Welcome to mirror list, hosted at ThFree Co, Russian Federation.

github.com/CISOfy/lynis.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/db
AgeCommit message (Collapse)Author
2020-08-08Add macOS EOLClaudia
Apple doesn’t disclose when it stops providing security updates for macOS versions. There’s no consensus on when the exact EOL date is. Lacking that information, I applied the following ruleset, which is driven by what people have observed, and seems pragmatic enough: - From Mac OS X 10.0 through 10.4, a version 10.N would be considered EOL on the day the first patch-level update 10.(N+2).1 for its N+2 successor was released. - Starting with 10.5, Apple began to support three versions at the same time. For 10.5 itself, the EOL date is difficult to pin down so I went with 2011-06-23, the date given by the English-language Wikipedia. - From 10.6 through 10.11, a version 10.N would be considered EOL on the day the first patch-level update 10.(N+3).1 for its N+3 successor was released. - Starting with macOS Sierra (10.12), Lynis counts the patch level. Any version 10.N.P can be considered EOL on the day 10.N.(P+1) is released. If that hasn’t happened, the EOL date is the day 10.(N+3).1 is released. If neither has been released, 10.N.P has no EOL date.
2020-07-09add new test to test databaseSimon Biewald
2020-06-30Corrected Amazon Linux entriesMichael Boelen
Switched entries and added a note. Due to matching by regular expression, the shortest match would otherwise always win.
2020-06-25add SUSE Linux Enterprise Server EOLThomas Sjögren
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
2020-06-22Merge pull request #951 from al-lac/masterMichael Boelen
Update language files (de, de-AT, en)
2020-06-21Added missing colonsMichael Boelen
2020-06-21Added Linux MintMichael Boelen
2020-06-21Reordered itemsMichael Boelen
2020-06-20Update deAlexander L
Sorting
2020-06-20Update enAlexander L
Sorting
2020-06-20Update language files (de, de-AT, en)Alexander Lackner
2020-06-18add RHEL 6,7,8 EOL datesThomas Sjögren
(cherry picked from commit 6ce0aa41c64f8146716de25d613e66cf53f08b0e) Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
2020-06-16update all EOL dates to seconds to epochThomas Sjögren
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
2020-06-15Update db/software-eol.dbThomas Sjögren
Co-authored-by: Jaimie <59117167+Jaimie85@users.noreply.github.com>
2020-06-15add Fedora EOL, update other releasesThomas Sjögren
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
2020-05-20Update nlJaimie
2020-04-12Merge pull request #883 from topimiettinen/check-encrypted-swap-devicesMichael Boelen
Check if system uses encrypted swap devices
2020-04-10Check for registered non-native binary formatsTopi Miettinen
Examine /proc/sys/fs/binfmt_misc (Linux) for additional registered binary formats. Those are probably emulated and their emulation could be less tested, more buggy and more vulnerable than native binary formats, so they should be disabled when not needed. Signed-off-by: Topi Miettinen <toiwoton@gmail.com>
2020-04-06Added Russian translation0xD503
Added Russian localization
2020-04-04Added new test NETW-2400Michael Boelen
2020-04-03Merge pull request #899 from bginsbach/auth-9218Michael Boelen
AUTH-9218 Improvements
2020-04-03Combine AUTH-9218 and AUTH-9489Brian Ginsbach
These two tests are essentially identical. There is no need separate the DragonFly and FreeBSD tests. This will make it easier to add support for other BSD systems.
2020-04-02Added new test PHP-2382Michael Boelen
2020-04-01Added FILE-6394Michael Boelen
2020-03-27Check if system uses encrypted swap devicesTopi Miettinen
Add test CRYP-7931 to check if the system uses any encrypted swap devices. Signed-off-by: Topi Miettinen <toiwoton@gmail.com>
2020-03-24Added new testsMichael Boelen
2020-03-24Merge pull request #880 from konstruktoid/grphashroundsMichael Boelen
Add test for group password hash rounds
2020-03-24add AUTH-9230Thomas Sjögren
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
2020-03-23Run 'systemd-analyze security'Topi Miettinen
'systemd-analyze security' (available since systemd v240) makes a nice overall evaluation of hardening levels of services in a system. More details can be found with 'systemd-analyze security SERVICE' for each service. Signed-off-by: Topi Miettinen <toiwoton@gmail.com>
2020-03-23Merge pull request #878 from topimiettinen/check-ima-evmMichael Boelen
Check IMA/EVM, dm-integrity and dm-verity statuses
2020-03-23Merge pull request #874 from topimiettinen/check-password-hashing-methodsMichael Boelen
Check password hashing methods
2020-03-23Check for dm-integrity and dm-verityTopi Miettinen
Detect tools for dm-integrity and dm-verity, check if some devices in /dev/mapper/* use them and especially the system root device. Signed-off-by: Topi Miettinen <toiwoton@gmail.com>
2020-03-22Check IMA/EVM statusTopi Miettinen
Check for evmctl (Extended Verification Module) tool and system IMA (Integrity Measurement Architecture) status. Signed-off-by: Topi Miettinen <toiwoton@gmail.com>
2020-03-21Check for software pseudo random number generatorsTopi Miettinen
Check for running audio-entropyd, havegd or jitterentropy-rngd. Signed-off-by: Topi Miettinen <toiwoton@gmail.com>
2020-03-21Merge branch 'master' into netbsd-eolMichael Boelen
2020-03-21Check password hashing methodsTopi Miettinen
Manual page crypt(5) gives recommendations for choosing password hashing methods, so let's check if there are weakly encrypted passwords in the system. Signed-off-by: Topi Miettinen <toiwoton@gmail.com>
2020-03-20Add NetBSD EOL dataBrian Ginsbach
2020-03-20Add a way to signify undetermined EOLBrian Ginsbach
Replace setting an artificaly high date and converted date for operating systems with no EOL (rolling) or the EOL is still to be determined. This makes it easier for humans and saves making a comparison (when using an artifically high converted time) will always be false (EOL=0). An example entry os:AGreatOS 2.0::-1: The converted time (seconds since the epoch) could be specified as zero but this typically means the OS is out of date (now), A value of -1 is a convention indicating no EOL.
2020-03-20Shortened CentOS 7/8 strings to allow match and added noteMichael Boelen
2020-03-20Added CentOS 8 end-of-lifeMichael Boelen
2020-03-20Add CentOS 7 (Core)Michael Boelen
2020-03-20Update tests.dbMichael Boelen
Corrected test ID
2020-03-20Check DNSSEC status with resolvectl when availableTopi Miettinen
'resolvectl statistics' shows if DNSSEC is supported by systemd-resolved and upstream DNS servers. Signed-off-by: Topi Miettinen <toiwoton@gmail.com>
2020-03-19Check for rEFInd boot loaderTopi Miettinen
Detect rEFInd boot loader (https://www.rodsbooks.com/refind/). Signed-off-by: Topi Miettinen <toiwoton@gmail.com>
2020-02-15[CRYP-8004] enhanced after pulling in initital testMichael Boelen
2019-10-08Test SINT-7010 in macOS onlypyllyukko
2019-10-08Added new test DBS-1828Michael Boelen
2019-10-08Update description for FILE-6374Michael Boelen
2019-09-12Added additional stringMichael Boelen
2019-09-03Ordering of entriesMichael Boelen
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-09 03:19:50 +0300