Age | Commit message (Collapse) | Author |
|
On Solaris, the name loghost can be used to point to remote log servers.
By default loghost is configured to 127.0.0.1, logging to the local
machine.
Thus a new test - LOGG-2153 - is created to test if loghost is not
localhost and LOGG-2154 is modified to ignore @loghost lines if loghost
is localhost.
|
|
|
|
Switched entries and added a note. Due to matching by regular expression, the shortest match would otherwise always win.
|
|
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
|
|
Update language files (de, de-AT, en)
|
|
|
|
|
|
|
|
Sorting
|
|
Sorting
|
|
|
|
(cherry picked from commit 6ce0aa41c64f8146716de25d613e66cf53f08b0e)
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
|
|
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
|
|
Co-authored-by: Jaimie <59117167+Jaimie85@users.noreply.github.com>
|
|
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
|
|
|
|
Check if system uses encrypted swap devices
|
|
Added Russian localization
|
|
|
|
AUTH-9218 Improvements
|
|
These two tests are essentially identical. There is no need separate
the DragonFly and FreeBSD tests. This will make it easier to add
support for other BSD systems.
|
|
|
|
|
|
Add test CRYP-7931 to check if the system uses any encrypted swap
devices.
Signed-off-by: Topi Miettinen <toiwoton@gmail.com>
|
|
|
|
Add test for group password hash rounds
|
|
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
|
|
'systemd-analyze security' (available since systemd v240) makes a nice
overall evaluation of hardening levels of services in a system. More
details can be found with 'systemd-analyze security SERVICE' for each
service.
Signed-off-by: Topi Miettinen <toiwoton@gmail.com>
|
|
Check IMA/EVM, dm-integrity and dm-verity statuses
|
|
Check password hashing methods
|
|
Detect tools for dm-integrity and dm-verity, check if some devices
in /dev/mapper/* use them and especially the system root device.
Signed-off-by: Topi Miettinen <toiwoton@gmail.com>
|
|
Check for evmctl (Extended Verification Module) tool and system IMA (Integrity Measurement
Architecture) status.
Signed-off-by: Topi Miettinen <toiwoton@gmail.com>
|
|
Check for running audio-entropyd, havegd or jitterentropy-rngd.
Signed-off-by: Topi Miettinen <toiwoton@gmail.com>
|
|
|
|
Manual page crypt(5) gives recommendations for choosing password
hashing methods, so let's check if there are weakly encrypted
passwords in the system.
Signed-off-by: Topi Miettinen <toiwoton@gmail.com>
|
|
|
|
Replace setting an artificaly high date and converted date for
operating systems with no EOL (rolling) or the EOL is still to
be determined. This makes it easier for humans and saves making
a comparison (when using an artifically high converted time)
will always be false (EOL=0).
An example entry
os:AGreatOS 2.0::-1:
The converted time (seconds since the epoch) could be specified as
zero but this typically means the OS is out of date (now), A value
of -1 is a convention indicating no EOL.
|
|
|
|
|
|
|
|
Corrected test ID
|
|
'resolvectl statistics' shows if DNSSEC is supported by
systemd-resolved and upstream DNS servers.
Signed-off-by: Topi Miettinen <toiwoton@gmail.com>
|
|
Detect rEFInd boot loader (https://www.rodsbooks.com/refind/).
Signed-off-by: Topi Miettinen <toiwoton@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|