Welcome to mirror list, hosted at ThFree Co, Russian Federation.

github.com/CISOfy/lynis.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--CHANGELOG.md1
-rw-r--r--db/tests.db1
-rw-r--r--include/tests_tooling27
3 files changed, 29 insertions, 0 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 69123178..8f930e8c 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -4,6 +4,7 @@
### Added
- AUTH-9284 - Scan for locked user accounts in /etc/passwd
+- TOOL-5130 - Check for active Suricata daemon
- Detection of Flatcar, Mageia, ROSA Linux, SLES (extended), Void Linux, Zorin OS
- Alpine, macOS and Mageia EOL dates
diff --git a/db/tests.db b/db/tests.db
index 6efe1a1a..6513bb0b 100644
--- a/db/tests.db
+++ b/db/tests.db
@@ -426,6 +426,7 @@ TOOL-5102:test:security:tooling::Check for presence of Fail2ban:
TOOL-5104:test:security:tooling::Enabled tests for Fail2ban:
TOOL-5120:test:security:tooling::Presence of Snort IDS:
TOOL-5122:test:security:tooling::Snort IDS configuration file:
+TOOL-5130:test:security:tooling::Check for active Suricata daemon:
TOOL-5160:test:security:tooling::Check for active OSSEC daemon:
TOOL-5190:test:security:tooling::Check presence of available IDS/IPS tooling:
USB-1000:test:security:storage:Linux:Check if USB storage is disabled:
diff --git a/include/tests_tooling b/include/tests_tooling
index 26870934..15475c61 100644
--- a/include/tests_tooling
+++ b/include/tests_tooling
@@ -373,6 +373,33 @@
#
#################################################################################
#
+ # Test : TOOL-5130
+ # Description : Check for Suricata
+ Register --test-no TOOL-5130 --weight L --network NO --category security --description "Check for active Suricata daemon"
+ if [ ${SKIPTEST} -eq 0 ]; then
+ # Suricata presence
+ if [ -n "${SURICATABINARY}" ]; then
+ Report "ids_ips_tooling[]=suricata"
+ LogText "Result: Suricata is installed (${SURICATABINARY})"
+ # Suricata status
+ # Suricata sets its process name to Suricata-Main on Linux, but this might differ on other platforms,
+ # so fall back to checking the full commandline instead if the first test fails
+ if IsRunning "Suricata-Main" || IsRunning --full "${SURICATABINARY} "; then
+ # Only satisfy test TOOL-5190 if Suricata is actually running
+ IDS_IPS_TOOL_FOUND=1
+ LogText "Result: Suricata daemon is active"
+ Display --indent 2 --text "- Checking Suricata status" --result "${STATUS_RUNNING}" --color GREEN
+ else
+ LogText "Result: Suricata daemon not active"
+ Display --indent 2 --text "- Checking Suricata status" --result "${STATUS_NOT_RUNNING}" --color YELLOW
+ fi
+ else
+ LogText "Result: Suricata not installed (suricata not found)"
+ fi
+ fi
+#
+#################################################################################
+#
# Test : TOOL-5160
# Description : Check for OSSEC
Register --test-no TOOL-5126 --weight L --network NO --category security --description "Check for active OSSEC daemon"
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-20 02:51:45 +0300