All Versions
12
Latest Version
Avg Release Cycle
75 days
Latest Release
1347 days ago

Changelog History
Page 1

  • v3.0.1 Changes

    October 05, 2020

    Lynis 3.0.1 (2020-10-05)

    ➕ Added

    • 🐧 Detection of Alpine Linux
    • 🐧 Detection of CloudLinux
    • 🐧 Detection of Kali Linux
    • 🐧 Detection of Linux Mint
    • 🍎 Detection of macOS Big Sur (11.0)
    • Detection of Pop!_OS
    • Detection of PHP 7.4
    • Malware detection tool: Microsoft Defender ATP
    • 🆕 New flag: --slow-warning to allow tests more time before showing a warning
    • 🔀 Test TIME-3185 to check systemd-timesyncd synchronized time
    • rsh host file permissions

    🔄 Changed

    • 🛠 AUTH-9229 - Added option for LOCKED accounts and bugfix for older bash versions
    • BOOT-5122 - Presence check for grub.d added
    • 👍 CRYP-7902 - Added support for certificates in DER format
    • CRYP-7931 - Added data to report
    • CRYP-7931 - Redirect errors (e.g. when swap is not encrypted)
    • FILE-6430 - Don't grep nonexistant modprobe.d files
    • FIRE-4535 - Set initial firewall state
    • INSE-8312 - Corrected text on screen
    • 🔧 KRNL-5728 - Handle zipped kernel configuration correctly
    • KRNL-5830 - Improved version detection for non-symlinked kernel
    • MALW-3280 - Extended detection of BitDefender
    • 🔀 TIME-3104 - Find more time synchronization commands
    • TIME-3182 - Corrected detection of time peers
    • 🛠 Fix: hostid generation routine would sometimes show too short IDs
    • 🛠 Fix: language detection
    • 🍎 Generic improvements for macOS
    • ⚡️ German translation updated
    • ⚡️ End-of-life database updated
    • Several minor code enhancements
  • v3.0.0 Changes

    June 18, 2020

    🚀 Major release with security fixes. See CHANGELOG for all details.

  • v2.7.5 Changes

    June 24, 2019

    Lynis 2.7.5 (2019-06-24)

    ➕ Added

    • 🌐 Danish translation
    • Slackware end-of-life information
    • 💅 Detect BSD-style (rc.d) init in Linux systems
    • Detection of Bro and Suricata (IDS)

    🔄 Changed

    • Corrected end-of-life entries for CentOS 5 and 6
    • AUTH-9204 - change name to check in /etc/passwd file for QNAP devices
    • AUTH-9268 - AIX enhancement to use correct find statement
    • FILE-6310 - Filter on correct field for AIX
    • 🐧 NETW-3012 - set ss command as preferred option for Linux and changed output format
    • List of PHP ini file locations has been extended
    • ✂ Removed several pieces of the code as part of cleanup and code health
    • Extended help
  • v2.7.4 Changes

    April 21, 2019

    Lynis 2.7.4 (2019-04-21)

    🚀 This is a bigger release than usual, including several new tests created by
    🚀 Capashenn (GitHub). It is a coincidence that it is released exactly one month
    after the previous version and on Easter. No easter eggs, only improvements!

    ➕ Added

    • FILE-6324 - Discover XFS mount points
    • 📦 INSE-8000 - Installed inetd package
    • 📦 INSE-8100 - Installed xinetd package
    • INSE-8102 - Status of xinet daemon
    • 🔧 INSE-8104 - xinetd configuration file
    • 🔧 INSE-8106 - xinetd configuration for inactive daemon
    • INSE-8200 - Usage of TCP wrappers
    • INSE-8300 - Presence of rsh client
    • INSE-8302 - Presence of rsh server
    • Detect equery binary detection
    • 🆕 New 'generate' command

    🔄 Changed

    • ✅ AUTH-9278 - Test LDAP in all PAM components on Red Hat and other systems
    • 📦 PKGS-7410 - Add support for DPKG-based systems to gather installed kernel packages
    • ⬆️ PKGS-7420 - Detect toolkit to automatically download and apply upgrades
    • PKGS-7328 - Added global Zypper option --non-interactive
    • PKGS-7330 - Added global Zypper option --non-interactive
    • 📦 PKGS-7386 - Only show warning when vulnerable packages were discovered
    • ✅ PKGS-7392 - Skip test for Zypper-based systems
    • ✅ Minor changes to improve text output, test descriptions, and logging
    • 🔄 Changed CentOS identifiers in end-of-life database
    • AIX enhancement for IsRunning function
    • 📦 Extended PackageIsInstalled function
    • 👌 Improve text output on AIX systems
    • Corrected lsvg binary detection
  • v2.7.3 Changes

    March 21, 2019

    Lynis 2.7.3 (2019-03-21)

    ➕ Added

    • ⏱ Detection for Lynis being scheduled (e.g. cronjob)

    🔄 Changed

    • ✅ HTTP-6624 - Improved logging for test
    • 0️⃣ KRNL-5820 - Changed color for default fs.suid_dumpable value
    • 🔧 LOGG-2154 - Adjusted test to search in configuration file correctly
    • 👍 NETW-3015 - Added support for ip binary
    • ✅ SQD-3610 - Description of test changed
    • SQD-3613 - Corrected description in code
    • SSH-7408 - Increased values for MaxAuthRetries
    • 👌 Improvements to allow tailored tool tips in future
    • Corrected detection of blkid binary
    • Minor textual changes and cleanups
  • v2.7.2 Changes

    March 07, 2019

    Lynis 2.7.2 (2019-03-07)

    ➕ Added

    • 👍 AUTH-9409 - Support for doas (OpenBSD)
    • 🔧 AUTH-9410 - Test file permissions of doas configuration
    • 👍 BOOT-5117 - Support for systemd-boot boot loader added
    • BOOT-5177 - Simplify service filter and allow multiple dots in service names
    • BOOT-5262 - Check OpenBSD boot daemons
    • ✅ BOOT-5263 - Test permissions for boot files and scripts
    • 👌 Support for end-of-life detection of the operating system
    • 🆕 New 'lynis show eol' command
    • 🌐 Korean translation

    🔄 Changed

    • 👍 AUTH-9252 - Adds support for files in sudoers.d
    • ✅ AUTH-9252 - Test extended to check file and directory ownership
    • ⚠ BOOT-5122 - Use NONE instead of WARNING if no password is set
    • ✅ FIRE-4540 - Modify test to better measure rules
    • ⚠ KRNL-5788 - Resolve false positive warning on missing /vmlinuz
    • NETW-2704 - Ignore inline comments in /etc/resolv.conf
    • 🔒 PKGS-7388 - Improve detection for security archive
    • RPi/Raspian path to PAM_FILE_LOCATIONS
  • v2.7.1 Changes

    January 31, 2019

    Lynis 2.7.1 (2019-01-30)

    ➕ Added

    • 👌 Support for macOS Mojave
    • 🌐 Translation: Slovak

    🔄 Changed

    • 👯 AUTH-9282 - Improve support for Red Hat and clones
    • 👍 FIRE-4534 - Additional support for Hands Off!, LuLu, and Radio Silence
    • ✅ LOGG-2190 - Added MariaDB filter for deleted files (tested on CentOS)
    • SHLL-6230 - Add /etc/bash.bashrc.local to umask check
    • ✂ Removed shift statement that did not work on all operating systems
    • Minor cleanups and enhancements
    • 🌲 Small improvements to logging
  • v2.7.0 Changes

    October 26, 2018

    Lynis 2.7.0 (2018-10-26)

    ➕ Added

    • MACF-6240 - Detection of TOMOYO binary
    • MACF-6242 - Status of TOMOYO framework
    • SSH-7406 - OpenSSH server version detection
    • TOOL-5160 - Check active OSSEC analysis daemon

    🔄 Changed

    • 🔄 Changed several warning labels on screen
    • AUTH-9308 - More generic sulogin for systemd rescue.service
    • OS detection now ignores quotes for getting the OS ID.
  • v2.6.9 Changes

    September 19, 2018

    Lynis 2.6.9 (2018-09-19)

    🔄 Changed

    • ⚡️ Man page has been updated
    • Command 'lynis show options' provides up-to-date list
    • 🗄 Option '--dump-options' is deprecated
    • Several options and commands have been extended with more examples
    • 👍 OS detection now supports openSUSE specific distribution names
    • 🔄 Changed command output when using 'lynis audit system remote'
    • 👍 DBS-1882 - added /usr/local/redis/etc path and QNAP support
    • ⚡️ PKGS-7322 - updated solution text
    • 👻 KRNL-5788 - ignore exception when no vmlinuz file was discovered
    • ✅ TIME-3104 - extended logging for test
  • v2.6.8 Changes

    August 23, 2018

    Lynis 2.6.8 (2018-08-23)

    🔄 Changed

    • 📜 BOOT-5104 - improved parsing of boot parameters to init process
    • ✅ PHP-2372 - test all PHP files for expose_php and improved logging
    • 🐧 Alpine Linux detection for Docker audit
    • 🐳 Docker check now tests also for CMD, ENTRYPOINT, and USER configuration
    • 👌 Improved display in Docker output for showing which keys are used for signing