Welcome to mirror list, hosted at ThFree Co, Russian Federation.

github.com/CISOfy/lynis.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--db/tests.db51
-rw-r--r--include/tests_firewalls33
2 files changed, 54 insertions, 30 deletions
diff --git a/db/tests.db b/db/tests.db
index 96fef125..438394f0 100644
--- a/db/tests.db
+++ b/db/tests.db
@@ -135,17 +135,39 @@ FIRE-4524:test:security:firewalls::Check for CSF presence:
FIRE-4526:test:security:firewalls:Solaris:Check ipf status:
FIRE-4530:test:security:firewalls:FreeBSD:Check IPFW status:
FIRE-4532:test:security:firewalls:MacOS:Check macOS application firewall:
+FIRE-4534:test:security:firewalls:MacOS:Check Little Snitch firewall:
FIRE-4536:test:security:firewalls:Linux:Check nftables status:
FIRE-4538:test:security:firewalls:Linux:Check nftables basic configuration:
FIRE-4540:test:security:firewalls:Linux:Test for empty nftables configuration:
FIRE-4590:test:security:firewalls::Check firewall status:
-HRDN-7220:test:security:hardening::Check if one or more compilers are installed:
-HRDN-7222:test:security:hardening::Check compiler permissions:
-HRDN-7230:test:security:hardening::Check for malware scanner:
HOME-9302:test:security:homedirs::Create list with home directories:
HOME-9310:test:security:homedirs::Checking for suspicious shell history files:
#HOME-9314:test:security:homedirs::Create list with home directories:
HOME-9350:test:security:homedirs::Collecting information from home directories:
+HRDN-7220:test:security:hardening::Check if one or more compilers are installed:
+HRDN-7222:test:security:hardening::Check compiler permissions:
+HRDN-7230:test:security:hardening::Check for malware scanner:
+HTTP-6622:test:security:webservers::Checking Apache presence:
+HTTP-6624:test:security:webservers::Testing main Apache configuration file:
+HTTP-6626:test:security:webservers::Testing other Apache configuration file:
+#HTTP-6628:test:security:webservers::Testing other Apache configuration file:
+#HTTP-6630:test:security:webservers::Determining all loaded Apache modules:
+HTTP-6632:test:security:webservers::Determining all available Apache modules:
+HTTP-6640:test:security:webservers::Determining existence of specific Apache modules:
+HTTP-6641:test:security:webservers::Determining existence of specific Apache modules:
+#HTTP-6642:test:security:webservers::Determining existence of specific Apache modules:
+HTTP-6643:test:security:webservers::Determining existence of specific Apache modules:
+HTTP-6702:test:security:webservers::Check nginx process:
+HTTP-6704:test:security:webservers::Check nginx configuration file:
+HTTP-6706:test:security:webservers::Check for additional nginx configuration files:
+HTTP-6708:test:security:webservers::Check discovered nginx configuration settings:
+HTTP-6710:test:security:webservers::Check nginx SSL configuration settings:
+HTTP-6712:test:security:webservers::Check nginx access logging:
+HTTP-6714:test:security:webservers::Check for missing error logs in nginx:
+HTTP-6716:test:security:webservers::Check for debug mode on error log in nginx:
+#HTTP-67xx:test:security:webservers::Check nginx virtual hosts:
+#HTTP-67xx:test:security:webservers::Check nginx virtual hosts:
+HTTP-6720:test:security:webservers::Check Nginx log files:
INSE-8002:test:security:insecure_services::Check for enabled inet daemon:
INSE-8004:test:security:insecure_services::Check for enabled inet daemon:
INSE-8006:test:security:insecure_services::Check configuration of inetd when disabled:
@@ -192,7 +214,6 @@ MACF-6204:test:security:mac_frameworks::Check AppArmor presence:
MACF-6208:test:security:mac_frameworks::Check if AppArmor is enabled:
MACF-6232:test:security:mac_frameworks::Check SELINUX presence:
MACF-6234:test:security:mac_frameworks::Check SELINUX status:
-RBAC-6272:test:security:mac_frameworks::Check grsecurity presence:
MACF-6290:test:security:mac_frameworks::Check for implemented MAC framework:
MAIL-8802:test:security:mail_messaging::Check Exim status:
MAIL-8814:test:security:mail_messaging::Check postfix process status:
@@ -308,6 +329,7 @@ PRNT-2314:test:security:printers_spools::Check lpd status:
PRNT-2316:test:security:printers_spools:AIX:Checking /etc/qconfig file:
PRNT-2418:test:security:printers_spools:AIX:Checking qdaemon printer spooler status:
PRNT-2420:test:security:printers_spools:AIX:Checking old print jobs:
+RBAC-6272:test:security:mac_frameworks::Check grsecurity presence:
SCHD-7702:test:security:scheduling::Check status of cron daemon:
SCHD-7704:test:security:scheduling::Check crontab/cronjobs:
SCHD-7718:test:security:scheduling::Check at users:
@@ -366,25 +388,4 @@ TOOL-5102:test:security:tooling::Check for presence of Fail2ban:
TOOL-5104:test:security:tooling::Enabled tests for Fail2ban:
TOOL-5190:test:security:tooling::Check presence of available IDS/IPS tooling:
#VIRT-1920:test::virtualization:Checking VMware guest status:security:
-HTTP-6622:test:security:webservers::Checking Apache presence:
-HTTP-6624:test:security:webservers::Testing main Apache configuration file:
-HTTP-6626:test:security:webservers::Testing other Apache configuration file:
-#HTTP-6628:test:security:webservers::Testing other Apache configuration file:
-#HTTP-6630:test:security:webservers::Determining all loaded Apache modules:
-HTTP-6632:test:security:webservers::Determining all available Apache modules:
-HTTP-6640:test:security:webservers::Determining existence of specific Apache modules:
-HTTP-6641:test:security:webservers::Determining existence of specific Apache modules:
-#HTTP-6642:test:security:webservers::Determining existence of specific Apache modules:
-HTTP-6643:test:security:webservers::Determining existence of specific Apache modules:
-HTTP-6702:test:security:webservers::Check nginx process:
-HTTP-6704:test:security:webservers::Check nginx configuration file:
-HTTP-6706:test:security:webservers::Check for additional nginx configuration files:
-HTTP-6708:test:security:webservers::Check discovered nginx configuration settings:
-HTTP-6710:test:security:webservers::Check nginx SSL configuration settings:
-HTTP-6712:test:security:webservers::Check nginx access logging:
-HTTP-6714:test:security:webservers::Check for missing error logs in nginx:
-HTTP-6716:test:security:webservers::Check for debug mode on error log in nginx:
-#HTTP-67xx:test:security:webservers::Check nginx virtual hosts:
-#HTTP-67xx:test:security:webservers::Check nginx virtual hosts:
-HTTP-6720:test:security:webservers::Check Nginx log files:
# EOF
diff --git a/include/tests_firewalls b/include/tests_firewalls
index cf1e48f2..c51dfe72 100644
--- a/include/tests_firewalls
+++ b/include/tests_firewalls
@@ -360,19 +360,42 @@
# Test : FIRE-4532
# Description : Check Application Firewall in Mac OS X
if [ -x /usr/libexec/ApplicationFirewall/socketfilterfw ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
- Register --test-no FIRE-4532 --weight L --os "MacOS" --preqs-met ${PREQS_MET} --network NO --category security --description "Check Mac OS X application firewall"
+ Register --test-no FIRE-4532 --weight L --os "MacOS" --preqs-met ${PREQS_MET} --network NO --category security --description "Check macOS application firewall"
if [ ${SKIPTEST} -eq 0 ]; then
FIND=$(/usr/libexec/ApplicationFirewall/socketfilterfw --getglobalstate 2> /dev/null | ${GREPBINARY} "Firewall is enabled")
if [ ! -z "${FIND}" ]; then
- Display --indent 2 --text "- Checking Mac OS X: Application Firewall" --result "${STATUS_ENABLED}" --color GREEN
+ Display --indent 2 --text "- Checking macOS: Application Firewall" --result "${STATUS_ENABLED}" --color GREEN
AddHP 3 3
- LogText "Result: application firewall of Mac OS X is enabled"
+ LogText "Result: application firewall of macOS is enabled"
+ FIREWALL_ACTIVE=1
APPLICATION_FIREWALL_ACTIVE=1
+ Report "firewall_software[]=macosx-app-fw"
Report "app_fw[]=macosx-app-fw"
else
- Display --indent 2 --text "- Checking IPFW" --result "${STATUS_DISABLED}" --color YELLOW
+ if IsVerbose; Display --indent 2 --text "- Checking macOS: Application Firewall" --result "${STATUS_DISABLED}" --color YELLOW; fi
+ AddHP 1 3
+ LogText "Result: application firewall of macOS is disabled"
+ fi
+ fi
+#
+#################################################################################
+#
+ # Test : FIRE-4534
+ # Description : Check Little Snitch Daemon on macOS
+ Register --test-no FIRE-4534 --weight L --os "MacOS" --network NO --category security --description "Check for presence of Little Snitch on macOS"
+ if [ ${SKIPTEST} -eq 0 ]; then
+ if [ ! -z "${FIND}" ]; then
+ Display --indent 2 --text "- Checking Little Snitch Daemon" --result "${STATUS_ENABLED}" --color GREEN
+ AddHP 3 3
+ LogText "Result: little Snitch found"
+ FIREWALL_ACTIVE=1
+ APPLICATION_FIREWALL_ACTIVE=1
+ Report "app_fw[]=little-snitch"
+ Report "firewall_software[]=little-snitch"
+ else
+ if IsVerbose; then Display --indent 2 --text "- Checking Little Snitch Daemon" --result "${STATUS_DISABLED}" --color YELLOW; fi
AddHP 1 3
- LogText "Result: application firewall of Mac OS X is disabled"
+ LogText "Result: could not find Little Snitch"
fi
fi
#