Age | Commit message (Collapse) | Author |
|
|
|
|
|
|
|
teoberi/New-test-BOOT-5140---Check-for-ELILO-boot-loader-presence
New test: BOOT-5140 - Check for ELILO boot loader presence
|
|
|
|
|
|
Check for registered non-native binary formats
|
|
Add TestID for ELILO
|
|
Test if loghost is not localhost
|
|
Add support for Solaris services, run BOOT-5184 there
|
|
|
|
Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
|
|
The Solaris IPS service manager (svcs) is now detected, and services
managed with it are enumerated.
Test BOOT-5184 now runs on Solaris, too, as SysV init scripts are
supported as well, even with IPS. SysV Init has been the traditional
init system on Solaris.
|
|
On Solaris, the name loghost can be used to point to remote log servers.
By default loghost is configured to 127.0.0.1, logging to the local
machine.
Thus a new test - LOGG-2153 - is created to test if loghost is not
localhost and LOGG-2154 is modified to ignore @loghost lines if loghost
is localhost.
|
|
|
|
|
|
Add the new test TOOL-5130 (Check for active Suricata daemon) to the tests
database and update the changelog accordingly.
Signed-off-by: Timo Sigurdsson <public_timo.s@silentcreek.de>
|
|
|
|
Check if system uses encrypted swap devices
|
|
Examine /proc/sys/fs/binfmt_misc (Linux) for additional registered
binary formats. Those are probably emulated and their emulation could
be less tested, more buggy and more vulnerable than native binary
formats, so they should be disabled when not needed.
Signed-off-by: Topi Miettinen <toiwoton@gmail.com>
|
|
|
|
AUTH-9218 Improvements
|
|
These two tests are essentially identical. There is no need separate
the DragonFly and FreeBSD tests. This will make it easier to add
support for other BSD systems.
|
|
|
|
|
|
Add test CRYP-7931 to check if the system uses any encrypted swap
devices.
Signed-off-by: Topi Miettinen <toiwoton@gmail.com>
|
|
|
|
Add test for group password hash rounds
|
|
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
|
|
'systemd-analyze security' (available since systemd v240) makes a nice
overall evaluation of hardening levels of services in a system. More
details can be found with 'systemd-analyze security SERVICE' for each
service.
Signed-off-by: Topi Miettinen <toiwoton@gmail.com>
|
|
Check IMA/EVM, dm-integrity and dm-verity statuses
|
|
Check password hashing methods
|
|
Detect tools for dm-integrity and dm-verity, check if some devices
in /dev/mapper/* use them and especially the system root device.
Signed-off-by: Topi Miettinen <toiwoton@gmail.com>
|
|
Check for evmctl (Extended Verification Module) tool and system IMA (Integrity Measurement
Architecture) status.
Signed-off-by: Topi Miettinen <toiwoton@gmail.com>
|
|
Check for running audio-entropyd, havegd or jitterentropy-rngd.
Signed-off-by: Topi Miettinen <toiwoton@gmail.com>
|
|
Manual page crypt(5) gives recommendations for choosing password
hashing methods, so let's check if there are weakly encrypted
passwords in the system.
Signed-off-by: Topi Miettinen <toiwoton@gmail.com>
|
|
Corrected test ID
|
|
'resolvectl statistics' shows if DNSSEC is supported by
systemd-resolved and upstream DNS servers.
Signed-off-by: Topi Miettinen <toiwoton@gmail.com>
|
|
Detect rEFInd boot loader (https://www.rodsbooks.com/refind/).
Signed-off-by: Topi Miettinen <toiwoton@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|