Welcome to mirror list, hosted at ThFree Co, Russian Federation.

github.com/CISOfy/lynis.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--dev/TODO114
-rw-r--r--extras/README (renamed from dev/README)0
-rw-r--r--extras/bash_completion.d/lynis (renamed from dev/bash_completion.d/lynis)0
-rwxr-xr-xextras/build-lynis.sh (renamed from dev/build-lynis.sh)0
-rwxr-xr-xextras/check-lynis.sh (renamed from dev/check-lynis.sh)0
-rw-r--r--extras/files.dat (renamed from dev/files.dat)0
-rw-r--r--extras/lynis.spec (renamed from dev/lynis.spec)0
-rw-r--r--extras/openbsd/+CONTENTS (renamed from dev/openbsd/+CONTENTS)0
-rw-r--r--extras/systemd/lynis.service23
-rw-r--r--extras/systemd/lynis.timer23
10 files changed, 46 insertions, 114 deletions
diff --git a/dev/TODO b/dev/TODO
deleted file mode 100644
index c9229e1c..00000000
--- a/dev/TODO
+++ /dev/null
@@ -1,114 +0,0 @@
-
-================================================================================
-
- Lynis - To Do
-
-================================================================================
-
- Author: Michael Boelen (michael@rootkit.nl)
- Description: Security and system auditing tool
- Website: http://www.rootkit.nl/projects/lynis.html
- Support policy: See section 'Support' (README file)
- Documentation: See web site, README, FAQ and CHANGELOG file
-
-================================================================================
-
-
-[+] Open issues
--------------------------------
-
-
-[+] Project
--------------------------------
-
-
-[+] General
--------------------------------
- - Activate warning when default profile is being used
- - Add list of manual audit items, depending on performed tests
- - Replace awk instances with ${AWKBINARY}
-
-
-[+] Forensics
--------------------------------
- - Add MD5/SHA1 database
-
-
-[+] Generic Tests
--------------------------------
- - NFS: Check if there is no localhost line in the /etc/export file
- - Check /etc/crontab entries (permissions, locations)
- - Search for all setuid/setgid files and compare against baseline
- - Skel: Red Hat files are hidden, check with ls -al?
- - Add MacOS X test for /tmp dir (or redirect location of symlink)
- - Samba: make sure it does listen only at one interface (not at WAN)
- - Cleanup some tests by combining options (like NETW-3006)
- - Check for latest versions of programs
- - Check if multiple users have group '0'
- - When using --quiet, use long warnings instead of default lines
- - Don't show section headers when using --tests
- - Show Last logon dates for user accounts
- - Show passwords 30 days or older / trivial passwords / password shadowing
- - Show duplicate usernames, UIDs and GIDs
- - System wide policies including: default files creation mask, login timeout intervals, lockout durations...
- - Permissions on selected sensitive files / directories
-
-
-[+] Applications
--------------------------------
- - Debian/Ubuntu: check if apt-listbugs is installed
-
-[+] Databases
--------------------------------
- - Warn if MySQL is running on a network interface
- - Check for empty root login
- - Check Oracle things (tm)
-
-
-[+] Programming languages/interfaces
--------------------------------
- - Paranoid option: set binaries to 750 for perl, python, ruby, cc, gcc, *cc* etc
-
-
-[+] DNS
--------------------------------
- - Bind: check if version is disabled
-
-
-[+] Firewalls
--------------------------------
- - iptables: show chain numbers when rules are unused
-
-
-[+] Shell/interface/X
--------------------------------
- - Check for autolog or timeoutd package
-
-
-[+] MTA
--------------------------------
- - Sendmail: check banner, check file permissions of configuration files
- - Exim: check banner
- - SMTP (if running): check if a version shows up in banner
-
-
-[+] Printers/spools
--------------------------------
- - Printcap consistency check for Linux/Solaris/MacOS
-
-
-[+] Tomcat
--------------------------------
- - Check if iptables has rules for port 8080, 8009, 8443
- - Check if /WEB-INF/ and /META-INF/ are denied in httpd.conf
-
-[+] Reporting
--------------------------------
- - Add possibility to mail directly (instead of log to file)
- - Find audit templates for reporting (direct post to webserver?)
- - Allow bonus points, however check a maximum index score of 100
-
-
-================================================================================
- Lynis - Copyright 2007-2013, Michael Boelen - The Netherlands
- http://www.rootkit.nl
diff --git a/dev/README b/extras/README
index c51df06f..c51df06f 100644
--- a/dev/README
+++ b/extras/README
diff --git a/dev/bash_completion.d/lynis b/extras/bash_completion.d/lynis
index 1492b032..1492b032 100644
--- a/dev/bash_completion.d/lynis
+++ b/extras/bash_completion.d/lynis
diff --git a/dev/build-lynis.sh b/extras/build-lynis.sh
index 7d2dd826..7d2dd826 100755
--- a/dev/build-lynis.sh
+++ b/extras/build-lynis.sh
diff --git a/dev/check-lynis.sh b/extras/check-lynis.sh
index 855f3577..855f3577 100755
--- a/dev/check-lynis.sh
+++ b/extras/check-lynis.sh
diff --git a/dev/files.dat b/extras/files.dat
index 1e46d3a7..1e46d3a7 100644
--- a/dev/files.dat
+++ b/extras/files.dat
diff --git a/dev/lynis.spec b/extras/lynis.spec
index 997a386f..997a386f 100644
--- a/dev/lynis.spec
+++ b/extras/lynis.spec
diff --git a/dev/openbsd/+CONTENTS b/extras/openbsd/+CONTENTS
index d8da54ed..d8da54ed 100644
--- a/dev/openbsd/+CONTENTS
+++ b/extras/openbsd/+CONTENTS
diff --git a/extras/systemd/lynis.service b/extras/systemd/lynis.service
new file mode 100644
index 00000000..e7acdabc
--- /dev/null
+++ b/extras/systemd/lynis.service
@@ -0,0 +1,23 @@
+#################################################################################
+#
+# Lynis service file for systemd
+#
+#################################################################################
+#
+# - Adjust path to link to location where Lynis binary is installed
+# - Place this file together with the timer file in systemd directory
+# - Run: systemctl enable lynis.service
+#
+#################################################################################
+
+[Unit]
+Description=Lynis security audit and vulnerability scan
+
+[Service]
+Nice=19
+IOSchedulingClass=best-effort
+IOSchedulingPriority=7
+Type=simple
+ExecStart=/path/to/lynis -c --cronjob
+
+#EOF \ No newline at end of file
diff --git a/extras/systemd/lynis.timer b/extras/systemd/lynis.timer
new file mode 100644
index 00000000..e0490834
--- /dev/null
+++ b/extras/systemd/lynis.timer
@@ -0,0 +1,23 @@
+#################################################################################
+#
+# Lynis timer file for systemd
+#
+#################################################################################
+#
+# - Place this file together with the service file in systemd directory
+# - Run: systemctl enable lynis.timer
+# systemctl start lynis.service
+#
+#################################################################################
+
+[Unit]
+Description=Daily run for Lynis security audit and vulnerability scan
+
+[Timer]
+OnCalendar=daily
+Persistent=false
+
+[Install]
+WantedBy=timers.target
+
+#EOF \ No newline at end of file
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-17 22:01:23 +0300