mirror of
https://github.com/CISOfy/lynis.git
synced 2025-07-28 16:24:13 +02:00
Release 2.1.1
This commit is contained in:
mboelen
parent
dd66273f41
commit
424f6cccd0
185
CHANGELOG
185
CHANGELOG
@ -8,119 +8,142 @@
|
||||
Author: Michael Boelen (michael.boelen@cisofy.com)
|
||||
Description: Security and system auditing tool
|
||||
Website: https://cisofy.com/lynis/
|
||||
GitHub: https://github.com/CISOfy/Lynis
|
||||
GitHub: https://github.com/CISOfy/lynis
|
||||
|
||||
Support policy: See section 'Support' (README file);
|
||||
Support policy: See section 'Support' in README file
|
||||
Commercial support and plugins available via CISOfy
|
||||
https://cisofy.com
|
||||
|
||||
Documentation: See web site, README, FAQ and CHANGELOG file
|
||||
|
||||
================================================================================
|
||||
|
||||
= Lynis 2.1.x (2015-xx-xx) =
|
||||
|
||||
This release adds several improvements and in different areas. Support for systems
|
||||
like CentOS, openSUSE, Slackware is improved. It includes further cleanups of the
|
||||
code, performance tweaks and more support for common software components.
|
||||
= Lynis 2.1.1 (2015-07-22) =
|
||||
|
||||
Performance:
|
||||
Performance tuning has been applied, to speed up execution of the audit on
|
||||
systems with many files.
|
||||
This release adds a lot of improvements, with focus on performance, and
|
||||
additional support for common Linux distributions and external utilities.
|
||||
We recommend to use this latest version.
|
||||
|
||||
Automatic updater:
|
||||
Initial work on an automatic updater has been implemented. This way Lynis can
|
||||
be scheduled for updating from a trusted source.
|
||||
* Operating system enhancements
|
||||
-------------------------------
|
||||
Support for systems like CentOS, openSUSE, Slackware is improved.
|
||||
|
||||
Internal functions:
|
||||
As not all systems have readlink, or the -f option of readlink, the
|
||||
ShowSymlinkPath function has been extended with a Python based check.
|
||||
* Performance
|
||||
-------------
|
||||
Performance tuning has been applied, to speed up execution of the audit on
|
||||
systems with many files. This also includes code cleanups.
|
||||
|
||||
Software support:
|
||||
Apache module directory /usr/lib64/apache has been added, which is used on openSUSE.
|
||||
Support for Chef has been added.
|
||||
* Automatic updates
|
||||
-------------------
|
||||
Initial work on an automatic updater has been implemented. This way Lynis
|
||||
can be scheduled for automatic updating from a trusted source.
|
||||
|
||||
File integrity:
|
||||
Added tests for CSF's lfd utility for integrity monitoring on directories and
|
||||
files. Related tests are FINT-4334 and FINT-4336.
|
||||
* Internal functions
|
||||
--------------------
|
||||
Not all systems have readlink, or the -f option of readlink. The
|
||||
ShowSymlinkPath function has been extended with a Python based check, which
|
||||
is often available.
|
||||
|
||||
Time sychronization:
|
||||
Added support for Chrony time daemon and timesync daemon. Additionally NTP
|
||||
sychronization status is checked when it is enabled.
|
||||
* Software support
|
||||
------------------
|
||||
Apache module directory /usr/lib64/apache has been added, which is used on
|
||||
openSUSE.
|
||||
|
||||
Other:
|
||||
Check for permissions has been extended.
|
||||
Python binary is now detected, to help with symlink detection.
|
||||
Several new legal terms, for usage in banners, have been added.
|
||||
In several files old tests have been removed, to further clean up the code.
|
||||
The hardening index is inserted into the report, even if it is not displayed on screen.
|
||||
Support for Chef has been added.
|
||||
|
||||
Bug fixes:
|
||||
Nginx test showed error when access_log had multiple parameters
|
||||
Added tests for CSF's lfd utility for integrity monitoring on directories and
|
||||
files. Related tests are FINT-4334 and FINT-4336.
|
||||
|
||||
Functions:
|
||||
Added AddSystemGroup function
|
||||
Added support for Chrony time daemon and timesync daemon. Additionally NTP
|
||||
sychronization status is checked when it is enabled.
|
||||
|
||||
New tests:
|
||||
[PKGS-7366] Scan for debsecan utility on Debian systems
|
||||
[PKGS-7410] Determine amount of installed kernel packages
|
||||
[TIME-3106] Check synchronization status of NTP on systemd based systems
|
||||
[CONT-8102] Docker daemon status and gather basic details
|
||||
[CONT-8104] Check docker info for any Docker warnings
|
||||
[CONT-8106] Check total, running and unused Docker containers
|
||||
Improved single user mode protection on the rescue.service file.
|
||||
|
||||
Plugins:
|
||||
[PLGN-2602] Disabled by default, as it may be too slow for some machines
|
||||
[PLGN-3002] Extended with /sbin/nologin
|
||||
* Other
|
||||
-------
|
||||
Check for user permissions has been extended.
|
||||
Python binary is now detected, to help with symlink detection.
|
||||
Several new legal terms have been added, which are used for usage in banners.
|
||||
In several files old tests have been removed, to further clean up the code.
|
||||
|
||||
Documentation:
|
||||
A new document has been created to help with the process of upgrading Lynis.
|
||||
It is available at https://cisofy.com/documentation/lynis/upgrading/
|
||||
* Bug fixes
|
||||
---------
|
||||
Nginx test showed error when access_log had multiple parameters.
|
||||
Tests using locate won't be performed if not present.
|
||||
Fix false positive match on Squid unsafe ports [SQD-3624].
|
||||
The hardening index is now also inserted into the report if it is not displayed
|
||||
on screen.
|
||||
|
||||
* Functions
|
||||
---------
|
||||
Added AddSystemGroup function
|
||||
|
||||
* New tests
|
||||
---------
|
||||
Several new tests have been added:
|
||||
|
||||
[PKGS-7366] Scan for debsecan utility on Debian systems
|
||||
[PKGS-7410] Determine amount of installed kernel packages
|
||||
[TIME-3106] Check synchronization status of NTP on systemd based systems
|
||||
[CONT-8102] Docker daemon status and gather basic details
|
||||
[CONT-8104] Check docker info for any Docker warnings
|
||||
[CONT-8106] Check total, running and unused Docker containers
|
||||
|
||||
* Plugins
|
||||
---------
|
||||
|
||||
[PLGN-2602] Disabled by default, as it may be too slow for some machines
|
||||
[PLGN-3002] Extended with /sbin/nologin
|
||||
|
||||
* Documentation
|
||||
---------------
|
||||
A new document has been created to help with the process of upgrading Lynis.
|
||||
It is available at https://cisofy.com/documentation/lynis/upgrading/
|
||||
|
||||
--------------------------------------------------------------
|
||||
|
||||
|
||||
= Lynis 2.1.0 (2015-04-16) =
|
||||
= Lynis 2.1.0 (2015-04-16) =
|
||||
|
||||
General:
|
||||
---------
|
||||
Screen output has been improved to provide additional information.
|
||||
* General
|
||||
---------
|
||||
Screen output has been improved to provide additional information.
|
||||
|
||||
OS support:
|
||||
------------
|
||||
CUPS detection on Mac OS has been improved. AIX systems will now use csum
|
||||
utility to create host ID. Group check have been altered on AIX, to include
|
||||
the -n ALL. Core dump check on Linux is extended to check for actual values
|
||||
as well.
|
||||
* OS support
|
||||
------------
|
||||
CUPS detection on Mac OS has been improved. AIX systems will now use csum
|
||||
utility to create host ID. Group check have been altered on AIX, to include
|
||||
the -n ALL. Core dump check on Linux is extended to check for actual values
|
||||
as well.
|
||||
|
||||
Software:
|
||||
----------
|
||||
McAfee detection has been extended by detecting a running cma binary.
|
||||
Improved detection of pf firewall on BSD and Mac OS. Security patch checking
|
||||
with zypper extended.
|
||||
* Software
|
||||
----------
|
||||
McAfee detection has been extended by detecting a running cma binary.
|
||||
Improved detection of pf firewall on BSD and Mac OS. Security patch checking
|
||||
with zypper extended.
|
||||
|
||||
Session timeout:
|
||||
-----------------
|
||||
Tests to determine shell time out setting have been extended to account for
|
||||
AIX, HP-UX and other platforms. It will now determine also if variable is
|
||||
exported as a readonly variable. Related compliance section PCI DSS 8.1.8
|
||||
has been extended.
|
||||
* Session timeout
|
||||
-----------------
|
||||
Tests to determine shell time out setting have been extended to account for
|
||||
AIX, HP-UX and other platforms. It will now determine also if variable is
|
||||
exported as a readonly variable. Related compliance section PCI DSS 8.1.8
|
||||
has been extended.
|
||||
|
||||
Documentation:
|
||||
---------------
|
||||
- New document: Getting started with Lynis
|
||||
https://cisofy.com/documentation/lynis/get-started/
|
||||
* Documentation
|
||||
---------------
|
||||
- New document: Getting started with Lynis
|
||||
https://cisofy.com/documentation/lynis/get-started/
|
||||
|
||||
Plugins (Enterprise):
|
||||
----------------------
|
||||
- Update to file integrity plugin
|
||||
Changes to PLGN-2606 (capabilities check)
|
||||
* Plugins (Enterprise)
|
||||
----------------------
|
||||
- Update to file integrity plugin
|
||||
Changes to PLGN-2606 (capabilities check)
|
||||
|
||||
- New configuration plugins:
|
||||
PLGN-4802 (SSH settings)
|
||||
PLGN-4804 (login.defs)
|
||||
- New configuration plugins:
|
||||
PLGN-4802 (SSH settings)
|
||||
PLGN-4804 (login.defs)
|
||||
|
||||
Download link: https://cisofy.com/download/lynis/
|
||||
Download link: https://cisofy.com/download/lynis/
|
||||
|
||||
--------------------------------------------------------------
|
||||
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user