mirror of https://github.com/CISOfy/lynis.git
Updated changelog
This commit is contained in:
parent
e3c88fe766
commit
a00b37f5b6
34
CHANGELOG
34
CHANGELOG
|
@ -5,7 +5,7 @@
|
||||||
|
|
||||||
================================================================================
|
================================================================================
|
||||||
|
|
||||||
Author: Michael Boelen (michael.boelen@cisofy.com)
|
Author: Michael Boelen, CISOfy (michael.boelen@cisofy.com)
|
||||||
Description: Security and system auditing tool
|
Description: Security and system auditing tool
|
||||||
Website: https://cisofy.com/lynis/
|
Website: https://cisofy.com/lynis/
|
||||||
GitHub: https://github.com/CISOfy/lynis
|
GitHub: https://github.com/CISOfy/lynis
|
||||||
|
@ -32,8 +32,11 @@ CFEngine detection has been further extended. Additional logging and reporting o
|
||||||
|
|
||||||
* Authentication
|
* Authentication
|
||||||
----------------
|
----------------
|
||||||
Depending on the operating system, Lynis now tries to determine if failed logins are properly logged. This includes
|
Depending on the operating system, Lynis now tries to determine if failed logins
|
||||||
checking for /etc/login.defs [AUTH-9408]. Merged previous password check for Solaris into test AUTH-9228.
|
are properly logged. This includes checking for /etc/login.defs file [AUTH-9408].
|
||||||
|
Merged previous password check for Solaris into test AUTH-9228. User ids on AIX
|
||||||
|
will be gathered and added to the report [AUTH-9234].
|
||||||
|
|
||||||
New plugin is introduced to analyze PAM settings. It including items like:
|
New plugin is introduced to analyze PAM settings. It including items like:
|
||||||
|
|
||||||
- Two-factor authentication methods
|
- Two-factor authentication methods
|
||||||
|
@ -44,8 +47,10 @@ Report option: auth_failed_logins_logged
|
||||||
|
|
||||||
* Compliance
|
* Compliance
|
||||||
------------
|
------------
|
||||||
This release prepares for upcoming extensions to assist with compliance testing. The profile has a new option, which can b
|
This release prepares for upcoming extensions to assist with compliance testing.
|
||||||
Added new compliance_standards option to default.prf. This defines if compliance testing should be performed in future, and for which standards.
|
The profile has a new option, which can be used to define what standards should
|
||||||
|
be tested for, if any test is available. The related option is:
|
||||||
|
compliance_standards
|
||||||
|
|
||||||
Right now these standards can be selected:
|
Right now these standards can be selected:
|
||||||
- CIS benchmarks
|
- CIS benchmarks
|
||||||
|
@ -53,6 +58,9 @@ Right now these standards can be selected:
|
||||||
- ISO27001/ISO27002
|
- ISO27001/ISO27002
|
||||||
- PCI DSS
|
- PCI DSS
|
||||||
|
|
||||||
|
Note that additional tests will be implemented in future releases and then tagged
|
||||||
|
to these particular standards.
|
||||||
|
|
||||||
* DNS and Name services
|
* DNS and Name services
|
||||||
-----------------------
|
-----------------------
|
||||||
Support added for Unbound DNS caching tool [NAME-4034]
|
Support added for Unbound DNS caching tool [NAME-4034]
|
||||||
|
@ -109,9 +117,16 @@ Support for boot loader detection on Mac OS X
|
||||||
-----------
|
-----------
|
||||||
AUTH-9286 change has been extended to both capture minimum and password age.
|
AUTH-9286 change has been extended to both capture minimum and password age.
|
||||||
|
|
||||||
|
* Proxy support
|
||||||
|
---------------
|
||||||
|
A proxy can now be specified in the profile, to allow uploads via a HTTP or SOCKS proxy.
|
||||||
|
|
||||||
* Software and Packages
|
* Software and Packages
|
||||||
-----------------------
|
-----------------------
|
||||||
Log when vulnerable software packages were found
|
Now informationed will be logged when vulnerable software packages were found.
|
||||||
|
Support for DNF (Dandified YUM) for Fedora systems has been added. This is done
|
||||||
|
in several tests: PKGS-7350 (installed packages), PKGS-7352 (security notices),
|
||||||
|
PKGS-7354 (integrity tests).
|
||||||
|
|
||||||
* SSH
|
* SSH
|
||||||
-----
|
-----
|
||||||
|
@ -132,6 +147,7 @@ Check file permissions for Docker files, like socket file [CONT-8108]
|
||||||
------------------
|
------------------
|
||||||
[AUTH-9204] Exclude NIS entries to avoid false positives
|
[AUTH-9204] Exclude NIS entries to avoid false positives
|
||||||
[AUTH-9230] Removed test as it was merged into AUTH-9228
|
[AUTH-9230] Removed test as it was merged into AUTH-9228
|
||||||
|
[AUTH-9234] Support for AIX added
|
||||||
[AUTH-9288] Test for expired passwords
|
[AUTH-9288] Test for expired passwords
|
||||||
[AUTH-9328] Show correct message when no umask is found in /etc/profile. It also includes improved logging, and support for /etc/login.conf on systems like FreeBSD.
|
[AUTH-9328] Show correct message when no umask is found in /etc/profile. It also includes improved logging, and support for /etc/login.conf on systems like FreeBSD.
|
||||||
[BOOT-5106] New test to test boot loader on Mac OS X
|
[BOOT-5106] New test to test boot loader on Mac OS X
|
||||||
|
@ -145,6 +161,9 @@ Check file permissions for Docker files, like socket file [CONT-8108]
|
||||||
[HOME-9310] Use POSIX compatible flags to avoid errors on BusyBox
|
[HOME-9310] Use POSIX compatible flags to avoid errors on BusyBox
|
||||||
[LOGG-2154] Additional support for log destinations for syslog-ng
|
[LOGG-2154] Additional support for log destinations for syslog-ng
|
||||||
[PKGS-7308] Split package name and version for RPM based package manager
|
[PKGS-7308] Split package name and version for RPM based package manager
|
||||||
|
[PKGS-7350] Support for querying installed packages via Fedora DNF package manager (Dandified YUM)
|
||||||
|
[PKGS-7352] Query security notices for DNF
|
||||||
|
[PKGS-7354] Perform integrity tests for package database (DNF)
|
||||||
[MALW-3278] New test to detect LMD (Linux Malware Detect)
|
[MALW-3278] New test to detect LMD (Linux Malware Detect)
|
||||||
[NETW-2600] IPv6 configuration check for Linux
|
[NETW-2600] IPv6 configuration check for Linux
|
||||||
[NETW-3032] Added ARP monitoring software test
|
[NETW-3032] Added ARP monitoring software test
|
||||||
|
@ -154,6 +173,7 @@ Check file permissions for Docker files, like socket file [CONT-8108]
|
||||||
|
|
||||||
* Functions
|
* Functions
|
||||||
-----------
|
-----------
|
||||||
|
[CreateTempFile] Create a temporary file
|
||||||
[DigitsOnly] New function to extract only numbers from a text string
|
[DigitsOnly] New function to extract only numbers from a text string
|
||||||
[DisplayManual] New function to show text on screen without any markup
|
[DisplayManual] New function to show text on screen without any markup
|
||||||
[ExitCustom] New function to allow program to exit with a different exit code, depending on outcome
|
[ExitCustom] New function to allow program to exit with a different exit code, depending on outcome
|
||||||
|
@ -161,6 +181,7 @@ Check file permissions for Docker files, like socket file [CONT-8108]
|
||||||
[IsWordWritable] Changed return codes for easier usage of the function
|
[IsWordWritable] Changed return codes for easier usage of the function
|
||||||
[LogText] Replaces the older logtext function
|
[LogText] Replaces the older logtext function
|
||||||
[RandomString] Creates a random string of characters
|
[RandomString] Creates a random string of characters
|
||||||
|
[RemoveTempFiles] Remove any created temporary files
|
||||||
[Report] Replaces the older report function
|
[Report] Replaces the older report function
|
||||||
[ReportSuggestion] Allows two additional parameters to store details (text and external reference to a solution)
|
[ReportSuggestion] Allows two additional parameters to store details (text and external reference to a solution)
|
||||||
[ReportWarning] Like ReportSuggestion() has additional parameters
|
[ReportWarning] Like ReportSuggestion() has additional parameters
|
||||||
|
@ -170,6 +191,7 @@ Check file permissions for Docker files, like socket file [CONT-8108]
|
||||||
* General improvements
|
* General improvements
|
||||||
----------------------
|
----------------------
|
||||||
- When using pentest mode, it will continue without any delays (=quick mode).
|
- When using pentest mode, it will continue without any delays (=quick mode).
|
||||||
|
- Plugins execution is improved, with improved logged and counting of active plugins.
|
||||||
- Data uploads: provide help when self-signed certificates are used.
|
- Data uploads: provide help when self-signed certificates are used.
|
||||||
- Improved output for tests which before showed results as a warning, while actually are just suggestions.
|
- Improved output for tests which before showed results as a warning, while actually are just suggestions.
|
||||||
- Lynis now uses different exit codes, depending on errors or finding warnings. This helps with automation and any custom scripting you want to apply.
|
- Lynis now uses different exit codes, depending on errors or finding warnings. This helps with automation and any custom scripting you want to apply.
|
||||||
|
|
Loading…
Reference in New Issue