lynis
lynis copied to clipboard
CISOfy
Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.
**Is your feature request related to a problem? Please describe.** While running the default audit system on a LXC containerised (Via ProxMox) RockyLinux 8.6 host the reports shows: ``` Exception...
I would like to translate the lynis output as much as possible. The problem is that some of the lines I want to translate are just missing. I can't just...
This PR: - uses `${SYSTEMCTLBINARY} get-default`, as suggested by @marderbot, instead of following a link - removes end of line spaces - closes #1286 Signed-off-by: Thomas Sjögren
Should close issue #1232, but I have a concern to point out: `VERSION_ID` reports the version of the Ubuntu version that KDE Neon is based on, while `VERSION` shows the...
This PR: - adds `plocate` to `LOCATE_DBS` - sorts the `LOCATE_DBS` paths - closes #1288 Signed-off-by: Thomas Sjögren
**Describe the bug** Some checks (e.g. https://cisofy.com/lynis/controls/FILE-7524/, https://cisofy.com/lynis/controls/HOME-9304/) do not have a solid manpage, or what does the software think that things should look like **Version** - Distribution [e.g. Ubuntu...
**Describe the bug** https://github.com/CISOfy/lynis/blob/master/include/tests_ssh#L138 suggests setting `Compression no` in `/etc/ssh/sshd_config` to prevent possible pre-authentication attacks on connections with compression enabled. https://github.com/CISOfy/lynis/issues/217#issuecomment-358278113: > Support for pre-authentication compression has been removed on...
This PR: - Removes the Compression test for `sshd` versions > 7.4 - Closes #1291 Signed-off-by: Thomas Sjögren
**Describe the bug** [PKGS-7370](https://github.com/CISOfy/lynis/blob/4f382331b3d7d141c49a971050d3a9b61a94c511/include/tests_ports_packages#L661) checks for the existence of the `debsums` binary, and a corresponding cron job in `/etc/cron*`. If the cron job is not properly configured, it is meant...