lynis
lynis copied to clipboard
CISOfy
Consider wazuh-syscheckd to satisfy FINT-4328
Is your feature request related to a problem? Please describe. lynis supports ossec-syscheckd as a file integrity tool satisfying FINT-4328. However OSSEC is not actively maintained for quite some time and Wazuh is a currently maintained fork.
Describe the solution you'd like Update lynis FINT-4328-related functions to test if wazuh-syscheckd is running
Required changes include/tests_file_integrity
I can confirm that lynis 3.1.1 detects wazuh-syscheckd and passing "File integrity software installed" check.
# dpkg -l | grep lynis
ii lynis 3.1.1-100 all security tool to audit systems running Linux, macOS, and Unix
2024-05-15 08:42:02 ====
2024-05-15 08:42:02 Performing test ID FINT-4344 (Wazuh syscheck daemon running)
2024-05-15 08:42:02 Test: Checking if Wazuh syscheck daemon is running
2024-05-15 08:42:02 Performing pgrep scan without uid
2024-05-15 08:42:02 IsRunning: process 'wazuh-syscheckd' found (14377 1031181 2818649 3021642 3021943 3023003 3114636 3116131 3148379 3232945 3233216 3234903 3235737 3242300 3277189 3278161 3284681 3354022 3354092 3354546 3357383 3358101 3359143 )
2024-05-15 08:42:02 Result: syscheck (Wazuh) active
2024-05-15 08:42:02 ====
2024-05-15 08:42:02 ====
2024-05-15 08:42:02 Performing test ID FINT-4350 (File integrity software installed)
2024-05-15 08:42:02 Test: Check if at least on file integrity tool is available/installed
2024-05-15 08:42:02 Result: found at least one file integrity tool
2024-05-15 08:42:02 Hardening: assigned maximum number of hardening points for this item (5). Currently having 299 points (out of 331)
2024-05-15 08:42:02 Security check: file is normal
2024-05-15 08:42:02 Checking permissions of /usr/share/lynis/include/tests_tooling
2024-05-15 08:42:02 File permissions are OK
2024-05-15 08:42:02 ====