Commit graph

1537 commits

Author SHA1 Message Date
Michael Boelen
017103e20c
[PKGS-7392] - Skip test for Zypper-based systems 2019-04-17 15:26:43 +02:00
Michael Boelen
121c861446
Non-interactive mode for zypper 2019-04-17 15:07:07 +02:00
Michael Boelen
bf5219d9b9
[PKGS-7328/PKGS-7330] added non-interactive global option 2019-04-15 19:30:21 +02:00
Michael Boelen
dba2dcb918
Added missing variables 2019-04-15 19:20:31 +02:00
Michael Boelen
2d0c684931
Added new 'generate' command 2019-04-13 13:26:56 +02:00
Michael Boelen
e195e7c8e0
Corrected lsvg binary detection 2019-04-09 08:26:16 +02:00
Michael Boelen
d90c43d06c
Updated descriptions 2019-04-09 06:52:00 +02:00
Capashenn
fe09e4ebaa fix SHLL-6220 description (#673) 2019-04-09 06:49:33 +02:00
Michael Boelen
fd8b1e790d
Improved PackageIsInstalled function and its usage 2019-04-08 15:09:18 +02:00
Michael Boelen
256bc1da0f
Undoed submitted pull request as it breaks testing at least on Ubuntu system 2019-04-08 11:07:41 +02:00
Capashenn
137dc6f0cc fix FILE-6374 (#672) 2019-04-08 10:36:17 +02:00
Michael Boelen
71a0c79053
Corrected stdout/stderr redirection for FreeBSD pkg tool 2019-04-08 07:53:04 +02:00
Michael Boelen
08ecd91180
Use ps instead of pgrep on AIX 2019-04-07 19:03:21 +02:00
Michael Boelen
1e134bc1b3
Extended function with more package managers 2019-04-07 15:52:52 +02:00
Michael Boelen
f8b390617b
Changed screen output 2019-04-07 15:51:25 +02:00
Michael Boelen
2750e9b7b8
Detect equery binary 2019-04-07 15:50:46 +02:00
Michael Boelen
72ba872a2f
Improve text output for AIX systems 2019-04-04 19:04:42 +02:00
Michael Boelen
9936224278
Merge of several tests, cleanup, minor code enhancements and restructure 2019-04-04 14:42:39 +02:00
Michael Boelen
247eb7d9a6
Corrected if-statement 2019-04-03 12:46:03 +02:00
Capashenn
e0ca517aaa Add tests INSE-8310 INSE-8312 (telnet) (#693)
* Add test INSE-8000

* Add xinetd support in insecure_services

* fix issue #662

* Check for talk via xinetd

* Check for chargen via xinetd

* Check for daytime via xinetd

* Check discard via xinetd

* Check echo via xinatd

* Check time via xinetd

* Check tftp via xinetd

* Check rsync via xinetd

* Add test INSE-8200

* Add test INSE-8300 INSE-8302 INSE-8304 (rsh)

* Add tests INSE-8310 INSE-8312 (telnet)
2019-04-02 11:15:31 +02:00
Michael Boelen
2c83037cba
Minor cleanup 2019-04-02 07:58:10 +02:00
Capashenn
7b7086566d Add test FILE-6324 check XFS file systems (#699) 2019-04-02 07:46:04 +02:00
Michael Boelen
d0df518426
[PKGS-7420] corrected typo 2019-03-30 13:58:23 +01:00
Michael Boelen
3660043308
[PKGS-7420] limit test to specific OS, add dnf-automatic support, extend logging 2019-03-30 13:31:03 +01:00
Michael Boelen
3702ae67b5
[PKGS-7420] Detect toolkit to automatically download and apply upgrades 2019-03-29 12:53:13 +01:00
Michael Boelen
8a9edeb40b
[AUTH-9278] style change, description, allow different root directory 2019-03-29 12:30:12 +01:00
Capashenn
f9bcf26f25 fix issue #612 (#677)
LDAP support for Red Hat and others (fix issue #612)
2019-03-29 12:26:12 +01:00
Michael Boelen
de2ef2c3e7
Add apt and dpkg binaries 2019-03-29 12:23:45 +01:00
Michael Boelen
605c381eb6
[PKGS-7410] add support for DPKG-based systems to gather installed kernel packages 2019-03-29 12:22:20 +01:00
Michael Boelen
ea8c032ea9
[NETW-3015] added support for ip binary 2019-03-21 09:34:26 +01:00
Michael Boelen
943e09db01
[LOGG-2180] minor cleanup 2019-03-21 09:07:05 +01:00
Michael Boelen
928023ec6a
[HTTP-6624] improved logging for test 2019-03-19 13:07:12 +01:00
Michael Boelen
303050dda3
[LOGG-2154] Adjusted test to search in configuration file correctly 2019-03-15 14:25:00 +01:00
Michael Boelen
048815abc0
[SSH-7408] Increased values for MaxAuthRetries as sometimes SSH key-based authentication may need it 2019-03-15 14:00:47 +01:00
Michael Boelen
4a47bde240
Adjusted descriptions 2019-03-15 13:52:55 +01:00
Michael Boelen
89782f1e98
Add logging status of tool tips 2019-03-14 14:15:59 +01:00
Michael Boelen
703a856e82
Corrected blkid detection 2019-03-14 13:15:07 +01:00
Michael Boelen
48195ce221
Initial work to detect Lynis in cronjobs 2019-03-14 12:32:19 +01:00
Michael Boelen
3e7b319ec7
Readability changes and show when plugin execution is skipped 2019-03-14 12:31:39 +01:00
Michael Boelen
3cf64ff5a6
Preparations for user tips to improve usage of tool 2019-03-14 12:30:37 +01:00
Michael Boelen
95c11f8270
[KRNL-5820] Changed color for default value - fixes GitHub #655 2019-03-11 14:06:17 +01:00
Michael Boelen
ec4d89b978
[BOOT-5122] don't use WARNING, but show NONE if no protection is implemented 2019-03-07 10:15:16 +01:00
chr0mag
e33ca1ec58 [BOOT 5177] Simplify service filter & support multiple periods in names (#633)
* Handle service names with multiple periods

The current awk filter produces truncated output if the service
name contains multiple periods.

eg. dbus-org.freedesktop.resolve1.service and
dbus-org.freedesktop.network1.service both appear as 'dbus-org' in
the resulting service list.

This change addresses this by filtering on '.service' instead.

* Simplify systemd service filtering

Added systemctl switches to filter the output based on enabled
or running services. This removes the need for one of the awk
statements.
2019-03-07 10:10:21 +01:00
chr0mag
341612418f BOOT-5117 adds systemd-boot bootloader detection (#634)
Adds a test to detect systemd-boot. The 'bootctl' binary is also
added as this is the utility used to inspect the systemd-boot
configuration.

This test is only executed if systemd is installed, the bootctl
utility exists and the system is booted in UEFI mode.
2019-03-07 10:07:52 +01:00
silentcreek
fb567465c9 [KRNL-5788] Fix false positive warning on missing /vmlinuz (#650)
Not all architectures use a /vmlinuz symlink in Debian. For instance,
armhf systems may only provide a symlink in /boot/vmlinuz. Fall back to
testing /boot/vmlinuz if /vmlinuz is not found.

Signed-off-by: Timo Sigurdsson <public_timo.s@silentcreek.de>
2019-03-07 10:05:12 +01:00
silentcreek
17f2e34660 [PKGS-7388] Fix false positive warning on missing security archive (#651)
Currently the check for the security archive in Debian/Ubuntu fails, if
the archive is not hosted on security.{debian,ubuntu}.org and the URL
does have trailing slash, such as this:
  deb http://deb.debian.org/debian-security/ stretch/updates main

Change the regular expression to allow for a trailing slash in the URL
when filtering the package sources lists.

Signed-off-by: Timo Sigurdsson <public_timo.s@silentcreek.de>
2019-03-07 10:03:11 +01:00
Michael Boelen
8888b01dcd
Store date and timestamp for EOL 2019-03-05 19:31:36 +01:00
jirib
0dafe4a02b better OpenBSD support (#641) 2019-03-05 19:03:44 +01:00
chr0mag
06bf77cb30 [FIRE-4540] Modify test to better measure rules (#636)
This test was previously measuring the number of bytes (wc -c)
in the exported JSON which is likely not what was intended and
will lead to false positives anytime the number of bytes exceeds
16.

The export feature is poorly documented and requires the jansson
package on the target system to export as JSON - which may not
always be the case.

Lastly, 16 is an arbitrary and uncessarily high number. A simple
workstation firewall can have only 3 rules and be effective.

This commit makes use of 'nft list ruleset' instead of the export
command, strips out blank lines as well as table & chain headers
before measuring the number of lines in the output. Any result
with more than 3 rules is now considered non-empty. This is more
consistent with the equivalent iptables test case.
2019-03-05 18:57:58 +01:00
Michael Boelen
ff6446a5bc
Added 'show eol' command 2019-03-04 12:33:25 +01:00