From 24e5e756119b8b77f35f7e56a7b516d676e009da Mon Sep 17 00:00:00 2001 From: mboelen Date: Tue, 26 Apr 2016 21:27:58 +0200 Subject: [PATCH] Updated log --- CHANGELOG | 36 ++++++++++++++++++++++++++++++++++++ 1 file changed, 36 insertions(+) diff --git a/CHANGELOG b/CHANGELOG index a5596235..4cfe898e 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -20,6 +20,27 @@ = Lynis 2.2.1 (not released, development version) = +* Upgrade tips + +Several changes have been made to core functions of Lynis. These are to simplify +its usage, but might cause differences after upgrading. See the tips below to +make. + +Custom profiles: +Instead of making changes to default.prf, copy your changes to custom.prf. Only +include the changes, as the values in default.prf are considered to be defaults. + +Check your cron jobs: +When using --quiet, the output will be really quiet now. +Use --show-warnings-only if you still want to see warnings. + +Lynis will exit with error 0, even when warnings have been found. Use option +error-on-warnings=yes (custom.prf) to exit with code 78 warnings. + +Do not define a profile with --profile. Instead, put only your changes in the +new custom.prf. + + * Ansible ------- Ansible examples on https://github.com/CISOfy/lynis-ansible @@ -88,17 +109,27 @@ The interface colors have been changed, to make it more obvious how the software can be used. Also the wait line between categories have been altered, to properly display on systems with a white background. +When no auditor name has been specified, it will say that instead of unknown. + * Program options ----------------- +Added --developer option to enable developer mode Added --verbose to show more details on screen and reducing in normal mode +Added --show-warnings-only to just show any warnings on screen +Added --skip-plugins to disable running any plugins +Changed --quiet to really quiet +Remove --config option, use lynis show profiles instead * Functions ----------- [ContainsString] New function to search for a string in another one [Display] Added --debug, showing details on screen in debug mode [IsDebug] Check for usage of --debug +[IsDeveloperMode] Status for development and debugging (--developer) [IsRunning] Added return state [IsVerbose] Check for usage of --verbose +[IsOwnedByRoot] Check ownership of files and directories +[IsWorldWritable] Improved test with additional details [PortIsListening] Check if a service it listening to a specified port [SkipAtomicTest] Allow smaller tests to be skipped (e.g. SSH-7408) @@ -106,14 +137,19 @@ Added --verbose to show more details on screen and reducing in normal mode ------- [AUTH-9262] Restructure of test, support for pwquality PAM [AUTH-9308] Check for systemd targets +[BANN-7119] /etc/motd test disabled +[BANN-7122] /etc/motd content test disabled [DBS-1860] Check for status of DB2 [CRYP-7902] Support for multiple profiles, improved logging [FILE-6372] Properly checking for /etc/fstab now, ignore comments [FILE-7524] Support for multiple profiles +[KRNL-5788] Support for kernel with grsecurity patches (linux-image-grsec) [KRNL-6000] Allow multiple profiles to be used, store more details [NETW-3014] Support for multiple profiles [PKGS-7303] Added Brew package manager [PKGS-7354] Test for DNF repoquery plugin before using it +[SCHD-7702] Test for running cron daemon +[SCHD-7704] Test ownership of cronjob files [TOOL-5102] Test for Fail2ban tooling [TOOL-5190] Test for intrusion detection or prevention system