| Age | Commit message (Collapse) | Author |
|---|
|
|
|
|
|
|
|
* Handle service names with multiple periods
The current awk filter produces truncated output if the service
name contains multiple periods.
eg. dbus-org.freedesktop.resolve1.service and
dbus-org.freedesktop.network1.service both appear as 'dbus-org' in
the resulting service list.
This change addresses this by filtering on '.service' instead.
* Simplify systemd service filtering
Added systemctl switches to filter the output based on enabled
or running services. This removes the need for one of the awk
statements.
|
|
Adds a test to detect systemd-boot. The 'bootctl' binary is also
added as this is the utility used to inspect the systemd-boot
configuration.
This test is only executed if systemd is installed, the bootctl
utility exists and the system is booted in UEFI mode.
|
|
Not all architectures use a /vmlinuz symlink in Debian. For instance,
armhf systems may only provide a symlink in /boot/vmlinuz. Fall back to
testing /boot/vmlinuz if /vmlinuz is not found.
Signed-off-by: Timo Sigurdsson <public_timo.s@silentcreek.de>
|
|
Currently the check for the security archive in Debian/Ubuntu fails, if
the archive is not hosted on security.{debian,ubuntu}.org and the URL
does have trailing slash, such as this:
deb http://deb.debian.org/debian-security/ stretch/updates main
Change the regular expression to allow for a trailing slash in the URL
when filtering the package sources lists.
Signed-off-by: Timo Sigurdsson <public_timo.s@silentcreek.de>
|
|
* Korean translation for ko-KR
Translation in Korean
* changed ko-KR to ko
|
|
|
|
|
|
|
|
|
|
This test was previously measuring the number of bytes (wc -c)
in the exported JSON which is likely not what was intended and
will lead to false positives anytime the number of bytes exceeds
16.
The export feature is poorly documented and requires the jansson
package on the target system to export as JSON - which may not
always be the case.
Lastly, 16 is an arbitrary and uncessarily high number. A simple
workstation firewall can have only 3 rules and be effective.
This commit makes use of 'nft list ruleset' instead of the export
command, strips out blank lines as well as table & chain headers
before measuring the number of lines in the output. Any result
with more than 3 rules is now considered non-empty. This is more
consistent with the equivalent iptables test case.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
* [AUTH-9252] Adds support for files in sudoers.d
This commit adds permission checks for files found in 'sudoers.d'.
Previously only the main 'sudoers' file is checked. Fixes #600.
* [AUTH-9252] Check drop-in directory permissions
The test case currently only checks file permissions. This adds
logic to check the drop-in directory permissions as well.
* [AUTH-9252] Check file/folder ownership
This test currently only checks file/directory permissions. This
commit adds checks to ensure sudo configuration files/folders are
owned with UID=0 and GID=0.
|
|
* fix for issue #453; simply add RPi/Raspian path to PAM_FILE_LOCATIONS
* Only use data before # to handle inline comments in /etc/resolv.conf.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
https://github.com/CISOfy/lynis/issues/626
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
[AUTH-9282][AUTH-9283] Add support for Red Hat and clones
|
|
Issue is present on busybox ash shell without "command" builtin. Fix
issue by redirecting errors to /dev/null
|
|
Busybox's wget does't provide the -V parameter to get the version, so
redirect stderr to /dev/null to hide the printed error message
|
|
|
|
|
|
|
|
Added detection of Little Snitch alternative firewalls: Hands Off!, LuLu, and Radio Silence.
|
|
|
|
|
