Merge branch 'master' of https://github.com/CISOfy/lynis

mboelen · mboelen · commit 7bf2024c7da7 · 2024-09-10T16:46:20.000Z
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -19,8 +19,7 @@
 ### Changed
 - Correction of software EOL database and inclusion of AIX entries
 - Support sysctl value perf_event_paranoid -> 2|3
-- Update of Turkish translation
-- Update of Portuguese translation
+- Update of translations: German, Portuguest, Turkish
 - Grammar and spell improvements
 - Improved package detection on Alpine Linux
 - Slackware support to check installed packges (functionPackageIsInstalled())
@@ -32,6 +31,7 @@
 - CONT-8104 - Checking for errors, not only warning in docker info output
 - DBS-1826 - PostgreSQL detection improved for AlmaLinux, Rocky Linux, and FreeBSD
 - FILE-6344 - Test kernel version (major/minor)
+- INSE-8000 - Added inetd package and service name used in ubuntu 24.04
 - KRNL-5622 - Use systemctl get-default instead of following link
 - KRNL-5820 - Accept ulimit with -H parameter also
 - LOGG-2144 - Check for wazuh-agent presence on Linux systems
@@ -43,6 +43,7 @@
 - PKGS-7303 - Added version numbers to brew packages
 - PKGS-7370 - Cron job check for debsums improved
 - PKGS-7392 - Improved filtering of apt-check output (Ubuntu 24.04 may give an error)
+- PKGS-7410 - Added kernel name for Hardkernel odroid XU4
 
 ---------------------------------------------------------------------------------
 
diff --git a/db/languages/de b/db/languages/de
@@ -106,4 +106,4 @@ STATUS_WEAK="SCHWACH"
 STATUS_YES="JA"
 TEXT_UPDATE_AVAILABLE="Aktualisierung verfügbar"
 TEXT_YOU_CAN_HELP_LOGFILE="Sie können durch Übermittlung Ihrer Logdatei helfen"
-#SECTION_KERBEROS="Kerberos"
+SECTION_KERBEROS="Kerberos"
diff --git a/include/tests_filesystems b/include/tests_filesystems
@@ -877,8 +877,8 @@
                 fi
                 FIND=$(${LSBINARY} ${ROOTDIR}etc/modprobe.d/* 2> /dev/null)
                 if [ -n "${FIND}" ]; then
-                    FIND1=$(${GREPBINARY} -E "^blacklist \+${FS}$" ${ROOTDIR}etc/modprobe.d/* | ${GREPBINARY} -v "#")
-                    FIND2=$(${GREPBINARY} -E "^install \+${FS} \+/bin/true$" ${ROOTDIR}etc/modprobe.d/* | ${GREPBINARY} -v "#")
+                    FIND1=$(${GREPBINARY} -E "^blacklist[[:space:]]+${FS}$" ${ROOTDIR}etc/modprobe.d/* | ${GREPBINARY} -v "#")
+                    FIND2=$(${GREPBINARY} -E "^install[[:space:]]+${FS}[[:space:]]+/bin/(true|false)$" ${ROOTDIR}etc/modprobe.d/* | ${GREPBINARY} -v "#")
                         if [ -n "${FIND1}" ] || [ -n "${FIND2}" ]; then
                             Display --indent 4 --text "- Module $FS is blacklisted" --result "OK" --color GREEN
                             LogText "Result: module ${FS} is blacklisted"
diff --git a/include/tests_insecure_services b/include/tests_insecure_services
@@ -41,7 +41,7 @@
     if [ ${SKIPTEST} -eq 0 ]; then
         # Check for installed inetd daemon
         LogText "Test: Checking if inetd is installed"
-        if PackageIsInstalled "inetd"; then
+        if PackageIsInstalled "inetd" || PackageIsInstalled "inetutils-inetd"; then
             INETD_PACKAGE_INSTALLED=1
             LogText "Result: inetd is installed"
             Display --indent 2 --text "- Installed inetd package" --result "${STATUS_FOUND}" --color YELLOW
@@ -61,7 +61,7 @@
     if [ ${SKIPTEST} -eq 0 ]; then
         # Check running processes
         LogText "Test: Searching for active inet daemon"
-        if IsRunning "inetd"; then
+        if IsRunning "inetd" || IsRunning "inetutils-inetd"; then
             LogText "Result: inetd is running"
             Display --indent 4 --text "- inetd status" --result "${STATUS_ACTIVE}" --color GREEN
             INETD_ACTIVE=1
diff --git a/include/tests_networking b/include/tests_networking
@@ -750,7 +750,7 @@
                         UNCOMMON_PROTOCOL_DISABLED=0
                         # First check modprobe.conf
                         if [ -f ${ROOTDIR}etc/modprobe.conf ]; then
-                            DATA=$(${GREPBINARY} "^install \+${P} \+/bin/(true|false)$" ${ROOTDIR}etc/modprobe.conf)
+                            DATA=$(${GREPBINARY} -E "^install[[:space:]]+${P}[[:space:]]+/bin/(true|false)$" ${ROOTDIR}etc/modprobe.conf)
                             if [ -n "${DATA}" ]; then
                                 LogText "Result: found ${P} module disabled via modprobe.conf"
                                 UNCOMMON_PROTOCOL_DISABLED=1
@@ -759,7 +759,7 @@
                         # Then additional modprobe configuration files
                         if [ -d ${ROOTDIR}etc/modprobe.d ]; then
                             # Return file names (-l) and suppress errors (-s)
-                            DATA=$(${GREPBINARY} -l -s "^install \+${P} \+/bin/(true|false)$" ${ROOTDIR}etc/modprobe.d/*)
+                            DATA=$(${GREPBINARY} -l -s -E "^install[[:space:]]+${P}[[:space:]]+/bin/(true|false)$" ${ROOTDIR}etc/modprobe.d/*)
                             if [ -n "${DATA}" ]; then
                                 UNCOMMON_PROTOCOL_DISABLED=1
                                 for F in ${DATA}; do
diff --git a/include/tests_ports_packages b/include/tests_ports_packages
@@ -1378,7 +1378,7 @@ EOF
 
         if [ "${DPKGBINARY}" ]; then
             TESTED=1
-            KERNEL_PKG_NAMES="linux-image-[0-9]|raspberrypi-kernel|pve-kernel-[0-9]"
+            KERNEL_PKG_NAMES="linux-image-[0-9]|raspberrypi-kernel|pve-kernel-[0-9]|linux-odroid-5422"
             KERNELS=$(${DPKGBINARY} -l 2> /dev/null | ${GREPBINARY} -E "${KERNEL_PKG_NAMES}" | ${WCBINARY} -l)
             if [ ${KERNELS} -eq 0 ]; then
                 LogText "Result: found no kernels from dpkg -l output, which is unexpected"
