SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for lynis-2.6.1-lp152.3.2.noarch.rpm :

* Fri Jan 26 2018 astiegerAATTsuse.com- update to 2.6.1:
* New group \'usb\' for tests related to USB devices
* Updated and enhanced tests
* Many bug fixes
* output and UI fixes
* Thu Jun 08 2017 astiegerAATTsuse.com- Lynis 2.5.1:
* Improved detection of SSL certificate files
* Minor changes to improve logging and results
* Firewall tests: Determine if CSF is in testing mode- includes changes from Lynis 2.5.0:
* CVE-2017-8108: symlink attack may have allowed arbitrary file overwrite or privilege escalation (bsc#1043463)
* Deleted unused tests from database file
* Additional sysctls are tested
* Extended test with Symantec components
* Snort detection
* Snort configuration file
* Tue Apr 04 2017 tuukka.pasanenAATTilmi.fi- Lynis 2.4.8 (Changelog from 2.4.1)
* More PHP paths added
* Minor changes to text
* Show atomic test in report
* Added FileInstalledByPackage function (dpkg and rpm supported)
* Mark Arch Linux version as rolling release (instead of unknown)
* Support for Manjaro Linux
* Escape files when testing if they are readable
* Code cleanups
* Allow host alias to be specified in profile
* Code readability enhancements
* Solaris support has been improved
* Fix for upload function to be used from profile
* Reduce screen output for mail section, unless --verbose is used
* Code cleanups and removed \'update release\' command
* Colored output can now be tuned with profile (colors=yes/no)
* Allow data upload to be set as a profile option
* Properly detect SSH daemon version
* Generic code improvements
* Improved the update check and display
* Finish, Portuguese, and Turkish translation
* Extended support and tests for DragonFlyBSD
* Option to configure hostid and hostid2 in profile
* Support for Trend Micro and Cylance (macOS)
* Remove comments at end of nginx configuration
* Used machine ID to create host ID when no SSH keys are available
* Added detection of iptables-save to binaries Tests: BANN-7126 - Added more words to test for CUPS-2308 - Improve logging for CUPS configuration test, removed exception handler HTTP-6641 - Support detection for Apache module mod_reqtimeout PKGS-7388 - Minor change to detect security repositories CRYP-7902 - Test more certificates names, but only if they are not part of a package FILE-7524 - Reduce standard screen output for file permissions check MALW-3280 - Added Avira detection as a malware scanner NAME-4018 - Only perform name services test when resolv.conf file exists PKGS-7387 - Check all repositories if they use GPG signing SCHD-7704 - Permission checks TIME-3104 - Check permissions before open files AUTH-9328 - Add missing 0027 and 0077 umasks BOOT-5104 - Add initsplash and minor code enhancements DBS-1882 - Include Redis configuration file FIRE-4502 - Improved detection for iptables modules when using OpenVZ PKGS-7381 - Enhanced package audit for FreeBSD AUTH-9308 - Improved test for sulogin string (Debian systems) FILE-6372 - Properly deal with comment on lines in /etc/fstab MAIL-8817 - New test to check Postfix configuration for errors SSH-7408 - Corrected SSH check AUTH-9308 - Improved test for sulogin string MAIL-8818 - Test if Linux version is known before comparing in Postfix banner TIME-3116 - Skip stratum 16 items for time pools TIME-3148 - New test to detect TZ variable AUTH-9208 - Removed double logging AUTH-9222 - Improve logging for double groups AUTH-9226 - Improve logging for double groups BOOT-5177 - Sort systemctl unit files to make them unique DBS-1818 - New test to detect MongoDB DBS-1820 - New test for MongoDB authentication FIRE-4512 - Lowered minimum number of iptables firewall rules FIRE-4586 - Fix applied when searching for \"-j LOG\" HRDN-7222 - Changed reporting key of world executable compilers SSH-7408 - Added filtering for PermitRootLogin (prohibit-password, OpenSSH 7.0) FIRE-4586 - Check logging for firewall components KRNL-5788 - Remove exception and style improvements KRNL-5830 - Improved logging
* Fri Nov 04 2016 matthias.gerstnerAATTsuse.com- lynis 2.4.0
* Mainly improved support for macOS users
* Support for CoreOS
* Support for clamconf utility
* Support for chinese translation
* More sysctl values in the default profile
* New commands: \"upload-only\", \"show hostids\", \"show environment\", \"show os\"
* Wed Sep 28 2016 astiegerAATTsuse.com- lynis 2.3.4 with various improvements, including:
* Several tests have extended log details
* Detection of nftables improved
* Replaced cut, sed, tr and others commands with binary variable (for forensics and future intrusion checking capabilities)
* OS detection improved
* Thu Sep 15 2016 astiegerAATTsuse.com- lynis 2.3.3 with many improvements and updates
* Thu May 12 2016 astiegerAATTsuse.com- lynis 2.2.0:
* new features and tests, small enhancements
* optimisation, better detection
* dealing with OS quirks and unexcepted results
* adjustments for supporting more compliance in-depth
* Detection for CFEngine has been improved
* now tries to determine if failed logins are properly logged
* New plugin is introduced to analyze PAM settings
* Initial support to test UEFI settings, including Secure Boot option.
* Support added for Unbound DNS caching tool, configuration check
* Record if a name caching utility is being used like nscd or Unbound.
* Tests chains of iptables and their default policy (ACCEPT or DROP)
* Support upcoming nftables technology (status check)
* Test added to include osqueryd as a supported tool.
* Detection of firewire is enhanced (both ohci and core detected).
* Extended the test syslog-ng logging to remote systems.
* ESET and LMD (Linux Malware Detect) have been added.
* Discovered malware scanners are also logged to the report.
* Eexpanded test for multiple common mount points and define best practice mount flags.
* Best practices for IPv6 configuration on Linux are now collected.
* Collect network interface names from most operating systems.
* Password change test has been extended to both capture minimum and password age.
* Add Proxu support
* SystemV init is now detected.
* Now information will be logged when vulnerable software packages were found.
* Support for DNF (Dandified YUM) for Fedora systems has been added.
* Multiple configuration tests of SSH merged.
* Extend detection of virtual machines (VMware tools)
* Machine state detection with Puppet, Facter, dmidecode, and lscpu
* When using pentest mode, it will continue without any delays (=quick mode).
* Improvements for automatic execution of Lynis
* Upload improvements
* Wed Jul 29 2015 astiegerAATTsuse.com- lynis 2.1.1:
* performance improvements
* additional support for Linux distributions and external utilities
* Apache module directory /usr/lib64/apache has been added, which is used on openSUSE.
* various other improvements and bug fixes- update patches for contect changes: lynis_1.3.1_include_consts.diff, lynis_1.3.5_lynis.diff
* Tue May 12 2015 astiegerAATTsuse.com- lynis 2.1.0:
* Screen output has been improved to provide additional information.
* Core dump check on Linux is extended to check for actual values as well.
* Software: + McAfee detection has been extended by detecting a running cma binary. + Security patch checking with zypper extended.
* Session timeout: + Tests to determine shell time out setting have been extended + determine also if variable is exported as a readonly variable. + Related compliance section PCI DSS 8.1.8 has been extended.- includes changes from Lynis 2.0.0:
* New feature: helpers
* docker build file audit helper
* Improved OS support
* support systemd, docker, nftables
* New parameters: + --dump-options (see all options) + --report-file (define a different location for the report file)- use tarball supplied default.prf- clean or silence rpmlint warnings
* Tue Feb 17 2015 astiegerAATTsuse.com- lynis 1.6.4:
* New: + Boot loader detection for AIX + Detection of getcap and lsvg binary + Added filesystem_ext to report + Detect rootsh
* Changes: + Hide errors when RPM database is faulty and show suggestion instead + Allow OpenBSD to gather information on listening network ports + Don\'t trigger warning for Shellshock when doing segfault test + Do not run Apache test on OpenBSD and strip control chars + Extended AIDE test with configuration validation test + Improved Shellshock test regarding non-Linux support + Added support for gathering volume groups on AIX + Properly parse PAM lines and add them to report + Support for boot loader detection on OpenBSD + Added uptime detection for OpenBSD systems + Support for volume groups on AIX + Redirect errors when searching for readlink binary- includes changes from 1.6.3:
* New: + Added tests for Shellshock bash vulnerability + Added test to determine if Snoopy is used + New test for qdaemon configuration file + Test for GRUB boot loader password + New test for qdaemon printer jobs + Added ClamXav test for Mac OS X + Gentoo vulnerable packages test + New test for qdaemon status + Gentoo package listing + Running Lynis without root permissions will start non-privileged scan + Systemd service and timer example file added + Added grub2-install to binaries
* Changes: + Adjustments so insecure SSL protocols are detected in nginx config + Directories will be skipped when searching for nginx log files + Only gather unique name servers from /etc/resolv.conf + Properly detect mod_evasive on Gentoo and others + Improved swap partition detection in /etc/fstab + Improvements to kernel detection (e.g. Gentoo) + Test for built-in security options in YUM + Improved boot loader detection for GRUB2 + Split GRUB test into two tests + Added Mac OS uptime check + Improved GetHostID function for systems having only ip binary + Improved testing for symlinked binary directories + Minor adjustments to log output + Renamed dev directory to extras- verify source signature- adjust permissions of items in /usr/share/lynis/include/consts to match those requested by main executable- run spec_cleaner
* Sun Nov 16 2014 Led - fix bashisms in scripts
  
ICM