tyler.durden
/
lynis
mirror of https://github.com/CISOfy/lynis.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Updated log

This commit is contained in:
Michael Boelen 2019-08-21 14:08:25 +02:00
parent d3464d88b1
commit 7eba5df9b2
No known key found for this signature in database
GPG Key ID: 26141F77A09D7F04
1 changed files with 19 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
CHANGELOG.md
View File

@ -6,15 +6,29 @@ This is a major release of Lynis and includes several big changes.
Some of these changes may break your current usage of the tool, so test before
deployment!
### Breaking changes
- Some commands or switches are deprecated or removed
- Format of all profile options converted (from key:value to key=value)
- Non-interactive by default (use --wait option to pause between groups of tests)
### Breaking change: Non-interactive by default
Lynis now runs non-interactive by default, to be more in line with the Unix
philosophy. So the previously used '--quick' option is now default, and the tool
will only wait when using the '--wait' option.
### Breaking change: Deprecated options
- Option: -c
- Option: --check-update/--info
- Option: --dump-options
- Option: --license-key
### Breaking change: Profile options
The format of all profile options are converted (from key:value to key=value).
You may have to update the changes you made in your custom.prf.
### Security
An important focus area for this release is on security. We added several
measures to further tighten any possible misuse.
## New: DevOps, Forensics, and pentesting mode
This release adds initial support to allow defining a specialized type of audit.
Using the relevant options, the scan will change base on the intended goal.
### Added
- Security: test PATH and warn or exit on discovery of dangerous location
- Security: additional safeguard by testing if common system tools are available
@ -31,7 +45,7 @@ measures to further tighten any possible misuse.
- New option: --usecwd - run from the current working directory
- New profile option: disable-plugin - disables a single plugin
- New profile option: ssl-certificate-paths-to-ignore - ignore a path
- New test: CRYP-7930 - disk or file system encryption testing
- New test: CRYP-7930 - test for LUKS encryption
- New test: INSE-8314 - test for NIS client
- New test: INSE-8316 - test for NIS server
- New test: PROC-3802 - check presence of prelink tooling