Hello community, here is the log from the commit of package lynis for openSUSE:Factory checked in at 2019-02-02 21:50:08 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/lynis (Old) and /work/SRC/openSUSE:Factory/.lynis.new.28833 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "lynis" Sat Feb 2 21:50:08 2019 rev:32 rq:670591 version:2.7.1 Changes: -------- --- /work/SRC/openSUSE:Factory/lynis/lynis.changes 2018-11-05 22:53:44.988180323 +0100 +++ /work/SRC/openSUSE:Factory/.lynis.new.28833/lynis.changes 2019-02-02 21:50:10.239932927 +0100 @@ -1,0 +2,13 @@ +Fri Feb 1 10:28:13 UTC 2019 - Robert Frohl <rfr...@suse.com> + +- update to 2.7.1 + * Improve support for Red Hat and clones + * Additional support for Hands Off!, LuLu, and Radio Silence + * Added MariaDB filter for deleted files (tested on CentOS) + * Added /etc/bash.bashrc.local to umask check + * Removed shift statement that did not work on all operating systems + * Minor cleanups and enhancements + * Small improvements to logging + * Added translation for Slovak + +------------------------------------------------------------------- Old: ---- lynis-2.7.0.tar.gz lynis-2.7.0.tar.gz.asc New: ---- lynis-2.7.1.tar.gz lynis-2.7.1.tar.gz.asc ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ lynis.spec ++++++ --- /var/tmp/diff_new_pack.E4Vo1T/_old 2019-02-02 21:50:11.039932234 +0100 +++ /var/tmp/diff_new_pack.E4Vo1T/_new 2019-02-02 21:50:11.039932234 +0100 @@ -1,7 +1,7 @@ # # spec file for package lynis # -# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany. # Copyright (c) 2009-2013 Sascha Manns <saigk...@opensuse.org> # # All modifications and additions to the file contributed by third parties @@ -23,7 +23,7 @@ %define _pluginsdir %{_datadir}/lynis/plugins %define _dbdir %{_datadir}/lynis/db Name: lynis -Version: 2.7.0 +Version: 2.7.1 Release: 0 Summary: Security and System auditing tool License: GPL-3.0-only ++++++ lynis-2.7.0.tar.gz -> lynis-2.7.1.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lynis/CHANGELOG.md new/lynis/CHANGELOG.md --- old/lynis/CHANGELOG.md 2018-10-26 02:00:00.000000000 +0200 +++ new/lynis/CHANGELOG.md 2019-01-31 01:00:00.000000000 +0100 @@ -1,5 +1,22 @@ # Lynis Changelog +## Lynis 2.7.1 (2019-01-30) + +### Added +- Support for macOS Mojave +- Translation: Slovak + +### Changed +- AUTH-9282 - Improve support for Red Hat and clones +- FIRE-4534 - Additional support for Hands Off!, LuLu, and Radio Silence +- LOGG-2190 - Added MariaDB filter for deleted files (tested on CentOS) +- SHLL-6230 - Add /etc/bash.bashrc.local to umask check +- Removed shift statement that did not work on all operating systems +- Minor cleanups and enhancements +- Small improvements to logging + +--------------------------------------------------------------------------------- + ## Lynis 2.7.0 (2018-10-26) ### Added diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lynis/FAQ new/lynis/FAQ --- old/lynis/FAQ 2018-10-26 02:00:00.000000000 +0200 +++ new/lynis/FAQ 2019-01-31 01:00:00.000000000 +0100 @@ -98,4 +98,4 @@ ================================================================================ - Lynis - Copyright 2007-2018, Michael Boelen, CISOfy - https://cisofy.com + Lynis - Copyright 2007-2019, Michael Boelen, CISOfy - https://cisofy.com diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lynis/INSTALL new/lynis/INSTALL --- old/lynis/INSTALL 2018-10-26 02:00:00.000000000 +0200 +++ new/lynis/INSTALL 2019-01-31 01:00:00.000000000 +0100 @@ -48,4 +48,4 @@ ================================================================================ - Lynis - Copyright 2007-2018, Michael Boelen, CISOfy - https://cisofy.com + Lynis - Copyright 2007-2019, Michael Boelen, CISOfy - https://cisofy.com diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lynis/db/languages/en new/lynis/db/languages/en --- old/lynis/db/languages/en 2018-10-26 02:00:00.000000000 +0200 +++ new/lynis/db/languages/en 2019-01-31 01:00:00.000000000 +0100 @@ -35,5 +35,6 @@ STATUS_SUGGESTION="SUGGESTION" STATUS_UNKNOWN="UNKNOWN" STATUS_WARNING="WARNING" +STATUS_WEAK="WEAK" TEXT_YOU_CAN_HELP_LOGFILE="You can help by providing your log file" TEXT_UPDATE_AVAILABLE="update available" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lynis/db/languages/sk new/lynis/db/languages/sk --- old/lynis/db/languages/sk 1970-01-01 01:00:00.000000000 +0100 +++ new/lynis/db/languages/sk 2019-01-31 01:00:00.000000000 +0100 @@ -0,0 +1,39 @@ +ERROR_NO_LICENSE="Nie je nakonfigurovaný licenčný kľúč" +ERROR_NO_UPLOAD_SERVER="Nie je nakonfigurovaný server na nahrávanie" +GEN_CHECKING="Kontrolujem" +GEN_CURRENT_VERSION="Aktuálna verzia" +GEN_DEBUG_MODE="Debug mód" +GEN_INITIALIZE_PROGRAM="Inicializácia programu" +GEN_LATEST_VERSION="Posledná verzia" +GEN_PHASE="fáza" +GEN_PLUGINS_ENABLED="Zapnuté pluginy" +GEN_UPDATE_AVAILABLE="aktualizácia k dispozícii" +GEN_VERBOSE_MODE="Detailný mód" +GEN_WHAT_TO_DO="Čo robiť" +NOTE_EXCEPTIONS_FOUND="Našli sa výnimky" +NOTE_EXCEPTIONS_FOUND_DETAILED="Vyskytli sa niektoré výnimočné udalosti alebo informácie" +NOTE_PLUGINS_TAKE_TIME="Poznámka: Pluginy majú rozsiahlejšie testy a dokončenie môže trvať niekoľko minút" +NOTE_SKIPPED_TESTS_NON_PRIVILEGED="Preskočené testy v dôsledku neprivilegovaného režimu" +SECTION_CUSTOM_TESTS="Vlastné testy" +SECTION_MALWARE="Malware" +SECTION_MEMORY_AND_PROCESSES="Pamäť a procesy" +STATUS_DISABLED="ZABLOKOVANÉ" +STATUS_DONE="HOTOVO" +STATUS_ENABLED="POVOLENÉ" +STATUS_ERROR="CHYBA" +STATUS_FOUND="NÁJDENÉ" +STATUS_YES="ÁNO" +STATUS_NO="NIE" +STATUS_OFF="VYPNUTÉ" +STATUS_OK="OK" +STATUS_ON="ZAPNUTÉ" +STATUS_NONE="ŽIADNE" +STATUS_NOT_FOUND="NENÁJDENÉ" +STATUS_NOT_RUNNING="NEBEŽÍ" +STATUS_RUNNING="BEŽÍ" +STATUS_SKIPPED="PRESKOČENÉ" +STATUS_SUGGESTION="NÁVRH" +STATUS_UNKNOWN="NEZNÁME" +STATUS_WARNING="VAROVANIE" +TEXT_YOU_CAN_HELP_LOGFILE="Môžete pomôcť poskytnutím log súboru" +TEXT_UPDATE_AVAILABLE="aktualizácia k dispozícii" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lynis/db/tests.db new/lynis/db/tests.db --- old/lynis/db/tests.db 2018-10-26 02:00:00.000000000 +0200 +++ new/lynis/db/tests.db 2019-01-31 01:00:00.000000000 +0100 @@ -135,7 +135,7 @@ FIRE-4526:test:security:firewalls:Solaris:Check ipf status: FIRE-4530:test:security:firewalls:FreeBSD:Check IPFW status: FIRE-4532:test:security:firewalls:MacOS:Check macOS application firewall: -FIRE-4534:test:security:firewalls:MacOS:Check Little Snitch firewall: +FIRE-4534:test:security:firewalls:MacOS:Check for outbound firewalls: FIRE-4536:test:security:firewalls:Linux:Check nftables status: FIRE-4538:test:security:firewalls:Linux:Check nftables basic configuration: FIRE-4540:test:security:firewalls:Linux:Test for empty nftables configuration: diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lynis/include/binaries new/lynis/include/binaries --- old/lynis/include/binaries 2018-10-26 02:00:00.000000000 +0200 +++ new/lynis/include/binaries 2019-01-31 01:00:00.000000000 +0100 @@ -6,7 +6,7 @@ # ------------------ # # Copyright 2007-2013, Michael Boelen -# Copyright 2007-2018, CISOfy +# Copyright 2007-2019, CISOfy # # Website : https://cisofy.com # Blog : http://linux-audit.com @@ -235,7 +235,7 @@ vgdisplay) VGDISPLAYBINARY="${BINARY}"; LogText " Found known binary: vgdisplay (LVM tool) - ${BINARY}" ;; vmtoolsd) VMWARETOOLSDBINARY="${BINARY}"; LogText " Found known binary: vmtoolsd (VMWare tools) - ${BINARY}" ;; wc) WCBINARY="${BINARY}"; LogText " Found known binary: wc (word count) - ${BINARY}" ;; - wget) WGETBINARY="${BINARY}"; WGETVERSION=$(${BINARY} -V | grep "^GNU Wget" | awk '{ print $3 }'); LogText "Found ${BINARY} (version ${WGETVERSION})" ;; + wget) WGETBINARY="${BINARY}"; WGETVERSION=$(${BINARY} -V 2> /dev/null | grep "^GNU Wget" | awk '{ print $3 }'); LogText "Found ${BINARY} (version ${WGETVERSION})" ;; yum) YUMBINARY="${BINARY}"; LogText " Found known binary: yum (package manager) - ${BINARY}" ;; xargs) XARGSBINARY="${BINARY}"; LogText " Found known binary: xargs (command output redirection) - ${BINARY}" ;; zgrep) ZGREPBINARY=${BINARY}; LogText " Found known binary: zgrep (text search for compressed files) - ${BINARY}" ;; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lynis/include/consts new/lynis/include/consts --- old/lynis/include/consts 2018-10-26 02:00:00.000000000 +0200 +++ new/lynis/include/consts 2019-01-31 01:00:00.000000000 +0100 @@ -6,7 +6,7 @@ # ------------------ # # Copyright 2007-2013, Michael Boelen -# Copyright 2007-2018, CISOfy +# Copyright 2007-2019, CISOfy # # Website : https://cisofy.com # Blog : http://linux-audit.com diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lynis/include/data_upload new/lynis/include/data_upload --- old/lynis/include/data_upload 2018-10-26 02:00:00.000000000 +0200 +++ new/lynis/include/data_upload 2019-01-31 01:00:00.000000000 +0100 @@ -6,7 +6,7 @@ # ------------------ # # Copyright 2007-2013, Michael Boelen -# Copyright 2007-2018, CISOfy +# Copyright 2007-2019, CISOfy # # Website : https://cisofy.com # Blog : http://linux-audit.com diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lynis/include/functions new/lynis/include/functions --- old/lynis/include/functions 2018-10-26 02:00:00.000000000 +0200 +++ new/lynis/include/functions 2019-01-31 01:00:00.000000000 +0100 @@ -6,7 +6,7 @@ # ------------------ # # Copyright 2007-2013, Michael Boelen -# Copyright 2007-2018, CISOfy +# Copyright 2007-2019, CISOfy # # Website : https://cisofy.com # Blog : http://linux-audit.com @@ -496,11 +496,11 @@ INDENT=$1 ;; --result) - shift $(( $# > 0 ? 1 : 0 )) + shift RESULT=$1 ;; --text) - shift $(( $# > 0 ? 1 : 0 )) + shift TEXT=$1 ;; *) @@ -509,7 +509,7 @@ ;; esac # Go to next parameter - shift $(( $# > 0 ? 1 : 0 )) + shift done if [ -z "${RESULT}" ]; then @@ -888,12 +888,15 @@ ;; "Linux") - # Define preferred interfaces - #PREFERRED_INTERFACES="eth0 eth1 eth2 enp0s25" - # Only use ifconfig if no ip binary has been found - if [ ! "${IFCONFIGBINARY}" = "" ]; then - # Determine if we have ETH0 at all (not all Linux distro have this, e.g. Arch) + # Future change + # Show brief output of ip of links that are UP. Filter out items like 'UNKNOWN' in col 2 + # Using the {2} syntax does not work on all systems + # ip -br link show up | sort | awk '$2=="UP" && $3 ~ /^[a-f0-9][a-f0-9]:/ {print $3}' + + # Use ifconfig + if [ ! -z "${IFCONFIGBINARY}" ]; then + # Determine if we have the eth0 interface (not all Linux distro have this, e.g. Arch) HASETH0=$(${IFCONFIGBINARY} | grep "^eth0") # Check if we can find it with HWaddr on the line FIND=$(${IFCONFIGBINARY} 2> /dev/null | grep "^eth0" | grep -v "eth0:" | grep HWaddr | awk '{ print $5 }' | tr '[:upper:]' '[:lower:]') @@ -919,21 +922,20 @@ LogText "GetHostID: No eth0 found (but HWaddr was found), using first network interface to determine hostid, with ifconfig" fi fi - else - # See if we can use ip binary instead - if [ ! "${IPBINARY}" = "" ]; then - # Determine if we have the common available eth0 interface - FIND=$(${IPBINARY} addr show eth0 2> /dev/null | egrep "link/ether " | head -1 | awk '{ print $2 }' | tr '[:upper:]' '[:lower:]') + + elif [ ! -z "${IPBINARY}" ]; then + # Determine if we have the common available eth0 interface + FIND=$(${IPBINARY} addr show eth0 2> /dev/null | egrep "link/ether " | head -1 | awk '{ print $2 }' | tr '[:upper:]' '[:lower:]') + if IsEmpty "${FIND}"; then + # Determine the MAC address of first interface with the ip command + FIND=$(${IPBINARY} addr show 2> /dev/null | egrep "link/ether " | head -1 | awk '{ print $2 }' | tr '[:upper:]' '[:lower:]') if IsEmpty "${FIND}"; then - # Determine the MAC address of first interface with the ip command - FIND=$(${IPBINARY} addr show 2> /dev/null | egrep "link/ether " | head -1 | awk '{ print $2 }' | tr '[:upper:]' '[:lower:]') - if IsEmpty "${FIND}"; then - ReportException "GetHostID" "Can't create hostid (no MAC addresses found)" - fi + ReportException "GetHostID" "Can't create hostid (no MAC addresses found)" fi - else - ReportException "GetHostID" "Can't create hostid, missing both ifconfig and ip binary" fi + else + ReportException "GetHostID" "Both ip and ifconfig tools are missing" + fi # Check if we found a HostID @@ -3222,4 +3224,4 @@ #================================================================================ # Lynis is part of Lynis Enterprise and released under GPLv3 license -# Copyright 2007-2018 - Michael Boelen, CISOfy - https://cisofy.com +# Copyright 2007-2019 - Michael Boelen, CISOfy - https://cisofy.com diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lynis/include/helper_audit_dockerfile new/lynis/include/helper_audit_dockerfile --- old/lynis/include/helper_audit_dockerfile 2018-10-26 02:00:00.000000000 +0200 +++ new/lynis/include/helper_audit_dockerfile 2019-01-31 01:00:00.000000000 +0100 @@ -6,7 +6,7 @@ # ------------------ # # Copyright 2007-2013, Michael Boelen -# Copyright 2007-2018, CISOfy +# Copyright 2007-2019, CISOfy # # Website : https://cisofy.com # Blog : http://linux-audit.com diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lynis/include/helper_configure new/lynis/include/helper_configure --- old/lynis/include/helper_configure 2018-10-26 02:00:00.000000000 +0200 +++ new/lynis/include/helper_configure 2019-01-31 01:00:00.000000000 +0100 @@ -6,7 +6,7 @@ # ------------------ # # Copyright 2007-2013, Michael Boelen -# Copyright 2007-2018, CISOfy +# Copyright 2007-2019, CISOfy # # Website : https://cisofy.com # Blog : http://linux-audit.com diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lynis/include/helper_show new/lynis/include/helper_show --- old/lynis/include/helper_show 2018-10-26 02:00:00.000000000 +0200 +++ new/lynis/include/helper_show 2019-01-31 01:00:00.000000000 +0100 @@ -6,7 +6,7 @@ # ------------------ # # Copyright 2007-2013, Michael Boelen -# Copyright 2007-2018, CISOfy +# Copyright 2007-2019, CISOfy # # Website : https://cisofy.com # Blog : http://linux-audit.com diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lynis/include/helper_system_remote_scan new/lynis/include/helper_system_remote_scan --- old/lynis/include/helper_system_remote_scan 2018-10-26 02:00:00.000000000 +0200 +++ new/lynis/include/helper_system_remote_scan 2019-01-31 01:00:00.000000000 +0100 @@ -6,7 +6,7 @@ # ------------------ # # Copyright 2007-2013, Michael Boelen -# Copyright 2007-2018, CISOfy +# Copyright 2007-2019, CISOfy # # Website : https://cisofy.com # Blog : http://linux-audit.com diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lynis/include/helper_update new/lynis/include/helper_update --- old/lynis/include/helper_update 2018-10-26 02:00:00.000000000 +0200 +++ new/lynis/include/helper_update 2019-01-31 01:00:00.000000000 +0100 @@ -6,7 +6,7 @@ # ------------------ # # Copyright 2007-2013, Michael Boelen -# Copyright 2007-2018, CISOfy +# Copyright 2007-2019, CISOfy # # Website : https://cisofy.com # Blog : http://linux-audit.com diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lynis/include/osdetection new/lynis/include/osdetection --- old/lynis/include/osdetection 2018-10-26 02:00:00.000000000 +0200 +++ new/lynis/include/osdetection 2019-01-31 01:00:00.000000000 +0100 @@ -6,7 +6,7 @@ # ------------------ # # Copyright 2007-2013, Michael Boelen -# Copyright 2007-2018, CISOfy +# Copyright 2007-2019, CISOfy # # Website : https://cisofy.com # Blog : http://linux-audit.com @@ -60,6 +60,7 @@ 10.11 | 10.11.[0-9]*) OS_FULLNAME="Mac OS X 10.11 (El Capitan)" ;; 10.12 | 10.12.[0-9]*) OS_FULLNAME="macOS Sierra (${OS_VERSION})" ;; 10.13 | 10.13.[0-9]*) OS_FULLNAME="macOS High Sierra (${OS_VERSION})" ;; + 10.14 | 10.14.[0-9]*) OS_FULLNAME="macOS Mojave (${OS_VERSION})" ;; *) echo "Unknown macOS version. Do you know what version it is? Create an issue at ${PROGRAM_SOURCE}" ;; esac else diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lynis/include/parameters new/lynis/include/parameters --- old/lynis/include/parameters 2018-10-26 02:00:00.000000000 +0200 +++ new/lynis/include/parameters 2019-01-31 01:00:00.000000000 +0100 @@ -6,7 +6,7 @@ # ------------------ # # Copyright 2007-2013, Michael Boelen -# Copyright 2007-2018, CISOfy +# Copyright 2007-2019, CISOfy # # Website : https://cisofy.com # Blog : http://linux-audit.com diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lynis/include/profiles new/lynis/include/profiles --- old/lynis/include/profiles 2018-10-26 02:00:00.000000000 +0200 +++ new/lynis/include/profiles 2019-01-31 01:00:00.000000000 +0100 @@ -6,7 +6,7 @@ # ------------------ # # Copyright 2007-2013, Michael Boelen -# Copyright 2007-2018, CISOfy +# Copyright 2007-2019, CISOfy # # Website : https://cisofy.com # Blog : http://linux-audit.com diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lynis/include/report new/lynis/include/report --- old/lynis/include/report 2018-10-26 02:00:00.000000000 +0200 +++ new/lynis/include/report 2019-01-31 01:00:00.000000000 +0100 @@ -6,7 +6,7 @@ # ------------------ # # Copyright 2007-2013, Michael Boelen -# Copyright 2007-2018, CISOfy +# Copyright 2007-2019, CISOfy # # Website : https://cisofy.com # Blog : http://linux-audit.com diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lynis/include/tests_accounting new/lynis/include/tests_accounting --- old/lynis/include/tests_accounting 2018-10-26 02:00:00.000000000 +0200 +++ new/lynis/include/tests_accounting 2019-01-31 01:00:00.000000000 +0100 @@ -6,7 +6,7 @@ # ------------------ # # Copyright 2007-2013, Michael Boelen -# Copyright 2007-2018, CISOfy +# Copyright 2007-2019, CISOfy # # Website : https://cisofy.com # Blog : http://linux-audit.com @@ -415,4 +415,4 @@ # #================================================================================ -# Lynis - Copyright 2007-2018, Michael Boelen / CISOfy - https://cisofy.com +# Lynis - Copyright 2007-2019, Michael Boelen / CISOfy - https://cisofy.com diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lynis/include/tests_authentication new/lynis/include/tests_authentication --- old/lynis/include/tests_authentication 2018-10-26 02:00:00.000000000 +0200 +++ new/lynis/include/tests_authentication 2019-01-31 01:00:00.000000000 +0100 @@ -6,7 +6,7 @@ # ------------------ # # Copyright 2007-2013, Michael Boelen -# Copyright 2007-2018, CISOfy +# Copyright 2007-2019, CISOfy # # Website : https://cisofy.com # Blog : http://linux-audit.com @@ -720,6 +720,10 @@ FIND2=$(passwd --all --status 2> /dev/null | ${AWKBINARY} '{ if ($2=="NP") print $1 }') ;; esac + elif [ ${OS_REDHAT_OR_CLONE} -eq 1 ]; then + PREQS_MET="YES" + FIND=$(for I in $(${AWKBINARY} -F: '{print $1}' ${ROOTDIR}etc/passwd) ; do passwd -S $I | ${AWKBINARY} '{ if ($2=="PS" && $5=="99999") print $1 }' ; done) + FIND2=$(for I in $(${AWKBINARY} -F: '{print $1}' ${ROOTDIR}etc/passwd) ; do passwd -S $I | ${AWKBINARY} '{ if ($2=="NP") print $1 }' ; done) else LogText "Result: skipping test for this Linux version" ReportManual "AUTH-9282:01" @@ -756,7 +760,7 @@ Register --test-no AUTH-9283 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Checking accounts without password" if [ ${SKIPTEST} -eq 0 ]; then LogText "Test: Checking passwordless accounts" - if [ "${FIND2}" = "" ]; then + if [ -z "${FIND2}" ]; then LogText "Result: all accounts seem to have a password" Display --indent 2 --text "- Accounts without password" --result "${STATUS_OK}" --color GREEN else @@ -1200,8 +1204,8 @@ if [ ${FOUND} -eq 1 ]; then if [ ${WEAK_UMASK} -eq 0 ]; then Display --indent 4 --text "- umask (/etc/login.conf)" --result "${STATUS_OK}" --color GREEN - else - Display --indent 4 --text "- umask (/etc/login.conf)" --result WEAK --color YELLOW + else + Display --indent 4 --text "- umask (/etc/login.conf)" --result "${STATUS_WEAK}" --color YELLOW ReportSuggestion ${TEST_NO} "Umask in /etc/login.conf could be more strict like 027" fi else diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lynis/include/tests_banners new/lynis/include/tests_banners --- old/lynis/include/tests_banners 2018-10-26 02:00:00.000000000 +0200 +++ new/lynis/include/tests_banners 2019-01-31 01:00:00.000000000 +0100 @@ -6,7 +6,7 @@ # ------------------ # # Copyright 2007-2013, Michael Boelen -# Copyright 2007-2018, CISOfy +# Copyright 2007-2019, CISOfy # # Website : https://cisofy.com # Blog : http://linux-audit.com @@ -107,7 +107,7 @@ AddHP 2 2 else LogText "Result: Found only ${COUNT} key words (5 or more suggested), to warn unauthorized users and could be increased" - Display --indent 4 --text "- ${FILE} contents" --result WEAK --color YELLOW + Display --indent 4 --text "- ${FILE} contents" --result "${STATUS_WEAK}" --color YELLOW ReportSuggestion ${TEST_NO} "Add a legal banner to ${FILE}, to warn unauthorized users" AddHP 0 1 Report "weak_banner_file[]=${FILE}" @@ -160,7 +160,7 @@ AddHP 2 2 else LogText "Result: Found only ${COUNT} key words, to warn unauthorized users and could be increased" - Display --indent 4 --text "- ${ROOTDIR}etc/issue.net contents" --result WEAK --color YELLOW + Display --indent 4 --text "- ${ROOTDIR}etc/issue.net contents" --result "${STATUS_WEAK}" --color YELLOW ReportSuggestion ${TEST_NO} "Add legal banner to /etc/issue.net, to warn unauthorized users" AddHP 0 1 fi diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lynis/include/tests_boot_services new/lynis/include/tests_boot_services --- old/lynis/include/tests_boot_services 2018-10-26 02:00:00.000000000 +0200 +++ new/lynis/include/tests_boot_services 2019-01-31 01:00:00.000000000 +0100 @@ -6,7 +6,7 @@ # ------------------ # # Copyright 2007-2013, Michael Boelen -# Copyright 2007-2018, CISOfy +# Copyright 2007-2019, CISOfy # # Website : https://cisofy.com # Blog : http://linux-audit.com @@ -555,7 +555,7 @@ Report "running_service[]=${ITEM}" COUNT=$((COUNT + 1)) done - LogText "Note: Run systemctl --full --type=service to see all services" + LogText "Hint: Run systemctl --full --type=service to see all services" Display --indent 2 --text "- Check running services (systemctl)" --result "${STATUS_DONE}" --color GREEN Display --indent 8 --text "Result: found ${COUNT} running services" LogText "Result: Found ${COUNT} enabled services" @@ -570,7 +570,7 @@ Report "boot_service[]=${ITEM}" COUNT=$((COUNT + 1)) done - LogText "Note: Run systemctl list-unit-files --type=service to see all services" + LogText "Hint: Run systemctl list-unit-files --type=service to see all services" Display --indent 2 --text "- Check enabled services at boot (systemctl)" --result "${STATUS_DONE}" --color GREEN Display --indent 8 --text "Result: found ${COUNT} enabled services" LogText "Result: Found ${COUNT} running services" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lynis/include/tests_containers new/lynis/include/tests_containers --- old/lynis/include/tests_containers 2018-10-26 02:00:00.000000000 +0200 +++ new/lynis/include/tests_containers 2019-01-31 01:00:00.000000000 +0100 @@ -6,7 +6,7 @@ # ------------------ # # Copyright 2007-2013, Michael Boelen -# Copyright 2007-2018, CISOfy +# Copyright 2007-2019, CISOfy # # Website : https://cisofy.com # Blog : http://linux-audit.com @@ -227,4 +227,4 @@ # #================================================================================ -# Lynis - Copyright 2007-2018, CISOfy - https://cisofy.com +# Lynis - Copyright 2007-2019, CISOfy - https://cisofy.com diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lynis/include/tests_crypto new/lynis/include/tests_crypto --- old/lynis/include/tests_crypto 2018-10-26 02:00:00.000000000 +0200 +++ new/lynis/include/tests_crypto 2019-01-31 01:00:00.000000000 +0100 @@ -6,7 +6,7 @@ # ------------------ # # Copyright 2007-2013, Michael Boelen -# Copyright 2007-2018, CISOfy +# Copyright 2007-2019, CISOfy # # Website : https://cisofy.com # Blog : http://linux-audit.com diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lynis/include/tests_databases new/lynis/include/tests_databases --- old/lynis/include/tests_databases 2018-10-26 02:00:00.000000000 +0200 +++ new/lynis/include/tests_databases 2019-01-31 01:00:00.000000000 +0100 @@ -6,7 +6,7 @@ # ------------------ # # Copyright 2007-2013, Michael Boelen -# Copyright 2007-2018, CISOfy +# Copyright 2007-2019, CISOfy # # Website : https://cisofy.com # Blog : http://linux-audit.com diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lynis/include/tests_dns new/lynis/include/tests_dns --- old/lynis/include/tests_dns 2018-10-26 02:00:00.000000000 +0200 +++ new/lynis/include/tests_dns 2019-01-31 01:00:00.000000000 +0100 @@ -6,7 +6,7 @@ # ------------------ # # Copyright 2007-2013, Michael Boelen -# Copyright 2007-2018, CISOfy +# Copyright 2007-2019, CISOfy # # Website : https://cisofy.com # Blog : http://linux-audit.com diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lynis/include/tests_file_integrity new/lynis/include/tests_file_integrity --- old/lynis/include/tests_file_integrity 2018-10-26 02:00:00.000000000 +0200 +++ new/lynis/include/tests_file_integrity 2019-01-31 01:00:00.000000000 +0100 @@ -6,7 +6,7 @@ # ------------------ # # Copyright 2007-2013, Michael Boelen -# Copyright 2007-2018, CISOfy +# Copyright 2007-2019, CISOfy # # Website : https://cisofy.com # Blog : http://linux-audit.com @@ -310,4 +310,4 @@ WaitForKeyPress # #================================================================================ -# Lynis - Copyright 2007-2018 Michael Boelen, CISOfy - https://cisofy.com +# Lynis - Copyright 2007-2019 Michael Boelen, CISOfy - https://cisofy.com diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lynis/include/tests_file_permissions new/lynis/include/tests_file_permissions --- old/lynis/include/tests_file_permissions 2018-10-26 02:00:00.000000000 +0200 +++ new/lynis/include/tests_file_permissions 2019-01-31 01:00:00.000000000 +0100 @@ -6,7 +6,7 @@ # ------------------ # # Copyright 2007-2013, Michael Boelen -# Copyright 2007-2018, CISOfy +# Copyright 2007-2019, CISOfy # # Website : https://cisofy.com # Blog : http://linux-audit.com @@ -62,4 +62,4 @@ # #================================================================================ -# Lynis - Copyright 2007-2018, CISOfy - https://cisofy.com +# Lynis - Copyright 2007-2019, CISOfy - https://cisofy.com diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lynis/include/tests_filesystems new/lynis/include/tests_filesystems --- old/lynis/include/tests_filesystems 2018-10-26 02:00:00.000000000 +0200 +++ new/lynis/include/tests_filesystems 2019-01-31 01:00:00.000000000 +0100 @@ -6,7 +6,7 @@ # ------------------ # # Copyright 2007-2013, Michael Boelen -# Copyright 2007-2018, CISOfy +# Copyright 2007-2019, CISOfy # # Website : https://cisofy.com # Blog : http://linux-audit.com diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lynis/include/tests_firewalls new/lynis/include/tests_firewalls --- old/lynis/include/tests_firewalls 2018-10-26 02:00:00.000000000 +0200 +++ new/lynis/include/tests_firewalls 2019-01-31 01:00:00.000000000 +0100 @@ -6,7 +6,7 @@ # ------------------ # # Copyright 2007-2013, Michael Boelen -# Copyright 2007-2018, CISOfy +# Copyright 2007-2019, CISOfy # # Website : https://cisofy.com # Blog : http://linux-audit.com @@ -32,7 +32,6 @@ IPTABLES_MODULE_ACTIVE=0 FIREWALL_ACTIVE=0 FIREWALL_EMPTY_RULESET=0 - FIREWALL_SOFTWARE="" NFTABLES_ACTIVE=0 # ################################################################################# @@ -44,7 +43,6 @@ FIND=$(${LSMODBINARY} | ${AWKBINARY} '{ print $1 }' | ${GREPBINARY} "^ip*_tables") if [ ! -z "${FIND}" ]; then FIREWALL_ACTIVE=1 - FIREWALL_SOFTWARE="iptables" IPTABLES_ACTIVE=1 IPTABLES_MODULE_ACTIVE=1 Display --indent 2 --text "- Checking iptables kernel module" --result "${STATUS_FOUND}" --color GREEN @@ -56,7 +54,6 @@ done elif [ -f ${ROOTDIR}proc/net/ip_tables_names ]; then FIREWALL_ACTIVE=1 - FIREWALL_SOFTWARE="iptables" Report "firewall_software[]=iptables" IPTABLES_ACTIVE=1 Display --indent 2 --text "- Checking iptables support" --result "${STATUS_FOUND}" --color GREEN @@ -89,7 +86,6 @@ IPTABLES_ACTIVE=1 IPTABLES_INKERNEL_ACTIVE=1 FIREWALL_ACTIVE=1 - FIREWALL_SOFTWARE="iptables" Display --indent 2 --text "- Checking iptables in config file" --result "${STATUS_FOUND}" --color GREEN else LogText "Result: no iptables found in Linux kernel config file" @@ -262,7 +258,6 @@ if [ ${PFFOUND} -eq 1 ]; then FIREWALL_ACTIVE=1 - FIREWALL_SOFTWARE="pf" Report "firewall_software[]=pf" else LogText "Result: pf not running on this system" @@ -311,7 +306,6 @@ if [ -f ${FILE} ]; then LogText "Result: ${FILE} exists" FIREWALL_ACTIVE=1 - FIREWALL_SOFTWARE="csf" Report "firewall_software[]=csf" Display --indent 2 --text "- Checking CSF status (configuration file)" --result "${STATUS_FOUND}" --color GREEN @@ -346,7 +340,6 @@ Display --indent 4 --text "- Checking ipf status" --result "${STATUS_RUNNING}" --color GREEN LogText "Result: ipf is enabled and running" FIREWALL_ACTIVE=1 - FIREWALL_SOFTWARE="ipf" Report "firewall_software[]=ipf" else Display --indent 4 --text "- Checking ipf status" --result "${STATUS_NOT_RUNNING}" --color YELLOW @@ -367,7 +360,6 @@ Display --indent 2 --text "- Checking IPFW status" --result "${STATUS_RUNNING}" --color GREEN LogText "Result: IPFW is running for IPv4" FIREWALL_ACTIVE=1 - FIREWALL_SOFTWARE="ipfw" Report "firewall_software[]=ipfw" IPFW_ENABLED=$(service -e | ${GREPBINARY} -o ipfw) if [ "${IPFW_ENABLED}" = "ipfw" ]; then @@ -412,22 +404,70 @@ ################################################################################# # # Test : FIRE-4534 - # Description : Check Little Snitch Daemon on macOS - Register --test-no FIRE-4534 --weight L --os "macOS" --network NO --category security --description "Check for presence of Little Snitch on macOS" + # Description : Check outbound firewalls on macOS + Register --test-no FIRE-4534 --weight L --os "macOS" --network NO --category security --description "Check for presence of outbound firewalls on macOS" if [ ${SKIPTEST} -eq 0 ]; then - if IsRunning --full "Little Snitch Daemon"; then + + # Little Snitch Daemon (macOS) + LogText "Test: checking process Little Snitch Daemon" + IsRunning --full "Little Snitch Daemon" + if [ ${RUNNING} -eq 1 ]; then Display --indent 2 --text "- Checking Little Snitch Daemon" --result "${STATUS_ENABLED}" --color GREEN - AddHP 3 3 - LogText "Result: little Snitch found" + LogText "Result: Little Snitch found" + FOUND=1 FIREWALL_ACTIVE=1 APPLICATION_FIREWALL_ACTIVE=1 Report "app_fw[]=little-snitch" Report "firewall_software[]=little-snitch" - else - if IsVerbose; then Display --indent 2 --text "- Checking Little Snitch Daemon" --result "${STATUS_DISABLED}" --color YELLOW; fi + fi + + # HandsOff! Daemon (macOS) + LogText "Test: checking process HandsOffDaemon" + IsRunning HandsOffDaemon + if [ ${RUNNING} -eq 1 ]; then + Display --indent 2 --text "- Checking Hands Off! Daemon" --result "${STATUS_ENABLED}" --color GREEN + LogText "Result: Hands Off! found" + FOUND=1 + FIREWALL_ACTIVE=1 + APPLICATION_FIREWALL_ACTIVE=1 + Report "app_fw[]=hands-off" + Report "firewall_software[]=hands-off" + fi + + # LuLu Daemon (macOS) + LogText "Test: checking process LuLu" + IsRunning LuLu + if [ ${RUNNING} -eq 1 ]; then + Display --indent 2 --text "- Checking LuLu Daemon" --result "${STATUS_ENABLED}" --color GREEN + LogText "Result: LuLu found" + FOUND=1 + FIREWALL_ACTIVE=1 + APPLICATION_FIREWALL_ACTIVE=1 + Report "app_fw[]=lulu" + Report "firewall_software[]=lulu" + fi + + # Radio Silence (macOS) + LogText "Test: checking process Radio Silence" + IsRunning --full "Radio Silence" + if [ ${RUNNING} -eq 1 ]; then + Display --indent 2 --text "- Checking Radio Silence" --result "${STATUS_ENABLED}" --color GREEN + LogText "Result: Radio Silence found" + FOUND=1 + FIREWALL_ACTIVE=1 + APPLICATION_FIREWALL_ACTIVE=1 + Report "app_fw[]=radio-silence" + Report "firewall_software[]=radio-silence" + fi + + if [ ${FOUND} -eq 0 ]; then + LogText "Result: outbound firewall not found" AddHP 1 3 - LogText "Result: could not find Little Snitch" + else + LogText "Result: found one or more macOS outbound firewall" + AddHP 3 3 fi + fi # ################################################################################# @@ -440,7 +480,6 @@ FIND=$(${LSMODBINARY} | ${AWKBINARY} '{ print $1 }' | ${GREPBINARY} "^nf*_tables") if [ ! -z "${FIND}" ]; then LogText "Result: found nftables kernel module" - FIREWALL_SOFTWARE="nftables" FIREWALL_ACTIVE=1 NFTABLES_ACTIVE=1 Report "firewall_software[]=nftables" @@ -531,7 +570,6 @@ if [ -f ${FILE} ]; then LogText "Result: ${FILE} exists" FIREWALL_ACTIVE=1 - FIREWALL_SOFTWARE="apf" Report "firewall_software[]=apf" Display --indent 2 --text "- Checking APF status (configuration file)" --result "${STATUS_FOUND}" --color GREEN @@ -562,7 +600,6 @@ Report "firewall_active=${FIREWALL_ACTIVE}" Report "firewall_empty_ruleset=${FIREWALL_EMPTY_RULESET}" Report "firewall_installed=${FIREWALL_ACTIVE}" -Report "firewall_software=${FIREWALL_SOFTWARE}" WaitForKeyPress diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lynis/include/tests_hardening new/lynis/include/tests_hardening --- old/lynis/include/tests_hardening 2018-10-26 02:00:00.000000000 +0200 +++ new/lynis/include/tests_hardening 2019-01-31 01:00:00.000000000 +0100 @@ -6,7 +6,7 @@ # ------------------ # # Copyright 2007-2013, Michael Boelen -# Copyright 2007-2018, CISOfy +# Copyright 2007-2019, CISOfy # # Website : https://cisofy.com # Blog : http://linux-audit.com diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lynis/include/tests_homedirs new/lynis/include/tests_homedirs --- old/lynis/include/tests_homedirs 2018-10-26 02:00:00.000000000 +0200 +++ new/lynis/include/tests_homedirs 2019-01-31 01:00:00.000000000 +0100 @@ -6,7 +6,7 @@ # ------------------ # # Copyright 2007-2013, Michael Boelen -# Copyright 2007-2018, CISOfy +# Copyright 2007-2019, CISOfy # # Website : https://cisofy.com # Blog : http://linux-audit.com diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lynis/include/tests_insecure_services new/lynis/include/tests_insecure_services --- old/lynis/include/tests_insecure_services 2018-10-26 02:00:00.000000000 +0200 +++ new/lynis/include/tests_insecure_services 2019-01-31 01:00:00.000000000 +0100 @@ -6,7 +6,7 @@ # ------------------ # # Copyright 2007-2013, Michael Boelen -# Copyright 2007-2018, CISOfy +# Copyright 2007-2019, CISOfy # # Website : https://cisofy.com # Blog : http://linux-audit.com diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lynis/include/tests_kernel new/lynis/include/tests_kernel --- old/lynis/include/tests_kernel 2018-10-26 02:00:00.000000000 +0200 +++ new/lynis/include/tests_kernel 2019-01-31 01:00:00.000000000 +0100 @@ -6,7 +6,7 @@ # ------------------ # # Copyright 2007-2013, Michael Boelen -# Copyright 2007-2018, CISOfy +# Copyright 2007-2019, CISOfy # # Website : https://cisofy.com # Blog : http://linux-audit.com @@ -639,4 +639,4 @@ # #================================================================================ -# Lynis - Copyright 2007-2018, CISOfy - https://cisofy.com +# Lynis - Copyright 2007-2019, CISOfy - https://cisofy.com diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lynis/include/tests_kernel_hardening new/lynis/include/tests_kernel_hardening --- old/lynis/include/tests_kernel_hardening 2018-10-26 02:00:00.000000000 +0200 +++ new/lynis/include/tests_kernel_hardening 2019-01-31 01:00:00.000000000 +0100 @@ -6,7 +6,7 @@ # ------------------ # # Copyright 2007-2013, Michael Boelen -# Copyright 2007-2018, CISOfy +# Copyright 2007-2019, CISOfy # # Website : https://cisofy.com # Blog : http://linux-audit.com diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lynis/include/tests_ldap new/lynis/include/tests_ldap --- old/lynis/include/tests_ldap 2018-10-26 02:00:00.000000000 +0200 +++ new/lynis/include/tests_ldap 2019-01-31 01:00:00.000000000 +0100 @@ -6,7 +6,7 @@ # ------------------ # # Copyright 2007-2013, Michael Boelen -# Copyright 2007-2018, CISOfy +# Copyright 2007-2019, CISOfy # # Website : https://cisofy.com # Blog : http://linux-audit.com diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lynis/include/tests_logging new/lynis/include/tests_logging --- old/lynis/include/tests_logging 2018-10-26 02:00:00.000000000 +0200 +++ new/lynis/include/tests_logging 2019-01-31 01:00:00.000000000 +0100 @@ -6,7 +6,7 @@ # ------------------ # # Copyright 2007-2013, Michael Boelen -# Copyright 2007-2018, CISOfy +# Copyright 2007-2019, CISOfy # # Website : https://cisofy.com # Blog : http://linux-audit.com @@ -479,7 +479,7 @@ # # Test : LOGG-2190 # Description : Checking deleted files - if [ ! "${LSOFBINARY}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi + if [ ! -z "${LSOFBINARY}" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi Register --test-no LOGG-2190 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Checking for deleted files in use" if [ ${SKIPTEST} -eq 0 ]; then EARLY_MYSQL="" @@ -488,7 +488,11 @@ LSOF_GREP="WARNING|Output information" # MySQL versions prior to 5.6 leave lots of deleted in-use files in /tmp, ignoring those - if [ ! -z "${DPKGBINARY}" ]; then EARLY_MYSQL=$(${DPKGBINARY} -l | ${EGREPBINARY} mysql-server-5.[0-5]); fi + if [ ! -z "${DPKGBINARY}" ]; then + EARLY_MYSQL=$(${DPKGBINARY} -l | ${EGREPBINARY} mysql-server-5.[0-5]) + elif [ ! -z "${RPMBINARY}" ]; then + EARLY_MYSQL=$(${RPMBINARY} -qa mariadb | ${EGREPBINARY} mariadb-5.[0-5]) + fi if [ ! -z "${EARLY_MYSQL}" ]; then LSOF_GREP="${LSOF_GREP}|mysqld"; fi # grsecurity causes Fail2Ban to hold onto deleted in-use files in /var/tmp diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lynis/include/tests_mac_frameworks new/lynis/include/tests_mac_frameworks --- old/lynis/include/tests_mac_frameworks 2018-10-26 02:00:00.000000000 +0200 +++ new/lynis/include/tests_mac_frameworks 2019-01-31 01:00:00.000000000 +0100 @@ -6,7 +6,7 @@ # ------------------ # # Copyright 2007-2013, Michael Boelen -# Copyright 2007-2018, CISOfy +# Copyright 2007-2019, CISOfy # # Website : https://cisofy.com # Blog : http://linux-audit.com diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lynis/include/tests_mail_messaging new/lynis/include/tests_mail_messaging --- old/lynis/include/tests_mail_messaging 2018-10-26 02:00:00.000000000 +0200 +++ new/lynis/include/tests_mail_messaging 2019-01-31 01:00:00.000000000 +0100 @@ -6,7 +6,7 @@ # ------------------ # # Copyright 2007-2013, Michael Boelen -# Copyright 2007-2018, CISOfy +# Copyright 2007-2019, CISOfy # # Website : https://cisofy.com # Blog : http://linux-audit.com diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lynis/include/tests_malware new/lynis/include/tests_malware --- old/lynis/include/tests_malware 2018-10-26 02:00:00.000000000 +0200 +++ new/lynis/include/tests_malware 2019-01-31 01:00:00.000000000 +0100 @@ -6,7 +6,7 @@ # ------------------ # # Copyright 2007-2013, Michael Boelen -# Copyright 2007-2018, CISOfy +# Copyright 2007-2019, CISOfy # # Website : https://cisofy.com # Blog : http://linux-audit.com diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lynis/include/tests_memory_processes new/lynis/include/tests_memory_processes --- old/lynis/include/tests_memory_processes 2018-10-26 02:00:00.000000000 +0200 +++ new/lynis/include/tests_memory_processes 2019-01-31 01:00:00.000000000 +0100 @@ -6,7 +6,7 @@ # ------------------ # # Copyright 2007-2013, Michael Boelen -# Copyright 2007-2018, CISOfy +# Copyright 2007-2019, CISOfy # # Website : https://cisofy.com # Blog : http://linux-audit.com diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lynis/include/tests_nameservices new/lynis/include/tests_nameservices --- old/lynis/include/tests_nameservices 2018-10-26 02:00:00.000000000 +0200 +++ new/lynis/include/tests_nameservices 2019-01-31 01:00:00.000000000 +0100 @@ -6,7 +6,7 @@ # ------------------ # # Copyright 2007-2013, Michael Boelen -# Copyright 2007-2018, CISOfy +# Copyright 2007-2019, CISOfy # # Website : https://cisofy.com # Blog : http://linux-audit.com diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lynis/include/tests_networking new/lynis/include/tests_networking --- old/lynis/include/tests_networking 2018-10-26 02:00:00.000000000 +0200 +++ new/lynis/include/tests_networking 2019-01-31 01:00:00.000000000 +0100 @@ -6,7 +6,7 @@ # ------------------ # # Copyright 2007-2013, Michael Boelen -# Copyright 2007-2018, CISOfy +# Copyright 2007-2019, CISOfy # # Website : https://cisofy.com # Blog : http://linux-audit.com diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lynis/include/tests_php new/lynis/include/tests_php --- old/lynis/include/tests_php 2018-10-26 02:00:00.000000000 +0200 +++ new/lynis/include/tests_php 2019-01-31 01:00:00.000000000 +0100 @@ -6,7 +6,7 @@ # ------------------ # # Copyright 2007-2013, Michael Boelen -# Copyright 2007-2018, CISOfy +# Copyright 2007-2019, CISOfy # # Website : https://cisofy.com # Blog : http://linux-audit.com diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lynis/include/tests_ports_packages new/lynis/include/tests_ports_packages --- old/lynis/include/tests_ports_packages 2018-10-26 02:00:00.000000000 +0200 +++ new/lynis/include/tests_ports_packages 2019-01-31 01:00:00.000000000 +0100 @@ -6,7 +6,7 @@ # ------------------ # # Copyright 2007-2013, Michael Boelen -# Copyright 2007-2018, CISOfy +# Copyright 2007-2019, CISOfy # # Website : https://cisofy.com # Blog : http://linux-audit.com diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lynis/include/tests_printers_spools new/lynis/include/tests_printers_spools --- old/lynis/include/tests_printers_spools 2018-10-26 02:00:00.000000000 +0200 +++ new/lynis/include/tests_printers_spools 2019-01-31 01:00:00.000000000 +0100 @@ -6,7 +6,7 @@ # ------------------ # # Copyright 2007-2013, Michael Boelen -# Copyright 2007-2018, CISOfy +# Copyright 2007-2019, CISOfy # # Website : https://cisofy.com # Blog : http://linux-audit.com diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lynis/include/tests_scheduling new/lynis/include/tests_scheduling --- old/lynis/include/tests_scheduling 2018-10-26 02:00:00.000000000 +0200 +++ new/lynis/include/tests_scheduling 2019-01-31 01:00:00.000000000 +0100 @@ -6,7 +6,7 @@ # ------------------ # # Copyright 2007-2013, Michael Boelen -# Copyright 2007-2018, CISOfy +# Copyright 2007-2019, CISOfy # # Website : https://cisofy.com # Blog : http://linux-audit.com diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lynis/include/tests_shells new/lynis/include/tests_shells --- old/lynis/include/tests_shells 2018-10-26 02:00:00.000000000 +0200 +++ new/lynis/include/tests_shells 2019-01-31 01:00:00.000000000 +0100 @@ -6,7 +6,7 @@ # ------------------ # # Copyright 2007-2013, Michael Boelen -# Copyright 2007-2018, CISOfy +# Copyright 2007-2019, CISOfy # # Website : https://cisofy.com # Blog : http://linux-audit.com @@ -231,7 +231,7 @@ # # Test : SHLL-6230 # Description : Check for umask values in shell configurations - SHELL_CONFIG_FILES="${ROOTDIR}etc/bashrc ${ROOTDIR}etc/bash.bashrc ${ROOTDIR}etc/csh.cshrc ${ROOTDIR}etc/profile" + SHELL_CONFIG_FILES="${ROOTDIR}etc/bashrc ${ROOTDIR}etc/bash.bashrc ${ROOTDIR}etc/bash.bashrc.local ${ROOTDIR}etc/csh.cshrc ${ROOTDIR}etc/profile" Register --test-no SHLL-6230 --weight H --network NO --category security --description "Perform umask check for shell configurations" if [ ${SKIPTEST} -eq 0 ]; then FOUND=0 @@ -263,7 +263,7 @@ Display --indent 4 --text "- Checking default umask in ${FILE}" --result "${STATUS_OK}" --color GREEN AddHP 3 3 else - Display --indent 4 --text "- Checking default umask in ${FILE}" --result WEAK --color YELLOW + Display --indent 4 --text "- Checking default umask in ${FILE}" --result "${STATUS_WEAK}" --color YELLOW AddHP 1 3 fi fi @@ -283,4 +283,4 @@ # #================================================================================ -# Lynis - Copyright 2007-2018, CISOfy - http://cisofy.com +# Lynis - Copyright 2007-2019, CISOfy - http://cisofy.com diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lynis/include/tests_snmp new/lynis/include/tests_snmp --- old/lynis/include/tests_snmp 2018-10-26 02:00:00.000000000 +0200 +++ new/lynis/include/tests_snmp 2019-01-31 01:00:00.000000000 +0100 @@ -6,7 +6,7 @@ # ------------------ # # Copyright 2007-2013, Michael Boelen -# Copyright 2007-2018, CISOfy +# Copyright 2007-2019, CISOfy # # Website : https://cisofy.com # Blog : http://linux-audit.com @@ -106,4 +106,4 @@ # #================================================================================ -# Lynis - Copyright 2007-2018 Michael Boelen, CISOfy - https://cisofy.com +# Lynis - Copyright 2007-2019 Michael Boelen, CISOfy - https://cisofy.com diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lynis/include/tests_squid new/lynis/include/tests_squid --- old/lynis/include/tests_squid 2018-10-26 02:00:00.000000000 +0200 +++ new/lynis/include/tests_squid 2019-01-31 01:00:00.000000000 +0100 @@ -6,7 +6,7 @@ # ------------------ # # Copyright 2007-2013, Michael Boelen -# Copyright 2007-2018, CISOfy +# Copyright 2007-2019, CISOfy # # Website : https://cisofy.com # Blog : http://linux-audit.com @@ -325,4 +325,4 @@ # #================================================================================ -# Lynis - Copyright 2007-2018 Michael Boelen, CISOfy - https://cisofy.com +# Lynis - Copyright 2007-2019 Michael Boelen, CISOfy - https://cisofy.com diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lynis/include/tests_ssh new/lynis/include/tests_ssh --- old/lynis/include/tests_ssh 2018-10-26 02:00:00.000000000 +0200 +++ new/lynis/include/tests_ssh 2019-01-31 01:00:00.000000000 +0100 @@ -6,7 +6,7 @@ # ------------------ # # Copyright 2007-2013, Michael Boelen -# Copyright 2007-2018, CISOfy +# Copyright 2007-2019, CISOfy # # Website : https://cisofy.com # Blog : http://linux-audit.com diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lynis/include/tests_storage new/lynis/include/tests_storage --- old/lynis/include/tests_storage 2018-10-26 02:00:00.000000000 +0200 +++ new/lynis/include/tests_storage 2019-01-31 01:00:00.000000000 +0100 @@ -6,7 +6,7 @@ # ------------------ # # Copyright 2007-2013, Michael Boelen -# Copyright 2007-2018, CISOfy +# Copyright 2007-2019, CISOfy # # Website : https://cisofy.com # Blog : http://linux-audit.com @@ -77,4 +77,4 @@ # #================================================================================ -# Lynis - Copyright 2007-2018, CISOfy, Michael Boelen - https://cisofy.com +# Lynis - Copyright 2007-2019, CISOfy, Michael Boelen - https://cisofy.com diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lynis/include/tests_storage_nfs new/lynis/include/tests_storage_nfs --- old/lynis/include/tests_storage_nfs 2018-10-26 02:00:00.000000000 +0200 +++ new/lynis/include/tests_storage_nfs 2019-01-31 01:00:00.000000000 +0100 @@ -6,7 +6,7 @@ # ------------------ # # Copyright 2007-2013, Michael Boelen -# Copyright 2007-2018, CISOfy +# Copyright 2007-2019, CISOfy # # Website : https://cisofy.com # Blog : http://linux-audit.com diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lynis/include/tests_system_integrity new/lynis/include/tests_system_integrity --- old/lynis/include/tests_system_integrity 2018-10-26 02:00:00.000000000 +0200 +++ new/lynis/include/tests_system_integrity 2019-01-31 01:00:00.000000000 +0100 @@ -6,7 +6,7 @@ # ------------------ # # Copyright 2007-2013, Michael Boelen -# Copyright 2007-2018, CISOfy +# Copyright 2007-2019, CISOfy # # Website : https://cisofy.com # Blog : http://linux-audit.com @@ -34,7 +34,7 @@ Register --test-no SINT-7010 --preqs-met ${PREQS_MET} --skip-reason "${SKIPREASON}" --weight H --network NO --category security --description "System Integrity Status" if [ ${SKIPTEST} -eq 0 ]; then if ${ROOTDIR}usr/bin/csrutil status | ${GREPBINARY} -sq enabled ; then - Display --indent 2 --text "- System Integrity Protectioni (status)" --result "${STATUS_OK}" --color GREEN + Display --indent 2 --text "- System Integrity Protection (status)" --result "${STATUS_OK}" --color GREEN Report "system_integrity_tool[]=mac-sip" LogText "Result: SIP enabled, OK" AddHP 3 3 @@ -51,4 +51,4 @@ WaitForKeyPress # #================================================================================ -# Lynis - Copyright 2007-2018 Michael Boelen, CISOfy - https://cisofy.com +# Lynis - Copyright 2007-2019 Michael Boelen, CISOfy - https://cisofy.com diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lynis/include/tests_time new/lynis/include/tests_time --- old/lynis/include/tests_time 2018-10-26 02:00:00.000000000 +0200 +++ new/lynis/include/tests_time 2019-01-31 01:00:00.000000000 +0100 @@ -6,7 +6,7 @@ # ------------------ # # Copyright 2007-2013, Michael Boelen -# Copyright 2007-2018, CISOfy +# Copyright 2007-2019, CISOfy # # Website : https://cisofy.com # Blog : http://linux-audit.com diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lynis/include/tests_tooling new/lynis/include/tests_tooling --- old/lynis/include/tests_tooling 2018-10-26 02:00:00.000000000 +0200 +++ new/lynis/include/tests_tooling 2019-01-31 01:00:00.000000000 +0100 @@ -6,7 +6,7 @@ # ------------------ # # Copyright 2007-2013, Michael Boelen -# Copyright 2007-2018, CISOfy +# Copyright 2007-2019, CISOfy # # Website : https://cisofy.com # Blog : http://linux-audit.com diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lynis/include/tests_virtualization new/lynis/include/tests_virtualization --- old/lynis/include/tests_virtualization 2018-10-26 02:00:00.000000000 +0200 +++ new/lynis/include/tests_virtualization 2019-01-31 01:00:00.000000000 +0100 @@ -6,7 +6,7 @@ # ------------------ # # Copyright 2007-2013, Michael Boelen -# Copyright 2007-2018, CISOfy +# Copyright 2007-2019, CISOfy # # Website : https://cisofy.com # Blog : http://linux-audit.com diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lynis/include/tests_webservers new/lynis/include/tests_webservers --- old/lynis/include/tests_webservers 2018-10-26 02:00:00.000000000 +0200 +++ new/lynis/include/tests_webservers 2019-01-31 01:00:00.000000000 +0100 @@ -6,7 +6,7 @@ # ------------------ # # Copyright 2007-2013, Michael Boelen -# Copyright 2007-2018, CISOfy +# Copyright 2007-2019, CISOfy # # Website : https://cisofy.com # Blog : http://linux-audit.com @@ -171,7 +171,7 @@ for J in ${tVHOSTS}; do if [ ! -z ${J} ]; then LogText "Virtual host: ${J}" - Report "apache_vhost_name[]=${J}" + #Report "apache_vhost_name[]=${J}" fi done diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lynis/include/tool_tips new/lynis/include/tool_tips --- old/lynis/include/tool_tips 2018-10-26 02:00:00.000000000 +0200 +++ new/lynis/include/tool_tips 2019-01-31 01:00:00.000000000 +0100 @@ -6,7 +6,7 @@ # ------------------ # # Copyright 2007-2013, Michael Boelen -# Copyright 2007-2018, CISOfy +# Copyright 2007-2019, CISOfy # # Website : https://cisofy.com # Blog : http://linux-audit.com diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lynis/lynis new/lynis/lynis --- old/lynis/lynis 2018-10-26 02:00:00.000000000 +0200 +++ new/lynis/lynis 2019-01-31 01:00:00.000000000 +0100 @@ -6,7 +6,7 @@ # ------------------ # # Copyright 2007-2013, Michael Boelen -# 2013-2016, CISOfy +# 2013-now, CISOfy # # Web site: https://cisofy.com # @@ -35,15 +35,15 @@ PROGRAM_AUTHOR_CONTACT="lynis-...@cisofy.com" # Version details - PROGRAM_RELEASE_DATE="2018-10-26" - PROGRAM_RELEASE_TIMESTAMP=1540556675 + PROGRAM_RELEASE_DATE="2019-01-31" + PROGRAM_RELEASE_TIMESTAMP=1548942179 PROGRAM_RELEASE_TYPE="final" # dev or final - PROGRAM_VERSION="2.7.0" + PROGRAM_VERSION="2.7.1" # Source, documentation and license PROGRAM_SOURCE="https://github.com/CISOfy/lynis" PROGRAM_WEBSITE="https://cisofy.com/lynis/" - PROGRAM_COPYRIGHT="2007-2018, ${PROGRAM_AUTHOR} - ${PROGRAM_WEBSITE}" + PROGRAM_COPYRIGHT="2007-2019, ${PROGRAM_AUTHOR} - ${PROGRAM_WEBSITE}" PROGRAM_LICENSE="${PROGRAM_NAME} comes with ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to redistribute it under the terms of the GNU General Public License. See the LICENSE file for details about using this software." @@ -110,7 +110,7 @@ fi # Auto detection of language based on locale (first two characters). Set to English when nothing found. - if [ -x "$(command -v locale)" ]; then + if [ -x "$(command -v locale 2> /dev/null)" ]; then LANGUAGE=$(locale | egrep "^LANG=" | cut -d= -f2 | cut -d_ -f1 | egrep "^[a-z]{2}$") fi if [ -z "${LANGUAGE}" ]; then @@ -1075,4 +1075,4 @@ # #================================================================================ -# Lynis - Copyright 2007-2018, Michael Boelen, CISOfy - https://cisofy.com +# Lynis - Copyright 2007-2019, Michael Boelen, CISOfy - https://cisofy.com ++++++ lynis_1.3.6_include-osdetection.diff ++++++ --- /var/tmp/diff_new_pack.E4Vo1T/_old 2019-02-02 21:50:11.251932050 +0100 +++ /var/tmp/diff_new_pack.E4Vo1T/_new 2019-02-02 21:50:11.251932050 +0100 @@ -2,7 +2,7 @@ =================================================================== --- include/osdetection.orig +++ include/osdetection -@@ -399,7 +399,7 @@ +@@ -400,7 +400,7 @@ OS_NAME="${LINUX_VERSION}" fi # If Linux version (full name) is unknown, use uname value