From cd632059e0315f156bcabc8763a2018e53008d4c Mon Sep 17 00:00:00 2001 From: Jay Keller <70912302+digitalcheetah@users.noreply.github.com> Date: Sun, 11 Jul 2021 04:39:36 +0000 Subject: Adding OpenRC to boot services detection --- include/tests_boot_services | 3 +++ 1 file changed, 3 insertions(+) diff --git a/include/tests_boot_services b/include/tests_boot_services index 42efc80d..4a5fb3df 100644 --- a/include/tests_boot_services +++ b/include/tests_boot_services @@ -112,6 +112,9 @@ runit) SERVICE_MANAGER="runit" ;; + openrc-init) + SERVICE_MANAGER="openrc" + ;; *) CONTAINS_SYSTEMD=$(echo ${SHORTNAME} | ${GREPBINARY} "systemd") if [ -n "${CONTAINS_SYSTEMD}" ]; then -- cgit v1.2.3 From e7c8b235bb11106a427375da94969b8b0393e07d Mon Sep 17 00:00:00 2001 From: Prajwal Date: Sun, 26 Sep 2021 16:47:02 +0530 Subject: Added Funtoo Linux to osdetection --- include/osdetection | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/include/osdetection b/include/osdetection index a4d3aa41..c91c69ec 100644 --- a/include/osdetection +++ b/include/osdetection @@ -244,6 +244,11 @@ OS_NAME="Flatcar Linux" OS_VERSION=$(grep "^VERSION_ID=" /etc/os-release | awk -F= '{print $2}' | tr -d '"') ;; + "funtoo") + LINUX_VERSION="Funtoo" + OS_FULLNAME="Funtoo Linux" + OS_VERSION="Rolling release" + ;; "garuda") LINUX_VERSION="Garuda" OS_FULLNAME="Garuda Linux" -- cgit v1.2.3 From 9ec4c79ccc83d7fffec5bcbe4cc33e4353f736ea Mon Sep 17 00:00:00 2001 From: David Osipov Date: Fri, 15 Oct 2021 23:34:10 +0300 Subject: Update HAPPY_USERS.md --- HAPPY_USERS.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/HAPPY_USERS.md b/HAPPY_USERS.md index 53677c52..ea959549 100644 --- a/HAPPY_USERS.md +++ b/HAPPY_USERS.md @@ -36,3 +36,5 @@ its development, even after 12+ years! * Catalyst.net IT - January 2020 Lynis gave us great insight in to the security state of our systems, as well as where we can improve. +* David Osipov - October 2021 +Lynis opened my eyes on Linux security hardening best practices. As a newbie, I learn a lot about Linux system architecture while trying to harden my system. -- cgit v1.2.3 From 9819ac4023f2499231f07e93b40ed1cef49f0b19 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Thomas=20Sj=C3=B6gren?= Date: Tue, 26 Oct 2021 10:53:33 +0200 Subject: allow unknown number of spaces in modprobe blacklists MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Thomas Sjögren --- include/tests_filesystems | 15 +++++++-------- include/tests_networking | 4 ++-- 2 files changed, 9 insertions(+), 10 deletions(-) diff --git a/include/tests_filesystems b/include/tests_filesystems index ce93b018..480ba40a 100644 --- a/include/tests_filesystems +++ b/include/tests_filesystems @@ -619,7 +619,6 @@ Display --indent 2 --text "- Mount options of ${FILESYSTEM}" --result "${STATUS_PARTIALLY_HARDENED}" --color YELLOW AddHP 4 5 else - # if if ContainsString "defaults" "${FOUND_FLAGS}"; then LogText "Result: marked ${FILESYSTEM} options as default (not hardened)" Display --indent 2 --text "- Mount options of ${FILESYSTEM}" --result "${STATUS_DEFAULT}" --color YELLOW @@ -838,13 +837,13 @@ fi FIND=$(${LSBINARY} ${ROOTDIR}etc/modprobe.d/* 2> /dev/null) if [ -n "${FIND}" ]; then - FIND1=$(${EGREPBINARY} "blacklist ${FS}" ${ROOTDIR}etc/modprobe.d/* | ${GREPBINARY} -v "#") - FIND2=$(${EGREPBINARY} "install ${FS} /bin/true" ${ROOTDIR}etc/modprobe.d/* | ${GREPBINARY} -v "#") - if [ -n "${FIND1}" ] || [ -n "${FIND2}" ]; then - Display --indent 4 --text "- Module $FS is blacklisted" --result "OK" --color GREEN - LogText "Result: module ${FS} is blacklisted" - fi - fi + FIND1=$(${EGREPBINARY} "^blacklist \+${FS}$" ${ROOTDIR}etc/modprobe.d/* | ${GREPBINARY} -v "#") + FIND2=$(${EGREPBINARY} "^install \+${FS} \+/bin/true$" ${ROOTDIR}etc/modprobe.d/* | ${GREPBINARY} -v "#") + if [ -n "${FIND1}" ] || [ -n "${FIND2}" ]; then + Display --indent 4 --text "- Module $FS is blacklisted" --result "OK" --color GREEN + LogText "Result: module ${FS} is blacklisted" + fi + fi done if [ ${FOUND} -eq 1 ]; then Display --indent 4 --text "- Discovered kernel modules: ${AVAILABLE_MODPROBE_FS}" diff --git a/include/tests_networking b/include/tests_networking index c615e6d0..7faf7125 100644 --- a/include/tests_networking +++ b/include/tests_networking @@ -750,7 +750,7 @@ UNCOMMON_PROTOCOL_DISABLED=0 # First check modprobe.conf if [ -f ${ROOTDIR}etc/modprobe.conf ]; then - DATA=$(${GREPBINARY} "^install ${P} /bin/true" ${ROOTDIR}etc/modprobe.conf) + DATA=$(${GREPBINARY} "^install \+${P} \+/bin/true$" ${ROOTDIR}etc/modprobe.conf) if [ -n "${DATA}" ]; then LogText "Result: found ${P} module disabled via modprobe.conf" UNCOMMON_PROTOCOL_DISABLED=1 @@ -759,7 +759,7 @@ # Then additional modprobe configuration files if [ -d ${ROOTDIR}etc/modprobe.d ]; then # Return file names (-l) and suppress errors (-s) - DATA=$(${GREPBINARY} -l -s "^install ${P} /bin/true" ${ROOTDIR}etc/modprobe.d/*) + DATA=$(${GREPBINARY} -l -s "^install \+${P} \+/bin/true$" ${ROOTDIR}etc/modprobe.d/*) if [ -n "${DATA}" ]; then UNCOMMON_PROTOCOL_DISABLED=1 for F in ${DATA}; do -- cgit v1.2.3 From 161042c0e25511696c5c3c0d5a5bbddcc1ac7ddd Mon Sep 17 00:00:00 2001 From: zhelemysh <81683871+zhelemysh@users.noreply.github.com> Date: Mon, 8 Nov 2021 16:48:34 +0000 Subject: Update ru --- db/languages/ru | 140 ++++++++++++++++++++++++++++---------------------------- 1 file changed, 70 insertions(+), 70 deletions(-) diff --git a/db/languages/ru b/db/languages/ru index bad4123a..fc1500b1 100644 --- a/db/languages/ru +++ b/db/languages/ru @@ -4,7 +4,7 @@ GEN_CHECKING="Проверка" GEN_CURRENT_VERSION="Текущая версия" GEN_DEBUG_MODE="Режим отладки" GEN_INITIALIZE_PROGRAM="Инициализация программы" -#GEN_LATEST_VERSION="Latest version" +GEN_LATEST_VERSION="Последняя версия" GEN_PHASE="Стадия" GEN_PLUGINS_ENABLED="Плагины включены" GEN_UPDATE_AVAILABLE="доступно обновление" @@ -14,94 +14,94 @@ NOTE_EXCEPTIONS_FOUND_DETAILED="Были найдены некоторые ис NOTE_EXCEPTIONS_FOUND="Найдены исключения" NOTE_PLUGINS_TAKE_TIME="Примечание: плагины имеют более обширные тесты и могут занять несколько минут до завершения" NOTE_SKIPPED_TESTS_NON_PRIVILEGED="Тесты пропущены из-за использования непривилегированного режима" -#SECTION_ACCOUNTING="Accounting" -#SECTION_BANNERS_AND_IDENTIFICATION="Banners and identification" -#SECTION_BASICS="Basics" -#SECTION_BOOT_AND_SERVICES="Boot and services" -#SECTION_CONTAINERS="Containers" -#SECTION_CRYPTOGRAPHY="Cryptography" +SECTION_ACCOUNTING="Учёт" +SECTION_BANNERS_AND_IDENTIFICATION="Баннеры и идентификаторы" +SECTION_BASICS="Основное" +SECTION_BOOT_AND_SERVICES="Загрузка и сервисы" +SECTION_CONTAINERS="Контейнеры" +SECTION_CRYPTOGRAPHY="Криптография" SECTION_CUSTOM_TESTS="Пользовательские тесты" -#SECTION_DATABASES="Databases" -#SECTION_DATA_UPLOAD="Data upload" -#SECTION_DOWNLOADS="Downloads" -#SECTION_EMAIL_AND_MESSAGING="Software: e-mail and messaging" -#SECTION_FILE_INTEGRITY="Software: file integrity" -#SECTION_FILE_PERMISSIONS="File Permissions" -#SECTION_FILE_SYSTEMS="File systems" -#SECTION_FIREWALLS="Software: firewalls" -#SECTION_GENERAL="General" -#SECTION_HARDENING="Hardening" -#SECTION_HOME_DIRECTORIES="Home directories" -#SECTION_IMAGE="Image" -#SECTION_INITIALIZING_PROGRAM="Initializing program" -#SECTION_INSECURE_SERVICES="Insecure services" -#SECTION_KERNEL_HARDENING="Kernel Hardening" -#SECTION_KERNEL="Kernel" -#SECTION_LDAP_SERVICES="LDAP Services" -#SECTION_LOGGING_AND_FILES="Logging and files" +SECTION_DATABASES="Базы данных" +SECTION_DATA_UPLOAD="Отправка данных" +SECTION_DOWNLOADS="Загрузки" +SECTION_EMAIL_AND_MESSAGING="Программное обеспечение: e-mail и отправка сообщений" +SECTION_FILE_INTEGRITY="Программное обеспечение: целостность файлов" +SECTION_FILE_PERMISSIONS="Права доступа к файлам" +SECTION_FILE_SYSTEMS="Файловые системы" +SECTION_FIREWALLS="Программное обеспечение: файрвол" +SECTION_GENERAL="Общее" +SECTION_HARDENING="Усиление" +SECTION_HOME_DIRECTORIES="Домашние директории" +SECTION_IMAGE="Образы" +SECTION_INITIALIZING_PROGRAM="Инициализация программы" +SECTION_INSECURE_SERVICES="Небезопасные сервисы" +SECTION_KERNEL_HARDENING="Ядро усилено" +SECTION_KERNEL="Ядро" +SECTION_LDAP_SERVICES="Сервисы LDAP" +SECTION_LOGGING_AND_FILES="Логирование и файлы" SECTION_MALWARE="Вредоносное ПО" SECTION_MEMORY_AND_PROCESSES="Память и процессы" -#SECTION_NAME_SERVICES="Name services" -#SECTION_NETWORKING="Networking" -#SECTION_PERMISSIONS="Permissions" -#SECTION_PORTS_AND_PACKAGES="Ports and packages" -#SECTION_PRINTERS_AND_SPOOLS="Printers and Spools" -#SECTION_PROGRAM_DETAILS="Program Details" -#SECTION_SCHEDULED_TASKS="Scheduled tasks" -#SECTION_SECURITY_FRAMEWORKS="Security frameworks" -#SECTION_SHELLS="Shells" -#SECTION_SNMP_SUPPORT="SNMP Support" -#SECTION_SOFTWARE="Software" -#SECTION_SQUID_SUPPORT="Squid Support" -#SECTION_SSH_SUPPORT="SSH Support" -#SECTION_STORAGE="Storage" -#SECTION_SYSTEM_INTEGRITY="Software: System integrity" -#SECTION_SYSTEM_TOOLING="Software: System tooling" -#SECTION_SYSTEM_TOOLS="System tools" -#SECTION_TIME_AND_SYNCHRONIZATION="Time and Synchronization" -#SECTION_USB_DEVICES="USB Devices" -#SECTION_USERS_GROUPS_AND_AUTHENTICATION="Users, Groups and Authentication" -#SECTION_VIRTUALIZATION="Virtualization" -#SECTION_WEBSERVER="Software: webserver" -#STATUS_ACTIVE="ACTIVE" -#STATUS_CHECK_NEEDED="CHECK NEEDED" -#STATUS_DEBUG="DEBUG" -#STATUS_DEFAULT="DEFAULT" -#STATUS_DIFFERENT="DIFFERENT" +SECTION_NAME_SERVICES="Имена Сервисов" +SECTION_NETWORKING="Сети" +SECTION_PERMISSIONS="Права доступа" +SECTION_PORTS_AND_PACKAGES="Пакеты" +SECTION_PRINTERS_AND_SPOOLS="Принтеры и спулеры" +SECTION_PROGRAM_DETAILS="Подробности о программе" +SECTION_SCHEDULED_TASKS="Запланированные задачи" +SECTION_SECURITY_FRAMEWORKS="Фреймворки" +SECTION_SHELLS="Командные оболочки" +SECTION_SNMP_SUPPORT="Поддержка SNMP" +SECTION_SOFTWARE="Программное обеспечение" +SECTION_SQUID_SUPPORT="Поддержка Squid" +SECTION_SSH_SUPPORT="Поддержка SSH" +SECTION_STORAGE="Хранилище" +SECTION_SYSTEM_INTEGRITY="Программное обеспечение: целостность системы" +SECTION_SYSTEM_TOOLING="SПрограммное обеспечение: системные инструменты" +SECTION_SYSTEM_TOOLS="Системные утилиты" +SECTION_TIME_AND_SYNCHRONIZATION="Время и его синхронизация" +SECTION_USB_DEVICES="USB Устройства" +SECTION_USERS_GROUPS_AND_AUTHENTICATION="Пользователи, группы и Аутентификация" +SECTION_VIRTUALIZATION="Виртуализация" +SECTION_WEBSERVER="Программное обеспечение: веб-сервер" +STATUS_ACTIVE="АКТИВЕН" +STATUS_CHECK_NEEDED="ТРЕБУЕТСЯ ПРОВЕРКА" +STATUS_DEBUG="ОТЛАДКА" +STATUS_DEFAULT="ПО УМОЛЧАНИЮ" +STATUS_DIFFERENT="ОТЛИЧАЕТСЯ" STATUS_DISABLED="ОТКЛЮЧЕНО" STATUS_DONE="Завершено" STATUS_ENABLED="ВКЛЮЧЕНО" STATUS_ERROR="ОШИБКА" -#STATUS_EXPOSED="EXPOSED" -#STATUS_FAILED="FAILED" -#STATUS_FILES_FOUND="FILES FOUND" +STATUS_EXPOSED="УЯЗВИМЫЙ" +STATUS_FAILED="ПРОВАЛЕНО" +STATUS_FILES_FOUND="ФАЙЛЫ НАЙДЕНЫ" STATUS_FOUND="Найдено" -#STATUS_HARDENED="HARDENED" -#STATUS_INSTALLED="INSTALLED" -#STATUS_LOCAL_ONLY="LOCAL ONLY" -#STATUS_MEDIUM="MEDIUM" -#STATUS_NON_DEFAULT="NON DEFAULT" +STATUS_HARDENED="УСИЛЕНО" +STATUS_INSTALLED="УСТАНОВЛЕНО" +STATUS_LOCAL_ONLY="ТОЛЬКО ЛОКАЛЬНО" +STATUS_MEDIUM="СРЕДНИЙ" +STATUS_NON_DEFAULT="НЕ ПО УМОЛЧАНИЮ" STATUS_NONE="Отсутствует" -#STATUS_NOT_CONFIGURED="NOT CONFIGURED" -#STATUS_NOT_DISABLED="NOT DISABLED" -#STATUS_NOT_ENABLED="NOT ENABLED" +STATUS_NOT_CONFIGURED="НЕ СКОНФИГУРИРОВАНО" +STATUS_NOT_DISABLED="НЕ ОТКЛЮЧЕНО" +STATUS_NOT_ENABLED="НЕ ВКЛЮЧЕНО" STATUS_NOT_FOUND="НЕ НАЙДЕНО" STATUS_NOT_RUNNING="НЕ ЗАПУЩЕНО" -#STATUS_NO_UPDATE="NO UPDATE" +STATUS_NO_UPDATE="ОБНОВЛЕНИЙ НЕТ" STATUS_NO="НЕТ" STATUS_OFF="Выключено" STATUS_OK="ОК" STATUS_ON="Включено" -#STATUS_PARTIALLY_HARDENED="PARTIALLY HARDENED" -#STATUS_PROTECTED="PROTECTED" +STATUS_PARTIALLY_HARDENED="ЧАСТИЧНО УСИЛЕНО" +STATUS_PROTECTED="ЗАЩИЩЕНО" STATUS_RUNNING="ЗАПУЩЕНО" STATUS_SKIPPED="ПРОПУЩЕНО" STATUS_SUGGESTION="ПРЕДЛОЖЕНИЕ" STATUS_UNKNOWN="НЕИЗВЕСТНО" -#STATUS_UNSAFE="UNSAFE" -#STATUS_UPDATE_AVAILABLE="UPDATE AVAILABLE" +STATUS_UNSAFE="НЕБЕЗОПАСНО" +STATUS_UPDATE_AVAILABLE="ДОСТУПНЫ ОБНОВЛЕНИЯ" STATUS_WARNING="ПРЕДУПРЕЖДЕНИЕ" -#STATUS_WEAK="WEAK" +STATUS_WEAK="СЛАБЫЙ" STATUS_YES="ДА" TEXT_UPDATE_AVAILABLE="доступно обновление" -TEXT_YOU_CAN_HELP_LOGFILE="Вы можете помочь предоставив ваш лог-файл" +TEXT_YOU_CAN_HELP_LOGFILE="Вы можете помочь, предоставив ваш лог-файл" -- cgit v1.2.3 From cb9b5e034016da49216692078226dec731ed22fe Mon Sep 17 00:00:00 2001 From: zhelemysh <81683871+zhelemysh@users.noreply.github.com> Date: Tue, 9 Nov 2021 14:55:32 +0000 Subject: Update ru fix --- db/languages/ru | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/db/languages/ru b/db/languages/ru index fc1500b1..c24603b6 100644 --- a/db/languages/ru +++ b/db/languages/ru @@ -28,20 +28,20 @@ SECTION_EMAIL_AND_MESSAGING="Программное обеспечение: e-ma SECTION_FILE_INTEGRITY="Программное обеспечение: целостность файлов" SECTION_FILE_PERMISSIONS="Права доступа к файлам" SECTION_FILE_SYSTEMS="Файловые системы" -SECTION_FIREWALLS="Программное обеспечение: файрвол" +SECTION_FIREWALLS="Программное обеспечение: firewall" SECTION_GENERAL="Общее" SECTION_HARDENING="Усиление" SECTION_HOME_DIRECTORIES="Домашние директории" SECTION_IMAGE="Образы" SECTION_INITIALIZING_PROGRAM="Инициализация программы" SECTION_INSECURE_SERVICES="Небезопасные сервисы" -SECTION_KERNEL_HARDENING="Ядро усилено" +SECTION_KERNEL_HARDENING="УСиления ядра" SECTION_KERNEL="Ядро" SECTION_LDAP_SERVICES="Сервисы LDAP" SECTION_LOGGING_AND_FILES="Логирование и файлы" SECTION_MALWARE="Вредоносное ПО" SECTION_MEMORY_AND_PROCESSES="Память и процессы" -SECTION_NAME_SERVICES="Имена Сервисов" +SECTION_NAME_SERVICES="Серверы имён" SECTION_NETWORKING="Сети" SECTION_PERMISSIONS="Права доступа" SECTION_PORTS_AND_PACKAGES="Пакеты" @@ -62,7 +62,7 @@ SECTION_TIME_AND_SYNCHRONIZATION="Время и его синхронизаци SECTION_USB_DEVICES="USB Устройства" SECTION_USERS_GROUPS_AND_AUTHENTICATION="Пользователи, группы и Аутентификация" SECTION_VIRTUALIZATION="Виртуализация" -SECTION_WEBSERVER="Программное обеспечение: веб-сервер" +SECTION_WEBSERVER="Программное обеспечение: веб-серверы" STATUS_ACTIVE="АКТИВЕН" STATUS_CHECK_NEEDED="ТРЕБУЕТСЯ ПРОВЕРКА" STATUS_DEBUG="ОТЛАДКА" @@ -72,7 +72,7 @@ STATUS_DISABLED="ОТКЛЮЧЕНО" STATUS_DONE="Завершено" STATUS_ENABLED="ВКЛЮЧЕНО" STATUS_ERROR="ОШИБКА" -STATUS_EXPOSED="УЯЗВИМЫЙ" +STATUS_EXPOSED="УЯЗВИМО" STATUS_FAILED="ПРОВАЛЕНО" STATUS_FILES_FOUND="ФАЙЛЫ НАЙДЕНЫ" STATUS_FOUND="Найдено" -- cgit v1.2.3 From c45e502796c822694afb7feb54c4aa9448b085a8 Mon Sep 17 00:00:00 2001 From: Lahfa Samy Date: Tue, 16 Nov 2021 22:28:10 +0100 Subject: Add Garuda Linux to audit package test tool --- include/tests_ports_packages | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/tests_ports_packages b/include/tests_ports_packages index 2f0b98da..e757bd0a 100644 --- a/include/tests_ports_packages +++ b/include/tests_ports_packages @@ -296,7 +296,7 @@ # # Test : PKGS-7320 # Description : Check available of arch-audit - if [ "${OS_FULLNAME}" = "Arch Linux" ] || [ "${OS_FULLNAME}" = "Arch Linux 32" ]; then PREQS_MET="YES"; SKIPREASON=""; else PREQS_MET="NO"; SKIPREASON="Test only applies to Arch Linux"; fi + if [ "${OS_FULLNAME}" = "Arch Linux" ] || [ "${OS_FULLNAME}" = "Arch Linux 32" ] || [ "${OS_FULLNAME}" = "Garuda Linux" ]; then PREQS_MET="YES"; SKIPREASON=""; else PREQS_MET="NO"; SKIPREASON="Test only applies to Arch Linux and Garuda Linux"; fi Register --test-no PKGS-7320 --os "Linux" --preqs-met ${PREQS_MET} --skip-reason "${SKIPREASON}" --weight L --network NO --category security --description "Checking for arch-audit tooling" if [ ${SKIPTEST} -eq 0 ]; then if [ -z "${ARCH_AUDIT_BINARY}" ]; then -- cgit v1.2.3