mirror of
https://github.com/CISOfy/lynis.git
synced 2025-07-31 01:34:23 +02:00
Release 2.1.1
This commit is contained in:
mboelen
parent
dd66273f41
commit
424f6cccd0
93
CHANGELOG
93
CHANGELOG
@ -8,60 +8,80 @@
|
|||||||
Author: Michael Boelen (michael.boelen@cisofy.com)
|
Author: Michael Boelen (michael.boelen@cisofy.com)
|
||||||
Description: Security and system auditing tool
|
Description: Security and system auditing tool
|
||||||
Website: https://cisofy.com/lynis/
|
Website: https://cisofy.com/lynis/
|
||||||
GitHub: https://github.com/CISOfy/Lynis
|
GitHub: https://github.com/CISOfy/lynis
|
||||||
|
|
||||||
Support policy: See section 'Support' (README file);
|
Support policy: See section 'Support' in README file
|
||||||
Commercial support and plugins available via CISOfy
|
Commercial support and plugins available via CISOfy
|
||||||
https://cisofy.com
|
|
||||||
|
|
||||||
Documentation: See web site, README, FAQ and CHANGELOG file
|
Documentation: See web site, README, FAQ and CHANGELOG file
|
||||||
|
|
||||||
================================================================================
|
================================================================================
|
||||||
|
|
||||||
= Lynis 2.1.x (2015-xx-xx) =
|
|
||||||
|
|
||||||
This release adds several improvements and in different areas. Support for systems
|
= Lynis 2.1.1 (2015-07-22) =
|
||||||
like CentOS, openSUSE, Slackware is improved. It includes further cleanups of the
|
|
||||||
code, performance tweaks and more support for common software components.
|
|
||||||
|
|
||||||
Performance:
|
This release adds a lot of improvements, with focus on performance, and
|
||||||
|
additional support for common Linux distributions and external utilities.
|
||||||
|
We recommend to use this latest version.
|
||||||
|
|
||||||
|
* Operating system enhancements
|
||||||
|
-------------------------------
|
||||||
|
Support for systems like CentOS, openSUSE, Slackware is improved.
|
||||||
|
|
||||||
|
* Performance
|
||||||
|
-------------
|
||||||
Performance tuning has been applied, to speed up execution of the audit on
|
Performance tuning has been applied, to speed up execution of the audit on
|
||||||
systems with many files.
|
systems with many files. This also includes code cleanups.
|
||||||
|
|
||||||
Automatic updater:
|
* Automatic updates
|
||||||
Initial work on an automatic updater has been implemented. This way Lynis can
|
-------------------
|
||||||
be scheduled for updating from a trusted source.
|
Initial work on an automatic updater has been implemented. This way Lynis
|
||||||
|
can be scheduled for automatic updating from a trusted source.
|
||||||
|
|
||||||
Internal functions:
|
* Internal functions
|
||||||
As not all systems have readlink, or the -f option of readlink, the
|
--------------------
|
||||||
ShowSymlinkPath function has been extended with a Python based check.
|
Not all systems have readlink, or the -f option of readlink. The
|
||||||
|
ShowSymlinkPath function has been extended with a Python based check, which
|
||||||
|
is often available.
|
||||||
|
|
||||||
|
* Software support
|
||||||
|
------------------
|
||||||
|
Apache module directory /usr/lib64/apache has been added, which is used on
|
||||||
|
openSUSE.
|
||||||
|
|
||||||
Software support:
|
|
||||||
Apache module directory /usr/lib64/apache has been added, which is used on openSUSE.
|
|
||||||
Support for Chef has been added.
|
Support for Chef has been added.
|
||||||
|
|
||||||
File integrity:
|
|
||||||
Added tests for CSF's lfd utility for integrity monitoring on directories and
|
Added tests for CSF's lfd utility for integrity monitoring on directories and
|
||||||
files. Related tests are FINT-4334 and FINT-4336.
|
files. Related tests are FINT-4334 and FINT-4336.
|
||||||
|
|
||||||
Time sychronization:
|
|
||||||
Added support for Chrony time daemon and timesync daemon. Additionally NTP
|
Added support for Chrony time daemon and timesync daemon. Additionally NTP
|
||||||
sychronization status is checked when it is enabled.
|
sychronization status is checked when it is enabled.
|
||||||
|
|
||||||
Other:
|
Improved single user mode protection on the rescue.service file.
|
||||||
Check for permissions has been extended.
|
|
||||||
|
* Other
|
||||||
|
-------
|
||||||
|
Check for user permissions has been extended.
|
||||||
Python binary is now detected, to help with symlink detection.
|
Python binary is now detected, to help with symlink detection.
|
||||||
Several new legal terms, for usage in banners, have been added.
|
Several new legal terms have been added, which are used for usage in banners.
|
||||||
In several files old tests have been removed, to further clean up the code.
|
In several files old tests have been removed, to further clean up the code.
|
||||||
The hardening index is inserted into the report, even if it is not displayed on screen.
|
|
||||||
|
|
||||||
Bug fixes:
|
* Bug fixes
|
||||||
Nginx test showed error when access_log had multiple parameters
|
---------
|
||||||
|
Nginx test showed error when access_log had multiple parameters.
|
||||||
|
Tests using locate won't be performed if not present.
|
||||||
|
Fix false positive match on Squid unsafe ports [SQD-3624].
|
||||||
|
The hardening index is now also inserted into the report if it is not displayed
|
||||||
|
on screen.
|
||||||
|
|
||||||
Functions:
|
* Functions
|
||||||
|
---------
|
||||||
Added AddSystemGroup function
|
Added AddSystemGroup function
|
||||||
|
|
||||||
New tests:
|
* New tests
|
||||||
|
---------
|
||||||
|
Several new tests have been added:
|
||||||
|
|
||||||
[PKGS-7366] Scan for debsecan utility on Debian systems
|
[PKGS-7366] Scan for debsecan utility on Debian systems
|
||||||
[PKGS-7410] Determine amount of installed kernel packages
|
[PKGS-7410] Determine amount of installed kernel packages
|
||||||
[TIME-3106] Check synchronization status of NTP on systemd based systems
|
[TIME-3106] Check synchronization status of NTP on systemd based systems
|
||||||
@ -69,11 +89,14 @@
|
|||||||
[CONT-8104] Check docker info for any Docker warnings
|
[CONT-8104] Check docker info for any Docker warnings
|
||||||
[CONT-8106] Check total, running and unused Docker containers
|
[CONT-8106] Check total, running and unused Docker containers
|
||||||
|
|
||||||
Plugins:
|
* Plugins
|
||||||
|
---------
|
||||||
|
|
||||||
[PLGN-2602] Disabled by default, as it may be too slow for some machines
|
[PLGN-2602] Disabled by default, as it may be too slow for some machines
|
||||||
[PLGN-3002] Extended with /sbin/nologin
|
[PLGN-3002] Extended with /sbin/nologin
|
||||||
|
|
||||||
Documentation:
|
* Documentation
|
||||||
|
---------------
|
||||||
A new document has been created to help with the process of upgrading Lynis.
|
A new document has been created to help with the process of upgrading Lynis.
|
||||||
It is available at https://cisofy.com/documentation/lynis/upgrading/
|
It is available at https://cisofy.com/documentation/lynis/upgrading/
|
||||||
|
|
||||||
@ -82,36 +105,36 @@
|
|||||||
|
|
||||||
= Lynis 2.1.0 (2015-04-16) =
|
= Lynis 2.1.0 (2015-04-16) =
|
||||||
|
|
||||||
General:
|
* General
|
||||||
---------
|
---------
|
||||||
Screen output has been improved to provide additional information.
|
Screen output has been improved to provide additional information.
|
||||||
|
|
||||||
OS support:
|
* OS support
|
||||||
------------
|
------------
|
||||||
CUPS detection on Mac OS has been improved. AIX systems will now use csum
|
CUPS detection on Mac OS has been improved. AIX systems will now use csum
|
||||||
utility to create host ID. Group check have been altered on AIX, to include
|
utility to create host ID. Group check have been altered on AIX, to include
|
||||||
the -n ALL. Core dump check on Linux is extended to check for actual values
|
the -n ALL. Core dump check on Linux is extended to check for actual values
|
||||||
as well.
|
as well.
|
||||||
|
|
||||||
Software:
|
* Software
|
||||||
----------
|
----------
|
||||||
McAfee detection has been extended by detecting a running cma binary.
|
McAfee detection has been extended by detecting a running cma binary.
|
||||||
Improved detection of pf firewall on BSD and Mac OS. Security patch checking
|
Improved detection of pf firewall on BSD and Mac OS. Security patch checking
|
||||||
with zypper extended.
|
with zypper extended.
|
||||||
|
|
||||||
Session timeout:
|
* Session timeout
|
||||||
-----------------
|
-----------------
|
||||||
Tests to determine shell time out setting have been extended to account for
|
Tests to determine shell time out setting have been extended to account for
|
||||||
AIX, HP-UX and other platforms. It will now determine also if variable is
|
AIX, HP-UX and other platforms. It will now determine also if variable is
|
||||||
exported as a readonly variable. Related compliance section PCI DSS 8.1.8
|
exported as a readonly variable. Related compliance section PCI DSS 8.1.8
|
||||||
has been extended.
|
has been extended.
|
||||||
|
|
||||||
Documentation:
|
* Documentation
|
||||||
---------------
|
---------------
|
||||||
- New document: Getting started with Lynis
|
- New document: Getting started with Lynis
|
||||||
https://cisofy.com/documentation/lynis/get-started/
|
https://cisofy.com/documentation/lynis/get-started/
|
||||||
|
|
||||||
Plugins (Enterprise):
|
* Plugins (Enterprise)
|
||||||
----------------------
|
----------------------
|
||||||
- Update to file integrity plugin
|
- Update to file integrity plugin
|
||||||
Changes to PLGN-2606 (capabilities check)
|
Changes to PLGN-2606 (capabilities check)
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user