SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for lynis-2.5.1-53.1.noarch.rpm :
Thu Jun 8 14:00:00 2017 astiegerAATTsuse.com
- Lynis 2.5.1:

* Improved detection of SSL certificate files

* Minor changes to improve logging and results

* Firewall tests: Determine if CSF is in testing mode
- includes changes from Lynis 2.5.0:

* CVE-2017-8108: symlink attack may have allowed arbitrary file
overwrite or privilege escalation (bsc#1043463)

* Deleted unused tests from database file

* Additional sysctls are tested

* Extended test with Symantec components

* Snort detection

* Snort configuration file

Tue Apr 4 14:00:00 2017 tuukka.pasanenAATTilmi.fi
- Lynis 2.4.8 (Changelog from 2.4.1)

* More PHP paths added

* Minor changes to text

* Show atomic test in report

* Added FileInstalledByPackage function (dpkg and rpm supported)

* Mark Arch Linux version as rolling release (instead of unknown)

* Support for Manjaro Linux

* Escape files when testing if they are readable

* Code cleanups

* Allow host alias to be specified in profile

* Code readability enhancements

* Solaris support has been improved

* Fix for upload function to be used from profile

* Reduce screen output for mail section, unless --verbose is used

* Code cleanups and removed \'update release\' command

* Colored output can now be tuned with profile (colors=yes/no)

* Allow data upload to be set as a profile option

* Properly detect SSH daemon version

* Generic code improvements

* Improved the update check and display

* Finish, Portuguese, and Turkish translation

* Extended support and tests for DragonFlyBSD

* Option to configure hostid and hostid2 in profile

* Support for Trend Micro and Cylance (macOS)

* Remove comments at end of nginx configuration

* Used machine ID to create host ID when no SSH keys are available

* Added detection of iptables-save to binaries
Tests:
BANN-7126 - Added more words to test for
CUPS-2308 - Improve logging for CUPS configuration test, removed exception handler
HTTP-6641 - Support detection for Apache module mod_reqtimeout
PKGS-7388 - Minor change to detect security repositories
CRYP-7902 - Test more certificates names, but only if they are not part of a package
FILE-7524 - Reduce standard screen output for file permissions check
MALW-3280 - Added Avira detection as a malware scanner
NAME-4018 - Only perform name services test when resolv.conf file exists
PKGS-7387 - Check all repositories if they use GPG signing
SCHD-7704 - Permission checks
TIME-3104 - Check permissions before open files
AUTH-9328 - Add missing 0027 and 0077 umasks
BOOT-5104 - Add initsplash and minor code enhancements
DBS-1882 - Include Redis configuration file
FIRE-4502 - Improved detection for iptables modules when using OpenVZ
PKGS-7381 - Enhanced package audit for FreeBSD
AUTH-9308 - Improved test for sulogin string (Debian systems)
FILE-6372 - Properly deal with comment on lines in /etc/fstab
MAIL-8817 - New test to check Postfix configuration for errors
SSH-7408 - Corrected SSH check
AUTH-9308 - Improved test for sulogin string
MAIL-8818 - Test if Linux version is known before comparing in Postfix banner
TIME-3116 - Skip stratum 16 items for time pools
TIME-3148 - New test to detect TZ variable
AUTH-9208 - Removed double logging
AUTH-9222 - Improve logging for double groups
AUTH-9226 - Improve logging for double groups
BOOT-5177 - Sort systemctl unit files to make them unique
DBS-1818 - New test to detect MongoDB
DBS-1820 - New test for MongoDB authentication
FIRE-4512 - Lowered minimum number of iptables firewall rules
FIRE-4586 - Fix applied when searching for \"-j LOG\"
HRDN-7222 - Changed reporting key of world executable compilers
SSH-7408 - Added filtering for PermitRootLogin (prohibit-password, OpenSSH 7.0)
FIRE-4586 - Check logging for firewall components
KRNL-5788 - Remove exception and style improvements
KRNL-5830 - Improved logging

Fri Nov 4 13:00:00 2016 matthias.gerstnerAATTsuse.com
- lynis 2.4.0

* Mainly improved support for macOS users

* Support for CoreOS

* Support for clamconf utility

* Support for chinese translation

* More sysctl values in the default profile

* New commands: \"upload-only\", \"show hostids\", \"show environment\", \"show os\"

Wed Sep 28 14:00:00 2016 astiegerAATTsuse.com
- lynis 2.3.4 with various improvements, including:

* Several tests have extended log details

* Detection of nftables improved

* Replaced cut, sed, tr and others commands with binary variable
(for forensics and future intrusion checking capabilities)

* OS detection improved

Thu Sep 15 14:00:00 2016 astiegerAATTsuse.com
- lynis 2.3.3 with many improvements and updates

Thu May 12 14:00:00 2016 astiegerAATTsuse.com
- lynis 2.2.0:

* new features and tests, small enhancements

* optimisation, better detection

* dealing with OS quirks and unexcepted results

* adjustments for supporting more compliance in-depth

* Detection for CFEngine has been improved

* now tries to determine if failed logins are properly logged

* New plugin is introduced to analyze PAM settings

* Initial support to test UEFI settings, including Secure Boot option.

* Support added for Unbound DNS caching tool, configuration check

* Record if a name caching utility is being used like nscd or Unbound.

* Tests chains of iptables and their default policy (ACCEPT or DROP)

* Support upcoming nftables technology (status check)

* Test added to include osqueryd as a supported tool.

* Detection of firewire is enhanced (both ohci and core detected).

* Extended the test syslog-ng logging to remote systems.

* ESET and LMD (Linux Malware Detect) have been added.

* Discovered malware scanners are also logged to the report.

* Eexpanded test for multiple common mount points and define best
practice mount flags.

* Best practices for IPv6 configuration on Linux are now collected.

* Collect network interface names from most operating systems.

* Password change test has been extended to both capture minimum and password age.

* Add Proxu support

* SystemV init is now detected.

* Now information will be logged when vulnerable software packages were found.

* Support for DNF (Dandified YUM) for Fedora systems has been added.

* Multiple configuration tests of SSH merged.

* Extend detection of virtual machines (VMware tools)

* Machine state detection with Puppet, Facter, dmidecode, and lscpu

* When using pentest mode, it will continue without any delays (=quick mode).

* Improvements for automatic execution of Lynis

* Upload improvements

Wed Jul 29 14:00:00 2015 astiegerAATTsuse.com
- lynis 2.1.1:

* performance improvements

* additional support for Linux distributions and external utilities

* Apache module directory /usr/lib64/apache has been added, which
is used on openSUSE.

* various other improvements and bug fixes
- update patches for contect changes:
lynis_1.3.1_include_consts.diff, lynis_1.3.5_lynis.diff

Tue May 12 14:00:00 2015 astiegerAATTsuse.com
- lynis 2.1.0:

* Screen output has been improved to provide additional information.

* Core dump check on Linux is extended to check for actual values as well.

* Software:
+ McAfee detection has been extended by detecting a running cma binary.
+ Security patch checking with zypper extended.

* Session timeout:
+ Tests to determine shell time out setting have been extended
+ determine also if variable is exported as a readonly variable.
+ Related compliance section PCI DSS 8.1.8 has been extended.
- includes changes from Lynis 2.0.0:

* New feature: helpers

* docker build file audit helper

* Improved OS support

* support systemd, docker, nftables

* New parameters:
+ --dump-options (see all options)
+ --report-file (define a different location for the report file)
- use tarball supplied default.prf
- clean or silence rpmlint warnings

Tue Feb 17 13:00:00 2015 astiegerAATTsuse.com
- lynis 1.6.4:

* New:
+ Boot loader detection for AIX
+ Detection of getcap and lsvg binary
+ Added filesystem_ext to report
+ Detect rootsh

* Changes:
+ Hide errors when RPM database is faulty and show suggestion instead
+ Allow OpenBSD to gather information on listening network ports
+ Don\'t trigger warning for Shellshock when doing segfault test
+ Do not run Apache test on OpenBSD and strip control chars
+ Extended AIDE test with configuration validation test
+ Improved Shellshock test regarding non-Linux support
+ Added support for gathering volume groups on AIX
+ Properly parse PAM lines and add them to report
+ Support for boot loader detection on OpenBSD
+ Added uptime detection for OpenBSD systems
+ Support for volume groups on AIX
+ Redirect errors when searching for readlink binary
- includes changes from 1.6.3:

* New:
+ Added tests for Shellshock bash vulnerability
+ Added test to determine if Snoopy is used
+ New test for qdaemon configuration file
+ Test for GRUB boot loader password
+ New test for qdaemon printer jobs
+ Added ClamXav test for Mac OS X
+ Gentoo vulnerable packages test
+ New test for qdaemon status
+ Gentoo package listing
+ Running Lynis without root permissions will start non-privileged scan
+ Systemd service and timer example file added
+ Added grub2-install to binaries

* Changes:
+ Adjustments so insecure SSL protocols are detected in nginx config
+ Directories will be skipped when searching for nginx log files
+ Only gather unique name servers from /etc/resolv.conf
+ Properly detect mod_evasive on Gentoo and others
+ Improved swap partition detection in /etc/fstab
+ Improvements to kernel detection (e.g. Gentoo)
+ Test for built-in security options in YUM
+ Improved boot loader detection for GRUB2
+ Split GRUB test into two tests
+ Added Mac OS uptime check
+ Improved GetHostID function for systems having only ip binary
+ Improved testing for symlinked binary directories
+ Minor adjustments to log output
+ Renamed dev directory to extras
- verify source signature
- adjust permissions of items in /usr/share/lynis/include/consts
to match those requested by main executable
- run spec_cleaner

Sun Nov 16 13:00:00 2014 Led
- fix bashisms in scripts

Wed Sep 24 14:00:00 2014 citypwAATTgmail.com
- Upgrade to version 1.6.2
- Remove files:

* lynis_1.3.7_include-test-filesystem.diff( already fixed)

* lynis-1.3.9.tar.gz

Thu Jan 9 13:00:00 2014 saigkillAATTopensuse.org
- updated to version 1.3.9
- removed patch

* lynis_1.3.6_include-test-kernel.diff (fixed upstream)

Wed Dec 11 13:00:00 2013 saigkillAATTopensuse.org
- updated to version 1.3.7
- Changelog:

* FileExists() and SearchItem() functions were added. The yum-security
check and iptables binary check were improved, and the report was
extended to show which tests have been executed or skipped
- updated patch

* lynis_1.3.7_include-test-filesystem.diff

Tue Dec 10 13:00:00 2013 saigkillAATTopensuse.org
- updated to version 1.3.6
- Removed patches (obsolete):

* lynis_1.3.5_include_binaries.diff
- Updated patches

* lynis_1.3.6_include_osdetection.diff

* lynis_1.3.6_include-test-kernel.diff

Sun Nov 24 13:00:00 2013 saigkillAATTopensuse.org
- updated to version 1.3.5
- Updated patches:
o lynis_1.3.1_lynis.diff
o lynis_1.3.1_include_binaries.diff
o lynis_1.3.1_include-osdetection.diff
o lynis_1.3.1_include-test-kernel.diff
- Removed patches (obsolete)
o lynis_1.3.1_include-test-databases.diff
o lynis_1.3.1_include-test-storage.diff
o lynis_1.3.1_include-test-homedirs.diff

Fri Jun 21 14:00:00 2013 thomasAATTsuse.com
- fixed typo in prepare_for_suse.sh

Fri Jan 25 13:00:00 2013 thomasAATTsuse.com
- fixed log message for dbus test
- fixed bash variable incrementation that sneaked in the code

Mon Jan 14 13:00:00 2013 thomasAATTsuse.com
- fixed tests_network_allowed_ports to increment index vars
and not loop forever

Thu Jan 10 13:00:00 2013 thomasAATTsuse.com
- fixed test_homedirs

Thu Jan 10 13:00:00 2013 thomasAATTsuse.com
- some bugfixing for pathnames, didn\'t work with sudo
- improved default.prf by adding more sysctl vars
- fixed test_storage
- generated fileperm.db and dbus-whitelist for 12.2

Mon Dec 26 13:00:00 2011 Sascha.MannsAATTopen-slx.de
- fixed conflict in spec

Mon Dec 26 13:00:00 2011 Sascha.MannsAATTopen-slx.de
- updated to version 1.3.0
- from Changelog:
- New:
- Profile option: ignore_home_dir
- TCP wrappers category added
- Tooling category added
- Initial extensions to support plugins in the future
- Test for unpurged Debian packages [PKGS-7346]
- Test for compiler permissions [HRDN-7222]
- Changes:
- Converted all dates to ISO format and updated copyright lines
- Correct suggestion for file integrity tool [FINT-4350]
- Added hint when RPM list is empty on DPKG based systems [PKGS-7308]
- Changed logging for /etc/security/limits.conf file [KRNL-5820]
- Fixed incorrect warning for single user mode [AUTH-9308]
- Improved output for stratum 16 time servers [TIME-3116]
- Added suggestion and screen output for kernel hardening [KRNL-6000]
- Screen layout optimalizations and log file improvements
- Improved list/layout of scan options
- Improved binary check for compilers
- Added configuration option in scan profile (show_tool_tips, default
true)

Thu Apr 7 14:00:00 2011 thomasAATTnovell.com
- added patch for apache2 and oracle detection

Fri Apr 1 14:00:00 2011 saigkillAATTopensuse.org
- removed rpmlintrc and fixed non-executable-script

Sun Dec 26 13:00:00 2010 saigkillAATTopensuse.org
- prettyfied spec file
- NOTE: Please submit submitrequests to home:saigkill. This Package links to this Repository.

Fri Sep 3 14:00:00 2010 thomasAATTnovell.com
- fixed %files section to include /etc/lynis

Fri Sep 3 14:00:00 2010 thomasAATTnovell.com
- fixed %files section to reflect new default.prf location

Fri Sep 3 14:00:00 2010 thomasAATTnovell.com
- added permdir /root/.gnupg to default.prf

Fri Sep 3 14:00:00 2010 thomasAATTnovell.com
- copy default.prf to /etc/lynis/ instead of /etc/, otherwise
lynis will not find it and hang

Thu Sep 2 14:00:00 2010 thomasAATTnovell.com
- added %{_datadir}/%{name}/prepare_for_suse.sh

Thu Sep 2 14:00:00 2010 thomasAATTnovell.com
- adjusted patch and spec file to make it build

Wed Sep 1 14:00:00 2010 thomasAATTnovell.com
- put code from Matthias Weckbecker sec_check into lynis
- adjusted lynis for opensuse
- details:
+ tests_tmp_symlinks
+ tests_network_allowed_ports
+ tests_system_proc
+ tests_file_permissions_ww
+ tests_binary_rpath
+ tests_users_wo_password
+ tests_file_permissionsDB
+ tests_system_dbus

Wed Dec 16 13:00:00 2009 saigkillAATTopensuse.org
- updated to version 1.2.9
- added default.prf

Wed Dec 9 13:00:00 2009 saigkillAATTopensuse.org
- update to 1.2.8

Mon Nov 2 13:00:00 2009 saigkillAATTopensuse.org
- update to 1.2.7
- This release adds AIX Support and several new tests related to SSH, logging, databases and SMTP. Many minor issues are solved or improved.

Mon Apr 6 14:00:00 2009 saigkillAATTopensuse.org
- update to 1.2.6
- This release has several new tests and test improvements, like a sudoers
file permissions check, a core dumps configuration check for Linux, PHP
tests, and an /etc/issue banner test.

Sat Mar 28 13:00:00 2009 saigkillAATTopensuse.org
- update to 1.2.5
- This release adds 40+ new tests for services like Dovecot,
BIND, PowerDNS, SSH, Exim, and nginx

Tue Mar 17 13:00:00 2009 20:32 CET - mrdocsAATTopensuse.org
- added 1.2.4 release
- This release adds more than 30 new tests,
including NTP, auditd, PAM, NFS and ClamAV.

Mon Mar 2 13:00:00 2009 mrdocsAATTopensuse.org
- 1.2.3 release see CHANGELOG for changes


 
ICM