diff options
author | Topi Miettinen <toiwoton@gmail.com> | 2020-03-27 12:25:31 +0300 |
---|---|---|
committer | Topi Miettinen <toiwoton@gmail.com> | 2020-04-02 12:52:13 +0300 |
commit | 9642bcffc839f4713558f927f4202ce3dd3588fd (patch) | |
tree | 65293862bd65233bbeee37a03b21826c0305fb11 /default.prf | |
parent | b5a2d11738cf72691f3b09c48a4c647a4c499277 (diff) |
[CRYP-7902] Optionally check also certificates provided by packages
The package maintainers are not immune to mistakes or they might not
always provide timely updates, so let's check (optionally) more
certificates even if they are delivered by packages.
I found three expired certificates in my Debian/unstable system,
thanks to changed Lynis.
Signed-off-by: Topi Miettinen <toiwoton@gmail.com>
Diffstat (limited to 'default.prf')
-rw-r--r-- | default.prf | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/default.prf b/default.prf index f59e50c2..6ff3eac2 100644 --- a/default.prf +++ b/default.prf @@ -93,8 +93,9 @@ skip-plugins=no #skip-upgrade-test=yes # Locations where to search for SSL certificates (separate paths with a colon) -ssl-certificate-paths=/etc/apache2:/etc/dovecot:/etc/httpd:/etc/letsencrypt:/etc/pki:/etc/postfix:/etc/ssl:/opt/psa/var/certificates:/usr/local/psa/var/certificates:/usr/local/share/ca-certificates:/var/www:/srv/www +ssl-certificate-paths=/etc/apache2:/etc/dovecot:/etc/httpd:/etc/letsencrypt:/etc/pki:/etc/postfix:/etc/ssl:/opt/psa/var/certificates:/usr/local/psa/var/certificates:/usr/local/share/ca-certificates:/usr/share/ca-certificates:/usr/share/gnupg:/var/www:/srv/www ssl-certificate-paths-to-ignore=/etc/letsencrypt/archive: +ssl-certificate-include-packages=no # Scan type - how deep the audit should be (light, normal or full) test-scan-mode=full |