security-vulnerability

Cybersecurity (security) includes controlling physical access to hardware as well as protection from attacks that come via network access, data injection, and code injection.

It would be nice if lynis would gather (and report in the portal/reports) information about user-accounts:

Expired or soon to expire passwords (passwd -e)
Locked accounts (passwd -S )
Expired accounts (chage -E / chage -l )

Bug Report

After updating to the latest test-tls13-obsolete-curves.py there were ~100 failures due to a new check that extensions are rejected due to a mismatch of the curve with the key share. While that's a good test, it is unrelated to the purpose of this test file. As such one updating to the new version that does not want to comply with the newly introduced requirement, would have to dis

security-vulnerability

Here are 317 public repositories matching this topic...

future-architect / vuls

CISOfy / lynis

Gather info on expired passwords and locked accounts

presidentbeef / brakeman

google / syzkaller

OlivierLaflamme / Cheatsheet-God

cliffe / SecGen

Roave / SecurityAdvisories

brunofacca / zen-rails-security-checklist

jaebradley / uber-cli

opensec-cn / kunpeng

pyupio / safety

bloodzer0 / ossa

Eugnis / spectre-attack

0xbug / SQLiScanner

payloadbox / command-injection-payload-list

Fuzzapi / fuzzapi

LockGit / Hacking

pyupio / pyup

srcclr / commit-watcher

nluedtke / linux_kernel_cves

flipkart-incubator / watchdog

tomato42 / tlsfuzzer

test-tls13-obsolete-curves.py: move tests that check if obsolete curves cause ClientHello rejection to separate script

Bug Report

test-tls13-certificate-verify.py: does not tolerate empty status request extension by server

Obsolete signature algorithms in TLS 1.3 Client Hello

deepfence / ThreatMapper

Boyan-MILANOV / ropium

deadbits / InsecureProgramming

LukaSikic / subzy

zricethezav / h1domains

codingo / crithit

radenvodka / Recsech

momo5502 / cod-exploits