Lynis Changelog

New in version 1.4.3

February 24th, 2014
  • New:
  • Support for the dntpd time daemon
  • New Apache test for modules [HTTP-6632]
  • Apache test for mod_evasive [HTTP-6640]
  • Apache test for mod_qos [HTTP-6641]
  • Apache test for mod_spamhaus [HTTP-6642]
  • Apache test for ModSecurity [HTTP-6643]
  • Check for installed package audit tool [PKGS-7398]
  • Added initial support for new pkgng and related tools [PKGS-7381]
  • Check for ssh-keyscan binary
  • ZFS support for FreeBSD [FILE-6330]
  • Test for passwordless accounts [AUTH-9283]
  • Initial OS support for DragonFly BSD
  • Initial OS support for TrueOS (FreeBSD based)
  • Initial OS support for elementary OS (Luna)
  • GetHostID for DragonFly, FreeBSD, NetBSD and OpenBSD
  • Check for DHCP client [NETW-3030]
  • Initial support for OSSEC (system integrity) [FINT-4328]
  • New parameter --log-file to adjust log file location
  • New function IsRunning() to check status of processes
  • New function RealFilename() to determine file name
  • New function CheckItem() for parsing files
  • New function ReportManual() and ReportException() to simplify code
  • New function DirectoryExists() to check existence of a directory
  • Support for dntpd [TIME-3104]
  • Changes:
  • Extended pf checks for FreeBSD/OpenBSD and others [FIRE-4518]
  • Extended test to gather listening network ports for Linux [NETW-3012]
  • Adjusted lsof statement to ignore warnings (e.g. fuse) [LOGG-2180] [LOGG-2190]
  • Added suggestion for discovered shells on FreeBSD [AUTH-9218]
  • Extended core dump test with additional details [KRNL-5820]
  • Properly display suggestion if portaudit is not installed [PKGS-7382]
  • Ignore message if no packages are installed (pkg_info) [PKGS-7320]
  • Also try using apt-check on Debian systems [PKGS-7392]
  • Adjusted logging for RPM binary on systems not using it [PKGS-7308]
  • Extended search in cron directories for rdate/ntpdate [TIME-3104]
  • Adjusted PHP check to find ini files [PHP-2211]
  • Skip Apache test for NetBSD [HTTP-6622]
  • Skip test http version check for NetBSD [HTTP-6624]
  • Additional check to surpress sort error [HTTP-6626]
  • Improved the way binaries are checked (less disk reads)
  • Adjusted ReportWarning() function to skip impact rating
  • Improved report on screen by leaving out date/time and type
  • Redirect errors while checking for OpenSSL version
  • Extended reporting with firewall status and software
  • Adjusted naming of some operating systems to make them more consistent
  • Extended update check by using host binary if dig is not installed
  • Count number of installed binaries/packages and report them
  • Report about log rotation tool and status
  • Updated man page

New in version 1.4.2 (February 20th, 2014)

  • New:
  • Support for the dntpd time daemon
  • New Apache test for modules [HTTP-6632]
  • Apache test for mod_evasive [HTTP-6640]
  • Apache test for mod_qos [HTTP-6641]
  • Apache test for mod_spamhaus [HTTP-6642]
  • Apache test for ModSecurity [HTTP-6643]
  • Check for installed package audit tool [PKGS-7398]
  • Added initial support for new pkgng and related tools [PKGS-7381]
  • Check for ssh-keyscan binary
  • ZFS support for FreeBSD [FILE-6330]
  • Test for passwordless accounts [AUTH-9283]
  • Initial OS support for DragonFly BSD
  • Initial OS support for TrueOS (FreeBSD based)
  • Initial OS support for elementary OS (Luna)
  • GetHostID for DragonFly, FreeBSD, NetBSD and OpenBSD
  • Check for DHCP client [NETW-3030]
  • Initial support for OSSEC (system integrity) [FINT-4328]
  • New parameter --log-file to adjust log file location
  • New function IsRunning() to check status of processes
  • New function RealFilename() to determine file name
  • New function CheckItem() for parsing files
  • New function ReportManual() and ReportException() to simplify code
  • New function DirectoryExists() to check existence of a directory
  • Support for dntpd [TIME-3104]
  • Changes:
  • Extended pf checks for FreeBSD/OpenBSD and others [FIRE-4518]
  • Extended test to gather listening network ports for Linux [NETW-3012]
  • Adjusted lsof statement to ignore warnings (e.g. fuse) [LOGG-2180] [LOGG-2190]
  • Added suggestion for discovered shells on FreeBSD [AUTH-9218]
  • Extended core dump test with additional details [KRNL-5820]
  • Properly display suggestion if portaudit is not installed [PKGS-7382]
  • Ignore message if no packages are installed (pkg_info) [PKGS-7320]
  • Also try using apt-check on Debian systems [PKGS-7392]
  • Adjusted logging for RPM binary on systems not using it [PKGS-7308]
  • Extended search in cron directories for rdate/ntpdate [TIME-3104]
  • Adjusted PHP check to find ini files [PHP-2211]
  • Skip Apache test for NetBSD [HTTP-6622]
  • Skip test http version check for NetBSD [HTTP-6624]
  • Additional check to surpress sort error [HTTP-6626]
  • Improved the way binaries are checked (less disk reads)
  • Adjusted ReportWarning() function to skip impact rating
  • Improved report on screen by leaving out date/time and type
  • Redirect errors while checking for OpenSSL version
  • Extended reporting with firewall status and software
  • Adjusted naming of some operating systems to make them more consistent
  • Extended update check by using host binary if dig is not installed
  • Count number of installed binaries/packages and report them
  • Report about log rotation tool and status
  • Updated man page

New in version 1.4.1 (February 15th, 2014)

  • New:
  • Support for the dntpd time daemon
  • New Apache test for modules [HTTP-6632]
  • Apache test for mod_evasive [HTTP-6640]
  • Apache test for mod_qos [HTTP-6641]
  • Apache test for mod_spamhaus [HTTP-6642]
  • Apache test for ModSecurity [HTTP-6643]
  • Check for installed package audit tool [PKGS-7398]
  • Added initial support for new pkgng and related tools [PKGS-7381]
  • Check for ssh-keyscan binary
  • ZFS support for FreeBSD [FILE-6330]
  • Test for passwordless accounts [AUTH-9283]
  • Initial OS support for DragonFly BSD
  • Initial OS support for TrueOS (FreeBSD based)
  • Initial OS support for elementary OS (Luna)
  • GetHostID for DragonFly, FreeBSD, NetBSD and OpenBSD
  • Check for DHCP client [NETW-3030]
  • Initial support for OSSEC (system integrity) [FINT-4328]
  • New parameter --log-file to adjust log file location
  • New function IsRunning() to check status of processes
  • New function RealFilename() to determine file name
  • New function CheckItem() for parsing files
  • New function ReportManual() and ReportException() to simplify code
  • New function DirectoryExists() to check existence of a directory
  • Support for dntpd [TIME-3104]
  • Changes:
  • Extended pf checks for FreeBSD/OpenBSD and others [FIRE-4518]
  • Extended test to gather listening network ports for Linux [NETW-3012]
  • Adjusted lsof statement to ignore warnings (e.g. fuse) [LOGG-2180] [LOGG-2190]
  • Added suggestion for discovered shells on FreeBSD [AUTH-9218]
  • Extended core dump test with additional details [KRNL-5820]
  • Properly display suggestion if portaudit is not installed [PKGS-7382]
  • Ignore message if no packages are installed (pkg_info) [PKGS-7320]
  • Also try using apt-check on Debian systems [PKGS-7392]
  • Adjusted logging for RPM binary on systems not using it [PKGS-7308]
  • Extended search in cron directories for rdate/ntpdate [TIME-3104]
  • Adjusted PHP check to find ini files [PHP-2211]
  • Skip Apache test for NetBSD [HTTP-6622]
  • Skip test http version check for NetBSD [HTTP-6624]
  • Additional check to surpress sort error [HTTP-6626]
  • Improved the way binaries are checked (less disk reads)
  • Adjusted ReportWarning() function to skip impact rating
  • Improved report on screen by leaving out date/time and type
  • Redirect errors while checking for OpenSSL version
  • Extended reporting with firewall status and software
  • Adjusted naming of some operating systems to make them more consistent
  • Extended update check by using host binary if dig is not installed
  • Count number of installed binaries/packages and report them
  • Report about log rotation tool and status
  • Updated man page

New in version 1.4.0 (January 29th, 2014)

  • This version adds several improvements to support AIX better, hostid creation, ignoring of the LANG value, and extension of a few tests.

New in version 1.3.9 (January 10th, 2014)

  • New:
  • Support for the dntpd time daemon
  • New Apache test for modules [HTTP-6632]
  • Apache test for mod_evasive [HTTP-6640]
  • Apache test for mod_qos [HTTP-6641]
  • Apache test for mod_spamhaus [HTTP-6642]
  • Apache test for ModSecurity [HTTP-6643]
  • Check for installed package audit tool [PKGS-7398]
  • Added initial support for new pkgng and related tools [PKGS-7381]
  • Check for ssh-keyscan binary
  • ZFS support for FreeBSD [FILE-6330]
  • Test for passwordless accounts [AUTH-9283]
  • Initial OS support for DragonFly BSD
  • Initial OS support for TrueOS (FreeBSD based)
  • Initial OS support for elementary OS (Luna)
  • GetHostID for DragonFly, FreeBSD, NetBSD and OpenBSD
  • Check for DHCP client [NETW-3030]
  • Initial support for OSSEC (system integrity) [FINT-4328]
  • New parameter --log-file to adjust log file location
  • New function IsRunning() to check status of processes
  • New function RealFilename() to determine file name
  • New function CheckItem() for parsing files
  • New function ReportManual() and ReportException() to simplify code
  • New function DirectoryExists() to check existence of a directory
  • Support for dntpd [TIME-3104]
  • Changes:
  • Extended pf checks for FreeBSD/OpenBSD and others [FIRE-4518]
  • Extended test to gather listening network ports for Linux [NETW-3012]
  • Adjusted lsof statement to ignore warnings (e.g. fuse) [LOGG-2180] [LOGG-2190]
  • Added suggestion for discovered shells on FreeBSD [AUTH-9218]
  • Extended core dump test with additional details [KRNL-5820]
  • Properly display suggestion if portaudit is not installed [PKGS-7382]
  • Ignore message if no packages are installed (pkg_info) [PKGS-7320]
  • Also try using apt-check on Debian systems [PKGS-7392]
  • Adjusted logging for RPM binary on systems not using it [PKGS-7308]
  • Extended search in cron directories for rdate/ntpdate [TIME-3104]
  • Adjusted PHP check to find ini files [PHP-2211]
  • Skip Apache test for NetBSD [HTTP-6622]
  • Skip test http version check for NetBSD [HTTP-6624]
  • Additional check to surpress sort error [HTTP-6626]
  • Improved the way binaries are checked (less disk reads)
  • Adjusted ReportWarning() function to skip impact rating
  • Improved report on screen by leaving out date/time and type
  • Redirect errors while checking for OpenSSL version
  • Extended reporting with firewall status and software
  • Adjusted naming of some operating systems to make them more consistent
  • Extended update check by using host binary if dig is not installed
  • Count number of installed binaries/packages and report them
  • Report about log rotation tool and status
  • Updated man page

New in version 1.3.8 (December 27th, 2013)

  • This version adds a new parameter (--view-categories), eight new tests, and several improvements to existing tests and functions.

New in version 1.3.6 (December 4th, 2013)

  • New:
  • Support for the dntpd time daemon
  • New Apache test for modules [HTTP-6632]
  • Apache test for mod_evasive [HTTP-6640]
  • Apache test for mod_qos [HTTP-6641]
  • Apache test for mod_spamhaus [HTTP-6642]
  • Apache test for ModSecurity [HTTP-6643]
  • Check for installed package audit tool [PKGS-7398]
  • Added initial support for new pkgng and related tools [PKGS-7381]
  • Check for ssh-keyscan binary
  • ZFS support for FreeBSD [FILE-6330]
  • Test for passwordless accounts [AUTH-9283]
  • Initial OS support for DragonFly BSD
  • Initial OS support for TrueOS (FreeBSD based)
  • Initial OS support for elementary OS (Luna)
  • GetHostID for DragonFly, FreeBSD, NetBSD and OpenBSD
  • Check for DHCP client [NETW-3030]
  • Initial support for OSSEC (system integrity) [FINT-4328]
  • New parameter --log-file to adjust log file location
  • New function IsRunning() to check status of processes
  • New function RealFilename() to determine file name
  • New function CheckItem() for parsing files
  • New function ReportManual() and ReportException() to simplify code
  • New function DirectoryExists() to check existence of a directory
  • Support for dntpd [TIME-3104]
  • Changes:
  • Extended pf checks for FreeBSD/OpenBSD and others [FIRE-4518]
  • Extended test to gather listening network ports for Linux [NETW-3012]
  • Adjusted lsof statement to ignore warnings (e.g. fuse) [LOGG-2180] [LOGG-2190]
  • Added suggestion for discovered shells on FreeBSD [AUTH-9218]
  • Extended core dump test with additional details [KRNL-5820]
  • Properly display suggestion if portaudit is not installed [PKGS-7382]
  • Ignore message if no packages are installed (pkg_info) [PKGS-7320]
  • Also try using apt-check on Debian systems [PKGS-7392]
  • Adjusted logging for RPM binary on systems not using it [PKGS-7308]
  • Extended search in cron directories for rdate/ntpdate [TIME-3104]
  • Adjusted PHP check to find ini files [PHP-2211]
  • Skip Apache test for NetBSD [HTTP-6622]
  • Skip test http version check for NetBSD [HTTP-6624]
  • Additional check to surpress sort error [HTTP-6626]
  • Improved the way binaries are checked (less disk reads)
  • Adjusted ReportWarning() function to skip impact rating
  • Improved report on screen by leaving out date/time and type
  • Redirect errors while checking for OpenSSL version
  • Extended reporting with firewall status and software
  • Adjusted naming of some operating systems to make them more consistent
  • Extended update check by using host binary if dig is not installed
  • Count number of installed binaries/packages and report them
  • Report about log rotation tool and status
  • Updated man page

New in version 1.3.5 (November 20th, 2013)

  • New:
  • OS detection for Mageia Linux, PCLinuxOS, Sabayon Linux and Scientific Linux
  • Added some initial systemd support (e.g. boot services)
  • Test to display if any known MAC framework is implemented [MACF-6290]
  • Changes:
  • Improved support for Slackware Linux (OS and version detection)
  • Added systemd support (boot and running services) for Linux systems [BOOT-5177]
  • Added systemd support (default runlevel) for Linux systems [KRNL-5622]
  • Extended USB storage check in modprobe.d directory [STRG-1840]
  • Improved output, reporting and check for kernel update [KRNL-5788]
  • Optimized code and output of test to check writable scripts [BOOT-5184]
  • Fixed detection for writable scripts [BOOT-5184]
  • Improved detection IPv6 addresses for Slackware and others [NETW-3008]
  • Minor addition to SSH PermitRootLogin check [SSH-7412]
  • Extended cronjob tests, reporting and logging [SCHD-7704]
  • Extended umask check in /etc/profile [AUTH-9328]
  • Added suggestion about BIND version [NAME-4210]
  • Merged test NTP daemon test TIME-3108 into TIME-3104
  • Improved support for Arch Linux (output, detection)
  • Extended common list of directories with SSL certifcates in profile
  • New function GetHostID() to determine an unique identifier of the machine
  • Added a tests_custom file template
  • Perform file permissions test on tests_custom file
  • Improved OS detection and extended logging on several tests
  • Several layout improvements
  • Extended update check functions and output
  • Cleaned up reporting and extended it with exceptions

New in version 1.3.4 (November 9th, 2013)

  • This version add OS detection support for Arch Linux and the systemd journal.
  • It also improves several checks so the results are improved, including screen output.