diff options
author | Michael Boelen <michael.boelen@cisofy.com> | 2019-09-21 17:31:06 +0300 |
---|---|---|
committer | Michael Boelen <michael.boelen@cisofy.com> | 2019-09-21 17:31:06 +0300 |
commit | a1b6d463b2f3ff5f9cdd2383bc3ee031f38bb4e5 (patch) | |
tree | bd151fa6c6aac9b0e76ce87381c988ecf9dc693c | |
parent | 2c32e8e04df851fbea035a75b29d73558562e901 (diff) |
Fixed a typo
-rw-r--r-- | CHANGELOG.md | 5 | ||||
-rw-r--r-- | include/binaries | 4 | ||||
-rw-r--r-- | include/functions | 2 | ||||
-rw-r--r-- | include/profiles | 2 | ||||
-rw-r--r-- | include/tests_custom.template | 2 | ||||
-rw-r--r-- | include/tests_databases | 2 | ||||
-rw-r--r-- | include/tests_dns | 4 | ||||
-rw-r--r-- | include/tests_hardening | 2 | ||||
-rw-r--r-- | include/tests_homedirs | 2 | ||||
-rw-r--r-- | include/tests_ldap | 2 | ||||
-rw-r--r-- | include/tests_nameservices | 2 | ||||
-rw-r--r-- | include/tests_php | 4 | ||||
-rw-r--r-- | include/tests_ports_packages | 2 | ||||
-rw-r--r-- | include/tests_shells | 4 | ||||
-rw-r--r-- | include/tests_squid | 2 | ||||
-rw-r--r-- | include/tests_time | 4 | ||||
-rw-r--r-- | include/tests_virtualization | 1 |
17 files changed, 23 insertions, 23 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md index a36e9f45..9679fa2f 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -67,6 +67,7 @@ Using the relevant options, the scan will change base on the intended goal. - Profiles: message is displayed when old format "key:value" is used - Security: the 'nounset' (set -u) parameter is now activated by default - AUTH-9266 - skip .pam-old files in /etc/pam.d +- AUTH-9282 - fix: temporary variable was overwritten - AUTH-9408 - added support for pam_tally2 to log failed logins - CONT-8106 - support newer 'docker info' output - CRYP-8002 - gather kernel entropy on Linux systems @@ -2916,10 +2917,10 @@ Lynis 1.1.7 (2008-06-28) - Added dig availability check to DNS test [NETW-2704] - Bugfix: Fixed iptables test if the binary is not located in /sbin [FIRE-4512] - Bugfix: Improved yum-utils check to display suggestions correctly [PKGS-7384] - - Bugfix: Fixed prequisits for grpck test [AUTH-9216] + - Bugfix: Fixed prerequisites for grpck test [AUTH-9216] - Improved MySQL check [DBS-1804] - Changed color at chkconfig boot services test [BOOT-5177] - - Added missing prequisits output to portaudit test [PKGS-7382] + - Added missing prerequisites output to portaudit test [PKGS-7382] - Test output for FreeBSD mounts (UFS) improved [FILE-6329] - Extended OpenLDAP test to avoid finding itself in ps output [LDAP-2219] - Several tests have their warning reporting improved diff --git a/include/binaries b/include/binaries index 7af676f8..648fb1d3 100644 --- a/include/binaries +++ b/include/binaries @@ -65,10 +65,10 @@ if [ ${FOUND} -eq 1 ]; then # Stop execution if privileged, otherwise continue but warn user if [ ${PRIVILEGED} -eq 1 ]; then - ExitFatal "Possible riskful location (${SCANDIR}) in PATH discovered. Quitting..." + ExitFatal "Suspicious location (${SCANDIR}) in PATH discovered. Quitting..." else Display --indent 4 --text "Warning: suspicious location (${SCANDIR}) in PATH" - ReportWarning "${TEST_NO}" "Possible riskful location in PATH discovered" "text:${MSG}" + ReportWarning "${TEST_NO}" "Suspicious location in PATH discovered" "text:${MSG}" sleep 1 fi fi diff --git a/include/functions b/include/functions index 3be7168a..d0992299 100644 --- a/include/functions +++ b/include/functions @@ -1418,7 +1418,7 @@ if [ -e /proc/1/environ ]; then FIND=$(grep -qa 'container=lxc' ${ROOTDIR}proc/1/environ 2> /dev/null) if [ $? -eq 0 ]; then - LogText "Result: found LXC in environnement (/proc/1/environ), so we are running in LXC container" + LogText "Result: found LXC in environment (/proc/1/environ), so we are running in LXC container" CONTAINER_TYPE="LXC"; FOUND=1 EXITCODE=0 fi diff --git a/include/profiles b/include/profiles index f10d27a2..d05dcbb3 100644 --- a/include/profiles +++ b/include/profiles @@ -196,7 +196,7 @@ OPTION_FREEBSD_SKIP_PORTAUDIT="${VALUE}" ;; - # Lynis Enterprise: group name - deprecrated option + # Lynis Enterprise: group name - deprecated option group) GROUP_NAME="${VALUE}" AddSetting "group" "${GROUP_NAME}" "Group" diff --git a/include/tests_custom.template b/include/tests_custom.template index f2e6a2ef..e8de448f 100644 --- a/include/tests_custom.template +++ b/include/tests_custom.template @@ -109,7 +109,7 @@ ################################################################################# # # Test : CUST-0040 - # Description : Our second test, with a prequisite test + # Description : Our second test, with a prerequisite test # First check if OPENSSLBINARY is known as a prerequisite for this test # ! means "not". So if the binary is known, the prerequisite is matched. Otherwise we set it to NO and define a reason why we skipped this test diff --git a/include/tests_databases b/include/tests_databases index 01dcfe12..3ece8a99 100644 --- a/include/tests_databases +++ b/include/tests_databases @@ -219,7 +219,7 @@ ################################################################################# # # Test : DBS-1860 - # Description : Checks if a DB2 instance is currently runnigng + # Description : Checks if a DB2 instance is currently running Register --test-no DBS-1860 --weight L --network NO --category security --description "Checking active DB2 instances" if [ ${SKIPTEST} -eq 0 ]; then if IsRunning db2sysc; then diff --git a/include/tests_dns b/include/tests_dns index 28bea959..7e6109f5 100644 --- a/include/tests_dns +++ b/include/tests_dns @@ -35,7 +35,7 @@ ################################################################################# # # # Test : DNS-1600 -# # Description : Validate DNSSEC signiture is checked +# # Description : Validate DNSSEC signature is checked # Register --test-no DNS-1600 --weight L --network YES --category security --description "Validate DNSSEC igniture is checked" # if [ "${SKIPTEST}" -eq 0 ]; then # if [ -n "${DIGBINARY}" ]; then @@ -54,7 +54,7 @@ # elif [ -n "${GOOD}" -a -n "${BAD}" ]; then # Display --indent 4 --text "- Checking DNSSEC validation" --result "${STATUS_SUGGESTION}" --color YELLOW # LogText "Note: Using DNSSEC validation can protect from DNS hijacking" -# #ReportSuggestion "${TEST_NO}" "Altered DNS queries are accepted, configure DNSSEC valdating name servers" +# #ReportSuggestion "${TEST_NO}" "Altered DNS queries are accepted, configure DNSSEC validating name servers" # AddHP 2 2 # elif [ -n "${GOOD}" -a -z "${BAD}" ]; then # Display --indent 4 --text "- Checking DNSSEC validation" --result "${STATUS_OK}" --color GREEN diff --git a/include/tests_hardening b/include/tests_hardening index 006df683..12af3c9b 100644 --- a/include/tests_hardening +++ b/include/tests_hardening @@ -20,7 +20,7 @@ # InsertSection "Hardening" - # COMPILER_INSTALLED is initialised before + # COMPILER_INSTALLED is initialized before HARDEN_COMPILERS_NEEDED=0 # ################################################################################# diff --git a/include/tests_homedirs b/include/tests_homedirs index f4fcb61d..9b8c9c64 100644 --- a/include/tests_homedirs +++ b/include/tests_homedirs @@ -135,7 +135,7 @@ LogText "Info: above files could be redirected files to avoid logging and should be investigated" ReportWarning ${TEST_NO} "Incorrect file type found for shell history file" fi - LogText "Remarks: History files are normally of the type 'file'. Symbolic links and other types can be riskful." + LogText "Remarks: History files are normally of the type 'file'. Symbolic links and other types are suspicious." else Display --indent 2 --text "- Checking shell history files" --result "${STATUS_SKIPPED}" --color WHITE LogText "Result: Homedirs is empty, test will be skipped" diff --git a/include/tests_ldap b/include/tests_ldap index 473d3c71..63e26e58 100644 --- a/include/tests_ldap +++ b/include/tests_ldap @@ -89,7 +89,7 @@ ################################################################################# # # Test : LDAP-2240 - # Description : Check OpenLDAP unencrypted RootDN password + # Description : Check OpenLDAP plaintext RootDN password # ################################################################################# # diff --git a/include/tests_nameservices b/include/tests_nameservices index 71f1427e..aa60885b 100644 --- a/include/tests_nameservices +++ b/include/tests_nameservices @@ -124,7 +124,7 @@ Report "resolv_conf_option[]=${ITEM}" # TODO add suggestions for the related options # rotate --> add performance tune point - # timeout --> add performe tune point when smaller than 3 seconds + # timeout --> add performance tune point when smaller than 3 seconds done Display --indent 2 --text "- Checking /etc/resolv.conf options" --result "${STATUS_FOUND}" --color GREEN fi diff --git a/include/tests_php b/include/tests_php index 23ece909..d2303c2c 100644 --- a/include/tests_php +++ b/include/tests_php @@ -295,7 +295,7 @@ FIND=$(${EGREPBINARY} -i 'allow_url_fopen.*(off|no|0)' ${PHPINIFILE} | ${GREPBINARY} -v '^;') if [ -z "${FIND}" ]; then Display --indent 4 --text "- Checking allow_url_fopen option" --result "${STATUS_ON}" --color YELLOW - LogText "Result: allow_url_fopen option is turned on, which can be used for riskful downloads via PHP" + LogText "Result: allow_url_fopen option is turned on, which can be used for downloads via PHP and is a security risk" ReportSuggestion ${TEST_NO} "Change the allow_url_fopen line to: allow_url_fopen = Off, to disable downloads via PHP" AddHP 0 1 else @@ -318,7 +318,7 @@ FIND=$(${EGREPBINARY} -i 'allow_url_include.*(off|no|0)' ${PHPINIFILE} | ${GREPBINARY} -v '^;') if [ -z "${FIND}" ]; then Display --indent 4 --text "- Checking allow_url_include option" --result "${STATUS_ON}" --color YELLOW - Report "Result: allow_url_include option is turned on, which can be used for riskful downloads via PHP" + Report "Result: allow_url_include option is turned on, which can be used for downloads via PHP and is a risk" ReportSuggestion ${TEST_NO} "Change the allow_url_include line to: allow_url_include = Off, to disable downloads via PHP" AddHP 0 1 else diff --git a/include/tests_ports_packages b/include/tests_ports_packages index e82c8eaf..55276ca5 100644 --- a/include/tests_ports_packages +++ b/include/tests_ports_packages @@ -650,7 +650,7 @@ LogText "Result: Cron job is not configured for debsums utility." Display --indent 6 --text "- Cron job for debsums" --result "${STATUS_NOT_FOUND}" --color YELLOW AddHP 1 3 - ReportSuggestion "${TEST_NO}" "Check debsums configuration and enable checking regurlarly via a cron job." + ReportSuggestion "${TEST_NO}" "Check debsums configuration and enable checking regularly via a cron job." fi else LogText "Result: debsums utility is not installed." diff --git a/include/tests_shells b/include/tests_shells index 37d152b4..480166be 100644 --- a/include/tests_shells +++ b/include/tests_shells @@ -109,12 +109,12 @@ LogText "Test: Search for session timeout tools or settings in shell" if IsRunning "timeoutd"; then IDLE_TIMEOUT=1 - LogText "Result: found timeoutd process to kill idle sesions" + LogText "Result: found timeoutd process to kill idle sessions" IDLE_TIMEOUT_METHOD="timeout-daemon" fi if IsRunning "autolog"; then IDLE_TIMEOUT=1 - LogText "Result: found autolog process to kill idle sesions" + LogText "Result: found autolog process to kill idle sessions" Report="session_timeout_method[]=autolog" IDLE_TIMEOUT_METHOD="autolog" fi diff --git a/include/tests_squid b/include/tests_squid index bfb699f0..f6070507 100644 --- a/include/tests_squid +++ b/include/tests_squid @@ -222,7 +222,7 @@ ################################################################################# # # Test : SQD-3624 - # Description : Check unsecure ports in Safe_ports list + # Description : Check insecure ports in Safe_ports list if [ ${SQUID_DAEMON_RUNNING} -eq 1 -a ! "${SQUID_DAEMON_CONFIG}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi Register --test-no SQD-3624 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check Squid safe ports" if [ ${SKIPTEST} -eq 0 ]; then diff --git a/include/tests_time b/include/tests_time index 00245ff2..4f24da5c 100644 --- a/include/tests_time +++ b/include/tests_time @@ -108,7 +108,7 @@ LogText "Result: ${ROOTDIR}etc/systemd/timesyncd.conf does not exist" fi else - LogText "Result: time sychronization not performed according timedatectl command" + LogText "Result: time synchronization not performed according timedatectl command" fi else LogText "Result: timedatectl command not available on this system" @@ -223,7 +223,7 @@ FIND=$(${TIMEDATECTL} status | ${EGREPBINARY} "(NTP|System clock) synchronized: yes") if [ -z "${FIND}" ]; then LogText "Result: time not synchronized via NTP" - ReportSuggestion "${TEST_NO}" "Check timedatectl output. Sychronization via NTP is enabled, but status reflects it is not synchronized" + ReportSuggestion "${TEST_NO}" "Check timedatectl output. Synchronization via NTP is enabled, but status reflects it is not synchronized" fi fi # diff --git a/include/tests_virtualization b/include/tests_virtualization index 0f22f149..825eefeb 100644 --- a/include/tests_virtualization +++ b/include/tests_virtualization @@ -30,7 +30,6 @@ # # Description : Checking VMware # Register --test-no VIRT-1920 --weight L --network NO --category security --description "Checking VMware guest status" # if [ ${SKIPTEST} -eq 0 ]; then -# # Initialise # VMWARE_GUEST=0 # Display --indent 2 --text "- Checking VMware guest status" # # check memory driver file |