Sync from SUSE:SLFO:Main lynis revision 3b0de71aa5352bed3bb6f9211666db8d

.gitattributes

@@ -0,0 +1,23 @@
+## Default LFS
+*.7z filter=lfs diff=lfs merge=lfs -text
+*.bsp filter=lfs diff=lfs merge=lfs -text
+*.bz2 filter=lfs diff=lfs merge=lfs -text
+*.gem filter=lfs diff=lfs merge=lfs -text
+*.gz filter=lfs diff=lfs merge=lfs -text
+*.jar filter=lfs diff=lfs merge=lfs -text
+*.lz filter=lfs diff=lfs merge=lfs -text
+*.lzma filter=lfs diff=lfs merge=lfs -text
+*.obscpio filter=lfs diff=lfs merge=lfs -text
+*.oxt filter=lfs diff=lfs merge=lfs -text
+*.pdf filter=lfs diff=lfs merge=lfs -text
+*.png filter=lfs diff=lfs merge=lfs -text
+*.rpm filter=lfs diff=lfs merge=lfs -text
+*.tbz filter=lfs diff=lfs merge=lfs -text
+*.tbz2 filter=lfs diff=lfs merge=lfs -text
+*.tgz filter=lfs diff=lfs merge=lfs -text
+*.ttf filter=lfs diff=lfs merge=lfs -text
+*.txz filter=lfs diff=lfs merge=lfs -text
+*.whl filter=lfs diff=lfs merge=lfs -text
+*.xz filter=lfs diff=lfs merge=lfs -text
+*.zip filter=lfs diff=lfs merge=lfs -text
+*.zst filter=lfs diff=lfs merge=lfs -text

additional_module_blacklist_locations.patch

@@ -0,0 +1,32 @@
+Index: lynis/include/tests_filesystems
+===================================================================
+--- lynis.orig/include/tests_filesystems
++++ lynis/include/tests_filesystems
+@@ -835,15 +835,18 @@
+                     AddHP 3 3
+                     if IsDebug; then Display --indent 6 --text "- Module ${FS} not present in the kernel" --result OK --color GREEN; fi
+                 fi
+-                FIND=$(${LSBINARY} ${ROOTDIR}etc/modprobe.d/* 2> /dev/null)
+-                if [ -n "${FIND}" ]; then
+-                    FIND1=$(${GREPBINARY} -E "^blacklist[[:space:]]+${FS}$" ${ROOTDIR}etc/modprobe.d/* | ${GREPBINARY} -v "#")
+-                    FIND2=$(${GREPBINARY} -E "^install[[:space:]]+${FS}[[:space:]]+/bin/(true|false)$" ${ROOTDIR}etc/modprobe.d/* | ${GREPBINARY} -v "#")
+-                        if [ -n "${FIND1}" ] || [ -n "${FIND2}" ]; then
+-                            Display --indent 4 --text "- Module $FS is blacklisted" --result "OK" --color GREEN
+-                            LogText "Result: module ${FS} is blacklisted"
+-                        fi
+-                fi
++                for SUBDIR in "${ROOTDIR}etc" "/usr/lib"; do
++                    FIND=$(${LSBINARY} ${SUBDIR}/modprobe.d/* 2> /dev/null)
++                    if [ -n "${FIND}" ]; then
++                        FIND1=$(${GREPBINARY} -E "^blacklist[[:space:]]+${FS}$" ${SUBDIR}/modprobe.d/* | ${GREPBINARY} -v "#")
++                        FIND2=$(${GREPBINARY} -E "^install[[:space:]]+${FS}[[:space:]]+/bin/(true|false)$" ${SUBDIR}/modprobe.d/* | ${GREPBINARY} -v "#")
++                            if [ -n "${FIND1}" ] || [ -n "${FIND2}" ]; then
++                                Display --indent 4 --text "- Module $FS is blacklisted" --result "OK" --color GREEN
++                                LogText "Result: module ${FS} is blacklisted"
++                                break
++                            fi
++                    fi
++                done
+             done
+             if [ ${FOUND} -eq 1 ]; then
+                 Display --indent 4 --text "- Discovered kernel modules: ${AVAILABLE_MODPROBE_FS}"

dbus-whitelist.db.openSUSE_12.2_x86_64

@@ -0,0 +1,100 @@
+avahi-dbus.conf
+bluetooth.conf
+com.redhat.NewPrinterNotification.conf
+com.redhat.PrinterDriversInstaller.conf
+com.redhat.tuned.conf
+ConsoleKit.conf
+cups.conf
+dnsmasq.conf
+fi.epitest.hostap.WPASupplicant.service
+FirewallD.conf
+fi.w1.wpa_supplicant1.service
+gdm.conf
+hal.conf
+nm-avahi-autoipd.conf
+nm-dhcp-client.conf
+nm-dispatcher.conf
+nm-openconnect-service.conf
+nm-openvpn-service.conf
+nm-pptp-service.conf
+nm-vpnc-service.conf
+org.blueman.Mechanism.conf
+org.blueman.Mechanism.service
+org.freedesktop.Accounts.conf
+org.freedesktop.Accounts.service
+org.freedesktop.AutoMount.conf
+org.freedesktop.Avahi.service
+org.freedesktop.colord-sane.conf
+org.freedesktop.colord-sane.service
+org.freedesktop.ColorManager.conf
+org.freedesktop.ColorManager.service
+org.freedesktop.ConsoleKit.service
+org.freedesktop.DisplayManager.conf
+org.freedesktop.GeoClue2.Agent.conf
+org.freedesktop.GeoClue2.conf
+org.freedesktop.GeoClue2.service
+org.freedesktop.Hal.service
+org.freedesktop.hostname1.conf
+org.freedesktop.hostname1.service
+org.freedesktop.locale1.conf
+org.freedesktop.locale1.service
+org.freedesktop.login1.conf
+org.freedesktop.login1.service
+org.freedesktop.ModemManager1.conf
+org.freedesktop.ModemManager1.service
+org.freedesktop.ModemManager.conf
+org.freedesktop.ModemManager.service
+org.freedesktop.network1.conf
+org.freedesktop.network1.service
+org.freedesktop.NetworkManager.conf
+org.freedesktop.nm_dispatcher.service
+org.freedesktop.PackageKit.conf
+org.freedesktop.PackageKit.service
+org.freedesktop.PolicyKit1.conf
+org.freedesktop.PolicyKit1.service
+org.freedesktop.PolicyKit.conf
+org.freedesktop.PolicyKit.service
+org.freedesktop.RealtimeKit1.conf
+org.freedesktop.RealtimeKit1.service
+org.freedesktop.systemd1.conf
+org.freedesktop.systemd1.service
+org.freedesktop.timedate1.conf
+org.freedesktop.timedate1.service
+org.freedesktop.UDisks2.conf
+org.freedesktop.UDisks2.service
+org.freedesktop.UDisks.conf
+org.freedesktop.UDisks.service
+org.freedesktop.UPower.conf
+org.freedesktop.UPower.service
+org.gnome.GConf.Defaults.conf
+org.gnome.GConf.Defaults.service
+org.gnome.SettingsDaemon.DateTimeMechanism.conf
+org.gnome.SettingsDaemon.DateTimeMechanism.service
+org.kde.auth.conf
+org.kde.fontinst.conf
+org.kde.fontinst.service
+org.kde.kcontrol.k3bsetup.conf
+org.kde.kcontrol.k3bsetup.service
+org.kde.kcontrol.kcmclock.conf
+org.kde.kcontrol.kcmclock.service
+org.kde.kcontrol.kcmkdm.conf
+org.kde.kcontrol.kcmkdm.service
+org.kde.kcontrol.kcmremotewidgets.conf
+org.kde.kcontrol.kcmremotewidgets.service
+org.kde.ksysguard.processlisthelper.conf
+org.kde.ksysguard.processlisthelper.service
+org.kde.polkitkde1.helper.conf
+org.kde.polkitkde1.helper.service
+org.kde.powerdevil.backlighthelper.conf
+org.kde.powerdevil.backlighthelper.service
+org.opensuse.CupsPkHelper.Mechanism.conf
+org.opensuse.CupsPkHelper.Mechanism.service
+org.opensuse.Network.AUTO4.conf
+org.opensuse.Network.conf
+org.opensuse.Network.DHCP4.conf
+org.opensuse.Network.DHCP6.conf
+org.opensuse.Network.Nanny.conf
+org.opensuse.Snapper.conf
+pulseaudio-system.conf
+skype.conf
+wpa_supplicant.conf

fileperms.db.openSUSE_12.2_x86_64

@@ -0,0 +1,156 @@
+file:/var/run/uscreens/:1777:root:root:Linux:
+file:/etc/crontab:644:root:root:Linux:
+file:/etc/exports:644:root:root:Linux:
+file:/etc/fstab:644:root:root:Linux:
+file:/etc/ftpaccess:644:root:root:Linux:
+file:/etc/ftpusers:644:root:root:Linux:
+file:/etc/rmtab:644:root:root:Linux:
+file:/var/lib/nfs/rmtab:644:root:root:Linux:
+file:/etc/syslog.conf:644:root:root:Linux:
+file:/bin/su:4755:root:root:Linux:
+file:/usr/bin/at:4755:root:trusted:Linux:
+file:/usr/bin/crontab:4755:root:trusted:Linux:
+file:/usr/bin/gpasswd:4755:root:shadow:Linux:
+file:/usr/bin/newgrp:4755:root:root:Linux:
+file:/usr/bin/passwd:4755:root:shadow:Linux:
+file:/usr/bin/chfn:4755:root:shadow:Linux:
+file:/usr/bin/chage:4755:root:shadow:Linux:
+file:/usr/bin/chsh:4755:root:shadow:Linux:
+file:/usr/bin/expiry:4755:root:shadow:Linux:
+file:/usr/bin/sudo:4755:root:root:Linux:
+file:/usr/sbin/su-wrapper:4755:root:root:Linux:
+file:/usr/bin/opiepasswd:4755:root:root:Linux:
+file:/usr/bin/ncpmount:4750:root:trusted:Linux:
+file:/usr/bin/ncpumount:4750:root:trusted:Linux:
+file:/sbin/mount.nfs:4755:root:root:Linux:
+file:/bin/mount:4755:root:root:Linux:
+file:/bin/umount:4755:root:root:Linux:
+file:/bin/eject:4755:root:audio:Linux:
+file:/usr/bin/fusermount:4755:root:trusted:Linux:
+file:/usr/lib/majordomo/wrapper:4755:root:daemon:Linux:
+file:/usr/lib/pt_chown:4755:root:root:Linux:
+file:/usr/lib64/pt_chown:4755:root:root:Linux:
+file:/sbin/unix_chkpwd:4755:root:shadow:Linux:
+file:/sbin/unix2_chkpwd:4755:root:shadow:Linux:
+file:/usr/sbin/popauth:4755:pop:trusted:Linux:
+file:/usr/sbin/pam_auth:4755:root:shadow:Linux:
+file:/usr/lib/gnome-pty-helper:2755:root:utmp:Linux:
+file:/usr/bin/v4l-conf:4755:root:video:Linux:
+file:/usr/lib/ia32el/suid_ia32x_loader:4755:root:root:Linux:
+file:/usr/bin/ntping:4750:root:trusted:Linux:
+file:/usr/bin/wall:2755:root:tty:Linux:
+file:/usr/bin/write:2755:root:tty:Linux:
+file:/usr/bin/makeweb:2755:root:www:Linux:
+file:/usr/bin/yaps:2755:root:uucp:Linux:
+file:/usr/bin/nwsfind:4750:root:trusted:Linux:
+file:/usr/bin/ncplogin:4750:root:trusted:Linux:
+file:/usr/bin/ncpmap:4750:root:trusted:Linux:
+file:/usr/lib/lpdfilter/bin/runlpr:4755:root:root:Linux:
+file:/sbin/pccardctl:4755:root:trusted:Linux:
+file:/usr/sbin/mgnokiidev:4755:root:uucp:Linux:
+file:/usr/lib/pcp/pmpost:4755:root:root:Linux:
+file:/usr/lib/mailman/cgi-bin/admin:2755:root:mailman:Linux:
+file:/usr/lib/mailman/cgi-bin/admindb:2755:root:mailman:Linux:
+file:/usr/lib/mailman/cgi-bin/edithtml:2755:root:mailman:Linux:
+file:/usr/lib/mailman/cgi-bin/listinfo:2755:root:mailman:Linux:
+file:/usr/lib/mailman/cgi-bin/options:2755:root:mailman:Linux:
+file:/usr/lib/mailman/cgi-bin/private:2755:root:mailman:Linux:
+file:/usr/lib/mailman/cgi-bin/roster:2755:root:mailman:Linux:
+file:/usr/lib/mailman/cgi-bin/subscribe:2755:root:mailman:Linux:
+file:/usr/lib/mailman/cgi-bin/confirm:2755:root:mailman:Linux:
+file:/usr/lib/mailman/cgi-bin/create:2755:root:mailman:Linux:
+file:/usr/lib/mailman/cgi-bin/editarch:2755:root:mailman:Linux:
+file:/usr/lib/mailman/cgi-bin/rmlist:2755:root:mailman:Linux:
+file:/usr/lib/mailman/mail/mailman:2755:root:mailman:Linux:
+file:/usr/lib/libgnomesu/gnomesu-pam-backend:4755:root:root:Linux:
+file:/usr/sbin/change-passwd:4755:root:root:Linux:
+file:/usr/bin/get_printing_ticket:4750:root:lp:Linux:
+file:/bin/ping:4755:root:root:Linux:
+file:/bin/ping6:4755:root:root:Linux:
+file:/usr/sbin/mtr:4750:root:dialout:Linux:
+file:/usr/bin/rcp:4755:root:root:Linux:
+file:/usr/bin/rlogin:4755:root:root:Linux:
+file:/usr/bin/rsh:4755:root:root:Linux:
+file:/usr/bin/cl_status:2555:root:haclient:Linux:
+file:/usr/sbin/exim:4755:root:root:Linux:
+file:/usr/sbin/pppoe-wrapper:4750:root:dialout:Linux:
+file:/sbin/isdnctrl:4750:root:dialout:Linux:
+file:/usr/bin/vboxbeep:4755:root:trusted:Linux:
+file:/usr/lib/mc/cons.saver:4755:root:root:Linux:
+file:/usr/bin/jfbterm:6755:root:tty:Linux:
+file:/opt/kde3/bin/artswrapper:4755:root:root:Linux:
+file:/opt/kde3/bin/kcheckpass:4755:root:shadow:Linux:
+file:/usr/lib/kde4/libexec/kcheckpass:4755:root:shadow:Linux:
+file:/usr/lib64/kde4/libexec/kcheckpass:4755:root:shadow:Linux:
+file:/opt/kde3/bin/kdesud:2755:root:nogroup:Linux:
+file:/usr/lib/kde4/libexec/kdesud:2755:root:nogroup:Linux:
+file:/usr/lib64/kde4/libexec/kdesud:2755:root:nogroup:Linux:
+file:/opt/kde3/bin/kpac_dhcp_helper:4755:root:root:Linux:
+file:/opt/kde3/bin/start_kdeinit:4755:root:root:Linux:
+file:/usr/lib/kde4/libexec/start_kdeinit:4755:root:root:Linux:
+file:/usr/lib64/kde4/libexec/start_kdeinit:4755:root:root:Linux:
+file:/usr/bin/fileshareset:4755:root:root:Linux:
+file:/usr/sbin/amcheck:4750:root:amanda:Linux:
+file:/usr/lib/amanda/calcsize:4750:root:amanda:Linux:
+file:/usr/lib/amanda/rundump:4750:root:amanda:Linux:
+file:/usr/lib/amanda/planner:4750:root:amanda:Linux:
+file:/usr/lib/amanda/runtar:4750:root:amanda:Linux:
+file:/usr/lib/amanda/dumper:4750:root:amanda:Linux:
+file:/usr/lib/amanda/killpgrp:4750:root:amanda:Linux:
+file:/usr/lib/gnats/gen-index:4555:gnats:root:Linux:
+file:/usr/lib/gnats/pr-edit:4555:gnats:root:Linux:
+file:/usr/lib/gnats/queue-pr:4555:gnats:root:Linux:
+file:/usr/lib/news/bin/rnews:4550:news:uucp:Linux:
+file:/usr/lib/news/bin/inews:2555:news:news:Linux:
+file:/usr/lib/news/bin/innbind:4554:root:news:Linux:
+file:/usr/lib/mgetty+sendfax/faxq-helper:4755:fax:root:Linux:
+file:/var/spool/fax/outgoing/:0755:fax:root:Linux:
+file:/var/spool/fax/outgoing/locks:0755:fax:root:Linux:
+file:/var/spool/uucppublic/:1777:root:root:Linux:
+file:/usr/bin/uucp:6555:uucp:uucp:Linux:
+file:/usr/bin/uuname:6555:uucp:uucp:Linux:
+file:/usr/bin/uustat:6555:uucp:uucp:Linux:
+file:/usr/bin/uux:6555:uucp:uucp:Linux:
+file:/usr/lib/uucp/uucico:6555:uucp:uucp:Linux:
+file:/usr/lib/uucp/uuxqt:6555:uucp:uucp:Linux:
+file:/usr/lib/PolicyKit/polkit-set-default-helper:4755:polkituser:root:Linux:
+file:/usr/lib/PolicyKit/polkit-read-auth-helper:2755:root:polkituser:Linux:
+file:/usr/lib/PolicyKit/polkit-revoke-helper:2755:root:polkituser:Linux:
+file:/usr/lib/PolicyKit/polkit-explicit-grant-helper:2755:root:polkituser:Linux:
+file:/usr/lib/PolicyKit/polkit-grant-helper:2755:root:polkituser:Linux:
+file:/usr/lib/PolicyKit/polkit-grant-helper-pam:4750:root:polkituser:Linux:
+file:/usr/lib/polkit-1/polkit-agent-helper-1:4755:root:root:Linux:
+file:/usr/bin/pkexec:4755:root:root:Linux:
+file:/lib/dbus-1/dbus-daemon-launch-helper:4750:root:messagebus:Linux:
+file:/lib64/dbus-1/dbus-daemon-launch-helper:4750:root:messagebus:Linux:
+file:/usr/bin/newrole:4755:root:root:Linux:
+file:/usr/lib/virtualbox/VirtualBox:4750:root:vboxusers:Linux:
+file:/usr/lib/virtualbox/VirtualBox3:4750:root:vboxusers:Linux:
+file:/usr/lib/virtualbox/VBoxBFE:4750:root:vboxusers:Linux:
+file:/usr/lib/virtualbox/VBoxHeadless:4750:root:vboxusers:Linux:
+file:/usr/lib/virtualbox/VBoxSDL:4750:root:vboxusers:Linux:
+file:/usr/lib/virtualbox/VBoxNetAdpCtl:4750:root:vboxusers:Linux:
+file:/usr/lib/virtualbox/VBoxNetDHCP:4750:root:vboxusers:Linux:
+file:/usr/bin/vmware-user-suid-wrapper:4755:root:root:Linux:
+file:/usr/sbin/lockdev:2755:root:lock:Linux:
+file:/usr/sbin/hawk_chkpwd:4750:root:haclient:Linux:
+file:/usr/sbin/hawk_invoke:4750:root:haclient:Linux:
+file:/usr/lib/chrome_sandbox:4755:root:root:Linux:
+file:/sbin/mount.ecryptfs_private:4755:root:root:Linux:
+file:/usr/bin/su:4755:root:root:Linux:
+file:/usr/sbin/mount.nfs:4755:root:root:Linux:
+file:/usr/bin/mount.nfs:4755:root:root:Linux:
+file:/usr/bin/mount:4755:root:root:Linux:
+file:/usr/bin/umount:4755:root:root:Linux:
+file:/usr/bin/eject:4755:root:audio:Linux:
+file:/usr/sbin/unix_chkpwd:4755:root:shadow:Linux:
+file:/usr/bin/unix_chkpwd:4755:root:shadow:Linux:
+file:/usr/sbin/unix2_chkpwd:4755:root:shadow:Linux:
+file:/usr/bin/unix2_chkpwd:4755:root:shadow:Linux:
+file:/usr/sbin/isdnctrl:4750:root:dialout:Linux:
+file:/usr/bin/isdnctrl:4750:root:dialout:Linux:
+file:/usr/sbin/pccardctl:4755:root:trusted:Linux:
+file:/usr/bin/pccardctl:4755:root:trusted:Linux:
+file:/usr/bin/ping:4755:root:root:Linux:
+file:/usr/bin/ping6:4755:root:root:Linux:
+file:/var/log/messages:0644:root.root:Linux:

lynis-3.1.4.tar.gz.asc

@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCgAdFiEEATuqBxgMUKcQEJfvneki8cL95sQFAmeYyHwACgkQneki8cL9
+5sRiBg//cvWGO3lE+vtXyzUS4ZKUGMy08sqMS7Tso6DEYa+1N0BJUFd4oLprNFfr
+B0FmgVvuPEPKnS7vYLj9bYDV9yrlFY6O6Dkqhso2gF3o7P5FSrpjeVU7PUDRtmIH
+BTU+WpXv25/8prGSqgYUO91/B4+GLWCCcJz32jwXtX1cEiq2T8J59rlYt+NEhxmE
+o/4jMrZpeddVpKbHFuMOvGVxmtE/Uziac1VN1HgTq0zBdFQ1Zc6B75RiIjHewiKE
+GDgmBc1S/trEfeJFpJQCLVi/NTW5hCta4MZ4nn/t5Nlkeot7EUAzNX9r48DNWPK9
+ZUfm6tOKBufjeBD1b3gK0p2fWWKuNUfpLtY8U+Gs3uCjMoicqohL1Ki0XqmPEDse
+x31HTpwA5xWF0YvxywPmCTzC30LFNn5ORXY+dd3h4+yiNH42krg7BFm5Vv9IvQHq
+jMcFcQJy2g4XxUmTBMah3dTl/2woe4IDZ9RLAjc15zHNAoLVuiw3hcqwKJwcxDkJ
+Bm7ukHYxTpjs5moxfSr+gZ4BzChpFyzJG+ylAMWTQtQq1S8WW5ku74tPJZojDNGn
+SKbWXRo+seJVQzzz/g4sVKbUbyCb4KXh3ZEQpdAEaTnad4WdPpFJeKFVb1zp3sPW
+snzxFM9w0qjQNWhGvDcAbB5py2XresIhTpmxvzJwRNTagNeNL/8=
+=f15e
+-----END PGP SIGNATURE-----

lynis-rpmlintrc

@@ -0,0 +1,4 @@
+# lynis demands 640 on these scripts
+addFilter("non-executable-script /usr/share/lynis/include/[^ ]+ 0?640L? /bin/(ba|)sh")
+# identical translations
+addFilter("files-duplicate /usr/share/lynis/db/languages/(en|nl|pt|br)")

lynis.keyring

@@ -0,0 +1,86 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+Version: GnuPG v1
+
+mQINBGDRds0BEAC4XJX2CtSzyZWmVTn5waHSpu/Bfzs8qb9K4IALEtds5LKnvoGV
+7gK1fC8gbN2mY9dfuhcTxuLg8G37MROWjY2KAANfjmFUT/MTOE13/uhggg3/Q23U
+nHmKjV1FjOrq/Cz7bYO2ErbkxAXqT0/aCgE7b91kKDguX2N6hMyG8BqloyjeDzDu
+MJfCbNPbvkJHoOQ7i/0Pq72jTIqgx86EXJdjLvC6Q1P4TfPckW2E+YWxhwnA8Z0w
+oF60v1c08uGK2/h2nWcfiLtAkvyuPdtLTKYUZOllcQuV8m/1Ad93pWlKVTNBM4Bn
+lp4UyoEbvXMg1yTiEhv+6cezvCJG5LbEQgPKU71VPV7sthAiWjhbn3Mj8HhxnzU0
+BBY+DRaCiWYanVoIkCoospIy4jfmflzWYpAiaezOtaLelyhssuqmxIEvlTeyFBfc
+4jm+iuyCLA7Fvue7lN8u5CJJx7FLtg5OmiyNibISs25abGiwX01pNFc+Wu0N8dgw
+IdzNQnUWtbIQa2byObzDd8ihQq5sEY03OINlIAFlQTXiKfcav9E5MX/L0ggwRtgB
+GKo2A8FfifBzehkjRkeu828xPx2Lff56bkjtpMwPZjlzZfs159zHcfXFS3e+zmU3
+Wvs4FLutsjkVOkmwihitV2fn1VuMfKidpDBd6PmC9bNNrm1zRAS2tgRxqwARAQAB
+tC1DSVNPZnkgc29mdHdhcmUgc2lnbmluZyA8c29mdHdhcmVAY2lzb2Z5LmNvbT6J
+Aj4EEwECACgFAmDRds0CGwMFCRLMAwAGCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheA
+AAoJEP67fRgSV2SCuFYP/A2vVOb/XUVlOgQGrfkOMSEDBxKBVcftBmmHG9osIa9t
+0JxRcT4lZoHubQdcoPi0DrXBaxQ6huss2uLO8qA7GktjIRq71XPNkWE35i9obH/H
+fd4zVifM0154JdTpGV1Ah4ZkJ0uS9+8q+PSehiztuZLFQvAoPwnS4QFve3i6zgdY
+Gb3zVyT7QlwVSPI7JZg3Hp8FBEylkvrmPu29ISTMT8C0NmEKvzLtxqYFAi5sD4mj
+ldD3tK0eIRe8ksCLTTMaUzgFubqA1Ik+JtjDR/Y+2+SbBkFQdokf5gTg2ysuSxM3
+vNFIyX3TPXlSYVAapLZpC/fvH/wFrTwfyEcHTEzvFx+2qU/BSfeeZ3eTSc0XO29c
+eNYTBObR+WrPdVEPHizlAfRDj0m8NWzbBWfCdFWiZOfNQAp/cunETPv6Oj2uuoiT
+h7/Z09WPrvvDmtHNyD6fvUL90dGK9/x8An2zoJz4jk/qIotDXL34ZsXPD23O2zxd
+ASOmI0nXqYEElAONpB8K/GPVmNVatEqu7fTXtfFz4buiaxCZdrzY8QkBtY/tA6H/
+O7Ln2Oz5DBBeGWvd4wT0lajrQtE7Qx8dQEt185MztKNrP/2gbZzgbKNWN06lN9V8
+Of59oIBycPsFrYhmAMdNp6FaZt9+ndAhCjVmze59Vo3b0JN/eqjV/YeDoWNOefFn
+uQINBGDRds0BEADNjOgAEz4azwlpR+lC5T5b3xVGclct0S1BxfZw4scj/7hIjPlJ
+tX288Kj8fs8L0vIKUY7IW2Y2bePKAkjnIdOsV86DTHDOGW99um61trHGP2Y1KLYP
+6/amDPSOTELn5+U88B2RpXr7xXD14fqdnM46GOM+7FORxOe3pdmeCuoyDDfXZ43Z
+gmYl6R0Ioo3+LsFrn74vlVGSzjBW+F6alZpACW6ZET3iM5wDhrxBP9GybIMkpLKo
+NVNu9WdHv9WtJ1cnqgyM70EAKbAKddRqGwOf80reFzP+TcdmGzXUWbWt2T+bs34L
+nczLjJNB7sl3k8ArLZtrKxRsoAD7vvCh981mHCLGU8kS7Tf6tALJYcVgFVLjX4N1
+ASF3525AKfOE4yOGWvbKDNQP0rJe8nFrDLtikAhmPt346D4tArZGzwuuzzOAca76
+WB9w45wS5w6lIejRft961FeHvqm6r8OE+rS5w6J/NH5vFMm425cwHY1O3u7x1y0I
+k3VrOZ6OJ1WU3WTqkCGKtBWBU2hkx4BbwZD6l/f523iS9tgxlUVoNud08fQQTwRY
+s4T7oSZ1xbZsHHe/LzwhdQojTc2uMETcTDX9GUDePoVohELzVlMAeQm5mvWFUQ87
+rsgbo3/iEH2u/jeqaM4Q6QeNcEtw1VJ6I0LiSb39TlBpZsw9atC0DOxHXQARAQAB
+iQIlBBgBAgAPBQJg0XbNAhsMBQkSzAMAAAoJEP67fRgSV2SC/EQQAKmvxewbYCtN
+5kQ6BadCeE2IrtV/yyaz2r0vIMI0jtA1F5n/IYbR/5gVUWLphBL7hKw+Jn9oMqV4
+yymCvY0N4faqqIW0QElp1seTCCFzbVhYC9Hv9vWgfHZhXUDTm6WE/vAwl3BYS/p8
+KSyMIdkmParxWbHV0k6tzyVuV3hYMQD8GsHq4i4/TjJtfh2fNKh4lAaxuUoifpBF
+te+3YI5GSKXSSTm2fxAIXoWPnpFTh+VTcTu5Sv7pbR6YT0vFM04V3DPVhNO1l72o
+UEA6ubSf1gys03CQ4/yK1k9kBJ3RAGK0nLZbB4cSQD2Lu7KCG3jakpzUiu38Gn/X
+Nz7aU78Qnj0VzSL7Ko3Eg0g3TURG+UE4JYE3qUnU/++V43HkGaoh9Cq+ytE6wPAE
+GC2j660sI5+TN+hZURUqmyU8sFdviskXQnlJztnEY5tVsoh6JuKEykcBj9jgyvNg
+TaA7HAC/Qh2zuEJ4OA0al+IDhMLfWwhhop2+ghy7yF4zHC/VnCaQ+O7+ZIfnIsRW
+gpBHTkl70uTlG64crM7RDxGVIgO5O6HIZ+Fu3HIAM6AWtPjkv8XQ/g8x3NnSor40
+E8DeW45fjk/Onh/bs0zyGN6XuZPU2L7aogTF3gP0wxkU0r96r8z+BOqmT6lD4mOL
+uSeVcIqCYWRC7bhk2ySSo/oC9QhN3CBluQINBGDRdy0BEACywPYrQsu7xn4VhI8t
+F3sEmyWB6S5n2SlVMoc8/PUALboNJJ7msiga30jERUm1wNvTt2Cb5vJU+O8yLi8h
+F44MeNoDX1rvqTO81sFJbadM59hqTCBN0LUhndcyJo8aKxxaRDhtVs07OwhDvWMW
+Ed87qOP5LZe+onFUQMMfwzr+PhYBum1Bg3YjFd0C13UsTvpGE+Rk5dZxUCojpyON
+7KfrNtKEdSLGgzxTEOi1a44OuyN0fLdat4T7tCpJAvXgp7N6XXy7QqKNMWEUXwTv
+MIZ2UXVj5SB92Op/scMJLVqaB1RBmsd82okT0fQDKnWfFYGwBoYBBh7h/LpYTAR3
+Kik3fFqZygtn9tliZmt1C4h4KpD6t+QLt6/Rq64q65WgS+YKAR0S92xCPSMek81P
+MPReQFMT/lNLJdwrO3bxQv6oTd5PGg6mYo7O3djpBT7EpdRQhS+iqcWMGoL24D0m
+Mle3J4gaMhDIYy9vxi3oaODu270PTyW3o2gHw8x1smdPclyDT4gYTu+a97kVMhMc
+yohBRC/TqjYTKXPX1YjREg1ChhJ5DkWNFuyK36YH9Dby6SlqtHyT8GHHpE1WQF2T
+zxkfZvl4g4nDLZkaYBvYl8w5evaRN0wcgIYknFHAq1ew+bE8jtrkd7j3+XRuEK4P
+KCjkK2502EUuqnrTuNHVM6roPQARAQABiQREBBgBAgAPBQJg0XctAhsCBQkSzAMA
+AikJEP67fRgSV2SCwV0gBBkBAgAGBQJg0XctAAoJEJ3pIvHC/ebEigwP/0VR8Dkm
+522ZbR2ipAoEz/GNFRfJQ+an4GOOVs2DEubKyUFmTzxs6TAxncATwFWoSPgd+xtK
+NMJbmL9NeHAR7nfrgHrw+fn/HAaGIjBLXZAjqZidOg9+wvqNuTTz7UCYmezvZZqk
+55+dIT8gTXekRlS5vZk2bH+kUxK7v2tFfWY38nvDDL7qeUuJDoIXGHZeYHDsDMcI
+kFtxYmFEI1f4abP1RnkC6IwbKsIo8vqD3eIJFO2oPPrgDg+zF/0KNF4RQlUqgng4
+iZ5FakqsqSh8uGplzMjzTRjNc1dNXmsI3n7G9O973/ZmpPyhHFVpI9J39IkAWmXg
+d2en/mxGKkXh6XOOWVvgSwZ/2aWFLYsKWBukCiN5KaS/HpO8zCf3LkvqzyvcW9JO
+ILK45e4r8gVMefp1NmCdE0Ww9khzpimqosQHu4jt/Pc9l/2ImKDoX5hvPHkjuw71
+jhJCDSoAe5jWkjIdzS61pB3SQUmjIfWbVrmc/LsxzVncKGzMisrUNVH7t8U4wn0Q
++x0R4NvIiK/Ws5FxiYTaCf7oIoZX9nKtGz5SD/WE04QDmoXymweyr1qoxa5H/YPp
+pTZSFrSEHCxIlL07/RDC8alA6EhBa+WuP/9fRlFf04mOLIYmmMfKAg9t8RGvqwFm
+oMHUTikoJkEgOlaiZyLpV+beXCC4w7G/xKdWGmwP/igj3rCx0IOzfrMuyGxILBPd
+ZrHTQ+FMjI9m+bQ2ci7eBH0fuxgM5FDDwu4+0XutbXkhruVPSxRPt3yC3ouQsSi8
+GDi43AxEfHoWliFs5kLlqCArJdIMugiKICEjrUKYLIEcJnkdcPr+vt/0YXLNTEWZ
+dmK/dU5Qm52BjK92zuO3H2+Heh5XHbJCNUE75hd0I4GLjJR+CBCAK1OqvS8m6Lq5
+PCWfrAWyTf6AxEXdIAcwAp2igJXE3NR9vpi3mWwXkAvT3dkGkvIoyp6qUdBxglT7
+ifl0EFl8l2ehy7QwTHMF6X2Y3LYTOdn39rQIF789HMW1iolB0CNyULDnEA3cawQg
+puTke/XlZpIMhVLL44UpEhMVZ9/20OgKxwP/1q2/iirZVdzqQCYRxKluPyAb0FOU
+IbQUOA5QdK8EEwPwAH2HGRk4LsF7xdXPlep2OQObIAjMs9WPbveexdFGiUG/xSPr
+NaDpFc+DXX94/hJO9NsUwdI8gN1H+r9fxBZ4a8UHzceMD12Wct4N2wLPZX4MCHYD
+bGMmGF0SC2eFOFK7Nn2/emJjjnr15VAgDOKknzFo16lvY7LV6pywNsUsSnPB1bGH
+bisG6mkdkW7nPsL0d2w4yz+lL9R7yQjvS1Z8hMeTxbzr6OZdgF4rMxpPclTOaAj9
+4qEb1toWkgrwUmMepzoG
+=PBwG
+-----END PGP PUBLIC KEY BLOCK-----

lynis.spec

@@ -0,0 +1,140 @@
+#
+# spec file for package lynis
+#
+# Copyright (c) 2025 SUSE LLC
+# Copyright (c) 2009-2013 Sascha Manns <saigkill@opensuse.org>
+#
+# All modifications and additions to the file contributed by third parties
+# remain the property of their copyright owners, unless otherwise agreed
+# upon. The license for this file, and modifications and additions to the
+# file, is the same license as for the pristine package itself (unless the
+# license for the pristine package is not an Open Source License, in which
+# case the license is the MIT License). An "Open Source License" is a
+# license that conforms to the Open Source Definition (Version 1.9)
+# published by the Open Source Initiative.
+
+# Please submit bugfixes or comments via https://bugs.opensuse.org/
+#
+
+
+# Please submit bugfixes or comments via http://bugs.opensuse.org/
+#
+%define _includedir       %{_datadir}/lynis/include
+%define _pluginsdir       %{_datadir}/lynis/plugins
+%define _dbdir            %{_datadir}/lynis/db
+Name:           lynis
+Version:        3.1.4
+Release:        0
+Summary:        Security and System auditing tool
+License:        GPL-3.0-only
+Group:          System/Monitoring
+URL:            https://cisofy.com/lynis/
+Source0:        https://downloads.cisofy.com/%{name}/%{name}-%{version}.tar.gz
+Source2:        tests_binary_rpath
+Source3:        tests_file_permissionsDB
+Source4:        tests_file_permissions_ww
+Source5:        tests_network_allowed_ports
+Source6:        tests_system_dbus
+Source7:        tests_system_proc
+Source8:        tests_tmp_symlinks
+Source9:        tests_users_wo_password
+Source10:       prepare_for_suse.sh
+Source11:       dbus-whitelist.db.openSUSE_12.2_x86_64
+Source12:       fileperms.db.openSUSE_12.2_x86_64
+Source13:       https://downloads.cisofy.com/lynis/%{name}-%{version}.tar.gz.asc
+Source14:       https://cisofy.com/files/cisofy-software.pub#/%{name}.keyring
+Source15:       %{name}-rpmlintrc
+# PATCH-OPENSUSE-FIX -- thomas@novell.com - modifying for openSUSE
+Patch0:         %{name}_1.3.5_lynis.diff
+# PATCH-OPENSUSE-FIX -- thomas@novell.com - modifying for openSUSE
+Patch2:         %{name}_1.3.1_include_consts.diff
+Patch5:         %{name}_1.3.6_include-osdetection.diff
+# https://github.com/CISOfy/lynis/pull/1215
+Patch6:         additional_module_blacklist_locations.patch
+BuildRequires:  gcc-c++
+BuildRequires:  libxml2-devel
+Requires:       bash
+Requires:       cron
+Requires:       findutils
+Requires:       gawk
+Requires:       logrotate
+Requires:       net-tools-deprecated
+Requires:       netcfg
+Requires:       wget
+# FIXME: use proper Requires(pre/post/preun/...)
+PreReq:         %fillup_prereq
+BuildArch:      noarch
+
+%description
+Lynis is a security and system auditing tool. It scans a system on the
+most interesting parts useful for audits, like:
+     - Security enhancements
+     - Logging and auditing options
+     - Banner identification
+     - Software availability
+
+%prep
+%setup -q -n %{name}
+%patch -P 0
+%patch -P 2
+%patch -P 5
+%patch -P 6 -p1
+
+%build
+
+%install
+
+# Install Profile (default.prf)
+install -d %{buildroot}%{_sysconfdir}/%{name}
+install -m 644 default.prf %{buildroot}%{_sysconfdir}/%{name}/default.prf
+# install binary
+install -d %{buildroot}%{_bindir}
+install -d %{buildroot}%{_datadir}/%{name}
+install %{name} %{buildroot}%{_bindir}
+install %{SOURCE10} %{buildroot}%{_datadir}/%{name}
+# install man-page
+install -d %{buildroot}%{_mandir}/man8
+install -pm 644 %{name}.8 %{buildroot}%{_mandir}/man8
+# install functions/includes
+install -d %{buildroot}%{_includedir}
+install include/* %{buildroot}%{_includedir}
+install %{SOURCE2} %{buildroot}%{_includedir}
+install %{SOURCE3} %{buildroot}%{_includedir}
+install %{SOURCE4} %{buildroot}%{_includedir}
+install %{SOURCE5} %{buildroot}%{_includedir}
+install %{SOURCE6} %{buildroot}%{_includedir}
+install %{SOURCE7} %{buildroot}%{_includedir}
+install %{SOURCE8} %{buildroot}%{_includedir}
+install %{SOURCE9} %{buildroot}%{_includedir}
+# install plugins
+install -d %{buildroot}%{_pluginsdir}
+install -pm 644 plugins/* %{buildroot}%{_pluginsdir}
+# install database files
+install -d %{buildroot}%{_dbdir}
+install -pm 644 db/*.db %{buildroot}%{_dbdir}
+install -d %{buildroot}%{_dbdir}/languages
+install -pm 644 db/languages/* %{buildroot}%{_dbdir}/languages
+install -pm 644 %{SOURCE11} %{buildroot}%{_dbdir}/dbus-whitelist.db
+install -pm 644 %{SOURCE12} %{buildroot}%{_dbdir}/fileperms.db
+
+# pacify rpmlint
+chmod +x %{buildroot}%{_pluginsdir}/custom_plugin.template
+
+%files
+%{_bindir}/%{name}
+%config(noreplace) %{_sysconfdir}/%{name}/default.prf
+%{_dbdir}/*
+%{_includedir}/*
+%{_pluginsdir}/*
+%dir %{_sysconfdir}/%{name}
+%dir %{_datadir}/%{name}
+%dir %{_datadir}/%{name}/db
+%dir %{_datadir}/%{name}/include
+%attr(640,root,root) %{_datadir}/%{name}/include/*
+%dir %{_datadir}/%{name}/plugins
+%license LICENSE
+%doc CHANGELOG.md CONTRIBUTORS.md FAQ README
+%{_mandir}/man8/%{name}.8%{?ext_man}
+%{_datadir}/%{name}/prepare_for_suse.sh
+
+%changelog

lynis_1.3.1_include_consts.diff

@@ -0,0 +1,12 @@
+Index: include/consts
+===================================================================
+--- include/consts.orig
++++ include/consts
+@@ -115,6 +115,7 @@ ETC_PATHS="/etc /usr/local/etc"
+     FAIL2BANBINARY=""
+     FILEBINARY=""
+     FILEVALUE=""
++    FILE_NUM_TOTAL=0
+     FIND=""
+     FIREWALL_ACTIVE=0
+     FOUNDPATH=0

lynis_1.3.5_lynis.diff

@@ -0,0 +1,20 @@
+Index: lynis
+===================================================================
+--- lynis.orig
++++ lynis
+@@ -1008,7 +1008,14 @@ ${NORMAL}
+                            mail_messaging firewalls webservers ssh snmp databases ldap php squid logging \
+                            insecure_services banners scheduling accounting time crypto virtualization containers \
+                            mac_frameworks file_integrity tooling malware file_permissions homedirs \
+-                           kernel_hardening hardening"
++                           kernel_hardening hardening \
++                           system_dbus \
++                           users_wo_password \
++                           binary_rpath \
++                           tmp_symlinks \
++                           file_permissions_ww \
++                           system_proc \
++                           network_allowed_ports"
+         else
+             INCLUDE_TESTS="${TEST_GROUP_TO_CHECK}"
+             LogText "Info: only performing tests from groups: ${TEST_GROUP_TO_CHECK}"

lynis_1.3.6_include-osdetection.diff

@@ -0,0 +1,13 @@
+Index: include/osdetection
+===================================================================
+--- include/osdetection.orig
++++ include/osdetection
+@@ -601,7 +601,7 @@
+                 OS_NAME="${LINUX_VERSION}"
+             fi
+             # If Linux version (full name) is unknown, use uname value
+-            if [ "${OS_FULLNAME}" = "" ]; then OS_FULLNAME=$(uname -s -r); fi
++            #if [ "${OS_FULLNAME}" = "" ]; then OS_FULLNAME=$(uname -s -r); fi
+             SYSCTL_READKEY="sysctl -n"
+         ;;
+ 

prepare_for_suse.sh

@@ -0,0 +1,47 @@
+#!/bin/bash 
+
+umask 0077
+
+OSVERS=$(grep VERSION /etc/SuSE-release |  sed "s/VERSION = //")
+OS=$(head -n 1 /etc/SuSE-release | sed "s/[()]//g" | sed "s/ /_/g")
+
+fileperms()
+{
+	PERMS=$(grep -E "^PERMISSION_SECURITY=" /etc/sysconfig/security | awk -F'=' '{print $2}' | sed s/\"//g)
+	echo $PERMS
+	for p in $PERMS
+	do
+		echo $p
+		grep -E "^/\w.*" "/etc/permissions."$p | awk -F' ' '{print "file:"$1":"$3":"$2":Linux:"}' >> $TMPDIR/fileperms.lst
+	done
+
+	if ! [ -f db/fileperms.db.orig ]; then
+		cp -v db/fileperms.db db/fileperms.db.orig
+	fi
+
+	rm -f db/fileperms.db
+	cp $TMPDIR/fileperms.lst db/fileperms.db.$OS
+	ln -s fileperms.db.$OS db/fileperms.db
+}
+
+dbussystem()
+{
+	for i in $(ls -1 /usr/share/dbus-*/system-services/*.service /etc/dbus-*/system.d/*.conf 2>/dev/null)
+	do     
+		basename $i >> $TMPDIR/dbus-whitelist.db.$OS
+	done
+
+	rm -f db/dbus-whitelist.db
+	cp -v $TMPDIR/dbus-whitelist.db.$OS db/
+	ln -s dbus-whitelist.db.$OS db/dbus-whitelist.db
+}
+
+TMPDIR=$(mktemp -d /tmp/lynis.XXXXXX)
+
+echo "prepare lynis config for your suse systems"
+echo "1. lookup file permission level"
+fileperms
+echo "2. lookup dbus system serices in /etc/dbus-1/system.d/"
+dbussystem
+
+rm -rf $TMPDIR

tests_binary_rpath

@@ -0,0 +1,77 @@
+#!/bin/bash
+
+#################################################################################
+#
+# Author: Thomas Biege <thomas@suse.de>
+#
+# Lynis comes with ABSOLUTELY NO WARRANTY. This is free software, and you are
+# welcome to redistribute it under the terms of the GNU General Public License.
+# See LICENSE file for usage of this software.
+#
+#################################################################################
+#
+# Verifies if a binary contains an insecure RPATH variable.
+#
+#################################################################################
+#
+# TODO:
+#
+################################################################################
+#
+    InsertSection "Binary integrity"
+    report "[Software]"
+#
+#################################################################################
+#
+    # Test        : BINARY-1000
+    # Description : Verifies if a binary contains an insecure RPATH variable.
+    Register --test-no BINARY-1000 --weight L --network NO --description "Verifies if a binary contains an insecure RPATH variable."
+    if [ ${SKIPTEST} -eq 0 ]; then
+        Display --indent 2 --text "- Starting binary RPATH check..."
+        logtext "Test: Checking binary integrity of RPATH"
+
+	RPNOTOK=0
+	FILENUM=0
+	HPBAD=0
+	for FILE in $(find / -xdev -type f \( -perm -0100 -o -perm -0010 -o -perm -0001 \) 2>/dev/null)
+	do
+		((FILENUM++))
+		for RPATH_VAL in $(objdump -p "$FILE" 2>/dev/null | egrep -w '(RPATH|RUNPATH)' | awk '{ print $2 ":"}')
+		do
+			if [ "${RPATH_VAL:0:7}" = "\$ORIGIN" ]; then continue; fi
+			while [ -n "$RPATH_VAL" ]
+			do
+				RPATH_VAL_NXT=${RPATH_VAL%%:*}
+				RPATH_VAL=${RPATH_VAL##$RPATH_VAL_NXT:}
+				test -d "$RPATH_VAL_NXT" && RPATH_VAL_NXT=$(cd ${RPATH_VAL_NXT//#\/\//\/}; pwd -P)
+
+				case ":$RPATH_VAL_NXT" in
+					:/usr/lib*)
+						;;
+					:/lib*)
+						;;
+					:/opt/*/lib*)
+						;;
+					:/usr/X11R6/lib*)
+						;;
+					:/usr/local/lib*)
+						;;
+					*)
+						((HPBAD--))
+						RPNOTOK=1;
+						Display --indent 4 --text "${FILE}" --text "RPATH \"$RPATH_VAL_NXT\" on $FILE is not allowed" --result WARNING --color RED
+				esac
+			done
+		done
+	done
+	if [ $RPNOTOK == 0 ]; then
+		Display --indent 4 --text "No bad RPATH usage found in $FILENUM executables" --result OK --color GREEN
+	fi
+	AddHP $HPBAD 0
+
+    fi
+#
+#################################################################################
+#
+
+wait_for_keypress

tests_file_permissionsDB

@@ -0,0 +1,77 @@
+#!/bin/sh
+
+#################################################################################
+#
+# Author: Thomas Biege <thomas@suse.de>
+#
+# Lynis comes with ABSOLUTELY NO WARRANTY. This is free software, and you are
+# welcome to redistribute it under the terms of the GNU General Public License.
+# See LICENSE file for usage of this software.
+#
+#################################################################################
+#
+#  File permissions from db file
+#
+#################################################################################
+#
+# TODO:
+# - owner can have ':' and '.' as delimiter, '.' will cause an error -> fix it!
+# - octal perms starting with 0 are valid but will cause an error -> fix it!
+#
+################################################################################
+#
+    InsertSection "File systems"
+#
+#################################################################################
+#
+    # Test        : FILE-7525
+    # Description : Perform file permissions check
+    Register --test-no FILE-7525 --weight L --network NO --description "Perform file permissions check from DB"
+    if [ ${SKIPTEST} -eq 0 ]; then
+	DB="${DBDIR}/fileperms.db"
+        Display --indent 2 --text "- Starting file permissions check from DB..."
+        logtext "Test: Checking file permissions from DB"
+        logtext "Using database ${DB}."
+
+	HPMAX=0
+	HPBAD=0
+	for LINE in $(cat $DB)
+	do
+		HPMAX=$(($HPMAX + 1))
+		FN=$(echo $LINE | cut -d: -f2)
+		PM=$(echo $LINE | cut -d: -f3)
+		UN=$(echo $LINE | cut -d: -f4)
+		GN=$(echo $LINE | cut -d: -f5)
+		OS=$(echo $LINE | cut -d: -f6)
+		if [ -z $OS ]; then
+			logtext "Warning: line format invalid: '$LINE'"
+		fi
+
+		logtext "Checking $FN"
+
+		STR="$PM:$UN:$GN"
+		STAT=$(stat --printf="%a:%U:%G" $FN 2>/dev/null)
+		if [ -z $STAT ]; then
+			#Display --indent 4 --text "${FN}" --result "NOT FOUND" --color WHITE
+			continue;
+		fi
+		if [ "$STR" != "$STAT" ]; then
+			HPBAD=$((HPBAD + 1))
+			Display --indent 4 --text "${FN}" --result WARNING --color RED
+		else
+			Display --indent 4 --text "${FN}" --result OK --color GREEN
+		fi
+	done
+
+	HP=$(expr $HPMAX - $HPBAD)
+# 	echo "AddHP $HP $HPMAX"
+	AddHP $HP $HPMAX
+    fi
+#
+#################################################################################
+#
+
+wait_for_keypress
+
+#
+#================================================================================

tests_file_permissions_ww

@@ -0,0 +1,52 @@
+#!/bin/sh
+
+#################################################################################
+#
+# Author: Thomas Biege <thomas@suse.de>
+#
+# Lynis comes with ABSOLUTELY NO WARRANTY. This is free software, and you are
+# welcome to redistribute it under the terms of the GNU General Public License.
+# See LICENSE file for usage of this software.
+#
+#################################################################################
+#
+#  File permissions world-writeable file
+#
+#################################################################################
+#
+# TODO:
+#
+################################################################################
+#
+    InsertSection "File systems"
+#
+#################################################################################
+#
+    # Test        : FILE-7527
+    # Description : Perform file permissions check
+    Register --test-no FILE-7527 --weight L --network NO --description "Lookup world-writeable files."
+    if [ ${SKIPTEST} -eq 0 ]; then
+        Display --indent 2 --text "- Starting file permissions check for world-writeable files..."
+        logtext "Test: Checking for world-writeable files"
+
+	TMP=$(mktemp /tmp/lynis.XXXXXX)
+	HPMAX=$FILE_NUM_TOTAL
+	HP=$HPMAX
+        find / -xdev \( -type f -o -type d -o -type s -o -type b -type p -o -type c \) -a -perm -0002 -print 2>/dev/null > $TMP
+	for i in $(cat $TMP)
+	do
+		HP=$((HP - 1))
+		Display --indent 4 --text "${i} is world-writeable" --result WARNING --color RED
+	done
+# 	echo  "AddHP $HP $HPMAX"
+	AddHP $HP $HPMAX
+	rm -f $TMP
+    fi
+#
+#################################################################################
+#
+
+wait_for_keypress
+
+#
+#================================================================================

tests_network_allowed_ports

@@ -0,0 +1,84 @@
+#!/bin/bash
+
+#################################################################################
+#
+# Author: Thomas Biege <thomas@suse.de>
+#
+# Lynis comes with ABSOLUTELY NO WARRANTY. This is free software, and you are
+# welcome to redistribute it under the terms of the GNU General Public License.
+# See LICENSE file for usage of this software.
+#
+#################################################################################
+#
+# Verifies open network ports.
+#
+#################################################################################
+#
+# TODO:
+#
+################################################################################
+#
+    InsertSection "Networking"
+#
+#################################################################################
+#
+    # Test        : NETW-3085
+    # Description : Verifies open network ports.
+    Register --test-no NETW-3085 --weight L --network NO --description "Verifies open network ports."
+    if [ ${SKIPTEST} -eq 0 ]; then
+	ALLOWED_PORTS=( 22 25 80 111 443 )
+	TMP=$(mktemp /tmp/lynis.XXXXXX)
+
+	STR="${ALLOWED_PORTS[@]:0}"
+	Display --indent 2 --text "- Starting verifying open network ports ($STR)..."
+	logtext "Test: Checking open network ports"
+  	logtext "Allowed ports: $STR"
+
+	netstat -an | grep -i listen > $TMP
+	PORTS=($(cat $TMP | awk '{ print $4 }' | sed 's/.*://;s/ACC//' | sort -un))
+
+
+	IDX_P=0
+	LEN_P=${#PORTS[@]}
+	NUM_NOTOK=0
+	while [ $IDX_P -lt $LEN_P ]
+	do
+		IDX_A=0
+		LEN_A=${#ALLOWED_PORTS[@]}
+		PORTOK=0
+		while [ $IDX_A -lt $LEN_A ]
+		do
+#  			echo "${PORTS[$IDX_P]} vs. ${ALLOWED_PORTS[$IDX_A]}"
+			if [ ${PORTS[$IDX_P]} == ${ALLOWED_PORTS[$IDX_A]} ]
+			then
+				PORTOK=1
+				break
+			fi
+			((IDX_A++))
+		done
+		if [ $PORTOK -eq 0 ]
+		then
+			((NUM_NOTOK++))
+			P=${PORTS[$IDX_P]}
+			Display --indent 4 --text "Open port ${P} not allowed" --result WARNING --color RED
+		fi
+
+		((IDX_P++))
+	done
+
+	HPMAX=$LEN_A
+	HP=$(expr $LEN_A - $NUM_NOTOK)
+	if [ $HP -lt 0 ]; then HP=0; fi
+
+	AddHP $HP $HPMAX
+
+	rm -f $TMP
+    fi
+#
+#################################################################################
+#
+
+wait_for_keypress
+
+#
+#================================================================================

tests_system_dbus

@@ -0,0 +1,79 @@
+#!/bin/sh
+
+#################################################################################
+#
+# Author: Thomas Biege <thomas@suse.de>
+#
+# Lynis comes with ABSOLUTELY NO WARRANTY. This is free software, and you are
+# welcome to redistribute it under the terms of the GNU General Public License.
+# See LICENSE file for usage of this software.
+#
+#################################################################################
+#
+# Verifies dbus policy.
+#
+#################################################################################
+#
+# TODO:
+#
+################################################################################
+#
+    InsertSection "System Tools"
+    report "[Software]"
+#
+#################################################################################
+#
+    # Test        : SYSTEM-1000
+    # Description : Verifies dbus policy.
+    Register --test-no SYSTEM-1000 --weight L --network NO --description "Verifies if an unknown dbus service is installed."
+    if [ ${SKIPTEST} -eq 0 ]; then
+        Display --indent 2 --text "- Starting dbus policy check..."
+        logtext "Test: Checking dbus policy"
+
+	DB="${DBDIR}/dbus-whitelist.db"
+
+	if ! [ -f $DB ]
+	then
+		if [ -f ./dbus-whitelist.db ]
+		then
+			DB="./dbus-whitelist.db"
+		else
+			logtext "Warning: dbus autostart/system services whitelist file is missing."
+			return
+		fi
+	fi
+	WHITELIST=$(cat $DB)
+	HPMAX=$(wc -l $DB | cut -d' ' -f1)
+	HPBAD=0
+	E=$(ls -1  /usr/share/dbus-*/system-services/*.service /etc/dbus-*/system.d/*.conf 2>/dev/null)
+	if ! [ -z "$E" ]
+	then
+		for i in $E
+		do
+			DF=$(basename $i)
+
+			FOUND=0
+			for j in $WHITELIST
+			do
+				if [ "$DF" = "$j" ]; then FOUND=1; fi
+			done
+			if [ $FOUND -eq 0 ]
+			then
+				HPBAD=$((HPBAD + 1))
+				PKG=$(rpm -qf "$i")
+				Display --indent 4 --text "Warning: Package $PKG installs an unknown D-BUS autostart/system service: $DF" --result WARNING --color RED
+			fi
+		done
+	fi
+	HP=$(expr $HPMAX - $HPBAD)
+# 	echo "AddHP $HP $HPMAX"
+	AddHP $HP $HPMAX
+    fi
+#
+#################################################################################
+#
+
+wait_for_keypress
+
+#
+#================================================================================

tests_system_proc

@@ -0,0 +1,59 @@
+#!/bin/sh
+
+#################################################################################
+#
+# Author: Thomas Biege <thomas@suse.de>
+#
+# Lynis comes with ABSOLUTELY NO WARRANTY. This is free software, and you are
+# welcome to redistribute it under the terms of the GNU General Public License.
+# See LICENSE file for usage of this software.
+#
+#################################################################################
+#
+# Checking for processes running as 'nobody'
+#
+#################################################################################
+#
+# TODO:
+#
+################################################################################
+#
+    InsertSection "Memory and processes"
+#
+#################################################################################
+#
+    # Test        : PROC-3625
+    # Description : Processes running as 'nobody'
+    Register --test-no PROC-3625 --weight L --network NO --description "Processes running as 'nobody'."
+    if [ ${SKIPTEST} -eq 0 ]; then
+	Display --indent 2 --text "- Starting look-up of 'nobody' processes..."
+	logtext "Test: Checking for processes running as 'nobody'"
+
+	TMP=$(mktemp /tmp/lynis.XXXXXX)
+	TMP2=$(mktemp /tmp/lynis.XXXXXX)
+	ps -eo uname,pid,comm | tr -s " " | sed "s/ /:/g" > $TMP
+	HPMAX=$(wc -l $TMP | cut -d' ' -f1)
+	grep '^nobody' $TMP > $TMP2
+
+	HP=$HPMAX
+	for i in $(cat $TMP2)
+	do
+		HP=$((HP - 1))
+		PID=$(echo $i | cut -d: -f2)
+		PNAME=$(echo $i | cut -d: -f3)
+		Display --indent 4 --text "${PNAME} [PID ${PID}] runs as user 'nobody'" --result WARNING --color RED
+	done
+
+# 	echo "AddHP $HP $HPMAX"
+	AddHP $HP $HPMAX
+
+	rm -f $TMP $TMP2
+    fi
+#
+#################################################################################
+#
+
+wait_for_keypress
+
+#
+#================================================================================

tests_tmp_symlinks

@@ -0,0 +1,50 @@
+#!/bin/sh
+
+#################################################################################
+#
+# Author: Thomas Biege <thomas@suse.de>
+#
+# Lynis comes with ABSOLUTELY NO WARRANTY. This is free software, and you are
+# welcome to redistribute it under the terms of the GNU General Public License.
+# See LICENSE file for usage of this software.
+#
+#################################################################################
+#
+# Looks up symlinks in /tmp 
+#
+#################################################################################
+#
+# TODO:
+# - also verify other tmp localtions like /var/tmp and ~/tmp
+#
+################################################################################
+#
+    InsertSection "File systems"
+#
+#################################################################################
+#
+    # Test        : FILE-7526
+    # Description : Looks up symlinks in /tmp
+    Register --test-no FILE-7526 --weight L --network NO --description "Looks up symlinks in /tmp"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        Display --indent 2 --text "- Starting look-up of symlinks in /tmp..."
+        logtext "Test: Checking /tmp for symlinks"
+
+	TMP_SYMLINK=$(find /tmp -type l -print 2>/dev/null)
+
+	if [ "$TMP_SYMLINK" ]
+	then
+		for sym in $TMP_SYMLINK
+		do
+			Display --indent 4 --text "${sym}" --result WARNING --color RED
+		done
+	fi
+    fi    
+#
+#################################################################################
+#
+
+wait_for_keypress
+
+#
+#================================================================================

tests_users_wo_password

@@ -0,0 +1,58 @@
+#!/bin/sh
+
+#################################################################################
+#
+# Author: Thomas Biege <thomas@suse.de>
+#
+# Lynis comes with ABSOLUTELY NO WARRANTY. This is free software, and you are
+# welcome to redistribute it under the terms of the GNU General Public License.
+# See LICENSE file for usage of this software.
+#
+#################################################################################
+#
+# Verifies dbus policy.
+#
+#################################################################################
+#
+# TODO:
+#
+################################################################################
+#
+    InsertSection "Users, Groups and Authentication"
+    report "[Software]"
+#
+#################################################################################
+#
+    # Test        : AUTH-1000
+    # Description : Verifies dbus policy.
+    Register --test-no AUTH-1000 --weight M --network NO --description "Verifies if users without a password exist."
+    if [ ${SKIPTEST} -eq 0 ]; then
+	Display --indent 2 --text "- Starting password check for users..."
+	logtext "Test: Checking existence of password"
+
+	TMPDIR=$(mktemp -d /tmp/lynis.XXXXXX)
+	HPMAX=$(wc -l /etc/passwd | cut -d' ' -f1)
+	awk -F: '$2 == "" && $1 != "" {print $1}' /etc/passwd >  $TMPDIR/userwopwd
+	awk -F: '$2 == "" && $1 != "" {print $1}' /etc/shadow >> $TMPDIR/userwopwd
+	sort -u $TMPDIR/userwopwd > $TMPDIR/userwopwd2
+	HPBAD=0
+	for i in $(cat $TMPDIR/userwopwd2)
+	do
+		HPBAD=$((HPBAD + 1))
+		Display --indent 4 --text "${i} has no password set" --result WARNING --color RED
+	done
+
+	HP=$(expr $HPMAX - $HPBAD)
+# 	echo "AddHP $HP $HPMAX"
+	AddHP $HP $HPMAX
+
+	rm -rf $TMPDIR
+    fi
+#
+#################################################################################
+#
+
+wait_for_keypress
+
+#
+#================================================================================