| Age | Commit message (Collapse) | Author |
|---|
|
are symlinks
|
|
|
|
teoberi/New-test-BOOT-5140---Check-for-ELILO-boot-loader-presence
New test: BOOT-5140 - Check for ELILO boot loader presence
|
|
This fixes issue #1134.
|
|
Add translated status
|
|
|
|
Modify CONF_FILES variable
|
|
|
|
Test for LINUX_VERSION before setting it again
|
|
Add test for ELILO boot loader
|
|
Add support for Solaris services, run BOOT-5184 there
|
|
Test if /etc/grub.d is a directory
|
|
The "new" service manager was included with Solaris 10 and not 11. It is
named "service management facility" (see smf(5) man page).
There is no IPS service manager, the name is only used for the package
manager of OpenSolaris and Solaris 11.
Signed-off-by: Simon Biewald <simon@fam-biewald.de>
|
|
The Solaris IPS service manager (svcs) is now detected, and services
managed with it are enumerated.
Test BOOT-5184 now runs on Solaris, too, as SysV init scripts are
supported as well, even with IPS. SysV Init has been the traditional
init system on Solaris.
|
|
|
|
+ add EN and FR up to date languages files
|
|
This affects:
BOOT-5180, KRNL-5622, KRNL-5788, PKGS-7388, PKGS-7390, PKGS-7394,
PKGS-7366, and PKGS-7420.
|
|
|
|
'systemd-analyze security' (available since systemd v240) makes a nice
overall evaluation of hardening levels of services in a system. More
details can be found with 'systemd-analyze security SERVICE' for each
service.
Signed-off-by: Topi Miettinen <toiwoton@gmail.com>
|
|
Linux is the only OS with systemd so no need to check for systemd
single user mode on other operatings systems.
|
|
|
|
|
|
Fix logging of running and enabled services
|
|
Detect rEFInd boot loader (https://www.rodsbooks.com/refind/).
Signed-off-by: Topi Miettinen <toiwoton@gmail.com>
|
|
Log lines for running and enabled services were mixed up, fix.
Signed-off-by: Topi Miettinen <toiwoton@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
|
* Handle service names with multiple periods
The current awk filter produces truncated output if the service
name contains multiple periods.
eg. dbus-org.freedesktop.resolve1.service and
dbus-org.freedesktop.network1.service both appear as 'dbus-org' in
the resulting service list.
This change addresses this by filtering on '.service' instead.
* Simplify systemd service filtering
Added systemctl switches to filter the output based on enabled
or running services. This removes the need for one of the awk
statements.
|
|
Adds a test to detect systemd-boot. The 'bootctl' binary is also
added as this is the utility used to inspect the systemd-boot
configuration.
This test is only executed if systemd is installed, the bootctl
utility exists and the system is booted in UEFI mode.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
* systemctl does not mean systemd is used
* Check for systemd active
* determine service manager if not already set
|
|
|
|
* fix missing ROOTDIR prefix
* sort list of services before processing
* sort list of certificates before processing
* sort list of startup scripts before processing
* spell check
* remove possessive pronoun
|
|
|
|
and new tests
|
|
|
|
* Description fix: SafePerms works on files not dirs.
All uses of SafePerms are on files (and indeed, it would reject
directories which would have +x set).
* Lots of whitespace cleanups.
Enforce everywhere(?) the same indentations for if/fi blocks.
The standard for the Lynis codebase is 4 spaces. But sometimes
it's 1, sometimes 3, sometimes 8.
These patches standardize all(?) if blocks but _not_ else's (which
are usually indented 2, but sometimes zero); I was too lazy to
identify those (see below).
This diff is giant, but should not change code behavior at all;
diff -w shows no changes apart from whitespace.
FWIW I identified instances to check by using:
perl -ne 'if ($oldfile ne $ARGV) { $.=1; $oldfile=$ARGV; }; chomp; if ($spaces) { next unless /^( *)([^ ]+)/; $newspaces=length($1); $firsttok = $2; next unless defined($firsttok); $offset = ($firsttok eq "elif" ? 0 : 4); if ($newspaces != $spaces + $offset) { print "$ARGV:$ifline\n$ARGV:$.:$_\n\n" }; $ifline=""; $spaces=""; } if (/^( *)if (?!.*[; ]fi)/) { $ifline = "$.:$_"; $spaces = length($1); }' $(find . -type f -print0 | xargs -0 file | egrep shell | cut -d: -f1)
Which produced output like:
./extras/build-lynis.sh:217: if [ ${VERSION_IN_SPECFILE} = "" -o ! "${VERSION_IN_SPECFILE}" = "${LYNIS_VERSION}" ]; then
./extras/build-lynis.sh:218: echo "[X] Version in specfile is outdated"
./plugins/plugin_pam_phase1:69: if [ -d ${PAM_DIRECTORY} ]; then
./plugins/plugin_pam_phase1:70: LogText "Result: /etc/pam.d exists"
...There's probably formal shellscript-beautification tools that
I'm oblivious about.
* More whitespace standardization.
* Fix a syntax error.
This looks like an if [ foo -o bar ]; was converted to if .. elif,
but incompletely.
* Add whitespace before closing ].
Without it, the shell thinks the ] is part of the last string, and
emits warnings like:
.../lynis/include/tests_authentication: line 1028: [: missing `]'
|
|
* Typo fix.
* Style change: always use $(), never ``.
The Lynis code already mostly used $(), but backticks were sprinkled
around. Converted all of them.
* Lots of minor spelling/typo fixes.
FWIW these were found with:
find . -type f -print0 | xargs -0 cat | aspell list | sort -u | egrep '^[a-z]+$' | less
And then reviewing the list to pick out things that looked like
misspelled words as opposed to variables, etc., and then manual
inspection of context to determine the intention.
|
|
|
