Softpedia >Linux >System >Diagnostics >Lynis >  Changelog

Lynis Changelog

What's new in Lynis 1.4.3

Feb 24, 2014
  • New:
  • Support for the dntpd time daemon
  • New Apache test for modules [HTTP-6632]
  • Apache test for mod_evasive [HTTP-6640]
  • Apache test for mod_qos [HTTP-6641]
  • Apache test for mod_spamhaus [HTTP-6642]
  • Apache test for ModSecurity [HTTP-6643]
  • Check for installed package audit tool [PKGS-7398]
  • Added initial support for new pkgng and related tools [PKGS-7381]
  • Check for ssh-keyscan binary
  • ZFS support for FreeBSD [FILE-6330]
  • Test for passwordless accounts [AUTH-9283]
  • Initial OS support for DragonFly BSD
  • Initial OS support for TrueOS (FreeBSD based)
  • Initial OS support for elementary OS (Luna)
  • GetHostID for DragonFly, FreeBSD, NetBSD and OpenBSD
  • Check for DHCP client [NETW-3030]
  • Initial support for OSSEC (system integrity) [FINT-4328]
  • New parameter --log-file to adjust log file location
  • New function IsRunning() to check status of processes
  • New function RealFilename() to determine file name
  • New function CheckItem() for parsing files
  • New function ReportManual() and ReportException() to simplify code
  • New function DirectoryExists() to check existence of a directory
  • Support for dntpd [TIME-3104]
  • Changes:
  • Extended pf checks for FreeBSD/OpenBSD and others [FIRE-4518]
  • Extended test to gather listening network ports for Linux [NETW-3012]
  • Adjusted lsof statement to ignore warnings (e.g. fuse) [LOGG-2180] [LOGG-2190]
  • Added suggestion for discovered shells on FreeBSD [AUTH-9218]
  • Extended core dump test with additional details [KRNL-5820]
  • Properly display suggestion if portaudit is not installed [PKGS-7382]
  • Ignore message if no packages are installed (pkg_info) [PKGS-7320]
  • Also try using apt-check on Debian systems [PKGS-7392]
  • Adjusted logging for RPM binary on systems not using it [PKGS-7308]
  • Extended search in cron directories for rdate/ntpdate [TIME-3104]
  • Adjusted PHP check to find ini files [PHP-2211]
  • Skip Apache test for NetBSD [HTTP-6622]
  • Skip test http version check for NetBSD [HTTP-6624]
  • Additional check to surpress sort error [HTTP-6626]
  • Improved the way binaries are checked (less disk reads)
  • Adjusted ReportWarning() function to skip impact rating
  • Improved report on screen by leaving out date/time and type
  • Redirect errors while checking for OpenSSL version
  • Extended reporting with firewall status and software
  • Adjusted naming of some operating systems to make them more consistent
  • Extended update check by using host binary if dig is not installed
  • Count number of installed binaries/packages and report them
  • Report about log rotation tool and status
  • Updated man page

New in Lynis 1.4.2 (Feb 20, 2014)

  • New:
  • Support for the dntpd time daemon
  • New Apache test for modules [HTTP-6632]
  • Apache test for mod_evasive [HTTP-6640]
  • Apache test for mod_qos [HTTP-6641]
  • Apache test for mod_spamhaus [HTTP-6642]
  • Apache test for ModSecurity [HTTP-6643]
  • Check for installed package audit tool [PKGS-7398]
  • Added initial support for new pkgng and related tools [PKGS-7381]
  • Check for ssh-keyscan binary
  • ZFS support for FreeBSD [FILE-6330]
  • Test for passwordless accounts [AUTH-9283]
  • Initial OS support for DragonFly BSD
  • Initial OS support for TrueOS (FreeBSD based)
  • Initial OS support for elementary OS (Luna)
  • GetHostID for DragonFly, FreeBSD, NetBSD and OpenBSD
  • Check for DHCP client [NETW-3030]
  • Initial support for OSSEC (system integrity) [FINT-4328]
  • New parameter --log-file to adjust log file location
  • New function IsRunning() to check status of processes
  • New function RealFilename() to determine file name
  • New function CheckItem() for parsing files
  • New function ReportManual() and ReportException() to simplify code
  • New function DirectoryExists() to check existence of a directory
  • Support for dntpd [TIME-3104]
  • Changes:
  • Extended pf checks for FreeBSD/OpenBSD and others [FIRE-4518]
  • Extended test to gather listening network ports for Linux [NETW-3012]
  • Adjusted lsof statement to ignore warnings (e.g. fuse) [LOGG-2180] [LOGG-2190]
  • Added suggestion for discovered shells on FreeBSD [AUTH-9218]
  • Extended core dump test with additional details [KRNL-5820]
  • Properly display suggestion if portaudit is not installed [PKGS-7382]
  • Ignore message if no packages are installed (pkg_info) [PKGS-7320]
  • Also try using apt-check on Debian systems [PKGS-7392]
  • Adjusted logging for RPM binary on systems not using it [PKGS-7308]
  • Extended search in cron directories for rdate/ntpdate [TIME-3104]
  • Adjusted PHP check to find ini files [PHP-2211]
  • Skip Apache test for NetBSD [HTTP-6622]
  • Skip test http version check for NetBSD [HTTP-6624]
  • Additional check to surpress sort error [HTTP-6626]
  • Improved the way binaries are checked (less disk reads)
  • Adjusted ReportWarning() function to skip impact rating
  • Improved report on screen by leaving out date/time and type
  • Redirect errors while checking for OpenSSL version
  • Extended reporting with firewall status and software
  • Adjusted naming of some operating systems to make them more consistent
  • Extended update check by using host binary if dig is not installed
  • Count number of installed binaries/packages and report them
  • Report about log rotation tool and status
  • Updated man page

New in Lynis 1.4.1 (Feb 15, 2014)

  • New:
  • Support for the dntpd time daemon
  • New Apache test for modules [HTTP-6632]
  • Apache test for mod_evasive [HTTP-6640]
  • Apache test for mod_qos [HTTP-6641]
  • Apache test for mod_spamhaus [HTTP-6642]
  • Apache test for ModSecurity [HTTP-6643]
  • Check for installed package audit tool [PKGS-7398]
  • Added initial support for new pkgng and related tools [PKGS-7381]
  • Check for ssh-keyscan binary
  • ZFS support for FreeBSD [FILE-6330]
  • Test for passwordless accounts [AUTH-9283]
  • Initial OS support for DragonFly BSD
  • Initial OS support for TrueOS (FreeBSD based)
  • Initial OS support for elementary OS (Luna)
  • GetHostID for DragonFly, FreeBSD, NetBSD and OpenBSD
  • Check for DHCP client [NETW-3030]
  • Initial support for OSSEC (system integrity) [FINT-4328]
  • New parameter --log-file to adjust log file location
  • New function IsRunning() to check status of processes
  • New function RealFilename() to determine file name
  • New function CheckItem() for parsing files
  • New function ReportManual() and ReportException() to simplify code
  • New function DirectoryExists() to check existence of a directory
  • Support for dntpd [TIME-3104]
  • Changes:
  • Extended pf checks for FreeBSD/OpenBSD and others [FIRE-4518]
  • Extended test to gather listening network ports for Linux [NETW-3012]
  • Adjusted lsof statement to ignore warnings (e.g. fuse) [LOGG-2180] [LOGG-2190]
  • Added suggestion for discovered shells on FreeBSD [AUTH-9218]
  • Extended core dump test with additional details [KRNL-5820]
  • Properly display suggestion if portaudit is not installed [PKGS-7382]
  • Ignore message if no packages are installed (pkg_info) [PKGS-7320]
  • Also try using apt-check on Debian systems [PKGS-7392]
  • Adjusted logging for RPM binary on systems not using it [PKGS-7308]
  • Extended search in cron directories for rdate/ntpdate [TIME-3104]
  • Adjusted PHP check to find ini files [PHP-2211]
  • Skip Apache test for NetBSD [HTTP-6622]
  • Skip test http version check for NetBSD [HTTP-6624]
  • Additional check to surpress sort error [HTTP-6626]
  • Improved the way binaries are checked (less disk reads)
  • Adjusted ReportWarning() function to skip impact rating
  • Improved report on screen by leaving out date/time and type
  • Redirect errors while checking for OpenSSL version
  • Extended reporting with firewall status and software
  • Adjusted naming of some operating systems to make them more consistent
  • Extended update check by using host binary if dig is not installed
  • Count number of installed binaries/packages and report them
  • Report about log rotation tool and status
  • Updated man page

New in Lynis 1.4.0 (Jan 29, 2014)

  • This version adds several improvements to support AIX better, hostid creation, ignoring of the LANG value, and extension of a few tests.

New in Lynis 1.3.9 (Jan 10, 2014)

  • New:
  • Support for the dntpd time daemon
  • New Apache test for modules [HTTP-6632]
  • Apache test for mod_evasive [HTTP-6640]
  • Apache test for mod_qos [HTTP-6641]
  • Apache test for mod_spamhaus [HTTP-6642]
  • Apache test for ModSecurity [HTTP-6643]
  • Check for installed package audit tool [PKGS-7398]
  • Added initial support for new pkgng and related tools [PKGS-7381]
  • Check for ssh-keyscan binary
  • ZFS support for FreeBSD [FILE-6330]
  • Test for passwordless accounts [AUTH-9283]
  • Initial OS support for DragonFly BSD
  • Initial OS support for TrueOS (FreeBSD based)
  • Initial OS support for elementary OS (Luna)
  • GetHostID for DragonFly, FreeBSD, NetBSD and OpenBSD
  • Check for DHCP client [NETW-3030]
  • Initial support for OSSEC (system integrity) [FINT-4328]
  • New parameter --log-file to adjust log file location
  • New function IsRunning() to check status of processes
  • New function RealFilename() to determine file name
  • New function CheckItem() for parsing files
  • New function ReportManual() and ReportException() to simplify code
  • New function DirectoryExists() to check existence of a directory
  • Support for dntpd [TIME-3104]
  • Changes:
  • Extended pf checks for FreeBSD/OpenBSD and others [FIRE-4518]
  • Extended test to gather listening network ports for Linux [NETW-3012]
  • Adjusted lsof statement to ignore warnings (e.g. fuse) [LOGG-2180] [LOGG-2190]
  • Added suggestion for discovered shells on FreeBSD [AUTH-9218]
  • Extended core dump test with additional details [KRNL-5820]
  • Properly display suggestion if portaudit is not installed [PKGS-7382]
  • Ignore message if no packages are installed (pkg_info) [PKGS-7320]
  • Also try using apt-check on Debian systems [PKGS-7392]
  • Adjusted logging for RPM binary on systems not using it [PKGS-7308]
  • Extended search in cron directories for rdate/ntpdate [TIME-3104]
  • Adjusted PHP check to find ini files [PHP-2211]
  • Skip Apache test for NetBSD [HTTP-6622]
  • Skip test http version check for NetBSD [HTTP-6624]
  • Additional check to surpress sort error [HTTP-6626]
  • Improved the way binaries are checked (less disk reads)
  • Adjusted ReportWarning() function to skip impact rating
  • Improved report on screen by leaving out date/time and type
  • Redirect errors while checking for OpenSSL version
  • Extended reporting with firewall status and software
  • Adjusted naming of some operating systems to make them more consistent
  • Extended update check by using host binary if dig is not installed
  • Count number of installed binaries/packages and report them
  • Report about log rotation tool and status
  • Updated man page

New in Lynis 1.3.8 (Dec 27, 2013)

  • This version adds a new parameter (--view-categories), eight new tests, and several improvements to existing tests and functions.

New in Lynis 1.3.6 (Dec 4, 2013)

  • New:
  • Support for the dntpd time daemon
  • New Apache test for modules [HTTP-6632]
  • Apache test for mod_evasive [HTTP-6640]
  • Apache test for mod_qos [HTTP-6641]
  • Apache test for mod_spamhaus [HTTP-6642]
  • Apache test for ModSecurity [HTTP-6643]
  • Check for installed package audit tool [PKGS-7398]
  • Added initial support for new pkgng and related tools [PKGS-7381]
  • Check for ssh-keyscan binary
  • ZFS support for FreeBSD [FILE-6330]
  • Test for passwordless accounts [AUTH-9283]
  • Initial OS support for DragonFly BSD
  • Initial OS support for TrueOS (FreeBSD based)
  • Initial OS support for elementary OS (Luna)
  • GetHostID for DragonFly, FreeBSD, NetBSD and OpenBSD
  • Check for DHCP client [NETW-3030]
  • Initial support for OSSEC (system integrity) [FINT-4328]
  • New parameter --log-file to adjust log file location
  • New function IsRunning() to check status of processes
  • New function RealFilename() to determine file name
  • New function CheckItem() for parsing files
  • New function ReportManual() and ReportException() to simplify code
  • New function DirectoryExists() to check existence of a directory
  • Support for dntpd [TIME-3104]
  • Changes:
  • Extended pf checks for FreeBSD/OpenBSD and others [FIRE-4518]
  • Extended test to gather listening network ports for Linux [NETW-3012]
  • Adjusted lsof statement to ignore warnings (e.g. fuse) [LOGG-2180] [LOGG-2190]
  • Added suggestion for discovered shells on FreeBSD [AUTH-9218]
  • Extended core dump test with additional details [KRNL-5820]
  • Properly display suggestion if portaudit is not installed [PKGS-7382]
  • Ignore message if no packages are installed (pkg_info) [PKGS-7320]
  • Also try using apt-check on Debian systems [PKGS-7392]
  • Adjusted logging for RPM binary on systems not using it [PKGS-7308]
  • Extended search in cron directories for rdate/ntpdate [TIME-3104]
  • Adjusted PHP check to find ini files [PHP-2211]
  • Skip Apache test for NetBSD [HTTP-6622]
  • Skip test http version check for NetBSD [HTTP-6624]
  • Additional check to surpress sort error [HTTP-6626]
  • Improved the way binaries are checked (less disk reads)
  • Adjusted ReportWarning() function to skip impact rating
  • Improved report on screen by leaving out date/time and type
  • Redirect errors while checking for OpenSSL version
  • Extended reporting with firewall status and software
  • Adjusted naming of some operating systems to make them more consistent
  • Extended update check by using host binary if dig is not installed
  • Count number of installed binaries/packages and report them
  • Report about log rotation tool and status
  • Updated man page

New in Lynis 1.3.5 (Nov 20, 2013)

  • New:
  • OS detection for Mageia Linux, PCLinuxOS, Sabayon Linux and Scientific Linux
  • Added some initial systemd support (e.g. boot services)
  • Test to display if any known MAC framework is implemented [MACF-6290]
  • Changes:
  • Improved support for Slackware Linux (OS and version detection)
  • Added systemd support (boot and running services) for Linux systems [BOOT-5177]
  • Added systemd support (default runlevel) for Linux systems [KRNL-5622]
  • Extended USB storage check in modprobe.d directory [STRG-1840]
  • Improved output, reporting and check for kernel update [KRNL-5788]
  • Optimized code and output of test to check writable scripts [BOOT-5184]
  • Fixed detection for writable scripts [BOOT-5184]
  • Improved detection IPv6 addresses for Slackware and others [NETW-3008]
  • Minor addition to SSH PermitRootLogin check [SSH-7412]
  • Extended cronjob tests, reporting and logging [SCHD-7704]
  • Extended umask check in /etc/profile [AUTH-9328]
  • Added suggestion about BIND version [NAME-4210]
  • Merged test NTP daemon test TIME-3108 into TIME-3104
  • Improved support for Arch Linux (output, detection)
  • Extended common list of directories with SSL certifcates in profile
  • New function GetHostID() to determine an unique identifier of the machine
  • Added a tests_custom file template
  • Perform file permissions test on tests_custom file
  • Improved OS detection and extended logging on several tests
  • Several layout improvements
  • Extended update check functions and output
  • Cleaned up reporting and extended it with exceptions

New in Lynis 1.3.4 (Nov 9, 2013)

  • This version add OS detection support for Arch Linux and the systemd journal.
  • It also improves several checks so the results are improved, including screen output.

New in Lynis 1.3.3 (Oct 25, 2013)

  • This version has improved support for NTP time syncing (client or daemon) and improved tests for empty shells on FreeBSD.
  • Logging has been extended and small corrections have been made.

New in Lynis 1.3.2 (Oct 10, 2013)

  • New:
  • Test for PowerDNS authoritive servers (master/slave status) [NAME-4238]
  • Changes:
  • CUPS test extended with hardening rules [PRNT-2308]
  • Added hardening points to sticky bit on /tmp [FILE-6362]
  • Extended Ubuntu security packages check [PKGS-7392]
  • Improved update check, show when no check is performed
  • Added additional check for binaries, so checks on CentOS work correctly
  • Added word 'restricted' to banner strings
  • Adjusted wording for Debian packages purge [PKGS-7346]
  • Corrected listing of purgable packages [PKGS-7346]
  • Adjusted yum-plugin-security check due to package changes [PKGS-7386]

New in Lynis 1.3.1 (Oct 4, 2013)

  • Updated generic references in files
  • Fixed detection of several binaries (AFICK/awk)
  • Performance tweaks when checking for binaries
  • Fixed core dump check and dumpable sysctl [KRNL-5820]
  • Force test to always to check for binaries [FILE-7502]
  • Changed detection to egrep [DBS-1840]
  • Adjusted variable checking for Solaris [HOME-9310]
  • Adjusted search in modprobe directory [STRG-1840] [STRG-1846]

New in Lynis 1.3.0 (Dec 26, 2011)

  • Some tests have been extended and a few new ones have been added to this release.
  • There are also improvements for the screen output and logging.

New in Lynis 1.2.6 (Apr 6, 2009)

  • New:
  • Sudoers file permissions check [AUTH-9252]
  • Core dumps configuration check for Linux [KRNL-5820]
  • PHP disabled functions check [PHP-2320]
  • PHP enable_dl function check [PHP-2374]
  • PHP allow_url_fopen function check [PHP-2376]
  • OpenBSD smtpd status check [MAIL-8920]
  • /etc/issue check [BANN-7124]
  • /etc/issue legal keywords check [BANN-7126]
  • Show suggestions in report
  • Changes:
  • Extended support for Red Hat, CentOS and Fedora
  • Extended ACL test to test for default mount options as well [FILE-6368]
  • Exim status test fixed [MAIL-8812]
  • Corrected yum security check [PKGS-7386]
  • Replaced LDAP test AUTH-9238 with [AUTH-9402]
  • Removed backquotes when locate database is not available [FILE-6410]
  • Added /etc/openldap to search path for OpenLDAP
  • Fixed typo in crontab path [SCHD-7704]
  • Don't show message "No volume groups found" if LVM isn't used [FILE-6310]
  • Corrected Syslog-NG status [LOGG-2132]
  • Moved TODO to dev directory

New in Lynis 1.2.5 (Mar 27, 2009)

  • New:
  • slapd.conf check [LDAP-2224]
  • atd status test [SCHD-7718]
  • Check LDAP module in PAM [AUTH-9278]
  • Check Dovecot status check [MAIL-8838]
  • Check log directories from newsyslog.conf [LOGG-2162]
  • Check log directories from static list [LOGG-2170]
  • Check log directories from logrotate configuration [LOGG-2150]
  • syslog check for remote logging [LOGG-2154]
  • Open log files check [LOGG-2180]
  • Deleted file check [LOGG-2190]
  • Solaris active kernel modules check [KRNL-5770]
  • Solaris audit daemon status check [ACCT-9650]
  • Solaris audit daemon service status [ACCT-9652]
  • Solaris audit daemon BSM check [ACCT-9654]
  • Solaris audit logging location check [ACCT-9662]
  • Solaris audit statistics check [ACCT-9672]
  • Check for installed compiler [HRDN-7202]
  • BIND process check [NAME-4202]
  • BIND configuration file check [NAME-4204]
  • BIND configuration consistency check [NAME-4206]
  • BIND version check via DNS [NAME-4210]
  • Default domain check (/etc/resolv.conf) [NAME-4016]
  • Search domains in /etc/resolv.conf check [NAME-4018]
  • Parse /etc/resolv.conf options [NAME-4020]
  • Solaris /etc/nodename check [NAME-4026]
  • DNS domain checks [NAME-4028]
  • NSCD status check [NAME-4032]
  • PowerDNS presence check [NAME-4230]
  • PowerDNS configuration file check [NAME-4232]
  • PowerDNS backend check [NAME-4236]
  • ypbind status check [NAME-4302]
  • Log specific defined SSH daemon options [SSH-7408]
  • SSH protocol version check [SSH-7414]
  • NIS domain checks [NAME-4304]
  • Check pending at jobs [SCHD-7724]
  • LVM volume group scan [FILE-6310]
  • LVM volumes check [FILE-6312]
  • Locate database check [FILE-6410]
  • nginx configuration file check [HTTP-6704]
  • Exim status check [MAIL-8802]
  • Postfix status check [MAIL-8814]
  • Changes:
  • atd needs to run before testing at files [SCHD-7720]
  • Removed Solaris OS requirement from logrotate test [LOGG-2148]
  • Sanitized output from logrotate test [LOGG-2148]
  • Skip comment fields in loghost check [LOGG-2152]
  • Changed auditd tests to Linux only
  • Binary scan optimized and partially combined with other check
  • Only perform iptables tests if kernel module is active
  • Don't show message when /etc/shells can't be found [SHLL-6211]
  • Check /var/spool/cron/crontabs first, if it exists [SCHD-7704]
  • Renumbered FreeBSD test SHLL-7225 [SHLL-6202]
  • Renumbered malware test MALW-3292 [HRDN-7230]
  • Improved grep on process status [PRNT-2304]
  • Ignore comment lines for nginx log file check [HTTP-6720]
  • Added file check for nginx log files [HTTP-6720]
  • Display IP addresses only of NTP tests [TIME-3124]
  • Fixed Postfix configuration directory path [MAIL-8816]
  • Redirected output of yum package duplicate check [PKGS-7384]
  • Ignore comment lines for lilo test [BOOT-5139]
  • Fixed incorrect iptables status and correct logging [FIRE-4511]
  • Check SNMP configuration only if SNMP daemon runs [SNMP-3304]
  • Don't scan PAM directories which are symlinks [AUTH-9268]
  • Changed hardening category to hardening_tools
  • Adjusted hardening points of several tests
  • Log and display improvements for several tests

New in Lynis 1.2.4 (Mar 17, 2009)

  • This release adds more than 30 new tests, including NTP, auditd, PAM, NFS and ClamAV.
  • It introduces several new features (i.e. hardening index), parameters (i.e. --tests-category), and some small bugfixes.
  • Screen output on Solaris has been improved.

New in Lynis 1.2.3 (Mar 2, 2009)

  • This release contains many new tests, like status checks for Syslog-NG, klogd, and minilogd. Several inetd and logging tests have been added.
  • Two new categories (Insecure services and SNMP) are included, and several problems related to Solaris have been fixed.

New in Lynis 1.2.2 (Feb 15, 2009)

  • This release brings support for MySQL (client) and several new testings including MySQL, sysstat, and SSH.
  • It also contains adjusted tests, bugfixes, and minor improvements like screen and log file output.

New in Lynis 1.2.1 (Sep 7, 2008)

  • This release adds support for SELinux, Samba, PAM, and password expire checks.
  • A new option (--tests) is available to run specific audit tests only.
  • Beside the new additions, lots of small issues were solved.
  • Logging, reporting, and screen output were improved.

New in Lynis 1.2.0 (Aug 27, 2008)

  • This release adds 8 new tests (a Solaris password test, and support for AFICK, AIDE, Osiris, Samhain, Tripwire, NIS, and NIS authentication).
  • PID file handling and logging are improved, some tests were slighty rewritten, and a man page check has been added when using --view-manpage.