diff --git a/CHANGELOG b/CHANGELOG index 4db4e446..ea12272a 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -61,13 +61,29 @@ Record if a name caching utility is being used like nscd or Unbound. Also loggin * Firewalls ----------- -Test for IPFW firewall on FreeBSD has been improved and status of pflogd will no longer be displayed on screen when pf is not available. -New test FIRE-4532 now supports detection of the Mac OS X application firewall. Also the status of application firewalls is audited now. +Test for IPFW firewall on FreeBSD has been improved: status of pflogd will no +longer be displayed, when pf is not available. + +New test FIRE-4532 introduced for detection of the Mac OS X application firewall. +Also the status of application firewalls is audited now. + +FIRE-4508 is another new test, which tests chains of iptables and their default +policy (ACCEPT or DROP). This release also supports the upcoming nftables +technology with new test FIRE-4536. It is expected that it will replace iptables +later on, so this test will perform a status check. Additional FIRE-4548 will +perform a version detection of the userland utility nft and determine if there +are any rules configured. + +Renamed FIRE-4511 to FIRE-4502. * Hardware ---------- Detection of firewire is enhanced (both ohci and core detected). +* Logging +--------- +Extended the test syslog-ng logging to remote systems + * Malware --------- ESET and LMD (Linux Malware Detect) are recognized as a malware scanner. Discovered malware scanners are also logged to the report. @@ -121,9 +137,15 @@ Check file permissions for Docker files, like socket file [CONT-8108] [BOOT-5180] Only gets executed if runlevel 2 is found [CONT-8108] New test to test for Docker file permissions [FILE-6410] Added /var/lib/locatedb as search path +[FIRE-4508] Added chains test for iptables +[FIRE-4511] Renamed to FIRE-4502 +[FIRE-4536] Support for nftables detection +[FIRE-4538] Basic configuration check for for nftables [HOME-9310] Use POSIX compatible flags to avoid errors on BusyBox +[LOGG-2154] Additional support for log destinations for syslog-ng [PKGS-7308] Split package name and version for RPM based package manager [MALW-3278] New test to detect LMD (Linux Malware Detect) +[NETW-3032] Added ARP monitoring software test [SHLL-6230] Test for umask values in shell configuration files (e.g. rc files) [TIME-3104] Show only suggestion on FreeBSD systems if ntpdate is configured, yet ntpd isn't running [TIME-3170] New test to check NTP configuration files and determine if any of them are world writable diff --git a/lynis b/lynis index b390209d..e3bc1439 100755 --- a/lynis +++ b/lynis @@ -27,8 +27,8 @@ # Program information PROGRAM_name="Lynis" - PROGRAM_version="2.1.6" - PROGRAM_releasedate="21 December 2015" + PROGRAM_version="2.1.7" + PROGRAM_releasedate="30 December 2015" PROGRAM_author="Michael Boelen, CISOfy" PROGRAM_author_contact="lynis-dev@cisofy.com" PROGRAM_website="https://cisofy.com"