From 231582ac534f4608fbf3cd5056adcd65be547bb9 Mon Sep 17 00:00:00 2001 From: mboelen Date: Thu, 2 Oct 2014 15:15:19 +0200 Subject: Added systemd service script and timer (as replacement for cronjob) --- extras/README | 9 + extras/bash_completion.d/lynis | 76 +++++++++ extras/build-lynis.sh | 377 +++++++++++++++++++++++++++++++++++++++++ extras/check-lynis.sh | 4 + extras/files.dat | 33 ++++ extras/lynis.spec | 135 +++++++++++++++ extras/openbsd/+CONTENTS | 90 ++++++++++ extras/systemd/lynis.service | 23 +++ extras/systemd/lynis.timer | 23 +++ 9 files changed, 770 insertions(+) create mode 100644 extras/README create mode 100644 extras/bash_completion.d/lynis create mode 100755 extras/build-lynis.sh create mode 100755 extras/check-lynis.sh create mode 100644 extras/files.dat create mode 100644 extras/lynis.spec create mode 100644 extras/openbsd/+CONTENTS create mode 100644 extras/systemd/lynis.service create mode 100644 extras/systemd/lynis.timer (limited to 'extras') diff --git a/extras/README b/extras/README new file mode 100644 index 00000000..c51df06f --- /dev/null +++ b/extras/README @@ -0,0 +1,9 @@ + +================================================================================ + + This directory contains tools for: + - Easy building customized packages + - Integrity checks and tools + - Development tools + +================================================================================ \ No newline at end of file diff --git a/extras/bash_completion.d/lynis b/extras/bash_completion.d/lynis new file mode 100644 index 00000000..1492b032 --- /dev/null +++ b/extras/bash_completion.d/lynis @@ -0,0 +1,76 @@ +# bash completion for lynis + +# version 1.0.0 (22 September 2014) +# Michael Boelen + +# lynis(8) completion +_lynis() +{ + local cur prev + # opts nodig nosig + + COMPREPLY=() + _get_comp_words_by_ref cur prev + + if [ $COMP_CWORD -eq 1 ]; then + # first parameter on line + case $cur in + -*) + COMPREPLY=( $( compgen -W '--check-all --help --info --version' -- "$cur" ) ) + ;; + *) + COMPREPLY=( $( compgen -W '--check-all --help --info --version' -- "$cur" ) ) + ;; + esac + + return 0 + fi + + case $prev in + --auditor) + COMPREPLY=( '"Mr. Auditor"' ) + return 0 + ;; + --check-update|--help|--info|--version) + # all other options are noop with this command + return 0 + ;; + --logfile) + COMPREPLY=( 'myfile.log' ) + return 0 + ;; + --plugin-dir) + _filedir -d + return 0 + ;; + --profile) + COMPREPLY=( 'default.prf' ) + return 0 + ;; + --tests) + COMPREPLY=( '"TEST-0001 TEST-0002 TEST-0003"' ) + return 0 + ;; + --tests-category) + COMPREPLY=( '"accounting authentication"' ) + return 0 + ;; + *) + COMPREPLY=( $( compgen -W ' \ + --auditor --cronjob --debug --quick --quiet --logfile --no-colors --no-log --pentest --reverse-colors \ + --tests --tests-category --upload --view-categories' -- "$cur" ) ) + ;; + esac + + return 0 +} + +complete -F _lynis lynis + +# Local variables: +# mode: shell-script +# sh-basic-offset: 4 +# sh-indent-comment: t +# indent-tabs-mode: nil +# End: +# ex: ts=4 sw=4 et filetype=sh diff --git a/extras/build-lynis.sh b/extras/build-lynis.sh new file mode 100755 index 00000000..7d2dd826 --- /dev/null +++ b/extras/build-lynis.sh @@ -0,0 +1,377 @@ +#!/bin/sh + +######################################################################### +# +# Builds Lynis distribution +# +# Usage: this script creates Lynis builds +# +# *** NOTE *** +# This script is not fully functional yet, several options like digital +# signing, RPM/DEB package creation are missing. +# +######################################################################### +# +# Options: + + echo "[*] Activity [V] Succesful [X] Error [=] Result" + echo "" + + # Umask used when creating files/directories + OPTION_UMASK="027" + + # Directory name used to create package related directories (like /usr/local/include/lynis) + OPTION_PACKAGE_DIRNAME="lynis" + + # Binary to test + OPTION_BINARY_FILE="../lynis" + + # Check number of parameters + if [ $# -eq 0 ]; then + echo "[X] This build tool needs at least a version number (--version). Use --help for all parameters." + exit 1 + fi + + # Check parameters + case $1 in + --help) + echo "Define version:" + echo "--version 1.2.3" + exit 1 + ;; + --version) + shift + LYNIS_VERSION=$1 + ;; + *) + echo "[X] Incorrect parameter" + exit 1 + ;; + esac + +# +######################################################################### +# +# Functions: + + # Clean temporary files up + CleanUp() + { + if [ ! "${TMPDIR}" = "" -a -d "${TMPDIR}" ]; then + rm -rf ${TMPDIR} + fi + } + + Exit() + { + CleanUp + exit 0 + } + ExitFatal() + { + CleanUp + exit 1 + } +# +######################################################################### +# + + # Clean files up if we get interrupted + trap CleanUp INT + +# +######################################################################### +# + MYUSER=`whoami` + if [ "${MYUSER}" = "" ]; then + echo "[X] Could not determine user" + fi + if [ "${MYUSER}" = "root" ]; then + echo "[X] This script should not be executed as root" + fi + + + MYWORKDIR=`pwd | awk -F / '{ for (i=1;i<=NF-2;i++){ printf $i"/" }; printf "\n"}' | sed 's./$..'` + if [ ! -d ${MYWORKDIR} ]; then + echo "[X] Could not determine workdir (result: ${MYWORKDIR} seems invalid)" + ExitFatal + else + echo "[=] workdir: ${MYWORKDIR}" + fi + + + MYBUILDDIR="/home/${MYUSER}/lynis-build" + if [ ! -d ${MYBUILDDIR} ]; then + echo "[X] ${MYBUILDDIR} not found" + echo " Hint: create it with mkdir ${MYBUILDDIR}" + ExitFatal + else + echo "[=] builddir: ${MYBUILDDIR}" + fi + + NEEDED_DIRS="debbuild rpmbuild rpmbuild/BUILD rpmbuild/BUILDROOT rpmbuild/RPMS rpmbuild/SOURCES rpmbuild/SRPMS" + for I in ${NEEDED_DIRS}; do + if [ ! -d "${MYBUILDDIR}/${I}" ]; then + echo "[X] Missing directory: ${MYBUILDDIR}/${I}" + echo " Hint: create subdirs with cd ${MYBUILDDIR} && mkdir -p ${NEEDED_DIRS}" + ExitFatal + fi + done + + DEBWORKDIR="${MYBUILDDIR}/debbuild" + RPMWORKDIR="${MYBUILDDIR}/rpmbuild" + echo "[=] RPM workdir: ${RPMWORKDIR}" + #echo "Use: cd ${MYBUILDDIR} && mkdir rpm" + + + # Check binaries + + GITBUILDPACKAGEBINARY=`which git-buildpackage` + if [ ! "${GITBUILDPACKAGEBINARY}" = "" ]; then + echo "[=] git-buildpackage = ${GITBUILDPACKAGEBINARY}" + else + echo "[X] Can not find git-buildpackage binary" + echo " Hint: install git-buildpackage" + ExitFatal + fi + + RPMBUILDBINARY=`which rpmbuild` + if [ ! "${RPMBUILDBINARY}" = "" ]; then + echo "[=] rpmbuild = ${RPMBUILDBINARY}" + else + echo "[X] Can not find rpmbuild binary" + echo " Hint: install rpmbuild" + ExitFatal + fi + + + # Set umask + umask ${OPTION_UMASK} + if [ $? -eq 0 ]; then + echo "[V] Setting umask to ${OPTION_UMASK}" + else + echo "[X] Could not set umask" + ExitFatal + fi + + # Check if we are in dev directory + if [ -f ../lynis -a -f ./build-lynis.sh ]; then + echo "[V] Active in proper directory" + else + echo "[X] This script should be executed from dev directory itself" + ExitFatal + fi + + + + +#=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= + + # Create temporary build directory + TMPDIR=`mktemp -d /tmp/lynis-BUILDROOT.XXXXXX` + if [ $? -eq 0 ]; then + echo "[V] Creating temporary build directory" + #echo " BUILDROOT: ${TMPDIR}" + else + echo "[X] Could not create temporary build directory" + ExitFatal + fi + +#=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= + + echo "[*] Starting with building tarball" + + TARBALL="${MYBUILDDIR}/lynis_${LYNIS_VERSION}.orig.tar.gz" + #if [ -f ${TARBALL} ]; then + # echo "[X] Tarball already exists " + # echo " Hint: remove ${TARBALL}" + # ExitFatal + #fi + + # Create tarball + tar -C ${MYWORKDIR} --exclude=debian --exclude=README.md --exclude=.bzr* --exclude=.git* -c -z -f ${TARBALL} lynis 2> /dev/null + + if [ -f ${TARBALL} ]; then + echo "[V] Tarball created" + else + echo "[X] Tarball ${TARBALL} could not be created" + ExitFatal + fi + + TARBALL_MD5=`md5sum ${TARBALL}` + TARBALL_SHA1=`sha1sum ${TARBALL}` + + echo "[*] Starting with RPM building process" + + # RPM creation + SOURCEFILE_RPM="${RPMWORKDIR}/SOURCES/lynis-${LYNIS_VERSION}.tar.gz" + if [ -f ${SOURCEFILE_RPM} ]; then + if [ -f lynis.spec ]; then + # adjust version in spec file + VERSION_IN_SPECFILE=`cat lynis.spec | grep "^Version:" | sed 's/ //g' | awk -F: '{ print $2 }'` + echo "[=] Found version ${VERSION_IN_SPECFILE}" + if [ ${VERSION_IN_SPECFILE} = "" -o ! "${VERSION_IN_SPECFILE}" = "${LYNIS_VERSION}" ]; then + echo "[X] Version in specfile is outdated" + ExitFatal + fi + echo "[*] Start RPM building" + #${RPMBUILDBINARY} --quiet -ba -bl lynis.spec 2> /dev/null + else + echo "[X] lynis.spec not found" + ExitFatal + fi + + RPMFILE="${RPMWORKDIR}/RPMS/noarch/lynis-${LYNIS_VERSION}-1.noarch.rpm" + if [ -f ${RPMFILE} ]; then + echo "[V] Building RPM succesful!" + else + echo "[X] Could not find RPM file, most likely failed" + echo " Expected: ${RPMFILE}" + ExitFatal + fi + else + echo "[X] Could not find source file (${SOURCEFILE_RPM})" + echo " Hint: cp ${SOURCEFILE_RPM}" + ExitFatal + fi + + echo "[*] Starting with DEB building process" + + DEBCHANGELOGFULLVERSION=`head -1 ../debian/changelog | awk '{ print $2 }' | sed 's/(//' | sed 's/)//'` + DEBCHANGELOGVERSION=`echo ${DEBCHANGELOGFULLVERSION} | awk -F- '{ print $1 }'` + DEBCHANGELOGVERSIONREV=`echo ${DEBCHANGELOGFULLVERSION} | awk -F- '{ print $2 }'` + if [ "${LYNIS_VERSION}" = "${DEBCHANGELOGVERSION}" ]; then + echo "[V] Debian/changelog up-to-date" + else + echo "[X] Debian/changelog outdated" + ExitFatal + fi + +# BZRSTATUS=`${BZRBINARY} status . 2>&1 > /dev/null; echo $?` +# if [ "${BZRSTATUS}" = "0" ]; then +# echo "[V] bzr has proper directory tree" +# DEBCHANGELOGFULLVERSION=`head -1 debian/changelog | awk '{ print $2 }' | sed 's/(//' | sed 's/)//'` +# DEBCHANGELOGVERSION=`echo ${DEBCHANGELOGFULLVERSION} | awk -F- '{ print $1 }'` +# DEBCHANGELOGVERSIONREV=`echo ${DEBCHANGELOGFULLVERSION} | awk -F- '{ print $2 }'` +# echo "[=] Version in Debian changelog: ${DEBCHANGELOGVERSION} (revision: ${DEBCHANGELOGVERSIONREV})" +# if [ "${LYNIS_VERSION}" = "${DEBCHANGELOGVERSION}" ]; then +# echo "[V] Debian/changelog up-to-date" +# else +# echo "[X] Debian/changelog outdated" +## ExitFatal +# fi +# # execute command +# # bzr builddeb . --build-dir ${DEBWORKDIR}/build-area/ --result-dir ${DEBWORKDIR} +# elif [ "${BZRSTATUS}" = "3" ]; then +# echo "[X] Tree is not initialized for BZR" +# echo " Hint: run bzr init while being in lynis directory (or bzr init ..)" +# ExitFatal +# else +# echo "[X] Unknown error" +# echo "Output: ${BZRSTATUS}" +# fi + + cd .. + ${GITBUILDPACKAGEBINARY} --git-tarball-dir=${MYBUILDDIR} --git-export-dir=${DEBWORKDIR} + cd ${MYWORKDIR} + + + + echo "[V] Done" + echo "" + echo "---------------------------------------------" + echo "RPM file: ${RPMFILE}" + echo "Tarball: ${TARBALL}" + echo "Tarball (SHA1): ${TARBALL_SHA1}" + echo "" + + + +#===================================================================== + +# Stop the script at this stage, rest is under development +Exit + +#===================================================================== + + + + + + + + + + + + + +#=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= + + # Test script for errors + echo -n "- Test Lynis script " + + # Is file there? + if [ ! -f ${OPTION_BINARY_FILE} ]; then echo "BAD (can't find ${OPTION_BINARY_FILE})"; exit 1; fi + + # Check script + FIND=`sh -n ${OPTION_BINARY_FILE} ; echo $?` + if [ $FIND -eq 0 ]; then + echo "OK" + else + echo "BAD" + fi + +#=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= + + # Create SHA1 hashes + echo -n "- Create SHA1 hashes " + SHA1HASH_LYNIS=`grep -v '^#' ${OPTION_BINARY_FILE} | sha1` + echo "DONE" + echo " Lynis (SHA1): ${SHA1HASH_LYNIS}" + + # Add hashes to script + echo -n "- Injecting SHA1 hash into Lynis script " + echo "-NOT DONE-" + +#=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= + + echo -n "- Cleaning up OpenBSD package build... " + if [ -f openbsd/+CONTENTS ]; then rm openbsd/+CONTENTS; fi + echo "DONE" + OPENBSD_CONTENTS="openbsd/+CONTENTS" + +#=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= + + echo -n "- Creating MD5 hashes..." + PACKAGE_LIST_FILES=`cat files.dat | grep "^file:" | cut -d ':' -f3` + + for I in ${PACKAGE_LIST_FILES}; do + + echo -n "${I} " + #FULLNAME=`cat files.dat | grep ":file:include: + #echo "${FULLNAME}" >> ${OPENBSD_CONTENTS} + echo "${I}" >> ${OPENBSD_CONTENTS} + FILE="../${I}" + MD5HASH=`md5 -q ${FILE}` + echo "@md5 ${MD5HASH}" >> ${OPENBSD_CONTENTS} + echo "@size 0000" >> ${OPENBSD_CONTENTS} + done + echo "" + + + + +#=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= + + echo -n "- Cleaning up... " + + # Exit cleanly + Exit + + echo "DONE" + +#=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= + +# The End! + diff --git a/extras/check-lynis.sh b/extras/check-lynis.sh new file mode 100755 index 00000000..855f3577 --- /dev/null +++ b/extras/check-lynis.sh @@ -0,0 +1,4 @@ +#!/bin/sh + +# Check for double ID numbers +grep -r Register .. | awk '{ if($2=="Register") { print $4 } }' | sort | uniq -c | awk '{ if ($1!=1) { print $2 } }' diff --git a/extras/files.dat b/extras/files.dat new file mode 100644 index 00000000..1e46d3a7 --- /dev/null +++ b/extras/files.dat @@ -0,0 +1,33 @@ +file/dir:type:filename:prefix:filename +file:doc:CHANGELOG:CHANGELOG +file:doc:FAQ:FAQ +file:doc:INSTALL:INSTALL +file:doc:LICENSE:LICENSE +file:doc:README:README +file:doc:TODO:TODO +file:example:default.prf:default.prf +file:bin:lynis:/usr/bin:lynis +file:man:lynis.8:lynis.8 +dir:extra:contrib:contrib +dir:include:include::/usr/local:include +file:include:include/functions:/usr/local:include/lynis/functions +file:include:include/osdetection:/usr/local:include/lynis/osdetection +file:include:include/consts:/usr/local:include/lynis/consts +file:include:include/parameters:/usr/local:include/lynis/parameters +file:include:include/profiles:/usr/local:include/lynis/profiles +file:include:include/tests_ports_packages:/usr/local:include/lynis/tests_ports_packages +file:include:include/tests_boot_services:/usr/local:include/lynis/tests_boot_services +file:include:include/tests_filesystems:/usr/local:include/lynis/tests_filesystems +file:include:include/tests_networking:/usr/local:include/lynis/tests_networking +file:include:include/tests_memory_processes:/usr/local:include/lynis/tests_memory_processes +file:include:include/tests_kernel:/usr/local:include/lynis/tests_kernel +file:include:include/tests_logging:/usr/local:include/lynis/tests_logging +file:include:include/tests_authentication:/usr/local:include/lynis/tests_authentication +file:include:include/tests_firewalls:/usr/local:include/lynis/tests_firewalls +file:include:include/tests_homedirs:/usr/local:include/lynis/tests_homedirs +file:include:include/tests_shells:/usr/local:include/lynis/tests_shells +file:include:include/tests_printers_spools:/usr/local:include/lynis/tests_printers_spools +file:include:include/tests_file_integrity:/usr/local:include/lynis/tests_file_integrity +file:include:include/tests_accounting:/usr/local:include/lynis/tests_accounting +file:include:include/tests_banners:/usr/local:include/lynis/tests_banners +file:include:include/tests_mail_messaging:/usr/local:include/lynis/tests_mail_messaging diff --git a/extras/lynis.spec b/extras/lynis.spec new file mode 100644 index 00000000..997a386f --- /dev/null +++ b/extras/lynis.spec @@ -0,0 +1,135 @@ +################################################################################# +# +# Lynis spec file +# ----------------- +# +# Usage: +# - Adjust version number (Version:) +# - Check if you have the directories in your home directory (or adjust topdir) +# - rpmbuild -ba lynis.spec +# +# If RPM building fails, check the required tools to build packages. +# +################################################################################# +# +# (c) 2014 Michael Boelen +# +# Website: http://cisofy.com/ +# +################################################################################# + +# Build in home directory of the user +%define _topdir %{getenv:HOME}/lynis-build/rpmbuild +%define _includedir /usr/share/lynis/include +%define _pluginsdir /usr/share/lynis/plugins +%define _dbdir /usr/share/lynis/db +%define _bindir /usr/bin + +Summary: Security and system auditing tool. +Name: lynis +Version: 1.6.2 +Release: 1 +License: GPL +Group: Applications/System +Source: lynis-%{version}.tar.gz +BuildRoot: /tmp/lynis-root +URL: http://cisofy.com/ +Vendor: CISOfy / Michael Boelen +Packager: Michael Boelen +BuildArch: noarch + +%description +Lynis is a security tool to audit and harden Unix/Linux based systems. It scans a +system and provides the user with suggestion and warnings regarding taken security +measures. Examples include: + - Security enhancements + - Logging and auditing options + - Banner identification + - Software availability + - Missing security patches + +Lynis is released as a GPLv3 licensed project and free for everyone to use. + +See http://cisofy.com for a full description and documentation. + +%prep +[ "$RPM_BUILD_ROOT" != "/" ] && rm -rf "$RPM_BUILD_ROOT" +mkdir $RPM_BUILD_ROOT + +# Make directory with our name, instead of with version +%setup -n lynis +#%setup + +#%patch + +%build + +%install +# Install profile +install -d ${RPM_BUILD_ROOT}/etc/lynis +install default.prf ${RPM_BUILD_ROOT}/etc/lynis +# Install binary +install -d ${RPM_BUILD_ROOT}/%{_bindir} +install lynis ${RPM_BUILD_ROOT}/%{_bindir} +# Install man page +install -d ${RPM_BUILD_ROOT}/%{_mandir}/man8 +install lynis.8 ${RPM_BUILD_ROOT}/%{_mandir}/man8 +# Install functions/includes +install -d ${RPM_BUILD_ROOT}%{_includedir} +install include/* ${RPM_BUILD_ROOT}%{_includedir} +# Install plugins +install -d ${RPM_BUILD_ROOT}%{_pluginsdir} +install plugins/* ${RPM_BUILD_ROOT}%{_pluginsdir} +# Install database files +install -d ${RPM_BUILD_ROOT}%{_dbdir} +install db/* ${RPM_BUILD_ROOT}%{_dbdir} + + +# Patch default paths (not required for 1.1.2+) +#sed -i -e 's#INCLUDEDIR="include"#INCLUDEDIR="%{_includedir}"#g' ${RPM_BUILD_ROOT}/usr/bin/lynis +#sed -i -e 's#PROFILE="default.prf"#PROFILE="/etc/lynis/default.prf"#g' ${RPM_BUILD_ROOT}/usr/bin/lynis + +%clean +[ "$RPM_BUILD_ROOT" != "/" ] && rm -rf "$RPM_BUILD_ROOT" + +%files +%defattr(644,root,root,755) +# Binaries +%attr(755, root, root) %{_bindir}/lynis +# Man page and docs +%doc CHANGELOG FAQ LICENSE README +%doc %{_mandir}/man8/lynis.8.gz +# Default profile +/etc/lynis/default.prf +# Databases, functions, plugins +%{_dbdir}/* +%{_includedir}/* +%{_pluginsdir}/* +#%attr(644, root, root) %{_dbdir}/* +#%attr(644, root, root) %{_includedir}/* +#%attr(644, root, root) %{_plugindir} +#%attr(644, root, root) %{_plugindir}/* + +%changelog +* Sun Sep 14 2014 Michael Boelen - 1.1.8-1 +- Changed permissions with regards of pentest option + +* Tue Dec 10 2013 Michael Boelen - 1.1.7-1 +- Adjusted website and referenced in documentation + +* Wed Dec 04 2013 Michael Boelen - 1.1.6-1 +- Adjusted version number, removed TODO file and adjusted permissions + +* Mon Jun 16 2008 Michael Boelen - 1.1.5-1 +- Fixed database dir variable and setup section + +* Sat May 31 2008 Michael Boelen - 1.1.4-1 +- Added _dbdir + +* Sun May 11 2008 Michael Boelen - 1.1.2-1 +- Added _pluginsdir, disabled patches + +* Sat Mar 08 2008 Michael Boelen - 1.0.8-1 +- initial .spec file + +# The End diff --git a/extras/openbsd/+CONTENTS b/extras/openbsd/+CONTENTS new file mode 100644 index 00000000..d8da54ed --- /dev/null +++ b/extras/openbsd/+CONTENTS @@ -0,0 +1,90 @@ +CHANGELOG +@md5 7e0ad05581d32d6051a3e22ef297e81d +@size 0000 +FAQ +@md5 b1e44a42bad55941868a743b24d01d8b +@size 0000 +INSTALL +@md5 a1574195ee66d7cf8b9947de2cce6ab4 +@size 0000 +LICENSE +@md5 d32239bcb673463ab874e80d47fae504 +@size 0000 +README +@md5 d46ffad53300d044ba02a037a7255ee8 +@size 0000 +TODO +@md5 3486e35f6c705d8ea1e34c4a66ec7046 +@size 0000 +default.prf +@md5 63e7765073d12b3b177a3587e3a4d6e4 +@size 0000 +lynis +@md5 aab4c29e3f3dbcbf71b320b476b91c94 +@size 0000 +lynis.8 +@md5 604d717b4671972f7d53350f6efd1f10 +@size 0000 +include/functions +@md5 cc8fd64fc868251453e54305ebd71b58 +@size 0000 +include/osdetection +@md5 92fa7e249e65271a450bbb523cd36ce9 +@size 0000 +include/consts +@md5 a39c3101c95bde6556374e4d8d4992d7 +@size 0000 +include/parameters +@md5 4d983d717a62276b4e7df8b04b423ca2 +@size 0000 +include/profiles +@md5 1781be3989c4f42aeb77656a7885bedd +@size 0000 +include/tests_ports_packages +@md5 d1754a6365ff04acbfacbb0208e2bb57 +@size 0000 +include/tests_boot_services +@md5 746100f95e83097ab3f52f2a0287980b +@size 0000 +include/tests_filesystems +@md5 b5257d89440fa06f170dfb9bd35cb5fe +@size 0000 +include/tests_networking +@md5 0b4d329f118a1845abce2af6b7b19b25 +@size 0000 +include/tests_memory_processes +@md5 b0e1df62f87bfc08bea1c21f4762c0ff +@size 0000 +include/tests_kernel +@md5 2ca3f7ec1924854e1076bebbdc654928 +@size 0000 +include/tests_logging +@md5 9993368b9616248195ef350b470a7768 +@size 0000 +include/tests_authentication +@md5 18b810aa4a87fde400b2da127edd2d04 +@size 0000 +include/tests_firewalls +@md5 c12c6014b844595f866a76545c8c9893 +@size 0000 +include/tests_homedirs +@md5 44760dd3a0ca3a8c665356b2c2028fc9 +@size 0000 +include/tests_shells +@md5 489667c1fb7c12c3fa3dcef19ce45ebb +@size 0000 +include/tests_printers_spools +@md5 3c151550ff48df8e913b0b74a4fd1f2b +@size 0000 +include/tests_file_integrity +@md5 794ad1c924b23d0a808035961f47023c +@size 0000 +include/tests_accounting +@md5 1808a389d1b5ba8c6e708978839eb3d1 +@size 0000 +include/tests_banners +@md5 6449b7069a4a08b83daa685e100b316e +@size 0000 +include/tests_mail_messaging +@md5 8424dab66b29ea5270bccbfc9dbd4cb2 +@size 0000 diff --git a/extras/systemd/lynis.service b/extras/systemd/lynis.service new file mode 100644 index 00000000..e7acdabc --- /dev/null +++ b/extras/systemd/lynis.service @@ -0,0 +1,23 @@ +################################################################################# +# +# Lynis service file for systemd +# +################################################################################# +# +# - Adjust path to link to location where Lynis binary is installed +# - Place this file together with the timer file in systemd directory +# - Run: systemctl enable lynis.service +# +################################################################################# + +[Unit] +Description=Lynis security audit and vulnerability scan + +[Service] +Nice=19 +IOSchedulingClass=best-effort +IOSchedulingPriority=7 +Type=simple +ExecStart=/path/to/lynis -c --cronjob + +#EOF \ No newline at end of file diff --git a/extras/systemd/lynis.timer b/extras/systemd/lynis.timer new file mode 100644 index 00000000..e0490834 --- /dev/null +++ b/extras/systemd/lynis.timer @@ -0,0 +1,23 @@ +################################################################################# +# +# Lynis timer file for systemd +# +################################################################################# +# +# - Place this file together with the service file in systemd directory +# - Run: systemctl enable lynis.timer +# systemctl start lynis.service +# +################################################################################# + +[Unit] +Description=Daily run for Lynis security audit and vulnerability scan + +[Timer] +OnCalendar=daily +Persistent=false + +[Install] +WantedBy=timers.target + +#EOF \ No newline at end of file -- cgit v1.2.3