOOLING="Software: System tooling" >+#SECTION_SYSTEM_TOOLS="System tools" >+#SECTION_TIME_AND_SYNCHRONIZATION="Time and Synchronization" >+#SECTION_USB_DEVICES="USB Devices" >+#SECTION_USERS_GROUPS_AND_AUTHENTICATION="Users, Groups and Authentication" >+#SECTION_VIRTUALIZATION="Virtualization" >+#SECTION_WEBSERVER="Software: webserver" >+#STATUS_ACTIVE="ACTIVE" >+#STATUS_CHECK_NEEDED="CHECK NEEDED" >+#STATUS_DEBUG="DEBUG" >+#STATUS_DEFAULT="DEFAULT" >+#STATUS_DIFFERENT="DIFFERENT" > STATUS_DISABLED="ETKÄ°SÄ°ZLEÅTÄ°RÄ°LMÄ°Å" > STATUS_DONE="TAMAMLANDI" > STATUS_ENABLED="ETKÄ°NLEÅTÄ°RÄ°LMÄ°Å" > STATUS_ERROR="HATA" >+#STATUS_EXPOSED="EXPOSED" >+#STATUS_FAILED="FAILED" >+#STATUS_FILES_FOUND="FILES FOUND" > STATUS_FOUND="BULUNDU" >-STATUS_YES="EVET" >+#STATUS_HARDENED="HARDENED" >+#STATUS_INSTALLED="INSTALLED" >+#STATUS_LOCAL_ONLY="LOCAL ONLY" >+#STATUS_MEDIUM="MEDIUM" > STATUS_NO="HAYIR" >-STATUS_OFF="KAPALI" >-STATUS_OK="TAMAM" >-STATUS_ON="AÃIK" >+#STATUS_NON_DEFAULT="NON DEFAULT" > STATUS_NONE="YOK" >+#STATUS_NOT_CONFIGURED="NOT CONFIGURED" >+#STATUS_NOT_DISABLED="NOT DISABLED" >+#STATUS_NOT_ENABLED="NOT ENABLED" > STATUS_NOT_FOUND="BULUNAMADI" > STATUS_NOT_RUNNING="ÃALIÅMIYOR" >+#STATUS_NO_UPDATE="NO UPDATE" >+STATUS_OFF="KAPALI" >+STATUS_OK="TAMAM" >+STATUS_ON="AÃIK" >+#STATUS_PARTIALLY_HARDENED="PARTIALLY HARDENED" >+#STATUS_PROTECTED="PROTECTED" > STATUS_RUNNING="ÃALIÅIYOR" > STATUS_SKIPPED="ATLANDI" > STATUS_SUGGESTION="ÃNERÄ°" > STATUS_UNKNOWN="BÄ°LÄ°NMÄ°YOR" >+#STATUS_UNSAFE="UNSAFE" >+#STATUS_UPDATE_AVAILABLE="UPDATE AVAILABLE" > STATUS_WARNING="UYARI" >-TEXT_YOU_CAN_HELP_LOGFILE="Log dosyanızı göndererek yardımcı olabilirsiniz" >+#STATUS_WEAK="WEAK" >+STATUS_YES="EVET" > TEXT_UPDATE_AVAILABLE="güncelleme mevcut" >+TEXT_YOU_CAN_HELP_LOGFILE="Log dosyanızı göndererek yardımcı olabilirsiniz" >diff -ur lynis-3.0.0/db/software-eol.db lynis-3.0.8/db/software-eol.db >--- lynis-3.0.0/db/software-eol.db 2020-06-18 03:00:00 >+++ lynis-3.0.8/db/software-eol.db 2022-05-17 03:00:00 >@@ -14,10 +14,22 @@ > # For rolling releases or releases that do not (currently have an EOL date, leave field three empty and set field four to -1. > # Full string for CentOS can be something like 'CentOS Linux 8 (Core)'. As this does not correctly match, shorter string is used for matching. > # >+# Alpine - https://alpinelinux.org/releases/ >+# >+os:Alpine 3.15:2023-11-01:1698793200 >+os:Alpine 3.14:2023-05-01:1682899200 >+os:Alpine 3.13:2022-11-01:1667275200 >+os:Alpine 3.12:2022-05-01:1651377600 >+os:Alpine 3.11:2021-11-01:1635739200 >+os:Alpine 3.10:2021-05-01:1619841600 >+os:Alpine 3.9:2020-11-01:1604203200 >+os:Alpine 3.8:2020-05-01:1588305600 >+# > # Amazon Linux > # >-os:Amazon Linux:2020-06-30:1593468000: >+# Note: shortest entry is listed at end due to regular expression matching being used > os:Amazon Linux 2:2023-06-26:1687730400: >+os:Amazon Linux:2020-06-30:1593468000: > # > # Arch Linux > # >@@ -39,6 +51,15 @@ > os:Debian 9:2022-01-01:1640991600: > os:Debian 10:2022-01-01:1640991600: > # >+# Fedora - https://fedoraproject.org/wiki/End_of_life >+# >+os:Fedora release 25:2017-12-12:1513033200: >+os:Fedora release 26:2018-05-29:1527544800: >+os:Fedora release 27:2018-11-30:1543532400: >+os:Fedora release 28:2019-05-28:1558994400: >+os:Fedora release 29:2019-11-26:1574722800: >+os:Fedora release 30:2020-05-26:1590444000: >+# > # FreeBSD - https://www.freebsd.org/security/unsupported.html > # > os:FreeBSD 9.3:2014-12-31:1419980400: >@@ -52,6 +73,68 @@ > os:FreeBSD 11.2:2019-10-31:1572476400: > os:FreeBSD 12.0:2020-02-29:1582930800: > # >+# Linux Mint >+# >+os:Linux Mint 18:2021-04-01:1617228000: >+os:Linux Mint 19:2023-04-01:1680300000: >+os:Linux Mint 20:2025-04-01:1743458400: >+# >+# macOS - https://support.apple.com/en_US/downloads/macos and >+# https://apple.stackexchange.com/a/282788 and >+# https://en.wikipedia.org/wiki/Category:MacOS_versions >+# >+os:Mac OS X 10.0 \(Cheetah\):2002-09-18:1032300000: >+os:Mac OS X 10.1 \(Puma\):2003-11-10:1068418800: >+os:Mac OS X 10.2 \(Jaguar\):2005-05-16:1116194400: >+os:Mac OS X 10.3 \(Panther\):2007-11-15:1195081200: >+os:Mac OS X 10.4 \(Tiger\):2009-09-10:1252533600: >+os:Mac OS X 10.5 \(Leopard\):2011-06-23:1308780000: >+os:Mac OS X 10.6 \(Snow Leopard\):2013-12-16:1387148400: >+os:Mac OS X 10.7 \(Lion\):2014-11-17:1416178800: >+os:Mac OS X 10.8 \(Mountain Lion\):2015-10-21:1445378400: >+os:Mac OS X 10.9 \(Mavericks\):2016-10-24:1477260000: >+os:Mac OS X 10.10 \(Yosemite\):2017-10-31:1509404400: >+os:Mac OS X 10.11 \(El Capitan\):2018-10-30:1540854000: >+os:macOS Sierra \(10.12\):2016-10-24:1477260000: >+os:macOS Sierra \(10.12.1\):2016-12-13:1481583600: >+os:macOS Sierra \(10.12.2\):2017-01-23:1485126000: >+os:macOS Sierra \(10.12.3\):2017-03-27:1490565600: >+os:macOS Sierra \(10.12.4\):2017-05-15:1494799200: >+os:macOS Sierra \(10.12.5\):2017-07-19:1500415200: >+os:macOS Sierra \(10.12.6\):2019-10-29:1572303600: >+os:macOS High Sierra \(10.13\):2017-10-31:1509404400: >+os:macOS High Sierra \(10.13.1\):2017-12-06:1512514800: >+os:macOS High Sierra \(10.13.2\):2018-01-23:1516662000: >+os:macOS High Sierra \(10.13.3\):2018-03-29:1522274400: >+os:macOS High Sierra \(10.13.4\):2018-06-01:1527804000: >+os:macOS High Sierra \(10.13.5\):2018-07-09:1531087200: >+os:macOS High Sierra \(10.13.6\)::-1: >+os:macOS Mojave \(10.14\):2018-10-30:1540854000: >+os:macOS Mojave \(10.14.1\):2018-12-05:1543964400: >+os:macOS Mojave \(10.14.2\):2019-01-22:1548111600: >+os:macOS Mojave \(10.14.3\):2019-03-25:1553468400: >+os:macOS Mojave \(10.14.4\):2019-05-13:1557698400: >+os:macOS Mojave \(10.14.5\):2019-07-22:1563746400: >+os:macOS Mojave \(10.14.6\)::-1: >+os:macOS Catalina \(10.15\):2019-10-29:1572303600: >+os:macOS Catalina \(10.15.1\):2019-12-10:1575932400: >+os:macOS Catalina \(10.15.2\):2020-01-28:1580166000: >+os:macOS Catalina \(10.15.3\):2020-03-24:1585004400: >+os:macOS Catalina \(10.15.4\):2020-05-26:1590444000: >+os:macOS Catalina \(10.15.5\):2020-07-15:1594764000: >+os:macOS Catalina \(10.15.6\):2020-09-24:1600898400: >+os:macOS Catalina \(10.15.7\)::-1: >+# >+# Mageia - https://www.mageia.org/en/support/ >+# >+os:Mageia 1:2012-12-01:1354316400 >+os:Mageia 2:2013-11-22:1385074800 >+os:Mageia 3:2014-11-26:1416956400 >+os:Mageia 4:2015-09-19:1442613600 >+os:Mageia 5:2017-12-31:1514674800 >+os:Mageia 6:2019-09-30:1569794400 >+os:Mageia 7:2020-12-30:1609282800 >+# > # NetBSD - https://www.netbsd.org/support/security/release.html and > # https://www.netbsd.org/releases/formal.html > # >@@ -120,6 +203,27 @@ > os:Red Hat Enterprise Linux 7:2024-06-30:1719698400: > os:Red Hat Enterprise Linux 8:2029-05-07:1872799200: > # >+# Slackware - https://en.wikipedia.org/wiki/Slackware#Releases >+# >+os:Slackware Linux 8.1:2012-08-01:1343768400: >+os:Slackware Linux 9.0:2012-08-01:1343768400: >+os:Slackware Linux 9.1:2012-08-01:1343768400: >+os:Slackware Linux 10.0:2012-08-01:1343768400: >+os:Slackware Linux 10.1:2012-08-01:1343768400: >+os:Slackware Linux 10.2:2012-08-01:1343768400: >+os:Slackware Linux 11.0:2012-08-01:1343768400: >+os:Slackware Linux 12.0:2012-08-01:1343768400: >+os:Slackware Linux 12.1:2013-12-09:1386540000: >+os:Slackware Linux 12.2:2013-12-09:1386540000: >+os:Slackware Linux 13.0:2018-07-05:1530738000: >+os:Slackware Linux 13.1:2018-07-05:1530738000: >+os:Slackware Linux 13.37:2018-07-05:1530738000: >+# >+# SuSE - https://www.suse.com/lifecycle/ >+# >+os:SUSE Linux Enterprise Server 12:2024-10-31:1730329200: >+os:SUSE Linux Enterprise Server 15:2028-07-31:1848607200: >+# > # Ubuntu - https://wiki.ubuntu.com/Kernel/LTSEnablementStack and > # https://wiki.ubuntu.com/Releases > # >@@ -134,29 +238,22 @@ > os:Ubuntu 18.04:2023-05-01:1682892000: > os:Ubuntu 18.10:2019-07-18:1563400800: > os:Ubuntu 19.04:2020-01-01:1577833200: >-os:Ubuntu 20.04:2025-04-01:1743458400 >+os:Ubuntu 20.04:2025-04-01:1743458400: > # >-# Slackware - https://en.wikipedia.org/wiki/Slackware#Releases >+# OmniosCE - https://omniosce.org/releasenotes.html > # >-os:Slackware Linux 8.1:2012-08-01:1343768400: >-os:Slackware Linux 9.0:2012-08-01:1343768400: >-os:Slackware Linux 9.1:2012-08-01:1343768400: >-os:Slackware Linux 10.0:2012-08-01:1343768400: >-os:Slackware Linux 10.1:2012-08-01:1343768400: >-os:Slackware Linux 10.2:2012-08-01:1343768400: >-os:Slackware Linux 11.0:2012-08-01:1343768400: >-os:Slackware Linux 12.0:2012-08-01:1343768400: >-os:Slackware Linux 12.1:2013-12-09:1386540000: >-os:Slackware Linux 12.2:2013-12-09:1386540000: >-os:Slackware Linux 13.0:2018-07-05:1530738000: >-os:Slackware Linux 13.1:2018-07-05:1530738000: >-os:Slackware Linux 13.37:2018-07-05:1530738000: >+os:OmniOS Community Edition v11 r151022:2020-05-11:1589148000: >+os:OmniOS Community Edition v11 r151024:2018-11-04:1541286000: >+os:OmniOS Community Edition v11 r151026:2019-05-05:1557007200: >+os:OmniOS Community Edition v11 r151028:2019-11-04:1572822000: >+os:OmniOS Community Edition v11 r151030::-1: >+os:OmniOS Community Edition v11 r151032:2020-11-03:1604358000: >+os:OmniOS Community Edition v11 r151034::-1: > # >-# Fedora - https://fedoraproject.org/wiki/End_of_life >+## Oracle Solaris - https://www.oracle.com/us/support/library/lifetime-support-hardware-301321.pdf (p. 34) >+# The list below contains Premier Support End only > # >-os:Fedora release 25:2017-12-12:1513033200 >-os:Fedora release 26:2018-05-29:1527544800 >-os:Fedora release 27:2018-11-30:1543532400 >-os:Fedora release 28:2019-05-28:1558994400 >-os:Fedora release 29:2019-11-26:1574722800 >-os:Fedora release 30:2020-05-26:1590444000 >+os:Oracle Solaris 11.3:2021-01-01:1609455600: >+os:Oracle Solaris 11.4:2031-11-01:1951254000: >+# >+# EOF >diff -ur lynis-3.0.0/db/tests.db lynis-3.0.8/db/tests.db >--- lynis-3.0.0/db/tests.db 2020-06-18 03:00:00 >+++ lynis-3.0.8/db/tests.db 2022-05-17 03:00:00 >@@ -14,6 +14,8 @@ > ACCT-9656:test:security:accounting:Solaris:Check BSM auditing in module list: > ACCT-9660:test:security:accounting:Solaris:Check location of audit events: > ACCT-9662:test:security:accounting:Solaris:Check Solaris auditing stats: >+ACCT-9670:test:security:accounting:Linux:Check for cmd tooling: >+ACCT-9672:test:security:accounting:Linux:Check cmd configuration file: > AUTH-9204:test:security:authentication::Check users with an UID of zero: > AUTH-9208:test:security:authentication::Check non-unique accounts in passwd file: > AUTH-9212:test:security:authentication::Test group file: >@@ -37,6 +39,7 @@ > AUTH-9278:test:security:authentication::Checking LDAP pam status: > AUTH-9282:test:security:authentication::Checking password protected account without expire date: > AUTH-9283:test:security:authentication::Checking accounts without password: >+AUTH-9284:test:security:authentication::Checking locked user accounts in /etc/passwd: > AUTH-9286:test:security:authentication::Checking user password aging: > AUTH-9288:test:security:authentication::Checking for expired passwords: > AUTH-9304:test:security:authentication:Solaris:Check single user login configuration: >@@ -66,13 +69,15 @@ > BOOT-5124:test:security:boot_services:FreeBSD:Check for FreeBSD boot loader presence: > BOOT-5126:test:security:boot_services:NetBSD:Check for NetBSD boot loader presence: > BOOT-5139:test:security:boot_services::Check for LILO boot loader presence: >+BOOT-5140:test:security:boot_services::Check for ELILO boot loader presence: > BOOT-5142:test:security:boot_services::Check SPARC Improved boot loader (SILO): > BOOT-5155:test:security:boot_services::Check for YABOOT boot loader configuration file: > BOOT-5159:test:security:boot_services:OpenBSD:Check for OpenBSD boot loader presence: > BOOT-5165:test:security:boot_services:FreeBSD:Check for FreeBSD boot services: >+BOOT-5170:test:security:boot_services:Solaris:Check for Solaris boot daemons: > BOOT-5177:test:security:boot_services:Linux:Check for Linux boot and running services: > BOOT-5180:test:security:boot_services:Linux:Check for Linux boot services (Debian style): >-BOOT-5184:test:security:boot_services:Linux:Check permissions for boot files/scripts: >+BOOT-5184:test:security:boot_services::Check permissions for boot files/scripts: > BOOT-5202:test:security:boot_services::Check uptime of system: > BOOT-5260:test:security:boot_services::Check single user mode for systemd: > BOOT-5261:test:security:boot_services:DragonFly:Check for DragonFly boot loader presence: >@@ -92,6 +97,7 @@ > CRYP-8002:test:security:crypto:Linux:Gather kernel entropy: > CRYP-8004:test:security:crypto:Linux:Presence of hardware random number generators: > CRYP-8005:test:security:crypto:Linux:Presence of software pseudo random number generators: >+CRYP-8006:test:security:crypto:Linux:Check MemoryOverwriteRequest bit to protect against cold-boot attacks: > DNS-1600:test:security:dns::Validating that the DNSSEC signatures are checked: > DBS-1804:test:security:databases::Checking active MySQL process: > DBS-1816:test:security:databases::Checking MySQL root password: >@@ -169,6 +175,7 @@ > HRDN-7220:test:security:hardening::Check if one or more compilers are installed: > HRDN-7222:test:security:hardening::Check compiler permissions: > HRDN-7230:test:security:hardening::Check for malware scanner: >+HRDN-7231:test:security:hardening:Linux:Check for registered non-native binary formats: > HTTP-6622:test:security:webservers::Checking Apache presence: > HTTP-6624:test:security:webservers::Testing main Apache configuration file: > HTTP-6626:test:security:webservers::Testing other Apache configuration file: >@@ -228,6 +235,7 @@ > LOGG-2148:test:security:logging::Checking logrotated files: > LOGG-2150:test:security:logging::Checking directories in logrotate configuration: > LOGG-2152:test:security:logging::Checking loghost: >+LOGG-2153:test:security:logging::Checking loghost is not localhost: > LOGG-2154:test:security:logging::Checking syslog configuration file: > LOGG-2160:test:security:logging::Checking /etc/newsyslog.conf: > LOGG-2162:test:security:logging::Checking directories in /etc/newsyslog.conf: >@@ -257,6 +265,7 @@ > MAIL-8860:test:security:mail_messaging::Check Qmail status: > MAIL-8880:test:security:mail_messaging::Check Sendmail status: > MAIL-8920:test:security:mail_messaging::Check OpenSMTPD status: >+MALW-3274:test:security:malware::Check for McAfee VirusScan Command Line Scanner: > MALW-3275:test:security:malware::Check for chkrootkit: > MALW-3276:test:security:malware::Check for Rootkit Hunter: > MALW-3278:test:security:malware::Check for LMD: >@@ -265,6 +274,7 @@ > MALW-3284:test:security:malware::Check for clamd: > MALW-3286:test:security:malware::Check for freshclam: > MALW-3288:test:security:malware::Check for ClamXav: >+MALW-3290:test:security:malware::Presence of malware scanner: > NAME-4016:test:security:nameservices::Check /etc/resolv.conf default domain: > NAME-4018:test:security:nameservices::Check /etc/resolv.conf search domains: > NAME-4020:test:security:nameservices::Check non default options: >@@ -281,7 +291,7 @@ > NAME-4230:test:security:nameservices::Check PowerDNS status: > NAME-4232:test:security:nameservices::Search PowerDNS configuration file: > NAME-4236:test:security:nameservices::Check PowerDNS backends: >-NAME-4238:test:security:nameservices::Check PowerDNS authoritive status: >+NAME-4238:test:security:nameservices::Check PowerDNS authoritative status: > NAME-4304:test:security:nameservices::Check NIS ypbind status: > NAME-4306:test:security:nameservices::Check NIS domain: > NAME-4402:test:security:nameservices::Check duplicate line in /etc/hosts: >@@ -313,6 +323,7 @@ > PHP-2378:test:security:php::Check PHP allow_url_include option: > PHP-2379:test:security:php::Check PHP suhosin extension status: > PHP-2382:test:security:php::Check PHP listen option: >+PKGS-7200:test:security:ports_packages:Linux:Check Alpine Package Keeper (apk): > PKGS-7301:test:security:ports_packages::Query NetBSD pkg: > PKGS-7302:test:security:ports_packages::Query FreeBSD/NetBSD pkg_info: > PKGS-7303:test:security:ports_packages::Query brew package manager: >@@ -349,6 +360,7 @@ > PKGS-7392:test:security:ports_packages:Linux:Check for Debian/Ubuntu security updates: > PKGS-7393:test:security:ports_packages::Check for Gentoo vulnerable packages: > PKGS-7394:test:security:ports_packages:Linux:Check for Ubuntu updates: >+PKGS-7395:test:security:ports_packages:Linux:Check Alpine upgradeable packages: > PKGS-7398:test:security:ports_packages::Check for package audit tool: > PKGS-7410:test:security:ports_packages::Count installed kernel packages: > PKGS-7420:test:security:ports_packages::Detect toolkit to automatically download and apply upgrades: >@@ -419,11 +431,13 @@ > TIME-3180:test:security:time::Report if ntpctl cannot communicate with OpenNTPD: > TIME-3181:test:security:time::Check status of OpenNTPD time synchronisation > TIME-3182:test:security:time::Check OpenNTPD has working peers >+TIME-3185:test:security:time::Check systemd-timesyncd synchronized time > TOOL-5002:test:security:tooling::Checking for automation tools: > TOOL-5102:test:security:tooling::Check for presence of Fail2ban: > TOOL-5104:test:security:tooling::Enabled tests for Fail2ban: > TOOL-5120:test:security:tooling::Presence of Snort IDS: > TOOL-5122:test:security:tooling::Snort IDS configuration file: >+TOOL-5130:test:security:tooling::Check for active Suricata daemon: > TOOL-5160:test:security:tooling::Check for active OSSEC daemon: > TOOL-5190:test:security:tooling::Check presence of available IDS/IPS tooling: > USB-1000:test:security:storage:Linux:Check if USB storage is disabled: >diff -ur lynis-3.0.0/default.prf lynis-3.0.8/default.prf >--- lynis-3.0.0/default.prf 2020-06-18 03:00:00 >+++ lynis-3.0.8/default.prf 2022-05-17 03:00:00 >@@ -93,7 +93,7 @@ > #skip-upgrade-test=yes > > # Locations where to search for SSL certificates (separate paths with a colon) >-ssl-certificate-paths=/etc/apache2:/etc/dovecot:/etc/httpd:/etc/letsencrypt:/etc/pki:/etc/postfix:/etc/ssl:/opt/psa/var/certificates:/usr/local/psa/var/certificates:/usr/local/share/ca-certificates:/usr/share/ca-certificates:/usr/share/gnupg:/var/www:/srv/www >+ssl-certificate-paths=/etc/apache2:/etc/dovecot:/etc/httpd:/etc/letsencrypt:/etc/pki:/etc/postfix:/etc/refind.d/keys:/etc/ssl:/opt/psa/var/certificates:/usr/local/psa/var/certificates:/usr/local/share/ca-certificates:/usr/share/ca-certificates:/usr/share/gnupg:/var/www:/srv/www > ssl-certificate-paths-to-ignore=/etc/letsencrypt/archive: > ssl-certificate-include-packages=no > >@@ -152,7 +152,7 @@ > # > # Kernel options > # --------------- >-# configdate=, followed by: >+# config-data=, followed by: > # > # - Type = Set to 'sysctl' > # - Setting = value of sysctl key (e.g. kernel.sysrq) >@@ -182,7 +182,9 @@ > > # Kernel > config-data=sysctl;fs.suid_dumpable;0;1;Restrict core dumps;sysctl -a;url:https;//www.kernel.org/doc/Documentation/sysctl/fs.txt;category:security; >+config-data=sysctl;fs.protected_fifos;2;1;Restrict FIFO special device creation behavior;sysctl -a;url:https;//www.kernel.org/doc/Documentation/sysctl/fs.txt;category:security; > config-data=sysctl;fs.protected_hardlinks;1;1;Restrict hardlink creation behavior;sysctl -a;url:https;//www.kernel.org/doc/Documentation/sysctl/fs.txt;category:security; >+config-data=sysctl;fs.protected_regular;2;1;Restrict regular files creation behavior;sysctl -a;url:https;//www.kernel.org/doc/Documentation/sysctl/fs.txt;category:security; > config-data=sysctl;fs.protected_symlinks;1;1;Restrict symlink following behavior;sysctl -a;url:https;//www.kernel.org/doc/Documentation/sysctl/fs.txt;category:security; > #config-data=sysctl;kern.randompid=2345;Randomize PID numbers with a specific modulus;sysctl -a;-;category:security; > config-data=sysctl;kern.sugid_coredump;0;1;No description;sysctl -a;url:https;//kernel.org/doc/Documentation/sysctl/kernel.txt;category:security; >@@ -194,13 +196,17 @@ > config-data=sysctl;kernel.exec-shield;1;1;No description;sysctl -a;url:https;//kernel.org/doc/Documentation/sysctl/kernel.txt;category:security; > config-data=sysctl;kernel.kptr_restrict;2;1;Restrict access to kernel symbols;sysctl -a;url:https;//kernel.org/doc/Documentation/sysctl/kernel.txt;category:security; > config-data=sysctl;kernel.maps_protect;1;1;Restrict access to /proc/[pid]/maps;sysctl -a;url:https;//kernel.org/doc/Documentation/sysctl/kernel.txt;category:security; >+config-data=sysctl;kernel.modules_disabled;1;1;Restrict module loading once this sysctl value is loaded;sysctl -a;url:https;//kernel.org/doc/Documentation/sysctl/kernel.txt;category:security; >+config-data=sysctl;kernel.perf_event_paranoid;3;1;Restrict unprivileged access to the perf_event_open() system call.;sysctl -a;url:https;//kernel.org/doc/Documentation/sysctl/kernel.txt;category:security; > config-data=sysctl;kernel.randomize_va_space;2;1;Randomize of memory address locations (ASLR);sysctl -a;url:https;//kernel.org/doc/Documentation/sysctl/kernel.txt;category:security; > config-data=sysctl;kernel.suid_dumpable;0;1;Restrict core dumps;sysctl -a;url:https;//kernel.org/doc/Documentation/sysctl/kernel.txt;category:security; > config-data=sysctl;kernel.sysrq;0;1;Disable magic SysRQ;sysctl -a;url:https;//kernel.org/doc/Documentation/sysctl/kernel.txt;category:security; >+config-data=sysctl;kernel.unprivileged_bpf_disabled;1;1;Restrict BPF for unprivileged users;sysctl -a;url:https;//kernel.org/doc/Documentation/sysctl/kernel.txt;category:security; > config-data=sysctl;kernel.use-nx;0;1;No description;sysctl -a;url:https;//kernel.org/doc/Documentation/sysctl/kernel.txt;category:security; > config-data=sysctl;kernel.yama.ptrace_scope;1|2|3;1;Disable process tracing for everyone;-;category:security; > > # Network >+config-data=sysctl;net.core.bpf_jit_harden;2;1;Hardened BPF JIT compilation;sysctl -a;url:https;//kernel.org/doc/Documentation/sysctl/kernel.txt;category:security; > config-data=sysctl;net.inet.ip.linklocal.in.allowbadttl;0; > config-data=sysctl;net.inet.tcp.always_keepalive;0;1;Disable TCP keep alive detection for dead peers as the keepalive can be spoofed;-;category:security; > #config-data=sysctl;net.inet.tcp.fast_finwait2_recycle;1;1;Recycle FIN/WAIT states more quickly (DoS mitigation step, with risk of false RST);-;category:security; >@@ -250,6 +256,7 @@ > config-data=sysctl;net.ipv6.conf.default.accept_source_route;0;1;Disable IP source routing;-;category:security; > > # Other >+config-data=sysctl;dev.tty.ldisc_autoload;0;1;Disable loading of TTY line disciplines;-;category:security; > config-data=sysctl;hw.kbd.keymap_restrict_change;4;1;Disable changing the keymap by non-privileged users;-;category:security; > #sysctl;kern.securelevel;1^2^3;1;FreeBSD security level; > #security.jail.jailed; 0 >@@ -303,6 +310,11 @@ > permfile=/etc/passwd:rw-r--r--:root:-:WARN: > permfile=/etc/passwd-:rw-r--r--:root:-:WARN: > permfile=/etc/ssh/sshd_config:rw-------:root:-:WARN: >+permfile=/etc/hosts.equiv:rw-r--r--:root:root:WARN: >+permfile=/etc/shosts.equiv:rw-r--r--:root:root:WARN: >+permfile=/root/.rhosts:rw-------:root:root:WARN: >+permfile=/root/.rlogin:rw-------:root:root:WARN: >+permfile=/root/.shosts:rw-------:root:root:WARN: > > # These permissions differ by OS > #permfile=/etc/gshadow:---------:root:-:WARN: >diff -ur lynis-3.0.0/extras/bash_completion.d/lynis lynis-3.0.8/extras/bash_completion.d/lynis >--- lynis-3.0.0/extras/bash_completion.d/lynis 2020-06-18 03:00:00 >+++ lynis-3.0.8/extras/bash_completion.d/lynis 2022-05-17 03:00:00 >@@ -126,7 +126,7 @@ > report) > return 0 > ;; >- settiings) >+ settings) > return 0 > ;; > tests) >@@ -179,7 +179,7 @@ > *) > COMPREPLY=( $( compgen -W ' \ > --auditor --cronjob --debug --quick --quiet --logfile --no-colors --no-log --pentest --reverse-colors \ >- --tests --tests-from-category --tests-from-group --upload --verbose' -- "$cur" ) ) >+ --tests --tests-from-category --tests-from-group --upload --verbose --slow-warning' -- "$cur" ) ) > ;; > esac > >diff -ur lynis-3.0.0/include/binaries lynis-3.0.8/include/binaries >--- lynis-3.0.0/include/binaries 2020-06-18 03:00:00 >+++ lynis-3.0.8/include/binaries 2022-05-17 03:00:00 >@@ -6,7 +6,7 @@ > # ------------------ > # > # Copyright 2007-2013, Michael Boelen >-# Copyright 2007-2020, CISOfy >+# Copyright 2007-2021, CISOfy > # > # Website : https://cisofy.com > # Blog : http://linux-audit.com >@@ -30,7 +30,7 @@ > ################################################################################# > # > if [ ${CHECK_BINARIES} -eq 1 ]; then >- InsertSection "System Tools" >+ InsertSection "${SECTION_SYSTEM_TOOLS}" > Display --indent 2 --text "- Scanning available tools..." > LogText "Start scanning for available audit binaries and tools..." > >@@ -119,11 +119,11 @@ > COUNT=$((COUNT + 1)) > BINARY="${SCANDIR}/${FILENAME}" > DISCOVERED_BINARIES="${DISCOVERED_BINARIES}${BINARY} " >- if [ -u ${BINARY} ]; then >+ if [ -u "${BINARY}" ]; then > NSUID_BINARIES=$((NSUID_BINARIES + 1)) > SUID_BINARIES="${SUID_BINARIES}${BINARY} " > fi >- if [ -g ${BINARY} ]; then >+ if [ -g "${BINARY}" ]; then > NSGID_BINARIES=$((NSGID_BINARIES + 1)) > SGID_BINARIES="${SGID_BINARIES}${BINARY} " > fi >@@ -134,6 +134,7 @@ > aide) AIDEBINARY=${BINARY}; LogText " Found known binary: aide (file integrity checker) - ${BINARY}" ;; > apache2) HTTPDBINARY=${BINARY}; LogText " Found known binary: apache2 (web server) - ${BINARY}" ;; > apt) APTBINARY=${BINARY}; LogText " Found known binary: apt (package manager) - ${BINARY}" ;; >+ apk) APKBINARY=${BINARY}; LogText " Found known binary: apk (package manager) - ${BINARY}" ;; > arch-audit) ARCH_AUDIT_BINARY="${BINARY}"; LogText " Found known binary: arch-audit (auditing utility to test for vulnerable packages) - ${BINARY}" ;; > auditd) AUDITDBINARY=${BINARY}; LogText " Found known binary: auditd (audit framework) - ${BINARY}" ;; > awk) AWKBINARY=${BINARY}; LogText " Found known binary: awk (string tool) - ${BINARY}" ;; >@@ -152,6 +153,7 @@ > clang) CLANGBINARY=${BINARY}; COMPILER_INSTALLED=1; LogText " Found known binary: clang (compiler) - ${BINARY}" ;; > cfagent) CFAGENTBINARY="${BINARY}"; FILE_INT_TOOL_FOUND=1; LogText " Found known binary: cfengine agent (configuration tool) - ${BINARY}" ;; > chkrootkit) CHKROOTKITBINARY="${BINARY}"; MALWARE_SCANNER_INSTALLED=1; LogText " Found known binary: chkrootkit (malware scanner) - ${BINARY}" ;; >+ cmd_daemon) CMDBINARY=${BINARY}; LogText " Found known binary: cmd (audit framework) - ${BINARY}" ;; > comm) COMMBINARY="${BINARY}"; LogText " Found known binary: comm (file compare) - ${BINARY}" ;; > cryptsetup) CRYPTSETUPBINARY="${BINARY}"; LogText " Found known binary: cryptsetup (block device encryption) - ${BINARY}" ;; > csum) CSUMBINARY="${BINARY}"; LogText " Found known binary: csum (hashing tool on AIX) - ${BINARY}" ;; >@@ -202,7 +204,7 @@ > logrotate) LOGROTATEBINARY="${BINARY}"; LogText " Found known binary: logrotate (log rotation tool) - ${BINARY}" ;; > ls) LSBINARY="${BINARY}"; LogText " Found known binary: ls (file listing) - ${BINARY}" ;; > lsattr) LSATTRBINARY="${BINARY}"; LogText " Found known binary: lsattr (file attributes) - ${BINARY}" ;; >- lsblk) LSBLKBINARY="${BINARY}"; LogText " Found known binary: lsblk (block devices) - ${BINARY}" ;; >+ lsblk) LSBLKBINARY="${BINARY}"; LogText " Found known binary: lsblk (block devices) - ${BINARY}" ;; > lsmod) LSMODBINARY="${BINARY}"; LogText " Found known binary: lsmod (kernel modules) - ${BINARY}" ;; > lsof) > LSOFBINARY="${BINARY}" >@@ -219,6 +221,7 @@ > maldet) LMDBINARY="${BINARY}"; MALWARE_SCANNER_INSTALLED=1; LogText " Found known binary: maldet (Linux Malware Detect, malware scanner) - ${BINARY}" ;; > md5) MD5BINARY="${BINARY}"; LogText " Found known binary: md5 (hash tool) - ${BINARY}" ;; > md5sum) MD5BINARY="${BINARY}"; LogText " Found known binary: md5sum (hash tool) - ${BINARY}" ;; >+ mdatp) MDATPBINARY="${BINARY}"; MALWARE_SCANNER_INSTALLED=1; LogText " Found known binary: mdatp (Microsoft Defender ATP, malware scanner) - ${BINARY}" ;; > modprobe) MODPROBEBINARY="${BINARY}"; LogText " Found known binary: modprobe (kernel modules) - ${BINARY}" ;; > mount) MOUNTBINARY="${BINARY}"; LogText " Found known binary: mount (disk utility) - ${BINARY}" ;; > mtree) MTREEBINARY="${BINARY}"; LogText " Found known binary: mtree (mapping directory tree) - ${BINARY}" ;; >@@ -285,7 +288,9 @@ > ssh-keyscan) SSHKEYSCANBINARY="${BINARY}"; LogText " Found known binary: ssh-keyscan (scanner for SSH keys) - ${BINARY}" ;; > suricata) SURICATABINARY="${BINARY}"; LogText " Found known binary: suricata (IDS) - ${BINARY}" ;; > swapon) SWAPONBINARY="${BINARY}"; LogText " Found known binary: swapon (swap device tool) - ${BINARY}" ;; >+ svcs) SVCSBINARY="${BINARY}" ; LogText " Found known binary: svcs (service manager) - ${BINARY}" ;; > swupd) SWUPDBINARY="${BINARY}"; LogText " Found known binary: swupd (package manager) - ${BINARY}" ;; >+ synoavd) SYNOAVDBINARY=${BINARY}; LogText " Found known binary: synoavd (Synology AV scanner) - ${BINARY}" ;; > sysctl) SYSCTLBINARY="${BINARY}"; LogText " Found known binary: sysctl (kernel parameters) - ${BINARY}" ;; > syslog-ng) SYSLOGNGBINARY="${BINARY}"; SYSLOGNGVERSION=$(${BINARY} -V 2>&1 | grep "^syslog-ng" | awk '{ print $2 }'); LogText "Found ${BINARY} (version ${SYSLOGNGVERSION})" ;; > systemctl) SYSTEMCTLBINARY="${BINARY}"; LogText " Found known binary: systemctl (client to systemd) - ${BINARY}" ;; >@@ -336,7 +341,7 @@ > [ "${AWKBINARY:-}" ] || ExitFatal "awk binary not found" > [ "${CAT_BINARY:-}" ] || ExitFatal "cat binary not found" > [ "${CUTBINARY:-}" ] || ExitFatal "cut binary not found" >- [ "${EGREPBINARY:-}" ] || ExitFatal "grep binary not found" >+ [ "${EGREPBINARY:-}" ] || ExitFatal "egrep binary not found" > [ "${FINDBINARY:-}" ] || ExitFatal "find binary not found" > [ "${GREPBINARY:-}" ] || ExitFatal "grep binary not found" > [ "${HEADBINARY:-}" ] || ExitFatal "head binary not found" >diff -ur lynis-3.0.0/include/consts lynis-3.0.8/include/consts >--- lynis-3.0.0/include/consts 2020-06-18 03:00:00 >+++ lynis-3.0.8/include/consts 2022-05-17 03:00:00 >@@ -6,7 +6,7 @@ > # ------------------ > # > # Copyright 2007-2013, Michael Boelen >-# Copyright 2007-2020, CISOfy >+# Copyright 2007-2021, CISOfy > # > # Website : https://cisofy.com > # Blog : http://linux-audit.com >@@ -33,10 +33,6 @@ > > ETC_PATHS="/etc /usr/local/etc" > >-# Do not use specific language, fall back to default >-# Some tools with translated strings are very hard to parse >-unset LANG >- > # > ################################################################################# > # >@@ -47,6 +43,7 @@ > # == Variable initializing == > # > APTBINARY="" >+ APKBINARY="" > ARCH_AUDIT_BINARY="" > AUDITORNAME="" > AUDITCTLBINARY="" >@@ -62,7 +59,9 @@ > APPLICATION_FIREWALL_ACTIVE=0 > BINARY_SCAN_FINISHED=0 > BLKIDBINARY="" >+ BOOTCTLBINARY="" > CAT_BINARY="" >+ CCBINARY="" > CFAGENTBINARY="" > CHECK=0 > CHECK_BINARIES=1 >@@ -72,6 +71,7 @@ > CLAMCONF_BINARY="" > CLAMSCANBINARY="" > CLANGBINARY="" >+ CMDBINARY="" > COLORS=1 > COMPLIANCE_ENABLE_CIS=0 > COMPLIANCE_ENABLE_HIPAA=0 >@@ -85,6 +85,7 @@ > CONTROL_URL_PROTOCOL="" > CONTAINER_TYPE="" > CREATE_REPORT_FILE=1 >+ CRYPTSETUPBINARY="" > CSUMBINARY="" > CURRENT_TS=0 > CUSTOM_URL_APPEND="" >@@ -103,12 +104,14 @@ > DISCOVERED_BINARIES="" > DMIDECODEBINARY="" > DNFBINARY="" >+ DNSDOMAINNAMEBINARY="" > DOCKERBINARY="" > DOCKER_DAEMON_RUNNING=0 > DPKGBINARY="" > ECHOCMD="" > ERROR_ON_WARNINGS=0 > EQUERYBINARY="" >+ EVMCTLBINARY="" > EXIMBINARY="" > FAIL2BANBINARY="" > FILEBINARY="" >@@ -117,6 +120,7 @@ > FIREWALL_ACTIVE=0 > FOUNDPATH=0 > FORENSICS_MODE=0 >+ GCCBINARY="" > GETENT_BINARY="" > GRADMBINARY="" > GREPBINARY="grep" >@@ -130,10 +134,13 @@ > HEADBINARY="" > HELPER="" > HOSTID="" >+ HOSTID_GEN="unknown" > HOSTID2="" >+ HOSTID2_GEN="unknown" > HTTPDBINARY="" > IDS_IPS_TOOL_FOUND=0 > IFCONFIGBINARY="" >+ INTEGRITYSETUPBINARY="" > IPBINARY="" > IPFBINARY="" > IPTABLESBINARY="" >@@ -144,6 +151,7 @@ > LICENSE_KEY="" > LICENSE_SERVER="" > LINUX_VERSION="" >+ LINUX_VERSION_LIKE="" > LINUXCONFIGFILE="" > LMDBINARY="" > LMDFOUND=0 >@@ -152,6 +160,7 @@ > LOGDIR="" > LOGROTATEBINARY="" > LOGTEXT=1 >+ LSBLKBINARY="" > LSMODBINARY="" > LSOFBINARY="" > LSOF_EXTRA_OPTIONS="" >@@ -195,6 +204,7 @@ > NGINX_RETURN_FOUND=0 > NGINX_ROOT_FOUND=0 > NGINX_WEAK_SSL_PROTOCOL_FOUND=0 >+ NTPCTLBINARY="" > NTPD_ROLE="" > NTPQBINARY="" > OPENSSLBINARY="" >@@ -208,6 +218,7 @@ > OS_REDHAT_OR_CLONE=0 > OSIRISBINARY="" > PACMANBINARY="" >+ PAM_PASSWORD_PWHISTORY_AMOUNT="" > PASSWORD_MAXIMUM_DAYS=-1 > PASSWORD_MINIMUM_DAYS=-1 > PAM_2F_AUTH_ENABLED=0 >@@ -228,7 +239,7 @@ > PLUGINDIR="" > PLUGIN_PHASE=0 > POSTFIXBINARY="" >- POSTGRES_RUNNING=0 >+ POSTGRESQL_RUNNING=0 > PREVIOUS_TEST="No test ID" > PREVIOUS_TS=0 > PROFILES="" >@@ -242,6 +253,7 @@ > REFRESH_REPOSITORIES=1 > REMOTE_LOGGING_ENABLED=0 > RESOLV_DOMAINNAME="" >+ RESOLVECTLBINARY="" > RKHUNTERBINARY="" > ROOTDIR="/" > ROOTSHBINARY="" >@@ -277,8 +289,10 @@ > SKIP_VM_DETECTION=0 > SKIPREASON="" > SKIPPED_TESTS_ROOTONLY="" >+ SLOW_TEST_THRESHOLD=10 > SMTPCTLBINARY="" > SNORTBINARY="" >+ SSBINARY="" > SSHKEYSCANBINARY="" > SSHKEYSCANFOUND=0 > SSL_CERTIFICATE_INCLUDE_PACKAGES=0 >@@ -288,6 +302,7 @@ > SWUPDBINARY="" > SYSLOGNGBINARY="" > SYSTEMCTLBINARY="" >+ SYSTEMDANALYZEBINARY="" > SYSTEM_IS_NOTEBOOK=255 > TEMP_FILE="" > TEMP_FILES="" >@@ -297,6 +312,7 @@ > TEST_GROUP_TO_CHECK="all" > TESTS_EXECUTED="" > TESTS_SKIPPED="" >+ TIMEDATECTL="" > TMPFILE="" > TOMOYOINITBINARY="" > TOOLTIP_SHOWED=0 >@@ -322,6 +338,7 @@ > USBGUARD_ROOT="" > VALUE="" > VERBOSE=0 >+ VERITYSETUPBINARY="" > VGDISPLAYBINARY="" > VMTYPE="" > VULNERABLE_PACKAGES_FOUND=0 >diff -ur lynis-3.0.0/include/data_upload lynis-3.0.8/include/data_upload >--- lynis-3.0.0/include/data_upload 2020-06-18 03:00:00 >+++ lynis-3.0.8/include/data_upload 2022-05-17 03:00:00 >@@ -6,7 +6,7 @@ > # ------------------ > # > # Copyright 2007-2013, Michael Boelen >-# Copyright 2007-2020, CISOfy >+# Copyright 2007-2021, CISOfy > # > # Website : https://cisofy.com > # Blog : http://linux-audit.com >diff -ur lynis-3.0.0/include/functions lynis-3.0.8/include/functions >--- lynis-3.0.0/include/functions 2020-06-18 03:00:00 >+++ lynis-3.0.8/include/functions 2022-05-17 03:00:00 >@@ -6,7 +6,7 @@ > # ------------------ > # > # Copyright 2007-2013, Michael Boelen >-# Copyright 2007-2020, CISOfy >+# Copyright 2007-2021, CISOfy > # > # Website : https://cisofy.com > # Blog : http://linux-audit.com >@@ -38,7 +38,7 @@ > # DigitsOnly Return only the digits from a string > # DirectoryExists Check if a directory exists on the disk > # DiscoverProfiles Determine available profiles on system >-# Display Output text to screen with colors and identation >+# Display Output text to screen with colors and indentation > # DisplayError Show an error on screen > # DisplayException Show an exception on screen > # DisplayManual Output text to screen without any layout >@@ -899,20 +899,22 @@ > ################################################################################ > > GetHostID() { >- > if [ ${SKIP_GETHOSTID} -eq 1 ]; then >+ Debug "Skipping HostID generation due to SKIP_GETHOSTID" > return 2 > fi > > if [ -n "${HOSTID}" -a -n "${HOSTID2}" ]; then > Debug "Skipping creation of host identifiers, as they are already configured (via profile)" >+ HOSTID_GEN="profile" > return 2 > fi > > if [ -f "${ROOTDIR}etc/lynis/hostids" ]; then >- Debug "Used hostids file to fetch values" > HOSTID=$(grep "^hostid=" ${ROOTDIR}etc/lynis/hostids | awk -F= '{print $2}') > HOSTID2=$(grep "^hostid2=" ${ROOTDIR}etc/lynis/hostids | awk -F= '{print $2}') >+ Debug "Used hostids file to fetch values" >+ HOSTID_GEN="hostids-file" > return 0 > fi > >@@ -940,7 +942,7 @@ > fi > > if [ ! "${SHA1SUMBINARY}" = "" -o ! "${OPENSSLBINARY}" = "" -o ! "${CSUMBINARY}" = "" ]; then >- >+ LogText "Info: found hashing tool, start generation of HostID" > case "${OS}" in > > "AIX") >@@ -988,15 +990,49 @@ > ;; > > "Linux") >+ # Try fetching information from /sys in case 'ip' is not available or does not give expected results >+ if IsEmpty "${FIND}" && [ -d /sys/class/net ]; then >+ NET_INTERFACES=$(${FINDBINARY} /sys/class/net ! -type d -exec realpath {} \; 2> /dev/null | sort | awk -F'/' '!/virtual/ && /devices/ {for (x=1;x<=NF;x++) if ($x~"net") print $(x+1)}') >+ for INTERFACE in ${NET_INTERFACES}; do >+ if grep -q -s 'up' "/sys/class/net/${INTERFACE}/operstate"; then >+ LogText "Interface '${INTERFACE}' is up, fetching MAC address" >+ FIND=$(head -1 "/sys/class/net/${INTERFACE}/address" | tr '[:upper:]' '[:lower:]') >+ if HasData "${FIND}"; then >+ HOSTID_GEN="linux-sys-interface-up" >+ break >+ fi >+ fi >+ done >+ fi > >- # Future change >- # Show brief output of ip of links that are UP. Filter out items like 'UNKNOWN' in col 2 >- # Using the {2} syntax does not work on all systems >- # ip -br link show up | sort | awk '$2=="UP" && $3 ~ /^[a-f0-9][a-f0-9]:/ {print $3}' >+ # Next is to try ip, as it is available to most modern Linux distributions >+ if IsEmpty "${FIND}" && [ -n "${IPBINARY}" ]; then >+ LogText "Info: trying output from 'ip' to generate HostID" >+ # Determine if we have the common available eth0 interface. If so, give that priority. >+ # Note: apply sorting in case there would be multiple MAC addresses linked to increase predictable end result >+ FIND=$(${IPBINARY} addr show eth0 2> /dev/null | grep -E "link/ether " | awk '{ print $2 }' | tr '[:upper:]' '[:lower:]' | sort | head -1) >+ if HasData "${FIND}"; then >+ HOSTID_GEN="linux-ip-interface-eth0" >+ else >+ # If eth0 does not exist, which is also common, then trying the next option: >+ # 1) First fetch all links that are UP >+ # 2) Filter entries that have a MAC address and filter out Docker related MAC addresses starting with '02:42:' >+ # 3) Convert everything to lowercase >+ # 4) Sort the entries, so that the output is more predictable between runs when the same interfaces are available >+ # 5) Select first entry >+ FIND=$(${IPBINARY} -family link addr show up 2> /dev/null | awk '{if($1=="link/ether" && $2 !~ "^02:42:"){print $2}}' | tr '[:upper:]' '[:lower:]' | sort | head -1) >+ if HasData "${FIND}"; then >+ HOSTID_GEN="linux-ip-interface-up-other" >+ else >+ ReportException "GetHostID" "Can't create hostid (no MAC addresses found)" >+ fi >+ fi >+ fi > >- # Use ifconfig >- if [ -n "${IFCONFIGBINARY}" ]; then >- # Determine if we have the eth0 interface (not all Linux distro have this, e.g. Arch) >+ # Finally try ifconfig >+ if IsEmpty "${FIND}" && [ -n "${IFCONFIGBINARY}" ]; then >+ LogText "Info: no information found from 'ip' or in /sys, trying output from 'ifconfig'" >+ # Determine if we have the eth0 interface (not all Linux distributions have this, e.g. Arch) > HASETH0=$(${IFCONFIGBINARY} | grep "^eth0") > # Check if we can find it with HWaddr on the line > FIND=$(${IFCONFIGBINARY} 2> /dev/null | grep "^eth0" | grep -v "eth0:" | grep HWaddr | awk '{ print $5 }' | tr '[:upper:]' '[:lower:]') >@@ -1009,42 +1045,34 @@ > # If not, then falling back to getting first interface. Better than nothing. > if HasData "${HASETH0}"; then > FIND=$(${IFCONFIGBINARY} eth0 2> /dev/null | grep "ether " | awk '{ print $2 }' | tr '[:upper:]' '[:lower:]') >+ if HasData "${FIND}"; then >+ HOSTID_GEN="linux-ifconfig-interface-eth0-ether" >+ fi > else > FIND=$(${IFCONFIGBINARY} 2> /dev/null | grep "ether " | awk '{ print $2 }' | head -1 | tr '[:upper:]' '[:lower:]') > if IsEmpty "${FIND}"; then > ReportException "GetHostID" "No eth0 found (and no ether was found with ifconfig)" > else >- LogText "Result: No eth0 found (ether found), using first network interface to determine hostid (with ifconfig)" >+ HOSTID_GEN="linux-ifconfig-interface-first-ether" >+ LogText "Result: No eth0 found (but ether found), using first network interface to determine hostid (with ifconfig)" > fi > fi > else > FIND=$(${IFCONFIGBINARY} 2> /dev/null | grep HWaddr | head -1 | awk '{ print $5 }' | tr '[:upper:]' '[:lower:]') >- LogText "GetHostID: No eth0 found (but HWaddr was found), using first network interface to determine hostid, with ifconfig" >+ HOSTID_GEN="linux-ifconfig-interface-first-hwaddr" > fi >+ else >+ HOSTID_GEN="linux-ifconfig-interface-eth0-hwaddr" > fi >- >- elif [ -n "${IPBINARY}" ]; then >- # Determine if we have the common available eth0 interface >- FIND=$(${IPBINARY} addr show eth0 2> /dev/null | grep -E "link/ether " | head -1 | awk '{ print $2 }' | tr '[:upper:]' '[:lower:]') >- if IsEmpty "${FIND}"; then >- # Determine the MAC address of first interface with the ip command >- FIND=$(${IPBINARY} addr show 2> /dev/null | grep -E "link/ether " | head -1 | awk '{ print $2 }' | tr '[:upper:]' '[:lower:]') >- if IsEmpty "${FIND}"; then >- ReportException "GetHostID" "Can't create hostid (no MAC addresses found)" >- fi >- fi >- else >- ReportException "GetHostID" "Both ip and ifconfig tools are missing" >- > fi > >- # Check if we found a HostID >+ # Check if we found a MAC address to generate the HostID > if HasData "${FIND}"; then >- LogText "Info: using hardware address ${FIND} to create ID" >+ LogText "Info: using hardware address '${FIND}' to create HostID" > HOSTID=$(echo ${FIND} | ${SHA1SUMBINARY} | awk '{ print $1 }') > LogText "Result: Found HostID: ${HOSTID}" > else >- ReportException "GetHostID" "Can't create HOSTID, command ip not found" >+ ReportException "GetHostID" "HostID could not be generated" > fi > ;; > >@@ -1089,25 +1117,26 @@ > ;; > > "Solaris") >- INTERFACES_TO_TEST="e1000g1 net0" >+ INTERFACES_TO_TEST="net0 e1000g1 e1000g0" > FOUND=0 > for I in ${INTERFACES_TO_TEST}; do > FIND=$(${IFCONFIGBINARY} -a | grep "^${I}") > if [ ! "${FIND}" = "" ]; then > FOUND=1; LogText "Found interface ${I} on Solaris" >+ break > fi > done > if [ ${FOUND} -eq 1 ]; then > FIND=$(${IFCONFIGBINARY} ${I} | grep ether | awk '{ if ($1=="ether") { print $2 }}') >- if [ ! "${SHA1SUMBINARY}" = "" ]; then >+ if [ -n "${SHA1SUMBINARY}" ]; then > HOSTID=$(echo ${FIND} | ${SHA1SUMBINARY} | awk '{ print $1 }') >- elif [ ! "${OPENSSLBINARY}" = "" ]; then >+ elif [ -n "${OPENSSLBINARY}" ]; then > HOSTID=$(echo ${FIND} | ${OPENSSLBINARY} sha -sha1 | awk '{ print $2 }') > else > ReportException "GetHostID" "Can not find sha1/sha1sum or openssl" > fi > else >- ReportException "GetHostID" "No interface found op Solaris to create HostID" >+ ReportException "GetHostID" "No interface found on Solaris to create HostID" > fi > ;; > >@@ -1115,8 +1144,9 @@ > ReportException "GetHostID" "Can't create HOSTID as OS is not supported yet by this function" > ;; > esac >+ > # Remove HOSTID if it contains a default MAC address with a related hash value >- if [ ! "${HOSTID}" = "" ]; then >+ if [ -n "${HOSTID}" ]; then > for CHECKHASH in ${BLACKLISTED_HASHES}; do > if [ "${CHECKHASH}" = "${HOSTID}" ]; then > LogText "Result: hostid is a blacklisted value" >@@ -1124,6 +1154,7 @@ > fi > done > fi >+ > else > ReportException "GetHostID" "Can't create HOSTID as there is no SHA1 hash tool available (sha1, sha1sum, openssl)" > fi >@@ -1151,6 +1182,7 @@ > if [ -n "${SHA1SUMBINARY}" ]; then > HOSTID=$(${SHA1SUMBINARY} /etc/ssh/${I} | awk '{ print $1 }') > LogText "result: Created HostID with SSH key ($I): ${HOSTID}" >+ HOSTID_GEN="fallback-ssh-public-key" > else > ReportException "GetHostID" "Can't create HOSTID with SSH key, as sha1sum binary is missing" > fi >@@ -1162,9 +1194,9 @@ > fi > fi > >- # New style host ID >- if [ "${HOSTID2}" = "" ]; then >- LogText "Info: creating a HostID (version 2)" >+ # Generation of HostID version 2 >+ if [ -z "${HOSTID2}" ]; then >+ LogText "Info: start generation of HostID (version 2)" > FOUND=0 > DATA_SSH="" > # Use public keys >@@ -1173,7 +1205,7 @@ > for I in ${SSH_KEY_FILES}; do > if [ ${FOUND} -eq 0 ]; then > if [ -f /etc/ssh/${I} ]; then >- LogText "Result: found file ${I} in /etc/ssh, using that to create host identifier" >+ LogText "Result: found file ${I} in /etc/ssh, using that as candidate to create hostid2" > DATA_SSH=$(cat /etc/ssh/${I}) > FOUND=1 > fi >@@ -1185,21 +1217,23 @@ > > STRING_TO_HASH="" > if [ ${FOUND} -eq 1 -a -n "${DATA_SSH}" ]; then >- LogText "Using SSH public key to create the second host identifier" >+ LogText "Using SSH public key to create hostid2" > STRING_TO_HASH="${DATA_SSH}" >+ HOSTID2_GEN="ssh-public-key" > else > if [ -n "${MACHINEID}" ]; then >- LogText "Using the machine ID to create the second host identifier" >+ LogText "Using the machine ID to create hostid2" > STRING_TO_HASH="${MACHINEID}" >+ HOSTID2_GEN="machine-id" > fi > fi > # Check if we have a string to turn into a host identifier > if [ -n "${STRING_TO_HASH}" ]; then > # Create hashes >- if [ ! "${SHA256SUMBINARY}" = "" ]; then >+ if [ -n "${SHA256SUMBINARY}" ]; then > HASH2=$(echo ${STRING_TO_HASH} | ${SHA256SUMBINARY} | awk '{ print $1 }') > HASH_HOSTNAME=$(echo ${HOSTNAME} | ${SHA256SUMBINARY} | awk '{ print $1 }') >- elif [ ! "${OPENSSLBINARY}" = "" ]; then >+ elif [ -n "${OPENSSLBINARY}" ]; then > HASH2=$(echo ${STRING_TO_HASH} | ${OPENSSLBINARY} dgst -${OPENSSL_HASHTYPE} | awk '{ print $2 }') > HASH_HOSTNAME=$(echo ${HOSTNAME} | ${OPENSSLBINARY} dgst -${OPENSSL_HASHTYPE} | awk '{ print $2 }') > fi >@@ -1272,6 +1306,11 @@ > if [ $# -ne 2 ]; then Fatal "Incorrect usage of HasCorrectFilePermissions"; fi > CHECKFILE="$1" > CHECKPERMISSION_FULL="$2" >+ # Check for symlink >+ if [ -L ${CHECKFILE} ]; then >+ ShowSymlinkPath ${CHECKFILE} >+ if [ ! "${SYMLINK}" = "" ]; then CHECKFILE="${SYMLINK}"; fi >+ fi > if [ ! -d ${CHECKFILE} -a ! -f ${CHECKFILE} ]; then > return 2 > else >@@ -1286,11 +1325,11 @@ > CHECK_PERMISSION=$(echo "${CHECK_PERMISSION}" | ${AWKBINARY} '{printf "%03d",$1}') > > # First try stat command >- LogText "Test: checking if file ${CHECKFILE} has the permissions set to ${CHECK_PERMISSION} or more restrictive" >+ LogText "Test: checking if file ${CHECKFILE} has the permissions set to ${CHECK_PERMISSION} (${CHECKPERMISSION_FULL}) or more restrictive" > if [ -n "${STATBINARY}" ]; then >- > case ${OS} in >- *BSD) >+ *BSD | "macOS") >+ # BSD and macOS have no --format, only short notation > DATA=$(${STATBINARY} -f "%OLp" ${CHECKFILE}) > ;; > *) >@@ -1353,7 +1392,7 @@ > fi > done > >- LogText "Outcome: permissions of file ${CHECKFILE} are not matching expected value (${DATA} != ${CHECKPERMISSION_FULL})" >+ LogText "Outcome: permissions of file ${CHECKFILE} are not matching expected value (${DATA} != ${CHECK_PERMISSION})" > # No match, return exit code 1 > return 1 > fi >@@ -1546,8 +1585,7 @@ > > if [ -z "${search}" ]; then ExitFatal "Missing process to search for when using IsRunning function"; fi > RUNNING=0 >- # AIX does not fully support pgrep options, so using ps instead >- if [ "${OS}" != "AIX" ]; then >+ if [ -x "${PGREPBINARY}" ] && [ "${OS}" != "AIX" ]; then > # When --user is used, perform a search using the -u option > # Initialize users for strict mode > if [ -n "${users:-}" ]; then >@@ -1968,7 +2006,11 @@ > if [ $# -eq 0 ]; then ExitFatal "Missing parameter when calling IsWorldWritable function"; fi > sFILE=$1 > FileIsWorldWritable="" >- >+ # Check for symlink >+ if [ -L ${sFILE} ]; then >+ ShowSymlinkPath ${sFILE} >+ if [ ! "${SYMLINK}" = "" ]; then sFILE="${SYMLINK}"; fi >+ fi > # Only check if target is a file or directory > if [ -f ${sFILE} -o -d ${sFILE} ]; then > FINDVAL=$(ls -ld ${sFILE} | cut -c 9) >@@ -2056,6 +2098,9 @@ > elif [ -n "${XBPSBINARY}" ]; then > output=$(${XBPSBINARY} ${package} 2> /dev/null | ${GREPBINARY} "^ii") > exit_code=$? >+ elif [ -n "${APKBINARY}" ]; then >+ output=$(${APKBINARY} search ${package} 2> /dev/null | ${GREPBINARY} ${package}) >+ exit_code=$? > else > if [ "${package}" != "__dummy__" ]; then > ReportException "PackageIsInstalled:01 (test=${TEST_NO:-unknown})" >@@ -2179,7 +2224,8 @@ > for I in ${FIND}; do > I=$(echo ${I} | sed 's/:space:/ /g' | sed 's/;$//' | sed 's/ #.*$//') > OPTION=$(echo ${I} | awk '{ print $1 }') >- VALUE=$(echo ${I}| cut -d' ' -f2-) >+ # Use quotes here to prevent wildcard expansion >+ VALUE=$(echo "${I}"| cut -d' ' -f2-) > LogText "Result: found option ${OPTION} in ${CONFIG_FILE} with value '${VALUE}'" > STORE_SETTING=1 > case ${OPTION} in >@@ -2302,9 +2348,25 @@ > done > if [ ${FOUND} -eq 0 ]; then NGINX_CONF_FILES_ADDITIONS="${NGINX_CONF_FILES_ADDITIONS} ${VALUE}"; fi > # Check for additional config files included as follows >- # "include sites-enabled/*.conf" >- elif [ $(echo ${VALUE} | grep -F -c "*.conf") -gt 0 ]; then >- for FOUND_CONF in $(ls ${CONFIG_FILE%nginx.conf}${VALUE%;*}); do >+ # "include sites-enabled/*.conf" (relative path) >+ # "include /etc/nginx/sites-enabled/*.conf" (absolute path) >+ elif [ $(echo "${VALUE}" | grep -F -c "*.conf") -gt 0 ]; then >+ # Check if path is absolute or relative >+ case $VALUE in >+ /*) >+ # Absolute path, so wildcard pattern is already correct >+ CONF_WILDCARD=${VALUE%;*} >+ ;; >+ *) >+ # Relative path, so construct absolute path for wildcard pattern >+ CONF_WILDCARD=${CONFIG_FILE%nginx.conf}${VALUE%;*} >+ ;; >+ esac >+ for FOUND_CONF in ${CONF_WILDCARD}; do >+ if [ "${FOUND_CONF}" = "${CONF_WILDCARD}" ]; then >+ LogText "Found no match for wildcard pattern: ${CONF_WILDCARD}" >+ break >+ fi > FOUND=0 > for CONF in ${NGINX_CONF_FILES}; do > if [ "${CONF}" = "${FOUND_CONF}" ]; then FOUND=1; LogText "Found this file already in our configuration files array, not adding to queue"; fi >@@ -2585,7 +2647,7 @@ > CURRENT_TS=$(GetTimestamp) > if [ ${PREVIOUS_TS} -gt 0 ]; then > SLOW_TEST=0 >- TIME_THRESHOLD=10 # seconds >+ TIME_THRESHOLD=$SLOW_TEST_THRESHOLD # seconds > > # Calculate timing and determine if we use seconds or nanoseconds (more precise) > TIME_DIFF=$((CURRENT_TS - PREVIOUS_TS)) >@@ -2652,7 +2714,15 @@ > fi > > # Check for correct hardware platform >- if [ ${SKIPTEST} -eq 0 -a -n "${TEST_NEED_PLATFORM}" -a ! "${HARDWARE}" = "${TEST_NEED_PLATFORM}" ]; then SKIPTEST=1; SKIPREASON="Incorrect hardware platform"; fi >+ if [ ${SKIPTEST} -eq 0 -a -n "${TEST_NEED_PLATFORM}" ]; then >+ HASMATCH=0 >+ for I in ${TEST_NEED_PLATFORM}; do >+ if [ "${I}" = "${HARDWARE}" ]; then HASMATCH=1; fi >+ done >+ if [ ${HASMATCH} -eq 0 ]; then >+ SKIPTEST=1; SKIPREASON="Incorrect hardware platform (${TEST_NEED_PLATFORM} only)" >+ fi >+ fi > > # Check for required (and discovered) package manager > if [ ${SKIPTEST} -eq 0 -a ${TEST_NEED_PKG_MGR} -eq 1 -a ${HAS_PACKAGE_MANAGER} -eq 0 ]; then SKIPTEST=1; SKIPREASON="Requires a known package manager to test presence of a particular package"; fi >@@ -3667,4 +3737,4 @@ > > #================================================================================ > # Lynis is part of Lynis Enterprise and released under GPLv3 license >-# Copyright 2007-2020 - Michael Boelen, CISOfy - https://cisofy.com >+# Copyright 2007-2021 - Michael Boelen, CISOfy - https://cisofy.com >diff -ur lynis-3.0.0/include/helper_audit_dockerfile lynis-3.0.8/include/helper_audit_dockerfile >--- lynis-3.0.0/include/helper_audit_dockerfile 2020-06-18 03:00:00 >+++ lynis-3.0.8/include/helper_audit_dockerfile 2022-05-17 03:00:00 >@@ -6,7 +6,7 @@ > # ------------------ > # > # Copyright 2007-2013, Michael Boelen >-# Copyright 2007-2020, CISOfy >+# Copyright 2007-2021, CISOfy > # > # Website : https://cisofy.com > # Blog : http://linux-audit.com >@@ -44,7 +44,7 @@ > ################################################################################################## > # > >- InsertSection "Image" >+ InsertSection "${SECTION_IMAGE}" > > PKGMGR="" > FIND=$(grep "^FROM" ${AUDIT_FILE} | sed 's/ /:space:/g') >@@ -93,7 +93,7 @@ > # > ################################################################################################## > # >- InsertSection "Basics" >+ InsertSection "${SECTION_BASICS}" > > MAINTAINER=$(grep -E -i "*MAINTAINER" ${AUDIT_FILE} | sed 's/=/ /g' | cut -d'"' -f 2) > if [ -z "${MAINTAINER}" ]; then >@@ -127,7 +127,7 @@ > # > ################################################################################################## > # >- InsertSection "Software" >+ InsertSection "${SECTION_SOFTWARE}" > > case $PKGMGR in > "apt") >@@ -166,7 +166,7 @@ > # > ################################################################################################## > # >- InsertSection "Downloads" >+ InsertSection "${SECTION_DOWNLOADS}" > > FILE_DOWNLOAD=0 > >@@ -217,7 +217,7 @@ > # > ################################################################################################## > # >- InsertSection "Permissions" >+ InsertSection "${SECTION_PERMISSIONS}" > > FIND=$(grep -i "chmod 777" ${AUDIT_FILE}) > if HasData "${FIND}"; then >diff -ur lynis-3.0.0/include/helper_configure lynis-3.0.8/include/helper_configure >--- lynis-3.0.0/include/helper_configure 2020-06-18 03:00:00 >+++ lynis-3.0.8/include/helper_configure 2022-05-17 03:00:00 >@@ -6,7 +6,7 @@ > # ------------------ > # > # Copyright 2007-2013, Michael Boelen >-# Copyright 2007-2020, CISOfy >+# Copyright 2007-2021, CISOfy > # > # Website : https://cisofy.com > # Blog : http://linux-audit.com >@@ -71,9 +71,6 @@ > ${ECHOCMD} "Suggestion: create one with 'touch custom.prf' or 'touch /etc/lynis/custom.prf'" > ExitFatal > fi >- >- FIND=$(echo ${HELPER_PARAMERS} | grep " ") >- if [ ! "${FIND}" = "" ]; then ${ECHOCMD} "Found invalid character (space) in configuration string"; ExitFatal; fi > > CONFIGURE_SETTINGS=$(echo $2 | sed 's/:/ /g') > for I in ${CONFIGURE_SETTINGS}; do >diff -ur lynis-3.0.0/include/helper_generate lynis-3.0.8/include/helper_generate >--- lynis-3.0.0/include/helper_generate 2020-06-18 03:00:00 >+++ lynis-3.0.8/include/helper_generate 2022-05-17 03:00:00 >@@ -6,7 +6,7 @@ > # ------------------ > # > # Copyright 2007-2013, Michael Boelen >-# Copyright 2007-2020, CISOfy >+# Copyright 2007-2021, CISOfy > # > # Website : https://cisofy.com > # Blog : http://linux-audit.com >@@ -51,8 +51,10 @@ > ;; > *) > # xxd does not exist on FreeBSD >- HOSTID=$(head -c20 < /dev/urandom | hexdump -ve '"%.2x"') >- HOSTID2=$(head -c32 < /dev/urandom | hexdump -ve '"%.2x"') >+ # Note: hexdump may omit leading or trailing zeroes. >+ # Take 100 characters as input, turn to hex, then take first 40/64. >+ HOSTID=$(head -c100 < /dev/urandom | hexdump -ve '"%.2x"' | head -c40) >+ HOSTID2=$(head -c100 < /dev/urandom | hexdump -ve '"%.2x"' | head -c64) > ;; > esac > >diff -ur lynis-3.0.0/include/helper_show lynis-3.0.8/include/helper_show >--- lynis-3.0.0/include/helper_show 2020-06-18 03:00:00 >+++ lynis-3.0.8/include/helper_show 2022-05-17 03:00:00 >@@ -6,7 +6,7 @@ > # ------------------ > # > # Copyright 2007-2013, Michael Boelen >-# Copyright 2007-2020, CISOfy >+# Copyright 2007-2021, CISOfy > # > # Website : https://cisofy.com > # Blog : http://linux-audit.com >diff -ur lynis-3.0.0/include/helper_system_remote_scan lynis-3.0.8/include/helper_system_remote_scan >--- lynis-3.0.0/include/helper_system_remote_scan 2020-06-18 03:00:00 >+++ lynis-3.0.8/include/helper_system_remote_scan 2022-05-17 03:00:00 >@@ -6,7 +6,7 @@ > # ------------------ > # > # Copyright 2007-2013, Michael Boelen >-# Copyright 2007-2020, CISOfy >+# Copyright 2007-2021, CISOfy > # > # Website : https://cisofy.com > # Blog : http://linux-audit.com >diff -ur lynis-3.0.0/include/helper_update lynis-3.0.8/include/helper_update >--- lynis-3.0.0/include/helper_update 2020-06-18 03:00:00 >+++ lynis-3.0.8/include/helper_update 2022-05-17 03:00:00 >@@ -6,7 +6,7 @@ > # ------------------ > # > # Copyright 2007-2013, Michael Boelen >-# Copyright 2007-2020, CISOfy >+# Copyright 2007-2021, CISOfy > # > # Website : https://cisofy.com > # Blog : http://linux-audit.com >diff -ur lynis-3.0.0/include/osdetection lynis-3.0.8/include/osdetection >--- lynis-3.0.0/include/osdetection 2020-06-18 03:00:00 >+++ lynis-3.0.8/include/osdetection 2022-05-17 03:00:00 >@@ -6,7 +6,7 @@ > # ------------------ > # > # Copyright 2007-2013, Michael Boelen >-# Copyright 2007-2020, CISOfy >+# Copyright 2007-2021, CISOfy > # > # Website : https://cisofy.com > # Blog : http://linux-audit.com >@@ -62,6 +62,8 @@ > 10.13 | 10.13.[0-9]*) OS_FULLNAME="macOS High Sierra (${OS_VERSION})" ;; > 10.14 | 10.14.[0-9]*) OS_FULLNAME="macOS Mojave (${OS_VERSION})" ;; > 10.15 | 10.15.[0-9]*) OS_FULLNAME="macOS Catalina (${OS_VERSION})" ;; >+ 11 | 11.[0-9]*) OS_FULLNAME="macOS Big Sur (${OS_VERSION})" ;; >+ 12 | 12.[0-9]*) OS_FULLNAME="macOS Monterey (${OS_VERSION})" ;; > *) echo "Unknown macOS version. Do you know what version it is? Create an issue at ${PROGRAM_SOURCE}" ;; > esac > else >@@ -143,6 +145,19 @@ > OS_ID=$(grep "^ID=" /etc/os-release | awk -F= '{print $2}' | tr -d '"') > if [ -n "${OS_ID}" ]; then > case ${OS_ID} in >+ "almalinux") >+ LINUX_VERSION="AlmaLinux" >+ OS_NAME=$(grep "^PRETTY_NAME=" /etc/os-release | awk -F= '{print $2}' | tr -d '"') >+ OS_REDHAT_OR_CLONE=1 >+ OS_VERSION=$(grep "^VERSION_ID=" /etc/os-release | awk -F= '{print $2}' | tr -d '"') >+ OS_VERSION_FULL=$(grep "^VERSION=" /etc/os-release | awk -F= '{print $2}' | tr -d '"') >+ ;; >+ "alpine") >+ LINUX_VERSION="Alpine Linux" >+ OS_NAME=$(grep "^PRETTY_NAME=" /etc/os-release | awk -F= '{print $2}' | tr -d '"') >+ OS_VERSION=$(grep "^VERSION_ID=" /etc/os-release | awk -F= '{print $2}' | tr -d '"') >+ OS_VERSION_FULL=$(grep "^VERSION=" /etc/os-release | awk -F= '{print $2}' | tr -d '"') >+ ;; > "amzn") > LINUX_VERSION="Amazon Linux" > OS_NAME="Amazon Linux" >@@ -154,6 +169,22 @@ > OS_FULLNAME="Arch Linux" > OS_VERSION="Rolling release" > ;; >+ "arch32") >+ LINUX_VERSION="Arch Linux 32" >+ OS_FULLNAME="Arch Linux 32" >+ OS_VERSION="Rolling release" >+ ;; >+ "artix") >+ LINUX_VERSION="Artix Linux" >+ OS_FULLNAME="Artix Linux" >+ OS_VERSION="Rolling release" >+ ;; >+ "bunsenlabs") >+ LINUX_VERSION="BunsenLabs" >+ OS_NAME="BunsenLabs" >+ OS_VERSION=$(grep "^VERSION_ID=" /etc/os-release | awk -F= '{print $2}' | tr -d '"') >+ OS_VERSION_FULL=$(grep "^VERSION=" /etc/os-release | awk -F= '{print $2}' | tr -d '"') >+ ;; > "centos") > LINUX_VERSION="CentOS" > OS_NAME="CentOS Linux" >@@ -166,6 +197,12 @@ > OS_REDHAT_OR_CLONE=1 > OS_VERSION="Rolling release" > ;; >+ "cloudlinux") >+ LINUX_VERSION="CloudLinux" >+ OS_NAME="CloudLinux" >+ OS_REDHAT_OR_CLONE=1 >+ OS_VERSION=$(grep "^VERSION_ID=" /etc/os-release | awk -F= '{print $2}' | tr -d '"') >+ ;; > "coreos") > LINUX_VERSION="CoreOS" > OS_NAME="CoreOS Linux" >@@ -176,30 +213,95 @@ > OS_NAME="Debian" > OS_VERSION=$(grep "^VERSION_ID=" /etc/os-release | awk -F= '{print $2}' | tr -d '"') > OS_VERSION_FULL=$(grep "^VERSION=" /etc/os-release | awk -F= '{print $2}' | tr -d '"') >+ ;; >+ "devuan") >+ LINUX_VERSION="Devuan" >+ OS_NAME="Devuan" >+ OS_VERSION=$(grep "^VERSION_ID=" /etc/os-release | awk -F= '{print $2}' | tr -d '"') >+ OS_VERSION_FULL=$(grep "^VERSION=" /etc/os-release | awk -F= '{print $2}' | tr -d '"') > ;; >+ "elementary") >+ LINUX_VERSION="elementary OS" >+ OS_NAME="elementary OS" >+ OS_VERSION=$(grep "^VERSION_ID=" /etc/os-release | awk -F= '{print $2}' | tr -d '"') >+ OS_VERSION_FULL=$(grep "^VERSION=" /etc/os-release | awk -F= '{print $2}' | tr -d '"') >+ ;; >+ "endeavouros") >+ LINUX_VERSION="EndeavourOS" >+ OS_NAME="EndeavourOS" >+ OS_VERSION="Rolling release" >+ OS_VERSION_FULL="Rolling release" >+ ;; > "fedora") > LINUX_VERSION="Fedora" > OS_NAME="Fedora Linux" > OS_REDHAT_OR_CLONE=1 > OS_VERSION=$(grep "^VERSION_ID=" /etc/os-release | awk -F= '{print $2}' | tr -d '"') > ;; >+ "flatcar") >+ LINUX_VERSION="Flatcar" >+ LINUX_VERSION_LIKE="CoreOS" >+ OS_NAME="Flatcar Linux" >+ OS_VERSION=$(grep "^VERSION_ID=" /etc/os-release | awk -F= '{print $2}' | tr -d '"') >+ ;; >+ "funtoo") >+ LINUX_VERSION="Funtoo" >+ OS_FULLNAME="Funtoo Linux" >+ OS_VERSION="Rolling release" >+ ;; >+ "garuda") >+ LINUX_VERSION="Garuda" >+ OS_FULLNAME="Garuda Linux" >+ OS_NAME="Garuda" >+ OS_VERSION="Rolling release" >+ ;; > "gentoo") > LINUX_VERSION="Gentoo" > OS_NAME="Gentoo Linux" > OS_VERSION="Rolling release" > ;; >- "pureos") >- LINUX_VERSION="PureOS" >+ "ipfire") >+ LINUX_VERSION="IPFire" >+ OS_NAME="IPFire" >+ OS_VERSION=$(grep "^VERSION=" /etc/os-release | awk -F= '{print $2}' | tr -d '"') >+ ;; >+ "kali") >+ LINUX_VERSION="Kali" >+ LINUX_VERSION_LIKE="Debian" >+ OS_NAME="Kali Linux" >+ OS_VERSION="Rolling release" >+ ;; >+ "linuxmint") >+ LINUX_VERSION="Linux Mint" >+ LINUX_VERSION_LIKE="Ubuntu" >+ OS_NAME="Linux Mint" > OS_VERSION=$(grep "^VERSION_ID=" /etc/os-release | awk -F= '{print $2}' | tr -d '"') > OS_VERSION_FULL=$(grep "^VERSION=" /etc/os-release | awk -F= '{print $2}' | tr -d '"') >- OS_NAME="PureOS" > ;; >- "manjaro") >+ "mageia") >+ LINUX_VERSION="Mageia" >+ OS_NAME="Mageia" >+ OS_VERSION=$(grep "^VERSION_ID=" /etc/os-release | awk -F= '{print $2}' | tr -d '"') >+ OS_VERSION_FULL=$(grep "^VERSION=" /etc/os-release | awk -F= '{print $2}' | tr -d '"') >+ ;; >+ "manjaro" | "manjaro-arm") > LINUX_VERSION="Manjaro" > OS_FULLNAME="Manjaro Linux" > OS_NAME="Manjaro" > OS_VERSION="Rolling release" > ;; >+ "nethserver") >+ LINUX_VERSION="NethServer" >+ OS_NAME="NethServer" >+ OS_REDHAT_OR_CLONE=1 >+ OS_VERSION=$(grep "^VERSION_ID=" /etc/os-release | awk -F= '{print $2}' | tr -d '"') >+ ;; >+ "nixos") >+ LINUX_VERSION="NixOS" >+ OS_NAME="NixOS" >+ OS_VERSION=$(grep "^VERSION_ID=" /etc/os-release | awk -F= '{print $2}' | tr -d '"') >+ OS_VERSION_FULL=$(grep "^VERSION=" /etc/os-release | awk -F= '{print $2}' | tr -d '"') >+ ;; > "ol") > LINUX_VERSION="Oracle Linux" > OS_NAME="Oracle Linux" >@@ -217,39 +319,97 @@ > OS_VERSION=$(grep "^VERSION_ID=" /etc/os-release | awk -F= '{print $2}' | tr -d '"') > OS_NAME="openSUSE" > ;; >- "ubuntu") >- LINUX_VERSION="Ubuntu" >+ "opensuse-microos") >+ LINUX_VERSION="openSUSE MicroOS" > OS_VERSION=$(grep "^VERSION_ID=" /etc/os-release | awk -F= '{print $2}' | tr -d '"') >+ OS_NAME="openSUSE" >+ ;; >+ "parrot") >+ LINUX_VERSION="Parrot" >+ OS_NAME="Parrot GNU/Linux" >+ OS_VERSION=$(grep "^VERSION_ID=" /etc/os-release | awk -F= '{print $2}' | tr -d '"') >+ OS_VERSION_FULL=$(grep "^PRETTY_NAME=" /etc/os-release | awk -F= '{print $2}' | tr -d '"') >+ ;; >+ "pop") >+ LINUX_VERSION="Pop!_OS" >+ LINUX_VERSION_LIKE="Ubuntu" >+ OS_VERSION=$(grep "^VERSION_ID=" /etc/os-release | awk -F= '{print $2}' | tr -d '"') > OS_VERSION_FULL=$(grep "^VERSION=" /etc/os-release | awk -F= '{print $2}' | tr -d '"') >- OS_NAME="Ubuntu" >+ OS_NAME="Pop!_OS" > ;; >+ "pureos") >+ LINUX_VERSION="PureOS" >+ LINUX_VERSION_LIKE="Debian" >+ OS_VERSION=$(grep "^VERSION_ID=" /etc/os-release | awk -F= '{print $2}' | tr -d '"') >+ OS_VERSION_FULL=$(grep "^VERSION=" /etc/os-release | awk -F= '{print $2}' | tr -d '"') >+ OS_NAME="PureOS" >+ ;; > "raspbian") > LINUX_VERSION="Raspbian" >+ LINUX_VERSION_LIKE="Debian" > OS_VERSION=$(grep "^VERSION_ID=" /etc/os-release | awk -F= '{print $2}' | tr -d '"') > OS_VERSION_FULL=$(grep "^VERSION=" /etc/os-release | awk -F= '{print $2}' | tr -d '"') > OS_NAME="Raspbian" > ;; >- "rhel") >+ "redhat" | "rhel") > LINUX_VERSION="RHEL" >- OS_NAME=$(grep "^PRETTY_NAME=" /etc/os-release | awk -F= '{print $2}' | tr -d '"') >+ OS_NAME="RHEL" > OS_VERSION=$(grep "^VERSION_ID=" /etc/os-release | awk -F= '{print $2}' | tr -d '"') > OS_VERSION_FULL=$(grep "^VERSION=" /etc/os-release | awk -F= '{print $2}' | tr -d '"') > OS_FULLNAME="${OS_NAME} ${OS_VERSION_FULL}" > OS_REDHAT_OR_CLONE=1 > ;; >+ "rocky") >+ LINUX_VERSION="Rocky Linux" >+ OS_NAME="Rocky Linux" >+ OS_REDHAT_OR_CLONE=1 >+ OS_VERSION=$(grep "^VERSION_ID=" /etc/os-release | awk -F= '{print $2}' | tr -d '"') >+ ;; >+ "rosa") >+ LINUX_VERSION="ROSA Linux" >+ OS_VERSION=$(grep "^VERSION_ID=" /etc/os-release | awk -F= '{print $2}' | tr -d '"') >+ OS_VERSION_FULL=$(grep "^VERSION=" /etc/os-release | awk -F= '{print $2}' | tr -d '"') >+ OS_NAME="ROSA Linux" >+ ;; > "slackware") > LINUX_VERSION="Slackware" > OS_NAME="Slackware Linux" > OS_VERSION=$(grep "^VERSION_ID=" /etc/os-release | awk -F= '{print $2}' | tr -d '"') > OS_VERSION_FULL=$(grep "^VERSION=" /etc/os-release | awk -F= '{print $2}' | tr -d '"') > ;; >+ "sles") >+ LINUX_VERSION="SLES" >+ OS_NAME="openSUSE" >+ OS_VERSION=$(grep "^VERSION_ID=" /etc/os-release | awk -F= '{print $2}' | tr -d '"') >+ OS_VERSION_FULL=$(grep "^PRETTY_NAME=" /etc/os-release | awk -F= '{print $2}' | tr -d '"') >+ ;; >+ "ubuntu") >+ LINUX_VERSION="Ubuntu" >+ OS_VERSION=$(grep "^VERSION_ID=" /etc/os-release | awk -F= '{print $2}' | tr -d '"') >+ OS_VERSION_FULL=$(grep "^VERSION=" /etc/os-release | awk -F= '{print $2}' | tr -d '"') >+ OS_NAME="Ubuntu" >+ ;; >+ "void") >+ LINUX_VERSION="Void Linux" >+ OS_VERSION="Rolling release" >+ OS_NAME="Void Linux" >+ ;; >+ "zorin") >+ LINUX_VERSION="Zorin OS" >+ OS_NAME="Zorin OS" >+ OS_VERSION=$(grep "^VERSION_ID=" /etc/os-release | awk -F= '{print $2}' | tr -d '"') >+ OS_VERSION_FULL=$(grep "^VERSION=" /etc/os-release | awk -F= '{print $2}' | tr -d '"') >+ ;; > *) >- ReportException "OS Detection" "Unknown OS found in /etc/os-release" >+ ReportException "OS Detection" "Unknown OS found in /etc/os-release - Please create an issue on GitHub and share the the contents (cat /etc/os-release): ${PROGRAM_SOURCE}" > ;; > esac > fi > fi > >+ # Alpine >+ if [ -e "/etc/alpine-release" ]; then LINUX_VERSION="Alpine Linux"; OS_VERSION=$(cat /etc/alpine-release); fi >+ > # Amazon > if [ -z "${LINUX_VERSION}" -a -e "/etc/system-release" ]; then > FIND=$(grep "^Amazon" /etc/system-release) >@@ -281,31 +441,32 @@ > # CPUBuilders Linux > if [ -e "/etc/cpub-release" ]; then OS_FULLNAME=$(cat /etc/cpub-release); fi > >- # Debian/Ubuntu (***) - Set first to Debian >- if [ -e "/etc/debian_version" ]; then >+ if [ -z "${LINUX_VERSION}" ] && [ -e "/etc/debian_version" ]; then >+ # Debian/Ubuntu (***) - Set first to Debian > OS_VERSION=$(cat /etc/debian_version) > OS_FULLNAME="Debian ${OS_VERSION}" > LINUX_VERSION="Debian" >- fi > >- # /etc/lsb-release does not exist on Debian >- if [ -e "/etc/debian_version" -a -e /etc/lsb-release ]; then >- OS_VERSION=$(cat /etc/debian_version) >- FIND=$(grep "^DISTRIB_ID=" /etc/lsb-release | cut -d '=' -f2 | sed 's/"//g') >- if [ "${FIND}" = "Ubuntu" ]; then >- OS_VERSION=$(grep "^DISTRIB_RELEASE=" /etc/lsb-release | cut -d '=' -f2) >- OS_FULLNAME="Ubuntu ${OS_VERSION}" >- LINUX_VERSION="Ubuntu" >- elif [ "${FIND}" = "elementary OS" ]; then >- LINUX_VERSION="elementary OS" >- OS_VERSION=$(grep "^DISTRIB_RELEASE=" /etc/lsb-release | cut -d '=' -f2) >- OS_FULLNAME=$(grep "^DISTRIB_DESCRIPTION=" /etc/lsb-release | cut -d '=' -f2 | sed 's/"//g') >- else >- # Catch all, in case it's unclear what specific release this is. >- OS_FULLNAME="Debian ${OS_VERSION}" >- LINUX_VERSION="Debian" >+ # /etc/lsb-release does not exist on Debian >+ if [ -e /etc/lsb-release ]; then >+ OS_VERSION=$(cat /etc/debian_version) >+ FIND=$(grep "^DISTRIB_ID=" /etc/lsb-release | cut -d '=' -f2 | sed 's/"//g') >+ if [ "${FIND}" = "Ubuntu" ]; then >+ OS_VERSION=$(grep "^DISTRIB_RELEASE=" /etc/lsb-release | cut -d '=' -f2) >+ OS_FULLNAME="Ubuntu ${OS_VERSION}" >+ LINUX_VERSION="Ubuntu" >+ elif [ "${FIND}" = "elementary OS" ]; then >+ LINUX_VERSION="elementary OS" >+ LINUX_VERSION_LIKE="Ubuntu" >+ OS_VERSION=$(grep "^DISTRIB_RELEASE=" /etc/lsb-release | cut -d '=' -f2) >+ OS_FULLNAME=$(grep "^DISTRIB_DESCRIPTION=" /etc/lsb-release | cut -d '=' -f2 | sed 's/"//g') >+ else >+ # Catch all, in case it's unclear what specific release this is. >+ OS_FULLNAME="Debian ${OS_VERSION}" >+ LINUX_VERSION="Debian" >+ fi >+ # Ubuntu test (optional) $(grep "[Uu]buntu" /proc/version) > fi >- # Ubuntu test (optional) $(grep "[Uu]buntu" /proc/version) > fi > > # Override for Linux Mint, as that is initially detected as Debian or Ubuntu >@@ -313,6 +474,8 @@ > FIND=$(lsb_release --id | awk -F: '{ print $2 }' | awk '{ print $1 }') > if [ "${FIND}" = "LinuxMint" ]; then > LINUX_VERSION="Linux Mint" >+ # LMDE (Linux Mint Debian Edition) should be detected as Debian >+ LINUX_VERSION_LIKE="Ubuntu" > OS_VERSION=$(lsb_release --release | awk '{ print $2 }') > OS_FULLNAME="Linux Mint ${OS_VERSION}" > fi >@@ -351,13 +514,6 @@ > LINUX_VERSION="Fedora" > fi > >- # Mageia (has also /etc/megaia-release) >- FIND=$(grep "Mageia" /etc/redhat-release) >- if [ ! "${FIND}" = "" ]; then >- OS_FULLNAME=$(grep "^Mageia" /etc/redhat-release) >- OS_VERSION=$(grep "^Mageia" /etc/redhat-release | awk '{ if ($2=="release") { print $3 } }') >- LINUX_VERSION="Mageia" >- fi > > # Oracle Enterprise Linux > FIND=$(grep "Enterprise Linux Enterprise Linux Server" /etc/redhat-release) >@@ -495,12 +651,89 @@ > SYSCTL_READKEY="" > ;; > >- # Solaris / OpenSolaris >+ # Solaris / OpenSolaris / Ilumos ... > SunOS) > OS="Solaris" >- OS_NAME="Sun Solaris" >- OS_FULLNAME=$(uname -s -r) >- OS_VERSION=$(uname -r) >+ OS_KERNELVERSION=$(uname -v) >+ OPENSOLARIS=0 >+ >+ if [ -f /etc/os-release ]; then >+ OS_ID=$(grep "^ID=" /etc/os-release | awk -F= '{print $2}' | tr -d '"') >+ OS_VERSION=$(grep "^VERSION=" /etc/os-release | awk -F= '{print $2}' | tr -d '"') >+ OS_FULLNAME=$(awk -F= '/^PRETTY_NAME=/ {print substr($2,2,length($2)-2)}' /etc/os-release) >+ case "${OS_ID}" in >+ "solaris") >+ OS_NAME="Oracle Solaris" >+ ;; >+ "omnios") >+ OS_NAME="OmniOS" >+ OPENSOLARIS=1 >+ ;; >+ "tribblix") >+ OS_NAME="Tribblix" >+ OS_FULLNAME="Tribblix ${OS_VERSION}" >+ OPENSOLARIS=1 >+ ;; >+ "*") >+ ReportException "OS Detection" "Unknown OS found in /etc/os-release - Please create issue on GitHub project page: ${PROGRAM_SOURCE}" >+ ;; >+ esac >+ elif [ "$(uname -o 2> /dev/null)" = "illumos" ]; then >+ OPENSOLARIS=1 >+ >+ # Solaris has a free form text file with release information >+ if grep "OpenIndiana" /etc/release > /dev/null; then >+ OS_NAME="OpenIndiana" >+ if grep "Hipster" /etc/release > /dev/null; then >+ OS_VERSION="$(tr ' ' '\n' < /etc/release | grep '[[:digit:]]\.[[:digit:]]')" >+ OS_FULLNAME="OpenIndiana Hipster $OS_VERSION" >+ else >+ OS_VERSION="Unknown" >+ OS_FULLNAME="OpenIndiana (unknown edition)" >+ fi >+ elif grep "OmniOS" /etc/release > /dev/null; then >+ OS_NAME="OmniOS" >+ OS_VERSION="$(tr ' ' '\n' < /etc/release | grep 'r[[:digit:]]')" >+ if grep "Community Edition" /etc/release > /dev/null; then >+ OS_FULLNAME="OmniOS Community Edition v11 $OS_VERSION" >+ fi >+ elif grep "SmartOS" /etc/release > /dev/null; then >+ OS_NAME="SmartOS" >+ OS_VERSION="-" >+ OS_FULLNAME="SmartOS" >+ else >+ OS_NAME="Unknown Illumos" >+ fi >+ elif grep "SchilliX" /etc/release > /dev/null; then >+ OS_NAME="SchilliX" >+ OS_FULLNAME="$(head -n 1 /etc/release | xargs)" >+ OS_VERSION="$(echo "$OS_FULLNAME" | cut -d '-' -f 2)" >+ >+ OPENSOLARIS=1 >+ elif head -n 1 < /etc/release | grep "Oracle Solaris" > /dev/null; then >+ OS_NAME="Oracle Solaris" >+ OS_FULLNAME="$(head -n 1 /etc/release | xargs)" >+ OS_VERSION="$(head -n 1 < /etc/release | xargs | cut -d ' ' -f 3)" >+ elif head -n 1 < /etc/release | xargs | grep "^Solaris " > /dev/null; then >+ OS_NAME="Sun Solaris" >+ # Example of /etc/release: >+ # Solaris 10 5/08 >+ # ... >+ # Solaris 10 10/09 (Update 8) >+ # The first line does not contain the "Update" number, >+ # only if present. >+ if tail -1 < /etc/release | xargs | grep "^Solaris " > /dev/null; then >+ OS_FULLNAME=$(tail -1 < /etc/release | xargs) >+ else >+ OS_FULLNAME=$(head -1 < /etc/release | xargs) >+ fi >+ OS_VERSION=$(echo "$OS_FULLNAME" | cut -d ' ' -f 2,3) >+ else # Old behaviour >+ OS_NAME="Sun Solaris" >+ OS_FULLNAME=$(uname -s -r) >+ OS_VERSION=$(uname -r) >+ fi >+ > HARDWARE=$(uname -m) > if [ -x /usr/bin/isainfo ]; then > # Returns 32, 64 >diff -ur lynis-3.0.0/include/parameters lynis-3.0.8/include/parameters >--- lynis-3.0.0/include/parameters 2020-06-18 03:00:00 >+++ lynis-3.0.8/include/parameters 2022-05-17 03:00:00 >@@ -6,7 +6,7 @@ > # ------------------ > # > # Copyright 2007-2013, Michael Boelen >-# Copyright 2007-2020, CISOfy >+# Copyright 2007-2021, CISOfy > # > # Website : https://cisofy.com > # Blog : http://linux-audit.com >@@ -421,6 +421,23 @@ > --warnings-only | --show-warnings-only) > SHOW_WARNINGS_ONLY=1 > QUIET=1 >+ ;; >+ >+ # Warning when test is slow >+ --slow-warning) >+ if [ $# -gt 1 ]; then >+ shift >+ >+ if [ "$1" -gt 0 ] 2>/dev/null; then >+ SLOW_TEST_THRESHOLD="$1" >+ else >+ echo "Argument has to be number." >+ exit 1 >+ fi >+ else >+ echo "Specify threshold as number of seconds above which should Lynis warn about long test." >+ exit 1 >+ fi > ;; > > --tests-category | --tests-categories | --view-categories | --list-categories | --show-categories) >diff -ur lynis-3.0.0/include/profiles lynis-3.0.8/include/profiles >--- lynis-3.0.0/include/profiles 2020-06-18 03:00:00 >+++ lynis-3.0.8/include/profiles 2022-05-17 03:00:00 >@@ -6,7 +6,7 @@ > # ------------------ > # > # Copyright 2007-2013, Michael Boelen >-# Copyright 2007-2020, CISOfy >+# Copyright 2007-2021, CISOfy > # > # Website : https://cisofy.com > # Blog : http://linux-audit.com >@@ -35,7 +35,7 @@ > > # Show deprecation message for old config entries such as 'config:' and 'apache:' > FOUND=0 >- DATA=$(grep -E "^[a-z-]{1,}:" ${PROFILE} | od -An -ta | sed 's/ /!space!/g') # od -An (no file offset), -ta (named character, to be on safe side) >+ DATA=$(grep -E "^[a-z-]{1,}:" ${PROFILE}) > if ! IsEmpty "${DATA}"; then FOUND=1; fi > > if [ ${FOUND} -eq 1 ]; then >@@ -50,17 +50,17 @@ > Display --text " " > Display --text "==================================================================================================" > Display --text " " >+ LogText "Insight: Profile '${PROFILE}' contains one or more old-style configuration entries" > ReportWarning "GEN-0020" "Your profile contains one or more old-style configuration entries" > sleep 10 > fi > > # Security check for unexpected and possibly harmful escape characters (hyphen should be listed as first or last character) >- DATA=$(grep -Ev '^$|^ |^#|^config:' "${PROFILE}" | tr -d '[:alnum:]/\[\]\(\)_\|,\.:;= \n\r-' | od -An -ta | sed 's/ /!space!/g') >+ DATA=$(grep -Ev '^$|^ |^#|^config:' "${PROFILE}" | tr -d '[:alnum:]/\[\]\(\)_\|,\.:;= \n\r-') > if ! IsEmpty "${DATA}"; then > DisplayWarning "Your profile '${PROFILE}' contains unexpected characters. See the log file for more information." > LogText "Found unexpected or possibly harmful characters in profile '${PROFILE}'. See which characters matched in the output below and compare them with your profile." >- for I in ${DATA}; do >- I=$(echo ${I} | sed 's/!space!/ /g') >+ for I in $(printf ${DATA} | od -An -ta); do > LogText "Output: ${I}" > done > LogText "Suggestion: comment incorrect lines with a '#' and try again. Open a GitHub issue if valid characters are blocked" >@@ -556,7 +556,6 @@ > > Display --indent 2 --text "- Checking profiles..." --result "DONE" --color GREEN > >-LogTextBreak > > #================================================================================ > # Lynis - Security Auditing and System Hardening for Linux and UNIX - https://cisofy.com >diff -ur lynis-3.0.0/include/report lynis-3.0.8/include/report >--- lynis-3.0.0/include/report 2020-06-18 03:00:00 >+++ lynis-3.0.8/include/report 2022-05-17 03:00:00 >@@ -6,7 +6,7 @@ > # ------------------ > # > # Copyright 2007-2013, Michael Boelen >-# Copyright 2007-2020, CISOfy >+# Copyright 2007-2021, CISOfy > # > # Website : https://cisofy.com > # Blog : http://linux-audit.com >@@ -151,14 +151,14 @@ > fi > > # Show suggestions from logfile >- SSUGGESTIONS=$(${GREPBINARY} 'Suggestion: ' ${LOGFILE} | sed 's/ /!space!/g') >+ SUGGESTIONS=$(${GREPBINARY} 'Suggestion: ' ${LOGFILE} | sed 's/ /!space!/g') > >- if [ -z "${SSUGGESTIONS}" ]; then >+ if [ -z "${SUGGESTIONS}" ]; then > echo " ${OK}No suggestions${NORMAL}"; echo "" > else > echo " ${YELLOW}Suggestions${NORMAL} (${TOTAL_SUGGESTIONS}):" > echo " ${WHITE}----------------------------${NORMAL}" >- for SUGGESTION in ${SSUGGESTIONS}; do >+ for SUGGESTION in ${SUGGESTIONS}; do > SOLUTION="" > SHOWSUGGESTION=$(echo ${SUGGESTION} | sed 's/!space!/ /g' | sed 's/^.* Suggestion: //' | sed 's/\[details:\(.*\)\] \[solution:\(.*\)\]//' | sed 's/test://') > ADDLINK=$(echo ${SUGGESTION} | sed 's/!space!/ /g' | sed 's/^.* Suggestion: \(.*\)\[test://' | sed 's/\]\(.*\)]//' | ${AWKBINARY} -F: '{print $1}') >@@ -183,7 +183,7 @@ > done > fi > # Show tip on how to continue (next steps) >- if [ ! "${SWARNINGS}" = "" -o ! "${SSUGGESTIONS}" = "" ]; then >+ if [ ! "${SWARNINGS}" = "" -o ! "${SUGGESTIONS}" = "" ]; then > echo " ${CYAN}Follow-up${NORMAL}:" > echo " ${WHITE}----------------------------${NORMAL}" > echo " ${WHITE}-${NORMAL} Show details of a test (lynis show details TEST-ID)" >diff -ur lynis-3.0.0/include/tests_accounting lynis-3.0.8/include/tests_accounting >--- lynis-3.0.0/include/tests_accounting 2020-06-18 03:00:00 >+++ lynis-3.0.8/include/tests_accounting 2022-05-17 03:00:00 >@@ -6,7 +6,7 @@ > # ------------------ > # > # Copyright 2007-2013, Michael Boelen >-# Copyright 2007-2020, CISOfy >+# Copyright 2007-2021, CISOfy > # > # Website : https://cisofy.com > # Blog : http://linux-audit.com >@@ -18,13 +18,16 @@ > # > ################################################################################# > # >- InsertSection "Accounting" >+ InsertSection "${SECTION_ACCOUNTING}" > # > ################################################################################# > # > AUDITD_CONF_LOCS="${ROOTDIR}etc ${ROOTDIR}etc/audit" > AUDITD_CONF_FILE="" >+ CMD_CONF_LOCS="${ROOTDIR}etc ${ROOTDIR}etc/cmd" >+ CMD_CONF_FILE="" > LINUX_AUDITD_RUNNING=0 >+ LINUX_CMD_RUNNING=0 > AUDIT_DAEMON_RUNNING=0 > SOLARIS_AUDITD_RUNNING=0 > # >@@ -88,7 +91,7 @@ > AddHP 3 3 > else > Display --indent 2 --text "- Checking accounting information" --result "${STATUS_NOT_FOUND}" --color YELLOW >- LogText "Result: No accounting information available (${ROOTDIR}var/account/pacct, ${ROOTDIR}var/log/account/pact nor ${ROOTDIR}var/log/pact exist)" >+ LogText "Result: No accounting information available (${ROOTDIR}var/account/pacct, ${ROOTDIR}var/log/account/pacct nor ${ROOTDIR}var/log/pacct exist)" > LogText "Remark: Possibly there is another location where the accounting data is stored" > ReportSuggestion "${TEST_NO}" "Enable process accounting" > AddHP 2 3 >@@ -123,8 +126,19 @@ > Display --indent 2 --text "- Checking sysstat accounting data" --result "${STATUS_DISABLED}" --color WHITE > ReportSuggestion "${TEST_NO}" "Enable sysstat to collect accounting (cron disabled)" > fi >+ elif [ -f "${ROOTDIR}lib/systemd/system/sysstat.service" ] || [ -f "${ROOTDIR}etc/systemd/system/sysstat.service" ]; then >+ LogText "Result: sysstat systemd unit found" >+ if [ -L "${ROOTDIR}etc/systemd/system/multi-user.target.wants/sysstat.service" ]; then >+ # Assuming -collect.timer and -summary.timer are enabled as well, >+ # as they are usually in the install section. >+ LogText "Result: sysstat enabled via systemd" >+ Display --indent 2 --text "- Checking sysstat accounting data" --result "${STATUS_ENABLED}" --color GREEN >+ else >+ LogText "Result: sysstat disabled via systemd" >+ Display --indent 2 --text "- Checking sysstat accounting data" --result "${STATUS_DISABLED}" --color WHITE >+ fi > else >- LogText "Result: sysstat not found via ${ROOTDIR}etc/default/sysstat or ${ROOTDIR}etc/cron.d/sysstat" >+ LogText "Result: sysstat not found via ${ROOTDIR}etc/default/sysstat or ${ROOTDIR}etc/cron.d/sysstat or as a systemd unit" > Display --indent 2 --text "- Checking sysstat accounting data" --result "${STATUS_NOT_FOUND}" --color YELLOW > ReportSuggestion "${TEST_NO}" "Enable sysstat to collect accounting (no results)" > fi >@@ -404,6 +418,59 @@ > # > ################################################################################# > # >+ # Test : ACCT-9670 >+ # Description : Check cmd status >+ if [ -n "${CMDBINARY}" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi >+ Register --test-no ACCT-9670 --os Linux --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check for cmd" >+ if [ ${SKIPTEST} -eq 0 ]; then >+ LogText "Test: Check cmd status" >+ if IsRunning "cmd_daemon"; then >+ LogText "Result: cmd running" >+ Display --indent 2 --text "- Checking cmd" --result "${STATUS_ENABLED}" --color GREEN >+ LINUX_CMD_RUNNING=1 >+ AUDIT_DAEMON_RUNNING=1 >+ Report "audit_trail_tool[]=cmd" >+ Report "linux_cmd_running=1" >+ AddHP 4 4 >+ else >+ LogText "Result: cmd not active" >+ Display --indent 2 --text "- Checking cmd" --result "${STATUS_NOT_FOUND}" --color WHITE >+ if [ ! "${VMTYPE}" = "openvz" ]; then >+ ReportSuggestion "${TEST_NO}" "Install cmd to collect audit information" >+ fi >+ AddHP 0 1 >+ Report "linux_cmd_running=0" >+ fi >+ fi >+# >+################################################################################# >+# >+ # Test : ACCT-9672 >+ # Description : Check cmd configuration file >+ if [ -n "${CMDBINARY}" -a ${LINUX_CMD_RUNNING} -eq 1 ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi >+ Register --test-no ACCT-9672 --os Linux --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check for cmd configuration file" >+ if [ ${SKIPTEST} -eq 0 ]; then >+ LogText "Test: Checking cmd configuration file" >+ for DIR in ${CMD_CONF_LOCS}; do >+ if [ -f ${DIR}/config.ini ]; then >+ CMD_CONF_FILE="${DIR}/config.ini" >+ LogText "Result: Found ${DIR}/config.ini" >+ else >+ LogText "Result: ${DIR}/config.ini not found" >+ fi >+ done >+ # Check if we discovered the configuration file. It should be there is the binaries are available and process is running >+ if [ -n "${CMD_CONF_FILE}" ]; then >+ Display --indent 4 --text "- Checking cmd configuration file" --result "${STATUS_OK}" --color GREEN >+ else >+ LogText "Result: could not find cmd configuration file" >+ Display --indent 4 --text "- Checking cmd configuration file" --result "${STATUS_FOUND}" --color RED >+ ReportSuggestion "${TEST_NO}" "Determine the location of cmd configuration file" >+ fi >+ fi >+# >+################################################################################# >+# > Report "audit_daemon_running=${AUDIT_DAEMON_RUNNING}" > # > ################################################################################# >@@ -413,4 +480,4 @@ > > # > #================================================================================ >-# Lynis - Copyright 2007-2020, Michael Boelen / CISOfy - https://cisofy.com >+# Lynis - Copyright 2007-2021, Michael Boelen / CISOfy - https://cisofy.com >diff -ur lynis-3.0.0/include/tests_authentication lynis-3.0.8/include/tests_authentication >--- lynis-3.0.0/include/tests_authentication 2020-06-18 03:00:00 >+++ lynis-3.0.8/include/tests_authentication 2022-05-17 03:00:00 >@@ -6,7 +6,7 @@ > # ------------------ > # > # Copyright 2007-2013, Michael Boelen >-# Copyright 2007-2020, CISOfy >+# Copyright 2007-2021, CISOfy > # > # Website : https://cisofy.com > # Blog : http://linux-audit.com >@@ -25,13 +25,13 @@ > LDAP_AUTH_ENABLED=0 > LDAP_PAM_ENABLED=0 > LDAP_CONF_LOCATIONS="${ROOTDIR}etc/ldap.conf ${ROOTDIR}etc/ldap/ldap.conf ${ROOTDIR}etc/openldap/ldap.conf ${ROOTDIR}usr/local/etc/ldap.conf ${ROOTDIR}usr/local/etc/openldap/ldap.conf" >- PAM_FILE_LOCATIONS="${ROOTDIR}lib/arm-linux-gnueabihf/security ${ROOTDIR}lib/i386-linux-gnu/security ${ROOTDIR}lib/security ${ROOTDIR}lib/x86_64-linux-gnu/security ${ROOTDIR}lib64/security ${ROOTDIR}usr/lib /usr/lib/security" >+ PAM_FILE_LOCATIONS="${ROOTDIR}usr/lib/aarch64-linux-gnu/security ${ROOTDIR}lib/arm-linux-gnueabihf/security ${ROOTDIR}lib/i386-linux-gnu/security ${ROOTDIR}lib/security ${ROOTDIR}lib/x86_64-linux-gnu/security ${ROOTDIR}lib64/security ${ROOTDIR}usr/lib /usr/lib/security" > SUDOERS_LOCATIONS="${ROOTDIR}etc/sudoers ${ROOTDIR}usr/local/etc/sudoers ${ROOTDIR}usr/pkg/etc/sudoers" > SUDOERS_FILE="" > # > ################################################################################# > # >- InsertSection "Users, Groups and Authentication" >+ InsertSection "${SECTION_USERS_GROUPS_AND_AUTHENTICATION}" > > # Test : AUTH-9204 > # Description : Check users with UID zero (0) >@@ -286,50 +286,56 @@ > # Description : Check password hashing methods vs. recommendations in crypt(5) > # Notes : Applicable to all Unix-like OS > # Requires read access to /etc/shadow (if it exists) >+ >+ ParsePasswordEntry() { >+ METHOD=$1 >+ case ${METHOD} in >+ 1:\* | 1:x | 0: | *:!* | *LOCK*) >+ # disabled | shadowed | no password | locked account (can be literal *LOCK* or something like LOCKED) >+ ;; >+ *:\$5\$*| *:\$6\$*) >+ # sha256crypt | sha512crypt: check number of rounds, should be >=5000 >+ ROUNDS=$(echo "${METHOD}" | sed -n 's/.*rounds=\([0-9]*\)\$.*/\1/gp') >+ if [ -z "${ROUNDS}" ]; then >+ echo 'sha256crypt/sha512crypt(default=5000rounds)' >+ elif [ "${ROUNDS}" -lt 5000 ]; then >+ echo 'sha256crypt/sha512crypt(<5000rounds)' >+ fi >+ ;; >+ *:\$y\$* | *:\$gy\$* | *:\$2b\$* | *:\$7\$*) >+ # yescrypt | gost-yescrypt | bcrypt | scrypt >+ ;; >+ *:_*) >+ echo bsdicrypt >+ ;; >+ *:\$1\$*) >+ echo md5crypt >+ ;; >+ *:\$3\$*) >+ echo NT >+ ;; >+ *:\$md5*) >+ echo SunMD5 >+ ;; >+ *:\$sha1*) >+ echo sha1crypt >+ ;; >+ 13:* | 178:*) >+ echo bigcrypt/descrypt >+ ;; >+ *) >+ echo "Unknown password hashing method ${METHOD}. Please report to lynis-dev@cisofy.com" >+ ;; >+ esac >+ } >+ > Register --test-no AUTH-9229 --root-only YES --weight L --network NO --category security --description "Check password hashing methods" > if [ ${SKIPTEST} -eq 0 ]; then > LogText "Test: Checking password hashing methods" > SHADOW=""; > if [ -e ${ROOTDIR}etc/shadow ]; then SHADOW="${ROOTDIR}etc/shadow"; fi > FIND=$(${CAT_BINARY} ${ROOTDIR}etc/passwd ${SHADOW} | ${AWKBINARY} -F : '{print length($2) ":" $2 }' | while read METHOD; do >- case ${METHOD} in >- 1:\* | 1:x | 0: | *:!*) >- # disabled | shadowed | no password | locked account >- ;; >- *:\$5\$*| *:\$6\$*) >- # sha256crypt | sha512crypt: check number of rounds, should be >5000 >- ROUNDS=$(echo "${METHOD}" | sed -n 's/.*rounds=\([0-9]*\)\$.*/\1/gp') >- if [ -z "${ROUNDS}" ]; then >- echo 'sha256crypt/sha512crypt(default<=5000rounds)' >- elif [ "${ROUNDS}" -le 5000 ]; then >- echo 'sha256crypt/sha512crypt(<=5000rounds)' >- fi >- ;; >- *:\$y\$* | *:\$gy\$* | *:\$2b\$* | *:\$7\$*) >- # yescrypt | gost-yescrypt | bcrypt | scrypt >- ;; >- *:_*) >- echo bsdicrypt >- ;; >- *:\$1\$*) >- echo md5crypt >- ;; >- *:\$3\$*) >- echo NT >- ;; >- *:\$md5*) >- echo SunMD5 >- ;; >- *:\$sha1*) >- echo sha1crypt >- ;; >- 13:* | 178:*) >- echo bigcrypt/descrypt >- ;; >- *) >- echo "Unknown password hashing method ${METHOD}. Please report to lynis-dev@cisofy.com" >- ;; >- esac >+ ParsePasswordEntry ${METHOD} > done | ${SORTBINARY} -u | ${TRBINARY} '\n' ' ') > if [ -z "${FIND}" ]; then > Display --indent 2 --text "- Password hashing methods" --result "${STATUS_OK}" --color GREEN >@@ -346,51 +352,51 @@ > ################################################################################# > # > # Test : AUTH-9230 >- # Description : Check group password hashing rounds in login.defs >+ # Description : Check password hashing rounds in login.defs > # Notes : Applicable to all Unix-like OS > PREQS_MET="NO" > if [ -f ${ROOTDIR}etc/login.defs ]; then > PREQS_MET="YES" > fi >- Register --test-no AUTH-9230 --preqs-met ${PREQS_MET} --root-only NO --weight L --network NO --category security --description "Check group password hashing rounds" >+ Register --test-no AUTH-9230 --preqs-met ${PREQS_MET} --root-only NO --weight L --network NO --category security --description "Check password hashing rounds" > if [ ${SKIPTEST} -eq 0 ]; then >- LogText "Test: Checking SHA_CRYPT_MIN_ROUNDS option in ${ROOTDIR}etc/login.defs" >- FIND=$(${GREPBINARY} "^SHA_CRYPT_MIN_ROUNDS" ${ROOTDIR}etc/login.defs | ${AWKBINARY} '{ if ($1=="SHA_CRYPT_MIN_ROUNDS") { print $2 } }') >- if [ -z "${FIND}" -o "${FIND}" = "0" ]; then >- LogText "Result: number of minimum rounds used by the encryption algorithm is not configured" >- Display --indent 2 --text "- Checking minimum group password hashing rounds" --result "${STATUS_DISABLED}" --color YELLOW >- ReportSuggestion "${TEST_NO}" "Configure minimum encryption algorithm rounds in /etc/login.defs" >- AddHP 0 2 >- elif [ "${FIND}" -lt 5000 ]; then >- LogText "Result: low number of minimum encryption algorithm rounds found: ${FIND}" >- PASSWORD_MINIMUM_ROUNDS=${FIND} >- Display --indent 2 --text "- Group password hashing rounds (minimum)" --result "${STATUS_SUGGESTION}" --color YELLOW >- AddHP 1 2 >+ SHA_CRYPT_MIN_ROUNDS_FIND=$(${GREPBINARY} "^SHA_CRYPT_MIN_ROUNDS" ${ROOTDIR}etc/login.defs | ${AWKBINARY} '{ if ($1=="SHA_CRYPT_MIN_ROUNDS") { print $2 } }') >+ SHA_CRYPT_MAX_ROUNDS_FIND=$(${GREPBINARY} "^SHA_CRYPT_MAX_ROUNDS" ${ROOTDIR}etc/login.defs | ${AWKBINARY} '{ if ($1=="SHA_CRYPT_MAX_ROUNDS") { print $2 } }') >+ SHA_CRYPT_ROUNDS=0 >+ >+ if [ -n "${SHA_CRYPT_MIN_ROUNDS_FIND}" -a -n "${SHA_CRYPT_MAX_ROUNDS_FIND}" ]; then >+ if [ ${SHA_CRYPT_MIN_ROUNDS_FIND} -lt ${SHA_CRYPT_MAX_ROUNDS_FIND} ]; then >+ SHA_CRYPT_ROUNDS=${SHA_CRYPT_MIN_ROUNDS_FIND} >+ else >+ SHA_CRYPT_ROUNDS=${SHA_CRYPT_MAX_ROUNDS_FIND} >+ fi >+ elif [ -z "${SHA_CRYPT_MIN_ROUNDS_FIND}" -a -n "${SHA_CRYPT_MAX_ROUNDS_FIND}" ]; then >+ SHA_CRYPT_ROUNDS=${SHA_CRYPT_MAX_ROUNDS_FIND} >+ elif [ -n "${SHA_CRYPT_MIN_ROUNDS_FIND}" -a -z "${SHA_CRYPT_MAX_ROUNDS_FIND}" ]; then >+ SHA_CRYPT_ROUNDS=${SHA_CRYPT_MIN_ROUNDS_FIND} > else >- LogText "Result: number of encryption algorithm rounds is ${FIND}" >- PASSWORD_MINIMUM_ROUNDS=${FIND} >- Display --indent 2 --text "- Group password hashing rounds (minimum)" --result CONFIGURED --color GREEN >- AddHP 2 2 >+ SHA_CRYPT_ROUNDS=0 > fi > >- LogText "Test: Checking SHA_CRYPT_MAX_ROUNDS option in ${ROOTDIR}etc/login.defs" >- FIND=$(${GREPBINARY} "^SHA_CRYPT_MAX_ROUNDS" ${ROOTDIR}etc/login.defs | ${AWKBINARY} '{ if ($1=="SHA_CRYPT_MAX_ROUNDS") { print $2 } }') >- if [ -z "${FIND}" -o "${FIND}" = "0" ]; then >- LogText "Result: number of maximum rounds used by the encryption algorithm is not configured" >- Display --indent 2 --text "- Checking maximum group password hashing rounds" --result "${STATUS_DISABLED}" --color YELLOW >- ReportSuggestion "${TEST_NO}" "Configure maximum encryption algorithm rounds in /etc/login.defs" >+ LogText "Test: Checking SHA_CRYPT_{MIN,MAX}_ROUNDS option in ${ROOTDIR}etc/login.defs" >+ if [ ${SHA_CRYPT_ROUNDS} -eq 0 ]; then >+ LogText "Result: number of password hashing rounds is not configured" >+ Display --indent 2 --text "- Checking password hashing rounds" --result "${STATUS_DISABLED}" --color YELLOW >+ ReportSuggestion "${TEST_NO}" "Configure password hashing rounds in /etc/login.defs" > AddHP 0 2 >- elif [ "${FIND}" -lt 10000 ]; then >- LogText "Result: low number of maximum encryption algorithm rounds found: ${FIND}" >- PASSWORD_MINIMUM_ROUNDS=${FIND} >- Display --indent 2 --text "- Group password hashing rounds (maximum)" --result "${STATUS_SUGGESTION}" --color YELLOW >- AddHP 1 2 >- else >- LogText "Result: number of encryption algorithm rounds is ${FIND}" >- PASSWORD_MINIMUM_ROUNDS=${FIND} >- Display --indent 2 --text "- Group password hashing rounds (maximum)" --result CONFIGURED --color GREEN >- AddHP 2 2 > fi >+ >+ if [ -n "${SHA_CRYPT_ROUNDS}" ] && [ ${SHA_CRYPT_ROUNDS} -gt 0 ]; then >+ if [ ${SHA_CRYPT_ROUNDS} -lt 5000 ]; then >+ LogText "Result: low number of password hashing rounds found: ${SHA_CRYPT_ROUNDS}" >+ Display --indent 2 --text "- Password hashing rounds (minimum)" --result "${STATUS_SUGGESTION}" --color YELLOW >+ AddHP 1 2 >+ else >+ LogText "Result: number of password hashing rounds is ${SHA_CRYPT_ROUNDS}" >+ Display --indent 2 --text "- Password hashing rounds (minimum)" --result CONFIGURED --color GREEN >+ AddHP 2 2 >+ fi >+ fi > fi > # > ################################################################################# >@@ -496,7 +502,7 @@ > FIND=$(${EGREPBINARY} "^passwd" /etc/nsswitch.conf | ${EGREPBINARY} "compat|nisplus") > if [ -z "${FIND}" ]; then > LogText "Result: NIS+ authentication not enabled" >- Display --indent 2 --text "- NIS+ authentication support" --result "NOT ENABLED" --color WHITE >+ Display --indent 2 --text "- NIS+ authentication support" --result "${STATUS_NOT_ENABLED}" --color WHITE > else > FIND2=$(${EGREPBINARY} "^passwd_compat" ${ROOTDIR}etc/nsswitch.conf | ${GREPBINARY} "nisplus") > FIND3=$(${EGREPBINARY} "^passwd" ${ROOTDIR}etc/nsswitch.conf | ${GREPBINARY} "nisplus") >@@ -505,7 +511,7 @@ > Display --indent 2 --text "- NIS+ authentication support" --result "${STATUS_ENABLED}" --color GREEN > else > LogText "Result: NIS+ authentication not enabled" >- Display --indent 2 --text "- NIS+ authentication support" --result "NOT ENABLED" --color WHITE >+ Display --indent 2 --text "- NIS+ authentication support" --result "${STATUS_NOT_ENABLED}" --color WHITE > fi > fi > else >@@ -523,7 +529,7 @@ > FIND=$(${EGREPBINARY} "^passwd" /etc/nsswitch.conf | ${EGREPBINARY} "compat|nis" | ${GREPBINARY} -v "nisplus") > if [ -z "${FIND}" ]; then > LogText "Result: NIS authentication not enabled" >- Display --indent 2 --text "- NIS authentication support" --result "NOT ENABLED" --color WHITE >+ Display --indent 2 --text "- NIS authentication support" --result "${STATUS_NOT_ENABLED}" --color WHITE > else > FIND2=$(${EGREPBINARY} "^passwd_compat" /etc/nsswitch.conf | ${GREPBINARY} "nis" | ${GREPBINARY} -v "nisplus") > FIND3=$(${EGREPBINARY} "^passwd" /etc/nsswitch.conf | ${GREPBINARY} "nis" | ${GREPBINARY} -v "nisplus") >@@ -532,7 +538,7 @@ > Display --indent 2 --text "- NIS authentication support" --result "${STATUS_ENABLED}" --color GREEN > else > LogText "Result: NIS authentication not enabled" >- Display --indent 2 --text "- NIS authentication support" --result "NOT ENABLED" --color WHITE >+ Display --indent 2 --text "- NIS authentication support" --result "${STATUS_NOT_ENABLED}" --color WHITE > fi > fi > else >@@ -601,7 +607,7 @@ > Display --indent 4 --text "- Permissions for directory: ${SUDOERS_D}" --result "${STATUS_WARNING}" --color RED > ;; > esac >- SUDO_CONFIG_FILES="${SUDO_CONFIG_FILES} $(${FINDBINARY} ${SUDOERS_D} -type f -print)" >+ SUDO_CONFIG_FILES="${SUDO_CONFIG_FILES} $(${FINDBINARY} -L ${SUDOERS_D} -type f -print)" > fi > for f in ${SUDO_CONFIG_FILES}; do > LogText "Test: checking file (${f})" >@@ -758,7 +764,7 @@ > LogText "Result: directory /etc/pam.d exists" > Display --indent 2 --text "- PAM configuration files (pam.d)" --result "${STATUS_FOUND}" --color GREEN > LogText "Test: searching PAM configuration files" >- FIND=$(${FINDBINARY} ${ROOTDIR}etc/pam.d \! -name "*.pam-old" -type f -print | sort) >+ FIND=$(${FINDBINARY} -L ${ROOTDIR}etc/pam.d \! -name "*.pam-old" -type f -print | sort) > for FILE in ${FIND}; do > LogText "Found file: ${FILE}" > done >@@ -843,7 +849,7 @@ > # > ################################################################################# > # >- # Test : AUTH-9282 and AUTH-9283 >+ # Test : AUTH-9282, AUTH-9283, and AUTH-9284 > # Note : Every Linux based operating system seem to have different passwd > # options, so we have to check the version first. > if [ "${OS}" = "Linux" ]; then >@@ -853,25 +859,29 @@ > PREQS_MET="YES" > FIND_P=$(passwd -a -S 2> /dev/null | ${AWKBINARY} '{ if ($2=="P" && $5=="99999") print $1 }') > FIND2=$(passwd -a -S 2> /dev/null | ${AWKBINARY} '{ if ($2=="NP") print $1 }') >+ FIND3=$(passwd -a -S 2> /dev/null | ${AWKBINARY} '{ if ($2=="L") print $1 }' | sort | uniq) > ;; > *) > PREQS_MET="YES" > FIND_P=$(passwd --all --status 2> /dev/null | ${AWKBINARY} '{ if ($2=="P" && $5=="99999") print $1 }') > FIND2=$(passwd --all --status 2> /dev/null | ${AWKBINARY} '{ if ($2=="NP") print $1 }') >+ FIND3=$(passwd --all --status 2> /dev/null | ${AWKBINARY} '{ if ($2=="L") print $1 }' | sort | uniq) > ;; > esac > elif [ "${OS_REDHAT_OR_CLONE}" -eq 1 ]; then > PREQS_MET="YES" > FIND_P=$(for I in $(${AWKBINARY} -F: '{print $1}' "${ROOTDIR}etc/passwd") ; do passwd -S "$I" | ${AWKBINARY} '{ if ($2=="PS" && $5=="99999") print $1 }' ; done) > FIND2=$(for I in $(${AWKBINARY} -F: '{print $1}' "${ROOTDIR}etc/passwd") ; do passwd -S "$I" | ${AWKBINARY} '{ if ($2=="NP") print $1 }' ; done) >+ FIND3=$(for I in $(${AWKBINARY} -F: '{print $1}' "${ROOTDIR}etc/passwd") ; do passwd -S "$I" | ${AWKBINARY} '{ if ($2=="L" || $2=="LK") print $1 }' | sort | uniq ; done) > else > LogText "Result: skipping test for this Linux version" > ReportManual "AUTH-9282:01" > PREQS_MET="NO" > FIND_P="" > FIND2="" >+ FIND3="" > fi >- else >+ else > PREQS_MET="NO" > fi > >@@ -892,11 +902,10 @@ > ReportSuggestion "${TEST_NO}" "When possible set expire dates for all password protected accounts" > fi > fi >-# >-################################################################################# >-# >+ > # Test : AUTH-9283 > # Description : Search passwordless accounts >+ # Notes : requires FIND2 variable > Register --test-no AUTH-9283 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Checking accounts without password" > if [ "${SKIPTEST}" -eq 0 ]; then > LogText "Test: Checking passwordless accounts" >@@ -907,12 +916,44 @@ > LogText "Result: found one or more accounts without password" > for I in ${FIND2}; do > LogText "Account without password: ${I}" >- Report "account_without_password=${I}" >+ Report "account_without_password[]=${I}" > done > Display --indent 2 --text "- Accounts without password" --result "${STATUS_WARNING}" --color RED > ReportWarning "${TEST_NO}" "Found accounts without password" > fi > fi >+ >+ # Test : AUTH-9284 >+ # Description : Check locked user accounts in /etc/passwd >+ # Notes : requires FIND3 variable >+ Register --test-no AUTH-9284 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check locked user accounts in /etc/passwd" >+ if [ "${SKIPTEST}" -eq 0 ]; then >+ LogText "Test: Checking locked accounts" >+ NON_SYSTEM_ACCOUNTS=$(${AWKBINARY} -F : '$3 > 999 && $3 != 65534 {print $1}' ${ROOTDIR}etc/passwd | ${SORTBINARY} | ${UNIQBINARY}) >+ LOCKED_NON_SYSTEM_ACCOUNTS=0 >+ for account in ${FIND3}; do >+ if echo "${NON_SYSTEM_ACCOUNTS}" | ${GREPBINARY} -w "${account}" > /dev/null ; then >+ LOCKED_NON_SYSTEM_ACCOUNTS=$((LOCKED_NON_SYSTEM_ACCOUNTS + 1)) >+ fi >+ done >+ if [ ${LOCKED_NON_SYSTEM_ACCOUNTS} -eq 0 ]; then >+ LogText "Result: all accounts seem to be unlocked" >+ Display --indent 2 --text "- Locked accounts" --result "${STATUS_OK}" --color GREEN >+ else >+ LogText "Result: found one or more locked accounts" >+ for account in ${FIND3}; do >+ if echo "${NON_SYSTEM_ACCOUNTS}" | ${GREPBINARY} -w "${account}" > /dev/null ; then >+ LogText "Locked account: ${account}" >+ Report "locked_account[]=${account}" >+ fi >+ done >+ Display --indent 2 --text "- Locked accounts" --result "${STATUS_FOUND}" --color RED >+ ReportSuggestion "${TEST_NO}" "Look at the locked accounts and consider removing them" >+ fi >+ unset account LOCKED_NON_SYSTEM_ACCOUNTS NON_SYSTEM_ACCOUNTS >+ fi >+ >+ unset FIND1 FIND2 FIND3 > # > ################################################################################# > # >@@ -1027,7 +1068,7 @@ > # Test : AUTH-9306 > # Description : Check if authentication is needed to boot the system > # Notes : :d_boot_authenticate: is a good option for production machines to >- # avoid unauthorized booting of systems. Option :d_boot_autentication@: >+ # avoid unauthorized booting of systems. Option :d_boot_authentication@: > # disabled a required login. > Register --test-no AUTH-9306 --os HP-UX --weight L --network NO --category security --description "Check single boot authentication" > if [ ${SKIPTEST} -eq 0 ]; then >@@ -1434,7 +1475,7 @@ > if [ ${FOUND} -eq 1 ]; then > Display --indent 2 --text "- Checking account locking" --result "${STATUS_ENABLED}" --color GREEN > else >- Display --indent 2 --text "- Checking account locking" --result "NOT ENABLED" --color YELLOW >+ Display --indent 2 --text "- Checking account locking" --result "${STATUS_NOT_ENABLED}" --color YELLOW > fi > fi > # >@@ -1448,7 +1489,7 @@ > FIND=$(${EGREPBINARY} "^passwd" ${ROOTDIR}etc/nsswitch.conf | ${GREPBINARY} "ldap") > if [ "${FIND}" = "" ]; then > LogText "Result: LDAP authentication not enabled" >- Display --indent 2 --text "- LDAP authentication support" --result "NOT ENABLED" --color WHITE >+ Display --indent 2 --text "- LDAP authentication support" --result "${STATUS_NOT_ENABLED}" --color WHITE > else > LogText "Result: LDAP authentication enabled" > Display --indent 2 --text "- LDAP authentication support" --result "${STATUS_ENABLED}" --color GREEN >@@ -1492,31 +1533,49 @@ > # Description : Logging of failed login attempts > Register --test-no AUTH-9408 --weight L --network NO --category security --description "Logging of failed login attempts" > if [ ${SKIPTEST} -eq 0 ]; then >- if [ -f "${ROOTDIR}etc/pam.conf" ]; then >+ if [ -f "${ROOTDIR}etc/pam.conf" -o -d "${ROOTDIR}etc/pam.d" ]; then > FOUND_PAM_TALLY2=0 > FOUND_TALLYLOG=0 >- if [ -s "${ROOTDIR}var/log/tallylog" ]; then >+ FOUND_PAM_FAILLOCK=0 >+ FOUND_FAILLOCKDIR=0 >+ if [ -d "${ROOTDIR}var/run/faillock" ]; then >+ FOUND_FAILLOCKDIR=1 >+ LogText "Result: found ${ROOTDIR}var/run/faillock directory" >+ elif [ -s "${ROOTDIR}var/log/tallylog" ]; then > FOUND_TALLYLOG=1 > LogText "Result: found ${ROOTDIR}var/log/tallylog with a size bigger than zero" > else >- LogText "Result: did not find ${ROOTDIR}var/log/tallylog on disk or its file size is zero bytes" >+ LogText "Result: did not find ${ROOTDIR}var/run/faillock directory or ${ROOTDIR}var/log/tallylog file on disk or its file size is zero bytes" > fi >- # Determine if pam_tally2 is available >+ # Determine if pam_faillock is available > for D in $(GetReportData --key "pam_module\\\[\\\]"); do >- if ContainsString "pam_tally2" "${D}"; then >- LogText "Result: found pam_tally2 module on disk" >- FOUND_PAM_TALLY2=1 >+ if ContainsString "pam_faillock" "${D}"; then >+ LogText "Result: found pam_faillock module on disk" >+ FOUND_PAM_FAILLOCK=1 > fi > done >- if [ ${FOUND_PAM_TALLY2} -eq 1 -a ${FOUND_TALLYLOG} -eq 1 ]; then >+ if [ ${FOUND_PAM_FAILLOCK} -eq 0 ]; then >+ # Determine if pam_tally2 is available >+ for D in $(GetReportData --key "pam_module\\\[\\\]"); do >+ if ContainsString "pam_tally2" "${D}"; then >+ LogText "Result: found pam_tally2 module on disk" >+ FOUND_PAM_TALLY2=1 >+ fi >+ done >+ fi >+ if [ ${FOUND_PAM_FAILLOCK} -eq 1 -a ${FOUND_FAILLOCKDIR} -eq 1 ]; then >+ LogText "Outcome: authentication failures are logged using pam_faillock" >+ AUTH_FAILED_LOGINS_LOGGED=1 >+ Report "auth_failed_logins_tooling[]=pam_faillock" >+ elif [ ${FOUND_PAM_TALLY2} -eq 1 -a ${FOUND_TALLYLOG} -eq 1 ]; then > LogText "Outcome: authentication failures are logged using pam_tally2" > AUTH_FAILED_LOGINS_LOGGED=1 > Report "auth_failed_logins_tooling[]=pam_tally2" > else >- LogText "Outcome: it looks like pam_tally2 is not configured to log failed login attempts" >+ LogText "Outcome: it looks like pam_faillock or pam_tally2 is not configured to log failed login attempts" > fi > >- unset FOUND_PAM_TALLY2 FOUND_TALLYLOG >+ unset FOUND_PAM_TALLY2 FOUND_TALLYLOG FOUND_PAM_FAILLOCK FOUND_FAILLOCKDIR > fi > # Also check /etc/logins.defs, although its usage decreased over the years > if [ -f ${ROOTDIR}etc/login.defs ]; then >diff -ur lynis-3.0.0/include/tests_banners lynis-3.0.8/include/tests_banners >--- lynis-3.0.0/include/tests_banners 2020-06-18 03:00:00 >+++ lynis-3.0.8/include/tests_banners 2022-05-17 03:00:00 >@@ -6,7 +6,7 @@ > # ------------------ > # > # Copyright 2007-2013, Michael Boelen >-# Copyright 2007-2020, CISOfy >+# Copyright 2007-2021, CISOfy > # > # Website : https://cisofy.com > # Blog : http://linux-audit.com >@@ -22,7 +22,7 @@ > # > ################################################################################# > # >- InsertSection "Banners and identification" >+ InsertSection "${SECTION_BANNERS_AND_IDENTIFICATION}" > # > ################################################################################# > # >diff -ur lynis-3.0.0/include/tests_boot_services lynis-3.0.8/include/tests_boot_services >--- lynis-3.0.0/include/tests_boot_services 2020-06-18 03:00:00 >+++ lynis-3.0.8/include/tests_boot_services 2022-05-17 03:00:00 >@@ -6,7 +6,7 @@ > # ------------------ > # > # Copyright 2007-2013, Michael Boelen >-# Copyright 2007-2020, CISOfy >+# Copyright 2007-2021, CISOfy > # > # Website : https://cisofy.com > # Blog : http://linux-audit.com >@@ -22,7 +22,7 @@ > # > ################################################################################# > # >- InsertSection "Boot and services" >+ InsertSection "${SECTION_BOOT_AND_SERVICES}" > # > ################################################################################# > # >@@ -63,6 +63,7 @@ > # Description : Determine service manager > # Notes : > # initscripts - Used by Arch before >+ # runit - Used by Artix, Devuan, Dragora and Void > # systemd - Common option with more Linux distros implementing it > # upstart - Used by Debian/Ubuntu > Register --test-no BOOT-5104 --weight L --network NO --category security --description "Determine service manager" >@@ -71,7 +72,7 @@ > case ${OS} in > "Linux") > if [ -f /proc/1/cmdline ]; then >- OUTPUT=$(${AWKBINARY} '/(^\/|init)/ { print $1 }' /proc/1/cmdline | ${TRBINARY} '\0' ' ' | ${SEDBINARY} 's/ $//') >+ OUTPUT=$(${AWKBINARY} '/(^\/|init|runit)/ { print $1 }' /proc/1/cmdline | ${TRBINARY} '\0' ' ' | ${SEDBINARY} 's/ $//') > LogText "Result: cmdline found = ${OUTPUT}" > FILENAME=$(echo "${OUTPUT}" | ${AWKBINARY} '{print $1}') > LogText "Result: file on disk = ${FILENAME}" >@@ -108,6 +109,12 @@ > upstart) > SERVICE_MANAGER="upstart" > ;; >+ runit) >+ SERVICE_MANAGER="runit" >+ ;; >+ openrc-init) >+ SERVICE_MANAGER="openrc" >+ ;; > *) > CONTAINS_SYSTEMD=$(echo ${SHORTNAME} | ${GREPBINARY} "systemd") > if [ -n "${CONTAINS_SYSTEMD}" ]; then >@@ -139,6 +146,13 @@ > SERVICE_MANAGER="launchd" > fi > ;; >+ "Solaris") >+ if [ -n "${ROOTDIR}usr/bin/svcs" ]; then >+ SERVICE_MANAGER="SMF (svcs)" >+ elif [ -d "${ROOTDIR}etc/init.d" ]; then >+ SERVICE_MANAGER="SysV Init" >+ fi >+ ;; > *) > LogText "Result: unknown service manager" > ;; >@@ -332,8 +346,12 @@ > if [ ${SKIPTEST} -eq 0 ]; then > FOUND=0 > >- CONF_FILES=$(${FINDBINARY} /etc/grub.d -type f -name "[0-9][0-9]*" -print0 | ${TRBINARY} '\0' ' ' | ${TRBINARY} -d '[:cntrl:]') >- CONF_FILES="${GRUBCONFFILE} ${ROOTDIR}boot/grub/custom.cfg ${CONF_FILES}" >+ if [ -d "${ROOTDIR}etc/grub.d" ]; then >+ CONF_FILES=$(${FINDBINARY} -L "${ROOTDIR}etc/grub.d" -type f -name "[0-9][0-9]*" -print0 | ${TRBINARY} '\0' ' ' | ${TRBINARY} -d '[:cntrl:]') >+ CONF_FILES="${GRUBCONFFILE} ${ROOTDIR}boot/grub/custom.cfg ${CONF_FILES}" >+ else >+ CONF_FILES="${GRUBCONFFILE} ${ROOTDIR}boot/grub/custom.cfg" >+ fi > > for FILE in ${CONF_FILES}; do > if [ -f "${FILE}" ]; then >@@ -473,6 +491,25 @@ > # > ################################################################################# > # >+ # Test : BOOT-5140 >+ # Description : Check for ELILO boot loader >+ Register --test-no BOOT-5140 --os "Linux" --weight L --network NO --root-only YES --category security --description "Check for ELILO boot loader presence" >+ if [ ${SKIPTEST} -eq 0 ]; then >+ BOOT_LOADER_SEARCHED=1 >+ CONF_FILES="${ROOTDIR}etc/elilo.conf ${ROOTDIR}boot/efi/EFI/${LINUX_VERSION}/elilo.conf" >+ for FILE in ${CONF_FILES}; do >+ FileExists ${FILE} >+ if [ ${FILE_FOUND} -eq 1 ]; then >+ Display --indent 2 --text "- Checking boot loader ELILO" --result "${STATUS_FOUND}" --color GREEN >+ LogText "Result: found ELILO boot loader" >+ BOOT_LOADER="ELILO" >+ BOOT_LOADER_FOUND=1 >+ fi >+ done >+ fi >+# >+################################################################################# >+# > # Test : BOOT-5142 > # Description : Check for SILO boot loader > Register --test-no BOOT-5142 --weight L --network NO --category security --description "Check SPARC Improved boot loader (SILO)" >@@ -583,6 +620,55 @@ > # > ################################################################################# > # >+ # Test : BOOT-5170 >+ # Description : Check for Solaris boot daemons >+ Register --test-no BOOT-5170 --os Solaris --weight L --network NO --category security --description "Check for Solaris boot daemons" >+ if [ ${SKIPTEST} -eq 0 ]; then >+ if [ -n "${SVCSBINARY}" ]; then >+ LogText "Result: Using svcs binary to check for daemons" >+ LogText "SysV style services may be incorrectly counted as running." >+ >+ Report "running_service_tool=svcs" >+ >+ # For the documentation of the states (field $1) see >+ # "Managing System Services in Oracle Solaris 11.4" pp. 24, available >+ # at https://docs.oracle.com/cd/E37838_01/pdf/E60998.pdf >+ >+ FIND=$("${SVCSBINARY}" -Ha | ${AWKBINARY} '{ if ($1 == "online" || $1 == "legacy_run") print $3 }') >+ COUNT=0 >+ for ITEM in ${FIND}; do >+ LogText "Found running daemon: ${ITEM}" >+ Report "running_service[]=${ITEM}" >+ COUNT=$((COUNT + 1 )) >+ done >+ Display --indent 2 --text "- Check running daemons (svcs)" --result "${STATUS_DONE}" --color GREEN >+ Display --indent 8 --text "Result: found ${COUNT} running daemons" >+ LogText "Result: Found ${COUNT} running daemons" >+ >+ LogText "Searching for enabled daemons (svcs)" >+ Report "boot_service_tool=svcs" >+ >+ FIND=$("${SVCSBINARY}" -Ha | ${AWKBINARY} '{ if ($1 != "disabled" && $1 != "uninitialized") print $3 }') >+ COUNT=0 >+ for ITEM in ${FIND}; do >+ LogText "Found enabled daemon at boot: ${ITEM}" >+ Report "boot_service[]=${ITEM}" >+ COUNT=$((COUNT + 1 )) >+ done >+ LogText "Note: Run svcs -a see all services" >+ Display --indent 2 --text "- Check enabled daemons at boot (svcs)" --result "${STATUS_DONE}" --color GREEN >+ Display --indent 8 --text "Result: found ${COUNT} enabled daemons at boot" >+ LogText "Result: Found ${COUNT} enabled daemons at boot" >+ fi >+ fi >+# >+################################################################################# >+# >+ # Test : BOOT-5171 >+ # Description : Check for services with errors on solaris >+# >+################################################################################# >+# > # Test : BOOT-5177 > # Description : Check for Linux boot services (systemd and chkconfig) > # Notes : We skip using chkconfig if systemd is being used. >@@ -652,7 +738,13 @@ > # Test : BOOT-5180 > # Description : Check for Linux boot services (Debian style) > # Notes : Debian 8+ shows runlevel 5 >- if [ "${LINUX_VERSION}" = "Debian" -o "${LINUX_VERSION}" = "Ubuntu" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi >+ if [ "${LINUX_VERSION}" = "Debian" ] || [ "${LINUX_VERSION}" = "Ubuntu" ] || >+ [ "${LINUX_VERSION_LIKE}" = "Debian" ] || [ "${LINUX_VERSION_LIKE}" = "Ubuntu" ]; then >+ PREQS_MET="YES" >+ else >+ PREQS_MET="NO" >+ fi >+ > Register --test-no BOOT-5180 --os Linux --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check for Linux boot services (Debian style)" > if [ ${SKIPTEST} -eq 0 ]; then > # Runlevel check >@@ -682,7 +774,7 @@ > # > # Test : BOOT-5184 > # Description : Check world writable startup scripts >- Register --test-no BOOT-5184 --os Linux --weight L --network NO --category security --description "Check permissions for boot files/scripts" >+ Register --test-no BOOT-5184 --os "Linux Solaris" --weight L --network NO --category security --description "Check permissions for boot files/scripts" > if [ ${SKIPTEST} -eq 0 ]; then > FOUND=0 > CHECKDIRS="${ROOTDIR}etc/init.d ${ROOTDIR}etc/rc.d ${ROOTDIR}etc/rcS.d" >@@ -693,7 +785,7 @@ > if [ -d ${DIR} ]; then > LogText "Result: directory ${DIR} found" > LogText "Test: checking for available files in directory" >- FIND=$(${FINDBINARY} ${DIR} -type f -print | ${SORTBINARY}) >+ FIND=$(${FINDBINARY} -L ${DIR} -type f -print | ${SORTBINARY}) > if [ -n "${FIND}" ]; then > LogText "Result: found files in directory, checking permissions now" > for FILE in ${FIND}; do >@@ -717,7 +809,7 @@ > for NO in 0 1 2 3 4 5 6; do > LogText "Test: Checking ${ROOTDIR}etc/rc${NO}.d scripts for writable bit" > if [ -d ${ROOTDIR}etc/rc${NO}.d ]; then >- FIND=$(${FINDBINARY} ${ROOTDIR}etc/rc${NO}.d -type f -print | ${SORTBINARY}) >+ FIND=$(${FINDBINARY} -L ${ROOTDIR}etc/rc${NO}.d -type f -print | ${SORTBINARY}) > for I in ${FIND}; do > if IsWorldWritable ${I}; then > FOUND=1 >@@ -925,7 +1017,7 @@ > LogText "Result: directory ${DIR} found" > LogText "Test: checking for available files in directory" > # OpenBSD uses symlinks to create another instance of daemons >- FIND=$(${FINDBINARY} ${CHECKDIR} \( -type f -o -type l \) -print | ${SORTBINARY}) >+ FIND=$(${FINDBINARY} -L ${CHECKDIR} -type f -print | ${SORTBINARY}) > if [ -n "${FIND}" ]; then > LogText "Result: found files in directory, checking permissions now" > for FILE in ${FIND}; do >@@ -1002,23 +1094,28 @@ > if [ "${UNIT}" = "UNIT" ]; then > continue > fi >+ STATUS="UNKNOWN" > COLOR="BLACK" > case ${PREDICATE} in > PERFECT | SAFE | OK) >+ STATUS="${STATUS_PROTECTED}" > COLOR=GREEN > ;; > MEDIUM) >+ STATUS="${STATUS_MEDIUM}" > COLOR=WHITE > ;; > EXPOSED) >+ STATUS="${STATUS_EXPOSED}" > COLOR=YELLOW > ;; > UNSAFE | DANGEROUS) >+ STATUS="${STATUS_UNSAFE}" > COLOR=RED > ;; > esac >- Display --indent 8 --text "- ${UNIT}:" --result "${PREDICATE}" --color "${COLOR}" >- LogText "Result: ${UNIT}: ${EXPOSURE} ${PREDICATE}" >+ Display --indent 8 --text "- ${UNIT}:" --result "${STATUS}" --color "${COLOR}" >+ LogText "Result: ${UNIT}: ${EXPOSURE} ${STATUS}" > done > ReportSuggestion "${TEST_NO}" "Consider hardening system services" "Run '${SYSTEMDANALYZEBINARY} security SERVICE' for each service" > fi >diff -ur lynis-3.0.0/include/tests_containers lynis-3.0.8/include/tests_containers >--- lynis-3.0.0/include/tests_containers 2020-06-18 03:00:00 >+++ lynis-3.0.8/include/tests_containers 2022-05-17 03:00:00 >@@ -6,7 +6,7 @@ > # ------------------ > # > # Copyright 2007-2013, Michael Boelen >-# Copyright 2007-2020, CISOfy >+# Copyright 2007-2021, CISOfy > # > # Website : https://cisofy.com > # Blog : http://linux-audit.com >@@ -22,7 +22,7 @@ > # > ################################################################################# > # >- InsertSection "Containers" >+ InsertSection "${SECTION_CONTAINERS}" > # > ################################################################################# > # >@@ -226,4 +226,4 @@ > > # > #================================================================================ >-# Lynis - Copyright 2007-2020, CISOfy - https://cisofy.com >+# Lynis - Copyright 2007-2021, CISOfy - https://cisofy.com >diff -ur lynis-3.0.0/include/tests_crypto lynis-3.0.8/include/tests_crypto >--- lynis-3.0.0/include/tests_crypto 2020-06-18 03:00:00 >+++ lynis-3.0.8/include/tests_crypto 2022-05-17 03:00:00 >@@ -6,7 +6,7 @@ > # ------------------ > # > # Copyright 2007-2013, Michael Boelen >-# Copyright 2007-2020, CISOfy >+# Copyright 2007-2021, CISOfy > # > # Website : https://cisofy.com > # Blog : http://linux-audit.com >@@ -22,10 +22,14 @@ > # > ################################################################################# > # >- InsertSection "Cryptography" >+ RNG_FOUND=0 > # > ################################################################################# > # >+ InsertSection "${SECTION_CRYPTOGRAPHY}" >+# >+################################################################################# >+# > # Test : CRYP-7902 > # Description : check for expired SSL certificates > if [ -n "${OPENSSLBINARY}" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi >@@ -50,7 +54,7 @@ > LASTSUBDIR="" > LogText "Result: found directory ${DIR}" > # Search for certificate files >- FILES=$(${FINDBINARY} ${DIR} -type f 2> /dev/null | ${EGREPBINARY} ".crt$|.pem$|^cert" | ${SORTBINARY} | ${SEDBINARY} 's/ /__space__/g') >+ FILES=$(${FINDBINARY} ${DIR} -type f 2> /dev/null | ${EGREPBINARY} ".cer$|.crt$|.der$|.pem$|^cert" | ${SORTBINARY} | ${SEDBINARY} 's/ /__space__/g') > for FILE in ${FILES}; do > FILE=$(echo ${FILE} | ${SEDBINARY} 's/__space__/ /g') > # See if we need to skip this path >@@ -76,16 +80,23 @@ > if [ ${CANREAD} -eq 1 ]; then > # Only check the files that are not installed by a package, unless enabled by profile > if [ ${SSL_CERTIFICATE_INCLUDE_PACKAGES} -eq 1 ] || ! FileInstalledByPackage "${FILE}"; then >+ echo ${FILE} | ${EGREPBINARY} -q ".cer$|.der$" >+ CER_DER=$? > OUTPUT=$(${GREPBINARY} -q 'BEGIN CERT' "${FILE}") >- if [ $? -eq 0 ]; then >+ if [ $? -eq 0 -o ${CER_DER} -eq 0 ]; then > LogText "Result: file is a certificate file" >- FIND=$(${OPENSSLBINARY} x509 -noout -in "${FILE}" -enddate 2> /dev/null | ${GREPBINARY} "^notAfter") >+ if [ ${CER_DER} -eq 0 ]; then >+ SSL_DER_OPT="-inform der" >+ else >+ SSL_DER_OPT= >+ fi >+ FIND=$(${OPENSSLBINARY} x509 -noout ${SSL_DER_OPT} -in "${FILE}" -enddate 2> /dev/null | ${GREPBINARY} "^notAfter") > if [ $? -eq 0 ]; then > # Check certificate where 'end date' has been expired >- FIND=$(${OPENSSLBINARY} x509 -noout -checkend 0 -in "${FILE}" -enddate 2> /dev/null) >+ FIND=$(${OPENSSLBINARY} x509 -noout ${SSL_DER_OPT} -checkend 0 -in "${FILE}" -enddate 2> /dev/null) > EXIT_CODE=$? >- CERT_CN=$(${OPENSSLBINARY} x509 -noout -subject -in "${FILE}" 2> /dev/null | ${SEDBINARY} -e 's/^subject.*CN=\([a-zA-Z0-9\.\-\*]*\).*$/\1/') >- CERT_NOTAFTER=$(${OPENSSLBINARY} x509 -noout -enddate -in "${FILE}" 2> /dev/null | ${AWKBINARY} -F= '{if ($1=="notAfter") { print $2 }}') >+ CERT_CN=$(${OPENSSLBINARY} x509 -noout ${SSL_DER_OPT} -subject -in "${FILE}" 2> /dev/null | ${SEDBINARY} -e 's/^subject.*CN=\([a-zA-Z0-9\.\-\*]*\).*$/\1/') >+ CERT_NOTAFTER=$(${OPENSSLBINARY} x509 -noout ${SSL_DER_OPT} -enddate -in "${FILE}" 2> /dev/null | ${AWKBINARY} -F= '{if ($1=="notAfter") { print $2 }}') > Report "certificate[]=${FILE}|${EXIT_CODE}|cn:${CERT_CN};notafter:${CERT_NOTAFTER};|" > if [ ${EXIT_CODE} -eq 0 ]; then > LogText "Result: certificate ${FILE} seems to be correct and still valid" >@@ -181,20 +192,28 @@ > if [ ${SKIPTEST} -eq 0 ]; then > ENCRYPTED_SWAPS=0 > UNENCRYPTED_SWAPS=0 >- SWAPS=$(${SWAPONBINARY} --show=NAME --noheadings) >- for BLOCK_DEV in ${SWAPS}; do >- if ${CRYPTSETUPBINARY} isLuks "${BLOCK_DEV}" 2> /dev/null; then >- LogText "Result: Found LUKS encrypted swap device: ${BLOCK_DEV}" >- ENCRYPTED_SWAPS=$((ENCRYPTED_SWAPS +1)) >- elif ${CRYPTSETUPBINARY} status "${BLOCK_DEV}" | ${GREPBINARY} --quiet "cipher:"; then >- LogText "Result: Found non-LUKS encrypted swap device: ${BLOCK_DEV}" >- ENCRYPTED_SWAPS=$((ENCRYPTED_SWAPS +1)) >- else >- LogText "Result: Found unencrypted swap device: ${BLOCK_DEV}" >- UNENCRYPTED_SWAPS=$((UNENCRYPTED_SWAPS +1)) >- fi >- done >- Display --indent 2 --text "- Found ${ENCRYPTED_SWAPS} encrypted and ${UNENCRYPTED_SWAPS} unencrypted swap devices in use." --result OK --color WHITE >+ # Redirect errors, as RHEL 5/6 and others don't have the --show option >+ SWAPS=$(${SWAPONBINARY} --show=NAME --noheadings 2> /dev/null) >+ if [ $? -eq 0 ]; then >+ for BLOCK_DEV in ${SWAPS}; do >+ if ${CRYPTSETUPBINARY} isLuks "${BLOCK_DEV}" 2> /dev/null; then >+ LogText "Result: Found LUKS encrypted swap device: ${BLOCK_DEV}" >+ ENCRYPTED_SWAPS=$((ENCRYPTED_SWAPS + 1)) >+ Report "encrypted_swap[]=${BLOCK_DEV},LUKS" >+ elif ${CRYPTSETUPBINARY} status "${BLOCK_DEV}" 2> /dev/null | ${GREPBINARY} -q "cipher:"; then >+ LogText "Result: Found non-LUKS encrypted swap device: ${BLOCK_DEV}" >+ ENCRYPTED_SWAPS=$((ENCRYPTED_SWAPS + 1)) >+ Report "encrypted_swap[]=${BLOCK_DEV},other" >+ else >+ LogText "Result: Found unencrypted swap device: ${BLOCK_DEV}" >+ UNENCRYPTED_SWAPS=$((UNENCRYPTED_SWAPS +1)) >+ Report "non_encrypted_swap[]=${BLOCK_DEV}" >+ fi >+ done >+ Display --indent 2 --text "- Found ${ENCRYPTED_SWAPS} encrypted and ${UNENCRYPTED_SWAPS} unencrypted swap devices in use." --result OK --color WHITE >+ else >+ LogText "Result: skipping testing as swapon returned an error." >+ fi > fi > # > ################################################################################# >@@ -226,12 +245,13 @@ > if [ ${SKIPTEST} -eq 0 ]; then > LogText "Test: looking for ${ROOTDIR}sys/class/misc/hw_random/rng_current" > if [ -f "${ROOTDIR}sys/class/misc/hw_random/rng_current" ]; then >- DATA=$(${HEADBINARY} --lines=1 ${ROOTDIR}sys/class/misc/hw_random/rng_current | ${TRBINARY} -d '[[:cntrl:]]') >+ DATA=$(${HEADBINARY} -n 1 ${ROOTDIR}sys/class/misc/hw_random/rng_current | ${TRBINARY} -d '[[:cntrl:]]') > if [ "${DATA}" != "none" ]; then > LogText "Result: positive match, found RNG: ${DATA}" > if IsRunning "rngd"; then > Display --indent 2 --text "- HW RNG & rngd" --result "${STATUS_YES}" --color GREEN > LogText "Result: rngd is running" >+ RNG_FOUND=1 > else > Display --indent 2 --text "- HW RNG & rngd" --result "${STATUS_NO}" --color YELLOW > # TODO - enable suggestion when website has listing for this control >@@ -263,12 +283,43 @@ > done > if [ -z "${FOUND}" ]; then > Display --indent 2 --text "- SW prng" --result "${STATUS_NO}" --color YELLOW >- ReportSuggestion "${TEST_NO}" "Utilize software pseudo random number generators" >+ # ReportSuggestion "${TEST_NO}" "Utilize software pseudo random number generators" > else >+ RNG_FOUND=1 > Display --indent 2 --text "- SW prng" --result "${STATUS_YES}" --color GREEN > LogText "Result: found ${FOUND} running" > fi > fi >+# >+################################################################################# >+# >+ # Test : CRYP-8006 >+ # Description : Check that the MemoryOverwriteRequest-bit is set to protect against cold-boot attacks >+ Register --test-no CRYP-8006 --os Linux --weight L --network NO --root-only NO --category security --description "MemoryOverwriteRequest-bit set" >+ if [ ${SKIPTEST} -eq 0 ]; then >+ MOR_CONTROL="${ROOTDIR}sys/firmware/efi/efivars/MemoryOverwriteRequestControl-e20939be-32d4-41be-a150-897f85d49829" >+ LogText "Test: looking for ${MOR_CONTROL}" >+ if [ -f "${MOR_CONTROL}" ]; then >+ DATA=$(od -An --skip-bytes=4 "$MOR_CONTROL") >+ if [ "$DATA" = " 000001" ]; then >+ LogText "Result: MOR-bit set" >+ Display --indent 2 --text "MOR-bit set" --result "${STATUS_YES}" --color GREEN >+ elif [ "$DATA" = " 000000" ]; then >+ LogText "Result: MOR-bit not set!" >+ Display --indent 2 --text "MOR-bit set" --result "${STATUS_NO}" --color RED >+ else >+ LogText "Result: MOR-bit unknown. Found: $DATA" >+ Display --indent 2 --text "MOR-bit set" --result "${STATUS_UNKNOWN}" --color YELLOW >+ fi >+ else >+ LogText "Result: could not find ${MOR_CONTROL}" >+ Display --indent 2 --text "- MOR variable not found" --result "${STATUS_WEAK}" --color WHITE >+ fi >+ fi >+# >+################################################################################# >+# >+ Report "rng_found=${RNG_FOUND}" > # > ################################################################################# > # >diff -ur lynis-3.0.0/include/tests_databases lynis-3.0.8/include/tests_databases >--- lynis-3.0.0/include/tests_databases 2020-06-18 03:00:00 >+++ lynis-3.0.8/include/tests_databases 2022-05-17 03:00:00 >@@ -6,7 +6,7 @@ > # ------------------ > # > # Copyright 2007-2013, Michael Boelen >-# Copyright 2007-2020, CISOfy >+# Copyright 2007-2021, CISOfy > # > # Website : https://cisofy.com > # Blog : http://linux-audit.com >@@ -39,13 +39,13 @@ > # > ################################################################################# > # >- InsertSection "Databases" >+ InsertSection "${SECTION_DATABASES}" > > # Test : DBS-1804 > # Description : Check if MySQL is being used > Register --test-no DBS-1804 --weight L --network NO --category security --description "Checking active MySQL process" > if [ ${SKIPTEST} -eq 0 ]; then >- FIND=$(${PSBINARY} ax | ${EGREPBINARY} "mysqld|mysqld_safe" | ${GREPBINARY} -v "grep") >+ FIND=$(${PSBINARY} ax | ${EGREPBINARY} "mariadb|mysqld|mysqld_safe" | ${GREPBINARY} -v "grep") > if [ -z "${FIND}" ]; then > if [ ${DEBUG} -eq 1 ]; then Display --indent 2 --text "- MySQL process status" --result "${STATUS_NOT_FOUND}" --color WHITE --debug; fi > LogText "Result: MySQL process not active" >@@ -86,7 +86,7 @@ > > # "-u root --password=" avoids ~/.my.cnf authentication settings > # "plugin = 'mysql_native_password' AND authentication_string = ''" avoids false positives when secure plugins are used >- FIND=$(${MYSQLCLIENTBINARY} --no-defaults -u root --password= --silent --batch --execute="SELECT count(*) FROM mysql.user WHERE user = 'root' AND plugin = 'mysql_native_password' AND authentication_string = ''" mysql 2>/dev/null; echo $?) >+ FIND=$(${MYSQLCLIENTBINARY} --default-auth=mysql_native_password --no-defaults -u root --password= --silent --batch --execute="SELECT count(*) FROM mysql.user WHERE user = 'root' AND plugin = 'mysql_native_password' AND authentication_string = ''" mysql > /dev/null 2>&1; echo $?) > if [ "${FIND}" = "0" ]; then > LogText "Result: Login succeeded, no MySQL root password set!" > ReportWarning "${TEST_NO}" "No MySQL root password set" >@@ -174,7 +174,7 @@ > # Description : Check if PostgreSQL is being used > Register --test-no DBS-1826 --weight L --network NO --category security --description "Checking active PostgreSQL processes" > if [ ${SKIPTEST} -eq 0 ]; then >- if IsRunning "postgres:"; then >+ if IsRunning "postgres"; then > Display --indent 2 --text "- PostgreSQL processes status" --result "${STATUS_FOUND}" --color GREEN > LogText "Result: PostgreSQL is active" > POSTGRESQL_RUNNING=1 >@@ -203,11 +203,17 @@ > > Register --test-no DBS-1828 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Test PostgreSQL configuration" > if [ ${SKIPTEST} -eq 0 ]; then >- FIND_PATHS="${ROOTDIR}etc/postgres ${ROOTDIR}var/lib/postgres/data" >- CONFIG_FILES=$(${FINDBINARY} ${FIND_PATHS} -type f -name "postgresql.conf" -print0 2> /dev/null | ${TRBINARY} -cd '[:print:]\0' | ${TRBINARY} -d '\n' | ${TRBINARY} '\0' '\n' | xargs -i sh -c 'test -r "{}" && echo "{}" | ${SEDBINARY} "s/ /:space:/g"') >+ FIND_PATHS="${ROOTDIR}etc/postgres ${ROOTDIR}var/lib/postgres/data ${ROOTDIR}usr/local/pgsql/data" >+ CONFIG_FILES=$(${FINDBINARY} -L ${FIND_PATHS} -type f -name "*.conf" -print0 2> /dev/null | ${TRBINARY} -cd '[:print:]\0' | ${TRBINARY} -d '\n' | ${TRBINARY} '\0' '\n' | xargs -i sh -c 'test -r "{}" && echo "{}"' | ${SEDBINARY} "s/ /:space:/g") > for CF in ${CONFIG_FILES}; do > Report "postgresql_config_file[]=${CF}" > LogText "Found configuration file (${CF})" >+ if IsWorldReadable ${CF}; then >+ LogText "Result: configuration file ${CF} is world readable, this might leak sensitive information!" >+ ReportWarning "${TEST_NO}" "PostgreSQL configuration file ${CF} is world readable and might leak sensitive details" "${CF}" "Use chmod 600 to change file permissions" >+ else >+ LogText "Result: great, configuration file ${CF} is not world readable" >+ fi > done > fi > # >diff -ur lynis-3.0.0/include/tests_dns lynis-3.0.8/include/tests_dns >--- lynis-3.0.0/include/tests_dns 2020-06-18 03:00:00 >+++ lynis-3.0.8/include/tests_dns 2022-05-17 03:00:00 >@@ -6,7 +6,7 @@ > # ------------------ > # > # Copyright 2007-2013, Michael Boelen >-# Copyright 2007-2020, CISOfy >+# Copyright 2007-2021, CISOfy > # > # Website : https://cisofy.com > # Blog : http://linux-audit.com >@@ -45,11 +45,11 @@ > # > # if [ "${GOOD}" = "${TIMEOUT}" -a "${BAD}" = "${TIMEOUT}" ]; then > # LogText "Result: received timeout, can't determine DNSSEC validation" >-# Display --indent 4 --text "- Checking DNSSEC validation" --result "${STATUS_UNKOWN}" --color YELLOW >+# Display --indent 4 --text "- Checking DNSSEC validation" --result "${STATUS_UNKNOWN}" --color YELLOW > # #ReportException "${TEST_NO}" "Exception found, both query failed, due to connection timeout" > # elif [ -z "${GOOD}" -a -n "${BAD}" ]; then > # LogText "Result: good signature failed, yet bad signature was accepted" >-# Display --indent 4 --text "- Checking DNSSEC validation" --result "${STATUS_UNKOWN}" --color YELLOW >+# Display --indent 4 --text "- Checking DNSSEC validation" --result "${STATUS_UNKNOWN}" --color YELLOW > # #ReportException "${TEST_NO}" "Exception found, OK failed, bad signature was accepted" > # elif [ -n "${GOOD}" -a -n "${BAD}" ]; then > # Display --indent 4 --text "- Checking DNSSEC validation" --result "${STATUS_SUGGESTION}" --color YELLOW >diff -ur lynis-3.0.0/include/tests_file_integrity lynis-3.0.8/include/tests_file_integrity >--- lynis-3.0.0/include/tests_file_integrity 2020-06-18 03:00:00 >+++ lynis-3.0.8/include/tests_file_integrity 2022-05-17 03:00:00 >@@ -6,7 +6,7 @@ > # ------------------ > # > # Copyright 2007-2013, Michael Boelen >-# Copyright 2007-2020, CISOfy >+# Copyright 2007-2021, CISOfy > # > # Website : https://cisofy.com > # Blog : http://linux-audit.com >@@ -25,7 +25,7 @@ > # > ################################################################################# > # >- InsertSection "Software: file integrity" >+ InsertSection "${SECTION_FILE_INTEGRITY}" > Display --indent 2 --text "- Checking file integrity tools" > # > ################################################################################# >@@ -104,7 +104,7 @@ > if [ -n "${AIDEBINARY}" -a -n "${AIDECONFIG}" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi > Register --test-no FINT-4316 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Presence of AIDE database and size check" > if [ ${SKIPTEST} -eq 0 ]; then >- AIDE_DB=$(${GREPBINARY} ^database= ${AIDECONFIG} | ${SEDBINARY} "s/.*://") >+ AIDE_DB=$(${EGREPBINARY} '(^database|^database_in)=' ${AIDECONFIG} | ${SEDBINARY} "s/.*://") > if case ${AIDE_DB} in @@*) ;; *) false;; esac; then > I=$(${GREPBINARY} "@@define.*DBDIR" ${AIDECONFIG} | ${AWKBINARY} '{print $3}') > AIDE_DB=$(echo ${AIDE_DB} | ${SEDBINARY} "s#.*}#${I}#") >@@ -441,4 +441,4 @@ > WaitForKeyPress > # > #================================================================================ >-# Lynis - Copyright 2007-2020 Michael Boelen, CISOfy - https://cisofy.com >+# Lynis - Copyright 2007-2021 Michael Boelen, CISOfy - https://cisofy.com >diff -ur lynis-3.0.0/include/tests_file_permissions lynis-3.0.8/include/tests_file_permissions >--- lynis-3.0.0/include/tests_file_permissions 2020-06-18 03:00:00 >+++ lynis-3.0.8/include/tests_file_permissions 2022-05-17 03:00:00 >@@ -6,7 +6,7 @@ > # ------------------ > # > # Copyright 2007-2013, Michael Boelen >-# Copyright 2007-2020, CISOfy >+# Copyright 2007-2021, CISOfy > # > # Website : https://cisofy.com > # Blog : http://linux-audit.com >@@ -22,7 +22,7 @@ > # > ################################################################################# > # >- InsertSection "File Permissions" >+ InsertSection "${SECTION_FILE_PERMISSIONS}" > # > ################################################################################# > # >@@ -72,4 +72,4 @@ > > # > #================================================================================ >-# Lynis - Copyright 2007-2020, CISOfy - https://cisofy.com >+# Lynis - Copyright 2007-2021, CISOfy - https://cisofy.com >diff -ur lynis-3.0.0/include/tests_filesystems lynis-3.0.8/include/tests_filesystems >--- lynis-3.0.0/include/tests_filesystems 2020-06-18 03:00:00 >+++ lynis-3.0.8/include/tests_filesystems 2022-05-17 03:00:00 >@@ -6,7 +6,7 @@ > # ------------------ > # > # Copyright 2007-2013, Michael Boelen >-# Copyright 2007-2020, CISOfy >+# Copyright 2007-2021, CISOfy > # > # Website : https://cisofy.com > # Blog : http://linux-audit.com >@@ -28,7 +28,7 @@ > # > ################################################################################# > # >- InsertSection "File systems" >+ InsertSection "${SECTION_FILE_SYSTEMS}" > # > ################################################################################# > # >@@ -327,7 +327,7 @@ > Display --indent 2 --text "- Testing swap partitions" --result "${STATUS_OK}" --color GREEN > LogText "Result: all swap partitions have correct options (sw or swap)" > else >- Display --indent 2 --text "- Testing swap partitions" --result "CHECK NEEDED" --color YELLOW >+ Display --indent 2 --text "- Testing swap partitions" --result "${STATUS_CHECK_NEEDED}" --color YELLOW > LogText "Result: possible incorrect mount options used for mounting swap partition (${FIND})" > #ReportWarning "${TEST_NO}" "Possible incorrect mount options used for swap partition (${FIND})" > ReportSuggestion "${TEST_NO}" "Check your /etc/fstab file for swap partition mount options" >@@ -339,6 +339,7 @@ > # > # Test : FILE-6344 > # Description : Check proc mount options (Linux >=3.3 only) >+ # hidepid textual values available kernel >= 5.8 only) > # Examples : proc /proc proc defaults,hidepid=2 0 0 > # Goal : Users should not be able to see processes of other users > if [ "${OS}" = "Linux" -a -f ${ROOTDIR}proc/version ]; then >@@ -353,15 +354,20 @@ > Register --test-no FILE-6344 --os Linux --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Checking proc mount options" > if [ ${SKIPTEST} -eq 0 ]; then > # Proc should be mounted with 'hidepid=2' or 'hidepid=1' at least >+ # https://www.kernel.org/doc/html/latest/filesystems/proc.html#chapter-4-configuring-procfs > LogText "Test: check proc mount with incorrect mount options" >- FIND=$(${MOUNTBINARY} | ${EGREPBINARY} "${ROOTDIR}proc " | ${EGREPBINARY} -o "hidepid=[0-9]") >- if [ "${FIND}" = "hidepid=2" ]; then >+ FIND=$(${MOUNTBINARY} | ${EGREPBINARY} "${ROOTDIR}proc " | ${EGREPBINARY} -o "hidepid=([0-9]|[a-z][a-z]*)") >+ if [ "${FIND}" = "hidepid=4" -o "${FIND}" = "hidepid=ptraceable" ]; then # https://lwn.net/Articles/817137/ > Display --indent 2 --text "- Testing /proc mount (hidepid)" --result "${STATUS_OK}" --color GREEN >- LogText "Result: proc mount mounted with hidepid=2" >+ LogText "Result: proc mount mounted with ${FIND}" > AddHP 3 3 >- elif [ "${FIND}" = "hidepid=1" ]; then >+ elif [ "${FIND}" = "hidepid=2" -o "${FIND}" = "hidepid=invisible" ]; then > Display --indent 2 --text "- Testing /proc mount (hidepid)" --result "${STATUS_OK}" --color GREEN >- LogText "Result: proc mount mounted with hidepid=1" >+ LogText "Result: proc mount mounted with ${FIND}" >+ AddHP 3 3 >+ elif [ "${FIND}" = "hidepid=1" -o "${FIND}" = "hidepid=noaccess" ]; then >+ Display --indent 2 --text "- Testing /proc mount (hidepid)" --result "${STATUS_OK}" --color GREEN >+ LogText "Result: proc mount mounted with ${FIND}" > AddHP 2 3 > elif [ -z "${FIND}" ]; then > # HIDEPID1_SUGGESTION=" (or at least hidepid=1)" >@@ -535,7 +541,7 @@ > if [ "${FIND}" = "defaults" ]; then > Display --indent 2 --text "- Mount options of /" --result "${STATUS_OK}" --color GREEN > else >- Display --indent 2 --text "- Mount options of /" --result "NON DEFAULT" --color YELLOW >+ Display --indent 2 --text "- Mount options of /" --result "${STATUS_NON_DEFAULT}" --color YELLOW > fi > else > LogText "Result: no mount point / or expected options found" >@@ -606,21 +612,20 @@ > done > if [ ${FULLY_HARDENED} -eq 1 ]; then > LogText "Result: marked ${FILESYSTEM} as fully hardened" >- Display --indent 2 --text "- Mount options of ${FILESYSTEM}" --result HARDENED --color GREEN >+ Display --indent 2 --text "- Mount options of ${FILESYSTEM}" --result "${STATUS_HARDENED}" --color GREEN > AddHP 5 5 > elif [ ${PARTIALLY_HARDENED} -eq 1 ]; then > LogText "Result: marked ${FILESYSTEM} as partially hardened" >- Display --indent 2 --text "- Mount options of ${FILESYSTEM}" --result "PARTIALLY HARDENED" --color YELLOW >+ Display --indent 2 --text "- Mount options of ${FILESYSTEM}" --result "${STATUS_PARTIALLY_HARDENED}" --color YELLOW > AddHP 4 5 > else >- # if > if ContainsString "defaults" "${FOUND_FLAGS}"; then > LogText "Result: marked ${FILESYSTEM} options as default (not hardened)" >- Display --indent 2 --text "- Mount options of ${FILESYSTEM}" --result DEFAULT --color YELLOW >+ Display --indent 2 --text "- Mount options of ${FILESYSTEM}" --result "${STATUS_DEFAULT}" --color YELLOW > AddHP 3 5 > else > LogText "Result: marked ${FILESYSTEM} options as non-default (unclear about hardening)" >- Display --indent 2 --text "- Mount options of ${FILESYSTEM}" --result "NON DEFAULT" --color YELLOW >+ Display --indent 2 --text "- Mount options of ${FILESYSTEM}" --result "${STATUS_NON_DEFAULT}" --color YELLOW > AddHP 4 5 > fi > fi >@@ -629,11 +634,11 @@ > fi > done > fi >- NMOUNTS=$(mount | ${WCBINARY} --lines) >- NDEVMOUNTS=$(mount | ${AWKBINARY} '{print $6}' | ${GREPBINARY} -v nodev | ${WCBINARY} --lines) >- NEXECMOUNTS=$(mount | ${AWKBINARY} '{print $6}' | ${GREPBINARY} -v noexec | ${WCBINARY} --lines) >- NSUIDMOUNTS=$(mount | ${AWKBINARY} '{print $6}' | ${GREPBINARY} -v nosuid | ${WCBINARY} --lines) >- NWRITEANDEXECMOUNTS=$(mount | ${AWKBINARY} '{print $6}' | ${GREPBINARY} -v noexec | ${EGREPBINARY} -v '^\(ro[,)]' | ${WCBINARY} --lines) >+ NMOUNTS=$(mount | ${WCBINARY} -l) >+ NDEVMOUNTS=$(mount | ${AWKBINARY} '{print $6}' | ${GREPBINARY} -v nodev | ${WCBINARY} -l) >+ NEXECMOUNTS=$(mount | ${AWKBINARY} '{print $6}' | ${GREPBINARY} -v noexec | ${WCBINARY} -l) >+ NSUIDMOUNTS=$(mount | ${AWKBINARY} '{print $6}' | ${GREPBINARY} -v nosuid | ${WCBINARY} -l) >+ NWRITEANDEXECMOUNTS=$(mount | ${AWKBINARY} '{print $6}' | ${GREPBINARY} -v noexec | ${EGREPBINARY} -v '^\(ro[,)]' | ${WCBINARY} -l) > LogText "Result: Total without nodev:${NDEVMOUNTS} noexec:${NEXECMOUNTS} nosuid:${NSUIDMOUNTS} ro or noexec (W^X): ${NWRITEANDEXECMOUNTS}, of total ${NMOUNTS}" > Display --indent 2 --text "- Total without nodev:${NDEVMOUNTS} noexec:${NEXECMOUNTS} nosuid:${NSUIDMOUNTS} ro or noexec (W^X): ${NWRITEANDEXECMOUNTS} of total ${NMOUNTS}" > fi >@@ -653,7 +658,7 @@ > Display --indent 2 --text "- /var/tmp is bound to /tmp" --result "${STATUS_OK}" --color GREEN > LogText "Result : /var/tmp is bind to /tmp" > else >- Display --indent 2 --text "- /var/tmp is not bound to /tmp" --result "NON DEFAULT" --color YELLOW >+ Display --indent 2 --text "- /var/tmp is not bound to /tmp" --result "${STATUS_NON_DEFAULT}" --color YELLOW > LogText "Result: /var/tmp is not bind to /tmp" > fi > else >@@ -820,21 +825,24 @@ > LogText "Result: module ${FS} is currently not loaded in the kernel." > AddHP 2 3 > if IsDebug; then Display --indent 6 --text "- Module ${FS} not loaded (lsmod)" --result OK --color GREEN; fi >- FOUND=1 >- AVAILABLE_MODPROBE_FS="${AVAILABLE_MODPROBE_FS}${FS} " > else > LogText "Result: module ${FS} is loaded in the kernel" > Display --indent 4 --text "- Module $FS loaded in the kernel (lsmod)" --result "FOUND" --color WHITE >+ FOUND=1 >+ AVAILABLE_MODPROBE_FS="${AVAILABLE_MODPROBE_FS}${FS} " > fi > else > AddHP 3 3 > if IsDebug; then Display --indent 6 --text "- Module ${FS} not present in the kernel" --result OK --color GREEN; fi > fi >- FIND1=$(${EGREPBINARY} "blacklist ${FS}" ${ROOTDIR}etc/modprobe.d/* | ${GREPBINARY} -v "#") >- FIND2=$(${EGREPBINARY} "install ${FS} /bin/true" ${ROOTDIR}etc/modprobe.d/* | ${GREPBINARY} -v "#") >- if [ -n "${FIND1}" ] || [ -n "${FIND2}" ]; then >- Display --indent 4 --text "- Module $FS is blacklisted" --result "OK" --color GREEN >- LogText "Result: module ${FS} is blacklisted" >+ FIND=$(${LSBINARY} ${ROOTDIR}etc/modprobe.d/* 2> /dev/null) >+ if [ -n "${FIND}" ]; then >+ FIND1=$(${EGREPBINARY} "^blacklist \+${FS}$" ${ROOTDIR}etc/modprobe.d/* | ${GREPBINARY} -v "#") >+ FIND2=$(${EGREPBINARY} "^install \+${FS} \+/bin/true$" ${ROOTDIR}etc/modprobe.d/* | ${GREPBINARY} -v "#") >+ if [ -n "${FIND1}" ] || [ -n "${FIND2}" ]; then >+ Display --indent 4 --text "- Module $FS is blacklisted" --result "OK" --color GREEN >+ LogText "Result: module ${FS} is blacklisted" >+ fi > fi > done > if [ ${FOUND} -eq 1 ]; then >diff -ur lynis-3.0.0/include/tests_firewalls lynis-3.0.8/include/tests_firewalls >--- lynis-3.0.0/include/tests_firewalls 2020-06-18 03:00:00 >+++ lynis-3.0.8/include/tests_firewalls 2022-05-17 03:00:00 >@@ -6,7 +6,7 @@ > # ------------------ > # > # Copyright 2007-2013, Michael Boelen >-# Copyright 2007-2020, CISOfy >+# Copyright 2007-2021, CISOfy > # > # Website : https://cisofy.com > # Blog : http://linux-audit.com >@@ -22,7 +22,7 @@ > # > ################################################################################# > # >- InsertSection "Software: firewalls" >+ InsertSection "${SECTION_FIREWALLS}" > # > ################################################################################# > # >@@ -407,6 +407,8 @@ > Register --test-no FIRE-4534 --weight L --os "macOS" --network NO --category security --description "Check for presence of outbound firewalls on macOS" > if [ ${SKIPTEST} -eq 0 ]; then > >+ FOUND=0 >+ > # Little Snitch Daemon (macOS) > LogText "Test: checking process Little Snitch Daemon" > if IsRunning --full "Little Snitch Daemon"; then >@@ -504,7 +506,7 @@ > Register --test-no FIRE-4540 --os Linux --preqs-met ${PREQS_MET} --weight L --network NO --root-only YES --category security --description "Check for empty nftables configuration" > if [ ${SKIPTEST} -eq 0 ]; then > # Check for empty ruleset >- NFT_RULES_LENGTH=$(${NFTBINARY} list ruleset --stateless 2> /dev/null | ${EGREPBINARY} -v "table|chain|;$|}$|^$" | ${WCBINARY} -l) >+ NFT_RULES_LENGTH=$(${NFTBINARY} --stateless list ruleset 2> /dev/null | ${EGREPBINARY} -v "table|chain|;$|}$|^$" | ${WCBINARY} -l) > if [ ${NFT_RULES_LENGTH} -le 3 ]; then > FIREWALL_EMPTY_RULESET=1 > LogText "Result: this firewall set has 3 rules or less and is considered to be empty" >@@ -537,7 +539,7 @@ > Register --test-no FIRE-4590 --weight L --network NO --category security --description "Check firewall status" > if [ ${SKIPTEST} -eq 0 ]; then > if [ ${FIREWALL_ACTIVE} -eq 1 ]; then >- Display --indent 2 --text "- Checking host based firewall" --result "ACTIVE" --color GREEN >+ Display --indent 2 --text "- Checking host based firewall" --result "${STATUS_ACTIVE}" --color GREEN > LogText "Result: host based firewall or packet filter is active" > Report "manual[]=Verify if there is a formal process for testing and applying firewall rules" > Report "manual[]=Verify all traffic is filtered the right way between the different security zones" >@@ -546,7 +548,7 @@ > Report "manual[]=Make sure an explicit deny all is the default policy for all unmatched traffic" > AddHP 5 5 > else >- Display --indent 2 --text "- Checking host based firewall" --result "NOT ACTIVE" --color YELLOW >+ Display --indent 2 --text "- Checking host based firewall" --result "${STATUS_NOT_ACTIVE}" --color YELLOW > LogText "Result: no host based firewall/packet filter found or configured" > ReportSuggestion "${TEST_NO}" "Configure a firewall/packet filter to filter incoming and outgoing traffic" > AddHP 0 5 >diff -ur lynis-3.0.0/include/tests_hardening lynis-3.0.8/include/tests_hardening >--- lynis-3.0.0/include/tests_hardening 2020-06-18 03:00:00 >+++ lynis-3.0.8/include/tests_hardening 2022-05-17 03:00:00 >@@ -6,7 +6,7 @@ > # ------------------ > # > # Copyright 2007-2013, Michael Boelen >-# Copyright 2007-2020, CISOfy >+# Copyright 2007-2021, CISOfy > # > # Website : https://cisofy.com > # Blog : http://linux-audit.com >@@ -18,7 +18,7 @@ > # > ################################################################################# > # >- InsertSection "Hardening" >+ InsertSection "${SECTION_HARDENING}" > > # COMPILER_INSTALLED is initialized before > HARDEN_COMPILERS_NEEDED=0 >@@ -102,6 +102,27 @@ > ReportSuggestion "${TEST_NO}" "Harden the system by installing at least one malware scanner, to perform periodic file system scans" "-" "Install a tool like rkhunter, chkrootkit, OSSEC" > AddHP 1 3 > LogText "Result: no malware scanner found" >+ fi >+ fi >+# >+################################################################################# >+# >+ # Test : HRDN-7231 >+ # Description : Check for registered non-native binary formats >+ Register --test-no HRDN-7231 --os Linux --weight L --network NO --category security --description "Check for registered non-native binary formats" >+ if [ ${SKIPTEST} -eq 0 ]; then >+ LogText "Test: Check for registered non-native binary formats" >+ NFORMATS=0 >+ if [ -d /proc/sys/fs/binfmt_misc ]; then >+ NFORMATS=$(${FINDBINARY} /proc/sys/fs/binfmt_misc -type f -not -name register -not -name status | ${WCBINARY} -l) >+ fi >+ if [ ${NFORMATS} -eq 0 ]; then >+ LogText "Result: no non-native binary formats found" >+ Display --indent 4 --text "- Non-native binary formats" --result "${STATUS_NOT_FOUND}" --color GREEN >+ else >+ FORMATS=$(${FINDBINARY} /proc/sys/fs/binfmt_misc -type f -not -name register -not -name status -printf '%f ') >+ LogText "Result: found ${NFORMATS} non-native binary formats registered: ${FORMATS}" >+ Display --indent 4 --text "- Non-native binary formats" --result "${STATUS_FOUND}" --color RED > fi > fi > # >diff -ur lynis-3.0.0/include/tests_homedirs lynis-3.0.8/include/tests_homedirs >--- lynis-3.0.0/include/tests_homedirs 2020-06-18 03:00:00 >+++ lynis-3.0.8/include/tests_homedirs 2022-05-17 03:00:00 >@@ -6,7 +6,7 @@ > # ------------------ > # > # Copyright 2007-2013, Michael Boelen >-# Copyright 2007-2020, CISOfy >+# Copyright 2007-2021, CISOfy > # > # Website : https://cisofy.com > # Blog : http://linux-audit.com >@@ -22,7 +22,7 @@ > # > ################################################################################# > # >- InsertSection "Home directories" >+ InsertSection "${SECTION_HOME_DIRECTORIES}" > # > ################################################################################# > # >diff -ur lynis-3.0.0/include/tests_insecure_services lynis-3.0.8/include/tests_insecure_services >--- lynis-3.0.0/include/tests_insecure_services 2020-06-18 03:00:00 >+++ lynis-3.0.8/include/tests_insecure_services 2022-05-17 03:00:00 >@@ -6,7 +6,7 @@ > # ------------------ > # > # Copyright 2007-2013, Michael Boelen >-# Copyright 2007-2020, CISOfy >+# Copyright 2007-2021, CISOfy > # > # Website : https://cisofy.com > # Blog : http://linux-audit.com >@@ -22,7 +22,7 @@ > # > ################################################################################# > # >- InsertSection "Insecure services" >+ InsertSection "${SECTION_INSECURE_SERVICES}" > # > ################################################################################# > # >@@ -63,11 +63,11 @@ > LogText "Test: Searching for active inet daemon" > if IsRunning "inetd"; then > LogText "Result: inetd is running" >- Display --indent 4 --text "- inetd status" --result "ACTIVE" --color GREEN >+ Display --indent 4 --text "- inetd status" --result "${STATUS_ACTIVE}" --color GREEN > INETD_ACTIVE=1 > else > LogText "Result: inetd is NOT running" >- Display --indent 4 --text "- inetd status" --result "NOT ACTIVE" --color GREEN >+ Display --indent 4 --text "- inetd status" --result "${STATUS_NOT_ACTIVE}" --color GREEN > fi > fi > # >@@ -158,11 +158,11 @@ > LogText "Test: Searching for active extended internet services daemon (xinetd)" > if IsRunning "xinetd"; then > LogText "Result: xinetd is running" >- Display --indent 4 --text "- xinetd status" --result "ACTIVE" --color GREEN >+ Display --indent 4 --text "- xinetd status" --result "${STATUS_ACTIVE}" --color GREEN > XINETD_ACTIVE=1 > else > LogText "Result: xinetd is NOT running" >- Display --indent 4 --text "- xinetd status" --result "NOT ACTIVE" --color GREEN >+ Display --indent 4 --text "- xinetd status" --result "${STATUS_NOT_ACTIVE}" --color GREEN > fi > fi > # >@@ -385,7 +385,7 @@ > if [ ${FOUND} -eq 1 ]; then > LogText "Result: telnet server is installed" > Display --indent 2 --text "- Installed telnet server package" --result "${STATUS_FOUND}" --color YELLOW >- ReportSuggestion "${TEST_NO}" "Removing the ${FOUND} package and replace with SSH when possible" >+ ReportSuggestion "${TEST_NO}" "Removing the telnet server package and replace with SSH when possible" > Report "insecure_service[]=telnet-server" > else > LogText "Result: telnet server is NOT installed" >diff -ur lynis-3.0.0/include/tests_kernel lynis-3.0.8/include/tests_kernel >--- lynis-3.0.0/include/tests_kernel 2020-06-18 03:00:00 >+++ lynis-3.0.8/include/tests_kernel 2022-05-17 03:00:00 >@@ -6,7 +6,7 @@ > # ------------------ > # > # Copyright 2007-2013, Michael Boelen >-# Copyright 2007-2020, CISOfy >+# Copyright 2007-2021, CISOfy > # > # Website : https://cisofy.com > # Blog : http://linux-audit.com >@@ -22,7 +22,7 @@ > # > ################################################################################# > # >- InsertSection "Kernel" >+ InsertSection "${SECTION_KERNEL}" > # > ################################################################################# > # >@@ -81,7 +81,7 @@ > fi > else > LogText "Result: file ${ROOTDIR}etc/inittab not found" >- if [ "${LINUX_VERSION}" = "Debian" -o "${LINUX_VERSION}" = "Ubuntu" ]; then >+ if [ "${LINUX_VERSION}" = "Debian" ] || [ "${LINUX_VERSION}" = "Ubuntu" ] || [ "${LINUX_VERSION_LIKE}" = "Debian" ] || [ "${LINUX_VERSION_LIKE}" = "Ubuntu" ]; then > LogText "Test: Checking run level with who -r, for Debian based systems" > FIND=$(who -r | ${AWKBINARY} '{ if ($1=="run-level") { print $2 } }') > if HasData "${FIND}"; then >@@ -103,7 +103,7 @@ > # Description : Check CPU options and support (PAE, No eXecute, eXecute Disable) > # More info : pae and nx bit are both visible on AMD and Intel CPU's if supported > >- Register --test-no KRNL-5677 --platform x86_64 --os Linux --weight L --network NO --category security --description "Check CPU options and support" >+ Register --test-no KRNL-5677 --platform "x86_64 amd64" --os "Linux NetBSD" --weight L --network NO --category security --description "Check CPU options and support" > if [ ${SKIPTEST} -eq 0 ]; then > Display --indent 2 --text "- Checking CPU support (NX/PAE)" > LogText "Test: Checking /proc/cpuinfo" >@@ -235,12 +235,13 @@ > Register --test-no KRNL-5728 --os Linux --weight L --network NO --category security --description "Checking Linux kernel config" > if [ ${SKIPTEST} -eq 0 ]; then > CHECKFILE="${ROOTDIR}boot/config-$(uname -r)" >+ CHECKFILE_ZIPPED="${ROOTDIR}proc/config.gz" > if [ -f ${CHECKFILE} ]; then > LINUXCONFIGFILE="${CHECKFILE}" > LogText "Result: found config (${LINUXCONFIGFILE})" > Display --indent 2 --text "- Checking Linux kernel configuration file" --result "${STATUS_FOUND}" --color GREEN >- elif [ -f ${ROOTDIR}proc/config.gz ]; then >- LINUXCONFIGFILE="${CHECKFILE}" >+ elif [ -f ${CHECKFILE_ZIPPED} ]; then >+ LINUXCONFIGFILE="${CHECKFILE_ZIPPED}" > LINUXCONFIGFILE_ZIPPED=1 > LogText "Result: found config: ${ROOTDIR}proc/config.gz (compressed)" > Display --indent 2 --text "- Checking Linux kernel configuration file" --result "${STATUS_FOUND}" --color GREEN >@@ -367,9 +368,14 @@ > # > # Test : KRNL-5788 > # Description : Checking availability new kernel >- if [ "${LINUX_VERSION}" = "Debian" -o "${LINUX_VERSION}" = "Ubuntu" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi >+ if [ "${LINUX_VERSION}" = "Debian" ] || [ "${LINUX_VERSION}" = "Ubuntu" ] || [ "${LINUX_VERSION_LIKE}" = "Debian" ] || [ "${LINUX_VERSION_LIKE}" = "Ubuntu" ]; then >+ PREQS_MET="YES" >+ else >+ PREQS_MET="NO" >+ fi > Register --test-no KRNL-5788 --os Linux --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Checking availability new Linux kernel" > if [ ${SKIPTEST} -eq 0 ]; then >+ FINDKERNEL="" > HAS_VMLINUZ=0 > LogText "Test: Searching apt-cache, to determine if a newer kernel is available" > if [ -x ${ROOTDIR}usr/bin/apt-cache ]; then >@@ -378,62 +384,69 @@ > if [ -f ${ROOTDIR}vmlinuz -o -f ${ROOTDIR}boot/vmlinuz ]; then > HAS_VMLINUZ=1 > if [ -f ${ROOTDIR}vmlinuz ]; then >- FINDVMLINUZ=${ROOTDIR}vmlinuz >+ FINDVMLINUZ="${ROOTDIR}vmlinuz" > else >- FINDVMLINUZ=${ROOTDIR}boot/vmlinuz >+ FINDVMLINUZ="${ROOTDIR}boot/vmlinuz" > fi > LogText "Result: found ${FINDVMLINUZ}" > LogText "Test: checking readlink location of ${FINDVMLINUZ}" > FINDKERNFILE=$(readlink -f ${FINDVMLINUZ}) > LogText "Output: readlink reported file ${FINDKERNFILE}" >- LogText "Test: checking package from dpkg -S" >+ LogText "Test: checking relevant package using output from dpkg -S" > FINDKERNEL=$(dpkg -S ${FINDKERNFILE} 2> /dev/null | ${AWKBINARY} -F : '{print $1}') > LogText "Output: dpkg -S reported package ${FINDKERNEL}" > elif [ -e ${ROOTDIR}dev/grsec ]; then >- FINDKERNEL=linux-image-$(uname -r) >+ FINDKERNEL="linux-image-$(uname -r)" > LogText "Result: ${ROOTDIR}vmlinuz missing due to grsecurity; assuming ${FINDKERNEL}" > elif [ -e ${ROOTDIR}etc/rpi-issue ]; then >- FINDKERNEL=raspberrypi-kernel >+ FINDKERNEL="raspberrypi-kernel" > LogText "Result: ${ROOTDIR}vmlinuz missing due to Raspbian" >- elif `${EGREPBINARY} -q 'do_symlinks.*=.*No' ${ROOTDIR}etc/kernel-img.conf`; then >- FINDKERNEL=linux-image-$(uname -r) >+ elif $(${EGREPBINARY} -q 'do_symlinks.*=.*No' ${ROOTDIR}etc/kernel-img.conf); then >+ FINDKERNEL="linux-image-$(uname -r)" > LogText "Result: ${ROOTDIR}vmlinuz missing due to /etc/kernel-img.conf item do_symlinks = No" > else >- LogText "This system is missing ${ROOTDIR}vmlinuz or ${ROOTDIR}boot/vmlinuz. Unable to check whether kernel is up-to-date." >+ LogText "This system is missing ${ROOTDIR}vmlinuz or ${ROOTDIR}boot/vmlinuz. Unable to check whether kernel is up-to-date." > ReportSuggestion "${TEST_NO}" "Determine why ${ROOTDIR}vmlinuz or ${ROOTDIR}boot/vmlinuz is missing on this Debian/Ubuntu system." "/vmlinuz or /boot/vmlinuz" > fi >- LogText "Test: Using apt-cache policy to determine if there is an update available" >- FINDINST=$(apt-cache policy ${FINDKERNEL} | ${EGREPBINARY} 'Installed' | ${CUTBINARY} -d ':' -f2 | ${TRBINARY} -d ' ') >- FINDCAND=$(apt-cache policy ${FINDKERNEL} | ${EGREPBINARY} 'Candidate' | ${CUTBINARY} -d ':' -f2 | ${TRBINARY} -d ' ') >- LogText "Kernel installed: ${FINDINST}" >- LogText "Kernel candidate: ${FINDCAND}" >- if IsEmpty "${FINDINST}"; then >- Display --indent 2 --text "- Checking for available kernel update" --result "${STATUS_UNKNOWN}" --color YELLOW >- LogText "Result: Exception occurred, no output from apt-cache policy" >- if [ ${HAS_VMLINUZ} -eq 1 ]; then >- ReportException "${TEST_NO}:01" >- ReportSuggestion "${TEST_NO}" "Check the output of apt-cache policy to determine why its output is empty" >- fi >- LogText "Result: apt-cache policy did not return an installed kernel version" >+ >+ if IsEmpty "${FINDKERNEL}"; then >+ LogText "Result: could not check kernel update status as kernel is unknown" > else >- if [ "${FINDINST}" = "${FINDCAND}" ]; then >- if [ -e /dev/grsec ]; then >- Display --indent 2 --text "- Checking for available kernel update" --result GRSEC --color GREEN >- LogText "Result: Grsecurity is installed; unable to determine if there's a newer kernel available" >- ReportManual "Manually check to confirm you're using a recent kernel and grsecurity patch" >- else >- Display --indent 2 --text "- Checking for available kernel update" --result "${STATUS_OK}" --color GREEN >- LogText "Result: no kernel update available" >+ LogText "Result: found kernel '${FINDKERNEL}' which will be used for further testing" >+ LogText "Test: Using apt-cache policy to determine if there is an update available" >+ FINDINSTALLED=$(apt-cache policy ${FINDKERNEL} | ${EGREPBINARY} 'Installed' | ${CUTBINARY} -d ':' -f2 | ${TRBINARY} -d ' ') >+ FINDCANDIDATE=$(apt-cache policy ${FINDKERNEL} | ${EGREPBINARY} 'Candidate' | ${CUTBINARY} -d ':' -f2 | ${TRBINARY} -d ' ') >+ LogText "Kernel installed: ${FINDINSTALLED}" >+ LogText "Kernel candidate: ${FINDCANDIDATE}" >+ if IsEmpty "${FINDINSTALLED}"; then >+ Display --indent 2 --text "- Checking for available kernel update" --result "${STATUS_UNKNOWN}" --color YELLOW >+ LogText "Result: Exception occurred, no output from apt-cache policy" >+ if [ ${HAS_VMLINUZ} -eq 1 ]; then >+ ReportException "${TEST_NO}:01" "Found vmlinuz (${FINDVMLINUZ}) but could not determine the installed kernel using apt-cache policy" >+ ReportSuggestion "${TEST_NO}" "Check the output of apt-cache policy to determine why its output is empty" > fi >+ LogText "Result: apt-cache policy did not return an installed kernel version" > else >- Display --indent 2 --text "- Checking for available kernel update" --result "UPDATE AVAILABLE" --color YELLOW >- LogText "Result: kernel update available according 'apt-cache policy'." >- ReportSuggestion "${TEST_NO}" "Determine priority for available kernel update" >+ if [ "${FINDINSTALLED}" = "${FINDCANDIDATE}" ]; then >+ if [ -e /dev/grsec ]; then >+ Display --indent 2 --text "- Checking for available kernel update" --result GRSEC --color GREEN >+ LogText "Result: Grsecurity is installed; unable to determine if there's a newer kernel available" >+ ReportManual "Manually check to confirm you're using a recent kernel and grsecurity patch" >+ else >+ Display --indent 2 --text "- Checking for available kernel update" --result "${STATUS_OK}" --color GREEN >+ LogText "Result: no kernel update available" >+ fi >+ else >+ Display --indent 2 --text "- Checking for available kernel update" --result "UPDATE AVAILABLE" --color YELLOW >+ LogText "Result: kernel update available according 'apt-cache policy'." >+ ReportSuggestion "${TEST_NO}" "Determine priority for available kernel update" >+ fi > fi > fi > else >- LogText "Result: could NOT find /usr/bin/apt-cache, skipped other tests." >+ LogText "Result: could NOT find ${ROOTDIR}usr/bin/apt-cache, skipped other tests." > fi >+ unset FINDCANDIDATE FINDINSTALLED FINDKERNEL HAS_VMLINUZ > fi > # > ################################################################################# >@@ -457,9 +470,9 @@ > # check conf files in possibly existing coredump.conf.d folders > # using find instead of grep -r to stay POSIX compliant. On AIX and HPUX grep -r is not available. > # while there could be multiple files overwriting each other, we are checking the number of occurrences >- SYSD_CORED_SUB_PROCSIZEMAX_NR_DISABLED=$(${FINDBINARY} /etc/systemd/coredump.conf.d/ /run/systemd/coredump.conf.d/ /usr/lib/systemd/coredump.conf.d/ -type f -iname "*.conf" -exec ${SEDBINARY} 's/^ *//g' {} \; 2> /dev/null | ${GREPBINARY} -i "^ProcessSizeMax=" | ${CUTBINARY} -d'=' -f2 | ${SEDBINARY} 's/ .*$//g ; s/\([A-Z][a-z]*\)*$//g' | ${GREPBINARY} "^0 *$" | ${WCBINARY} -l) >- SYSD_CORED_SUB_PROCSIZEMAX_NR_ENABLED=$(${FINDBINARY} /etc/systemd/coredump.conf.d/ /run/systemd/coredump.conf.d/ /usr/lib/systemd/coredump.conf.d/ -type f -iname "*.conf" -exec ${SEDBINARY} 's/^ *//g' {} \; 2> /dev/null | ${GREPBINARY} -i "^ProcessSizeMax=" | ${CUTBINARY} -d'=' -f2 | ${SEDBINARY} 's/ .*$//g ; s/\([A-Z][a-z]*\)*$//g' | ${GREPBINARY} -v "^0 *$" | ${WCBINARY} -l) >- SYSD_CORED_SUB_STORAGE_FOUND=$(${FINDBINARY} /etc/systemd/coredump.conf.d/ /run/systemd/coredump.conf.d/ /usr/lib/systemd/coredump.conf.d/ -type f -iname "*.conf" -exec ${SEDBINARY} 's/^ *//g' {} \; 2> /dev/null | ${GREPBINARY} -i "^Storage=" | ${CUTBINARY} -d'=' -f2 | ${SEDBINARY} 's/ .*$//g') >+ SYSD_CORED_SUB_PROCSIZEMAX_NR_DISABLED=$(${FINDBINARY} -L /etc/systemd/coredump.conf.d/ /run/systemd/coredump.conf.d/ /usr/lib/systemd/coredump.conf.d/ -type f -iname "*.conf" -exec ${SEDBINARY} 's/^ *//g' {} \; 2> /dev/null | ${GREPBINARY} -i "^ProcessSizeMax=" | ${CUTBINARY} -d'=' -f2 | ${SEDBINARY} 's/ .*$//g ; s/\([A-Z][a-z]*\)*$//g' | ${GREPBINARY} "^0 *$" | ${WCBINARY} -l) >+ SYSD_CORED_SUB_PROCSIZEMAX_NR_ENABLED=$(${FINDBINARY} -L /etc/systemd/coredump.conf.d/ /run/systemd/coredump.conf.d/ /usr/lib/systemd/coredump.conf.d/ -type f -iname "*.conf" -exec ${SEDBINARY} 's/^ *//g' {} \; 2> /dev/null | ${GREPBINARY} -i "^ProcessSizeMax=" | ${CUTBINARY} -d'=' -f2 | ${SEDBINARY} 's/ .*$//g ; s/\([A-Z][a-z]*\)*$//g' | ${GREPBINARY} -v "^0 *$" | ${WCBINARY} -l) >+ SYSD_CORED_SUB_STORAGE_FOUND=$(${FINDBINARY} -L /etc/systemd/coredump.conf.d/ /run/systemd/coredump.conf.d/ /usr/lib/systemd/coredump.conf.d/ -type f -iname "*.conf" -exec ${SEDBINARY} 's/^ *//g' {} \; 2> /dev/null | ${GREPBINARY} -i "^Storage=" | ${CUTBINARY} -d'=' -f2 | ${SEDBINARY} 's/ .*$//g') > SYSD_CORED_SUB_STORAGE_NR_ENABLED=$(${ECHOCMD} "${SYSD_CORED_SUB_STORAGE_FOUND}" | ${SEDBINARY} 's/none//g' | ${WCBINARY} | ${AWKBINARY} '{print $2}') > SYSD_CORED_SUB_STORAGE_NR_DISABLED=$(${ECHOCMD} "${SYSD_CORED_SUB_STORAGE_FOUND}" | ${GREPBINARY} -o "none" | ${WCBINARY} | ${AWKBINARY} '{print $2}') > if ( [ ${SYSD_CORED_BASE_PROCSIZEMAX_NR_DISABLED} -ge 1 ] && [ ${SYSD_CORED_BASE_STORAGE_NR_DISABLED} -ge 1 ] && [ ${SYSD_CORED_SUB_PROCSIZEMAX_NR_ENABLED} -eq 0 ] && [ ${SYSD_CORED_SUB_STORAGE_NR_ENABLED} -eq 0 ] ) || \ >@@ -484,13 +497,13 @@ > ( [ ${SYSD_CORED_BASE_PROCSIZEMAX_NR_ENABLED} -ge 1 ] && [ ${SYSD_CORED_SUB_STORAGE_NR_ENABLED} -ge 1 ] ) || \ > ( [ ${SYSD_CORED_BASE_STORAGE_NR_ENABLED} -ge 1 ] && [ ${SYSD_CORED_SUB_PROCSIZEMAX_NR_ENABLED} -ge 1 ] ) || \ > ( [ ${SYSD_CORED_SUB_PROCSIZEMAX_NR_ENABLED} -ge 1 ] && [ ${SYSD_CORED_SUB_STORAGE_NR_ENABLED} -ge 1 ] ); then >- LogText "Result: core dumps are explicitely enabled in systemd configuration files" >+ LogText "Result: core dumps are explicitly enabled in systemd configuration files" > ReportSuggestion "${TEST_NO}" "If not required, consider explicit disabling of core dump in ${ROOTDIR}etc/systemd/coredump.conf ('ProcessSizeMax=0', 'Storage=none')" > Display --indent 4 --text "- configuration in systemd conf files" --result "${STATUS_ENABLED}" --color RED > AddHP 0 1 > else > LogText "Result: core dumps are not disabled in systemd configuration. Didn't find settings 'ProcessSizeMax=0' and 'Storage=none'" >- Display --indent 4 --text "- configuration in systemd conf files" --result "DEFAULT" --color WHITE >+ Display --indent 4 --text "- configuration in systemd conf files" --result "${STATUS_DEFAULT}" --color WHITE > AddHP 0 1 > fi > fi >@@ -500,81 +513,84 @@ > LogText "Test: Checking if 'ulimit -c 0' exists in ${ROOTDIR}etc/profile or ${ROOTDIR}etc/profile.d/*.sh" > # use tail -1 in the following commands to get the last entry, which is the one that counts (in case of profile.d/ probably counts) > ULIMIT_C_VALUE="$(${GREPBINARY} "ulimit -c " ${ROOTDIR}etc/profile 2> /dev/null | ${SEDBINARY} 's/^ *//g' | ${GREPBINARY} -v "^#" | ${TAILBINARY} -1 | ${CUTBINARY} -d' ' -f3 | ${SEDBINARY} 's/ .*$//g ; s/\([A-Z][a-z]*\)*$//g')" >- ULIMIT_C_VALUE_SUB="$(${FINDBINARY} ${ROOTDIR}etc/profile.d -name "*.sh" -type f -exec ${CAT_BINARY} {} \; 2> /dev/null | ${GREPBINARY} "ulimit -c " | ${SEDBINARY} 's/^ *//g' | ${GREPBINARY} -v "^#" | ${TAILBINARY} -1 | ${CUTBINARY} -d' ' -f3 | ${SEDBINARY} 's/ .*$//g ; s/\([A-Z][a-z]*\)*$//g')" >+ ULIMIT_C_VALUE_SUB="$(${FINDBINARY} -L ${ROOTDIR}etc/profile.d -name "*.sh" -type f -exec ${CAT_BINARY} {} \; 2> /dev/null | ${GREPBINARY} "ulimit -c " | ${SEDBINARY} 's/^ *//g' | ${GREPBINARY} -v "^#" | ${TAILBINARY} -1 | ${CUTBINARY} -d' ' -f3 | ${SEDBINARY} 's/ .*$//g ; s/\([A-Z][a-z]*\)*$//g')" > if ( [ -n "${ULIMIT_C_VALUE_SUB}" ] && [ "${ULIMIT_C_VALUE_SUB}" = "0" ] ) || ( [ -n "${ULIMIT_C_VALUE}" ] && [ -z "${ULIMIT_C_VALUE_SUB}" ] && [ "${ULIMIT_C_VALUE}" = "0" ] ); then > LogText "Result: core dumps are disabled by 'ulimit -c 0' in ${ROOTDIR}etc/profile or ${ROOTDIR}etc/profile.d/*.sh" > Display --indent 4 --text "- configuration in etc/profile" --result "${STATUS_DISABLED}" --color GREEN > AddHP 1 1 > elif [ -z "${ULIMIT_C_VALUE_SUB}" ] && [ -z "${ULIMIT_C_VALUE}" ]; then > LogText "Result: core dumps are not disabled in ${ROOTDIR}etc/profile or ${ROOTDIR}etc/profile.d/*.sh config files. Didn't find setting 'ulimit -c 0'" >- Display --indent 4 --text "- configuration in etc/profile" --result "DEFAULT" --color WHITE >+ Display --indent 4 --text "- configuration in ${ROOTDIR}etc/profile" --result "${STATUS_DEFAULT}" --color WHITE > AddHP 0 1 > elif ( [ -n "${ULIMIT_C_VALUE_SUB}" ] && ( [ "${ULIMIT_C_VALUE_SUB}" = "unlimited" ] || [ "${ULIMIT_C_VALUE_SUB}" != "0" ] ) ) || ( [ -n "${ULIMIT_C_VALUE}" ] && [ -z "${ULIMIT_C_VALUE_SUB}" ] && ( [ "${ULIMIT_C_VALUE}" = "unlimited" ] || [ "${ULIMIT_C_VALUE}" != "0" ] ) ); then > LogText "Result: core dumps are enabled in ${ROOTDIR}etc/profile or ${ROOTDIR}etc/profile.d/*.sh config files. A value higher than 0 is configured for 'ulimit -c'" >- Display --indent 4 --text "- configuration in etc/profile" --result "${STATUS_ENABLED}" --color RED >+ Display --indent 4 --text "- configuration in ${ROOTDIR}etc/profile" --result "${STATUS_ENABLED}" --color RED > AddHP 0 1 > else > LogText "Result: ERROR - something went wrong. Unexpected result during check of ${ROOTDIR}etc/profile and ${ROOTDIR}etc/profile.d/*.sh config files. Please report on Github!" >- Display --indent 4 --text "- configuration in etc/profile" --result "ERROR" --color YELLOW >+ Display --indent 4 --text "- configuration in ${ROOTDIR}etc/profile" --result "${STATUS_ERROR}" --color YELLOW > fi > fi >- # Limits option >- LogText "Test: Checking presence ${ROOTDIR}etc/security/limits.conf" >- if [ -f "${ROOTDIR}etc/security/limits.conf" ]; then >- LogText "Result: file ${ROOTDIR}etc/security/limits.conf exists" >- LogText "Test: Checking if core dumps are disabled in ${ROOTDIR}etc/security/limits.conf and ${LIMITS_DIRECTORY}/*" >- # using find instead of grep -r to stay POSIX compliant. On AIX and HPUX grep -r is not available. >- FIND1=$(${FINDBINARY} "${ROOTDIR}etc/security/limits.conf" "${LIMITS_DIRECTORY}" -type f -exec ${CAT_BINARY} {} \; 2> /dev/null | ${GREPBINARY} -v "^$" | ${AWKBINARY} '{ if ($1=="*" && $2=="soft" && $3=="core" && $4=="0") { print "soft core disabled" } else if ($1=="*" && $2=="soft" && $3=="core" && $4!="0") { print "soft core enabled" } }' | ${TAILBINARY} -1) >- FIND2=$(${FINDBINARY} "${ROOTDIR}etc/security/limits.conf" "${LIMITS_DIRECTORY}" -type f -exec ${CAT_BINARY} {} \; 2> /dev/null | ${GREPBINARY} -v "^$" | ${AWKBINARY} '{ if ($1=="*" && $2=="hard" && $3=="core" && $4=="0") { print "hard core disabled" } else if ($1=="*" && $2=="hard" && $3=="core" && $4!="0") { print "hard core enabled" } }' | ${TAILBINARY} -1) >- FIND3=$(${FINDBINARY} "${ROOTDIR}etc/security/limits.conf" "${LIMITS_DIRECTORY}" -type f -exec ${CAT_BINARY} {} \; 2> /dev/null | ${GREPBINARY} -v "^$" | ${AWKBINARY} '{ if ($1=="*" && $2=="-" && $3=="core" && $4=="0") { print "core dumps disabled" } else if ($1=="*" && $2=="-" && $3=="core" && $4!="0") { print "core dumps enabled" } }' | ${TAILBINARY} -1) >+ >+ # Limits options >+ for DIR in "/" "/usr/"; do >+ LogText "Test: Checking presence ${DIR}etc/security/limits.conf" >+ if [ -f "${DIR}etc/security/limits.conf" ]; then >+ LogText "Result: file ${DIR}etc/security/limits.conf exists" >+ LogText "Test: Checking if core dumps are disabled in ${DIR}etc/security/limits.conf and ${LIMITS_DIRECTORY}/*" >+ # using find instead of grep -r to stay POSIX compliant. On AIX and HPUX grep -r is not available. >+ FIND1=$(${FINDBINARY} -L "${DIR}etc/security/limits.conf" "${LIMITS_DIRECTORY}" -type f -exec ${CAT_BINARY} {} \; 2> /dev/null | ${GREPBINARY} -v "^$" | ${AWKBINARY} '{ if ($1=="*" && $2=="soft" && $3=="core" && $4=="0") { print "soft core disabled" } else if ($1=="*" && $2=="soft" && $3=="core" && $4!="0") { print "soft core enabled" } }' | ${TAILBINARY} -1) >+ FIND2=$(${FINDBINARY} -L "${DIR}etc/security/limits.conf" "${LIMITS_DIRECTORY}" -type f -exec ${CAT_BINARY} {} \; 2> /dev/null | ${GREPBINARY} -v "^$" | ${AWKBINARY} '{ if ($1=="*" && $2=="hard" && $3=="core" && $4=="0") { print "hard core disabled" } else if ($1=="*" && $2=="hard" && $3=="core" && $4!="0") { print "hard core enabled" } }' | ${TAILBINARY} -1) >+ FIND3=$(${FINDBINARY} -L "${DIR}etc/security/limits.conf" "${LIMITS_DIRECTORY}" -type f -exec ${CAT_BINARY} {} \; 2> /dev/null | ${GREPBINARY} -v "^$" | ${AWKBINARY} '{ if ($1=="*" && $2=="-" && $3=="core" && $4=="0") { print "core dumps disabled" } else if ($1=="*" && $2=="-" && $3=="core" && $4!="0") { print "core dumps enabled" } }' | ${TAILBINARY} -1) > >- # When "* - core [value]" is used, then this sets both soft and core. In that case we set the values, as they the type 'hard' and 'soft' will not be present in the configuration file. >- if [ "${FIND3}" = "core dumps disabled" ]; then >- FIND1="soft core disabled" >- FIND2="hard core disabled" >- elif [ "${FIND3}" = "core dumps enabled" ]; then >- FIND1="soft core enabled" >- FIND2="hard core enabled" >- fi >+ # When "* - core [value]" is used, then this sets both soft and core. In that case we set the values, as they the type 'hard' and 'soft' will not be present in the configuration file. >+ if [ "${FIND3}" = "core dumps disabled" ]; then >+ FIND1="soft core disabled" >+ FIND2="hard core disabled" >+ elif [ "${FIND3}" = "core dumps enabled" ]; then >+ FIND1="soft core enabled" >+ FIND2="hard core enabled" >+ fi > >- IS_SOFTCORE_DISABLED="$(if [ "${FIND1}" = "soft core disabled" ]; then ${ECHOCMD} DISABLED; elif [ "${FIND1}" = "soft core enabled" ]; then ${ECHOCMD} ENABLED; else ${ECHOCMD} DEFAULT; fi)" >- IS_HARDCORE_DISABLED="$(if [ "${FIND2}" = "hard core disabled" ]; then ${ECHOCMD} DISABLED; elif [ "${FIND2}" = "hard core enabled" ]; then ${ECHOCMD} ENABLED; else ${ECHOCMD} DEFAULT; fi)" >+ IS_SOFTCORE_DISABLED="$(if [ "${FIND1}" = "soft core disabled" ]; then ${ECHOCMD} DISABLED; elif [ "${FIND1}" = "soft core enabled" ]; then ${ECHOCMD} ENABLED; else ${ECHOCMD} ${STATUS_DEFAULT}; fi)" >+ IS_HARDCORE_DISABLED="$(if [ "${FIND2}" = "hard core disabled" ]; then ${ECHOCMD} DISABLED; elif [ "${FIND2}" = "hard core enabled" ]; then ${ECHOCMD} ENABLED; else ${ECHOCMD} ${STATUS_DEFAULT}; fi)" > >- if [ "${FIND2}" = "hard core disabled" ]; then >- LogText "Result: core dumps are hard disabled" >- Display --indent 4 --text "- 'hard' configuration in security/limits.conf" --result "${IS_HARDCORE_DISABLED}" --color "GREEN" >- if [ "${FIND1}" = "soft core disabled" ]; then >- Display --indent 4 --text "- 'soft' configuration in security/limits.conf" --result "${IS_SOFTCORE_DISABLED}" --color "GREEN" >+ if [ "${FIND2}" = "hard core disabled" ]; then >+ LogText "Result: core dumps are hard disabled" >+ Display --indent 4 --text "- 'hard' configuration in ${DIR}etc/security/limits.conf" --result "${IS_HARDCORE_DISABLED}" --color "GREEN" >+ if [ "${FIND1}" = "soft core disabled" ]; then >+ Display --indent 4 --text "- 'soft' configuration in ${DIR}etc/security/limits.conf" --result "${IS_SOFTCORE_DISABLED}" --color "GREEN" >+ else >+ Display --indent 4 --text "- 'soft' config in ${DIR}etc/security/limits.conf (implicit)" --result "${STATUS_DISABLED}" --color "GREEN" >+ fi >+ AddHP 3 3 >+ elif [ "${FIND1}" = "soft core enabled" ] && [ "${FIND2}" = "hard core enabled" ]; then >+ LogText "Result: core dumps (soft and hard) are enabled" >+ Display --indent 4 --text "- 'hard' configuration in ${DIR}etc/security/limits.conf" --result "${STATUS_ENABLED}" --color "RED" >+ Display --indent 4 --text "- 'soft' configuration in ${DIR}etc/security/limits.conf" --result "${STATUS_ENABLED}" --color "RED" >+ ReportSuggestion "${TEST_NO}" "If not required, consider explicit disabling of core dump in /etc/security/limits.conf file" >+ AddHP 0 3 >+ elif [ "${FIND1}" = "soft core disabled" ]; then >+ LogText "Result: core dumps are disabled for 'soft' ('hard'=${IS_HARDCORE_DISABLED})" >+ Display --indent 4 --text "- 'hard' configuration in ${DIR}etc/security/limits.conf" --result "${IS_HARDCORE_DISABLED}" --color "$(if [ "${IS_HARDCORE_DISABLED}" = "ENABLED" ]; then ${ECHOCMD} RED; elif [ "${IS_HARDCORE_DISABLED}" = "DISABLED" ]; then ${ECHOCMD} GREEN; else ${ECHOCMD} WHITE; fi)" >+ Display --indent 4 --text "- 'soft' configuration in ${DIR}etc/security/limits.conf" --result "${IS_SOFTCORE_DISABLED}" --color "GREEN" >+ AddHP 2 3 >+ elif [ "${FIND1}" = "soft core enabled" ] || [ "${FIND2}" = "hard core enabled" ]; then >+ LogText "Result: core dumps are partially enabled ('hard'=${IS_HARDCORE_DISABLED}, 'soft'=${IS_SOFTCORE_DISABLED})" >+ Display --indent 4 --text "- 'hard' configuration in ${DIR}etc/security/limits.conf" --result "${IS_HARDCORE_DISABLED}" --color "$(if [ "${IS_HARDCORE_DISABLED}" = "ENABLED" ]; then ${ECHOCMD} RED; elif [ "${IS_HARDCORE_DISABLED}" = "DISABLED" ]; then ${ECHOCMD} GREEN; else ${ECHOCMD} WHITE; fi)" >+ Display --indent 4 --text "- 'soft' configuration in ${DIR}etc/security/limits.conf" --result "${IS_SOFTCORE_DISABLED}" --color "$(if [ "${IS_SOFTCORE_DISABLED}" = "ENABLED" ]; then ${ECHOCMD} RED; elif [ "${IS_SOFTCORE_DISABLED}" = "DISABLED" ]; then ${ECHOCMD} GREEN; else ${ECHOCMD} WHITE; fi)" >+ AddHP 0 3 > else >- Display --indent 4 --text "- 'soft' config in security/limits.conf (implicit)" --result "${STATUS_DISABLED}" --color "GREEN" >+ LogText "Result: core dumps are not explicitly disabled" >+ Display --indent 4 --text "- 'hard' configuration in ${DIR}etc/security/limits.conf" --result "${IS_HARDCORE_DISABLED}" --color "WHITE" >+ Display --indent 4 --text "- 'soft' configuration in ${DIR}etc/security/limits.conf" --result "${IS_HARDCORE_DISABLED}" --color "WHITE" >+ ReportSuggestion "${TEST_NO}" "If not required, consider explicit disabling of core dump in ${DIR}etc/security/limits.conf file" >+ AddHP 1 3 > fi >- AddHP 3 3 >- elif [ "${FIND1}" = "soft core enabled" ] && [ "${FIND2}" = "hard core enabled" ]; then >- LogText "Result: core dumps (soft and hard) are enabled" >- Display --indent 4 --text "- 'hard' configuration in security/limits.conf" --result "${STATUS_ENABLED}" --color "RED" >- Display --indent 4 --text "- 'soft' configuration in security/limits.conf" --result "${STATUS_ENABLED}" --color "RED" >- ReportSuggestion "${TEST_NO}" "If not required, consider explicit disabling of core dump in /etc/security/limits.conf file" >- AddHP 0 3 >- elif [ "${FIND1}" = "soft core disabled" ]; then >- LogText "Result: core dumps are disabled for 'soft' ('hard'=${IS_HARDCORE_DISABLED})" >- Display --indent 4 --text "- 'hard' configuration in security/limits.conf" --result "${IS_HARDCORE_DISABLED}" --color "$(if [ "${IS_HARDCORE_DISABLED}" = "ENABLED" ]; then ${ECHOCMD} RED; elif [ "${IS_HARDCORE_DISABLED}" = "DISABLED" ]; then ${ECHOCMD} GREEN; else ${ECHOCMD} WHITE; fi)" >- Display --indent 4 --text "- 'soft' configuration in security/limits.conf" --result "${IS_SOFTCORE_DISABLED}" --color "GREEN" >- AddHP 2 3 >- elif [ "${FIND1}" = "soft core enabled" ] || [ "${FIND2}" = "hard core enabled" ]; then >- LogText "Result: core dumps are partially enabled ('hard'=${IS_HARDCORE_DISABLED}, 'soft'=${IS_SOFTCORE_DISABLED})" >- Display --indent 4 --text "- 'hard' configuration in security/limits.conf" --result "${IS_HARDCORE_DISABLED}" --color "$(if [ "${IS_HARDCORE_DISABLED}" = "ENABLED" ]; then ${ECHOCMD} RED; elif [ "${IS_HARDCORE_DISABLED}" = "DISABLED" ]; then ${ECHOCMD} GREEN; else ${ECHOCMD} WHITE; fi)" >- Display --indent 4 --text "- 'soft' configuration in security/limits.conf" --result "${IS_SOFTCORE_DISABLED}" --color "$(if [ "${IS_SOFTCORE_DISABLED}" = "ENABLED" ]; then ${ECHOCMD} RED; elif [ "${IS_SOFTCORE_DISABLED}" = "DISABLED" ]; then ${ECHOCMD} GREEN; else ${ECHOCMD} WHITE; fi)" >- AddHP 0 3 > else >- LogText "Result: core dumps are not explicitly disabled" >- Display --indent 4 --text "- 'hard' configuration in security/limits.conf" --result "${IS_HARDCORE_DISABLED}" --color "WHITE" >- Display --indent 4 --text "- 'soft' configuration in security/limits.conf" --result "${IS_HARDCORE_DISABLED}" --color "WHITE" >- ReportSuggestion "${TEST_NO}" "If not required, consider explicit disabling of core dump in ${ROOTDIR}etc/security/limits.conf file" >- AddHP 1 3 >+ LogText "Result: file ${DIR}etc/security/limits.conf does not exist, skipping test for this file" > fi >- else >- LogText "Result: file ${ROOTDIR}etc/security/limits.conf does not exist, skipping test" >- fi >+ done > > # Sysctl option > LogText "Test: Checking sysctl value of fs.suid_dumpable" >@@ -586,18 +602,18 @@ > fi > if [ "${FIND}" = "2" ]; then > LogText "Result: programs can dump core dump, but only readable by root (value 2, for debugging with file protection)" >- Display --indent 4 --text "- Checking setuid core dumps configuration" --result PROTECTED --color WHITE >+ Display --indent 4 --text "- Checking setuid core dumps configuration" --result "${STATUS_PROTECTED}" --color WHITE > AddHP 1 1 > elif [ "${FIND}" = "1" ]; then > LogText "Result: all programs can perform core dumps (value 1, for debugging)" >- Display --indent 2 --text "- Checking setuid core dumps configuration" --result DEBUG --color YELLOW >+ Display --indent 2 --text "- Checking setuid core dumps configuration" --result "${STATUS_DEBUG}" --color YELLOW > ReportSuggestion "${TEST_NO}" "Determine if all binaries need to be able to core dump" > AddHP 0 1 > else > # 0 - (default) - traditional behaviour. Any process which has changed privilege levels or is execute only will not be dumped > # https://www.kernel.org/doc/Documentation/sysctl/fs.txt > LogText "Result: found default option (0), no execute only program or program with changed privilege levels can dump" >- Display --indent 4 --text "- Checking setuid core dumps configuration" --result DISABLED --color GREEN >+ Display --indent 4 --text "- Checking setuid core dumps configuration" --result "${STATUS_DISABLED}" --color GREEN > AddHP 1 1 > fi > fi >@@ -609,25 +625,29 @@ > Register --test-no KRNL-5830 --os Linux --weight L --network NO --category security --description "Checking if system is running on the latest installed kernel" > if [ ${SKIPTEST} -eq 0 ]; then > REBOOT_NEEDED=2 >- FILE="${ROOTDIR}var/run/reboot-required.pkgs" >- LogText "Test: Checking presence ${FILE}" >- if [ -f ${FILE} ]; then >- LogText "Result: file ${FILE} exists" >- FIND=$(${WCBINARY} -l < ${FILE}) >- if [ "${FIND}" = "0" ]; then >- LogText "Result: No reboot needed (file empty)" >- REBOOT_NEEDED=0 >+ for FILE in "${ROOTDIR}var/run/reboot-required.pkgs" "${ROOTDIR}var/run/needs_restarting" >+ do >+ LogText "Test: Checking presence ${FILE}" >+ if [ -f ${FILE} ]; then >+ LogText "Result: file ${FILE} exists" >+ FIND=$(${WCBINARY} -l < ${FILE}) >+ if [ "${FIND}" = "0" ]; then >+ LogText "Result: No reboot needed (file empty)" >+ REBOOT_NEEDED=0 >+ break >+ else >+ PKGSCOUNT=$(${WCBINARY} -l < ${FILE}) >+ LogText "Result: reboot is needed, related to ${PKGSCOUNT} packages" >+ for I in ${FIND}; do >+ LogText "Package: ${I}" >+ done >+ REBOOT_NEEDED=1 >+ break >+ fi > else >- PKGSCOUNT=$(${WCBINARY} -l < ${FILE}) >- LogText "Result: reboot is needed, related to ${PKGSCOUNT} packages" >- for I in ${FIND}; do >- LogText "Package: ${I}" >- done >- REBOOT_NEEDED=1 >+ LogText "Result: file ${FILE} not found" > fi >- else >- LogText "Result: file ${FILE} not found" >- fi >+ done > > # Check if /boot exists > if [ -d "${ROOTDIR}boot" ]; then >@@ -657,15 +677,22 @@ > ReportException "${TEST_NO}:1" "Can't determine kernel version on disk, need debug data" > fi > elif [ -f ${ROOTDIR}boot/vmlinuz-linux ] || [ -f ${ROOTDIR}boot/vmlinuz-linux-lts ] || [ -f "$(${LSBINARY} -t ${ROOTDIR}boot/vm[l0-9]* 2> /dev/null | ${HEADBINARY} -1)" ]; then >- if [ -f ${ROOTDIR}boot/vmlinuz-linux ]; then >+ if [ -f ${ROOTDIR}boot/vmlinuz ]; then >+ LogText "Result: found ${ROOTDIR}boot/vmlinuz" >+ FOUND_VMLINUZ=${ROOTDIR}boot/vmlinuz >+ elif [ -f ${ROOTDIR}boot/vmlinuz-linux ]; then > LogText "Result: found ${ROOTDIR}boot/vmlinuz-linux" > FOUND_VMLINUZ=${ROOTDIR}boot/vmlinuz-linux > elif [ -f ${ROOTDIR}boot/vmlinuz-linux-lts ]; then > LogText "Result: found ${ROOTDIR}boot/vmlinuz-linux-lts" > FOUND_VMLINUZ=${ROOTDIR}boot/vmlinuz-linux-lts >+ elif [ -f ${ROOTDIR}boot/vmlinuz-lts ]; then >+ LogText "Result: found ${ROOTDIR}boot/vmlinuz-lts" >+ FOUND_VMLINUZ=${ROOTDIR}boot/vmlinuz-lts > else >- # Match on /boot/vm5.3.7 or /boot/vmlinuz-5.3.7-1-default >- FOUND_VMLINUZ=$(${LSBINARY} -t ${ROOTDIR}boot/vm[l0-9]* 2> /dev/null | ${HEADBINARY} -1) >+ # Match on items like /boot/vm5.3.7 or /boot/vmlinuz-5.3.7-1-default. Sort based on versions (-v) and then find the last item >+ # Note: ignore a rescue kernel (e.g. CentOS) >+ FOUND_VMLINUZ=$(${LSBINARY} -v ${ROOTDIR}boot/vm[l0-9]* 2> /dev/null | ${GREPBINARY} -v '\-rescue\-' | ${TAILBINARY} -1) > LogText "Result: found ${FOUND_VMLINUZ}" > fi > >@@ -674,10 +701,24 @@ > LogText "Result: found a symlink, retrieving destination" > FOUND_VMLINUZ=$(readlink "${FOUND_VMLINUZ}") > LogText "Result: destination file is ${FOUND_VMLINUZ}" >- VERSION_ON_DISK=$(echo ${FOUND_VMLINUZ} | ${SEDBINARY} 's/^vmlinuz-//') >+ VERSION_ON_DISK=$(echo ${FOUND_VMLINUZ} | ${SEDBINARY} 's#^/boot/##' | ${SEDBINARY} 's/^vmlinuz-//') > LogText "Result: version derived from file name is '${VERSION_ON_DISK}'" >+ elif [ -f "${FOUND_VMLINUZ}" ]; then >+ VERSION_ON_DISK=$(echo ${FOUND_VMLINUZ} | ${SEDBINARY} 's#^/boot/##' | ${SEDBINARY} 's/^vmlinuz-//' | ${SEDBINARY} '$s/-\?\(linux\)\?-\?\(lts\)\?//') >+ LogText "Result: version derived from file name is '${VERSION_ON_DISK}'" >+ > fi > >+ # Data check: perform reset if we found a version but looks incomplete >+ # Example: Arch Linux will return only 'linux' as its version after it discovered /boot/vmlinuz-linux >+ case ${VERSION_ON_DISK} in >+ "linux" | "linux-lts") >+ LogText "Result: reset of version (${VERSION_ON_DISK}) as it looks incomplete" >+ VERSION_ON_DISK="" >+ ;; >+ esac >+ >+ # If we did not find the version yet, see if we can extract it from the magic data that 'file' returns > if [ -z "${VERSION_ON_DISK}" ]; then > LogText "Test: checking kernel version on disk" > NEXTLINE=0 >@@ -693,6 +734,7 @@ > done > fi > >+ # Last check if we finally got a version or not > if [ -z "${VERSION_ON_DISK}" ]; then > LogText "Result: could not find the version on disk" > ReportException "${TEST_NO}:4" "Could not find the kernel version" >@@ -724,6 +766,7 @@ > done > # Display kernels, extract version numbers and ${SORTBINARY} them numeric per column (up to 6 numbers) > # Ignore rescue images. Remove generic. and huge. for Slackware machines >+ # TODO: see if this can be simplified using ls -v sorting > LogText "Action: checking relevant kernels" > KERNELS=$(${LSBINARY} /boot/vmlinuz* | ${GREPBINARY} -v rescue | ${SEDBINARY} 's/vmlinuz-//' | ${SEDBINARY} 's/generic.//' | ${SEDBINARY} 's/huge.//' | ${SEDBINARY} 's/\.[a-z].*.//g' | ${SEDBINARY} 's/-[a-z].*.//g' | ${SEDBINARY} 's./boot/..' | ${SEDBINARY} 's/-/./g' | ${SORTBINARY} -n -k1,1 -k2,2 -k3,3 -k4,4 -k5,5 -k6,6 -t \.) > KERNELS_ONE_LINE=$(${ECHOCMD} ${KERNELS} | ${TRBINARY} '\n' ' ') >@@ -776,7 +819,7 @@ > # Attempt to check for Raspbian if reboot is needed > # This check searches for apt package "raspberrypi-kernel-[package-date]", trys to extract the date of packaging from the filename > # and compares that date with the currently running kernel's build date (uname -v). >- # Of course there can be a time difference between kernel build and kernel packaging, therefor a time difference of >+ # Of course there can be a time difference between kernel build and kernel packaging, therefore a time difference of > # 3 days is accepted and it is assumed with only 3 days apart, this must be the same kernel version. > if [ ${REBOOT_NEEDED} -eq 2 ] && [ -d "${APT_ARCHIVE_DIRECTORY}" ]; then > LogText "Result: found folder ${APT_ARCHIVE_DIRECTORY}; assuming this is a debian based distribution" >@@ -894,4 +937,4 @@ > > # > #================================================================================ >-# Lynis - Copyright 2007-2020, CISOfy - https://cisofy.com >+# Lynis - Copyright 2007-2021, CISOfy - https://cisofy.com >diff -ur lynis-3.0.0/include/tests_kernel_hardening lynis-3.0.8/include/tests_kernel_hardening >--- lynis-3.0.0/include/tests_kernel_hardening 2020-06-18 03:00:00 >+++ lynis-3.0.8/include/tests_kernel_hardening 2022-05-17 03:00:00 >@@ -6,7 +6,7 @@ > # ------------------ > # > # Copyright 2007-2013, Michael Boelen >-# Copyright 2007-2020, CISOfy >+# Copyright 2007-2021, CISOfy > # > # Website : https://cisofy.com > # Blog : http://linux-audit.com >@@ -22,13 +22,13 @@ > # > ################################################################################# > # >- InsertSection "Kernel Hardening" >+ InsertSection "${SECTION_KERNEL_HARDENING}" > # > ################################################################################# > # > # Test : KRNL-6000 > # Description : Check sysctl parameters >- # Sysctl : net.ipv4.icmp_ingore_bogus_error_responses (=1) >+ # Sysctl : net.ipv4.icmp_ignore_bogus_error_responses (=1) > if [ ! "${SYSCTL_READKEY}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi > Register --test-no KRNL-6000 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check sysctl key pairs in scan profile" > if [ ${SKIPTEST} -eq 0 ]; then >@@ -89,7 +89,7 @@ > AddHP ${tFINDhp} ${tFINDhp} > else > LogText "Result: sysctl key ${tFINDkey} has a different value than expected in scan profile. Expected=${tFINDexpvalue}, Real=${tFINDcurvalue}" >- Display --indent 4 --text "- ${tFINDkey} (exp: ${tFINDexpvalue})" --result DIFFERENT --color RED >+ Display --indent 4 --text "- ${tFINDkey} (exp: ${tFINDexpvalue})" --result "${STATUS_DIFFERENT}" --color RED > AddHP 0 ${tFINDhp} > FOUND=1 > N=$((N + 1)) >diff -ur lynis-3.0.0/include/tests_ldap lynis-3.0.8/include/tests_ldap >--- lynis-3.0.0/include/tests_ldap 2020-06-18 03:00:00 >+++ lynis-3.0.8/include/tests_ldap 2022-05-17 03:00:00 >@@ -6,7 +6,7 @@ > # ------------------ > # > # Copyright 2007-2013, Michael Boelen >-# Copyright 2007-2020, CISOfy >+# Copyright 2007-2021, CISOfy > # > # Website : https://cisofy.com > # Blog : http://linux-audit.com >@@ -22,7 +22,7 @@ > # > ################################################################################# > # >- InsertSection "LDAP Services" >+ InsertSection "${SECTION_LDAP_SERVICES}" > # > ################################################################################# > # >diff -ur lynis-3.0.0/include/tests_logging lynis-3.0.8/include/tests_logging >--- lynis-3.0.0/include/tests_logging 2020-06-18 03:00:00 >+++ lynis-3.0.8/include/tests_logging 2022-05-17 03:00:00 >@@ -6,7 +6,7 @@ > # ------------------ > # > # Copyright 2007-2013, Michael Boelen >-# Copyright 2007-2020, CISOfy >+# Copyright 2007-2021, CISOfy > # > # Website : https://cisofy.com > # Blog : http://linux-audit.com >@@ -28,7 +28,9 @@ > METALOG_RUNNING=0 > RFC3195D_RUNNING=0 > RSYSLOG_RUNNING=0 >+ SOLARIS_LOGHOST="" > SOLARIS_LOGHOST_FOUND=0 >+ SOLARIS_LOGHOST_LOCALHOST=0 > SYSLOG_DAEMON_PRESENT=0 > SYSLOG_DAEMON_RUNNING=0 > SYSLOG_NG_RUNNING=0 >@@ -36,7 +38,7 @@ > # > ################################################################################# > # >- InsertSection "Logging and files" >+ InsertSection "${SECTION_LOGGING_AND_FILES}" > > # Test : LOGG-2130 > # Description : Check for a running syslog daemon >@@ -175,14 +177,14 @@ > # > # Test : LOGG-2138 > # Description : Check for kernel log daemon (klogd) presence on Linux systems >- # Notes : * When using rsyslog or systemd (systemd-journal), this process is not needed. >+ # Notes : * When using metalog, rsyslog or systemd (systemd-journal), this process is not needed. > # * In combination with syslog-ng, klogd is still an addition to it, since it > # captures kernel related events and send them to syslog-ng. > # * This test should be below all other logging daemons > Register --test-no LOGG-2138 --os Linux --weight L --network NO --category security --description "Checking kernel logger daemon on Linux" > if [ ${SKIPTEST} -eq 0 ]; then > LogText "Test: Searching kernel logger daemon (klogd)" >- if [ ${RSYSLOG_RUNNING} -eq 0 -a ${SYSTEMD_JOURNAL_RUNNING} -eq 0 ]; then >+ if [ ${RSYSLOG_RUNNING} -eq 0 ] && [ ${SYSTEMD_JOURNAL_RUNNING} -eq 0 ] && [ ${METALOG_RUNNING} -eq 0 ]; then > # Search for klogd, but ignore other lines related to klogd (like dd with input/output file) > #FIND=$(${PSBINARY} ax | ${GREPBINARY} "klogd" | ${GREPBINARY} -v "dd" | ${GREPBINARY} -v "grep") > if IsRunning "klogd"; then >@@ -305,6 +307,7 @@ > LogText "Result: Checking for loghost in /etc/inet/hosts" > FIND=$(${GREPBINARY} loghost /etc/inet/hosts | ${GREPBINARY} -v "^#") > if [ -n "${FIND}" ]; then >+ SOLARIS_LOGHOST="${FIND}" > SOLARIS_LOGHOST_FOUND=1 > LogText "Result: Found loghost entry in /etc/inet/hosts" > else >@@ -314,6 +317,7 @@ > LogText "Result: Checking for loghost via name resolving" > FIND=$(getent hosts loghost | ${GREPBINARY} loghost) > if [ -n "${FIND}" ]; then >+ SOLARIS_LOGHOST="${FIND}" > SOLARIS_LOGHOST_FOUND=1 > LogText "Result: name resolving was successful" > LogText "Output: ${FIND}" >@@ -335,6 +339,26 @@ > # > ################################################################################# > # >+ # Test : LOGG-2153 >+ # Description : Check Solaris 'loghost' entry is not localhost, meaning >+ # remote logging is not configured. >+ if [ ${SOLARIS_LOGHOST_FOUND} -eq 1 ] && [ -n "${SOLARIS_LOGHOST}" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi >+ Register --test-no LOGG-2153 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Checking loghost is localhost" >+ if [ ${SKIPTEST} -eq 0 ]; then >+ FIND=$(echo "${SOLARIS_LOGHOST}" | ${AWKBINARY} '{ print $1 }' | ${EGREPBINARY} "::1|127.0.0.1|127.1") >+ if [ -n "${FIND}" ]; then >+ SOLARIS_LOGHOST_LOCALHOST=1 >+ LogText "Result: loghost entry is localhost (default)" >+ Display --indent 4 --text "- Checking loghost entry is localhost" --result "${STATUS_YES}" --color YELLOW >+ ReportSuggestion "${TEST_NO}" "Set loghost entry to a remote location to enable remote logging." >+ else >+ Display --indent 4 --text "- Checking loghost entry is localhost" --result "${STATUS_NO}" --color GREEN >+ fi >+ fi >+ >+# >+################################################################################# >+# > # Test : LOGG-2154 > # Description : Check to see if remote logging is enabled > # Notes : prevent lines showing up with commands in it (like |mail) >@@ -363,7 +387,7 @@ > fi > TARGET="${ROOTDIR}etc/rsyslog.d" > if [ -d ${TARGET} ]; then >- FILES=$(${FINDBINARY} ${TARGET} -type f -print0 | ${TRBINARY} -cd '[:print:]\0' | ${SEDBINARY} 's/[[:blank:]]/:space:/g' | ${TRBINARY} '\0' ' ') >+ FILES=$(${FINDBINARY} -L ${TARGET} -type f -print0 | ${TRBINARY} -cd '[:print:]\0' | ${SEDBINARY} 's/[[:blank:]]/:space:/g' | ${TRBINARY} '\0' ' ') > for F in ${FILES}; do > F=$(echo ${F} | ${SEDBINARY} 's/:space:/ /g') > LogText "Test: analyzing file ${F} for remote target" >@@ -402,8 +426,13 @@ > LogText "Test: check if logs are also logged to a remote logging host" > FIND=$(${EGREPBINARY} "@[a-zA-Z0-9]|destination\s.+(udp|tcp).+\sport" ${SYSLOGD_CONF} | ${GREPBINARY} -v "^#" | ${GREPBINARY} -v "[a-zA-Z0-9]@") > if [ -n "${FIND}" ]; then >- LogText "Result: remote logging enabled" >- REMOTE_LOGGING_ENABLED=1 >+ FIND2=$(echo "${FIND}" | ${GREPBINARY} -v "@loghost") >+ if [ ${SOLARIS_LOGHOST_LOCALHOST} -eq 1 ] && [ -z "${FIND2}" ]; then >+ LogText "Result: remote logging enabled to loghost, but loghost is localhost" >+ else >+ LogText "Result: remote logging enabled" >+ REMOTE_LOGGING_ENABLED=1 >+ fi > else > # Search for configured destinations with an IP address or hostname, then determine which ones are used as a log destination > DESTINATIONS=$(${GREPBINARY} "^destination" ${SYSLOGD_CONF} | ${EGREPBINARY} "(udp|tcp)" | ${GREPBINARY} "port" | ${AWKBINARY} '{print $2}') >@@ -423,7 +452,7 @@ > LogText "Result: no remote logging found" > ReportSuggestion "${TEST_NO}" "Enable logging to an external logging host for archiving purposes and additional protection" > AddHP 1 3 >- Display --indent 2 --text "- Checking remote logging" --result "NOT ENABLED" --color YELLOW >+ Display --indent 2 --text "- Checking remote logging" --result "${STATUS_NOT_ENABLED}" --color YELLOW > else > Report "remote_syslog_configured=1" > AddHP 5 5 >@@ -550,7 +579,7 @@ > LogText "Found deleted file: ${I}" > Report "deleted_file[]=${I}" > done >- Display --indent 2 --text "- Checking deleted files in use" --result "FILES FOUND" --color YELLOW >+ Display --indent 2 --text "- Checking deleted files in use" --result "${STATUS_FILES_FOUND}" --color YELLOW > ReportSuggestion "${TEST_NO}" "Check what deleted files are still in use and why." > else > LogText "Result: no deleted files found" >diff -ur lynis-3.0.0/include/tests_mac_frameworks lynis-3.0.8/include/tests_mac_frameworks >--- lynis-3.0.0/include/tests_mac_frameworks 2020-06-18 03:00:00 >+++ lynis-3.0.8/include/tests_mac_frameworks 2022-05-17 03:00:00 >@@ -6,7 +6,7 @@ > # ------------------ > # > # Copyright 2007-2013, Michael Boelen >-# Copyright 2007-2020, CISOfy >+# Copyright 2007-2021, CISOfy > # > # Website : https://cisofy.com > # Blog : http://linux-audit.com >@@ -24,7 +24,7 @@ > SELINUXFOUND=0 > TOMOYOFOUND=0 > >- InsertSection "Security frameworks" >+ InsertSection "${SECTION_SECURITY_FRAMEWORKS}" > # > ################################################################################# > # >@@ -76,7 +76,7 @@ > Report "apparmor_policy_loaded=1" > AddHP 3 3 > # ignore kernel threads (Parent PID = 2 [kthreadd]) >- NUNCONFINED=$(${PSBINARY} -N --ppid 2 -o label | ${GREPBINARY} '^unconfined' | ${WCBINARY} --lines) >+ NUNCONFINED=$(${PSBINARY} -N --ppid 2 -o label | ${GREPBINARY} '^unconfined' | ${WCBINARY} -l) > Display --indent 8 --text "Found ${NUNCONFINED} unconfined processes" > for PROCESS in $(${PSBINARY} -N --ppid 2 -o label:1,pid,comm | ${GREPBINARY} '^unconfined' | ${TRBINARY} ' ' ':'); do > LogText "Result: Unconfined process: ${PROCESS}" >@@ -159,13 +159,13 @@ > fi > Display --indent 8 --text "Current SELinux mode: ${FIND}" > PERMISSIVE=$(${SEMANAGEBINARY} permissive --list --noheading | ${TRBINARY} '\n' ' ') >- NPERMISSIVE=$(${SEMANAGEBINARY} permissive --list --noheading | ${WCBINARY} --lines) >+ NPERMISSIVE=$(${SEMANAGEBINARY} permissive --list --noheading | ${WCBINARY} -l) > Display --indent 8 --text "Found ${NPERMISSIVE} permissive SELinux object types" > LogText "Permissive SELinux object types: ${PERMISSIVE}" > UNCONFINED=$(${PSBINARY} -eo label,pid,command | ${GREPBINARY} '[u]nconfined_t' | ${TRBINARY} '\n' ' ') > INITRC=$(${PSBINARY} -eo label,pid,command | ${GREPBINARY} '[i]nitrc_t' | ${TRBINARY} '\n' ' ') >- NUNCONFINED=$(${PSBINARY} -eo label | ${GREPBINARY} '[u]nconfined_t' | ${WCBINARY} --lines) >- NINITRC=$(${PSBINARY} -eo label | ${GREPBINARY} '[i]nitrc_t' | ${WCBINARY} --lines) >+ NUNCONFINED=$(${PSBINARY} -eo label | ${GREPBINARY} '[u]nconfined_t' | ${WCBINARY} -l) >+ NINITRC=$(${PSBINARY} -eo label | ${GREPBINARY} '[i]nitrc_t' | ${WCBINARY} -l) > Display --indent 8 --text "Found ${NUNCONFINED} unconfined and ${NINITRC} initrc_t processes" > LogText "Unconfined processes: ${UNCONFINED}" > LogText "Processes with initrc_t type: ${INITRC}" >@@ -207,7 +207,7 @@ > Display --indent 4 --text "- Checking TOMOYO Linux status" --result "${STATUS_ENABLED}" --color GREEN > Report "tomoyo_enabled=1" > if [ ! -z ${TOMOYOPSTREEBINARY} ]; then >- NUNCONFINED=$(${TOMOYOPSTREEBINARY} | ${GREPBINARY} -v '^ 3 ' | ${WCBINARY} --lines) >+ NUNCONFINED=$(${TOMOYOPSTREEBINARY} | ${GREPBINARY} -v '^ 3 ' | ${WCBINARY} -l) > Display --indent 8 --text "Found ${NUNCONFINED} unconfined (not profile 3) processes" > for PROCESS in $(${TOMOYOPSTREEBINARY} | ${GREPBINARY} -v '^ 3 ' | ${SEDBINARY} -e 's/+-//g' -e 's/^ *//g' -e 's/ \+/:/g' | ${SORTBINARY}); do > LogText "Result: Unconfined process: ${PROCESS}" >diff -ur lynis-3.0.0/include/tests_mail_messaging lynis-3.0.8/include/tests_mail_messaging >--- lynis-3.0.0/include/tests_mail_messaging 2020-06-18 03:00:00 >+++ lynis-3.0.8/include/tests_mail_messaging 2022-05-17 03:00:00 >@@ -6,7 +6,7 @@ > # ------------------ > # > # Copyright 2007-2013, Michael Boelen >-# Copyright 2007-2020, CISOfy >+# Copyright 2007-2021, CISOfy > # > # Website : https://cisofy.com > # Blog : http://linux-audit.com >@@ -22,7 +22,7 @@ > # > ################################################################################# > # >- InsertSection "Software: e-mail and messaging" >+ InsertSection "${SECTION_EMAIL_AND_MESSAGING}" > # > ################################################################################# > # >diff -ur lynis-3.0.0/include/tests_malware lynis-3.0.8/include/tests_malware >--- lynis-3.0.0/include/tests_malware 2020-06-18 03:00:00 >+++ lynis-3.0.8/include/tests_malware 2022-05-17 03:00:00 >@@ -6,7 +6,7 @@ > # ------------------ > # > # Copyright 2007-2013, Michael Boelen >-# Copyright 2007-2020, CISOfy >+# Copyright 2007-2021, CISOfy > # > # Website : https://cisofy.com > # Blog : http://linux-audit.com >@@ -22,7 +22,7 @@ > # > ################################################################################# > # >- InsertSection "Software: ${SECTION_MALWARE}" >+ InsertSection "${SECTION_MALWARE}" > # > ################################################################################# > # >@@ -37,11 +37,33 @@ > KASPERSKY_SCANNER_RUNNING=0 > MCAFEE_SCANNER_RUNNING=0 > MALWARE_SCANNER_INSTALLED=0 >+ MALWARE_DAEMON_RUNNING=0 >+ ROOTKIT_SCANNER_FOUND=0 > SOPHOS_SCANNER_RUNNING=0 > SYMANTEC_SCANNER_RUNNING=0 >+ SYNOLOGY_DAEMON_RUNNING=0 >+ TRENDMICRO_DSA_DAEMON_RUNNING=0 > # > ################################################################################# > # >+ # Test : MALW-3274 >+ # Description : Check for installed tool (McAfee VirusScan for Command Line) >+ Register --test-no MALW-3274 --weight L --network NO --category security --description "Check for McAfee VirusScan Command Line" >+ if [ ${SKIPTEST} -eq 0 ]; then >+ LogText "Test: checking presence McAfee VirusScan for Command Line" >+ if [ -x /usr/local/uvscan/uvscan ]; then >+ Display --indent 2 --text "- ${GEN_CHECKING} McAfee VirusScan for Command Line" --result "${STATUS_FOUND}" --color GREEN >+ LogText "Result: Found ${MCAFEECLBINARY}" >+ MALWARE_SCANNER_INSTALLED=1 >+ AddHP 2 2 >+ Report "malware_scanner[]=mcafeecl" >+ else >+ LogText "Result: McAfee VirusScan for Command Line not found" >+ fi >+ fi >+# >+################################################################################# >+# > # Test : MALW-3275 > # Description : Check for installed tool (chkrootkit) > Register --test-no MALW-3275 --weight L --network NO --category security --description "Check for chkrootkit" >@@ -51,6 +73,7 @@ > Display --indent 2 --text "- ${GEN_CHECKING} chkrootkit" --result "${STATUS_FOUND}" --color GREEN > LogText "Result: Found ${CHKROOTKITBINARY}" > MALWARE_SCANNER_INSTALLED=1 >+ ROOTKIT_SCANNER_FOUND=1 > AddHP 2 2 > Report "malware_scanner[]=chkrootkit" > else >@@ -69,6 +92,7 @@ > Display --indent 2 --text "- ${GEN_CHECKING} Rootkit Hunter" --result "${STATUS_FOUND}" --color GREEN > LogText "Result: Found ${RKHUNTERBINARY}" > MALWARE_SCANNER_INSTALLED=1 >+ ROOTKIT_SCANNER_FOUND=1 > AddHP 2 2 > Report "malware_scanner[]=rkhunter" > else >@@ -102,33 +126,12 @@ > if [ ${SKIPTEST} -eq 0 ]; then > FOUND=0 > >- # ESET security products >- LogText "Test: checking process esets_daemon" >- if IsRunning "esets_daemon"; then >- FOUND=1 >- ESET_DAEMON_RUNNING=1 >- MALWARE_SCANNER_INSTALLED=1 >- if IsVerbose; then Display --indent 2 --text "- ${GEN_CHECKING} ESET daemon" --result "${STATUS_FOUND}" --color GREEN; fi >- LogText "Result: found ESET security product" >- Report "malware_scanner[]=eset" >- fi >- >- # Bitdefender (macOS) >- LogText "Test: checking process epagd" >- if IsRunning "epagd"; then >- FOUND=1 >- BITDEFENDER_DAEMON_RUNNING=1 >- MALWARE_SCANNER_INSTALLED=1 >- if IsVerbose; then Display --indent 2 --text "- ${GEN_CHECKING} Bitdefender agent" --result "${STATUS_FOUND}" --color GREEN; fi >- LogText "Result: found Bitdefender security product" >- Report "malware_scanner[]=bitdefender" >- fi >- > # Avast (macOS) > LogText "Test: checking process com.avast.daemon" > if IsRunning "com.avast.daemon"; then > FOUND=1 > AVAST_DAEMON_RUNNING=1 >+ MALWARE_DAEMON_RUNNING=1 > MALWARE_SCANNER_INSTALLED=1 > if IsVerbose; then Display --indent 2 --text "- ${GEN_CHECKING} Avast daemon" --result "${STATUS_FOUND}" --color GREEN; fi > LogText "Result: found Avast security product" >@@ -140,12 +143,25 @@ > if IsRunning "avqmd"; then > FOUND=1 > AVIRA_DAEMON_RUNNING=1 >+ MALWARE_DAEMON_RUNNING=1 > MALWARE_SCANNER_INSTALLED=1 > if IsVerbose; then Display --indent 2 --text "- ${GEN_CHECKING} Avira daemon" --result "${STATUS_FOUND}" --color GREEN; fi > LogText "Result: found Avira security product" > Report "malware_scanner[]=avira" > fi > >+ # Bitdefender (macOS) >+ LogText "Test: checking process epagd" >+ if IsRunning "bdagentd" || IsRunning "epagd"; then >+ FOUND=1 >+ BITDEFENDER_DAEMON_RUNNING=1 >+ MALWARE_DAEMON_RUNNING=1 >+ MALWARE_SCANNER_INSTALLED=1 >+ if IsVerbose; then Display --indent 2 --text "- ${GEN_CHECKING} Bitdefender agent" --result "${STATUS_FOUND}" --color GREEN; fi >+ LogText "Result: found Bitdefender security product" >+ Report "malware_scanner[]=bitdefender" >+ fi >+ > # CrowdStrike falcon-sensor > LogText "Test: checking process falcon-sensor (CrowdStrike)" > if IsRunning "falcon-sensor"; then >@@ -164,10 +180,23 @@ > if IsVerbose; then Display --indent 2 --text "- ${GEN_CHECKING} CylancePROTECT" --result "${STATUS_FOUND}" --color GREEN; fi > LogText "Result: found CylancePROTECT service" > AVAST_DAEMON_RUNNING=1 >+ MALWARE_DAEMON_RUNNING=1 > MALWARE_SCANNER_INSTALLED=1 > Report "malware_scanner[]=cylance-protect" > fi > >+ # ESET security products >+ LogText "Test: checking process esets_daemon" >+ if IsRunning "esets_daemon"; then >+ FOUND=1 >+ ESET_DAEMON_RUNNING=1 >+ MALWARE_DAEMON_RUNNING=1 >+ MALWARE_SCANNER_INSTALLED=1 >+ if IsVerbose; then Display --indent 2 --text "- ${GEN_CHECKING} ESET daemon" --result "${STATUS_FOUND}" --color GREEN; fi >+ LogText "Result: found ESET security product" >+ Report "malware_scanner[]=eset" >+ fi >+ > # Kaspersky products > LogText "Test: checking process wdserver or klnagent (Kaspersky)" > # wdserver is too generic to match on, so we want to ensure that it is related to Kaspersky first >@@ -180,6 +209,7 @@ > FOUND=1 > if IsVerbose; then Display --indent 2 --text "- ${GEN_CHECKING} Kaspersky" --result "${STATUS_FOUND}" --color GREEN; fi > LogText "Result: Found Kaspersky" >+ MALWARE_DAEMON_RUNNING=1 > MALWARE_SCANNER_INSTALLED=1 > Report "malware_scanner[]=kaspersky" > fi >@@ -196,6 +226,7 @@ > FOUND=1 > if IsVerbose; then Display --indent 2 --text "- ${GEN_CHECKING} McAfee" --result "${STATUS_FOUND}" --color GREEN; fi > LogText "Result: Found McAfee" >+ MALWARE_DAEMON_RUNNING=1 > MALWARE_SCANNER_INSTALLED=1 > Report "malware_scanner[]=mcafee" > fi >@@ -214,6 +245,7 @@ > if [ ${SOPHOS_SCANNER_RUNNING} -eq 1 ]; then > if IsVerbose; then Display --indent 2 --text "- ${GEN_CHECKING} Sophos" --result "${STATUS_FOUND}" --color GREEN; fi > LogText "Result: Found Sophos" >+ MALWARE_DAEMON_RUNNING=1 > MALWARE_SCANNER_INSTALLED=1 > Report "malware_scanner[]=sophos" > fi >@@ -234,17 +266,44 @@ > if [ ${SYMANTEC_SCANNER_RUNNING} -eq 1 ]; then > if IsVerbose; then Display --indent 2 --text "- ${GEN_CHECKING} Symantec" --result "${STATUS_FOUND}" --color GREEN; fi > LogText "Result: found one or more Symantec components" >+ MALWARE_DAEMON_RUNNING=1 > MALWARE_SCANNER_INSTALLED=1 > FOUND=1 > Report "malware_scanner[]=symantec" > fi > >+ # Synology Antivirus Essential >+ LogText "Test: checking process synoavd" >+ if IsRunning "synoavd"; then >+ FOUND=1 >+ SYNOLOGY_DAEMON_RUNNING=1 >+ MALWARE_DAEMON_RUNNING=1 >+ MALWARE_SCANNER_INSTALLED=1 >+ if IsVerbose; then Display --indent 2 --text "- ${GEN_CHECKING} Synology Antivirus Essential" --result "${STATUS_FOUND}" --color GREEN; fi >+ LogText "Result: found Synology Antivirus Essential" >+ Report "malware_scanner[]=synoavd" >+ fi >+ >+ # Trend Micro Anti Malware for Linux >+ # Typically ds_agent is running as well, the Deep Security Agent >+ LogText "Test: checking process ds_agent to test for Trend Micro Deep Anti Malware component" >+ if IsRunning "ds_am"; then >+ if IsVerbose; then Display --indent 2 --text "- ${GEN_CHECKING} Trend Micro Anti Malware" --result "${STATUS_FOUND}" --color GREEN; fi >+ LogText "Result: found Trend Micro Anti Malware component" >+ FOUND=1 >+ MALWARE_SCANNER_INSTALLED=1 >+ MALWARE_DAEMON_RUNNING=1 >+ TRENDMICRO_DSA_DAEMON_RUNNING=1 >+ Report "malware_scanner[]=trend-micro-am" >+ fi >+ > # TrendMicro (macOS) > LogText "Test: checking process TmccMac to test for Trend Micro anti-virus (macOS)" > if IsRunning "TmccMac"; then > if IsVerbose; then Display --indent 2 --text "- ${GEN_CHECKING} Trend Micro anti-virus" --result "${STATUS_FOUND}" --color GREEN; fi > LogText "Result: found Trend Micro component" > FOUND=1 >+ MALWARE_DAEMON_RUNNING=1 > MALWARE_SCANNER_INSTALLED=1 > Report "malware_scanner[]=trend-micro-av" > fi >@@ -286,6 +345,7 @@ > if IsRunning "clamd"; then > Display --indent 2 --text "- ${GEN_CHECKING} ClamAV daemon" --result "${STATUS_FOUND}" --color GREEN > LogText "Result: found running clamd process" >+ MALWARE_DAEMON_RUNNING=1 > MALWARE_SCANNER_INSTALLED=1 > CLAMD_RUNNING=1 > else >@@ -342,6 +402,31 @@ > # > ################################################################################# > # >+ # Test : MALW-3290 >+ # Description : Presence of malware scanners >+ Register --test-no MALW-3290 --weight L --network NO --category security --description "Presence of for malware detection" >+ if [ ${SKIPTEST} -eq 0 ]; then >+ if [ ${MALWARE_SCANNER_INSTALLED} -eq 0 ]; then >+ Display --indent 2 --text "- Malware software components" --result "${STATUS_NOT_FOUND}" --color YELLOW >+ else >+ Display --indent 2 --text "- Malware software components" --result "${STATUS_FOUND}" --color GREEN >+ if [ ${MALWARE_DAEMON_RUNNING} -eq 0 ]; then >+ Display --indent 4 --text "- Active agent" --result "${STATUS_NOT_FOUND}" --color WHITE >+ else >+ Display --indent 4 --text "- Active agent" --result "${STATUS_FOUND}" --color GREEN >+ fi >+ if [ ${ROOTKIT_SCANNER_FOUND} -eq 0 ]; then >+ Display --indent 4 --text "- Rootkit scanner" --result "${STATUS_NOT_FOUND}" --color WHITE >+ else >+ Display --indent 4 --text "- Rootkit scanner" --result "${STATUS_FOUND}" --color GREEN >+ fi >+ fi >+ fi >+# >+################################################################################# >+# >+ >+ > > Report "malware_scanner_installed=${MALWARE_SCANNER_INSTALLED}" > >diff -ur lynis-3.0.0/include/tests_memory_processes lynis-3.0.8/include/tests_memory_processes >--- lynis-3.0.0/include/tests_memory_processes 2020-06-18 03:00:00 >+++ lynis-3.0.8/include/tests_memory_processes 2022-05-17 03:00:00 >@@ -6,7 +6,7 @@ > # ------------------ > # > # Copyright 2007-2013, Michael Boelen >-# Copyright 2007-2020, CISOfy >+# Copyright 2007-2021, CISOfy > # > # Website : https://cisofy.com > # Blog : http://linux-audit.com >diff -ur lynis-3.0.0/include/tests_nameservices lynis-3.0.8/include/tests_nameservices >--- lynis-3.0.0/include/tests_nameservices 2020-06-18 03:00:00 >+++ lynis-3.0.8/include/tests_nameservices 2022-05-17 03:00:00 >@@ -6,7 +6,7 @@ > # ------------------ > # > # Copyright 2007-2013, Michael Boelen >-# Copyright 2007-2020, CISOfy >+# Copyright 2007-2021, CISOfy > # > # Website : https://cisofy.com > # Blog : http://linux-audit.com >@@ -22,7 +22,7 @@ > # > ################################################################################# > # >- InsertSection "Name services" >+ InsertSection "${SECTION_NAME_SERVICES}" > # > ################################################################################# > # >@@ -578,7 +578,7 @@ > else > LogText "Found duplicate line: ${OUTPUT}" > LogText "Result: found duplicate line" >- Display --indent 4 --text "- Duplicate entries in hosts file" --result "$STATUS_FOUND}" --color YELLOW >+ Display --indent 4 --text "- Duplicate entries in hosts file" --result "${STATUS_FOUND}" --color YELLOW > ReportSuggestion "${TEST_NO}" "Remove duplicate lines in ${ROOTDIR}etc/hosts" > fi > fi >diff -ur lynis-3.0.0/include/tests_networking lynis-3.0.8/include/tests_networking >--- lynis-3.0.0/include/tests_networking 2020-06-18 03:00:00 >+++ lynis-3.0.8/include/tests_networking 2022-05-17 03:00:00 >@@ -6,7 +6,7 @@ > # ------------------ > # > # Copyright 2007-2013, Michael Boelen >-# Copyright 2007-2020, CISOfy >+# Copyright 2007-2021, CISOfy > # > # Website : https://cisofy.com > # Blog : http://linux-audit.com >@@ -31,7 +31,7 @@ > # > ################################################################################# > # >- InsertSection "Networking" >+ InsertSection "${SECTION_NETWORKING}" > # > ################################################################################# > # >@@ -70,7 +70,7 @@ > LogText "Result: hostnamed is defined and not longer than 63 characters" > fi > # Test valid characters (normally a dot should not be in the name, but we can't be 100% sure we have short name) >- FIND=$(echo "${HOSTNAME}" | ${TRBINARY} -d '[a-zA-Z0-9\.\-]') >+ FIND=$(echo "${HOSTNAME}" | ${TRBINARY} -d '[:alnum:]\.\-') > if [ -z "${FIND}" ]; then > LogText "Result: good, no unexpected characters discovered in hostname" > if IsVerbose; then Display --indent 2 --text "- Hostname (allowed characters)" --result "${STATUS_OK}" --color GREEN; fi >@@ -140,7 +140,7 @@ > Display --indent 2 --text "- Checking IPv6 configuration" --result "${STATUS_ENABLED}" --color WHITE > STATUS=$(echo ${IPV6_MODE} | ${TRBINARY} '[:lower:]' '[:upper:]') > Display --indent 6 --text "Configuration method" --result "${STATUS}" --color WHITE >- if [ ${IPV6_ONLY} -eq 1 ]; then STATUS="YES"; else STATUS="NO"; fi >+ if [ ${IPV6_ONLY} -eq 1 ]; then STATUS="${STATUS_YES}"; else STATUS="${STATUS_NO}"; fi > LogText "Result: IPv6 only configuration: ${STATUS}" > Display --indent 6 --text "IPv6 only" --result "${STATUS}" --color WHITE > else >@@ -512,6 +512,15 @@ > ReportException "${TEST_NO}:3" "netstat missing to gather listening ports" > fi > ;; >+ Solaris) >+ if [ -n "${NETSTATBINARY}" ]; then >+ LogText "Test: Retrieving netstat information to find listening ports" >+ FIND=$(${NETSTATBINARY} -an -P udp | ${AWKBINARY} '{ if($7=="LISTEN") { print $1"|udp|LISTEN|" }}') >+ FIND2=$(${NETSTATBINARY} -an -P tcp | ${AWKBINARY} '{ if($7=="LISTEN") { print $1"|tcp|LISTEN|" }}') >+ else >+ ReportException "${TEST_NO}:4" "netstat missing to gather listening ports" >+ fi >+ ;; > *) > # Got this exception? Provide your details and output of netstat or any other tool to determine this information. > ReportException "${TEST_NO}:2" "Unclear what method to use, to determine listening port information" >@@ -683,7 +692,7 @@ > Display --indent 2 --text "- Checking status DHCP client" --result "${STATUS_RUNNING}" --color WHITE > DHCP_CLIENT_RUNNING=1 > else >- Display --indent 2 --text "- Checking status DHCP client" --result "NOT ACTIVE" --color WHITE >+ Display --indent 2 --text "- Checking status DHCP client" --result "${STATUS_NOT_ACTIVE}" --color WHITE > fi > fi > # >@@ -741,7 +750,7 @@ > UNCOMMON_PROTOCOL_DISABLED=0 > # First check modprobe.conf > if [ -f ${ROOTDIR}etc/modprobe.conf ]; then >- DATA=$(${GREPBINARY} "^install ${P} /bin/true" ${ROOTDIR}etc/modprobe.conf) >+ DATA=$(${GREPBINARY} "^install \+${P} \+/bin/true$" ${ROOTDIR}etc/modprobe.conf) > if [ -n "${DATA}" ]; then > LogText "Result: found ${P} module disabled via modprobe.conf" > UNCOMMON_PROTOCOL_DISABLED=1 >@@ -749,7 +758,8 @@ > fi > # Then additional modprobe configuration files > if [ -d ${ROOTDIR}etc/modprobe.d ]; then >- DATA=$(${GREPBINARY} --files-with-matches --no-messages "^install ${P} /bin/true" ${ROOTDIR}etc/modprobe.d/*) >+ # Return file names (-l) and suppress errors (-s) >+ DATA=$(${GREPBINARY} -l -s "^install \+${P} \+/bin/true$" ${ROOTDIR}etc/modprobe.d/*) > if [ -n "${DATA}" ]; then > UNCOMMON_PROTOCOL_DISABLED=1 > for F in ${DATA}; do >diff -ur lynis-3.0.0/include/tests_php lynis-3.0.8/include/tests_php >--- lynis-3.0.0/include/tests_php 2020-06-18 03:00:00 >+++ lynis-3.0.8/include/tests_php 2022-05-17 03:00:00 >@@ -6,7 +6,7 @@ > # ------------------ > # > # Copyright 2007-2013, Michael Boelen >-# Copyright 2007-2020, CISOfy >+# Copyright 2007-2021, CISOfy > # > # Website : https://cisofy.com > # Blog : http://linux-audit.com >@@ -36,6 +36,7 @@ > ${ROOTDIR}etc/php7.1/php.ini \ > ${ROOTDIR}etc/php7.2/php.ini \ > ${ROOTDIR}etc/php7.3/php.ini \ >+ ${ROOTDIR}etc/php7.4/php.ini \ > ${ROOTDIR}etc/php/cgi-php5/php.ini \ > ${ROOTDIR}etc/php/cli-php5/php.ini \ > ${ROOTDIR}etc/php/apache2-php5/php.ini \ >@@ -45,24 +46,29 @@ > ${ROOTDIR}etc/php/apache2-php7.1/php.ini \ > ${ROOTDIR}etc/php/apache2-php7.2/php.ini \ > ${ROOTDIR}etc/php/apache2-php7.3/php.ini \ >+ ${ROOTDIR}etc/php/apache2-php7.4/php.ini \ > ${ROOTDIR}etc/php/cgi-php5.5/php.ini \ > ${ROOTDIR}etc/php/cgi-php5.6/php.ini \ > ${ROOTDIR}etc/php/cgi-php7.0/php.ini \ > ${ROOTDIR}etc/php/cgi-php7.1/php.ini \ > ${ROOTDIR}etc/php/cgi-php7.2/php.ini \ > ${ROOTDIR}etc/php/cgi-php7.3/php.ini \ >+ ${ROOTDIR}etc/php/cgi-php7.4/php.ini \ > ${ROOTDIR}etc/php/cli-php5.5/php.ini \ > ${ROOTDIR}etc/php/cli-php5.6/php.ini \ > ${ROOTDIR}etc/php/cli-php7.0/php.ini \ > ${ROOTDIR}etc/php/cli-php7.1/php.ini \ > ${ROOTDIR}etc/php/cli-php7.2/php.ini \ > ${ROOTDIR}etc/php/cli-php7.3/php.ini \ >+ ${ROOTDIR}etc/php/cli-php7.4/php.ini \ > ${ROOTDIR}etc/php/embed-php5.5/php.ini \ > ${ROOTDIR}etc/php/embed-php5.6/php.ini \ > ${ROOTDIR}etc/php/embed-php7.0/php.ini \ > ${ROOTDIR}etc/php/embed-php7.1/php.ini \ > ${ROOTDIR}etc/php/embed-php7.2/php.ini \ > ${ROOTDIR}etc/php/embed-php7.3/php.ini \ >+ ${ROOTDIR}etc/php/embed-php7.4/php.ini \ >+ ${ROOTDIR}etc/php/fpm-php7.4/php.ini \ > ${ROOTDIR}etc/php/fpm-php7.3/php.ini \ > ${ROOTDIR}etc/php/fpm-php7.2/php.ini \ > ${ROOTDIR}etc/php/fpm-php7.1/php.ini \ >@@ -71,7 +77,9 @@ > ${ROOTDIR}etc/php/fpm-php5.6/php.ini \ > ${ROOTDIR}etc/php5/cgi/php.ini \ > ${ROOTDIR}etc/php5/cli/php.ini \ >- ${ROOTDIR}etc/php5/cli-php5.4/php.ini ${ROOTDIR}etc/php5/cli-php5.5/php.ini ${ROOTDIR}etc/php5/cli-php5.6/php.ini \ >+ ${ROOTDIR}etc/php5/cli-php5.4/php.ini \ >+ ${ROOTDIR}etc/php5/cli-php5.5/php.ini \ >+ ${ROOTDIR}etc/php5/cli-php5.6/php.ini \ > ${ROOTDIR}etc/php5/apache2/php.ini \ > ${ROOTDIR}etc/php5/fpm/php.ini \ > ${ROOTDIR}private/etc/php.ini \ >@@ -79,12 +87,20 @@ > ${ROOTDIR}etc/php/7.1/apache2/php.ini \ > ${ROOTDIR}etc/php/7.2/apache2/php.ini \ > ${ROOTDIR}etc/php/7.3/apache2/php.ini \ >- ${ROOTDIR}etc/php/7.0/cli/php.ini ${ROOTDIR}etc/php/7.0/fpm/php.ini \ >- ${ROOTDIR}etc/php/7.1/cli/php.ini ${ROOTDIR}etc/php/7.1/fpm/php.ini \ >- ${ROOTDIR}etc/php/7.2/cli/php.ini ${ROOTDIR}etc/php/7.2/fpm/php.ini \ >- ${ROOTDIR}etc/php/7.3/cli/php.ini ${ROOTDIR}etc/php/7.3/fpm/php.ini \ >+ ${ROOTDIR}etc/php/7.4/apache2/php.ini \ >+ ${ROOTDIR}etc/php/7.0/cli/php.ini \ >+ ${ROOTDIR}etc/php/7.0/fpm/php.ini \ >+ ${ROOTDIR}etc/php/7.1/cli/php.ini \ >+ ${ROOTDIR}etc/php/7.1/fpm/php.ini \ >+ ${ROOTDIR}etc/php/7.2/cli/php.ini \ >+ ${ROOTDIR}etc/php/7.2/fpm/php.ini \ >+ ${ROOTDIR}etc/php/7.3/cli/php.ini \ >+ ${ROOTDIR}etc/php/7.3/fpm/php.ini \ >+ ${ROOTDIR}etc/php/7.4/cli/php.ini \ >+ ${ROOTDIR}etc/php/7.4/fpm/php.ini \ > ${ROOTDIR}var/www/conf/php.ini \ >- ${ROOTDIR}usr/local/etc/php.ini ${ROOTDIR}usr/local/lib/php.ini \ >+ ${ROOTDIR}usr/local/etc/php.ini \ >+ ${ROOTDIR}usr/local/lib/php.ini \ > ${ROOTDIR}usr/local/etc/php5/cgi/php.ini \ > ${ROOTDIR}usr/local/php54/lib/php.ini \ > ${ROOTDIR}usr/local/php56/lib/php.ini \ >@@ -92,6 +108,7 @@ > ${ROOTDIR}usr/local/php71/lib/php.ini \ > ${ROOTDIR}usr/local/php72/lib/php.ini \ > ${ROOTDIR}usr/local/php73/lib/php.ini \ >+ ${ROOTDIR}usr/local/php74/lib/php.ini \ > ${ROOTDIR}usr/local/zend/etc/php.ini \ > ${ROOTDIR}usr/pkg/etc/php.ini \ > ${ROOTDIR}opt/cpanel/ea-php54/root/etc/php.ini \ >@@ -101,6 +118,7 @@ > ${ROOTDIR}opt/cpanel/ea-php71/root/etc/php.ini \ > ${ROOTDIR}opt/cpanel/ea-php72/root/etc/php.ini \ > ${ROOTDIR}opt/cpanel/ea-php73/root/etc/php.ini \ >+ ${ROOTDIR}opt/cpanel/ea-php74/root/etc/php.ini \ > ${ROOTDIR}opt/alt/php44/etc/php.ini \ > ${ROOTDIR}opt/alt/php51/etc/php.ini \ > ${ROOTDIR}opt/alt/php52/etc/php.ini \ >@@ -112,27 +130,42 @@ > ${ROOTDIR}opt/alt/php71/etc/php.ini \ > ${ROOTDIR}opt/alt/php72/etc/php.ini \ > ${ROOTDIR}opt/alt/php73/etc/php.ini \ >+ ${ROOTDIR}opt/alt/php74/etc/php.ini \ > ${ROOTDIR}etc/opt/remi/php56/php.ini \ > ${ROOTDIR}etc/opt/remi/php70/php.ini \ > ${ROOTDIR}etc/opt/remi/php71/php.ini \ > ${ROOTDIR}etc/opt/remi/php72/php.ini \ >- ${ROOTDIR}etc/opt/remi/php73/php.ini" >+ ${ROOTDIR}etc/opt/remi/php73/php.ini \ >+ ${ROOTDIR}etc/opt/remi/php74/php.ini" > # HEADS-UP: OpenBSD, last two releases are supported, and snapshots of -current > PHPINILOCS="${PHPINILOCS} \ >- ${ROOTDIR}etc/php-5.6.ini ${ROOTDIR}etc/php-7.0.ini ${ROOTDIR}etc/php-7.1.ini ${ROOTDIR}etc/php-7.2.ini ${ROOTDIR}etc/php-7.3.ini" >+ ${ROOTDIR}etc/php-5.6.ini \ >+ ${ROOTDIR}etc/php-7.0.ini \ >+ ${ROOTDIR}etc/php-7.1.ini \ >+ ${ROOTDIR}etc/php-7.2.ini \ >+ ${ROOTDIR}etc/php-7.3.ini \ >+ ${ROOTDIR}etc/php-7.4.ini" > > PHPINIDIRS="${ROOTDIR}etc/php5/conf.d \ > ${ROOTDIR}etc/php/7.0/cli/conf.d \ > ${ROOTDIR}etc/php/7.1/cli/conf.d \ > ${ROOTDIR}etc/php/7.2/cli/conf.d \ > ${ROOTDIR}etc/php/7.3/cli/conf.d \ >+ ${ROOTDIR}etc/php/7.4/cli/conf.d \ > ${ROOTDIR}etc/php/7.0/fpm/conf.d \ > ${ROOTDIR}etc/php/7.1/fpm/conf.d \ > ${ROOTDIR}etc/php/7.2/fpm/conf.d \ > ${ROOTDIR}etc/php/7.3/fpm/conf.d \ >+ ${ROOTDIR}etc/php/7.4/fpm/conf.d \ > ${ROOTDIR}etc/php.d \ >- ${ROOTDIR}opt/cpanel/ea-php54/root/etc/php.d ${ROOTDIR}opt/cpanel/ea-php55/root/etc/php.d ${ROOTDIR}opt/cpanel/ea-php56/root/etc/php.d ${ROOTDIR}opt/cpanel/ea-php70/root/etc/php.d \ >- ${ROOTDIR}opt/cpanel/ea-php71/root/etc/php.d ${ROOTDIR}opt/cpanel/ea-php72/root/etc/php.d ${ROOTDIR}opt/cpanel/ea-php73/root/etc/php.d \ >+ ${ROOTDIR}opt/cpanel/ea-php54/root/etc/php.d \ >+ ${ROOTDIR}opt/cpanel/ea-php55/root/etc/php.d \ >+ ${ROOTDIR}opt/cpanel/ea-php56/root/etc/php.d \ >+ ${ROOTDIR}opt/cpanel/ea-php70/root/etc/php.d \ >+ ${ROOTDIR}opt/cpanel/ea-php71/root/etc/php.d \ >+ ${ROOTDIR}opt/cpanel/ea-php72/root/etc/php.d \ >+ ${ROOTDIR}opt/cpanel/ea-php73/root/etc/php.d \ >+ ${ROOTDIR}opt/cpanel/ea-php74/root/etc/php.d \ > ${ROOTDIR}opt/alt/php44/etc/php.d.all \ > ${ROOTDIR}opt/alt/php51/etc/php.d.all \ > ${ROOTDIR}opt/alt/php52/etc/php.d.all \ >@@ -144,14 +177,21 @@ > ${ROOTDIR}opt/alt/php71/etc/php.d.all \ > ${ROOTDIR}opt/alt/php72/etc/php.d.all \ > ${ROOTDIR}opt/alt/php73/etc/php.d.all \ >+ ${ROOTDIR}opt/alt/php74/etc/php.d.all \ > ${ROOTDIR}usr/local/lib/php.conf.d \ > ${ROOTDIR}usr/local/php70/lib/php.conf.d \ > ${ROOTDIR}usr/local/php71/lib/php.conf.d \ > ${ROOTDIR}usr/local/php72/lib/php.conf.d \ >- ${ROOTDIR}usr/local/php73/lib/php.conf.d" >+ ${ROOTDIR}usr/local/php73/lib/php.conf.d \ >+ ${ROOTDIR}usr/local/php74/lib/php.conf.d" > # HEADS-UP: OpenBSD, last two releases are supported, and snapshots of -current > PHPINIDIRS="${PHPINIDIRS} \ >- ${ROOTDIR}etc/php-5.6 ${ROOTDIR}etc/php-7.0 ${ROOTDIR}etc/php-7.1 ${ROOTDIR}etc/php-7.2 ${ROOTDIR}etc/php-7.3" >+ ${ROOTDIR}etc/php-5.6 \ >+ ${ROOTDIR}etc/php-7.0 \ >+ ${ROOTDIR}etc/php-7.1 \ >+ ${ROOTDIR}etc/php-7.2 \ >+ ${ROOTDIR}etc/php-7.3 \ >+ ${ROOTDIR}etc/php-7.4" > # > ################################################################################# > # >diff -ur lynis-3.0.0/include/tests_ports_packages lynis-3.0.8/include/tests_ports_packages >--- lynis-3.0.0/include/tests_ports_packages 2020-06-18 03:00:00 >+++ lynis-3.0.8/include/tests_ports_packages 2022-05-17 03:00:00 >@@ -6,7 +6,7 @@ > # ------------------ > # > # Copyright 2007-2013, Michael Boelen >-# Copyright 2007-2020, CISOfy >+# Copyright 2007-2021, CISOfy > # > # Website : https://cisofy.com > # Blog : http://linux-audit.com >@@ -22,7 +22,7 @@ > # > ################################################################################# > # >- InsertSection "Ports and packages" >+ InsertSection "${SECTION_PORTS_AND_PACKAGES}" > PACKAGE_MGR_PKG=0 > PACKAGE_AUDIT_TOOL="" > PACKAGE_AUDIT_TOOL_FOUND=0 >@@ -35,6 +35,34 @@ > # > ################################################################################# > # >+ # Test : PKGS-7200 >+ # Description : Check Alpine Package Keeper (apk) >+ if [ -x ${ROOTDIR}/sbin/apk ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi >+ Register --test-no PKGS-7200 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Querying apk" >+ if [ ${SKIPTEST} -eq 0 ]; then >+ COUNT=0 >+ Display --indent 4 --text "- Searching apk package manager" --result "${STATUS_FOUND}" --color GREEN >+ LogText "Result: Found apk binary" >+ Report "package_manager[]=apk" >+ PACKAGE_MGR_PKG=1 >+ LogText "Test: Querying apk info -v to get package list" >+ Display --indent 6 --text "- Querying package manager" >+ LogText "Output:" >+ SPACKAGES=$(apk info -v | ${SEDBINARY} -r -e 's/([a-z,A-Z,0-9,_,-,.]{1,250})-([a-z,A-Z,0-9,.]+-r[a-z,A-Z,0-9]+)/\1,\2/' | sort) >+ for J in ${SPACKAGES}; do >+ COUNT=$((COUNT + 1)) >+ PACKAGE_NAME=$(echo ${J} | ${CUTBINARY} -d ',' -f1) >+ PACKAGE_VERSION=$(echo ${J} | ${CUTBINARY} -d ',' -f2) >+ LogText "Found package: ${PACKAGE_NAME} (version: ${PACKAGE_VERSION})" >+ INSTALLED_PACKAGES="${INSTALLED_PACKAGES}|${PACKAGE_NAME},${PACKAGE_VERSION}" >+ done >+ Report "installed_packages=${COUNT}" >+ else >+ LogText "Result: apk "${STATUS_NOT_FOUND}", test skipped" >+ fi >+# >+################################################################################# >+# > # Test : PKGS-7301 > # Description : Query FreeBSD pkg > if [ -x ${ROOTDIR}usr/sbin/pkg ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi >@@ -296,7 +324,7 @@ > # > # Test : PKGS-7320 > # Description : Check available of arch-audit >- if [ "${OS_FULLNAME}" = "Arch Linux" ]; then PREQS_MET="YES"; SKIPREASON=""; else PREQS_MET="NO"; SKIPREASON="Test only applies to Arch Linux"; fi >+ if [ "${OS_FULLNAME}" = "Arch Linux" ] || [ "${OS_FULLNAME}" = "Arch Linux 32" ] || [ "${OS_FULLNAME}" = "Garuda Linux" ]; then PREQS_MET="YES"; SKIPREASON=""; else PREQS_MET="NO"; SKIPREASON="Test only applies to Arch Linux and Garuda Linux"; fi > Register --test-no PKGS-7320 --os "Linux" --preqs-met ${PREQS_MET} --skip-reason "${SKIPREASON}" --weight L --network NO --category security --description "Checking for arch-audit tooling" > if [ ${SKIPTEST} -eq 0 ]; then > if [ -z "${ARCH_AUDIT_BINARY}" ]; then >@@ -600,8 +628,8 @@ > # > # Test : PKGS-7366 > # Description : Checking if debsecan is installed and enabled on Debian systems >- if [ -n "${DEBSECANBINARY}" -a "${OS}" = "Linux" -a "${LINUX_VERSION}" = "Debian" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi >- Register --test-no "PKGS-7366" --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Checking for debsecan utility" >+ if [ -n "${DEBSECANBINARY}" ] && ( [ "${LINUX_VERSION}" = "Debian" ] || [ "${LINUX_VERSION_LIKE}" = "Debian" ] ); then PREQS_MET="YES"; else PREQS_MET="NO"; fi >+ Register --test-no "PKGS-7366" --preqs-met ${PREQS_MET} --os Linux --weight L --network NO --category security --description "Checking for debsecan utility" > if [ ${SKIPTEST} -eq 0 ]; then > if [ -n "${DEBSECANBINARY}" ]; then > LogText "Result: debsecan utility is installed" >@@ -986,7 +1014,9 @@ > PREQS_MET="NO" > if [ -f ${ROOTDIR}etc/apt/sources.list -a -d ${ROOTDIR}etc/apt/sources.list.d ]; then > case "${LINUX_VERSION}" in >- "Debian" | "Linux Mint" | "Ubuntu") >+ "Debian" | "Linux Mint" | "Ubuntu" | "Pop!_OS") >+ # Todo: PureOS (not rolling) has security repositories >+ # Todo: Debian sid does not have a security repository. > PREQS_MET="YES" > ;; > *) >@@ -1042,7 +1072,13 @@ > # > # Test : PKGS-7390 > # Description : Check Ubuntu database consistency >- if [ "${LINUX_VERSION}" = "Ubuntu" -a -x ${ROOTDIR}usr/bin/apt-get ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi >+ if ([ "${LINUX_VERSION}" = "Debian" ] || [ "${LINUX_VERSION}" = "Ubuntu" ] || >+ [ "${LINUX_VERSION_LIKE}" = "Debian" ] || [ "${LINUX_VERSION_LIKE}" = "Ubuntu" ]) && [ -x "${ROOTDIR}usr/bin/apt-get" ]; then >+ PREQS_MET="YES" >+ else >+ PREQS_MET="NO" >+ fi >+ > Register --test-no PKGS-7390 --os Linux --preqs-met ${PREQS_MET} --root-only YES --weight L --network NO --category security --description "Check Ubuntu database consistency" > if [ ${SKIPTEST} -eq 0 ]; then > LogText "Test: Package database consistency by running apt-get check" >@@ -1191,7 +1227,13 @@ > # > # Test : PKGS-7394 > # Description : Check Ubuntu upgradeable packages >- if [ "${LINUX_VERSION}" = "Ubuntu" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi >+ if ([ "${LINUX_VERSION}" = "Debian" ] || [ "${LINUX_VERSION}" = "Ubuntu" ] || >+ [ "${LINUX_VERSION_LIKE}" = "Debian" ] || [ "${LINUX_VERSION_LIKE}" = "Ubuntu" ]) && [ -x "${ROOTDIR}usr/bin/apt-get" ]; then >+ PREQS_MET="YES" >+ else >+ PREQS_MET="NO" >+ fi >+ > Register --test-no PKGS-7394 --os Linux --preqs-met ${PREQS_MET} --weight L --network YES --category security --description "Check for Ubuntu updates" > if [ ${SKIPTEST} -eq 0 ]; then > LogText "Test: checking ${ROOTDIR}usr/bin/apt-show-versions" >@@ -1222,6 +1264,41 @@ > # > ################################################################################# > # >+ # Test : PKGS-7395 >+ # Description : Check Alpine upgradeable packages >+ if [ "${LINUX_VERSION}" = "Alpine Linux" ] && [ -x "${ROOTDIR}sbin/apk" ]; then >+ PREQS_MET="YES" >+ else >+ PREQS_MET="NO" >+ fi >+ >+ Register --test-no PKGS-7395 --os Linux --preqs-met ${PREQS_MET} --weight L --network YES --category security --description "Check for Alpine updates" >+ if [ ${SKIPTEST} -eq 0 ]; then >+ if [ ${REFRESH_REPOSITORIES} -eq 1 ]; then >+ LogText "Action: updating package repository with apk" >+ ${ROOTDIR}sbin/apk update >+ LogText "Result: apk finished" >+ else >+ LogText "Result: using a possibly outdated repository, as updating is disabled via configuration" >+ fi >+ LogText "Test: Checking packages which can be upgraded via apk version -l '<'" >+ FIND=$(${ROOTDIR}sbin/apk version -l '<' | ${GREPBINARY} '<' | ${SEDBINARY} 's/\s\+<\s/</g') >+ if [ -z "${FIND}" ]; then >+ LogText "Result: no packages found which can be upgraded" >+ Display --indent 2 --text "- Checking upgradeable packages" --result "${STATUS_NONE}" --color GREEN >+ AddHP 3 3 >+ else >+ LogText "Result: found one or more packages which can be upgraded" >+ Display --indent 2 --text "- Checking upgradeable packages" --result "${STATUS_FOUND}" --color YELLOW >+ for ITEM in ${FIND}; do >+ ITEM=$(echo ${ITEM} | ${SEDBINARY} -r -e 's/([a-z,A-Z,0-9,_,-,.]{1,250})-([a-z,A-Z,0-9,.]+-r[a-z,A-Z,0-9]+)<([a-z,A-Z,0-9,-,.]+)/\1 from \2 to \3/') >+ LogText "${ITEM}" >+ done >+ fi >+ fi >+# >+################################################################################# >+# > # Test : PKGS-7398 > # Description : Check package audit tool > Register --test-no PKGS-7398 --weight L --network YES --category security --description "Check for package audit tool" >@@ -1232,7 +1309,7 @@ > ReportSuggestion "${TEST_NO}" "Install a package audit tool to determine vulnerable packages" > LogText "Result: no package audit tool found" > else >- Display --indent 2 --text "- Checking package audit tool" --result INSTALLED --color GREEN >+ Display --indent 2 --text "- Checking package audit tool" --result "${STATUS_INSTALLED}" --color GREEN > Display --indent 4 --text "Found: ${PACKAGE_AUDIT_TOOL}" > LogText "Result: found package audit tool: ${PACKAGE_AUDIT_TOOL}" > fi >@@ -1289,7 +1366,7 @@ > KERNELS=$(${ZYPPERBINARY} --non-interactive -n se --type package --match-exact --installed-only "kernel-default" 2> /dev/null | ${GREPBINARY} "kernel-default" | ${WCBINARY} -l) > if [ ${KERNELS} -eq 0 ]; then > LogText "Result: found no kernels from zypper output, which is unexpected." >- ReportException "KRNL-5840:3" "Could not find any kernel packages via package manager. Maybe using a different kernel package?" >+ ReportException "${TEST_NO}" "Could not find any kernel packages via package manager. Maybe using a different kernel package?" > elif [ ${KERNELS} -gt 3 ]; then > LogText "Result: found more than 5 kernel packages on the system, which might indicate lack of regular cleanups" > ReportSuggestion "${TEST_NO}" "Remove any unneeded kernel packages" >@@ -1299,7 +1376,26 @@ > fi > > if [ ${KERNELS} -eq 0 -a ${TESTED} -eq 1 ]; then >- ReportException "KRNL-5840:1" "Could not find any kernel packages via package manager" >+ # Only report exception if there are kernels actually there. For example, LXC use the kernel of host system >+ case "${OS}" in >+ "Linux") >+ case "${CONTAINER_TYPE}" in >+ "LXC") >+ LogText "Info: LXC shares the kernel with host, so skipping further testing" >+ ;; >+ *) >+ if [ -d "${ROOTDIR}boot" ]; then >+ if [ -z "$(${FINDBINARY} /boot -maxdepth 1 -type f -name 'vmlinuz*' -print -quit)" ]; then >+ ReportException "${TEST_NO}" "Could not find any kernel packages via package manager" >+ fi >+ fi >+ ;; >+ esac >+ ;; >+ *) >+ ReportException "${TEST_NO}" "Could not find any kernel packages via package manager" >+ ;; >+ esac > fi > > Report "installed_kernel_packages=${KERNELS}" >@@ -1317,37 +1413,39 @@ > > case "${OS}" in > "Linux") >- case "${LINUX_VERSION}" in >- "CentOS" | "Debian" | "Fedora" | "RHEL" | "Ubuntu") >- >+ for DIST in CentOS Debian Fedora RHEL Ubuntu; do >+ if [ "${LINUX_VERSION}" = "${DIST}" ] || [ "${LINUX_VERSION_LIKE}" = "${DIST}" ]; then > UNATTENDED_UPGRADES_OPTION_AVAILABLE=1 >- # Test available tools for Linux >- if [ -f "${ROOTDIR}bin/auter" ]; then >- UNATTENDED_UPGRADES_TOOL="auter" >- UNATTENDED_UPGRADES_TOOLKIT=1 >- LogText "Result: found ${UNATTENDED_UPGRADES_TOOL}" >- Report "unattended_upgrade_tool[]=${UNATTENDED_UPGRADES_TOOL}" >- fi >- if [ -f "${ROOTDIR}sbin/yum-cron" ]; then >- UNATTENDED_UPGRADES_TOOL="yum-cron" >- UNATTENDED_UPGRADES_TOOLKIT=1 >- LogText "Result: found ${UNATTENDED_UPGRADES_TOOL}" >- Report "unattended_upgrade_tool[]=${UNATTENDED_UPGRADES_TOOL}" >- fi >- if [ -f "${ROOTDIR}usr/bin/dnf-automatic" ]; then >- UNATTENDED_UPGRADES_TOOL="dnf-automatic" >- UNATTENDED_UPGRADES_TOOLKIT=1 >- LogText "Result: found ${UNATTENDED_UPGRADES_TOOL}" >- Report "unattended_upgrade_tool[]=${UNATTENDED_UPGRADES_TOOL}" >- fi >- if [ -f "${ROOTDIR}usr/bin/unattended-upgrade" ]; then >- UNATTENDED_UPGRADES_TOOL="unattended-upgrade" >- UNATTENDED_UPGRADES_TOOLKIT=1 >- LogText "Result: found ${UNATTENDED_UPGRADES_TOOL}" >- Report "unattended_upgrade_tool[]=${UNATTENDED_UPGRADES_TOOL}" >- fi >- ;; >- esac >+ fi >+ done >+ >+ if [ ${UNATTENDED_UPGRADES_OPTION_AVAILABLE} -eq 1 ]; then >+ # Test available tools for Linux >+ if [ -f "${ROOTDIR}bin/auter" ]; then >+ UNATTENDED_UPGRADES_TOOL="auter" >+ UNATTENDED_UPGRADES_TOOLKIT=1 >+ LogText "Result: found ${UNATTENDED_UPGRADES_TOOL}" >+ Report "unattended_upgrade_tool[]=${UNATTENDED_UPGRADES_TOOL}" >+ fi >+ if [ -f "${ROOTDIR}sbin/yum-cron" ]; then >+ UNATTENDED_UPGRADES_TOOL="yum-cron" >+ UNATTENDED_UPGRADES_TOOLKIT=1 >+ LogText "Result: found ${UNATTENDED_UPGRADES_TOOL}" >+ Report "unattended_upgrade_tool[]=${UNATTENDED_UPGRADES_TOOL}" >+ fi >+ if [ -f "${ROOTDIR}usr/bin/dnf-automatic" ]; then >+ UNATTENDED_UPGRADES_TOOL="dnf-automatic" >+ UNATTENDED_UPGRADES_TOOLKIT=1 >+ LogText "Result: found ${UNATTENDED_UPGRADES_TOOL}" >+ Report "unattended_upgrade_tool[]=${UNATTENDED_UPGRADES_TOOL}" >+ fi >+ if [ -f "${ROOTDIR}usr/bin/unattended-upgrade" ]; then >+ UNATTENDED_UPGRADES_TOOL="unattended-upgrade" >+ UNATTENDED_UPGRADES_TOOLKIT=1 >+ LogText "Result: found ${UNATTENDED_UPGRADES_TOOL}" >+ Report "unattended_upgrade_tool[]=${UNATTENDED_UPGRADES_TOOL}" >+ fi >+ fi > ;; > esac > >diff -ur lynis-3.0.0/include/tests_printers_spoolers lynis-3.0.8/include/tests_printers_spoolers >--- lynis-3.0.0/include/tests_printers_spoolers 2020-06-18 03:00:00 >+++ lynis-3.0.8/include/tests_printers_spoolers 2022-05-17 03:00:00 >@@ -6,7 +6,7 @@ > # ------------------ > # > # Copyright 2007-2013, Michael Boelen >-# Copyright 2007-2020, CISOfy >+# Copyright 2007-2021, CISOfy > # > # Website : https://cisofy.com > # Blog : http://linux-audit.com >@@ -34,7 +34,7 @@ > # > ################################################################################# > # >- InsertSection "Printers and Spools" >+ InsertSection "${SECTION_PRINTERS_AND_SPOOLS}" > # > ################################################################################# > # >@@ -139,8 +139,18 @@ > Register --test-no PRNT-2308 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check CUPSd network configuration" > if [ ${SKIPTEST} -eq 0 ]; then > FOUND=0 >- # Checking network addresses >+ PORT_FOUND=0 >+ > LogText "Test: Checking CUPS daemon listening network addresses" >+ >+ # Search for Port statement >+ FIND=$(${EGREPBINARY} "^Port 631" ${CUPSD_CONFIG_FILE}) >+ if [ -n "${FIND}" ]; then >+ LogText "Result: found CUPS listening on port 631 (most likely all interfaces)" >+ PORT_FOUND=1 >+ fi >+ >+ # Checking network addresses > FIND=$(${EGREPBINARY} "^(SSL)?Listen" ${CUPSD_CONFIG_FILE} | ${GREPBINARY} -v "/" | ${AWKBINARY} '{ print $2 }') > COUNT=0 > for ITEM in ${FIND}; do >@@ -149,17 +159,10 @@ > FOUND=1 > done > >- # Search for Port statement >- FIND=$(${EGREPBINARY} "^Port 631" ${CUPSD_CONFIG_FILE}) >- if [ -n "${FIND}" ]; then >- LogText "Result: found CUPS listening on port 631 (most likely all interfaces)" >- FOUND=1 >- fi >- > # Check if daemon might be running on localhost >- if [ ${FOUND} -eq 0 ]; then >+ if [ ${FOUND} -eq 0 -a ${PORT_FOUND} -eq 0 ]; then > LogText "Result: CUPS does not look to be listening on a network port" >- elif [ ${COUNT} -eq 1 ]; then >+ elif [ ${COUNT} -eq 1 -a ${PORT_FOUND} -eq 0 ]; then > if [ "${FIND}" = "localhost:631" -o "${FIND}" = "127.0.0.1:631" ]; then > LogText "Result: CUPS daemon only running on localhost" > AddHP 2 2 >diff -ur lynis-3.0.0/include/tests_scheduling lynis-3.0.8/include/tests_scheduling >--- lynis-3.0.0/include/tests_scheduling 2020-06-18 03:00:00 >+++ lynis-3.0.8/include/tests_scheduling 2022-05-17 03:00:00 >@@ -6,7 +6,7 @@ > # ------------------ > # > # Copyright 2007-2013, Michael Boelen >-# Copyright 2007-2020, CISOfy >+# Copyright 2007-2021, CISOfy > # > # Website : https://cisofy.com > # Blog : http://linux-audit.com >@@ -22,7 +22,7 @@ > # > ################################################################################# > # >- InsertSection "Scheduled tasks" >+ InsertSection "${SECTION_SCHEDULED_TASKS}" > # > ################################################################################# > # >@@ -77,7 +77,7 @@ > if FileIsReadable ${DIR}; then > LogText "Result: found directory ${DIR}" > LogText "Test: searching files in ${DIR}" >- FIND=$(${FINDBINARY} ${DIR} -type f -print | ${GREPBINARY} -v ".placeholder") >+ FIND=$(${FINDBINARY} -L ${DIR} -type f -print | ${GREPBINARY} -v ".placeholder") > if IsEmpty "${FIND}"; then > LogText "Result: no files found in ${DIR}" > else >@@ -112,7 +112,7 @@ > LogText "Result: found directory ${I}" > if FileIsReadable ${I}; then > LogText "Test: searching files in ${I}" >- FIND=$(${FINDBINARY} ${I} -type f -print 2> /dev/null | ${GREPBINARY} -v ".placeholder") >+ FIND=$(${FINDBINARY} -L ${I} -type f -print 2> /dev/null | ${GREPBINARY} -v ".placeholder") > if [ -z "${FIND}" ]; then > LogText "Result: no files found in ${I}" > else >diff -ur lynis-3.0.0/include/tests_shells lynis-3.0.8/include/tests_shells >--- lynis-3.0.0/include/tests_shells 2020-06-18 03:00:00 >+++ lynis-3.0.8/include/tests_shells 2022-05-17 03:00:00 >@@ -6,7 +6,7 @@ > # ------------------ > # > # Copyright 2007-2013, Michael Boelen >-# Copyright 2007-2020, CISOfy >+# Copyright 2007-2021, CISOfy > # > # Website : https://cisofy.com > # Blog : http://linux-audit.com >@@ -23,7 +23,7 @@ > ################################################################################# > # > IDLE_TIMEOUT=0 >- InsertSection "Shells" >+ InsertSection "${SECTION_SHELLS}" > # > ################################################################################# > # >@@ -167,9 +167,9 @@ > FIND=$(${LSBINARY} ${ROOTDIR}etc/profile.d/*.sh 2> /dev/null) > if [ -n "${FIND}" ]; then > # Determine if we can find a TMOUT value >- FIND=$(${FINDBINARY} ${ROOTDIR}etc/profile.d -name "*.sh" -type f -exec cat {} \; 2> /dev/null | ${GREPBINARY} 'TMOUT=' | ${TRBINARY} -d ' ' | ${TRBINARY} -d '\t' | ${GREPBINARY} -v "^#" | ${SEDBINARY} 's/export//' | ${SEDBINARY} 's/#.*//' | ${AWKBINARY} -F= '{ print $2 }') >+ FIND=$(${FINDBINARY} -L ${ROOTDIR}etc/profile.d -name "*.sh" -type f -exec cat {} \; 2> /dev/null | ${GREPBINARY} 'TMOUT=' | ${TRBINARY} -d ' ' | ${TRBINARY} -d '\t' | ${GREPBINARY} -v "^#" | ${SEDBINARY} 's/export//' | ${SEDBINARY} 's/#.*//' | ${AWKBINARY} -F= '{ print $2 }') > # Determine if the value is exported (with export, readonly, or typeset) >- FIND2=$(${FINDBINARY} ${ROOTDIR}etc/profile.d -name "*.sh" -type f -exec cat {} \; 2> /dev/null | ${GREPBINARY} '\(export\|readonly\|typeset -r\)[ \t]*TMOUT' | ${GREPBINARY} -v "^#" | ${SEDBINARY} 's/#.*//' | ${AWKBINARY} '{ print $1 }') >+ FIND2=$(${FINDBINARY} -L ${ROOTDIR}etc/profile.d -name "*.sh" -type f -exec cat {} \; 2> /dev/null | ${GREPBINARY} '\(export\|readonly\|typeset -r\)[ \t]*TMOUT' | ${GREPBINARY} -v "^#" | ${SEDBINARY} 's/#.*//' | ${AWKBINARY} '{ print $1 }') > if [ -n "${FIND}" ]; then > N=0; IDLE_TIMEOUT=1 > for I in ${FIND}; do >@@ -282,4 +282,4 @@ > > # > #================================================================================ >-# Lynis - Copyright 2007-2020, CISOfy - http://cisofy.com >+# Lynis - Copyright 2007-2021, CISOfy - http://cisofy.com >diff -ur lynis-3.0.0/include/tests_snmp lynis-3.0.8/include/tests_snmp >--- lynis-3.0.0/include/tests_snmp 2020-06-18 03:00:00 >+++ lynis-3.0.8/include/tests_snmp 2022-05-17 03:00:00 >@@ -6,7 +6,7 @@ > # ------------------ > # > # Copyright 2007-2013, Michael Boelen >-# Copyright 2007-2020, CISOfy >+# Copyright 2007-2021, CISOfy > # > # Website : https://cisofy.com > # Blog : http://linux-audit.com >@@ -28,7 +28,7 @@ > # > ################################################################################# > # >- InsertSection "SNMP Support" >+ InsertSection "${SECTION_SNMP_SUPPORT}" > > # Test : SNMP-3302 > # Description : Check for a running SNMP daemon >@@ -104,4 +104,4 @@ > > # > #================================================================================ >-# Lynis - Copyright 2007-2020 Michael Boelen, CISOfy - https://cisofy.com >+# Lynis - Copyright 2007-2021 Michael Boelen, CISOfy - https://cisofy.com >diff -ur lynis-3.0.0/include/tests_squid lynis-3.0.8/include/tests_squid >--- lynis-3.0.0/include/tests_squid 2020-06-18 03:00:00 >+++ lynis-3.0.8/include/tests_squid 2022-05-17 03:00:00 >@@ -6,7 +6,7 @@ > # ------------------ > # > # Copyright 2007-2013, Michael Boelen >-# Copyright 2007-2020, CISOfy >+# Copyright 2007-2021, CISOfy > # > # Website : https://cisofy.com > # Blog : http://linux-audit.com >@@ -29,7 +29,7 @@ > # > ################################################################################# > # >- InsertSection "Squid Support" >+ InsertSection "${SECTION_SQUID_SUPPORT}" > # > ################################################################################# > # >@@ -131,7 +131,7 @@ > Register --test-no SQD-3613 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check Squid file permissions" > if [ ${SKIPTEST} -eq 0 ]; then > LogText "Test: Checking file permissions of ${SQUID_DAEMON_CONFIG}" >- FIND=$(find ${SQUID_DAEMON_CONFIG} -type f -a \( -perm -004 -o -perm -002 -o -perm -001 \)) >+ FIND=$(find -L ${SQUID_DAEMON_CONFIG} -type f -a \( -perm -004 -o -perm -002 -o -perm -001 \)) > if [ -n "${FIND}" ]; then > LogText "Result: file ${SQUID_DAEMON_CONFIG} is world readable, writable or executable and could leak information or passwords" > Display --indent 4 --text "- Checking Squid configuration file permissions" --result "${STATUS_WARNING}" --color RED >@@ -325,4 +325,4 @@ > > # > #================================================================================ >-# Lynis - Copyright 2007-2020 Michael Boelen, CISOfy - https://cisofy.com >+# Lynis - Copyright 2007-2021 Michael Boelen, CISOfy - https://cisofy.com >diff -ur lynis-3.0.0/include/tests_ssh lynis-3.0.8/include/tests_ssh >--- lynis-3.0.0/include/tests_ssh 2020-06-18 03:00:00 >+++ lynis-3.0.8/include/tests_ssh 2022-05-17 03:00:00 >@@ -6,7 +6,7 @@ > # ------------------ > # > # Copyright 2007-2013, Michael Boelen >-# Copyright 2007-2020, CISOfy >+# Copyright 2007-2021, CISOfy > # > # Website : https://cisofy.com > # Blog : http://linux-audit.com >@@ -34,7 +34,7 @@ > # > ################################################################################# > # >- InsertSection "SSH Support" >+ InsertSection "${SECTION_SSH_SUPPORT}" > # > ################################################################################# > # >@@ -74,7 +74,7 @@ > LogText "Result: ${I}/sshd_config exists" > if [ ${FOUND} -eq 1 ]; then > ReportException "${TEST_NO}:01" >- LogText "Result: we already had found another sshd_config file. Using this new file then." >+ LogText "Result: we already found another sshd_config file. Using this new file instead of the previous one." > fi > FileIsReadable ${I}/sshd_config > if [ ${CANREAD} -eq 1 ]; then >diff -ur lynis-3.0.0/include/tests_storage lynis-3.0.8/include/tests_storage >--- lynis-3.0.0/include/tests_storage 2020-06-18 03:00:00 >+++ lynis-3.0.8/include/tests_storage 2022-05-17 03:00:00 >@@ -6,7 +6,7 @@ > # ------------------ > # > # Copyright 2007-2013, Michael Boelen >-# Copyright 2007-2020, CISOfy >+# Copyright 2007-2021, CISOfy > # > # Website : https://cisofy.com > # Blog : http://linux-audit.com >@@ -18,7 +18,7 @@ > # > ################################################################################# > # >- InsertSection "Storage" >+ InsertSection "${SECTION_STORAGE}" > # > ################################################################################# > # >@@ -59,7 +59,7 @@ > > if [ ${FOUND} -eq 0 ]; then > LogText "Result: firewire ohci driver is not explicitly disabled" >- Display --indent 2 --text "- Checking firewire ohci driver (modprobe config)" --result "NOT DISABLED" --color WHITE >+ Display --indent 2 --text "- Checking firewire ohci driver (modprobe config)" --result "${STATUS_NOT_DISABLED}" --color WHITE > ReportSuggestion "${TEST_NO}" "Disable drivers like firewire storage when not used, to prevent unauthorized storage or data theft" > # after blacklisting modules, make sure to remove them from the initram filesystem: update-initramfs -u > AddHP 2 3 >@@ -77,4 +77,4 @@ > > # > #================================================================================ >-# Lynis - Copyright 2007-2020, CISOfy, Michael Boelen - https://cisofy.com >+# Lynis - Copyright 2007-2021, CISOfy, Michael Boelen - https://cisofy.com >diff -ur lynis-3.0.0/include/tests_storage_nfs lynis-3.0.8/include/tests_storage_nfs >--- lynis-3.0.0/include/tests_storage_nfs 2020-06-18 03:00:00 >+++ lynis-3.0.8/include/tests_storage_nfs 2022-05-17 03:00:00 >@@ -6,7 +6,7 @@ > # ------------------ > # > # Copyright 2007-2013, Michael Boelen >-# Copyright 2007-2020, CISOfy >+# Copyright 2007-2021, CISOfy > # > # Website : https://cisofy.com > # Blog : http://linux-audit.com >diff -ur lynis-3.0.0/include/tests_system_integrity lynis-3.0.8/include/tests_system_integrity >--- lynis-3.0.0/include/tests_system_integrity 2020-06-18 03:00:00 >+++ lynis-3.0.8/include/tests_system_integrity 2022-05-17 03:00:00 >@@ -6,7 +6,7 @@ > # ------------------ > # > # Copyright 2007-2013, Michael Boelen >-# Copyright 2007-2020, CISOfy >+# Copyright 2007-2021, CISOfy > # > # Website : https://cisofy.com > # Blog : http://linux-audit.com >@@ -25,7 +25,7 @@ > # > ################################################################################# > # >- InsertSection "Software: system integrity" >+ InsertSection "${SECTION_SYSTEM_INTEGRITY}" > Display --indent 2 --text "- Checking file integrity tools" > # > ################################################################################# >@@ -51,4 +51,4 @@ > WaitForKeyPress > # > #================================================================================ >-# Lynis - Copyright 2007-2020 Michael Boelen, CISOfy - https://cisofy.com >+# Lynis - Copyright 2007-2021 Michael Boelen, CISOfy - https://cisofy.com >diff -ur lynis-3.0.0/include/tests_time lynis-3.0.8/include/tests_time >--- lynis-3.0.0/include/tests_time 2020-06-18 03:00:00 >+++ lynis-3.0.8/include/tests_time 2022-05-17 03:00:00 >@@ -6,7 +6,7 @@ > # ------------------ > # > # Copyright 2007-2013, Michael Boelen >-# Copyright 2007-2020, CISOfy >+# Copyright 2007-2021, CISOfy > # > # Website : https://cisofy.com > # Blog : http://linux-audit.com >@@ -22,7 +22,7 @@ > # > ################################################################################# > # >- InsertSection "Time and Synchronization" >+ InsertSection "${SECTION_TIME_AND_SYNCHRONIZATION}" > # > ################################################################################# > # >@@ -86,9 +86,8 @@ > # Reason: openntpd syncs only if large time corrections are not required or -s is passed. > # This might be not intended by the administrator (-s is NOT the default!) > FIND=$(${PSBINARY} ax | ${GREPBINARY} "ntpd: ntp engine" | ${GREPBINARY} -v "grep") >- ${NTPCTLBINARY} -s status > /dev/null 2> /dev/null >- # Status code 0 is when communication over the socket is successfull >- if [ "$?" -eq 0 ]; then >+ # Status code 0 is when communication over the socket is successful >+ if ${NTPCTLBINARY} -s status > /dev/null 2> /dev/null; then > FOUND=1; NTP_DAEMON_RUNNING=1; NTP_CONFIG_TYPE_DAEMON=1; NTP_DAEMON="openntpd" > LogText "result: found openntpd (method: ntpctl)" > OPENNTPD_COMMUNICATION=1 >@@ -98,16 +97,16 @@ > FOUND=1; NTP_DAEMON_RUNNING=1; NTP_CONFIG_TYPE_DAEMON=1; NTP_DAEMON="openntpd" > LogText "result: found openntpd (method: ps)" > else >- LogText "result: running openntpd not found, but ntpctl is instaalled" >+ LogText "result: running openntpd not found, but ntpctl is installed" > fi > >- if [ "${NTP_DAEMON}" == "openntpd" ]; then >+ if [ "${NTP_DAEMON}" = "openntpd" ]; then > Display --indent 2 --text "- NTP daemon found: OpenNTPD" --result "${STATUS_FOUND}" --color GREEN > fi > fi > > # Check running processes (ntpd from ntp.org) >- # As checking by process name is ambigiouse (openntpd has the same process name), >+ # As checking by process name is ambiguous (openntpd has the same process name), > # this check will be skipped if openntpd has been found. > FIND=$(${PSBINARY} ax | ${GREPBINARY} "ntpd" | ${GREPBINARY} -v "dntpd" | ${GREPBINARY} -v "ntpd: " | ${GREPBINARY} -v "grep") > if [ "${NTP_DAEMON}" != "openntpd" ] && [ -n "${FIND}" ]; then >@@ -124,39 +123,30 @@ > fi > > # Check timedate daemon (systemd) >- if [ -n "${TIMEDATECTL}" ]; then >- FIND=$(${TIMEDATECTL} status | ${EGREPBINARY} "(NTP|System clock) synchronized: yes") >- if [ -n "${FIND}" ]; then >- # Check for systemd-timesyncd >- if [ -f ${ROOTDIR}etc/systemd/timesyncd.conf ]; then >- LogText "Result: found ${ROOTDIR}etc/systemd/timesyncd.conf" >- FOUND=1; NTP_DAEMON_RUNNING=1; NTP_CONFIG_TYPE_DAEMON=1; NTP_DAEMON="systemd-timesyncd" >- Display --indent 2 --text "- NTP daemon found: systemd (timesyncd)" --result "${STATUS_FOUND}" --color GREEN >- SYSTEMD_NTP_ENABLED=1 >- else >- LogText "Result: ${ROOTDIR}etc/systemd/timesyncd.conf does not exist" >- fi >- else >- LogText "Result: time synchronization not performed according timedatectl command" >- fi >- else >- LogText "Result: timedatectl command not available on this system" >+ FIND=$(${PSBINARY} ax | ${GREPBINARY} "systemd-timesyncd" | ${GREPBINARY} -v "grep") >+ if [ -n "${FIND}" ]; then >+ FOUND=1; NTP_DAEMON_RUNNING=1; NTP_CONFIG_TYPE_DAEMON=1; NTP_DAEMON="systemd-timesyncd" >+ Display --indent 2 --text "- NTP daemon found: systemd (timesyncd)" --result "${STATUS_FOUND}" --color GREEN >+ LogText "Result: Found running systemd-timesyncd in process list" > fi > > # Check crontab for OpenBSD/FreeBSD > # Check anacrontab for Linux > CRONTAB_FILES="/etc/anacrontab /etc/crontab" >+ # Regex for matching multiple time synchronisation binaries >+ # Partial sanity check for sntp and ntpdig, but this does not consider all corner cases >+ CRONTAB_REGEX='ntpdate|rdate|sntp.+-(s|j|--adj)|ntpdig.+-(S|s)' > for I in ${CRONTAB_FILES}; do > if [ -f ${I} ]; then >- LogText "Test: checking for ntpdate or rdate in crontab file ${I}" >- FIND=$(${EGREPBINARY} "ntpdate|rdate" ${I} | ${GREPBINARY} -v '^#') >+ LogText "Test: checking for ntpdate, rdate, sntp or ntpdig in crontab file ${I}" >+ FIND=$(${EGREPBINARY} "${CRONTAB_REGEX}" ${I} | ${GREPBINARY} -v '^#') > if [ -n "${FIND}" ]; then > FOUND=1; NTP_CONFIG_TYPE_SCHEDULED=1 > Display --indent 2 --text "- Checking NTP client in crontab file (${I})" --result "${STATUS_FOUND}" --color GREEN >- LogText "Result: found ntpdate or rdate reference in crontab file ${I}" >+ LogText "Result: found ntpdate, rdate, sntp or ntpdig reference in crontab file ${I}" > else > #Display --indent 2 --text "- Checking NTP client in crontab file (${I})" --result "${STATUS_NOT_FOUND}" --color WHITE >- LogText "Result: no ntpdate or rdate reference found in crontab file ${I}" >+ LogText "Result: no ntpdate, rdate, sntp or ntpdig reference found in crontab file ${I}" > fi > else > LogText "Result: crontab file ${I} not found" >@@ -169,31 +159,18 @@ > > # Check cron jobs > for I in ${CRON_DIRS}; do >- if [ -d ${I} ]; then >- if FileIsReadable ${I}; then >- FIND=$(${FINDBINARY} ${I} -type f -a ! -name ".placeholder" -print 2> /dev/null | ${SEDBINARY} 's/ /__space__/g' | ${TRBINARY} '\n' '\0' | ${TRBINARY} -cd '[:print:]\0' | ${TRBINARY} '\0' ' ') >+ for J in "${I}"/*; do # iterate over folders in a safe way >+ # Check: regular file, readable and not called .placeholder >+ FIND=$(echo "${J}" | ${EGREPBINARY} '/.placeholder$') >+ if [ -f "${J}" ] && [ -r "${J}" ] && [ -z "${FIND}" ]; then >+ LogText "Test: checking for ntpdate, rdate, sntp or ntpdig in ${J}" >+ FIND=$("${EGREPBINARY}" "${CRONTAB_REGEX}" "${J}" | "${GREPBINARY}" -v "^#") > if [ -n "${FIND}" ]; then >- for J in ${FIND}; do >- # Place back spaces if needed >- J=$(echo ${J} | ${SEDBINARY} 's/__space__/ /g') >- LogText "Test: checking for ntpdate or rdate in ${J}" >- if FileIsReadable ${J}; then >- FIND2=$(${EGREPBINARY} "rdate|ntpdate" "${J}" | ${GREPBINARY} -v "^#") >- if [ -n "${FIND2}" ]; then >- LogText "Positive match found: ${FIND2}" >- FOUND=1; FOUND_IN_CRON=1; NTP_CONFIG_TYPE_SCHEDULED=1 >- fi >- else >- LogText "Result: could not test in file '${J}' as it is not readable" >- fi >- done >- else >- LogText "Result: ${I} is empty, skipping search in directory" >+ FOUND=1; FOUND_IN_CRON=1; NTP_CONFIG_TYPE_SCHEDULED=1 >+ LogText "Result: found ntpdate, rdate, sntp or ntpdig in ${J}" > fi >- else >- LogText "Result: could not search in directory due to permissions" > fi >- fi >+ done > done > > if [ ${FOUND_IN_CRON} -eq 1 ]; then >@@ -532,7 +509,7 @@ > # > # Test : TIME-3180 > # Description : Report if ntpctl cannot communicate with OpenNTPD >- if [ "${NTPD_RUNNING}" -eq 1 ] && [ -n "${NTPCTLBINARY}" ] && [ "${NTP_DAEMON}" == "openntpd" ]; then >+ if [ "${NTP_DAEMON_RUNNING}" -eq 1 ] && [ -n "${NTPCTLBINARY}" ] && [ "${NTP_DAEMON}" = "openntpd" ]; then > PREQS_MET="YES" > else > PREQS_MET="NO" >@@ -548,7 +525,7 @@ > # > # Test : TIME-3181 > # Description : Check status of OpenNTPD time synchronisation >- if [ "${NTPD_RUNNING}" -eq 1 ] && [ -n "${NTPCTLBINARY}" ] && [ "${NTP_DAEMON}" == "openntpd" ] && [ "${OPENNTPD_COMMUNICATION}" -eq 1 ]; then >+ if [ "${NTP_DAEMON_RUNNING}" -eq 1 ] && [ -n "${NTPCTLBINARY}" ] && [ "${NTP_DAEMON}" = "openntpd" ] && [ "${OPENNTPD_COMMUNICATION}" -eq 1 ]; then > PREQS_MET="YES" > else > PREQS_MET="NO" >@@ -567,7 +544,7 @@ > # Test : TIME-3182 > # Description : Check OpenNTPD has working peers > >- if [ "${NTPD_RUNNING}" -eq 1 ] && [ -n "${NTPCTLBINARY}" ] && [ "${NTP_DAEMON}" == "openntpd" ] && [ "${OPENNTPD_COMMUNICATION}" -eq 1 ]; then >+ if [ "${NTP_DAEMON_RUNNING}" -eq 1 ] && [ -n "${NTPCTLBINARY}" ] && [ "${NTP_DAEMON}" = "openntpd" ] && [ "${OPENNTPD_COMMUNICATION}" -eq 1 ]; then > PREQS_MET="YES" > else > PREQS_MET="NO" >@@ -576,11 +553,60 @@ > Register --test-no TIME-3182 --preqs-met "${PREQS_MET}" --weight L --network NO --category security --description "Check OpenNTPD has working peers" > if [ ${SKIPTEST} -eq 0 ]; then > # Format is "xx/yy peers valid, ..." >- FIND=$(${NTPCTLBINARY} -s status | ${EGREPBINARY} -o "[0-9]{1,4}/" | ${EGREPBINARY} -o "[0-9]{1,4}" ) >- if [ -n "${FIND}" ] || [ "${FIND}" -eq 0 ]; then >+ FIND=$(${NTPCTLBINARY} -s status | ${EGREPBINARY} -o '[0-9]+/[0-9]+' | ${CUTBINARY} -d '/' -f 1) >+ if [ -z "${FIND}" ] || [ "${FIND}" -eq 0 ]; then > ReportWarning "${TEST_NO}" "OpenNTPD has no peers" "${NTPCTLBINARY} -s status" > fi > fi >+ >+# >+################################################################################# >+# >+ >+ # Test : TIME-3185 >+ # Description : Check systemd-timesyncd synchronized time >+ >+ if [ "${NTP_DAEMON}" = "systemd-timesyncd" ]; then >+ PREQS_MET="YES" >+ else >+ PREQS_MET="NO" >+ fi >+ >+ >+ Register --test-no TIME-3185 --preqs-met "${PREQS_MET}" --weight L --network NO --category "security" --description "Check systemd-timesyncd synchronized time" >+ SYNCHRONIZED_FILE="/run/systemd/timesync/synchronized" >+ >+ if [ ${SKIPTEST} -eq 0 ]; then >+ # On earlier systemd versions (237), '/run/systemd/timesync/synchronized' does not exist, so use '/var/lib/systemd/timesync/clock' >+ if [ ! -e "${SYNCHRONIZED_FILE}" ]; then >+ SYNCHRONIZED_FILE="/var/lib/systemd/timesync/clock" >+ fi >+ # DynamicUser=yes moves the clock file to '/var/lib/private/systemd/timesync/clock' >+ if [ ! -e "${SYNCHRONIZED_FILE}" ]; then >+ SYNCHRONIZED_FILE="/var/lib/private/systemd/timesync/clock" >+ fi >+ # Fix for debian stretch >+ if [ ! -e "${SYNCHRONIZED_FILE}" ]; then >+ SYNCHRONIZED_FILE="/var/lib/systemd/clock" >+ fi >+ if [ -e "${SYNCHRONIZED_FILE}" ]; then >+ FIND=$(( $(date +%s) - $(${STATBINARY} -L --format %Y "${SYNCHRONIZED_FILE}") )) >+ # Check if last sync was more than 2048 seconds (= the default of systemd) ago >+ if [ "${FIND}" -ge 2048 ]; then >+ COLOR=RED >+ ReportWarning "${TEST_NO}" "systemd-timesyncd did not synchronized the time recently." >+ else >+ COLOR=GREEN >+ fi >+ Display --indent 2 --text "- Last time synchronization" --result "${FIND}s" --color "${COLOR}" >+ LogText "Result: systemd-timesyncd synchronized time ${FIND} seconds ago." >+ else >+ Display --indent 2 --text "- Last time synchronization" --result "${STATUS_NOT_FOUND}" --color RED >+ ReportWarning "${TEST_NO}" "systemd-timesyncd never successfully synchronized time" >+ fi >+ fi >+ unset SYNCHRONIZED_FILE >+ > # > ################################################################################# > # >diff -ur lynis-3.0.0/include/tests_tooling lynis-3.0.8/include/tests_tooling >--- lynis-3.0.0/include/tests_tooling 2020-06-18 03:00:00 >+++ lynis-3.0.8/include/tests_tooling 2022-05-17 03:00:00 >@@ -6,7 +6,7 @@ > # ------------------ > # > # Copyright 2007-2013, Michael Boelen >-# Copyright 2007-2020, CISOfy >+# Copyright 2007-2021, CISOfy > # > # Website : https://cisofy.com > # Blog : http://linux-audit.com >@@ -37,7 +37,7 @@ > # > ################################################################################# > # >- InsertSection "Software: System tooling" >+ InsertSection "${SECTION_SYSTEM_TOOLING}" > # > ################################################################################# > # >@@ -368,6 +368,33 @@ > fi > SNORT=$(which snort 2> /dev/null) > fi >+ fi >+ fi >+# >+################################################################################# >+# >+ # Test : TOOL-5130 >+ # Description : Check for Suricata >+ Register --test-no TOOL-5130 --weight L --network NO --category security --description "Check for active Suricata daemon" >+ if [ ${SKIPTEST} -eq 0 ]; then >+ # Suricata presence >+ if [ -n "${SURICATABINARY}" ]; then >+ Report "ids_ips_tooling[]=suricata" >+ LogText "Result: Suricata is installed (${SURICATABINARY})" >+ # Suricata status >+ # Suricata sets its process name to Suricata-Main on Linux, but this might differ on other platforms, >+ # so fall back to checking the full commandline instead if the first test fails >+ if IsRunning "Suricata-Main" || IsRunning --full "${SURICATABINARY} "; then >+ # Only satisfy test TOOL-5190 if Suricata is actually running >+ IDS_IPS_TOOL_FOUND=1 >+ LogText "Result: Suricata daemon is active" >+ Display --indent 2 --text "- Checking Suricata status" --result "${STATUS_RUNNING}" --color GREEN >+ else >+ LogText "Result: Suricata daemon not active" >+ Display --indent 2 --text "- Checking Suricata status" --result "${STATUS_NOT_RUNNING}" --color YELLOW >+ fi >+ else >+ LogText "Result: Suricata not installed (suricata not found)" > fi > fi > # >diff -ur lynis-3.0.0/include/tests_usb lynis-3.0.8/include/tests_usb >--- lynis-3.0.0/include/tests_usb 2020-06-18 03:00:00 >+++ lynis-3.0.8/include/tests_usb 2022-05-17 03:00:00 >@@ -19,7 +19,7 @@ > # > ################################################################################# > # >- InsertSection "USB Devices" >+ InsertSection "${SECTION_USB_DEVICES}" > # > ################################################################################# > # >@@ -73,7 +73,7 @@ > fi > if [ ${FOUND} -eq 0 ]; then > LogText "Result: usb-storage driver is not explicitly disabled" >- Display --indent 2 --text "- Checking usb-storage driver (modprobe config)" --result "NOT DISABLED" --color WHITE >+ Display --indent 2 --text "- Checking usb-storage driver (modprobe config)" --result "${STATUS_NOT_DISABLED}" --color WHITE > if [ "${USBGUARD_FOUND}" -eq "0" ]; then > ReportSuggestion "${TEST_NO}" "Disable drivers like USB storage when not used, to prevent unauthorized storage or data theft" > fi >diff -ur lynis-3.0.0/include/tests_virtualization lynis-3.0.8/include/tests_virtualization >--- lynis-3.0.0/include/tests_virtualization 2020-06-18 03:00:00 >+++ lynis-3.0.8/include/tests_virtualization 2022-05-17 03:00:00 >@@ -6,7 +6,7 @@ > # ------------------ > # > # Copyright 2007-2013, Michael Boelen >-# Copyright 2007-2020, CISOfy >+# Copyright 2007-2021, CISOfy > # > # Website : https://cisofy.com > # Blog : http://linux-audit.com >@@ -22,7 +22,7 @@ > # > ################################################################################# > # >- InsertSection "Virtualization" >+ InsertSection "${SECTION_VIRTUALIZATION}" > # > ################################################################################# > # >diff -ur lynis-3.0.0/include/tests_webservers lynis-3.0.8/include/tests_webservers >--- lynis-3.0.0/include/tests_webservers 2020-06-18 03:00:00 >+++ lynis-3.0.8/include/tests_webservers 2022-05-17 03:00:00 >@@ -6,7 +6,7 @@ > # ------------------ > # > # Copyright 2007-2013, Michael Boelen >-# Copyright 2007-2020, CISOfy >+# Copyright 2007-2021, CISOfy > # > # Website : https://cisofy.com > # Blog : http://linux-audit.com >@@ -22,7 +22,7 @@ > # > ################################################################################# > # >- InsertSection "Software: webserver" >+ InsertSection "${SECTION_WEBSERVER}" > # > ################################################################################# > # >@@ -288,7 +288,7 @@ > Register --test-no HTTP-6643 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Determining existence of specific Apache modules" > if [ ${SKIPTEST} -eq 0 ]; then > # Check modules, module >- if CheckItem "apache_module" "/mod_security2.so"; then >+ if CheckItem "apache_module" "/mod_security(2|3).so" ; then > Display --indent 10 --text "ModSecurity: web application firewall" --result "${STATUS_FOUND}" --color GREEN > AddHP 3 3 > else >diff -ur lynis-3.0.0/include/tool_tips lynis-3.0.8/include/tool_tips >--- lynis-3.0.0/include/tool_tips 2020-06-18 03:00:00 >+++ lynis-3.0.8/include/tool_tips 2022-05-17 03:00:00 >@@ -6,7 +6,7 @@ > # ------------------ > # > # Copyright 2007-2013, Michael Boelen >-# Copyright 2007-2020, CISOfy >+# Copyright 2007-2021, CISOfy > # > # Website : https://cisofy.com > # Blog : http://linux-audit.com >diff -ur lynis-3.0.0/lynis lynis-3.0.8/lynis >--- lynis-3.0.0/lynis 2020-06-18 03:00:00 >+++ lynis-3.0.8/lynis 2022-05-17 03:00:00 >@@ -43,16 +43,16 @@ > PROGRAM_WEBSITE="https://cisofy.com/lynis/" > > # Version details >- PROGRAM_RELEASE_DATE="2020-06-18" >- PROGRAM_RELEASE_TIMESTAMP=1592477492 >+ PROGRAM_RELEASE_DATE="2022-05-17" >+ PROGRAM_RELEASE_TIMESTAMP=1652791205 > PROGRAM_RELEASE_TYPE="release" # pre-release or release >- PROGRAM_VERSION="3.0.0" >+ PROGRAM_VERSION="3.0.8" > > # Source, documentation and license > PROGRAM_SOURCE="https://github.com/CISOfy/lynis" > PROGRAM_PACKAGE="https://packages.cisofy.com/" > PROGRAM_DOCUMENTATION="https://cisofy.com/docs/" >- PROGRAM_COPYRIGHT="2007-2020, ${PROGRAM_AUTHOR} - ${PROGRAM_WEBSITE}" >+ PROGRAM_COPYRIGHT="2007-2021, ${PROGRAM_AUTHOR} - ${PROGRAM_WEBSITE}" > PROGRAM_LICENSE="${PROGRAM_NAME} comes with ABSOLUTELY NO WARRANTY. This is free software, and you are > welcome to redistribute it under the terms of the GNU General Public License. > See the LICENSE file for details about using this software." >@@ -89,6 +89,7 @@ > if [ -d "${WORKDIR}/include" ]; then INCLUDEDIR="${WORKDIR}/include"; fi > elif [ -d ${I} -a -z "${INCLUDEDIR}" ]; then > INCLUDEDIR=${I} >+ break > fi > done > fi >@@ -216,7 +217,7 @@ > > # Extract the short notation of the language (first two characters). > if [ -x "$(command -v locale 2> /dev/null)" ]; then >- LANGUAGE=$(locale | egrep "^LANG=" | cut -d= -f2 | cut -d_ -f1 | egrep "^[a-z]{2}$") >+ LANGUAGE=$(locale | egrep "^LANG=" | cut -d= -f2 | cut -d_ -f1 | tr -d '"' | egrep "^[a-z]{2}$") > # Try locale command if shell variable had no value > if [ -z "${DISPLAY_LANG}" ]; then > DISPLAY_LANG=$(locale | egrep "^LANG=" | cut -d= -f2) >@@ -241,6 +242,11 @@ > echo "Could not find languages directory (file: ${DBDIR}/languages/en)" > exit 1 > fi >+ >+ # Now that we have determined the language, we unset it from shell >+ # Some tools with translated strings are very hard to parse >+ unset LANG >+ > # > ################################################################################# > # >@@ -448,6 +454,7 @@ > ${GRAY}--verbose${NORMAL} : Show more details on screen > ${GRAY}--version (-V)${NORMAL} : Display version number and quit > ${GRAY}--wait${NORMAL} : Wait between a set of tests >+ ${GRAY}--slow-warning ${BROWN}<seconds>${NORMAL} : Threshold for slow test warning in seconds (default 10) > > ${WHITE}Enterprise options${NORMAL} > ${GRAY}--plugindir ${BROWN}<path>${NORMAL} : Define path of available plugins >@@ -505,7 +512,7 @@ > # > SafePerms ${INCLUDEDIR}/osdetection > . ${INCLUDEDIR}/osdetection >- Display --indent 2 --text "- Detecting OS... " --result DONE --color GREEN >+ Display --indent 2 --text "- Detecting OS... " --result "${STATUS_DONE}" --color GREEN > > # Check hostname > case ${OS} in >@@ -536,7 +543,7 @@ > CDATE=$(date "+%Y-%m-%d %H:%M:%S") > if [ ${LOGTEXT} -eq 1 ]; then echo "${CDATE} Starting ${PROGRAM_NAME} ${PROGRAM_VERSION} with PID ${OURPID}, build date ${PROGRAM_RELEASE_DATE}" > ${LOGFILE}; fi > if [ $? -gt 0 ]; then >- Display --indent 2 --text "- Clearing log file (${LOGFILE})... " --result WARNING --color RED >+ Display --indent 2 --text "- Clearing log file (${LOGFILE})... " --result "${STATUS_WARNING}" --color RED > echo "${WARNING}Fatal error${NORMAL}: problem while writing to log file. Check location and permissions." > RemovePIDFile > exit 1 >@@ -583,7 +590,7 @@ > if [ ${SET_STRICT} -eq 0 ]; then > set +u # Allow uninitialized variables > else >- set -u # Do not allow unitialized variables >+ set -u # Do not allow uninitialized variables > fi > > # Import a different language when configured >@@ -592,11 +599,33 @@ > Display --indent 2 --text "- Detecting language and localization" --result "${LANGUAGE}" --color WHITE > if [ ! -f ${DBDIR}/languages/${LANGUAGE} ]; then > Display --indent 4 --text "${YELLOW}Notice:${NORMAL} no language file found for '${LANGUAGE}' (tried: ${DBDIR}/languages/${LANGUAGE})" >- if IsDeveloperVersion; then Display --indent 4 --text "See https://github.com/CISOfy/lynis-sdk/documentation/10-translations.md for more details to help translate Lynis"; fi >+ if IsDeveloperVersion; then Display --indent 4 --text "See https://github.com/CISOfy/lynis-sdk/blob/master/documentation/10-translations.md for more details to help translate Lynis"; fi > sleep 5 > else >- LogText "Importing language file (${DBDIR}/languages/${LANGUAGE})" >- . ${DBDIR}/languages/${LANGUAGE} >+ if SafeFile "${DBDIR}/languages/${LANGUAGE}"; then >+ LogText "Importing language file (${DBDIR}/languages/${LANGUAGE})" >+ . ${DBDIR}/languages/${LANGUAGE} >+ # Check for missing translations if we are a pre-release or less than a week old >+ if grep -E -q -s "^#" ${DBDIR}/languages/${LANGUAGE}; then >+ TIME_DIFFERENCE_CHECK=604800 # 1 week >+ RELEASE_PLUS_TIMEDIFF=$((PROGRAM_RELEASE_TIMESTAMP + TIME_DIFFERENCE_CHECK)) >+ if IsDeveloperVersion || [ ${NOW} -lt ${RELEASE_PLUS_TIMEDIFF} ]; then >+ Display --indent 4 --text "Translation file (db/languages/${LANGUAGE}) needs an update" --result "OUTDATED" --color RED >+ Display --indent 4 --text "=======================================================================" >+ Display --indent 4 --text "Help other users and translate the missing lines:" >+ Display --indent 4 --text "1) Go to: https://github.com/CISOfy/lynis/edit/master/db/languages/${LANGUAGE}" >+ Display --indent 4 --text "2) Translate (some of) the lines starting with a hash (#) and remove the leading hash" >+ Display --indent 4 --text "3) Commit the changes" >+ Display --indent 4 --text "Thank you!" >+ Display --indent 4 --text "Note: no lines with a hash? Look if the file recently has been changed by another translator." >+ Display --indent 4 --text "=======================================================================" >+ sleep 30 >+ fi >+ fi >+ else >+ LogText "Could not import language file due to incorrect permissions" >+ fi >+ > fi > fi > LogTextBreak >@@ -722,7 +751,7 @@ > fi > > if [ -z "${PROGRAM_AC}" -o -z "${PROGRAM_LV}" ]; then >- Display --indent 2 --text "- Program update status... " --result UNKNOWN --color YELLOW >+ Display --indent 2 --text "- Program update status... " --result "${STATUS_UNKNOWN}" --color YELLOW > LogText "Result: Update check failed. No network connection?" > LogText "Info: to perform an automatic update check, outbound DNS connections should be allowed (TXT record)." > # Set both to safe values >@@ -735,13 +764,13 @@ > PROGRAM_MINVERSION=$((PROGRAM_LV - 10)) > LogText "Minimum required version : ${PROGRAM_MINVERSION}" > if [ ${PROGRAM_MINVERSION} -gt ${PROGRAM_AC} ]; then >- Display --indent 2 --text "- Program update status... " --result "WARNING" --color RED >+ Display --indent 2 --text "- Program update status... " --result "${STATUS_WARNING}" --color RED > LogText "Result: This version is VERY outdated. Newer ${PROGRAM_NAME} release available!" > ReportWarning "LYNIS" "Version of Lynis is very old and should be updated" > Report "lynis_update_available=1" > UPDATE_AVAILABLE=1 > else >- Display --indent 2 --text "- Program update status... " --result "UPDATE AVAILABLE" --color YELLOW >+ Display --indent 2 --text "- Program update status... " --result "${STATUS_UPDATE_AVAILABLE}" --color YELLOW > LogText "Result: newer ${PROGRAM_NAME} release available!" > ReportSuggestion "LYNIS" "Version of Lynis outdated, consider upgrading to the latest version" > Report "lynis_update_available=1" >@@ -749,11 +778,11 @@ > fi > else > if [ ${UPDATE_CHECK_SKIPPED} -eq 0 ]; then >- Display --indent 2 --text "- Program update status... " --result "NO UPDATE" --color GREEN >+ Display --indent 2 --text "- Program update status... " --result "${STATUS_NO_UPDATE}" --color GREEN > LogText "No ${PROGRAM_NAME} update available." > Report "lynis_update_available=0" > else >- Display --indent 2 --text "- Program update status... " --result "SKIPPED" --color YELLOW >+ Display --indent 2 --text "- Program update status... " --result "${STATUS_SKIPPED}" --color YELLOW > LogText "Update check skipped due to constraints (e.g. missing dig binary)" > Report "lynis_update_available=-1" > fi >@@ -773,7 +802,7 @@ > if [ ${NOW} -gt ${RELEASE_PLUS_TIMEDIFF} ]; then > # Show if release is old, only if we didn't show it with normal update check > if [ ${UPDATE_AVAILABLE} -eq 0 ]; then >- ReportSuggestion "LYNIS" "This release is more than 4 months old. Consider upgrading" >+ ReportSuggestion "LYNIS" "This release is more than 4 months old. Check the website or GitHub to see if there is an update available." > fi > OLD_RELEASE=1 > fi >@@ -856,12 +885,12 @@ > ################################################################################# > # > if IsVerbose; then >- InsertSection "Program Details" >- Display --indent 2 --text "- ${GEN_VERBOSE_MODE}" --result "YES" --color GREEN >+ InsertSection "${SECTION_PROGRAM_DETAILS}" >+ Display --indent 2 --text "- ${GEN_VERBOSE_MODE}" --result "${STATUS_YES}" --color GREEN > if IsDebug; then >- Display --indent 2 --text "- ${GEN_DEBUG_MODE}" --result "YES" --color GREEN >+ Display --indent 2 --text "- ${GEN_DEBUG_MODE}" --result "${STATUS_YES}" --color GREEN > else >- Display --indent 2 --text "- ${GEN_DEBUG_MODE}" --result "NO" --color RED >+ Display --indent 2 --text "- ${GEN_DEBUG_MODE}" --result "${STATUS_NO}" --color RED > fi > fi > # >@@ -951,7 +980,7 @@ > RunPlugins 1 > > if [ ${N_PLUGIN_ENABLED} -eq 0 ]; then >- Display --indent 2 --text "- ${GEN_PLUGINS_ENABLED}" --result "NONE" --color WHITE >+ Display --indent 2 --text "- ${GEN_PLUGINS_ENABLED}" --result "${STATUS_NONE}" --color WHITE > Report "plugins_enabled=0" > else > Report "plugins_enabled=1" >@@ -963,17 +992,23 @@ > # Get host ID > LogTextBreak > GetHostID >+ LogText "hostid-generation: method ${HOSTID_GEN}" >+ LogText "hostid2-generation: method ${HOSTID2_GEN}" > # Check if result is not empty (no blank, or hash of blank value, or minus, or zeros) >- if [ ! "${HOSTID}" = "-" -a ! "${HOSTID}" = "" -a ! "${HOSTID}" = "adc83b19e793491b1c6ea0fd8b46cd9f32e592fc" -a ! "${HOSTID}" = "6ef1338f520d075957424741d7ed35ab5966ae97" ]; then >- LogText "Info: found valid HostID ${HOSTID}" >- Report "hostid=${HOSTID}" >- else >- LogText "Info: no HostID found or invalid one" >- fi >- if [ ! "${HOSTID2}" = "" ]; then >+ case ${HOSTID} in >+ "" | "-" | "adc83b19e793491b1c6ea0fd8b46cd9f32e592fc" | "6ef1338f520d075957424741d7ed35ab5966ae97") >+ LogText "Info: no HostID found or invalid one" >+ ;; >+ *) >+ LogText "Info: HostID ${HOSTID} looks to be valid" >+ Report "hostid=${HOSTID}" >+ ;; >+ esac >+ >+ if [ -n "${HOSTID2}" ]; then > Report "hostid2=${HOSTID2}" > fi >- if [ ! "${MACHINEID}" = "" ]; then >+ if [ -n "${MACHINEID}" ]; then > LogText "Info: found a machine ID ${MACHINEID}" > Report "machineid=${MACHINEID}" > else >@@ -1011,8 +1046,8 @@ > LogText "Exception: skipping test category ${INCLUDE_TEST}, file ${INCLUDE_FILE} has bad permissions (should be 640, 600 or 400)" > ReportWarning "NONE" "Invalid permissions on tests file tests_${INCLUDE_TEST}" > # Insert a section and warn user also on screen >- InsertSection "General" >- Display --indent 2 --text "- Running test category ${INCLUDE_TEST}... " --result "SKIPPED" --color RED >+ InsertSection "${SECTION_GENERAL}" >+ Display --indent 2 --text "- Running test category ${INCLUDE_TEST}... " --result "${STATUS_SKIPPED}" --color RED > fi > else > echo "Error: Can't find file (category: ${INCLUDE_TEST})" >@@ -1037,10 +1072,10 @@ > else > LogText "Exception: skipping custom tests, file has bad permissions (should be 640, 600 or 400)" > ReportWarning "NONE" "Invalid permissions on custom tests file" >- Display --indent 2 --text "- Running custom tests... " --result "WARNING" --color RED >+ Display --indent 2 --text "- Running custom tests... " --result "${STATUS_WARNING}" --color RED > fi > else >- Display --indent 2 --text "- Running custom tests... " --result "NONE" --color WHITE >+ Display --indent 2 --text "- Running custom tests... " --result "${STATUS_NONE}" --color WHITE > fi > fi > # >@@ -1073,7 +1108,7 @@ > if [ ${SKIP_PLUGINS} -eq 0 ]; then > RunPlugins 2 > if [ ${N_PLUGIN_ENABLED} -gt 1 ]; then >- Display --indent 2 --text "- Plugins (phase 2)" --result "DONE" --color GREEN >+ Display --indent 2 --text "- Plugins (phase 2)" --result "${STATUS_DONE}" --color GREEN > fi > fi > # >@@ -1143,4 +1178,4 @@ > > # > #================================================================================ >-# Lynis - Copyright 2007-2020, Michael Boelen, CISOfy - https://cisofy.com >+# Lynis - Copyright 2007-2021, Michael Boelen, CISOfy - https://cisofy.com
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=13315">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 46322
: 13315 |
13316
|
13369
