Initial import

72 files changed, 18157 insertions, 0 deletions

diff --git a/CHANGELOG b/CHANGELOG
new file mode 100644
index 00000000..42ed4aed
--- /dev/null
+++ b/CHANGELOG
@@ -0,0 +1,1529 @@
+
+================================================================================
+
+  Lynis - Changelog
+
+================================================================================
+
+  Author:                   Michael Boelen (michael@rootkit.nl)
+  Description:              Security and system auditing tool
+  Website:                  http://cisofy.com/lynis/
+                            http://www.rootkit.nl/projects/lynis.html
+
+  Support policy:           See section 'Support' (README file);
+                            Commercial support and plugins available via CISOfy
+                            http://cisofy.com
+
+  Documentation:            See web site, README, FAQ and CHANGELOG file
+
+================================================================================
+
+ * 1.6.0 (2014-08-xx)
+
+ New:
+ - Added files plugin to default profile
+ - HostID detection for AIX
+
+ Changes:
+ - Improvements for log file
+ - Improved detection of security repository for Debian based systems [PKGS-7388]
+ - Set default values for update check, to avoid error message on screen
+ - Cleanup for mail section, adding IMAP and POP3 protocols
+
+ --
+
+ * 1.5.9 (2014-07-31)
+
+ New:
+ - New NetBSD test for vulnerable software packages [PKGS-7380]
+ - Test if Debian based systems need a reboot [KRNL-5830]
+ - Test for running Sendmail daemon [MAIL-8880]
+ - Test for availability of mtree [FINT-4330]
+ - Check for lp daemon (printing) [PRNT-2314]
+ - Added Qmail status detection [MAIL-8860]
+ - New NetBSD boot loader test [BOOT-5126]
+ - Added test for automation tools like Cfengine and Puppet [TOOL-5002]
+ - Added KRNL-5830 control to website
+ - Added detection for Puppet
+ - Added tooling category
+
+ Changes:
+ - Security repository test extended with /etc/apt/sources.list.d [PKGS-7388]
+ - Added exception case for CUPS configuration (listen statement) [PRNT-2308]
+ - Improved detection of TMOUT setting in shell profile file [SHLL-6220]
+ - Perform promiscuous interfaces test for NetBSD as well [NETW-3014]
+ - Perform swap partition parameters test on all systems [FILE-6336]
+ - Also check password file on DragonFlyBSD and NetBSD [AUTH-9208]
+ - Show message regarding toor user for all systems [AUTH-9204]
+ - Check for available interfaces on NetBSD as well [NETW-3004]
+ - Extended UFS file system test with FFS support [FILE-6329]
+ - Improvements for step-tickers file test [TIME-3160]
+ - Perform sockstat test for NetBSD [NETW-3012]
+ - Gather IP addresses for NetBSD [NETW-3008]
+ - Test MAC addresses on NetBSD [NETW-3006]
+ - Added /usr/X11R7/bin directory to search for binaries
+ - Improved full qualified domain name (FQDN) check for Linux
+ - Don't show follow-up hints when there are no warnings or suggestions
+ - Improved IsRunning function to better target processes
+ - Several smaller adjustments in text and descriptions
+ - Extended ReportException function with logging text
+ - Improved GetHostID function for NetBSD and Solaris
+ - Added printing_daemon and mail_daemon to report
+ - Binaries extended with tools like kstat, puppet
+
+ --
+
+ * 1.5.8 (2014-07-24)
+
+ New:
+ - Testing for commercial anti-virus solutions like McAfee and Sophos [MALW-3280]
+ - New control text for MALW-3280 - http://cisofy.com/controls/malw-3280/
+
+ Changes:
+ - Extended GRUB test with encrypted password (SHA1) [BOOT-5121]
+ - Check /etc/profile for multiple umask values [AUTH-9328]
+ - Extended PHP disabled functions test [PHP-2320]
+ - Add gpgcheck parameter to YUM test [PKGS-7387]
+ - Squid configuration file permissions test adjusted and control added to website [SQD-3613]
+ - Logging has been extended and exceptional event text adjusted
+
+ --
+
+ * 1.5.7 (2014-07-09)
+
+ New:
+ - Implementation of SafePerms function
+ - Added notification when exceptions are found
+
+ Changes:
+ - Fix for error_log handling in nginx
+
+ --
+
+ * 1.5.6 (2014-06-12)
+
+ New:
+ - Test for PHP binary and PHP version
+ - Don't perform register_global test for systems running PHP 5.4.0 and later [PHP-2368]
+ - Debug function (can be activated via --debug or profile)
+
+ Changes:
+ - Extended IsRunning function
+ - Removed suggestion from secure shell test [SHLL-6202]
+ - Check for idle session handlers [SHLL-6220]
+ - Also check for apache2 binary (file instead of directory)
+ - New report values: session_timeout_enabled and session_timeout_method
+ - New report value for plugins: plugins_enabled
+ - Fixed test to determine active TCP sessions on Linux [NETW-3012]
+
+ --
+
+ * 1.5.5 (2014-06-08)
+
+ New:
+ - Check for nginx access logging [HTTP-6712]
+ - Check for missing error logs in nginx [HTTP-6714]
+ - Check for debug mode in nginx [HTTP-6716]
+
+ Changes:
+ - Extended SSL test for nginx when using listen statements
+ - Allow debugging via profile (config:debug:yes)
+ - Check if discovered httpd file is actually a file
+ - Improved temporary file creation related to security notice
+ - Adjustments to screen output
+
+ Security Note:
+ This releases solves two issues regarding the usage of temporary
+ files (predictability of the file names). You are advised to upgrade
+ to this version as soon as possible. For more information see the
+ our blog post: http://linux-audit.com/lynis-security-notice-154-and-older/
+
+ --
+
+ * 1.5.4 (2014-06-04)
+
+ New:
+ - Check additional configuration files for nginx [HTTP-6706]
+ - Analysis of nginx settings [HTTP-6708]
+ - New test for SSL configuration of nginx [HTTP-6710]
+
+ Changes:
+ - Altered SMBD version check for Mac OS
+ - Small adjustments to report for readability
+
+ --
+
+ * 1.5.3 (2014-05-19)
+
+ New:
+ - Support for zypper package manager
+ - Gather installed packages with Zypper on SuSE systems [PKGS-728]
+ - Check for vulnerable packages with Zypper package manager [PKGS-7330]
+
+ Changes:
+ - Check for aide.conf also in /etc [FINT-4315]
+ - Adjusted screen output for unreliable NTP peers [TIME-3120]
+ - Adjusted check kernel test for non-Linux systems [KRNL-5730]
+ - Improved screen output on AIX systems with echo command
+
+ --
+
+ * 1.5.2 (2014-05-05)
+
+ New:
+ - Support for runlevel in binaries test
+
+ Changes:
+ - Added suggestion for kernel availability check [KRNL-5788]
+ - Added suggestion for services at startup and proper binary call [BOOT-5180]
+ - Added suggestion to configure accounting on FreeBSD [ACCT-2754]
+ - Added suggestion to configure Linux process accounting [ACCT-9622]
+ - Several new controls listed on website
+ - Adjusted hardening index if total score was zero
+ - Added suggestion for auditd.conf file [ACCT-9632]
+ - Removed suggestion for audit log file [ACCT-9634]
+ - Removed warning from NTP falsetickers test, added data to report [TIME-3132]
+ - Removed warning from NTP selected time source test [TIME-3124]
+
+ --
+
+ * 1.5.1 (2014-04-22)
+
+ Changes:
+ - Extended reporting with running databases and frameworks
+ - Adjusted Oracle status in test [DBS-1840]
+ - Extended grsecurity test [RBAC-6272]
+ - Redirect rpcinfo errors to /dev/null
+ - Adjusted color scheme
+
+ --
+
+ * 1.5.0 (2014-04-10)
+
+ New:
+ - Support for Amazon Linux
+ - NTP check for step-tickers file (Red Hat and clones) [TIME-3160]
+
+ Changes:
+ - Minor textual changes in description of several controls
+ - Removed several warnings (usage of suggestions instead)
+ - Website has now more information for several controls
+ - Extended detection for Oracle Linux
+ - Updated the FAQ and README files
+
+ --
+
+ * 1.4.9 (2014-04-03)
+
+ New:
+ - Added links in report to related control documentation on website
+ - Detect Linux I/O kernel scheduler [KRNL-5730]
+
+ Changes:
+ - Check for non-unique accounts on several platforms [AUTH-9208]
+ - Set initial discover value for PAM modules to zero [AUTH-9268]
+
+ --
+
+ * 1.4.8 (2014-03-27)
+
+ Changes:
+ - Adjusted resolv.conf domain setting in report [NAME-4016]
+ - Extend account test with /var/log/pacct [ACCT-9620]
+ - Added suggestion to DNS domain name test [NAME-4028]
+ - Changed text strings of ZFS test [FILE-6330]
+ - Extend LILO password test [BOOT-5139]
+ - Set default value for pf firewall
+
+ --
+
+ * 1.4.7 (2014-03-21)
+
+ New:
+ - New configuration item to set group name
+ - Search for AIDE configuration file (aide.conf) [FINT-4315]
+ - Check for usage of SHA256/SHA512 in AIDE configuration [FINT-4316]
+ - Added grep to list of binaries
+
+ Changes:
+ - Added suggestion when using NIS or NIS+ [NAME-4302]
+ - Clean-up of unneeded plugin section
+ - Small typo fix
+
+ --
+
+ * 1.4.6 (2014-03-14)
+
+ New:
+ - Check for GPG signing in yum.conf [PKGS-7387]
+ - Check CUPS configuration file permissions [PRNT-2307]
+
+ Changes:
+ - Screen cleanup
+
+ --
+
+ * 1.4.5 (2014-03-08)
+
+ New:
+ - Support for Chakra Linux
+ - Support for pacman binary (package manager)
+ - Query installed packages on systems with pacman [PKGS-7310]
+
+ Changes:
+ - Avoid logging to screen when falsetickets are found [TIME-3132]
+ - Skipping FIFO file on Solaris systems when checking for cron jobs [TIME-3104]
+ - Extended uptime test for Solaris systems [BOOT-5202]
+ - Added /usr/lib/security to PAM locations to scan
+ - Report cronjobs to report [SCHD-7704]
+ - HostID support for Solaris
+ - Improved color scheme
+ - Extended logging
+
+ --
+
+ * 1.4.4 (2014-03-03)
+
+ New:
+ - Detect tune2fs binary
+ - Added ExitFatal() function
+ - Added egrep binary to binaries
+ - Initial plugin support (phase 1)
+ - Added InsertPluginSection() function
+
+ Changes:
+ - Adjusted disabled functions tests to properly find functions [PHP-2320]
+ - Extended time test with egrep binary replace for Solaris [TIME-3104]
+ - Adjusted color for SNMP test when warning is found [SNMP-3306]
+ - Adjusted text for PHP risky functions [PHP-2320]
+ - Refer to discovered binaries for ifconfig, lsmod, tune2fs
+ - Test plugin directory when provided by --plugin-dir
+ - Scan report extended with plugin information
+ - Extended help for Enterprise options
+ - Improved IsRunning() function
+ - Extended color scheme
+
+ --
+
+ * 1.4.3 (2014-02-23)
+
+ New:
+ - Support for ClearOS
+ - Data upload for Lynis Enterprise users (--upload)
+ - Added debug variable for troubleshooting purposes
+ - Scan profile option license_key
+
+ Changes:
+ - Skip password check for Red Hat or clones [AUTH-9282]
+ - Extended single user login protection [AUTH-9308]
+ - Adjusted repolist check for yum based systems [PKGS-7383]
+ - Inserted sleep time when update is found
+ - Extended report output
+
+ --
+
+ * 1.4.2 (2014-02-19)
+
+ Changes:
+ - Ignore interfaces aliases for HostID
+ - Extended umask tests with pam_umask entries [AUTH-9328]
+ - Check for supressed version on Squid [SQD-3680]
+
+ --
+
+ * 1.4.1 (2014-02-15)
+
+ New:
+ --plugin-dir parameter
+
+ Changes:
+ - Added 64 bits locations for Apache modules
+ - Add start of new category to logfile
+ - Extended sysstat test with /etc/cron.d/sysstat [ACCT-9626]
+ - Extended cron job tests with entries start with asterix (*) [SCHD-7704]
+ - Additional check for multiple umask entries (like RHEL 6.x) [AUTH-9328]
+ - Adjusted PHP test for register_globals (explicit test) [PHP-2368]
+ - Small adjustments for upcoming plugin support
+ - Extended man page
+
+ --
+
+ * 1.4.0 (2014-01-29)
+
+ Changes:
+ - Removed some warnings, to prevent double messages
+ - Extended accounting check for Linux [ACCT-9622]
+ - Added consistency check to time test [TIME-3124]
+ - Added support for anacron jobs [SCHD-7704]
+ - Rewrite of YUM repository test [PKGS-7383]
+ - Use binary variables for hostid creation
+ - AIX version detection changed
+ - Added rpcinfo to binaries check
+ - Ignore LANG global setting
+ - Improved logging
+
+ --
+
+ * 1.3.9 (2014-01-09)
+
+ Changes:
+ - Additional support for Mac OS
+ - Support for shasum binary
+ - Performance adjustment for lsof tests
+ - Extended interface check for hostid creation
+ - Improved NSCD detection [NAME-4032]
+ - Bug fix for passwdqc [AUTH-9262]
+ - Extended vulnerable packages test [PKGS-7392]
+ - Hide possible sysctl errors [KRNL-5820]
+
+ --
+
+ * 1.3.8 (2013-12-25)
+
+ New:
+ - New parameter --view-categories to display available test categories
+ - Added /etc/hosts check (duplicates) [NAME-4402]
+ - Added /etc/hosts check (hostname) [NAME-4404]
+ - Added /etc/hosts check (localhost mapping) [NAME-4406]
+ - Portmaster test for possible port upgrades [PKGS-7378]
+ - Check for SPARC improve boot loader (SILO) [BOOT-5142]
+ - NFS client access test [STRG-1930]
+ - Check system uptime [BOOT-5202]
+ - YUM repolist check [PKGS-7383]
+ - Contributors file added
+
+ Changes:
+ - Improved locate database check and reporting [FILE-6410]
+ - Improved PAE/No eXecute test for Linux kernel [KRNL-5677]
+ - Disabled NIS domain name from test [NAME-4028]
+ - Extended NIS domain test to check BSD sysctl value [NAME-4306]
+ - Extended PAM tools check with PAM paths [AUTH-9262]
+ - Adjusted Apache check to avoid skipping it [HTTP-6622]
+ - Extended USB state testing [STRG-1840]
+ - Extended Firewire state testing [STRG-1846]
+ - Extended core dump test [KRNL-5820]
+ - Added /lib/i386-linux-gnu/security to PAM directories
+ - Added /usr/X11R6/bin directory to binary paths
+ - Improved readability of screen output
+ - Improved logging for several tests
+ - Improved Debian version detection
+ - Added warning to BIND test [NAME-4206]
+ - Extended binaries with showmount and yum
+ - Updated man page
+
+ --
+
+ * 1.3.7 (2013-12-10)
+
+ New:
+ - Function FileExists() and SearchItem()
+
+ Changes:
+ - Adjusted yum-security check [PKGS-7386]
+ - Improved check for iptables binary check
+ - Extended report with the tests executed and skipped
+
+ --
+
+ * 1.3.6 (2013-12-03)
+
+ New:
+ - Support for the dntpd time daemon
+ - New Apache test for modules [HTTP-6632]
+ - Apache test for mod_evasive [HTTP-6640]
+ - Apache test for mod_qos [HTTP-6641]
+ - Apache test for mod_spamhaus [HTTP-6642]
+ - Apache test for ModSecurity [HTTP-6643]
+ - Check for installed package audit tool [PKGS-7398]
+ - Added initial support for new pkgng and related tools [PKGS-7381]
+ - Check for ssh-keyscan binary
+ - ZFS support for FreeBSD [FILE-6330]
+ - Test for passwordless accounts [AUTH-9283]
+ - Initial OS support for DragonFly BSD
+ - Initial OS support for TrueOS (FreeBSD based)
+ - Initial OS support for elementary OS (Luna)
+ - GetHostID for DragonFly, FreeBSD, NetBSD and OpenBSD
+ - Check for DHCP client [NETW-3030]
+ - Initial support for OSSEC (system integrity) [FINT-4328]
+ - New parameter --log-file to adjust log file location
+ - New function IsRunning() to check status of processes
+ - New function RealFilename() to determine file name
+ - New function CheckItem() for parsing files
+ - New function ReportManual() and ReportException() to simplify code
+ - New function DirectoryExists() to check existence of a directory
+ - Support for dntpd [TIME-3104]
+
+ Changes:
+ - Extended pf checks for FreeBSD/OpenBSD and others [FIRE-4518]
+ - Extended test to gather listening network ports for Linux [NETW-3012]
+ - Adjusted lsof statement to ignore warnings (e.g. fuse) [LOGG-2180] [LOGG-2190]
+ - Added suggestion for discovered shells on FreeBSD [AUTH-9218]
+ - Extended core dump test with additional details [KRNL-5820]
+ - Properly display suggestion if portaudit is not installed [PKGS-7382]
+ - Ignore message if no packages are installed (pkg_info) [PKGS-7320]
+ - Also try using apt-check on Debian systems [PKGS-7392]
+ - Adjusted logging for RPM binary on systems not using it [PKGS-7308]
+ - Extended search in cron directories for rdate/ntpdate [TIME-3104]
+ - Adjusted PHP check to find ini files [PHP-2211]
+ - Skip Apache test for NetBSD [HTTP-6622]
+ - Skip test http version check for NetBSD [HTTP-6624]
+ - Additional check to supress sort error [HTTP-6626]
+ - Improved the way binaries are checked (less disk reads)
+ - Adjusted ReportWarning() function to skip impact rating
+ - Improved report on screen by leaving out date/time and type
+ - Redirect errors while checking for OpenSSL version
+ - Extended reporting with firewall status and software
+ - Adjusted naming of some operating systems to make them more consistent
+ - Extended update check by using host binary if dig is not installed
+ - Count number of installed binaries/packages and report them
+ - Report about log rotation tool and status
+ - Updated man page
+
+ --
+
+ * 1.3.5 (2013-11-19)
+
+ New:
+ - OS detection for Mageia Linux, PCLinuxOS, Sabayon Linux and Scientific Linux
+ - Added some initial systemd support (e.g. boot services)
+ - Test to display if any known MAC framework is implemented [MACF-6290]
+
+ Changes:
+ - Improved support for Slackware Linux (OS and version detection)
+ - Added systemd support (boot and running services) for Linux systems [BOOT-5177]
+ - Added systemd support (default runlevel) for Linux systems [KRNL-5622]
+ - Extended USB storage check in modprobe.d directory [STRG-1840]
+ - Improved output, reporting and check for kernel update [KRNL-5788]
+ - Optimized code and output of test to check writable scripts [BOOT-5184]
+ - Fixed detection for writable scripts [BOOT-5184]
+ - Improved detection IPv6 addresses for Slackware and others [NETW-3008]
+ - Minor addition to SSH PermitRootLogin check [SSH-7412]
+ - Extended cronjob tests, reporting and logging [SCHD-7704]
+ - Extended umask check in /etc/profile [AUTH-9328]
+ - Added suggestion about BIND version [NAME-4210]
+ - Merged test NTP daemon test TIME-3108 into TIME-3104
+ - Improved support for Arch Linux (output, detection)
+ - Extended common list of directories with SSL certifcates in profile
+ - New function GetHostID() to determine an unique identifier of the machine
+ - Added a tests_custom file template
+ - Perform file permissions test on tests_custom file
+ - Improved OS detection and extended logging on several tests
+ - Several layout improvements
+ - Extended update check functions and output
+ - Cleaned up reporting and extended it with exceptions
+
+ --
+
+ * 1.3.4 (2013-11-08)
+
+ New:
+ - OS detection support for Arch Linux
+ - Support for systemd journal
+
+ Changes:
+ - Test for files in /etc/modprobe.d directory [STRG-1840]
+ - Extended log daemon detection with systemd journal [LOGG-2130]
+ - Adjusted hardening value for compiler GCC [HRDN-7222]
+ - Extended IsWorldWritable and IsWorldExecutable functions to support symlinks
+ - Adjusted PHP test for disabled functions [PHP-2320]
+ - Extended testing for PHP files in other directories [PHP-2211]
+ - Improved screen output for several tests and extended logging
+
+ --
+
+ * 1.3.3 (2013-10-24)
+
+ New:
+ - Added NTP configuration type to report [TIME-3104]
+
+ Changes:
+ - Do not warn on empty shells for FreeBSD systems [AUTH-9218]
+ - Extended checks for presence NTP client or daemon [TIME-3104]
+ - Extended logging
+
+ --
+
+ * 1.3.2 (2013-10-09)
+
+ New:
+ - Test for PowerDNS authoritive servers (master/slave status) [NAME-4238]
+
+ Changes:
+ - CUPS test extended with hardening rules [PRNT-2308]
+ - Added hardening points to sticky bit on /tmp [FILE-6362]
+ - Extended Ubuntu security packages check [PKGS-7392]
+ - Improved update check, show when no check is performed
+ - Added additional check for binaries, so checks on CentOS work correctly
+ - Added word 'restricted' to banner strings
+ - Adjusted wording for Debian packages purge [PKGS-7346]
+ - Corrected listing of purgable packages [PKGS-7346]
+ - Adjusted yum-plugin-security check due to package changes [PKGS-7386]
+
+ --
+
+ * 1.3.1 (2013-10-02)
+
+ Changes:
+ - Updated generic references in files
+ - Fixed detection of several binaries (AFICK/awk)
+ - Performance tweaks when checking for binaries
+ - Fixed core dump check and dumpable sysctl [KRNL-5820]
+ - Force test to always to check for binaries [FILE-7502]
+ - Changed detection to egrep [DBS-1840]
+ - Adjusted variable checking for Solaris [HOME-9310]
+ - Adjusted search in modprobe directory [STRG-1840] [STRG-1846]
+
+ --
+
+ * 1.3.0 (2011-12-25)
+
+ New:
+ - Profile option: ignore_home_dir
+ - TCP wrappers category added
+ - Tooling category added
+ - Initial extensions to support plugins in the future
+ - Test for unpurged Debian packages [PKGS-7346]
+ - Test for compiler permissions [HRDN-7222]
+
+ Changes:
+ - Converted all dates to ISO format and updated copyright lines
+ - Correct suggestion for file integrity tool [FINT-4350]
+ - Added hint when RPM list is empty on DPKG based systems [PKGS-7308]
+ - Changed logging for /etc/security/limits.conf file [KRNL-5820]
+ - Fixed incorrect warning for single user mode [AUTH-9308]
+ - Improved output for stratum 16 time servers [TIME-3116]
+ - Added suggestion and screen output for kernel hardening [KRNL-6000]
+ - Screen layout optimalizations and log file improvements
+ - Improved list/layout of scan options
+ - Improved binary check for compilers
+ - Added configuration option in scan profile (show_tool_tips, default true)
+
+ --
+
+ * 1.2.9 (2009-12-15)
+
+ New:
+ - Support for Squid3
+ - Added Squid unsafe ports check [SQD-3624]
+ - Added Squid configuration file permission check [SQD-3613]
+ - Added Squid test: reply_body_max_size option [SQD-3630]
+ - Added /etc/init.d/rc and /etc/init.d/rcS to umask test [AUTH-9328]
+ - Check PHP option allow_url_include [PHP-2378]
+ 
+ Changes:
+ - Extended possible Squid configuration file locations
+ - Added additional sysctl keys to default profile
+ - Fixed typo in squid.conf checks
+ - Improved descriptions, logging and reporting for several tests
+ - Corrected /etc/security/limits.conf path in test [KRNL-5820]
+ - Updated man page, limited lines to 80 chars
+
+ --
+
+ * 1.2.8 (2009-12-08)
+
+ New:
+ - Squid support added
+ - Squid daemon detection [SQD-3602]
+ - Squid configuration file search [SQD-3604]
+ - Squid version detection [SQD-3606]
+ - Check /etc/motd banner [BANN-7122]
+ - Check /etc/issue.net file [BANN-7128]
+ - Check contents in /etc/issue.net [BANN-7130]
+ - Solaris single user mode login check (/etc/default/sulogin) [AUTH-9304]
+ - HP-UX boot authentication check [AUTH-9306]
+ - Linux single user mode authentication check [AUTH-9308]
+ - Solaris account locking policy check [AUTH-9340]
+
+ Changes:
+ - Added prerequisite to SSH test, so the test is skipped properly [SSH-7440]
+ - Check for /etc/issue symlink [BANN-7124]
+ - Added file check for possible harmful shells found [AUTH-9218]
+ - Add user home directories to report [HOME-9302]
+ - Extended Linux run level test with support for Debian/Ubuntu [KRNL-5622]
+ - Added /lib64/security to PAM test [AUTH-9262]
+ - Extended security repository check [PKGS-7388]
+ - Iptables check should not check for a module in a Linux config [FIRE-4511]
+ - Ignore APC ups daemon when scanning for CUPS [PRNT-2304]
+ - Improved kernel logger daemon check [LOGG-2138]
+ - Added auditctl to binary check [ACCT-9630]
+ - Log used auditd ruleset [ACCT-9630]
+ - Corrected logging of Solaris c2audit module [ACCT-9656]
+ - Fixed warning function for Solaris passwordless accounts [AUTH-9254]
+ - Commented kern.randompid in default profile
+ - For sysctl the parameter -n will be used on Linux systems
+ - Changed syslog daemon detection and state
+ - Extended report file
+
+ --
+
+ * 1.2.7 (2009-11-01)
+
+ New:
+ - Added Kernel Hardening section
+ - Sysctl audit support in scan profile and related test [KRNL-6000]
+ - SSH option StrictModes test [SSH-7416]
+ - Password aging limit check [AUTH-9286]
+ - Ubuntu packages check (apt-show-versions) [PKGS-7394]
+ - Check for metalog daemon [LOGG-2210]
+ - USB storage driver state check [STRG-1840]
+ - Firewire storage driver state check [STRG-1846]
+ - PostgreSQL process check [DBS-1826]
+ - Oracle process check [DBS-1840]
+ - Default umask check [AUTH-9328]
+ - Check for rsyslog daemon [LOGG-2230]
+ - RFC 3195 compliant daemon check [LOGG-2240]
+ - Qmail SMTP daemon check [MAIL-8940]
+ - Test for separation of /tmp and /home from root file system [FILE-6310]
+ - SSH AllowUsers and AllowGroups usage check [SSH-7440]
+ - AIX support, thanks to Michael Smerdka
+
+ Changes:
+ - Fixed crontabs path [SCHD-7704]
+ - Extended locate database paths for Linux and FreeBSD [FILE-6410]
+ - pflog detection fix [FIRE-4518]
+ - Skip /proc/meminfo for non Linux systems [PROC-3602]
+ - Extended text with rsyslogd [LOGG-2130]
+ - Ignore comment and empty lines for group tests [AUTH-9222/9226]
+ - Show firewall as active when iptables is available in config file [FIRE-4511]
+ - Variable fix for SNMP daemon configuration file [SNMP-3304]
+ - Freshclam check fix [MALW-3286]
+ - Fixed waiting search for NIS domain [NAME-4306]
+ - Check for a maximum of 1 search statement in /etc/resolv.conf [NAME-4018]
+ - Apache test improved [HTTP-6622]
+ - Skip klogd test if rsyslogd is available [LOGG-2138]
+ - Added additional CUPS location to search paths
+ - Only execute PAM test for systems with PAM [AUTH-9268]
+ - Fixed logging of sudoers file location [AUTH-9250]
+ - Improved FreeBSD support for NTP client check [TIME-3104]
+ - Redirect warning "Unknown host" when DNS domain name is empty [NAME-4028]
+ - Redirect warning when host name is empty
+ - Fixed warning color [AUTH-9226]
+ - Fixed FreeBSD COPYRIGHT file test [BANN-7113]
+ - Changed text for sudoers text [AUTH-9250]
+ - Improved text for DNS search domain [NAME-4016]
+ - Skip nginx configuration test if nginx is not available [HTTP-6704]
+ - Removed portsclean suggestion [PKGS-7348]
+ - Fixed non unique IDs
+ - Fixed cosmetic issue when using Debian with default dash shell
+ - Improved hostname detection for HP-UX
+ - Added additional php.ini file locations
+ - Moved Linux default shell check to OS detection functions
+ - Fixed CUPS daemon test [PRNT-2304]
+ - Also check for uppercase chars in issue file [BANN-7126]
+
+ --
+
+ * 1.2.6 (2009-04-05)
+
+ New:
+ - Sudoers file permissions check [AUTH-9252]
+ - Core dumps configuration check for Linux [KRNL-5820]
+ - PHP disabled functions check [PHP-2320]
+ - PHP enable_dl function check [PHP-2374]
+ - PHP allow_url_fopen function check [PHP-2376]
+ - OpenBSD smtpd status check [MAIL-8920]
+ - /etc/issue check [BANN-7124]
+ - /etc/issue legal keywords check [BANN-7126]
+ - Show suggestions in report
+
+ Changes:
+ - Extended support for Red Hat, CentOS and Fedora
+ - Extended ACL test to test for default mount options as well [FILE-6368]
+ - Exim status test fixed [MAIL-8812]
+ - Corrected yum security check [PKGS-7386]
+ - Replaced LDAP test AUTH-9238 with [AUTH-9402]
+ - Removed backquotes when locate database is not available [FILE-6410]
+ - Added /etc/openldap to search path for OpenLDAP
+ - Fixed typo in crontab path [SCHD-7704]
+ - Don't show message "No volume groups found" if LVM isn't used [FILE-6310]
+ - Corrected Syslog-NG status [LOGG-2132]
+ - Moved TODO to dev directory
+
+ --
+
+ * 1.2.5 (2009-03-27)
+
+ New:
+ - slapd.conf check [LDAP-2224]
+ - atd status test [SCHD-7718]
+ - Check LDAP module in PAM [AUTH-9278]
+ - Check Dovecot status check [MAIL-8838]
+ - Check log directories from newsyslog.conf [LOGG-2162]
+ - Check log directories from static list [LOGG-2170]
+ - Check log directories from logrotate configuration [LOGG-2150]
+ - syslog check for remote logging [LOGG-2154]
+ - Open log files check [LOGG-2180]
+ - Deleted file check [LOGG-2190]
+ - Solaris active kernel modules check [KRNL-5770]
+ - Solaris audit daemon status check [ACCT-9650]
+ - Solaris audit daemon service status [ACCT-9652]
+ - Solaris audit daemon BSM check [ACCT-9654]
+ - Solaris audit logging location check [ACCT-9662]
+ - Solaris audit statistics check [ACCT-9672]
+ - Check for installed compiler [HRDN-7202]
+ - BIND process check [NAME-4202]
+ - BIND configuration file check [NAME-4204]
+ - BIND configuration consistency check [NAME-4206]
+ - BIND version check via DNS [NAME-4210]
+ - Default domain check (/etc/resolv.conf) [NAME-4016]
+ - Search domains in /etc/resolv.conf check [NAME-4018]
+ - Parse /etc/resolv.conf options [NAME-4020]
+ - Solaris /etc/nodename check [NAME-4026]
+ - DNS domain checks [NAME-4028]
+ - NSCD status check [NAME-4032]
+ - PowerDNS presence check [NAME-4230]
+ - PowerDNS configuration file check [NAME-4232]
+ - PowerDNS backend check [NAME-4236]
+ - ypbind status check [NAME-4302]
+ - Log specific defined SSH daemon options [SSH-7408]
+ - SSH protocol version check [SSH-7414]
+ - NIS domain checks [NAME-4304]
+ - Check pending at jobs [SCHD-7724]
+ - LVM volume group scan [FILE-6310]
+ - LVM volumes check [FILE-6312]
+ - Locate database check [FILE-6410]
+ - nginx configuration file check [HTTP-6704]
+ - Exim status check [MAIL-8802]
+ - Postfix status check [MAIL-8814]
+ 
+ Changes:
+ - atd needs to run before testing at files [SCHD-7720]
+ - Removed Solaris OS requirement from logrotate test [LOGG-2148]
+ - Sanitized output from logrotate test [LOGG-2148]
+ - Skip comment fields in loghost check [LOGG-2152]
+ - Changed auditd tests to Linux only
+ - Binary scan optimized and partially combined with other check
+ - Only perform iptables tests if kernel module is active
+ - Don't show message when /etc/shells can't be found [SHLL-6211]
+ - Check /var/spool/cron/crontabs first, if it exists [SCHD-7704] 
+ - Renumbered FreeBSD test SHLL-7225 [SHLL-6202]
+ - Renumbered malware test MALW-3292 [HRDN-7230]
+ - Improved grep on process status [PRNT-2304]
+ - Ignore comment lines for nginx log file check [HTTP-6720]
+ - Added file check for nginx log files [HTTP-6720]
+ - Display IP addresses only of NTP tests [TIME-3124]
+ - Fixed Postfix configuration directory path [MAIL-8816]
+ - Redirected output of yum package duplicate check [PKGS-7384]
+ - Ignore comment lines for lilo test [BOOT-5139]
+ - Fixed incorrect iptables status and correct logging [FIRE-4511]
+ - Check SNMP configuration only if SNMP daemon runs [SNMP-3304]
+ - Don't scan PAM directories which are symlinks [AUTH-9268]
+ - Changed hardening category to hardening_tools
+ - Adjusted hardening points of several tests
+ - Log and display improvements for several tests
+
+ --
+
+ * 1.2.4 (2009-03-17)
+
+ New:
+ - NTP daemon process test [TIME-3108]
+ - NTP association ID's check from peer list [TIME-3112]
+ - NTP time source candidates test [TIME-3128]
+ - NTP falseticker check [TIME-3132]
+ - NTP protocol version check [TIME-3136]
+ - Stratum 16 ntp peers check [TIME-3116]
+ - Unreliable ntp peers check [TIME-3120]
+ - Preferred NTP time source test [TIME-3124]
+ - auditd presence check [ACCT-9628]
+ - auditd rules check [ACCT-9630]
+ - auditd configuration file check [ACCT-9632]
+ - auditd log file location check [ACCT-9634]
+ - cupsd status check [PRNT-2304]
+ - cupsd configuration file check [PRNT-2306]
+ - cupsd address configuration test [PRNT-2308]
+ - pam.conf configuration check [AUTH-9264]
+ - pam.d configuration file scan [AUTH-9266]
+ - PAM modules check [AUTH-9268]
+ - rpcinfo query [STRG-1902]
+ - NFS version number check [STRG-1904]
+ - NFS protocol and port number check [STRG-1906]
+ - NFS status check [STRG-1920]
+ - NFS exports check [STRG-1926]
+ - NFS empty /etc/exports [STRG-1928]
+ - SSH PermitRootLogin option check [SSH-7412]
+ - at.allow and at.deny check [SCHD-7720]
+ - File integrity tool check [FINT-4350]
+ - nginx process check [HTTP-6702]
+ - nginx log file test [HTTP-6720]
+ - ClamAV clamscan presence test [MALW-3282]
+ - ClamAV daemon check [MALW-3284]
+ - ClamAV freshclam check [MALW-3286]
+ - Check for presence malware scanner [MALW-3292]
+ - clamscan, ntpq binary check
+ - NTP daemon role and profile option
+ - Parameter --tests-category, to scan one or more categories
+ - Category added (Storage: NFS)
+ - Added hardening points to tests
+ - Display hardening index to report
+
+ Changes:
+ - Extended logrotate test [LOGG-2148]
+ - Added check for inetd.conf before performing test [INSE-8016]
+ - Added /var/spool/crontabs to search path [TIME-3104]
+ - Added log line to sysstat test [ACCT-9626]
+ - Improved screen output on Solaris
+ - Checking for both rdate and ntpdate in cron files [TIME-3104]
+ - Changed yum-security package check [PKGS-7386]
+ - Change output if dig isn't available [NETW-2705]
+ - Added IPv6 support and output adjustment [NETW-2704]
+ - Cosmetic change for host based firewall check [FIRE-4590]
+ - Corrected output in log file [PKGS-7388]
+ - Corrected passwd options for Red Hat [AUTH-9282]
+ - Changed text if everything is ok (no warnings)
+ - Log improvements
+
+ --
+
+ * 1.2.3 (2009-03-02)
+
+ New:
+ - Added syslog-NG daemon check [LOGG-2132]
+ - Added klogd status test [LOGG-2138]
+ - Added check to determine minilogd presence [LOGG-2142]
+ - Added logrotate configuration test [LOGG-2146]
+ - Added check for loghost entry on Solaris machines [LOGG-2152]
+ - Added ipf test for Solaris [FIRE-4526]
+ - Added uname -n test (Solaris) [NAME-4024]
+ - Added ssh daemon configuration file check [SSH-7404]
+ - Added BSD newsyslog.conf file check [LOGG-2160]
+ - Added inetd status check [INSE-8002]
+ - Added inetd.conf configuration check [INSE-8004]
+ - Added check for inetd.conf when inetd is not active [INSE-8006]
+ - Added telnet check via inetd [INSE-8016]
+ - Added ACL check on root file system [FILE-6368]
+ - Added check for firewall/packet filter on system [FIRE-4590]
+ - Added lograte file check [LOGG-2148]
+ - Added snmp daemon status test [SNMP-3302]
+ - Added snmp configuration file test [SNMP-3304]
+ - Added default snmp community strings test [SNMP-3306]
+ - Added categories: Insecure services and SNMP
+ - Added binary searches for awk, ipf
+
+ Changes:
+ - Changed profile name in default profile
+ - Added path /usr/ucb to binary paths
+ - Changed color to white if slapd is not running [LDAP-2219]
+ - Changed test PKG-7345 into PKGS-7345
+ - Changed logging for several tests [PKGS-7302] [NETW-3004]
+ - Extended FAQ
+ - Changed default profile header
+
+ Fixes:
+ - Hostname detection under Solaris
+ - Disabled tests PROC-3612 PROC3614 for Solaris machines
+ - Disabled NTP check in cron.d directory on Solaris [TIME-3104]
+ - Added result at line when querying system users [AUTH-9234]
+ - Counters (N+1) fixed for some shells, like Solaris
+ - Removed unneeded line for Solaris test [PROC-3604]
+ - Disabled grsecurity test for Solaris [RBAC-6272]
+ - Correct display of files with spaces [FILE-6354]
+ - Changed several tests so they work correctly with Solaris
+
+ --
+
+ * 1.2.2 (2009-02-15)
+
+ New:
+ - Support for MySQL client
+ - New test: Test for empty MySQL root password [DBS-1816]
+ - New test: SSH daemon status test [SSH-7402]
+ - New test: sysstat account information [ACCT-9626]
+ - New test: connections in WAIT state [NETW-3028]
+ - Lynis displays a warning now, if current version is really outdated
+ - New parameter option (log_tests_incorrect_os) to minimize logging
+
+ Changes:
+ - Several adjustments to default profile
+ - Fixed option 'skip_test_always' to let it function properly
+ - Fixed passwd check for SuSE systems [AUTH-9282]
+ - Added error redirect for dpkg test [PKG-7345]
+ - Improved NTP test and messages, excluded check when using xen [TIME-3104]
+ - Extended DNS nameserver check with local resolver [NETW-2704]
+ - Skip double nameserver check when a local resolver is found [NETW-2705]
+ - Renamed tests_nameserver to tests_nameservices
+ - Improved log output [AUTH-9218]
+
+ Notes:
+ - Custom profiles should be compared to the default profile, due small changes
+   in the structure.
+
+ --
+
+ * 1.2.1 (2008-09-05)
+
+ New:
+ - Added support for Samba
+ - Added support for SELinux framework
+ - New test: SELinux presence test [MACF-6232]
+ - New test: SELinux status checks [MACF-6234]
+ - New test: password PAM availability check [AUTH-9262]
+ - New test: expire date check for accounts [AUTH-9282]
+ - Added new option --tests, to run a small set of tests only
+
+ Changes:
+ - Report and logging messages improved
+ - Output reduced when using --tests
+ - Added suggestion to PHP expose_php option [PHP-2372]
+ - Improved log message for PHP register_globals option [PHP-2368]
+ - Added virtual host count to log file [HTTP-6626]
+ - Improved Red Hat and clones detection and display
+ - Fix: Improved promiscuous detection for Linux [NETW-3015]
+ - Fix: AUTH-9204 test triggered on group ids as well
+ - Fix: Only display unique MAC addresses [NETW-3006]
+ - Extended Postfix test [MAIL-8818]
+ - Don't show /proc/meminfo if not present [PROC-3602]
+ - Don't show YABOOT information if not present [BOOT-5155]
+ - Improved portaudit test (FreeBSD) [PKGS-7382]
+ - Improved portsclean test (FreeBSD) [PKGS-7348]
+ - Added --quiet and --tests options to help and man page
+
+ --
+
+ * 1.2.0 (2008-08-26)
+
+ New:
+ - New test: Passwordless Solaris accounts test [AUTH-9254]
+ - New test: AFICK file integrity [FINT-4310]
+ - New test: AIDE file integrity [FINT-4314]  
+ - New test: Osiris file integrity [FINT-4318]  
+ - New test: Samhain file integrity [FINT-4322]  
+ - New test: Tripwire file integrity [FINT-4326]   
+ - New tests: NIS and NIS+ authentication test [AUTH-9240/42]
+ - Initial support added for AFICK, AIDE, Osiris, Samhain, Tripwire
+
+ Changes:
+ - Changed text of grsecurity test [RBAC-6272]
+ - Optimized FreeBSD boot services test [BOOT-5165]
+ - Optimized UID 0 test [AUTH-9204]
+ - Extended login shells test [AUTH-9218]
+ - PID file message extended and small output improvement
+ - A log entry will be written when PID files are removed
+ - Added operating system name to log file when a test is skipped
+ - Added file available check when using --view-manpage
+ - Most program variables are initialized now for future additions
+
+ --
+
+ * 1.1.9 (2008-08-09)
+
+ New:
+ - New test: AppArmor framework check [MACF-6204]
+ - New test: FreeBSD boot loader test [BOOT-5124]
+ - New test: PHP option register_globals [PHP-2368]
+ - New test: Promiscuous network interfaces (Linux) [NETW-3015]
+ - Report option 'bootloader' added to several tests
+ - Added readlink binary check
+ 
+ Changes:
+ - Extended file check (IsWorldWritable) for symlinks
+ - Show result if no default gateway is found [NETW-3001]
+ - Added /usr/local/etc to sudoers test [AUTH-9250]
+ - Improved FreeBSD banner output [BANN-7113] 
+ - Removed incorrect line at promiscuous interface test [NETW-3014]
+ - Fix: Show only once the GRUB test output [BOOT-5121]
+ - Fix: Typo in NTP test [TIME-3104]
+ - Fix: Skip NTP test in /etc/cron.d if empty [TIME-3104]
+ - Fix: Initialize values when performing an update check without connection
+ - Fix: Solaris id function has been fixed
+ - Disabled FreeBSD double packages tests, due minor issues [PKGS-7303]
+ - Changed LDAP/MySQL running states [LDAP-2219] [DBS-1804]
+ - Replaced ifconfig calls with IFCONFIGBINARY
+ - Renamed tests_auditing to tests_mac_frameworks
+ - Several tests improved with extended logging
+
+ --
+
+ * 1.1.8 (2008-07-16)
+
+ New:
+ - Mac OS X support extended and new options added
+
+ Changes:
+ - Extended default profile
+ - Improved several screen output lines
+ - User ID check improved, so it works better with older Solaris versions
+ - Hostname in output and reports will contain only host now, not FQDN
+ - Added extra php.ini locations to tests_php
+ - Replaced 'ps' in tests with PSBINARY value for better support
+ - Added output to zones test [VIRT-1902]
+ - Updated description [AUTH-9218]
+ - Extended ntp daemon/ntpdate check [TIME-3104]
+ - Added suggestion to bootable scripts check [BOOT_5184]
+ - Bugfix and improvement for FreeBSD portsclean test [PKGS-7348]
+ - Added Mac OS support to MAC address gathering test [NETW-3006]
+ - Added MAC OS support to inet and inet6 addresses test [NETW-3008]
+ - Extended PHP expose_php test to support additional options [PHP-2372]
+ - Improved LDAP test so it skips correctly on Mac OS AUTH-9238]
+ - Bugfix: MySQL status check gave incorrect output [DBS-1804]
+
+ --
+
+ * 1.1.7 (2008-06-28)
+
+ New:
+ - New test: check for unused iptables rules [FIRE-4513]
+ - New test: checking for dead and zombie processes [PROC-3612]
+ - New test: checking for heavy IO waiting processes [PROC-3614]
+ - Initial HP-UX support (untested)
+ - Initial AIX support (untested)
+ - Added iptables binary check 
+ - Added dig check, for DNS related tests
+ - Added option --no-colors to remove all colors from screen output
+ - Added option --reverse-colors for optimizing output at light backgrounds
+   (Konsole, MacOS terminal etc)
+
+ Changes:
+ - Improved grpck test for SuSE [AUTH-9216]
+ - Added dig availability check to DNS test [NETW-2704]
+ - Bugfix: Fixed iptables test if the binary is not located in /sbin [FIRE-4512]
+ - Bugfix: Improved yum-utils check to display suggestions correctly [PKGS-7384]
+ - Bugfix: Fixed prequisits for grpck test [AUTH-9216]
+ - Improved MySQL check [DBS-1804]
+ - Changed color at chkconfig boot services test [BOOT-5177]
+ - Added missing prequisits output to portaudit test [PKGS-7382]
+ - Test output for FreeBSD mounts (UFS) improved [FILE-6329]
+ - Extended OpenLDAP test to avoid finding itself in ps output [LDAP-2219]
+ - Several tests have their warning reporting improved
+ - Improved SuSE Linux detection
+ - Improved syslog-ng detection
+ - Adjusted README with link to online (extended) documentation 
+
+ --
+
+ * 1.1.6 (2008-06-19)
+
+ New:
+ - New test: Check writable startup scripts [BOOT-5184]
+ - New test: Syslog-NG consistency check [LOGG-2134]
+ - New test: Check yum-utils package and scanning package database [PKGS-7384]
+ - New test: Test for empty ruleset when iptables is loaded [FIRE-4512] 
+ - New test: Check for expired SSL certificates [CRYP-7902]
+ - New test: Check for LDAP authentication support [AUTH-9238]
+ - New test: Read available crontab/cron files [SCHD-7704]
+ - New test: Query Solaris running zones [VIRT-1902]
+ - New test: Check availability sudoers file for future tests [AUTH-9250]
+ - New test: Query all home directories from passwd file [HOME-9302]
+ - Syslog-NG support added (binary and version check)
+ - Added new sections: Scheduling, Time and Synchronization, Virtualization
+
+ Changes:
+ - Extended several tests with suggestions and warnings
+ - Extended GRUB test with GRUB2 check [BOOT-5121]
+ - Extended iptables firewall test [FIRE-4511]
+ - Fixed incorrect variable at Linux kernel config display [KRNL-5728]
+ - Fixed display for file system test [FILE-6023]
+ - Reassigned some ID's to match others in category
+ - Improvement of several logging sections and profile options
+ - Assigned ID to Ubuntu security update check
+ - Assigned ID to pwck test for Solaris [AUTH-9230]
+ - Assigned ID to FreeBSD unused distfiles check [PKGS-7348]
+ - Assigned ID to RPM package query test [PKGS-7308]
+ - Assigned ID to /tmp sticky bit test [FILE-6362]
+ - Assigned ID to old temporary files check [FILE-6354]
+ - Assigned ID to passwd ID 0 test [AUTH-9204]
+ - Assigned ID to FreeBSD swap partitions [FILE-6332]
+ - Assigned ID to FreeBSD swap mount options [FILE-6336]
+ - Assigned ID to nameserver tests [NETW-2704 and NETW-2705]
+ - Assigned ID to pf consistency check [FIRE-4520]
+ - Assigned ID to Postfix configuration check [MAIL-8816]
+ - Assigned ID to Postfix banner check [MAIL-8818]
+ - Assigned ID to FreeBSD promiscuous port test [NETW-3014]
+ - Assigned ID to file permissions check [FILE-7524]
+
+ --
+
+ * 1.1.5 (2008-06-10)
+
+ New:
+ - Assigned ID to Apache configuration file test [HTTP-6624] 
+ - Added pause_between_tests to profile file, to regulate the speed of a scan
+ - Assigned ID to dpkg test and solved issue with colon in package names [PKG-7345]
+ - Assigned ID to Solaris package test [PKG-7306]
+ - New test: which gathers virtual hosts from Apache configuration files [HTTP-6626]
+ - New test: read all loaded kernel modules (Linux) [KRNL-5726]
+ - New test: query available FreeBSD network interfaces [NETW-3004]
+ - New test: query available IPv4 and IPv6 network addresses [NETW-3008]
+ - New test: for MAC addresses [NETW-3006]
+ - New test: check if a Linux kernel configuration file is available [KRNL-5728]
+ - New test: check boot services for Debian/Ubuntu [BOOT-5180]
+ - Added Lynx, Nmap, Wget version to log file
+ - Added support for Oracle enterprise Linux (Unbreakable Linux)
+ - Added new function ReportWarning for better logging to report file
+
+ Changes:
+ - Improved FreeBSD pkg_info output, logging output and report data [PKG-7302]
+ - Changed shell history file test, searching files with maxdepth 1 [HOME-9310]
+ - Extended iptables test, to check Linux kernel configuration file [FIRE-4511]
+ - Added report warning to promicuous test [NETW-3014]
+ - Fixed yellow color when being used at text display
+ - Several logging improvements and cleanups
+
+ --
+
+ * 1.1.4 (2008-05-31)
+
+ New:
+ - Added option to disable Lynis upgrade availability test (profile option)
+ - Added new option --check-update, to display (update) information
+ - Added stub for malware and file permissions database
+ - New section 'LDAP Services'
+ - Support for OpenLDAP added
+ - Place holders for new tests are added
+ - Default profile extended
+ - [FILE-6023] Added test for Linux ext2, ext3, ext4 file systems
+ - [BOOT-5155] Added check for YABOOT boot loader
+
+ Changes:
+ - [BANN-7119] Improved MOTD banner check
+ - Improved Apache tests for SuSE and Debian systems
+ - Debian/Ubuntu file tests improved
+ - Extended man page
+
+ --
+
+ * 1.1.3 (2008-05-21)
+
+ New:
+ - Added security updates check for Fedora, RHEL 5.x, CentOS 5.x
+ - Added Linux kernel version check
+ - Most stable tests have an unique ID now
+ - Skipped tests have their reason to skip logged
+ - Added /etc/lynis/plugins to searchable plugin directory targets
+ - Added Register() function, to handle tests, prerequisites and counter
+ - Added new crypto tests
+ - Added profile option "test_skip_always" to blacklist a specific test
+
+ Changes:
+ - Extended default profile location for FreeBSD
+ - Extended accounting test to include pacct as well
+ - Improved tests from categories: shells
+ - Disabled skel tests
+ - Several tests log their warnings into the report file now
+ - Changed Linux default runlevel test
+ - Extended man page
+
+ Fixes:
+ - Auditor name didn't get logged properly to report file.
+ - Changed Debian/Ubuntu kernel update test, so it won't be tested on others
+ - Exim test failed, due to using an incorrect variable name
+
+ --
+
+ * 1.1.2 (2008-05-11)
+
+ New:
+ - Added memory test for Solaris (tested on OpenSolaris)
+ - Password file consistency check for Solaris
+ - 32/64 bits OS mode check for Solaris
+ - Added Slackware detection
+ - Plugin support (see documentation)
+ - Added monolithic/modular test for Linux kernels
+
+ Changes:
+ - Improved LILO test and removed double message
+ - Fixed incorrect message when using --help parameter
+ - Improved portaudit test (FreeBSD) to show unique packages only
+ - Updated man page, FAQ, extended documention with plugin information
+ - Added several php.ini file locations (MacOS X, OpenBSD, OpenSuSE)
+
+ ** Special release notes [package/ports]: **
+ - Added several default paths to check for usuable an INCLUDE directory. This
+   should make packaging Lynis easier for downstream package providers.
+ - When no profile is set, Lynis will check first /etc/lynis/default.prf,
+   before setting default.prf (in current work directory) as profile to use.
+ - New directory added to be installed for future versions: plugins
+
+ --
+
+ * 1.1.1 (2008-04-13)
+ 
+ New:
+ - Added Solaris package manager (pkginfo) to obtain installed packages
+ - Added new option to profile to whitelist promiscuous interfaces (if_promisc)
+ - Added vulnerable packages check for Debian/Ubuntu
+ - Added package database consistency check for Debian/Ubuntu
+ 
+ Changes:
+ - Only perform boot.conf check for OpenBSD when running on i386
+ - Changed RemovePIDFile to prevent incorrect file presence check (ie on OpenBSD)
+ - Better OS detection and display output for Ubuntu systems
+ - Improved text alignment (display) and logging
+ - Commented out some of the default profile options
+ - Updated FAQ, readme, man page
+ 
+ Bug fixes:
+ - Added missing space at OS detection function
+ - Fixed /etc/group tests to ignore commented lines
+ - Fixed sticky bit checking on /tmp, so it won't give incorrect results on
+   SuSE/Debian systems
+ 
+ --
+
+ * 1.1.0 (2008-04-09)
+
+ New:
+ - Added test: default gateway (Linux/BSD)
+ - Added boot tasks to report file (boottask)
+ - Added vulnerable packages to report file (vulnerable_package)
+
+ Changes:
+ - Fixed some typos
+ - Several improvements in log output
+ - Changed display of operating system version (Linux)
+ - Fixed PHP check
+
+ --
+
+ * 1.0.9 (2008-03-24)
+
+ New:
+ - Added --quiet option (currently not 100% quiet yet)
+ - Added a spec file to the project page (see web site)
+ - Added small INSTALL document
+
+ Changes:
+ - Changed check for PHP (php.ini location)
+ - Added available shells from /etc/shells to report file
+ - Updated man page
+ - Fixed option in main help window for --man option
+ - Code improvement, splitting up sections to seperated files
+
+ --
+
+ * 1.0.8 (2008-02-10)
+
+ New:
+ - Added pf filter rule test
+ - Added our PID to PID file
+ - Added warnings, real users, mount points, total tests to report file
+
+ Changes:
+ - Changed Apache configuration file test
+ - Changed old temporary files check
+ - Changed test to include ubuntu security repository
+ - Moved UID check to avoid PID creation as non root user
+ - Moved most functions to seperated files and several code cleanups
+ - Improved logging output
+ - Extended FreeBSD (Copyright file) test
+ - Changed indentation for many tests
+ - Changed some typos in notice/warning messages
+ 
+ --
+
+ * 1.0.7 (2008-01-28)
+
+ New:
+ - Test: UFS mount point check (FreeBSD)
+ - Test: Check swap partitions (FreeBSD)
+ - Test: find old files in /tmp
+ - Test: check presence iptables
+ - Test: check CPU PAE/NX support (Linux)
+ - Added profile options check
+ - Added option to skip Debian security repository check (profile option)
+ - Support for Red Hat and CentOS
+
+ Changes:
+ - Changed report log location to /var/log instead of current work directory
+ - Changed --help (and -h) to display general help, instead of man page
+ - Renamed -man option to --man
+ - Extended profile file (see default.prf)
+ - Cleaned up code (rewritten several parts of static code to dynamic
+   functions)
+ - Added more comments to the program, for curious auditors, developers and
+   users. Also regrouped parts of text and cleaned useless white spaces.
+ - General program output improved (spaces, indentation)
+ - Logging extended
+ - Updated lynis.spec file (contrib)
+ - FAQ and README files extended and updated
+
+ Bugfixes:
+ - Changed postfix banner check (thanks to Henk Bokhoven for reporting)
+ - Extended skel directory test, with -A (ls) option to check hidden files
+   (used with most Linux variants)
+
+ Development:
+ - Added new mirror
+ - Updated year number in program and support files
+ - Added new function Display, to use indentation within lines
+ - Added function RemovePIDFile before some exit routines, to clean up PID file
+ - Extracted profile support, parameter support to seperated files
+ - Created file tests_ports_packages for Ports and Packages
+ - Deleted lynis.spec file, since it was not working and will be rewritten later
+
+ --
+
+ * 1.0.6 (2007-12-26)
+
+ New:
+ - Added Solaris real users test
+ - Added hostname check
+
+ Changes:
+ - Added chkconfig binary test and changed related services test
+ - Added 'xargs' to version checks, to replace unwanted chars
+ - Added more breaks to log file.
+ - Added sorting to rpm/dpkg listings
+ - FAQ extended
+
+ --
+
+  * 1.0.5 (2007-12-02)
+
+ New:
+ - Test: unique group names
+ - Test: unique group IDs
+ - Added check for rpm, chkrootkit and rkhunter binary
+ - Added function to cleanup at manual interrupt (INT)
+ - Support added to run Lynis as cronjob (--cronjob)
+ - Fedora support added
+ - Added umask 027, to tighten up file permissions
+
+ Changes:
+ - Changed FreeBSD ttys test
+ - Changed grpck test, to operate in read-only mode
+ - Changed Postfix test, to check for mail_name value as well
+ - Changed GPL line in script which said GPL v2
+ - Extended README
+ - Show latest update version, if available, at the end of the screen output
+ - Lots of code cleanup (see Development)
+ - Some log improvements
+ - Changed date notation in changelog to preferred European format (with dots
+   instead of slashes)
+
+ Development:
+ - New function (ShowResult) to avoid repeating the same result line
+   within the script for standard status values
+ - Moved program consts to file (include/consts)
+ - Moved functions to file (include/functions)
+ - Moved OS detection to file (include/osdetection)
+ - Added NEVERBREAK to avoid user input (cronjob support)
+
+ --
+
+  * 1.0.4 (2007-11-27)
+
+ New:
+ - Test: query real system users (FreeBSD/Linux)
+ - Added PID file usage, to warn for unclean program states.
+ - Added SSHd version test
+
+ Changes:
+ - Updated documentation
+ - Changed sticky bit test (/tmp), to skip symlinks
+ - Changed /etc/motd test, to skip symlinks
+ - More code cleanup
+ - Logging extended and improved
+ - Screen output slightly changed
+
+ --
+
+  * 1.0.3 (2007-11-19)
+  
+ New:
+ - Added check for sockstat
+ - Test: added test for GRUB and password option
+ - Test: query listening ports (sockstat)
+ 
+ Changes:
+ - Fixed NTPd check (bug)
+ - Extended help for 'double installed package' check (BSD systems, pkg_info)
+ - Extended Debian kernel update check
+ - Improved OpenBSD support
+ - Improved Linux specific detection support (Cobalt, CPU Builders, Debian,
+   E-Smith, Slackware, SuSE/OpenSuSE, Turbo Linux, Yellowdog and others)
+ - Improved screen output
+ - Extended logging, with status/impact flags
+ - [Bugfix] chkconfig test improved
+ - [Bugfix] Fixed sticky bit test at Debian
+ - Extended documentation and changelog file
+
+ --
+
+  * 1.0.2 (2007-11-15)
+
+ New:
+ - Test: Added check for NTP daemon or client
+ - Test: file permissions (profile option)
+ - Added -Q (--quick) parameter, to run the program without needing user
+   input after every few sections.
+
+ Changes:
+ - Extended documentation (README file) and performed spell check
+ - Improved screen output (colors, parameter handling and display)
+ - Cleaned up source code and fixed some bad typos
+ - Added much more delimiter lines to logfile
+ - Added version numbers to logfile for used binaries/tools
+ - Updated list of parameters within Lynis help
+
+ --
+
+  * 1.0.1 (2007-11-12)
+
+ New:
+ - Test: check Exim configuration file location
+ - Test: added memory check (/proc/meminfo)
+ - Test: run grpck to check group files (if available)
+ - Test: boot option check for OpenBSD boot loader
+ - Test: check if pf (Software: firewall) is active
+ - Test: check LILO password
+ - Test: check presence of old distfiles (FreeBSD)
+ - Added check for binaries: httpd, kldstat, openssl, (s)locate
+ - Added version check for: exim, openssl
+ - Added -V (--version) parameter, to show version number
+ - Added breaks between tests
+
+ Changes:
+ - [bug] Changed skel directory check
+ - Fixed display Apache configuration file
+ 
+ --
+
+  * 1.0.0 (2007-11-08)
+
+ New:
+ - Support for CentOS (Tested: 5 Final)
+ - Support for Debian (Tested: 4.0)
+ - Support for FreeBSD (Tested: 6.2)
+ - Support for Mac OS X (Tested: 10.4)
+ - Test: Apache (ServerTokens option)
+ - Test: PHP (expose_php option)
+ - Test: Postfix (smtpd_banner option)
+ - Test: check valid shells
+ - Test: query pkg_info/RPM based systems
+ - Test: query pkg_info for double installed packages
+ - Test: query chkprintcap (FreeBSD)
+ - Test: scan binary directories
+ - Test: check administrator accounts
+ - Test: check permissions /etc/motd
+ - Test: read nameservers from /etc/resolv.conf
+ - Test: query nameservers and test connectivity
+ - Test: check promiscuous interfaces (FreeBSD)
+ - Test: check sticky bit on /tmp directory
+ - Test: check debian.org security brance in /etc/apt/sources.list
+ - Test: check kernel update on Debian
+ - Test: query default Linux run level
+ - Test: query chkconfig to see which services start at boot
+ - Test  /etc/COPYRIGHT banner check for FreeBSD
+ - Support for program parameters
+ - Builtin integrity checks
+ - Color enhanced output for readability
+ - Support for profiles/templates
+ - Report file creation (for reporting/monitoring)
+ - Extended logfile creation (with system suggestions)
+ - Added lynis.spec file for RPM creation
+ - Created project page at website
+ - Added documentation (README), ToDo list (TODO)
+ - Man page lynis(8)
+ 
+ Changes:
+ - No changes
+ 
+ Bugfixes:
+ - No bugfixes
+
+
+================================================================================
+ Lynis - Copyright 2007-2013, Michael Boelen - The Netherlands
+ http://www.rootkit.nl
diff --git a/CONTRIBUTORS b/CONTRIBUTORS
new file mode 100644
index 00000000..e4123e1e
--- /dev/null
+++ b/CONTRIBUTORS
@@ -0,0 +1,27 @@
+
+================================================================================
+
+  Lynis - CONTRIBUTIONS
+
+================================================================================
+
+  The Lynis project is very thankful for the following individuals who
+  contributed to the project by reporting issues or sending in patches.
+
+================================================================================
+
+
+[+] Patches, bug fixes and suggestions
+------------------------------------------
+
+  Brian Ginsbach
+  C.J. Adams-Collier, US
+  Dave Vehrs
+  Steve Bosek, France
+  Thomas Siebel, Germany
+
+
+
+================================================================================
+ Lynis - Copyright 2007-2014, Michael Boelen - The Netherlands
+ http://cisofy.com
diff --git a/FAQ b/FAQ
new file mode 100644
index 00000000..e8dcb244
--- /dev/null
+++ b/FAQ
@@ -0,0 +1,92 @@
+
+================================================================================
+
+  Lynis - Frequently Asked Questions
+
+================================================================================
+
+  Author:                   Michael Boelen (michael@rootkit.nl)
+  Description:              Security and system auditing tool
+  Website:                  http://cisofy.com/lynis/
+                            http://www.rootkit.nl/projects/lynis.html
+  Development start:        May 2007
+  Support policy:           See section 'Support' (README file)
+  Documentation:            See web site, README, FAQ and CHANGELOG file
+
+================================================================================
+
+[+] General
+-------------------------------
+
+  Q: I don't understand the program (output), what to do?
+  A: Keep reading this FAQ, then continue with reading the README file, followed
+     by the log file (default: /var/log/lynis.log). After those sources, check
+     the documentation on the website.
+
+  Q: I can't find any configuration file for Lynis, where is it?
+  A: There isn't one (currently), since all options are available as command
+     parameters. Specific options to control the audit/security scan can be set
+     or adjusted by changing the 'profile' file you are using (don't use
+     default.prf for your own custom options, but make a copy of it).
+
+  Q: Why is there no port/package for my operating system?
+  A: Because there is no maintainer for it yet. If you have the time to keep
+     the port/package current for your preferred operating system, fill in the
+     contact form to notify me and confirm no one else is working on it.
+
+  Q: What to do with the report files?
+  A: The output could be used for monitoring (baseline checks). For user of the
+     Lynis Enterprise Suite, they will be used to upload data.
+
+
+
+[+] Usage problems
+-------------------------------
+  Q: Lynis hangs while testing the group files (grpck)
+  A: Run the grpck command manually. It will most likely need user input, to
+     repair incorrect groups.
+
+  Q: Lynis doesn't display all messages on a white background
+  A: White text is used for general (and important) messages. Most terminals
+     have a dark background, so it gives extra attention to the message. However
+     if you have a white background (for example Mac OS X), you can run Lynis
+     with --no-colors to strip colors or --reverse-colors to reverse the color
+     scheme. Another option is to change your terminal colors within Mac OS. 
+
+  Q: Some tests take very long to finish, what to do?
+  A: Use a second console (or connection) and check the output of ps/lsof etc,
+     to see the status of the active subroutine. If a specific test hangs for a
+     very long time, try to kill that specific process (ie grpck) and see if
+     Lynis continues. Afterwards, run the command manually to see the cause.
+     Check the log file for additional information, when possible.
+
+  Q: When running Lynis, it shows me the usage help even while using correct
+     parameters, why?
+  A: This can happen with alternative shells. Try using a different shell to
+     invoke Lynis (example: bash lynis -c).
+
+  Q: One or more tests are giving incorrect output. How to solve that?
+  A: Check the log file. If that also has incorrect data, fill in the contact
+     form and describe the issue.
+
+  Q: The program takes long to complete and also uses too much resources. Can it
+     be tuned?
+  A: The time it takes to complete is depends on the amount of tests to run.
+     However the resources it take can be slighty lowered by increasing the
+     pause_between_tests profile option. Keep in mind this increases the total
+     length of the scan to complete.
+
+
+
+[+] Network related issues
+-------------------------------
+
+  Q: Lynis reports promiscuous interfaces, but they are needed for normal operation,
+     how can I hide this warning?
+  A: Whitelist the interface in the profile file (if_promisc).
+
+
+
+================================================================================
+ Lynis - Copyright 2007-2014, Michael Boelen - The Netherlands
+ http://cisofy.com
diff --git a/INSTALL b/INSTALL
new file mode 100644
index 00000000..5d22e73a
--- /dev/null
+++ b/INSTALL
@@ -0,0 +1,49 @@
+
+================================================================================
+
+  Lynis - Installation instructions
+
+================================================================================
+
+  Author:                   Michael Boelen (michael@rootkit.nl)
+  Description:              Security and system auditing tool
+  Web site:                 http://www.rootkit.nl/projects/lynis.html
+  Support policy:           See section 'Support'
+  Documentation:            See web site, README, FAQ and CHANGELOG file
+
+================================================================================
+
+
+[+] Run directly
+-------------------------------
+
+  Lynis can be executed directly (unpack tarball, enter lynis directory).
+
+  # sh lynis
+  or
+  # ./lynis
+  
+  Make sure you have root privileges.
+ 
+
+
+[+] Installation
+-------------------------------
+
+  If you want to install Lynis, see the README file (section: Installation) for
+  more tips about how to install or create a custom package.
+
+
+
+[+] Documentation
+-------------------------------
+
+  Documentation about Lynis can be found in the man page (man lynis, or
+  lynis --man-page), README file and website. Also the FAQ file covers some
+  often asked questions.
+
+
+
+================================================================================
+ Lynis - Copyright 2007-2014, Michael Boelen - The Netherlands
+ http://cisofy.com
diff --git a/LICENSE b/LICENSE
new file mode 100644
index 00000000..94a9ed02
--- /dev/null
+++ b/LICENSE
@@ -0,0 +1,674 @@
+                    GNU GENERAL PUBLIC LICENSE
+                       Version 3, 29 June 2007
+
+ Copyright (C) 2007 Free Software Foundation, Inc. <http://fsf.org/>
+ Everyone is permitted to copy and distribute verbatim copies
+ of this license document, but changing it is not allowed.
+
+                            Preamble
+
+  The GNU General Public License is a free, copyleft license for
+software and other kinds of works.
+
+  The licenses for most software and other practical works are designed
+to take away your freedom to share and change the works.  By contrast,
+the GNU General Public License is intended to guarantee your freedom to
+share and change all versions of a program--to make sure it remains free
+software for all its users.  We, the Free Software Foundation, use the
+GNU General Public License for most of our software; it applies also to
+any other work released this way by its authors.  You can apply it to
+your programs, too.
+
+  When we speak of free software, we are referring to freedom, not
+price.  Our General Public Licenses are designed to make sure that you
+have the freedom to distribute copies of free software (and charge for
+them if you wish), that you receive source code or can get it if you
+want it, that you can change the software or use pieces of it in new
+free programs, and that you know you can do these things.
+
+  To protect your rights, we need to prevent others from denying you
+these rights or asking you to surrender the rights.  Therefore, you have
+certain responsibilities if you distribute copies of the software, or if
+you modify it: responsibilities to respect the freedom of others.
+
+  For example, if you distribute copies of such a program, whether
+gratis or for a fee, you must pass on to the recipients the same
+freedoms that you received.  You must make sure that they, too, receive
+or can get the source code.  And you must show them these terms so they
+know their rights.
+
+  Developers that use the GNU GPL protect your rights with two steps:
+(1) assert copyright on the software, and (2) offer you this License
+giving you legal permission to copy, distribute and/or modify it.
+
+  For the developers' and authors' protection, the GPL clearly explains
+that there is no warranty for this free software.  For both users' and
+authors' sake, the GPL requires that modified versions be marked as
+changed, so that their problems will not be attributed erroneously to
+authors of previous versions.
+
+  Some devices are designed to deny users access to install or run
+modified versions of the software inside them, although the manufacturer
+can do so.  This is fundamentally incompatible with the aim of
+protecting users' freedom to change the software.  The systematic
+pattern of such abuse occurs in the area of products for individuals to
+use, which is precisely where it is most unacceptable.  Therefore, we
+have designed this version of the GPL to prohibit the practice for those
+products.  If such problems arise substantially in other domains, we
+stand ready to extend this provision to those domains in future versions
+of the GPL, as needed to protect the freedom of users.
+
+  Finally, every program is threatened constantly by software patents.
+States should not allow patents to restrict development and use of
+software on general-purpose computers, but in those that do, we wish to
+avoid the special danger that patents applied to a free program could
+make it effectively proprietary.  To prevent this, the GPL assures that
+patents cannot be used to render the program non-free.
+
+  The precise terms and conditions for copying, distribution and
+modification follow.
+
+                       TERMS AND CONDITIONS
+
+  0. Definitions.
+
+  "This License" refers to version 3 of the GNU General Public License.
+
+  "Copyright" also means copyright-like laws that apply to other kinds of
+works, such as semiconductor masks.
+
+  "The Program" refers to any copyrightable work licensed under this
+License.  Each licensee is addressed as "you".  "Licensees" and
+"recipients" may be individuals or organizations.
+
+  To "modify" a work means to copy from or adapt all or part of the work
+in a fashion requiring copyright permission, other than the making of an
+exact copy.  The resulting work is called a "modified version" of the
+earlier work or a work "based on" the earlier work.
+
+  A "covered work" means either the unmodified Program or a work based
+on the Program.
+
+  To "propagate" a work means to do anything with it that, without
+permission, would make you directly or secondarily liable for
+infringement under applicable copyright law, except executing it on a
+computer or modifying a private copy.  Propagation includes copying,
+distribution (with or without modification), making available to the
+public, and in some countries other activities as well.
+
+  To "convey" a work means any kind of propagation that enables other
+parties to make or receive copies.  Mere interaction with a user through
+a computer network, with no transfer of a copy, is not conveying.
+
+  An interactive user interface displays "Appropriate Legal Notices"
+to the extent that it includes a convenient and prominently visible
+feature that (1) displays an appropriate copyright notice, and (2)
+tells the user that there is no warranty for the work (except to the
+extent that warranties are provided), that licensees may convey the
+work under this License, and how to view a copy of this License.  If
+the interface presents a list of user commands or options, such as a
+menu, a prominent item in the list meets this criterion.
+
+  1. Source Code.
+
+  The "source code" for a work means the preferred form of the work
+for making modifications to it.  "Object code" means any non-source
+form of a work.
+
+  A "Standard Interface" means an interface that either is an official
+standard defined by a recognized standards body, or, in the case of
+interfaces specified for a particular programming language, one that
+is widely used among developers working in that language.
+
+  The "System Libraries" of an executable work include anything, other
+than the work as a whole, that (a) is included in the normal form of
+packaging a Major Component, but which is not part of that Major
+Component, and (b) serves only to enable use of the work with that
+Major Component, or to implement a Standard Interface for which an
+implementation is available to the public in source code form.  A
+"Major Component", in this context, means a major essential component
+(kernel, window system, and so on) of the specific operating system
+(if any) on which the executable work runs, or a compiler used to
+produce the work, or an object code interpreter used to run it.
+
+  The "Corresponding Source" for a work in object code form means all
+the source code needed to generate, install, and (for an executable
+work) run the object code and to modify the work, including scripts to
+control those activities.  However, it does not include the work's
+System Libraries, or general-purpose tools or generally available free
+programs which are used unmodified in performing those activities but
+which are not part of the work.  For example, Corresponding Source
+includes interface definition files associated with source files for
+the work, and the source code for shared libraries and dynamically
+linked subprograms that the work is specifically designed to require,
+such as by intimate data communication or control flow between those
+subprograms and other parts of the work.
+
+  The Corresponding Source need not include anything that users
+can regenerate automatically from other parts of the Corresponding
+Source.
+
+  The Corresponding Source for a work in source code form is that
+same work.
+
+  2. Basic Permissions.
+
+  All rights granted under this License are granted for the term of
+copyright on the Program, and are irrevocable provided the stated
+conditions are met.  This License explicitly affirms your unlimited
+permission to run the unmodified Program.  The output from running a
+covered work is covered by this License only if the output, given its
+content, constitutes a covered work.  This License acknowledges your
+rights of fair use or other equivalent, as provided by copyright law.
+
+  You may make, run and propagate covered works that you do not
+convey, without conditions so long as your license otherwise remains
+in force.  You may convey covered works to others for the sole purpose
+of having them make modifications exclusively for you, or provide you
+with facilities for running those works, provided that you comply with
+the terms of this License in conveying all material for which you do
+not control copyright.  Those thus making or running the covered works
+for you must do so exclusively on your behalf, under your direction
+and control, on terms that prohibit them from making any copies of
+your copyrighted material outside their relationship with you.
+
+  Conveying under any other circumstances is permitted solely under
+the conditions stated below.  Sublicensing is not allowed; section 10
+makes it unnecessary.
+
+  3. Protecting Users' Legal Rights From Anti-Circumvention Law.
+
+  No covered work shall be deemed part of an effective technological
+measure under any applicable law fulfilling obligations under article
+11 of the WIPO copyright treaty adopted on 20 December 1996, or
+similar laws prohibiting or restricting circumvention of such
+measures.
+
+  When you convey a covered work, you waive any legal power to forbid
+circumvention of technological measures to the extent such circumvention
+is effected by exercising rights under this License with respect to
+the covered work, and you disclaim any intention to limit operation or
+modification of the work as a means of enforcing, against the work's
+users, your or third parties' legal rights to forbid circumvention of
+technological measures.
+
+  4. Conveying Verbatim Copies.
+
+  You may convey verbatim copies of the Program's source code as you
+receive it, in any medium, provided that you conspicuously and
+appropriately publish on each copy an appropriate copyright notice;
+keep intact all notices stating that this License and any
+non-permissive terms added in accord with section 7 apply to the code;
+keep intact all notices of the absence of any warranty; and give all
+recipients a copy of this License along with the Program.
+
+  You may charge any price or no price for each copy that you convey,
+and you may offer support or warranty protection for a fee.
+
+  5. Conveying Modified Source Versions.
+
+  You may convey a work based on the Program, or the modifications to
+produce it from the Program, in the form of source code under the
+terms of section 4, provided that you also meet all of these conditions:
+
+    a) The work must carry prominent notices stating that you modified
+    it, and giving a relevant date.
+
+    b) The work must carry prominent notices stating that it is
+    released under this License and any conditions added under section
+    7.  This requirement modifies the requirement in section 4 to
+    "keep intact all notices".
+
+    c) You must license the entire work, as a whole, under this
+    License to anyone who comes into possession of a copy.  This
+    License will therefore apply, along with any applicable section 7
+    additional terms, to the whole of the work, and all its parts,
+    regardless of how they are packaged.  This License gives no
+    permission to license the work in any other way, but it does not
+    invalidate such permission if you have separately received it.
+
+    d) If the work has interactive user interfaces, each must display
+    Appropriate Legal Notices; however, if the Program has interactive
+    interfaces that do not display Appropriate Legal Notices, your
+    work need not make them do so.
+
+  A compilation of a covered work with other separate and independent
+works, which are not by their nature extensions of the covered work,
+and which are not combined with it such as to form a larger program,
+in or on a volume of a storage or distribution medium, is called an
+"aggregate" if the compilation and its resulting copyright are not
+used to limit the access or legal rights of the compilation's users
+beyond what the individual works permit.  Inclusion of a covered work
+in an aggregate does not cause this License to apply to the other
+parts of the aggregate.
+
+  6. Conveying Non-Source Forms.
+
+  You may convey a covered work in object code form under the terms
+of sections 4 and 5, provided that you also convey the
+machine-readable Corresponding Source under the terms of this License,
+in one of these ways:
+
+    a) Convey the object code in, or embodied in, a physical product
+    (including a physical distribution medium), accompanied by the
+    Corresponding Source fixed on a durable physical medium
+    customarily used for software interchange.
+
+    b) Convey the object code in, or embodied in, a physical product
+    (including a physical distribution medium), accompanied by a
+    written offer, valid for at least three years and valid for as
+    long as you offer spare parts or customer support for that product
+    model, to give anyone who possesses the object code either (1) a
+    copy of the Corresponding Source for all the software in the
+    product that is covered by this License, on a durable physical
+    medium customarily used for software interchange, for a price no
+    more than your reasonable cost of physically performing this
+    conveying of source, or (2) access to copy the
+    Corresponding Source from a network server at no charge.
+
+    c) Convey individual copies of the object code with a copy of the
+    written offer to provide the Corresponding Source.  This
+    alternative is allowed only occasionally and noncommercially, and
+    only if you received the object code with such an offer, in accord
+    with subsection 6b.
+
+    d) Convey the object code by offering access from a designated
+    place (gratis or for a charge), and offer equivalent access to the
+    Corresponding Source in the same way through the same place at no
+    further charge.  You need not require recipients to copy the
+    Corresponding Source along with the object code.  If the place to
+    copy the object code is a network server, the Corresponding Source
+    may be on a different server (operated by you or a third party)
+    that supports equivalent copying facilities, provided you maintain
+    clear directions next to the object code saying where to find the
+    Corresponding Source.  Regardless of what server hosts the
+    Corresponding Source, you remain obligated to ensure that it is
+    available for as long as needed to satisfy these requirements.
+
+    e) Convey the object code using peer-to-peer transmission, provided
+    you inform other peers where the object code and Corresponding
+    Source of the work are being offered to the general public at no
+    charge under subsection 6d.
+
+  A separable portion of the object code, whose source code is excluded
+from the Corresponding Source as a System Library, need not be
+included in conveying the object code work.
+
+  A "User Product" is either (1) a "consumer product", which means any
+tangible personal property which is normally used for personal, family,
+or household purposes, or (2) anything designed or sold for incorporation
+into a dwelling.  In determining whether a product is a consumer product,
+doubtful cases shall be resolved in favor of coverage.  For a particular
+product received by a particular user, "normally used" refers to a
+typical or common use of that class of product, regardless of the status
+of the particular user or of the way in which the particular user
+actually uses, or expects or is expected to use, the product.  A product
+is a consumer product regardless of whether the product has substantial
+commercial, industrial or non-consumer uses, unless such uses represent
+the only significant mode of use of the product.
+
+  "Installation Information" for a User Product means any methods,
+procedures, authorization keys, or other information required to install
+and execute modified versions of a covered work in that User Product from
+a modified version of its Corresponding Source.  The information must
+suffice to ensure that the continued functioning of the modified object
+code is in no case prevented or interfered with solely because
+modification has been made.
+
+  If you convey an object code work under this section in, or with, or
+specifically for use in, a User Product, and the conveying occurs as
+part of a transaction in which the right of possession and use of the
+User Product is transferred to the recipient in perpetuity or for a
+fixed term (regardless of how the transaction is characterized), the
+Corresponding Source conveyed under this section must be accompanied
+by the Installation Information.  But this requirement does not apply
+if neither you nor any third party retains the ability to install
+modified object code on the User Product (for example, the work has
+been installed in ROM).
+
+  The requirement to provide Installation Information does not include a
+requirement to continue to provide support service, warranty, or updates
+for a work that has been modified or installed by the recipient, or for
+the User Product in which it has been modified or installed.  Access to a
+network may be denied when the modification itself materially and
+adversely affects the operation of the network or violates the rules and
+protocols for communication across the network.
+
+  Corresponding Source conveyed, and Installation Information provided,
+in accord with this section must be in a format that is publicly
+documented (and with an implementation available to the public in
+source code form), and must require no special password or key for
+unpacking, reading or copying.
+
+  7. Additional Terms.
+
+  "Additional permissions" are terms that supplement the terms of this
+License by making exceptions from one or more of its conditions.
+Additional permissions that are applicable to the entire Program shall
+be treated as though they were included in this License, to the extent
+that they are valid under applicable law.  If additional permissions
+apply only to part of the Program, that part may be used separately
+under those permissions, but the entire Program remains governed by
+this License without regard to the additional permissions.
+
+  When you convey a copy of a covered work, you may at your option
+remove any additional permissions from that copy, or from any part of
+it.  (Additional permissions may be written to require their own
+removal in certain cases when you modify the work.)  You may place
+additional permissions on material, added by you to a covered work,
+for which you have or can give appropriate copyright permission.
+
+  Notwithstanding any other provision of this License, for material you
+add to a covered work, you may (if authorized by the copyright holders of
+that material) supplement the terms of this License with terms:
+
+    a) Disclaiming warranty or limiting liability differently from the
+    terms of sections 15 and 16 of this License; or
+
+    b) Requiring preservation of specified reasonable legal notices or
+    author attributions in that material or in the Appropriate Legal
+    Notices displayed by works containing it; or
+
+    c) Prohibiting misrepresentation of the origin of that material, or
+    requiring that modified versions of such material be marked in
+    reasonable ways as different from the original version; or
+
+    d) Limiting the use for publicity purposes of names of licensors or
+    authors of the material; or
+
+    e) Declining to grant rights under trademark law for use of some
+    trade names, trademarks, or service marks; or
+
+    f) Requiring indemnification of licensors and authors of that
+    material by anyone who conveys the material (or modified versions of
+    it) with contractual assumptions of liability to the recipient, for
+    any liability that these contractual assumptions directly impose on
+    those licensors and authors.
+
+  All other non-permissive additional terms are considered "further
+restrictions" within the meaning of section 10.  If the Program as you
+received it, or any part of it, contains a notice stating that it is
+governed by this License along with a term that is a further
+restriction, you may remove that term.  If a license document contains
+a further restriction but permits relicensing or conveying under this
+License, you may add to a covered work material governed by the terms
+of that license document, provided that the further restriction does
+not survive such relicensing or conveying.
+
+  If you add terms to a covered work in accord with this section, you
+must place, in the relevant source files, a statement of the
+additional terms that apply to those files, or a notice indicating
+where to find the applicable terms.
+
+  Additional terms, permissive or non-permissive, may be stated in the
+form of a separately written license, or stated as exceptions;
+the above requirements apply either way.
+
+  8. Termination.
+
+  You may not propagate or modify a covered work except as expressly
+provided under this License.  Any attempt otherwise to propagate or
+modify it is void, and will automatically terminate your rights under
+this License (including any patent licenses granted under the third
+paragraph of section 11).
+
+  However, if you cease all violation of this License, then your
+license from a particular copyright holder is reinstated (a)
+provisionally, unless and until the copyright holder explicitly and
+finally terminates your license, and (b) permanently, if the copyright
+holder fails to notify you of the violation by some reasonable means
+prior to 60 days after the cessation.
+
+  Moreover, your license from a particular copyright holder is
+reinstated permanently if the copyright holder notifies you of the
+violation by some reasonable means, this is the first time you have
+received notice of violation of this License (for any work) from that
+copyright holder, and you cure the violation prior to 30 days after
+your receipt of the notice.
+
+  Termination of your rights under this section does not terminate the
+licenses of parties who have received copies or rights from you under
+this License.  If your rights have been terminated and not permanently
+reinstated, you do not qualify to receive new licenses for the same
+material under section 10.
+
+  9. Acceptance Not Required for Having Copies.
+
+  You are not required to accept this License in order to receive or
+run a copy of the Program.  Ancillary propagation of a covered work
+occurring solely as a consequence of using peer-to-peer transmission
+to receive a copy likewise does not require acceptance.  However,
+nothing other than this License grants you permission to propagate or
+modify any covered work.  These actions infringe copyright if you do
+not accept this License.  Therefore, by modifying or propagating a
+covered work, you indicate your acceptance of this License to do so.
+
+  10. Automatic Licensing of Downstream Recipients.
+
+  Each time you convey a covered work, the recipient automatically
+receives a license from the original licensors, to run, modify and
+propagate that work, subject to this License.  You are not responsible
+for enforcing compliance by third parties with this License.
+
+  An "entity transaction" is a transaction transferring control of an
+organization, or substantially all assets of one, or subdividing an
+organization, or merging organizations.  If propagation of a covered
+work results from an entity transaction, each party to that
+transaction who receives a copy of the work also receives whatever
+licenses to the work the party's predecessor in interest had or could
+give under the previous paragraph, plus a right to possession of the
+Corresponding Source of the work from the predecessor in interest, if
+the predecessor has it or can get it with reasonable efforts.
+
+  You may not impose any further restrictions on the exercise of the
+rights granted or affirmed under this License.  For example, you may
+not impose a license fee, royalty, or other charge for exercise of
+rights granted under this License, and you may not initiate litigation
+(including a cross-claim or counterclaim in a lawsuit) alleging that
+any patent claim is infringed by making, using, selling, offering for
+sale, or importing the Program or any portion of it.
+
+  11. Patents.
+
+  A "contributor" is a copyright holder who authorizes use under this
+License of the Program or a work on which the Program is based.  The
+work thus licensed is called the contributor's "contributor version".
+
+  A contributor's "essential patent claims" are all patent claims
+owned or controlled by the contributor, whether already acquired or
+hereafter acquired, that would be infringed by some manner, permitted
+by this License, of making, using, or selling its contributor version,
+but do not include claims that would be infringed only as a
+consequence of further modification of the contributor version.  For
+purposes of this definition, "control" includes the right to grant
+patent sublicenses in a manner consistent with the requirements of
+this License.
+
+  Each contributor grants you a non-exclusive, worldwide, royalty-free
+patent license under the contributor's essential patent claims, to
+make, use, sell, offer for sale, import and otherwise run, modify and
+propagate the contents of its contributor version.
+
+  In the following three paragraphs, a "patent license" is any express
+agreement or commitment, however denominated, not to enforce a patent
+(such as an express permission to practice a patent or covenant not to
+sue for patent infringement).  To "grant" such a patent license to a
+party means to make such an agreement or commitment not to enforce a
+patent against the party.
+
+  If you convey a covered work, knowingly relying on a patent license,
+and the Corresponding Source of the work is not available for anyone
+to copy, free of charge and under the terms of this License, through a
+publicly available network server or other readily accessible means,
+then you must either (1) cause the Corresponding Source to be so
+available, or (2) arrange to deprive yourself of the benefit of the
+patent license for this particular work, or (3) arrange, in a manner
+consistent with the requirements of this License, to extend the patent
+license to downstream recipients.  "Knowingly relying" means you have
+actual knowledge that, but for the patent license, your conveying the
+covered work in a country, or your recipient's use of the covered work
+in a country, would infringe one or more identifiable patents in that
+country that you have reason to believe are valid.
+
+  If, pursuant to or in connection with a single transaction or
+arrangement, you convey, or propagate by procuring conveyance of, a
+covered work, and grant a patent license to some of the parties
+receiving the covered work authorizing them to use, propagate, modify
+or convey a specific copy of the covered work, then the patent license
+you grant is automatically extended to all recipients of the covered
+work and works based on it.
+
+  A patent license is "discriminatory" if it does not include within
+the scope of its coverage, prohibits the exercise of, or is
+conditioned on the non-exercise of one or more of the rights that are
+specifically granted under this License.  You may not convey a covered
+work if you are a party to an arrangement with a third party that is
+in the business of distributing software, under which you make payment
+to the third party based on the extent of your activity of conveying
+the work, and under which the third party grants, to any of the
+parties who would receive the covered work from you, a discriminatory
+patent license (a) in connection with copies of the covered work
+conveyed by you (or copies made from those copies), or (b) primarily
+for and in connection with specific products or compilations that
+contain the covered work, unless you entered into that arrangement,
+or that patent license was granted, prior to 28 March 2007.
+
+  Nothing in this License shall be construed as excluding or limiting
+any implied license or other defenses to infringement that may
+otherwise be available to you under applicable patent law.
+
+  12. No Surrender of Others' Freedom.
+
+  If conditions are imposed on you (whether by court order, agreement or
+otherwise) that contradict the conditions of this License, they do not
+excuse you from the conditions of this License.  If you cannot convey a
+covered work so as to satisfy simultaneously your obligations under this
+License and any other pertinent obligations, then as a consequence you may
+not convey it at all.  For example, if you agree to terms that obligate you
+to collect a royalty for further conveying from those to whom you convey
+the Program, the only way you could satisfy both those terms and this
+License would be to refrain entirely from conveying the Program.
+
+  13. Use with the GNU Affero General Public License.
+
+  Notwithstanding any other provision of this License, you have
+permission to link or combine any covered work with a work licensed
+under version 3 of the GNU Affero General Public License into a single
+combined work, and to convey the resulting work.  The terms of this
+License will continue to apply to the part which is the covered work,
+but the special requirements of the GNU Affero General Public License,
+section 13, concerning interaction through a network will apply to the
+combination as such.
+
+  14. Revised Versions of this License.
+
+  The Free Software Foundation may publish revised and/or new versions of
+the GNU General Public License from time to time.  Such new versions will
+be similar in spirit to the present version, but may differ in detail to
+address new problems or concerns.
+
+  Each version is given a distinguishing version number.  If the
+Program specifies that a certain numbered version of the GNU General
+Public License "or any later version" applies to it, you have the
+option of following the terms and conditions either of that numbered
+version or of any later version published by the Free Software
+Foundation.  If the Program does not specify a version number of the
+GNU General Public License, you may choose any version ever published
+by the Free Software Foundation.
+
+  If the Program specifies that a proxy can decide which future
+versions of the GNU General Public License can be used, that proxy's
+public statement of acceptance of a version permanently authorizes you
+to choose that version for the Program.
+
+  Later license versions may give you additional or different
+permissions.  However, no additional obligations are imposed on any
+author or copyright holder as a result of your choosing to follow a
+later version.
+
+  15. Disclaimer of Warranty.
+
+  THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY
+APPLICABLE LAW.  EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT
+HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY
+OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO,
+THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+PURPOSE.  THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM
+IS WITH YOU.  SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF
+ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
+
+  16. Limitation of Liability.
+
+  IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
+WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS
+THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY
+GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE
+USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF
+DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD
+PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS),
+EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF
+SUCH DAMAGES.
+
+  17. Interpretation of Sections 15 and 16.
+
+  If the disclaimer of warranty and limitation of liability provided
+above cannot be given local legal effect according to their terms,
+reviewing courts shall apply local law that most closely approximates
+an absolute waiver of all civil liability in connection with the
+Program, unless a warranty or assumption of liability accompanies a
+copy of the Program in return for a fee.
+
+                     END OF TERMS AND CONDITIONS
+
+            How to Apply These Terms to Your New Programs
+
+  If you develop a new program, and you want it to be of the greatest
+possible use to the public, the best way to achieve this is to make it
+free software which everyone can redistribute and change under these terms.
+
+  To do so, attach the following notices to the program.  It is safest
+to attach them to the start of each source file to most effectively
+state the exclusion of warranty; and each file should have at least
+the "copyright" line and a pointer to where the full notice is found.
+
+    <one line to give the program's name and a brief idea of what it does.>
+    Copyright (C) <year>  <name of author>
+
+    This program is free software: you can redistribute it and/or modify
+    it under the terms of the GNU General Public License as published by
+    the Free Software Foundation, either version 3 of the License, or
+    (at your option) any later version.
+
+    This program is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    GNU General Public License for more details.
+
+    You should have received a copy of the GNU General Public License
+    along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+Also add information on how to contact you by electronic and paper mail.
+
+  If the program does terminal interaction, make it output a short
+notice like this when it starts in an interactive mode:
+
+    <program>  Copyright (C) <year>  <name of author>
+    This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
+    This is free software, and you are welcome to redistribute it
+    under certain conditions; type `show c' for details.
+
+The hypothetical commands `show w' and `show c' should show the appropriate
+parts of the General Public License.  Of course, your program's commands
+might be different; for a GUI interface, you would use an "about box".
+
+  You should also get your employer (if you work as a programmer) or school,
+if any, to sign a "copyright disclaimer" for the program, if necessary.
+For more information on this, and how to apply and follow the GNU GPL, see
+<http://www.gnu.org/licenses/>.
+
+  The GNU General Public License does not permit incorporating your program
+into proprietary programs.  If your program is a subroutine library, you
+may consider it more useful to permit linking proprietary applications with
+the library.  If this is what you want to do, use the GNU Lesser General
+Public License instead of this License.  But first, please read
+<http://www.gnu.org/philosophy/why-not-lgpl.html>.
diff --git a/README b/README
new file mode 100644
index 00000000..d1b0ea14
--- /dev/null
+++ b/README
@@ -0,0 +1,136 @@
+
+================================================================================
+
+  Lynis - README
+
+================================================================================
+
+  Author:                   Michael Boelen (michael@rootkit.nl)
+  Description:              Security and system auditing tool
+  Web site:                 http://cisofy.com/lynis/
+                            http://www.rootkit.nl/projects/lynis.html
+  Development start:        May 2007
+  Support policy:           See section 'Support'
+  Documentation:            See web site, README, FAQ and CHANGELOG file
+
+================================================================================
+
+
+  == Web site contains up-to-date documentation ==
+
+  See http://www.rootkit.nl/files/lynis-documentation.html
+
+
+[+] Introduction
+-------------------------------
+
+  Lynis is an auditing tool which tests and gathers (security) information from
+  Unix based systems. The audience for this tool are security and system
+  auditors, network specialists and system maintainers.
+
+  Some of the (future) features and usage options:
+  - System and security audit checks
+  - File Integrity Assessment
+  - System and file forensics
+  - Usage of templates/baselines (reporting and monitoring)
+  - Extended debugging features
+
+  Everyone is free to use Lynis under the conditions of the GPL v3 license (see
+  LICENSE file).
+
+  ========================
+   Quick facts
+  ========================
+   - Name:     Lynis
+   - Type:     audit, security, forensics tool
+   - License:  GPL v3
+   - Language: Shell script
+   - Author:   Michael Boelen
+   - Web site: http://www.rootkit.nl
+   - Required permissions: root or equivalent
+   - Other requirements: write access to /var/log and /tmp
+
+
+
+[+] Installation
+-------------------------------
+
+  Lynis doesn't have to be installed, so it can be used directly from a
+  (removable) disk. If you want the program to be installed, use one of the
+  following methods:
+
+  - Create a custom directory (ie. /usr/local/lynis) and unpack the tarball
+    (tar xfvz lynis-version.tar.gz) into this directory.
+  - Create a RPM package by using the lynis.spec file (see web site)
+    run 'rpmbuild -ta lynis-version.tar.gz' (= build RPM package)
+    run 'rpm -ivh <filename>' (= install RPM package)
+
+  See online documentation for detailed instructions.
+
+
+[+] Supported systems
+-------------------------------
+
+  Since the complexity of auditing different systems and platforms, Lynis is
+  developed on BSD and Linux.
+
+  This tool is tested or confirmed to work with at least:
+  AIX, Linux, FreeBSD, OpenBSD, Mac OS X, Solaris. See website for the full
+  list of tested operating systems.
+
+
+
+[+] Usage
+-------------------------------
+
+  See online documentation for more information about using Lynis.
+
+
+
+[+] Development
+-------------------------------
+
+  If you have input to improve Lynis, let me know via the contact details (e-mail).
+
+
+[+] Support
+-------------------------------
+
+  Lynis is tested on the most common operating systems. The documentation (README,
+  FAQ) and the debugging information in the log file should cover most questions and
+  problems. Bugs can be reported by filling in the contact form at rootkit.nl, or by
+  sending an e-mail.
+
+  NOTE: User related questions should not be asked via the contact form. Read the
+  documentation, the website resources and the log file for answers to common problems.
+
+  Commercial support is available under strict conditions and depends on the request.
+  For more information fill in the contact form and describe what kind of service is
+  requested.
+
+
+
+[+] Upgrade to Lynis Enterprise
+-------------------------------
+
+  Individuals and companies which use this software for more than 10 systems, should
+  consider the value of this tool. Get the Lynis Enterprise Suite, to support the
+  development of open source software.
+
+
+
+[+] Thanks
+-------------------------------
+
+  Thanks to the community for using and supporting open source software and my tools
+  in particular. Many comments, bugs/patches and questions are the key to success
+  and motivation in developing tools like this.
+
+  A special thanks to anyone who donated a book or valuable suggestions in the past!
+
+
+
+
+================================================================================
+ Lynis - Copyright 2007-2014, Michael Boelen - The Netherlands
+ http://cisofy.com
diff --git a/db/fileperms.db b/db/fileperms.db
new file mode 100644
index 00000000..a4bbcf18
--- /dev/null
+++ b/db/fileperms.db
@@ -0,0 +1,19 @@
+#version=2008053000
+#
+# Field definitions
+# ===============================
+#  1)  file | dir
+#  2)  file name
+#  3)  file permissions
+#  4)  file owner
+#  5)  file group owner
+#  6)  operating system, or systems
+#  7)  operating system special
+#  8)  
+#
+#==================================================
+file:/etc/group:644:root:root:Linux:
+file:/etc/gshadow:400:root:root:Linux:
+file:/etc/passwd:644:root:root:Linux:
+file:/etc/shadow:400:root:root:Linux:
+
diff --git a/db/hints.db b/db/hints.db
new file mode 100644
index 00000000..1504cb30
--- /dev/null
+++ b/db/hints.db
@@ -0,0 +1,2 @@
+#version=20091015
+100:Did you know? Lynis has a --cronjob option for optimized output while running on scheduled times.:
\ No newline at end of file
diff --git a/db/integrity.db b/db/integrity.db
new file mode 100644
index 00000000..421d8196
--- /dev/null
+++ b/db/integrity.db
@@ -0,0 +1,3 @@
+#version=2008062800
+#binary:string:|NOT:
+ifconfig:PROMISC::
diff --git a/db/malware-susp.db b/db/malware-susp.db
new file mode 100644
index 00000000..5c6ace24
--- /dev/null
+++ b/db/malware-susp.db
@@ -0,0 +1,4 @@
+#version=2009101500
+vuln.txt:::
+crack*:::
+exploit*:::
\ No newline at end of file
diff --git a/db/malware.db b/db/malware.db
new file mode 100644
index 00000000..7844f1f3
--- /dev/null
+++ b/db/malware.db
@@ -0,0 +1,44 @@
+#version=2008062700
+/bin/.log:::Apache worm:::
+/bin/.login:::Login backdoor:::
+/tmp/.../r:::W55808A:::
+/tmp/.../a:::W55808A:::
+/usr/share/.aPa:::APAKIT
+/usr/lib/.ark?:::ARK:::
+/dev/ptyxx/.log:::ARK:::
+/dev/ptyxx/.file:::ARK:::
+/usr/sbin/arobia:::Beastkit:::
+/usr/sbin/idrun:::Beastkit:::
+/usr/lib/elm/arobia/elm:::Beastkit:::
+/usr/lib/elm/arobia/elm/hk:::Beastkit:::
+/usr/lib/elm/arobia/elm/hk.pub:::Beastkit:::
+/usr/lib/elm/arobia/elm/sc:::Beastkit:::
+/usr/lib/elm/arobia/elm/sd.pp:::Beastkit:::
+/usr/lib/elm/arobia/elm/sdco:::Beastkit:::
+/usr/lib/elm/arobia/elm/srsd:::Beastkit:::
+/tmp/.cinik:::Cinik:::
+/dev/mdev:::Dannyboy:::
+/usr/lib/libX.a:::Dannyboy:::
+/usr/bin/duarawkz/loginpass:::Duarawkz:::
+/dev/dev/gaskit/sshd/sshdd:::Gaskit:::
+/proc/knark/pids:::Knark:::
+/var/lock/subsys/...datafile.../...datafile.../in.smbd.log:::Ohhara:::
+/dev/.oz/.nap/rkit/terror:::Oz:::
+/usr/man/man5/..%%/.dir/scannah/asus:::Shutdown:::
+/usr/man/man5/..%%/.dir/see:::Shutdown:::
+/usr/man/man5/..%%/.dir/nscd:::Shutdown:::
+/usr/man/man5/..%%/.dir/alpd:::Shutdown:::
+/etc/rc.d/rc.local%%:::Shutdown:::
+/tmp/.a:::Scalper:::
+/tmp/.uua:::Scalper:::
+/tmp/.bugtraq:::Slapper:::
+/tmp/.uubugtraq:::Slapper:::
+/tmp/.bugtraq.c:::Slapper:::
+/tmp/httpd:::Slapper:::
+/tmp/.unlock:::Slapper:::
+/tmp/update:::Slapper:::
+/tmp/.cinik:::Slapper:::
+/tmp/.b:::Slapper:::
+/usr/man/.sman/sk:::Superkit:::
+/usr/lib/.tbd:::TBD:::
+/sbin/.login:::Login backdoor:::
\ No newline at end of file
diff --git a/db/sbl.db b/db/sbl.db
new file mode 100644
index 00000000..323303b4
--- /dev/null
+++ b/db/sbl.db
@@ -0,0 +1,2 @@
+#version=2008052800
+php:5.2.5
\ No newline at end of file
diff --git a/default.prf b/default.prf
new file mode 100644
index 00000000..dd93b3f7
--- /dev/null
+++ b/default.prf
@@ -0,0 +1,293 @@
+#################################################################################
+#
+# Lynis scan profile
+#
+# This is the default profile and is used as a baseline when testing systems and
+# applications. Since there are generally no "best" options, Lynis will assume
+# some default values.
+# 
+# All empty lines or with the # prefix will be skipped
+#
+# This is the default profile and contains default values. You are encouraged to
+# copy this file and use it's base for custom audit profiles.
+#
+#################################################################################
+
+[configuration]
+# Profile name, will be used as title/description
+config:profile_name:Default Audit Template:
+
+# Number of seconds to pause between every test (0 is no pause)
+config:pause_between_tests:0:
+
+# Show inline tips about the tool
+config:show_tool_tips:1:
+
+
+#################################################################################
+#
+# Testing options
+# ---------------
+#
+#################################################################################
+
+# ** Scan type (how deep test has to be, light, normal or full) **
+#
+# config:test_scan_mode:light|normal|full:
+
+
+# ** Skip one or more specific tests **
+# (always ignores scan mode and will make sure the test is skipped)
+#
+# config:test_skip_always:AAAA-1234 BBBB-5678 CCCC-9012:
+
+
+# ** Define the role(s) of a machine **
+# Values: desktop|server (default: server)
+#
+#config:machine_role:server:
+
+
+#################################################################################
+#
+# Plugins
+# ---------------
+# Define which plugins are enabled (nothing happens if plugin isn't available)
+#
+#################################################################################
+# plugin=security_malware
+# plugin=security_rootkit
+# plugin=fileperms
+plugin=docker
+plugin=file-integrity
+plugin=files
+plugin=filesystems
+plugin=firewalls
+plugin=processes
+plugin=software
+plugin=system-integrity
+
+#################################################################################
+#
+# Sysctl options
+# ---------------
+# sysctl:<Sysctl Key>:<Expected Value>:<Hardening Points>:<Description>:
+#
+# Sysctl key       = name
+# Expected value   = value of sysctl key
+# Hardening points = Number of hardening points. For most keys 1 HP will be suitable
+# Description      = Text description of key
+#
+#################################################################################
+
+[processes]
+#sysctl:kern.randompid:1234:1:Increase the next PID with an amount close to the given value:
+sysctl:security.bsd.see_other_gids:0:1:Disable display of processes of other groups:
+sysctl:security.bsd.see_other_uids:0:1:Disable display of processes of other users:
+
+[kernel]
+sysctl:kern.sugid_coredump:0:1:XXX:
+sysctl:kernel.core_setuid_ok:0:1:XXX:
+sysctl:kernel.core_uses_pid:1:1:XXX:
+sysctl:kernel.ctrl-alt-del:0:1:XXX:
+sysctl:kernel.exec-shield-randomize:1:1:XXX:
+sysctl:kernel.exec-shield:1:1:XXX:
+sysctl:kernel.sysrq:0:1:Disable magic SysRQ:
+sysctl:kernel.use-nx:0:1:XXX:
+
+[network]
+sysctl:net.inet.icmp.bmcastecho:0:1:Ignore ICMP packets directed to broadcast address:
+sysctl:net.inet.icmp.rediraccept:0:1:Disable incoming ICMP redirect routing redirects:
+sysctl:net.inet.ip.accept_sourceroute:0:1:Disable IP source routing: 
+sysctl:net.inet.ip.redirect:0:1:Disable/Ignore ICMP routing redirects:
+sysctl:net.inet.ip.sourceroute:0:1:Disable IP source routing:
+sysctl:net.inet.ip6.redirect:0:1:Disable/Ignore ICMP routing redirects:
+sysctl:net.inet.tcp.blackhole:2:1:Do not sent RST but drop traffic:
+sysctl:net.inet.udp.blackhole:1:1:Do not sent RST but drop traffic:
+sysctl:net.inet6.icmp6.rediraccept:0:1:Disable incoming ICMP redirect routing redirects:
+sysctl:net.inet6.ip6.redirect:0:1:Disable sending ICMP redirect routing redirects:
+sysctl:net.ipv4.conf.all.accept_redirects:0:1:Disable/Ignore ICMP routing redirects:
+sysctl:net.ipv4.conf.all.accept_source_route:0:1:Disable IP source routing:
+sysctl:net.ipv4.conf.all.bootp_relay:0:1:Do not relay BOOTP packets:
+sysctl:net.ipv4.conf.all.forwarding:0:1:Disable IP source routing:
+sysctl:net.ipv4.conf.all.log_martians:1:1:Log all packages for which the host does not have a path back to the source:
+sysctl:net.ipv4.conf.all.mc_forwarding:0:1:Disable IP source routing:
+sysctl:net.ipv4.conf.all.proxy_arp:0:1:Do not relay ARP packets:
+sysctl:net.ipv4.conf.all.rp_filter:1:1:Enforce ingress/egress filtering for packets:
+sysctl:net.ipv4.conf.all.send_redirects:0:1:Disable/Ignore ICMP routing redirects:
+sysctl:net.ipv4.conf.default.accept_redirects:0:1:Disable/Ignore ICMP routing redirects:
+sysctl:net.ipv4.conf.default.accept_source_route:0:1:Disable IP source routing:
+sysctl:net.ipv4.conf.default.log_martians:1:1:Log all packages for which the host does not have a path back to the source:
+sysctl:net.ipv4.icmp_echo_ignore_broadcasts:1:1:Ignore ICMP packets directed to broadcast address:
+sysctl:net.ipv4.icmp_ignore_bogus_error_responses:1:1:Ignore
+#sysctl:net.ipv4.ip_forward:0:1:Do not forward traffic:
+sysctl:net.ipv4.tcp_syncookies:1:1:Use SYN cookies to prevent SYN attack:
+sysctl:net.ipv4.tcp_timestamps:0:1:Do not use TCP time stamps:
+sysctl:net.ipv6.conf.all.send_redirects:0:1:Disable/ignore ICMP routing redirects:
+sysctl:net.ipv6.conf.all.accept_redirects:0:1:Disable/Ignore ICMP routing redirects:
+sysctl:net.ipv6.conf.all.accept_source_route:0:1:Disable IP source routing: 
+sysctl:net.ipv6.conf.default.accept_redirects:0:1:Disable/Ignore ICMP routing redirects:
+sysctl:net.ipv6.conf.default.accept_source_route:0:1:Disable IP source routing: 
+
+[security]
+#sysctl:kern.securelevel:1^2^3:1:FreeBSD security level:
+#security.jail.jailed: 0
+#security.jail.jail_max_af_ips: 255
+#security.jail.mount_allowed: 0
+#security.jail.chflags_allowed: 0
+#security.jail.allow_raw_sockets: 0
+#security.jail.enforce_statfs: 2
+#security.jail.sysvipc_allowed: 0
+#security.jail.socket_unixiproute_only: 1
+#security.jail.set_hostname_allowed: 1
+#security.bsd.suser_enabled: 1
+#security.bsd.unprivileged_proc_debug: 1
+#security.bsd.conservative_signals: 1
+#security.bsd.unprivileged_read_msgbuf: 1
+#security.bsd.hardlink_check_gid: 0
+#security.bsd.hardlink_check_uid: 0
+#security.bsd.unprivileged_get_quota: 0
+
+
+
+#################################################################################
+#
+# Apache options
+# columns: (1)apache : (2)option : (3)value
+#
+#################################################################################
+
+apache:ServerTokens:Prod:
+
+
+#################################################################################
+#
+# OpenLDAP options
+# columns: (1)openldap : (2)file : (3)option : (4)expected value(s)
+#
+#################################################################################
+
+openldap:slapd.conf:permissions:640-600:
+openldap:slapd.conf:owner:ldap-root:
+
+
+#################################################################################
+#
+# SSL certificates
+#
+#################################################################################
+
+# Locations where to search for SSL certificates
+ssl:certificates:/etc/pki /etc/ssl /usr/local/share/ca-certificates /var/www:
+
+
+#################################################################################
+#
+# NTP options
+#
+#################################################################################
+
+# Ignore some stratum 16 hosts (for example when running as time source itself)
+#ntp:ignore_stratum_16_peer:127.0.0.1:
+#ntp:ignore_stratum_16_peer:1.2.3.4:
+
+
+#################################################################################
+#
+# File/directories permissions (currently not used yet)
+#
+#################################################################################
+
+# Scan for exact file name match
+#[scanfiles]
+#scanfile:/etc/rc.conf:FreeBSD configuration:
+
+# Scan for exact directory name match
+#[scandirs]
+#scandir:/etc:/etc directory:
+
+
+#################################################################################
+#
+# permfile
+# ---------------
+# permfile:file name:file permissions:owner:group:action:
+# Action = NOTICE or WARN
+# Examples:
+# permfile:/etc/test1.dat:600:root:wheel:NOTICE:
+# permfile:/etc/test1.dat:640:root:-:WARN:
+#
+#################################################################################
+
+#permfile:/etc/inetd.conf:rw-------:root:-:WARN:
+#permfile:/etc/fstab:rw-r--r--:root:-:WARN:
+permfile:/etc/lilo.conf:rw-------:root:-:WARN:
+
+
+#################################################################################
+#
+# permdir
+# ---------------
+# permdir:directory name:file permissions:owner:group:action when permissions are different:
+#
+#################################################################################
+
+permdir:/root/.ssh:rwx------:root:-:WARN:
+
+# Scan for a program/binary in BINPATHs
+#scanbinary:Rootkit Hunter:rkhunter:
+
+
+#################################################################################
+#
+# Audit customizing
+# -----------------
+#
+# Most options can contain 'yes' or 'no'.
+#
+#################################################################################
+
+# Amount of connections in WAIT state before reporting it as a warning
+#config:connections_max_wait_state:50:
+
+# Skip security repository check for Debian based systems
+#config:debian_skip_security_repository:yes:
+
+# Debug mode (for debugging purposes, extra data logged to screen)
+#config:debug:yes:
+
+# Skip the FreeBSD portaudit test
+#config:freebsd_skip_portaudit:yes:
+
+# Ignore some specific home directories
+# One directory per line; directories will be skipped for home directory specific
+# checks, like file permissions, SSH and other configuration files
+#config:ignore_home_dir:/home/user:
+
+# Do not log tests with another guest operating system (default: yes)
+#config:log_tests_incorrect_os:no:
+
+# Define if available NTP daemon is configured as a server or client on the network
+# values: server or client (default: client)
+#config:ntpd_role:client:
+
+# Allow promiscuous interfaces
+#   <option>:<promiscuous interface name>:<description>:
+#if_promisc:pflog0:pf log daemon interface:
+
+# Skip Lynis upgrade availability test (default: no)
+#config:skip_upgrade_test:yes:
+
+#################################################################################
+#
+# Lynis Enterprise
+# -----------------
+#
+#################################################################################
+
+# Add your Lynis Enterprise license key here
+#config:license_key:[Your license key]:
+#config:group:[group name]:
+#config:group:test:
+
+#EOF
diff --git a/dev/README b/dev/README
new file mode 100644
index 00000000..c51df06f
--- /dev/null
+++ b/dev/README
@@ -0,0 +1,9 @@
+
+================================================================================
+
+    This directory contains tools for:
+    - Easy building customized packages
+    - Integrity checks and tools
+    - Development tools
+
+================================================================================
\ No newline at end of file
diff --git a/dev/TODO b/dev/TODO
new file mode 100644
index 00000000..c9229e1c
--- /dev/null
+++ b/dev/TODO
@@ -0,0 +1,114 @@
+
+================================================================================
+
+  Lynis - To Do
+
+================================================================================
+
+  Author:                   Michael Boelen (michael@rootkit.nl)
+  Description:              Security and system auditing tool
+  Website:                  http://www.rootkit.nl/projects/lynis.html
+  Support policy:           See section 'Support' (README file)
+  Documentation:            See web site, README, FAQ and CHANGELOG file
+
+================================================================================
+
+
+[+] Open issues
+-------------------------------
+
+
+[+] Project
+-------------------------------
+ 
+
+[+] General
+-------------------------------
+  - Activate warning when default profile is being used
+  - Add list of manual audit items, depending on performed tests
+  - Replace awk instances with ${AWKBINARY}
+
+
+[+] Forensics
+-------------------------------
+  - Add MD5/SHA1 database
+
+
+[+] Generic Tests
+-------------------------------
+  - NFS: Check if there is no localhost line in the /etc/export file
+  - Check /etc/crontab entries (permissions, locations)
+  - Search for all setuid/setgid files and compare against baseline
+  - Skel: Red Hat files are hidden, check with ls -al?
+  - Add MacOS X test for /tmp dir (or redirect location of symlink)
+  - Samba: make sure it does listen only at one interface (not at WAN)
+  - Cleanup some tests by combining options (like NETW-3006)
+  - Check for latest versions of programs
+  - Check if multiple users have group '0'
+  - When using --quiet, use long warnings instead of default lines
+  - Don't show section headers when using --tests
+  - Show Last logon dates for user accounts
+  - Show passwords 30 days or older / trivial passwords / password shadowing
+  - Show duplicate usernames, UIDs and GIDs
+  - System wide policies including: default files creation mask, login timeout intervals, lockout durations...
+  - Permissions on selected sensitive files / directories
+
+
+[+] Applications
+-------------------------------
+  - Debian/Ubuntu: check if apt-listbugs is installed
+
+[+] Databases
+-------------------------------
+  - Warn if MySQL is running on a network interface
+  - Check for empty root login
+  - Check Oracle things (tm)
+
+
+[+] Programming languages/interfaces
+-------------------------------
+  - Paranoid option: set binaries to 750 for perl, python, ruby, cc, gcc, *cc* etc
+
+
+[+] DNS
+-------------------------------
+  - Bind: check if version is disabled  
+
+
+[+] Firewalls
+-------------------------------
+  - iptables: show chain numbers when rules are unused
+
+
+[+] Shell/interface/X
+-------------------------------
+  - Check for autolog or timeoutd package
+
+
+[+] MTA
+-------------------------------
+  - Sendmail: check banner, check file permissions of configuration files
+  - Exim: check banner
+  - SMTP (if running): check if a version shows up in banner
+
+
+[+] Printers/spools
+-------------------------------
+  - Printcap consistency check for Linux/Solaris/MacOS
+  
+
+[+] Tomcat
+-------------------------------
+  - Check if iptables has rules for port 8080, 8009, 8443
+  - Check if /WEB-INF/ and /META-INF/ are denied in httpd.conf
+
+[+] Reporting
+-------------------------------
+  - Add possibility to mail directly (instead of log to file)
+  - Find audit templates for reporting (direct post to webserver?)
+  - Allow bonus points, however check a maximum index score of 100
+
+
+================================================================================
+ Lynis - Copyright 2007-2013, Michael Boelen - The Netherlands
+ http://www.rootkit.nl
diff --git a/dev/build-lynis.sh b/dev/build-lynis.sh
new file mode 100755
index 00000000..6ecd8988
--- /dev/null
+++ b/dev/build-lynis.sh
@@ -0,0 +1,138 @@
+#!/bin/sh
+
+#########################################################################
+#
+# Builds Lynis distribution
+#
+# Usage: this script creates Lynis builds
+#
+# *** NOTE ***
+# This script is not fully functional yet, several options like digital
+# signing, RPM/DEB package creation are missing.
+#
+#########################################################################
+#
+# Options:
+    
+    # Umask used when creating files/directories
+    OPTION_UMASK="027"
+
+    # Directory name used to create package related directories (like /usr/local/include/lynis)
+    OPTION_PACKAGE_DIRNAME="lynis"
+
+    # Binary to test
+    OPTION_BINARY_FILE="../lynis"    
+
+#
+#########################################################################
+#
+# Functions:
+
+    # Clean temporary files up
+    CleanUp()
+      {
+        if [ ! ${TMPDIR} = "" -a -d ${TMPDIR} ]; then
+            rm -rf ${TMPDIR}
+        fi
+      }
+
+#
+#########################################################################
+#
+
+    # Clean files up if we get interrupted
+    trap CleanUp INT
+
+#
+#########################################################################
+#
+
+# Set umask
+    echo -n "- Setting umask to ${OPTION_UMASK}                                 "
+    umask ${OPTION_UMASK}
+    if [ $? -eq 0 ]; then
+        echo "OK"
+      else
+        echo "BAD"
+        exit 1
+    fi
+
+#=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
+
+    # Build root
+    echo -n "- Creating BUILDROOT                                   "
+    TMPDIR=`mktemp -d /tmp/lynis-BUILDROOT.XXXX`
+    if [ $? -eq 0 ]; then
+        echo "OK"
+        echo "    BUILDROOT: ${TMPDIR}"
+      else
+        echo "BAD"
+        exit 1
+    fi
+
+#=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
+
+    # Test script for errors
+    echo -n "- Test Lynis script                                    "
+    
+    # Is file there?
+    if [ ! -f ${OPTION_BINARY_FILE} ]; then echo "BAD (can't find ${OPTION_BINARY_FILE})"; exit 1; fi
+
+    # Check script
+    FIND=`sh -n ${OPTION_BINARY_FILE} ; echo $?`
+    if [ $FIND -eq 0 ]; then
+        echo "OK"
+      else
+        echo "BAD"
+    fi
+
+#=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
+
+    # Create SHA1 hashes
+    echo -n "- Create SHA1 hashes                                   "
+    SHA1HASH_LYNIS=`grep -v '^#' ${OPTION_BINARY_FILE} | sha1`
+    echo "DONE"
+    echo "    Lynis (SHA1): ${SHA1HASH_LYNIS}"
+
+    # Add hashes to script
+    echo -n "- Injecting SHA1 hash into Lynis script                "
+    echo "-NOT DONE-"
+
+#=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
+
+    echo -n "- Cleaning up OpenBSD package build... " 
+    if [ -f openbsd/+CONTENTS ]; then rm openbsd/+CONTENTS; fi
+    echo "DONE"
+    OPENBSD_CONTENTS="openbsd/+CONTENTS"
+
+#=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
+
+    echo -n "- Creating MD5 hashes..."
+    PACKAGE_LIST_FILES=`cat files.dat | grep "^file:" | cut -d ':' -f3`
+
+    for I in ${PACKAGE_LIST_FILES}; do
+    
+      echo -n "${I} "
+      #FULLNAME=`cat files.dat | grep ":file:include: 
+      #echo "${FULLNAME}" >> ${OPENBSD_CONTENTS}
+      echo "${I}" >> ${OPENBSD_CONTENTS}
+      FILE="../${I}"
+      MD5HASH=`md5 -q ${FILE}`
+      echo "@md5 ${MD5HASH}" >> ${OPENBSD_CONTENTS}
+      echo "@size 0000" >> ${OPENBSD_CONTENTS}
+    done
+    echo ""
+
+#=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
+
+    echo -n "- Cleaning up... "
+
+    # Clean up our mess
+    CleanUp
+    
+    echo "DONE"    
+
+#=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
+    
+# The End!
+
diff --git a/dev/check-lynis.sh b/dev/check-lynis.sh
new file mode 100755
index 00000000..855f3577
--- /dev/null
+++ b/dev/check-lynis.sh
@@ -0,0 +1,4 @@
+#!/bin/sh
+
+# Check for double ID numbers
+grep -r Register .. | awk '{ if($2=="Register") { print $4 } }' | sort | uniq -c | awk '{ if ($1!=1) { print $2 } }'
diff --git a/dev/files.dat b/dev/files.dat
new file mode 100644
index 00000000..1e46d3a7
--- /dev/null
+++ b/dev/files.dat
@@ -0,0 +1,33 @@
+file/dir:type:filename:prefix:filename
+file:doc:CHANGELOG:CHANGELOG
+file:doc:FAQ:FAQ
+file:doc:INSTALL:INSTALL
+file:doc:LICENSE:LICENSE
+file:doc:README:README
+file:doc:TODO:TODO
+file:example:default.prf:default.prf
+file:bin:lynis:/usr/bin:lynis
+file:man:lynis.8:lynis.8
+dir:extra:contrib:contrib
+dir:include:include::/usr/local:include
+file:include:include/functions:/usr/local:include/lynis/functions
+file:include:include/osdetection:/usr/local:include/lynis/osdetection
+file:include:include/consts:/usr/local:include/lynis/consts
+file:include:include/parameters:/usr/local:include/lynis/parameters
+file:include:include/profiles:/usr/local:include/lynis/profiles
+file:include:include/tests_ports_packages:/usr/local:include/lynis/tests_ports_packages
+file:include:include/tests_boot_services:/usr/local:include/lynis/tests_boot_services
+file:include:include/tests_filesystems:/usr/local:include/lynis/tests_filesystems
+file:include:include/tests_networking:/usr/local:include/lynis/tests_networking
+file:include:include/tests_memory_processes:/usr/local:include/lynis/tests_memory_processes
+file:include:include/tests_kernel:/usr/local:include/lynis/tests_kernel
+file:include:include/tests_logging:/usr/local:include/lynis/tests_logging
+file:include:include/tests_authentication:/usr/local:include/lynis/tests_authentication
+file:include:include/tests_firewalls:/usr/local:include/lynis/tests_firewalls
+file:include:include/tests_homedirs:/usr/local:include/lynis/tests_homedirs
+file:include:include/tests_shells:/usr/local:include/lynis/tests_shells
+file:include:include/tests_printers_spools:/usr/local:include/lynis/tests_printers_spools
+file:include:include/tests_file_integrity:/usr/local:include/lynis/tests_file_integrity
+file:include:include/tests_accounting:/usr/local:include/lynis/tests_accounting
+file:include:include/tests_banners:/usr/local:include/lynis/tests_banners
+file:include:include/tests_mail_messaging:/usr/local:include/lynis/tests_mail_messaging
diff --git a/dev/openbsd/+CONTENTS b/dev/openbsd/+CONTENTS
new file mode 100644
index 00000000..d8da54ed
--- /dev/null
+++ b/dev/openbsd/+CONTENTS
@@ -0,0 +1,90 @@
+CHANGELOG
+@md5 7e0ad05581d32d6051a3e22ef297e81d
+@size 0000
+FAQ
+@md5 b1e44a42bad55941868a743b24d01d8b
+@size 0000
+INSTALL
+@md5 a1574195ee66d7cf8b9947de2cce6ab4
+@size 0000
+LICENSE
+@md5 d32239bcb673463ab874e80d47fae504
+@size 0000
+README
+@md5 d46ffad53300d044ba02a037a7255ee8
+@size 0000
+TODO
+@md5 3486e35f6c705d8ea1e34c4a66ec7046
+@size 0000
+default.prf
+@md5 63e7765073d12b3b177a3587e3a4d6e4
+@size 0000
+lynis
+@md5 aab4c29e3f3dbcbf71b320b476b91c94
+@size 0000
+lynis.8
+@md5 604d717b4671972f7d53350f6efd1f10
+@size 0000
+include/functions
+@md5 cc8fd64fc868251453e54305ebd71b58
+@size 0000
+include/osdetection
+@md5 92fa7e249e65271a450bbb523cd36ce9
+@size 0000
+include/consts
+@md5 a39c3101c95bde6556374e4d8d4992d7
+@size 0000
+include/parameters
+@md5 4d983d717a62276b4e7df8b04b423ca2
+@size 0000
+include/profiles
+@md5 1781be3989c4f42aeb77656a7885bedd
+@size 0000
+include/tests_ports_packages
+@md5 d1754a6365ff04acbfacbb0208e2bb57
+@size 0000
+include/tests_boot_services
+@md5 746100f95e83097ab3f52f2a0287980b
+@size 0000
+include/tests_filesystems
+@md5 b5257d89440fa06f170dfb9bd35cb5fe
+@size 0000
+include/tests_networking
+@md5 0b4d329f118a1845abce2af6b7b19b25
+@size 0000
+include/tests_memory_processes
+@md5 b0e1df62f87bfc08bea1c21f4762c0ff
+@size 0000
+include/tests_kernel
+@md5 2ca3f7ec1924854e1076bebbdc654928
+@size 0000
+include/tests_logging
+@md5 9993368b9616248195ef350b470a7768
+@size 0000
+include/tests_authentication
+@md5 18b810aa4a87fde400b2da127edd2d04
+@size 0000
+include/tests_firewalls
+@md5 c12c6014b844595f866a76545c8c9893
+@size 0000
+include/tests_homedirs
+@md5 44760dd3a0ca3a8c665356b2c2028fc9
+@size 0000
+include/tests_shells
+@md5 489667c1fb7c12c3fa3dcef19ce45ebb
+@size 0000
+include/tests_printers_spools
+@md5 3c151550ff48df8e913b0b74a4fd1f2b
+@size 0000
+include/tests_file_integrity
+@md5 794ad1c924b23d0a808035961f47023c
+@size 0000
+include/tests_accounting
+@md5 1808a389d1b5ba8c6e708978839eb3d1
+@size 0000
+include/tests_banners
+@md5 6449b7069a4a08b83daa685e100b316e
+@size 0000
+include/tests_mail_messaging
+@md5 8424dab66b29ea5270bccbfc9dbd4cb2
+@size 0000
diff --git a/include/binaries b/include/binaries
new file mode 100644
index 00000000..07bd557c
--- /dev/null
+++ b/include/binaries
@@ -0,0 +1,166 @@
+#!/bin/sh
+
+#################################################################################
+#
+#   Lynis
+# ------------------
+#
+# Copyright 2007-2014, Michael Boelen (michael@rootkit.nl), The Netherlands
+# Web site: http://www.rootkit.nl
+#
+# Lynis comes with ABSOLUTELY NO WARRANTY. This is free software, and you are
+# welcome to redistribute it under the terms of the GNU General Public License.
+# See LICENSE file for usage of this software.
+#
+#################################################################################
+#
+# Check which tools are installed
+#
+#################################################################################
+#
+    COMPILER_INSTALLED=0
+    IDLE_SESSION_KILLER_INSTALLED=0
+    MALWARE_SCANNER_INSTALLED=0
+#
+#################################################################################
+#
+    InsertSection "System Tools"
+#
+#################################################################################
+#
+    Display --indent 2 --text "- Scanning available tools..."
+    logtext "Start scanning for available audit binaries and tools..."
+
+    # Test        : FILE-7502
+    # Description : Check all system binaries
+    # Notes       : Always perform test, dependency for many other tests
+    Register --test-no FILE-7502 --weight L --network NO --description "Check all system binaries"
+    #if [ ${SKIPTEST} -eq 0 ]; then
+        SCANNEDPATHS=""; N=0
+        Display --indent 2 --text "- Checking system binaries..."
+        logtext "Status: Starting binary scan..."
+        for SCANDIR in ${BINPATHS}; do
+            logtext "Test: Checking binaries in directory ${SCANDIR}"
+            if [ -d ${SCANDIR} ]; then
+                Display --indent 4 --text "- Checking ${SCANDIR}... " --result FOUND --color GREEN
+                SCANNEDPATHS="${SCANNEDPATHS}, ${SCANDIR}"
+                logtext "Directory ${SCANDIR} exists. Starting directory scanning..."
+                FIND=`ls ${SCANDIR}`
+                for I in ${FIND}; do
+                    N=`expr ${N} + 1`
+                    BINARY="${SCANDIR}/${I}"
+                    logtext "Binary: ${BINARY}"
+                    # Optimized, much quicker (limited file access needed)
+                    case ${I} in
+                        aa-status)              APPARMORFOUND=1;       AASTATUSBINARY=${BINARY};                                                      logtext "  Found known binary: aa-status (apparmor component) - ${BINARY}"                                ;;
+                        afick.pl)               AFICKFOUND=1;          AFICKBINARY=${BINARY};                                                         logtext "  Found known binary: afick (file integrity checker) - ${BINARY}"                                ;;
+                        aide)                   AIDEFOUND=1;           AIDEBINARY=${BINARY};                                                          logtext "  Found known binary: aide (file integrity checker) - ${BINARY}"                                 ;;
+                        apache2)                if [ -f ${BINARY} ]; then HTTPDFOUND=1;          HTTPDBINARY=${BINARY};                               logtext "  Found known binary: apache2 (web server) - ${BINARY}";                                      fi ;;
+                        auditd)                 AUDITDFOUND=1;         AUDITDBINARY=${BINARY};                                                        logtext "  Found known binary: auditd (audit framework) - ${BINARY}"                                      ;;
+                        awk)                    if [ -f ${BINARY} ]; then AWKFOUND=1;                          AWKBINARY=${BINARY};                   logtext "  Found known binary: awk (string tool) - ${BINARY}";                                         fi ;;
+                        dig)                    DIGFOUND=1;            DIGBINARY=${BINARY};                                                           logtext "  Found known binary: dig (nameservice tool) - ${BINARY}"                                        ;;
+                        as)                     ASFOUND=1;             ASBINARY="${BINARY}";                   COMPILER_INSTALLED=1;                  logtext "  Found known binary: as (compiler) - ${BINARY}"                                                 ;;
+                        auditctl)               AUDITCTLFOUND=1;       AUDITCTLBINARY="${BINARY}";                                                    logtext "  Found known binary: auditctl (control utility for audit daemon) - ${BINARY}"                   ;;
+                        autolog)                AUTOLOGFOUND=1;        AUTOLOGBINARY="${BINARY}";              IDLE_SESSION_KILLER_INSTALLED=1;       logtext "  Found known binary: autolog (idle session killer) - ${BINARY}"                                 ;;
+                        chkconfig)              CHKCONFIGFOUND=1;      CHKCONFIGBINARY=${BINARY};                                                     logtext "  Found known binary: chkconfig (administration tool) - ${BINARY}"                               ;;
+                        clamscan)               CLAMSCANFOUND=1;       CLAMSCANBINARY=${BINARY};                                                      logtext "  Found known binary: clamscan (AV scanner) - ${BINARY}"                                         ;;
+                        cfagent)                CFAGENTFOUND=1;        CFAGENTBINARY="${BINARY}";              FILE_INT_TOOL_FOUND=1;                 logtext "  Found known binary: cfengine agent (configuration tool) - ${BINARY}"                           ;;
+                        chkrootkit)             CHKROOTKITFOUND=1;     CHKROOTKITBINARY="${BINARY}";           MALWARE_SCANNER_INSTALLED=1;           logtext "  Found known binary: chkrootkit (malware scanner) - ${BINARY}"                                  ;;
+                        curl)                   CURLFOUND=1;           CURLBINARY="${BINARY}";                                                        logtext "  Found known binary: curl (browser) - ${BINARY}"                                                ;;
+                        dig)                    if [ -f ${BINARY} ]; then DIGFOUND=1;                          DIGBINARY=${BINARY};                   logtext "  Found known binary: dig (network/dns tool) - ${BINARY}";                                    fi ;;
+                        dnsdomainname)          DNSDOMAINNAMEFOUND=1;  DNSDOMAINNAMEBINARY="${BINARY}";                                               logtext "  Found known binary: dnsdomainname (DNS domain) - ${BINARY}"                                    ;;
+                        domainname)             DOMAINNAMEFOUND=1;     DOMAINNAMEBINARY="${BINARY}";                                                  logtext "  Found known binary: domainname (NIS domain) - ${BINARY}"                                       ;;
+                        egrep)                  EGREPFOUND=1;          EGREPBINARY=${BINARY};                                                         logtext "  Found known binary: egrep (text search) - ${BINARY}"                                           ;;
+                        exim)                   EXIMFOUND=1;           EXIMBINARY="${BINARY}";                 EXIMVERSION=`${BINARY} -bV | grep 'Exim version' | awk '{ print $3 }' | xargs`; logtext "Found ${BINARY} (version ${EXIMVERSION})"               ;;
+                        find)                   FINDFOUND=1;           FINDBINARY="${BINARY}";                                                        logtext "  Found known binary: find (search tool) - ${BINARY}"                                            ;;
+                        g++)                    GPLUSPLUSFOUND=1;      GPLUSPLUSBINARY="${BINARY}";            COMPILER_INSTALLED=1;                  logtext "  Found known binary: g++ (compiler) - ${BINARY}"                                                ;;
+                        # additional file check due to existance /usr/libexec/gcc (directory)
+                        gcc)                    if [ -f ${BINARY} ]; then GCCBINARY="${BINARY}";               COMPILER_INSTALLED=1;                  logtext "  Found known binary: gcc (compiler) - ${BINARY}";                                            fi ;;
+                        grep)                   GREPFOUND=1;           GREPBINARY=${BINARY};                                                          logtext "  Found known binary: grep (text search) - ${BINARY}"                                            ;;
+                        httpd2-prefork)         HTTPDFOUND=1;          HTTPDBINARY=${BINARY};                                                         logtext "  Found known binary: apache2 (web server) - ${BINARY}"                                          ;;
+                        lvdisplay)              LVDISPLAYBINARY="${BINARY}";                                                                          logtext "  Found known binary: lvdisplay (LVM tool) - ${BINARY}"                                          ;;
+                        named-checkconf)        NAMEDCHECKCONFIGFOUND=1;  NAMEDCHECKCONFBINARY="${BINARY}";                                           logtext "  Found known binary: named-checkconf (BIND configuration analyzer) - ${BINARY}"                 ;;
+                        grpck)                  GRPCKFOUND=1;          GRPCKBINARY="${BINARY}";                                                       logtext "  Found known binary: grpck (consistency checker) - ${BINARY}"                                   ;;
+                        httpd)                  if [ -f ${BINARY} ]; then HTTPDFOUND=1;                        HTTPDBINARY="${BINARY}";               logtext "  Found known binary: httpd (web server) - ${BINARY}";                                        fi ;;
+                        ip)                     IPFOUND=1;             IPBINARY="${BINARY}";                                                          logtext "  Found known binary: ip (IP configuration) - ${BINARY}"                                         ;;
+                        ipf)                    IPFFOUND=1;            IPFBINARY="${BINARY}";                                                         logtext "  Found known binary: ipf (firewall) - ${BINARY}"                                                ;;
+                        ifconfig)               IFCONFIGFOUND=1;       IFCONFIGBINARY="${BINARY}";                                                    logtext "  Found known binary: ipconfig (IP configuration) - ${BINARY}"                                   ;;
+                        iptables)               if [ -f ${BINARY} ]; then IPTABLESFOUND=1;       IPTABLESBINARY="${BINARY}";                          logtext "  Found known binary: iptables (firewall) - ${BINARY}";                                       fi ;;
+                        kldstat)                KLDSTATFOUND=1;        KLDSTATBINARY="${BINARY}";                                                     logtext "  Found known binary: kldstat (kernel modules) - ${BINARY}"                                      ;;
+                        kstat)                  KSTATFOUND=1;          KSTATBINARY="${BINARY}";                                                       logtext "  Found known binary: kstat (kernel statistics) - ${BINARY}"                                     ;;
+                        locate)                 LOCATEFOUND=1;         LOCATEBINARY="${BINARY}";                                                      logtext "  Found known binary: locate (file database) - ${BINARY}"                                        ;;
+                        logrotate)              LOGROTATEFOUND=1;      LOGROTATEBINARY="${BINARY}";                                                   logtext "  Found known binary: logrotate (log rotation tool) - ${BINARY}"                                 ;;
+                        ls)                     LSFOUND=1;             LSBINARY="${BINARY}";                                                          logtext "  Found known binary: ls (file listing) - ${BINARY}"                                             ;;
+                        lsattr)                 LSATTRFOUND=1;         LSATTRBINARY="${BINARY}";                                                      logtext "  Found known binary: lsattr (file attributes) - ${BINARY}"                                      ;;
+                        lsmod)                  LSMODFOUND=1;          LSMODBINARY="${BINARY}";                                                       logtext "  Found known binary: lsmod (kernel modules) - ${BINARY}"                                        ;;
+                        lsof)                   LSOFFOUND=1;           LSOFBINARY="${BINARY}";                                                        logtext "  Found known binary: lsof (open files) - ${BINARY}"                                             ;;
+                        lynx)                   LYNXFOUND=1;           LYNXBINARY="${BINARY}"; LYNXVERSION=`${BINARY} -version | grep "^Lynx Version" | cut -d ' ' -f3`; logtext "Found known binary: lynx (browser) - ${BINARY} (version ${LYNXVERSION})"      ;;
+                        md5)                    MD5FOUND=1;            MD5BINARY="${BINARY}";                                                         logtext "  Found ${BINARY}" ;;
+                        md5sum)                 MD5FOUND=1;            MD5BINARY="${BINARY}";                                                         logtext "  Found ${BINARY}" ;;
+                        mtree)                  MTREEFOUND=1;          MTREEBINARY="${BINARY}";                                                       logtext "  Found known binary: mtree (mapping directory tree) - ${BINARY}"                                ;;
+                        mysql)                  MYSQLCLIENTFOUND=1;    MYSQLCLIENTBINARY="${BINARY}"; MYSQLCLIENTVERSION=`${BINARY} -V | awk '{ if ($4=="Distrib") { print $5 }}' | sed 's/,//g'` ;       logtext "Found ${BINARY} (version: ${MYSQLCLIENTVERSION})" ;;
+                        netstat)                NETSTATFOUND=1;        NETSTATBINARY="${BINARY}";                                                     logtext "  Found ${BINARY}" ;;
+                        nmap)                   NMAPFOUND=1;           NMAPBINARY="${BINARY}"; NMAPVERSION=`${BINARY} -V | grep "^Nmap version" | awk '{ print $3 }'`; logtext "Found ${BINARY} (version ${NMAPVERSION})"                                       ;;
+                        ntpq)                   NTPQFOUND=1;           NTPQBINARY="${BINARY}";                                                        logtext "  Found known binary ntpq (time daemon client) - ${BINARY}"                                      ;;
+                        osiris)                 OSIRISFOUND=1;         OSIRISBINARY="${BINARY}";                                                      logtext "  Found known binary: osiris - ${BINARY}"                                                        ;;
+                        openssl)                OPENSSLFOUND=1;        OPENSSLBINARY="${BINARY}"; OPENSSLVERSION=`${BINARY} version 2> /dev/null | head -n 1 | awk '{ print $2 }' | xargs`; logtext "Found ${BINARY} (version ${OPENSSLVERSION})"               ;;
+                        pacman)                 PACMANFOUND=1;         PACMANBINARY="${BINARY}";                                                      logtext "  Found known binary: pacman (package manager) - ${BINARY}"                                      ;;
+                        perl)                   PERLFOUND=1;           PERLBINARY="${BINARY}"; PERLVERSION=`${BINARY} -V:version | sed 's/^version=//' | sed 's/;//' | xargs`; logtext "Found ${BINARY} (version ${PERLVERSION})"                               ;;
+                        php)                    PHPFOUND=1;            PHPBINARY="${BINARY}"; PHPVERSION=`${BINARY} -v | awk '{ if ($1=="PHP") { print $2 }}' | head -1`; logtext "Found known binary: php (programming language) - ${BINARY} (version ${PHPVERSION})" ;;
+                        postconf)               POSTCONFFOUND=1;       POSTCONFBINARY="${BINARY}";                                                    logtext "  Found known binary: postconf (postfix configuration) - ${BINARY}"                              ;;
+                        postfix)                POSTFIXFOUND=1;        POSTFIXBINARY="${BINARY}";                                                     logtext "  Found known binary: postfix (postfix binary) - ${BINARY}"                                      ;;
+                        prelink)                PRELINKFOUND=1;        PRELINKBINARY="${BINARY}";                                                     logtext "  Found known binary: prelink (system optimizer) - ${BINARY}"                                    ;;
+                        pfctl)                  PFCTLFOUND=1;          PFCTLBINARY="${BINARY}";                                                       logtext "  Found known binary: pfctl (client to pf firewall) - ${BINARY}"                                 ;;
+                        ps)                     PSFOUND=1;             PSBINARY="${BINARY}";                                                          logtext "  Found known binary: ps (process listing) - ${BINARY}"                                          ;;
+                        puppet)                 PUPPETFOUND=1;         PUPPETBINARY="${BINARY}";                                                      logtext "  Found known binary: puppet (automation tooling) - ${BINARY}"                                   ;;
+                        puppetmasterd)          PUPPETMASTERDFOUND=1;  PUPPETMASTERDBINARY="${BINARY}";                                               logtext "  Found known binary: puppetmasterd (puppet master daemon) - ${BINARY}"                          ;;
+                        readlink)               READLINKFOUND=1;       READLINKBINARY="${BINARY}";                                                    logtext "  Found known binary: readlink (follows symlinks) - ${BINARY}"                                   ;;
+                        rkhunter)               RKHUNTERFOUND=1;       RKHUNTERBINARY="${BINARY}";             MALWARE_SCANNER_INSTALLED=1;           logtext "  Found known binary: rkhunter (malware scanner) - ${BINARY}"                                    ;;
+                        rpcinfo)                RPCINFOFOUND=1;        RPCINFOBINARY="${BINARY}";                                                     logtext "  Found known binary: rpcinfo (RPC information) - ${BINARY}"                                     ;;
+                        rpm)                    RPMFOUND=1;            RPMBINARY="${BINARY}";                                                         logtext "  Found known binary: rpm (package manager) - ${BINARY}"                                         ;;
+                        runlevel)               RUNLEVELFOUND=1;       RUNLEVELBINARY="${BINARY}";                                                    logtext "  Found known binary: runlevel (system utility) - ${BINARY}"                                     ;;
+                        samhain)                SAMHAINFOUND=1;        SAMHAINBINARY="${BINARY}";                                                     logtext "  Found known binary: samhain (integrity tool) - ${BINARY}"                                      ;;
+                        sestatus)               SESTATUSFOUND=1;       SESTATUSBINARY="${BINARY}";                                                    logtext "  Found known binary: sestatus (SELinux client) - ${BINARY}"                                     ;;
+                        slocate)                LOCATEFOUND=1;         LOCATEBINARY="${BINARY}";                                                      logtext "  Found known binary: slocate (file database) - ${BINARY}"                                       ;;
+                        smbd)                   SMBDFOUND=1;           SMBDBINARY="${BINARY}"; if [ "${OS}" = "MacOS" ]; then SMBDVERSION="unknown"; else SMBDVERSION=`${BINARY} -V | grep "^Version" | awk '{ print $2 }'`; fi; logtext "Found ${BINARY} (version ${SMBDVERSION})"                                            ;;
+                        showmount)              SHOWMOUNTFOUND=1;      SHOWMOUNTBINARY="${BINARY}";                                                   logtext "  Found known binary: showmount (NFS mounts) - ${BINARY}"                                        ;;
+                        sockstat)               SOCKSTATFOUND=1;       SOCKSTATBINARY="${BINARY}";                                                    logtext "  Found known binary: sockstat (open network sockets) - ${BINARY}"                               ;;
+                        squid)                  SQUIDFOUND=1;          SQUIDBINARY="${BINARY}";                                                       logtext "  Found known binary: squid (proxy) - ${BINARY}"                                                 ;;
+                        sshd)                   SSHDFOUND=1;           SSHDBINARY="${BINARY}"; SSHDVERSION=`${BINARY} -t -d 2>&1 | head -n 1 | awk '{ print $4 }' | cut -d '_' -f2 | xargs`; logtext "Found ${BINARY} (version ${SSHDVERSION})"                 ;;
+                        stat)                   STATFOUND=1;           STATBINARY="${BINARY}";                                                        logtext "  Found known binary: stat (file information) - ${BINARY}"                                       ;;
+                        strings)                STRINGSFOUND=1;        STRINGSBINARY="${BINARY}";                                                     logtext "  Found known binary: strings (text strings search) - ${BINARY}"                                 ;;
+                        sha1|sha1sum|shasum)    SHA1SUMFOUND=1;        SHA1SUMBINARY="${BINARY}";                                                     logtext "  Found known binary: sha1/sha1sum/shasum (crypto hashing) - ${BINARY}"                          ;;
+                        ssh-keyscan)            SSHKEYSCANFOUND=1;     SSHKEYSCANBINARY="${BINARY}";                                                  logtext "  Found known binary: ssh-keyscan (scanner for SSH keys) - ${BINARY}"                            ;;
+                        sysctl)                 SYSCTLFOUND=1;         SYSCTLBINARY="${BINARY}";                                                      logtext "  Found known binary: sysctl (kernel parameters) - ${BINARY}"                                    ;;
+                        syslog-ng)              SYSLOGNGFOUND=1;       SYSLOGNGBINARY="${BINARY}"; SYSLOGNGVERSION=`${BINARY} -V 2>&1 | grep "^syslog-ng" | awk '{ print $2 }'`; logtext "Found ${BINARY} (version ${SYSLOGNGVERSION})"                         ;;
+                        systemctl)              SYSTEMCTLFOUND=1;      SYSTEMCTLBINARY="${BINARY}";                                                   logtext "  Found known binary: systemctl (client to systemd) - ${BINARY}"                                 ;;
+                        tripwire)               TRIPWIREFOUND=1;       TRIPWIREBINARY="${BINARY}";                                                    logtext "  Found known binary: tripwire (file integrity) - ${BINARY}"                                     ;;
+                        tune2fs)                TUNE2FSFOUND=1;        TUNE2FSBINARY="${BINARY}";                                                     logtext "  Found known binary: tune2fs (file system tool) - ${BINARY}"                                    ;;
+                        vgdisplay)              VGDISPLAYFOUND=1;      VGDISPLAYBINARY="${BINARY}";                                                   logtext "  Found known binary: vgdisplay (LVM tool) - ${BINARY}"                                          ;;
+                        vmtoolsd)               VMWARETOOLSFOUND=1;    VMWARETOOLSDBINARY="${BINARY}";                                                logtext "  Found known binary: vmtoolsd (VMWare tools) - ${BINARY}"                                       ;;
+                        wget)                   WGETFOUND=1;           WGETBINARY="${BINARY}"; WGETVERSION=`${BINARY} -V | grep "^GNU Wget" | awk '{ print $3 }'`; logtext "Found ${BINARY} (version ${WGETVERSION})"                                           ;;
+                        yum)                    YUMFOUND=1;            YUMBINARY="${BINARY}";                                                         logtext "  Found known binary: yum (package manager) - ${BINARY}"                                         ;;
+                        zypper)                 ZYPPERFOUND=1;         ZYPPERBINARY="${BINARY}";                                                      logtext "  Found known binary: zypper (package manager) - ${BINARY}"                                      ;;
+                    esac
+                done
+              else
+                Display --indent 4 --text "- Checking ${SCANDIR}... " --result "NOT FOUND" --color WHITE
+                logtext "Directory ${SCANDIR} does NOT exist."
+            fi
+            logtextbreak
+        done
+        SCANNEDPATHS=`echo ${SCANNEDPATHS} | sed 's/^, //g'`
+        logtext "Discovered directories: ${SCANNEDPATHS}"
+    #fi
+
+    logtext "Result: found ${N} binaries"
+    report "binaries_count=${N}"
+#
+#################################################################################
+#
+
+wait_for_keypress
+
+#
+#================================================================================
+# Lynis - Copyright 2007-2014, Michael Boelen - www.rootkit.nl - The Netherlands
diff --git a/include/consts b/include/consts
new file mode 100644
index 00000000..9de50d5f
--- /dev/null
+++ b/include/consts
@@ -0,0 +1,182 @@
+#!/bin/sh
+
+#################################################################################
+#
+#   Lynis
+# ------------------
+#
+# Copyright 2007-2014, Michael Boelen (michael@rootkit.nl), The Netherlands
+# Web site: http://www.rootkit.nl
+#
+# This software is licensed under GPL, version 3. See LICENSE file for
+# usage of this software.
+#
+#################################################################################
+#
+# Consts
+#
+#################################################################################
+#
+
+# Program information
+
+# Paths where system and program binaries are located
+# Includes Sun Solaris dirs
+BINPATHS="/bin /sbin /usr/bin /usr/sbin /usr/local/bin /usr/local/sbin \
+          /usr/local/libexec /usr/libexec /usr/sfw/bin /usr/sfw/sbin \
+          /usr/sfw/libexec /opt/sfw/bin /opt/sfw/sbin /opt/sfw/libexec \
+          /usr/xpg4/bin /usr/css/bin /usr/ucb /usr/X11R6/bin /usr/X11R7/bin"
+
+# Do not use specific language, fall back to default
+unset LANG
+
+#
+#################################################################################
+#
+# Deprecated
+#
+#################################################################################
+#
+    HOME_HISTORY_AUDIT_TITLE="Incorrect history file types"
+    HOME_HISTORY_AUDIT_DESCRIPTION=""
+
+    HOME_HISTORY_LOG_TITLE="History files type check"
+    HOME_HISTORY_LOG_DESCRIPTION="History files type check"
+    HOME_HISTORY_LOG_TEXT="History files are normally of the type 'file'. Symbolic links and other types can be riskful"
+
+    HOME_PATH_LOG_MESSAGE="A single dot in the PATH variable of a user can be a risk, while executing commands in for example a home directory."
+
+    USER_PASSWD_DOUBLEUID_AUDIT_TITLE="Non unique UIDs"
+    USER_PASSWD_DOUBLEUID_AUDIT_DESCRIPTION="Non unique UIDs in passwd file"
+    USER_PASSWD_DOUBLEUID_AUDIT_TEXT="Non unique UIDs can riskful for the system or part of a configuration mistake"
+
+    KERNEL_ACTIVE_MODULES_TITLE="Active kernel modules (KLDs)"
+    KERNEL_ACTIVE_MODULES_DESCRIPTION="View all active kernel modules (including kernel)"
+    KERNEL_ACTIVE_MODULES_TEXT="Displays the loaded kernel modules in memory. Make sure to check the integrity of the kld tools."
+#
+#################################################################################
+#
+# Initialize defaults
+#
+#################################################################################
+#
+# == Variable initializing ==
+#
+    AUDITORNAME=""
+    PROFILE=""
+    REPORTFILE=""
+    AFICKBINARY=""
+    AIDEBINARY=""
+    AASTATUSBINARY=""
+    CHKROOTKITBINARY=""
+    CHKCONFIGBINARY=""
+    FILEVALUE=""
+    FIND=""
+    GRPCKBINARY=""
+    GROUP_NAME=""
+    IPTABLESBINARY=""
+    LINUX_VERSION=""
+    LINUXCONFIGFILE=""
+    LOGFILE=""
+    NGINX_ACCESS_LOG_DISABLED=0
+    NGINX_ACCESS_LOG_MISSING=0
+    NGINX_ALIAS_FOUND=0
+    NGINX_ALLOW_FOUND=0
+    NGINX_DENY_FOUND=0
+    NGINX_ERROR_LOG_DEBUG=0
+    NGINX_ERROR_LOG_MISSING=0
+    NGINX_EXPIRES_FOUND=0
+    NGINX_FASTCGI_FOUND=0
+    NGINX_FASTCGI_PARAMS_FOUND=0
+    NGINX_FASTCGI_PASS_FOUND=0
+    NGINX_LISTEN_FOUND=0
+    NGINX_LOCATION_FOUND=0
+    NGINX_SSL_CIPHERS=0
+    NGINX_SSL_ON=0
+    NGINX_SSL_PREFER_SERVER_CIPHERS=0
+    NGINX_SSL_PROTOCOLS=0
+    NGINX_RETURN_FOUND=0
+    NGINX_ROOT_FOUND=0
+    OS=""; OS_MODE=""
+    OS_REDHAT_OR_CLONE=0
+    OSIRISBINARY=""
+    PIDFILE=""
+    PFFOUND=0
+    PROFILEVALUE=""
+    RKHUNTERBINARY=""
+    RPMBINARY=""
+    SAMHAINBINARY=""
+    SCAN_TEST_HEAVY=""; SCAN_TEST_MEDIUM=""; SCAN_TEST_LOW=""
+    SESTATUSBINARY=""
+    SSHKEYSCANBINARY=""
+    SSHKEYSCANFOUND=0
+    SYSLOGNGBINARY=""
+    TEST_SKIP_ALWAYS=""
+    TESTS_EXECUTED=""
+    TESTS_SKIPPED=""
+    TRIPWIREBINARY=""
+    UPDATE_CHECK_SKIPPED=0
+    VALUE=""
+#
+#################################################################################
+#
+# == Options ==
+#
+#   Option			  Description
+# --------------------------------------------------------------------------
+    CRONJOB=0			# Run as a cronjob
+    CTESTS_PERFORMED=0		# Number of tests which are performed
+    DEBUG=0                     # Debugging mode (to screen)
+    HPPOINTS=0                  # Number of hardening points
+    HPTOTAL=0                   # Maximum number of hardening points
+    LOG_INCORRECT_OS=1		# Log tests with incorrect OS
+    NEVERBREAK=0		# Don't wait for user input
+    QUICKMODE=0			# Don't wait for user input
+    QUIET=0			# Show normal messages and warnings as well
+    SHOW_TOOL_TIPS=1		# Show inline tool tips (default true)
+    SKIPLOGTEST=0		# Skip logging for one test
+    SKIP_UPGRADE_TEST=0		# Skip upgrade test
+    TESTS_TO_PERFORM=""		# Which tests only to perform
+    TEST_PAUSE_TIME=0		# Default pause time
+    TOTAL_TESTS=0		# Total amount of tests (counter)
+    UPLOAD_DATA=0               # Upload of data to central node
+    VIEWHELP=0			# Show help
+    VIEWUPDATEINFO=0		# View program/database version
+    WRONGOPTION=0		# A wrong option is used
+#
+#################################################################################
+#
+    # Installed packages and other settings
+    COMPILER_INSTALLED=0
+#
+#################################################################################
+#
+# Colors
+#
+#################################################################################
+#
+#   Color name                  Description
+# --------------------------------------------------------------------------
+    NORMAL="" 
+    WARNING=""		# Bad (red)
+    SECTION=""		# Section (yellow)
+    NOTICE=""		# Notice (yellow)
+    OK=""		# Ok (green)
+    BAD=""		# Bad (red)
+
+    # Real color names
+    YELLOW=""		# Yellow
+    WHITE=""		# White
+    GREEN=""		# Green
+    RED=""		# Red
+    PURPLE=""
+    MAGENTA=""
+    BROWN=""
+    CYAN=""
+    BLUE=""
+#
+#################################################################################
+#
+
+#================================================================================
+# Lynis - Copyright 2007-2014, Michael Boelen - www.rootkit.nl - The Netherlands
diff --git a/include/data_upload b/include/data_upload
new file mode 100644
index 00000000..7b41a3c7
--- /dev/null
+++ b/include/data_upload
@@ -0,0 +1,110 @@
+#!/bin/sh
+
+#################################################################################
+#
+#   Lynis
+# ------------------
+#
+# Copyright 2007-2014, Michael Boelen (michael@cisofy.com), The Netherlands
+# Web site: http://cisofy.com
+#
+# Lynis comes with ABSOLUTELY NO WARRANTY. This is free software, and you are
+# welcome to redistribute it under the terms of the GNU General Public License.
+# See LICENSE file for usage of this software.
+#
+#################################################################################
+#
+# Data upload
+#
+#################################################################################
+#
+#    logtextbreak
+PROGRAM_VERSION="101"
+DATA_SERVER="https://cisofy.com"
+# Additional options to curl
+CURL_OPTIONS=""
+SETTINGS_FILE="${PROFILE}"
+#DEBUG=1
+
+# Only output text to stdout if DEBUG mode is not used
+output()
+  {
+    if [ ${DEBUG} -eq 1 ]; then echo "$1"; fi
+  }
+
+#####################################################################################
+#
+# SYSTEM CHECKS
+#
+#####################################################################################
+
+output "Lynis Enterprise data uploader starting"
+output "Settings file: ${SETTINGS_FILE}"
+
+    # Check if we can find curl
+    # Suggestion: If you want to keep the system hardened, copying the binary from a trusted source is a good alternative.
+    #             Restrict access to this binary to the user who is running this script.
+    if [ "${CURLBINARY}" = "" ]; then
+        echo "Fatal: can't find curl binary. Please install the related package or put the binary in the PATH. Quitting.."
+        exit 1
+    fi
+
+    # Extra the license key from the settings file
+    if [ "${LICENSE_KEY}" = "" ]; then
+        echo "Fatal: no license key found. Quitting.."
+        exit 1
+      else
+        output "License key = ${LICENSE_KEY}"
+    fi
+
+
+#####################################################################################
+#
+# JOB CONTROL
+#
+#####################################################################################
+
+    # Check report file
+    if [ -f ${REPORTFILE} ]; then
+        output "${WHITE}Report file found.${NORMAL} Starting with connectivity check.."
+        # Quit if license is not valid, to reduce load on both client and server.
+        UPLOAD=`${CURLBINARY} ${CURL_OPTIONS} -s -S --data-urlencode "licensekey=${LICENSE_KEY}" --data-urlencode "collector_version=${PROGRAM_VERSION}" ${DATA_SERVER}/license/`
+        UPLOAD_CODE=`echo ${UPLOAD} | head -n 1 | awk '{ if ($1=="Response") { print $2 }}'`
+        if [ "${UPLOAD_CODE}" = "100" ]; then
+            output "${WHITE}License is valid{$NORMAL}"
+          else
+            echo "${RED}Fatal error: provided license key is unknown or invalid.${NORMAL}"
+            output "Debug information: ${UPLOAD}"
+            # Quit
+            ExitClean
+        fi
+        # Extract the hostid from the parse file
+        HOSTID=`cat ${REPORTFILE} | grep "^hostid=" | awk -F= '{ print $2 }'`
+        if [ ! "${HOSTID}" = "" ]; then
+            output "${WHITE}Found hostid: ${HOSTID}${NORMAL}"
+            # Try to connect
+            output "Uploading data.."
+            UPLOAD=`${CURLBINARY} ${CURL_OPTIONS} -s -S --data-urlencode "data@${REPORTFILE}" --data-urlencode "licensekey=${LICENSE_KEY}" --data-urlencode "hostid=${HOSTID}" ${DATA_SERVER}/upload/`
+            UPLOAD_CODE=`echo ${UPLOAD} | head -n 1 | awk '{ print $2 }'`
+            output "Output code from upload: ${UPLOAD_CODE}"
+            if [ "${UPLOAD_CODE}" = "100" ]; then
+                output "${GREEN}Data uploaded successfully${NORMAL}"
+              else
+                echo "${RED}Error occured, please check documentation for code ${UPLOAD_CODE}.${NORMAL}"
+                output "Debug:"
+                output ${UPLOAD}
+                # Quit
+                ExitClean
+            fi
+          else
+            echo "${RED}Fatal error${NORMAL}: No hostid found in report file. Can not upload report file."
+            # Quit
+            ExitClean
+        fi
+      else
+         output "${YELLOW}No report file found to upload.${NORMAL}"
+    fi
+
+#
+#================================================================================
+# Lynis - Copyright 2007-2014, Michael Boelen - www.rootkit.nl - The Netherlands
diff --git a/include/functions b/include/functions
new file mode 100644
index 00000000..3517d38a
--- /dev/null
+++ b/include/functions
@@ -0,0 +1,974 @@
+#!/bin/sh
+
+#################################################################################
+#
+#   Lynis
+# ------------------
+#
+# Copyright 2007-2014, Michael Boelen (michael@rootkit.nl), The Netherlands
+# Web site: http://www.rootkit.nl
+#
+# This software is licensed under GPL, version 3. See LICENSE file for
+# usage of this software.
+#
+#################################################################################
+#
+# Functions
+#
+#################################################################################
+#
+#    Function                   Description
+#    -----------------------    -------------------------------------------------
+#    AddHP                      Add Hardening points to plot a graph later
+#    CheckFilePermissions       Check file permissions
+#    CheckUpdates               Determine if a new version of Lynis is available
+#    counttests                 Count number of performed tests
+#    Debug                      Display additional information on the screen (not suited for cronjob)
+#    DirectoryExists            Check if a directory exists on the disk
+#    Display                    Output text to screen with colors and identation
+#    ExitClean                  Stop the program (cleanly)
+#    ExitFatal                  Stop the program (cleanly), with fatal
+#    FileExists                 Check if a file exists on the disk
+#    GetHostID                  Retrieve an unique ID for this host
+#    InsertSection              Insert a section block
+#    InsertPluginSection        Insert a section block for plugins
+#    IsRunning                  Check if a process is running
+#    ParseNginx                 Parse nginx configuration lines
+#    ReportException            Add an exception to the report file (for debugging purposes)
+#    ReportSuggestion           Add a suggestion to report file
+#    ReportWarning              Add a warning and priority to report file
+#    Register                   Register a test (for logging and execution)
+#    SafePerms                  Check if a directory has safe permissions
+#    SearchItem                 Search a string in a file
+#    ViewCategories             Display tests categories
+#    logtext                    Log text strings to logfile, prefixed with date/time
+#
+#################################################################################
+
+    # Add Hardening Points
+    AddHP()
+      {
+        HPADD=$1; HPADDMAX=$2
+        HPPOINTS=`expr ${HPPOINTS} + ${HPADD}`
+        HPTOTAL=`expr ${HPTOTAL} + ${HPADDMAX}`
+        logtext "Hardening: assigned ${HPADD} hardening points (max for this item: ${HPADDMAX}), current: ${HPPOINTS}, total: ${HPTOTAL}"
+      }
+
+    # Check file permissions
+    # Parameter 1 is file/dir
+    # Result: FILE_NOT_FOUND | OK | BAD
+    CheckFilePermissions()
+      {
+        CHECKFILE=$1
+        if [ ! -d $CHECKFILE -a ! -f $CHECKFILE ]; then
+            PERMS="FILE_NOT_FOUND"
+          else
+            # If 'file' is an directory, use -d
+            if [ -d ${CHECKFILE} ]; then
+                FILEVALUE=`ls -d -l ${CHECKFILE} | cut -c 2-10`
+                PROFILEVALUE=`cat ${PROFILE} | grep '^permdir' | grep ":${CHECKFILE}:" | cut -d: -f3` 
+              else
+                FILEVALUE=`ls -l ${CHECKFILE} | cut -c 2-10`
+                PROFILEVALUE=`cat ${PROFILE} | grep '^permfile' | grep ":${CHECKFILE}:" | cut -d: -f3` 
+            fi
+            if [ "${FILEVALUE}" = "${PROFILEVALUE}" ]; then PERMS="OK"; else PERMS="BAD"; fi
+        fi
+      }
+
+    ################################################################################
+    # Name        : CheckItem()
+    # Description : Check if a specific item exists in the report
+    # Returns     : <nothing>
+    ################################################################################
+
+    CheckItem()
+      {
+         ITEM_FOUND=0
+         if [ $# -eq 2 ]; then
+            # Don't search in /dev/null, it's too empty there
+            if [ ! "${REPORTFILE}" = "/dev/null" ]; then
+                # Check if we can find the main type (with or without brackets)
+                logtext "Test: search string $2 in earlier discovered results"
+                FIND=`egrep "^$1(\[\])?=" ${REPORTFILE} | egrep "$2"`
+                if [ ! "${FIND}" = "" ]; then
+                    ITEM_FOUND=1
+                    logtext "Result: found string"
+                 else
+                    logtext "Result: search string NOT found"
+                fi
+              else
+                logtext "Skipping search, as /dev/null is being used"
+            fi
+          else
+            ReportException ${TEST_NO} "Error in function call to CheckItem"
+         fi
+      }
+
+    # Check updates
+    CheckUpdates()
+      {
+        # Possible improvement: determine if host binary exists YYY
+        PROGRAM_LV="0000000000"; DB_MALWARE_LV="0000000000"; DB_FILEPERMS_LV="0000000000"
+        FIND=`which dig 2> /dev/null`
+        if [ ! "${FIND}" = "" ]; then
+            PROGRAM_LV=`dig +short -t txt lynis-lv.rootkit.nl 2> /dev/null | sed 's/[".]//g'`
+            #DB_MALWARE_LV=`dig +short -t txt lynis-mw.rootkit.nl 2> /dev/null | sed 's/[".]//g'`
+            #DB_FILEPERMS_LV=`dig +short -t txt lynis-fp.rootkit.nl 2> /dev/null | sed 's/[".]//g'`
+          else
+            FIND=`which host 2> /dev/null`
+            if [ ! "${FIND}" = "" ]; then
+                PROGRAM_LV=`host -t txt lynis-lv.rootkit.nl | awk '{ if ($1=="lynis-lv.rootkit.nl" && $3=="text") { print $4 }}' | sed 's/"//g'`
+                if [ "${PROGRAM_LV}" = "" ]; then PROGRAM_LV=0; fi
+              else
+                logtext "Result: dig and host not installed, update check skipped"
+                UPDATE_CHECK_SKIPPED=1
+            fi
+         fi
+      }
+
+    # Count the number of performed tests
+    counttests()
+      {
+        CTESTS_PERFORMED=`expr ${CTESTS_PERFORMED} + 1`
+      }
+
+    # Determine if a directory exists
+    DirectoryExists()
+      {
+        DIRECTORY_FOUND=0
+        logtext "Test: checking if directory $1 exists"
+        if [ -d $1 ]; then
+            logtext "Result: directory exists"
+            DIRECTORY_FOUND=1
+          else
+            logtext "Result: directory NOT found"
+        fi
+      }
+
+    # More information on the screen
+    Debug()
+      {
+        if [ ${DEBUG} -eq 1 ]; then echo "DEBUG: $1"; fi
+      }
+
+    # Display text
+    Display()
+      {
+        INDENT=0; TEXT=""; RESULT=""; COLOR=""
+        while [ $# -ge 1 ]; do
+            case $1 in
+                --color)
+                    shift
+                        case $1 in
+                          GREEN)   COLOR=$GREEN   ;;
+                          RED)     COLOR=$RED     ;;
+                          WHITE)   COLOR=$WHITE   ;;
+                          YELLOW)  COLOR=$YELLOW  ;;
+                        esac
+                ;;
+                --indent)
+                    shift
+                    INDENT=$1
+                ;;
+                --no-break | --nobreak | -nb)
+                    ECHOCMD="echo -en"
+                ;;
+                --result)
+                    shift
+                    RESULT=$1
+                ;;
+                --text)
+                    shift
+                    TEXT=$1
+                ;;
+                *)
+                    echo "INVALID OPTION (Display): $1"
+                    exit 1
+                ;;
+            esac
+            # Go to next parameter
+            shift
+        done
+
+        if [ "${RESULT}" = "" ]; then
+            RESULTPART=""
+          else
+            if [ ${CRONJOB} -eq 0 ]; then
+                RESULTPART=" [ ${COLOR}${RESULT}${NORMAL} ]"
+              else
+                RESULTPART=" [ ${RESULT} ]"
+            fi
+        fi
+
+        if [ ! "${TEXT}" = "" ]; then
+            # Show warnings always, and other messages if no quiet is being used
+            if [ ${QUIET} -eq 0 -o "${RESULT}" = "WARNING" ]; then
+                # Display
+                LINESIZE=`echo "${TEXT}" | wc -c | tr -d ' '`
+                SPACES=`expr 62 - ${INDENT} - ${LINESIZE}`
+                if [ ${CRONJOB} -eq 0 ]; then
+                    ${ECHOCMD} "\033[${INDENT}C${TEXT}\033[${SPACES}C${RESULTPART}"
+                  else
+                    echo "${TEXT}${RESULTPART}"
+                fi
+            fi
+        fi
+      }
+
+    # Clean exit (removing temp files, PID files)
+    ExitClean()
+      {
+        RemovePIDFile
+        exit 0
+      }
+
+    # Clean exit (removing temp files, PID files), with error code 1
+    ExitFatal()
+      {
+        RemovePIDFile
+        exit 1
+      }
+
+    # Determine if a file exists
+    FileExists()
+      {
+        FILE_FOUND=0
+        logtext "Test: checking if file $1 exists"
+        if [ -f $1 ]; then
+            logtext "Result: file exists"
+            FILE_FOUND=1
+          else
+            logtext "Result: file NOT found"
+        fi
+      }
+
+    # Get Host ID
+    GetHostID()
+      {
+        HOSTID="-"
+        if [ ! "${SHA1SUMBINARY}" = "" ]; then
+
+            case "${OS}" in
+
+                "AIX")
+                     FIND=`entstat en0 2>/dev/null | grep "Hardware Address" | awk -F ": " '{ print $2 }'`
+                     if [ ! "${FIND}" = "" ]; then
+                         HOSTID=`echo ${FIND} | ${SHA1SUMBINARY} | awk '{ print $1 }'`
+                       else
+                         ReportException "GetHostID" "No MAC address returned on AIX"
+                     fi
+                ;;
+
+                "DragonFly" | "FreeBSD")
+                     FIND=`${IFCONFIGBINARY} | grep ether | head -1 | awk '{ print $2 }' | tr '[:upper:]' '[:lower:]'`
+                     if [ ! "${FIND}" = "" ]; then
+                         HOSTID=`echo ${FIND} | sha1`
+                       else
+                         ReportException "GetHostID" "No MAC address returned on DragonFly or FreeBSD"
+                     fi
+                ;;
+
+                "Linux")
+                        if [ ! "${IPBINARY}" = "" ]; then
+                            # Define preferred interfaces
+                            #PREFERRED_INTERFACES="eth0 eth1 eth2 enp0s25"
+                            # Determine if we have ETH0 at all (not all Linux distro have this, e.g. Arch)
+                            HASETH0=`${IFCONFIGBINARY} | grep "^eth0"`
+                            # Check if we can find it with HWaddr on the line
+                            FIND=`${IFCONFIGBINARY} 2> /dev/null | grep "^eth0" | grep -v "eth0:" | grep HWaddr | awk '{ print $5 }' | tr '[:upper:]' '[:lower:]'`
+
+                            # If nothing found, then try first for alternative interface. Else other versions of ifconfig (e.g. Slackware/Arch)
+                            if [ "${FIND}" = "" ]; then
+                                FIND=`${IFCONFIGBINARY} 2> /dev/null | grep HWaddr`
+                                if [ "${FIND}" = "" ]; then
+                                    # If possible directly address eth0 to avoid risking gathering the incorrect MAC address.
+                                    # If not, then falling back to getting first interface. Better than nothing.
+                                    if [ ! "${HASETH0}" = "" ]; then
+                                        FIND=`${IFCONFIGBINARY} eth0 2> /dev/null | grep "ether " | awk '{ print $2 }' | tr '[:upper:]' '[:lower:]'`
+                                      else
+                                        FIND=`${IFCONFIGBINARY} 2> /dev/null | grep "ether " | awk '{ print $2 }' | head -1 | tr '[:upper:]' '[:lower:]'`
+                                        if [ "${FIND}" = "" ]; then
+                                            report "exception[]=No eth0 found (and no ether was found)"
+                                          else
+                                            logtext "Result: No eth0 found (ether found), using first network interface to determine hostid"
+                                        fi
+                                    fi
+                                  else
+                                    FIND=`${IFCONFIGBINARY} 2> /dev/null | grep HWaddr | head -1 | awk '{ print $5 }' | tr '[:upper:]' '[:lower:]'`
+                                    report "exception[]=No eth0 found (but HWaddr was found), using first network interface to determine hostid"
+                                fi
+                            fi
+
+                            if [ ! "${HASETH0}" = "" ]; then
+                                # Now determine the MAC with the ip command
+                                FIND2=`${IPBINARY} addr show eth0 2> /dev/null | egrep "link/ether " | awk '{ print $2 }' | tr '[:upper:]' '[:lower:]'`
+                              else
+                                # Forcing them to be the same. Unreliable to test with ip while knowing eth0 does not exist.
+                                # Additionally usually lo0 will show up first, making test not worth doing.
+                                FIND2="${FIND}"
+                            fi
+                            # Check if both commands give the same data
+                            if [ "${FIND}" = "${FIND2}" ]; then
+                                HOSTID=`echo ${FIND} | ${SHA1SUMBINARY} | awk '{ print $1 }'`
+                                logtext "Result: Found HostID: ${HOSTID}"
+                              else
+                                report "exception[]=Can't create HOSTID, receiving different output from commands"
+                                logtext "Debug: output FIND (ifconfig): ${FIND}"
+                                logtext "Debug: output FIND2 (ip): ${FIND2}"
+                            fi
+                          else
+                            report "exception[]=Can't create HOSTID, command ip not found"
+                        fi
+                ;;
+
+                "MacOS")
+                     FIND=`${IFCONFIGBINARY} en0 | grep ether | head -1 | awk '{ print $2 }' | tr '[:upper:]' '[:lower:]'`
+                     if [ ! "${FIND}" = "" ]; then
+                         HOSTID=`echo ${FIND} | shasum | awk '{ print $1 }'`
+                       else
+                         ReportException "GetHostID" "No MAC address returned on Mac OS"
+                     fi
+                ;;
+
+                "NetBSD")
+                     FIND=`${IFCONFIGBINARY} -a | grep "address:" | head -1 | awk '{ print $2 }' | tr '[:upper:]' '[:lower:]'`
+                     if [ ! "${FIND}" = "" ]; then
+                         HOSTID=`echo ${FIND} | sha1`
+                       else
+                         ReportException "GetHostID" "No MAC address returned on NetBSD"
+                     fi
+                ;;
+
+                "OpenBSD")
+                     FIND=`${IFCONFIGBINARY} | grep "lladdr " | head -1 | awk '{ print $2 }' | tr '[:upper:]' '[:lower:]'`
+                     if [ ! "${FIND}" = "" ]; then
+                         HOSTID=`echo ${FIND} | sha1`
+                       else
+                         ReportException "GetHostID" "No MAC address returned on OpenBSD"
+                     fi
+                ;;
+
+                "Solaris")
+                    INTERFACES_TO_TEST="e1000g1 net0"
+                    FOUND=0
+                    for I in ${INTERFACES_TO_TEST}; do
+                         FIND=`${IFCONFIGBINARY} -a | grep "^${I}"`
+                         if [ ! "${FIND}" = "" ]; then
+                             FOUND=1; logtext "Found interface ${I} on Solaris"
+                         fi
+                    done
+                    if [ ${FOUND} -eq 1 ]; then
+                        FIND=`${IFCONFIGBINARY} ${I} | grep ether | awk '{ if ($1=="ether") { print $2 }}'`
+                        HOSTID=`echo ${FIND} | ${SHA1SUMBINARY} | awk '{ print $1 }'`
+                      else
+                        ReportException "GetHostID" "No interface found op Solaris to create HostID"
+                    fi
+                ;;
+
+
+                *)
+                        ReportException "GetHostID" "Can't create HOSTID as OS is not supported by this function"
+                ;;
+            esac
+          else
+              report "exception[]=No SHA1/SHA1SUM binary found to create HOSTID"
+        fi
+
+      }
+
+    # Insert section block
+    InsertSection()
+      {
+        if [ ${QUIET} -eq 0 ]; then
+            echo ""
+            echo "[+] ${SECTION}$1${NORMAL}"
+            echo "------------------------------------"
+        fi
+        logtextbreak
+        logtext "Action: Performing tests from category: $1"
+      }
+
+    # Insert section block for plugins
+    InsertPluginSection()
+      {
+        if [ ${QUIET} -eq 0 ]; then
+            echo ""
+            echo "[+] ${MAGENTA}$1${NORMAL}"
+            echo "------------------------------------"
+        fi
+        logtext "Action: Performing plugin tests"
+      }
+
+    # Is a process running?
+    # Returns: RUNNING
+    IsRunning()
+      {
+        RUNNING=0
+        FIND=`${PSBINARY} ax | egrep "( |/)$1" | grep -v "grep"`
+        if [ ! "${FIND}" = "" ]; then
+            RUNNING=1
+            logtext "IsRunning: process '$1' found (${FIND})"
+          else
+            logtext "IsRunning: process '$1' not found"
+        fi
+      }
+
+
+    # Function IsWorldExecutable
+    IsWorldExecutable()
+      {
+        sFILE=$1
+        FileIsWorldExecutable=""
+        SYMLINK=0
+
+        # Check for symlink
+        if [ -L ${sFILE} ]; then
+            if [ ! "${READLINKBINARY}" = "" ]; then
+                tFILE=`${READLINKBINARY} ${sFILE}`
+                # Check if we can find the file now
+                if [ -f ${tFILE} ]; then
+                    sFILE="${tFILE}"
+                    logtext "Result: symlink found, pointing to ${sFILE}"
+                    SYMLINK=1
+                  else
+                    # Check the full path of the symlink, strip the filename, copy the path and linked filename together
+                    tDIR=`echo ${sFILE} | awk '{match($1, "^.*/"); print substr($1, 1, RLENGTH-1)}'`
+                    tFILE="${tDIR}/${tFILE}"
+                    if [ -f ${tFILE} ]; then
+                      sFILE="${tFILE}"
+                      logtext "Result: symlink found, seems to be ${sFILE}"
+                      SYMLINK=1
+                    fi
+                fi
+            fi
+        fi
+        # Only check the file if it isn't a symlink (after previous check)
+        if [ -f ${sFILE} -a ! -L ${sFILE} ]; then
+            FINDVAL=`ls -l ${sFILE} | cut -c 10`
+            if [ "${FINDVAL}" = "x" ]; then FileIsWorldExecutable="TRUE"; else FileIsWorldExecutable="FALSE"; fi
+          else
+            FileIsWorldExecutable="NOSUCHFILE"
+        fi
+      }
+
+    # Function IsWorldWritable
+    IsWorldWritable()
+      {
+        sFILE=$1
+        FileIsWorldWritable=""
+
+        # Check for symlink
+        if [ -L ${sFILE} ]; then
+            if [ ! "${READLINKBINARY}" = "" ]; then
+                tFILE=`${READLINKBINARY} ${sFILE}`
+                # Check if we can find the file now
+                if [ -f ${tFILE} ]; then
+                    sFILE="${tFILE}"
+                    logtext "Result: symlink found, pointing to ${sFILE}"
+                    SYMLINK=1
+                  else
+                    # Check the full path of the symlink, strip the filename, copy the path and linked filename together
+                    tDIR=`echo ${sFILE} | awk '{match($1, "^.*/"); print substr($1, 1, RLENGTH-1)}'`
+                    tFILE="${tDIR}/${tFILE}"
+                    if [ -f ${tFILE} ]; then
+                      sFILE="${tFILE}"
+                      logtext "Result: symlink found, seems to be ${sFILE}"
+                      SYMLINK=1
+                    fi
+                fi
+            fi
+        fi
+
+        # Only check the file if it isn't a symlink (after previous check)	
+        if [ -f ${sFILE} -a ! -L ${sFILE} ]; then
+            FINDVAL=`ls -l ${sFILE} | cut -c 9`
+            if [ "${FINDVAL}" = "w" ]; then FileIsWorldWritable="TRUE"; else FileIsWorldWritable="FALSE"; fi
+          else
+            FileIsWorldWritable="NOSUCHFILE"
+        fi
+      }
+
+    # Function logtext (redirect data ($1) to log file)
+    logtext()
+      {
+        if [ ! "${LOGFILE}" = "" ]; then
+            CDATE=`date "+[%H:%M:%S]"`
+            echo "${CDATE} $1" >> ${LOGFILE}
+        fi
+      }
+
+
+    ################################################################################
+    # Name        : logtextbreak()
+    # Description : Add a separator to log file between sections, tests etc
+    # Returns     : <nothing>
+    logtextbreak()
+      {
+        if [ ! "${LOGFILE}" = "" ]; then
+            CDATE=`date "+[%H:%M:%S]"`
+            echo "${CDATE} ===---------------------------------------------------------------===" >> ${LOGFILE}
+        fi
+      }
+
+
+    ################################################################################
+    # Name        : Maid()
+    # Description : Cleanup service
+    # Returns     : <nothing>
+    Maid()
+      {
+        echo ""; echo "Interrupt detected."
+        # Remove PID
+        RemovePIDFile
+
+        # Clean up temp files
+        if [ ! "${TMPFILE}" = "" ]; then if [ -f ${TMPFILE} ]; then rm -f ${TMPFILE}; fi; fi
+        if [ ! "${TMPFILE2}" = "" ]; then if [ -f ${TMPFILE2} ]; then rm -f ${TMPFILE2}; fi; fi
+
+        Display --text "Cleaning up..." --result DONE --color GREEN
+
+        # Exit with exit code 1
+        exit 1
+      }
+
+    # Parse nginx configuration lines
+    ParseNginx()
+      {
+        FIND=`cat ${REPORTFILE} | grep "^nginx_config_option=" | awk -F= '{ if ($1=="nginx_config_option") { print $2 }}' | sed 's/ /:space:/g'`
+        for I in ${FIND}; do
+            I=`echo ${I} | sed 's/:space:/ /g' | sed 's/;$//'`
+            OPTION=`echo ${I} | awk '{ print $1 }'`
+            VALUE=`echo ${I}| cut -d' ' -f2-`
+            logtext "Result: found option ${OPTION} with parameters ${VALUE}"
+            case ${OPTION} in
+                access_log)
+                    if [ "${VALUE}" = "off" ]; then
+                        logtext "Result: found logging disabled for one virtual host"
+                        NGINX_ACCESS_LOG_DISABLED=1
+                      else
+                        if [ ! -f ${VALUE} ]; then
+                            logtext "Result: could not find referenced log file ${VALUE} in nginx configuration"
+                            NGINX_ACCESS_LOG_MISSING=1
+                        fi
+                    fi
+                ;;
+                # Headers
+                add_header)
+                ;;
+                alias)
+                    NGINX_ALIAS_FOUND=1
+                ;;
+                allow)
+                    NGINX_ALLOW_FOUND=1
+                ;;
+                autoindex)
+                ;;
+                deny)
+                    NGINX_DENY_FOUND=1
+                ;;
+                expires)
+                    NGINX_EXPIRES_FOUND=1
+                ;;
+                error_log)
+                    # YYY Check if debug is appended
+                    FIND=`echo ${VALUE} | awk '{ if ($2=="debug") { print 1 } else { print 0 }}'`
+                    if [ ${FIND} -eq 1 ]; then
+                        NGINX_ERROR_LOG_DEBUG=1
+                    fi
+                    # YYY Check if file exists
+                    FILE=`echo ${VALUE} | awk '{ print $1 }'`
+                    if [ ! "${FILE}" = "" ]; then
+                        if [ ! -f ${FILE} ]; then
+                          NGINX_ERROR_LOG_MISSING=1
+                        fi
+                      else
+                        logtext "Warning: did not find a filename after error_log in nginx configuration"
+                    fi
+                ;;
+                error_page)
+                ;;
+                fastcgi_intercept_errors)
+                ;;
+                fastcgi_param)
+                    NGINX_FASTCGI_FOUND=1
+                    NGINX_FASTCGI_PARAMS_FOUND=1
+                ;;
+                fastcgi_pass)
+                    NGINX_FASTCGI_FOUND=1
+                    NGINX_FASTCGI_PASS_FOUND=1
+                ;;
+                fastcgi_pass_header)
+                ;;
+                index)
+                ;;
+                keepalive_timeout)
+                ;;
+                listen)
+                    NGINX_LISTEN_FOUND=1
+                    # Test for ssl on listen statement
+                    FIND_SSL=`echo ${VALUE} | grep ssl`
+                    if [ ! "${FIND_SSL}" = "" ]; then NGINX_SSL_ON=1; fi
+                ;;
+                location)
+                    NGINX_LOCATION_FOUND=1
+                ;;
+                return)
+                    NGINX_RETURN_FOUND=1
+                ;;
+                root)
+                    NGINX_ROOT_FOUND=1
+                ;;
+                server_name)
+                ;;
+                ssl)
+                    if [ "${VALUE}" = "on" ]; then NGINX_SSL_ON=1; fi
+                ;;
+                ssl_certificate)
+                    logtext "Found SSL certificate in nginx configuration"
+                ;;
+                ssl_certificate_key)
+                ;;
+                ssl_ciphers)
+                    NGINX_SSL_CIPHERS=1
+                ;;
+                ssl_prefer_server_ciphers)
+                    if [ "${VALUE}" = "on" ]; then NGINX_SSL_PREFER_SERVER_CIPHERS=1; fi
+                ;;
+                ssl_protocols)
+                ;;
+                ssl_session_cache)
+                ;;
+                ssl_session_timeout)
+                ;;
+                types)
+                ;;
+                *)
+                    logtext "Found unknown option ${OPTION} in nginx configuration"
+                ;;
+            esac
+        done
+      }
+
+
+    # Function to determine what the real file location is
+    RealFilename()
+      {
+        sFILE=$1
+        FileIsWorldExecutable=""
+        SYMLINK=0
+
+        # Check for symlink
+        if [ -L ${sFILE} ]; then
+            if [ ! "${READLINKBINARY}" = "" ]; then
+                tFILE=`${READLINKBINARY} ${sFILE}`
+                # Check if we can find the file now
+                if [ -f ${tFILE} ]; then
+                    rFILE="${tFILE}"
+                    logtext "Result: symlink found, pointing to ${sFILE}"
+                    SYMLINK=1
+                  else
+                    # Check the full path of the symlink, strip the filename, copy the path and linked filename together
+                    tDIR=`echo ${sFILE} | awk '{match($1, "^.*/"); print substr($1, 1, RLENGTH-1)}'`
+                    tFILE="${tDIR}/${tFILE}"
+                    if [ -f ${tFILE} ]; then
+                      rFILE="${tFILE}"
+                      logtext "Result: symlink found, seems to be ${sFILE}"
+                    fi
+                fi
+            fi
+          else
+            # No symlinke
+            rFILE="${sFILE}"
+        fi
+      }
+
+
+    ################################################################################
+    # Name        : Register()
+    # Description : Register a test and see if it has to be run
+    # Returns     : SKIPTEST (0 or 1)
+    Register()
+      {
+        # Do not insert a log break, if previous test was not logged
+        if [ ${SKIPLOGTEST} -eq 0 ]; then logtextbreak; fi
+        SKIPTEST=0; SKIPLOGTEST=0; TEST_NEED_OS=""; PREQS_MET=""
+        TEST_NEED_NETWORK=""; TEST_NEED_PLATFORM=""
+        TOTAL_TESTS=`expr ${TOTAL_TESTS} + 1`
+        while [ $# -ge 1 ]; do
+            case $1 in
+                --description)
+                    shift
+                    TEST_DESCRIPTION=$1
+                ;;
+                --platform)
+                    shift
+                    TEST_NEED_PLATFORM=$1
+                ;;
+                --network)
+                    shift
+                    TEST_NEED_NETWORK=$1
+                ;;
+                --os)
+                    shift
+                    TEST_NEED_OS=$1
+                ;;
+                --preqs-met)
+                    shift
+                    PREQS_MET=$1
+                ;;
+                --test-no)
+                    shift
+                    TEST_NO=$1
+                ;;
+                --weight)
+                    shift
+                    TEST_WEIGHT=$1
+                ;;
+
+                *)
+                    echo "INVALID OPTION (Register): $1"
+                    exit 1
+                ;;
+            esac
+            # Go to next parameter
+            shift
+        done
+
+        # Skip test if it's configured in profile
+        if [ ${SKIPTEST} -eq 0 ]; then
+            FIND=`echo "${TEST_SKIP_ALWAYS}" | grep "${TEST_NO}"`
+            if [ ! "${FIND}" = "" ]; then SKIPTEST=1; SKIPREASON="Skipped by configuration"; fi
+        fi
+
+        # Skip if test is not in the list 
+        if [ ${SKIPTEST} -eq 0 -a ! "${TESTS_TO_PERFORM}" = "" ]; then
+          FIND=`echo "${TESTS_TO_PERFORM}" | grep "${TEST_NO}"`
+          if [ "${FIND}" = "" ]; then SKIPTEST=1; SKIPREASON="Test not in list of tests to perform"; fi
+        fi
+
+        # Do not run scans which have a higher intensity than what we prefer
+        if [ ${SKIPTEST} -eq 0 -a "${TEST_WEIGHT}" = "H" -a "${SCAN_TEST_HEAVY}" = "NO" ]; then SKIPTEST=1; SKIPREASON="Test to system intensive for scan mode (H)"; fi
+        if [ ${SKIPTEST} -eq 0 -a "${TEST_WEIGHT}" = "M" -a "${SCAN_TEST_MEDIUM}" = "NO" ]; then SKIPTEST=1; SKIPREASON="Test to system intensive for scan mode (M)"; fi	
+
+        # Skip test if OS is different than requested	
+        if [ ${SKIPTEST} -eq 0 -a ! -z "${TEST_NEED_OS}" -a ! "${OS}" = "${TEST_NEED_OS}" ]; then
+            SKIPTEST=1; SKIPREASON="Incorrect guest OS (${TEST_NEED_OS} only)"
+            if [ ${LOG_INCORRECT_OS} -eq 0 ]; then
+              SKIPLOGTEST=1
+            fi
+        fi
+
+        # Check for correct hardware platform
+        if [ ${SKIPTEST} -eq 0 -a ! -z "${TEST_NEED_PLATFORM}" -a ! "${HARDWARE}" = "${TEST_NEED_PLATFORM}" ]; then SKIPTEST=1; SKIPREASON="Incorrect hardware platform"; fi
+
+        # Not all prerequisites met, like missing tool
+        if [ ${SKIPTEST} -eq 0 -a "${PREQS_MET}" = "NO" ]; then SKIPTEST=1; SKIPREASON="Prerequisities not met (ie missing tool, other type of Linux distribution)"; fi
+
+        # Skip test?
+        if [ ${SKIPTEST} -eq 0 ]; then
+            # First wait X seconds (depending pause_between_tests)
+            if [ ${TEST_PAUSE_TIME} -gt 0 ]; then sleep ${TEST_PAUSE_TIME}; fi
+
+            # Increase counter for every registered test which is performed
+            counttests
+            if [ ${SKIPLOGTEST} -eq 0 ]; then logtext "Performing test ID ${TEST_NO} ($TEST_DESCRIPTION)"; fi
+            TESTS_EXECUTED="${TEST_NO}|${TESTS_EXECUTED}"
+          else
+            if [ ${SKIPLOGTEST} -eq 0 ]; then logtext "Skipped test ${TEST_NO} ($TEST_DESCRIPTION)"; fi
+            if [ ${SKIPLOGTEST} -eq 0 ]; then logtext "Reason to skip: ${SKIPREASON}"; fi
+            TESTS_SKIPPED="${TEST_NO}|${TESTS_SKIPPED}"
+        fi
+
+      }
+
+    # Remove PID file
+    RemovePIDFile()
+      {
+        # Test if PIDFILE is defined, before checking file presence
+        if [ ! "${PIDFILE}" = "" ]; then
+          if [ -f ${PIDFILE} ]; then
+              rm -f $PIDFILE;
+              logtext "PID file removed (${PIDFILE})"
+            else
+              logtext "PID file not found (${PIDFILE})"
+          fi
+        fi
+      }
+
+    # Dump to report file
+    report()
+      {
+        echo "$1" >> ${REPORTFILE}
+      }
+
+
+    # Log exceptions
+    ReportException()
+      {
+        # 1 parameters
+        # <ID>:<2 char numeric>|text|
+        report "exception_event[]=$1|$2|"
+        logtext "Exception: test has an exceptional event ($1) with text $2"
+      }
+
+
+    # Log manual actions to report file
+    ReportManual()
+      {
+        # 1 parameters
+        # <ID>:<2 char numeric>
+        report "manual_event[]=$1"
+        logtext "Manual: one or more manual actions are required for further testing of this control/plugin"
+      }
+
+    # Report data (TESTID STATUS IMPACT MESSAGE)
+    ReportResult()
+      {
+        if [ $1 = "" ]; then TESTID="UNKNOWN"; fi
+        # Status: OK, WARNING, NEUTRAL, SUGGESTION
+        # Impact: HIGH, SEVERE, LOW, 
+        #report "result[]=TESTID-${TESTID},STATUS-$2,IMPACT-$3,MESSAGE-$4-"
+        # Reset ID before next test
+        TESTID=""
+      }
+
+    # Log suggestions to report file
+    ReportSuggestion()
+      {
+        # 2 parameters
+        # <ID> <suggestion text>
+        report "suggestion[]=$1|$2|"
+        logtext "Suggestion: $2 [$1]"
+      }
+
+    # Log warning to report file
+    ReportWarning()
+      {
+        # 3 parameters
+        # <ID> <priority/impact> <warning text>
+        if [ "$2" = "L" -o "$2" = "M" -o "$2" = "H" ]; then
+            # old style warning
+            report "warning[]=$1|$3|"
+            logtext "Warning: $3 [$1]"
+          else
+            # new style warning
+            report "warning[]=$1|$2|"
+            logtext "Warning: $2 [test:$1]"
+        fi
+      }
+
+    SafePerms()
+      {
+        PERMS_OK=0
+        logtext "Checking permissions of $1"
+        if [ $# -eq 1 ]; then
+            # Check file permissions
+              if [ ! -f "$1" ]; then
+                  logtext "Fatal error: file $1 does not exist. Quitting."
+                  echo "Fatal error: file $1 does not exist"
+                  ExitFatal
+                else
+                  PERMS=`ls -l $1`
+                  # Owner permissions
+                  OWNER=`echo ${PERMS} | awk -F" " '{ print $3 }'`
+                  if [ ! "${OWNER}" = "root" ]; then
+                      echo "Fatal error: file $1 should be owned by user 'root' (found: ${OWNER})"
+                      ExitFatal
+                  fi
+                  # Group permissions
+                  GROUP=`echo ${PERMS} | awk -F" " '{ print $4 }'`
+                  if [ ! "${GROUP}" = "root" -a ! "${GROUP}" = "wheel" ]; then
+                      echo "Fatal error: group owner of directory $1 should be owned by root user, or related group"
+                      ExitFatal
+                  fi
+                  # Other permissions
+                  OTHER_PERMS=`echo ${PERMS} | cut -c8-10`
+                  if [ ! "${OTHER_PERMS}" = "---" ]; then
+                      echo "Fatal error: permissions of file $1 are not strict enough. Access to 'other' should be denied."
+                      ExitFatal
+                  fi
+                  # Set PERMS_OK to 1 if no fatal errors occurred
+                  PERMS_OK=1
+                  logtext "File permissions are OK"
+              fi
+          else
+            logtext "Fatal error: invalid amount of parameters when calling function SafePerms()"
+            echo "Invalid amount of parameters for function SafePerms()"
+            ExitFatal
+        fi
+      }
+
+    ################################################################################
+    # Name        : SearchItem()
+    # Description : Search if a specific string exists in in a file
+    # Parameters  : $1 = search string
+    #             : $2 = file
+    # Returns     : <nothing>
+    ################################################################################
+
+    SearchItem()
+      {
+         ITEM_FOUND=0
+         if [ $# -eq 2 ]; then
+            # Don't search in /dev/null, it's too empty there
+            if [ -f $2 ]; then
+                # Check if we can find the main type (with or without brackets)
+                logtext "Test: search string $1 in file $2"
+                FIND=`egrep "$1" $2`
+                if [ ! "${FIND}" = "" ]; then
+                    ITEM_FOUND=1
+                    logtext "Result: found string"
+                    logtext "Full string: ${FILE}"
+                 else
+                    logtext "Result: search string NOT found"
+                fi
+              else
+                logtext "Skipping search, file does not exist"
+                ReportException ${TEST_NO} "Test is trying to search for a string in nonexistent file"
+            fi
+          else
+            ReportException ${TEST_NO} "Error in function call to CheckItem"
+         fi
+      }
+
+
+    # Show result code
+    ShowResult()
+      {
+        case $1 in
+        OK)
+            echo "[ ${OK}OK${NORMAL} ]"
+        ;;
+        WARNING)
+            echo "[ ${WARNING}WARNING${NORMAL} ]"
+            # log the warning to our log file
+            #logtext "Warning: $2"
+            # add the warning to our report file
+            #report "warning=$2"
+        ;;
+        esac
+      }
+
+    ViewCategories()
+      {
+        if [ ! "${INCLUDEDIR}" = "" ]; then
+            InsertSection "Available test categories"
+            for I in `ls ${INCLUDEDIR}/tests_* | xargs -n 1 basename | sed 's/tests_//' | grep -v "custom.template"`; do
+              echo "  - ${I}"
+            done
+        fi
+        echo ""
+        exit 0
+      }
+    # Wait for [ENTER] or manually break
+    wait_for_keypress()
+      {
+        if [ ! ${QUICKMODE} -eq 1 ]; then
+          echo ""; echo "[ ${WHITE}Press [ENTER] to continue, or [CTRL]+C to stop${NORMAL} ]"
+          read void
+        fi
+      }
+
+
+#================================================================================
+# Lynis - Copyright 2007-2014, Michael Boelen - www.rootkit.nl - The Netherlands
diff --git a/include/osdetection b/include/osdetection
new file mode 100644
index 00000000..c0e44ca5
--- /dev/null
+++ b/include/osdetection
@@ -0,0 +1,376 @@
+#!/bin/sh
+
+#################################################################################
+#
+#   Lynis
+# ------------------
+#
+# Copyright 2007-2014, Michael Boelen (michael@rootkit.nl), The Netherlands
+# Web site: http://www.rootkit.nl
+#
+# This software is licensed under GPL, version 3. See LICENSE file for
+# usage of this software.
+#
+#################################################################################
+#
+# Operating System detection
+#
+#################################################################################
+#
+
+    # Check operating system
+    case `uname` in
+
+        # IBM AIX
+        AIX)
+          OS="AIX"
+          OS_NAME="AIX"
+          OS_VERSION=`oslevel`
+          OS_FULLNAME="AIX ${OS_VERSION}"
+          CPU=`uname -p`
+          HARDWARE=`uname -M`
+          FIND_BINARIES="whereis -b"
+          SYSCTL_READKEY=""
+        ;;
+
+        # Mac OS X
+        Darwin)
+          OS="MacOS"
+          if [ -x /usr/bin/sw_vers ]; then
+              OS_NAME=`/usr/bin/sw_vers -productName`
+              OS_VERSION=`/usr/bin/sw_vers -productVersion`
+              OS_FULLNAME="${OS_NAME} ${OS_VERSION}"
+            else
+              # Fall back to pretty safe name
+              OS_NAME="Mac OS X"
+              OS_FULLNAME=`uname -s -r`
+              OS_VERSION=`uname -r`
+          fi
+          HARDWARE=`uname -m`
+          HOMEDIRS="/Users"
+          FIND_BINARIES="whereis"
+          OS_KERNELVERSION=`uname -r`
+          SYSCTL_READKEY=""
+        ;;
+
+        # DragonFly BSD
+        DragonFly)
+          OS="DragonFly"
+          OS_NAME="DragonFly BSD"
+          OS_FULLNAME=`uname -s -r`
+          OS_VERSION=`uname -r`
+          HARDWARE=`uname -m`
+          HOMEDIRS="/home /root"
+          FIND_BINARIES="whereis -q -a -b"
+          OS_KERNELVERSION=`uname -i`
+          SYSCTL_READKEY="sysctl -n"
+        ;;
+
+        # FreeBSD
+        FreeBSD)
+          OS="FreeBSD"
+          OS_NAME="FreeBSD"
+          OS_FULLNAME=`uname -s -r`
+          OS_VERSION=`uname -r`
+          HARDWARE=`uname -m`
+          HOMEDIRS="/home /root"
+          FIND_BINARIES="whereis -q -a -b"
+          OS_KERNELVERSION=`uname -i`
+          SYSCTL_READKEY="sysctl -n"
+
+          # TrueOS
+          if [ -f /etc/defaults/trueos ]; then
+              OS_NAME="TrueOS"
+              logtext "Result: found TrueOS file, system is completely based on FreeBSD though. Only adjusting OS name."
+          fi
+        ;;
+
+        # HP-UX
+        HP-UX)
+          OS="HP-UX"
+          OS_NAME="HP-UX"
+          OS_FULLNAME=`uname -s -r`
+          OS_VERSION=`uname -r`
+          HARDWARE=`uname -m`
+          FIND_BINARIES="whereis -b"
+          SYSCTL_READKEY=""
+        ;;
+
+        # Linux
+        Linux)
+          OS="Linux"
+          OS_NAME="Linux"
+          OS_FULLNAME=""
+          OS_VERSION=`uname -r`
+          LINUX_VERSION=""
+          HARDWARE=`uname -m`
+          HOMEDIRS="/home"
+          FIND_BINARIES="whereis -b"
+          OS_KERNELVERSION=`uname -r`
+
+          # Amazon
+          if [ -e "/etc/system-release" ]; then
+              FIND=`grep "Amazon" /etc/system-release`
+              if [ ! "${FIND}" = "" ]; then
+                  OS_REDHAT_OR_CLONE=1
+                  OS_FULLNAME=`cat /etc/system-release | grep "^Amazon"`
+                  OS_VERSION=`grep "^Amazon" /etc/system-release | awk '{ if ($4=="release") { print $5 } }'`
+                  LINUX_VERSION="Amazon"
+              fi
+          fi
+
+          # Arch Linux
+          if [ -e "/etc/arch-release" ]; then
+            OS_FULLNAME="Arch Linux"
+            OS_VERSION="Unknown"
+            LINUX_VERSION="Arch Linux"
+          fi
+
+          # Chakra Linux
+          if [ -e "/etc/chakra-release" ]; then
+            OS_FULLNAME=`cat /etc/chakra-release | grep "^Chakra"`
+            OS_VERSION=`cat /etc/chakra-release | grep "^Chakra" | awk '{ if ($3=="release") { print $4 }}'`
+            LINUX_VERSION="Chakra Linux"
+          fi
+
+          # Cobalt
+          if [ -e "/etc/cobalt-release" ]; then OS_FULLNAME=`cat /etc/cobalt-release`; fi
+          # CPUBuilders Linux
+          if [ -e "/etc/cpub-release" ]; then OS_FULLNAME=`cat /etc/cpub-release`; fi
+
+          # Debian/Ubuntu (***) - Set first to Debian
+          if [ -e "/etc/debian_version" ]; then
+              OS_VERSION=`cat /etc/debian_version`
+              OS_FULLNAME="Debian ${OS_VERSION}"
+              LINUX_VERSION="Debian"
+          fi
+          # /etc/lsb-release does not exist on Debian
+          if [ -e "/etc/debian_version" -a -e /etc/lsb-release ]; then
+                OS_VERSION=`cat /etc/debian_version`
+                FIND=`grep "^DISTRIB_ID=" /etc/lsb-release | cut -d '=' -f2 | sed 's/"//g'`
+                if [ "${FIND}" = "Ubuntu" ]; then
+                    OS_VERSION=`grep "^DISTRIB_RELEASE=" /etc/lsb-release | cut -d '=' -f2`
+                    OS_FULLNAME="Ubuntu ${OS_VERSION}"
+                    LINUX_VERSION="Ubuntu"
+                  elif [ "${FIND}" = "elementary OS" ]; then
+                    LINUX_VERSION="elementary OS"
+                    OS_VERSION=`grep "^DISTRIB_RELEASE=" /etc/lsb-release | cut -d '=' -f2`
+                    OS_FULLNAME=`grep "^DISTRIB_DESCRIPTION=" /etc/lsb-release | cut -d '=' -f2 | sed 's/"//g'`
+                  else
+                    # Catch all, in case it's unclear what specific release this is.
+                    OS_FULLNAME="Debian ${OS_VERSION}"
+                    LINUX_VERSION="Debian"
+                fi
+                # Ubuntu test (optional) `cat /proc/version | grep "[Uu]buntu"`
+          fi
+          # E-smith
+          if [ -e "/etc/e-smith-release" ]; then OS_FULLNAME=`cat /etc/e-smith-release`; fi
+          # Gentoo
+          if [ -e "/etc/gentoo-release" ]; then OS_FULLNAME=`cat /etc/gentoo-release | awk '{ print $5 }' | cut -d '.' -f1,2`; fi
+
+
+
+          # Red Hat and others
+          if [ -e "/etc/redhat-release" ]; then
+                OS_REDHAT_OR_CLONE=1
+
+                # CentOS
+                FIND=`grep "CentOS" /etc/redhat-release`
+                if [ ! "${FIND}" = "" ]; then
+                    OS_FULLNAME=`cat /etc/redhat-release | grep "CentOS"`
+                    LINUX_VERSION="CentOS"
+                    OS_VERSION="${OS_FULLNAME}"
+                fi
+
+                # ClearOS
+                FIND=`grep "ClearOS" /etc/redhat-release`
+                if [ ! "${FIND}" = "" ]; then
+                    OS_FULLNAME=`cat /etc/redhat-release | grep "ClearOS"`
+                    LINUX_VERSION="ClearOS"
+                    OS_VERSION="${OS_FULLNAME}"
+                fi
+
+                # Fedora
+                FIND=`grep "Fedora" /etc/redhat-release`
+                if [ ! "${FIND}" = "" ]; then
+                    OS_FULLNAME=`cat /etc/redhat-release | grep "Fedora"`
+                    OS_VERSION="${OS_FULLNAME}"
+                    LINUX_VERSION="Fedora"
+                fi
+
+                # Mageia (has also /etc/megaia-release)
+                FIND=`grep "Mageia" /etc/redhat-release`
+                if [ ! "${FIND}" = "" ]; then
+                    OS_FULLNAME=`cat /etc/redhat-release | grep "^Mageia"`
+                    OS_VERSION=`grep "^Mageia" /etc/redhat-release | awk '{ if ($2=="release") { print $3 } }'`
+                    LINUX_VERSION="Mageia"
+                fi
+
+                # Oracle Enterprise Linux
+                FIND=`grep "Enterprise Linux Enterprise Linux Server" /etc/redhat-release`
+                if [ ! "${FIND}" = "" ]; then
+                    LINUX_VERSION="Oracle Enterprise Linux";
+                    OS_FULLNAME=`cat /etc/redhat-release | grep "Enterprise Linux"`;
+                    OS_VERSION="${OS_FULLNAME}";
+                fi
+
+                # Oracle Enterprise Linux
+                if [ -e /etc/oracle-release ]; then
+                    FIND=`grep "Oracle Linux Server" /etc/oracle-release`
+                    if [ ! "${FIND}" = "" ]; then
+                        LINUX_VERSION="Oracle Enterprise Linux";
+                        OS_FULLNAME=`cat /etc/oracle-release | grep "Oracle Linux"`;
+                        OS_VERSION="${OS_FULLNAME}";
+                    fi
+                fi
+
+                # Oracle VM Server
+                if [ -e /etc/ovs-release ]; then
+                    FIND=`grep "Oracle VM" /etc/ovs-release`
+                    if [ ! "${FIND}" = "" ]; then
+                        LINUX_VERSION="Oracle VM Server";
+                        OS_FULLNAME=`cat /etc/ovs-release | grep "Oracle VM"`;
+                        OS_VERSION="${OS_FULLNAME}";
+                    fi
+                fi
+
+                # Red Hat
+                FIND=`grep "Red Hat" /etc/redhat-release`
+                if [ ! "${FIND}" = "" ]; then
+                    OS_FULLNAME=`cat /etc/redhat-release | grep "Red Hat"`
+                    OS_VERSION="${OS_FULLNAME}"
+                    LINUX_VERSION="Red Hat"
+                fi
+
+                # Scientific
+                FIND=`grep "Scientific" /etc/redhat-release`
+                if [ ! "${FIND}" = "" ]; then
+                    OS_FULLNAME=`cat /etc/redhat-release | grep "^Scientific"`
+                    OS_VERSION=`grep "^Scientific" /etc/redhat-release | awk '{ if ($3=="release") { print $4 } }'`
+                    LINUX_VERSION="Scientific"
+                fi
+
+
+          fi
+
+          # PCLinuxOS
+          if [ -f /etc/pclinuxos-release ]; then
+            FIND=`grep "^PCLinuxOS" /etc/pclinuxos-release`
+              if [ ! "${FIND}" = "" ]; then
+                OS_FULLNAME="PCLinuxOS Linux"
+                LINUX_VERSION="PCLinuxOS"
+                OS_VERSION=`grep "^PCLinuxOS" /etc/pclinuxos-release | awk '{ if ($2=="release") { print $3 } }'`
+              fi
+          fi
+
+          # Sabayon Linux
+          if [ -f /etc/sabayon-edition ]; then
+            FIND=`grep "Sabayon Linux" /etc/sabayon-edition`
+              if [ ! "${FIND}" = "" ]; then
+                OS_FULLNAME="Sabayon Linux"
+                LINUX_VERSION="Sabayon"
+                OS_VERSION=`cat /etc/sabayon-edition | awk '{ print $3 }'`
+              fi
+          fi
+
+          if [ -f /etc/SLOX-release ]; then
+            OS_FULLNAME=`cat /etc/SLOX-release | grep "SuSE Linux"`
+            LINUX_VERSION="SuSE"
+          fi
+
+          # Slackware
+          if [ -f /etc/slackware-version ]; then
+              LINUX_VERSION="Slackware"
+              OS_VERSION=`grep "^Slackware" /etc/slackware-version | awk '{ if ($1=="Slackware") { print $2 } }'`
+              OS_FULLNAME="Slackware Linux ${OS_VERSION}"
+          fi
+
+          # SuSE
+          if [ -e "/etc/SuSE-release" ]; then
+              OS_VERSION=`cat /etc/SuSE-release | head -n 1`;
+              LINUX_VERSION="SuSE";
+          fi
+
+          # Turbo Linux
+          if [ -e "/etc/turbolinux-release" ]; then	OS_FULLNAME=`cat /etc/turbolinux-release`; fi
+          # YellowDog
+          if [ -e "/etc/yellowdog-release" ]; then	OS_FULLNAME=`cat /etc/yellowdog-release`; fi
+
+          # ===================================================================
+          # Set OS name to the discovered Linux version
+          if [ ! "${LINUX_VERSION}" = "" -a "${OS_NAME}" = "Linux" ]; then
+              OS_NAME="${LINUX_VERSION}"
+          fi
+          # If Linux version (full name) is unknown, use uname value
+          if [ "${OS_FULLNAME}" = "" ]; then OS_FULLNAME=`uname -s -r`; fi
+          SYSCTL_READKEY="sysctl -n"
+
+        ;;
+
+        # NetBSD
+        NetBSD)
+          OS="NetBSD"
+          OS_NAME="NetBSD"
+          OS_FULLNAME=`uname -s -r`
+          OS_KERNELVERSION=`uname -v`
+          OS_VERSION=`uname -r`
+          HARDWARE=`uname -m`
+          FIND_BINARIES="whereis"
+          SYSCTL_READKEY=""
+        ;;
+
+        # OpenBSD
+        OpenBSD)
+          OS="OpenBSD"
+          OS_NAME="OpenBSD"
+          OS_FULLNAME=`uname -s -r`
+          OS_KERNELVERSION=`uname -v`
+          OS_VERSION=`uname -r`
+          HARDWARE=`uname -m`
+          FIND_BINARIES="whereis"
+          SYSCTL_READKEY=""
+        ;;
+
+        # Solaris / OpenSolaris
+        SunOS)
+          OS="Solaris"
+          OS_NAME="Sun Solaris"
+          OS_FULLNAME=`uname -s -r`
+          OS_VERSION=`uname -r`
+          HARDWARE=`uname -m`
+          if [ -x /usr/bin/isainfo ]; then
+              # Returns 32, 64
+              OS_MODE=`/usr/bin/isainfo -b`
+          fi
+          SYSCTL_READKEY=""
+        ;;
+
+        # Unknown or unsupported systems
+        *)
+          echo "[ ${WARNING}WARNING${NORMAL} ]"
+          echo "${WARNING}Error${NORMAL}: ${WHITE}Unknown OS found. No support available for this OS or platform...${NORMAL}"
+          echo "Please consult the README/documentation for more information."
+          exit 1
+        ;;
+
+    esac
+
+    # Set correct echo binary and parameters after detecting operating system
+    case ${OS} in
+           "AIX")                           ECHOCMD="echo" ;;
+           "MacOS")                         ECHOCMD="echo" ;;
+           "Solaris")                       ECHOCMD="echo" ;;
+           "Linux")
+              # Check if dash is used (Debian/Ubuntu)
+              DEFAULT_SHELL=`ls -l /bin/sh | awk -F'>' '{print $2}'`
+              case ${DEFAULT_SHELL} in
+                " dash")                    ECHOCMD="/bin/echo -e" ;;
+                *)                          ECHOCMD="echo -e" ;;
+              esac
+            ;;
+           *)                               ECHOCMD="echo -e" ;;
+    esac
+
+
+#================================================================================
+# Lynis - Copyright 2007-2014, Michael Boelen - www.rootkit.nl - The Netherlands
diff --git a/include/parameters b/include/parameters
new file mode 100644
index 00000000..4a0d889f
--- /dev/null
+++ b/include/parameters
@@ -0,0 +1,184 @@
+#!/bin/sh
+
+#################################################################################
+#
+#   Lynis
+# ------------------
+#
+# Copyright 2007-2014, Michael Boelen (michael@rootkit.nl), The Netherlands
+# Web site: http://www.rootkit.nl
+#
+# Lynis comes with ABSOLUTELY NO WARRANTY. This is free software, and you are
+# welcome to redistribute it under the terms of the GNU General Public License.
+# See LICENSE file for usage of this software.
+#
+#################################################################################
+#
+# Parameter checks
+#
+#################################################################################
+#
+
+    # Check number of parameters submitted (at least one is needed)
+    PARAMCOUNT=$#
+    while [ $# -ge 1 ]; do
+      case $1 in
+
+          # Assign auditor to report
+          --auditor)
+             shift
+             AUDITORNAME=$1
+          ;;
+
+          # Perform tests
+          -c | --check-all | --checkall)
+             CHECK=1
+          ;;
+
+          # Cronjob support
+          --cronjob | --cron)
+             CRONJOB=1;
+             # Use some defaults (-c, -Q, no colors)
+             CHECK=1; QUICKMODE=1; NEVERBREAK=1
+             # Get rid of the colors
+             NORMAL=""; WARNING=""; SECTION=""; NOTICE=""; OK=""; BAD=""; CYAN=""; MAGENTA=""; PURPLE=""; YELLOW=""; WHITE=""; GREEN=""; RED=""
+          ;;
+
+          # Perform tests with additional debugging information on screen
+          --debug)
+             DEBUG=1
+          ;;
+
+
+          # View help
+          --help | -h)
+              VIEWHELP=1
+          ;;
+
+          # View program/database information
+          --check-update | --info)
+              VIEWUPDATEINFO=1
+          ;;
+
+          # License key for Lynis Enterprise
+          --license-key)
+             shift
+             LICENSE_KEY=$1
+          ;;
+
+          # Adjust default logfile location
+          --logfile | --log-file)
+             shift
+             LOGFILE=$1
+          ;;
+
+          # Don't use colors
+          --no-colors)
+              NORMAL=""; WARNING=""; SECTION=""; NOTICE=""; OK=""; BAD=""; CYAN=""; MAGENTA=""; PURPLE=""; YELLOW=""; WHITE=""; GREEN=""; RED=""
+          ;;
+
+          # Disable logging
+          --no-log | --nolog)
+             LOGFILE="/dev/null"
+          ;;
+
+          # Define a custom profile file
+          --profile)
+             shift
+             PROFILE=$1
+          ;;
+
+          # Define a custom plugin directory
+          --plugin-dir)
+             shift
+             PLUGINDIR=$1
+             LASTCHAR=`echo $1 | awk '{ print substr($0, length($0))}'`
+             if [ "${LASTCHAR}" = "/" ]; then
+                 echo "${RED}Error:${WHITE} plugin directory path should not end with a slash${NORMAL}"
+                 ExitFatal
+             fi
+             if [ ! -d ${PLUGINDIR} ]; then
+                 echo "${RED}Error:${WHITE} invalid plugin directory ${PLUGINDIR}${NORMAL}"
+                 ExitFatal
+             fi
+          ;;
+
+          # Quiet mode
+          -q | --quiet)
+             QUIET=1
+             # Run non-interactive
+             QUICKMODE=1
+          ;;
+
+          # Non-interactive mode
+          -Q | --quick)
+             QUICKMODE=1
+          ;;
+
+          # Strip the colors which aren't clearly visible on light backgrounds
+          --reverse-colors)
+              #NORMAL="";
+              SECTION="${NORMAL}";
+              NOTICE="${NORMAL}";
+              #OK="";
+              #BAD="";
+              CYAN="${NORMAL}";
+              GREEN="${NORMAL}";
+              YELLOW="${NORMAL}";
+              WHITE="${NORMAL}";
+              PURPLE="${NORMAL}";
+              #GREEN="";
+              #RED=""
+          ;;
+
+          # Only scan these tests
+          --tests)
+              shift
+              TESTS_TO_PERFORM=$1
+          ;;
+
+          # Scan one or more categories only
+          --tests-category)
+              shift
+              TESTS_CATEGORY_TO_PERFORM=$1
+          ;;
+
+          # Lynis Enterprise: upload data to central node
+          --upload)
+             UPLOAD_DATA=1
+          ;;
+          # Version number
+          -V | --version)
+             echo "${PROGRAM_version}"
+             exit 0
+          ;;
+
+          --view-categories | --list-categories | --show-categories)
+             ViewCategories
+             exit 0
+          ;;
+
+          # View man page
+          --view-manpage | --man)
+             if [ -f lynis.8 ]; then
+                 nroff -man lynis.8
+                 exit 0
+               else
+                 echo "Error: man page file not found (lynis.8)"
+                 echo "If you are running an installed version of Lynis, use 'man lynis'"
+                 exit 1
+             fi
+          ;;
+
+          # Drop out when using wrong option(s)
+          *)
+              # Wrong option used, we bail out later
+              WRONGOPTION=1
+              WRONGOPTION_value=$1
+          ;;
+      esac
+      shift
+    done
+
+#================================================================================
+# Lynis - Copyright 2007-2014, Michael Boelen - www.rootkit.nl - The Netherlands
diff --git a/include/profiles b/include/profiles
new file mode 100644
index 00000000..ac4a4ec0
--- /dev/null
+++ b/include/profiles
@@ -0,0 +1,186 @@
+#!/bin/sh
+
+#################################################################################
+#
+#   Lynis
+# ------------------
+#
+# Copyright 2007-2014, Michael Boelen (michael@rootkit.nl), The Netherlands
+# Web site: http://www.rootkit.nl
+#
+# Lynis comes with ABSOLUTELY NO WARRANTY. This is free software, and you are
+# welcome to redistribute it under the terms of the GNU General Public License.
+# See LICENSE file for usage of this software.
+#
+#################################################################################
+#
+# Read profile/template
+#
+#################################################################################
+#
+    #YYY Enable check when profile files are complete and completely documented
+    # Check if default profile is used
+    if [ "${PROFILE}" = "defaultXXX.prf" ]; then
+        echo ""
+        echo "      ==============================================================================="
+        echo "        ${WARNING}Warning${NORMAL}: ${WHITE}Default profile is used.${NORMAL}"
+        echo "          Default profile contains only a small amount of options and settings."
+        echo "          Consult the documentation to create a custom profile!"
+        echo ""
+        echo "      [ ${WHITE}Press [ENTER] to continue with the default profile or [CTRL] + C to stop${NORMAL} ]"
+        echo "      ==============================================================================="
+        wait_for_keypress
+    fi
+
+#
+#################################################################################
+#
+    Display --indent 2 --text "- Checking profile file (${PROFILE})..."
+    logtext "Reading profile/configuration ${PROFILE}"
+    FIND=`cat ${PROFILE} | grep '^config:' | sed 's/ /!space!/g'`
+    for I in ${FIND}; do
+        OPTION=`echo ${I} | cut -d ':' -f2`
+        VALUE=`echo ${I} | cut -d ':' -f3 | sed 's/!space!/ /g'`    
+
+        logtext "Profile option set: ${OPTION} (with value ${VALUE})"
+
+        case ${OPTION} in
+
+            # Maximum number of WAITing connections
+            connections_max_wait_state)
+                OPTIONS_CONN_MAX_WAIT_STATE="${VALUE}"
+            ;;
+
+            # Do not check security repository in sources.list (Debian/Ubuntu)
+            debian_skip_security_repository)
+            OPTION_DEBIAN_SKIP_SECURITY_REPOSITORY="${VALUE}"
+            ;;
+            debug)
+                if [ "${VALUE}" = "yes" -o "${VALUE}" = "true" ]; then
+                    DEBUG=1
+                fi
+            ;;
+            # Skip FreeBSD port audit
+            freebsd_skip_portaudit)
+                logtext "Option set: Skip FreeBSD portaudit"
+                OPTION_FREEBSD_SKIP_PORTAUDIT="${VALUE}"
+            ;;
+
+            # Lynis Enterprise: group name
+            group)
+                GROUP_NAME="${VALUE}"
+            ;;
+
+            # Lynis Enterprise license key
+            license_key)
+                LICENSE_KEY="${VALUE}"
+            ;;
+
+            # Do (not) log tests if they have an different operating system
+            log_tests_incorrect_os)
+                logtext "Option set: No logging for incorrect OS"
+                if [ "${VALUE}" = "no" ]; then LOG_INCORRECT_OS=0; else LOG_INCORRECT_OS=1; fi
+            ;;
+
+            # What type of machine we are scanning (eg. desktop, server, server with storage)
+            machine_role)
+                MACHINE_ROLE="${VALUE}"
+            ;;
+
+            # Define if any found NTP daemon instance is configured as a server or client
+            ntpd_role)
+                NTPD_ROLE="${VALUE}"
+            ;;
+
+            # How much seconds to wait between tests
+            pause_between_tests)
+                TEST_PAUSE_TIME="${VALUE}"
+            ;;
+
+            # Profile name
+            profile_name)
+                # YYY dummy 
+            ;;
+
+            # Inline tips about tool
+            show_tool_tips)
+                SHOW_TOOL_TIPS="${VALUE}"
+            ;;
+
+            # Tests to always skip (useful for false positives or problematic tests)
+            test_skip_always)
+                TEST_SKIP_ALWAYS="${VALUE}"
+                logtext "Tests to be skipped: ${VALUE}"
+            ;;
+
+            # Do not check the latest version on the internet
+            skip_upgrade_test)
+                if [ "${VALUE}" = "yes" -o "${VALUE}" = "YES" ]; then SKIP_UPGRADE_TEST=1; else SKIP_UPGRADE_TEST=0; fi
+            ;;
+
+            # Define what kind of scan we are performing
+            test_scan_mode)
+                if [ "${VALUE}" = "light" ]; then	     SCAN_TEST_LIGHT="YES";   SCAN_TEST_MEDIUM="NO";   SCAN_TEST_HEAVY="NO";	   fi
+                if [ "${VALUE}" = "normal" ]; then	     SCAN_TEST_LIGHT="YES";   SCAN_TEST_MEDIUM="YES";  SCAN_TEST_HEAVY="NO";	   fi
+                if [ "${VALUE}" = "full" ]; then	     SCAN_TEST_LIGHT="YES";   SCAN_TEST_MEDIUM="YES";  SCAN_TEST_HEAVY="YES";	   fi
+            ;;
+
+            # Catch all bad options and bail out
+            *)
+                logtext "Unknown option ${OPTION} (with value: ${VALUE})"
+                echo "Fatal error: found errors in profile"
+                echo "Unknown option '${OPTION}' found (with value: ${VALUE})"
+                RemovePIDFile    
+                exit 1
+            ;;
+
+        esac
+
+    done
+#
+#################################################################################
+#
+    # Add group name to report
+    if [ ! "${GROUP_NAME}" = "" ]; then
+        report "group=${GROUP_NAME}"
+    fi
+#
+#################################################################################
+#
+# Plugins
+#
+#################################################################################
+#
+    #FIND=`cat ${PROFILE} | grep '^plugin_enable=' | sed 's/ /!space!/g'`
+    #for I in ${FIND}; do
+    #    PLUGIN=`echo ${I} | cut -d '=' -f2`
+    #    if [ -f "${PLUGINDIR}/${PLUGIN}" ]; then
+    #        logtext "Found plugin: ${PLUGIN}"
+    #        # XXX - enable plugin
+    #      else
+    #        logtext "Couldn't find plugin: ${PLUGIN} (${PLUGINDIR}/${PLUGIN})"
+    #    fi
+    #done
+#
+#################################################################################
+#
+    # Set default values (only if not configured in profile)
+
+    if [ "${MACHINE_ROLE}" = "" ]; then
+        MACHINE_ROLE="server"
+        logtext "Set option to default value: MACHINE_ROLE --> ${MACHINE_ROLE}"
+    fi
+
+    if [ "${NTPD_ROLE}" = "" ]; then
+        NTPD_ROLE="client"
+        logtext "Set option to default value: NTPD_ROLE --> ${NTPD_ROLE}"
+    fi
+
+#
+#################################################################################
+#
+
+logtextbreak
+
+#================================================================================
+# Lynis - Copyright 2007-2014, Michael Boelen - cisofy.com - The Netherlands
diff --git a/include/report b/include/report
new file mode 100644
index 00000000..318ed027
--- /dev/null
+++ b/include/report
@@ -0,0 +1,223 @@
+#!/bin/sh
+
+#################################################################################
+#
+#   Lynis
+# ------------------
+#
+# Copyright 2007-2014, Michael Boelen (michael@rootkit.nl), The Netherlands
+# Web site: http://www.rootkit.nl
+#
+# Lynis comes with ABSOLUTELY NO WARRANTY. This is free software, and you are
+# welcome to redistribute it under the terms of the GNU General Public License.
+# See LICENSE file for usage of this software.
+#
+#################################################################################
+#
+# Report
+#
+#################################################################################
+#
+    logtextbreak
+    #if [ ${QUIET} -eq 0 ]; then
+#        echo ""
+#        echo "  ---------------------------------------------------"
+#        echo "  Program version:           ${PROGRAM_version}"
+#        echo "  Operating system:          ${OS_NAME}"
+#        echo "  Operating system version:  ${OS_VERSION}" 
+#        if [ ! "${OS_MODE}" = "" ]; then echo "  Operating system mode:     ${OS_MODE}"; fi
+#        echo "  Kernel version:            ${OS_KERNELVERSION}"
+#        echo "  Hardware platform:         ${HARDWARE}"
+#        echo "  Hostname:                  ${HOSTNAME}"
+#        echo "  Auditor:                   ${AUDITORNAME}"
+#        echo "  Profile:                   ${PROFILE}"
+#        echo "  Log file:                  ${LOGFILE}"
+#        echo "  Report file:               ${REPORTFILE}"
+#        echo "  Report version:            ${REPORT_version}"
+#        echo "  ---------------------------------------------------"
+#    fi
+
+#
+#################################################################################
+#
+# Hardening Index
+# Define approximately how strong a machine has been hardened
+#
+#################################################################################
+#
+        # If no hardening has been found, set value to 1
+        if [ ${HPPOINTS} -eq 0 ]; then HPPOINTS=1; HPTOTAL=100; fi
+        HPINDEX=`expr $HPPOINTS \* 100 / $HPTOTAL`
+        HPAOBLOCKS=`expr $HPPOINTS \* 20 / $HPTOTAL`
+        # Set color related to rating
+        if [ ${HPINDEX} -lt 50 ]; then
+            HPCOLOR="${RED}"
+            HIDESCRIPTION="System has not or a low amount been hardened"
+        fi
+        if [ ${HPINDEX} -gt 49 -a ${HPINDEX} -lt 80 ]; then
+            HPCOLOR="${YELLOW}"
+            HIDESCRIPTION="System has been hardened, but could use additional hardening"
+        fi
+        if [ ${HPINDEX} -gt 79 -a ${HPINDEX} -lt 90 ]; then
+            HPCOLOR="${GREEN}"
+            HIDESCRIPTION="System seem to be decent hardened"
+        fi
+        if [ ${HPINDEX} -gt 89 ]; then
+            HPCOLOR="${GREEN}"
+            HIDESCRIPTION="System seem to be well hardened"
+        fi
+
+        case ${HPAOBLOCKS} in
+            0)  HPBLOCKS="#"; HPEMPTY="                   " ;;
+            1)  HPBLOCKS="#"; HPEMPTY="                   " ;;
+            2)  HPBLOCKS="##"; HPEMPTY="                  " ;;
+            3)  HPBLOCKS="###"; HPEMPTY="                 " ;;
+            4)  HPBLOCKS="####"; HPEMPTY="                " ;;
+            5)  HPBLOCKS="#####"; HPEMPTY="               " ;;
+            6)  HPBLOCKS="######"; HPEMPTY="              " ;;
+            7)  HPBLOCKS="#######"; HPEMPTY="             " ;;
+            8)  HPBLOCKS="########"; HPEMPTY="            " ;;
+            9)  HPBLOCKS="#########"; HPEMPTY="           " ;;
+            10) HPBLOCKS="##########"; HPEMPTY="          " ;;
+            11) HPBLOCKS="###########"; HPEMPTY="         " ;;
+            12) HPBLOCKS="############"; HPEMPTY="        " ;;
+            13) HPBLOCKS="#############"; HPEMPTY="       " ;;
+            14) HPBLOCKS="##############"; HPEMPTY="      " ;;
+            15) HPBLOCKS="###############"; HPEMPTY="     " ;;
+            16) HPBLOCKS="################"; HPEMPTY="    " ;;
+            17) HPBLOCKS="#################"; HPEMPTY="   " ;;
+            18) HPBLOCKS="##################"; HPEMPTY="  " ;;
+            19) HPBLOCKS="###################"; HPEMPTY=" " ;;
+            20) HPBLOCKS="####################"; HPEMPTY="" ;;
+        esac
+
+        HPGRAPH="[${HPCOLOR}${HPBLOCKS}${NORMAL}${HPEMPTY}]"
+        logtext "Hardening index : [${HPINDEX}] [${HPBLOCKS}${HPEMPTY}]"
+        logtext "Hardening strength: ${HIDESCRIPTION}"
+        report "hardening_index=${HPINDEX}"
+
+#
+#################################################################################
+#
+# Show test results overview
+#
+#################################################################################
+#
+    # Only show overview if not running in quiet mode
+    if [ ${QUIET} -eq 0 ]; then
+        echo ""; echo "================================================================================"
+        echo ""; echo "  -[ ${WHITE}${PROGRAM_name} ${PROGRAM_version} Results${NORMAL} ]-"
+        echo "";
+
+        # Show warnings from logfile
+        SWARNINGS=`cat ${LOGFILE} | grep -i 'warning:' | sed 's/ /!space!/g'`
+
+
+        if [ "${SWARNINGS}" = "" ]; then
+            echo "  ${OK}No warnings${NORMAL}"; echo ""
+          else
+            echo "  ${WARNING}Warnings${NORMAL}:"
+            echo "  ${WHITE}----------------------------${NORMAL}"
+            for WARNING in ${SWARNINGS}; do
+                SHOWWARNING=`echo ${WARNING} | sed 's/!space!/ /g' | sed 's/^\[\(.*\)\] Warning: //'`
+                ADDLINK=`echo ${WARNING} | sed 's/!space!/ /g' | sed 's/^\[\(.*\)\] Warning: \(.*\)\[//' | sed 's/\]//'`
+                echo "  ${WHITE}- ${SHOWWARNING}${NORMAL}"
+                echo "      http://cisofy.com/controls/${ADDLINK}/"
+                echo ""
+            done
+        fi
+
+        # Show suggestions from logfile
+        SSUGGESTIONS=`grep -i 'suggestion:' ${LOGFILE} | sed 's/ /!space!/g'`
+
+        if [ "${SSUGGESTIONS}" = "" ]; then
+            echo "  ${OK}No suggestions${NORMAL}"; echo ""
+          else
+            echo "  ${YELLOW}Suggestions${NORMAL}:"
+            echo "  ${WHITE}----------------------------${NORMAL}"
+            for SUGGESTION in ${SSUGGESTIONS}; do
+                SHOWSUGGESTION=`echo ${SUGGESTION} | sed 's/!space!/ /g' | sed 's/^\[\(.*\)\] Suggestion: //'`
+                ADDLINK=`echo ${SUGGESTION} | sed 's/!space!/ /g' | sed 's/^\[\(.*\)\] Suggestion: \(.*\)\[//' | sed 's/\]//'`
+                echo "  - ${SHOWSUGGESTION}"
+                echo "      http://cisofy.com/controls/${ADDLINK}/"
+            done
+            echo ""
+        fi
+
+        if [ ! "${SWARNINGS}" = "" -o ! "${SSUGGESTIONS}" = "" ]; then
+            echo "  ${CYAN}Follow-up${NORMAL}:"
+            echo "  ${WHITE}----------------------------${NORMAL}"
+            echo "  ${WHITE}-${NORMAL} Check the logfile (less $LOGFILE)"
+            echo "  ${WHITE}-${NORMAL} Read security controls texts (http://cisofy.com)"
+            echo "  ${WHITE}-${NORMAL} Use --upload to upload data (Lynis Enterprise users)"
+            echo ""
+        fi
+        echo "================================================================================"
+        echo "  ${WHITE}Lynis Scanner (details)${NORMAL}:"
+        echo ""
+        echo "  ${CYAN}Hardening index${NORMAL} : ${WHITE}${HPINDEX}${NORMAL} ${HPGRAPH}"
+        echo "  ${CYAN}Tests performed${NORMAL} : ${WHITE}${CTESTS_PERFORMED}${NORMAL}"
+        echo "  ${CYAN}Plugins enabled${NORMAL} : ${WHITE}${N_PLUGIN_ENABLED}${NORMAL}"
+        echo ""
+        echo "  ${SECTION}Lynis Modules${NORMAL}:"
+        # Heuristics will be implemented later
+        echo "  - Heuristics Check [${WHITE}NA${NORMAL}] - Security Audit [${GREEN}V${NORMAL}] - Vulnerability Scan [${GREEN}V${NORMAL}]"
+        echo ""
+        echo "  ${SECTION}Compliance Checks${NORMAL}:"
+        # Compliance checks and status will be marked in upcoming releases
+        echo "  - HIPAA [${WHITE}NA${NORMAL}] - PCI [${WHITE}NA${NORMAL}] - SOx [${WHITE}NA${NORMAL}] "
+
+        echo ""
+        echo "  ${SECTION}Files${NORMAL}:"
+        echo "  - Test and debug information      : ${WHITE}${LOGFILE}${NORMAL}"
+        echo "  - Report data                     : ${WHITE}${REPORTFILE}${NORMAL}"
+        echo "================================================================================"
+        if [ ${PROGRAM_LV} -gt ${PROGRAM_AC} ]; then
+            echo "  ${NOTICE}Notice: ${WHITE}${PROGRAM_name} update available${NORMAL}"
+            echo "  Current version : ${WHITE}${PROGRAM_AC}${NORMAL}    Latest version : ${WHITE}${PROGRAM_LV}${NORMAL}"
+            echo "================================================================================"
+          else
+            ###########################################################################################
+            #
+            # Software quality program
+            # Only provide this hint when the tool is at the latest version
+            #
+            ###########################################################################################
+
+            if [ ! "${PROGRAM_LV}" = "0" -a ! "${REPORTFILE}" = "" -a ! "${REPORTFILE}" = "/dev/null" ]; then
+                # Determine if the quality of the program can be increased by filtering out the exceptions
+                FIND=`${GREPBINARY} "^exception" ${REPORTFILE}`
+                if [ ! "${FIND}" = "" ]; then
+                    echo ""
+                    echo "  ${RED}Exceptions found${NORMAL}"
+                    echo "  ${WHITE}Some exceptional events or information was found!${NORMAL}"
+                    echo ""
+                    echo "  ${CYAN}What to do:${NORMAL}"
+                    echo "  You can help improving Lynis by providing your report file."
+                    echo "  Go to http://cisofy.com/contact/ and send your file to the e-mail address listed"
+                    echo ""
+                    echo "================================================================================"
+                fi
+            fi
+        fi
+
+        if [ ${SHOW_TOOL_TIPS} -eq 1 ]; then
+            echo "  Tip: Disable all tests which are not relevant or are too strict for the"
+            echo "       purpose of this particular machine. This will remove unwanted suggestions"
+            echo "       and also boost the hardening index. Each test should be properly analyzed"
+            echo "       to see if the related risks can be accepted, before disabling the test."
+            echo "================================================================================"
+        fi
+
+        echo "  ${PROGRAM_name} ${PROGRAM_version}"
+        echo "  ${PROGRAM_copyright}"
+        echo "  ${WHITE}${PROGRAM_extrainfo}${NORMAL}"
+        echo "================================================================================"
+
+
+        echo ""; echo ""
+    fi
+
+#
+#================================================================================
+# Lynis - Copyright 2007-2014, Michael Boelen - cisofy.com - The Netherlands
diff --git a/include/tests_accounting b/include/tests_accounting
new file mode 100644
index 00000000..e6036b6a
--- /dev/null
+++ b/include/tests_accounting
@@ -0,0 +1,398 @@
+#!/bin/sh
+
+#################################################################################
+#
+#   Lynis
+# ------------------
+#
+# Copyright 2007-2014, Michael Boelen (michael@rootkit.nl), The Netherlands
+# Web site: http://www.rootkit.nl
+#
+# Lynis comes with ABSOLUTELY NO WARRANTY. This is free software, and you are
+# welcome to redistribute it under the terms of the GNU General Public License.
+# See LICENSE file for usage of this software.
+#
+#################################################################################
+#
+    InsertSection "Accounting"
+#
+#################################################################################
+#
+    AUDITD_CONF_LOCS="/etc /etc/audit"
+    AUDITD_CONF_FILE=""
+    AUDITD_RUNNING=0
+    SOLARIS_AUDITD_RUNNING=0
+#
+#################################################################################
+#
+    # Test        : ACCT-2754
+    # Description : Check availability FreeBSD accounting data
+    Register --test-no ACCT-2754 --os FreeBSD --weight L --network NO --description "Check for available FreeBSD accounting information"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        if [ -f /var/account/acct ]; then
+            Display --indent 2 --text "- Checking accounting information..." --result OK --color GREEN
+            logtext "Result: /var/account/acct available"
+            AddHP 3 3
+        else
+            Display --indent 2 --text "- Checking accounting information..." --result "NOT FOUND" --color YELLOW
+            logtext "Result: No accounting information available"
+            logtext "Remark: Possibly there is another location where the accounting data is stored"
+            ReportSuggestion ${TEST_NO} "Enable process accounting"
+            AddHP 2 3
+        fi
+    fi
+#
+#################################################################################
+#
+    # Test        : ACCT-9622
+    # Description : Check availability Linux accounting data
+    # Notes       : /var/log/pacct (Slackware)
+    Register --test-no ACCT-9622 --os Linux --weight L --network NO --description "Check for available Linux accounting information"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        logtext "Test: Check accounting information"
+        if [ -f /var/account/pacct ]; then
+            Display --indent 2 --text "- Checking accounting information..." --result OK --color GREEN
+            logtext "Result: /var/account/pacct available"
+            AddHP 3 3
+        elif [ -f /var/log/account/pacct ]; then
+            Display --indent 2 --text "- Checking accounting information..." --result OK --color GREEN
+            logtext "Result: /var/log/account/pacct available"
+            AddHP 3 3
+        elif [ -f /var/log/pacct ]; then
+            Display --indent 2 --text "- Checking accounting information..." --result OK --color GREEN
+            logtext "Result: /var/log/pacct available"
+            AddHP 3 3
+        else
+            Display --indent 2 --text "- Checking accounting information... " --result "NOT FOUND" --color YELLOW
+            logtext "Result: No accounting information available (/var/account/pacct does not exist)"
+            logtext "Remark: Possibly there is another location where the accounting data is stored"
+            ReportSuggestion ${TEST_NO} "Enable process accounting"
+            AddHP 2 3
+        fi
+    fi
+#
+#################################################################################
+#
+    # Test        : ACCT-9626
+    # Description : Check sysstat accounting data
+    Register --test-no ACCT-9626 --os Linux --weight L --network NO --description "Check for sysstat accounting data"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        logtext "Test: check /etc/default/sysstat presence"
+        if [ -f /etc/default/sysstat ]; then
+            logtext "Result: /etc/default/sysstat found"
+            FIND=`grep "^ENABLED" /etc/default/sysstat | grep -i true`
+            if [ ! "${FIND}" = "" ]; then
+                logtext "Result: sysstat enabled via /etc/default/sysstat"
+                Display --indent 2 --text "- Checking sysstat accounting data" --result ENABLED --color GREEN
+              else
+                logtext "Result: sysstat disabled via /etc/default/sysstat"
+                Display --indent 2 --text "- Checking sysstat accounting data" --result DISABLED --color WHITE
+                ReportSuggestion ${TEST_NO} "Enable sysstat to collect accounting (disabled)"
+            fi
+        elif [ -f /etc/cron.d/sysstat ]; then
+            FIND=`grep -v '^[[:space:]]*\(#\|$\)' /etc/cron.d/sysstat`
+            if [ ! "${FIND}" = "" ]; then
+                logtext "Result: sysstat enabled via /etc/cron.d/sysstat"
+                Display --indent 2 --text "- Checking sysstat accounting data" --result ENABLED --color GREEN
+              else
+                logtext "Result: sysstat disabled via /etc/cron.d/sysstat"
+                Display --indent 2 --text "- Checking sysstat accounting data" --result DISABLED --color WHITE
+                ReportSuggestion ${TEST_NO} "Enable sysstat to collect accounting (cron disabled)"
+            fi
+        else
+            logtext "Result: sysstat not found via /etc/default/sysstat or /etc/cron.d/sysstat"
+            Display --indent 2 --text "- Checking sysstat accounting data" --result "NOT FOUND" --color YELLOW
+            ReportSuggestion ${TEST_NO} "Enable sysstat to collect accounting (no results)"
+        fi
+    fi
+#
+#################################################################################
+#
+    # Test        : ACCT-9628
+    # Description : Check auditd status
+    if [ ! "${AUDITDBINARY}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
+    Register --test-no ACCT-9628 --os Linux --weight L --network NO --description "Check for auditd"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        logtext "Test: Check auditd status"
+        FIND=`${PSBINARY} ax | grep "auditd" | grep -v "grep" | grep -v "kauditd"`
+        if [ ! "${FIND}" = "" ]; then
+            logtext "Result: auditd running"
+            Display --indent 2 --text "- Checking auditd" --result ENABLED --color GREEN
+            AUDITD_RUNNING=1
+            report "audit_deamon_running=1"
+            AddHP 4 4
+          else
+            logtext "Result: auditd not active"
+            Display --indent 2 --text "- Checking auditd" --result "NOT FOUND" --color WHITE
+            ReportSuggestion ${TEST_NO} "Enable auditd to collect audit information"
+            AUDITD_RUNNING=0
+            report "audit_deamon_running=0"
+            AddHP 0 1
+        fi
+    fi
+#
+#################################################################################
+#
+    # Test        : ACCT-9630
+    # Description : Check auditd rules
+    if [ ! "${AUDITDBINARY}" = "" -a ! "${AUDITCTLBINARY}" = "" -a ${AUDITD_RUNNING} -eq 1 ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
+    Register --test-no ACCT-9630 --os Linux --preqs-met ${PREQS_MET} --weight L --network NO --description "Check for auditd rules"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        logtext "Test: Checking auditd rules"
+        FIND=`${AUDITCTLBINARY} -l | grep -v "No rules"`
+        if [ "${FIND}" = "" ]; then
+            logtext "Result: auditd rules empty"
+            Display --indent 4 --text "- Checking audit rules" --result SUGGESTION --color YELLOW
+            AddHP 0 2
+            ReportSuggestion ${TEST_NO} "Audit daemon is enabled with an empty ruleset. Disable the daemon or define rules"
+          else
+            logtext "Result: found auditd rules"
+            Display --indent 4 --text "- Checking audit rules" --result OK --color GREEN
+            # Log audit daemon rules
+            FIND=`${AUDITCTLBINARY} -l | sed 's/ /!space!/g'`
+            for I in ${FIND}; do
+                I=`echo ${I} | sed 's/!space!/ /g'`
+                logtext "Output: ${I}"
+            done
+        fi
+    fi
+#
+#################################################################################
+#
+    # Test        : ACCT-9632
+    # Description : Check auditd configuration file
+    if [ ! "${AUDITDBINARY}" = "" -a ${AUDITD_RUNNING} -eq 1 ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
+    Register --test-no ACCT-9632 --os Linux --preqs-met ${PREQS_MET} --weight L --network NO --description "Check for auditd configuration file"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        logtext "Test: Checking auditd configuration file"
+        for I in ${AUDITD_CONF_LOCS}; do
+            if [ -f ${I}/auditd.conf ]; then
+                AUDITD_CONF_FILE="${I}/auditd.conf"
+                logtext "Result: Found ${I}/auditd.conf"
+              else
+                logtext "Result: ${I}/auditd.conf not found"
+            fi
+        done
+        # Check if we discovered the configuration file. It should be there is the binaries are available and process is running
+        if [ ! "${AUDITD_CONF_FILE}" = "" ]; then
+            Display --indent 4 --text "- Checking audit configuration file" --result OK --color GREEN
+          else
+            logtext "Result: could not find auditd configuration file"
+            Display --indent 4 --text "- Checking audit configuration file" --result WARNING --color RED
+            ReportSuggestion ${TEST_NO} "Determine the location of auditd configuration file"
+        fi
+    fi
+#
+#################################################################################
+#
+    # Test        : ACCT-9634
+    # Description : Check auditd log file
+    if [ ! "${AUDITDBINARY}" = "" -a ${AUDITD_RUNNING} -eq 1 -a ! "${AUDITD_CONF_FILE}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
+    Register --test-no ACCT-9634 --os Linux --preqs-met ${PREQS_MET} --weight L --network NO --description "Check for auditd log file"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        logtext "Test: Checking auditd log file"
+        FIND=`grep "^log_file" ${AUDITD_CONF_FILE} | ${AWKBINARY} '{ if ($1=="log_file" && $2=="=") { print $3 } }'`
+        if [ ! "${FIND}" = "" ]; then
+            logtext "Result: log file is defined"
+            logtext "Defined value: ${FIND}"
+            if [ -f ${FIND} ]; then
+                logtext "Result: log file ${FIND} exists on disk"
+                Display --indent 4 --text "- Checking auditd log file" --result FOUND --color GREEN
+                report "logfile[]=${FIND}"
+              else
+                logtext "Result: can't find log file ${FIND} on disk"
+                Display --indent 4 --text "- Checking auditd log file" --result SUGGESTION --color YELLOW
+                ReportSuggestion ${TEST_NO} "Check auditd log file location"
+            fi
+          else
+            logtext "Result: no log file found"
+            Display --indent 4 --text "- Checking auditd log file" --result WARNING --color RED
+            ReportWarning ${TEST_NO} "L" "Auditd log file is defined but can not be found on disk"
+        fi
+    fi
+#
+#################################################################################
+#
+    # Test        : ACCT-9650
+    # Description : Check Solaris audit daemon presence
+    Register --test-no ACCT-9650 --os Solaris --weight L --network NO --description "Check Solaris audit daemon"
+    if [ ${SKIPTEST} -eq 0 ]; then
+	logtext "Test: check if audit daemon is running"
+	FIND=`${PSBINARY} ax | grep "/auditd" | grep -v "grep"`
+	if [ ! "${FIND}" = "" ]; then
+	    logtext "Result: Solaris audit daemon is running"
+	    SOLARIS_AUDITD_RUNNING=1
+	    Display --indent 2 --text "- Checking Solaris audit daemon status" --result RUNNING --color GREEN
+	  else
+	    logtext "Result: Solaris audit daemon is not running"
+	    Display --indent 2 --text "- Checking Solaris audit daemon status" --result "NOT RUNNING" --color YELLOW
+	fi
+    fi
+#
+#################################################################################
+#
+    # Test        : ACCT-9652
+    # Description : Check Solaris auditd service status
+    if [ -x /usr/bin/svcs -a ${SOLARIS_AUDITD_RUNNING} -eq 1 ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
+    Register --test-no ACCT-9652 --os Solaris --preqs-met ${PREQS_MET} --weight L --network NO --description "Check auditd SMF status"
+    if [ ${SKIPTEST} -eq 0 ]; then
+	logtext "Test: check if auditd service is enabled and online"
+	FIND=`/usr/bin/svcs svc:/system/auditd:default | grep "^online"`
+	if [ ! "${FIND}" = "" ]; then
+	    logtext "Result: auditd service is online"
+	    Display --indent 4 --text "- Checking Solaris audit daemon status" --result ONLINE --color GREEN
+	  else
+	    Display --indent 4 --text "- Checking Solaris audit daemon status" --result WARNING --color YELLOW
+	    # YYY
+	fi
+    fi
+#
+#################################################################################
+#
+    # Test        : ACCT-9654
+    # Description : Check Solaris Basic Security Mode (BSM) in /etc/system
+    if [ ${SOLARIS_AUDITD_RUNNING} -eq 1 ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
+    Register --test-no ACCT-9654 --os Solaris --preqs-met ${PREQS_MET} --weight L --network NO --description "Check BSM auditing in /etc/system"
+    if [ ${SKIPTEST} -eq 0 ]; then
+	logtext "Test: check if BSM is enabled in /etc/system"
+	if [ -f /etc/system ]; then
+	    FIND=`grep 'set c2audit:audit_load = 1' /etc/system`
+	    if [ ! "${FIND}" = "" ]; then
+	        logtext "Result: BSM is enabled in /etc/system"
+		Display --indent 4 --text "- Checking Solaris BSM (/etc/system)" --result ENABLED --color GREEN
+	      else
+		Display --indent 4 --text "- Checking Solaris BSM (/etc/system)" --result "NOT FOUND" --color YELLOW
+	    fi
+	  else
+	    logtext "Result: /etc/system does not exist"
+	fi
+    fi
+#
+#################################################################################
+#
+    # Test        : ACCT-9656
+    # Description : Check Solaris BSM (c2audit) module status
+    if [ ${SOLARIS_AUDITD_RUNNING} -eq 1 ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
+    Register --test-no ACCT-9656 --os Solaris --preqs-met ${PREQS_MET} --weight L --network NO --description "Check BSM auditing in module list"
+    if [ ${SKIPTEST} -eq 0 ]; then
+	logtext "Test: check if c2audit module is active"
+	if [ -x /usr/sbin/modinfo ]; then
+	    FIND=`/usr/sbin/modinfo | grep c2audit`
+	    if [ ! "${FIND}" = "" ]; then
+	        logtext "Result: c2audit found in modinfo output"
+		Display --indent 4 --text "- Checking Solaris BSM (modules list)" --result ENABLED --color GREEN
+	      else
+	        logtext "Result: c2audit not found in modinfo output"
+		Display --indent 4 --text "- Checking Solaris BSM (modules list)" --result "NOT FOUND" --color YELLOW
+	    fi	
+	  else
+	    logtext "Result: /usr/sbin/modinfo does not exist, skipping test"
+	fi    
+    fi
+#
+#################################################################################
+#
+    # Test        : ACCT-9658
+    # Description : Check required audit files in /etc/security
+    #if [ ${SOLARIS_AUDITD_RUNNING} -eq 1 ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
+    #Register --test-no ACCT-9658 --os Solaris --preqs-met ${PREQS_MET} --weight L --network NO --description "Check required audit files"
+    #if [ ${SKIPTEST} -eq 0 ]; then
+    #fi
+#
+#################################################################################
+#
+    # Test        : ACCT-9662
+    # Description : Check location for audit events
+    if [ ${SOLARIS_AUDITD_RUNNING} -eq 1 ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
+    Register --test-no ACCT-9660 --os Solaris --preqs-met ${PREQS_MET} --weight L --network NO --description "Check location of audit events"
+    if [ ${SKIPTEST} -eq 0 ]; then
+	logtext "Test: check /etc/security/audit_control for event logging location"
+	if [ -f /etc/security/audit_control ]; then
+	    logtext "Result: file /etc/security/audit_control found"
+	    FIND=`grep "^dir" /etc/security/audit_control | ${AWKBINARY} -F: '{ print $2 }'`
+	    if [ ! "${FIND}" = "" ]; then
+	        logtext "Result: found location ${FIND}"
+		logtext "Test: Checking if location is a valid directory"
+		if [ -d ${FIND} ]; then
+		    logtext "Result: location ${FIND} is valid"
+		    Display --indent 4 --text "- Checking Solaris audit location" --result FOUND --color GREEN
+		  else
+		    logtext "Result: location ${FIND} does not exist"
+		    # YYY perform manual audit
+		    Display --indent 4 --text "- Checking Solaris audit location" --result UNKNOWN --color YELLOW
+		fi
+	      else
+	        logtext "Result: unknown event location"
+	        Display --indent 4 --text "- Checking Solaris audit location" --result UNKNOWN --color YELLOW
+            fi
+	  else
+	    logtext "Result: could not find /etc/security/audit_control"
+	    Display --indent 4 --text "- Checking Solaris audit location" --result SKIPPED --color YELLOW
+	fi
+    fi
+#
+#################################################################################
+#
+    # Test        : ACCT-9662
+    # Description : Check which events are audited
+    #if [ ${SOLARIS_AUDITD_RUNNING} -eq 1 ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
+    #Register --test-no ACCT-9660 --os Solaris --preqs-met ${PREQS_MET} --weight L --network NO --description "Check BSM auditing in module list"
+    #if [ ${SKIPTEST} -eq 0 ]; then
+#
+#################################################################################
+#
+    # Test        : ACCT-9664
+    # Description : Check user specific event auditing
+    #if [ ${SOLARIS_AUDITD_RUNNING} -eq 1 ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
+    #Register --test-no ACCT-9662 --os Solaris --preqs-met ${PREQS_MET} --weight L --network NO --description "Check BSM auditing in module list"
+    #if [ ${SKIPTEST} -eq 0 ]; then
+#
+#################################################################################
+#
+    # Test        : ACCT-9672
+    # Description : check auditstat
+    if [ ${SOLARIS_AUDITD_RUNNING} -eq 1 ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
+    Register --test-no ACCT-9662 --os Solaris --preqs-met ${PREQS_MET} --weight L --network NO --description "Check Solaris auditing stats"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        logtext "Test: Check auditing statistics"
+	if [ -x /usr/sbin/auditstat ]; then
+	    FIND=`/usr/sbin/auditstat | tr -s ' ' ','`
+	    for I in ${FIND}; do
+	        logtext "Output: ${I}"
+	    done
+	    Display --indent 4 --text "- Checking Solaris audit statistics" --result DONE --color GREEN
+	  else
+	    logtext "Result: /usr/sbin/auditstat not found, skipping test"
+	    Display --indent 4 --text "- Checking Solaris audit statistics" --result SKIPPED --color YELLOW
+	fi
+    fi
+#
+#################################################################################
+#
+
+    # Test        : ACCT-9680
+    # Description : Check if required packages are installed
+    #if [ ${SOLARIS_AUDITD_RUNNING} -eq 1 ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
+    #Register --test-no ACCT-9662 --os Solaris --preqs-met ${PREQS_MET} --weight L --network NO --description "Check BSM auditing in module list"
+    #if [ ${SKIPTEST} -eq 0 ]; then
+	
+	# 
+	# Solaris 10 packages
+	# bash-3.00# pkginfo | egrep 'SUNWcar|SUNWcsr|SUNWcsu|SUNWhea|SUNWman'
+	#system      SUNWcar                          Core Architecture, (Root)
+	#system      SUNWcsr                          Core Solaris, (Root)
+	#system      SUNWcsu                          Core Solaris, (Usr)
+	#system      SUNWhea                          SunOS Header Files
+	#system      SUNWman                          On-Line Manual Pages
+
+#
+#################################################################################
+#
+# Check psacct package (ac, lastcomm, accton, sa)
+# Check auditd (auditctl, ausearch, aureport)
+
+wait_for_keypress
+
+#
+#================================================================================
+# Lynis - Copyright 2007-2014, Michael Boelen - http://cisofy.com - The Netherlands
diff --git a/include/tests_authentication b/include/tests_authentication
new file mode 100644
index 00000000..ad59897a
--- /dev/null
+++ b/include/tests_authentication
@@ -0,0 +1,1325 @@
+#!/bin/sh
+
+#################################################################################
+#
+#   Lynis
+# ------------------
+#
+# Copyright 2007-2014, Michael Boelen (michael@rootkit.nl), The Netherlands
+# Web site: http://www.rootkit.nl
+#
+# Lynis comes with ABSOLUTELY NO WARRANTY. This is free software, and you are
+# welcome to redistribute it under the terms of the GNU General Public License.
+# See LICENSE file for usage of this software.
+#
+#################################################################################
+#
+# User, Group and authentication tests
+#
+#################################################################################
+#
+    LDAP_AUTH_ENABLED=0
+    LDAP_PAM_ENABLED=0
+    LDAP_CONF_LOCATIONS="/etc/ldap.conf /etc/ldap/ldap.conf /etc/openldap/ldap.conf /usr/local/etc/ldap.conf /usr/local/etc/openldap/ldap.conf"
+    PAM_FILE_LOCATIONS="/lib/i386-linux-gnu/security /lib/security /lib/x86_64-linux-gnu/security /lib64/security /usr/lib/security"
+    SUDOERS_LOCATIONS="/etc/sudoers /usr/local/etc/sudoers /usr/pkg/etc/sudoers"
+    SUDOERS_FILE=""
+#
+#################################################################################
+#
+    InsertSection "Users, Groups and Authentication"
+
+    # Test        : AUTH-9204
+    # Description : Check users with UID zero (0)
+    Register --test-no AUTH-9204 --weight L --network NO --description "Check users with an UID of zero"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        # Search accounts with UID 0
+        logtext "Test: Searching accounts with UID 0"
+        FIND=`grep ':0:' /etc/passwd | egrep -v '^#|^root:|^:0:0:::' | cut -d ":" -f1,3 | grep ':0'`
+        if [ ! "${FIND}" = "" ]; then
+            Display --indent 2 --text "- Search administrator accounts..." --result WARNING --color RED
+            logtext "Result: Found more than one administrator accounts"
+            ReportWarning "${TEST_NO}" "H" "Multiple users with UID 0 found in passwd file"
+            for I in ${FIND}; do
+                logtext "Administrator account: ${I}"
+                if [ "${I}" = "toor" ]; then
+                    logtext "BSD note: default there is a user 'toor' installed. This account is considered useless unless it"
+                    logtext "is assigned a password and used for daily operations or emergencies. ie: bad shell for root user."
+                    ReportSuggestion ${TEST_NO} "Use vipw to delete the 'toor' user if not used."
+                fi
+            done
+          else
+            Display --indent 2 --text "- Search administrator accounts..." --result OK --color GREEN
+            logtext "Result: No accounts found with UID 0 other than root."
+        fi
+    fi
+#
+#################################################################################
+#
+    # Test        : AUTH-9208
+    # Description : Check non-unique accounts
+    Register --test-no AUTH-9208 --weight L --network NO --description "Check non-unique accounts"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        logtext "Test: ${USER_PASSWD_DOUBLEUID_AUDIT_TITLE}"
+        logtext "Description: ${USER_PASSWD_DOUBLEUID_AUDIT_DESCRIPTION}"
+        logtext "Action: Checking for non-unique accounts"
+        if  [ "${OS}" = "DragonFly" -o "${OS}" = "FreeBSD" -o "${OS}" = "NetBSD" ]; then
+            PASSWD_FILE="/etc/master.passwd"
+          else
+            PASSWD_FILE="/etc/passwd"
+        fi
+        # Check password file
+        if [ -f ${PASSWD_FILE} ]; then
+            FIND=`cat ${PASSWD_FILE} | grep -v '^#' | cut -d ':' -f3 | uniq -d`
+            if [ "${FIND}" = "" ]; then
+                Display --indent 2 --text "- Checking for non-unique UIDs... " --result OK --color GREEN
+                logtext "Result: all accounts found in ${PASSWD_FILE} are unique"
+              else
+                Display --indent 2 --text "- Checking for non-unique UIDs... " --result WARNING --color RED
+                logtext "Result: found multiple accounts with same UID"
+                logtext "Output (non-unique UIDs): ${FIND}"
+                ReportWarning ${TEST_NO} "Multiple accounts found with same UID"
+            fi
+          else
+            Display --indent 2 --text "- Checking UIDs... " --result SKIPPED --color WHITE
+            logtext "Result: test skipped, ${PASSWD_FILE} file not available"
+        fi
+        logtext "Remarks: ${USER_PASSWD_DOUBLEUID_AUDIT_TEXT}"
+    fi
+#
+#################################################################################
+#
+    # Test        : AUTH-9212
+    # Description : Test group file with chkgrp tool (ie FreeBSD)
+    if [ -f /usr/sbin/chkgrp ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
+    Register --test-no AUTH-9212 --preqs-met ${PREQS_MET} --weight L --network NO --description "Test group file"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        Display --indent 2 --text "- Checking chkgrp tool..." --result FOUND --color GREEN
+        logtext "Result: /usr/sbin/chkgrp binary found. Using this to perform next test(s)."
+        logtext "Test: Testing consistency of /etc/group file... "
+        FIND=`/usr/sbin/chkgrp | grep -v 'is fine'`
+        if [ "${FIND}" = "" ]; then
+            Display --indent 4 --text "- Checking consistency of /etc/group file..." --result OK --color GREEN
+            logtext "Result: chkgrp test performed, Group file seems to be ok."
+          else
+            Display --indent 4 --text "- Checking consistency of /etc/group file..." --result WARNING --color RED
+            logtext "Result: chkgrp found some errors. Run the tool manually to see details."
+            logtext "chkgrp output: ${FIND}"
+            ReportWarning ${TEST_NO} "M" "chkgrp reported inconsistencies in /etc/group file"
+        fi
+    fi
+#
+#################################################################################
+#
+    # Test        : AUTH-9216
+    # Description : Check /etc/group and shadow group files
+    if [ ! "${GRPCKBINARY}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
+    Register --test-no AUTH-9216 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check group and shadow group files"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        # Test            : run grpck to test group files (most likely /etc/group and shadow group files)
+        # Expected result : 0 (exit code)
+        logtext "Test: Checking for grpck binary..."
+
+        if [ "${OS}" = "Linux" ]; then
+            # Read only mode
+            FIND=`${GRPCKBINARY} -r 2> /dev/null ; echo $?`
+          elif [ "${OS}" = "AIX" ]; then
+            FIND=`${GRPCKBINARY} -n 2> /dev/null ; echo $?`
+          else
+            FIND=`${GRPCKBINARY} 2> /dev/null ; echo $?`
+        fi
+
+        # Overrule for SuSE
+        if [ "${LINUX_VERSION}" = "SuSE" ]; then
+            FIND=`${GRPCKBINARY} -q -r > /dev/null ; echo $?`	
+        fi
+
+        # Check exit-code
+        if [ "${FIND}" = "0" ]; then
+            Display --indent 2 --text "- Checking consistency of group files (grpck)..." --result OK --color GREEN
+            logtext "Result: grpck binary didn't find any errors in the group files"
+          else
+            Display --indent 2 --text "- Checking consistency of group files (grpck)..." --result WARNING --color RED
+            ReportWarning ${TEST_NO} "M" "grpck binary found errors in one or more group files"
+            ReportSuggestion ${TEST_NO} "Run grpck manually and check your group files"
+        fi
+    fi
+#
+#################################################################################
+#
+    # Test        : AUTH-9218
+    # Description : Check login shells for passwordless accounts
+    # Notes       : Results should be checked
+    Register --test-no AUTH-9218 --os FreeBSD --weight L --network NO --description "Check harmful login shells"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        FOUND=0
+        logtext "Test: Checking login shells"
+        if [ -f /etc/master.passwd ]; then
+            # Check for all shells, except: (/usr)/sbin/nologin /nonexistent
+            FIND=`cat /etc/master.passwd | grep "[a-z]:\*:" | egrep -v '^#|/sbin/nologin|/usr/sbin/nologin|/nonexistent' | sed 's/ /!space!/g'`
+            if [ "${FIND}" = "" ]; then
+                Display --indent 2 --text "- Checking login shells..." --result OK --color GREEN
+              else
+                Display --indent 2 --text "- Checking login shells..." --result WARNING --color RED
+                for I in ${FIND}; do
+                    I=`echo ${I} | sed 's/!space!/ /g'`
+                    J=`echo ${I} | awk -F: '{ print $10 }'`
+                    logtext "Output: ${I}"
+                    if [ "${J}" = "" ]; then
+                        logtext "Result: found no shell on line"
+                      else
+                        logtext "Result: found possible harmful shell ${J}"
+                        ReportSuggestion ${TEST_NO} "Determine if account is needed, as shell ${J} does not exist"
+                        if [ -f ${J} ]; then
+                            logtext "Result: shell ${J} does exist"
+                            FOUND=1
+                          else
+                            logtext "Result: shell ${J} does not exist"
+                        fi
+                    fi
+                done
+                if [ ${FOUND} -eq 1 ]; then
+                    ReportWarning ${TEST_NO} "H" "Possible harmful shell found (for passwordless account!)"
+                fi
+             fi
+          else
+            Display --indent 2 --text "- Checking login shells..." --result SKIPPED --color WHITE
+            logtext "Result: No /etc/master.passwd file found"
+        fi
+    fi
+#
+#################################################################################
+#
+    # Test        : AUTH-9222
+    # Description : Check for non unique groups
+    Register --test-no AUTH-9222 --weight L --network NO --description "Check for non unique groups"
+    if [ ${SKIPTEST} -eq 0 ]; then
+	logtext "Test: Checking for non unique group ID's in /etc/group"
+	FIND=`cat /etc/group | grep -v '^#' | grep -v '^$' | awk -F: '{ print $3 }' | sort | uniq -d`
+	if [ "${FIND}" = "" ]; then
+	    Display --indent 2 --text "- Checking non unique group ID's..." --result OK --color GREEN
+	    logtext "Result: All group ID's are unique"
+	  else
+	    Display --indent 2 --text "- Checking non unique group ID's..." --result WARNING --color RED
+	    logtext "Result: Found the same group ID multiple times"
+	    logtext "Output: ${FIND}"
+	    ReportWarning ${TEST_NO} "H" "Found multiple groups with same group ID"
+	    ReportSuggestion ${TEST_NO} "Check your /etc/group file and correct inconsistencies"
+	fi
+    fi
+#
+#################################################################################
+#
+    # Test        : AUTH-9226
+    # Description : Check non unique group names
+    if [ -f /etc/group ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
+    Register --test-no AUTH-9226 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check non unique group names"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        logtext "Test: Checking for non unique group names in /etc/group"
+        FIND=`cat /etc/group | grep -v '^#' | grep -v '^$' | awk -F: '{ print $1 }' | sort | uniq -d`
+        if [ "${FIND}" = "" ]; then
+            Display --indent 2 --text "- Checking non unique group names..." --result OK --color GREEN
+            logtext "Result: All group names are unique"
+          else
+            Display --indent 2 --text "- Checking non unique group names..." --result WARNING --color WARNING
+            logtext "Result: Found the same group name multiple times"
+            logtext "Output: ${FIND}"
+            ReportWarning ${TEST_NO} "M" "Found inconsistencies in group file (multiple occurences of a single group)"
+            ReportSuggestion ${TEST_NO} "Check your /etc/group file and correct inconsistencies"
+        fi
+    fi
+#
+#################################################################################
+#
+    # Test        : AUTH-9228
+    # Description : Check Linux password file consistency
+    if [ -x /usr/sbin/pwck ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
+    Register --test-no AUTH-9228 --os Linux --preqs-met ${PREQS_MET} --weight L --network NO --description "Check password file consistency"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        logtext "Test: Checking password file consistency (pwck)"
+        FIND=`/usr/sbin/pwck -q -r 2> /dev/null; echo $?`
+        if [ "${FIND}" = "0" ]; then
+            Display --indent 2 --text "- Checking password file consistency..." --result OK --color GREEN
+            logtext "Result: pwck check didn't find any problems"
+          else
+            Display --indent 2 --text "- Checking password file consistency..." --result WARNING --color RED
+            logtext "Result: pwck found one or more errors/warnings in the password file."
+            ReportWarning ${TEST_NO} "M" "pwck found one or more errors/warnings in the password file"
+            ReportSuggestion ${TEST_NO} "Run pwck manually and correct found issues."
+        fi
+    fi
+#
+#################################################################################
+#
+#    # Test        : AUTH-9229
+#    # Description : Check AIX password file consistency
+#    # Notes       : Read only mode?
+#    if [ -x /usr/bin/usrck ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
+#    Register --test-no AUTH-9229 --os AIX --preqs-met ${PREQS_MET} --weight L --network NO --description "Check password file consistency"
+#    if [ ${SKIPTEST} -eq 0 ]; then
+#	logtext "Test: Checking password file consistency (usrck)"
+#	FIND=`/usr/bin/usrck -n ALL 2>; echo $?`
+#	if [ "${FIND}" = "0" ]; then
+#	    Display --indent 2 --text "- Checking password file consistency..." --result OK --color GREEN
+#	    logtext "Result: usrck finished didn't find problems"
+#	  else
+#	    Display --indent 2 --text "- Checking password file consistency..." --result WARNING --color RED
+#	    logtext "Result: usrck found one or more errors/warnings in the password file."
+#	    ReportWarning ${TEST_NO} "M" "usrck found one or more errors/warnings in the password file"
+#	    ReportSuggestion ${TEST_NO} "Run usrck manually and correct found issues."
+#	fi
+#    fi
+#
+#################################################################################
+#
+    # Test        : AUTH-9230
+    # Description : Check Solaris password file consistency
+    if [ -x /usr/sbin/pwck ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
+    Register --test-no AUTH-9230 --os Solaris --preqs-met ${PREQS_MET} --weight L --network NO --description "Check password file consistency"
+    if [ ${SKIPTEST} -eq 0 ]; then
+	logtext "Test: Checking password file consistency (pwck)"
+	FIND=`/usr/sbin/pwck 2> /dev/null; echo $?`
+	if [ "${FIND}" = "0" ]; then
+	    Display --indent 2 --text "- Checking password file consistency..." --result OK --color GREEN
+	    logtext "Result: pwck finished didn't find problems"
+	  else
+	    Display --indent 2 --text "- Checking password file consistency..." --result WARNING --color RED
+	    logtext "Result: pwck found one or more errors/warnings in the password file."
+	    ReportWarning ${TEST_NO} "M" "pwck found one or more errors/warnings in the password file"
+	    ReportSuggestion ${TEST_NO} "Run pwck manually and correct found issues."
+	fi
+    fi
+#
+#################################################################################
+#
+#    # Test        : AUTH-9231
+#    # Description : Check HP-UX password file consistency
+#    # Notes       : Read only mode?
+#    if [ -x /usr/sbin/pwck ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
+#    Register --test-no AUTH-9231 --os HP-UX --preqs-met ${PREQS_MET} --weight L --network NO --description "Check password file consistency"
+#    if [ ${SKIPTEST} -eq 0 ]; then
+#	logtext "Test: Checking password file consistency (pwck)"
+#	FIND=`/usr/sbin/pwck 2> /dev/null; echo $?`
+#	if [ "${FIND}" = "0" ]; then
+#	    Display --indent 2 --text "- Checking password file consistency..." --result OK --color GREEN
+#	    logtext "Result: pwck finished didn't find problems"
+#	  else
+#	    Display --indent 2 --text "- Checking password file consistency..." --result WARNING --color RED
+#	    logtext "Result: pwck found one or more errors/warnings in the password file."
+#	    ReportWarning ${TEST_NO} "M" "pwck found one or more errors/warnings in the password file"
+#	    ReportSuggestion ${TEST_NO} "Run pwck manually and correct found issues."
+#	fi
+#    fi
+#
+#################################################################################
+#
+#    # Test        : AUTH-9232
+#    # Description : Check HP-UX group file consistency
+#    if [ -x /usr/sbin/grpck ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
+#    Register --test-no AUTH-9232 --os HP-UX --preqs-met ${PREQS_MET} --weight L --network NO --description "Check password file consistency"
+#    if [ ${SKIPTEST} -eq 0 ]; then
+#	logtext "Test: Checking group file consistency (grpck)"
+#	FIND=`/usr/sbin/grpck 2> /dev/null; echo $?`
+#	if [ "${FIND}" = "0" ]; then
+#	    Display --indent 2 --text "- Checking group file consistency..." --result OK --color GREEN
+#	    logtext "Result: grpck finished didn't find problems"
+#	  else
+#	    Display --indent 2 --text "- Checking group file consistency..." --result WARNING --color RED
+#	    logtext "Result: grpck found one or more errors/warnings in the group file."
+#	    ReportWarning ${TEST_NO} "M" "grpck found one or more errors/warnings in the group file"
+#	    ReportSuggestion ${TEST_NO} "Run grpck manually and correct found issues."
+#	fi
+#    fi
+#
+#################################################################################
+#
+    # Test        : AUTH-9234
+    # Description : Query user accounts (YYY)
+    # Notes       : HPUX > 100
+    #               MacOS: need to be improved (just reading passwd file is not enough)
+    #               OpenBSD/NetBSD: unknown
+    Register --test-no AUTH-9234 --os Linux --weight L --network NO --description "Query user accounts"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        logtext "Test: Read real system users (including root user) from /etc/passwd..."
+        FIND=""
+    
+        if [ "${OS}" = "FreeBSD" ]; then
+          logtext "FreeBSD real users output (ID > 1000, but not 65534):"
+          FIND=`awk -F: '($3 > 1000) && ($3 != 65534) || ($3 == 0) { print $1","$3 }' /etc/passwd`
+        fi
+
+        if [ "${OS}" = "Linux" ]; then
+          logtext "Linux real users output (ID > 500, but not 65534):"
+          FIND=`awk -F: '($3 > 500) && ($3 != 65534) || ($3 == 0) { print $1","$3 }' /etc/passwd`
+        fi
+
+        if [ "${OS}" = "Solaris" ]; then
+          logtext "Solaris real users output (ID > 100, but not 60001/65534):"
+          FIND=`awk -F: '($3 > 100 && $3 != 60001 && $3 != 65534) || ($3 == 0) { print $1","$3 }' /etc/passwd`
+        fi
+
+	Display --indent 2 --text "- Query system users (non daemons)..." --result DONE --color GREEN
+        # Check if we got any output
+        if [ "${FIND}" = "" ]; then
+            Display --indent 4 --text "Result: No users found/unknown result"
+            logtext "Result: Querying of system users skipped"
+          else
+            for I in ${FIND}; do
+              logtext "Real user: ${I}"
+              report "real_user[]=${I}"
+            done
+        fi
+    fi
+#
+#################################################################################
+#
+    # Test        : AUTH-9240
+    # Description : Query NIS+ authentication support
+    Register --test-no AUTH-9240 --weight L --network NO --description "Query NIS+ authentication support"
+    if [ ${SKIPTEST} -eq 0 ]; then
+	if [ -f /etc/nsswitch.conf ]; then
+    	    FIND=`egrep "^passwd" /etc/nsswitch.conf | egrep "compat|nisplus"`
+	    if [ "${FIND}" = "" ]; then
+	        logtext "Result: NIS+ authentication not enabled"
+		Display --indent 2 --text "- Checking NIS+ authentication support" --result "NOT ENABLED" --color WHITE
+	      else
+	        FIND2=`egrep "^passwd_compat" /etc/nsswitch.conf | grep "nisplus"`
+	        FIND3=`egrep "^passwd" /etc/nsswitch.conf | grep "nisplus"`
+	        if [ ! "${FIND2}" = "" -o ! "${FIND3}" = "" ]; then
+	            logtext "Result: NIS+ authentication enabled"
+    	    	    Display --indent 2 --text "- Checking NIS+ authentication support" --result "ENABLED" --color GREEN
+	          else
+	    	    logtext "Result: NIS+ authentication not enabled"
+	    	    Display --indent 2 --text "- Checking NIS+ authentication support" --result "NOT ENABLED" --color WHITE
+		fi
+	    fi      
+	  else
+	    logtext "Result: /etc/nsswitch.conf not found"
+	fi
+    fi
+#
+#################################################################################
+#
+    # Test        : AUTH-9242
+    # Description : Query NIS authentication support
+    Register --test-no AUTH-9242 --weight L --network NO --description "Query NIS authentication support"
+    if [ ${SKIPTEST} -eq 0 ]; then
+	if [ -f /etc/nsswitch.conf ]; then
+	    FIND=`egrep "^passwd" /etc/nsswitch.conf | egrep "compat|nis" | grep -v "nisplus"`
+	    if [ "${FIND}" = "" ]; then
+	        logtext "Result: NIS authentication not enabled"
+	        Display --indent 2 --text "- Checking NIS authentication support" --result "NOT ENABLED" --color WHITE
+	      else
+	        FIND2=`egrep "^passwd_compat" /etc/nsswitch.conf | grep "nis" | grep -v "nisplus"`
+	        FIND3=`egrep "^passwd" /etc/nsswitch.conf | grep "nis" | grep -v "nisplus"`
+	        if [ ! "${FIND2}" = "" -o ! "${FIND3}" = "" ]; then
+	            logtext "Result: NIS authentication enabled"
+	    	Display --indent 2 --text "- Checking NIS authentication support" --result "ENABLED" --color GREEN
+	          else
+	            logtext "Result: NIS authentication not enabled"
+	            Display --indent 2 --text "- Checking NIS authentication support" --result "NOT ENABLED" --color WHITE
+	        fi
+	    fi      
+	  else
+	    logtext "Result: /etc/nsswitch.conf not found"
+	fi
+    fi
+#
+#################################################################################
+#
+    # Test        : AUTH-9244
+    # Description : Query NIS servers
+    #Register --test-no AUTH-9244 --weight L --network NO --description "Query NIS servers"
+    #if [ ${SKIPTEST} -eq 0 ]; then
+    #fi
+#
+#################################################################################
+#
+    # Test        : AUTH-9246
+    # Description : Query NIS active
+    #Register --test-no AUTH-9246 --weight L --network NO --description "Query active NIS servers"
+    #if [ ${SKIPTEST} -eq 0 ]; then
+    #if
+    #grep '^+' /etc/passwd /etc/group
+#
+#################################################################################
+#
+    # Test        : AUTH-9250
+    # Description : Check for sudoers file
+    Register --test-no AUTH-9250 --weight L --network NO --description "Checking sudoers file"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        FOUND=0
+        for I in ${SUDOERS_LOCATIONS}; do
+	    logtext "Test: checking presence ${I}"
+	    if [ -f ${I} ]; then
+	        FOUND=1
+		SUDOERS_FILE="${I}"
+		logtext "Result: found file (${SUDOERS_FILE})"
+	      else
+	        logtext "Result: file ${I} not found"
+	    fi
+	done
+	if [ ${FOUND} -eq 1 ]; then
+	    logtext "Result: sudoers file found (${SUDOERS_FILE})"
+	    Display --indent 2 --text "- Checking sudoers file" --result FOUND --color GREEN
+	    # YYY add more tests to audit sudoers file
+	  else
+	    logtext "Result: sudoers file NOT found"
+	    Display --indent 2 --text "- Checking sudoers file" --result "NOT FOUND" --color YELLOW
+        fi
+    fi
+#
+#################################################################################
+#
+    # Test        : AUTH-9252
+    # Description : Check for sudoers file permissions
+    if [ ! "${SUDOERS_FILE}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
+    Register --test-no AUTH-9252 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check sudoers file"
+    if [ ${SKIPTEST} -eq 0 ]; then
+	logtext "Test: checking sudoers file (${SUDOERS_FILE}) permissions"
+	FIND=`ls -l ${SUDOERS_FILE} | cut -c 2-10`
+	logtext "Result: Found file permissions: ${FIND}"
+	if [ "${FIND}" = "rw-------" -o "${FIND}" = "rw-rw----" -o "${FIND}" = "r--r-----" ]; then
+	    logtext "Result: file ${SUDOERS_FILE} has correct permissions"
+	    Display --indent 4 --text "- Check sudoers file permissions" --result OK --color GREEN
+	  else
+	    logtext "Result: file has possibly unsafe file permissions"
+	    Display --indent 4 --text "- Check sudoers file permissions" --result WARNING --color RED
+	fi
+    fi
+#
+#################################################################################
+#
+    # Test        : AUTH-9254
+    # Description : Solaris test to check passwordless accounts
+    Register --test-no AUTH-9254 --os Solaris --weight L --network NO --description "Solaris passwordless accounts"
+    if [ ${SKIPTEST} -eq 0 ]; then
+	FIND=`logins -p | awk '{ print $1 }'`
+	if [ "${FIND}" = "" ]; then
+	    logtext "Result: no passwordless accounts found"
+	    Display --indent 2 --text "- Checking passwordless accounts on Solaris" --result OK --color GREEN
+	  else
+	    for I in ${FIND}; do
+		ReportWarning ${TEST_NO} "H" "Found passwordless account (${I})"
+	    done
+	    Display --indent 2 --text "- Checking passwordless accounts on Solaris" --result WARNING --color RED
+	fi
+    fi
+#
+#################################################################################
+#
+#    # Test        : AUTH-9255
+#    # Description : Solaris test for unique UIDs
+#    Register --test-no AUTH-9255 --os Solaris --weight L --network NO --description "Solaris unique UIDs"
+#    if [ ${SKIPTEST} -eq 0 ]; then
+#	FIND=`logins -d | awk '{ print $1 }'`
+#	if [ "${FIND}" = "" ]; then
+#	    logtext "Result: no duplicate accounts found, all accounts have an unique ID"
+#	    Display --indent 2 --text "- Checking unique UIDs on Solaris" --result OK --color GREEN
+#	  else
+#	    for I in ${FIND}; do
+#		ReportWarning ${TEST_NO} "H" "Found passwordless account (${I})"
+#	    done
+#	    Display --indent 2 --text "- Checking unique UIDs on Solaris" --result WARNING --color RED
+#	fi
+#    fi
+#
+#################################################################################
+#
+    # Test        : AUTH-9260 [T]
+    # Description : Search for account lockout on Linux
+    # Notes       : lib directory should be fixed
+#    Register --test-no AUTH-9260 --os Linux --weight L --network NO --description "Checking account lockout"
+#    if [ ${SKIPTEST} -eq 0 ]; then
+#	logtext "Test: searching for /lib/security/pam_tally.so"
+#	if [ -f /lib/security/pam_tally.so ]; then
+#	    logtext "Result: /lib/security/pam_tally.so found"
+#	    AddHP 1 1
+#	    Display --indent 2 --text "- Checking account lockout module (pam_tally)" --result FOUND --color GREEN
+#	    if [ -f /etc/pam.d/system-auth ]; then
+#		logtext "Test: search for enable pam_tally module in system-auth, with a deny value higher than zero"
+#		FIND=`grep "account required" /etc/pam.d/system-auth | grep "pam_tally.so" | grep "deny=" | grep -v "deny=0"`
+#		if [ "${FIND}" = "" ]; then
+#		    logtext "Result: pam_tally properly configured"
+#		    logtext "Output: ${FIND}"
+#		    AddHP 1 1
+#		    Display --indent 4 --text "- Checking lockout policy" --result FOUND --color GREEN
+#		  else
+#		    logtext "Result: pam_tally not (properly) configured"
+#		    logtext "Output: ${FIND}"
+#		    Display --indent 4 --text "- Checking lockout policy" --result SUGGESTION --color YELLOW
+#		    AddHP 0 1
+#		    ReportSuggestion ${TEST_NO} "Configure pam_tally in system-auth: account required /lib/security/pam_tally.so deny=3 no_magic_root reset"
+#		fi
+#	      else
+#	        logtext "Result: skipped, /etc/pam.d/system-auth not found"
+#	    fi
+#	  else
+#	    logtext "Result: /lib/security/pam_tally.so not found"
+#	    AddHP 0 1
+#	    Display --indent 2 --text "- Checking account lockout module (pam_tally)" --result "SUGGESTION" --color YELLOW
+#	    ReportSuggestion ${TEST_NO} "Install a PAM module for account lockout to counter brute force attacks"
+#	fi
+#
+#################################################################################
+#
+    # Test        : AUTH-9262
+    # Description : Search for PAM password strength testing libraries
+    # Notes       : YYY (combine with other PAM modules)
+    Register --test-no AUTH-9262 --weight L --network NO --description "Checking presence password strength testing tools (PAM)"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        FOUND=0
+        FOUND_CRACKLIB=0
+        FOUND_PASSWDQC=0
+
+        # Cracklib
+        logtext "Searching cracklib PAM module"
+        for I in ${PAM_FILE_LOCATIONS}; do
+            if [ -f ${I}/pam_cracklib.so ]; then
+                FOUND_CRACKLIB=1
+                logtext "Result: found pam_cracklib.so (crack library PAM) in ${I}"
+            fi
+        done
+        if [ ${FOUND_CRACKLIB} -eq 1 ]; then
+            logtext "Result: pam_cracklib.so found"
+            report "pam_cracklib=1"
+            AddHP 3 3
+            FOUND=1
+          else
+            logtext "Result: pam_cracklib.so NOT found (crack library PAM)"
+            AddHP 1 3
+        fi
+
+        # Passwd quality control
+        logtext "Searching passwdqc PAM module"
+        for I in ${PAM_FILE_LOCATIONS}; do
+            if [ -f ${I}/pam_passwdqc.so ]; then
+                FOUND_PASSWDQC=1
+                logtext "Result: found pam_passwdqc.so (passwd quality control PAM) in ${I}"
+            fi
+        done
+        if [ ${FOUND_PASSWDQC} -eq 1 ]; then
+            logtext "Result: pam_passwdqc.so found"
+            report "pam_passwdqc=1"
+            AddHP 3 3
+            FOUND=1
+          else
+            logtext "Result: pam_passwdqc.so NOT found (passwd quality control PAM)"
+            AddHP 1 3
+        fi
+
+        if [ ${FOUND} -eq 0 ]; then
+            Display --indent 2 --text "- Checking PAM password strength tools" --result "SUGGESTION" --color YELLOW
+            logtext "Result: no PAM modules for password strength testing found"
+            ReportSuggestion ${TEST_NO} "Install a PAM module for password strength testing like pam_cracklib or pam_passwdqc"
+          else
+            Display --indent 2 --text "- Checking PAM password strength tools" --result OK --color GREEN
+            logtext "Result: found at least one PAM module for password strength testing"
+        fi
+    fi
+#
+#################################################################################
+#
+    # Test        : AUTH-9264
+    # Description : Scan /etc/pam.conf file
+    Register --test-no AUTH-9264 --weight L --network NO --description "Checking presence pam.conf"
+    if [ ${SKIPTEST} -eq 0 ]; then
+	logtext "Test: Checking file /etc/pam.conf"
+	if [ -f /etc/pam.conf ]; then
+	    logtext "Result: file /etc/pam.conf exists"
+	    Display --indent 2 --text "- Checking PAM configuration files (pam.conf)" --result FOUND --color GREEN
+	    logtext "Test: searching PAM configuration files"
+	    FIND=`cat /etc/pam.conf | grep -v "^#" | grep -v "^$" | sed 's/ /!space!/g'`
+	    if [ "${FIND}" = "" ]; then
+	        logtext "Result: File has no configuration options defined (empty, or only filled with comments and empty lines)"
+	      else
+	        logtext "Result: found one or more configuration lines"
+		for I in ${FIND}; do
+		    I=`echo ${I} | sed 's/!space!/ /g'`
+		    logtext "Found line: ${I}"
+		done
+	    fi
+	  else
+	    logtext "Result: file /etc/pam.conf could not be found"
+	    Display --indent 2 --text "- Checking PAM configuration file (pam.conf)" --result "NOT FOUND" --color WHITE
+	fi	
+    fi
+#
+#################################################################################
+#
+    # Test        : AUTH-9266
+    # Description : Searching available PAM configurations (/etc/pam.d)
+    Register --test-no AUTH-9266 --weight L --network NO --description "Checking presence pam.d files"
+    if [ ${SKIPTEST} -eq 0 ]; then
+ 	logtext "Test: Checking directory /etc/pam.d"
+	if [ -d /etc/pam.d ]; then
+	    logtext "Result: directory /etc/pam.d exists"
+	    Display --indent 2 --text "- Checking PAM configuration files (pam.d)" --result FOUND --color GREEN
+	    logtext "Test: searching PAM configuration files"
+	    FIND=`find /etc/pam.d -type f -print | sort`
+	    for I in ${FIND}; do
+	        logtext "Found file: ${I}"
+	    done
+	  else
+	    logtext "Result: directory /etc/pam.d could not be found"
+	    Display --indent 2 --text "- Checking PAM configuration files (pam.d)" --result "NOT FOUND" --color WHITE
+	fi	
+    fi
+#
+#################################################################################
+#
+    # Test        : AUTH-9268
+    # Description : Searching available PAM files
+    # Notes       : PAM is used on AIX, Linux, HPUX, Solaris
+    if [ ${OS} = "AIX" -o ${OS} = "Linux" -o ${OS} = "HPUX" -o ${OS} = "Solaris" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
+    Register --test-no AUTH-9268 --preqs-met ${PREQS_MET} --weight L --network NO --description "Checking presence pam.d files"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        FOUND=0
+        logtext "Test: Searching pam modules"
+        for I in ${PAM_FILE_LOCATIONS}; do
+            logtext "Test: Checking ${I}"
+            if [ -d ${I} -a ! -L ${I} ]; then
+                logtext "Result: directory ${I} exists"
+                FIND=`find ${I} -type f -name "*.so" -print | sort`
+                if [ ! "${FIND}" = "" ]; then FOUND=1; fi
+                for I in ${FIND}; do
+                    logtext "Found file: ${I}"
+                done
+              else
+                logtext "Result: directory ${I} could not be found or is a symlink to another directory"
+            fi
+        done
+        # Check if we found at least one module
+        if [ ${FOUND} -eq 0 ]; then
+            Display --indent 2 --text "- Checking PAM modules" --result "NOT FOUND" --color WHITE
+            logtext "Result: no PAM modules found"
+          else
+            Display --indent 2 --text "- Checking PAM modules" --result FOUND --color GREEN
+        fi
+    fi
+#
+#################################################################################
+#
+    # Test        : AUTH-9270
+    # Description : Audit PAM configuration files
+#
+#################################################################################
+#
+    # Test        : AUTH-9278
+    # Description : Search LDAP support in PAM files
+    Register --test-no AUTH-9278 --weight L --network NO --description "Checking LDAP pam status"
+    if [ ${SKIPTEST} -eq 0 ]; then
+	logtext "Test: checking presence /etc/pam.d/common-auth"
+	if [ -f /etc/pam.d/common-auth ]; then
+	    logtext "Result: file /etc/pam.d/common-auth exists"
+	    logtext "Test: checking presence LDAP module"
+	    FIND=`cat /etc/pam.d/common-auth | grep "^auth" | grep "ldap"`
+	    if [ ! "${FIND}" = "" ]; then
+	        logtext "Result: LDAP module present"
+		logtext "Output: ${FIND}"
+		Display --indent 2 --text "- Checking LDAP module in PAM" --result FOUND --color GREEN
+                LDAP_AUTH_ENABLED=1
+                LDAP_PAM_ENABLED=1
+	      else
+	        logtext "Result: LDAP module not found"
+		Display --indent 2 --text "- Checking LDAP module in PAM" --result "NOT FOUND" --color WHITE
+		# YYY display message when ldap is enabled in /etc/passwd, but not found in PAM
+	    fi
+	  else
+	    logtext "Result: file /etc/pam.d/common-auth not found, skipping test"
+	fi
+    fi
+#
+#################################################################################
+#
+    # Test        : AUTH-9282 and AUTH-9283
+    # Note        : Every Linux based operating system seem to have different passwd
+    #               options, so we have to check the version first.
+    if [ "${OS}" = "Linux" ]; then
+        if [ ${OS_REDHAT_OR_CLONE} -eq 0 ]; then
+            case ${LINUX_VERSION} in
+                "SuSE")
+                    PREQS_MET="YES"
+                    FIND=`passwd -a -S | awk '{ if ($2=="P" && $5=="99999") print $1 }'`
+                    FIND2=`passwd -a -S | awk '{ if ($2=="NP") print $1 }'`
+                    ;;
+                *)
+                    PREQS_MET="YES"
+                    FIND=`passwd --all --status | awk '{ if ($2=="P" && $5=="99999") print $1 }'`
+                    FIND2=`passwd --all --status | awk '{ if ($2=="NP") print $1 }'`
+                    ;;
+            esac
+          else
+            logtext "Result: skipping test for this Linux version"
+            ReportManual "AUTH-9282:01"
+            PREQS_MET="NO"
+            FIND=""
+            FIND2=""
+        fi
+     else
+        PREQS_MET="NO"
+    fi
+
+    # Test        : AUTH-9282
+    # Description : Search password protected accounts without expire (Linux)
+    Register --test-no AUTH-9282 --preqs-met ${PREQS_MET} --weight L --network NO --description "Checking password protected account without expire date"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        logtext "Test: Checking Linux version and password expire date status"
+            if [ "${FIND}" = "" ]; then
+                logtext "Result: all accounts seem to have an expire date"
+                Display --indent 2 --text "- Checking accounts without expire date" --result OK --color GREEN
+              else
+                logtext "Result: found one or more accounts with expire date set"
+                for I in ${FIND}; do
+                  logtext "Account without expire date: ${I}"
+                done
+                Display --indent 2 --text "- Checking accounts without expire date" --result SUGGESTION --color YELLOW
+                ReportSuggestion ${TEST_NO} "When possible set expire dates for all password protected accounts"
+            fi
+    fi
+    # Test        : AUTH-9283
+    # Description : Search passwordless accounts
+    Register --test-no AUTH-9283 --preqs-met ${PREQS_MET} --weight L --network NO --description "Checking accounts without password"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        logtext "Test: Checking passwordless accounts"
+            if [ "${FIND2}" = "" ]; then
+                logtext "Result: all accounts seem to have a password"
+                Display --indent 2 --text "- Checking accounts without password" --result OK --color GREEN
+              else
+                logtext "Result: found one or more accounts without password"
+                for I in ${FIND2}; do
+                    logtext "Account without password: ${I}"
+                    report "account_without_password=${I}"
+                done
+                Display --indent 2 --text "- Checking accounts without password" --result WARNING --color RED
+                ReportWarning ${TEST_NO} "Found accounts without password"
+            fi
+    fi
+#
+#################################################################################
+#
+    # Test        : AUTH-9286
+    # Description : Check user password aging
+    if [ -f /etc/login.defs ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
+    Register --test-no AUTH-9286 --preqs-met ${PREQS_MET} --weight L --network NO --description "Checking user password aging"
+    if [ ${SKIPTEST} -eq 0 ]; then
+	logtext "Test: Checking PASS_MAX_DAYS option in /etc/login.defs "
+	FIND=`grep "^PASS_MAX_DAYS" /etc/login.defs | awk '{ if ($1=="PASS_MAX_DAYS") { print $2 } }'`
+	if [ "${FIND}" = "" -o "${FIND}" = "99999" ]; then
+	    # YYY check if LDAP is used with password policies
+	    logtext "Result: password aging limits are not configured"
+	    Display --indent 2 --text "- Checking user password aging" --result DISABLED --color YELLOW
+	    ReportSuggestion ${TEST_NO} "Configure password aging limits to enforce password changing on a regular base"
+	    AddHP 0 1
+	  else
+	    logtext "Result: accounts with password aging set are checked against PASS_MAX_DAYS"
+	    logtext "Result: value of PASS_MAX_DAYS is ${FIND}"
+	    Display --indent 2 --text "- Checking user password aging" --result OK --color GREEN
+	    AddHP 3 3
+	fi
+    fi
+#
+#################################################################################
+#
+    # Test        : AUTH-9292
+    # Description : Check locked accounts (exclamation mark as first char in second column)
+#
+#################################################################################
+#
+    # Test        : AUTH-9304
+    # Description : Check if single user mode login is properly configured in Solaris
+    # Notes       : sulogin should be called from svm script (Solaris <10) in /etc/rcS.d (YYY)
+    Register --test-no AUTH-9304 --os Solaris --weight L --network NO --description "Check single user login configuration"
+    if [ ${SKIPTEST} -eq 0 ]; then
+	# Check if file exists (Solaris 10 does not have this file by default)
+	if [ -f /etc/default/sulogin ]; then
+	    logtext "Result: file /etc/default/sulogin exists"
+	    logtext "Test: checking presence PASSREQ=NO"
+	    FIND=`grep "^PASSREQ=NO" /etc/default/sulogin`
+	    if [ "${FIND}" = "" ]; then
+		logtext "Result: option not present or configured to request a password at single user mode login"
+	        Display --indent 2 --text "- Checking Solaris /etc/default/sulogin file" --result OK --color GREEN
+	        AddHP 1 1
+	      else
+	        logtext "Result: option present, no password needed at single user mode login"
+	        Display --indent 2 --text "- Checking Solaris /etc/default/sulogin file" --result WARNING --color RED
+	        ReportWarning ${TEST_NO} "H" "No password needed for single user mode login"
+	        AddHP 0 1
+	    fi
+	  else
+	    logtext "Result: file /etc/default/sulogin does not exist"
+	fi
+    fi
+#
+#################################################################################
+#
+    # Test        : AUTH-9306
+    # Description : Check if authentication is needed to boot the system
+    # Notes       : :d_boot_authenticate: is a good option for production machines to
+    #               avoid unauthorized booting of systems. Option :d_boot_autentication@:
+    #               disabled a required login.
+    Register --test-no AUTH-9306 --os HP-UX --weight L --network NO --description "Check single boot authentication"
+    if [ ${SKIPTEST} -eq 0 ]; then
+	# Check if file exists
+	logtext "Test: Searching /tcb/files/auth/system/default"
+	if [ -f /tcb/files/auth/system/default ]; then
+	    logtext "Result: file /tcb/files/auth/system/default exists"
+	    logtext "Test: checking presence :d_boot_authenticate@:"
+	    FIND=`grep "^:d_boot_authenticate@" /tcb/files/auth/system/default`
+	    if [ "${FIND}" = "" ]; then
+		logtext "Result: option not set, password is needed at boot"
+	        Display --indent 2 --text "- Checking HP-UX boot authentication" --result OK --color GREEN
+	        AddHP 1 1
+	      else
+	        logtext "Result: option present, no password needed at single user mode login"
+	        Display --indent 2 --text "- Checking HP-UX boot authentication" --result SUGGESTION --color YELLOW
+	        ReportSuggestion ${TEST_NO} "Set password for system boot"
+	        AddHP 0 1
+	    fi
+	  else
+	    logtext "Result: file /tcb/files/auth/system/default does not exist"
+	fi
+    fi
+#
+#################################################################################
+#
+    # Test        : AUTH-9308
+    # Description : Check single user mode login for Linux
+    Register --test-no AUTH-9308 --os Linux --weight L --network NO --description "Check single user login configuration"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        FOUND=0
+        # Check if file exists
+        logtext "Test: Searching /etc/inittab"
+        if [ -f /etc/inittab ]; then
+            logtext "Result: file /etc/inittab exists"
+            logtext "Test: checking presence sulogin for single user mode"
+            FIND=`grep "^~~:S:wait:/sbin/sulogin" /etc/inittab`
+            FIND2=`grep "^su:S:wait:/sbin/sulogin" /etc/inittab`
+            if [ ! "${FIND}" = "" -o ! "${FIND2}" = "" ]; then
+                FOUND=1
+                logtext "Result: found sulogin, so single user is protected"
+            fi
+          else
+            logtext "Result: file /etc/inittab does not exist"
+        fi
+
+        # Check if file exists
+        logtext "Test: Searching /etc/sysconfig/init"
+        if [ -f /etc/sysconfig/init ]; then
+            logtext "Result: file /etc/sysconfig/init exists"
+            logtext "Test: checking presence sulogin for single user mode"
+            FIND=`grep "^SINGLE=/sbin/sulogin" /etc/sysconfig/init`
+            if [ ! "${FIND}" = "" ]; then
+                FOUND=1
+                logtext "Result: found sulogin, so single user is protected"
+            fi
+          else
+            logtext "Result: file /etc/inittab does not exist"
+        fi
+        if [ -f /etc/inittab -o -f /etc/sysconfig/init ]; then
+            if [ ${FOUND} -eq 0 ]; then
+                logtext "Result: option not set, no password needed at single user mode boot"
+                Display --indent 2 --text "- Checking Linux single user mode authentication" --result WARNING --color RED
+                ReportWarning ${TEST_NO} "L" "No password set for single mode"
+                ReportSuggestion ${TEST_NO} "Set password for single user mode to minimize physical access attack surface"
+                AddHP 0 2
+              else
+                logtext "Result: option set, password is needed at single user mode boot"
+                Display --indent 2 --text "- Checking Linux single user mode authentication" --result OK --color GREEN
+                AddHP 2 2
+            fi
+          else
+             # YYY
+             logtext "Result: No inittab or init file found, unsure if system is protected"
+        fi
+    fi
+#
+#################################################################################
+#
+    # Test        : AUTH-9322
+    # Description : Authentication time restrictions
+    # /etc/security/time.conf
+#
+#################################################################################
+#
+    # Test        : AUTH-9328
+    # Description : Check default umask in common files
+    # Notes:        This test should be moved later to shells section
+    # /etc/login.defs
+    # pam_umask
+    Register --test-no AUTH-9328 --weight L --network NO --description "Default umask values"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        Display --indent 2 --text "- Determining default umask"
+
+        # /etc/profile
+        logtext "Test: Checking /etc/profile"
+        if [ -f /etc/profile ]; then
+            logtext "Result: file /etc/profile exists"
+            logtext "Test: Checking umask value in /etc/profile"
+            FIND=`grep "umask" /etc/profile | sed 's/^[ \t]*//' | grep -v "^#" | awk '{ print $2 }'`
+            FIND2=`grep "umask" /etc/profile | sed 's/^[ \t]*//' | grep -v "^#" | awk '{ print $2 }' | wc -l`
+            #FIND2=`egrep "^([[:space:]])([[:tab:]])*umask" /etc/profile | awk '{ print $2 }' | wc -l`
+            WEAK_UMASK=0
+            FOUND_UMASK=0
+            if [ "${FIND2}" = "1" ]; then
+                logtext "Result: found umask (prefixed with spaces)"
+                FOUND_UMASK=1
+                if [ ! "${FIND}" = "077" -a ! "${FIND}" = "027" ]; then
+                    logtext "Result: found umask ${FIND}, which could be more strict"
+                    WEAK_UMASK=1
+                  else
+                    logtext "Result: found umask ${FIND}, which is fine"
+                fi
+              # Found more than 1 umask value in profile
+              else
+                logtext "Result: found several umask values configured in /etc/profile"
+                FOUND_UMASK=1
+                for I in ${FIND}; do
+                    if [ ! "${I}" = "077" -a ! "${I}" = "027" ]; then
+                        logtext "Result: umask ${I} could be more strict"
+                        WEAK_UMASK=1
+                      else
+                        logtext "Result: Found umask ${I}, which is fine"
+                    fi
+                done
+                AddHP 1 2
+            fi
+
+            if [ ${FOUND_UMASK} -eq 1 ]; then
+                if [ ${WEAK_UMASK} -eq 0 ]; then
+                    Display --indent 4 --text "- Checking umask (/etc/profile)" --result OK --color GREEN
+                    AddHP 2 2
+                  else
+                    Display --indent 4 --text "- Checking umask (/etc/profile)" --result SUGGESTION --color YELLOW
+                    ReportSuggestion ${TEST_NO} "Default umask in /etc/profile could be more strict like 027"
+                    AddHP 0 2
+                fi
+              else
+                    logtext "Result: found no umask. Please check if this is correct"
+                    Display --indent 4 --text "- Checking umask (/etc/profile)" --result "NOT FOUND" --color YELLOW
+                    ReportException "${TEST_NO}:01"
+                    ReportManual "AUTH-9328:01"
+                    AddHP 0 2
+            fi
+          else
+            logtext "Result: file /etc/profile does not exist"
+        fi
+
+        # /etc/passwd
+        logtext "Test: Checking umask entries in /etc/passwd (pam_umask)"
+        if [ -f /etc/passwd ]; then
+            logtext "Result: file /etc/passwd exists"
+            logtext "Test: Checking umask value in /etc/profile"
+            FIND=`grep "umask=" /etc/passwd`
+            if [ "${FIND}" = "" ]; then
+                ReportManual "AUTH-9328:03"
+            fi
+          else
+            logtext "Result: file /etc/passwd does not exist"
+        fi
+
+
+        # /etc/login.defs
+        logtext "Test: Checking /etc/login.defs"
+        if [ -f /etc/login.defs ]; then
+            logtext "Result: file /etc/profile exists"
+            logtext "Test: Checking UMASK value in /etc/login.defs"
+            FIND=`grep "^UMASK" /etc/login.defs | awk '{ print $2 }'`
+            if [ "${FIND}" = "" ]; then
+                logtext "Result: UMASK value is not configured (most likely it will have the default 022 value)"
+                Display --indent 4 --text "- Checking umask (/etc/login.defs)" --result SUGGESTION --color YELLOW
+                ReportSuggestion ${TEST_NO} "Default umask in /etc/login.defs could not be found and defaults usually to 022, which could be more strict like 027"
+		AddHP 1 2
+	    elif [ "${FIND}" = "077" -o "${FIND}" = "027" ]; then
+	        logtext "Result: umask is ${FIND}, which is fine"
+		Display --indent 4 --text "- Checking umask (/etc/login.defs)" --result OK --color GREEN
+		AddHP 2 2
+	      else
+	        logtext "Result: found umask ${FIND}, which could be improved"
+		Display --indent 4 --text "- Checking umask (/etc/login.defs)" --result SUGGESTION --color YELLOW
+		ReportSuggestion ${TEST_NO} "Default umask in /etc/login.defs could be more strict like 027"
+		AddHP 0 2
+	    fi
+	  else
+	    logtext "Result: file /etc/login.defs does not exist"
+	fi
+
+	# Red Hat /etc/init.d/functions
+	logtext "Test: Checking /etc/init.d/functions"
+	if [ -f /etc/init.d/functions ]; then
+	    logtext "Result: file /etc/init.d/functions exists"
+	    logtext "Test: Checking umask value in /etc/init.d/functions"
+	    FIND=`grep "^umask" /etc/init.d/functions | awk '{ print $2 }'`
+	    if [ "${FIND}" = "" ]; then
+	        logtext "Result: umask is not configured"
+		Display --indent 4 --text "- Checking umask (/etc/init.d/functions)" --result NONE --color WHITE
+	    elif [ "${FIND}" = "077" -o "${FIND}" = "027" ]; then
+	        logtext "Result: umask is ${FIND}, which is fine"
+		Display --indent 4 --text "- Checking umask (/etc/init.d/functions)" --result OK --color GREEN
+		AddHP 2 2
+	      else
+	        logtext "Result: found umask ${FIND}, which could be improved"
+		Display --indent 4 --text "- Checking umask (/etc/init.d/functions)" --result SUGGESTION --color YELLOW
+		AddHP 0 2
+		#YYY
+	    fi
+	  else
+	    logtext "Result: file /etc/init.d/functions does not exist"
+	fi
+
+	# /etc/init.d/rc [T]
+	# Always needed? (YYY)
+	logtext "Test: Checking /etc/init.d/rc"
+	if [ -f /etc/init.d/rc ]; then
+	    logtext "Result: file /etc/init.d/rc exists"
+	    logtext "Test: Checking UMASK value in /etc/init.d/rc"
+	    FIND=`grep -i "^UMASK" /etc/init.d/rc | awk '{ print $2 }'`
+	    if [ "${FIND}" = "" ]; then
+	        logtext "Result: UMASK value is not configured (most likely it will have the default 022 value)"
+		Display --indent 4 --text "- Checking umask (/etc/init.d/rc)" --result SUGGESTION --color YELLOW
+		ReportSuggestion ${TEST_NO} "Default umask in /etc/init.d/rc could not be found and defaults usually to 022, which could be more strict like 027"
+		AddHP 1 2
+	    elif [ "${FIND}" = "077" -o "${FIND}" = "027" ]; then
+	        logtext "Result: umask is ${FIND}, which is fine"
+		Display --indent 4 --text "- Checking umask (/etc/init.d/rc)" --result OK --color GREEN
+		AddHP 2 2
+	      else
+	        logtext "Result: found umask ${FIND}, which could be improved"
+		Display --indent 4 --text "- Checking umask (/etc/init.d/rc)" --result SUGGESTION --color YELLOW
+		ReportSuggestion ${TEST_NO} "Default umask in /etc/init.d/rc could be more strict like 027"
+		AddHP 0 2
+	    fi
+	  else
+	    logtext "Result: file /etc/init.d/rc does not exist"
+	fi
+
+	# /etc/init.d/rcS [T]
+	# Always needed? (YYY)
+	logtext "Test: Checking /etc/init.d/rcS"
+	if [ -f /etc/init.d/rcS ]; then
+	    logtext "Result: file /etc/init.d/rcS exists"
+	    logtext "Test: Checking if script runs another script."
+	    FIND=`grep -i "^exec " /etc/init.d/rcS | awk '{ print $2 }'`
+	    if [ "${FIND}" = "" ]; then
+		FIND2=`grep -i "^UMASK" /etc/init.d/rcS | awk '{ print $2 }'`
+		if [ "${FIND2}" = "" ]; then
+	    	    logtext "Result: UMASK value is not configured (most likely it will have the default 022 value)"
+		    Display --indent 4 --text "- Checking umask (/etc/init.d/rcS)" --result SUGGESTION --color YELLOW
+		    ReportSuggestion ${TEST_NO} "Default umask in /etc/init.d/rcS could not be found and defaults usually to 022, which could be more strict like 027"
+		    AddHP 1 2
+		  elif [ "${FIND2}" = "077" -o "${FIND2}" = "027" ]; then
+	    	    logtext "Result: umask is ${FIND2}, which is fine"
+		    Display --indent 4 --text "- Checking umask (/etc/init.d/rcS)" --result OK --color GREEN
+		    AddHP 2 2
+	          else
+	    	    logtext "Result: found umask ${FIND2}, which could be improved"
+		    Display --indent 4 --text "- Checking umask (/etc/init.d/rcS)" --result SUGGESTION --color YELLOW
+		    ReportSuggestion ${TEST_NO} "Default umask in /etc/init.d/rcS could be more strict like 027"
+		    AddHP 0 2
+		fi
+	      else
+	        # Improve check
+	        logtext "Result: exec line present in file, setting of umask not needed in this script"
+	        logtext "Output: ${FIND}"
+	    fi
+	  else
+	    logtext "Result: file /etc/init.d/rcS does not exist"
+	fi
+
+    fi
+#
+#################################################################################
+#
+    # Test        : AUTH-9340
+    # Description : Solaris account locking
+    Register --test-no AUTH-9340 --os Solaris --weight L --network NO --description "Solaris account locking"
+    if [ ${SKIPTEST} -eq 0 ]; then
+	FOUND=0
+	if [ -f /etc/security/policy.conf ]; then
+	    logtext "Result: found /etc/security/policy.conf"
+	    FIND=`grep "^LOCK_AFTER_RETRIES" /etc/security/policy.conf`
+	    if [ ! "${FIND}" = "" ]; then
+		FOUND=1
+		logtext "Result: account locking option set"
+		logtext "Output: ${FIND}"
+		AddHP 2 2
+	      else
+	        logtext "Result: option LOCK_AFTER_RETRIES not set"
+	        AddHP 1 2
+	    fi
+	  else
+	    logtext "Result: /etc/security/policy.conf does not exist"
+	fi
+	# If policy.conf does not exist, we most likely deal with a Solaris version below 10
+	# and we proceed with checking the softer option RETRIES in /etc/default/login
+	# which does not lock account, but discourages brute force password attacks.
+	if [ ${FOUND} -eq 0 ]; then
+	    logtext "Test: checking /etc/default/login"
+	    if [ -f /etc/default/login ]; then
+		logtext "Result: file /etc/default/login exists"
+		FIND=`grep "^RETRIES" /etc/default/login`
+		if [ ! "${FIND}" = "" ]; then
+		    FOUND=1
+		    logtext "Result: retries option configured"
+		    logtext "Output: ${FIND}"
+		    AddHP 2 2
+		  else
+		    logtext "Result: retries option not configured"
+		    AddHP 1 2
+		fi
+	      else
+	        logtext "Result: file /etc/default/login does not exist"
+	    fi
+	fi
+	if [ ${FOUND} -eq 1 ]; then
+	    Display --indent 2 --text "- Checking account locking" --result "ENABLED" --color GREEN
+	  else
+	    Display --indent 2 --text "- Checking account locking" --result "NOT ENABLED" --color YELLOW
+	fi
+	
+    fi
+#
+#################################################################################
+#
+    # Test        : AUTH-9342 [T]
+    # Description : AIX account locking
+    # Notes       : /usr/sbin/lsuser -a logretries ALL
+    #               should return ${ACCOUNT_MAX_RETRIES} or less for each user, but not 0
+#
+#################################################################################
+#
+    # Test        : AUTH-9344 [T]
+    # Description : HP-UX account locking
+    # Notes       : grep :u_maxtries# /tcb/files/auth/system/default
+    #               should return ${ACCOUNT_MAX_RETRIES} or less, but not 0
+#
+#################################################################################
+#
+    # Test        : AUTH-9348 [T]
+    # Description : Delay time after each failed login
+    # Notes       : This control counters brute force attacking by delaying each
+    #               attempt, while giving normal users to try typing in their
+    #               account details after a reasonable delay
+    #               Should return ${ACCOUNT_DELAY_TIME} or more
+    #               (4 seconds would be good)
+    #               AIX
+    #               grep "logindelay" /etc/security/login.cfg
+    #               Linux
+    #               grep "FAIL_DELAY" /etc/login.defs
+    #               HP-UX
+    #               grep ":t_logdelay#" /tcb/files/auth/system/default
+#
+#################################################################################
+#
+    # Test        : AUTH-9402
+    # Description : Query LDAP authentication support
+    Register --test-no AUTH-9402 --weight L --network NO --description "Query LDAP authentication support"
+    if [ ${SKIPTEST} -eq 0 ]; then
+	if [ -f /etc/nsswitch.conf ]; then
+	    FIND=`egrep "^passwd" /etc/nsswitch.conf | grep "ldap"`
+	    if [ "${FIND}" = "" ]; then
+	        logtext "Result: LDAP authentication not enabled"
+	        Display --indent 2 --text "- Checking LDAP authentication support" --result "NOT ENABLED" --color WHITE
+	      else
+	        logtext "Result: LDAP authentication enabled"
+	        Display --indent 2 --text "- Checking LDAP authentication support" --result "ENABLED" --color GREEN
+	        LDAP_AUTH_ENABLED=1
+	    fi
+	  else
+	    logtext "Result: /etc/nsswitch.conf not found"
+	fi
+    fi
+#
+#################################################################################
+#
+    # Test        : AUTH-9404
+    # Description : Check LDAP client configuration
+#    if [ ${LDAP_AUTH_ENABLED} -eq 1 ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
+#    Register --test-no AUTH-9404 --preqs-met ${PREQS_MET} --weight L --network NO --description "Query LDAP servers in client configuration"
+#    if [ ${SKIPTEST} -eq 0 ]; then
+#	logtext "Test: checking ldap.conf locations"    
+#	for I in ${LDAP_CONF_LOCATIONS}; do
+#	    logtext "Test: checking ${I}"
+#	    if [ -f ${I} ]; then
+#	        logtext "Result: file ${I} exists"
+#		logtext "Test: checking LDAP servers in file ${I}"
+#		FIND2=`egrep "^host " ${I} | awk '{ print $2 }'`
+#		for I in ${FIND2}; do
+#		    Display --indent 6 --text "LDAP server: ${I}"
+#		    logtext "Result: found LDAP server ${I}"
+#		    # YYY check if host(s) are reachable/respond to queries
+#		done
+#	      else
+#	        logtext "Result: ${I} does NOT exist"
+#	    fi
+#	done
+#    fi
+#
+#################################################################################
+#
+    # Test        : AUTH-9406
+    # Description : Check LDAP servers in client configuration
+    if [ ${LDAP_AUTH_ENABLED} -eq 1 ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
+    Register --test-no AUTH-9406 --preqs-met ${PREQS_MET} --weight L --network NO --description "Query LDAP servers in client configuration"
+    if [ ${SKIPTEST} -eq 0 ]; then
+	logtext "Test: checking ldap.conf options"    
+	for I in ${LDAP_CONF_LOCATIONS}; do
+	    logtext "Test: checking ${I}"
+	    if [ -f ${I} ]; then
+	        logtext "Result: file ${I} exists"
+		logtext "Test: checking LDAP servers in file ${I}"
+		FIND2=`egrep "^host " ${I} | awk '{ print $2 }'`
+		for I in ${FIND2}; do
+		    Display --indent 6 --text "LDAP server: ${I}"
+		    logtext "Result: found LDAP server ${I}"
+		    # YYY check if host(s) are reachable/respond to queries
+		done
+	      else
+	        logtext "Result: ${I} does NOT exist"
+	    fi
+	done
+    fi
+#
+#################################################################################
+#
+    # Test        : AUTH-92xx
+    # Description : login.access checks
+    #Register --test-no AUTH-92xx --weight L --network NO --description "login.access checks"
+#
+#################################################################################
+#
+# pam_unix.so
+# pam_cracklib.so
+# pam_pwcheck.so
+# pam_env.so
+# pam_xauth.so
+# pam_tally.so
+# pam_wheel.so
+# pam_limits.so
+# pam_nologin.so
+# pam_deny.so
+# pam_securetty.so
+# pam_time.so
+# pam_access.so
+# pam_listfile.so
+# pam_lastlog.so
+# pam_warn.so
+# pam_console.so
+# pam_resmgr.so
+# pam_devperm.so
+#
+#################################################################################
+#
+# sudoers: Check for potential harmful commands like vi, echo, cat
+#
+#################################################################################
+#
+
+report "ldap_auth_enabled=${LDAP_AUTH_ENABLED}"
+report "ldap_pam_enabled=${LDAP_PAM_ENABLED}"
+
+wait_for_keypress
+
+#
+#================================================================================
+# Lynis - Copyright 2007-2014, Michael Boelen - www.rootkit.nl - The Netherlands
diff --git a/include/tests_banners b/include/tests_banners
new file mode 100644
index 00000000..38c42c01
--- /dev/null
+++ b/include/tests_banners
@@ -0,0 +1,250 @@
+#!/bin/sh
+
+#################################################################################
+#
+#   Lynis
+# ------------------
+#
+# Copyright 2007-2014, Michael Boelen (michael@rootkit.nl), The Netherlands
+# Web site: http://www.rootkit.nl
+#
+# Lynis comes with ABSOLUTELY NO WARRANTY. This is free software, and you are
+# welcome to redistribute it under the terms of the GNU General Public License.
+# See LICENSE file for usage of this software.
+#
+#################################################################################
+#
+# Banners and identification
+#
+#################################################################################
+#
+    InsertSection "Banners and identification"
+#    Display --indent 2 --text "- Checking banners..."
+#
+#################################################################################
+#
+    BANNER_FILES="/etc/issue /etc/issue.net /etc/motd"
+    LEGAL_BANNER_STRINGS="access authorized legal monitor owner policy policies private prohibited restricted this unauthorized"
+#
+#################################################################################
+#
+    # Test        : BANN-7113
+    # Description : Check FreeBSD COPYRIGHT banner file
+    Register --test-no BANN-7113 --os FreeBSD --weight L --network NO --description "Check COPYRIGHT banner file"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        logtext "Test: Testing existence /COPYRIGHT or /etc/COPYRIGHT"
+        if [ -f /COPYRIGHT ]; then
+            Display --indent 2 --text "- /COPYRIGHT" --result FOUND --color GREEN
+            if [ -s /COPYRIGHT ]; then
+                logtext "Result: /COPYRIGHT available and contains text"
+             else
+                logtext "Result: /COPYRIGHT available, but empty"
+            fi
+          else
+            Display --indent 2 --text "- /COPYRIGHT" --result "NOT FOUND" --color WHITE
+            logtext "Result: /COPYRIGHT not found"
+        fi
+
+        if [ -f /etc/COPYRIGHT ]; then
+            Display --indent 2 --text "- /etc/COPYRIGHT" --result FOUND --color GREEN	
+            if [ -s /etc/COPYRIGHT ]; then
+                logtext "Result: /etc/COPYRIGHT available and contains text"
+              else
+                logtext "Result: /etc/COPYRIGHT available, but empty"
+            fi
+          else
+            Display --indent 2 --text "- /etc/COPYRIGHT" --result "NOT FOUND" --color WHITE
+            logtext "Result: /etc/COPYRIGHT not found"
+        fi
+    fi
+#
+#################################################################################
+#
+    # Test        : BANN-7119
+    # Description : Check MOTD banner file
+    Register --test-no BANN-7119 --weight L --network NO --description "Check MOTD banner file"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        logtext "Test: Testing existence /etc/motd"
+        if [ -f /etc/motd  ]; then
+	    logtext "Result: file /etc/motd exists"
+	    Display --indent 2 --text "- /etc/motd..." --result FOUND --color GREEN
+	    if [ ! -L /etc/motd ]; then
+	        IsWorldWritable /etc/motd
+		if [ "${FileIsWorldWritable}" = "TRUE" ]; then
+		    Display --indent 4 --text "- /etc/motd permissions..." --result WARNING --color RED
+		    logtext "Result: /etc/motd is world writable. Users can change this file!"
+		    ReportWarning ${TEST_NO} "H" "/etc/motd is world writable"
+	         else
+		    Display --indent 4 --text "- /etc/motd permissions..." --result OK --color GREEN
+		    logtext "Result: /etc/motd is not world writable."
+		fi
+	      else
+	        logtext "Result: file /etc/motd is symlink"
+	    fi
+	  else
+	    logtext "Result: File /etc/motd not found"
+	    Display --indent 2 --text "- /etc/motd..." --result "NOT FOUND" --color WHITE
+        fi
+    fi
+#
+#################################################################################
+#
+    # Test        : BANN-7122
+    # Description : Check motd file to see if it contains some form of message
+    #               to discourage unauthorized users to leave the system alone
+    if [ -f /etc/motd -a ! -L /etc/motd ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
+    Register --test-no BANN-7122 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check /etc/motd banner file contents"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        N=0
+        logtext "Test: Checking file /etc/motd contents for legal key words"
+        for I in ${LEGAL_BANNER_STRINGS}; do
+	    FIND=`grep -i "${I}" /etc/motd`
+	    if [ ! "${FIND}" = "" ]; then
+	        logtext "Result: found string '${I}'"
+	        N=`expr ${N} + 1`
+	    fi
+	done
+	# Check if we have 5 or more key words
+	if [ ${N} -gt 4 ]; then
+	    logtext "Result: Found ${N} key words, to warn unauthorized users"
+	    Display --indent 4 --text "- /etc/motd contents..." --result OK --color GREEN
+	    AddHP 2 2
+	  else
+	    logtext "Result: Found only ${N} key words, to warn unauthorized users and could be increased"
+	    Display --indent 4 --text "- /etc/motd contents..." --result WEAK --color YELLOW
+	    ReportSuggestion ${TEST_NO} "Add legal banner to /etc/motd, to warn unauthorized users"
+	    AddHP 0 1
+	fi
+    fi
+#
+#################################################################################
+#
+    # Test        : BANN-7124
+    # Description : Check issue banner file
+    Register --test-no BANN-7124 --weight L --network NO --description "Check issue banner file"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        logtext "Test: Checking file /etc/issue"
+        if [ -f /etc/issue ]; then
+    	    # Check for symlink
+    	    if [ -L /etc/issue ]; then
+		logtext "Result: file /etc/issue exists (symlink)"
+		Display --indent 2 --text "- /etc/issue..." --result SYMLINK --color GREEN
+	      else
+		Display --indent 2 --text "- /etc/issue..." --result FOUND --color GREEN
+	    fi
+	  else
+	    logtext "Result: file /etc/issue does not exist"
+	    Display --indent 2 --text "- /etc/issue..." --result "NOT FOUND" --color WHITE
+	fi
+    fi
+#
+#################################################################################
+#
+    # Test        : BANN-7126
+    # Description : Check issue file to see if it contains some form of message
+    #               to discourage unauthorized users to leave the system alone
+    if [ -f /etc/issue ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
+    Register --test-no BANN-7126 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check issue banner file contents"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        N=0
+        logtext "Test: Checking file /etc/issue contents for legal key words"
+        for I in ${LEGAL_BANNER_STRINGS}; do
+            FIND=`grep -i "${I}" /etc/issue`
+            if [ ! "${FIND}" = "" ]; then
+                logtext "Result: found string '${I}'"
+                N=`expr ${N} + 1`
+            fi
+        done
+        # Check if we have 5 or more key words
+        if [ ${N} -gt 4 ]; then
+            logtext "Result: Found ${N} key words (5 or more suggested), to warn unauthorized users"
+            Display --indent 4 --text "- /etc/issue contents..." --result OK --color GREEN
+            AddHP 2 2
+          else
+            logtext "Result: Found only ${N} key words (5 or more suggested), to warn unauthorized users and could be increased"
+            Display --indent 4 --text "- /etc/issue contents..." --result WEAK --color YELLOW
+            ReportSuggestion ${TEST_NO} "Add a legal banner to /etc/issue, to warn unauthorized users"
+            AddHP 0 1
+        fi
+    fi
+#
+#################################################################################
+#
+    # Test        : BANN-7128
+    # Description : Check issue.net banner file
+    Register --test-no BANN-7128 --weight L --network NO --description "Check issue.net banner file"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        logtext "Test: Checking file /etc/issue.net"
+        if [ -f /etc/issue.net ]; then
+    	    # Check for symlink
+    	    if [ -L /etc/issue.net ]; then
+		logtext "Result: file /etc/issue.net exists (symlink)"
+		Display --indent 2 --text "- /etc/issue.net..." --result SYMLINK --color GREEN
+	      else
+	        logtext "Result: file /etc/issue.net exists"
+		Display --indent 2 --text "- /etc/issue.net..." --result FOUND --color GREEN
+	    fi
+	  else
+	    logtext "Result: file /etc/issue.net does not exist"
+	    Display --indent 2 --text "- /etc/issue.net..." --result "NOT FOUND" --color WHITE
+	fi
+    fi
+#
+#################################################################################
+#
+    # Test        : BANN-7130
+    # Description : Check issue.net file to see if it contains some form of message
+    #               to discourage unauthorized users to leave the system alone
+    if [ -f /etc/issue.net ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
+    Register --test-no BANN-7130 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check issue.net banner file contents"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        N=0
+        logtext "Test: Checking file /etc/issue.net contents for legal key words"
+        for I in ${LEGAL_BANNER_STRINGS}; do
+	    FIND=`grep -i "${I}" /etc/issue.net`
+	    if [ ! "${FIND}" = "" ]; then
+	        logtext "Result: found string '${I}'"
+	        N=`expr ${N} + 1`
+	    fi
+	done
+	# Check if we have 5 or more key words
+	if [ ${N} -gt 4 ]; then
+	    logtext "Result: Found ${N} key words, to warn unauthorized users"
+	    Display --indent 4 --text "- /etc/issue.net contents..." --result OK --color GREEN
+	    AddHP 2 2
+	  else
+	    logtext "Result: Found only ${N} key words, to warn unauthorized users and could be increased"
+	    Display --indent 4 --text "- /etc/issue.net contents..." --result WEAK --color YELLOW
+	    ReportSuggestion ${TEST_NO} "Add legal banner to /etc/issue.net, to warn unauthorized users"
+	    AddHP 0 1
+	fi
+    fi
+#
+#################################################################################
+#
+# /etc/dt/config/*/Xresources
+# /etc/default/telnetd (telnet without TCP wrappers)
+# /etc/default/ftpd (ftp without TCP wrappers)
+# /etc/ftpd/banner.msg (ftp without TCP wrappers on Solaris)
+# /etc/ftpaccess (HP-UX)
+# /etc/ftpmotd (AIX)
+# /etc/ftpaccess.ctl (AIX)
+# /etc/security/login.cfg (AIX)
+# /etc/X11/xdm/Xresources
+# /etc/X11/xdm/kdmrc
+# /etc/X11/gdm/gdm
+# /etc/vsftpd.conf
+#
+#################################################################################
+#
+
+wait_for_keypress
+
+#
+#################################################################################
+#
+# Notes:
+# HPUX: /etc/copyright
+#
+#================================================================================
+# Lynis - Copyright 2007-2014, Michael Boelen - www.rootkit.nl - The Netherlands
diff --git a/include/tests_boot_services b/include/tests_boot_services
new file mode 100644
index 00000000..2755460d
--- /dev/null
+++ b/include/tests_boot_services
@@ -0,0 +1,522 @@
+#!/bin/sh
+
+#################################################################################
+#
+#   Lynis
+# ------------------
+#
+# Copyright 2007-2014, Michael Boelen (michael@rootkit.nl), The Netherlands
+# Web site: http://www.rootkit.nl
+#
+# Lynis comes with ABSOLUTELY NO WARRANTY. This is free software, and you are
+# welcome to redistribute it under the terms of the GNU General Public License.
+# See LICENSE file for usage of this software.
+#
+#################################################################################
+#
+# Category: Boot and services
+#
+#################################################################################
+#
+    InsertSection "Boot and services"
+#
+#################################################################################
+#
+    Display --indent 2 --text "- Checking boot loaders"
+    BOOT_LOADER="Unknown"
+#
+#################################################################################
+#
+    # Test        : BOOT-5121
+    # Description : Check for GRUB boot loader
+    Register --test-no BOOT-5121 --weight L --network NO --description "Check for GRUB boot loader presence"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        FOUND=0
+        logtext "Test: Checking for presence GRUB conf file (/boot/grub/grub.conf or /boot/grub/menu.lst)..."
+        if [ -f /boot/grub/grub.conf -o -f /boot/grub/menu.lst ]; then
+            FOUND=1
+            BOOT_LOADER="GRUB"
+            Display --indent 4 --text "- Checking presence GRUB... " --result "OK" --color GREEN
+            if [ -f /boot/grub/grub.conf ]; then GRUBCONFFILE="/boot/grub/grub.conf"; else GRUBCONFFILE="/boot/grub/menu.lst"; fi
+            logtext "Found file ${GRUBCONFFILE}, proceeding with tests."
+            FIND=`cat ${GRUBCONFFILE} | grep 'password --md5' | grep -v '^#'`
+            FIND2=`cat ${GRUBCONFFILE} | grep 'password --encrypted' | grep -v '^#'`
+            if [ "${FIND}" = "" -a "${FIND2}" = "" ]; then
+                Display --indent 6 --text "- Checking for password protection..." --result WARNING --color RED
+                logtext "Result: Didn't find MD5/SHA1 hashed password line in GRUB boot file!"
+                logtext "Risk: user can switch to single user mode by editing current menu items or bypassing them."
+                logtext "Additional information: Do NOT use a plaintext password, since the grub.conf or menu.lst file is most likely to be world readable!"
+                logtext "If an unsecured OS like DOS is used, add 'lock' below that entry and setup a password with the password option, to prevent direct system access."
+                ReportWarning ${TEST_NO} "M" "No password set on GRUB bootloader"
+                logtext "Tip: Run grub-crypt or grub-md5-crypt and create a hashed password. Add a line below the line timeout=<value>, add: password --md5 <password hash> or password --encrypted <password hash> for SHA1 encrypted password"
+                AddHP 0 2
+              else
+                Display --indent 6 --text "- Checking for password protection..." --result OK --color GREEN
+                logtext "Result: GRUB has password protection."
+                AddHP 4 4
+            fi
+        fi
+
+        # GRUB2 configuration file
+        if [ -f /boot/grub/grub.cfg ]; then
+            FOUND=1
+            BOOT_LOADER="GRUB2"
+            Display --indent 4 --text "- Checking presence GRUB2... " --result FOUND --color GREEN
+            logtext "Result: found GRUB2 configuration file (/boot/grub/grub.cfg)"
+            # YYY password check, when documentation of GRUB2 project is improved
+            # YYY Add check permission check (600)
+            ReportManual "${TEST_NO}:01"
+        fi
+
+        if [ ${FOUND} -eq 0 ]; then
+            Display --indent 4 --text "- Checking presence GRUB... " --result "NOT FOUND" --color WHITE
+            logtext "Result: no GRUB configuration file found."
+        fi
+    fi
+#
+#################################################################################
+#
+    # Test        : BOOT-5124
+    # Description : Check for FreeBSD boot loader
+    Register --test-no BOOT-5124 --os FreeBSD --weight L --network NO --description "Check for FreeBSD boot loader presence"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        if [ -f /boot/boot1 -a -f /boot/boot2 -a -f /boot/loader ]; then
+            logtext "Result: found boot1, boot2 and loader files in /boot"
+            Display --indent 4 --text "- Checking presence FreeBSD loader" --result FOUND --color GREEN
+            BOOT_LOADER="FreeBSD"
+          else
+            logtext "Result: Not all expected files found in /boot"
+            Display --indent 4 --text "- Checking presence FreeBSD loader" --result "NOT FOUND" --color WHITE	  
+        fi
+    fi
+#
+#################################################################################
+#
+    # Test        : BOOT-5126
+    # Description : Check for NetBSD boot loader
+    Register --test-no BOOT-5126 --os NetBSD --weight L --network NO --description "Check for NetBSD boot loader presence"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        if [ -f /boot.${HARDWARE} -o -f /boot -o -f /ofwboot ]; then
+            logtext "Result: found NetBSD secondary bootstrap"
+            Display --indent 4 --text "- Checking presence NetBSD loader" --result FOUND --color GREEN
+            BOOT_LOADER="NetBSD"
+          else
+            logtext "Result: NetBSD secondary bootstrap not found"
+            Display --indent 4 --text "- Checking presence FreeBSD loader" --result "NOT FOUND" --color YELLOW 
+            ReportException "${TEST_NO}:1" "No boot loader found on NetBSD"
+        fi
+    fi
+#
+#################################################################################
+#
+    # Test        : BOOT-5139
+    # Description : Check for LILO boot loader
+    # Notes       : password= or password =
+    Register --test-no BOOT-5139 --weight L --network NO --description "Check for LILO boot loader presence"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        logtext "Test: checking for presence LILO configuration file..."
+        if [ -f /etc/lilo.conf ]; then
+            BOOT_LOADER="LILO"
+            Display --indent 4 --text "- Checking presence LILO... " --result "OK" --color GREEN
+            logtext "Checking password option LILO..."
+            FIND=`cat /etc/lilo.conf | ${EGREPBINARY} 'password[[:space:]]?=' | grep -v "^#"`
+            if [ "${FIND}" = "" ]; then
+                Display --indent 6 --text "- Password option presence " --result "WARNING" --color RED
+                logtext "Result: no password set for LILO. Bootloader is unprotected to"
+                logtext "dropping to single user mode or unauthorized access to devices/data."
+                ReportSuggestion ${TEST_NO} "Add a password to LILO, by adding a line to the lilo.conf file, above the first line saying 'image=<name>': password=<password>"
+                ReportWarning ${TEST_NO} "M" "No password set on LILO bootloader"
+                AddHP 0 2
+              else
+                Display --indent 6 --text "- Password option presence " --result "OK" --color GREEN
+                logtext "Result: LILO password option set"
+                AddHP 4 4
+            fi
+            #YYY (making /etc/lilo.conf immutable is a good idea, chattr +i /etc/lilo.conf)
+          else
+            Display --indent 4 --text "- Checking presence LILO... " --result "NOT FOUND" --color WHITE
+            logtext "Result: LILO configuration file not found"
+        fi
+    fi
+#
+#################################################################################
+#
+    # Test        : BOOT-5142
+    # Description : Check for SILO boot loader
+    Register --test-no BOOT-5142 --weight L --network NO --description "Check SPARC Improved boot loader (SILO)"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        if [ -f /etc/silo.conf ]; then
+            logtext "Result: Found SILO configuration file (/etc/silo.conf)"
+            Display --indent 4 --text "- Checking boot loader SILO" --result FOUND --color GREEN
+            BOOT_LOADER="SILO"
+          else
+            logtext "Result: no SILO configuration file found."
+            Display --indent 4 --text "- Checking boot loader SILO" --result "NOT FOUND" --color WHITE
+        fi
+    fi
+#
+#################################################################################
+#
+    # Test        : BOOT-5144
+    # Description : Check for SILO boot loader consistency
+    # Notes       : To be tested on Gentoo
+#    Register --test-no BOOT-5144 --weight L --network NO --description "Check SPARC Improved boot loader (SILO)"
+#    if [ ${SKIPTEST} -eq 0 ]; then
+#        if [ -f /etc/silo.conf -a -x /sbin/silo ]; then
+#            FIND=`/sbin/silo | grep "appears to be valid"`
+#            if [ ! "${FIND}" = "" ]; then
+#                logtext "Result: Found SILO configuration file (/etc/silo.conf)"
+#                Display --indent 6 --text "- Checking SILO consistency" --result OK --color GREEN
+#              else
+#                logtext "Result: no positive result received from silo binary"
+#                ReportWarning ${TEST_NO} "Possible issue with boot loader (SILO)"
+#                Display --indent 6 --text "- Checking SILO consistency" --result WARNING --color RED
+#            fi
+#        fi
+#    fi
+#
+#################################################################################
+#
+    # Test        : BOOT-5155
+    # Description : Check for YABOOT boot loader
+    Register --test-no BOOT-5155 --weight L --network NO --description "Check for YABOOT boot loader configuration file"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        logtext "Test: Check for /etc/yaboot.conf"
+        if [ -f /etc/yaboot.conf ]; then
+            logtext "Result: Found YABOOT configuration file (/etc/yaboot.conf)"
+            Display --indent 4 --text "- Checking boot loader YABOOT" --result FOUND --color GREEN
+            #YYY add permission check
+            BOOT_LOADER="YABOOT"
+          else
+            logtext "Result: no YABOOT configuration file found."
+            Display --indent 4 --text "- Checking boot loader YABOOT" --result "NOT FOUND" --color WHITE
+        fi
+    fi
+#
+#################################################################################
+#
+    # Test        : BOOT-5159
+    # Description : Check for OpenBSD boot loader
+    # More info   : only OpenBSD && i386 platform
+    Register --test-no BOOT-5159 --os OpenBSD --platform i386 --weight L --network NO --description "Check for OpenBSD i386 boot loader presence"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        if [ -f /etc/boot.conf ]; then
+            Display --indent 2 --text "- Checking /etc/boot.conf..." --result "FOUND" --color GREEN
+            FIND=`grep '^boot' /etc/boot.conf`
+            if [ "${FIND}" = "" ]; then
+                Display --indent 4 --text "- Checking boot option..." --result WARNING --color RED
+                ReportSuggestion ${TEST_NO} "Add 'boot' to the /etc/boot.conf file to disable the default 5 seconds waiting time, to disallow booting into single user mode."
+                ReportWarning ${TEST_NO} "M" "System can be booted into single user mode without password"
+              else
+                Display --indent 4 --text "- Checking boot option..." --result OK --color GREEN
+                logtext "Ok, boot option is enabled."
+            fi
+          else
+            Display --indent 2 --text "- Checking /etc/boot.conf..." --result "NOT FOUND" --color YELLOW
+            logtext "Result: no /etc/boot.conf found. When using the default boot loader, physical"
+            logtext "access to the server can be used to possibly enter single user mode."
+            ReportSuggestion ${TEST_NO} "Add 'boot' to the /etc/boot.conf file to disable the default 5 seconds waiting time."
+        fi
+    fi
+#
+#################################################################################
+#
+    # Test        : BOOT-5165
+    # Description : Check for FreeBSD boot services
+    Register --test-no BOOT-5165 --os FreeBSD --weight L --network NO --description "Check for FreeBSD boot services"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        # FreeBSD (Read /etc/rc.conf file for enabled services)
+        logtext "Searching for services at startup (rc.conf)..."
+        FIND=`egrep -v -i '^#|none' /etc/rc.conf | egrep -i '_enable.*(yes|on|1)' | sort | awk -F= '{ print $1 }' | sed 's/_enable//'`
+        N=0
+        for I in ${FIND}; do
+            logtext "Found service (rc.conf): ${I}"
+            report "boottask[]=${I}"
+            N=`expr ${N} + 1`
+        done
+        Display --indent 2 --text "- Checking services at startup (rc.conf)..." --result "DONE" --color GREEN
+        Display --indent 6 --text "Result: found $N services/options set"
+        logtext "Found $N services/options to run at startup"
+    fi
+#
+#################################################################################
+#
+    # Test        : BOOT-5166
+    # Description : Check for /etc/rc.local file (and contents)
+#
+#################################################################################
+#
+    # Test        : BOOT-5177
+    # Description : Check for Linux boot services (systemd and chkconfig)
+    # Notes       : We skip using chkconfig if systemd is being used.
+    Register --test-no BOOT-5177 --os Linux --weight L --network NO --description "Check for Linux boot and running services"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        CHECKED=0
+        logtext "Test: checking presence systemctl binary"
+        # Determine if we have systemctl on board
+        if [ ! "${SYSTEMCTLBINARY}" = "" ]; then
+            logtext "Result: systemctl binary found, trying that to discover information"
+            # Running services
+            logtext "Searching for running services (systemctl services only)"
+            FIND=`${SYSTEMCTLBINARY} --full --type=service | awk '{ if ($4=="running") { print $1 } }' | awk -F. '{ print $1 }'`
+            N=0
+            report "running_service_tool=systemctl"
+            for I in ${FIND}; do
+                logtext "Found running service: ${I}"
+                report "running_service[]=${I}"
+                N=`expr ${N} + 1`
+            done
+            logtext "Suggestion: Run systemctl --full --type=service to see all services"
+            Display --indent 2 --text "- Check running services (systemctl)... " --result "DONE" --color GREEN
+            Display --indent 8 --text "Result: found $N running services"
+            logtext "Result: Found $N enabled services"
+
+            # Services at boot
+            logtext "Searching for enabled services (systemctl services only)"
+            FIND=`${SYSTEMCTLBINARY} list-unit-files --type=service | awk '{ if ($2=="enabled") { print $1 } }' | awk -F. '{ print $1 }'`
+            N=0
+            report "boot_service_tool=systemctl"
+            for I in ${FIND}; do
+                logtext "Found enabled service at boot: ${I}"
+                report "boot_service[]=${I}"
+                N=`expr ${N} + 1`
+            done
+            logtext "Suggestion: Run systemctl list-unit-files --type=service to see all services"
+            Display --indent 2 --text "- Check enabled services at boot (systemctl)... " --result "DONE" --color GREEN
+            Display --indent 8 --text "Result: found $N enabled services"
+            logtext "Result: Found $N running services"
+
+          else
+            logtext "Result: systemctl binary not found, checking chkconfig binary"
+            if [ ! "${CHKCONFIGBINARY}" = "" ]; then
+                logtext "Result: chkconfig binary found, trying that to discover information"
+                logtext "Searching for services at startup (chkconfig, runlevel 3 and 5)... "
+                FIND=`${CHKCONFIGBINARY} --list | egrep '3:on|5:on' | awk '{ print $1 }'`
+                N=0
+                report "boot_service_tool=chkconfig"
+                for I in ${FIND}; do
+                    logtext "Found service (at boot, runlevel 3 or 5): ${I}"
+                    report "boot_service[]=${I}"
+                    N=`expr ${N} + 1`
+                done
+                logtext "Suggestion: Run chkconfig --list to see all services and disable unneeded services"
+                Display --indent 2 --text "- Check services at startup (chkconfig)... " --result "DONE" --color GREEN
+                Display --indent 8 --text "Result: found $N services"
+                logtext "Result: Found $N services at startup"
+              else
+                logtext "Result: both systemctl and chkconfig not found. Skipping this test"
+            fi
+        fi
+    fi
+#
+#################################################################################
+#
+    # Test        : BOOT-5178
+    # Description : Check for Linux boot services (Red Hat style)
+    #    if [ ! "${CHKCONFIGBINARY}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
+    #    Register --test-no BOOT-5178 --os Linux --preqs-met ${PREQS_MET} --weight L --network NO --description "Check for unneeded Linux boot services (Red Hat style)"
+    #    if [ ${SKIPTEST} -eq 0 ]; then
+    #	N=0
+    #	N=`expr ${N} + 1`
+
+	#* mctrans (if selinux is NOT enabled)
+	#* restorecond (if selinux is NOT enabled) --> and is it really needed? 
+	#
+	# if profile is server, warn if found:
+	#* pcscd (if profile=server)
+	#* avahi-daemon
+	#	Redhat: /etc/sysconfig/network
+	#		check if NOZEROCONF=yes is available
+	#
+	#* xfs (if /usr/bin/startx is not found)
+	#
+	#if [ ! -f /etc/mdadm.conf -a ! -f /etc/mdadm/mdadm.conf ]; then
+	#* mdmonitor
+	#
+	#
+	#* firstboot
+	#  Display warning if [ ! -f /etc/reconfigSys ]
+	#    AND "RUN_FIRSTBOOT=YES" is NOT in /etc/sysconfig/firstboot
+	#
+	#* acpid
+	#  Display warning if no modules are loaded (lsmod | grep -i acpi)
+	#
+	#
+	#    fi
+#
+#################################################################################
+#
+    # Test        : BOOT-5180
+    # Description : Check for Linux boot services (Debian style)
+    if [ "${LINUX_VERSION}" = "Debian" -o "${LINUX_VERSION}" = "Ubuntu" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
+    Register --test-no BOOT-5180 --os Linux --preqs-met ${PREQS_MET} --weight L --network NO --description "Check for Linux boot services (Debian style)"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        # YYY runlevel check
+        sRUNLEVEL=`${RUNLEVELBINARY} | grep "N 2"`
+        if [ ! "${sRUNLEVEL}" = "" ]; then
+            FIND=`find /etc/rc2.d -type l -print | cut -d '/' -f4 | sed "s/S[0-9][0-9]//g" | sort`
+            if [ ! "${FIND}" = "" ]; then
+                N=0
+                for I in ${FIND}; do
+                    logtext "Found service (at boot, runlevel 2): ${I}"
+                    N=`expr ${N} + 1`
+                done
+                Display --indent 2 --text "- Check services at startup (rc2.d)... " --result "DONE" --color WHITE
+                Display --indent 4 --text "Result: found $N services"
+                logtext "Found $N services"
+            fi
+          else
+            ReportSuggestion ${TEST_NO} "Determine runlevel and services at startup"
+        fi
+    fi
+#
+#################################################################################
+#
+    # Test        : BOOT-5184
+    # Description : Check world writable startup scripts
+    Register --test-no BOOT-5184 --os Linux --weight L --network NO --description "Check permissions for boot files/scripts"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        FOUND=0
+        CHECKDIRS="/etc/init.d /etc/rc.d /etc/rcS.d"
+
+        logtext "Result: checking /etc/init.d scripts for writable bit"
+        for I in ${CHECKDIRS}; do
+            logtext "Test: checking if directory ${I} exists"
+            if [ -d ${I} ]; then
+                logtext "Result: directory ${I} found"
+                logtext "Test: checking for available files in directory"
+                FIND=`find ${I} -type f -print`
+                if [ ! "${FIND}" = "" ]; then
+                    logtext "Result: found files in directory, checking permissions now"
+                    for J in ${FIND}; do
+                        logtext "Test: checking permissions of file ${J}"
+                        IsWorldWritable ${J}
+                        if [ "${FileIsWorldWritable}" = "TRUE" ]; then
+                            ReportWarning ${TEST_NO} "H" "Found writable startup script ${J}"
+                            logtext "Result: warning, file ${J} is world writable"
+                            FOUND=1
+                          else
+                            logtext "Result: good, file ${J} not world writable"
+                        fi
+                    done
+                  else
+                    logtext "Result: found no files in directory."
+                fi
+              else
+                logtext "Result: directory ${I} not found. Skipping.."
+            fi
+        done
+
+        # /etc/rc[0-6].d
+        for NO in 0 1 2 3 4 5 6; do
+            logtext "Test: Checking /etc/rc${NO}.d scripts for writable bit"
+            if [ -d /etc/rc${NO}.d ]; then
+                FIND=`find /etc/rc${NO}.d -type f -print`
+                for I in ${FIND}; do
+                    IsWorldWritable ${I}
+                    if [ "${FileIsWorldWritable}" = "TRUE" ]; then
+                        ReportWarning ${TEST_NO} "H" "Found writable startup script ${I}"
+                        logtext "Result: warning, file ${I} is world writable"
+                        FOUND=1
+                      else
+                        logtext "Result: good, file ${I} not world writable"
+                    fi
+                done
+            fi
+        done
+
+        # Other files
+        CHECKFILES="/etc/rc /etc/rc.local /etc/rc.d/rc.sysinit"
+        for I in ${CHECKFILES}; do
+            if [ -f ${I} ]; then
+                logtext "Test: Checking ${I} file for writable bit"
+                IsWorldWritable ${I}
+                if [ "${FileIsWorldWritable}" = "TRUE" ]; then
+                    ReportWarning ${TEST_NO} "H" "Found writable startup script ${I}"
+                    FOUND=1
+                    logtext "Result: warning, file ${I} is world writable"
+                  else
+                    logtext "Result: good, file ${I} not world writable"
+                fi
+            fi
+        done
+
+        # Check results
+        if [ ${FOUND} -eq 1 ]; then
+            Display --indent 2 --text "- Check startup files (permissions)... " --result "WARNING" --color RED
+            ReportWarning ${TEST_NO} "H" "One or more startup files can be overwritten by all users"
+            ReportSuggestion ${TEST_NO} "Check startup scripts for world write access and change permissions if needed"
+            logtext "Result: found one or more scripts which are possibly writable by other users"
+            AddHP 0 3
+          else
+            Display --indent 2 --text "- Check startup files (permissions)... " --result "OK" --color GREEN
+            AddHP 3 3
+        fi
+    fi
+#
+#################################################################################
+#
+    # Add autostart services, like from KDE/Gnome
+    # Test        : BOOT-5102
+    # Description : Check for tasks which are autostarted via /etc/inittab
+    #Register --test-no BOOT-5102 --weight L --network NO --description "Check inittab for services"
+    #if [ ${SKIPTEST} -eq 0 ]; then
+    #fi
+    #YYY check against static list?
+#
+#################################################################################
+#
+    # Test        : BOOT-5202
+    # Description : Check uptime of system
+    Register --test-no BOOT-5202 --weight L --network NO --description "Check uptime of system"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        FOUND=0
+        FIND=""
+        case "${OS}" in
+            Linux)
+               # Idle time, not real uptime
+               if [ -f /proc/uptime ]; then
+                   FIND=`cat /proc/uptime | cut -d ' ' -f1 | cut -d '.' -f1`
+                 else
+                   Display --indent 2 --text "- Checking uptime" --result SKIPPED --color YELLOW
+                   ReportException "${TEST_NO}:1" "No uptime test available for this operating system (/proc/uptime missing)"
+               fi
+              ;;
+            Solaris)
+               if [ ! "${KSTATBINARY}" = "" ]; then
+                   FIND=`${KSTATBINARY} -p unix:0:system_misc:snaptime | grep "^unix" | awk '{print $2}' | cut -d "." -f1`
+                 else
+                   Display --indent 2 --text "- Checking uptime" --result SKIPPED --color YELLOW
+                   ReportException "${TEST_NO}:2" "No uptime test available for this operating system (kstat missing)"
+               fi
+              ;;
+            *)
+               Display --indent 2 --text "- Checking uptime" --result SKIPPED --color YELLOW
+
+               # Want to help improving Lynis? Share your operating system and a way to determine the uptime (in seconds)
+               ReportException "${TEST_NO}:3" "No uptime test available yet for this operating system"
+              ;;
+        esac
+        if [ ! "${FIND}" = "" ]; then
+            UPTIME_IN_SECS="${FIND}"
+            UPTIME_IN_DAYS=`expr ${UPTIME_IN_SECS} / 60 / 60 / 24`
+            logtext "Uptime (in seconds): ${UPTIME_IN_SECS}"
+            logtext "Uptime (in days): ${UPTIME_IN_DAYS}"
+          else
+            logtext "Result: no uptime information available"
+        fi
+    fi
+
+
+
+#
+#################################################################################
+#
+
+report "boot_loader=${BOOT_LOADER}"
+
+wait_for_keypress
+
+#
+#================================================================================
+# Lynis - Copyright 2007-2014, Michael Boelen - www.rootkit.nl - The Netherlands
diff --git a/include/tests_crypto b/include/tests_crypto
new file mode 100644
index 00000000..8560b05c
--- /dev/null
+++ b/include/tests_crypto
@@ -0,0 +1,72 @@
+#!/bin/sh
+
+#################################################################################
+#
+#   Lynis
+# ------------------
+#
+# Copyright 2007-2014, Michael Boelen (michael@rootkit.nl), The Netherlands
+# Web site: http://www.rootkit.nl
+#
+# Lynis comes with ABSOLUTELY NO WARRANTY. This is free software, and you are
+# welcome to redistribute it under the terms of the GNU General Public License.
+# See LICENSE file for usage of this software.
+#
+#################################################################################
+#
+# Cryptography
+#
+#################################################################################
+#
+    InsertSection "Cryptography"
+#
+#################################################################################
+#
+    # Test        : CRYP-7902
+    # Description : check for expired SSL certificates
+    if [ ! -z "${OPENSSLBINARY}" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
+    Register --test-no CRYP-7902 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check expire date of SSL certificates"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        FOUNDPROBLEM=0
+        # Check profile for paths to check
+        sSSL_PATHS=`grep "^ssl:certificates:" ${PROFILE} | cut -d ':' -f3` 
+        for I in ${sSSL_PATHS}; do
+            if [ -d ${I} ]; then
+                logtext "Result: found directory ${I}"
+                # Search for CRT files
+                sFINDCRTS=`find ${I} -name "*.crt" -type f -print`
+                for J in ${sFINDCRTS}; do
+                    logtext "Test: checking certificate ${J}"
+                    # Check certificate where 'end date' has been expired
+                    FIND=`${OPENSSLBINARY} x509 -noout -checkend 0 -in ${J} -enddate > /dev/null ; echo $?`
+                    if [ "${FIND}" = "0" ]; then
+                        logtext "Result: certificate ${J} seems to be correct and still valid"
+                        report "valid_certificate[]=${J}|unknown entity|"
+                      else
+                        FOUNDPROBLEM=1
+                        logtext "Result: certificate ${J} has been expired"
+                        report "expired_certificate[]=${J}"
+                        #YYY Dump more information to log file
+                    fi
+                done
+              else
+                logtext "Result: SSL path ${I} does not exist"
+            fi
+        done
+
+        if [ ${FOUNDPROBLEM} -eq 0 ]; then
+            Display --indent 2 --text "- Checking SSL certificate expiration..." --result OK --color GREEN
+          else
+            Display --indent 2 --text "- Checking SSL certificate expiration..." --result WARNING --color RED
+            ReportWarning ${TEST_NO} "M" "One or more SSL certificates expired"
+        fi
+    fi
+#
+#################################################################################
+#
+
+wait_for_keypress
+
+#
+#================================================================================
+# Lynis - Copyright 2007-2014, Michael Boelen - www.rootkit.nl - The Netherlands
diff --git a/include/tests_custom.template b/include/tests_custom.template
new file mode 100644
index 00000000..b6686494
--- /dev/null
+++ b/include/tests_custom.template
@@ -0,0 +1,59 @@
+#!/bin/sh
+
+#################################################################################
+#
+#   Lynis
+# ------------------
+#
+# Copyright 2007-2014, Michael Boelen (michael@rootkit.nl), The Netherlands
+# Web site: http://www.rootkit.nl
+#
+# Lynis comes with ABSOLUTELY NO WARRANTY. This is free software, and you are
+# welcome to redistribute it under the terms of the GNU General Public License.
+# See LICENSE file for usage of this software.
+#
+#################################################################################
+#
+# Here could you insert your own custom checks
+#
+# Tips:
+# - Make sure to use each test ID only once in Register function
+# - Use big steps in numbering, so you can easily put tests in between
+# - Want to improve Lynis? Share your checks!
+#
+#################################################################################
+#
+#    This has already been inserted, but you might reuse it to split your tests
+#    InsertSection "Custom Checks"
+#
+#################################################################################
+#
+    # Test        : CUST-0010
+    # Description : Check for something interesting - template
+    #               This test first checks if OpenSSL binary was found
+    if [ ! -z "${OPENSSLBINARY}" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
+    Register --test-no CUST-0010 --preqs-met ${PREQS_MET} --weight L --network NO --description "My description"
+    # Or you could use this one without any dependencies
+    # Register --test-no CUST-0010 --weight L --network NO --description "My description"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        FOUND=0
+        logtext "Test: checking something"
+        ReportWarning ${TEST_NO} "M" "Test warning"
+        if [ ${FOUND} -eq 0 ]; then
+            Display --indent 4 --text "- Performing custom test 1..." --result OK --color GREEN
+            logtext "Result: the test looks great!"
+          else
+            Display --indent 4 --text "- Performing custom test 1..." --result WARNING --color RED
+            logtext "Result: hmm bad result of this test :("
+            ReportSuggestion ${TEST_NO} "This could be better!"
+        fi
+    fi
+#
+#################################################################################
+#
+
+wait_for_keypress
+
+#
+#================================================================================
+# Lynis - Copyright 2007-2014, Michael Boelen - www.rootkit.nl - The Netherlands
diff --git a/include/tests_databases b/include/tests_databases
new file mode 100644
index 00000000..da0a3a07
--- /dev/null
+++ b/include/tests_databases
@@ -0,0 +1,154 @@
+#!/bin/sh
+
+#################################################################################
+#
+#   Lynis
+# ------------------
+#
+# Copyright 2007-2014, Michael Boelen (michael@rootkit.nl), The Netherlands
+# Web site: http://www.rootkit.nl
+#
+# Lynis comes with ABSOLUTELY NO WARRANTY. This is free software, and you are
+# welcome to redistribute it under the terms of the GNU General Public License.
+# See LICENSE file for usage of this software.
+#
+#################################################################################
+#
+# Databases
+#
+#################################################################################
+#
+    # Status of database processes
+    MYSQL_RUNNING=0
+    ORACLE_RUNNING=0
+    POSTGRESQL_RUNNING=0
+    # Paths to DATADIR
+    sMYSQLDBPATHS="/var/lib/mysql"
+    # Paths to my.cnf
+    sMYCNFLOCS="/etc/mysql/my.cnf /usr/etc/my.cnf"
+#
+#################################################################################
+#
+    InsertSection "Databases"
+
+    # Test        : DBS-1804
+    # Description : Check if MySQL is being used
+    Register --test-no DBS-1804 --weight L --network NO --description "Checking active MySQL process"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        FIND=`${PSBINARY} ax | egrep "mysqld|mysqld_safe" | grep -v "grep"`
+        if [ "${FIND}" = "" ]; then
+            Display --indent 2 --text "- MySQL process status..." --result "NOT FOUND" --color WHITE
+            logtext "Result: MySQL process not active"
+          else
+            Display --indent 2 --text "- MySQL process status..." --result "FOUND" --color GREEN
+            logtext "Result: MySQL is active"
+            MYSQL_RUNNING=1
+        fi
+    fi
+#
+#################################################################################
+#
+    # Test        : DBS-1808
+    # Description : Check MySQL data directory
+    #Register --test-no DBS-1808 --weight L --network NO --description "Checking MySQL data directory"
+    #if [ ${SKIPTEST} -eq 0 ]; then
+    #fi
+#
+#################################################################################
+#
+    # Test        : DBS-1812
+    # Description : Check data directory permissions
+    #Register --test-no DBS-1812 --weight L --network NO --description "Checking MySQL data directory permissions"
+    #if [ ${SKIPTEST} -eq 0 ]; then
+    #fi
+#
+#################################################################################
+#
+    # Test        : DBS-1816
+    # Description : Check empty MySQL root password
+    # Notes       : Only perform test when MySQL is running and client is available
+    if [ ! "${MYSQLCLIENTBINARY}" = "" -a ${MYSQL_RUNNING} -eq 1 ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
+    Register --test-no DBS-1816 --preqs-met ${PREQS_MET} --weight L --network NO --description "Checking MySQL root password"
+    if [ ${SKIPTEST} -eq 0 ]; then
+	logtext "Test: Trying to login to local MySQL server without password"
+	FIND=`${MYSQLCLIENTBINARY} -u root --password= --silent --batch --execute="" 2> /dev/null; echo $?`
+	if [ "${FIND}" = "0" ]; then
+	    logtext "Result: Login succeeded, no MySQL root password set!"
+	    ReportWarning ${TEST_NO} "H" "No MySQL root password set"
+	    ReportSuggestion ${TEST_NO} "Use mysqladmin to set a MySQL root password (mysqladmin -u root -p password MYPASSWORD)"
+	    Display --indent 4 --text "- Checking empty MySQL root password" --result WARNING --color RED
+	    AddHP 0 5
+	  else
+	    logtext "Result: Login did not succeed, so a MySQL root password is set"	    
+	    Display --indent 4 --text "- Checking MySQL root password" --result OK --color GREEN
+	    AddHP 2 2
+	fi
+      else
+        logtext "Test skipped, MySQL daemon not running or no MySQL client available"
+    fi
+#
+#################################################################################
+#
+    # Test        : DBS-1826
+    # Description : Check if PostgreSQL is being used
+    Register --test-no DBS-1826 --weight L --network NO --description "Checking active PostgreSQL processes"
+    if [ ${SKIPTEST} -eq 0 ]; then
+	FIND=`${PSBINARY} ax | grep "postgres:" | grep -v "grep"`
+	if [ "${FIND}" = "" ]; then
+	    Display --indent 2 --text "- PostgreSQL processes status..." --result "NOT FOUND" --color WHITE
+	    logtext "Result: PostgreSQL process not active"
+	  else
+	    Display --indent 2 --text "- PostgreSQL processes status..." --result "FOUND" --color GREEN
+	    logtext "Result: PostgreSQL is active"
+	    POSTGRESQL_RUNNING=1
+	fi
+    fi
+#
+#################################################################################
+#
+    # Test        : DBS-1840
+    # Description : Check if Oracle is being used
+    # Notes       : tnslsnr: Oracle listener
+    #               pmon: process monitor
+    #               smon: system monitor
+    #               dbwr: database writer
+    #               lgwr: log writer
+    #               arch: archiver (optional)
+    #               ckpt: checkpoint (optional)
+    #               reco: recovery (optional)
+    Register --test-no DBS-1840 --weight L --network NO --description "Checking active Oracle processes"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        FIND=`${PSBINARY} ax | egrep "ora_pmon|ora_smon|tnslsnr" | grep -v "grep"`
+        if [ "${FIND}" = "" ]; then
+            Display --indent 2 --text "- Oracle processes status..." --result "NOT FOUND" --color WHITE
+            logtext "Result: Oracle process(es) not active"
+          else
+            Display --indent 2 --text "- Oracle processes status..." --result "FOUND" --color GREEN
+            logtext "Result: Oracle is active"
+            ORACLE_RUNNING=1
+        fi
+    fi
+#
+#################################################################################
+#
+    # Test        : DBS-1842
+    # Description : Check Oracle home paths from oratab
+    #Register --test-no DBS-1842 --weight L --network NO --description "Checking Oracle home paths"
+    #if [ ${SKIPTEST} -eq 0 ]; then
+    # if [ -f /etc/oratab ]; then
+    #  FIND=`cat /etc/oratab | grep -v "#" | awk -F: "{ print $2 }"`
+    # fi
+    #fi
+#
+#################################################################################
+#
+report "mysql_running=${MYSQL_RUNNING}"
+report "oracle_running=${ORACLE_RUNNING}"
+report "postgresql_running=${POSTGRESQL_RUNNING}"
+
+wait_for_keypress
+
+
+#
+#================================================================================
+# Lynis - Copyright 2007-2014, Michael Boelen - www.rootkit.nl - The Netherlands
diff --git a/include/tests_file_integrity b/include/tests_file_integrity
new file mode 100644
index 00000000..4b0e1792
--- /dev/null
+++ b/include/tests_file_integrity
@@ -0,0 +1,217 @@
+#!/bin/sh
+
+#################################################################################
+#
+#   Lynis
+# ------------------
+#
+# Copyright 2007-2014, Michael Boelen (michael@rootkit.nl), The Netherlands
+# Web site: http://www.rootkit.nl
+#
+# Lynis comes with ABSOLUTELY NO WARRANTY. This is free software, and you are
+# welcome to redistribute it under the terms of the GNU General Public License.
+# See LICENSE file for usage of this software.
+#
+#################################################################################
+#
+    FILE_INT_TOOL_FOUND=0     # Boolean, file integrity tool found
+#
+#################################################################################
+#
+    InsertSection "Software: file integrity"
+    Display --indent 2 --text "- Checking file integrity tools..."
+
+
+    # Test        : FINT-4310
+    # Description : Check if AFICK is installed
+    Register --test-no FINT-4310 --weight L --network NO --description "AFICK availability"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        logtext "Test: Checking AFICK binary"
+        if [ ! "${AFICKBINARY}" = "" ]; then
+            logtext "Result: AFICK is installed (${AFICKBINARY})"
+            FILE_INT_TOOL_FOUND=1
+            Display --indent 4 --text "- AFICK..." --result FOUND --color GREEN
+          else
+            logtext "Result: AFICK is not installed"
+            Display --indent 4 --text "- AFICK..." --result "NOT FOUND" --color WHITE
+        fi
+    fi
+#
+#################################################################################
+#
+    # Test        : FINT-4314
+    # Description : Check if AIDE is installed
+    Register --test-no FINT-4314 --weight L --network NO --description "AIDE availability"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        logtext "Test: Checking AIDE binary"
+        if [ ! "${AIDEBINARY}" = "" ]; then
+            logtext "Result: AIDE is installed (${AIDEBINARY})"
+            FILE_INT_TOOL_FOUND=1
+            Display --indent 4 --text "- AIDE..." --result FOUND --color GREEN
+          else
+            logtext "Result: AIDE is not installed"
+            Display --indent 4 --text "- AIDE..." --result "NOT FOUND" --color WHITE
+        fi
+    fi
+#
+#################################################################################
+#
+    # Test        : FINT-4315
+    # Description : Check AIDE configuration file
+    if [ ! "${AIDEBINARY}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
+    Register --test-no FINT-4315 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check AIDE configuration file"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        AIDE_CONFIG_LOCS="/etc /etc/aide /usr/local/etc"
+        logtext "Test: search for aide.conf in ${AIDE_CONFIG_LOCS}"
+        for I in ${AIDE_CONFIG_LOCS}; do
+            if [ -f ${I}/aide.conf ]; then
+                 logtext "Result: found aide.conf in directory ${I}"
+                 AIDECONFIG="${I}/aide.conf"
+            fi
+        done
+        if [ "${AIDECONFIG}" = "" ]; then
+            Display --indent 6 --text "- AIDE config file" --result "NOT FOUND" --color YELLOW
+          else
+            Display --indent 6 --text "- AIDE config file" --result FOUND --color GREEN
+        fi
+    fi
+#
+#################################################################################
+#
+    # Test        : FINT-4316
+    # Description : Check if AIDE is configured to use SHA256 or SHA512 checksums
+    if [ ! "${AIDEBINARY}" = "" -a ! "${AIDECONFIG}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
+    Register --test-no FINT-4316 --preqs-met ${PREQS_MET} --weight L --network NO --description "AIDE configuration: Checksums (SHA256 or SHA512)"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        FIND=`${GREPBINARY} "^Checksums" ${AIDECONFIG}`
+        FIND2=`${GREPBINARY} "^Checksums" ${AIDECONFIG} | ${EGREPBINARY} "sha256|sha512"` 
+        if [ "${FIND}" = "" ]; then
+            logtext "Result: Unclear how AIDE is dealing with checksums"
+            Display --indent 6 --text "- AIDE config (Checksums)" --result UNKNOWN --color YELLOW
+          else
+            if [ "${FIND2}" = "" ]; then
+                logtext "Result: No SHA256 or SHA512 found for creating checksums"
+                Display --indent 6 --text "- AIDE config (Checksum)" --result WARNING --color RED
+                ReportSuggestion ${TEST_NO} "Use SHA256 or SHA512 to create checksums in AIDE"
+                AddHP 1 3
+              else
+                logtext "Result: Found SHA256 or SHA512 found for creating checksums"
+                Display --indent 6 --text "- AIDE config (Checksum)" --result OK --color GREEN
+                AddHP 2 2
+            fi
+        fi
+    fi
+#
+#################################################################################
+#
+    # Test        : FINT-4318
+    # Description : Check if Osiris is installed
+    Register --test-no FINT-4318 --weight L --network NO --description "Osiris availability"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        logtext "Test: Checking Osiris binary"
+        if [ ! "${OSIRISBINARY}" = "" ]; then
+            logtext "Result: Osiris is installed (${OSIRISBINARY})"
+            FILE_INT_TOOL_FOUND=1
+            Display --indent 4 --text "- Osiris..." --result FOUND --color GREEN
+          else
+            logtext "Result: Osiris is not installed"
+            Display --indent 4 --text "- Osiris..." --result "NOT FOUND" --color WHITE
+        fi
+    fi
+#
+#################################################################################
+#
+    # Test        : FINT-4322
+    # Description : Check if Samhain is installed
+    Register --test-no FINT-4322 --weight L --network NO --description "Samhain availability"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        logtext "Test: Checking Samhain binary"
+        if [ ! "${SAMHAINBINARY}" = "" ]; then
+            logtext "Result: Samhain is installed (${SAMHAINBINARY})"
+            FILE_INT_TOOL_FOUND=1
+            Display --indent 4 --text "- Samhain..." --result FOUND --color GREEN
+          else
+            logtext "Result: Samhain is not installed"
+            Display --indent 4 --text "- Samhain..." --result "NOT FOUND" --color WHITE
+        fi
+    fi
+#
+#################################################################################
+#
+    # Test        : FINT-4326
+    # Description : Check if Tripwire is installed
+    Register --test-no FINT-4326 --weight L --network NO --description "Tripwire availability"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        logtext "Test: Checking Tripwire binary"
+        if [ ! "${TRIPWIREBINARY}" = "" ]; then
+            logtext "Result: Tripwire is installed (${TRIPWIREBINARY})"
+            FILE_INT_TOOL_FOUND=1
+            Display --indent 4 --text "- Tripwire..." --result FOUND --color GREEN
+          else
+            logtext "Result: Tripwire is not installed"
+            Display --indent 4 --text "- Tripwire..." --result "NOT FOUND" --color WHITE
+        fi
+    fi
+#
+#################################################################################
+#
+    # Test        : FINT-4328
+    # Description : Check if OSSEC system integrity tool is running
+    Register --test-no FINT-4328 --weight L --network NO --description "OSSEC syscheck daemon running"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        logtext "Test: Checking if OSSEC syscheck daemon is running"
+        IsRunning ossec-syscheckd
+        if [ ${RUNNING} -eq 1 ]; then
+            FILE_INT_TOOL_FOUND=1
+            Display --indent 4 --text "- OSSEC (syscheck)..." --result FOUND --color GREEN
+          else
+            Display --indent 4 --text "- OSSEC (syscheck)..." --result "NOT FOUND" --color WHITE
+        fi
+    fi
+#
+#################################################################################
+#
+    # Test        : FINT-4330
+    # Description : Check if mtree is installed
+    # Note        : Usually on BSD and similar
+    Register --test-no FINT-4330 --weight L --network NO --description "mtree availability"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        logtext "Test: Checking mtree binary"
+        if [ ! "${MTREEBINARY}" = "" ]; then
+            logtext "Result: mtree is installed (${MTREEBINARY})"
+            FILE_INT_TOOL_FOUND=1
+            Display --indent 4 --text "- mtree..." --result FOUND --color GREEN
+          else
+            logtext "Result: mtree is not installed"
+            Display --indent 4 --text "- mtree..." --result "NOT FOUND" --color WHITE
+        fi
+    fi
+#
+#################################################################################
+#
+    # Test        : FINT-4350
+    # Description : Check if at least one file integrity tool is installed
+    Register --test-no FINT-4350 --weight L --network NO --description "File integrity software installed"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        logtext "Test: Check if at least on file integrity tool is available/installed"
+        if [ ${FILE_INT_TOOL_FOUND} -eq 1 ]; then
+            logtext "Result: found at least one file integrity tool"
+            Display --indent 2 --text "- Checking presence integrity tool..." --result FOUND --color GREEN
+            AddHP 5 5
+          else
+            logtext "Result: No file integrity tools found"
+            Display --indent 2 --text "- Checking presence integrity tool..." --result "NOT FOUND" --color YELLOW
+            ReportSuggestion ${TEST_NO} "Install a file integrity tool"
+            AddHP 0 5
+        fi
+    fi
+#
+#################################################################################
+#
+
+report "file_integrity_installed=${FILE_INT_TOOL_FOUND}"
+wait_for_keypress
+
+#
+#================================================================================
+# Lynis - Copyright 2007-2014, Michael Boelen - www.rootkit.nl - The Netherlands
diff --git a/include/tests_file_permissions b/include/tests_file_permissions
new file mode 100644
index 00000000..b0ea1d73
--- /dev/null
+++ b/include/tests_file_permissions
@@ -0,0 +1,59 @@
+#!/bin/sh
+
+#################################################################################
+#
+#   Lynis
+# ------------------
+#
+# Copyright 2007-2014, Michael Boelen (michael@rootkit.nl), The Netherlands
+# Web site: http://www.rootkit.nl
+#
+# Lynis comes with ABSOLUTELY NO WARRANTY. This is free software, and you are
+# welcome to redistribute it under the terms of the GNU General Public License.
+# See LICENSE file for usage of this software.
+#
+#################################################################################
+#
+#  File permissions
+#
+#################################################################################
+#
+    InsertSection "System Tools"
+#
+#################################################################################
+#
+    # Test        : FILE-7524
+    # Description : Perform file permissions check
+    Register --test-no FILE-7524 --weight L --network NO --description "Perform file permissions check"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        Display --indent 2 --text "- Starting file permissions check..."
+        logtext "Test: Checking file permissions"
+        logtext "Using profile ${PROFILE} for baseline."
+        FIND=`cat ${PROFILE} | egrep '^permfile:|^permdir:' | cut -d: -f2`
+        for I in ${FIND}; do
+            logtext "Checking ${I}"
+            CheckFilePermissions ${I}
+            logtext "  Expected permissions: ${PROFILEVALUE}"
+            logtext "  Actual permissions: ${FILEVALUE}"
+            logtext "  Result: $PERMS"
+            if [ "${PERMS}" = "FILE_NOT_FOUND" ]; then
+    	        Display --indent 4 --text "${I}" --result "NOT FOUND" --color WHITE
+    	      elif [ "${PERMS}" = "OK" ]; then
+    	        Display --indent 4 --text "${I}" --result OK --color GREEN
+	      elif [ "${PERMS}" = "BAD" ]; then
+	        Display --indent 4 --text "${I}" --result WARNING --color RED
+		ReportWarning ${TEST_NO} "M" "Incorrect permissions for file ${I}"
+	      else
+	        logtext "UNKNOWN status for file"
+	  fi
+        done
+    fi    
+#
+#################################################################################
+#
+
+wait_for_keypress
+
+#
+#================================================================================
+# Lynis - Copyright 2007-2014, Michael Boelen - www.rootkit.nl - The Netherlands
diff --git a/include/tests_filesystems b/include/tests_filesystems
new file mode 100644
index 00000000..1d77d8d9
--- /dev/null
+++ b/include/tests_filesystems
@@ -0,0 +1,565 @@
+#!/bin/sh
+
+#################################################################################
+#
+#   Lynis
+# ------------------
+#
+# Copyright 2007-2014, Michael Boelen (michael@rootkit.nl), The Netherlands
+# Web site: http://www.rootkit.nl
+#
+# Lynis comes with ABSOLUTELY NO WARRANTY. This is free software, and you are
+# welcome to redistribute it under the terms of the GNU General Public License.
+# See LICENSE file for usage of this software.
+#
+#################################################################################
+#
+# File systems
+#
+#################################################################################
+#
+    # Number of days to mark a file as old
+    TMP_OLD_DAYS=90
+    LVM_VG_USED=0
+#
+#################################################################################
+#
+    InsertSection "File systems"
+#
+#################################################################################
+#
+    # Test        : FILE-6310
+    # Description : Checking if /tmp and /home are separated from /
+    # Goal        : Users should not be able to fill their home directory or
+    #               temporary directory and creating a Denial of Service
+    Register --test-no FILE-6310 --weight L --network NO --description "Checking /tmp and /home directory"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        Display --indent 2 --text "- Checking mount points"
+        SEPARATED_FILESYTEMS="/home /tmp"
+        for I in ${SEPARATED_FILESYTEMS}; do
+            logtext "Test: Checking if ${I} is mounted separately or mounted on / file system"
+            if [ -L ${I} ]; then
+                logtext "Result: ${I} is a symlink. Manual check required to determine exact file system"
+                Display --indent 4 --text "- Checking ${I} mount point..." --result SYMLINK --color WHITE
+              elif [ -d ${I} ]; then
+                logtext "Result: directory ${I} exists"
+                FIND=`mount | grep "${I}"`
+                if [ ! "${FIND}" = "" ]; then
+                    logtext "Result: found ${I} as a separated mount point"
+                    Display --indent 4 --text "- Checking ${I} mount point..." --result OK --color GREEN
+                  else
+                    logtext "Result: ${I} not found in mount list. Directory most likely stored on / file system"
+                    Display --indent 4 --text "- Checking ${I} mount point..." --result SUGGESTION --color YELLOW
+                    ReportSuggestion ${TEST_NO} "To decrease the impact of a full ${I} file system, place ${I} on a separated partition"
+                fi
+              else
+                logtext "Result: directory ${I} does not exist"
+            fi
+        done
+    fi
+#
+#################################################################################
+#
+    # YYY Checking Physical Volumes
+#
+#################################################################################
+#
+    # Test        : FILE-6311
+    # Description : Checking LVM Volume Groups
+    # Notes       : No volume groups found is sent to STDERR for unclear reasons. Filtering both STDERR redirecting and grep.
+    if [ ! "${VGDISPLAYBINARY}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
+    Register --test-no FILE-6311 --preqs-met ${PREQS_MET} --weight L --network NO --description "Checking LVM volume groups"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        logtext "Test: Checking for LVM volume groups"
+        FIND=`${VGDISPLAYBINARY} 2> /dev/null | grep -v "No volume groups found" | grep "VG Name" | awk '{ print $3 }' | sort`
+        if [ ! "${FIND}" = "" ]; then
+            logtext "Result: found one or more volume groups"
+            for I in ${FIND}; do
+                logtext "Found LVM volume group: ${I}"
+                report "lvm_volume_group[]=${I}"
+            done
+            LVM_VG_USED=1
+            Display --indent 2 --text "- Checking LVM volume groups..." --result FOUND --color GREEN
+          else
+            logtext "Result: no LVM volume groups found"
+            Display --indent 2 --text "- Checking LVM volume groups..." --result NONE --color WHITE
+        fi
+    fi
+#
+#################################################################################
+#
+    # Test        : FILE-6312
+    # Description : Checking LVM volumes
+    if [ ! "${LVDISPLAYBINARY}" = "" -a ${LVM_VG_USED} -eq 1 ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
+    Register --test-no FILE-6312 --preqs-met ${PREQS_MET} --weight L --network NO --description "Checking LVM volumes"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        logtext "Test: Checking for LVM volumes"
+        FIND=`${LVDISPLAYBINARY} | grep -v "No volume groups found" | grep "LV Name" | awk '{ print $3 }' | sort`
+        if [ ! "${FIND}" = "" ]; then
+            logtext "Result: found one or more volumes"
+            for I in ${FIND}; do
+                logtext "Found LVM volume: ${I}"
+                report "lvm_volume[]=${I}"
+            done
+            Display --indent 4 --text "- Checking LVM volumes..." --result FOUND --color GREEN
+          else
+            logtext "Result: no LVM volume groups found"
+            Display --indent 4 --text "- Checking LVM volumes..." --result NONE --color WHITE
+        fi
+    fi
+#
+#################################################################################
+#
+    # Test        : FILE-6316
+    # Description : Checking /etc/fstab file permissions
+    #Register --test-no FILE-6316 --os Linux --weight L --network NO --description "Checking /etc/fstab"
+    #if [ ${SKIPTEST} -eq 0 ]; then
+    # 644
+#
+#################################################################################
+#
+    # Test        : FILE-6323
+    # Description : Checking Linux EXT2, EXT3, EXT4 file systems
+    Register --test-no FILE-6323 --os Linux --weight L --network NO --description "Checking EXT file systems"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        logtext "Test: Checking for Linux EXT file systems"
+        FIND=`mount -t ext2,ext3,ext4 | awk '{ print $3","$5 }'`
+        if [ ! "${FIND}" = "" ]; then
+            logtext "Result: found one or more EXT file systems"
+            for I in ${FIND}; do
+                FILESYSTEM=`echo ${I} | cut -d ',' -f1`
+                FILETYPE=`echo ${I} | cut -d ',' -f2`
+                logtext "File system: ${FILESYSTEM} (type: ${FILETYPE})"
+            done
+        fi
+    fi
+#
+#################################################################################
+#
+    # Test        : FILE-6329
+    # Description : Query all FFS/UFS mounts from /etc/fstab
+    if [ -f /etc/fstab ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
+    Register --test-no FILE-6329 --preqs-met ${PREQS_MET} --weight L --network NO --description "Checking FFS/UFS file systems"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        logtext "Test: Query /etc/fstab for available FFS/UFS mount points"
+        FIND=`awk '{ if ($3 == "ufs" || $3 == "ffs" ) { print $1":"$2":"$3":"$4":" }}' /etc/fstab`
+        if [ "${FIND}" = "" ]; then
+            Display --indent 2 --text "- Querying FFS/UFS mount points (fstab)..." --result NONE --color WHITE
+            logtext "Result: unable to find any single mount point (FFS/UFS)"
+          else
+            Display --indent 2 --text "- Querying FFS/UFS mount points (fstab)..." --result FOUND --color GREEN
+            report "filesystem[]=ufs"
+            for I in ${FIND}; do
+                logtext "FFS/UFS mount found: ${I}"
+                report "mountpoint_ufs[]=${I}"
+            done
+        fi
+    fi
+#
+#################################################################################
+#
+    # Test        : FILE-6330
+    # Description : Query all ZFS mounts from /etc/fstab
+    Register --test-no FILE-6330 --os FreeBSD --weight L --network NO --description "Checking ZFS file systems"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        logtext "Test: Query /etc/fstab for available ZFS mount points"
+        FIND=`mount -p | awk '{ if ($3 == "zfs") { print $1":"$2":"$3":"$4":" }}'`
+        if [ "${FIND}" = "" ]; then
+            Display --indent 2 --text "- Querying ZFS mount points (mount -p)..." --result NONE --color WHITE
+            logtext "Result: unable to find any single mount point (ZFS)"
+          else
+            Display --indent 2 --text "- Querying ZFS mount points (mount -p)..." --result FOUND --color GREEN
+            report "filesystem[]=zfs"
+            for I in ${FIND}; do
+                logtext "ZFS mount found: ${I}"
+                report "mountpoint_zfs[]=${I}"
+            done
+        fi
+    fi
+#
+#################################################################################
+#
+    # Test        : FILE-6332
+    # Description : Check swap partitions
+    if [ -f /etc/fstab ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
+    Register --test-no FILE-6332 --preqs-met ${PREQS_MET} --weight L --network NO --description "Checking swap partitions"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        FOUND=0
+        logtext "Test: query swap partitions from /etc/fstab file"
+        # Check if third field contains 'swap'
+        FIND=`awk '{ if ($3=="swap") print $1 }' /etc/fstab`
+        for I in ${FIND}; do
+            FOUND=1
+            logtext "Swap partition found: ${I}"
+            # YYY add test if partition is not a normal partition (e.g. UUID=)
+            report "swap_partition[]=${I}"
+        done
+        if [ ${FOUND} -eq 1 ]; then
+            Display --indent 2 --text "- Query swap partitions (fstab)..." --result OK --color GREEN
+          else
+            Display --indent 2 --text "- Query swap partitions (fstab)..." --result WARNING --color YELLOW
+            ReportWarning ${TEST_NO} "L" "No swap partion found in /etc/fstab"
+            logtext "Result: no swap partitions found in /etc/fstab"
+        fi
+    fi
+#
+#################################################################################
+#
+    # Test        : FILE-6336
+    # Description : Check swap mount options
+    if [ -f /etc/fstab ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
+    Register --test-no FILE-6336 --preqs-met ${PREQS_MET} --weight L --network NO --description "Checking swap mount options"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        # Swap partitions should be mounted with 'sw'
+        logtext "Test: check swap partitions with incorrect mount options"
+        FIND=`awk '{ if ($3=="swap" && $4 !~ "sw") print $1 }' /etc/fstab`
+        if [ "${FIND}" = "" ]; then
+            Display --indent 2 --text "- Testing swap partitions..." --result OK --color GREEN
+            logtext "Result: all swap partitions have correct options (=sw)"
+          else
+            Display --indent 2 --text "- Testing swap partitions..." --result WARNING --color RED
+            logtext "Result: possible incorrect mount options used for mounting swap partition (${FIND})"
+            ReportWarning ${TEST_NO} "L" "Possible incorrect mount options used for swap parition (${FIND})"
+            ReportSuggestion ${TEST_NO} "Check your /etc/fstab file. Swap parition usually have 'sw' in the options field (4th)."
+        fi
+    fi
+#
+#################################################################################
+#
+    # Test        : FILE-6354
+    # Description : Search files within /tmp which are older than 3 months
+    if [ -d /tmp ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
+    Register --test-no FILE-6354 --preqs-met ${PREQS_MET} --weight L --network NO --description "Searching for old files in /tmp"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        logtext "Test: Searching for old files in /tmp..."
+        # Search for files only in /tmp, with an access time older than X days
+        FIND=`find /tmp -type f -atime +${TMP_OLD_DAYS} | sed 's/ /!space!/g'`
+        if [ "${FIND}" = "" ]; then
+            Display --indent 2 --text "- Checking for old files in /tmp..." --result OK --color GREEN
+            logtext "Result: no files found in /tmp which are older than 3 months"
+          else
+            Display --indent 2 --text "- Checking for old files in /tmp..." --result WARNING --color RED
+            N=0
+            for I in ${FIND}; do
+                FILE=`echo ${I} | sed 's/!space!/ /g'`
+                logtext "Old temporary file: ${FILE}"
+                N=`expr ${N} + 1`
+            done
+            logtext "Result: found old files in /tmp, which were not modified in the last ${TMP_OLD_DAYS} days"
+            logtext "Advice: check and clean up unused files in /tmp. Old files can fill up a disk or contain"
+            logtext "private information and should be deleted it not being used actively. Use a tool like lsof to"
+            logtext "see which programs possibly are using a particular file. Some systems can cleanup temporary"
+            logtext "directories by setting a boot option."
+            ReportWarning ${TEST_NO} "L" "Found ${N} files in /tmp which are older than ${TMP_OLD_DAYS} days"
+            ReportSuggestion ${TEST_NO} "Clean up unused files in /tmp"
+        fi
+    fi
+#
+#################################################################################
+#
+    # Test: scan the skel directory for bad permissions
+    # Reason: bad permissions on these files will give new created users the same permissions
+    #YYY enable skel test
+    # Several differences between operating systems are present
+    #SKELDIRS="/etc/skel /usr/share/skel"
+
+    #for I in ${SKELDIRS}; do
+    #    
+    #    logtext "Searching skel directory ${I}..."
+    #
+    #    if [ -d ${I} ]; then
+    #        logtext "Result: Directory found, scanning for unsafe file permissions"
+    #	FIND=`ls -A ${I} | wc -l | sed 's/ //g'`
+    #	if [ ! "${FIND}" = "0" ]; then
+    #     	    FIND=`find ${I} -type f -a \( -perm -004 -o -perm -002 -o -perm -001 \)`
+    #	    if [ "${FIND}" = "" ]; then
+    #	        Display --indent 2 --text "- Checking skel file permissions (${I})..." --result OK --color GREEN
+    #		logtext "Result: Directory seems to be ok, no files found with read/write/execute bit set."
+    #		logtext "Status: OK"
+    #	      else	
+    #	        Display --indent 2 --text "- Checking skel file permissions (${I})..." --result WARNING --color RED
+    #	        logtext "Result: The following files do have non restrictive permissions: ${FIND}"
+    #	        ReportSuggestion ${TEST_NO} "Remove the read, write or execute bit from these files (chmod o-rwx)"
+    #	    fi    
+    #	  else
+    #	    Display --indent 2 --text "- Checking skel file permissions (${I})..." --result EMPTY --color WHITE
+    #	    logtext "Directory ${I} is empty, no scan performed"    
+    #	fi
+    #      else
+    #        Display --indent 2 --text "- Checking skel file permissions (${I})..." --result "NOT FOUND" --color WHITE
+    #	logtext "Result: Skel directory (${I}) not found"
+    #    fi
+    #done
+#
+#################################################################################
+#
+    # Test        : FILE-6362
+    # Description : Check for sticky bit on /tmp
+    if [ -d /tmp -a ! -L /tmp ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
+    Register --test-no FILE-6362 --preqs-met ${PREQS_MET} --weight L --network NO --description "Checking /tmp sticky bit"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        # Depending on OS, number of field with 'tmp' differs
+        FIND=`ls -l / | tr -s ' ' | awk -F" " '{ if ( $8 == "tmp" || $9 == "tmp" ) { print $1 } }' | cut -c 10`
+        if [ "${FIND}" = "t" -o "${FIND}" = "T" ]; then
+            Display --indent 2 --text "- Checking /tmp sticky bit..." --result OK --color GREEN
+            logtext "Result: Sticky bit (${FIND}) found on /tmp directory"
+            AddHP 3 3
+          else
+            Display --indent 2 --text "- Checking /tmp sticky bit..." --result WARNING --color RED
+            ReportWarning ${TEST_NO} "H" "No sticky bit found on /tmp directory, which can be dangerous!"
+            ReportSuggestion ${TEST_NO} "Consult documentation and place the sticky bit, to prevent users deleting (by other owned) files in the /tmp directory."
+            AddHP 0 3
+        fi
+      else
+        logtext "Result: Sticky bit test (on /tmp) skipped. Possible reason: missing or symlinked directory, or test skipped."
+    fi
+#
+#################################################################################
+#
+    # Test        : FILE-6366
+    # Description : Check for noatime option
+    # More info   : especially useful for profile 'desktop' and 'server-storage'
+#
+#################################################################################
+#
+    # Test        : FILE-6368
+    # Description : Checking Linux root file system ACL support
+    Register --test-no FILE-6368 --os Linux --weight L --network NO --description "Checking ACL support on root file system"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        FOUND=0
+        logtext "Test: Checking acl option on root file system"
+        FIND=`mount | ${AWKBINARY} '{ if ($3=="/") { print $6 } }' | grep acl`
+        if [ ! "${FIND}" = "" ]; then
+            logtext "Result: found ACL option"
+            FOUND=1
+          else
+            logtext "Result: mount point probably mounted with defaults"
+            logtext "Test: Checking device which holds root file system"
+            # Get device on which root file system is mounted. Use /dev/root if it exists, or
+            # else check output of mount
+            if [ -b /dev/root ]; then
+                FIND1="/dev/root"
+              else
+                FIND1=`mount | grep ' / ' | awk '{ print $1 }' | sed 's/rootfs//'`
+            fi
+            if [ ! "${FIND1}" = "" ]; then
+                logtext "Result: found ${FIND1}"
+                logtext "Test: Checking default options on ${FIND1}"
+                FIND2=`${TUNE2FSBINARY} -l ${FIND1} | grep "^Default mount options" | grep "acl"` 
+                if [ ! "${FIND2}" = "" ]; then
+                    logtext "Result: found ACL option in default mount options"
+                    FOUND=1
+                  else
+                    logtext "Result: no ACL option found in default mount options list"
+                fi
+              else
+                logtext "Result: No file system found with root file system"
+            fi
+        fi
+
+        if [ ${FOUND} -eq 0 ]; then
+            logtext "Result: ACL option NOT enabled on root file system"
+            logtext "Additional information: if file access need to be more restricted, ACLs could be used. Install the acl utilities and remount the file system with the acl option"
+            logtext "Activate acl support on and active file system with mount -o remount,acl / and add the acl option to the fstab file"
+            Display --indent 2 --text "- ACL support root file system..." --result DISABLED --color YELLOW
+            AddHP 0 1
+          else
+            logtext "Result: ACL option enabled on root file system"
+            Display --indent 2 --text "- ACL support root file system..." --result ENABLED --color GREEN
+            AddHP 3 3
+        fi
+    fi
+#
+#################################################################################
+#
+    # Test        : FILE-6372
+    # Description : Check / mount options for Linux
+    # Notes       :
+    Register --test-no FILE-6372 --os Linux --weight L --network NO --description "Checking / mount options"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        if [ -f /etc/fstab ]; then
+            FIND=`echo /etc/fstab | awk '{ if ($2=="/") { print $4 } }'`
+            NODEV=`echo ${FIND} | awk '{ if ($1=="nodev") { print "YES" } else { print "NO" } }'`
+            NOEXEC=`echo ${FIND} | awk '{ if ($1=="noexec") { print "YES" } else { print "NO" } }'`
+            NOSUID=`echo ${FIND} | awk '{ if ($1=="nosuid") { print "YES" } else { print "NO" } }'`
+
+            if [ ! "${FIND}" = "" ]; then
+                logtext "Result: mount system / is configured with options: ${FIND}"
+                if [ "${FIND}" = "defaults" ]; then
+                    Display --indent 2 --text "- Mount options of /..." --result OK --color GREEN
+                  else
+                    Display --indent 2 --text "- Mount options of /..." --result "NON DEFAULT" --color YELLOW
+                fi
+              else
+                logtext "Result: no mount point / or expected options found"
+            fi
+        fi
+    fi
+#
+#################################################################################
+#
+    # Test        : FILE-6374
+    # Description : Check /boot mount options for Linux
+    # Notes       : Expecting nodev,noexec,nosuid
+    Register --test-no FILE-6374 --os Linux --weight L --network NO --description "Checking /boot mount options"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        if [ -f /etc/fstab ]; then
+            HARDENED=0
+            FIND=`echo /etc/fstab | awk '{ if ($2=="/boot") { print $4 } }'`
+            NODEV=`echo ${FIND} | awk '{ if ($1=="nodev") { print "YES" } else { print "NO" } }'`
+            NOEXEC=`echo ${FIND} | awk '{ if ($1=="noexec") { print "YES" } else { print "NO" } }'`
+            NOSUID=`echo ${FIND} | awk '{ if ($1=="nosuid") { print "YES" } else { print "NO" } }'`
+            if [ "${NODEV}" = "YES" -a "${NOEXEC}" = "YES" -a "${NOSUID}" = "YES" ]; then HARDENED=1; fi
+            if [ ! "${FIND}" = "" ]; then
+                logtext "Result: mount system /boot is configured with options: ${FIND}"
+                if [ ${HARDENED} -eq 1 ]; then
+                    logtext "Result: marked /boot options as hardenened"
+                    Display --indent 2 --text "- Mount options of /boot..." --result HARDENED --color GREEN
+                    AddHP 5 5
+                  else
+                    if [ "${FIND}" = "defaults" ]; then
+                        logtext "Result: marked /boot options as default (non hardened)"
+                        Display --indent 2 --text "- Mount options of /boot..." --result DEFAULT --color RED
+                        AddHP 3 5
+                      else
+                        logtext "Result: marked /boot options as non default (unclear about hardening)"
+                        Display --indent 2 --text "- Mount options of /boot..." --result "NON DEFAULT" --color YELLOW
+                        AddHP 4 5
+                    fi
+                fi
+              else
+                logtext "Result: no mount point /boot or expected options found"
+            fi
+        fi
+    fi
+#
+#################################################################################
+#
+    # Test        : FILE-XXXX
+    # Description : Check /home mount options for Linux
+    # Notes       : Expecting nodev,nosuid
+#
+#################################################################################
+#
+
+    # Test        : FILE-XXXX
+    # Description : Check /var mount options for Linux
+    # Notes       : Expecting nosuid
+#
+#################################################################################
+#
+    # Test        : FILE-XXXX
+    # Description : Check /var/log mount options for Linux
+    # Notes       : Expecting nodev,noexec,nosuid
+#
+#################################################################################
+#
+    # Test        : FILE-XXXX
+    # Description : Check /var/log/audit mount options for Linux
+    # Notes       : Expecting nodev,noexec,nosuid
+#
+#################################################################################
+#
+
+    # Test        : FILE-XXXX
+    # Description : Check /tmp mount options for Linux
+    # Notes       : Expecting nodev,noexec,nosuid
+#
+#################################################################################
+#
+#
+#################################################################################
+#
+    # Test        : FILE-6378
+    # Description : Check for nodirtime option
+#
+#################################################################################
+#
+    # Test        : FILE-6380
+    # Description : Check for relatime
+#
+#################################################################################
+#
+    # Test        : FILE-6390
+    # Description : Check writeback/journalling mode (ext3)
+    # More info   : data=writeback | data=ordered | data=journal
+#
+#################################################################################
+#
+    # Test        : FILE-6394
+    # Description : Check vm.swappiness (Linux)
+#
+#################################################################################
+#
+    # Test        : FILE-6398
+    # Description : Check if JBD (Journal Block Device) driver is loaded
+#
+#################################################################################
+#
+    # Test        : FILE-6410
+    # Description : Checking locate database (file index)
+    # Notes       : Linux     /var/lib/mlocate/mlocate.db or /var/lib/slocate/slocate.db
+    #                       or /var/cache/locate/locatedb
+    #               FreeBSD /var/db/locate.database
+    if [ ! "${LOCATEBINARY}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
+    Register --test-no FILE-6410 --os Linux --weight L --network NO --description "Checking Locate database"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        logtext "Test: Checking locate database"
+        FOUND=0
+        LOCATE_DBS="/var/lib/mlocate/mlocate.db /var/lib/locatedb /var/lib/slocate/slocate.db /var/cache/locate/locatedb /var/db/locate.database"
+        for I in ${LOCATE_DBS}; do
+            if [ -f ${I} ]; then
+                logtext "Result: locate database found (${I})"
+                FOUND=1
+                LOCATE_DB="${I}"
+              else
+                logtext "Result: file ${I} not found"
+            fi
+        done
+        if [ ${FOUND} -eq 1 ]; then
+            Display --indent 2 --text "- Checking Locate database..." --result FOUND --color GREEN
+            report "locate_db=${LOCATE_DB}"
+          else
+            logtext "Result: database not found"
+            Display --indent 2 --text "- Checking Locate database..." --result "NOT FOUND" --color YELLOW
+            ReportSuggestion ${TEST_NO} "The database required for 'locate' could not be found. Run 'updatedb' or 'locate.updatedb' to create this file."
+        fi
+    fi
+#
+#################################################################################
+#
+    # Test        : FILE-6412
+    # Description : Checking age of locate database
+#
+#################################################################################
+#
+
+    # Test        : FILE-6420
+    # Description : Check automount process
+#
+#################################################################################
+#
+    # Test        : FILE-6422
+    # Description : Check automount maps (files or for example LDAP based)
+    # Notes       : Warn when automounter is running
+#
+#################################################################################
+#
+    # Test        : FILE-6424
+    # Description : Check automount map files
+#
+#################################################################################
+#
+    # Test        : FILE-6425
+    # Description : Check mounted files systems via automounter
+    # Notes       : Warn when no systems are mounted?
+#
+#################################################################################
+#
+
+
+wait_for_keypress
+
+#
+#================================================================================
+# Lynis - Copyright 2007-2014, Michael Boelen - www.rootkit.nl - The Netherlands
diff --git a/include/tests_firewalls b/include/tests_firewalls
new file mode 100644
index 00000000..2b8b32ec
--- /dev/null
+++ b/include/tests_firewalls
@@ -0,0 +1,296 @@
+#!/bin/sh
+
+#################################################################################
+#
+#   Lynis
+# ------------------
+#
+# Copyright 2007-2014, Michael Boelen (michael@rootkit.nl), The Netherlands
+# Web site: http://www.rootkit.nl
+#
+# Lynis comes with ABSOLUTELY NO WARRANTY. This is free software, and you are
+# welcome to redistribute it under the terms of the GNU General Public License.
+# See LICENSE file for usage of this software.
+#
+#################################################################################
+#
+# Firewalls
+#
+#################################################################################
+#
+    InsertSection "Software: firewalls"
+#
+#################################################################################
+#
+    IPTABLES_ACTIVE=0
+    IPTABLES_INKERNEL_ACTIVE=0
+    IPTABLES_MODULE_ACTIVE=0
+    FIREWALL_ACTIVE=0
+    FIREWALL_SOFTWARE=""
+#
+#################################################################################
+#
+# YYY Improvement needed for iptables to check if kernel modules are used or not.
+# If they are not used and iptables is not found in configuration, no checks should be performed.
+#
+
+    # Test        : FIRE-4511
+    # Description : Check iptables kernel module
+    Register --test-no FIRE-4511 --os Linux --weight L --network NO --description "Check iptables kernel module"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        FIND=`lsmod | awk '{ print $1 }' | grep "^ip*_tables"`
+        if [ ! "${FIND}" = "" ]; then
+            FIREWALL_ACTIVE=1
+            FIREWALL_SOFTWARE="iptables"
+            IPTABLES_ACTIVE=1
+            IPTABLES_MODULE_ACTIVE=1
+            Display --indent 2 --text "- Checking iptables kernel module" --result FOUND --color GREEN
+            logtext "Result: Found iptables in loaded kernel modules"
+            for I in ${FIND}; do
+                logtext "Found module: ${I}"
+            done
+          else
+            Display --indent 2 --text "- Checking iptables kernel module" --result "NOT FOUND" --color WHITE
+
+            # If we can't find an active module, try to find the Linux configuration file and check that
+            if [ -f /proc/config.gz ]; then
+                LINUXCONFIGFILE="/proc/config.gz"; tCATCMD="zcat";
+            fi
+            sLINUXCONFIGFILE="/boot/config-`uname -r`"
+            if [ -f ${sLINUXCONFIGFILE} ]; then
+                LINUXCONFIGFILE=${sLINUXCONFIGFILE}; tCATCMD="cat";
+            fi
+
+            # If we have a kernel configuration file, use it for testing
+            # Do not perform test if we already found it in kernel module list, to avoid triggered it in the upcoming
+            # tests, when using iptables --list
+            if [ ! "${LINUXCONFIGFILE}" = "" -a -f ${LINUXCONFIGFILE} -a ${IPTABLES_MODULE_ACTIVE} -eq 0 ]; then
+                logtext "Result: found kernel configuration file (${LINUXCONFIGFILE})"
+                FIND=`${tCATCMD} ${LINUXCONFIGFILE} | grep -v '^#' | grep "CONFIG_IP_NF_IPTABLES" | head -n 1`
+                if [ ! "${FIND}" = "" ]; then
+                    HAVEMOD=`echo ${FIND} | cut -d '=' -f2`
+                    # Do not use iptables if it's compiled as a module (=m), since we already tested for it in the
+                    # active list.
+                    if [ "${HAVEMOD}" = "y" ]; then
+                            logtext "Result: iptables available as a module in the configuration"
+                            IPTABLES_ACTIVE=1
+                            IPTABLES_INKERNEL_ACTIVE=1
+                            FIREWALL_ACTIVE=1
+                            FIREWALL_SOFTWARE="iptables"
+                            Display --indent 2 --text "- Checking iptables in config file" --result FOUND --color GREEN
+                      else
+                        logtext "Result: no iptables found in Linux kernel config file"
+                    fi
+                  else
+                    logtext "Result: no Linux configuration file found"
+                    Display --indent 2 --text "- Checking iptables in config file" --result "NOT FOUND" --color WHITE
+                fi
+            fi
+        fi
+    fi
+#
+#################################################################################
+#
+    # Test        : FIRE-4512
+    # Description : Check iptables for empty ruleset
+    if [ ! "${IPTABLESBINARY}" = "" -a ${IPTABLES_ACTIVE} -eq 1 ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
+    Register --test-no FIRE-4512 --preqs-met ${PREQS_MET} --os Linux --weight L --network NO --description "Check iptables for empty ruleset"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        FIND=`${IPTABLESBINARY} --list --numeric | egrep -v "^(Chain|target|$)" | wc -l | tr -d ' '`
+        if [ "${FIND}" = "0" ]; then
+            # Firewall is active, but clearly needs configuration
+            FIREWALL_ACTIVE=1
+            logtext "Result: iptables ruleset is empty"
+            Display --indent 4 --text "- Checking for empty ruleset" --result WARNING --color RED
+            ReportWarning ${TEST_NO} "L" "iptables module(s) loaded, but no rules active"
+            ReportSuggestion ${TEST_NO} "Disable iptables kernel module if not used or make sure rules are being used"
+          else
+            logtext "Result: one or more rules are available"
+            Display --indent 4 --text "- Checking for empty ruleset" --result OK --color GREEN
+        fi
+    fi
+#
+#################################################################################
+#
+    # Test        : FIRE-4513
+    # Description : Check iptables for unused rules
+    if [ ! "${IPTABLESBINARY}" = "" -a ${IPTABLES_ACTIVE} -eq 1 ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
+    Register --test-no FIRE-4513 --preqs-met ${PREQS_MET} --os Linux --weight L --network NO --description "Check iptables for unused rules"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        FIND=`${IPTABLESBINARY} --list --numeric --line-numbers --verbose | awk '{ if ($2=="0") print $1 }' | xargs`
+        if [ "${FIND}" = "" ]; then
+            Display --indent 4 --text "- Checking for unused rules" --result OK --color GREEN
+            logtext "Result: There are no unused rules present"
+          else
+            Display --indent 4 --text "- Checking for unused rules" --result WARNING --color YELLOW
+            logtext "Result: Found one or more possible unused rules"
+            logtext "Description: Unused rules can be a sign that the firewall rules aren't optimized or up-to-date"
+            logtext "Note: Sometimes rules aren't triggered but still in use. Keep this in mind before cleaning up rules."
+            logtext "Output: iptables rule numbers: ${FIND}"
+            #ReportWarning ${TEST_NO} "L" "Found possible unused iptables rules ($FIND)"
+            ReportSuggestion ${TEST_NO} "Check iptables rules to see which rules are currently not used"
+            logtext "Tip: iptables --list --numeric --line-numbers --verbose"
+        fi
+    fi
+#
+#################################################################################
+#
+    # Test        : FIRE-4518
+    # Description : Checking status of pf firewall components
+    Register --test-no FIRE-4518 --weight L --network NO --description "Check pf firewall components"
+    if [ ${SKIPTEST} -eq 0 ]; then
+
+        PFFOUND=0; PFLOGDFOUND=0
+
+        # Check status with pfctl
+        logtext "Test: checking pf status via pfctl"
+        if [ ! "${PFCTLBINARY}" = "" ]; then
+            FIND=`${PFCTLBINARY} -sa 2>&1 | grep "^Status" | head -1 | awk '{ print $2 }'`
+            if [ "${FIND}" = "Enabled" ]; then
+                Display --indent 2 --text "- Checking pf status (pfctl)" --result ENABLED --color GREEN
+                logtext "Result: pf is enabled"
+                PFFOUND=1
+                AddHP 3 3
+              else
+                if [ "${FIND}" = "Disabled" ]; then
+                    Display --indent 2 --text "- Checking pf status (pfctl)" --result DISABLED --color RED
+                    logtext "Result: pf is disabled"
+                    AddHP 0 3
+                  else
+                    Display --indent 2 --text "- Checking pf status (pfctl)" --result UNKNOWN --color YELLOW
+                    ReportException ${TEST_NO} "Unknown status of pf firewall"
+                fi
+            fi
+        fi
+
+        # If we didn't find the status to be enabled, stop searching
+        if [ ${PFFOUND} -eq 1 ]; then
+            # Check for pf kernel module (FreeBSD and similar)
+            logtext "Test: searching for pf kernel module"
+            if [ ! "${KLDSTATBINARY}" = "" ]; then
+                FIND=`${KLDSTATBINARY} | grep 'pf.ko'`
+                if [ "${FIND}" = "" ]; then
+                    logtext "Result: Can not find pf KLD"
+                  else
+                    logtext "Result: pf KLD loaded"
+                    PFFOUND=1
+                fi
+              else
+                logtext "Result: no kldstat binary, skipping this part"
+            fi
+
+            IsRunning pflogd
+            if [ ${RUNNING} -eq 1 ]; then
+                logtext "Result: found pflog daemon in process list"
+                Display --indent 4 --text "- Checking pflogd status" --result ACTIVE --color GREEN
+                PFFOUND=1
+                PFLOGDFOUND=1
+              else
+                logtext "Result: pflog daemon not found in process list"
+                Display --indent 4 --text "- Checking pflogd status" --result "NOT FOUND" --color YELLOW
+            fi
+        fi
+
+        if [ ${PFFOUND} -eq 1 ]; then
+            FIREWALL_ACTIVE=1
+            FIREWALL_SOFTWARE="pf"
+          else
+            logtext "Result: pf not running on this system"
+            Display --indent 2 --text "- Checking pf" --result "NOT FOUND" --color WHITE
+        fi
+    fi
+#
+#################################################################################
+#
+    # Test        : FIRE-4520
+    # Description : Check pf configuration consistency
+    if [ ${PFFOUND} -eq 1 ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
+    Register --test-no FIRE-4520 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check pf configuration consistency"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        logtext "Test: check /etc/pf.conf"
+        # Test for warnings (-n don't load the rules)
+        if [ -f /etc/pf.conf ]; then
+            logtext "Result: /etc/pf.conf exists"
+            # Check results from pfctl
+            PFWARNINGS=`pfctl -n -f /etc/pf.conf -vvv 2>&1 | grep -i 'warning'`
+            if [ "${PFWARNINGS}" = "" ]; then
+                Display --indent 4 --text "- Checking pf configuration consistency" --result OK --color GREEN
+                logtext "Result: no pf filter warnings found"
+              else
+                Display --indent 4 --text "- Checking pf configuration consistency" --result WARNING --color RED
+                logtext "Result: found one or more warnings in the pf filter rules"
+                ReportWarning ${TEST_NO} "H" "Found one or more warnings in pf configuration file"
+                ReportSuggestion ${TEST_NO} "Run 'pfctl -n -f /etc/pf.conf -vvv' to see available pf warnings"
+            fi
+          else
+            logtext "Result: /etc/pf.conf does NOT exist"
+        fi
+    fi
+#
+#################################################################################
+#
+    # Test        : FIRE-4522
+    # Description : Check ipchains
+#
+#################################################################################
+#
+    # Test        : FIRE-4526
+    # Description : Check ipf (Solaris)
+    if [ ! "${IPFBINARY}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
+    Register --test-no FIRE-4526 --os Solaris --preqs-met ${PREQS_MET} --weight L --network NO --description "Check ipf status"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        FIND=`${IPFBINARY} -n -V | grep "^Running" | awk '{ print $2 }'`
+        if [ "${FIND}" = "yes" ]; then
+            Display --indent 4 --text "- Checking ipf status" --result RUNNING --color GREEN
+            logtext "Result: ipf is enabled and running"
+            FIREWALL_ACTIVE=1
+            FIREWALL_SOFTWARE="ipf"
+          else
+            Display --indent 4 --text "- Checking ipf status" --result "NOT RUNNING" --color YELLOW
+            logtext "Result: ipf is not running"
+        fi
+    fi
+#
+#################################################################################
+#
+    # Test        : FIRE-4530
+    # Description : Check ipfw
+#
+#################################################################################
+#
+    # Test        : FIRE-4590
+    # Description : Check if at least one firewall if active
+    Register --test-no FIRE-4590 --weight L --network NO --description "Check firewall status"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        if [ ${FIREWALL_ACTIVE} -eq 1 ]; then
+            Display --indent 2 --text "- Checking host based firewall" --result ACTIVE --color GREEN
+            logtext "Result: host based firewall or packet filter is active"
+            #YYY add manual item to report
+            report "manual[]=Verify if there is a formal process for testing and applying firewall rules"
+            report "manual[]=verify all traffic is filtered the right way between the different security zones"
+            report "manual[]=verify if a list is available with all required services"
+            # YYY Solaris ipf (determine default policy)
+            report "manual[]=Make sure an explicit deny all is the default policy for all unmatched traffic"
+            AddHP 5 5
+          else
+            Display --indent 2 --text "- Checking host based firewall" --result "NOT ACTIVE" --color YELLOW
+            logtext "Result: no host based firewall/packet filter found or configured"
+            ReportSuggestion ${TEST_NO} "Configure a firewall/packet filter to filter incoming and outgoing traffic"
+            AddHP 0 5
+        fi
+    fi
+#
+#################################################################################
+#
+
+# Report firewall installed for now, if we found one active. Next step would be determining binaries first and apply additional checks.
+report "firewall_installed=${FIREWALL_ACTIVE}"
+report "firewall_active=${FIREWALL_ACTIVE}"
+report "firewall_software=${FIREWALL_SOFTWARE}"
+
+
+wait_for_keypress
+
+#
+#================================================================================
+# Lynis - Copyright 2007-2014, Michael Boelen - www.rootkit.nl - The Netherlands
diff --git a/include/tests_hardening b/include/tests_hardening
new file mode 100644
index 00000000..fe59965e
--- /dev/null
+++ b/include/tests_hardening
@@ -0,0 +1,140 @@
+#!/bin/sh
+
+#################################################################################
+#
+#   Lynis
+# ------------------
+#
+# Copyright 2007-2014, Michael Boelen (michael@rootkit.nl), The Netherlands
+# Web site: http://www.rootkit.nl
+#
+# Lynis comes with ABSOLUTELY NO WARRANTY. This is free software, and you are
+# welcome to redistribute it under the terms of the GNU General Public License.
+# See LICENSE file for usage of this software.
+#
+#################################################################################
+#
+    InsertSection "Hardening"
+
+    # COMPILER_INSTALLED is initialised before
+    HARDEN_COMPILERS_NEEDED=0
+#
+#################################################################################
+#
+    # Test        : HRDN-7220
+    # Description : Check for installed compilers
+    Register --test-no HRDN-7220 --weight L --network NO --description "Check if one or more compilers are installed"
+    if [ ${SKIPTEST} -eq 0 ]; then
+	logtext "Test: Check if one or more compilers can be found on the system"
+	if [ ${COMPILER_INSTALLED} -eq 0 ]; then
+	    logtext "Result: no compilers found"
+	    Display --indent 4 --text "- Installed compiler(s)..." --result "NOT FOUND" --color GREEN
+	    AddHP 3 3
+	  else
+	    logtext "Result: found installed compiler. See top of logfile which compilers have been found or use grep to filter on 'compiler'"
+	    Display --indent 4 --text "- Installed compiler(s)..." --result "FOUND" --color RED
+	    ReportSuggestion ${TEST_NO} "Harden the system by removing unneeded compilers. This can decrease the chance of customized trojans, backdoors and rootkits to be compiled and installed"
+	    AddHP 1 3
+	fi
+    fi
+#
+#################################################################################
+#
+    # Test        : HRDN-7222
+    # Description : Check for permissions of installed compilers
+    Register --test-no HRDN-7222 --weight L --network NO --description "Check compiler permissions"
+    if [ ${SKIPTEST} -eq 0 ]; then
+	logtext "Test: Check if one or more compilers can be found on the system"
+	HARDEN_COMPILERS_NEEDED=0
+	if [ ${COMPILER_INSTALLED} -eq 0 ]; then
+	    logtext "Result: no compilers found"
+	  else
+	    # as
+	    if [ ! "${ASBINARY}" = "" ]; then
+		logtext "Test: Check file permissions for as (Assembler)"
+		IsWorldExecutable ${ASBINARY}
+		if [ ${SYMLINK} -eq 0 ]; then
+		    logtext "Binary: ${ASBINARY} (world executable: ${FileIsWorldExecutable})"
+		  else
+		    logtext "Binary: ${GCCBINARY} (symlinked to: ${sFILE}) (world executable: ${FileIsWorldExecutable})"
+		fi  
+                if [ ${FileIsWorldExecutable} = "TRUE" ]; then
+                    AddHP 2 3
+                    HARDEN_COMPILERS_NEEDED=1
+                  else
+                    AddHP 3 3
+                fi
+	    fi
+	    # gcc
+	    if [ ! "${GCCBINARY}" = "" ]; then
+		logtext "Test: Check file permissions for GCC compiler"
+		IsWorldExecutable ${GCCBINARY}
+		if [ ${SYMLINK} -eq 0 ]; then
+		    logtext "Binary: ${GCCBINARY} (world executable: ${FileIsWorldExecutable})"
+		  else
+		    logtext "Binary: ${GCCBINARY} (symlinked to: ${sFILE}) (world executable: ${FileIsWorldExecutable})"
+		fi  
+                if [ ${FileIsWorldExecutable} = "TRUE" ]; then
+                    AddHP 2 3
+                    HARDEN_COMPILERS_NEEDED=1
+                  else
+                    AddHP 3 3
+                fi
+	    fi
+	    # Report suggestion is one or more compilers can be better hardened
+	    if [ ${HARDEN_COMPILERS_NEEDED} -eq 1 ]; then
+	        logtext "Result: at least one compiler could be better hardened by restricting executable access to root or group only"
+		ReportSuggestion ${TEST_NO} "Harden compilers and restrict access to world"
+	    fi
+
+	    #YYY check if compilers have a specific group (like compiler, or NOT root/wheel)
+#	    Display --indent 4 --text "- Installed compiler(s)..." --result "FOUND" --color RED
+	    # /usr/bin/*cc*
+	    # /usr/bin/*++*
+	    # /usr/bin/ld
+	    # (and 700 or 750 permissions)
+	fi
+    fi
+#
+#################################################################################
+#
+    # Test        : HRDN-7230
+    # Description : Check for installed malware scanners
+    Register --test-no HRDN-7230 --weight L --network NO --description "Check for malware scanner"
+    if [ ${SKIPTEST} -eq 0 ]; then
+	logtext "Test: Check if one or more compilers can be found on the system"
+	if [ ${MALWARE_SCANNER_INSTALLED} -eq 1 ]; then
+	    logtext "Result: found at least one malware scanner"
+	    Display --indent 4 --text "- Installed malware scanner..." --result "FOUND" --color GREEN
+	    AddHP 3 3
+	  else
+	    logtext "Result: no malware scanner found"
+	    Display --indent 4 --text "- Installed malware scanner..." --result "NOT FOUND" --color RED
+	    ReportSuggestion ${TEST_NO} "Harden the system by installing one or malware scanners to perform periodic file system scans"
+	    AddHP 1 3
+	fi
+    fi
+#
+#################################################################################
+#
+            
+#    logtext "--------------------------------------------------------------------"
+#    logtext "| System part                        | Preferred value | Actual value | Points |"
+#    logtext "| [!] Compiler installed               |              0  | [${COMPILER_INSTALLED}]     | x  |"
+#    logtext "| [V] Malware scanner installed        |              1  | [x]     | x  |"
+#    logtext "| [V] Packet filter enabled            |              1  | [x]     | x  |"
+#    logtext "--------------------------------------------------------------------"
+#    logtext "| [!]: Hardening possible,  [V]: Hardening performed,  [ ]: Unknown "
+#    logtext "--------------------------------------------------------------------"
+
+    
+#
+#################################################################################
+#
+
+report "compiler_installed=${COMPILER_INSTALLED}"
+wait_for_keypress
+
+#
+#================================================================================
+# Lynis - Copyright 2007-2014, Michael Boelen - www.rootkit.nl - The Netherlands
diff --git a/include/tests_hardening_tools b/include/tests_hardening_tools
new file mode 100644
index 00000000..e4a90a78
--- /dev/null
+++ b/include/tests_hardening_tools
@@ -0,0 +1,52 @@
+#!/bin/sh
+
+#################################################################################
+#
+#   Lynis
+# ------------------
+#
+# Copyright 2007-2014, Michael Boelen (michael@rootkit.nl), The Netherlands
+# Web site: http://www.rootkit.nl
+#
+# Lynis comes with ABSOLUTELY NO WARRANTY. This is free software, and you are
+# welcome to redistribute it under the terms of the GNU General Public License.
+# See LICENSE file for usage of this software.
+#
+#################################################################################
+#
+#    InsertSection "Hardening tools"
+#
+#################################################################################
+#
+    # Checking Solaris Security Toolkit (Jass)
+    # Test        : HRDN-7402
+    # Description : Check jass hardening
+    #    Register --test-no HRDN-7402 --weight L --network NO --description "Check jass hardening"
+    #    if [ ${SKIPTEST} -eq 0 ]; then
+    #        if [ -d /opt/SUNWjass -o -d /var/opt/SUNWjass ]; then
+    #        logtext "Result: found Solaris Security Toolkit (Jass hardening tool)"
+    #    fi
+    #
+#
+#################################################################################
+#
+    # Test        : HRDN-7410
+    # Description : Check tiger hardening tool
+#
+#################################################################################
+#
+    # Test        : HRDN-7420
+    # Description : Check Bastille Unix hardening tool
+#
+#################################################################################
+#
+    # Checking Solaris Security Toolkit (ASET)
+    # - Automated Security Enhancement Tool
+
+    # AddHP 3 3
+
+#wait_for_keypress
+
+#
+#================================================================================
+# Lynis - Copyright 2007-2014, Michael Boelen - www.rootkit.nl - The Netherlands
diff --git a/include/tests_homedirs b/include/tests_homedirs
new file mode 100644
index 00000000..0ec1cad1
--- /dev/null
+++ b/include/tests_homedirs
@@ -0,0 +1,125 @@
+#!/bin/sh
+
+#################################################################################
+#
+#   Lynis
+# ------------------
+#
+# Copyright 2007-2014, Michael Boelen (michael@rootkit.nl), The Netherlands
+# Web site: http://www.rootkit.nl
+#
+# Lynis comes with ABSOLUTELY NO WARRANTY. This is free software, and you are
+# welcome to redistribute it under the terms of the GNU General Public License.
+# See LICENSE file for usage of this software.
+#
+#################################################################################
+#
+# Home directories
+#
+#################################################################################
+#
+    InsertSection "Home directories"
+#
+#################################################################################
+#
+    # Ignore some top level directories (not the sub directories below)
+    IGNORE_HOME_DIRS="/bin /boot /cdrom /dev /etc /home /lib /lib64 /media /mnt
+                      /opt /proc /sbin /selinux /srv /sys /tmp /usr /var"
+    
+#
+#################################################################################
+#
+
+    # Test        : HOME-9302
+    # Description : Create list with home directories
+    Register --test-no HOME-9302 --weight L --network NO --description "Create list with home directories"
+    if [ ${SKIPTEST} -eq 0 ]; then
+	# Read sixth field of /etc/passwd
+	logtext "Test: query /etc/passwd to obtain home directories"
+        FIND=`${AWKBINARY} -F: '{ if ($1 !~ "#") print $6 }' /etc/passwd | sort | uniq`
+	for I in ${FIND}; do
+	    if [ -d ${I} ]; then
+	        logtext "Result: found home directory: ${I} (directory exists)"
+	        report "home_directory[]=${I}"
+	      else
+	        logtext "Result: found home directory: ${I} (directory does not exist)"
+	    fi
+	done
+    fi	
+#
+#################################################################################
+#
+    # Test        : HOME-9310
+    # Description : Check for suspicious shell history files
+    Register --test-no HOME-9310 --weight L --network NO --description "Checking for suspicious shell history files"
+    if [ ${SKIPTEST} -eq 0 ]; then
+	if [ ! "${HOMEDIRS}" = "" ]; then
+	    if [ "${OS}" = "Solaris" ]; then
+	        # Solaris doesn't support -maxdepth
+	        FIND=`find ${HOMEDIRS} -name ".*history" -not -type f -print`
+	      else
+	        FIND=`find ${HOMEDIRS} -maxdepth 1 -name ".*history" -not -type f -print`
+	    fi
+	    if [ "${FIND}" = "" ]; then
+		Display --indent 2 --text "- Checking shell history files... " --result OK --color GREEN
+	        logtext "Result: Ok, history files are type 'file'."
+	      else
+		Display --indent 2 --text "- Checking shell history files... " --result WARNING --color RED
+	        logtext "Result: the following files seem to be of the wrong file type:"
+	        logtext "Output: ${FIND}"
+		logtext "Info: above files could be redirected files to avoid logging and should be investigated"
+		ReportWarning ${TEST_NO} "M" "Incorrect file type found for shell history file"
+	        fi
+	    logtext "Remarks: ${HOME_HISTORY_LOG_TEXT}"
+          else
+	    Display --indent 2 --text "- Checking shell history files... " --result SKIPPED --color WHITE
+	    logtext "Result: Homedirs is empty, test will be skipped"
+	fi
+    fi
+#
+#################################################################################
+#
+    # Test        : HOME-9314
+    # Description : Check if non local paths are found in PATH, which can be a risk, but also bad for performance
+    #               (like searching on a filer, instead of local disk)
+    #Register --test-no HOME-9314 --weight L --network NO --description "Create list with home directories"
+#
+#################################################################################
+#
+    # Test        : HOME-9350
+    # Description : Scan home directories for specific files, used in different tests later
+    # Notes       : For performance reasons we combine the scanning of different files, so inode caching is used
+    #               as much as possible for every find command
+    # Profile opt : ignore_home_dir (multiple lines allowed), ignores home directory
+    if [ ! "${REPORTFILE}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
+    Register --test-no HOME-9350 --preqs-met ${PREQS_MET} --weight L --network NO --description "Collecting information from home directories"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        IGNORE_HOME_DIRS=`grep "^config:ignore_home_dir:" ${PROFILE} | awk -F: '{ print $3 }'`
+        if [ "${IGNORE_HOME_DIRS}" = "" ]; then
+            logtext "Result: IGNORE_HOME_DIRS empty, no paths excluded"
+          else
+            logtext "Output: ${IGNORE_HOME_DIRS}"
+        fi
+    fi
+
+    #YYY
+    #echo -n "      - Checking PATH variable vulnerabilities... "
+    #
+    #FIND=`find ${HOMEDIRS} -name * | grep -r 'PATH=' | egrep '=.:|:.:|:.;' | grep -v 'CDPATH'`
+    #if [ "${FIND}" = "" ]
+    #  then
+    #    logtext "Result: Ok, no special things found in the PATH variable"
+    #  else
+    #    echo "[ ${WARNING}WARNING${NORMAL} ]"
+    #    logtext "Warning: Probably found \".\" in the PATH. Details: ${FIND}"
+    #fi
+    #
+#
+#################################################################################
+#
+
+wait_for_keypress
+
+#
+#================================================================================
+# Lynis - Copyright 2007-2014, Michael Boelen - www.rootkit.nl - The Netherlands
diff --git a/include/tests_insecure_services b/include/tests_insecure_services
new file mode 100644
index 00000000..8beb913f
--- /dev/null
+++ b/include/tests_insecure_services
@@ -0,0 +1,117 @@
+#!/bin/sh
+
+#################################################################################
+#
+#   Lynis
+# ------------------
+#
+# Copyright 2007-2014, Michael Boelen (michael@rootkit.nl), The Netherlands
+# Web site: http://www.rootkit.nl
+#
+# Lynis comes with ABSOLUTELY NO WARRANTY. This is free software, and you are
+# welcome to redistribute it under the terms of the GNU General Public License.
+# See LICENSE file for usage of this software.
+#
+#################################################################################
+#
+# Unsecure services
+#
+#################################################################################
+#
+    InsertSection "Insecure services"
+#
+#################################################################################
+#
+    INETD_ACTIVE=0
+    INETD_CONFIG_FILE="/etc/inetd.conf"
+#
+#################################################################################
+#
+    # Test        : INSE-8002
+    # Description : Check for inetd status
+    Register --test-no INSE-8002 --weight L --network NO --description "Check for enabled inet daemon"
+    if [ ${SKIPTEST} -eq 0 ]; then
+	# Check running processes
+	logtext "Test: Searching for active inet daemon..."
+	FIND=`${PSBINARY} ax | grep "inetd" | grep -v "grep"`
+	if [ ! "${FIND}" = "" ]; then
+	    logtext "Result: inetd is running"
+	    Display --indent 2 --text "- Checking inetd status..." --result ACTIVE --color GREEN
+	    #YYY perform manual check
+	    INETD_ACTIVE=1
+	  else
+	    logtext "Result: inetd is NOT running"	      
+	    Display --indent 2 --text "- Checking inetd status..." --result "NOT ACTIVE" --color GREEN
+	fi
+    fi
+#
+#################################################################################
+#
+    # Test        : INSE-8004
+    # Description : Check for inetd configuration file
+    if [ ${INETD_ACTIVE} -eq 1 ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
+    Register --test-no INSE-8004 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check for enabled inet daemon"
+    if [ ${SKIPTEST} -eq 0 ]; then
+	# Check configuration file
+	logtext "Test: Searching for file ${INETD_CONFIG_FILE}..."
+	if [ -f ${INETD_CONFIG_FILE} ]; then
+	    logtext "Result: ${INETD_CONFIG_FILE} exists"
+	    Display --indent 4 --text "- Checking inetd.conf..." --result FOUND --color WHITE
+	  else
+	    logtext "Result: ${INETD_CONFIG_FILE} does not exist"
+	    Display --indent 4 --text "- Checking inetd.conf..." --result "NOT FOUND" --color WHITE
+	fi
+	# YYY immutable bit could be set
+	# YYY permission check (already set in profile)
+    fi
+#
+#################################################################################
+#
+    # Test        : INSE-8006
+    # Description : Check for inetd configuration file contents if inetd is NOT active
+    if [ ${INETD_ACTIVE} -eq 0 -a -f ${INETD_CONFIG_FILE} ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
+    Register --test-no INSE-8006 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check for disabled inet daemon"
+    if [ ${SKIPTEST} -eq 0 ]; then
+	# Check if any service is enabled in /etc/inetd.conf (inetd is not active, see test 8002)
+	logtext "Test: check if all services are disabled if inetd is disabled"
+	FIND=`cat ${INETD_CONFIG_FILE} | grep -v "^#" | grep -v "^$"`
+	if [ "${FIND}" = "" ]; then
+	    Display --indent 4 --text "- Checking inetd.conf services..." --result OK --color GREEN
+	  else
+	    Display --indent 4 --text "- Checking inetd.conf services..." --result SUGGESTION --color YELLOW
+	    ReportSuggestion ${TEST_NO} "Although inetd is not running, make sure no services are enabled in ${INETD_CONFIG_FILE}"
+	fi
+    fi
+#
+#################################################################################
+#
+    # Test        : INSE-8016
+    # Description : Check for telnet enabled via inetd
+    if [ ${INETD_ACTIVE} -eq 1 -a -f ${INETD_CONFIG_FILE} ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
+    Register --test-no INSE-8016 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check for telnet via inetd"
+    if [ ${SKIPTEST} -eq 0 ]; then
+	logtext "Test: checking telnet presence in inetd configuration"
+	FIND=`grep "^telnet" ${INETD_CONFIG_FILE}`
+	if [ "${FIND}" = "" ]; then
+	    logtext "Result: telnet not enabled in ${INETD_CONFIG_FILE}"
+	    Display --indent 2 --text "- Checking inetd (telnet)..." --result FOUND --color GREEN
+	  else
+	    logtext "Result: telnet enabled in ${INETD_CONFIG_FILE}"
+	    Display --indent 2 --text "- Checking inetd (telnet)..." --result WARNING --color RED
+        fi
+    fi
+#
+#################################################################################
+#
+# Check telnet in /etc/xinetd.conf
+# Check telnet in /etc/xinetd/*
+# Check running telnet daemon (telnetd)
+# rshd rlogin rexec
+# /etc/hosts.equiv
+
+
+wait_for_keypress
+
+#
+#================================================================================
+# Lynis - Copyright 2007-2014, Michael Boelen - www.rootkit.nl - The Netherlands
diff --git a/include/tests_kernel b/include/tests_kernel
new file mode 100644
index 00000000..a0107973
--- /dev/null
+++ b/include/tests_kernel
@@ -0,0 +1,458 @@
+#!/bin/sh
+
+#################################################################################
+#
+#   Lynis
+# ------------------
+#
+# Copyright 2007-2014, Michael Boelen (michael@rootkit.nl), The Netherlands
+# Web site: http://www.rootkit.nl
+#
+# Lynis comes with ABSOLUTELY NO WARRANTY. This is free software, and you are
+# welcome to redistribute it under the terms of the GNU General Public License.
+# See LICENSE file for usage of this software.
+#
+#################################################################################
+#
+# Kernel
+#
+#################################################################################
+#
+    InsertSection "Kernel"
+#
+#################################################################################
+#
+    CORE_DUMPS_DISABLED=0
+    CPU_PAE=0
+    CPU_NX=0
+#
+#################################################################################
+#
+    # Test        : KRNL-5622
+    # Description : Check default run level on Linux machines
+    Register --test-no KRNL-5622 --os Linux --weight L --network NO --description "Determine Linux default run level"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        # Checking if we can find the systemd default target
+        logtext "Test: Checking for systemd default.target"
+        if [ -L /etc/systemd/system/default.target ]; then
+            logtext "Result: symlink found"
+            if [ ! "${READLINKBINARY}" = "" ]; then
+                FIND=`${READLINKBINARY} /etc/systemd/system/default.target`
+                if [ "${FIND}" = "" ]; then
+                    logtext "Exception: can't find the target of the symlink of /etc/systemd/system/default.target"
+                    ReportException "${TEST_NO}:01"
+                  else
+                    FIND2=`echo ${FIND} | egrep "runlevel5|graphical"`
+                    if [ ! "${FIND2}" = "" ]; then
+                        logtext "Result: Found match on runlevel5/graphical"
+                        Display --indent 2 --text "- Checking default runlevel..." --result "runlevel 5" --color GREEN
+                        report "linux_default_runlevel=5"
+                      else 
+                        logtext "Result: No match found on runlevel, defaulting to runlevel 3"
+                        Display --indent 2 --text "- Checking default runlevel..." --result "runlevel 3" --color GREEN
+                        report "linux_default_runlevel=3"
+                    fi
+                fi
+              else
+                logtext "Result: No readlink binary, can't determine where symlink is pointing to"
+                Display --indent 2 --text "- Checking default run level" --result UNKNOWN --color YELLOW
+            fi
+          else
+            logtext "Result: no systemd found, so trying inittab"
+            logtext "Test: Checking /etc/inittab"
+            if [ -f /etc/inittab ]; then
+                logtext "Result: file /etc/inittab found"
+                logtext "Test: Checking default Linux run level..."
+                FIND=`awk -F: '/^id/ { print $2; }' /etc/inittab | head -n 1`
+                if [ "${FIND}" = "" ]; then
+                    Display --indent 2 --text "- Checking default runlevel" --result UNKNOWN --color YELLOW
+                    logtext "Result: Can't determine default run level from /etc/inittab"
+                  else
+                    Display --indent 2 --text "- Checking default run level..." --result "${FIND}" --color GREEN
+                    logtext "Found default run level '${FIND}'"
+                    report "linux_default_runlevel=${FIND}"
+                fi
+              else
+                logtext "Result: file /etc/inittab not found"
+                if [ "${LINUX_VERSION}" = "Debian" -o "${LINUX_VERSION}" = "Ubuntu" ]; then
+                    logtext "Test: Checking run level with who -r, for Debian based systems"
+                    FIND=`who -r | awk '{ if ($1=="run-level") { print $2 } }'`
+                    if [ ! "${FIND}" = "" ]; then
+                        logtext "Result: Found default run level '${FIND}'"
+    	                report "linux_default_runlevel=${FIND}"
+    	                Display --indent 2 --text "- Checking default run level..." --result "RUNLEVEL ${FIND}" --color GREEN
+    	              else
+    	                logtext "Result: Can't determine default run level from who -r"
+    	                Display --indent 2 --text "- Checking default run level..." --result UNKNOWN --color YELLOW
+    	            fi
+    	        fi
+    	    fi
+        fi
+    fi 
+#
+#################################################################################
+#
+
+    # Test        : KRNL-5677
+    # Description : Check CPU options and support (PAE, No eXecute, eXecute Disable)
+    # More info   : pae and nx bit are both visible on AMD and Intel CPU's if supported
+    Register --test-no KRNL-5677 --os Linux --weight L --network NO --description "Check CPU options and support"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        Display --indent 2 --text "- Checking CPU support (NX/PAE)"
+        logtext "Test: Checking /proc/cpuinfo..."
+        if [ -f /proc/cpuinfo ]; then
+            logtext "Result: found /proc/cpuinfo"
+            logtext "Test: Checking CPU options (XD/NX/PAE)..."
+            FIND_PAE_NX=`cat /proc/cpuinfo | grep " pae " | grep " nx "`
+            FIND_PAE=`cat /proc/cpuinfo | grep " pae "`
+            FIND_NX=`cat /proc/cpuinfo | grep " nx "`
+            FOUND=0
+            if [ ! "${FIND_PAE_NX}" = "" ]; then
+                logtext "PAE: Yes"
+                logtext "NX: Yes"
+                CPU_PAE=1
+                CPU_NX=1
+                logtext "Result: PAE or No eXecute option(s) both found"
+                report "cpu_pae=1"
+                report "cpu_nx=1"
+                FOUND=1
+              else
+                if [ ! "${FIND_PAE}" = "" -a "${FIND_NX}" = "" ]; then
+                    report "cpu_pae=1"
+                    logtext "Result: found PAE"
+                    CPU_PAE=1
+                    FOUND=1
+                  else
+                    if [ ! "${FIND_NX}" = "" -a "${FIND_PAE}" = "" ]; then
+                        report "cpu_nx=1"
+                        logtext "Result: found No eXecute"
+                        CPU_NX=1
+                        FOUND=1
+                      else
+                        logtext "Result: found no CPU options enabled (PAE or NX bit)"
+                    fi
+                fi
+            fi
+            if [ ${FOUND} -eq 1 ]; then
+                Display --indent 4 --text "CPU support: PAE and/or NoeXecute supported" --result FOUND --color GREEN
+              else
+                Display --indent 4 --text "CPU support: No PAE or NoeXecute supported" --result NONE --color YELLOW
+                ReportSuggestion ${TEST_NO} "Use a PAE enabled kernel when possible to gain native No eXecute/eXecute Disable support"
+            fi
+          else
+            Display --indent 4 --text "CPU support: no /proc/cpuinfo" --result SKIPPED --color YELLOW
+            logtext "Result: /proc/cpuinfo not found"
+        fi
+    fi
+#
+#################################################################################
+#
+    # Test        : KRNL-5680
+    # Description : Check if installed kernel has PAE support
+    # Dependency  : KRNL-5677
+    # More info   : RedHat/CentOS/Fedora uses the package name 'kernel-PAE'
+#
+#################################################################################
+#
+    # Test        : KRNL-5695
+    # Description : Determining Linux kernel version and release number
+    Register --test-no KRNL-5695 --os Linux --weight L --network NO --description "Determine Linux kernel version and release number"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        # Kernel number (and suffix)
+        LINUX_KERNEL_RELEASE=`uname -r`
+        report "linux_kernel_release=${LINUX_KERNEL_RELEASE}"
+        logtext "Result: found kernel release ${LINUX_KERNEL_RELEASE}"
+        # Type and build date
+        LINUX_KERNEL_VERSION=`uname -v`
+        report "linux_kernel_version=${LINUX_KERNEL_VERSION}"
+        logtext "Result: found kernel version ${LINUX_KERNEL_VERSION}"
+        Display --indent 2 --text "- Checking kernel version and release" --result DONE --color GREEN
+    fi
+#
+#################################################################################
+#
+    # Test        : KRNL-5723
+    # Description : Check if Linux is build as a monolithic kernel or not
+    Register --test-no KRNL-5723 --os Linux --weight L --network NO --description "Determining if Linux kernel is monolithic"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        if [ ! "${LSMODBINARY}" = "" ]; then
+            logtext "Test: checking if kernel is monolithic or modular"
+            # Checking if any modules are loaded
+            FIND=`${LSMODBINARY} | grep -v "^Module" | wc -l | tr -s ' ' | tr -d ' '`
+            Display --indent 2 --text "- Checking kernel type" --result DONE --color GREEN
+            if [ "${FIND}" = "0" ]; then
+                logtext "Result: Found monolithic kernel"
+                report "linux_kernel_type=monolithic"
+                MONOLITHIC_KERNEL=1
+              else
+                logtext "Result: Found modular kernel"
+                report "linux_kernel_type=modular"
+                MONOLITHIC_KERNEL=0
+            fi
+          else
+            logtext "Test skipped, no lsmod binary found"
+            # Exception?
+        fi
+    fi
+#
+#################################################################################
+#
+    # Test        : KRNL-5726
+    # Description : Checking Linux loaded kernel modules
+    Register --test-no KRNL-5726 --os Linux --weight L --network NO --description "Checking Linux loaded kernel modules"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        if [ ! "${LSMODBINARY}" = "" ]; then
+            FIND=`lsmod | awk '{ if ($1!="Module") print $1 }' | sort`
+            Display --indent 2 --text "- Checking loaded kernel modules" --result DONE --color GREEN
+            if [ ! "${FIND}" = "" ]; then
+                logtext "Loaded modules according lsmod:"
+                N=0
+                for I in ${FIND}; do
+                        logtext "Loaded module: ${I}"
+                        report "loaded_kernel_module[]=${I}"
+                        N=`expr ${N} + 1`
+                done
+                Display --indent 6 --text "Found ${N} active modules"
+              else
+                logtext "Result: no loaded modules found"
+                logtext "Notice: No loaded kernel modules could indicate a broken/malformed lsmod, or a (custom) monolithic kernel"
+            fi
+          else
+            logtext "Test skipped, no lsmod binary found"
+            # Exception?
+        fi
+    fi
+#
+#################################################################################
+#
+    # Test        : KRNL-5728
+    # Description : Checking for available Linux kernel configuration file in /boot
+    Register --test-no KRNL-5728 --os Linux --weight L --network NO --description "Checking Linux kernel config"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        LINUXCONFIGFILE="/boot/config-`uname -r`"
+        if [ -f ${LINUXCONFIGFILE} ]; then
+            logtext "Result: found config (${LINUXCONFIGFILE})"
+            Display --indent 2 --text "- Checking Linux kernel configuration file" --result FOUND --color GREEN
+          else
+            logtext "Result: no Linux kernel configuration file found in /boot"
+            Display --indent 2 --text "- Checking Linux kernel configuration file" --result "NOT FOUND" --color WHITE
+        fi
+    fi
+#
+#################################################################################
+#
+    # Test        : KRNL-5730
+    # Description : Checking default I/O kernel scheduler
+    PREQS_MET="NO"
+    if [ ! "${LINUXCONFIGFILE}" = "" ]; then
+        if [ -f ${LINUXCONFIGFILE} ]; then PREQS_MET="YES"; fi
+    fi
+    Register --test-no KRNL-5730 --os Linux --preqs-met ${PREQS_MET} --weight L --network NO --description "Checking disk I/O kernel scheduler"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        logtext "Test: Checking the default I/O kernel scheduler"
+        LINUX_KERNEL_IOSCHED=`${GREPBINARY} "CONFIG_DEFAULT_IOSCHED" ${LINUXCONFIGFILE} | awk -F= '{ print $2 }' | sed s/\"//g`
+        if [ ! "${LINUX_KERNEL_IOSCHED}" = "" ]; then
+            logtext "Result: found [${LINUX_KERNEL_IOSCHED}]"
+            Display --indent 2 --text "- Checking default I/O kernel scheduler" --result FOUND --color GREEN
+            report "linux_kernel_io_scheduler[]=${LINUX_KERNEL_IOSCHED}"
+          else
+            logtext "Result: no default i/o kernel scheduler found"
+            Display --indent 2 --text "- Checking default I/O kernel scheduler" --result "NOT FOUND" --color WHITE
+        fi
+   fi
+#
+#################################################################################
+#
+# YYY Check for kernel options
+#
+#################################################################################
+#
+    # Test        : KRNL-5745
+    # Description : Checking FreeBSD loaded kernel modules
+    Register --test-no KRNL-5745 --os FreeBSD --weight L --network NO --description "Checking FreeBSD loaded kernel modules"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        Display --indent 2 --text "- Checking active kernel modules..."
+        logtext "Test: ${KERNEL_ACTIVE_MODULES_TITLE}"
+        logtext "Description: ${KERNEL_ACTIVE_MODULES_DESCRIPTION}"
+        logtext "Action: Checking modules"
+        if [ -f /sbin/kldstat ]; then
+            FIND=`kldstat | grep -v 'Name' | tr -s ' ' | cut -d ' ' -f6`
+            if [ $? -eq 0 ]; then
+                logtext "Loaded modules according kldstat:"
+                N=0
+                for I in ${FIND}; do
+                    logtext "Loaded module: ${I}"
+                    report "loaded_kernel_module[]=${I}"
+                    N=`expr ${N} + 1`
+                done
+                Display --indent 4 --text "Found ${N} kernel modules" --result DONE --color GREEN
+              else
+                Display --indent 4 --text "Test failed" --result WARNING --color RED
+                logtext "Result: Problem with executing kldstat"
+            fi
+          else
+            echo "[ ${WHITE}SKIPPED${NORMAL} ]"
+            logtext "Result: no results, can't find /sbin/kldstat"
+        fi
+    fi
+#
+#################################################################################
+#
+    # Test        : KRNL-5770
+    # Description : Checking Solaris load modules
+    Register --test-no KRNL-5770 --os Solaris --weight L --network NO --description "Checking active kernel modules"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        logtext "Test: searching loaded kernel modules"
+        FIND=`modinfo -c -w | grep -v "UNLOADED" | grep LOADED | awk '{ print $3 }' | sort`
+        if [ ! "${FIND}" = "" ]; then
+            for I in ${FIND}; do
+                logtext "Found module: ${I}"
+                report "loaded_kernel_module[]=${I}"
+            done
+            Display --indent 2 --text "- Checking Solaris active kernel modules" --result DONE --color GREEN
+          else
+            logtext "Result: no output"
+            Display --indent 2 --text "- Checking Solaris active kernel modules" --result UNKNOWN --color YELLOW
+        fi
+    fi
+#
+#################################################################################
+#
+    # Test        : KRNL-5788
+    # Description : Checking availability new kernel
+    if [ "${LINUX_VERSION}" = "Debian" -o "${LINUX_VERSION}" = "Ubuntu" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
+    Register --test-no KRNL-5788 --os Linux --preqs-met ${PREQS_MET} --weight L --network NO --description "Checking availability new Linux kernel"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        logtext "Test: Searching apt-cache, to determine if a newer kernel is available"
+        if [ -x /usr/bin/apt-cache ]; then
+            logtext "Result: found /usr/bin/apt-cache"
+            # YYY Test for presence /usr/bin/apt-cache and dpkg
+            logtext "Test: checking readlink location of /vmlinuz"
+            FINDKERNFILE=`readlink -f /vmlinuz`
+            logtext "Output: readlink reported file ${FINDKERNFILE}"
+            logtext "Test: checking package from dpkg -S"
+            FINDKERNEL=`dpkg -S ${FINDKERNFILE} 2> /dev/null | awk -F : '{print $1}'`
+            logtext "Output: dpkg -S reported package ${FINDKERNEL}"
+            logtext "Test: Using apt-cache policy to determine if there is an update available"
+            FINDINST=`apt-cache policy ${FINDKERNEL} | egrep 'Installed' | cut -d ':' -f2 | tr -d ' '`
+            FINDCAND=`apt-cache policy ${FINDKERNEL} | egrep 'Candidate' | cut -d ':' -f2 | tr -d ' '`
+            logtext "Kernel installed: ${FINDINST}"
+            logtext "Kernel candidate: ${FINDCAND}"
+            if [ "${FINDINST}" = "" ]; then
+                Display --indent 2 --text "- Checking for available kernel update... " --result UNKNOWN --color YELLOW
+                logtext "Result: Exception occured, no output from apt-cache policy"
+                ReportException "${TEST_NO}:01"
+                logtext "Exception: apt-cache policy did not return an installed kernel version"
+                ReportSuggestion ${TEST_NO} "Check the output of apt-cache policy manually to determine why output is empty"
+              else
+                if [ "${FINDINST}" = "${FINDCAND}" ]; then
+                    Display --indent 2 --text "- Checking for available kernel update... " --result OK --color GREEN
+                    logtext "Result: no kernel update available"
+                  else
+                    Display --indent 2 --text "- Checking for available kernel update... " --result "UPDATE AVAILABLE" --color YELLOW
+                    logtext "Result: kernel update available according 'apt-cache policy'."
+                    ReportSuggestion ${TEST_NO} "Determine priority for available kernel update"
+                fi
+            fi
+          else
+            logtext "Result: could NOT find /usr/bin/apt-cache, skipped other tests."
+        fi
+    fi
+#
+#################################################################################
+#
+    # Test        : KRNL-5820
+    # Description : Checking core dumps configuration (Linux)
+    Register --test-no KRNL-5820 --os Linux --weight L --network NO --description "Checking core dumps configuration"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        logtext "Test: Checking presence /etc/security/limits.conf"
+        if [ -f /etc/security/limits.conf ]; then
+            logtext "Result: file /etc/security/limits.conf exists" 
+            logtext "Test: Checking if core dumps are disabled in /etc/security/limits.conf"
+            FIND1=`cat /etc/security/limits.conf | grep -v "^#" | grep -v "^$" | awk '{ if ($1=="*" && $2=="soft" && $3=="core") { print "soft core enabled" } }'`
+            FIND2=`cat /etc/security/limits.conf | grep -v "^#" | grep -v "^$" | awk '{ if ($1=="*" && $2=="hard" && $3=="core") { print "hard core enabled" } }'`
+            if [ "${FIND1}" = "soft core enabled" -o "${FIND2}" = "hard core enabled" ]; then
+                logtext "Result: core dumps (soft or hard) are enabled"
+                Display --indent 2 --text "- Checking core dumps configuration... " --result ENABLED --color YELLOW
+                #YYY suggestion
+                AddHP 1 2
+              else
+                logtext "Result: core dumps (soft and hard) are both disabled"
+                Display --indent 2 --text "- Checking core dumps configuration... " --result DISABLED --color GREEN
+                CORE_DUMPS_DISABLED=1
+                AddHP 3 3
+            fi
+
+            # Sysctl option
+            logtext "Test: Checking sysctl value of fs.suid_dumpable"
+            FIND=`${SYSCTLBINARY} fs.suid_dumpable 2> /dev/null | awk '{ if ($1=="fs.suid_dumpable") { print $3 } }'`
+            if [ "${FIND}" = "" ]; then
+                logtext "Result: value ${FIND} found"
+              else
+                logtext "Result: sysctl key fs.suid_dumpable not found"
+            fi
+            if [ "${FIND}" = "2" ]; then
+                logtext "Result: programs can dump core dump, but only readable by root (value 2, for debugging with file protection)"
+                Display --indent 4 --text "- Checking setuid core dumps configuration... " --result PROTECTED --color GREEN
+                AddHP 1 1
+            elif [ "${FIND}" = "1" ]; then
+                logtext "Result: all programs can perform core dumps (value 1, for debugging)"
+                Display --indent 2 --text "- Checking setuid core dumps configuration... " --result DEBUG --color YELLOW
+                ReportSuggestion ${TEST_NO} "Determine if really all binaries need to be able to core dump"
+                AddHP 0 1
+              else
+                logtext "Result: found default option, some programs can dump (not processes which need to change credentials)"
+                Display --indent 4 --text "- Checking setuid core dumps configuration... " --result DEFAULT --color YELLOW
+                AddHP 1 1
+            fi
+            # Check ulimit settings and harden it
+            # echo 'ulimit -S -c 0 > /dev/null 2>&1' >> /etc/profile
+          else
+            logtext "Result: file /etc/security/limits.conf does not exist, skipping test" 
+        fi
+    fi
+#
+#################################################################################
+#
+    # Test        : KRNL-5826
+    # Description : Checking core dumps configuration (Solaris)
+    #Register --test-no KRNL-5826 --os Linux --weight L --network NO --description "Checking core dumps configuration"
+    #if [ ${SKIPTEST} -eq 0 ]; then
+#
+#################################################################################
+#
+    # Test        : KRNL-5830
+    # Description : Check if system needs a reboot (Debian based)
+    Register --test-no KRNL-5830 --weight L --network NO --description "Checking core dumps configuration"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        FILE="/var/run/reboot-required.pkgs"
+        logtext "Test: Checking presence ${FILE}"
+        if [ -f ${FILE} ]; then
+            logtext "Result: file ${FILE} exists" 
+            FIND=`cat ${FILE}`
+            if [ "${FIND}" = "" ]; then
+                Display --indent 2 --text "- Check if reboot is needed" --result NO --color GREEN
+                AddHP 5 5
+              else
+                PKGSCOUNT=`cat ${FILE} | wc -l`
+                Display --indent 2 --text "- Check if reboot is needed" --result YES --color RED
+                ReportWarning ${TEST_NO} "H" "Reboot of system is needed"
+                logtext "Result: reboot is needed, related to ${PKGSCOUNT} packages"
+                for I in ${FIND}; do
+                    logtext "Package: ${I}"
+                done
+                AddHP 0 5
+            fi
+          else
+            logtext "Result: file ${FILE} not found, skipping further testing"
+        fi
+    fi
+#
+#################################################################################
+#
+
+wait_for_keypress
+
+#
+#================================================================================
+# Lynis - Copyright 2007-2014, Michael Boelen - http://cisofy.com - The Netherlands
diff --git a/include/tests_kernel_hardening b/include/tests_kernel_hardening
new file mode 100644
index 00000000..b50e5978
--- /dev/null
+++ b/include/tests_kernel_hardening
@@ -0,0 +1,69 @@
+#!/bin/sh
+
+#################################################################################
+#
+#   Lynis
+# ------------------
+#
+# Copyright 2007-2014, Michael Boelen (michael@rootkit.nl), The Netherlands
+# Web site: http://www.rootkit.nl
+#
+# Lynis comes with ABSOLUTELY NO WARRANTY. This is free software, and you are
+# welcome to redistribute it under the terms of the GNU General Public License.
+# See LICENSE file for usage of this software.
+#
+#################################################################################
+#
+# Kernel
+#
+#################################################################################
+#
+    InsertSection "Kernel Hardening"
+#
+#################################################################################
+#
+    # Test        : KRNL-6000
+    # Description : Check sysctl parameters
+    # Sysctl      : net.ipv4.icmp_ingore_bogus_error_responses (=1)
+    if [ ! "${SYSCTL_READKEY}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
+    Register --test-no KRNL-6000 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check sysctl key pairs in scan profile"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        N=0
+        Display --indent 2 --text "- Comparing sysctl key pairs with scan profile..."
+        FIND=`grep "^sysctl:" ${PROFILE} | sed 's/ /:space:/g'`
+        for I in ${FIND}; do
+            tFINDkey=`echo ${I} | awk -F: '{ print $2 }'`
+            tFINDexpvalue=`echo ${I} | awk -F: '{ print $3 }'`
+            tFINDhp=`echo ${I} | awk -F: '{ print $4 }' | grep "[0-9]"`
+            tFINDdesc=`echo ${I} | awk -F: '{ print $5 }' | sed 's/:space:/ /g'`
+            tFINDcurvalue=`${SYSCTL_READKEY} ${tFINDkey} 2> /dev/null`
+            if [ ! "${tFINDcurvalue}" = "" ]; then
+                if [ "${tFINDexpvalue}" = "${tFINDcurvalue}" ]; then
+                    logtext "Result: sysctl key ${tFINDkey} contains equal expected and current value (${tFINDexpvalue})"
+                    Display --indent 4 --text "- ${tFINDkey} (exp: ${tFINDexpvalue})" --result OK --color GREEN
+                    AddHP ${tFINDhp} ${tFINDhp}
+                  else
+                    logtext "Result: sysctl key ${tFINDkey} has a different value than expected in scan profile. Expected=${tFINDexpvalue}, Real=${tFINDcurvalue}"
+                    Display --indent 4 --text "- ${tFINDkey} (exp: ${tFINDexpvalue})" --result DIFFERENT --color RED
+                    AddHP 0 ${tFINDhp}
+                    N=1
+                fi
+              else
+                logtext "Result: key ${tFINDkey} does not exist on this machine"
+            fi
+        done
+
+        # Add suggestion if one or more sysctls have a different value than scan profile
+        if [ ${N} -eq 1 ]; then
+            ReportSuggestion ${TEST_NO} "One or more sysctl values differ from the scan profile and could be tweaked"
+        fi
+    fi
+#
+#################################################################################
+#
+
+wait_for_keypress
+
+#
+#================================================================================
+# Lynis - Copyright 2007-2014, Michael Boelen - http://cisofy.com - The Netherlands
diff --git a/include/tests_ldap b/include/tests_ldap
new file mode 100644
index 00000000..d41cd496
--- /dev/null
+++ b/include/tests_ldap
@@ -0,0 +1,105 @@
+#!/bin/sh
+
+#################################################################################
+#
+#   Lynis
+# ------------------
+#
+# Copyright 2007-2014, Michael Boelen (michael@rootkit.nl), The Netherlands
+# Web site: http://www.rootkit.nl
+#
+# Lynis comes with ABSOLUTELY NO WARRANTY. This is free software, and you are
+# welcome to redistribute it under the terms of the GNU General Public License.
+# See LICENSE file for usage of this software.
+#
+#################################################################################
+#
+# LDAP Services
+#
+#################################################################################
+#
+    InsertSection "LDAP Services"
+#
+#################################################################################
+#
+    SLAPD_CONF_LOCS="/etc/ldap /etc/openldap /usr/local/etc/openldap"
+    SLAPD_CONF_LOCATION=""
+    SLAPD_RUNNING=0
+#
+#################################################################################
+#
+    # Test        : LDAP-2219
+    # Description : Check running OpenLDAP instance
+    Register --test-no LDAP-2219 --weight L --network NO --description "Check running OpenLDAP instance"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        #YYY add additional slash
+        FIND=`${PSBINARY} ax | grep "slapd" | grep -v "grep"`
+        if [ "${FIND}" = "" ]; then
+   	    Display --indent 2 --text "- Checking OpenLDAP instance..." --result "NOT FOUND" --color WHITE
+	    logtext "Result: No running slapd process found."
+          else
+    	    Display --indent 2 --text "- Checking OpenLDAP instance..." --result FOUND --color GREEN
+	    logtext "Result: Found running slapd process"
+	    SLAPDFOUND=1
+	    SLAPD_RUNNING=1
+	fi
+    fi
+#
+#################################################################################
+#
+    # Test        : LDAP-2224
+    # Description : Search slapd.conf
+    if [ ${SLAPD_RUNNING} -eq 1 ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
+    Register --test-no LDAP-2224 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check presence slapd.conf"
+    if [ ${SKIPTEST} -eq 0 ]; then
+	logtext "Test: Searching slapd.conf"
+	for I in ${SLAPD_CONF_LOCS}; do
+	    if [ -f ${I}/slapd.conf ]; then
+	        logtext "Result: found ${I}/slapd.conf"
+	        SLAPD_CONF_LOCATION="${I}/slapd.conf"
+	      else
+	        logtext "Result: ${I} does not contain slapd.conf"	
+	    fi
+	done
+	# Check if we found a valid location
+	if [ ! "${SLAPD_CONF_LOCATION}" = "" ]; then
+	    Display --indent 4 --text "- Checking slapd.conf..." --result FOUND --color GREEN
+          else
+	    Display --indent 4 --text "- Checking slapd.conf..." --result "NOT FOUND" --color YELLOW
+	fi
+    fi
+#
+#################################################################################
+#
+    # Test        : LDAP-2228
+    # Description : Check OpenLDAP slapd.conf file permissions
+#
+#################################################################################
+#
+    # Test        : LDAP-2232
+    # Description : Check OpenLDAP ownership on files/directories
+#
+#################################################################################
+#
+    # Test        : LDAP-2236
+    # Description : Check OpenLDAP database permissions
+#
+#################################################################################
+#
+    # Test        : LDAP-2240
+    # Description : Check OpenLDAP unencrypted RootDN password
+#
+#################################################################################
+#
+    # Test        : LDAP-2244
+    # Description : Check for LDAP configured client (and inform about LDAPS)
+#
+#################################################################################
+#
+
+
+wait_for_keypress
+
+#
+#================================================================================
+# Lynis - Copyright 2007-2014, Michael Boelen - www.rootkit.nl - The Netherlands
diff --git a/include/tests_logging b/include/tests_logging
new file mode 100644
index 00000000..3080cc92
--- /dev/null
+++ b/include/tests_logging
@@ -0,0 +1,482 @@
+#!/bin/sh
+
+#################################################################################
+#
+#   Lynis
+# ------------------
+#
+# Copyright 2007-2014, Michael Boelen (michael@rootkit.nl), The Netherlands
+# Web site: http://www.rootkit.nl
+#
+# Lynis comes with ABSOLUTELY NO WARRANTY. This is free software, and you are
+# welcome to redistribute it under the terms of the GNU General Public License.
+# See LICENSE file for usage of this software.
+#
+#################################################################################
+#
+# Logging and related files
+#
+#################################################################################
+#
+    LOG_FILES_LOCS="/var/log /var/adm"
+    LOGROTATE_CONFIG_FOUND=0
+    LOGROTATE_TOOL=""
+    METALOG_RUNNING=0
+    RFC3195D_RUNNING=0
+    RSYSLOG_RUNNING=0
+    SOLARIS_LOGHOST_FOUND=0
+    SYSLOG_DAEMON_PRESENT=0
+    SYSLOG_DAEMON_RUNNING=0
+    SYSLOG_NG_RUNNING=0
+    #YYY (extend support for systemd journal)
+    SYSTEMD_JOURNAL_RUNNING=0
+#
+#################################################################################
+#
+
+    InsertSection "Logging and files"
+
+    # Test        : LOGG-2130
+    # Description : Check for a running syslog daemon
+    # Notes       : Log which syslog daemon is found YYY
+    Register --test-no LOGG-2130 --weight L --network NO --description "Check for running syslog daemon"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        logtext "Test: Searching for a logging daemon... "
+        FIND=`${PSBINARY} ax | egrep "syslogd|syslog-ng|metalog|systemd-journal" | grep -v "grep"`
+        if [ "${FIND}" = "" ]; then
+            Display --indent 2 --text "- Checking for a running log daemon..." --result WARNING --color RED
+	    logtext "Result: Could not find a syslog daemon like syslog, syslog-ng, rsyslog, metalog, systemd-journal"
+	    ReportSuggestion ${TEST_NO} "Check if any syslog daemon is running and correctly configured."
+	    ReportWarning ${TEST_NO} "H" "No syslog daemon found"
+	    AddHP 0 3
+	  else
+	    Display --indent 2 --text "- Checking for a running log daemon..." --result OK --color GREEN
+	    logtext "Result: Found a logging daemon"
+	    SYSLOG_DAEMON_PRESENT=1
+	    SYSLOG_DAEMON_RUNNING=1
+	    AddHP 3 3
+	fi
+    fi
+#
+#################################################################################
+#
+    # Test        : LOGG-2132
+    # Description : Check for a running syslog-ng daemon
+    Register --test-no LOGG-2132 --weight L --network NO --description "Check for running syslog-ng daemon"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        logtext "Test: Searching for syslog-ng daemon in process list... "
+        FIND=`${PSBINARY} ax | grep "/syslog-ng" | grep -v "grep"`
+        if [ ! "${FIND}" = "" ]; then	
+	    logtext "Result: Found syslog-ng in process list"
+	    Display --indent 4 --text "- Checking Syslog-NG status" --result FOUND --color GREEN
+	    SYSLOG_DAEMON_PRESENT=1
+	    SYSLOG_NG_RUNNING=1
+	  else
+	    logtext "Result: Syslog-ng NOT found in process list"
+	    Display --indent 4 --text "- Checking Syslog-NG status" --result "NOT FOUND" --color WHITE
+	fi
+    fi	  
+#
+#################################################################################
+#
+    # Test        : LOGG-2134
+    # Description : Check for Syslog-NG configuration file consistency
+    if [ ! "${SYSLOGNGBINARY}" = "" -a ${SYSLOG_NG_RUNNING} -eq 1 ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
+    Register --test-no LOGG-2134 --preqs-met ${PREQS_MET} --weight L --network NO --description "Checking Syslog-NG configuration file consistency"
+    if [ ${SKIPTEST} -eq 0 ]; then
+	FIND=`${SYSLOGNGBINARY} -s; echo $?`
+	if [ "${FIND}" = "0" ]; then
+	    logtext "Result: Syslog-NG configuration file seems to be consistent"
+	    Display --indent 6 --text "- Checking Syslog-NG consistency" --result OK --color GREEN
+	  else
+	    logtext "Result: Syslog-NG configuration file seems NOT to be consistent"
+	    Display --indent 6 --text "- Checking Syslog-NG consistency" --result WARNING --color RED
+	    ReportWarning ${TEST_NO} "L" "Found one or more problems in Syslog-NG configuration file"
+	    ReportSuggestion ${TEST_NO} "Check the Syslog-NG configuration file and/or run a manual consistency check with: syslog-ng -s"
+	fi
+    fi
+#
+#################################################################################
+#
+    # Test        : LOGG-2210
+    # Description : Check for a running metalog daemon
+    Register --test-no LOGG-2210 --weight L --network NO --description "Check for running metalog daemon"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        logtext "Test: Searching for metalog daemon in process list... "
+        FIND=`${PSBINARY} ax | grep "metalog" | grep -v "grep"`
+        if [ ! "${FIND}" = "" ]; then
+	    logtext "Result: Found metalog in process list"
+	    Display --indent 4 --text "- Checking Metalog status" --result FOUND --color GREEN
+	    SYSLOG_DAEMON_PRESENT=1
+	    METALOG_RUNNING=1
+	  else
+	    logtext "Result: metalog NOT found in process list"
+	    Display --indent 4 --text "- Checking Metalog status" --result "NOT FOUND" --color WHITE
+	fi
+    fi
+#
+#################################################################################
+#
+    # Test        : LOGG-2230
+    # Description : Check for a running rsyslog daemon
+    Register --test-no LOGG-2230 --weight L --network NO --description "Check for running RSyslog daemon"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        logtext "Test: Searching for RSyslog daemon in process list... "
+        FIND=`${PSBINARY} ax | grep "rsyslogd" | grep -v "grep"`
+        if [ ! "${FIND}" = "" ]; then
+	    logtext "Result: Found rsyslogd in process list"
+	    Display --indent 4 --text "- Checking RSyslog status" --result FOUND --color GREEN
+	    SYSLOG_DAEMON_PRESENT=1
+	    RSYSLOG_RUNNING=1
+	  else
+	    logtext "Result: rsyslogd NOT found in process list"
+	    Display --indent 4 --text "- Checking RSyslog status" --result "NOT FOUND" --color WHITE
+	fi
+    fi
+#
+#################################################################################
+#
+    # Test        : LOGG-2240
+    # Description : Check for a running RFC 3195 compliant daemon (syslog via TCP)
+    Register --test-no LOGG-2240 --weight L --network NO --description "Check for running RFC 3195 compliant daemon"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        logtext "Test: Searching for RFC 3195 daemon (alias syslog reliable) in process list... "
+        FIND=`${PSBINARY} ax | grep "rfc3195d" | grep -v "grep"`
+        if [ ! "${FIND}" = "" ]; then
+	    logtext "Result: Found rfc3195d in process list"
+	    Display --indent 4 --text "- Checking RFC 3195 daemon status" --result FOUND --color GREEN
+	    SYSLOG_DAEMON_PRESENT=1
+	    RFC3195D_RUNNING=1
+	  else
+	    logtext "Result: rfc3195d NOT found in process list"
+	    Display --indent 4 --text "- Checking RFC 3195 daemon status" --result "NOT FOUND" --color WHITE
+	fi
+    fi
+#
+#################################################################################
+#
+    # Test        : LOGG-2138
+    # Description : Check for kernel log daemon (klogd) presence on Linux systems
+    # Notes       : When using rsyslog, this process is not needed. In combination
+    #               with syslog-ng, klogd is still an addition to it, since it
+    #               captures kernel related events and send them to syslog-ng.
+    #               This test should be below all other logging daemons
+    Register --test-no LOGG-2138 --os Linux --weight L --network NO --description "Checking kernel logger daemon on Linux"
+    if [ ${SKIPTEST} -eq 0 ]; then
+	logtext "Test: Searching kernel logger daemon (klogd)"
+	if [ ${RSYSLOG_RUNNING} -eq 0 ]; then
+    	    # Search for klogd, but ignore other lines related to klogd (like dd with input/output file)
+            FIND=`${PSBINARY} ax | grep "klogd" | grep -v "dd" | grep -v "grep"`
+            if [ ! "${FIND}" = "" ]; then
+	        logtext "Result: klogd running"
+	        Display --indent 4 --text "- Checking klogd" --result FOUND --color GREEN
+	      else
+	        logtext "Result: No klogd found"
+	    	Display --indent 4 --text "- Checking klogd" --result "NOT FOUND" --color RED
+	    	ReportWarning ${TEST_NO} "L" "klogd is not running, which could lead to missing kernel messages in log files"
+	        ReportSuggestion ${TEST_NO} "Check why klogd is not running"
+	    fi
+	  else
+	    logtext "Result: test skipped, because rsyslogd is being used"
+	fi
+    fi
+#
+#################################################################################
+#
+    # Test        : LOGG-2142
+    # Description : Check for minilogd presence on Linux systems
+    Register --test-no LOGG-2142 --os Linux --weight L --network NO --description "Checking minilog daemon"
+    if [ ${SKIPTEST} -eq 0 ]; then
+	logtext "Result: Checking for unkilled minilogd instances.."
+        # Search for minilogd. It shouldn't be running normally, if another syslog daemon is started
+        FIND=`${PSBINARY} ax | grep "minilogd" | grep -v "grep"`    
+        if [ "${FIND}" = "" ]; then	
+	    Display --indent 4 --text "- Checking minilogd instances" --result "NOT FOUND" --color WHITE
+	    logtext "Result: No minilogd is running.."
+	  else
+	    Display --indent 4 --text "- Checking minilogd instances" --result WARNING --color RED
+	    logtext "Result: minilogd found in process list"
+	    # minilogd daemon seems to be running..
+	    ReportWarning ${TEST_NO} "L" "minilogd is running, which should normally not be running"
+	    ReportSuggestion ${TEST_NO} "Check minilogd is active and if other syslog daemons are started up properly"	    
+	fi
+    fi
+#
+#################################################################################
+#
+    # Test        : LOGG-2146
+    # Description : Check for logrotate (/etc/logrotate.conf and logrotate.d)
+    Register --test-no LOGG-2146 --weight L --os Linux --network NO --description "Checking logrotate.conf and logrotate.d"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        logtext "Test: Checking for /etc/logrotate.conf"
+        if [ -f /etc/logrotate.conf ]; then
+            LOGROTATE_CONFIG_FOUND=1
+            LOGROTATE_TOOL="logrotate"
+            logtext "Result: /etc/logrotate.conf found (file)"
+          else
+            logtext "Result: /etc/logrotate.conf NOT found"
+        fi
+        logtext "Test: Checking for /etc/logrotate.d (directory)"
+        if [ -d /etc/logrotate.d ]; then
+            LOGROTATE_CONFIG_FOUND=1
+            LOGROTATE_TOOL="logrotate"
+            logtext "Result: /etc/logrotate.d found"
+          else
+            logtext "Result: /etc/logrotate.conf found"
+        fi
+        if [ ${LOGROTATE_CONFIG_FOUND} -eq 1 ]; then
+            Display --indent 2 --text "- Checking logrotate presence" --result OK --color GREEN
+            logtext "Result: logrotate configuration found"
+          else
+            Display --indent 2 --text "- Checking logrotate presence" --result WARNING --color RED
+            logtext "Result: No logrotate configuration found"
+            ReportWarning ${TEST_NO} "L" "No logrotate configuration has been found"
+            ReportSuggestion ${TEST_NO} "Check if files are properly rotated by a some tool instead of logrotate"
+        fi
+    fi
+#
+#################################################################################
+#
+    # Test        : LOGG-2148
+    # Description : Checking log files rotated with logrotate
+    if [ ! "${LOGROTATEBINARY}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
+    Register --test-no LOGG-2148 --weight L --preqs-met ${PREQS_MET} --network NO --description "Checking logrotated files"
+    if [ ${SKIPTEST} -eq 0 ]; then
+	logtext "Test: Checking which files are rotated with logrotate and if they exist"
+	FIND=`${LOGROTATEBINARY} -d -v /etc/logrotate.conf 2>&1 | egrep "considering log|skipping" | grep -v '*' | sort | uniq | awk '{ if ($2!="log") { print "File:"$2":does_not_exist" } else { print "File:"$3":exists" } }'`
+	if [ "${FIND}" = "" ]; then
+	    logtext "Result: nothing found"
+	  else
+	    logtext "Result: found one or more files which are rotated via logrotate"
+	    for I in ${FIND}; do
+	        logtext "Output: ${I}"
+	    done
+	fi
+    fi        
+#
+#################################################################################
+#
+    # Test        : LOGG-2150
+    # Description : Checking log directories rotated with logrotate
+    if [ ! "${LOGROTATEBINARY}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
+    Register --test-no LOGG-2150 --weight L --preqs-met ${PREQS_MET} --network NO --description "Checking directories in logrotate configuration"
+    if [ ${SKIPTEST} -eq 0 ]; then
+	logtext "Test: Checking which directories can be found in logrotate configuration"
+	FIND=`${LOGROTATEBINARY} -d -v /etc/logrotate.conf 2>&1 | egrep "considering log|skipping" | grep -v '*' | sort | uniq | awk '{ if ($2=="log") { print $3 } }' | sed 's/\/*[a-zA-Z_.-]*$//g' | sort | uniq`
+	if [ "${FIND}" = "" ]; then
+	    logtext "Result: nothing found"
+	  else
+	    logtext "Result: found one or more directories (via logrotate configuration)"
+	    for I in ${FIND}; do
+	        if [ -d ${I} ]; then
+	            logtext "Directory found: ${I}"
+		    report "log_directory[]=${I}"
+		  else
+		    logtext "Directory could not be found: ${I}"
+		    # YYY strip more parts of the name, until it can be found (and stop at /)		    
+		fi
+	    done
+	fi
+    fi        
+#
+#################################################################################
+#
+    # Test        : LOGG-2152
+    # Description : Check for Solaris 'loghost' entry in /etc/inet/hosts, or
+    #               succesful resolving via DNS or any other name service.
+    Register --test-no LOGG-2152 --weight L --os Solaris --network NO --description "Checking loghost"
+    if [ ${SKIPTEST} -eq 0 ]; then
+	# Try local hosts file
+	logtext "Result: Checking for loghost in /etc/inet/hosts"
+	FIND=`grep loghost /etc/inet/hosts | grep -v "^#"`
+	if [ ! "${FIND}" = "" ]; then
+	    SOLARIS_LOGHOST_FOUND=1
+	    logtext "Result: Found loghost entry in /etc/inet/hosts"
+	  else
+	    logtext "Result: No loghost entry found in /etc/inet/hosts"
+
+	    # Try name resolving if no entry is present in local host file
+	    logtext "Result: Checking for loghost via name resolving"	
+	    FIND=`getent hosts loghost | grep loghost`
+	    if [ ! "${FIND}" = "" ]; then
+		SOLARIS_LOGHOST_FOUND=1
+	        logtext "Result: name resolving was succesful"
+	        logtext "Output: ${FIND}"
+    	      else
+		logtext "Result: name resolving didn't find results"
+	    fi
+	fi  
+	
+        if [ ${SOLARIS_LOGHOST_FOUND} -eq 1 ]; then
+	    logtext "Result: loghost entry found and most likely used to send syslog messages"
+	    Display --indent 2 --text "- Checking loghost entry" --result OK --color GREEN
+	  else
+	    Display --indent 2 --text "- Checking loghost entry" --result WARNING --color RED
+	    logtext "Result: No loghost entry found"
+	    ReportWarning ${TEST_NO} "L" "No loghost entry found"
+	    ReportSuggestion ${TEST_NO} "Add a loghost entry to /etc/inet/hosts or other name services"
+	fi
+    fi
+#
+#################################################################################
+#
+    # Test        : LOGG-2154
+    # Description : Check to see if remote logging is enabled
+    # Notes       : prevent lines showing up with commands in it (like |mail)
+    if [ ${SYSLOG_DAEMON_RUNNING} -eq 1 ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
+    Register --test-no LOGG-2154 --preqs-met ${PREQS_MET} --weight L --network NO --description "Checking syslog configuration file"
+    if [ ${SKIPTEST} -eq 0 ]; then
+	if [ ${SYSLOG_NG_RUNNING} -eq 1 ]; then
+	    SYSLOGD_CONF="/etc/syslog-ng/syslog-ng.conf"
+	  else
+	    SYSLOGD_CONF="/etc/syslog.conf"
+	fi
+	if [ -f ${SYSLOGD_CONF} ]; then
+	    logtext "Test: check if logs are also logged to a remote logging host"
+	    FIND=`egrep "@[a-zA-Z0-9]" ${SYSLOGD_CONF} | grep -v "^#" | grep -v "[a-zA-Z0-9]@"`
+	    if [ ! "${FIND}" = "" ]; then
+	        logtext "Result: remote logging enabled"
+		AddHP 5 5
+		Display --indent 2 --text "- Checking remote logging" --result ENABLED --color GREEN
+	      else
+	        logtext "Result: no remote logging found"
+		ReportSuggestion ${TEST_NO} "Enable logging to an external logging host for archiving purposes and additional protection"
+		AddHP 1 3
+		Display --indent 2 --text "- Checking remote logging" --result "NOT ENABLED" --color YELLOW
+	    fi
+	  else
+	    logtext "Result: test skipped, file ${SYSLOGD_CONF} not found"
+	fi
+    fi
+#
+#################################################################################
+#
+    # Test        : LOGG-2160
+    # Description : Check for /etc/newsyslog.conf (FreeBSD/OpenBSD)
+    if [ -f /etc/newsyslog.conf ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
+    Register --test-no LOGG-2160 --preqs-met ${PREQS_MET} --weight L --network NO --description "Checking /etc/newsyslog.conf"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        logtext "Result: /etc/newsyslog.conf found"
+        Display --indent 2 --text "- Checking /etc/newsyslog.conf" --result FOUND --color GREEN	
+        LOGROTATE_CONFIG_FOUND=1
+        LOGROTATE_TOOL="newsyslog"
+    fi
+#
+#################################################################################
+#
+    # Test        : LOGG-2162
+    # Description : Check for directories in /etc/newsyslog.conf
+    if [ -f /etc/newsyslog.conf ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
+    Register --test-no LOGG-2162 --preqs-met ${PREQS_MET} --weight L --network NO --description "Checking /etc/newsyslog.conf"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        logtext "Test: parsing directories from /etc/newsyslog.conf file"
+        FIND=`cat /etc/newsyslog.conf | sort | uniq | grep "^/" | awk '{ print $1 }' | sed 's/\/*[a-zA-Z_.-]*$//g' | sort | uniq`
+        for I in ${FIND}; do
+            if [ -d ${I} ]; then
+                logtext "Result: Directory ${I} found and exists"
+                report "log_directory[]=${I}"
+              else
+                logtext "Result: Item ${I} is not a directory"
+            fi
+        done
+        Display --indent 4 --text "- Checking log directories (newsyslog.conf)" --result DONE --color GREEN	
+    fi
+#
+#################################################################################
+#
+    # Test        : LOGG-2164
+    # Description : Check for files in /etc/newsyslog.conf
+    if [ -f /etc/newsyslog.conf ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
+    Register --test-no LOGG-2164 --preqs-met ${PREQS_MET} --weight L --network NO --description "Checking /etc/newsyslog.conf"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        logtext "Test: parsing directories from /etc/newsyslog.conf file"
+        FIND=`cat /etc/newsyslog.conf | sort | uniq | grep "^/" | awk '{ print $1 }'`
+        for I in ${FIND}; do
+            if [ -f ${I} ]; then
+                logtext "Result: File ${I} found and exists"
+              else
+                logtext "Result: Item ${I} is not a file"
+            fi
+        done
+        Display --indent 4 --text "- Checking log files (newsyslog.conf)" --result DONE --color GREEN	
+    fi
+#
+#################################################################################
+#
+    # Test        : LOGG-2170
+    # Description : Search available log paths
+    Register --test-no LOGG-2170 --weight L --network NO --description "Checking log paths"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        logtext "Test: Searching log paths"
+        for I in ${LOG_FILES_LOCS}; do
+            if [ -d ${I} ]; then
+                logtext "Result: directory ${I} exists"
+                report "log_directory[]=${I}"
+              else
+                logtext "Result: directory ${I} can't be found"
+            fi
+        done
+        Display --indent 2 --text "- Checking log directories (static list)" --result DONE --color GREEN	
+    fi
+#
+#################################################################################
+#
+    # Test        : LOGG-2180
+    # Description : Search open log file
+    Register --test-no LOGG-2180 --weight L --network NO --description "Checking open log files"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        logtext "Test: checking open log files with lsof"
+        if [ ! "${LSOFBINARY}" = "" ]; then
+            FIND=`${LSOFBINARY} -n 2>&1 | grep "log$" | egrep -v "WARNING|Output information" | awk '{ if ($5=="REG") { print $9 } }' | sort | uniq | grep -v "^$"`
+            for I in ${FIND}; do
+                logtext "Found logfile: ${I}"
+                report "open_logfile[]=${I}"
+            done
+            Display --indent 2 --text "- Checking open log files" --result DONE --color GREEN
+          else
+            logtext "Result: lsof not installed, skipping test"
+            Display --indent 2 --text "- Checking open log files" --result SKIPPED --color YELLOW
+            # Add suggestion
+        fi
+    fi
+#
+#################################################################################
+#
+    # Test        : LOGG-2190
+    # Description : Checking deleted files
+    if [ ! "${LSOFBINARY}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
+    Register --test-no LOGG-2190 --preqs-met ${PREQS_MET} --weight L --network NO --description "Checking deleted files in file table"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        logtext "Test: checking deleted files but are still in use"
+        FIND=`${LSOFBINARY} -n +L 1 2>&1 | egrep -v "WARNING|Output information" | awk '{ if ($5=="REG") { print $10 } }' | grep -v "^$"`
+        if [ ! "${FIND}" = "" ]; then
+            logtext "Result: found one or more files which are deleted, but still in use"
+            for I in ${FIND}; do
+                logtext "Found deleted file: ${I}"
+                report "deleted_file[]=${I}"
+            done
+            Display --indent 2 --text "- Checking deleted files in use" --result "FILES FOUND" --color YELLOW
+            ReportSuggestion ${TEST_NO} "Check what deleted files are still in use and why."
+          else
+            logtext "Result: no deleted files found"
+            Display --indent 2 --text "- Checking deleted files in use" --result DONE --color GREEN
+        fi
+    fi
+#
+#################################################################################
+#
+#
+# Rsyslogd checks
+#
+#
+#################################################################################
+#
+
+report "log_rotation_config_found=${LOGROTATE_CONFIG_FOUND}"
+report "log_rotation_tool=${LOGROTATE_TOOL}"
+
+wait_for_keypress
+
+#
+#================================================================================
+# Lynis - Copyright 2007-2014, Michael Boelen - www.rootkit.nl - The Netherlands
diff --git a/include/tests_mac_frameworks b/include/tests_mac_frameworks
new file mode 100644
index 00000000..21a55907
--- /dev/null
+++ b/include/tests_mac_frameworks
@@ -0,0 +1,188 @@
+#!/bin/sh
+
+#################################################################################
+#
+#   Lynis
+# ------------------
+#
+# Copyright 2007-2014, Michael Boelen (michael@rootkit.nl), The Netherlands
+# Web site: http://www.rootkit.nl
+#
+# Lynis comes with ABSOLUTELY NO WARRANTY. This is free software, and you are
+# welcome to redistribute it under the terms of the GNU General Public License.
+# See LICENSE file for usage of this software.
+#
+#################################################################################
+#
+    APPARMORFOUND=0                     # Set default for test MACF-6208
+    GRSECFOUND=0                        # grsecurity
+    MAC_FRAMEWORK_ACTIVE=0              # Default no MAC framework active
+    RBAC_FRAMEWORK_ACTIVE=0             # Default no RBAC framework active
+    SELINUXFOUND=0
+
+    InsertSection "Security frameworks"
+#
+#################################################################################
+#
+    # Test        : MACF-6204
+    # Description : Check if AppArmor is installed
+    Register --test-no MACF-6204 --weight L --network NO --description "Check AppArmor presence"
+    if [ ${SKIPTEST} -eq 0 ]; then
+	if [ "${AASTATUSBINARY}" = "" ]; then
+	    APPARMORFOUND=0	
+	    logtext "Result: aa-status binary not found, AppArmor not installed"
+	    Display --indent 2 --text "- Checking presence AppArmor" --result "NOT FOUND" --color WHITE
+	  else
+	    APPARMORFOUND=1
+	    logtext "Result: aa-status binary found, AppArmor is installed"	  
+	    Display --indent 2 --text "- Checking presence AppArmor" --result FOUND --color GREEN
+	fi
+    fi
+#
+#################################################################################
+#
+    # Test        : MACF-6208
+    # Description : Check AppArmor active status
+    if [ ${APPARMORFOUND} -eq 1 ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
+    Register --test-no MACF-6208 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check if AppArmor is enabled"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        if [ ! "${AASTATUSBINARY}" = "" ]; then
+            # Checking AppArmor status
+            FIND=`${AASTATUSBINARY} > /dev/null; echo $?`
+            #0 if apparmor is enabled and policy is loaded.
+            #1 if apparmor is not enabled/loaded.
+            #2 if apparmor is enabled but no policy is loaded.
+            if [ ${FIND} -eq 0 ]; then
+                MAC_FRAMEWORK_ACTIVE=1
+                logtext "Result: AppArmor is enabled and a policy is loaded"
+                Display --indent 4 --text "- Checking AppArmor status" --result "ENABLED" --color GREEN	      
+              elif [ ${FIND} -eq 2 ]; then
+                logtext "Result: AppArmor is enabled, but no policy is loaded"
+                ReportSuggestion ${TEST_NO} "Disable AppArmor or load a policy"
+                Display --indent 4 --text "- Checking AppArmor status" --result "NON-ACTIVE" --color GREEN	      
+              elif [ ${FIND} -eq 1 ]; then
+                Display --indent 4 --text "- Checking AppArmor status" --result "DISABLED" --color YELLOW	      
+            fi
+        fi
+    fi
+#
+#################################################################################
+#
+    # Test        : MACF-6232
+    # Description : Check SELINUX for installation
+    Register --test-no MACF-6232 --weight L --network NO --description "Check SELINUX presence"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        logtext "Test: checking if we have sestatus binary"
+        if [ ! "${SESTATUSBINARY}" = "" ]; then
+            logtext "Result: found sestatus binary (${SESTATUSBINARY})"
+            Display --indent 2 --text "- Checking presence SELinux" --result "FOUND" --color GREEN
+          else
+            logtext "Result: sestatus binary NOT found"
+            Display --indent 2 --text "- Checking presence SELinux" --result "NOT FOUND" --color WHITE
+        fi
+    fi
+#
+#################################################################################
+#
+    # Test        : MACF-6234
+    # Description : Check SELINUX status
+    if [ ! "${SESTATUSBINARY}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
+    Register --test-no MACF-6234 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check SELINUX status"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        # Status: Enabled/Disabled
+        FIND=`${SESTATUSBINARY} | grep "^SELinux status" | awk '{ print $3 }'`
+        if [ "${FIND}" = "enabled" ]; then
+                MAC_FRAMEWORK_ACTIVE=1
+                logtext "Result: SELinux framework is enabled"
+                report "selinux_status=1"
+                SELINUXFOUND=1
+                Display --indent 4 --text "- Checking SELinux status" --result "ENABLED" --color GREEN
+                FIND=`${SESTATUSBINARY} | grep "^Current mode" | awk '{ print $3 }'`
+                report "selinux_mode=${FIND}"
+                FIND2=`${SESTATUSBINARY} | grep "^Mode from config file" | awk '{ print $5 }'`
+                logtext "Result: current SELinux mode is ${FIND}"
+                logtext "Result: mode configured in config file is ${FIND2}"
+                if [ "${FIND}" = "${FIND2}" ]; then
+                    logtext "Result: Current SELinux mode is the same as in config file."
+                    Display --indent 6 --text "- Checking current mode and config file" --result "OK" --color GREEN
+                  else
+                    logtext "Result: Current SELinux mode (${FIND}) is NOT the same as in config file (${FIND2})."
+                    ReportWarning ${TEST_NO} "M" "Current SELinux mode is different from config file (current: ${FIND}, config file: ${FIND2})" 
+                    Display --indent 6 --text "- Checking current mode and config file" --result "WARNING" --color RED
+                fi
+                Display --indent 8 --text "Current SELinux mode: ${FIND}"
+          else
+                logtext "Result: SELinux framework is disabled"
+                Display --indent 4 --text "- Checking SELinux status" --result "DISABLED" --color YELLOW
+        fi
+    fi
+#
+#################################################################################
+#
+    # Test        : RBAC-6272
+    # Description : Check if grsecurity is installed
+    # Notes       : Solaris doesn't support test -e
+    if [ ! "${OS}" = "Solaris" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
+    Register --test-no RBAC-6272 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check grsecurity presence"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        if [ -e /dev/grsec ]; then
+            GRSECFOUND=1
+            logtext "Result: grsecurity available (/dev/grsec found)"
+           else
+            logtext "Result: grsecurity not present (/dev/grsec not found)"
+        fi
+        # Check Linux kernel configuration
+        if [ ! "${LINUXCONFIGFILE}" = "" -a -f "${LINUXCONFIGFILE}" ]; then
+            FIND=`${GREPBINARY} ^CONFIG_GRKERNSEC=y ${LINUXCONFIGFILE}`
+            if [ ! "${FIND}" = "" ]; then
+                logtext "Result: grsecurity available (in kernel config)"
+                GRSECFOUND=1
+              else
+                logtext "Result: no grsecurity found in kernel config"
+            fi
+        fi
+        # Found grsecurity?
+        if [ ${GRSECFOUND} -eq 1 ]; then
+            Display --indent 2 --text "- Checking presence grsecurity" --result FOUND --color GREEN
+            AddHP 3 3
+          else
+            Display --indent 2 --text "- Checking presence grsecurity" --result "NOT FOUND" --color WHITE
+        fi
+    fi
+#
+#################################################################################
+#
+    # Test        : MACF-6290
+    # Description : Check if at least one MAC framework is implemented
+    Register --test-no MACF-6290 --weight L --network NO --description "Check for implemented MAC framework"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        if [ ${MAC_FRAMEWORK_ACTIVE} -eq 1 ]; then
+            Display --indent 2 --text "- Checking for implemented MAC framework" --result OK --color GREEN
+            AddHP 3 3
+            logtext "Result: found implemented MAC framework"
+          else
+            Display --indent 2 --text "- Checking for implemented MAC framework" --result NONE --color YELLOW
+            AddHP 2 3
+            logtext "Result: found no implemented MAC framework"
+        fi
+     fi
+#
+#################################################################################
+#
+
+report "framework_grsecurity=${GRSECFOUND}"
+report "framework_selinux=${SELINUXFOUND}"
+
+wait_for_keypress
+
+# To implement:
+#   FMAC (OpenSolaris, MAC)
+#   LSM (Linux Security Modules)
+#   TrustedBSD (MAC)
+#   RSBAC (RBAC)
+#   Apple sandbox technology
+#   PAX
+
+#
+#================================================================================
+# Lynis - Copyright 2007-2014, Michael Boelen - www.rootkit.nl - The Netherlands
diff --git a/include/tests_mail_messaging b/include/tests_mail_messaging
new file mode 100644
index 00000000..3ceab305
--- /dev/null
+++ b/include/tests_mail_messaging
@@ -0,0 +1,269 @@
+#!/bin/sh
+
+#################################################################################
+#
+#   Lynis
+# ------------------
+#
+# Copyright 2007-2014, Michael Boelen (michael@rootkit.nl), The Netherlands
+# Web site: http://www.rootkit.nl
+#
+# Lynis comes with ABSOLUTELY NO WARRANTY. This is free software, and you are
+# welcome to redistribute it under the terms of the GNU General Public License.
+# See LICENSE file for usage of this software.
+#
+#################################################################################
+#
+# E-mail and messaging
+#
+#################################################################################
+#
+    InsertSection "Software: e-mail and messaging"
+#
+#################################################################################
+#
+    DOVECOT_RUNNING=0
+    EXIM_RUNNING=0
+    SMTP_DAEMON=""
+    POSTFIX_RUNNING=0
+    QMAIL_RUNNING=0
+    SENDMAIL_RUNNING=0
+    SMTPD_RUNNING=0
+#
+#################################################################################
+#
+    # Test        : MAIL-8802
+    # Description : Check Exim process status
+    Register --test-no MAIL-8802 --weight L --network NO --description "Check Exim status"
+    if [ ${SKIPTEST} -eq 0  ]; then
+        logtext "Test: check Exim status"
+        IsRunning exim
+        if [ ${RUNNING} -eq 1 ]; then
+            logtext "Result: found running Exim process"
+            Display --indent 2 --text "- Checking Exim status..." --result RUNNING --color GREEN
+            EXIM_RUNNING=1
+            SMTP_DAEMON="exim"
+          else
+            logtext "Result: no running Exim processes found"
+            Display --indent 2 --text "- Checking Exim status..." --result "NOT FOUND" --color WHITE
+        fi
+    fi
+#
+#################################################################################
+#
+    # Test        : MAIL-8804
+    # Description : Check Exim configuration
+    #if [ ${EXIM_RUNNING} -eq 1 ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
+    #Register --test-no MAIL-8804 --weight L --network NO --description "Check Exim configuration"
+    #if [ ${SKIPTEST} -eq 0  ]; then
+    #    if [ ! "${EXIMBINARY}" = "" ]; then
+    #        logtext "Test: Searching Exim configuration file..."
+    #	FIND=`${EXIMBINARY} -d | grep "configuration file is" | sed 's/configuration file is//'`
+    #	if [ ! "${FIND}" = "" ]; then	
+    #	    Display --indent 2 --text "- Checking Exim configuration..." --result FOUND --color GREEN
+    #	    Display --indent 4 --text "Result: configuration file is ${FIND}"
+    #	    logtext "Result: found Exim"
+    #	    logtext "Result: configuration file is ${FIND}"
+    #	  else
+    #	    Display --indent 2 --text "- Checking Exim configuration..." --result WARNING --color RED
+    #	    logtext "Couldn't find the Exim configuration file, however Exim seems to be installed."
+    #	fi
+    #      else
+    #	logtext "Exim binary not found, no tests performed"
+    #    fi
+#
+#################################################################################
+#
+    # Test        : MAIL-8814
+    # Description : Check Postfix process
+    # Notes       : qmgr and pickup run under postfix uid, without full path to binary
+    Register --test-no MAIL-8814 --weight L --network NO --description "Check postfix process status"
+    if [ ${SKIPTEST} -eq 0  ]; then
+        logtext "Test: check Postfix status"
+        # Some other processes also use master, therefore it should include both master and postfix
+        FIND1=`${PSBINARY} ax | grep "master" | grep "postfix" | grep -v "grep"`
+        FIND2=`${PSBINARY} ax | grep "qmgr" | grep "postfix" | grep -v "grep"`
+        FIND3=`${PSBINARY} ax | grep "pickup" | grep "postfix" | grep -v "grep"`
+        if [ ! "${FIND1}" = "" -a ! "${FIND2}" = "" -a ! "${FIND3}" = "" ]; then
+            logtext "Result: found running Postfix process"
+            Display --indent 2 --text "- Checking Postfix status..." --result RUNNING --color GREEN
+            POSTFIX_RUNNING=1
+            SMTP_DAEMON="postfix"
+          else
+            logtext "Result: no running Postfix processes found"
+            Display --indent 2 --text "- Checking Postfix status..." --result "NOT FOUND" --color WHITE
+        fi
+    fi
+#
+#################################################################################
+#
+    # Test        : MAIL-8816
+    # Description : Check Postfix configuration
+    if [ ${POSTFIX_RUNNING} -eq 1 -a ! "${POSTFIXBINARY}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
+    Register --test-no MAIL-8816 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check Postfix configuration"
+    if [ ${SKIPTEST} -eq 0  ]; then
+        Display --indent 2 --text "- Checking Postfix configuration..." --result FOUND --color GREEN
+        POSTFIX_CONFIGDIR=`${POSTCONFBINARY} | grep '^config_directory' | awk '{ print $3 }'`
+        POSTFIX_CONFIGFILE="${POSTFIX_CONFIGDIR}/main.cf"
+        logtext "Postfix configuration directory: ${POSTFIX_CONFIGDIR}"
+        logtext "Postfix configuration file: ${POSTFIX_CONFIGFILE}"    
+    fi
+#
+#################################################################################
+#
+    # Test        : MAIL-8818
+    # Description : Check Postfix configuration
+    if [ ${POSTFIX_RUNNING} -eq 1 -a ! "${POSTFIXBINARY}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
+    Register --test-no MAIL-8818 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check Postfix configuration: banner"
+    if [ ${SKIPTEST} -eq 0  ]; then
+        logtext "Test: Checking Postfix banner"
+        FIND1=`${POSTCONFBINARY} | grep '^smtpd_banner' | grep 'postfix'`
+        FIND2=`${POSTCONFBINARY} | grep '^smtpd_banner' | grep '$mail_name'`
+        FIND3=`${POSTCONFBINARY} | grep '^mail_name' | grep -i 'postfix'`
+        #YYY Check if OS name shows up in banner
+        #FIND4=`${POSTCONFBINARY} | grep '^smtpd_banner' | egrep "${OS}|${LINUX_VERSION}`	
+        SHOWWARNING=0
+        if [ ! "${FIND1}" = "" ]; then
+            SHOWWARNING=1
+          else
+            if [ ! "${FIND2}" = "" -a ! "${FIND3}" = "" ]; then
+                SHOWWARNING=1
+              else
+                Display --indent 4 --text "- Checking Postfix banner..." --result OK --color GREEN
+            fi
+        fi
+        if [ ${SHOWWARNING} -eq 1 ]; then
+            Display --indent 4 --text "- Checking Postfix banner..." --result WARNING --color RED
+            logtext "Result: found mail_name in SMTP banner, and/or mail_name contains 'Postfix'."
+            ReportWarning ${TEST_NO} "L" "Found mail_name in SMTP banner, and/or mail_name contains 'Postfix'"
+            ReportSuggestion ${TEST_NO} "You are adviced to hide the mail_name (option: smtpd_banner) from your postfix configuration. Use postconf -e or change your main.cf file (${POSTFIX_CONFIGFILE})"
+        fi
+    fi
+#
+#################################################################################
+#
+    # Test        : MAIL-8838
+    # Description : Check Dovecot process
+    Register --test-no MAIL-8838 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check dovecot process"
+    if [ ${SKIPTEST} -eq 0  ]; then
+        logtext "Test: check dovecot status"
+        IsRunning dovecot
+        if [ ${RUNNING} -eq 1 ]; then
+            logtext "Result: found running dovecot process"
+            Display --indent 2 --text "- Checking Dovecot status..." --result RUNNING --color GREEN
+            DOVECOT_RUNNING=1
+            IMAP_DAEMON="dovecot"
+            POP3_DAEMON="dovecot"
+          else
+            logtext "Result: dovecot not found"
+            Display --indent 2 --text "- Checking Dovecot status..." --result "NOT FOUND" --color WHITE
+        fi
+    fi
+#
+#################################################################################
+#
+    # Test        : MAIL-8842
+    # Description : Check Dovecot logging locations
+    #Register --test-no MAIL-8842 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check dovecot logging locations"
+    #if [ ${SKIPTEST} -eq 0  ]; then
+#         ParseDovecot
+#	CONF="/etc/dovecot/dovecot.conf"
+#	FIND=`cat ${CONF} | grep "^log_path" | awk '{ if ($1=="") { print "syslog" } else { print $3 } }'`
+#	if [ ! "${FIND}" = "" ]; then
+#	    logtext "Result: output for error messages = ${FIND}"
+#	fi
+#
+#	FIND=`cat ${CONF} | grep "^log_info_path" | awk '{ if ($1=="") { print "syslog" } else { print $3 } }'`
+#	if [ ! "${FIND}" = "" ]; then
+#	    logtext "Result: output for informational messages = ${FIND}"
+#	fi
+#
+#    fi
+#
+#################################################################################
+#
+    # Test        : MAIL-8860
+    # Description : Check Qmail process status
+    Register --test-no MAIL-8860 --weight L --network NO --description "Check Qmail status"
+    if [ ${SKIPTEST} -eq 0  ]; then
+        logtext "Test: check Qmail status"
+        IsRunning qmail-smtpd
+        if [ ${RUNNING} -eq 1 ]; then
+            logtext "Result: found running Qmail process"
+            Display --indent 2 --text "- Checking Qmail status..." --result RUNNING --color GREEN
+            QMAIL_RUNNING=1
+            SMTP_DAEMON="sendmail"
+          else
+            logtext "Result: no running Qmail processes found"
+            Display --indent 2 --text "- Checking Qmail status..." --result "NOT FOUND" --color WHITE
+        fi
+    fi
+#
+#################################################################################
+#
+    # Test        : MAIL-8880
+    # Description : Check Sendmail process status
+    Register --test-no MAIL-8880 --weight L --network NO --description "Check Sendmail status"
+    if [ ${SKIPTEST} -eq 0  ]; then
+        logtext "Test: check sendmail status"
+        IsRunning sendmail
+        if [ ${RUNNING} -eq 1 ]; then
+            logtext "Result: found running Sendmail process"
+            Display --indent 2 --text "- Checking Sendmail status..." --result RUNNING --color GREEN
+            SENDMAIL_RUNNING=1
+            SMTP_DAEMON="sendmail"
+          else
+            logtext "Result: no running Sendmail processes found"
+            Display --indent 2 --text "- Checking Sendmail status..." --result "NOT FOUND" --color WHITE
+        fi
+    fi
+#
+#################################################################################
+#
+    # Test        : MAIL-8920
+    # Description : Check OpenBSD smtpd process status
+    Register --test-no MAIL-8920 --os OpenBSD --weight L --network NO --description "Check smtpd status"
+    if [ ${SKIPTEST} -eq 0  ]; then
+        logtext "Test: check smtpd status"
+        FIND=`${PSBINARY} ax | grep "/smtpd" | grep -v "grep"`
+        if [ ! "${FIND}" = "" ]; then
+            logtext "Result: found running smtpd process"
+            Display --indent 2 --text "- Checking OpenBSD smtpd status..." --result RUNNING --color GREEN
+            SMTPD_RUNNING=1
+            SMTP_DAEMON="smtpd"
+          else
+            logtext "Result: smtpd not found"
+            Display --indent 2 --text "- Checking OpenBSD smtpd status..." --result "NOT FOUND" --color WHITE
+        fi
+    fi
+#
+#################################################################################
+#
+    # Test        : MAIL-xxxx
+    # Description : Check if outgoing mail is obscured (increased privacy)
+    #Register --test-no MAIL-xxxx --weight L --network NO --description "Check XXX"
+    #if [ ${SKIPTEST} -eq 0  ]; then
+#
+#################################################################################
+#
+    #YYY Add support for mail, procmail
+    #YYY Add support for MUAs: Thunderbird, Kmail, Evolution
+    # Other software : Cyrus-IMAP, Amavisd-new, SpamAssassin, Fetchmail, Procmail, maildrop
+    #- Dovecot : \'/usr/local/etc/dovecot.conf\'
+    #- For Sendmail : \'/var/mail/sendmail.cf\'
+    #- Fetchmail : \'~/.fetchmailrc\' (not only root)
+    #- Cyrus-IMAP : \'/usr/local/etc/imapd.conf\' for parameters and \'/usr/local/etc/cyrus.conf\' for the services launched
+#
+#################################################################################
+#
+
+report "imap_daemon=${IMAP_DAEMON}"
+report "pop3_daemon=${POP3_DAEMON}"
+report "smtp_daemon=${SMTP_DAEMON}"
+
+
+wait_for_keypress
+
+#
+#================================================================================
+# Lynis - Copyright 2007-2014, Michael Boelen - www.rootkit.nl - The Netherlands
diff --git a/include/tests_malware b/include/tests_malware
new file mode 100644
index 00000000..d613829c
--- /dev/null
+++ b/include/tests_malware
@@ -0,0 +1,185 @@
+#!/bin/sh
+
+#################################################################################
+#
+#   Lynis
+# ------------------
+#
+# Copyright 2007-2014, Michael Boelen (michael@rootkit.nl), The Netherlands
+# Web site: http://www.rootkit.nl
+#
+# Lynis comes with ABSOLUTELY NO WARRANTY. This is free software, and you are
+# welcome to redistribute it under the terms of the GNU General Public License.
+# See LICENSE file for usage of this software.
+#
+#################################################################################
+#
+# Malware scanners
+#
+#################################################################################
+#
+    InsertSection "Software: Malware scanners"
+#
+#################################################################################
+#
+    CLAMD_RUNNING=0
+    MALWARE_SCANNER_INSTALLED=0
+#
+#################################################################################
+#
+    # Test        : MALW-3275
+    # Description : Check for installed tool (chkrootkit)
+    Register --test-no MALW-3275 --weight L --network NO --description "Check for chkrootkit"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        logtext "Test: checking presence chkrootkit"
+        if [ ! "${CHKROOTKITBINARY}" = "" ]; then
+            Display --indent 2 --text "- Checking chkrootkit..." --result "FOUND" --color GREEN
+            logtext "Result: Found ${CHKROOTKITBINARY}"
+            MALWARE_SCANNER_INSTALLED=1
+            AddHP 2 2
+          else
+            Display --indent 2 --text "- Checking chkrootkit..." --result "NOT FOUND" --color WHITE
+            logtext "Result: chkrootkit not found"
+        fi
+    fi
+#
+#################################################################################
+#
+    # Test        : MALW-3276
+    # Description : Check for installed tool (Rootkit Hunter) 
+    Register --test-no MALW-3276 --weight L --network NO --description "Check for Rootkit Hunter"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        logtext "Test: checking presence Rootkit Hunter"
+        if [ ! "${RKHUNTERBINARY}" = "" ]; then
+            Display --indent 2 --text "- Checking Rootkit Hunter..." --result "FOUND" --color GREEN
+            logtext "Result: Found ${RKHUNTERBINARY}"
+            MALWARE_SCANNER_INSTALLED=1
+            AddHP 2 2
+          else
+            Display --indent 2 --text "- Checking Rootkit Hunter..." --result "NOT FOUND" --color WHITE
+            logtext "Result: Rootkit Hunter not found"
+        fi
+    fi
+#
+#################################################################################
+#
+    # Test        : MALW-3280
+    # Description : Check if an anti-virus tool is installed
+    Register --test-no MALW-3280 --weight L --network NO --description "Check for clamscan"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        FOUND=0
+        logtext "Test: checking process cmdagent (McAfee)"
+        IsRunning cmdagent
+        if [ ${RUNNING} -eq 1 ]; then
+            FOUND=1
+            Display --indent 2 --text "- Checking McAfee" --result "FOUND" --color GREEN
+            logtext "Result: Found McAfee"
+            MALWARE_SCANNER_INSTALLED=1
+            AddHP 2 2
+        fi
+        logtext "Test: checking process SophosScanD"
+        IsRunning SophosScanD
+        if [ ${RUNNING} -eq 1 ]; then
+            FOUND=1
+            Display --indent 2 --text "- Checking Sophos" --result "FOUND" --color GREEN
+            logtext "Result: Found Sophos"
+            MALWARE_SCANNER_INSTALLED=1
+            AddHP 2 2
+        fi
+        if [ ${FOUND} -eq 0 ]; then
+            Display --indent 2 --text "- Checking commercial anti-virus scanners" --result "NONE FOUND" --color WHITE
+            logtext "Result: no commercial anti-virus tool found"
+            AddHP 0 3
+        fi
+    fi
+#
+#################################################################################
+#
+    # Test        : MALW-3282
+    # Description : Check if clamscan is installed
+    Register --test-no MALW-3282 --weight L --network NO --description "Check for clamscan"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        logtext "Test: checking presence clamscan"
+        if [ ! "${CLAMSCANBINARY}" = "" ]; then
+            Display --indent 2 --text "- Checking ClamAV scanner..." --result "FOUND" --color GREEN
+            logtext "Result: Found ${CLAMSCANBINARY}"
+            MALWARE_SCANNER_INSTALLED=1
+            AddHP 2 2
+          else
+            Display --indent 2 --text "- Checking ClamAV scanner..." --result "NOT FOUND" --color WHITE
+            logtext "Result: clamscan couldn't be found"
+        fi
+    fi
+
+#
+#################################################################################
+#
+    # Test        : MALW-3284
+    # Description : Check running clamd process
+    Register --test-no MALW-3284 --weight L --network NO --description "Check for clamd"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        logtext "Test: checking running ClamAV daemon (clamd)"
+        FIND=`${PSBINARY} ax | grep "/clamd" | grep -v "grep"`
+        if [ ! "${FIND}" = "" ]; then
+            Display --indent 2 --text "- Checking ClamAV daemon..." --result "FOUND" --color GREEN
+            logtext "Result: found running clamd process"
+            MALWARE_SCANNER_INSTALLED=1
+            CLAMD_RUNNING=1
+          else
+            Display --indent 2 --text "- Checking ClamAV daemon..." --result "NOT FOUND" --color WHITE
+            logtext "Result: clamd not running"
+        fi
+    fi
+#
+#################################################################################
+#
+    # Test        : MALW-3286
+    # Description : Check running freshclam if clamd process is running
+    if [ ${CLAMD_RUNNING} -eq 1 ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
+    Register --test-no MALW-3286 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check for freshclam"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        logtext "Test: checking running freshclam daemon"
+        FIND=`${PSBINARY} ax | grep "/freshclam" | grep -v "grep"`
+        if [ ! "${FIND}" = "" ]; then
+            Display --indent 4 --text "- Checking freshclam..." --result "FOUND" --color GREEN
+            logtext "Result: found running freshclam process"
+            AddHP 2 2
+          else
+            Display --indent 4 --text "- Checking freshclam..." --result "SUGGESTION" --color YELLOW
+            logtext "Result: freshclam is not running"
+            ReportSuggestion ${TEST_NO} "Confirm that freshclam is properly configured and keeps updating the ClamAV database"
+        fi
+    fi
+#
+#################################################################################
+#
+    # Test        : MALW-3292
+    # Description : Check if at least one malware scanner is installed
+#    Register --test-no MALW-3292 --weight L --network NO --description "Check for at least one malware scanner"
+#    if [ ${SKIPTEST} -eq 0 ]; then
+#	if [ ${MALWARE_SCANNER_INSTALLED} -eq 1 ]; then
+#	    logtext "Result: At least one malware scanner is installed"
+#	    Display --indent 2 --text "- Checking presence malware scanner..." --result "FOUND" --color GREEN
+#	    #AddHP 3 3
+#	  else
+#	    logtext "Result: No malware scanners found"
+#	    Display --indent 2 --text "- Checking presence malware scanner..." --result "NOT FOUND" --color YELLOW
+#	    ReportSuggestion ${TEST_NO} "Install at least one malware scanner to perform periodic integrity tests on the system"
+#	    #AddHP 0 3
+#	fi
+#    fi
+#
+#################################################################################
+#
+# Other projects: maldetect (rfxn)
+#
+#################################################################################
+#
+
+report "malware_scanner_installed=${MALWARE_SCANNER_INSTALLED}"
+
+wait_for_keypress
+
+#
+#================================================================================
+# Lynis - Copyright 2007-2014, Michael Boelen - www.rootkit.nl - The Netherlands
diff --git a/include/tests_memory_processes b/include/tests_memory_processes
new file mode 100644
index 00000000..88c0cbc0
--- /dev/null
+++ b/include/tests_memory_processes
@@ -0,0 +1,132 @@
+#!/bin/sh
+
+#################################################################################
+#
+#   Lynis
+# ------------------
+#
+# Copyright 2007-2014, Michael Boelen (michael@rootkit.nl), The Netherlands
+# Web site: http://www.rootkit.nl
+#
+# Lynis comes with ABSOLUTELY NO WARRANTY. This is free software, and you are
+# welcome to redistribute it under the terms of the GNU General Public License.
+# See LICENSE file for usage of this software.
+#
+#################################################################################
+#
+# Memory and processes
+#
+#################################################################################
+#
+    InsertSection "Memory and processes"
+#
+#################################################################################
+#
+    # Test        : PROC-3602
+    # Description : Query /proc/meminfo
+    Register --test-no PROC-3602 --os Linux --weight L --network NO --description "Checking /proc/meminfo for memory details"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        if [ -f /proc/meminfo ]; then
+            logtext "Result: found /proc/meminfo"
+            Display --indent 2 --text "- Checking /proc/meminfo... " --result FOUND --color GREEN
+            FIND=`cat /proc/meminfo | grep "^MemTotal" | tr -s ' ' | awk '{ print $2" "$3 }'`
+            MEMORY_SIZE=`echo ${FIND} | awk '{ print $1 }'`
+            MEMORY_UNITS=`echo ${FIND} | awk '{ print $2 }'`
+            logtext "Result: Found ${MEMORY_SIZE} ${MEMORY_UNITS} memory"
+            report "memory_size=${MEMORY_SIZE}"
+            report "memory_units=${MEMORY_UNITS}"
+          else
+            logtext "Result: /proc/meminfo file not found on this system"
+        fi
+    fi
+#
+#################################################################################
+#
+    # Test        : PROC-3604
+    # Description : Query /proc/meminfo
+    Register --test-no PROC-3604 --os Solaris --weight L --network NO --description "Query prtconf for memory details"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        logtext "Test: Searching /usr/sbin/prtconf"
+        if [ -x /usr/sbin/prtconf ]; then
+            Display --indent 2 --text "- Querying prtconf for installed memory..." --result DONE --color GREEN
+            MEMORY_SIZE=`/usr/sbin/prtconf | grep "^Memory size:" | cut -d ' ' -f3`
+            MEMORY_UNITS=`/usr/sbin/prtconf | grep "^Memory size:" | cut -d ' ' -f4`
+            logtext "Result: Found ${MEMORY_SIZE} ${MEMORY_UNITS} memory"
+            report "memory_size=${MEMORY_SIZE}"
+            report "memory_units=${MEMORY_UNITS}"
+          else
+            Display --indent 2 --text "- Querying prtconf for installed memory..." --result SKIPPED --color WHITE
+            logtext "Result: /usr/sbin/prtconf not found"
+        fi
+    fi
+#
+#################################################################################
+#
+    # Test        : PROC-3612
+    # Description : Searching for dead and zombie processes
+    # Notes       : Don't perform test on Solaris    
+    if [ ! "${OS}" = "Solaris" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
+    Register --test-no PROC-3612 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check dead or zombie processes"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        if [ "${OS}" = "AIX" ]; then
+            FIND=`${PSBINARY} -Ae -o pid,wchan,stat,comm | awk '{ if ($3 ~ /Z|X/) print $1 }' | xargs`
+          else
+            FIND=`${PSBINARY} x -o pid,wchan,stat,comm | awk '{ if ($3 ~ /Z|X/) print $1 }' | xargs`
+        fi
+        if [ "${FIND}" = "" ]; then
+            logtext "Result: no zombie processes found"
+            Display --indent 2 --text "- Searching for dead/zombie processes..." --result OK --color GREEN
+          else
+            logtext "Result: found one or more dead or zombie processes"
+            logtext "Output: PIDs ${FIND}"
+            Display --indent 2 --text "- Searching for dead/zombie processes..." --result WARNING --color RED
+            ReportSuggestion ${TEST_NO} "Check the output of ps for dead or zombie processes"
+        fi
+    fi
+#
+#################################################################################
+#
+    # Test        : PROC-3614
+    # Description : Searching for heavy IO based waiting processes
+    # Notes       : Don't perform test on Solaris
+    if [ ! "${OS}" = "Solaris" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
+    Register --test-no PROC-3614 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check heavy IO waiting based processes"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        if [ "${OS}" = "AIX" ]; then
+            FIND=`${PSBINARY} -Ae -o pid,wchan,stat,comm | awk '{ if ($3=="D") print $1 }' | xargs`
+          else
+            FIND=`${PSBINARY} x -o pid,wchan,stat,comm | awk '{ if ($3=="D") print $1 }' | xargs`
+        fi
+        if [ "${FIND}" = "" ]; then
+            logtext "Result: No processes were waiting for IO requests to be handled first"
+            Display --indent 2 --text "- Searching for IO waiting processes..." --result OK --color GREEN
+          else
+            logtext "Result: found one or more processes which were waiting to get IO requests handled first"
+            logtext "More info: processes which show up with the status flag 'D' are often stuck, until a disk IO event finished. This can happen for example with network storage, where the connection or protocol settings are not logtext well configured."
+            logtext "Output: PIDs ${FIND}"
+            Display --indent 2 --text "- Searching for IO waiting processes..." --result WARNING --color RED
+            ReportSuggestion ${TEST_NO} "Check process listing for processes waiting for IO requests"
+        fi
+    fi
+#
+#################################################################################
+#
+    # Ubuntu test: dead processes
+    # who -d
+#
+#################################################################################
+#
+    # Test        : PROC-3624
+    # Description : Check shared memory (ipcs -m)
+    # Notes       : if it's empty, check /dev/shm and warn if any files are left behind
+    #Register --test-no PROC-3614 --os Linux --weight L --network NO --description "Check shared memory"
+    #if [ ${SKIPTEST} -eq 0 ]; then
+#
+#################################################################################
+#
+
+wait_for_keypress
+
+#
+#================================================================================
+# Lynis - Copyright 2007-2014, Michael Boelen - www.rootkit.nl - The Netherlands
diff --git a/include/tests_nameservices b/include/tests_nameservices
new file mode 100644
index 00000000..f2e72ee9
--- /dev/null
+++ b/include/tests_nameservices
@@ -0,0 +1,607 @@
+#!/bin/sh
+
+#################################################################################
+#
+#   Lynis
+# ------------------
+#
+# Copyright 2007-2014, Michael Boelen (michael@rootkit.nl), The Netherlands
+# Web site: http://www.rootkit.nl
+#
+# Lynis comes with ABSOLUTELY NO WARRANTY. This is free software, and you are
+# welcome to redistribute it under the terms of the GNU General Public License.
+# See LICENSE file for usage of this software.
+#
+#################################################################################
+#
+# Name services
+#
+#################################################################################
+#
+    InsertSection "Software: name services"
+#
+#################################################################################
+#
+    BIND_RUNNING=0
+    BIND_CONFIG_LOCS="/etc /etc/bind /usr/local/etc"
+    BIND_CONFIG_LOCATIONS=""
+    POWERDNS_RUNNING=0
+    POWERDNS_CONFIG_LOCS="/etc/powerdns /usr/local/etc"
+    POWERDNS_AUTH_CONFIG_LOCATION=""
+    POWERDNS_AUTH_MASTER=0
+    POWERDNS_AUTH_SLAVE=0
+    YPBIND_RUNNING=0
+#
+#################################################################################
+#
+    # Test        : NAME-4016
+    # Description : Check main domain (domain <domain name> in /etc/resolv.conf)
+    Register --test-no NAME-4016 --weight L --network NO --description "Check /etc/resolv.conf default domain"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        logtext "Test: check /etc/resolv.conf for default domain"
+        if [ -f /etc/resolv.conf ]; then
+            logtext "Result: /etc/resolv.conf found"
+            FIND=`cat /etc/resolv.conf | grep "^domain" | awk '{ print $2 }'`
+            if [ "${FIND}" = "" ]; then
+                logtext "Result: no default domain found"
+                Display --indent 2 --text "- Checking default DNS search domain..." --result NONE --color WHITE
+              else
+                logtext "Result: found default domain"
+                logtext "Output: ${FIND}"
+                report "resolv_conf_domain=${FIND}"
+                Display --indent 2 --text "- Checking default DNS search domain..." --result FOUND --color GREEN
+                RESOLV_DOMAINNAME="${FIND}"
+            fi
+        fi
+    fi
+#
+#################################################################################
+#
+    # Test        : NAME-4018
+    # Description : Check search domains in /etc/resolv.conf
+    # Notes       : Maximum of one search keyword is allowed in /etc/resolv.conf
+    Register --test-no NAME-4018 --weight L --network NO --description "Check /etc/resolv.conf search domains"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        N=0
+        logtext "Test: check /etc/resolv.conf for search domains"
+        if [ -f /etc/resolv.conf ]; then
+            logtext "Result: /etc/resolv.conf found"
+            FIND=`cat /etc/resolv.conf | grep "^search" | sed 's/^search //'`
+            if [ "${FIND}" = "" ]; then
+                logtext "Result: no search domains found, default domain is being used"
+              else
+                for I in ${FIND}; do
+                    logtext "Found search domain: ${I}"
+                    report "resolv_conf_search_domain[]=${I}"
+                    N=`expr ${N} + 1`
+                done
+                # Warn if we have more than 6 search domains, which is maximum in most resolvers
+                if [ ${N} -gt 6 ]; then
+                    logtext "Result: Found ${N} search domains"
+                    Display --indent 2 --text "- Checking search domains..." --result WARNING --color YELLOW
+                    ReportWarning ${TEST_NO} "L" "Found more than 6 search domains, which is usually more than the maximum allowed number in most resolvers"
+                  else
+                    logtext "Result: Found ${N} search domains"
+                    Display --indent 2 --text "- Checking search domains..." --result FOUND --color GREEN
+                fi
+            fi
+          else
+            logtext "Result: /etc/resolv.conf does not exist, skipping test"
+            Display --indent 2 --text "- Checking search domains..." --result "NOT FOUND" --color YELLOW
+        fi
+
+        # Check amount of search domains (max 1)
+            FIND=`cat /etc/resolv.conf | grep "^search" | wc -l | tr -s ' ' | tr -d ' '`
+            if [ ! "${FIND}" = "0" -a ! "${FIND}" = "1" ]; then
+                logtext "Result: found ${FIND} line(s) with a search statement (expecting less than 2 lines)"    
+                Display --indent 4 --text "- Checking search domains lines..." --result "CONFIG ERROR" --color YELLOW
+                ReportWarning ${TEST_NO} "L" "Found more than 1 search lines in /etc/resolv.conf, which is probably a misconfiguration"
+              else
+                logtext "Result: found ${FIND} line(s) with a search statement (expecting less than 2 lines)"
+            fi
+    fi
+#
+#################################################################################
+#
+    # Test        : NAME-4020
+    # Description : Check non default resolv.conf options
+    Register --test-no NAME-4020 --weight L --network NO --description "Check non default options"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        logtext "Test: check /etc/resolv.conf for non default options"
+        if [ -f /etc/resolv.conf ]; then
+            logtext "Result: /etc/resolv.conf found"
+            FIND=`grep "^options" /etc/resolv.conf | awk '{ print $2 }'`
+            if [ "${FIND}" = "" ]; then
+                logtext "Result: no specific other options configured in /etc/resolv.conf"
+                Display --indent 2 --text "- Checking /etc/resolv.conf options..." --result "NONE" --color WHITE
+              else
+                for I in ${FIND}; do
+                    logtext "Found option: ${I}"
+                    report "resolv_conf_option[]=${I}"
+                    #rotate --> add performance tune point
+                    #timeout <3 --> add performe tune point
+                done
+                Display --indent 2 --text "- Checking /etc/resolv.conf options..." --result "FOUND" --color GREEN
+            fi
+          else
+            logtext "Result: /etc/resolv.conf not found, test skipped"
+            Display --indent 2 --text "- Checking /etc/resolv.conf options..." --result "NOT FOUND" --color YELLOW
+        fi
+    fi
+#
+#################################################################################
+#
+    # Test        : NAME-4024
+    # Description : Check Solaris uname -n output
+    Register --test-no NAME-4024 --os Solaris --weight L --network NO --description "Solaris uname -n output"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        FIND=`uname -n`
+        logtext "Result: 'uname -n' returned ${FIND}"
+        Display --indent 2 --text "- Checking uname -n output..." --result DONE --color GREEN
+    fi
+#
+#################################################################################
+#
+    # Test        : NAME-4026
+    # Description : Check Solaris /etc/nodename
+    # Notes       : If a system is standalone, /etc/nodename should contain a system name only, not FQDN
+    Register --test-no NAME-4026 --os Solaris --weight L --network NO --description "Check /etc/nodename"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        logtext "Test: checking /etc/nodename"
+        if [ -f /etc/nodename ]; then
+            logtext "Result: file /etc/nodename exists"
+            FIND=`cat /etc/nodename`
+            logtext "Output: ${FIND}"
+            Display --indent 2 --text "- Checking /etc/nodename..." --result "DONE" --color GREEN
+          else
+            logtext "Result: file /etc/nodename could not be found"
+            Display --indent 2 --text "- Checking /etc/nodename..." --result "NONE FOUND" --color YELLOW
+        fi
+    fi
+#
+#################################################################################
+#
+    # Test        : NAME-4028
+    # Description : Check DNS domain name
+    # To Do       : grep ^DOMAINNAME /etc/conf.d/domainname (remove "'s)
+    Register --test-no NAME-4028 --weight L --network NO --description "Check domain name"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        DOMAINNAME=""
+        # NIS
+        #logtext "Test: Checking file /etc/domainname"
+        #if [ -f /etc/domainname ]; then
+        #    logtext "Result: file /etc/domainname exists"
+        #    FIND2=`cat /etc/domainname`
+        #        if [ ! "${FIND}" = "" ]; then
+        #        logtext "Found domain name: ${FIND}"
+        #        DOMAINNAME="${FIND}"
+        #      else
+        #        logtext "Result: no domain name found in file"
+        #    fi
+        #  else
+        #    logtext "Result: file /etc/domainname does not exist"
+        #fi
+
+        logtext "Test: Checking if dnsdomainname command is available"
+        if [ ! "${DNSDOMAINNAMEBINARY}" = "" ]; then
+            FIND2=`${DNSDOMAINNAMEBINARY} 2> /dev/null`
+            if [ ! "${FIND2}" = "" ]; then
+                logtext "Result: dnsdomainname command returned a value"
+                logtext "Found domain name: ${FIND2}"
+                DOMAINNAME="${FIND2}"
+              else
+                logtext "Result: dnsdomainname command returned no value"
+            fi
+          else
+            logtext "Result: dnsdomainname binary not found, skip specific test"
+        fi
+
+        # If files and commands can't be found, use defined value from resolv.conf
+        if [ "${DOMAINNAME}" = "" ]; then
+            if [ ! "${RESOLV_DOMAINNAME}" = "" ]; then
+                logtext "Result: using domain name from /etc/resolv.conf"
+                DOMAINNAME=${RESOLV_DOMAINNAME}
+              else
+                logtext "Result: using domain name from FQDN hostname"
+                DOMAINNAME=${FQDN#${HOSTNAME}.}
+            fi
+        fi
+
+        if [ ! "${DOMAINNAME}" = "" ]; then
+            logtext "Result: found domain name"
+            report "domainname=${DOMAINNAME}"
+            Display --indent 2 --text "- Searching DNS domain name..." --result "FOUND" --color GREEN
+            Display --indent 6 --text "Domain name: ${DOMAINNAME}"
+          else
+            Display --indent 2 --text "- Searching DNS domain name..." --result "UNKNOWN" --color YELLOW
+            ReportSuggestion ${TEST_NO} "Check DNS configuration for the dns domain name"
+        fi
+    fi
+#
+#################################################################################
+#
+    # Test        : NAME-4032
+    # Description : Check name service caching daemon (NSCD) status
+    Register --test-no NAME-4032 --weight L --network NO --description "Check nscd status"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        logtext "Test: checking nscd status"
+        FIND=`${PSBINARY} ax | grep "nscd" | grep -v "grep"`
+        if [ ! "${FIND}" = "" ]; then
+            logtext "Result: nscd is running"
+            Display --indent 2 --text "- Checking nscd status..." --result RUNNING --color GREEN
+          else
+            logtext "Result: nscd is not running"
+            Display --indent 2 --text "- Checking nscd status..." --result "NOT FOUND" --color WHITE
+            #YYY show performance suggestion if LDAP is used
+        fi
+    fi
+#
+#################################################################################
+#
+    # Test        : NAME-4202
+    # Description : Check if BIND is running
+    Register --test-no NAME-4202 --weight L --network NO --description "Check BIND status"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        logtext "Test: Checking for running BIND instance"
+        FIND=`${PSBINARY} ax | grep "/named" | grep -v "grep"`
+        if [ ! "${FIND}" = "" ]; then
+            logtext "Result: found BIND process"
+            Display --indent 2 --text "- Checking BIND status..." --result "FOUND" --color GREEN
+            BIND_RUNNING=1
+          else
+            logtext "Result: BIND not running"
+            Display --indent 2 --text "- Checking BIND status..." --result "NOT FOUND" --color WHITE
+        fi
+    fi
+#
+#################################################################################
+#
+    # Test        : NAME-4204
+    # Description : Check configuration file of BIND
+    if [ ${BIND_RUNNING} -eq 1 ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
+    Register --test-no NAME-4204 --preqs-met ${PREQS_MET} --weight L --network NO --description "Search BIND configuration file"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        logtext "Test: Search BIND configuration file"
+        #YYY add chrooted environments
+        for I in ${BIND_CONFIG_LOCS}; do
+            if [ -f ${I}/named.conf ]; then
+                BIND_CONFIG_LOCATION="${I}/named.conf"
+                logtext "Result: found configuration file (${BIND_CONFIG_LOCATION})"
+            fi
+        done
+        if [ ! "${BIND_CONFIG_LOCATION}" = "" ]; then
+            Display --indent 4 --text "- Checking BIND configuration file..." --result "FOUND" --color GREEN
+          else
+            Display --indent 4 --text "- Checking BIND configuration file..." --result "NOT FOUND" --color YELLOW
+        fi
+    fi
+#
+#################################################################################
+#
+    # Test        : NAME-4206
+    # Description : Check BIND configuration file consistency
+    if [ ${BIND_RUNNING} -eq 1 -a ! "${BIND_CONFIG_LOCATION}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
+    Register --test-no NAME-4206 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check BIND configuration consistency"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        logtext "Test: searching for named-checkconf binary"
+        if [ ! "${NAMEDCHECKCONFBINARY}" = "" ]; then
+            logtext "Result: named-checkconf is installed"
+            FIND=`${NAMEDCHECKCONFBINARY} ${BIND_CONFIG_LOCATION}; echo $?`
+            if [ "${FIND}" = "0" ]; then
+                logtext "Result: configuration file ${BIND_CONFIG_LOCATION} seems to be fine"
+                Display --indent 4 --text "- Checking BIND configuration consistency..." --result "OK" --color GREEN
+              else
+                logtext "Result: possible errors found in ${BIND_CONFIG_LOCATION}"
+                Display --indent 4 --text "- Checking BIND configuration consistency..." --result WARNING --color RED
+                ReportWarning ${TEST_NO} "Errors discovered in BIND configuration file"
+            fi
+          else
+            logtext "Result: named-checkconf not found, skipping test"
+        fi
+    fi
+#
+#################################################################################
+#
+    # Test        : NAME-4208
+    # Description : Check DNS server type (master, slave, caching, forwarding)
+    #Register --test-no NAME-4050 --weight L --network NO --description "Check nscd status"
+    #if [ ${SKIPTEST} -eq 0 ]; then
+#
+#################################################################################
+#
+    # Test        : NAME-4210
+    # Description : Check if we can determine useful information from banner
+    if [ ${BIND_RUNNING} -eq 1 -a ! "${BIND_CONFIG_LOCATION}" = "" -a ! "${DIGBINARY}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
+    Register --test-no NAME-4210 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check DNS banner"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        logtext "Test: Trying to determine version from banner"
+        FIND=`${DIGBINARY} @localhost version.bind chaos txt | grep "^version.bind" | grep TXT | egrep "[0-9].[0-9].[0-9]*"`
+        if [ "${FIND}" = "" ]; then
+            logtext "Result: no useful information in banner found"
+            Display --indent 4 --text "- Checking BIND version in banner ..." --result "OK" --color GREEN
+            AddHP 2 2
+          else
+            logtext "Result: possible BIND version available in version banner"
+            Display --indent 4 --text "- Checking BIND version in banner..." --result WARNING --color RED
+            ReportWarning ${TEST_NO} "M" "Found BIND version in banner"
+            ReportSuggestion ${TEST_NO} "The version in BIND can be masked by defining 'version none' in the configuration file"
+            AddHP 0 2
+        fi
+    fi
+#
+#################################################################################
+#
+    # Test        : NAME-4212
+    # Description : Check version option in BIND configuration
+    #if [ ${BIND_RUNNING} -eq 1 -a ! "${BIND_CONFIG_LOCATION}" = "" -a ! "${DIGBINARY}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
+    #Register --test-no NAME-4210 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check DNS banner"
+#
+#################################################################################
+#
+    # Test        : NAME-4220
+    # Description : Check if we can perform a zone transfer of primary domain
+    #Register --test-no NAME-4220 --weight L --network NO --description "Check zone transfer"
+    #if [ ${SKIPTEST} -eq 0 ]; then
+#
+#################################################################################
+#
+    # Test        : NAME-4222
+    # Description : Check if we can perform a zone transfer of PTR (of primary domain)
+    #Register --test-no NAME-4222 --weight L --network NO --description "Check zone transfer"
+    #if [ ${SKIPTEST} -eq 0 ]; then
+#
+#################################################################################
+#
+    # Test        : NAME-4230
+    # Description : Check if PowerDNS is running
+    Register --test-no NAME-4230 --weight L --network NO --description "Check PowerDNS status"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        logtext "Test: Checking for running PowerDNS instance"
+        FIND=`${PSBINARY} ax | grep "/pdns_server" | grep -v "grep"`
+        if [ ! "${FIND}" = "" ]; then
+            logtext "Result: found PowerDNS process"
+            Display --indent 2 --text "- Checking PowerDNS status..." --result "RUNNING" --color GREEN
+            POWERDNS_RUNNING=1
+          else
+            logtext "Result: PowerDNS not running"
+            Display --indent 2 --text "- Checking PowerDNS status..." --result "NOT FOUND" --color WHITE
+        fi
+    fi
+#
+#################################################################################
+#
+    # Test        : NAME-4232
+    # Description : Check PowerDNS configuration file
+    if [ ${POWERDNS_RUNNING} -eq 1 ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
+    Register --test-no NAME-4232 --preqs-met ${PREQS_MET} --weight L --network NO --description "Search PowerDNS configuration file"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        logtext "Test: Search PowerDNS configuration file"
+        #YYY add chrooted environments
+        for I in ${POWERDNS_CONFIG_LOCS}; do
+            if [ -f ${I}/pdns.conf ]; then
+                POWERDNS_AUTH_CONFIG_LOCATION="${I}/pdns.conf"
+                logtext "Result: found configuration file (${POWERDNS_AUTH_CONFIG_LOCATION})"		
+            fi
+        done
+        if [ ! "${POWERDNS_AUTH_CONFIG_LOCATION}" = "" ]; then
+            Display --indent 4 --text "- Checking PowerDNS configuration file..." --result "FOUND" --color GREEN
+          else
+            Display --indent 4 --text "- Checking PowerDNS configuration file..." --result "NOT FOUND" --color YELLOW
+        fi
+    fi
+#
+#################################################################################
+#
+#    # Test        : NAME-4234
+#    # Description : Check PowerDNS configuration file consistency
+#    if [ ${POWERDNS_RUNNING} -eq 1 -a ! "${POWERDNS_AUTH_CONFIG_LOCATION}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
+#    Register --test-no NAME-4234 --weight L --network NO --description "Check PowerDNS configuration consistency"
+#    if [ ${SKIPTEST} -eq 0 ]; then
+#    fi
+#
+#################################################################################
+#
+    # Test        : NAME-4236
+    # Description : Check PowerDNS server backends
+    if [ ${POWERDNS_RUNNING} -eq 1 -a ! "${POWERDNS_AUTH_CONFIG_LOCATION}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
+    Register --test-no NAME-4236 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check PowerDNS backends"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        logtext "Test: Checking for PowerDNS backends"
+        FIND=`cat ${POWERDNS_AUTH_CONFIG_LOCATION} | grep "^launch" | awk -F= '{ print $2 }'`
+        if [ ! "${FIND}" = "" ]; then
+            for I in ${FIND}; do
+                logtext "Found backend: ${I}"
+            done
+            Display --indent 4 --text "- Checking PowerDNS backends..." --result "FOUND" --color GREEN
+          else
+            logtext "Result: no PowerDNS backends found"
+            Display --indent 4 --text "- Checking PowerDNS backends..." --result "NOT FOUND" --color YELLOW
+        fi
+    fi
+#
+#################################################################################
+#
+    # Test        : NAME-4238
+    # Description : Check PowerDNS authoritive status
+    if [ ${POWERDNS_RUNNING} -eq 1 -a ! "${POWERDNS_AUTH_CONFIG_LOCATION}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
+    Register --test-no NAME-4238 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check PowerDNS authoritive status"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        logtext "Test: Checking for PowerDNS master status"
+        FIND=`cat ${POWERDNS_AUTH_CONFIG_LOCATION} | grep "^master=yes"`
+        if [ ! "${FIND}" = "" ]; then
+            logtext "Found master=yes in configuration file"
+            Display --indent 4 --text "- PowerDNS authoritive master: YES"
+            POWERDNS_AUTH_MASTER=1
+          else
+            logtext "Result: most likely not master (no master=yes)"
+            Display --indent 4 --text "- PowerDNS authoritive master: NO"
+        fi
+        logtext "Test: Checking for PowerDNS slave status"
+        FIND=`cat ${POWERDNS_AUTH_CONFIG_LOCATION} | grep "^slave=yes"`
+        if [ ! "${FIND}" = "" ]; then
+            logtext "Found slave=yes in configuration file"
+            Display --indent 4 --text "- PowerDNS authoritive slave: YES"
+            POWERDNS_AUTH_SLAVE=1
+          else
+            logtext "Result: most likely not slave (no slave=yes)"
+            Display --indent 4 --text "- PowerDNS authoritive slave: NO"
+        fi
+    fi
+#
+#################################################################################
+#
+    # Test        : NAME-4302
+    # Description : Check NIS ypbind daemon status
+    Register --test-no NAME-4304 --weight L --network NO --description "Check NIS ypbind status"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        logtext "Test: Checking status of ypbind daemon"
+        FIND=`${PSBINARY} ax | grep "ypbind" | grep -v "grep"`
+        if [ ! "${FIND}" = "" ]; then
+            logtext "Result: ypbind is running"
+            Display --indent 2 --text "- Checking ypbind status..." --result "FOUND" --color GREEN
+            YPBIND_RUNNING=1
+            ReportSuggestion "Disable the usage of NIS/NIS+ and use an alternative like LDAP or Kerberos instead"
+          else
+            logtext "Result: ypbind is not active"
+            Display --indent 2 --text "- Checking ypbind status..." --result "NOT FOUND" --color WHITE
+        fi
+    fi
+#
+#################################################################################
+#
+    # Test        : NAME-4306
+    # Description : Check NIS domain
+    # Notes       : FreeBSD: sysctl kern.domainname
+    if [ ${YPBIND_RUNNING} -eq 1 ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
+    Register --test-no NAME-4306 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check NIS domain"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        logtext "Test: Checking `domainname` for NIS domain value"
+        FIND=`${DOMAINNAMEBINARY} | grep -v "(none)"`
+        if [ ! "${FIND}" = "" ]; then
+            logtext "Value: ${FIND}"
+            NISDOMAIN="${FIND}"
+          else
+            logtext "Result: no NIS domain found in command output"
+        fi
+        # Solaris / Linux style
+        logtext "Test: Checking file /etc/defaultdomain"
+        if [ -f /etc/defaultdomain ]; then
+            logtext "Result: file /etc/defaultdomain exists"
+            FIND2=`cat /etc/defaultdomain`
+            if [ ! "${FIND2}" = "" ]; then
+                logtext "Output: ${FIND2}"
+                NISDOMAIN="${FIND2}"
+              else
+                logtext "Result: no NIS domain found in file"
+            fi
+        fi
+        # Red Hat style
+        logtext "Test: checking /etc/sysconfig/network"
+        if [ -f /etc/sysconfig/network ]; then
+            logtext "Result: file /etc/sysconfig/network exists"
+            logtext "Test: checking NISDOMAIN value in file"
+            FIND3=`grep "^NISDOMAIN" /etc/sysconfig/network | awk -F= '{ print $2 }' | sed 's/"//g'`
+            if [ ! "${FIND3}" = "" ]; then
+                logtext "Found NIS domain: ${FIND3}"
+                NISDOMAIN="${FIND3}"
+              else
+                logtext "Result: No NIS domain found in file"
+            fi
+          else
+            logtext "Result: file /etc/sysconfig/network does not exist"
+        fi
+
+        # Check sysctl (e.g. FreeBSD)
+        logtext "Test: checking sysctl for kern.domainname"
+        FIND=`sysctl -a 2>&1 | grep "^kern.domainname" | awk -F: '{ print $2 }' | sed 's/ //g' | grep -v "^$"`
+        if [ ! "${FIND}" = "" ]; then
+            logtext "Result: found NIS domain via sysctl"
+            NISDOMAIN="${FIND}"
+        fi
+        # Check if we found any NIS domain
+        if [ ! "${NISDOMAIN}" = "" ]; then    
+            logtext "Found NIS domain: ${NISDOMAIN}"
+            report "nisdomain=${NISDOMAIN}"
+            Display --indent 4 --text "- Checking NIS domain..." --result "FOUND" --color GREEN
+          else
+            logtext "Result: No NIS domain found"
+            Display --indent 4 --text "- Checking NIS domain..." --result "UNKNOWN" --color YELLOW
+        fi
+    fi
+#
+#################################################################################
+#
+    if [ -f /etc/hosts ]; then
+      Display --indent 2 --text "- Checking /etc/hosts"
+    fi
+
+    # Test        : NAME-4402
+    # Description : Check /etc/hosts configuration
+    Register --test-no NAME-4402 --weight L --network NO --description "Check duplicate line in /etc/hosts"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        logtext "Test: check duplicate line in /etc/hosts"
+        if [ -f /etc/hosts ]; then
+            sFIND=`cat /etc/hosts | egrep -v '^(#|$)' | uniq -d`
+            if [ "${sFIND}" = "" ]; then
+                logtext "Result: OK, no duplicate lines found"
+                Display --indent 4 --text "- Checking /etc/hosts (duplicates)" --result OK --color GREEN
+              else
+                logtext "Found duplicate line: ${sFIND}"
+                logtext "Result: found duplicate line"
+                Display --indent 4 --text "- Checking /etc/hosts (duplicates)" --result SUGGESTION --color YELLOW
+                ReportSuggestion ${TEST_NO} "L" "Remove duplicate lines in /etc/hosts"
+            fi
+        else
+          logtext "Result: /etc/hosts not found, test skipped"
+          Display --indent 4 --text "Searching duplicate line..." --result "SKIPPED" --color YELLOW
+        fi
+     fi
+#
+#################################################################################
+#
+    # Test        : NAME-4404
+    # Description : Check /etc/hosts contains an entry for this server name
+    Register --test-no NAME-4404 --weight L --network NO --description "Check /etc/hosts contains an entry for this server name"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        logtext "Test: Check /etc/hosts contains an entry for this server name"
+        if [ -f /etc/hosts ]; then
+            sFIND=`cat /etc/hosts | egrep -v '^(#|$|::1|localhost)' | grep ${HOSTNAME}`
+            if [ "${sFIND}" != "" ]; then
+                logtext "Result: Found entry for ${HOSTNAME} in /etc/hosts"
+                Display --indent 4 --text "- Checking /etc/hosts (hostname)" --result OK --color GREEN
+              else
+                logtext "Result: No entry found for ${HOSTNAME} in /etc/hosts"
+                Display --indent 4 --text "- Checking /etc/hosts (hostname)" --result SUGGESTION --color YELLOW
+                ReportSuggestion ${TEST_NO} "Add the IP name and FQDN to /etc/hosts for proper name resolving"
+                logtext "Risk: No entry for the server name [hostname] in /etc/hosts may cause unexpected performance problems for local connections"
+            fi
+         fi
+     fi
+#
+#################################################################################
+#
+    # Test        : NAME-4406
+    # Description : Check server hostname mapping
+    Register --test-no NAME-4406 --weight L --network NO --description "Check server hostname mapping"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        logtext "Test: Check server hostname not locally mapped in /etc/hosts"
+        sFIND=`cat /etc/hosts | egrep -v '^(#|$)' | egrep '(localhost|::1)' | grep ${HOSTNAME}`
+        if  [ ! "${sFIND}" = "" ]; then
+          logtext "Result: Found this server hostname mapped to a local address"
+          Display --indent 4 --text "- Checking /etc/hosts (localhost)" --result SUGGESTION --color YELLOW
+          logtext "Information: Linking the hostname to the localhost entry may break some resolving. Split resolving so that localhost resolves back to 127.0.0.1 (and ::1) and the hostname of the machine to the real IP address on the network interface."
+          ReportSuggestion ${TEST_NO} "Split resolving between localhost and the hostname of the system"
+        else
+          logtext "Result: this server hostname is not mapped to a local address"
+          Display --indent 4 --text "- Checking /etc/hosts (localhost)" --result OK --color GREEN
+        fi
+    fi
+#
+#################################################################################
+#
+
+wait_for_keypress
+
+#
+#================================================================================
+# Lynis - Copyright 2007-2014, Michael Boelen - www.rootkit.nl - The Netherlands
diff --git a/include/tests_networking b/include/tests_networking
new file mode 100644
index 00000000..9b4ad8a1
--- /dev/null
+++ b/include/tests_networking
@@ -0,0 +1,450 @@
+#!/bin/sh
+
+#################################################################################
+#
+#   Lynis
+# ------------------
+#
+# Copyright 2007-2014, Michael Boelen (michael@rootkit.nl), The Netherlands
+# Web site: http://www.rootkit.nl
+#
+# Lynis comes with ABSOLUTELY NO WARRANTY. This is free software, and you are
+# welcome to redistribute it under the terms of the GNU General Public License.
+# See LICENSE file for usage of this software.
+#
+#################################################################################
+#
+# Networking
+#
+#################################################################################
+#
+    FOUNDPROMISC=0                                  # Promiscuous interfaces
+    LOCAL_DNSRESOLVER_FOUND=0                       # Local DNS resolver
+    NUMBERACTIVENS=0                                # Number of active nameservers
+    DHCP_CLIENT_RUNNING=0                           # DHCP client availability
+#
+#################################################################################
+#
+    InsertSection "Networking"
+#
+#################################################################################
+#
+    # Test        : NETW-2704 (YYY move to nameservices section)
+    # Description : Basic nameserver configuration tests (connectivity)
+    Register --test-no NETW-2704 --weight L --network YES --description "Basic nameserver configuration tests"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        Display --indent 2 --text "- Checking configured nameservers..."
+        logtext "Test: Checking /etc/resolv.conf file"
+        if [ -f /etc/resolv.conf ]; then
+            logtext "Result: Found /etc/resolv.conf file"
+            FIND=`grep '^nameserver' /etc/resolv.conf | tr -d '\t' | sed 's/nameserver*//g'`
+            if [ ! "${FIND}" = "" ]; then
+                Display --indent 4 --text "- Testing nameservers..."
+                logtext "Test: Querying nameservers"
+                for I in ${FIND}; do
+                    logtext "Found nameserver: ${I}"
+                    report "nameserver[]=${I}"
+                    # Check if a local resolver is available (like DNSMasq) 
+                    if [ "${I}" = "::1" -o "${I}" = "127.0.0.1" -o "${I}" = "0.0.0.0" ]; then
+                         LOCAL_DNSRESOLVER_FOUND=1
+                    fi
+                    if [ ! "${DIGBINARY}" = "" ]; then
+                        # See if we can query something at the nameserver
+                        # 0=good, other=bad
+                        DNSRESPONSE=`${DIGBINARY} +noall +time=3 +retry=0 @${I} ${I} > /dev/null ; echo $?`
+                        if [ "${DNSRESPONSE}" = "0" ]; then
+                            Display --indent 8 --text "Nameserver: ${I}..." --result OK --color GREEN
+                            logtext "Nameserver ${I} seems to respond to queries from this host."
+                            # Count responsive nameservers
+                            NUMBERACTIVENS=`expr ${NUMBERACTIVENS} + 1`
+                          else
+                            Display --indent 8 --text "Nameserver: ${I}..." --result "NO RESPONSE" --color RED
+                            logtext "Result: nameserver ${I} does NOT respond"
+                            logtext "Exit-code from dig: ${DNSRESPONSE}"
+                            ReportSuggestion ${TEST_NO} "Check connection to this nameserver and make sure no outbound DNS queries are blocked (port 53 UDP and TCP)."
+                            ReportWarning ${TEST_NO} "L" "Nameserver ${I} does not respond"
+                        fi
+                      else
+                        logtext "Result: Nameserver test for ${I} skipped, 'dig' not installed"
+                        Display --indent 6 --text "Nameserver: ${I}... " --result SKIPPED --color YELLOW
+                    fi
+                done
+            fi
+        fi
+    fi
+#
+#################################################################################
+#
+    # Test        : NETW-2705
+    # Description : Basic nameserver configuration tests (connectivity)
+    if [ ${LOCAL_DNSRESOLVER_FOUND} -eq 0  ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
+    Register --test-no NETW-2705 --preqs-met ${PREQS_MET} --weight L --network YES --description "Check availability two nameservers"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        if [ ! "${DIGBINARY}" = "" ]; then
+            if [ ${NUMBERACTIVENS} -lt 2 ]; then
+                Display --indent 4 --text "- Minimal of 2 responsive nameservers..." --result WARNING --color RED
+                logtext "Result: less than 2 responsive nameservers found"
+                ReportWarning ${TEST_NO} "L" "Couldn't find 2 responsive nameservers"
+                logtext "Note: Non responsive nameservers can give problems for your system(s). Like the lack of recursive lookups, bad connectivity to update servers etc."
+                ReportSuggestion ${TEST_NO} "Check your resolv.conf file and fill in a backup nameserver if possible"
+                AddHP 1 2
+              else
+                Display --indent 4 --text "- Minimal of 2 responsive nameservers..." --result OK --color GREEN
+                logtext "Result: found at least 2 responsive nameservers"
+                AddHP 3 3
+            fi
+          else
+            Display --indent 4 --text "- Minimal of 2 responsive nameservers..." --result SKIPPED --color YELLOW
+            logtext "Result: dig not installed, test can't be fully performed"
+        fi
+      else
+        logtext "Result: Test most likely skipped due having local resolver in /etc/resolv.conf"
+    fi
+#
+#################################################################################
+#
+    # Test        : NETW-3001
+    # Description : Find default gateway (route)
+    # More info   : BSD: ^default   Linux: 0.0.0.0
+    Register --test-no NETW-3001 --weight L --network NO --description "Find default gateway (route)"
+    if [ $SKIPTEST -eq 0 ]; then    
+        logtext "Test: Searching default gateway(s)..."
+        FIND=`netstat -rn | egrep "^0.0.0.0|default" | tr -s ' ' | cut -d ' ' -f2`
+        if [ ! "${FIND}" = "" ]; then
+            for I in ${FIND}; do
+                logtext "Result: Found default gateway ${I}"
+                report "default_gateway[]=${I}"
+            done
+            Display --indent 2 --text "- Checking default gateway..." --result DONE --color GREEN
+          else
+            logtext "Result: No default gateway found"
+            Display --indent 2 --text "- Checking default gateway..." --result "NONE FOUND" --color WHITE
+        fi
+    fi
+#
+#################################################################################
+#
+    # Test        : NETW-3004
+    # Description : Find available network interfaces on FreeBSD and others
+    if [ "${OS}" = "DragonFly" -o "${OS}" = "FreeBSD" -o "${OS}" = "NetBSD" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
+    Register --test-no NETW-3004 --preqs-met ${PREQS_MET} --weight L --network NO --description "Search available network interfaces on FreeBSD and others"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        FIND=`${IFCONFIGBINARY} -l`
+        N=0
+        for I in ${FIND}; do
+            logtext "Found network interface: ${I}"
+            N=`expr ${N} + 1`
+            report "network_interface[]=${I}"
+        done
+    fi
+#
+#################################################################################
+#
+    # Test        : NETW-3006
+    # Description : Get network MAC addresses
+    Register --test-no NETW-3006 --weight L --network NO --description "Get network MAC addresses"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        FIND=""
+        case ${OS} in
+            AIX)
+                FIND=`lscfg -vl ent* | fgrep "Network Address" | cut -d"." -f14 | awk '{ ctr=1; i=1; while (ctr <= 6) { d[ctr++]=substr($0,i,2);i=i+2 } printf("%s:%s:%s:%s:%s:%s\n",d[1],d[2],d[3],d[4],d[5],d[6]) }'`
+                ;;
+            DragonFly|FreeBSD)
+                FIND=`${IFCONFIGBINARY} -a | awk '{ if ($1=="ether") print $2 }' | sort | uniq`
+                ;;
+            Linux)
+                FIND=`${IFCONFIGBINARY} -a | grep "HWaddr" | awk '{ if ($4=="HWaddr") print $5 }' | sort | uniq`
+                ;;
+            MacOS)
+                FIND=`${IFCONFIGBINARY} -a | awk '{ if ($1=="lladdr" || $1=="ether") print $2 }' | sort | uniq`
+                ;;
+            NetBSD)
+                FIND=`${IFCONFIGBINARY} -a | awk '{ if ($1=="address:") print $2 }' | sort | uniq`
+                ;;
+            OpenBSD)
+                FIND=`${IFCONFIGBINARY} -A | awk '{ if ($1=="lladdr") print $2 }' | sort | uniq`
+                ;;
+            Solaris)
+                FIND=`${IFCONFIGBINARY} -a | awk '{ if ($1=="ether") print $2 }' | sort | uniq`
+                ;;
+            *)
+                # Having a system currently unsupported? Share your details to determine MAC information
+                ReportException "${TEST_NO}:1" "No support for this OS (${OS}) to find MAC information"
+                ;;
+        esac
+        N=0
+        for I in ${FIND}; do
+            logtext "Found MAC address: ${I}"
+            N=`expr ${N} + 1`
+            report "network_mac_address[]=${I}"
+        done
+    fi
+#
+#################################################################################
+#
+    # Test        : NETW-3008
+    # Description : Get network IPv4/6 addresses
+    Register --test-no NETW-3008 --weight L --network NO --description "Get network IP addresses"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        FIND=""; FIND2=""
+        case ${OS} in
+            AIX)
+                FIND=`${IFCONFIGBINARY} -a | awk '{ if ($1=="inet") print $2 }'`
+                # IPv6 support in AIX? (YYY)
+                ;;
+            DragonFly|FreeBSD|NetBSD)
+                FIND=`${IFCONFIGBINARY} -a | awk '{ if ($1=="inet") print $2 }'`
+                FIND2=`${IFCONFIGBINARY} -a | awk '{ if ($1=="inet6") print $2 }'`
+                ;;
+            Linux)
+                FIND=`${IFCONFIGBINARY} -a | awk '{ if ($1=="inet") print $2 }' | cut -d ':' -f2`
+                # Version which works for multiple types of ifconfig (e.g. Slackware)
+                FIND2=`${IFCONFIGBINARY} -a | awk '{ if ($1=="inet6" && $2=="addr:") { print $3 } else { if ($1=="inet6" && $3=="prefixlen") { print $2 } } }'`
+                ;;
+            MacOS)
+                FIND=`${IFCONFIGBINARY} -a | awk '{ if ($1=="inet") print $2 }'`
+                FIND2=`${IFCONFIGBINARY} -a | awk '{ if ($1=="inet6") print $2 }'`
+                ;;
+            OpenBSD)
+                FIND=`${IFCONFIGBINARY} -A | awk '{ if ($1=="inet") print $2 }'`
+                FIND2=`${IFCONFIGBINARY} -A | awk '{ if ($1=="inet6") print $2 }'`
+                ;;
+            Solaris)
+                FIND=`${IFCONFIGBINARY} -a | awk '{ if ($1=="inet") print $2 }'`
+                FIND2=`${IFCONFIGBINARY} -a | awk '{ if ($1=="inet6") print $2 }'`
+                ;;
+            *)
+                logtext "Warning: no support yet for this OS (${OS}) to find IP address information"
+                ReportException "${TEST_NO}:1" "IP address information test not implemented for this operating system"
+                ;;
+        esac
+        N=0
+        # IPv4
+        for I in ${FIND}; do
+            logtext "Found IPv4 address: ${I}"
+            N=`expr ${N} + 1`
+            report "network_ipv4_address[]=${I}"
+        done
+        # IPv6
+        for I in ${FIND2}; do
+            logtext "Found IPv6 address: ${I}"
+            N=`expr ${N} + 1`
+            report "network_ipv6_address[]=${I}"
+        done
+
+    fi
+#
+#################################################################################
+#
+    # Test        : NETW-3012
+    # Description : Check listening ports
+    Register --test-no NETW-3012 --weight L --network NO --description "Check listening ports"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        FIND=""; FIND2=""
+        N=0
+        case ${OS} in
+            DragonFly|FreeBSD)
+                if [ ! "${SOCKSTATBINARY}" = "" ]; then
+                    FIND=`${SOCKSTATBINARY} | awk '{ if ($7 ~ /\*:\*/) print $5"|"$6"|"$2"|" }' | sort | uniq`
+                    # To strip off IP's: sed 's/|.*:/|/'
+                  else
+                    FIND=""
+                fi
+                FIND2=""
+                ;;
+            Linux)
+                # UDP
+                FIND=`netstat -nlp | grep "^udp" | awk '{ print $4"|"$1"|"$6"|" }' | sed 's:|[0-9]*/:|:'`
+                # TCP
+                FIND2=`netstat -nlp | grep "^tcp" | awk '{ if($6=="LISTEN") { print $4"|"$1"|"$7"|" }}' | sed 's:|[0-9]*/:|:'`
+                ;;
+
+            NetBSD)
+                if [ ! "${SOCKSTATBINARY}" = "" ]; then
+                    FIND=`${SOCKSTATBINARY} | awk '{ if ($7 ~ /\*.\*/) print $5"|"$6"|"$2"|" }' | sort | uniq`
+                  else
+                    FIND=""
+                fi
+                FIND2=""
+                ;;
+            *)
+                # Got this exception? Provide your details and output of netstat or any other tool to determine this information.
+                ReportException "${TEST_NO}:1" "Unclear what method to use, to determine listening port information"
+                ;;
+        esac
+
+        # Retrieve information from sockstat, when available
+        logtext "Test: Retrieving sockstat information to find listening ports..."
+        if [ ! "${FIND}" = "" ]; then
+            for I in ${FIND}; do
+                N=`expr ${N} + 1`
+                logtext "Found listening info: ${I}"
+                report "network_listen_port=${I}"
+            done
+        fi
+
+        if [ ! "${FIND2}" = "" ]; then
+            for I in ${FIND2}; do
+                N=`expr ${N} + 1`
+                logtext "Found listening info: ${I}"
+                report "network_listen_port=${I}"
+            done
+        fi
+        if [ "${FIND}" = "" -a "${FIND2}" = "" ]; then
+             Display --indent 2 --text "- Getting listening ports (TCP/UDP)..." --result SKIPPED --color YELLOW
+           else
+             Display --indent 2 --text "- Getting listening ports (TCP/UDP)..." --result DONE --color GREEN
+             Display --indent 6 --text "* Found ${N} ports"
+        fi
+    fi
+#
+#################################################################################
+#
+    # Test        : NETW-3014
+    # Description : Checking promiscuous interfaces (BSD)
+    # Note        : FreeBSD and others
+    if [ "${OS}" = "DragonFly" -o "${OS}" = "FreeBSD" -o "${OS}" = "NetBSD" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
+    Register --test-no NETW-3014 --preqs-met ${PREQS_MET} --weight L --network NO --description "Checking promiscuous interfaces (BSD)"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        logtext "Test: Checking promiscuous interfaces (FreeBSD)..."
+        FIND=`${IFCONFIGBINARY} | grep PROMISC | cut -d ':' -f1`
+        if [ ! "${FIND}" = "" ]; then
+            logtext "Result: Promiscuous interfaces: ${FIND}"
+            for I in ${FIND}; do
+                ISWHITELISTED=`grep "^if_promisc:${I}:" ${PROFILE}`
+                if [ "${ISWHITELISTED}" = "" ]; then
+                    FOUNDPROMISC=1
+                    ReportWarning ${TEST_NO} "H" "Found promiscuous interface (${I})"
+                    logtext "Note: some tools put an interface into promiscuous mode, to capture/log network traffic"
+                  else
+                    logtext "Result: Found promiscuous interface ${I} (*whitelisted via profile*)"
+                fi
+            done
+        fi
+
+        # Show result
+        if [ ${FOUNDPROMISC} -eq 0 ]; then
+            Display --indent 2 --text "- Checking promiscuous interfaces..." --result OK --color GREEN
+            logtext "Result: No promiscuous interfaces found"
+          else
+            Display --indent 2 --text "- Checking promiscuous interfaces..." --result WARNING --color RED
+        fi
+    fi
+#
+#################################################################################
+#
+    # Test        : NETW-3015
+    # Description : Checking promiscuous interfaces (Linux)
+    # Note        : Linux
+    Register --test-no NETW-3015 --os Linux --weight L --network NO --description "Checking promiscuous interfaces (Linux)"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        logtext "Test: Checking promiscuous interfaces (Linux)"
+        NETWORK=`${IFCONFIGBINARY} | grep Link | tr -s ' ' | cut -d ' ' -f1`
+        if [ ! "${NETWORK}" = "" ]; then
+            for I in ${NETWORK}; do
+                FIND=`${IFCONFIGBINARY} ${I} | grep PROMISC`
+                if [ ! "${FIND}" = "" ]; then
+                    logtext "Result: Promiscuous interface: ${I}"
+                    ISWHITELISTED=`grep "^if_promisc:${I}:" ${PROFILE}`
+                    if [ "${ISWHITELISTED}" = "" ]; then
+                        FOUNDPROMISC=1
+                        ReportWarning ${TEST_NO} "H" "Found promiscuous interface (${I})"
+                        logtext "Note: some tools put an interface into promiscuous mode, to capture/log network traffic"
+                      else
+                        logtext "Result: Found promiscuous interface ${I} (*whitelisted via profile*)"
+                    fi
+                fi
+            done
+        fi
+
+        # Show result
+        if [ ${FOUNDPROMISC} -eq 0 ]; then
+            Display --indent 2 --text "- Checking promiscuous interfaces..." --result OK --color GREEN
+            logtext "Result: No promiscuous interfaces found"
+          else
+            Display --indent 2 --text "- Checking promiscuous interfaces..." --result WARNING --color RED
+        fi
+    fi
+#
+#################################################################################
+#
+    # Test        : NETW-3020
+    # Description : Checking multipath configuration (Solaris)
+#
+#################################################################################
+#
+    # Test        : NETW-3024
+    # Description : Netstat/socktstat compare (FreeBSD)
+    #	    echo -n "        - Comparing output sockstat and netstat... "
+    #	    logtext "Comparing output of sockstat and netstat... "
+    #	    NETSTATOUTPUT=`netstat -an | grep -v 'TIME_WAIT' | grep -v 'ESTABLISHED' | grep -v 'SYN_SENT' | grep -v 'CLOSE_WAIT' | grep -v 'LAST_ACK' | grep -v 'SYN_RECV' | grep -v 'CLOSING' | cut -c 1-44 | grep '*.' | cut -c 24-32 | tr -d ' ' | tr -d '\t' | grep -v '*' | sort | uniq`
+    #
+    #	    if [ "${SOCKSTATOUTPUT}" = "${NETSTATOUTPUT}" ]; then
+    #	        ShowResult OK
+    #	      else
+    #	        echo "[ ${BAD}Warning!${NORMAL} ]"
+    #		logtext "WARNING!"
+    #		logtext "Sockstat tested output: ${SOCKSTAT}"
+    #		logtext "Netstat tested output: ${NETSTAT}"
+    #	    fi
+#
+#################################################################################
+#
+    # Test        : NETW-3028
+    # Description : Checking for many waiting connections
+    # Type        : Performance
+    Register --test-no NETW-3028 --weight L --network NO --description "Checking connections in WAIT state"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        logtext "Test: Using netstat for check for connections in WAIT state..."
+        FIND=`netstat -an | grep WAIT | wc -l | awk '{ print $1 }'`
+        if [ "${OPTIONS_CONN_MAX_WAIT_STATE}" = "" ]; then OPTIONS_CONN_MAX_WAIT_STATE="100"; fi
+        logtext "Result: currently ${FIND} connections are in a waiting state (max configured: ${OPTIONS_CONN_MAX_WAIT_STATE})."
+        if [ ${FIND} -gt ${OPTIONS_CONN_MAX_WAIT_STATE} ]; then
+            Display --indent 2 --text "- Checking waiting connections..." --result WARNING --color YELLOW
+            ReportWarning ${TEST_NO} "H" "Found too much connections in WAIT state (${FIND})"
+          else
+            Display --indent 2 --text "- Checking waiting connections..." --result OK --color GREEN
+            logtext "Result: ${FIND} connections are in WAIT state"
+        fi
+    fi
+#
+#################################################################################
+#
+    # Test        : NETW-3030
+    # Description : Checking for DHCP client
+    Register --test-no NETW-3030 --weight L --network NO --description "Checking DHCP client status"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        IsRunning dhclient
+        if [ ${RUNNING} -eq 1 ]; then
+            Display --indent 2 --text "- Checking status DHCP client..." --result RUNNING --color WHITE
+            #YYY report if system type is server, that it is running with DHCP client, might be a badly configured machine
+            #report "manual[]=System is running DHCP client"
+            DHCP_CLIENT_RUNNING=1
+          else
+            Display --indent 2 --text "- Checking status DHCP client..." --result "NOT ACTIVE" --color WHITE
+        fi
+    fi
+#
+#################################################################################
+#
+    # Test        : NETW-3060
+    # Description : Check if IPv6 is configured AND used
+    # /etc/modprobe.d (add 'install ipv6 /bin/true' if IPv6 isn't used)
+    #  or
+    # aliased (/etc/modprobe.d/aliases?): alias net-pf-10 off ipv6 (to disable)
+    #Register --test-no NETW-3060 --weight L --network NO --description "Checking IPv6 connectivity"
+    #if [ ${SKIPTEST} -eq 0 ]; then
+#
+#################################################################################
+#
+# Linux: net.ipv4.ip_always_defrag
+#
+#################################################################################
+#
+
+report "dhcp_client_running=${DHCP_CLIENT_RUNNING}"
+wait_for_keypress
+
+#
+#================================================================================
+# Lynis - Copyright 2007-2014, Michael Boelen - www.rootkit.nl - The Netherlands
diff --git a/include/tests_php b/include/tests_php
new file mode 100644
index 00000000..fcb582a2
--- /dev/null
+++ b/include/tests_php
@@ -0,0 +1,281 @@
+#!/bin/sh
+
+#################################################################################
+#
+#   Lynis
+# ------------------
+#
+# Copyright 2007-2014, Michael Boelen (michael@rootkit.nl), The Netherlands
+# Web site: http://www.rootkit.nl
+#
+# Lynis comes with ABSOLUTELY NO WARRANTY. This is free software, and you are
+# welcome to redistribute it under the terms of the GNU General Public License.
+# See LICENSE file for usage of this software.
+#
+#################################################################################
+#
+# Software: PHP
+#
+#################################################################################
+#
+    InsertSection "Software: PHP"
+
+    # Possible locations of php.ini
+    PHPINILOCS="/etc/php.ini \
+                /etc/php/cgi-php5/php.ini /etc/php/cli-php5/php.ini /etc/php/apache2-php5/php.ini \
+                /etc/php/apache2-php5.4/php.ini /etc/php/apache2-php5.5/php.ini \
+                /etc/php5/cgi/php.ini \
+                /etc/php5/cli/php.ini \
+                /etc/php5/cli-php5.4/php.ini /etc/php5/cli-php5.5/php.ini /etc/php5/cli-php5.6/php.ini \
+                /etc/php5/apache2/php.ini \
+                /private/etc/php.ini \
+                /var/www/conf/php.ini \
+                /usr/local/etc/php.ini /usr/local/lib/php.ini"
+
+    PHPINIDIRS="/etc/php5/conf.d"
+#
+#################################################################################
+#
+    # Test        : PHP-2211
+    # Description : Check php.ini presence
+    Register --test-no PHP-2211 --weight L --network NO --description "Check php.ini presence"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        logtext "Test: Checking for presence php.ini"
+        PHPINIFILE=""
+        PHPINI_ALLFILES=""
+        for I in ${PHPINILOCS}; do
+            logtext "Test: checking presence ${I}"
+            if [ -f ${I} ]; then
+                PHPINIFILE=${I}
+                logtext "Result: Found php.ini file (${PHPINIFILE})"
+                logtext "Note: Adding file to php.ini array"
+                PHPINI_ALLFILES="${PHPINI_ALLFILES} ${PHPINIFILE}"
+              else
+                logtext "Result: file ${I} not found"
+            fi
+        done
+
+        # Check all known locations
+        for I in ${PHPINIDIRS}; do
+            tFILES=`ls ${I}/*.ini 2>/dev/null`
+            if [ "${tFILES}" = "" ]; then
+                logtext "Result: no files found for ${I}"
+              else
+                logtext "Result: found files in location ${I}, checking.."
+                for I in ${tFILES}; do
+                  if [ -f ${I} ]; then
+                    logtext "Result: file ${I} exists, adding to php.ini array"
+                    PHPINI_ALLFILES="${PHPINI_ALLFILES} ${I}"
+                  fi
+                done
+            fi
+        done
+
+        if [ ! "${PHPINIFILE}" = "" ]; then
+            Display --indent 2 --text "- Checking PHP..." --result "FOUND" --color GREEN
+            logtext "Result: using single file ${PHPINIFILE} for main php.ini tests"
+            logtext "Result: using php.ini array ${PHPINI_ALLFILES} for further tests"
+          else
+            Display --indent 2 --text "- Checking PHP..." --result "NOT FOUND" --color WHITE
+            logtext "Result: no php.ini file found"
+        fi
+    fi
+#
+#################################################################################
+#
+    # Test        : PHP-2320
+    # Description : Check php disable functions option
+    if [ ! "${PHPINI_ALLFILES}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
+    Register --test-no PHP-2320 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check PHP disabled functions"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        FOUND=0
+        for I in ${PHPINI_ALLFILES}; do
+            logtext "Test: Checking for PHP function hardening disabled_functions or suhosin.executor.func.blacklist in file ${I}"
+            FIND=`grep "^disable_functions.*=" ${I}`
+            if [ "${FIND}" = "" ]; then
+              logtext "Result: ${I}: disabled_functions not found"
+            else
+              logtext "Result: ${I}: found disabled_functions"
+              FOUND=1
+            fi
+
+            FIND=`grep "^suhosin.executor.func.blacklist=" ${I}`
+            if [ "${FIND}" = "" ]; then
+              logtext "Result: ${I}: suhosin.executor.func.blacklist not found"
+            else
+              logtext "Result: ${I}: found suhosin.executor.func.blacklist"
+              FOUND=1
+            fi
+        done
+        if [ ${FOUND} -eq 0 ]; then
+            logtext "Result: all PHP functions can be executed"
+            Display --indent 4 --text "- Checking PHP disabled functions..." --result "NONE" --color YELLOW
+            ReportSuggestion ${TEST_NO} "Harden PHP by disabling risky functions"
+            logtext "Functions of interest to research/disable: chown, diskfreespace, disk_free_space, disk_total_space, dl, exec, escapeshellarg, escapeshellcmd, fileinode, highlight_file, max_execution_time, passthru, pclose, phpinfo, popen, proc_close, proc_open, proc_get_status, proc_nice, proc_open, proc_terminate, set_time_limit, shell_exec, show_source, system)"
+            AddHP 0 1
+          else
+            logtext "Result: one or more PHP functions are disabled/blacklisted"
+            Display --indent 4 --text "- Checking PHP disabled functions..." --result "FOUND" --color GREEN
+            AddHP 3 3
+        fi
+    fi
+#
+#################################################################################
+#
+    # Test        : PHP-2368
+    # Description : Check php register_globals option
+    # Notes       : Don't test for it if PHP version is 5.4.0 or later (it has been removed)
+    if [ ! "${PHPINIFILE}" = "" -a ! "${PHPVERSION}" = "" ]; then
+       FIND=`echo ${PHPVERSION} | ${EGREPBINARY} "^(4.|5.[0-3])"`
+       if [ "${FIND}" = "" ]; then
+           PREQS_MET="NO"; Debug "Found most likely PHP version 5.4.0 or higher (${PHPVERSION}) which does not use register_globals"
+         else
+           PREQS_MET="YES"; Debug "Found PHP version 4 or up to 5.3 (${FIND}) which we are going to scan"
+        fi
+     else
+       Debug "Skipping test: php.ini not found, or PHP version empty"
+       Debug "php.ini: ${PHPINIFILE}"
+       Debug "version: ${PHPVERSION}"
+    fi
+    Register --test-no PHP-2368 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check PHP register_globals option"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        logtext "Test: Checking PHP register_globals option.."
+        FIND=`cat ${PHPINIFILE} | egrep -i 'register_globals.*(on|yes|1)' | grep -v '^;'`
+        if [ ! "${FIND}" = "" ]; then
+            Display --indent 4 --text "- Checking register_globals option..." --result WARNING --color RED
+            ReportWarning ${TEST_NO} "M" "PHP option register_globals option is turned on, which can be a risk for variable value overwriting"
+            ReportSuggestion ${TEST_NO} "Change the register_globals line to: register_globals = Off"
+            logtext "Result: register_globals option is turned on, which can be a risk for variable value overwriting."
+            AddHP 1 2
+          else
+            Display --indent 4 --text "- Checking register_globals option..." --result OK --color GREEN
+            logtext "Result: No 'register_globals' found. Most likely it is in disabled state (0, no, or off), which is the default nowadays and considered the safe value."
+            ReportManual ${TEST_NO}:01
+            AddHP 2 2
+        fi
+    fi
+#
+#################################################################################
+#
+    # Test        : PHP-2372
+    # Description : Check php expose_php option
+    # Notes       : Extend test to check all PHP files YYY
+    if [ ! "${PHPINIFILE}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
+    Register --test-no PHP-2372 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check PHP expose_php option"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        logtext "Test: Checking expose_php option.."
+        FIND=`cat ${PHPINIFILE} | egrep -i 'expose_php.*(off|no|0)' | grep -v '^;'`
+        if [ "${FIND}" = "" ]; then
+            Display --indent 4 --text "- Checking expose_php option..." --result ON --color RED
+            ReportWarning ${TEST_NO} "M" "PHP option expose_php is possibly turned on, which can reveal useful information for attackers."
+            ReportSuggestion ${TEST_NO} "Change the expose_php line to: expose_php = Off"
+            report "Result: expose_php option is turned on, which can expose useful information for an attacker"
+            AddHP 1 2
+          else
+            Display --indent 4 --text "- Checking expose_php option..." --result OFF --color GREEN
+            logtext "Result: Found 'expose_php' in disabled state (0, no, or off)"
+            AddHP 2 2
+        fi
+        #YYY Check through all files
+    fi
+#
+#################################################################################
+#
+    # Test        : PHP-2374
+    # Description : Check PHP enable_dl option
+    # Notes       : Extend test to check all PHP files YYY
+    if [ ! "${PHPINIFILE}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
+    Register --test-no PHP-2374 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check PHP enable_dl option"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        logtext "Test: Checking PHP enable_dl option.."
+        FIND=`cat ${PHPINIFILE} | egrep -i 'enable_dl.*(off|no|0)' | grep -v '^;'`
+        if [ "${FIND}" = "" ]; then
+            Display --indent 4 --text "- Checking enable_dl option..." --result ON --color YELLOW
+            report "Result: enable_dl option is turned on, which can be used for riskful downloads via PHP"
+            ReportSuggestion ${TEST_NO} "Change the enable_dl line to: enable_dl = Off, to disable downloads via PHP"
+            AddHP 0 1
+          else
+            Display --indent 4 --text "- Checking enable_dl option..." --result OFF --color GREEN
+            logtext "Result: Found 'enable_dl' in disabled state (0, no, or off)"
+            AddHP 2 2
+        fi
+        #YYY Check through all files
+    fi
+#
+#################################################################################
+#
+    # Test        : PHP-2376
+    # Description : Check PHP allow_url_fopen option
+    # Notes       : Extend test to check all PHP files YYY
+    if [ ! "${PHPINIFILE}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
+    Register --test-no PHP-2376 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check PHP allow_url_fopen option"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        logtext "Test: Checking PHP allow_url_fopen option.."
+        FIND=`cat ${PHPINIFILE} | egrep -i 'allow_url_fopen.*(off|no|0)' | grep -v '^;'`
+        if [ "${FIND}" = "" ]; then
+            Display --indent 4 --text "- Checking allow_url_fopen option..." --result ON --color YELLOW
+            report "Result: allow_url_fopen option is turned on, which can be used for riskful downloads via PHP"
+            ReportSuggestion ${TEST_NO} "Change the allow_url_fopen line to: allow_url_fopen = Off, to disable downloads via PHP"
+            AddHP 0 1
+          else
+            Display --indent 4 --text "- Checking allow_url_fopen option..." --result OFF --color GREEN
+            logtext "Result: Found 'allow_url_fopen' in disabled state (0, no, or off)"
+            AddHP 2 2
+        fi
+        #YYY Check through all files
+    fi
+#
+#################################################################################
+#
+    # Test        : PHP-2378
+    # Description : Check PHP allow_url_include option
+    # Notes       : Extend test to check all PHP files YYY
+    if [ ! "${PHPINIFILE}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
+    Register --test-no PHP-2378 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check PHP allow_url_include option"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        logtext "Test: Checking PHP allow_url_include option.."
+        FIND=`cat ${PHPINIFILE} | egrep -i 'allow_url_include.*(off|no|0)' | grep -v '^;'`
+        if [ "${FIND}" = "" ]; then
+            Display --indent 4 --text "- Checking allow_url_include option..." --result ON --color YELLOW
+            report "Result: allow_url_include option is turned on, which can be used for riskful downloads via PHP"
+            ReportSuggestion ${TEST_NO} "Change the allow_url_include line to: allow_url_include = Off, to disable downloads via PHP"
+            AddHP 0 1
+          else
+            Display --indent 4 --text "- Checking allow_url_include option..." --result OFF --color GREEN
+            logtext "Result: Found 'allow_url_include' in disabled state (0, no, or off)"
+            AddHP 2 2
+        fi
+        #YYY Check through all files
+    fi
+#
+#################################################################################
+#
+# Disable/use functions:
+# safe_mode (only for PHP5?)
+# open_basedir (limits access to defined directory, comparable with chrooting)
+# disable_classes
+# session.save_path
+# session.referer_check
+# upload_tmp_dir
+# file_uploads Off, if possible
+# Set display_errors to Off
+# Set log_errors to On and define error_log (with value Syslog or a filename)
+#
+#################################################################################
+#
+    # mod_suexec
+    # suPHP (/etc/suphp.conf)
+#
+#################################################################################
+#
+    # Test        : PHP-2388
+    # Description : Check php version number
+#
+#################################################################################
+#
+
+wait_for_keypress
+
+#
+#================================================================================
+# Lynis - Copyright 2007-2014, Michael Boelen - www.rootkit.nl - The Netherlands
diff --git a/include/tests_ports_packages b/include/tests_ports_packages
new file mode 100644
index 00000000..96ff5eb7
--- /dev/null
+++ b/include/tests_ports_packages
@@ -0,0 +1,797 @@
+#!/bin/sh
+
+#################################################################################
+#
+#   Lynis
+# ------------------
+#
+# Copyright 2007-2014, Michael Boelen (michael@rootkit.nl), The Netherlands
+# Web site: http://www.rootkit.nl
+#
+# Lynis comes with ABSOLUTELY NO WARRANTY. This is free software, and you are
+# welcome to redistribute it under the terms of the GNU General Public License.
+# See LICENSE file for usage of this software.
+#
+#################################################################################
+#
+# Ports and packages
+#
+#################################################################################
+#
+    InsertSection "Ports and packages"
+    PACKAGE_MGR_PKG=0
+    PKG_AUDIT_TOOL_FOUND=0
+#
+#################################################################################
+#
+    Display --indent 2 --text "- Searching package managers..."
+
+    # Test        : PKGS-7301
+    # Description : Query FreeBSD pkg
+    if [ -x /usr/sbin/pkg ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
+    Register --test-no PKGS-7301 --preqs-met ${PREQS_MET} --weight L --network NO --description "Query NetBSD pkg"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        FIND=`pkg -N 2>&1; echo $?`
+        if [ "${FIND}" = "0" ]; then
+            Display --indent 4 --text "- Searching packages with pkg..." --result FOUND --color GREEN
+            report "package_manager[]=pkg"
+            PACKAGE_MGR_PKG=1
+            #logtext "Result: Found pkg"
+            #logtext "Test: Querying pkg to get package list..."
+            #Display --indent 6 --text "- Querying pkg for installed packages..."
+            #logtext "Output:"; logtext "-----"
+            #SPACKAGES=`/usr/sbin/pkg_info 2>&1 | sort | tr -s ' ' | cut -d ' ' -f1 | sed -e 's/^\(.*\)-\([0-9].*\)$/\1,\2/g'`
+            #for J in ${SPACKAGES}; do
+            #    sPKG_NAME=`echo ${J} | cut -d ',' -f1`
+            #    sPKG_VERSION=`echo ${J} | cut -d ',' -f2`
+            #    logtext "Installed package: ${sPKG_NAME} (version: ${sPKG_VERSION})"
+            #    report "installed_package[]=${sPKG_NAME}|${sPKG_VERSION}|"
+            #done
+          else
+            Display --indent 4 --text "- Searching pkg..." --result "NOT INSTALLED" --color YELLOW
+        fi
+    fi
+#
+#################################################################################
+#
+    # Test        : PKGS-7302
+    # Description : Query FreeBSD/NetBSD pkg_info
+    if [ -x /usr/sbin/pkg_info ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
+    Register --test-no PKGS-7302 --preqs-met ${PREQS_MET} --weight L --network NO --description "Query FreeBSD/NetBSD pkg_info"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        N=0
+        Display --indent 4 --text "- Checking pkg_info..." --result FOUND --color GREEN
+        logtext "Result: Found pkg_info"
+        report "package_manager[]=pkg_info"
+        logtext "Test: Querying pkg_info to get package list..."
+        Display --indent 6 --text "- Querying pkg_info for installed packages..."
+        logtext "Output:"; logtext "-----"
+        SPACKAGES=`/usr/sbin/pkg_info 2>&1 | sort | tr -s ' ' | cut -d ' ' -f1 | sed -e 's/^\(.*\)-\([0-9].*\)$/\1,\2/g'`
+        for J in ${SPACKAGES}; do
+            N=`expr ${N} + 1`
+            sPKG_NAME=`echo ${J} | cut -d ',' -f1`
+            sPKG_VERSION=`echo ${J} | cut -d ',' -f2`
+            logtext "Installed package: ${sPKG_NAME} (version: ${sPKG_VERSION})"
+            report "installed_package[]=${sPKG_NAME}|${sPKG_VERSION}|"
+        done
+        report "installed_packages=${N}"
+    fi
+#
+#################################################################################
+#
+# Temporary disabled due false positives
+# Packages like docbook, gcc, automake report multiple installed versions
+#    # Test        : PKGS-7303
+#    # Description : Query FreeBSD pkg_info
+#    if [ -x /usr/sbin/pkg_info ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
+#    Register --test-no PKGS-7303 --preqs-met ${PREQS_MET} --weight L --network NO --description "Query FreeBSD for double installed packages"
+#    if [ ${SKIPTEST} -eq 0 ]; then    
+#	SDOUBLEINSTALLED=`pkg_info | sort | sed -e 's/-[0-9].*$//' | uniq -c | grep -v '^[[:space:]]*1' | tr -s ' ' | cut -d ' ' -f3`
+#	if [ "${SDOUBLEINSTALLED}" = "" ]; then
+#	    Display --indent 6 --text "- Querying pkg_info for double installed packages..." --result OK --color GREEN	
+#	    logtext "Ok, no packages show up twice or more in the package listing."
+#	  else
+#	    Display --indent 6 --text "- Querying pkg_info for double installed packages..." --result WARNING --color RED
+#	    for J in ${SDOUBLEINSTALLED}; do
+#	        ReportWarning ${TEST_NO} "M" "Found probably incorrect installed package (${J})"
+#		logtext "This package ${J} is visible twice or more in the pkg_info listing."
+#		ReportSuggestion ${TEST_NO} "(FreeBSD) run pkgdb -F and check this manually."
+#	        ReportSuggestion ${TEST_NO} "(OpenBSD) check dependencies to see if one of the double "
+#		logtext "installed packages is unneeded."
+#		report "double_installed_package[]=${J}"
+#	    done
+#	fi
+#      else
+#        Display --indent 4 --text "- Searching pkg_info..." --result "NOT FOUND" --color WHITE
+#	logtext "Result: pkg_info can NOT be found on this system"
+#    fi    
+#
+#################################################################################
+#
+    # Test        : PKGS-7306
+    # Description : Solaris packages
+    if [ -x /usr/bin/pkginfo ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
+    Register --test-no PKGS-7306 --os Solaris --preqs-met ${PREQS_MET} --weight L --network NO --description "Querying Solaris packages"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        Display --indent 4 --text "- Searching pkginfo..." --result FOUND --color GREEN
+            logtext "Result: Found Solaris pkginfo"
+            report "package_manager[]=pkginfo"
+            logtext "Test: Querying pkginfo to get package list"
+            Display --indent 4 --text "- Querying pkginfo for installed packages..."
+            logtext "Output:"; logtext "-----"
+            # Strip SUNW from strings
+            SPACKAGES=`/usr/bin/pkginfo -i | tr -s ' ' | cut -d ' ' -f2 | sed "s#^SUNW##"`
+            for J in ${SPACKAGES}; do
+                logtext "Found package ${J}"
+                report "installed_package[]=${J}||"
+            done
+      else
+        logtext "Result: pkginfo can NOT be found on this system"
+    fi
+#
+#
+#################################################################################
+#
+    # Test        : PKGS-7308
+    # Description : RPM package based systems
+    if [ ! "${RPMBINARY}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
+    Register --test-no PKGS-7308 --preqs-met ${PREQS_MET} --weight L --network NO --description "Checking package list with RPM"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        N=0
+        Display --indent 4 --text "- Searching RPM package manager..." --result FOUND --color GREEN
+        logtext "Result: Found rpm binary (${RPMBINARY})"
+        report "package_manager[]=rpm"
+        logtext "Test: Querying 'rpm -qa' to get package list"
+        Display --indent 6 --text "- Querying RPM package manager..."
+        logtext "Output:"; logtext "--------"
+        SPACKAGES=`${RPMBINARY} -qa | sort`
+        if [ "${SPACKAGES}" = "" ]; then
+            logtext "Result: RPM binary available, but package list seems to be empty"
+            logtext "Info: looks like the rpm binary is installed, but not used for package installation"
+          else
+            for J in ${SPACKAGES}; do
+                N=`expr ${N} + 1`
+                logtext "Found package: ${J}"
+                report "installed_package[]=${J}||"
+            done
+            report "installed_packages=${N}"
+
+        fi
+      else
+        logtext "Result: RPM binary NOT found on this system, test skipped"
+    fi
+#
+#################################################################################
+#
+    # Test        : PKGS-7310
+    # Description : pacman package based systems
+    if [ ! "${PACMANBINARY}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
+    Register --test-no PKGS-7310 --preqs-met ${PREQS_MET} --weight L --network NO --description "Checking package list with pacman"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        N=0
+        Display --indent 4 --text "- Searching pacman package manager..." --result FOUND --color GREEN
+        logtext "Result: Found pacman binary (${PACMANBINARY})"
+        report "package_manager[]=pacman"
+        logtext "Test: Querying 'pacman -Q' to get package list"
+        Display --indent 6 --text "- Querying pacman package manager..."
+        logtext "Output:"; logtext "--------"
+        SPACKAGES=`${PACMANBINARY} -Q | sort | sed 's/ /,/g'`
+        if [ "${SPACKAGES}" = "" ]; then
+            logtext "Result: pacman binary available, but package list seems to be empty"
+            logtext "Info: looks like the pacman binary is installed, but not used for package installation"
+            #YYY ReportException?
+          else
+            for J in ${SPACKAGES}; do
+                N=`expr ${N} + 1`
+                PACKAGE_NAME=`echo ${J} | awk -F, '{ print $1 }'`
+                PACKAGE_VERSION=`echo ${J} | awk -F, '{ print $2 }'`
+                logtext "Found package: ${PACKAGE_NAME} (version: ${PACKAGE_VERSION})"
+                report "installed_package[]=${PACKAGE_NAME}|${PACKAGE_VERSION}|"
+            done
+            report "installed_packages=${N}"
+
+        fi
+      else
+        logtext "Result: pacman binary NOT found on this system, test skipped"
+    fi
+#
+#################################################################################
+#
+    # Test        : PKGS-7312
+    # Description : HP-UX packages
+    # Notes       : swlist -l fileset (|grep patch) / print_manifest
+#
+#################################################################################
+#
+    # Test        : PKGS-7316
+    # Description : AIX patches
+    # Notes       : /usr/sbin/instfix -c -i | cut -d":" -f1
+#
+#################################################################################
+#
+    # Test        : PKGS-7328
+    # Description : Check installed packages with Zypper
+    if [ ! "${ZYPPERBINARY}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
+    Register --test-no PKGS-7328 --preqs-met ${PREQS_MET} --weight L --network NO --description "Querying Zypper for installed packages"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        N=0
+        FIND=`${ZYPPERBINARY} se -i | awk '{ if ($1=="i") { print $3 } }'`
+        if [ ! "${FIND}" = "" ]; then
+            for I in ${FIND}; do
+                N=`expr ${N} + 1`
+                logtext "Installed package: ${I}"
+                report "installed_package[]=${I}|-|"
+            done
+            report "installed_packages=${N}"
+          else
+            # Could not find any installed packages
+            ReportException ${TEST_NO} "No installed packages found with Zypper"
+        fi
+    fi
+#
+#################################################################################
+#
+    # Test        : PKGS-7330
+    # Description : Check vulnerable packages with Zypper
+    if [ ! "${ZYPPERBINARY}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
+    Register --test-no PKGS-7330 --preqs-met ${PREQS_MET} --weight L --network NO --description "Querying Zypper for vulnerable packages"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        FIND=`${ZYPPERBINARY} lp | ${AWKBINARY} '{ if ($7=="security") { if ($11=="update") { print $13 } else { print $11 } } }' | sed 's/:$//' | grep -v "^$" | sort | uniq`
+            if [ "${FIND}" = "" ]; then
+                logtext "Result: No security updates found with Zypper"
+                Display --indent 2 --text "- Using Zypper to obtain vulnerabile packages" --result NONE --color GREEN
+              else
+                Display --indent 2 --text "- Using Zypper to obtain vulnerabilities" --result WARNING --color RED
+                logtext "Result: Zypper found one or more installed packages which are vulnerable."
+                ReportWarning ${TEST_NO} "H" "Found one or more vulnerable packages installed"
+                logtext "List of vulnerable packages/version:"
+                for I in ${FIND}; do
+                    report "vulnerable_package[]=${I}"
+                    logtext "Vulnerable package: ${I}"
+                    # Decrease hardening points for every found vulnerable package
+                    AddHP 1 2
+                done
+            fi
+    fi
+#
+#################################################################################
+#
+    # Test        : PKGS-7345
+    # Description : Debian package based systems (dpkg)
+    if [ -x /usr/bin/dpkg ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
+    Register --test-no PKGS-7345 --preqs-met ${PREQS_MET} --weight L --network NO --description "Querying dpkg"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        N=0
+        Display --indent 4 --text "- Searching dpkg package manager" --result FOUND --color GREEN
+        logtext "Result: Found dpkg binary"
+        report "package_manager[]=dpkg"
+        logtext "Test: Querying dpkg -l to get package list"
+        Display --indent 6 --text "- Querying package manager..."
+        logtext "Output:"
+        SPACKAGES=`dpkg -l 2>/dev/null | grep "^ii" | tr -s ' ' | tr ' ' '#' | sort`
+        for J in ${SPACKAGES}; do
+            N=`expr ${N} + 1`
+            PACKAGE_NAME=`echo ${J} | cut -d '#' -f2`
+            PACKAGE_VERSION=`echo ${J} | cut -d '#' -f3`
+            logtext "Found package: ${PACKAGE_NAME} (version: ${PACKAGE_VERSION})"
+            report "installed_package[]=${PACKAGE_NAME}|${PACKAGE_VERSION}|"
+        done
+        report "installed_packages=${N}"
+      else
+        logtext "Result: dpkg can NOT be found on this system, test skipped"
+    fi
+#
+#################################################################################
+#
+    # Test        : PKGS-7346
+    # Description : Check packages which are removed, but still own configuration files, cron jobs etc
+    # Notes       : Cleanup: for pkg in `dpkg -l | grep "^rc" | cut -d' ' -f3`; do aptitude purge ${pkg}; done
+    if [ -x /usr/bin/dpkg ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
+    Register --test-no PKGS-7346 --preqs-met ${PREQS_MET} --weight L --network NO --description "Search unpurged packages on system"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        N=0
+        logtext "Test: Querying dpkg -l to get unpurged packages"
+        SPACKAGES=`dpkg -l 2>/dev/null | grep "^rc" | cut -d ' ' -f3 | sort`
+        if [ "${SPACKAGES}" = "" ]; then
+            Display --indent 4 --text "- Query unpurged packages" --result NONE --color GREEN
+            logtext "Result: no packages found with left overs"
+          else
+            Display --indent 4 --text "- Query unpurged packages" --result FOUND --color YELLOW
+            logtext "Result: found one or more packages with left over configuration files, cron jobs etc"
+            logtext "Output:"
+            for J in ${SPACKAGES}; do
+                N=`expr ${N} + 1`
+                logtext "Found unpurged package: ${J}"
+            done
+            ReportSuggestion ${TEST_NO} "Purge old/removed packages (${N} found) with aptitude purge or dpkg --purge command. This will cleanup old configuration files, cron jobs and startup scripts."
+        fi
+      else
+        logtext "Result: dpkg can NOT be found on this system, test skipped"
+    fi
+#
+#################################################################################
+
+    # Test        : PKGS-7348
+    # Description : Show unneeded distfiles if present
+    # Notes       : Portsclean seems to be gone from the ports, so no suggestion or warning is
+    #               issued when it's missing.
+    #               Add portmaster --clean-distfiles-all
+    Register --test-no PKGS-7348 --os FreeBSD --weight L --network NO --description "Check for old distfiles"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        if [ -x /usr/local/sbin/portsclean ]; then
+            FIND=`/usr/local/sbin/portsclean -n -DD | grep 'Delete' | wc -l | tr -d ' '`
+            if [ ${FIND} -eq 0 ]; then
+                Display --indent 2 --text "- Checking presence old distfiles" --result OK --color GREEN
+                logtext "Result: no unused distfiles found"
+              else
+                Display --indent 2 --text "- Checking presence old distfiles" --result WARNING --color YELLOW
+                logtext "Result: found ${FIND} unused distfiles"
+                ReportSuggestion ${TEST_NO} "Unused distfiles found. Use portsclean to delete these files. For example: portsclean -DD."
+            fi
+        fi
+    fi
+#
+#################################################################################
+#
+    # Test        : PKGS-7378
+    # Description : Query FreeBSD portmaster for available port upgrades
+    if [ -x /usr/local/sbin/portmaster ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
+    Register --test-no PKGS-7378 --preqs-met ${PREQS_MET} --weight L --network NO --description "Query portmaster for port upgrades"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        N=0
+        logtext "Test: Querying portmaster for possible port upgrades"
+        UPACKAGES=`/usr/local/sbin/portmaster -L | grep "version available" | awk '{ print $5 }'`
+        for J in ${UPACKAGES}; do
+            N=`expr ${N} + 1`
+            logtext "Upgrade available (new version): ${J}"
+            report "upgrade_available[]=${J}"
+        done
+        report "upgrade_available_count=${N}"
+        if [ ${N} -eq 0 ]; then
+            logtext "Result: no upgrades found"
+            Display --indent 2 --text "- Checking portmaster for updates" --result NONE --color GREEN
+          else
+            Display --indent 2 --text "- Checking portmaster for updates" --result FOUND --color YELLOW
+        fi
+    fi
+#
+#################################################################################
+#
+    # Test        : PKGS-7380
+    # Description : Check for vulnerable NetBSD packages (with pkg_admin)
+    Register --test-no PKGS-7381 --os NetBSD --weight L --network NO --description "Check for vulnerable NetBSD packages"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        if [ -x /usr/sbin/pkg_admin ]; then
+            FIND=`/usr/sbin/pkg_admin audit`
+            PKG_AUDIT_TOOL_FOUND=1
+            PKG_AUDIT_TOOL="pkg_admin audit"
+            if [ "${FIND}" = "" ]; then
+                logtext "Result: pkg audit results are clean"
+                Display --indent 2 --text "- Checking pkg_admin audit to obtain vulnerable packages" --result NONE --color GREEN
+                AddHP 2 2
+            else
+                Display --indent 2 --text "- Checking pkg_admin audit to obtain vulnerable packages" --result WARNING --color RED
+                logtext "Result: pkg_admin audit found one or more installed packages which are vulnerable."
+                ReportWarning ${TEST_NO} "M" "Found one or more vulnerable packages."
+                logtext "List of vulnerable packages/version:"
+                for I in `/usr/sbin/pkg_admin audit | awk '{ print $2 }' | sort | uniq`; do
+                    report "vulnerable_package[]=${I}"
+                    logtext "Vulnerable package: ${I}"
+                    # Decrease hardening points for every found vulnerable package
+                    AddHP 1 2
+                done
+            fi
+          else
+            Display --indent 2 --text "- pkg_admin audit not installed" --result "NOT FOUND" --color WHITE
+            logtext "Result: pkg_admin audit not installed, skipping this vulnerability test."
+        fi
+    fi
+#
+#################################################################################
+#
+    # Test        : PKGS-7381
+    # Description : Check for vulnerable FreeBSD packages (with pkg)
+    Register --test-no PKGS-7381 --os FreeBSD --weight L --network NO --description "Check for vulnerable FreeBSD packages"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        if [ -x /usr/sbin/pkg ]; then
+            FIND=`/usr/sbin/pkg audit | grep 'problem(s) in your installed packages found' | grep -v '0 problem(s) in your installed packages found'`
+            PKG_AUDIT_TOOL_FOUND=1
+            PKG_AUDIT_TOOL="pkg audit"
+            if [ "${FIND}" = "" ]; then
+                logtext "Result: pkg audit results are clean"
+                Display --indent 2 --text "- Checking pkg audit to obtain vulnerable packages" --result NONE --color GREEN
+              # Don't check yet, output of found vulnerable packages unclear (YYY)
+              else
+                logtext "Result: ${FIND}"
+                #Display --indent 2 --text "- Checking pkg audit to obtain vulnerable packages..." --result WARNING --color RED
+                #logtext "Result: pkg audit found one or more installed packages which are vulnerable."
+                #ReportWarning ${TEST_NO} "M" "Found one or more vulnerable packages."
+                #ReportSuggestion ${TEST_NO} "Update your system with portupgrade or other tools"
+                #logtext "List of vulnerable packages/version:"
+                #for I in `/usr/sbin/pkg audit -F | grep "Affected package" | cut -d ' ' -f3 | sort | uniq`; do
+                #    report "vulnerable_package[]=${I}"
+                #    logtext "Vulnerable package: ${I}"
+                #    # Decrease hardening points for every found vulnerable package
+                #    AddHP 1 2
+                #done
+            fi
+          else
+            Display --indent 2 --text "- pkg audit not installed" --result "NOT FOUND" --color WHITE
+            logtext "Result: pkg audit not installed, skipping this vulnerability test."
+        fi
+    fi
+#
+#################################################################################
+#
+    # Test        : PKGS-7382
+    # Description : Check for vulnerable FreeBSD packages
+    Register --test-no PKGS-7382 --os FreeBSD --weight L --network NO --description "Check for vulnerable FreeBSD packages"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        if [ -x /usr/local/sbin/portaudit ]; then
+            PKG_AUDIT_TOOL_FOUND=1
+            FIND=`/usr/local/sbin/portaudit | grep 'problem(s) in your installed packages found' | grep -v '0 problem(s) in your installed packages found'`
+            if [ "${FIND}" = "" ]; then
+                logtext "Result: Portaudit results are clean"
+                Display --indent 2 --text "- Checking portaudit to obtain vulnerabile packages" --result NONE --color GREEN
+              else
+                Display --indent 2 --text "- Checking portaudit to obtain vulnerabilities" --result WARNING --color RED
+                logtext "Result: Portaudit found one or more installed packages which are vulnerable."
+                ReportWarning ${TEST_NO} "M" "Found one or more vulnerable packages."
+                ReportSuggestion ${TEST_NO} "Update your system with portupgrade or other tools"
+                logtext "List of vulnerable packages/version:"
+                for I in `/usr/local/sbin/portaudit | grep "Affected package" | cut -d ' ' -f3 | sort | uniq`; do
+                    report "vulnerable_package[]=${I}"
+                    logtext "Vulnerable package: ${I}"
+                    # Decrease hardening points for every found vulnerable package
+                    AddHP 1 2
+                done
+            fi
+          else
+            # Don't advice portaudit anymore, as pkg audit is the replacement (pkgng)
+            logtext "Result: Portaudit not installed, can't perform vulnerability test."
+        fi
+    fi
+#
+#################################################################################
+#
+    # Test        : PKGS-7383
+    # Description : Check for YUM package Update management
+    if [ ! "${YUMBINARY}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
+    Register --test-no PKGS-7383 --preqs-met ${PREQS_MET} --os Linux --weight M --network NO --description "Check for YUM package Update management"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        logtext "Test: YUM package update management"
+        sFIND=`${YUMBINARY} repolist 2>/dev/null | grep repolist | sed 's/ //g' | sed 's/[,.]//g' | awk -F ":" '{print $2}'`
+        if [ "$(echo ${sFIND} | egrep "^[0-9]+$")" -a "${sFIND}" = "0" ]; then
+          logtext "Result: YUM package update management failed"
+          Display --indent 2 --text "- Checking YUM package management consistency" --result WARNING --color RED
+          ReportWarning ${TEST_NO} "M" "YUM is not properly configured or registered for this platform (no repolist found)"
+          #ReportSuggestion ${TEST_NO} "Check YUM registration for repository configuration (repolist)"
+        else
+          logtext "Result: YUM repository available (${sFIND})"
+          Display --indent 2 --text "- Checking YUM package management consistency" --result OK --color GREEN
+        fi
+    fi
+#
+#################################################################################
+#
+    # Test        : PKGS-7384
+    # Description : Search for YUM utils package
+    if [ ! "${YUMBINARY}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
+    Register --test-no PKGS-7384 --preqs-met ${PREQS_MET} --os Linux --weight L --network NO --description "Check for YUM utils package"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        if [ -x /usr/bin/package-cleanup ]; then
+            logtext "Result: found YUM utils package (/usr/bin/package-cleanup)"
+            # Check for duplicates
+            logtext "Test: Checking for duplicate packages"
+            FIND=`/usr/bin/package-cleanup -q --dupes > /dev/null; echo $?`
+            if [ "${FIND}" = "0" ]; then
+                logtext "Result: No duplicate packages found"
+                Display --indent 2 --text "- Checking package database duplicates" --result OK --color GREEN
+              else
+                logtext "Result: One or more duplicate packages found"
+                Display --indent 2 --text "- Checking package database duplicates" --result WARNING --color RED
+                ReportWarning ${TEST_NO} "L" "Found one or more duplicate packages installed"
+                ReportSuggestion ${TEST_NO} "Run package-cleanup to solve duplicate package problems"
+            fi
+
+            # Check for package database problems
+            logtext "Test: Checking for database problems"
+            FIND=`/usr/bin/package-cleanup --problems > /dev/null; echo $?`
+            if [ "${FIND}" = "0" ]; then
+                logtext "Result: No package database problems found"
+                Display --indent 2 --text "- Checking package database for problems" --result OK --color GREEN
+              else
+                logtext "Result: One or more problems found in package database"
+                Display --indent 2 --text "- Checking package database for problems" --result WARNING --color RED
+                ReportWarning ${TEST_NO} "L" "Found one or more problems in the package database"
+                ReportSuggestion ${TEST_NO} "Run package-cleanup to solve package problems"
+            fi
+          else
+            Display --indent 2 --text "- yum-utils package not installed" --result SUGGESTION --color YELLOW
+            logtext "Result: YUM utils package not found"
+            ReportSuggestion ${TEST_NO} "Install package 'yum-utils' for better consistency checking of the package database"
+        fi
+    fi
+#
+#################################################################################
+#
+    # Test        : PKGS-7386
+    # Description : Search for YUM security package
+    # Notes       : This test does not apply to CentOS and clones, as --security is not available
+    if [ -x /usr/bin/yum ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
+    Register --test-no PKGS-7386 --preqs-met ${PREQS_MET} --os Linux --weight L --network NO --description "Check for YUM security package"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        DO_TEST=0
+        logtext "Test: Determining if yum-security package installed"
+
+        FileExists /etc/yum/pluginconf.d/security.conf
+        if [ ${FILE_FOUND} -eq 1 ]; then
+           SearchItem "^enabled=1$" "/etc/yum/pluginconf.d/security.conf"
+           if [ ${ITEM_FOUND} -eq 1 ]; then
+               DO_TEST=1
+           fi
+         else
+           # Check if it's installed as package (this is old style)
+           FIND=`rpm -q yum-security yum-plugin-security | grep -v "not installed"`
+           if [ ! "${FIND}" = "" ]; then
+               logtext "Result: found yum-plugin-security package"
+               DO_TEST=1
+           fi
+        fi
+
+        # If we have the module of yum active, continue.
+        if [ ${DO_TEST} -eq 1 ]; then
+            PKG_AUDIT_TOOL_FOUND=1
+            PKG_AUDIT_TOOL="yum-security"
+            logtext "Test: Checking for vulnerable packages"
+            FIND2=`/usr/bin/yum list-sec security | awk '{ if($2=="security") print $3","$5 }'`
+            if [ "${FIND2}" = "" ]; then
+                logtext "Result: no vulnerable packages found"
+                Display --indent 2 --text "- Checking missing security packages" --result OK --color GREEN
+              else
+                logtext "Result: found vulnerable package(s)"
+                Display --indent 2 --text "- Checking missing security packages" --result WARNING --color RED
+                for I in ${FIND2}; do
+                    report "vulnerable_package[]=${I}"
+                    logtext "Vulnerable package: ${I}"
+                    AddHP 1 2
+                done
+                ReportWarning ${TEST_NO} "M" "Found one or more vulnerable packages."
+                ReportSuggestion ${TEST_NO} "Use 'yum --security update' to update your system"
+            fi
+          else
+            logtext "Result: yum-security package not found"
+            Display --indent 2 --text "- Checking missing security packages" --result SKIPPED --color YELLOW
+            ReportSuggestion ${TEST_NO} "Install package yum-plugin-security if possible, to maintain security updates easier (yum install yum-plugin-security)"
+        fi
+    fi
+#
+#################################################################################
+#
+    # Test        : PKGS-7387
+    # Description : Search for YUM GPG check
+    if [ -x /usr/bin/yum ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
+    Register --test-no PKGS-7387 --preqs-met ${PREQS_MET} --os Linux --weight L --network NO --description "Check for GPG signing in YUM security package"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        FOUND=0
+        FileExists /etc/yum.conf
+        if [ ${FILE_FOUND} -eq 1 ]; then
+           SearchItem "^gpgenabled=1$" "/etc/yum.conf"; if [ ${ITEM_FOUND} -eq 1 ]; then FOUND=1; fi
+           SearchItem "^gpgcheck=1$" "/etc/yum.conf"; if [ ${ITEM_FOUND} -eq 1 ]; then FOUND=1; fi
+           if [ ${FOUND} -eq 1 ]; then
+               logtext "Result: GPG check is enabled"
+               Display --indent 2 --text "- Checking GPG checks (yum.conf)" --result OK --color GREEN
+             else
+               Display --indent 2 --text "- Checking GPG checks (yum.conf)" --result DISABLED --color RED
+               ReportWarning ${TEST_NO} "M" "No GPG signing option found in yum.conf"
+           fi
+        fi
+     fi
+#
+#################################################################################
+#
+    # Test        : PKGS-7388
+    # Description : Check security repository in Debian/ubuntu apt sources.list file
+    Register --test-no PKGS-7388 --os Linux --weight L --network NO --description "Check security repository in Debian/ubuntu apt sources.list file"
+    if [ $SKIPTEST -eq 0 ]; then
+        FOUND=0
+        if [ -f /etc/apt/sources.list -o -d /etc/apt/sources.list.d ]; then
+            if [ ! "${OPTION_DEBIAN_SKIP_SECURITY_REPOSITORY}" = "yes" ]; then
+                if [ -f /etc/apt/sources.list ]; then
+                    logtext "Searching for security.debian.org/security.ubuntu.com or security repositories in /etc/apt/sources.list file"
+                    FIND=`egrep "security.debian.org|security.ubuntu.com|-security " /etc/apt/sources.list | grep -v '#' | sed 's/ /!space!/g'`
+                    if [ ! "${FIND}" = "" ]; then
+                        FOUND=1
+                        Display --indent 2 --text "- Checking security repository in sources.list file" --result OK --color GREEN
+                        logtext "Result: Found security repository in /etc/apt/sources.list"
+                        for I in ${FIND}; do
+                            I=`echo ${I} | sed 's/!space!/ /g'`
+                            logtext "Output: ${I}"
+                        done
+                    fi
+                fi
+                if [ -d /etc/apt/sources.list.d ]; then
+                    logtext "Searching for security.debian.org/security.ubuntu.com or security repositories in /etc/apt/sources.list.d directory"
+                    FIND=`egrep "security.debian.org|security.ubuntu.com|-security " /etc/apt/sources.list.d/* | grep -v '#' | sed 's/ /!space!/g'`
+                    if [ ! "${FIND}" = "" ]; then
+                        FOUND=1
+                        Display --indent 2 --text "- Checking security repository in sources.list.d directory" --result OK --color GREEN
+                        logtext "Result: Found security repository in one or more files in directory /etc/apt/sources.list.d"
+                        for I in ${FIND}; do
+                            I=`echo ${I} | sed 's/!space!/ /g'`
+                            logtext "Output: ${I}"
+                        done
+                    fi
+                fi
+                if [ ${FOUND} -eq 1 ]; then
+                    logtext "Result: security repository was found"
+                    AddHP 3 3
+                  else
+                    Display --indent 2 --text "- Checking security repository in sources.list file or directory" --result WARNING --color RED
+                    ReportWarning ${TEST_NO} "M" "Can't find any security repository in /etc/apt/sources.list or sources.list.d directory"
+                    AddHP 0 3
+                fi
+              else
+                logtext "Skipped as option is set to ignore security repository"
+            fi
+          else
+            logtext "Result: skipping test as sources.list or sources.list.d is not found"
+        fi
+    fi
+#
+#################################################################################
+#
+    # Test        : PKGS-7390
+    # Description : Check Ubuntu database consistency
+    if [ "${LINUX_VERSION}" = "Ubuntu" -a -x /usr/bin/apt-get ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
+    Register --test-no PKGS-7390 --os Linux --preqs-met ${PREQS_MET} --weight L --network NO --description "Check Ubuntu database consistency"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        logtext "Test: Package database consistency by running apt-get check"
+        FIND=`/usr/bin/apt-get -q=2 check; echo $?`
+        if [ "${FIND}" = "0" ]; then
+            Display --indent 2 --text "- Checking APT package database..." --result OK --color GREEN
+            logtext "Result: package database seems to be consistent."
+          else
+            logtext "Result: package database is most likely NOT consistent"
+            Display --indent 2 --text "- Checking APT package database..." --result WARNING --color RED
+            ReportWarning ${TEST_NO} "M" "apt-get check returned a non successful exit code."
+            ReportSuggestion ${TEST_NO} "Run apt-get to perform a manual package database consistency check."
+        fi
+    fi
+#
+#################################################################################
+#
+    # Test        : PKGS-7392
+    # Description : Check Debian/Ubuntu vulnerable packages
+    if [ -x /usr/bin/apt-get ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
+    Register --test-no PKGS-7392 --os Linux --preqs-met ${PREQS_MET} --weight L --network YES --description "Check for Debian/Ubuntu security updates"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        VULNERABLE_PACKAGES_FOUND=0
+        SCAN_PERFORMED=0
+        # Update the repository, outdated repositories don't give much information
+        logtext "Action: updating repository with apt-get"
+        /usr/bin/apt-get -q=2 update
+        logtext "Result: apt-get finished"
+        logtext "Action: Checking if /usr/lib/update-notifier/apt-check exists"
+        if [ -x /usr/lib/update-notifier/apt-check ]; then
+          PKG_AUDIT_TOOL_FOUND=1
+          PKG_AUDIT_TOOL="apt-check"
+          logtext "Result: found /usr/lib/update-notifier/apt-check"
+          logtext "Action: checking if any of the updates contain security updates"
+          FIND=`/usr/lib/update-notifier/apt-check --human-readable | grep "are security updates" | awk -F" " '{ print $1 }'`
+          # Check if we get the proper line back and amount of security patches available
+          if [ "${FIND}" = "" ]; then
+              logtext "Result: did not find security updates line"
+              ReportSuggestion ${TEST_NO} "Check if system is up-to-date, security updates test gives an unexpected result"
+            else
+              if [ "${FIND}" = "0" ]; then
+                  logtext "Result: no vulnerable packages found via apt-check"
+                  SCAN_PERFORMED=1
+                else
+                  VULNERABLE_PACKAGES_FOUND=1
+                  SCAN_PERFORMED=1
+                  logtext "Result: found ${FIND} security updates via apt-check"
+                  AddHP 0 25
+              fi
+          fi
+          else
+            logtext "Result: apt-check (update-notifier-common) not found"
+        fi
+
+        # Trying also with apt-get directly (does not always work, as updates are distributed on both -security and -updates)
+        # Show packages which would be upgraded and match 'security' in repository name
+        FIND=`/usr/bin/apt-get --dry-run --show-upgraded upgrade | grep '-security' | grep "^Inst" | cut -d ' ' -f2 | sort | uniq`
+        if [ ! "${FIND}" = "" ]; then
+            #Display --indent 2 --text "- Checking vulnerable packages..." --result WARNING --color RED
+            VULNERABLE_PACKAGES_FOUND=1
+            SCAN_PERFORMED=1
+            logtext "Result: found vulnerable package(s) via apt-get (-security channel)"
+            PKG_AUDIT_TOOL="apt-get"
+            PKG_AUDIT_TOOL_FOUND=1
+            for I in ${FIND}; do
+                logtext "Found vulnerable package: ${I}"
+                report "vulnerable_package[]=${I}"
+            done
+        fi
+        if [ ${SCAN_PERFORMED} -eq 1 ]; then
+            if [ ${VULNERABLE_PACKAGES_FOUND} -eq 1 ]; then
+                ReportWarning ${TEST_NO} "M" "Found one or more vulnerable packages."
+                ReportSuggestion ${TEST_NO} "Update your system with apt-get update, apt-get upgrade, apt-get dist-upgrade and/or unattended-upgrades"
+                Display --indent 2 --text "- Checking vulnerable packages..." --result WARNING --color RED
+              else
+                Display --indent 2 --text "- Checking vulnerable packages..." --result OK --color GREEN
+                logtext "Result: no vulnerable packages found"
+            fi
+          else
+            Display --indent 2 --text "- Checking vulnerable packages (apt-get only)..." --result DONE --color GREEN
+            logtext "Result: test not fully executed (missing apt-check output)"
+        fi
+    fi
+#
+#################################################################################
+#
+    # Test        : PKGS-7394
+    # Description : Check Ubuntu upgradeable packages
+    if [ "${LINUX_VERSION}" = "Ubuntu" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
+    Register --test-no PKGS-7394 --os Linux --preqs-met ${PREQS_MET} --weight L --network YES --description "Check for Ubuntu updates"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        logtext "Test: checking /usr/bin/apt-show-versions"
+        if [ -x /usr/bin/apt-show-versions ]; then
+            logtext "Result: found /usr/bin/apt-show-versions"
+            logtext "Test: Checking packages which can be upgraded via apt-show-versions"
+            FIND=`/usr/bin/apt-show-versions -u | sed 's/ /!space!/g'`
+            if [ "${FIND}" = "" ]; then
+                logtext "Result: no packages found which can be upgraded"
+                Display --indent 2 --text "- Checking upgradeable packages..." --result NONE --color GREEN
+                AddHP 3 3
+              else
+                logtext "Result: found one or more packages which can be upgraded"
+                Display --indent 2 --text "- Checking upgradeable packages..." --result FOUND --color YELLOW
+                # output: program/repository upgradeable from version X to Y
+                for I in ${FIND}; do
+                    I=`echo ${I} | sed 's/!space!/ /g'`
+                    logtext "${I}"
+                done
+            fi
+          else
+            logtext "Result: /usr/bin/apt-show-versions not found"
+            Display --indent 2 --text "- Checking upgradeable packages..." --result SKIPPED --color WHITE
+            ReportSuggestion ${TEST_NO} "Install package apt-show-versions for patch management purposes"
+        fi
+    fi
+
+#
+#################################################################################
+#
+    # Test        : PKGS-7398
+    # Description : Check package audit tool
+    Register --test-no PKGS-7398 --weight L --network YES --description "Check for package audit tool"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        logtext "Test: checking for package audit tool"
+        if [ ${PKG_AUDIT_TOOL_FOUND} -eq 0 ]; then
+            Display --indent 2 --text "- Checking package audit tool..." --result NONE --color RED
+            ReportSuggestion ${TEST_NO} "Install a package audit tool to determine vulnerable packages"
+            logtext "Result: no package audit tool found"
+          else
+            Display --indent 2 --text "- Checking package audit tool..." --result INSTALLED --color GREEN
+            Display --indent 4 --text "Found: ${PKG_AUDIT_TOOL}"
+            logtext "Result: found package audit tool: ${PKG_AUDIT_TOOL}"
+        fi
+    fi
+#
+#################################################################################
+#
+
+# check for popularity-contest (Debian/Ubuntu)
+# check for yum-changelog
+
+
+report "pkg_audit_tool=${PKG_AUDIT_TOOL}"
+report "pkg_audit_tool_found=${PKG_AUDIT_TOOL_FOUND}"
+
+wait_for_keypress
+
+
+#
+#================================================================================
+# Lynis - Copyright 2007-2014, Michael Boelen - www.rootkit.nl - The Netherlands
diff --git a/include/tests_printers_spools b/include/tests_printers_spools
new file mode 100644
index 00000000..1a5fdac6
--- /dev/null
+++ b/include/tests_printers_spools
@@ -0,0 +1,215 @@
+#!/bin/sh
+
+#################################################################################
+#
+#   Lynis
+# ------------------
+#
+# Copyright 2007-2014, Michael Boelen (michael@rootkit.nl), The Netherlands
+# Web site: http://www.rootkit.nl
+#
+# Lynis comes with ABSOLUTELY NO WARRANTY. This is free software, and you are
+# welcome to redistribute it under the terms of the GNU General Public License.
+# See LICENSE file for usage of this software.
+#
+#################################################################################
+#
+# Printers and spools
+#
+#################################################################################
+#
+    CUPSD_CONFIG_LOCS="/etc/cups /usr/local/etc/cups"
+    CUPSD_CONFIG_FILE=""
+    CUPSD_RUNNING=0
+    CUPSD_FOUND=0
+    LPD_RUNNING=0
+    PRINTING_DAEMON=""
+#
+#################################################################################
+#
+    InsertSection "Printers and Spools"
+#
+#################################################################################
+#
+    # Test        : PRNT-2302
+    # Description : Check printcap file consistency
+    Register --test-no PRNT-2302 --os FreeBSD --weight L --network NO --description "Check for available accounting information"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        logtext "Test: Searching /usr/sbin/chkprintcap"
+        if [ ! -f /usr/sbin/chkprintcap ]; then
+            Display --indent 2 --text "- Checking chkprintcap..." --result "NOT FOUND" --color WHITE
+            logtext "Result: /usr/sbin/chkprintcap NOT found, test skipped."
+          else
+            logtext "Result: /usr/sbin/chkprintcap found"
+            FIND=`/usr/sbin/chkprintcap > /dev/null ; echo $?`
+            # Only an exit code of zero should come back. Use string instead of integer, due unexpected trash
+            if [ "${FIND}" = "0" ]; then
+                Display --indent 2 --text "- Integrity check of printcap file" --result OK --color GREEN
+                logtext "Result: chkprintcap did NOT gave any warnings"
+              else
+                Display --indent 2 --text "- Integrity check of printcap file" --result WARNING --color RED
+                ReportSuggestion ${TEST_NO} "Run chkprintcap manually to test printcap file"
+                logtext "Output from chkprintcap: ${FIND}"
+                logtext "Run chkprintcap and check the /etc/printcap file."
+            fi
+        fi
+    fi
+#
+#################################################################################
+#
+    # Test        : PRNT-2304
+    # Description : Check cupsd status
+    Register --test-no PRNT-2304 --weight L --network NO --description "Check cupsd status"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        logtext "Test: Checking cupsd status"
+        FIND=`${PSBINARY} ax | grep "cupsd" | grep -v "grep" | grep -v apcupsd`
+        if [ ! "${FIND}" = "" ]; then
+            Display --indent 2 --text "- Checking cups daemon..." --result RUNNING --color GREEN
+            logtext "Result: cups daemon running"
+            CUPSD_RUNNING=1; PRINTING_DAEMON="cups"
+          else
+            Display --indent 2 --text "- Checking cups daemon..." --result "NOT FOUND" --color WHITE
+            logtext "Result: cups daemon not running, cups daemon tests skipped"
+        fi
+    fi
+#
+#################################################################################
+#
+    # Test        : PRNT-2306
+    # Description : Check CUPSd configuration file
+    if [ ${CUPSD_RUNNING} -eq 1 ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
+    Register --test-no PRNT-2306 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check CUPSd configuration file"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        logtext "Test: Searching cupsd configuration file"
+        for I in ${CUPSD_CONFIG_LOCS}; do
+            if [ -f ${I}/cupsd.conf ]; then
+                CUPSD_CONFIG_FILE="${I}/cupsd.conf"
+                logtext "Result: found ${CUPSD_CONFIG_FILE}"
+            fi
+        done
+        if [ ! "${CUPSD_CONFIG_FILE}" = "" ]; then
+            Display --indent 2 --text "- Checking CUPS configuration file..." --result OK --color GREEN
+            logtext "Result: configuration file found (${CUPSD_CONFIG_FILE})"
+            CUPSD_FOUND=1
+          else
+            Display --indent 2 --text "- Checking CUPS configuration file..." --result "NOT FOUND" --color RED
+            logtext "Result: configuration file not found"
+            logtext "Development: no CUPS configuration file found"
+        fi
+    fi
+#
+#################################################################################
+#
+    # Test        : PRNT-2307
+    # Description : Check CUPSd configuration file permissions
+    if [ ${CUPSD_FOUND} -eq 1 ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
+    Register --test-no PRNT-2307 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check CUPSd configuration file permissions"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        logtext "Test: Checking CUPS configuration file permissions"
+        FIND=`ls -l ${CUPSD_CONFIG_FILE} | cut -c 2-10`
+        logtext "Result: found ${FIND}"
+        if [ "${FIND}" = "r--------" -o "${FIND}" = "rw-------" -o "${FIND}" = "rw-rw----" ]; then
+            Display --indent 4 --text "- File permissions" --result "OK" --color GREEN
+            AddHP 1 1
+          else
+            Display --indent 4 --text "- File permissions" --result "WARNING" --color RED
+            ReportSuggestion ${TEST_NO} "Access to CUPS configuration could be more strict."
+            AddHP 1 2
+        fi
+    fi
+#
+#################################################################################
+#
+    # Test        : PRNT-2308
+    # Description : Check CUPS daemon network configuration
+    if [ ${CUPSD_FOUND} -eq 1 ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
+    Register --test-no PRNT-2308 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check CUPSd network configuration"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        FOUND=0
+        # Checking network addresses
+        logtext "Test: Checking CUPS daemon listening network addresses"
+        FIND=`grep "^Listen" ${CUPSD_CONFIG_FILE} | grep -v "/" | awk '{ print $2 }'`
+        N=0
+        for I in ${FIND}; do
+            logtext "Found network address: ${I}"
+            N=`expr ${N} + 1`
+            FOUND=1
+        done
+        if [ ${FOUND} -eq 0 ]; then
+           ReportException "${TEST_NO}:1" "No listen statement found in CUPS configuration file"
+        fi
+
+        # Check if daemon is only running on localhost
+        if [ ${N} -eq 1 ]; then
+            if [ "${FIND}" = "localhost:631" -o "${FIND}" = "127.0.0.1:631" ]; then
+                logtext "Result: CUPS daemon only running on localhost"
+                AddHP 2 2
+              else
+                logtext "Result: CUPS daemon running on one or more interfaces (not limited to localhost)"
+                ReportSuggestion ${TEST_NO} "Check CUPS configuration if it really needs to listen on the network"
+                AddHP 1 2
+            fi
+          else
+            logtext "Result: CUPS daemon is running on several network addresses"
+            ReportSuggestion ${TEST_NO} "Check CUPS configuration if it really needs to run on several network addresses"
+            AddHP 1 2
+        fi
+
+        # Checking sockets
+        logtext "Test: Checking cups daemon listening sockets"
+        FIND=`grep "^Listen" ${CUPSD_CONFIG_FILE} | grep "/" | awk '{ print $2 }'`
+        for I in ${FIND}; do
+            logtext "Found socket address: ${I}"
+            N=`expr ${N} + 1`
+        done
+
+        if [ ${N} -eq 0 ]; then
+            Display --indent 2 --text "- Checking CUPS addresses/sockets..." --result "NONE" --color WHITE
+            logtext "Result: no addresses found on which CUPS daemon is listening"
+          else
+            Display --indent 2 --text "- Checking CUPS addresses/sockets..." --result "FOUND" --color GREEN
+            logtext "Result: CUPS daemon is listening on network/socket"
+        fi
+    fi
+#
+#################################################################################
+#
+    # Test        : PRNT-2314
+    # Description : Check lpd status
+    Register --test-no PRNT-2314 --weight L --network NO --description "Check lpd status"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        logtext "Test: Checking lpd status"
+        IsRunning lpd
+        if [ ${RUNNING} -eq 1 ]; then
+            Display --indent 2 --text "- Checking lp daemon" --result RUNNING --color GREEN
+            logtext "Result: lp daemon running"
+            LPD_RUNNING=1; PRINTING_DAEMON="lp"
+          else
+            Display --indent 2 --text "- Checking lp daemon" --result "NOT RUNNING" --color WHITE
+            logtext "Result: lp daemon not running"
+            AddHP 4 4
+        fi
+    fi
+#
+#################################################################################
+#
+    # Test        : PRNT-23xx
+    # Description : Test Linux printcap file
+    #if [ ${CUPSD_RUNNING} -eq 1 -a ! "${CUPSD_CONFIG_FILE}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
+    #Register --test-no PRNT-23xx--preqs-met ${PREQS_MET} --weight L --network NO --description "Check cupsd address configuration"
+    #if [ ${SKIPTEST} -eq 0 ]; then
+    #if [ "${OS}" = "Linux" ]; then
+    #    echo "        - Testing printcap file... [Test not implemented yet]"
+    #    # Check printcap with checkpc command
+    #fi
+#
+#################################################################################
+#
+
+report "printing_daemon=${PRINTING_DAEMON}"
+
+wait_for_keypress
+
+#
+#================================================================================
+# Lynis - Copyright 2007-2014, Michael Boelen - www.rootkit.nl - The Netherlands
diff --git a/include/tests_scheduling b/include/tests_scheduling
new file mode 100644
index 00000000..be3ced5d
--- /dev/null
+++ b/include/tests_scheduling
@@ -0,0 +1,234 @@
+#!/bin/sh
+
+#################################################################################
+#
+#   Lynis
+# ------------------
+#
+# Copyright 2007-2014, Michael Boelen (michael@rootkit.nl), The Netherlands
+# Web site: http://www.rootkit.nl
+#
+# Lynis comes with ABSOLUTELY NO WARRANTY. This is free software, and you are
+# welcome to redistribute it under the terms of the GNU General Public License.
+# See LICENSE file for usage of this software.
+#
+#################################################################################
+#
+# Scheduled tasks
+#
+#################################################################################
+#
+    InsertSection "Scheduled tasks"
+#
+#################################################################################
+#
+    ATD_RUNNING=0
+#
+#################################################################################
+#
+    # Test        : SCHD-7704
+    # Description : Check crontab / cronjobs
+    Register --test-no SCHD-7704 --weight L --network NO --description "Check crontab/cronjobs"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        FindCronJob()
+          {
+            sCRONJOBS=`egrep '^([0-9*])' $1 | tr '\t' ' ' | tr -s ' ' | tr ' ' ','`
+          }
+
+        if [ -f /etc/crontab ]; then
+            FindCronJob /etc/crontab
+            for I in ${sCRONJOBS}; do
+                logtext "Found cronjob (/etc/crontab): ${I}"
+                report "cronjob[]=${I}"
+            done
+        fi
+
+        CRON_DIRS="/etc/cron.d"
+        for I in ${CRON_DIRS}; do
+            logtext "Test: checking directory ${I}"
+            if [ -d ${I} ]; then
+                logtext "Result: found directory ${I}"
+                logtext "Test: searching files in ${I}"
+                FIND=`find ${I} -type f -print`
+                if [ "${FIND}" = "" ]; then
+                    logtext "Result: no files found in ${I}"
+                  else
+                    logtext "Result: found one or more files in ${I}. Analyzing files.."
+                    for J in ${FIND}; do
+                        FindCronJob ${J}
+                        for K in ${sCRONJOBS}; do
+                            logtext "Result: Found cronjob (${I}): ${K}"
+                        done
+                    done
+                    logtext "Result: done with analyzing files in ${I}"
+                fi
+              else
+                logtext "Result: directory ${I} does not exist"
+            fi
+        done
+
+        CRON_DIRS="/etc/cron.hourly /etc/cron.daily /etc/cron.weekly /etc/cron.monthly"
+        for I in ${CRON_DIRS}; do
+            logtext "Test: checking directory ${I}"
+            if [ -d ${I} ]; then
+                logtext "Result: found directory ${I}"
+                logtext "Test: searching files in ${I}"
+                FIND=`find ${I} -type f -print | grep -v ".placeholder"`
+                if [ "${FIND}" = "" ]; then
+                    logtext "Result: no files found in ${I}"
+                  else
+                    logtext "Result: found one or more files in ${I}. Analyzing files.."
+                    for J in ${FIND}; do
+                        logtext "Result: Found cronjob (${I}): ${J}"
+                        report "cronjob[]=${J}"
+                    done
+                    logtext "Result: done with analyzing files in ${I}"
+                fi
+              else
+                logtext "Result: directory ${I} does not exist"
+            fi
+        done
+
+        # /var/spool/cron/* and /var/spool/cron/crontabs/*
+        # Search only in one tree, to avoid searching the tree twice
+        if [ -d /var/spool/cron/crontabs ]; then
+            FIND=`find /var/spool/cron/crontabs -type f -print`
+            for I in ${FIND}; do
+                FindCronJob ${I}
+                for J in ${sCRONJOBS}; do
+                    logtext "Found cronjob (/var/spool/cron/crontabs): ${I} (${J})"
+                    report "cronjob[]=${I}"
+                done
+            done
+          else
+            if [ -d /var/spool/cron ]; then
+                FIND=`find /var/spool/cron -type f -print`
+                for I in ${FIND}; do
+                    FindCronJob ${I}
+                    for J in ${sCRONJOBS}; do
+                        logtext "Found cronjob (/var/spool/cron): ${I} (${J})"
+                        logtext "cronjob[]=${I}"
+                    done
+                done
+            fi
+        fi
+
+        # Anacron
+        if [ "${OS}" = "Linux" ]; then
+            if [ -f /etc/anacrontab ]; then
+                logtext "Test: checking anacrontab"
+                sANACRONJOBS=`egrep '^([0-9@])' /etc/anacrontab | tr '\t' ' ' | tr -s ' ' | tr ' ' ','`
+                for J in ${sANACRONJOBS}; do
+                    logtext "Found anacron job (/etc/anacrontab): ${J}"
+                    report "cronjob[]=${J}"
+                done
+            fi
+        fi
+
+        Display --indent 2 --text "- Checking crontab/cronjob" --result DONE --color GREEN
+    fi
+#
+#################################################################################
+#
+    # Test        : SCHD-7718
+    # Description : Check atd status
+    Register --test-no SCHD-7718 --weight L --network NO --description "Check at users"
+    if [ ${SKIPTEST} -eq 0 ]; then
+	logtext "Test: Checking atd status"
+	FIND=`${PSBINARY} ax | grep "/atd" | grep -v "grep"`
+	if [ ! "${FIND}" = "" ]; then
+	    logtext "Result: at daemon active"
+	    Display --indent 2 --text "- Checking atd status" --result RUNNING --color GREEN
+	    ATD_RUNNING=1
+	  else
+	    logtext "Result: at daemon not active"
+	    Display --indent 2 --text "- Checking atd status" --result "NOT RUNNING" --color WHITE
+	fi
+    fi
+#
+#################################################################################
+#
+    # Test        : SCHD-7720
+    # Description : Check at users
+    # Notes       : if at.allow exists, only users listed can schedule at jobs
+    #               if at.allow does not exist, but at.deny does, everyone
+    #               except the listed ones can schedule jobs. If both can't be
+    #               found, only root can schedule jobs.
+    if [ ${ATD_RUNNING} -eq 1 ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
+    Register --test-no SCHD-7720 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check at users"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        AT_UNKNOWN=0
+        case ${OS} in
+	    FreeBSD)          AT_ALLOW="/var/at/at.allow";        AT_DENY="/var/at/at.deny"         ;;
+	    HPUX)             AT_ALLOW="/usr/lib/cron/at.allow";  AT_DENY="/usr/lib/cron/at.deny"   ;;
+	    Linux)	      AT_ALLOW="/etc/at.allow";           AT_DENY="/etc/at.deny"            ;;
+	    OpenBSD)          AT_ALLOW="/var/cron/at.allow";      AT_DENY="/var/cron/at.deny"       ;;
+	    SunOS)            AT_ALLOW="/etc/cron.d/at.allow";    AT_DENY="/etc/cron.d/at.deny"     ;;
+	    *)                AT_UNKNOWN=1; logtext "Test skipped, files for at unknown"            ;;
+	esac
+        if [ ${AT_UNKNOWN} -eq 0 ]; then
+            logtext "Test: checking for file ${AT_ALLOW}"
+	    if [ -f ${AT_ALLOW} ]; then
+	        logtext "Result: file ${AT_ALLOW} exists, only listed users can schedule at jobs"
+		FIND=`cat ${AT_ALLOW} | sort`
+		if [ "${FIND}" = "" ]; then
+		    logtext "Result: File empty, no users are allowed to schedule at jobs"
+		  else
+		    for I in ${FIND}; do
+		       logtext "Allowed at user: ${I}"
+		    done    
+		fi
+	      else
+	       logtext "Result: file ${AT_ALLOW} does not exist"
+	       logtext "Test: checking for file ${AT_DENY}"
+	       if [ -f ${AT_DENY} ]; then
+	           logtext "Result: file ${AT_DENY} exists, only non listed users can schedule at jobs"
+		   FIND=`cat ${AT_DENY} | sort`
+		   if [ "${FIND}" = "" ]; then
+		       logtext "Result: file is empty, no users are denied access to schedule jobs"
+		     else
+		       for I in ${FIND}; do
+		           logtext "Denied at user: ${I}"
+		       done    
+		   fi
+	         else
+	           logtext "Result: both ${AT_ALLOW} and ${AT_DENY} do not exist"
+	           logtext "Note: only root can schedule at jobs"
+	       fi    
+	    fi
+	    Display --indent 4 --text "- Checking at users" --result DONE --color GREEN
+	  else
+            Display --indent 4 --text "- Checking at users" --result SKIPPED --color YELLOW
+	fi
+    fi
+#
+#################################################################################
+#
+    # Test        : SCHD-7724
+    # Description : Check scheduled at jobs
+    if [ ${ATD_RUNNING} -eq 1 ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
+    Register --test-no SCHD-7724 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check at jobs"
+    if [ ${SKIPTEST} -eq 0 ]; then
+	logtext "Test: Check scheduled at jobs"
+	FIND=`atq | grep -v "no files in queue" | ${AWKBINARY} '{gsub("\t"," ");print}' | sed 's/ /!space!/g'`
+	if [ ! "${FIND}" = "" ]; then
+	    logtext "Result: found one or more jobs"
+	    for I in ${FIND}; do
+	        I=`echo ${I} | sed 's/!space!/ /g'`
+		logtext "Found at job: ${I}"
+	    done
+            Display --indent 4 --text "- Checking at jobs" --result FOUND --color GREEN
+	  else
+	    logtext "Result: no pending at jobs"
+            Display --indent 4 --text "- Checking at jobs" --result NONE --color GREEN
+	fi
+    fi
+#
+#################################################################################
+#
+
+wait_for_keypress
+
+#
+#================================================================================
+# Lynis - Copyright 2007-2014, Michael Boelen - www.rootkit.nl - The Netherlands
diff --git a/include/tests_shells b/include/tests_shells
new file mode 100644
index 00000000..e1e1cdbe
--- /dev/null
+++ b/include/tests_shells
@@ -0,0 +1,216 @@
+#!/bin/sh
+
+#################################################################################
+#
+#   Lynis
+# ------------------
+#
+# Copyright 2007-2014, Michael Boelen (michael@rootkit.nl), The Netherlands
+# Web site: http://www.rootkit.nl
+#
+# Lynis comes with ABSOLUTELY NO WARRANTY. This is free software, and you are
+# welcome to redistribute it under the terms of the GNU General Public License.
+# See LICENSE file for usage of this software.
+#
+#################################################################################
+#
+# Shells
+#
+#################################################################################
+#
+    IDLE_TIMEOUT=0
+    InsertSection "Shells"
+#
+#################################################################################
+#
+    # bash
+    # Files (interactive login shells):     /etc/profile $HOME/.bash_profile
+    #                                       $HOME/.bash_login $HOME/.profile
+    # Files (interactive non-login shells): $HOME/.bash_rc
+
+    # csh/tcsh
+    # Files: /etc/csh.cshrc /etc/csh.login
+    # zsh
+    # Files: /etc/zshenv /etc/zsh/zshenv $HOME/.zshenv /etc/zprofile
+    #        /etc/zsh/zprofile $HOME/.zprofile /etc/zshrc /etc/zsh/zshrc
+    #        $ZDOTDIR/.zshrc /etc/zlogin /etc/zsh/zlogin
+
+    SHELL_LOGIN_FILES="/etc/csh.cshrc /etc/csh.login /etc/zshenv /etc/zsh/zshenv
+                       /etc/zprofile /etc/zsh/zprofile /etc/zshrc /etc/zsh/zshrc
+                       /etc/zlogin /etc/zsh/zlogin"
+#
+#################################################################################
+#
+
+    # Test        : SHLL-6202
+    # Description : check all console TTYs in which root user can enter single user mode without password
+    Register --test-no SHLL-6202 --os FreeBSD --weight L --network NO --description "Check console TTYs"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        logtext "Test: Checking console TTYs..."
+        FIND=`cat /etc/ttys | egrep '^console' | grep -v 'insecure'`
+        if [ "${FIND}" = "" ]; then
+            Display --indent 2 --text "- Checking console TTYs... " --result OK --color GREEN
+            logtext "Result: console is secured against single user mode without password."
+          else
+            Display --indent 2 --text "- Checking console TTYs... " --result WARNING --color RED
+            logtext "Result: Found insecure console in /etc/ttys. Single user mode login without password allowed!"
+            logtext "Output /etc/ttys:"
+            logtext "${FIND}"
+            ReportWarning ${TEST_NO} "M" "Found unprotected console in /etc/ttys"
+            #ReportSuggestion ${TEST_NO} "Change the console line from 'secure' to 'insecure'."
+        fi
+    fi
+#
+#################################################################################
+#
+    # Test        : SHLL-6214
+    # Description : check for idle session killing tools (timeoutd)
+
+
+#
+#################################################################################
+#
+    # Test        : SHLL-6211
+    # Description : which shells are available according /etc/shells
+    Register --test-no SHLL-6211 --weight L --network NO --description "Checking available and valid shells"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        logtext "Test: Searching for /etc/shells..."
+        if [ -f /etc/shells ]; then
+            logtext "Result: Found /etc/shells file"
+            logtext "Test: Reading available shells from /etc/shells"
+            SSHELLS=`cat /etc/shells | grep "^/"`
+            CSSHELLS=0; CSSHELLS_ALL=0
+            Display --indent 2 --text "- Checking shells from /etc/shells..."
+            for I in ${SSHELLS}; do
+                CSSHELLS_ALL=`expr ${CSSHELLS_ALL} + 1`
+                report "available_shell[]=${I}"
+                # YYY add check for symlinked shells
+                if [ -f ${I} ]; then
+                    logtext "Found installed shell: ${I}"
+                    CSSHELLS=`expr ${CSSHELLS} + 1`
+                  else
+                    logtext "Shell ${I} not installed. Probably a dummy or non existing shell."
+                fi
+             done
+            Display --indent 4 --text "Result: found ${CSSHELLS_ALL} shells (valid shells: ${CSSHELLS})."
+          else
+            logtext "Result: /etc/shells not found, skipping test"
+        fi
+    fi
+#
+#################################################################################
+#
+    # Test        : SHLL-6220
+    # Description : check for idle session killing tools or settings
+    Register --test-no SHLL-6220 --weight L --network NO --description "Checking available and valid shells"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        logtext "Test: Search for session timeout tools or settings in shell"
+        IsRunning timeoutd
+        if [ ${RUNNING} -eq 1 ]; then
+            IDLE_TIMEOUT=1
+            logtext "Result: found timeoutd process to kill idle sesions"
+            report="session_timeout_method=timeout daemon"
+        fi
+        IsRunning autolog
+        if [ ${RUNNING} -eq 1 ]; then
+            IDLE_TIMEOUT=1
+            logtext "Result: found autolog process to kill idle sesions"
+            report="session_timeout_method[]=autolog"
+        fi
+
+        if [ -f /etc/profile ]; then
+            FIND=`cat /etc/profile | grep '\(export[ \t]*\)\?TMOUT=' | tr -d ' ' | tr -d '\t' | grep -v "^#" | sed 's/export//' | sed 's/#.*//'`
+            if [ ! "${FIND}" = "" ]; then
+                N=0; IDLE_TIMEOUT=1
+                for I in ${FIND}; do
+                    logtext "Output: ${I}"
+                    N=`expr ${N} + 1`
+                done
+                if [ ${N} -eq 1 ]; then
+                    logtext "Result: found TMOUT value configured in /etc/profile"
+                  else
+                    logtext "Result: found several TMOUT values configured in /etc/profile"
+                fi
+                report "session_timeout_method[]=profile"
+              else
+                logtext "Result: could not find TMOUT setting in /etc/profile"
+            fi
+          else
+            logtext "Result: skip /etc/profile test, file not available on this system"
+        fi
+
+        if [ -d /etc/profile.d ]; then
+            FIND=`cat /etc/profile.d/*.sh 2> /dev/null | grep '\(export[ \t]*\)\?TMOUT=' | tr -d ' ' | tr -d '\t' | grep -v "^#" | sed 's/export//' | sed 's/#.*//'`
+            if [ ! "${FIND}" = "" ]; then
+                N=0; IDLE_TIMEOUT=1
+                for I in ${FIND}; do
+                    logtext "Output: ${I}"
+                    N=`expr ${N} + 1`
+                done
+                if [ ${N} -eq 1 ]; then
+                    logtext "Result: found TMOUT value configured in one of the files in /etc/profile.d directory"
+                  else
+                    logtext "Result: found several TMOUT values configured in one of the files in /etc/profile.d directory"
+                fi
+                report "session_timeout_method[]=profile"
+              else
+                logtext "Result: could not find TMOUT setting in /etc/profile.d/*.sh"
+            fi
+          else
+            logtext "Result: skip /etc/profile.d directory test, directory not available on this system"
+        fi
+
+        if [ ${IDLE_TIMEOUT} -eq 1 ]; then
+            Display --indent 4 --text "- Session timeout settings/tools" --result "FOUND" --color GREEN
+            AddHP 3 3
+          else
+            Display --indent 4 --text "- Session timeout settings/tools" --result "NONE" --color YELLOW
+            AddHP 1 3
+        fi
+    fi
+#
+#################################################################################
+#
+    # Test        : SHLL-6236
+    # Description : Check /etc/profile
+#
+#################################################################################
+#
+
+    # Test        : SHLL-6240
+    # Description : Check default umask
+#    Register --test-no SHLL-6240 --weight L --network NO --description "Check default umask"
+#    if [ ${SKIPTEST} -eq 0 ]; then
+#        logtext "Test: Checking /etc/profile..."
+#	if [ -f /etc/profile ]; then
+#    	    FIND=`grep "^umask" | awk '{ print $2 }'`
+#    	    if [ "${FIND}" = "" ]; then
+#		logtext "Result: xxx"
+#  		Display --indent 2 --text "- Checking default umask... " --result OK --color GREEN
+#              else
+#		logtext "Result: xxx"
+#    		Display --indent 2 --text "- Checking default umask... " --result WARNING --color RED
+#		#ReportWarning ${TEST_NO} "M" "xxx"
+#		#ReportSuggestion ${TEST_NO} "xxx"
+#	    fi
+#	fi
+#    fi
+#
+#################################################################################
+#
+    # Test        : SHLL-6250
+    # Description : Check /etc/bash.bashrc
+#    Register --test-no SHLL-6250 --weight L --network NO --description "Check default umask"
+#    if [ ${SKIPTEST} -eq 0 ]; then
+#
+#################################################################################
+#
+
+report "session_timeout_enabled=${IDLE_TIMEOUT}"
+
+
+wait_for_keypress
+
+#
+#================================================================================
+# Lynis - Copyright 2007-2014, Michael Boelen - www.rootkit.nl - The Netherlands
diff --git a/include/tests_snmp b/include/tests_snmp
new file mode 100644
index 00000000..92344a17
--- /dev/null
+++ b/include/tests_snmp
@@ -0,0 +1,105 @@
+#!/bin/sh
+
+#################################################################################
+#
+#   Lynis
+# ------------------
+#
+# Copyright 2007-2014, Michael Boelen (michael@rootkit.nl), The Netherlands
+# Web site: http://www.rootkit.nl
+#
+# Lynis comes with ABSOLUTELY NO WARRANTY. This is free software, and you are
+# welcome to redistribute it under the terms of the GNU General Public License.
+# See LICENSE file for usage of this software.
+#
+#################################################################################
+#
+# SNMP
+#
+#################################################################################
+#
+    SNMP_DAEMON_CONFIG_LOCS="/etc/snmp"
+    SNMP_DAEMON_CONFIG=""
+    SNMP_DAEMON_RUNNING=0
+#
+#################################################################################
+#
+    InsertSection "SNMP Support"
+
+    # Test        : SNMP-3302
+    # Description : Check for a running SNMP daemon
+    Register --test-no SNMP-3302 --weight L --network NO --description "Check for running SNMP daemon"
+    if [ ${SKIPTEST} -eq 0 ]; then
+	logtext "Test: Searching for a SNMP daemon..."
+	# Check running processes
+	FIND=`${PSBINARY} ax | grep "snmpd" | grep -v "grep"`
+	if [ ! "${FIND}" = "" ]; then
+	    SNMP_DAEMON_RUNNING=1	    
+	    logtext "Result: SNMP daemon is running"
+	    Display --indent 2 --text "- Checking running SNMP daemon..." --result FOUND --color GREEN
+	  else
+	    logtext "Result: No running SNMP daemon found"
+	    Display --indent 2 --text "- Checking running SNMP daemon..." --result "NOT FOUND" --color WHITE
+	fi
+    fi
+#
+#################################################################################
+#
+    # Test        : SNMP-3304
+    # Description : Determine SNMP daemon configuration file location
+    if [ ${SNMP_DAEMON_RUNNING} -eq 1 ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
+    Register --test-no SNMP-3304 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check SNMP daemon file location"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        logtext "Action: searching for snmpd.conf file"
+	for I in ${SNMP_DAEMON_CONFIG_LOCS}; do
+	    if [ -f "${I}/snmpd.conf" ]; then
+	      logtext "Result: ${I}/snmpd.conf exists"
+	      SNMPD_DAEMON_CONFIG="${I}/snmpd.conf"
+	    fi    
+	done
+	if [ "${SNMPD_DAEMON_CONFIG}" = "" ]; then
+	    logtext "Result: No snmpd configuration found"
+	    Display --indent 4 --text "- Checking SNMP configuration..." --result "NOT FOUND" --color WHITE
+	  else
+	    logtext "Restult: using last found configuration file: ${SNMPD_DAEMON_CONFIG}"
+	    Display --indent 4 --text "- Checking SNMP configuration..." --result "FOUND" --color GREEN
+	fi
+    fi
+#
+#################################################################################
+#
+    # Test        : SNMP-3306
+    # Description : Determine SNMP communities
+    if [ ! "${SNMPD_DAEMON_CONFIG}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
+    Register --test-no SNMP-3306 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check SNMP communities"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        WARN=0
+        logtext "Test: reading active snmp communities"
+        FIND=`cat ${SNMPD_DAEMON_CONFIG} | grep "^com2sec" | ${AWKBINARY} '{ print $4 }'`
+        for I in ${FIND}; do
+            logtext "Output: ${I}"
+            if [ "${I}" = "public" -o "${I}" = "private" ]; then
+                logtext "Result: found easy guessable snmp community string (${I})"
+                WARN=1
+                AddHP 1 3
+            fi
+        done
+
+        # Check status of test
+        if [ ${WARN} -eq 0 ]; then
+            Display --indent 2 --text "- Checking SNMP community strings..." --result OK --color GREEN
+            AddHP 2 2
+          else
+            Display --indent 2 --text "- Checking SNMP community strings..." --result WARNING --color RED
+            ReportWarning ${TEST_NO} "M" "Found easy guessable SNMP community string"
+        fi
+    fi
+#
+#################################################################################
+#
+
+wait_for_keypress
+
+#
+#================================================================================
+# Lynis - Copyright 2007-2014, Michael Boelen - www.rootkit.nl - The Netherlands
diff --git a/include/tests_solaris b/include/tests_solaris
new file mode 100644
index 00000000..556444c6
--- /dev/null
+++ b/include/tests_solaris
@@ -0,0 +1,69 @@
+#!/bin/sh
+
+#################################################################################
+#
+#   Lynis
+# ------------------
+#
+# Copyright 2007-2014, Michael Boelen (michael@rootkit.nl), The Netherlands
+# Web site: http://www.rootkit.nl
+#
+# Lynis comes with ABSOLUTELY NO WARRANTY. This is free software, and you are
+# welcome to redistribute it under the terms of the GNU General Public License.
+# See LICENSE file for usage of this software.
+#
+#################################################################################
+#
+# Solaris
+#
+#################################################################################
+#
+    InsertSection "Solaris"
+#
+#################################################################################
+#
+    # Test        : SOL-xxxx
+    # Description : Check if Stop-A is disabled
+#    Register --test-no SOL-xxxx --weight L --network NO --description "Check for running SSH daemon"
+#    if [ ${SKIPTEST} -eq 0 ]; then
+#	logtext "Test: Searching for a SSH daemon..."
+#	# Check running processes
+#	FIND=`${PSBINARY} ax | grep "sshd" | grep -v "grep"`
+#	if [ ! "${FIND}" = "" ]; then
+#	    SSH_DAEMON_RUNNING=1	    
+#	    logtext "Result: Stop-A is disabled"
+#	    Display --indent 2 --text "- Checking running SSH daemon..." --result FOUND --color GREEN
+#	  else
+#	    logtext "Result: Stop-A is NOT disabled"
+#	    Display --indent 2 --text "- Checking running SSH daemon..." --result "NOT FOUND" --color WHITE
+#	fi
+#    fi
+#
+#################################################################################
+#
+    # Test        : SOL-xxxx
+    # Description : Check if vold is disabled, to disallow unaudited mounts
+#    Register --test-no SOL-xxxx --weight L --network NO --description "Check for running SSH daemon"
+#    if [ ${SKIPTEST} -eq 0 ]; then
+#	logtext "Test: Searching for a SSH daemon..."
+#	# Check running processes
+#	FIND=`${PSBINARY} ax | grep "sshd" | grep -v "grep"`
+#	if [ ! "${FIND}" = "" ]; then
+#	    SSH_DAEMON_RUNNING=1	    
+#	    logtext "Result: Stop-A is disabled"
+#	    Display --indent 2 --text "- Checking running SSH daemon..." --result FOUND --color GREEN
+#	  else
+#	    logtext "Result: Stop-A is NOT disabled"
+#	    Display --indent 2 --text "- Checking running SSH daemon..." --result "NOT FOUND" --color WHITE
+#	fi
+#    fi
+
+#
+#################################################################################
+#
+
+wait_for_keypress
+
+#
+#================================================================================
+# Lynis - Copyright 2007-2014, Michael Boelen - www.rootkit.nl - The Netherlands
diff --git a/include/tests_squid b/include/tests_squid
new file mode 100644
index 00000000..eedd23e2
--- /dev/null
+++ b/include/tests_squid
@@ -0,0 +1,384 @@
+#!/bin/sh
+
+#################################################################################
+#
+#   Lynis
+# ------------------
+#
+# Copyright 2007-2014, Michael Boelen (michael@rootkit.nl), The Netherlands
+# Web site: http://www.rootkit.nl
+#
+# Lynis comes with ABSOLUTELY NO WARRANTY. This is free software, and you are
+# welcome to redistribute it under the terms of the GNU General Public License.
+# See LICENSE file for usage of this software.
+#
+#################################################################################
+#
+# Squid
+#
+#################################################################################
+#
+    SQUID_DAEMON_CONFIG_LOCS="/etc /etc/squid /etc/squid3 /usr/local/etc/squid /usr/local/squid/etc"
+    SQUID_DAEMON_CONFIG=""
+    SQUID_DAEMON_UNSAFE_PORTS_LIST="22 23 25"
+    SQUID_DAEMON_RUNNING=0
+#
+#################################################################################
+#
+    InsertSection "Squid Support"
+#
+#################################################################################
+#
+    # Test        : SQD-3602
+    # Description : Check for a running Squid daemon
+    # Notes       : Search for squid(3) with a space, to avoid SquidGuard and other
+    #               programs.
+    Register --test-no SQD-3602 --weight L --network NO --description "Check for running Squid daemon"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        logtext "Test: Searching for a Squid daemon..."
+        FOUND=0
+        # Check running processes
+        FIND=`${PSBINARY} ax | egrep "(squid|squid3) " | grep -v "grep"`
+        if [ ! "${FIND}" = "" ]; then
+            SQUID_DAEMON_RUNNING=1
+            logtext "Result: Squid daemon is running"
+            Display --indent 2 --text "- Checking running Squid daemon..." --result FOUND --color GREEN
+          else
+            logtext "Result: No running Squid daemon found"
+            Display --indent 2 --text "- Checking running Squid daemon..." --result "NOT FOUND" --color WHITE
+        fi
+    fi
+#
+#################################################################################
+#
+    # Test        : SQD-3604
+    # Description : Determine Squid daemon configuration file location
+    if [ ${SQUID_DAEMON_RUNNING} -eq 1 ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
+    Register --test-no SQD-3604 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check Squid daemon file location"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        logtext "Action: searching for squid.conf or squid3.conf file"
+        for I in ${SQUID_DAEMON_CONFIG_LOCS}; do
+            # Checking squid.conf
+            if [ -f "${I}/squid.conf" ]; then
+              logtext "Result: ${I}/squid.conf exists"
+              SQUID_DAEMON_CONFIG="${I}/squid.conf"
+            fi
+            # Checking squid3.conf
+            if [ -f "${I}/squid3.conf" ]; then
+              logtext "Result: ${I}/squid3.conf exists"
+              SQUID_DAEMON_CONFIG="${I}/squid3.conf"
+            fi
+        done
+        if [ "${SQUID_DAEMON_CONFIG}" = "" ]; then
+            logtext "Result: No Squid configuration file found"
+            Display --indent 4 --text "- Searching Squid configuration file..." --result "NOT FOUND" --color YELLOW
+          else
+            logtext "Result: using last found configuration file: ${SQUID_DAEMON_CONFIG}"
+            Display --indent 4 --text "- Searching Squid configuration..." --result FOUND --color GREEN
+        fi
+    fi
+#
+#################################################################################
+#
+    # Test        : SQD-3606
+    # Description : Check Squid version
+    if [ ${SQUID_DAEMON_RUNNING} -eq 1 -a ! "${SQUID_DAEMON_CONFIG}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
+    Register --test-no SQD-3606 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check Squid version"
+    if [ ${SKIPTEST} -eq 0 ]; then
+	if [ ! "${SQUIDBINARY}" = "" ]; then
+	    logtext "Result: Squid binary found (${SQUIDBINARY})"
+	    # Skip check if a setuid/setgid bit is found
+	    FIND=`find ${SQUIDBINARY} \( -perm 4000 -o -perm 2000 \) -print`
+	    if [ "${FIND}" = "" ]; then
+		FIND2=`${SQUIDBINARY} -v | awk '{ if ($3=="Version") { print $4 } }'`
+	        Display --indent 4 --text "- Checking Squid version..." --result "FOUND" --color GREEN
+		SQUID_VERSION="${FIND2}"
+	      else
+	        logtext "Result: test skipped for security reasons, setuid/setgid bit set"
+	        Display --indent 4 --text "- Checking Squid version..." --result "SKIPPED" --color RED
+	    fi
+	  else
+	    logtext "Result: no Squid binary found"
+	fi
+    fi
+#
+#################################################################################
+#
+#    # Test        : SQD-3608
+#    # Description : Check Squid build options
+#    if [ ${SQUID_DAEMON_RUNNING} -eq 1 -a ! "${SQUID_DAEMON_CONFIG}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
+#    Register --test-no SQD-3608 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check Squid version"
+#    if [ ${SKIPTEST} -eq 0 ]; then
+#    fi
+#
+#################################################################################
+#
+    # Test        : SQD-3610
+    # Description : Check Squid configuration options
+    if [ ${SQUID_DAEMON_RUNNING} -eq 1 -a ! "${SQUID_DAEMON_CONFIG}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
+    Register --test-no SQD-3610 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check Squid version"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        logtext "Test: Checking all specific defined options in ${SQUID_DAEMON_CONFIG}"
+	FIND=`cat ${SQUID_DAEMON_CONFIG} | grep -v "^#" | grep -v "^$" | ${AWKBINARY} '{gsub("\t"," ");print}' | sed 's/ /!space!/g'`
+	for I in ${FIND}; do
+	    I=`echo ${I} | sed 's/!space!/ /g'`
+	    logtext "Found Squid option: ${I}"
+	done
+	Display --indent 4 --text "- Checking defined Squid options..." --result "DONE" --color GREEN
+    fi
+#
+#################################################################################
+#
+#    # Test        : SQD-3612
+#    # Description : Check Squid additional configuration files
+#    if [ ${SQUID_DAEMON_RUNNING} -eq 1 -a ! "${SQUID_DAEMON_CONFIG}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
+#    Register --test-no SQD-3612 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check additional Squid configuration files"
+#    if [ ${SKIPTEST} -eq 0 ]; then
+#    fi
+#
+#################################################################################
+#
+    # Test        : SQD-3613
+    # Description : Check Squid configuration options
+    if [ ${SQUID_DAEMON_RUNNING} -eq 1 -a ! "${SQUID_DAEMON_CONFIG}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
+    Register --test-no SQD-3613 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check Squid file permissions"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        logtext "Test: Checking file permissions of ${SQUID_DAEMON_CONFIG}"
+        FIND=`find ${SQUID_DAEMON_CONFIG} -type f -a \( -perm -004 -o -perm -002 -o -perm -001 \)`
+        if [ ! "${FIND}" = "" ]; then
+            logtext "Result: file ${SQUID_DAEMON_CONFIG} is world readable, writable or executable and could leak information or passwords"
+            Display --indent 4 --text "- Checking Squid configuration file permissions..." --result WARNING --color RED
+            ReportSuggestion ${TEST_NO} "Check file permissions of ${SQUID_DAEMON_CONFIG} to limit access"
+            ReportWarning ${TEST_NO} "M" "File permissions of ${SQUID_DAEMON_CONFIG} are not restrictive"
+            AddHP 0 2
+          else
+            logtext "Result: file ${SQUID_DAEMON_CONFIG} has proper file permissions"
+            Display --indent 4 --text "- Checking Squid configuration file permissions..." --result OK --color GREEN
+            AddHP 2 2
+        fi
+    fi
+#
+#################################################################################
+#
+    if [ ${SQUID_DAEMON_RUNNING} -eq 1 -a ! "${SQUID_DAEMON_CONFIG}" = "" ]; then
+        Display --indent 4 --text "- Checking Squid access control..."
+    fi
+#
+#################################################################################
+#
+    # Test        : SQD-3614
+    # Description : Check Squid authentication
+    if [ ${SQUID_DAEMON_RUNNING} -eq 1 -a ! "${SQUID_DAEMON_CONFIG}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
+    Register --test-no SQD-3614 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check Squid authentication methods"
+    if [ ${SKIPTEST} -eq 0 ]; then
+	logtext "Test: check auth_param option for authentication methods"
+	FIND=`grep "^auth_param" ${SQUID_DAEMON_CONFIG} | awk '{ print $2 }'`
+	if [ "${FIND}" = "" ]; then
+	    logtext "No auth_param option found, proxy access anonymous or based on other methods (like ACLs)"
+	    Display --indent 6 --text "- Checking Squid authentication methods..." --result "NONE" --color YELLOW
+	  else
+	    Display --indent 6 --text "- Checking Squid authentication methods..." --result "FOUND" --color GREEN
+	    for I in ${FIND}; do
+		logtext "Result: found authentication method ${I}"
+		report "squid_auth_method=${I}"
+	    done
+	fi
+    fi
+#
+#################################################################################
+#
+    # Test        : SQD-3616
+    # Description : Check external Squid authentication
+    if [ ${SQUID_DAEMON_RUNNING} -eq 1 -a ! "${SQUID_DAEMON_CONFIG}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
+    Register --test-no SQD-3616 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check external Squid authentication"
+    if [ ${SKIPTEST} -eq 0 ]; then
+	logtext "Test: check external_acl_type option for external authentication helpers"
+	FIND=`grep "^external_acl_type" ${SQUID_DAEMON_CONFIG}`
+	if [ "${FIND}" = "" ]; then
+	    logtext "No external_acl_type found"
+	    Display --indent 6 --text "- Checking Squid external authentication methods..." --result "NONE" --color YELLOW
+	  else
+	    Display --indent 6 --text "- Checking Squid external authentication methods..." --result "FOUND" --color GREEN
+	    for I in ${FIND}; do
+		logtext "Result: found external authentication method helper"
+		logtext "Output: ${FIND}"
+		#report "squid_external_acl_type=TRUE"
+	    done
+	fi
+    fi
+#
+#################################################################################
+#
+    # Test        : SQD-3620
+    # Description : Check ACLs
+    if [ ${SQUID_DAEMON_RUNNING} -eq 1 -a ! "${SQUID_DAEMON_CONFIG}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
+    Register --test-no SQD-3620 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check Squid access control lists"
+    if [ ${SKIPTEST} -eq 0 ]; then
+	N=0
+	logtext "Test: checking ACLs"
+	FIND=`grep "^acl " ${SQUID_DAEMON_CONFIG} | sed 's/ /!space!/g'`
+	if [ "${FIND}" = "" ]; then
+	    logtext "Result: No ACLs found"
+	    Display --indent 6 --text "- Checking Access Control Lists..." --result "NONE" --color RED
+	  else
+	    for I in ${FIND}; do
+		N=`expr ${N} + 1`
+		I=`echo ${I} | sed 's/!space!/ /g'`
+		logtext "Found ACL: ${I}"
+		#report "squid_acl=${I}"
+	    done
+	    logtext "Result: Found ${N} ACLs"
+	    Display --indent 6 --text "- Checking Access Control Lists..." --result "${N} ACLs FOUND" --color GREEN
+	fi
+    fi
+#
+#################################################################################
+#
+    # Test        : SQD-3624 [T]
+    # Description : Check unsecure ports in Safe_ports list
+    if [ ${SQUID_DAEMON_RUNNING} -eq 1 -a ! "${SQUID_DAEMON_CONFIG}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
+    Register --test-no SQD-3624 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check Squid safe ports"
+    if [ ${SKIPTEST} -eq 0 ]; then
+	N=0
+	logtext "Test: checking ACL Safe_ports http_access option"
+	FIND=`grep "^http_access" ${SQUID_DAEMON_CONFIG} | grep "Safe_ports"`
+	if [ "${FIND}" = "" ]; then
+	    logtext "Result: no Safe_ports found"
+	    Display --indent 6 --text "- Checking ACL 'Safe_ports' http_access option..." --result "NOT FOUND" --color YELLOW
+	    ReportSuggestion ${TEST_NO} "Check if Squid has been configured to restrict access to all safe ports"
+	  else
+	    logtext "Result: checking ACL safe ports"
+	    FIND2=`grep "^acl Safe_ports port" ${SQUID_DAEMON_CONFIG} | awk '{ print $4 }'`
+	    if [ "${FIND2}" = "" ]; then
+		Display --indent 6 --text "- Checking ACL 'Safe_ports' ports..." --result "NONE FOUND" --color YELLOW
+		ReportSuggestion ${TEST_NO} "Check if Squid has been configured for which ports it can allow outgoing traffic (Safe_ports)"
+		AddHP 0 1
+	      else
+	        logtext "Result: Safe_ports found"
+		for I in ${FIND}; do
+		    logtext "Found safe port: ${I}"
+		done
+		Display --indent 6 --text "- Checking ACL 'Safe_ports' ports..." --result "FOUND" --color GREEN
+	        AddHP 1 1
+	    fi
+	    #SQUID_DAEMON_UNSAFE_PORTS_LIST
+	    for I in ${SQUID_DAEMON_UNSAFE_PORTS_LIST}; do
+		logtext "Test: Checking port ${I} in Safe_ports list"
+	        FIND2=`grep "^acl Safe_ports port ${I}" ${SQUID_DAEMON_CONFIG}`
+	        if [ "${FIND2}" = "" ]; then
+	            Display --indent 6 --text "- Checking ACL 'Safe_ports' (port ${I})..." --result "NOT FOUND" --color GREEN
+	            AddHP 1 1
+	          else
+	            Display --indent 6 --text "- Checking ACL 'Safe_ports' (port ${I})..." --result "FOUND" --color RED
+	            ReportWarning ${TEST_NO} "H" "Squid configuration possibly allows relaying traffic via configured Safe_port ${I}"
+	            AddHP 0 1
+	        fi
+	    done
+	fi
+    fi
+#
+#################################################################################
+#
+    if [ ${SQUID_DAEMON_RUNNING} -eq 1 -a ! "${SQUID_DAEMON_CONFIG}" = "" ]; then
+        Display --indent 4 --text "- Checking Squid Denial of Service tuning options..."
+    fi
+#
+#################################################################################
+#
+    # Test        : SQD-3630 [T]
+    # Description : Check reply_body_max_size value
+    if [ ${SQUID_DAEMON_RUNNING} -eq 1 -a ! "${SQUID_DAEMON_CONFIG}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
+    Register --test-no SQD-3630 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check Squid reply_body_max_size option"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        N=0
+        logtext "Test: checking option reply_body_max_size"
+        FIND=`grep "^reply_body_max_size " ${SQUID_DAEMON_CONFIG} | sed 's/ /!space!/g'`
+        if [ "${FIND}" = "" ]; then
+            logtext "Result: option reply_body_max_size not configured"
+            Display --indent 6 --text "- Checking option: reply_body_max_size" --result "NONE" --color RED
+            AddHP 1 2
+            ReportSuggestion ${TEST_NO} "Configure Squid option reply_body_max_size to limit the upper size of requests."
+          else
+            logtext "Result: option reply_body_max_size configured"
+            logtext "Output: ${FIND}"
+            Display --indent 6 --text "- Checking option: reply_body_max_size" --result "FOUND" --color GREEN
+            AddHP 2 2
+        fi
+    fi
+#
+#################################################################################
+#
+    if [ ${SQUID_DAEMON_RUNNING} -eq 1 -a ! "${SQUID_DAEMON_CONFIG}" = "" ]; then
+        Display --indent 4 --text "- Checking Squid general options..."
+    fi
+#
+#################################################################################
+#
+
+    # Test        : SQD-3680
+    # Description : Check httpd_suppress_version_string
+    if [ ${SQUID_DAEMON_RUNNING} -eq 1 -a ! "${SQUID_DAEMON_CONFIG}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
+    Register --test-no SQD-3680 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check Squid version suppresion"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        FIND=`grep "^httpd_suppress_version_string " ${SQUID_DAEMON_CONFIG} | grep " on"`
+        if [ "${FIND}" = "" ]; then
+            logtext "Result: option httpd_suppress_version_string not configured"
+            Display --indent 6 --text "- Checking option: httpd_supress_version_string" --result "NOT FOUND" --color YELLOW
+            AddHP 1 2
+            ReportSuggestion ${TEST_NO} "Configure Squid option httpd_suppress_version_string (on) to suppress the version."
+          else
+            logtext "Result: option httpd_suppress_version_string configured"
+            logtext "Output: ${FIND}"
+            Display --indent 6 --text "- Checking option: httpd_suppress_version_string" --result "FOUND" --color GREEN
+            AddHP 2 2
+        fi
+    fi
+#
+#################################################################################
+#
+
+
+# Squid
+#Hardening:
+# $1			$3
+# acl			snmp_community
+# acl			maxconn
+# acl			max_user_ip
+#
+# follow_x_forwarded_for
+#Read cache_peer host type(sibling/parent) proxyport icpport options (if set, icp_access should be set as well)
+#Read cache_peer_domain
+#Read cache_peer_access
+#Read icp_access
+#Read icp_port
+#Read htcp_access
+#Read htcp_port
+#Read http_port
+#Read https_port
+#Read cache_dir
+#Read access_log
+#Read coredump_dir
+#Read quick_abort_min / max /pct
+#
+# Memory tuning
+#Read cache_mem
+#Read maximum_object_size_in_memory
+#Read maximum_object_size
+#Read cache_swap_low
+#Read cache_swap_high
+
+# Security
+#cache_effective_user
+# off
+#forwarded_for
+
+#wccp
+#
+#################################################################################
+#
+
+wait_for_keypress
+
+#
+#================================================================================
+# Lynis - Copyright 2007-2014, Michael Boelen - www.rootkit.nl - The Netherlands
diff --git a/include/tests_ssh b/include/tests_ssh
new file mode 100644
index 00000000..91da5f0d
--- /dev/null
+++ b/include/tests_ssh
@@ -0,0 +1,295 @@
+#!/bin/sh
+
+#################################################################################
+#
+#   Lynis
+# ------------------
+#
+# Copyright 2007-2014, Michael Boelen (michael@rootkit.nl), The Netherlands
+# Web site: http://www.rootkit.nl
+#
+# Lynis comes with ABSOLUTELY NO WARRANTY. This is free software, and you are
+# welcome to redistribute it under the terms of the GNU General Public License.
+# See LICENSE file for usage of this software.
+#
+#################################################################################
+#
+# SSH
+#
+#################################################################################
+#
+    SSH_DAEMON_CONFIG_LOCS="/etc /etc/ssh /usr/local/etc/ssh /opt/csw/etc/ssh"
+    SSH_DAEMON_CONFIG=""
+    SSH_DAEMON_PORT=""
+    SSH_DAEMON_RUNNING=0
+#
+#################################################################################
+#
+    InsertSection "SSH Support"
+#
+#################################################################################
+#
+    # Test        : SSH-7402
+    # Description : Check for a running SSH daemon
+    Register --test-no SSH-7402 --weight L --network NO --description "Check for running SSH daemon"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        logtext "Test: Searching for a SSH daemon..."
+        IsRunning sshd
+        if [ ${RUNNING} -eq 1 ]; then
+            SSH_DAEMON_RUNNING=1
+            Display --indent 2 --text "- Checking running SSH daemon..." --result FOUND --color GREEN
+          else
+            Display --indent 2 --text "- Checking running SSH daemon..." --result "NOT FOUND" --color WHITE
+        fi
+    fi
+#
+#################################################################################
+#
+    # Test        : SSH-7404
+    # Description : Determine SSH daemon configuration file location
+    if [ ${SSH_DAEMON_RUNNING} -eq 1 ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
+    Register --test-no SSH-7404 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check SSH daemon file location"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        FOUND=0
+        logtext "Action: searching for sshd_config file"
+        for I in ${SSH_DAEMON_CONFIG_LOCS}; do
+            if [ -f "${I}/sshd_config" ]; then
+              logtext "Result: ${I}/sshd_config exists"
+              if [ ${FOUND} -eq 1 ]; then
+                  ReportException "${TEST_NO}:01"
+                  logtext "Result: we already had found another sshd_config file. Using this new file then."
+              fi
+              FOUND=1
+	      SSH_DAEMON_CONFIG="${I}/sshd_config"
+	    fi
+	done
+	if [ "${SSH_DAEMON_CONFIG}" = "" ]; then
+	    logtext "Result: No sshd configuration found"
+	    Display --indent 4 --text "- Searching SSH configuration..." --result "NOT FOUND" --color YELLOW
+	  else
+	    logtext "Result: using last found configuration file: ${SSH_DAEMON_CONFIG}"
+	    Display --indent 4 --text "- Searching SSH configuration..." --result FOUND --color GREEN
+	fi
+    fi
+#
+#################################################################################
+#
+#    # Test        : SSH-7406
+#    # Description : Check for a running SSH daemon
+#    if [ ${SSH_DAEMON_RUNNING} -eq 1 -a ! "${SSH_DAEMON_CONFIG}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
+#    Register --test-no SSH-7406 --preqs-met ${PREQS_MET} --weight L --network NO --description "SSH daemon listening port"
+#    if [ ${SKIPTEST} -eq 0 ]; then
+#        logtext "Test: Searching for a SSH daemon..."
+#        CheckOption "^Port " ${SSH_DAEMON_CONFIG}
+#        if [ ${FOUND} -eq 1 ]; then
+#            FIND=`echo ${FIND} | awk '{ if ($1=="Port") { print $2 }}'`
+#            # Check if this output is numeric and usuable for later (e.g. in netstat output)
+#            Display --indent 2 --text "- Checking SSH listening port..." --result FOUND --color GREEN
+#            logtext "Result: setting port number to ${FIND}"
+#            SSH_DAEMON_PORT="${FIND}"
+#          else
+#            Display --indent 2 --text "- Checking SSH listening port..." --result "NOT FOUND" --color WHITE
+#            logtext "Result: setting port to default number, as no other port has been configured"
+#            SSH_DAEMON_PORT="22"
+#        fi
+#    fi
+#
+#################################################################################
+#
+    # Test        : SSH-7408
+    # Description : Check SSH specific defined options
+    if [ ${SSH_DAEMON_RUNNING} -eq 1 -a ! "${SSH_DAEMON_CONFIG}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
+    Register --test-no SSH-7408 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check SSH defined options"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        logtext "Test: Checking all specific defined options in ${SSH_DAEMON_CONFIG}"
+        FIND=`cat ${SSH_DAEMON_CONFIG} | grep -v "^#" | grep -v "^$" | ${AWKBINARY} '{gsub("\t"," ");print}' | sed 's/ /!space!/g'`
+        for I in ${FIND}; do
+            I=`echo ${I} | sed 's/!space!/ /g'`
+            logtext "Found SSH option: ${I}"
+        done
+        Display --indent 4 --text "- Checking defined SSH options..." --result "DONE" --color GREEN
+    fi
+#
+#################################################################################
+#
+    # Test        : SSH-7412
+    # Description : Check SSH PermitRootLogin option
+    if [ ${SSH_DAEMON_RUNNING} -eq 1 -a ! "${SSH_DAEMON_CONFIG}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
+    Register --test-no SSH-7412 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check SSH option: PermitRootLogin"
+    if [ ${SKIPTEST} -eq 0 ]; then
+	logtext "Test: check PermitRootLogin option"
+	FIND=`cat ${SSH_DAEMON_CONFIG} | grep "^PermitRootLogin" | awk '{ print $2 }'`
+	if [ "${FIND}" = "yes" -o "${FIND}" = "YES" -o "${FIND}" = "Yes" ]; then
+	    logtext "Result: PermitRootLogin is enabled, root can login directly"
+	    Display --indent 4 --text "- SSH option: PermitRootLogin..." --result WARNING --color RED
+            ReportWarning ${TEST_NO} "M" "Root can directly login via SSH"
+	    AddHP 0 3
+	  else
+	    # YYY add test for DenyUsers root
+	    if [ "${FIND}" = "no" -o "${FIND}" = "No" ]; then
+	        logtext "Result: PermitRootLogin is disabled. Root can't login directly"
+	        Display --indent 4 --text "- SSH option: PermitRootLogin..." --result DISABLED --color GREEN
+		AddHP 3 3
+	      else	
+	        logtext "Result: Value of PermitRootLogin is unknown (not defined)"
+	        Display --indent 4 --text "- SSH option: PermitRootLogin..." --result DEFAULT --color WHITE
+	    fi
+	fi
+    fi
+#
+#################################################################################
+#
+    # Test        : SSH-7414
+    # Description : Check SSH Protocol option
+    if [ ${SSH_DAEMON_RUNNING} -eq 1 -a ! "${SSH_DAEMON_CONFIG}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
+    Register --test-no SSH-7414 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check SSH option: Protocol"
+    if [ ${SKIPTEST} -eq 0 ]; then
+	logtext "Test: check allowed SSH protocol versions"
+	FIND=`cat ${SSH_DAEMON_CONFIG} | grep "^Protocol" | awk '{ print $2 }'`
+	if [ "${FIND}" = "1" -o "${FIND}" = "2,1" -o "${FIND}" = "1,2" ]; then
+	    logtext "Result: Protocol option is set to allow SSH protocol version 1"
+	    Display --indent 4 --text "- SSH option: Protocol..." --result WARNING --color RED
+            ReportWarning ${TEST_NO} "M" "SSH protocol version 1 is allowed"
+	    AddHP 0 3
+	  else
+	    if [ "${FIND}" = "2" ]; then
+	        logtext "Result: only protocol 2 is allowed"
+	        Display --indent 4 --text "- SSH option: Protocol..." --result OK --color GREEN
+		AddHP 3 3
+	      else	
+	        logtext "Result: value of Protocol is unknown (not defined)"
+	        Display --indent 4 --text "- SSH option: Protocol..." --result DEFAULT --color WHITE
+	    fi
+	fi
+    fi
+#
+#################################################################################
+#
+    # Test        : SSH-7416
+    # Description : Check SSH StrictModes option
+    if [ ${SSH_DAEMON_RUNNING} -eq 1 -a ! "${SSH_DAEMON_CONFIG}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
+    Register --test-no SSH-7416 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check SSH option: StrictModes"
+    if [ ${SKIPTEST} -eq 0 ]; then
+	logtext "Test: Check configured StrictModes option"
+	FIND=`cat ${SSH_DAEMON_CONFIG} | grep "^StrictModes" | awk '{ print $2 }'`
+	if [ "${FIND}" = "no" -o "${FIND}" = "NO" -o "${FIND}" = "No" ]; then
+	    logtext "Result: StrictModes option is set to 'no', which means file permissions are NOT checked"
+	    Display --indent 4 --text "- SSH option: StrictModes..." --result WARNING --color RED
+            ReportWarning ${TEST_NO} "M" "StrictModes is turned off"
+	    ReportSuggestion ${TEST_NO} "Check StrictModes option in sshd_config"
+	    AddHP 0 3
+	  else
+	    if [ "${FIND}" = "yes" -o "${FIND}" = "YES" -o "${FIND}" = "Yes" ]; then
+	        logtext "Result: StrictModes active, file permissions are checked"
+	        Display --indent 4 --text "- SSH option: StrictModes..." --result OK --color GREEN
+		AddHP 3 3
+	      else	
+	        logtext "Result: value of StrictModes is unknown (not defined)"
+	        Display --indent 4 --text "- SSH option: StrictModes..." --result DEFAULT --color WHITE
+	    fi
+	fi
+    fi
+#
+#################################################################################
+#
+    # Test        : SSH-7418
+    # Description : Check SSH Port option
+#    if [ ${SSH_DAEMON_RUNNING} -eq 1 -a ! "${SSH_DAEMON_CONFIG}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
+#    Register --test-no SSH-7418 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check SSH option: Port"
+#    if [ ${SKIPTEST} -eq 0 ]; then
+#	logtext "Test: check allowed SSH protocol versions"
+#	FIND=`cat ${SSH_DAEMON_CONFIG} | grep "^Port" | awk '{ if ($2!="22") { print $2 } }'`
+#	if [ "${FIND}" = "1" -o "${FIND}" = "2,1" -o "${FIND}" = "1,2" ]; then
+#	    logtext "Result: Protocol option is set to allow SSH protocol version 1"
+#	    Display --indent 4 --text "- SSH option: Protocol..." --result WARNING --color RED
+#            ReportWarning ${TEST_NO} "M" "SSH protocol version 1 is allowed"
+#	    AddHP 0 3
+#	  else
+#	    if [ "${FIND}" = "2" ]; then
+#	        logtext "Result: only protocol 2 is allowed"
+#	        Display --indent 4 --text "- SSH option: Protocol..." --result OK --color GREEN
+#		AddHP 3 3
+#	      else	
+#	        logtext "Result: value of Protocol is unknown (not defined)"
+#	        Display --indent 4 --text "- SSH option: Protocol..." --result DEFAULT --color WHITE
+#	    fi
+#	fi
+#    fi
+#
+#################################################################################
+#
+    # Test        : SSH-7440
+    # Description : AllowUsers / AllowGroups
+    # Goal        : Check if only a specific amount of users/groups can log in to the system
+    if [ ${SSH_DAEMON_RUNNING} -eq 1 -a ! "${SSH_DAEMON_CONFIG}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
+    Register --test-no SSH-7440 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check SSH option: AllowUsers and AllowGroups"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        FOUND=0
+	# AllowUsers
+	FIND=`egrep "^AllowUsers" ${SSH_DAEMON_CONFIG} | awk '{ print $2 }'`
+	if [ ! "${FIND}" = "" ]; then
+	    logtext "Result: AllowUsers set, with value ${FIND}"
+	    Display --indent 4 --text "- SSH option: AllowUsers..." --result FOUND --color GREEN
+	    FOUND=1
+	  else
+	    logtext "Result: AllowUsers is not set"
+	    Display --indent 4 --text "- SSH option: AllowUsers..." --result "NOT FOUND" --color WHITE
+	fi
+    
+	# AllowGroups
+	FIND=`egrep "^AllowGroups" ${SSH_DAEMON_CONFIG} | awk '{ print $2 }'`
+	if [ ! "${FIND}" = "" ]; then
+	    logtext "Result: AllowUsers set ${FIND}"
+	    Display --indent 4 --text "- SSH option: AllowGroups..." --result FOUND --color GREEN
+	    FOUND=1
+	  else
+	    logtext "Result: AllowGroups is not set"
+	    Display --indent 4 --text "- SSH option: AllowGroups..." --result "NOT FOUND" --color WHITE
+	fi
+
+	if [ ${FOUND} -eq 1 ]; then
+	    logtext "Result: SSH is limited to a specific set of users, which is good"
+	    AddHP 2 2
+	  else
+	    logtext "Result: SSH has no specific user or group limitation. Most likely all valid users can SSH to this machine."
+	    AddHP 0 1
+	fi
+    fi
+#
+#################################################################################
+#
+    # Test        : SSH-7464
+    # Description : HashKnownHosts
+    #if [ ${SSH_DAEMON_RUNNING} -eq 1 -a ! "${SSH_DAEMON_CONFIG}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
+    #Register --test-no SSH-7464 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check SSH option: HashKnownHosts"
+    #if [ ${SKIPTEST} -eq 0 ]; then
+    # /etc/ssh/ssh_config
+    #            ReportSuggestion ${TEST_NO} "HashKnownHosts option can migitate worm attacks"
+    #AddHP 2 2
+    #fi
+#
+#################################################################################
+#
+    # Test        : SSH-7480
+    # Description : AllowUsers / AllowGroups
+    # Goal        : Scan SSH daemon
+    #if [ ! ${SSHKEYSCANBINARY} = "" -a ${SSH_DAEMON_RUNNING} -eq 1 ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
+    #Register --test-no SSH-7480 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check SSH option: AllowUsers and AllowGroups"
+    #if [ ${SKIPTEST} -eq 0 ]; then
+    # First determine what port the local instance of SSH daemon is running on. If unknown, use port 22
+    # FIND=`${SSHKEYSCANBINARY} localhost 2>&1 | grep OpenSSH | egrep -i "bsd|debian|ubuntu|redhat"`
+#
+#################################################################################
+#
+    # sshd -T can provide additional insights
+#
+#################################################################################
+#
+report "ssh_daemon_running=${SSH_DAEMON_RUNNING}"
+#report "ssh_daemon_port=${SSH_DAEMON_PORT}"
+
+wait_for_keypress
+
+#
+#================================================================================
+# Lynis - Copyright 2007-2014, Michael Boelen - www.rootkit.nl - The Netherlands
diff --git a/include/tests_storage b/include/tests_storage
new file mode 100644
index 00000000..16d0a874
--- /dev/null
+++ b/include/tests_storage
@@ -0,0 +1,117 @@
+#!/bin/sh
+
+#################################################################################
+#
+#   Lynis
+# ------------------
+#
+# Copyright 2007-2014, Michael Boelen (michael@rootkit.nl), The Netherlands
+# Web site: http://www.rootkit.nl
+#
+# Lynis comes with ABSOLUTELY NO WARRANTY. This is free software, and you are
+# welcome to redistribute it under the terms of the GNU General Public License.
+# See LICENSE file for usage of this software.
+#
+#################################################################################
+#
+    InsertSection "Storage"
+#
+#################################################################################
+#
+    AUTOMOUNTER_DAEMON_RUNNING=0
+    NFS_DAEMON_RUNNING=0
+    AUTOMOUNTER_DAEMON_TOOL=""
+#
+#################################################################################
+#
+    # Test        : STRG-1840
+    # Description : Check for disabled USB storage
+    Register --test-no STRG-1840 --os Linux --weight L --network NO --description "Check if USB storage is disabled"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        FOUND=0
+        logtext "Test: Checking USB storage driver in directory /etc/modprobe.d and configuration file /etc/modprobe.conf"
+        if [ -d /etc/modprobe.d ]; then
+            FIND=`ls /etc/modprobe.d/* 2>/dev/null`
+            if [ ! "${FIND}" = "" ]; then
+                FIND=`grep -r "install usb-storage /bin/true" /etc/modprobe.d/* | grep "usb-storage" | grep -v "#"`
+                FIND2=`egrep -r "^blacklist (usb_storage|usb-storage)" /etc/modprobe.d/*`
+                if [ ! "${FIND}" = "" -o ! "${FIND2}" = "" ]; then
+                    FOUND=1
+                    logtext "Result: found usb-storage driver in disabled state"
+                fi
+              else
+                logtext "Result: uncommon situation. Found /etc/modprobe.d directory, but no files in it."
+            fi
+        fi
+        if [ -f /etc/modprobe.conf ]; then
+            FIND=`grep "install usb-storage /bin/true" /etc/modprobe.conf | grep "usb-storage" | grep -v "#"`
+            if [ ! "${FIND}" = "" ]; then
+                FOUND=1
+                logtext "Result: found usb-storage driver in disabled state"
+            fi
+        fi
+        if [ ${FOUND} -eq 0 ]; then
+            logtext "Result: usb-storage driver is not explicitly disabled"
+            Display --indent 2 --text "- Checking usb-storage driver (modprobe config)..." --result "NOT DISABLED" --color WHITE
+            ReportSuggestion ${TEST_NO} "Disable drivers like USB storage when not used, to prevent unauthorized storage or data theft"
+            AddHP 2 3
+          else
+            logtext "Result: usb-storage driver is disabled"
+            Display --indent 2 --text "- Checking usb-storage driver (modprobe config)..." --result "DISABLED" --color GREEN
+            AddHP 3 3
+        fi
+    fi
+#
+#################################################################################
+#
+    # Test        : STRG-1846
+    # Description : Check for disabled firewire storage
+    Register --test-no STRG-1846 --os Linux --weight L --network NO --description "Check if firewire storage is disabled"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        FOUND=0
+        logtext "Test: Checking firewire storage driver in directory /etc/modprobe.d and configuration file /etc/modprobe.conf"
+        if [ -d /etc/modprobe.d ]; then
+            FIND1=`egrep "blacklist (ohci1394|firewire-ohci)" /etc/modprobe.d/* | grep "ohci" | grep -v "#"`	
+            FIND2=`egrep "install (ohci1394|firewire-ohci) /bin/true" /etc/modprobe.d/* | grep "ohci" | grep -v "#"`
+            if [ ! "${FIND1}" = "" -o ! "${FIND2}" = "" ]; then
+                FOUND=1
+                logtext "Result: found firewire ohci driver in disabled state"	    
+            fi
+        fi
+        if [ -f /etc/modprobe.conf ]; then
+            FIND1=`egrep -r "blacklist (ohci1394|firewire-ohci)" /etc/modprobe.conf | grep "ohci" | grep -v "#"`	
+            FIND2=`egrep -r "install (ohci1394|firewire-ohci) /bin/true" /etc/modprobe.conf | grep "ohci" | grep -v "#"`
+            if [ ! "${FIND1}" = "" -o ! "${FIND2}" = "" ]; then
+                FOUND=1
+                logtext "Result: found firewire ohci driver in disabled state"
+            fi
+        fi
+
+        if [ ${FOUND} -eq 0 ]; then
+            logtext "Result: firewire ohci driver is not explicitly disabled"
+            Display --indent 2 --text "- Checking firewire ohci driver (modprobe config)..." --result "NOT DISABLED" --color WHITE
+            ReportSuggestion ${TEST_NO} "Disable drivers like firewire storage when not used, to prevent unauthorized storage or data theft"
+            # after blacklisting modules, make sure to remove them from the initram filesystem: update-initramfs -u
+            AddHP 2 3
+          else
+            logtext "Result: firewire ohci driver is disabled"
+            Display --indent 2 --text "- Checking firewire ohci driver (modprobe config)..." --result "DISABLED" --color GREEN
+            AddHP 3 3
+        fi
+    fi
+#
+#################################################################################
+#
+
+# NetBSD: amd (auto mount daemon)
+
+#
+#################################################################################
+#
+
+
+wait_for_keypress
+
+#
+#================================================================================
+# Lynis - Copyright 2007-2014, Michael Boelen - www.rootkit.nl - The Netherlands
diff --git a/include/tests_storage_nfs b/include/tests_storage_nfs
new file mode 100644
index 00000000..defdf679
--- /dev/null
+++ b/include/tests_storage_nfs
@@ -0,0 +1,181 @@
+#!/bin/sh
+
+#################################################################################
+#
+#   Lynis
+# ------------------
+#
+# Copyright 2007-2014, Michael Boelen (michael@rootkit.nl), The Netherlands
+# Web site: http://www.rootkit.nl
+#
+# Lynis comes with ABSOLUTELY NO WARRANTY. This is free software, and you are
+# welcome to redistribute it under the terms of the GNU General Public License.
+# See LICENSE file for usage of this software.
+#
+#################################################################################
+#
+# NFS
+#
+#################################################################################
+#
+    InsertSection "NFS"
+#
+#################################################################################
+#
+    NFS_DAEMON_RUNNING=0
+    NFS_EXPORTS_EMPTY=0
+#
+#################################################################################
+#
+
+    # Test        : STRG-1902
+    # Description : Check rpcinfo
+    if [ ! "${RPCINFOBINARY}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi    
+    Register --test-no STRG-1902 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check rpcinfo registered programs"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        logtext "Test: Checking rpcinfo registered programs"
+        FIND=`${RPCINFOBINARY} -p 2> /dev/null | tr -s ' ' ','`
+        for I in ${FIND}; do
+            logtext "rpcinfo: ${I}"
+        done
+        Display --indent 2 --text "- Query rpc registered programs..." --result "DONE" --color GREEN
+    fi
+#
+#################################################################################
+#
+    # Test        : STRG-1904
+    # Description : Check nfs versions in rpcinfo
+    if [ ! "${RPCINFOBINARY}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi    
+    Register --test-no STRG-1904 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check nfs rpc"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        logtext "Test: Checking NFS registered versions"
+        FIND=`${RPCINFOBINARY} -p 2> /dev/null | ${AWKBINARY} '{ if ($5=="nfs") { print $2 } }' | uniq | sort`
+        for I in ${FIND}; do
+            logtext "Found version: ${I}"
+        done
+        Display --indent 2 --text "- Query NFS versions..." --result "DONE" --color GREEN
+    fi
+#
+#################################################################################
+#
+    # Test        : STRG-1906
+    # Description : Check nfs protocols (TCP/UDP) and port in rpcinfo
+    if [ ! "${RPCINFOBINARY}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi    
+    Register --test-no STRG-1906 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check nfs rpc"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        logtext "Test: Checking NFS registered protocols"
+        FIND=`${RPCINFOBINARY} -p 2> /dev/null | ${AWKBINARY} '{ if ($5=="nfs") { print $3 } }' | uniq | sort`
+        for I in ${FIND}; do
+            logtext "Found protocol: ${I}"
+        done
+        if [ "${FIND}" = "" ]; then
+            logtext "Output: no NFS protocols found"
+        fi
+
+        # Check port number
+        logtext "Test: Checking NFS registered ports"
+        FIND=`${RPCINFOBINARY} -p 2> /dev/null | ${AWKBINARY} '{ if ($5=="nfs") { print $3 } }' | uniq | sort`
+        for I in ${FIND}; do
+            logtext "Found port: ${I}"
+        done
+        if [ "${FIND}" = "" ]; then
+            logtext "Output: no NFS port number found"
+        fi
+        Display --indent 2 --text "- Query NFS protocols..." --result "DONE" --color GREEN
+    fi
+#
+#################################################################################
+#
+    # Test        : STRG-1920
+    # Description : Check for running NFS daemons
+    Register --test-no STRG-1920 --weight L --network NO --description "Checking NFS daemon"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        logtext "Test: Checking running NFS daemon"
+        FIND=`${PSBINARY} ax | grep "nfsd" | grep -v "grep"`
+        if [ "${FIND}" = "" ]; then
+            logtext "Output: NFS daemon is not running"
+            Display --indent 2 --text "- Check running NFS daemon..." --result "NOT FOUND" --color WHITE
+          else
+            logtext "Output: NFS daemon is running"
+            Display --indent 2 --text "- Check running NFS daemon.." --result "FOUND" --color GREEN
+            NFS_DAEMON_RUNNING=1
+        fi
+    fi
+#
+#################################################################################
+#
+    # Test        : STRG-1924
+    # Description : Check missing nfs in rpcinfo while NFS is running
+    #Register --test-no STRG-1924 --weight L --network NO --description "Checking NFS daemon"
+    #if [ ${SKIPTEST} -eq 0 ]; then
+#
+#################################################################################
+#
+    # Test        : STRG-1926
+    # Description : Check NFS exports
+    if [ ${NFS_DAEMON_RUNNING} -eq 1 ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
+    Register --test-no STRG-1926 --preqs-met ${PREQS_MET} --weight L --network NO --description "Checking NFS exports"
+    if [ ${SKIPTEST} -eq 0 ]; then    
+        logtext "Test: check /etc/exports"
+        if [ -f /etc/exports ]; then
+            logtext "Result: /etc/exports exists"
+            FIND=`cat /etc/exports | grep -v "^$" | grep -v "^#" | sed 's/ /!space!/g'`
+            if [ ! "${FIND}" = "" ]; then
+                for I in ${FIND}; do
+                    I=`echo ${I} | sed 's/!space!/ /g'`
+                    logtext "Found line: ${I}"
+                done
+              else
+                logtext "Result: /etc/exports does not contain exported file systems"
+                NFS_EXPORTS_EMPTY=1
+            fi
+            Display --indent 4 --text "- Checking /etc/exports..." --result "FOUND" --color GREEN
+          else
+            logtext "Result: file /etc/exports does not exist"
+            Display --indent 4 --text "- Checking /etc/exports..." --result "NOT FOUND" --color WHITE
+        fi
+    fi
+#
+#################################################################################
+#
+    # Test        : STRG-1928
+    # Description : Check for empty exports file while NFS is running
+    if [ ${NFS_DAEMON_RUNNING} -eq 1 ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi    
+    Register --test-no STRG-1928 --preqs-met ${PREQS_MET} --weight L --network NO --description "Checking empty /etc/exports"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        if [ ${NFS_EXPORTS_EMPTY} -eq 1 ]; then
+            Display --indent 6 --text "- Checking empty /etc/exports..." --result SUGGESTION --color YELLOW
+            logtext "Result: /etc/exports seems to have no exported file systems"
+            ReportSuggestion ${TEST_NO} "/etc/exports has no exported file systems, while NFS daemon is running. Check if NFS needs to run on this system"
+        fi
+    fi
+#
+#################################################################################
+#
+    # Test        : STRG-1930
+    # Description : Check client access to nfs share
+    if [ ${NFS_DAEMON_RUNNING} -eq 1 -a ${NFS_EXPORTS_EMPTY} -eq 0 -a ! "${SHOWMOUNTBINARY}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
+    Register --test-no STRG-1930 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check client access to nfs share"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        #logtext "Test: "
+        sFIND=`${SHOWMOUNTBINARY} -e | awk '{ print $2 }' | sed '1d'| grep "\*"`
+        if [ "${sFIND}" != "" ]; then
+            logtext "Result: all client are allowed to access a NFS share in /etc/exports"
+            Display --indent 4 --text "- Checking NFS client access..." --result "ALL CLIENTS" --color YELLOW
+            ReportSuggestion ${TEST_NO} "Specify clients that are allowed to access a NFS share /etc/exports"
+            AddHP 2 3
+        else
+            logtext "Result: only some clients are allowed to access a NFS share"
+            Display --indent 4 --text "- Checking NFS client access..." --result OK --color GREEN
+            AddHP 3 3
+        fi
+    fi
+#
+#################################################################################
+#
+
+wait_for_keypress
+
+#
+#================================================================================
+# Lynis - Copyright 2007-2014, Michael Boelen - www.rootkit.nl - The Netherlands
diff --git a/include/tests_tcpwrappers b/include/tests_tcpwrappers
new file mode 100644
index 00000000..949adbf0
--- /dev/null
+++ b/include/tests_tcpwrappers
@@ -0,0 +1,47 @@
+#!/bin/sh
+
+#################################################################################
+#
+#   Lynis
+# ------------------
+#
+# Copyright 2007-2014, Michael Boelen (michael@rootkit.nl), The Netherlands
+# Web site: http://www.rootkit.nl
+#
+# Lynis comes with ABSOLUTELY NO WARRANTY. This is free software, and you are
+# welcome to redistribute it under the terms of the GNU General Public License.
+# See LICENSE file for usage of this software.
+#
+#################################################################################
+#
+# TCP Wrappers
+# Run after: NFS checks
+#
+#################################################################################
+#
+#
+#################################################################################
+#
+#    InsertSection "TCP Wrappers"
+#
+#################################################################################
+#
+    # Test        : TCPW-xxxx (YYY move to nameservices section)
+    # Description : Basic nameserver configuration tests (connectivity)
+#    Register --test-no TCPW-xxxx --weight L --network YES --description "Basic nameserver configuration tests"
+#    if [ ${SKIPTEST} -eq 0 ]; then
+#        Display --indent 2 --text "- Checking configured nameservers..."
+#        logtext "Test: Checking /etc/resolv.conf file"
+#		    	    Display --indent 8 --text "Nameserver: ${I}..." --result OK --color GREEN
+#		    	    ReportSuggestion ${TEST_NO} "Check connection to this nameserver and make sure no outbound DNS queries are blocked (port 53 UDP and TCP)."
+#			    ReportWarning ${TEST_NO} "L" "Nameserver ${I} does not respond"
+#    fi
+#
+#################################################################################
+#
+
+#wait_for_keypress
+
+#
+#================================================================================
+# Lynis - Copyright 2007-2014, Michael Boelen - www.rootkit.nl - The Netherlands
diff --git a/include/tests_time b/include/tests_time
new file mode 100644
index 00000000..69a76a17
--- /dev/null
+++ b/include/tests_time
@@ -0,0 +1,428 @@
+#!/bin/sh
+
+#################################################################################
+#
+#   Lynis
+# ------------------
+#
+# Copyright 2007-2014, Michael Boelen (michael@rootkit.nl), The Netherlands
+# Web site: http://www.rootkit.nl
+#
+# Lynis comes with ABSOLUTELY NO WARRANTY. This is free software, and you are
+# welcome to redistribute it under the terms of the GNU General Public License.
+# See LICENSE file for usage of this software.
+#
+#################################################################################
+#
+# Time
+#
+#################################################################################
+#
+    InsertSection "Time and Synchronization"
+#
+#################################################################################
+#
+    NTP_DAEMON=""
+    NTP_DAEMON_RUNNING=0
+    NTP_CONFIG_FOUND=0
+    NTP_CONFIG_TYPE_DAEMON=0
+    NTP_CONFIG_TYPE_SCHEDULED=0
+    NTP_CONFIG_TYPE_EVENTBASED=0
+    NTP_CONFIG_TYPE_STARTUP=0
+    # Specific for ntpd
+    NTPD_RUNNING=0
+    CRON_DIRS="/etc/cron.d /etc/cron.hourly /etc/cron.daily /etc/cron.weekly /etc/cron.monthly /var/spool/crontabs"
+#
+#################################################################################
+#
+    # Test        : TIME-3104
+    # Description : Check for a running NTP daemon
+    if [ -f /sys/hypervisor/type ]; then
+          # Skip NTP tests if we are in a DomU xen instance YYY
+          FIND=`cat /sys/hypervisor/type`
+          if [ "${FIND}" = "xen" ]; then PREQS_MET="NO"; else PREQS_MET="YES"; fi
+        else
+          PREQS_MET="YES"
+    fi
+    Register --test-no TIME-3104 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check for running NTP daemon or client"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        # Linux/FreeBSD (ntpdate), OpenBSD (ntpd, rdate)
+        logtext "Test: Searching for a running NTP daemon or available client... "
+        FOUND=0
+
+        # Check running processes
+        FIND=`${PSBINARY} ax | grep "ntpd" | grep -v "dntpd" | grep -v "grep"`
+        if [ ! "${FIND}" = "" ]; then
+            FOUND=1; NTPD_RUNNING=1; NTP_DAEMON_RUNNING=1; NTP_CONFIG_TYPE_DAEMON=1
+            NTP_DAEMON="ntpd"
+            logtext "Result: found running NTP daemon in process list"
+            Display --indent 2 --text "- Checking running NTP daemon (ntpd)..." --result FOUND --color GREEN
+          else
+            logtext "Result: NTP daemon not found in process list"
+            Display --indent 2 --text "- Checking running NTP daemon (ntpd)..." --result "NOT FOUND" --color WHITE
+        fi
+
+        # Check time daemon (eg NetBSD)
+        IsRunning timed
+        if [ ${RUNNING} -eq 1 ]; then
+            FOUND=1; NTP_DAEMON_RUNNING=1; NTP_CONFIG_TYPE_DAEMON=1; NTP_DAEMON="timed"
+            Display --indent 2 --text "- Checking running NTP daemon (timed)..." --result FOUND --color GREEN
+          else
+            Display --indent 2 --text "- Checking running NTP daemon (timed)..." --result "NOT FOUND" --color WHITE
+        fi
+
+        # Check time daemon (eg DragonFly BSD)
+        IsRunning dntpd
+        if [ ${RUNNING} -eq 1 ]; then
+            FOUND=1; NTP_DAEMON_RUNNING=1; NTP_CONFIG_TYPE_DAEMON=1; NTP_DAEMON="dntpd"
+            Display --indent 2 --text "- Checking running NTP daemon (dntpd)..." --result FOUND --color GREEN
+          else
+            Display --indent 2 --text "- Checking running NTP daemon (dntpd)..." --result "NOT FOUND" --color WHITE
+        fi
+
+        # Check crontab for OpenBSD/FreeBSD
+        # Check anacrontab for Linux
+        CRONTAB_FILES="/etc/anacrontab /etc/crontab"
+        for I in ${CRONTAB_FILES}; do
+            if [ -f ${I} ]; then
+                logtext "Test: checking for ntpdate or rdate in crontab file ${I}"
+                FIND=`cat ${I} | ${EGREPBINARY} "ntpdate|rdate" | grep -v '^#'`
+                if [ ! "${FIND}" = "" ]; then
+                    FOUND=1;
+                    NTP_CONFIG_TYPE_SCHEDULED=1
+                    Display --indent 2 --text "- Checking NTP client in crontab file (${I})..." --result FOUND --color GREEN
+                    logtext "Result: found ntpdate or rdate reference in crontab file ${I}"
+                  else
+                    Display --indent 2 --text "- Checking NTP client in crontab file (${I})..." --result "NOT FOUND" --color WHITE
+                    logtext "Result: no ntpdate or rdate reference found in crontab file ${I}"
+                fi
+              else
+                logtext "Result: crontab file ${I} not found"
+          fi
+        done
+
+        ##########################
+        # To do: test on Solaris #
+        ##########################
+
+        # Don't run check in cron job directory on Solaris
+        # /etc/cron.d/FIFO is a special file and test get stuck at this file
+        FOUND_IN_CRON=0
+
+        # Check cron jobs
+        for I in ${CRON_DIRS}; do
+            if [ -d ${I} ]; then
+                FIND=`ls ${I} | grep -v FIFO`
+                if [ ! "${FIND}" = "" ]; then
+                    for J in ${FIND}; do
+                        logtext "Test: checking for ntpdate or rdate in ${I}/${J}"
+                        FIND2=`${EGREPBINARY} "rdate|ntpdate" ${I}/${J} | grep -v "^#"`
+                        if [ ! "${FIND2}" = "" ]; then
+                            logtext "Positive match found: ${FIND2}"
+                            FOUND=1; FOUND_IN_CRON=1; NTP_CONFIG_TYPE_SCHEDULED=1
+                        fi
+                    done
+                  else
+                    logtext "Result: ${I} is empty, skipping search in directory"
+                fi
+            fi
+        done
+
+        if [ ${FOUND_IN_CRON} -eq 1 ]; then
+            Display --indent 2 --text "- Checking NTP client in cron files..." --result FOUND --color GREEN
+            logtext "Result: found ntpdate or rdate in cron directory"
+          else
+            Display --indent 2 --text "- Checking NTP client in cron.d files..." --result "NOT FOUND" --color WHITE
+            logtext "Result: no ntpdate or rdate found in cron directories"
+        fi
+
+
+        # Checking if ntpdate is performed by event
+        logtext "Test: checking for file /etc/network/if-up.d/ntpdate"
+        if [ -f /etc/network/if-up.d/ntpdate ]; then
+            logtext "Result: found ntpdate action when network interface comes up"
+            FOUND=1
+            NTP_CONFIG_TYPE_EVENTBASED=1
+            Display --indent 2 --text "- Checking event based ntpdate (if-up)..." --result FOUND --color GREEN
+          else
+            logtext "Result: file /etc/network/if-up.d/ntpdate does not exist"
+        fi
+
+        if [ "${OS}" = "FreeBSD" ]; then
+            logtext "Test: Checking if ntpdate is enabled at startup in FreeBSD"
+            if [ -f /etc/rc.conf ]; then
+                FIND=`grep 'ntpdate_enable="YES"' /etc/rc.conf`
+                if [ ! "${FIND}" = "" ]; then
+                    logtext "Result: ntpdate is enabled in rc.conf"
+                    # Mark system having a NTP client, but remind user to improve it
+                    FOUND=1
+                    NTP_CONFIG_TYPE_STARTUP=1
+                    ReportSuggestion ${TEST_NO} "Although ntpdate is enabled in rc.conf, it is adviced to run it at least daily or use a NTP daemon"
+                  else
+                    logtext "Result: ntpdate is not enabled in rc.conf"
+                fi
+            fi
+        fi
+
+        if [ ${FOUND} -eq 0 ]; then
+            Display --indent 2 --text "- Checking for a running NTP daemon or client" --result WARNING --color RED
+            logtext "Result: Could not find a NTP daemon or client"
+            ReportSuggestion ${TEST_NO} "Use NTP daemon or NTP client to prevent time issues."
+            AddHP 0 2
+          else
+            Display --indent 2 --text "- Checking for a running NTP daemon or client" --result OK --color GREEN
+            logtext "Result: Found a time syncing daemon/client."
+            AddHP 3 3
+        fi
+    fi
+#
+#################################################################################
+#
+    # Test        : TIME-3112
+    # Description : Check for valid associations from ntpq peers list
+    if [ ${NTPD_RUNNING} -eq 1 -a ! "${NTPQBINARY}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
+    Register --test-no TIME-3112 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check active NTP associations ID's"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        logtext "Test: Checking for NTP association ID's from ntpq peers list"
+        FIND=`${NTPQBINARY} -p -n | grep "No association ID's returned"`
+        if [ "${FIND}" = "" ]; then
+            Display --indent 2 --text "- Checking valid association ID's" --result FOUND --color GREEN
+            logtext "Result: Found one or more association ID's"
+          else
+            Display --indent 2 --text "- Checking valid association ID's" --result WARNING --color RED
+            ReportSuggestion ${TEST_NO} "Check ntp.conf for properly configured NTP servers and a correctly functioning name service."
+        fi
+    fi
+#
+#################################################################################
+#
+    # Test        : TIME-3116
+    # Description : Check for stratum 16 peers
+    if [ ${NTPD_RUNNING} -eq 1 -a ! "${NTPQBINARY}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
+    Register --test-no TIME-3116 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check peers with stratum value of 16"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        N=0
+        logtext "Test: Checking stratum 16 sources from ntpq peers list"
+        FIND=`${NTPQBINARY} -p -n | awk '{ if ($3=="16") { print $1 } }'`
+        if [ "${FIND}" = "" ]; then
+            Display --indent 2 --text "- Checking high stratum ntp peers" --result OK --color GREEN
+            logtext "Result: All peers are lower than stratum 16"
+          else
+            for I in ${FIND}; do
+                logtext "Found stratum 16 peer: ${I}"
+                FIND2=`egrep "^ntp:ignore_stratum_16_peer:${I}:" ${PROFILE}`
+                if [ "${FIND2}" = "" ]; then
+                    N=`expr ${N} + 1`
+                  else
+                    logtext "Output: host ${I} ignored by profile"
+                fi
+            done
+            # Check if one or more high stratum time servers are found
+            if [ ${N} -eq 0 ]; then
+                Display --indent 2 --text "- Checking high stratum ntp peers" --result OK --color GREEN
+                logtext "Result: all non local servers are lower than stratum 16, or whitelisted within the scan profile"
+              else
+                Display --indent 2 --text "- Checking high stratum ntp peers" --result WARNING --color RED
+                logtext "Result: Found one or more high stratum (16) peers)"
+                ReportSuggestion ${TEST_NO} "Check ntpq peers output"
+                ReportWarning ${TEST_NO} "L" "Found one or more stratum 16 peers"
+            fi
+        fi
+    fi
+#
+#################################################################################
+#
+    # Test        : TIME-3120
+    # Description : Check unreliable peers from peer list
+    # Notes       : Items with # are too far away (network distance)
+    #               Items with - are not chosing due clustering algoritm
+    if [ ${NTPD_RUNNING} -eq 1 -a ! "${NTPQBINARY}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
+    Register --test-no TIME-3120 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check unreliable NTP peers"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        logtext "Test: Checking unreliable ntp peers"
+        FIND=`${NTPQBINARY} -p -n | egrep "^(-|#)" | awk '{ print $1 }' | sed 's/^-//g'`
+        if [ "${FIND}" = "" ]; then
+            Display --indent 2 --text "- Checking unreliable ntp peers" --result NONE --color GREEN
+            logtext "Result: No unreliable peers found"
+          else
+            Display --indent 2 --text "- Checking unreliable ntp peers" --result FOUND --color YELLOW
+            logtext "Result: Found one or more unreliable peers (marked with a minus or dash sign)"
+            for I in ${FIND}; do
+                logtext "Unreliable peer: ${I}"
+            done
+            ReportSuggestion ${TEST_NO} "Check ntpq peers output for unreliable ntp peers and correct/replace them"
+        fi
+    fi
+#
+#################################################################################
+#
+    # Test        : TIME-3124
+    # Description : Check selected time source
+    if [ ${NTPD_RUNNING} -eq 1 -a ! "${NTPQBINARY}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
+    Register --test-no TIME-3124 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check selected time source"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        logtext "Test: Checking selected time source"
+        FIND=`${NTPQBINARY} -p -n | grep '^*' | awk '{ if ($4=="l") { print $1 } }'`
+        FIND2=`${NTPQBINARY} -p -n | grep '^*' | awk '{ print $1 }'`
+        if [ "${FIND}" = "" -a ! "${FIND2}" = "" ]; then
+            Display --indent 2 --text "- Checking selected time source" --result OK --color GREEN
+            FIND2=`echo ${FIND2} | sed 's/*//g'`
+            logtext "Result: Found selected time source (value: ${FIND2})"
+          else
+            Display --indent 2 --text "- Checking selected time source" --result WARNING --color RED
+            logtext "Result: Found local source as selected time source. This could indicate that no external sources are available to sync with."
+            logtext "Local source: ${FIND}"
+            ReportSuggestion ${TEST_NO} "Check ntpq peers output for selected time source"
+        fi
+    fi
+#
+#################################################################################
+#
+    # Test        : TIME-3128
+    # Description : Check time source candidates
+    if [ ${NTPD_RUNNING} -eq 1 -a ! "${NTPQBINARY}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
+    Register --test-no TIME-3128 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check preffered time source"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        logtext "Test: Checking preferred time source"
+        FIND=`${NTPQBINARY} -p -n | grep '^+' | awk '{ print $1 }'`
+        if [ "${FIND}" = "" ]; then
+            Display --indent 2 --text "- Checking time source candidates..." --result NONE --color YELLOW
+            logtext "Result: No other time source candidates found"
+            ReportSuggestion ${TEST_NO} "Check ntpq peers output for time source candidates"
+          else
+            Display --indent 2 --text "- Checking time source candidates..." --result OK --color GREEN
+            logtext "Result: Found one or more candidates to synchronize time with."
+                for I in ${FIND}; do
+                I=`echo ${I} | sed 's/+//g'`
+                logtext "Candidate found: ${I}"
+            done
+        fi
+    fi
+#
+#################################################################################
+#
+    # Test        : TIME-3132
+    # Description : Check ntpq falsetickers
+    if [ ${NTPD_RUNNING} -eq 1 -a ! "${NTPQBINARY}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
+    Register --test-no TIME-3132 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check NTP falsetickers"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        logtext "Test: Checking preferred time source"
+        FIND=`${NTPQBINARY} -p -n | grep '^x'`
+        if [ "${FIND}" = "" ]; then
+            Display --indent 2 --text "- Checking falsetickers..." --result OK --color GREEN
+            logtext "Result: No falsetickers found (items preceeding with an 'x')"
+          else
+            Display --indent 2 --text "- Checking falsetickers..." --result NONE --color YELLOW
+            logtext "Result: Found one or more falsetickers  (items preceeding with an 'x')"
+            for I in ${FIND}; do
+                I=`echo ${I} | sed 's/x//g'`
+                logtext "Falseticker found: ${I}"
+                report "ntp_falseticker=${I}"
+            done
+            ReportSuggestion ${TEST_NO} "Check ntpq peers output for falsetickers"
+        fi
+    fi
+#
+#################################################################################
+#
+    # Test        : TIME-3136
+    # Description : Check ntpq reported ntp version (Linux)
+    # Notes       : Test could be improved by checking every host (YYY)
+    if [ ${NTPD_RUNNING} -eq 1 -a ! "${NTPQBINARY}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
+    Register --test-no TIME-3136 --os Linux --preqs-met ${PREQS_MET} --weight L --network NO --description "Check NTP protocol version"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        logtext "Test: Checking NTP protocol version (ntpq -c ntpversion)"
+        FIND=`${NTPQBINARY} -c ntpversion | awk '{ if ($1=="NTP" && $2=="version" && $5=="is") { print $6 } }'`
+        if [ "${FIND}" = "" ]; then
+            Display --indent 2 --text "- Checking NTP version..." --result UNKNOWN --color YELLOW
+            logtext "Result: No NTP version found"
+            ReportSuggestion ${TEST_NO} "Check ntpq output for NTP protocol version"
+          else
+            Display --indent 2 --text "- Checking NTP version..." --result FOUND --color GREEN
+            logtext "Result: Found NTP version ${FIND}"
+            report "ntp_version=${FIND}"
+        fi
+    fi
+#
+#################################################################################
+#
+    # Test        : TIME-3146
+    # Description : Check /etc/default/ntpdate (Linux)
+    # Notes       : ntpdate-debian binary
+    #if [ ${NTPD_RUNNING} -eq 1 -a ! "${NTPQBINARY}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
+    #Register --test-no TIME-3146 --os Linux --preqs-met ${PREQS_MET} --weight L --network NO --description "Check /etc/default/ntpdate"
+    #if [ ${SKIPTEST} -eq 0 ]; then
+#
+#################################################################################
+#
+    # Test        : TIME-3160
+    # Description : Check empty NTP step-tickers
+    # Notes       : Mostly applies to Red Hat and clones
+    if [ "${NTPD_RUNNING}" -eq 1 -a ! "${NTPQBINARY}" = "" -a ! "${CHKCONFIGBINARY}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
+    Register --test-no TIME-3160 --os Linux --preqs-met ${PREQS_MET} --weight L --network NO --description "Check empty NTP step-tickers"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        FOUND=0
+        FILE="/etc/ntp/step-tickers"
+        if [ -f ${FILE} ]; then
+            if [ -z ${FILE} ]; then
+                logtext "Result: ${FILE} is empty. The step-tickers contain no configured NTP servers"
+                Display --indent 2 --text "- Checking NTP step-tickers file" --result "EMPTY FILE" --color YELLOW
+                ReportSuggestion ${TEST_NO} "Use step-rickers file for quicker time synchronization"
+              else
+                logtext "Result: /etc/ntp/step-tickers is not empty, which is fine"
+                Display --indent 2 --text "- Checking NTP step-tickers file" --result "OK" --color GREEN
+                sFIND=`${AWKBINARY} '/^server/ { print $2 }' /etc/ntp.conf | ${GREPBINARY} -v '127.127.1.0'`
+                for I in ${sFIND}; do
+                    FIND=`${GREPBINARY} ^${I} ${FILE} | wc -l`
+                    if [ ${FIND} -gt 0 ]; then
+                        logtext "Result: $I exist in ${FILE}"
+                      else
+                        logtext "Result: ${I} does NOT exist in ${FILE}"
+                        FOUND=1
+                    fi
+                done
+                if [ ${FOUND} -eq 1 ]; then
+                    Display --indent 4 --text "- Checking step-tickers ntp servers entries" --result "SOME MISSING" --color YELLOW
+                    ReportSuggestion ${TEST_NO} "Some time servers missing in step-tickers file"
+                    AddHP 3 4
+                  else
+                    Display --indent 4 --text "- Checking step-tickers ntp servers entries" --result OK --color GREEN
+                    logtext "Result: all time servers are in step-tickers file"
+                    AddHP 4 4
+                fi
+            fi
+            logtext "Information: step-tickers is used by ntpdate where as ntp.conf is the configuration file for the ntpd daemon. ntpdate is initially run to set the clock before ntpd to make sure time is within 1000 sec."
+            logtext "Risk: ntp will not run at boot if the time difference between the server and client by more then 1000 sec."
+          else
+            logtext "Result: test skipped because ${FILE} not found"
+        fi
+    fi
+#
+#################################################################################
+#
+
+wait_for_keypress
+
+#
+#################################################################################
+#
+    report "ntp_config_found=${NTP_CONFIG_FOUND}"
+    report "ntp_config_type_daemon=${NTP_CONFIG_TYPE_DAEMON}"
+    report "ntp_config_type_eventbased=${NTP_CONFIG_TYPE_EVENTBASED}"
+    report "ntp_config_type_scheduled=${NTP_CONFIG_TYPE_SCHEDULED}"
+    report "ntp_config_type_startup=${NTP_CONFIG_TYPE_STARTUP}"
+    report "ntp_daemon=${NTP_DAEMON}"
+    report "ntp_daemon_running=${NTP_DAEMON_RUNNING}"
+
+
+    # OS        Time daemons  Configuration file
+    # --------------------------------------------
+    # AIX       xntpd         /etc/ntp.conf
+    # HP
+    # Linux     ntpd          /etc/ntp.conf
+    # OpenBSD   ntpd          /etc/ntpd.conf
+    # Solaris   xntpd         /etc/inet/ntp.conf
+
+#
+#================================================================================
+# Lynis - Copyright 2007-2014, Michael Boelen - www.rootkit.nl - The Netherlands
diff --git a/include/tests_tooling b/include/tests_tooling
new file mode 100644
index 00000000..70701f9a
--- /dev/null
+++ b/include/tests_tooling
@@ -0,0 +1,78 @@
+#!/bin/sh
+
+#################################################################################
+#
+#   Lynis
+# ------------------
+#
+# Copyright 2007-2014, Michael Boelen (michael@rootkit.nl), The Netherlands
+# Web site: http://www.rootkit.nl
+#
+# Lynis comes with ABSOLUTELY NO WARRANTY. This is free software, and you are
+# welcome to redistribute it under the terms of the GNU General Public License.
+# See LICENSE file for usage of this software.
+#
+#################################################################################
+#
+    AUTOMATION_TOOL_FOUND=0
+    BACKUP_AGENT_FOUND=0
+#
+#################################################################################
+#
+    InsertSection "Software: System tooling"
+
+PUPPET_MASTER_RUNNING=0
+
+#
+#################################################################################
+#
+# Automation
+#
+#################################################################################
+#
+    # Test        : TOOL-5002
+    # Description : Check if automation tools are found
+    Register --test-no TOOL-5002 --weight L --network NO --description "Checking for automation tools"
+    if [ ${SKIPTEST} -eq 0 ]; then
+
+        Display --indent 2 --text "- Checking automation tooling..."
+
+        # Cfengine
+        if [ ! "${CFAGENTBINARY}" = "" ]; then
+            logtext "Result: Cfengine (cfagent) is installed (${CFAGENTBINARY})"
+            AUTOMATION_TOOL_FOUND=1
+            Display --indent 4 --text "Found: Cfengine (cfagent)" --result FOUND --color GREEN
+        fi
+
+        # Puppet
+        if [ ! "${PUPPETBINARY}" = "" ]; then
+            logtext "Result: Puppet is installed (${PUPPETBINARY})"
+            AUTOMATION_TOOL_FOUND=1
+            Display --indent 4 --text "Found: Puppet (agent)" --result FOUND --color GREEN
+        fi
+        IsRunning "puppet master"
+        if [ ${RUNNING} -eq 1 ]; then
+            logtext "Result: found puppet master"
+            PUPPET_MASTER_RUNNING=1
+            Display --indent 4 --text "Found: Puppet (master)" --result FOUND --color GREEN
+        fi
+
+        if [ ${AUTOMATION_TOOL_FOUND} -eq 1 ]; then
+            Display --indent 2 --text "- Automation tooling" --result FOUND --color GREEN
+          else
+            Display --indent 2 --text "- Automation tooling" --result "NOT FOUND" --color YELLOW
+            ReportSuggestion ${TEST_NO} "Determine if automation tools are present for system management"
+        fi
+    fi
+#
+#################################################################################
+#
+# Backup tools
+#
+#################################################################################
+#
+    wait_for_keypress
+
+#
+#================================================================================
+# Lynis - Copyright 2007-2014, Michael Boelen - www.rootkit.nl - The Netherlands
diff --git a/include/tests_virtualization b/include/tests_virtualization
new file mode 100644
index 00000000..4afd6d03
--- /dev/null
+++ b/include/tests_virtualization
@@ -0,0 +1,97 @@
+#!/bin/sh
+
+#################################################################################
+#
+#   Lynis
+# ------------------
+#
+# Copyright 2007-2014, Michael Boelen (michael@rootkit.nl), The Netherlands
+# Web site: http://www.rootkit.nl
+#
+# Lynis comes with ABSOLUTELY NO WARRANTY. This is free software, and you are
+# welcome to redistribute it under the terms of the GNU General Public License.
+# See LICENSE file for usage of this software.
+#
+#################################################################################
+#
+# Virtualization
+#
+#################################################################################
+#
+    InsertSection "Virtualization"
+#
+#################################################################################
+#
+    # Test        : VIRT-1902
+    # Description : Query running Solaris zones
+    if [ -x /usr/sbin/zoneadm ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
+    Register --test-no VIRT-1902 --os Solaris --weight L --network NO --description "Query running Solaris zones"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        logtext "Test: query zoneadm to list all running zones"
+        FIND=`/usr/sbin/zoneadm list -p | awk -F: '{ if ($2!="global") print $0 }'`
+        if [ ! "${FIND}" = "" ]; then
+            N=0
+            for I in ${FIND}; do
+                N=`expr ${N} + 1`
+                ZONEID=`echo ${I} | cut -d ':' -f1`
+                ZONENAME=`echo ${I} | cut -d ':' -f2`
+                logtext "Result: found zone ${ZONENAME} (running)"
+                report "solaris_running_zone[]=${ZONENAME} [id:${ZONEID}]"
+            done
+            logtext "Result: total of ${N} running zones"
+            Display --indent 2 --text "- Checking Solaris Zones..." --result "FOUND ${N} zones" --color GREEN
+          else
+            logtext "Result: no running zones found"
+            Display --indent 2 --text "- Checking Solaris Zones..." --result NONE --color WHITE
+        fi
+    fi
+#
+#################################################################################
+#
+    # Test        : VIRT-1906
+    # Description : Query running Xen zones
+    #if [ -x /usr/bin/xm ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
+    #Register --test-no VIRT-1906 --weight L --network NO --description "Query Xen guests"
+    #if [ ${SKIPTEST} -eq 0 ]; then
+        # Show Xen guests
+        #FIND=`xm list | awk '$1 != "Name|Domain-0" {print $1","$2}'`
+        #for I in ${FIND}; do
+            #XENGUESTNAME=`echo ${I} | cut -d ':' -f1`
+            #XENGUESTID=`echo ${I} | cut -d ':' -f2`
+            #logtext "Result: found Xen guest ${XENGUESTNAME} (ID: ${XENGUESTID})"
+        #done
+    #fi
+#
+#################################################################################
+#
+
+#    # Test        : VIRT-1920
+#    # Description : Checking VMware
+#    Register --test-no VIRT-1920 --weight L --network NO --description "Checking VMware guest status"
+#    if [ ${SKIPTEST} -eq 0 ]; then
+#        # Initialise
+#        VMWARE_GUEST=0
+#        Display --indent 2 --text "- Checking VMware guest status..."
+#        #YYY check memory driver file
+#        #YYY check LKM list
+#        #YYY check vmware tools
+#        logtext "Test: checking VMware tools daemon presence"
+#        if [ ! "${VMWARETOOLSBINARY}" = "" ]; then
+#            logtext "Result: VMware tools binary found"
+#            VMWARE_GUEST=1
+#            Display --indent 4 --text "- Checking VMware tools daemon" --result FOUND --color GREEN
+#          else
+#            Display --indent 4 --text "- Checking VMware tools daemon" --result "NOT FOUND" --color WHITE
+#        fi
+#
+#    fi
+#
+#################################################################################
+#
+
+
+wait_for_keypress
+
+#
+#================================================================================
+# Lynis - Copyright 2007-2014, Michael Boelen - www.rootkit.nl - The Netherlands
diff --git a/include/tests_webservers b/include/tests_webservers
new file mode 100644
index 00000000..8ec5ca24
--- /dev/null
+++ b/include/tests_webservers
@@ -0,0 +1,695 @@
+#!/bin/sh
+
+#################################################################################
+#
+#   Lynis
+# ------------------
+#
+# Copyright 2007-2014, Michael Boelen (michael@rootkit.nl), The Netherlands
+# Web site: http://www.rootkit.nl
+#
+# Lynis comes with ABSOLUTELY NO WARRANTY. This is free software, and you are
+# welcome to redistribute it under the terms of the GNU General Public License.
+# See LICENSE file for usage of this software.
+#
+#################################################################################
+#
+# Software: webserver
+#
+#################################################################################
+#
+    InsertSection "Software: webserver"
+#
+#################################################################################
+#
+    # Reset Apache status
+    APACHE_INSTALLED=0
+    APACHE_MODULES_ENABLED_LOCS="/etc/apache2/mods-enabled"
+    APACHE_MODULES_LOCS="/etc/httpd/modules /opt/local/apache2/modules /usr/lib/apache2/modules /usr/lib/httpd/modules /usr/local/libexec/apache /usr/local/libexec/apache22 /usr/lib64/apache2/modules /usr/lib64/httpd/modules"
+    NGINX_RUNNING=0
+    NGINX_CONF_LOCS="/etc/nginx /usr/local/etc/nginx /usr/local/nginx/conf"
+    NGINX_CONF_LOCATION=""
+#
+#################################################################################
+#
+    sTEST_APACHE_TARGETS="/etc/apache /etc/apache2 /etc/httpd /usr/local/apache /usr/local/apache2 \
+                          /usr/local/etc/apache /usr/local/etc/apache2 /usr/local/etc/apache22 \
+                          /usr/pkg/etc/httpd /etc/sysconfig/apache2"
+
+    if [ "${OS}" = "AIX" ]; then
+        RANDOMSTRING1=`echo lynis-$(od -N4 -tu /dev/random | awk 'NR==1 {print $2} {}')`; RANDOMSTRING2=`echo lynis2-$(od -N4 -tu /dev/random | awk 'NR==1 {print $2} {}')`
+        TMPFILE="/tmp/${RANDOMSTRING1}"; TMPFILE2="/tmp/${RANDOMSTRING2}"
+        echo "" > ${TMPFILE}; echo "" > ${TMPFILE2}
+      else
+        TMPFILE=`mktemp /tmp/lynis.XXXXXXXXXX` || exit 1
+        TMPFILE2=`mktemp /tmp/lynis2.XXXXXXXXXX` || exit 1
+    fi
+#
+#################################################################################
+#
+    # Test        : HTTP-6622
+    # Description : Test for Apache installation
+    # Notes       : Do not run on NetBSD, -v is unknown option for httpd binary
+    if [ ! "${OS}" = "NetBSD" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
+    Register --test-no HTTP-6622 --preqs-met ${PREQS_MET} --weight L --network NO --description "Checking Apache presence"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        if [ "${HTTPDBINARY}" = "" ]; then
+            Display --indent 2 --text "- Checking Apache" --result "NOT FOUND" --color WHITE
+          else
+            logtext "Test: Scanning for Apache binary..."
+            IS_APACHE=`${HTTPDBINARY} -v | egrep '[aA]pache'`
+            if [ "${IS_APACHE}" = "" ]; then
+                logtext "Result: ${HTTPDBINARY} is not Apache"
+                Display --indent 2 --text "- Checking Apache (binary ${HTTPDBINARY})" --result "NO MATCH" --color WHITE
+              else
+                Display --indent 2 --text "- Checking Apache (binary ${HTTPDBINARY})" --result "FOUND" --color GREEN
+                logtext "Result: ${HTTPDBINARY} seems to be Apache HTTP daemon"
+                APACHE_INSTALLED=1
+            fi
+        fi
+    fi
+#
+#################################################################################
+#
+    # Test        : HTTP-6624
+    # Description : Testing main Apache configuration file
+    # Notes       : Do not run on NetBSD, -V is unknown option for httpd binary
+    if [ ${APACHE_INSTALLED} -eq 1 ]; then
+        if [ ! "${OS}" = "NetBSD" ]; then
+            PREQS_MET="YES"
+          else
+            PREQS_MET="NO"
+        fi
+      else
+        PREQS_MET="NO"
+    fi
+    Register --test-no HTTP-6624 --preqs-met ${PREQS_MET} --weight L --network NO --description "Testing main Apache configuration file"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        APACHE_CONFIGFILE=""
+        APACHE_TEST=`${HTTPDBINARY} -V | grep "\-D SERVER_CONFIG_FILE=" | sed 's/[ ]-D SERVER_CONFIG_FILE=//' | tr -d '"' | tr -d ' '`
+
+        if [ "${APACHE_TEST}" = "" ]; then
+            Display --indent 6 --text "Result: Can't find the configuration file, so skipping some Apache related tests"
+          else
+            # We found a possible match. Checking if it's valid filename. If not, we need to add a prefix
+            if [ -f ${APACHE_TEST} ]; then
+                APACHE_CONFIGFILE="${APACHE_TEST}"
+                Display --indent 6 --text "Info: Configuration file found (${APACHE_CONFIGFILE})"
+              else
+                # Probably the prefix is missing, so we are going to search that
+                APACHE_HTTPDROOT=`${HTTPDBINARY} -V | grep "\-D HTTPD_ROOT=" | sed 's/[ ]-D HTTPD_ROOT=//' | tr -d '"' | tr -d ' '`
+                #echo "Apache root prefix: ${APACHE_HTTPDROOT}"
+                #echo "Complete path to configuration file: ${APACHE_HTTPDROOT}/${APACHE_TEST}"
+                APACHE_TESTFILE="${APACHE_HTTPDROOT}/${APACHE_TEST}"
+                if [ -f ${APACHE_TESTFILE} ]; then
+                    APACHE_CONFIGFILE="${APACHE_TESTFILE}"
+                    Display --indent 6 --text "Info: Configuration file found (${APACHE_CONFIGFILE})"
+                    logtext "Result: Configuration file found (${APACHE_CONFIGFILE})"
+                  else
+                    logtext "Exception: File or directory ${APACHE_CONFIGFILE} does not exist"
+                    Display --indent 6 --text "[Notice] possible directory/file parts found, but still unsure what the real configuration file is. Skipping some Apache related tests"
+                    ReportException "${TEST_NO}:1" "Found some unknown directory or file references in Apache configuration"
+                fi
+            fi
+        fi
+    fi
+#
+#################################################################################
+#
+    # Test        : HTTP-6626
+    # Description : Testing other Apache configuration files
+    if [ ${APACHE_INSTALLED} -eq 1 ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
+    Register --test-no HTTP-6626 --preqs-met ${PREQS_MET} --weight L --network NO --description "Testing other Apache configuration file"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        #Display --indent 4 --text "- Searching Apache virtual hosts..."
+        for I in ${sTEST_APACHE_TARGETS}; do
+            if [ -d ${I} ]; then
+                find ${I} -name "*.conf" -print >> ${TMPFILE2}
+            fi
+        done
+
+        # Sort unsorted list, save it in temp file and then remove unsorted list
+        if [ -f ${TMPFILE2} ]; then
+            sort ${TMPFILE2} | uniq >> ${TMPFILE}
+            rm -f ${TMPFILE2}
+        fi
+        cVHOSTS=0; tVHOSTS=""
+
+        # Check every configuration file
+        for I in `cat ${TMPFILE}`; do
+            logtext "Apache config file: ${I}"
+
+            # Search Virtual Hosts
+            for J in `cat ${I} | grep "ServerName" | grep -v "^#" | awk '{ if ($1=="ServerName") print $2 }'`; do
+                if [ ! -z ${J} ]; then
+                    tVHOSTS="${tVHOSTS} ${J}"
+                    cVHOSTS=`expr ${cVHOSTS} + 1`
+                fi
+            done
+            # Search Server aliases
+            for J in `cat ${I} | grep "ServerAlias" | grep -v "^#" | sed "s/.* ServerAlias//g" | sed "s/#.*//g"`; do
+                if [ ! -z ${J} ]; then
+                    tVHOSTS="${tVHOSTS} ${J}"
+                    cVHOSTS=`expr ${cVHOSTS} + 1`
+                fi
+            done
+        done
+
+        # Log all virtual hosts we found
+            for J in ${tVHOSTS}; do
+                if [ ! -z ${J} ]; then
+                    logtext "Virtual host: ${J}"
+                    report "apache_vhost_name[]=${J}"
+                fi
+            done
+
+        # Show number of vhosts if we found any
+        logtext "Result: found ${cVHOSTS} virtual hosts"
+        if [ ${cVHOSTS} -gt 0 ]; then
+            Display --indent 6 --text "Info: Found ${cVHOSTS} virtual hosts"
+          else
+            Display --indent 6 --text "Info: No virtual hosts found"
+        fi
+    fi
+
+    # Remove temp files
+    if [ -f ${TMPFILE} -a ! "${TMPFILE}" = "" ]; then
+        rm -f ${TMPFILE}
+    fi
+    if [ ! "${TMPFILE2}" = "" ]; then if [ -f ${TMPFILE2} ]; then rm -f ${TMPFILE2}; fi; fi
+#
+#################################################################################
+#
+    # Test        : HTTP-6628
+    # Description : Testing other Apache configuration files
+    #if [ ${APACHE_INSTALLED} -eq 1 ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
+    #Register --test-no HTTP-6628 --preqs-met ${PREQS_MET} --weight L --network NO --description "Testing other Apache configuration file"
+    #if [ ${SKIPTEST} -eq 0 ]; then
+#    	        # Configuration specific tests
+#	        SERVERTOKENSFOUND=0
+#	        APACHE_CONFIGFILES="${APACHE_CONFIGFILE} /usr/local/etc/apache22/extra/httpd-default.conf /etc/apache2/sysconfig.d/global.conf"
+#		
+#	        for APACHE_CONFIGFILE in ${APACHE_CONFIGFILES}; do
+#	            if [ -f ${APACHE_CONFIGFILE} ]; then	            
+#	        	# Check if option ServerTokens is configured
+#	        	SERVERTOKENSTEST=`cat ${APACHE_CONFIGFILE} | grep ServerTokens | grep -v '^#'`
+#	        	if [ ! "${SERVERTOKENSTEST}" = "" ]; then
+#	    		    Display --indent 4 --text "- Checking option ServerTokens..." --result FOUND --color WHITE
+#	        	    SERVERTOKENSTEST=`echo ${SERVERTOKENSTEST} | sed 's/ServerTokens//' | tr -d ' '`
+#	    		    logtext "Option ServerTokens found: ${SERVERTOKENSTEST}"
+#	    		    SERVERTOKENSEXPECTED=`cat ${PROFILE} | grep 'apache' | grep 'ServerTokens' | cut -d ':' -f3`
+#	    		    if [ "${SERVERTOKENSEXPECTED}" = "${SERVERTOKENSTEST}" ]; then
+#	    		        logtext "Result: Value from configuration file yielded the same output as in template"
+#	    		        SERVERTOKENSFOUND=1
+#	    	              else
+#	    		        logtext "Warning: Value of ServerTokens within active configuration is different than from used template."
+#	    		        logtext "Found: ${SERVERTOKENSTEST}"
+#	    		        logtext "Expected: ${SERVERTOKENSEXPECTED}"
+#	    		    fi
+#	    	          else
+#	        	    Display --indent 4 --text "- Checking option ServerTokens..." --result "NOT FOUND" --color WHITE
+#	        	fi
+#	    	
+#    		    else
+#    		      # File does not exist, skipping
+#    		      logtext "File ${APACHE_CONFIGFILE} does not exist, so skipping tests on this file"
+#    	      fi
+#    	    done
+#    	    
+#    	    # Display results from checks
+#    	    if [ ${SERVERTOKENSFOUND} -eq 1 ]; then
+#        	Display --indent 6 --text "- Value of ServerTokens..." --result OK --color GREEN
+#    	      else	    
+#    	        Display --indent 6 --text "- Value of ServerTokens..." --result WARNING --color RED
+#        	ReportWarning ${TEST_NO} "M" "Value of 'ServerTokens' in Apache config is different than template"
+#    	    fi
+#           fi
+#        fi
+#    fi
+
+#
+#################################################################################
+#
+    # Test        : HTTP-6630
+    # Description : Search for all loaded modules
+    #if [ ${APACHE_INSTALLED} -eq 1 ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
+    #Register --test-no HTTP-6630 --preqs-met ${PREQS_MET} --weight L --network NO --description "Determining all loaded Apache modules"
+    #if [ ${SKIPTEST} -eq 0 ]; then
+        # Testing Debian style
+        #logtext "Test: searching loaded/enabled Apache modules"
+        #apachectl -t -D DUMP_MODULES 2>&1 | egrep -v "(Loaded Modules|Syntax OK)" | sed 's/(\(shared\|static\))//' | sed 's/ //'
+        #for I in ${APACHE_MODULES_ENABLED_LOCS}; do
+            #logtext "Test: checking ${I}"
+            #if [ -d ${I} ]; then
+                #FIND=`grep -r LoadModule ${I}/* | grep -v "^#" | awk '{ print $2":"$3 }'`
+              #else
+                #logtext "Result: ${I} does not exist"
+            #fi
+        #done
+    #fi
+#
+#################################################################################
+#
+    # Test        : HTTP-6632
+    # Description : Search for available Apache modules
+    if [ ${APACHE_INSTALLED} -eq 1 ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
+    Register --test-no HTTP-6632 --preqs-met ${PREQS_MET} --weight L --network NO --description "Determining all available Apache modules"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        logtext "Test: searching available Apache modules"
+        N=0
+        for I in ${APACHE_MODULES_LOCS}; do
+            DirectoryExists ${I}
+            if [ ${DIRECTORY_FOUND} -eq 1 ]; then
+                FIND=`find ${I} -name mod_* -print | sort`
+                for J in ${FIND}; do
+                    report "apache_module[]=${J}"
+                    logtext "Result: found Apache module ${J}"
+                    N=`expr ${N} + 1`
+                done
+            fi
+        done
+        if [ ${N} -eq 0 ]; then
+            Display --indent 4 --text "* Loadable modules" --result "NONE" --color WHITE
+            ReportException "${TEST_NO}:1" "No loadable Apache modules found"
+          else
+            Display --indent 4 --text "* Loadable modules" --result "FOUND" --color GREEN
+            Display --indent 8 --text "- Found ${N} loadable modules"
+        fi
+    fi
+#
+#################################################################################
+#
+    # Test        : HTTP-6640
+    # Description : Search for special Apache modules: evasive
+    if [ ${APACHE_INSTALLED} -eq 1 ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
+    Register --test-no HTTP-6640 --preqs-met ${PREQS_MET} --weight L --network NO --description "Determining existence of specific Apache modules"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        # Check modules, module
+        CheckItem "apache_module" "/mod_evasive20.so"
+        if [ ${ITEM_FOUND} -eq 1 ]; then
+            Display --indent 10 --text "mod_evasive: anti-DoS/brute force" --result FOUND --color GREEN
+            AddHP 3 3
+          else
+            Display --indent 10 --text "mod_evasive: anti-DoS/brute force" --result "NOT FOUND" --color WHITE
+            AddHP 2 3
+            ReportSuggestion ${TEST_NO} "Install Apache mod_evasive to guard webserver against DoS/brute force attempts"
+        fi
+    fi
+#
+#################################################################################
+#
+    # Test        : HTTP-6641
+    # Description : Search for special Apache modules: Quality of Service
+    if [ ${APACHE_INSTALLED} -eq 1 ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
+    Register --test-no HTTP-6641 --preqs-met ${PREQS_MET} --weight L --network NO --description "Determining existence of specific Apache modules"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        # Check modules, module
+        CheckItem "apache_module" "/mod_qos.so"
+        if [ ${ITEM_FOUND} -eq 1 ]; then
+            Display --indent 10 --text "mod_qos: anti-Slowloris" --result FOUND --color GREEN
+            AddHP 3 3
+          else
+            Display --indent 10 --text "mod_qos: anti-Slowloris" --result "NOT FOUND" --color WHITE
+            AddHP 2 3
+            ReportSuggestion ${TEST_NO} "Install Apache mod_qos to guard webserver against Slowloris attacks"
+        fi
+    fi
+#
+#################################################################################
+#
+    # Test        : HTTP-6642
+    # Description : Search for special Apache modules: Spamhaus
+    if [ ${APACHE_INSTALLED} -eq 1 ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
+    Register --test-no HTTP-6642 --preqs-met ${PREQS_MET} --weight L --network NO --description "Determining existence of specific Apache modules"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        # Check modules, module
+        CheckItem "apache_module" "/mod_spamhaus.so"
+        if [ ${ITEM_FOUND} -eq 1 ]; then
+            Display --indent 10 --text "mod_spamhaus: anti-spam (spamhaus)" --result FOUND --color GREEN
+            AddHP 3 3
+          else
+            Display --indent 10 --text "mod_spamhaus: anti-spam (spamhaus)" --result "NOT FOUND" --color WHITE
+            AddHP 2 3
+            ReportSuggestion ${TEST_NO} "Install Apache mod_spamhaus to guard webserver against spammers"
+        fi
+    fi
+#
+#################################################################################
+#
+    # Test        : HTTP-6643
+    # Description : Search for special Apache modules: security
+    if [ ${APACHE_INSTALLED} -eq 1 ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
+    Register --test-no HTTP-6643 --preqs-met ${PREQS_MET} --weight L --network NO --description "Determining existence of specific Apache modules"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        # Check modules, module
+        CheckItem "apache_module" "/mod_security2.so"
+        if [ ${ITEM_FOUND} -eq 1 ]; then
+            Display --indent 10 --text "ModSecurity: web application firewall" --result FOUND --color GREEN
+            AddHP 3 3
+          else
+            Display --indent 10 --text "ModSecurity: web application firewall" --result "NOT FOUND" --color WHITE
+            AddHP 2 3
+            ReportSuggestion ${TEST_NO} "Install Apache modsecurity to guard webserver against web application attacks"
+        fi
+        # Extend test with nginx?
+    fi
+#
+#################################################################################
+#
+    # Test        : HTTP-6660
+    # Description : Search for "TraceEnable off" in configuration files
+#
+#################################################################################
+#
+    # Test        : HTTP-6702
+    # Description : Search for nginx process
+    Register --test-no HTTP-6702 --weight L --network NO --description "Check nginx process"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        logtext "Test: searching running nginx process"
+        FIND=`${PSBINARY} ax | grep "/nginx" | grep "master" | grep -v "grep"`
+        if [ ! "${FIND}" = "" ]; then
+            logtext "Result: found running nginx process(es)"
+            Display --indent 2 --text "- Checking nginx" --result FOUND --color GREEN
+            NGINX_RUNNING=1
+          else
+            logtext "Result: no running nginx process found"
+            Display --indent 2 --text "- Checking nginx" --result "NOT FOUND" --color WHITE
+        fi
+    fi
+#
+#################################################################################
+#
+    # Test        : HTTP-6704
+    # Description : Search for nginx configuration file
+    if [ ${NGINX_RUNNING} -eq 1 ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
+    Register --test-no HTTP-6704 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check nginx configuration file"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        logtext "Test: searching nginx configuration file"
+        #YYY warning if multiple nginx.conf files are found
+        for I in ${NGINX_CONF_LOCS}; do
+            if [ -f ${I}/nginx.conf ]; then
+                NGINX_CONF_LOCATION="${I}/nginx.conf"
+                logtext "Found file ${NGINX_CONF_LOCATION}"
+            fi
+        done
+        #YYY strings /usr/sbin/nginx | grep "conf$"
+        if [ ! "${NGINX_CONF_LOCATION}" = "" ]; then
+            logtext "Result: found nginx configuration file"
+            report "nginx_main_conf_file=${NGINX_CONF_LOCATION}"
+            Display --indent 4 --text "- Searching nginx configuration file" --result FOUND --color GREEN
+            #FIND=`cat ${NGINX_CONF_LOCATION} | sed -e 's/^[ \t]*//' | grep -v "^#" | grep -v "^$" | sed 's/[\t]/ /g' | sed 's/  / /g' | sed 's/  / /g' >> ${TMPFILE2}`
+          else
+            logtext "Result: no nginx configuration file found"
+            Display --indent 2 --text "- Searching nginx configuration file" --result "NOT FOUND" --color WHITE
+        fi
+    fi
+#
+#################################################################################
+#
+    # Test        : HTTP-6706
+    # Description : Search for includes within nginx configuration file
+    # Notes       : Daemon nginx should be running, nginx.conf should be found
+    if [ ${NGINX_RUNNING} -eq 1 -a "${NGINX_CONF_LOCATION}" != "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
+    Register --test-no HTTP-6706 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check for additional nginx configuration files"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        # Remove temp file
+        if [ ! "${TMPFILE}" = "" ]; then if [ -f ${TMPFILE} ]; then rm -f ${TMPFILE}; fi; fi
+        N=0
+        # Search for included configuration files (may include directories and wild cards)
+        FIND=`grep "include" ${NGINX_CONF_LOCATION} | ${AWKBINARY} '{ if ($1=="include") { print $2 }}' | sed 's/;$//g'`
+        for I in ${FIND}; do
+            FIND2=`${LSBINARY} ${I} 2>/dev/null`
+            for J in ${FIND2}; do
+              # Double check if we are dealing with a file
+              if [ -f ${J} ]; then
+                  N=`expr ${N} + 1`
+                  logtext "Result: found Nginx configuration file ${J}"
+                  report "nginx_sub_conf_file=${J}"
+                  FIND3=`cat ${J} | sed -e 's/^[ \t]*//' | grep -v "^#" | grep -v "^$" | sed 's/[\t]/ /g' | sed 's/  / /g' | sed 's/  / /g' >> ${TMPFILE2}`
+              fi
+            done
+        done
+
+        # Sort all discovered configuration lines and store unique ones. Also strip out the mime types configured in nginx
+          SORTFILE=`cat ${TMPFILE2} | sort | uniq | sed 's/ /:space:/g' | egrep -v "(application|audio|image|text|video)/" | egrep -v "({|})"`
+          for I in ${SORTFILE}; do
+            I=`echo ${I} | sed 's/:space:/ /g'`
+            report "nginx_config_option=${I}";
+          done
+
+        # Remove unsorted file for next tests
+          if [ -f ${TMPFILE2} ]; then rm -f ${TMPFILE2}; fi
+
+        if [ ${N} -eq 0 ]; then
+            logtext "Result: no nginx include statements found"
+          else
+            Display --indent 6 --text "- Found nginx includes" --result "${N} FOUND" --color GREEN
+        fi
+    fi
+#
+#################################################################################
+#
+    # Test        : HTTP-6708
+    # Description : Check discovered nginx configuration settings for further hardering
+    # Notes       : Daemon of nginx should be running, nginx.conf should be found
+    if [ ${NGINX_RUNNING} -eq 1 -a "${NGINX_CONF_LOCATION}" != "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
+    Register --test-no HTTP-6708 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check discovered nginx configuration settings"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        logtext "Test: start parsing all discovered nginx options"
+        Display --indent 4 --text "- Parsing configuration options..."
+        ParseNginx
+    fi
+#
+#################################################################################
+#
+    # Test        : HTTP-6710
+    # Description : Check SSL configuration of nginx
+    # Notes       : Daemon of nginx should be running, nginx.conf should be found
+    if [ ${NGINX_RUNNING} -eq 1 -a "${NGINX_CONF_LOCATION}" != "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
+    Register --test-no HTTP-6710 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check nginx SSL configuration settings"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        NGINX_SSL_SUGGESTION=0
+        if [ ${NGINX_SSL_ON} -eq 1 ]; then
+            logtext "Result: SSL is configured in nginx on one or more virtual hosts"
+            Display --indent 6 --text "- SSL configured" --result "YES" --color GREEN
+            AddHP 5 5
+            # Cipher tests
+            if [ ${NGINX_SSL_CIPHERS} -eq 1 ]; then
+                Display --indent 8 --text "- Ciphers configured" --result "YES" --color GREEN
+              else
+                Display --indent 8 --text "- Ciphers configured" --result "NO" --color RED
+                NGINX_SSL_SUGGESTION=1
+            fi
+
+            if [ ${NGINX_SSL_PREFER_SERVER_CIPHERS} -eq 1 ]; then
+                Display --indent 8 --text "- Prefer server ciphers" --result "YES" --color GREEN
+              else
+                Display --indent 8 --text "- Prefer server ciphers" --result "NO" --color RED
+                NGINX_SSL_SUGGESTION=1
+            fi
+
+            if [ ${NGINX_SSL_PROTOCOLS} -eq 1 ]; then
+                Display --indent 8 --text "- Protocols configured" --result "YES" --color GREEN
+              else
+                Display --indent 8 --text "- Protocols configured" --result "NO" --color RED
+                NGINX_SSL_SUGGESTION=1
+            fi
+
+          else
+            logtext "Result: No SSL configuration found"
+            Display --indent 6 --text "- SSL configured" --result "NO" --color RED
+            NGINX_SSL_SUGGESTION=1
+            AddHP 1 5
+        fi
+        if [ ${NGINX_SSL_SUGGESTION} -eq 1 ]; then
+            logtext "Result: one or more parts of the nginx configuration could be enhanced regarding SSL"
+            ReportSuggestion ${TEST_NO} "Configure SSL in nginx for protection of sensitive data and privacy"
+        fi
+    fi
+#
+#################################################################################
+#
+    # Test        : HTTP-6712
+    # Description : Check logging configuration of nginx
+    # Notes       : Daemon of nginx should be running, nginx.conf should be found
+    if [ ${NGINX_RUNNING} -eq 1 -a "${NGINX_CONF_LOCATION}" != "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
+    Register --test-no HTTP-6712 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check nginx access logging"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        NGINX_LOG_SUGGESTION=0
+        Display --indent 6 --text "- Checking log file configuration..."
+
+        # Check for missing access log
+        if [ ${NGINX_ACCESS_LOG_MISSING} -eq 1 ]; then
+            NGINX_LOG_SUGGESTION=1
+            Display --indent 8 --text "- Missing log files (access_log)" --result "YES" --color RED
+          else
+            Display --indent 8 --text "- Missing log files (access_log)" --result "NO" --color GREEN
+        fi
+        # Access log disabled
+        if [ ${NGINX_ACCESS_LOG_DISABLED} -eq 1 ]; then
+            NGINX_LOG_SUGGESTION=1
+            logtext "Result: found one or more virtual hosts which have their access log disabled"
+            Display --indent 8 --text "- Disabled access logging" --result "YES" --color RED
+            AddHP 2 3
+          else
+            logtext "Result: no virtual hosts found which have their access log disabled"
+            Display --indent 8 --text "- Disabled access logging" --result "NO" --color GREEN
+            AddHP 3 3
+        fi
+        # Report suggestion
+        if [ ${NGINX_LOG_SUGGESTION} -eq 1 ]; then
+            ReportSuggestion ${TEST_NO} "Check your nginx access log for proper functioning"
+        fi
+    fi
+#
+#################################################################################
+#
+    # Test        : HTTP-6714
+    # Description : Check missing error logs in nginx
+    if [ ${NGINX_RUNNING} -eq 1 -a "${NGINX_CONF_LOCATION}" != "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
+    Register --test-no HTTP-6714 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check for missing error logs in nginx"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        NGINX_LOG_SUGGESTION=0
+        # Check for missing access log
+        if [ ${NGINX_ERROR_LOG_MISSING} -eq 1 ]; then
+            NGINX_LOG_SUGGESTION=1
+            Display --indent 8 --text "- Missing log files (error_log)" --result "YES" --color RED
+          else
+            Display --indent 8 --text "- Missing log files (error_log)" --result "NO" --color GREEN
+        fi
+        # Report suggestion
+        if [ ${NGINX_LOG_SUGGESTION} -eq 1 ]; then
+            ReportSuggestion ${TEST_NO} "Check your nginx error_log statements"
+        fi
+    fi
+#
+#################################################################################
+#
+    # Test        : HTTP-6716
+    # Description : Check debug mode on error log in nginx
+    if [ ${NGINX_RUNNING} -eq 1 -a "${NGINX_CONF_LOCATION}" != "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
+    Register --test-no HTTP-6716 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check for debug mode on error log in nginx"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        NGINX_LOG_SUGGESTION=0
+        # Access log in debug mode
+        if [ ${NGINX_ERROR_LOG_DEBUG} -eq 1 ]; then
+            NGINX_LOG_SUGGESTION=1
+            logtext "Result: found one or more virtual hosts which have their error log in debug mode"
+            Display --indent 8 --text "- Debugging mode on error_log" --result "YES" --color RED
+            AddHP 2 3
+          else
+            logtext "Result: no virtual hosts found which have their access log disabled"
+            Display --indent 8 --text "- Debugging mode on error_log" --result "NO" --color GREEN
+            AddHP 3 3
+        fi
+        # Report suggestion
+        if [ ${NGINX_LOG_SUGGESTION} -eq 1 ]; then
+            ReportSuggestion ${TEST_NO} "Check your nginx error_log statements"
+        fi
+    fi
+#
+#################################################################################
+#
+    # Test        : HTTP-6712
+    # Description : Check if nginx is running as a reverse proxy
+    # Notes       : aliases are not counted yet (YYY)
+#    if [ ${NGINX_RUNNING} -eq 1 -a ! "${NGINX_CONF_LOCATION}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
+#    Register --test-no HTTP-6708 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check nginx virtual hosts"
+#    if [ ${SKIPTEST} -eq 0 ]; then
+#	N=0
+#	logtext "Test: searching proxy_pass statement in configuration file ${NGINX_CONF_LOCATION}"
+#	FIND=`grep "proxy_pass" ${NGINX_CONF_LOCATION} | grep -v "#" | sed 's/proxy_pass//g' | tr -d ';'`
+#	for I in ${FIND}; do
+#	    logtext "Found reverse proxy configuration for: ${I}"
+#	    N=`expr ${N} + 1`
+#	done
+#	if [ ${N} -eq 0 ]; then
+#	    logtext "Result: no reverse proxying functionality found"
+#	    Display --indent 4 --text "- Searching reverse proxy functionality..." --result "NOT FOUND" --color WHITE
+#	  else
+#	    logtext "Result: found ${N} addresses for which nginx will be a reverse proxy"
+#           Display --indent 4 --text "- Searching reverse proxy functionality..." --result "${N} FOUND" --color GREEN
+#	fi
+#    fi
+#
+#################################################################################
+#
+    # Test        : HTTP-6712
+    # Description : Search for nginx virtual hosts
+    # Notes       : Test if not aware yet of included configuration files
+#    if [ ${NGINX_RUNNING} -eq 1 -a ! "${NGINX_CONF_LOCATION}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
+#    Register --test-no HTTP-6712 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check nginx virtual hosts"
+#    if [ ${SKIPTEST} -eq 0 ]; then
+#	N=0
+#	logtext "Test: searching nginx virtual hosts"
+#	FIND=`grep "server_name" ${NGINX_CONF_LOCATION} | grep -v "#" | sed 's/server_name//g' | tr -d ';'`
+#	for I in ${FIND}; do
+#	    if [ "${I}" = "_" ]; then I="Default virtual host"; fi
+#	    logtext "Found virtual host: ${I}"
+#	    report "nginx_vhost_name[]=${I}"
+#	    N=`expr ${N} + 1`
+#	done
+#	if [ ${N} -eq 0 ]; then
+#	    logtext "Result: no virtual hosts found"
+#	    Display --indent 4 --text "- Searching virtual hosts..." --result "NOT FOUND" --color WHITE
+#	  else
+#	    logtext "Result: found ${N} virtual hosts"
+#            Display --indent 4 --text "- Searching virtual hosts..." --result "${N} FOUND" --color GREEN
+#	fi
+#    fi
+#
+#################################################################################
+#
+    # Test        : HTTP-6720
+    # Description : Search for Nginx log files
+    if [ ${NGINX_RUNNING} -eq 1 ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
+    Register --test-no HTTP-6720 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check Nginx log files"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        logtext "Test: Checking directories for files with log file definitions"
+        for I in ${NGINX_CONF_LOCS}; do
+            logtext "Test: Checking ${I}"
+            if [ -d ${I} ]; then
+                logtext "Result: Directory ${I} exists, so will be used as search path"
+                FIND=`find ${I} -exec grep access_log \{\} \; | grep -v "#" | awk '{ if($1=="access_log") { print $2 } }' | sed 's/;$//g' | sort | uniq`
+                if [ "${FIND}" = "" ]; then
+                    logtext "Result: no log files found"
+                  else
+                    logtext "Result: found one or more log files"
+                    for I in ${FIND}; do
+                      if [ -f ${I} ]; then
+                        logtext "Found log file: ${I}"
+                        report "log_file=${I}"
+                      else
+                        logtext "Found non existing log file: ${I}"
+                      fi
+                    done
+                fi
+              else
+                  logtext "Result: directory ${I} not found, skipping search in this directory."
+              fi
+        done
+    fi
+#
+#################################################################################
+#
+    # Test        : HTTP-6740
+    # Description : Nginx: Check for server_tokens off in configuration files
+#
+#################################################################################
+#
+    # Scan for websites
+    #/etc/apache2/sites-available
+#
+#################################################################################
+#
+
+    # Remove temp file (double check)
+    if [ ! "${TMPFILE}" = "" ]; then if [ -f ${TMPFILE} ]; then rm -f ${TMPFILE}; fi; fi
+    if [ ! "${TMPFILE2}" = "" ]; then if [ -f ${TMPFILE2} ]; then rm -f ${TMPFILE2}; fi; fi
+
+
+wait_for_keypress
+
+#
+#================================================================================
+# Lynis - Copyright 2007-2014, Michael Boelen - cisofy.com - The Netherlands
diff --git a/lynis b/lynis
new file mode 100755
index 00000000..d18054e5
--- /dev/null
+++ b/lynis
@@ -0,0 +1,748 @@
+#!/bin/sh
+
+#################################################################################
+#
+#   Lynis
+# ------------------
+#
+# Copyright 2007-2014, Michael Boelen (michael@rootkit.nl), The Netherlands
+# Web site: http://www.rootkit.nl
+#
+# Lynis comes with ABSOLUTELY NO WARRANTY. This is free software, and you are
+# welcome to redistribute it under the terms of the GNU General Public License.
+# See LICENSE file for usage of this software.
+#
+#################################################################################
+#
+# Lynis is an automated auditing tool for Unix based operating systems.
+#
+#################################################################################
+#
+    # Program information
+    PROGRAM_name="Lynis"
+    PROGRAM_version="1.6.0"
+    PROGRAM_releasedate="xx August 2014"
+    PROGRAM_author="Michael Boelen"
+    PROGRAM_author_contact="michael@cisofy.com"
+    PROGRAM_website="http://cisofy.com"
+    PROGRAM_copyright="Copyright 2007-2014 - ${PROGRAM_author}, ${PROGRAM_website}"
+    PROGRAM_license="${PROGRAM_name} comes with ABSOLUTELY NO WARRANTY. This is free software, and you are
+ welcome to redistribute it under the terms of the GNU General Public License.
+ See the LICENSE file for details about using this software."
+
+    PROGRAM_extrainfo="Enterprise support and plugins available via CISOfy - http://cisofy.com"
+    # Release version (beta or final)
+    PROGRAM_releasetype="final"
+    # Version number of report files (when format changes in future)
+    REPORT_version_major="1"; REPORT_version_minor="0"
+    REPORT_version="${REPORT_version_major}.${REPORT_version_minor}"
+#
+#################################################################################
+#
+# Configure Include path and files
+#
+#################################################################################
+#   Test from which directories we can use all functions and tests
+#################################################################################
+#
+    # Set default to none for later testing
+    INCLUDEDIR=""
+    # Default paths to check (CWD as last option, in case we run from standalone)
+    tINCLUDE_TARGETS="/usr/local/include/lynis /usr/local/lynis/include /usr/share/lynis/include ./include"
+
+    for I in ${tINCLUDE_TARGETS}; do if [ -d ${I} ]; then INCLUDEDIR=${I}; fi; done
+    # Drop out if our include directory can't be found
+    if [ "${INCLUDEDIR}" = "" ]; then
+        echo "Fatal error: can't find include directory"
+        echo "Make sure to execute ${PROGRAM_name} from untarred directory or check your installation."
+        exit 1
+    fi
+
+    tDB_TARGETS="/usr/local/share/lynis/db /usr/local/lynis/db /usr/share/lynis/db ./db"
+    for I in ${tDB_TARGETS};      do if [ -d ${I} ]; then DBDIR=${I};      fi; done
+#
+#################################################################################
+#
+    MYID=""
+    # Check user. We need root to be able to audit and use all required system tools
+    # If we encounter Solaris, use that instead
+    if [ -x /usr/xpg4/bin/id ]; then
+        MYID=`/usr/xpg4/bin/id -u`
+      else
+        MYID=`id -u`
+    fi
+    if [ ! ${MYID} -eq 0 ]; then
+        echo ""; echo ""; echo "Fatal error: Lynis can not be executed with this user ID."
+        echo ""
+        echo " * You have to be root (or equivalent) to perform an audit. Please su(do) and try again."
+        echo ""; echo ""
+        exit 1
+    fi
+#
+#################################################################################
+#
+# Consts
+# (bin paths, text strings, colors)
+#
+#################################################################################
+#
+    # Perform a basic check for permissions. After including functions, using SafePerms()
+    PERMS=`ls -l ${INCLUDEDIR}/consts | cut -c 2-10`
+    PERMS2=`ls -l ${INCLUDEDIR}/functions | cut -c 2-10`
+    OWNER=`ls -l ${INCLUDEDIR}/consts | awk -F" " '{ print $3 }'`
+    OWNER2=`ls -l ${INCLUDEDIR}/functions | awk -F" " '{ print $3 }'`
+    ISSUE=0
+    # Check permissions of include/consts file
+    if [ ! "${PERMS}" = "r--------" -a ! "${PERMS}" = "rw-------" ]; then
+        ISSUE=1
+        echo "[!] Change file permissions of ${INCLUDEDIR}/consts to 600"
+    fi
+    # Check permissions of include/functions file
+    if [ ! "${PERMS2}" = "r--------" -a ! "${PERMS2}" = "rw-------" ]; then
+        ISSUE=1
+        echo "[!] Change file permissions of ${INCLUDEDIR}/functions to 600"
+    fi
+    # Check if owner of both files is root user
+    if [ ! "${OWNER}" = "root" -o ! "${OWNER2}" = "root" ]; then
+        ISSUE=1
+        echo "[!] Change ownership of ${INCLUDEDIR}/consts and ${INCLUDEDIR}/functions to 'root'"
+    fi
+    if [ ${ISSUE} -eq 0 ]; then
+        . ${INCLUDEDIR}/consts
+        . ${INCLUDEDIR}/functions
+      else
+        echo ""; echo "";
+        echo "[X] Security check failed: See action above to correct this issue."
+        echo "    Please change ownership and permissions of the related files and start Lynis again."
+        echo ""
+        echo "Related commands:"
+        echo "chown root ${INCLUDEDIR}/*"
+        echo "chmod 600 ${INCLUDEDIR}/*"
+        echo ""; echo "";
+        exit 1
+    fi
+#
+#################################################################################
+#
+# Traps
+#
+#################################################################################
+#
+    trap Maid INT
+
+    # Use safe umask for the files we create
+    umask 027
+
+    # Drop out on unintialised variables / fatal errors
+    #set -u
+#
+#################################################################################
+#
+# Plugins
+#
+#################################################################################
+#
+    # Plugin directory test
+    if [ "${PLUGINDIR}" = "" ]; then
+        #logtext "Result: Searching for plugindir"
+        tPLUGIN_TARGETS="/usr/local/lynis/plugins /usr/local/share/lynis/plugins /usr/share/lynis/plugins /etc/lynis/plugins ./plugins"
+        for I in ${tPLUGIN_TARGETS}; do
+            if [ -d ${I} ]; then
+                PLUGINDIR=${I}
+                Debug "Result: found plugindir ${PLUGINDIR}"
+            fi
+        done
+    fi
+
+    # Drop out if our plugin directory can't be found
+    if [ ! -d ${PLUGINDIR} ]; then
+        echo "Fatal error: can't find plugin directory ${PLUGINDIR}"
+        echo "Make sure to execute ${PROGRAM_name} from untarred directory or check your installation."
+        exit 1
+    fi
+#
+#################################################################################
+#
+# Parameter checks
+#
+#################################################################################
+#
+    SafePerms ${INCLUDEDIR}/parameters
+    . ${INCLUDEDIR}/parameters
+
+#
+#################################################################################
+#
+# Program information
+#
+#################################################################################
+#
+    # CV - Current Version
+    PROGRAM_AC=`echo ${PROGRAM_version} | awk '{ print $1 }' | sed 's/[.]//g'`
+    PROGRAM_LV=0
+    #DB_MALWARE_CV=`grep "^#version=" ${DBDIR}/malware.db | cut -d '=' -f2`
+    #DB_FILEPERMS_CV=`grep "^#version=" ${DBDIR}/fileperms.db | cut -d '=' -f2`
+
+    # Number of signatures
+    #DB_MALWARE_IC=`grep -v "^#" ${DBDIR}/malware.db | wc -l | tr -s ' ' | tr -d ' '`
+
+    if [ ${VIEWUPDATEINFO} -eq 1 ]; then
+
+        CheckUpdates
+
+        # Reset everything if we can't determine our current version or the latest
+        # available version (due lack of internet connectivity for example)
+        if [ "${PROGRAM_AC}" = "" -o "${PROGRAM_LV}" = "" ]; then
+            # Set both to safe values
+            PROGRAM_AC=0
+            #DB_MALWARE_LV=0; DB_MALWARE_CV=0
+            #DB_FILEPERMS_LV=0; DB_FILEPERMS_CV=0
+        fi
+
+        echo ""; echo " == ${WHITE}${PROGRAM_name}${NORMAL} =="; echo ""
+        echo -n "  Version         :   ${PROGRAM_version}"
+        if [ ${PROGRAM_LV} -gt ${PROGRAM_AC} ]; then
+            echo " [ ${YELLOW}Outdated${NORMAL} ]";
+          else
+            echo " [ ${GREEN}Up-to-date${NORMAL} ]"
+        fi
+        echo "  Release date    :   ${PROGRAM_releasedate}"
+        echo "  Update location :   ${PROGRAM_website}"
+#        echo ""
+#        echo " == ${WHITE}Plugins${NORMAL} =="
+#        echo ""
+#        echo " == ${WHITE}Databases${NORMAL} =="
+#        echo "                      Current          Latest           Status"
+#        echo "  -----------------------------------------------------------------------------"    
+#        echo -n "  Malware         :   ${DB_MALWARE_CV}       ${DB_MALWARE_LV}       "
+#        if [ ${DB_MALWARE_LV} -gt ${DB_MALWARE_CV} ]; then echo "${WARNING}Outdated${NORMAL}"; else echo "${OK}Up-to-date${NORMAL}"; fi
+#        echo -n "  File perms      :   ${DB_FILEPERMS_CV}       ${DB_FILEPERMS_LV}       "
+#        if [ ${DB_FILEPERMS_LV} -gt ${DB_FILEPERMS_CV} ]; then echo "${WARNING}Outdated${NORMAL}"; else echo "${OK}Up-to-date${NORMAL}"; fi
+        echo ""; echo ""
+        echo "${PROGRAM_copyright}"; echo ""
+
+        # Quit program
+        ExitClean
+    fi
+#
+#################################################################################
+#
+# Initialize and default settings
+#
+#################################################################################
+#
+    if [ "${PROGRAM_releasetype}" = "beta" ]; then
+        echo "${YELLOW}"
+        echo "  #########################################################"
+        echo "  #   BETA SOFTWARE                                       #"
+        echo "  #########################################################"
+        echo ""
+        echo "  Thank you for testing a beta release. Make sure to read"
+        echo "  all available documentation before proceeding and/or"
+        echo "  requesting support. Due the nature of beta releases, it"
+        echo "  is possible new features give unexpected warnings."
+        echo ""
+        echo "  Press [ENTER] to continue or [CTRL] + C to break"
+        echo ""
+        echo "  #########################################################"
+        echo "${NORMAL}"; echo ""
+        if [ ${NEVERBREAK} -eq 0 ]; then read void; fi
+    fi
+
+    if [ ${QUIET} -eq 0 ]; then
+        echo ""
+        echo "${WHITE}[ ${PROGRAM_name} ${PROGRAM_version} ]${NORMAL}"
+        echo ""
+        echo "################################################################################"
+        echo " ${PROGRAM_license}"
+        echo ""
+        echo " ${PROGRAM_copyright}"
+        echo " ${PROGRAM_extrainfo}"
+        echo "################################################################################"
+    fi
+#
+#################################################################################
+#
+    InsertSection "Initializing program"
+
+    # Try to find a default profile file, if none is specified
+    if [ "${PROFILE}" = "" ]; then
+        tPROFILE_TARGETS="/usr/local/etc/lynis/default.prf /etc/lynis/default.prf ./default.prf"
+        for I in ${tPROFILE_TARGETS}; do
+            if [ -f ${I} ]; then PROFILE=${I}; fi
+        done
+    fi
+    # Initialize and check profile file, auditor name, log file and report file
+    if [ ! -r ${PROFILE} ];             then echo "Fatal error: Can't open profile file (${PROFILE})"; exit 1; fi
+    if [ "${AUDITORNAME}" = "" ];       then AUDITORNAME="[Unknown]"; fi
+    if [ "${LOGFILE}" = "" ];           then LOGFILE="/var/log/lynis.log"; fi
+    if [ "${REPORTFILE}" = "" ];        then REPORTFILE="/var/log/lynis-report.dat"; fi
+
+#
+#################################################################################
+#
+# PID :: Check PID file, to avoid multiple instances running at the same time.
+#
+#################################################################################
+#
+
+    # Check if there is already a PID file (incorrect termination of previous instance)
+    if [ -f lynis.pid -o -f /var/run/lynis.pid ]; then
+        echo ""
+        echo "      ${WARNING}Warning${NORMAL}: ${WHITE}PID file exists, probably another Lynis process is running.${NORMAL}"
+        echo "      ------------------------------------------------------------------------------"
+        echo "      If you are unsure another Lynis process is running currently, you are adviced "
+        echo "      to stop current process and check the process list first. If you cancelled"
+        echo "      (by using CTRL+C) a previous instance, you can ignore this message."
+        echo "      "
+        echo "      You are adviced to check for temporary files after program completion."
+        echo "      ------------------------------------------------------------------------------"
+        echo ""
+        echo "      ${YELLOW}Note: ${WHITE}Cancelling the program can leave temporary files behind${NORMAL}"
+        echo ""
+        wait_for_keypress
+        if [ -f lynis.pid ]; then rm -f lynis.pid; fi
+        if [ -f /var/run/lynis.pid ]; then rm -f /var/run/lynis.pid; fi
+        #YYY Display function not working yet from here, due to OS detection
+        #Display --indent 2 --text "- Deleting old PID file..." --result DONE --color GREEN
+    fi
+
+    # Create new PID file (use work directory if /var/run is not available)
+    if [ -d /var/run ]; then PIDFILE="/var/run/lynis.pid"; else PIDFILE="lynis.pid"; fi
+    OURPID=`echo $$`
+    echo ${OURPID} > ${PIDFILE}
+    chmod 600 ${PIDFILE}
+#
+#################################################################################
+#
+# Check program parameters
+#
+#################################################################################
+#
+    # Bail out if we didn't get any parameter, or incorrect ones
+    if [ ${PARAMCOUNT} -eq 0 -o ${WRONGOPTION} -eq 1 -o ${VIEWHELP} -eq 1 ]; then
+        #echo "  =================================================="
+        echo "  ${WHITE}Scan options:${NORMAL}"
+        echo "    --auditor \"<name>\"            : Auditor name"
+        echo "    --check-all (-c)              : Check system"
+        echo "    --no-log                      : Don't create a log file"
+        echo "    --profile <profile>           : Scan the system with the given profile file"
+        echo "    --quick (-Q)                  : Quick mode, don't wait for user input"
+        echo "    --tests \"<tests>\"             : Run only tests defined by <tests>"
+        echo "    --tests-category \"<category>\" : Run only tests defined by <category>"
+        echo ""
+        echo "  ${WHITE}Layout options:${NORMAL}"
+        echo "    --no-colors                   : Don't use colors in output"
+        echo "    --quiet (-q)                  : No output, except warnings"
+        echo "    --reverse-colors              : Optimize color display for light backgrounds"
+        echo ""
+        echo "  ${WHITE}Misc options:${NORMAL}"
+        echo "    --check-update                : Check for updates"
+        echo "    --debug                       : Debug logging to screen"
+        echo "    --view-manpage (--man)        : View man page"
+        echo "    --version (-V)                : Display version number and quit"
+        echo ""
+        echo "  ${GREEN}Enterprise options:${NORMAL}"
+        echo "    --plugin-dir \"<path\">         : Define path of available plugins"
+        echo "    --upload                      : Upload data to central node"
+        echo ""
+
+        if [ ${WRONGOPTION} -eq 1 ]; then
+            echo "  ${RED}Error${NORMAL}: ${WHITE}Invalid option ${WRONGOPTION_value}!${NORMAL}"
+          else
+            if [ ${VIEWHELP} -eq 0 ]; then
+                echo "  ${RED}Error${NORMAL}: ${WHITE}No parameters specified!${NORMAL}"
+            fi
+        fi
+        echo "  See man page and documentation for all available options."
+        echo ""
+        echo "Exiting.."
+        # Cleanup PID file if we drop out earlier
+        RemovePIDFile
+        # Exit with exit code 1
+        exit 1
+    fi
+#
+#################################################################################
+#
+# OS Detection
+#
+#################################################################################
+#
+    SafePerms ${INCLUDEDIR}/osdetection
+    . ${INCLUDEDIR}/osdetection
+    Display --indent 2 --text "- Detecting OS... " --result DONE --color GREEN
+
+    # Check hostname
+    case ${OS} in
+        HP-UX)
+                    HOSTNAME=`hostname` ;;
+        Solaris)
+                    HOSTNAME=`uname -n` ;;
+        *)
+                    HOSTNAME=`hostname -s 2> /dev/null` ;;
+    esac
+    FQDN=`hostname 2> /dev/null`
+    if [ "${OS}" = "Linux" -a "${HOSTNAME}" = "${FQDN}" ]; then
+        FQDN=`hostname -f 2> /dev/null`
+    fi
+#
+#################################################################################
+#
+# Clear log and report files 
+#
+#################################################################################
+#
+    # Clear log file and test if it's writable
+    logtext "### Starting ${PROGRAM_name} ${PROGRAM_version} with PID ${OURPID}, build date ${PROGRAM_releasedate} ###" > ${LOGFILE}
+    if [ $? -eq 0 ]; then
+        Display --indent 2 --text "- Clearing log file (${LOGFILE})... " --result DONE --color GREEN
+      else
+        Display --indent 2 --text "- Clearing log file (${LOGFILE})... " --result WARNING --color RED
+        echo "${WARNING}Fatal error${NORMAL}: problem while writing to log file. Check location and permissions."
+        RemovePIDFile
+        exit 1
+    fi
+    logtext "### ${PROGRAM_copyright} ###"
+
+    # Clear report file (to avoid appending to an existing file)
+    echo "# ${PROGRAM_name} Report" > ${REPORTFILE}
+    report "report_version_major=${REPORT_version_major}"
+    report "report_version_minor=${REPORT_version_minor}"
+    CDATE=`date "+%F %H:%M:%S"`
+    report "report_datetime_start=${CDATE}"
+    report "auditor=${AUDITORNAME}"
+    report "lynis_version=${PROGRAM_version}"
+    report "os=${OS}"
+    report "os_name=${OS_NAME}"
+    report "os_fullname=${OS_FULLNAME}"
+    report "os_version=${OS_VERSION}"
+    if [ "${OS}" = "Linux" ]; then report "linux_version=${LINUX_VERSION}"; fi
+    report "hostname=${HOSTNAME}"
+#
+#################################################################################
+#
+# Show program information to display
+#
+#################################################################################
+#
+    if [ ${QUIET} -eq 0 ]; then
+        echo ""
+        echo "  ---------------------------------------------------"
+        echo "  Program version:           ${PROGRAM_version}"
+        echo "  Operating system:          ${OS}"
+        echo "  Operating system name:     ${OS_NAME}"
+        echo "  Operating system version:  ${OS_VERSION}" 
+        if [ ! "${OS_MODE}" = "" ]; then echo "  Operating system mode:     ${OS_MODE}"; fi
+        echo "  Kernel version:            ${OS_KERNELVERSION}"
+        echo "  Hardware platform:         ${HARDWARE}"
+        echo "  Hostname:                  ${HOSTNAME}"
+        echo "  Auditor:                   ${AUDITORNAME}"
+        echo "  Profile:                   ${PROFILE}"
+        echo "  Log file:                  ${LOGFILE}"
+        echo "  Report file:               ${REPORTFILE}"
+        echo "  Report version:            ${REPORT_version}"
+        echo "  Plugin directory:          ${PLUGINDIR}"
+        #echo "  Database directory:        ${DBDIR}"
+        echo "  ---------------------------------------------------"
+    fi
+
+    logtext "Program version:           ${PROGRAM_version}"
+    logtext "Operating system:          ${OS}"
+    logtext "Operating system name:     ${OS_NAME}"
+    logtext "Operating system version:  ${OS_VERSION}"
+    if [ ! "${OS_MODE}" = "" ]; then logtext "Operating system mode:     ${OS_MODE}"; fi
+    logtext "Kernel version:            ${OS_KERNELVERSION}"
+    logtext "Hardware platform:         ${HARDWARE}"
+    logtext "Hostname:                  ${HOSTNAME}"
+    logtext "Auditor:                   ${AUDITORNAME}"
+    logtext "Profile:                   ${PROFILE}"
+    logtext "Log file:                  ${LOGFILE}"
+    logtext "Report file:               ${REPORTFILE}"
+    logtext "Report version:            ${REPORT_version}"
+    logtext "-----------------------------------------------------"
+    logtext "Include directory:         ${INCLUDEDIR}"
+    logtext "Plugin directory:          ${PLUGINDIR}"
+    logtext "Database directory:        ${DBDIR}"
+    logtextbreak
+    wait_for_keypress
+
+#
+#################################################################################
+#
+# Read profile/template/plugins
+#
+#################################################################################
+#
+    SafePerms ${INCLUDEDIR}/profiles
+    . ${INCLUDEDIR}/profiles
+#
+#################################################################################
+#
+# Check for program update (people tend to be lazy and don't perform updates =))
+#
+#################################################################################
+#
+    logtext "Test: Checking for program update..."
+    UPDATE_AVAILABLE=0
+    if [ ${SKIP_UPGRADE_TEST} -eq 1 ]; then
+        logtext "Upgrade test skipped due profile option set (skip_upgrade_test)"
+        PROGRAM_LV="${PROGRAM_AC}"
+      else
+        CheckUpdates
+    fi
+    if [ "${PROGRAM_AC}" = "" -o "${PROGRAM_LV}" = "" ]; then
+        Display --indent 2 --text "- Program update status... " --result UNKNOWN --color YELLOW
+        logtext "Result: Update check failed. No network connection?"
+        logtext "Info: to perform an automatic update check, outbound DNS connections should be allowed (TXT record)."
+        # Set both to safe values
+        PROGRAM_AC=0; PROGRAM_LV=0
+      else
+        logtext "Current installed version  : ${PROGRAM_AC}"
+        logtext "Latest stable version      : ${PROGRAM_LV}"
+        if [ ${PROGRAM_LV} -gt ${PROGRAM_AC} ]; then
+            # Check if current version is REALLY outdated (10 versions ago)
+            PROGRAM_MINVERSION=`expr ${PROGRAM_LV} - 10`
+            logtext "Minimum required version   : ${PROGRAM_MINVERSION}"
+            if [ ${PROGRAM_MINVERSION} -gt ${PROGRAM_AC} ]; then
+                Display --indent 2 --text "- Program update status... " --result "WARNING" --color RED
+                logtext "Result: This version is VERY outdated. Newer ${PROGRAM_name} release available!"
+                ReportWarning "NONE" "Version of Lynis is very old and should be updated"
+                report "lynis_update_available=1"
+                UPDATE_AVAILABLE=1
+              else
+                Display --indent 2 --text "- Program update status... " --result "UPDATE AVAILABLE" --color YELLOW
+                logtext "Result: newer ${PROGRAM_name} release available!"
+                ReportSuggestion "NONE" "Version of Lynis outdated, consider upgrading to the latest version"
+                report "lynis_update_available=1"
+                UPDATE_AVAILABLE=1
+            fi
+            echo ""
+            echo "      ==============================================================================="
+            echo "        ${NOTICE}${PROGRAM_name} update available${NORMAL}"
+            echo "      ==============================================================================="
+            echo ""
+            echo "        Current version : ${YELLOW}${PROGRAM_AC}${NORMAL}   Latest version : ${GREEN}${PROGRAM_LV}${NORMAL}"
+            echo ""
+            echo "        ${WHITE}Please update to the latest version for new features, bug fixes, tests"
+            echo "        and baselines.${NORMAL}"
+            echo ""
+            echo "        http://cisofy.com/downloads/"
+            echo ""
+            echo "      ==============================================================================="
+            echo ""
+            sleep 5
+            #wait_for_keypress
+          else
+            if [ ${UPDATE_CHECK_SKIPPED} -eq 0 ]; then
+                Display --indent 2 --text "- Program update status... " --result "NO UPDATE" --color GREEN
+                logtext "No ${PROGRAM_name} update available."
+                report "lynis_update_available=0"
+              else
+                Display --indent 2 --text "- Program update status... " --result "SKIPPED" --color YELLOW
+                logtext "Update check skipped due to constraints (e.g. missing dig binary)"
+                report "lynis_update_available=-1"
+            fi
+        fi
+    fi
+
+    logtextbreak
+#
+#################################################################################
+#
+    # Check which binaries are available to the scanning process
+    if [ -f ${INCLUDEDIR}/binaries ]; then
+        SafePerms ${INCLUDEDIR}/binaries
+        . ${INCLUDEDIR}/binaries
+    fi
+#
+#################################################################################
+#
+    logtextbreak
+    InsertPluginSection "Plugins (phase 1)"
+    logtext "Searching plugins..."
+    N_PLUGIN=0
+    N_PLUGIN_ENABLED=0
+
+    # Search plugins
+    FIND=`find ${PLUGINDIR} -type f -name "plugin_[a-z]*" -exec echo \{\} \;`
+    for I in ${FIND}; do
+        logtext "Found plugin file: ${I}"
+        # Double check if output is a valid file name
+        if [ -f ${I} ]; then
+            FIND2=`grep "^# PLUGIN_NAME=" ${I} | awk -F= '{ print $2 }'`
+            if [ ! "${FIND2}" = "" -a ! "${FIND2}" = "[plugin_name]" ]; then
+                N_PLUGIN=`expr ${N_PLUGIN} + 1`
+                FIND3=`grep "^plugin=${FIND2}" ${PROFILE}`
+                if [ ! "${FIND3}" = "" ]; then
+                    logtext "Plugin ${FIND2} is enabled"
+                    # Plugins should have at least a _post part, _pre is optional (future)
+                    PLUGINFILE="${PLUGINDIR}/plugin_${FIND2}_phase1"
+                    if [ -f ${PLUGINFILE} ]; then
+                        PLUGIN_VERSION=`grep "^# PLUGIN_VERSION=" ${I} | awk -F= '{ print $2 }'`
+                        PLUGIN_VERSION_NODOTS=`echo ${PLUGIN_VERSION} | sed 's/.//g'`
+                        FIND4=`ls -l ${PLUGINFILE} | cut -c 2-10`
+                        if [ "${FIND4}" = "rw-r-----" -o "${FIND4}" = "rw-------" -o "${FIND4}" = "r--------" ]; then
+                            logtext "Including plugin file: ${PLUGINFILE} (version: ${PLUGIN_VERSION})"
+                            report "plugin_enabled_phase1[]=${FIND2}|${PLUGIN_VERSION}|"
+                            N_PLUGIN_ENABLED=`expr ${N_PLUGIN_ENABLED} + 1`
+                            #logtext "PLUGIN EXECUTION SKIPPED, STILL EXPERIMENTAL"
+                            Display --indent 2 --text "- ${CYAN}Plugin${NORMAL}: ${WHITE}${FIND2}${NORMAL}"
+                            . ${PLUGINFILE}
+                            logtextbreak
+                            logtext "Result: ${FIND2} plugin (phase 1) finished"
+                          else
+                            logtext "Plugin ${FIND2}: Skipped (bad file permissions, should be 640, 600 or 400)"
+                        fi
+                      else
+                        logtext "Plugin ${FIND2}: Skipped (can't find file ${PLUGINFILE})"
+                    fi
+                  else
+                    logtext "Plugin ${FIND2}: Skipped (not enabled)"
+                fi
+              else
+                logtext "Skipping plugin file ${I} (no valid plugin name found)"
+            fi
+        fi
+        logtext "--"
+    done
+    logtext "Plugins finished"
+
+    if [ ${N_PLUGIN_ENABLED} -eq 0 ]; then
+        Display --indent 2 --text "- Plugins enabled " --result "NONE" --color WHITE
+        report "plugins_enabled=0"
+      else
+        report "plugins_enabled=1"
+    fi
+
+#
+#################################################################################
+#
+    # Get host ID
+    logtextbreak
+    GetHostID
+    # Check if result is not empty (no blank, or hash of blank value, or minus)
+    if [ ! "${HOSTID}" = "-" -a ! "${HOSTID}" = "" -a ! "${HOSTID}" = "adc83b19e793491b1c6ea0fd8b46cd9f32e592fc" ]; then
+        logtext "Info: found valid HostID ${HOSTID}"
+        report "hostid=${HOSTID}"
+      else
+        logtext "Info: no HostID found or invalid one"
+    fi
+#
+#################################################################################
+#
+    logtextbreak
+    # Test sections
+    if [ "${TESTS_CATEGORY_TO_PERFORM}" = "" ]; then
+        #YYY insert plugin support
+        logtext "Info: perform tests from all categories"
+
+        INCLUDE_TESTS="boot_services kernel memory_processes authentication shells \
+                       filesystems storage storage_nfs \
+                       nameservices ports_packages networking printers_spools \
+                       mail_messaging firewalls \
+                       webservers ssh snmp databases ldap php squid logging \
+                       insecure_services banners scheduling accounting \
+                       time crypto virtualization mac_frameworks file_integrity hardening_tools tooling \
+                       malware file_permissions homedirs kernel_hardening hardening"
+      else
+        INCLUDE_TESTS="${TESTS_CATEGORY_TO_PERFORM}"
+        logtext "Info: only performing tests from categories: ${TESTS_CATEGORY_TO_PERFORM}"
+    fi
+
+    # Include available tests
+    for INCLUDE_TEST in ${INCLUDE_TESTS}; do
+
+            # Test if file exists, then if permissions are correct
+            if [ -f ${INCLUDEDIR}/tests_${INCLUDE_TEST} ]; then
+                FIND=`ls -l ${INCLUDEDIR}/tests_${INCLUDE_TEST} | cut -c 2-10`
+                if [ "${FIND}" = "rw-r-----" -o "${FIND}" = "rw-------" -o "${FIND}" = "r--------" ]; then
+                    . ${INCLUDEDIR}/tests_${INCLUDE_TEST}
+                  else
+                    logtext "Exception: skipping test category ${INCLUDE_TEST}, file ${INCLUDEDIR}/tests_${INCLUDE_TEST} has bad permissions (should be 640, 600 or 400)"
+                    ReportWarning "NONE" "H" "Invalid permissions on tests file tests_${INCLUDE_TEST}"
+                    # Insert a section and warn user also on screen
+                    InsertSection "General"
+                    Display --indent 2 --text "- Running test category ${INCLUDE_TEST}... " --result "SKIPPED" --color RED
+                fi
+              else
+                echo "Error: Can't find file (category: ${INCLUDE_TEST})"
+        fi
+
+    done
+#
+#################################################################################
+#
+    logtextbreak
+    InsertSection "Custom Tests"
+    logtext "Test: Checking for tests_custom file"
+    # Custom tests
+    if [ -f ${INCLUDEDIR}/tests_custom ]; then
+        logtext "Result: tests_custom file found in include directory"
+        logtext "Test: checking file permissions of tests_custom file"
+        FIND=`ls -l ${INCLUDEDIR}/tests_custom | cut -c 2-10`
+        if [ "${FIND}" = "rw-r-----" -o "${FIND}" = "rw-------" -o "${FIND}" = "r--------" ]; then
+            Display --indent 2 --text "- Start custom tests... "
+            logtext "Result: file permissions fine, running custom tests"
+            SafePerms ${INCLUDEDIR}/tests_custom
+            . ${INCLUDEDIR}/tests_custom
+          else
+            logtext "Exception: skipping custom tests, file has bad permissions (should be 640, 600 or 400)"
+            ReportWarning "NONE" "H" "Invalid permissions on custom tests file"
+            Display --indent 2 --text "- Running custom tests... " --result "WARNING" --color RED
+        fi
+      else
+        Display --indent 2 --text "- Running custom tests... " --result "NONE" --color WHITE
+    fi
+#
+#################################################################################
+#
+# Show test results overview
+#
+#################################################################################
+#
+    # Store total performed tests
+    report "lynis_tests_done=${CTESTS_PERFORMED}"
+    CDATE=`date "+%F %H:%M:%S"`
+    report "report_datetime_end=${CDATE}"
+
+    # Show report
+    if [ -f ${INCLUDEDIR}/report ]; then SafePerms ${INCLUDEDIR}/report; . ${INCLUDEDIR}/report; fi
+
+    logtext "================================================================================"
+    logtext "Tests performed:     ${CTESTS_PERFORMED}"
+    logtext "Total tests:         ${TOTAL_TESTS}"
+    logtext "Active plugins:      ${N_PLUGIN_ENABLED}"
+    logtext "Total plugins:       ${N_PLUGIN}"
+    logtext "================================================================================"
+    logtext "${PROGRAM_name} ${PROGRAM_version}"
+    logtext "${PROGRAM_copyright}"
+    logtext "${PROGRAM_extrainfo}"
+    logtext "Program ended successfully"
+    report "tests_executed=${TESTS_EXECUTED}"
+    report "tests_skipped=${TESTS_SKIPPED}"
+    report "finish=true"
+
+
+    # Upload data
+    if [ ${UPLOAD_DATA} -eq 1 ]; then
+        if [ -f ${INCLUDEDIR}/data_upload ]; then
+            SafePerms ${INCLUDEDIR}/data_upload
+            . ${INCLUDEDIR}/data_upload
+          else
+            echo "Fatal error: can't find upload_data script"
+        fi
+    fi
+
+    # Clean exit (Delete PID file)
+    ExitClean
+
+    # The End
+
+###########################################################################
+##%HASH-SHA1%----------------------------%
+###########################################################################
+
+#
+#================================================================================
+# Lynis - Copyright 2007-2014, Michael Boelen - www.rootkit.nl - The Netherlands
diff --git a/lynis.8 b/lynis.8
new file mode 100644
index 00000000..d3e848f6
--- /dev/null
+++ b/lynis.8
@@ -0,0 +1,113 @@
+.TH Lynis 8 "23 February 2014" "1.12" "Unix System Administrator's Manual"
+
+
+.SH "NAME"
+\fB
+\fB
+\fB
+Lynis \fP\- Run an system and security audit on the system
+\fB
+.SH "SYNOPSIS"
+.nf
+.fam C
+
+\fBlynis\fP \-\-check-all(\-c) [other options]
+.fam T
+.fi
+.SH "DESCRIPTION"
+
+\fBLynis\fP is an auditing tool for Unix (specialists). It checks the system
+and software configuration and logs all the found information into a log file
+for debugging purposes, and in a report file suitable to create fancy looking
+auditing reports.
+\fBLynis\fP can be run as a cronjob, or from the command line. It needs to have
+full access to the system, so running it as root (or with sudo rights) is
+required.
+.PP
+The following system areas may be checked:
+.IP
+\- Boot loader files
+.IP
+\- Configuration files
+.IP
+\- Common files by software packages
+.IP
+\- Directories and files related to logging and auditing
+.SH "OPTIONS"
+
+.TP
+.B \-\-auditor <full name>
+Define the name of the auditor/pen-tester. When a full name is used, add double
+quotes, like "Michael Boelen".
+
+.TP
+.B \-\-checkall (or \-c)
+\fBLynis\fP performs a full check of the system, printing out the results of
+each test to stdout. Additional information will be saved into a log file
+(default is /var/log/lynis.log).
+.IP
+In case the outcome of a scan needs to be automated, use the report file.
+.TP
+.B \-\-check\-update (or \-\-info)
+Show program, database and update information
+.TP
+.B \-\-cronjob
+Perform automatic scan with cron safe options (no colors, no questions, no
+breaks).
+.TP
+.B \-\-debug
+Display debug information to screen for troubleshooting purposes.
+.TP
+.B \-\-logfile </path/to/logfile>
+Defines location and name of log file, instead of default /var/log/lynis.log.
+.TP
+.B \-\-no\-colors
+Do not use colors for messages, warnings and sections.
+.TP
+.B \-\-no\-log
+Redirect all logging information to /dev/null, prevent sensitive information to
+be written to disk.
+.TP
+.B \-\-plugin\-dir </path/to/plugins>
+Define location where plugins can be found.
+.TP
+.B \-\-quick (\-Q)
+Do a quick scan (don't wait for user input)
+.TP
+.B \-\-quiet (\-q)
+Try to run as silent as possible, showing only warnings. This option activates
+\-\-quick as well.
+.TP
+.B \-\-reverse\-colors
+Optimize screen output for light backgrounds.
+.TP
+.B \-\-tests TEST-IDs
+Only run the specific test(s). When using multiple tests, add quotes around the
+line.
+.TP
+.B \-\-upload
+Upload data to Lynis Enterprise server.
+.TP
+.B \-\-view\-categories
+Display all available test categories
+.RE
+.PP
+.RS
+Multiple parameters are allowed, though some parameters can only be used together
+with others. When running Lynis without any parameters, help will be shown and
+the program will exit.
+.RE
+.PP
+.SH "BUGS"
+There are no known bugs. Bugs can be reported directly to author.
+.RE
+.PP
+.SH "LICENSING"
+Lynis is licensed under the GPL v3 license and under development by Michael
+Boelen.
+.RE
+.PP
+.SH "CONTACT INFORMATION"
+
+Project related questions and comments can be asked via
+http://www.rootkit.nl/contact/. Commercial inquiries via http://cisofy.com.
diff --git a/plugins/README b/plugins/README
new file mode 100644
index 00000000..c65287a1
--- /dev/null
+++ b/plugins/README
@@ -0,0 +1,30 @@
+
+##########################################################################
+#
+# This directory contains plugins
+#
+##########################################################################
+
+
+General notes
+---------------
+
+Custom plugins should be added to this directory, so they are included in an
+audit.
+
+Notes:
+- File permissions of a plugin should be 600, 640 or the least
+  restrictive 400.
+- Each plugin should be enabled in the profile, before it will be used.
+- Custom plugins should use a test ID's with a "CUS-" prefix.
+
+
+A generic example can be found in the custom_plugin.template file, which
+includes several code snippets to assist in creating customer plugins.
+
+
+
+**************************************************************************
+    Would your plugin or individual test benefit Lynis and others?
+   Share and be part of the Free and Open Source Software community!
+**************************************************************************
diff --git a/plugins/custom_plugin.template b/plugins/custom_plugin.template
new file mode 100644
index 00000000..d0a16cfc
--- /dev/null
+++ b/plugins/custom_plugin.template
@@ -0,0 +1,68 @@
+#!/bin/sh
+# -------------------------- CUT THIS SECTION ---------------------------
+#  This is a template to create a personal plugin
+#
+#  Each plugin should at least have several variables defined with the
+#  prefix PLUGIN_* (see below)
+#
+#  To add a section header, use the InsertSection function (see below)
+#
+# -------------------------- CUT THIS SECTION ---------------------------
+
+#########################################################################
+#
+#    * DO NOT REMOVE *
+#-----------------------------------------------------
+# PLUGIN_AUTHOR=___firstname_lastname_<email>___
+# PLUGIN_CATEGORY=[category]
+# PLUGIN_DESC=[description]
+# PLUGIN_NAME=[plugin_name]
+# PLUGIN_REQUIRED_TESTS=
+#-----------------------------------------------------
+#########################################################################
+#
+#
+#
+#########################################################################
+#
+# Add custom section to screen output
+#    InsertSection "Personal Plugin"
+#
+#################################################################################
+#
+    # Test        : CUS-0000
+    # Description : check for an ordinary directory!
+
+    # First check if OPENSSLBINARY is known as a prerequisite for this test.
+    if [ ! -z "${OPENSSLBINARY}" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
+    Register --test-no CUS-0000 --preqs-met ${PREQS_MET} --weight L --network NO --description "Description of custom test"
+
+    # Just do check without any prerequisites
+    Register --test-no CUS-0000 --weight L --network NO --description "Description of custom test"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        FOUNDPROBLEM=0
+        # Check if a directory exists
+        if [ -d /my/path ]; then
+                logtext "Result: log entry for easier debugging or additional information"
+              else
+                FOUNDPROBLEM=1
+                logtext "Result: problem found!"
+                ReportWarning ${TEST_NO} "M" "This is a test warning line"
+        fi
+
+        if [ ${FOUNDPROBLEM} -eq 0 ]; then
+            Display --indent 2 --text "- Checking xxx..." --result OK --color GREEN
+          else
+            Display --indent 2 --text "- Checking xxx..." --result WARNING --color RED
+            ReportSuggestion ${TEST_NO} "This is a suggestion"
+            ReportWarning ${TEST_NO} "M" "This is a medium level warning"
+        fi
+    fi
+#
+#################################################################################
+#
+
+# Wait for keypress (unless --quick is being used)
+wait_for_keypress
+
+#EOF