| Age | Commit message (Collapse) | Author |
|---|
|
|
|
tool to comply instead of determining if it really makes sense. So this suggestion requires more explanation before people turning it on. Also, promisc mode may be impacted, so users see a new issue show up while they just resolved another.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
output format
|
|
|
|
|
|
* fix for issue #453; simply add RPi/Raspian path to PAM_FILE_LOCATIONS
* Only use data before # to handle inline comments in /etc/resolv.conf.
|
|
|
|
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
|
|
|
|
- dhcpd is a server; the client is dhcpcd
- While here, add udhcpc to the list of recognised DHCP clients
|
|
|
|
|
|
|
|
This specifically makes it so that when `/etc/resolv.conf` has one or more nameservers matching `127.0.[0-1].1` it should not warn as it is using local resolvers.
We are simply using `grep -c "127.0.[0-1].1" /etc/resolv.conf` to determine this.
|
|
|
|
and new tests
|
|
|
|
* Description fix: SafePerms works on files not dirs.
All uses of SafePerms are on files (and indeed, it would reject
directories which would have +x set).
* Lots of whitespace cleanups.
Enforce everywhere(?) the same indentations for if/fi blocks.
The standard for the Lynis codebase is 4 spaces. But sometimes
it's 1, sometimes 3, sometimes 8.
These patches standardize all(?) if blocks but _not_ else's (which
are usually indented 2, but sometimes zero); I was too lazy to
identify those (see below).
This diff is giant, but should not change code behavior at all;
diff -w shows no changes apart from whitespace.
FWIW I identified instances to check by using:
perl -ne 'if ($oldfile ne $ARGV) { $.=1; $oldfile=$ARGV; }; chomp; if ($spaces) { next unless /^( *)([^ ]+)/; $newspaces=length($1); $firsttok = $2; next unless defined($firsttok); $offset = ($firsttok eq "elif" ? 0 : 4); if ($newspaces != $spaces + $offset) { print "$ARGV:$ifline\n$ARGV:$.:$_\n\n" }; $ifline=""; $spaces=""; } if (/^( *)if (?!.*[; ]fi)/) { $ifline = "$.:$_"; $spaces = length($1); }' $(find . -type f -print0 | xargs -0 file | egrep shell | cut -d: -f1)
Which produced output like:
./extras/build-lynis.sh:217: if [ ${VERSION_IN_SPECFILE} = "" -o ! "${VERSION_IN_SPECFILE}" = "${LYNIS_VERSION}" ]; then
./extras/build-lynis.sh:218: echo "[X] Version in specfile is outdated"
./plugins/plugin_pam_phase1:69: if [ -d ${PAM_DIRECTORY} ]; then
./plugins/plugin_pam_phase1:70: LogText "Result: /etc/pam.d exists"
...There's probably formal shellscript-beautification tools that
I'm oblivious about.
* More whitespace standardization.
* Fix a syntax error.
This looks like an if [ foo -o bar ]; was converted to if .. elif,
but incompletely.
* Add whitespace before closing ].
Without it, the shell thinks the ] is part of the last string, and
emits warnings like:
.../lynis/include/tests_authentication: line 1028: [: missing `]'
|
|
* Typo fix.
* Style change: always use $(), never ``.
The Lynis code already mostly used $(), but backticks were sprinkled
around. Converted all of them.
* Lots of minor spelling/typo fixes.
FWIW these were found with:
find . -type f -print0 | xargs -0 cat | aspell list | sort -u | egrep '^[a-z]+$' | less
And then reviewing the list to pick out things that looked like
misspelled words as opposed to variables, etc., and then manual
inspection of context to determine the intention.
|
|
|
|
|
|
|
|
|
|
* Default all macOS `OS` names as macOS. Added comments to specify `uname` outputs for better understanding.
* Refactored all `Mac` instances referring to macOS over to `macOS` formatting.
Tested on my own machine, unable to find any errors outside of normal parameters.
|
|
|
|
|
|
Added support for DHCPD
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
displaying on screen
|
|
|
|
|
|
|
|
|
