|
|
|
|
Changelog for lynis-2.7.0-1.1.noarch.rpm :
Sat Oct 27 14:00:00 2018 seanAATTsuspend.net - update to 2.7.0 * added detection of TOMOYO binary (MACF-6240) * Status of TOMOYO framework updated (MACF-6242) * OpenSSH server version detected (SSH-7406) * Check active OSSEC analysis daemon (TOOL-5160) * Changed several warning labels on screen * More generic sulogin for systemd rescue (AUTH-9308) * OS detection now ignores quotes for getting the OS ID Tue Oct 9 14:00:00 2018 Robert Frohl - update to 2.6.9 * Man page has been updated * Command \'lynis show options\' provides up-to-date list * Option \'--dump-options\' is deprecated * Several options and commands have been extended with more examples * OS detection now supports openSUSE specific distribution names * Changed command output when using \'lynis audit system remote\' * added /usr/local/redis/etc path and QNAP support * ignore exception when no vmlinuz file was discovered
Thu Sep 20 14:00:00 2018 astiegerAATTsuse.com - update to 2.6.8: * improved parsing of boot parameters to init process * test all PHP files for expose_php and improved logging * Docker check now tests also for CMD, ENTRYPOINT, and USER configuration * Improved display in Docker output for showing which keys are used for signing - includes changes from 2.6.7: * Added busybox as a service manager * Limit PAE and no-execute test to AMD64 hardware only * Ignore /dev/zero and /dev/[aio] as deleted files * Changed classification of SSH root login with keys * Docker scan uses new format for maintainer value - includes chagnes from 2.6.6: * Improved log text about running kernel version * Under some condition no hostid2 value was reported * Solved \'extra operand\' issue with tr command
Wed Jun 27 14:00:00 2018 astiegerAATTsuse.com - update to 2.6.5: * mail: Exim configuration test * network: Use FQDN to test status of a nameserver instead of own IP address * ssh: Improved test to allow configurations with a Match block - includes changes from 2.6.4: * auth: Made \'sulogin\' more generic for systemd rescue shell * dns: Initial work on DNSSEC validation testing * network: Added support for local resolver 127.0.0.53 * php: Suhosin test disbled * ssh: Removed \'DELAYED\' from OpenSSH Compression setting * time: Improvements to detect step-tickers file and entries - includes changes from 2.6.3: * crypt: Do prevalidation for certificates before testing them * hardening: Enhanced compiler permission test * name: Improved test to filter out empty lines * packages: changes to detect yum-utils package and related tooling * plugins: cron file permissions - includes changes from 2.6.2: * Textual changes for several tests * Update of tests database
Fri Jan 26 13:00:00 2018 astiegerAATTsuse.com - update to 2.6.1: * New group \'usb\' for tests related to USB devices * Updated and enhanced tests * Many bug fixes * output and UI fixes
Thu Jun 8 14:00:00 2017 astiegerAATTsuse.com - Lynis 2.5.1: * Improved detection of SSL certificate files * Minor changes to improve logging and results * Firewall tests: Determine if CSF is in testing mode - includes changes from Lynis 2.5.0: * CVE-2017-8108: symlink attack may have allowed arbitrary file overwrite or privilege escalation (bsc#1043463) * Deleted unused tests from database file * Additional sysctls are tested * Extended test with Symantec components * Snort detection * Snort configuration file
Tue Apr 4 14:00:00 2017 tuukka.pasanenAATTilmi.fi - Lynis 2.4.8 (Changelog from 2.4.1) * More PHP paths added * Minor changes to text * Show atomic test in report * Added FileInstalledByPackage function (dpkg and rpm supported) * Mark Arch Linux version as rolling release (instead of unknown) * Support for Manjaro Linux * Escape files when testing if they are readable * Code cleanups * Allow host alias to be specified in profile * Code readability enhancements * Solaris support has been improved * Fix for upload function to be used from profile * Reduce screen output for mail section, unless --verbose is used * Code cleanups and removed \'update release\' command * Colored output can now be tuned with profile (colors=yes/no) * Allow data upload to be set as a profile option * Properly detect SSH daemon version * Generic code improvements * Improved the update check and display * Finish, Portuguese, and Turkish translation * Extended support and tests for DragonFlyBSD * Option to configure hostid and hostid2 in profile * Support for Trend Micro and Cylance (macOS) * Remove comments at end of nginx configuration * Used machine ID to create host ID when no SSH keys are available * Added detection of iptables-save to binaries Tests: BANN-7126 - Added more words to test for CUPS-2308 - Improve logging for CUPS configuration test, removed exception handler HTTP-6641 - Support detection for Apache module mod_reqtimeout PKGS-7388 - Minor change to detect security repositories CRYP-7902 - Test more certificates names, but only if they are not part of a package FILE-7524 - Reduce standard screen output for file permissions check MALW-3280 - Added Avira detection as a malware scanner NAME-4018 - Only perform name services test when resolv.conf file exists PKGS-7387 - Check all repositories if they use GPG signing SCHD-7704 - Permission checks TIME-3104 - Check permissions before open files AUTH-9328 - Add missing 0027 and 0077 umasks BOOT-5104 - Add initsplash and minor code enhancements DBS-1882 - Include Redis configuration file FIRE-4502 - Improved detection for iptables modules when using OpenVZ PKGS-7381 - Enhanced package audit for FreeBSD AUTH-9308 - Improved test for sulogin string (Debian systems) FILE-6372 - Properly deal with comment on lines in /etc/fstab MAIL-8817 - New test to check Postfix configuration for errors SSH-7408 - Corrected SSH check AUTH-9308 - Improved test for sulogin string MAIL-8818 - Test if Linux version is known before comparing in Postfix banner TIME-3116 - Skip stratum 16 items for time pools TIME-3148 - New test to detect TZ variable AUTH-9208 - Removed double logging AUTH-9222 - Improve logging for double groups AUTH-9226 - Improve logging for double groups BOOT-5177 - Sort systemctl unit files to make them unique DBS-1818 - New test to detect MongoDB DBS-1820 - New test for MongoDB authentication FIRE-4512 - Lowered minimum number of iptables firewall rules FIRE-4586 - Fix applied when searching for \"-j LOG\" HRDN-7222 - Changed reporting key of world executable compilers SSH-7408 - Added filtering for PermitRootLogin (prohibit-password, OpenSSH 7.0) FIRE-4586 - Check logging for firewall components KRNL-5788 - Remove exception and style improvements KRNL-5830 - Improved logging
Fri Nov 4 13:00:00 2016 matthias.gerstnerAATTsuse.com - lynis 2.4.0 * Mainly improved support for macOS users * Support for CoreOS * Support for clamconf utility * Support for chinese translation * More sysctl values in the default profile * New commands: \"upload-only\", \"show hostids\", \"show environment\", \"show os\"
Wed Sep 28 14:00:00 2016 astiegerAATTsuse.com - lynis 2.3.4 with various improvements, including: * Several tests have extended log details * Detection of nftables improved * Replaced cut, sed, tr and others commands with binary variable (for forensics and future intrusion checking capabilities) * OS detection improved
Thu Sep 15 14:00:00 2016 astiegerAATTsuse.com - lynis 2.3.3 with many improvements and updates
Thu May 12 14:00:00 2016 astiegerAATTsuse.com - lynis 2.2.0: * new features and tests, small enhancements * optimisation, better detection * dealing with OS quirks and unexcepted results * adjustments for supporting more compliance in-depth * Detection for CFEngine has been improved * now tries to determine if failed logins are properly logged * New plugin is introduced to analyze PAM settings * Initial support to test UEFI settings, including Secure Boot option. * Support added for Unbound DNS caching tool, configuration check * Record if a name caching utility is being used like nscd or Unbound. * Tests chains of iptables and their default policy (ACCEPT or DROP) * Support upcoming nftables technology (status check) * Test added to include osqueryd as a supported tool. * Detection of firewire is enhanced (both ohci and core detected). * Extended the test syslog-ng logging to remote systems. * ESET and LMD (Linux Malware Detect) have been added. * Discovered malware scanners are also logged to the report. * Eexpanded test for multiple common mount points and define best practice mount flags. * Best practices for IPv6 configuration on Linux are now collected. * Collect network interface names from most operating systems. * Password change test has been extended to both capture minimum and password age. * Add Proxu support * SystemV init is now detected. * Now information will be logged when vulnerable software packages were found. * Support for DNF (Dandified YUM) for Fedora systems has been added. * Multiple configuration tests of SSH merged. * Extend detection of virtual machines (VMware tools) * Machine state detection with Puppet, Facter, dmidecode, and lscpu * When using pentest mode, it will continue without any delays (=quick mode). * Improvements for automatic execution of Lynis * Upload improvements
Wed Jul 29 14:00:00 2015 astiegerAATTsuse.com - lynis 2.1.1: * performance improvements * additional support for Linux distributions and external utilities * Apache module directory /usr/lib64/apache has been added, which is used on openSUSE. * various other improvements and bug fixes - update patches for contect changes: lynis_1.3.1_include_consts.diff, lynis_1.3.5_lynis.diff
Tue May 12 14:00:00 2015 astiegerAATTsuse.com - lynis 2.1.0: * Screen output has been improved to provide additional information. * Core dump check on Linux is extended to check for actual values as well. * Software: + McAfee detection has been extended by detecting a running cma binary. + Security patch checking with zypper extended. * Session timeout: + Tests to determine shell time out setting have been extended + determine also if variable is exported as a readonly variable. + Related compliance section PCI DSS 8.1.8 has been extended. - includes changes from Lynis 2.0.0: * New feature: helpers * docker build file audit helper * Improved OS support * support systemd, docker, nftables * New parameters: + --dump-options (see all options) + --report-file (define a different location for the report file) - use tarball supplied default.prf - clean or silence rpmlint warnings
Tue Feb 17 13:00:00 2015 astiegerAATTsuse.com - lynis 1.6.4: * New: + Boot loader detection for AIX + Detection of getcap and lsvg binary + Added filesystem_ext to report + Detect rootsh * Changes: + Hide errors when RPM database is faulty and show suggestion instead + Allow OpenBSD to gather information on listening network ports + Don\'t trigger warning for Shellshock when doing segfault test + Do not run Apache test on OpenBSD and strip control chars + Extended AIDE test with configuration validation test + Improved Shellshock test regarding non-Linux support + Added support for gathering volume groups on AIX + Properly parse PAM lines and add them to report + Support for boot loader detection on OpenBSD + Added uptime detection for OpenBSD systems + Support for volume groups on AIX + Redirect errors when searching for readlink binary - includes changes from 1.6.3: * New: + Added tests for Shellshock bash vulnerability + Added test to determine if Snoopy is used + New test for qdaemon configuration file + Test for GRUB boot loader password + New test for qdaemon printer jobs + Added ClamXav test for Mac OS X + Gentoo vulnerable packages test + New test for qdaemon status + Gentoo package listing + Running Lynis without root permissions will start non-privileged scan + Systemd service and timer example file added + Added grub2-install to binaries * Changes: + Adjustments so insecure SSL protocols are detected in nginx config + Directories will be skipped when searching for nginx log files + Only gather unique name servers from /etc/resolv.conf + Properly detect mod_evasive on Gentoo and others + Improved swap partition detection in /etc/fstab + Improvements to kernel detection (e.g. Gentoo) + Test for built-in security options in YUM + Improved boot loader detection for GRUB2 + Split GRUB test into two tests + Added Mac OS uptime check + Improved GetHostID function for systems having only ip binary + Improved testing for symlinked binary directories + Minor adjustments to log output + Renamed dev directory to extras - verify source signature - adjust permissions of items in /usr/share/lynis/include/consts to match those requested by main executable - run spec_cleaner
Sun Nov 16 13:00:00 2014 Led - fix bashisms in scripts
Wed Sep 24 14:00:00 2014 citypwAATTgmail.com - Upgrade to version 1.6.2 - Remove files: * lynis_1.3.7_include-test-filesystem.diff( already fixed) * lynis-1.3.9.tar.gz
Thu Jan 9 13:00:00 2014 saigkillAATTopensuse.org - updated to version 1.3.9 - removed patch * lynis_1.3.6_include-test-kernel.diff (fixed upstream)
Wed Dec 11 13:00:00 2013 saigkillAATTopensuse.org - updated to version 1.3.7 - Changelog: * FileExists() and SearchItem() functions were added. The yum-security check and iptables binary check were improved, and the report was extended to show which tests have been executed or skipped - updated patch * lynis_1.3.7_include-test-filesystem.diff
Tue Dec 10 13:00:00 2013 saigkillAATTopensuse.org - updated to version 1.3.6 - Removed patches (obsolete): * lynis_1.3.5_include_binaries.diff - Updated patches * lynis_1.3.6_include_osdetection.diff * lynis_1.3.6_include-test-kernel.diff
Sun Nov 24 13:00:00 2013 saigkillAATTopensuse.org - updated to version 1.3.5 - Updated patches: o lynis_1.3.1_lynis.diff o lynis_1.3.1_include_binaries.diff o lynis_1.3.1_include-osdetection.diff o lynis_1.3.1_include-test-kernel.diff - Removed patches (obsolete) o lynis_1.3.1_include-test-databases.diff o lynis_1.3.1_include-test-storage.diff o lynis_1.3.1_include-test-homedirs.diff
Fri Jun 21 14:00:00 2013 thomasAATTsuse.com - fixed typo in prepare_for_suse.sh
Fri Jan 25 13:00:00 2013 thomasAATTsuse.com - fixed log message for dbus test - fixed bash variable incrementation that sneaked in the code
Mon Jan 14 13:00:00 2013 thomasAATTsuse.com - fixed tests_network_allowed_ports to increment index vars and not loop forever
Thu Jan 10 13:00:00 2013 thomasAATTsuse.com - fixed test_homedirs
Thu Jan 10 13:00:00 2013 thomasAATTsuse.com - some bugfixing for pathnames, didn\'t work with sudo - improved default.prf by adding more sysctl vars - fixed test_storage - generated fileperm.db and dbus-whitelist for 12.2
Mon Dec 26 13:00:00 2011 Sascha.MannsAATTopen-slx.de - fixed conflict in spec
Mon Dec 26 13:00:00 2011 Sascha.MannsAATTopen-slx.de - updated to version 1.3.0 - from Changelog: - New: - Profile option: ignore_home_dir - TCP wrappers category added - Tooling category added - Initial extensions to support plugins in the future - Test for unpurged Debian packages [PKGS-7346] - Test for compiler permissions [HRDN-7222] - Changes: - Converted all dates to ISO format and updated copyright lines - Correct suggestion for file integrity tool [FINT-4350] - Added hint when RPM list is empty on DPKG based systems [PKGS-7308] - Changed logging for /etc/security/limits.conf file [KRNL-5820] - Fixed incorrect warning for single user mode [AUTH-9308] - Improved output for stratum 16 time servers [TIME-3116] - Added suggestion and screen output for kernel hardening [KRNL-6000] - Screen layout optimalizations and log file improvements - Improved list/layout of scan options - Improved binary check for compilers - Added configuration option in scan profile (show_tool_tips, default true)
Thu Apr 7 14:00:00 2011 thomasAATTnovell.com - added patch for apache2 and oracle detection
Fri Apr 1 14:00:00 2011 saigkillAATTopensuse.org - removed rpmlintrc and fixed non-executable-script
Sun Dec 26 13:00:00 2010 saigkillAATTopensuse.org - prettyfied spec file - NOTE: Please submit submitrequests to home:saigkill. This Package links to this Repository.
Fri Sep 3 14:00:00 2010 thomasAATTnovell.com - fixed %files section to include /etc/lynis
Fri Sep 3 14:00:00 2010 thomasAATTnovell.com - fixed %files section to reflect new default.prf location
Fri Sep 3 14:00:00 2010 thomasAATTnovell.com - added permdir /root/.gnupg to default.prf
Fri Sep 3 14:00:00 2010 thomasAATTnovell.com - copy default.prf to /etc/lynis/ instead of /etc/, otherwise lynis will not find it and hang
Thu Sep 2 14:00:00 2010 thomasAATTnovell.com - added %{_datadir}/%{name}/prepare_for_suse.sh
Thu Sep 2 14:00:00 2010 thomasAATTnovell.com - adjusted patch and spec file to make it build
Wed Sep 1 14:00:00 2010 thomasAATTnovell.com - put code from Matthias Weckbecker sec_check into lynis - adjusted lynis for opensuse - details: + tests_tmp_symlinks + tests_network_allowed_ports + tests_system_proc + tests_file_permissions_ww + tests_binary_rpath + tests_users_wo_password + tests_file_permissionsDB + tests_system_dbus
Wed Dec 16 13:00:00 2009 saigkillAATTopensuse.org - updated to version 1.2.9 - added default.prf
Wed Dec 9 13:00:00 2009 saigkillAATTopensuse.org - update to 1.2.8
Mon Nov 2 13:00:00 2009 saigkillAATTopensuse.org - update to 1.2.7 - This release adds AIX Support and several new tests related to SSH, logging, databases and SMTP. Many minor issues are solved or improved.
Mon Apr 6 14:00:00 2009 saigkillAATTopensuse.org - update to 1.2.6 - This release has several new tests and test improvements, like a sudoers file permissions check, a core dumps configuration check for Linux, PHP tests, and an /etc/issue banner test.
Sat Mar 28 13:00:00 2009 saigkillAATTopensuse.org - update to 1.2.5 - This release adds 40+ new tests for services like Dovecot, BIND, PowerDNS, SSH, Exim, and nginx
Tue Mar 17 13:00:00 2009 20:32 CET - mrdocsAATTopensuse.org - added 1.2.4 release - This release adds more than 30 new tests, including NTP, auditd, PAM, NFS and ClamAV.
Mon Mar 2 13:00:00 2009 mrdocsAATTopensuse.org - 1.2.3 release see CHANGELOG for changes
|
|
|