| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2021-09-01 | Added two tests using apk (Alpine Package Keeper) to check for | Steve Kolenich | |
| installed packages and packages that can be upgraded | |||
| 2021-07-20 | Fix: show 'egrep' instead of 'grep' when egrep is missing | Michael Boelen | |
| 2021-07-20 | Replaced tab with space | Michael Boelen | |
| 2021-04-02 | Initial draft for Cmd support | Christian Bourque | |
| 2021-01-07 | Preparation for release 3.0.3 | Michael Boelen | |
| 2020-12-15 | Merge pull request #1064 from Varbin/solaris-ips-svcs | Michael Boelen | |
| Add support for Solaris services, run BOOT-5184 there | |||
| 2020-11-21 | Quote binary variables during SUID/GID enumeration | Simon Biewald | |
| Fixes cisofy/lynis#1078. Signed-off-by: Simon Biewald <sbiewald@fam-biewald.de> | |||
| 2020-10-26 | Add support for Solaris services, run BOOT-5184 there | Simon Biewald | |
| The Solaris IPS service manager (svcs) is now detected, and services managed with it are enumerated. Test BOOT-5184 now runs on Solaris, too, as SysV init scripts are supported as well, even with IPS. SysV Init has been the traditional init system on Solaris. | |||
| 2020-10-22 | add Synology Antivirus Essential malware scanner | Thomas Sjögren | |
| Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com> | |||
| 2020-10-22 | Add translate function for all sections | Stéphane | |
| + add EN and FR up to date languages files | |||
| 2020-07-22 | add Microsoft Defender ATP, malware scanner | Thomas Sjögren | |
| Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com> | |||
| 2020-04-12 | Merge pull request #883 from topimiettinen/check-encrypted-swap-devices | Michael Boelen | |
| Check if system uses encrypted swap devices | |||
| 2020-04-01 | Split count values so they are reported as individual items | Michael Boelen | |
| 2020-03-31 | Enhance binaries report | Topi Miettinen | |
| Report also number of set-uid and set-gid binaries found. Signed-off-by: Topi Miettinen <toiwoton@gmail.com> | |||
| 2020-03-30 | Add NetBSD pkgsrc pkg_info to known binaries | Brian Ginsbach | |
| The NetBSD pkgsrc package management system uses pkg_info for determining information about packages. This is also the command used in PKGS-7302. | |||
| 2020-03-27 | Check if system uses encrypted swap devices | Topi Miettinen | |
| Add test CRYP-7931 to check if the system uses any encrypted swap devices. Signed-off-by: Topi Miettinen <toiwoton@gmail.com> | |||
| 2020-03-24 | Merge pull request #824 from Varbin/master | Michael Boelen | |
| Add detection of OpenNTPD | |||
| 2020-03-24 | Merge pull request #879 from topimiettinen/enhance-tomoyo-check | Michael Boelen | |
| Enhance TOMOYO Linux check | |||
| 2020-03-23 | Enhance TOMOYO Linux check | Topi Miettinen | |
| Count and log unconfined processes, which are not using policy profile 3. Signed-off-by: Topi Miettinen <toiwoton@gmail.com> | |||
| 2020-03-23 | Run 'systemd-analyze security' | Topi Miettinen | |
| 'systemd-analyze security' (available since systemd v240) makes a nice overall evaluation of hardening levels of services in a system. More details can be found with 'systemd-analyze security SERVICE' for each service. Signed-off-by: Topi Miettinen <toiwoton@gmail.com> | |||
| 2020-03-23 | Merge pull request #878 from topimiettinen/check-ima-evm | Michael Boelen | |
| Check IMA/EVM, dm-integrity and dm-verity statuses | |||
| 2020-03-23 | Check for dm-integrity and dm-verity | Topi Miettinen | |
| Detect tools for dm-integrity and dm-verity, check if some devices in /dev/mapper/* use them and especially the system root device. Signed-off-by: Topi Miettinen <toiwoton@gmail.com> | |||
| 2020-03-22 | Check IMA/EVM status | Topi Miettinen | |
| Check for evmctl (Extended Verification Module) tool and system IMA (Integrity Measurement Architecture) status. Signed-off-by: Topi Miettinen <toiwoton@gmail.com> | |||
| 2020-03-21 | Check password hashing methods | Topi Miettinen | |
| Manual page crypt(5) gives recommendations for choosing password hashing methods, so let's check if there are weakly encrypted passwords in the system. Signed-off-by: Topi Miettinen <toiwoton@gmail.com> | |||
| 2020-03-20 | Updated date/year | Michael Boelen | |
| 2020-03-20 | Merge pull request #861 from topimiettinen/enhance-selinux-check | Michael Boelen | |
| Enhance SELinux checks | |||
| 2020-03-20 | Check DNSSEC status with resolvectl when available | Topi Miettinen | |
| 'resolvectl statistics' shows if DNSSEC is supported by systemd-resolved and upstream DNS servers. Signed-off-by: Topi Miettinen <toiwoton@gmail.com> | |||
| 2020-03-19 | Enhance SELinux checks | Topi Miettinen | |
| Display and log: permissive types (rules are not enforced), unconfined processes (not confined by rules) and processes with initrc_t type (generic type with weak rules). Signed-off-by: Topi Miettinen <toiwoton@gmail.com> | |||
| 2020-03-17 | Skip pacman when it is the game instead of package manager | Michael Boelen | |
| 2020-02-21 | add basic xbps/void support | Kevin | |
| 2020-01-08 | add openntpd detection and a few tests for it | Simon Biewald | |
| 2019-12-06 | Style change, add curly brackets | Michael Boelen | |
| 2019-10-22 | don't fail relative paths check with spaces in PATH | Kristian Schuster | |
| 2019-10-13 | add check for disabled coredumps in etc/profile and systemd | Kristian Schuster | |
| 2019-09-21 | Fixed a typo | Michael Boelen | |
| 2019-09-19 | Style improvements | Michael Boelen | |
| 2019-09-13 | Tests using lsof may ignore threads (if supported) | Michael Boelen | |
| 2019-08-21 | Merge pull request #731 from chr0mag/cryp-7930 | Michael Boelen | |
| [CRYP-7930] Modify to use 'lsblk' and 'cryptsetup' | |||
| 2019-08-04 | Added support for swupd (Clear Linux OS) | Michael Boelen | |
| 2019-07-18 | [CRYP-7930] Modify to use 'lsblk' and 'cryptsetup' | Julian Phillips | |
| There are several challenges with the existing method of using /etc/crypttab: 1)encrypted rootfs partitions are not typically listed in this file (users are prompted for password in early boot instead) 2)the 'luks' option is the default option so it is possible for /etc/crypttab entries to never have this set explicitly and any block device configured as such will be missed currently 3)any device mounted manually, or using any other mechanism aside from /etc/crypttab will be missed This commit executes 'cryptsetup isLuks' on every block device in the system to determine whether it is a LUKS device. This handles all 3 cases mentioned above. Test case wording was also updated to reflect the fact that it only checks for LUKS entrypted block devices. So, plain dm-crypt and TrueCrypt/VeraCrypt block device encryption is not detected. Nor is any file system level encryption such as eCryptfs, EncFs, gocryptfs. | |||
| 2019-07-16 | Use -n instead of ! -z | Michael Boelen | |
| 2019-07-14 | Disable testing for other tools, as xxd is not present on all systems by default | Michael Boelen | |
| 2019-07-05 | Only check empty binaries when we did a full scan, as for some commands the ↵ | Michael Boelen | |
| binary scanning is not performed | |||
| 2019-07-01 | When PATH is defined, only locations from variable | Michael Boelen | |
| 2019-06-30 | Security: test PATH and warn or exit on discovery of dangerous location | Michael Boelen | |
| 2019-06-30 | Added check to ensure that common system tools are defined as extra safety ↵ | Michael Boelen | |
| measure | |||
| 2019-06-24 | Added Suricata (IDS) | Michael Boelen | |
| 2019-06-24 | Added Bro (IDS) | Michael Boelen | |
| 2019-04-09 | Corrected lsvg binary detection | Michael Boelen | |
| 2019-04-07 | Detect equery binary | Michael Boelen | |
Welcome to mirror list, hosted at ThFree Co, Russian Federation.
 |
index : github.com/CISOfy/lynis.git | |
| Unnamed repository; edit this file 'description' to name the repository. | www-data |
| summaryrefslogtreecommitdiff |