lynis changelog

Changelog History

Page 1

• v3.0.1 Changes

  October 05, 2020

  Lynis 3.0.1 (2020-10-05)

  ➕ Added

  • 🐧 Detection of Alpine Linux
  • 🐧 Detection of CloudLinux
  • 🐧 Detection of Kali Linux
  • 🐧 Detection of Linux Mint
  • 🍎 Detection of macOS Big Sur (11.0)
  • Detection of Pop!_OS
  • Detection of PHP 7.4
  • Malware detection tool: Microsoft Defender ATP
  • 🆕 New flag: --slow-warning to allow tests more time before showing a warning
  • 🔀 Test TIME-3185 to check systemd-timesyncd synchronized time
  • rsh host file permissions

  🔄 Changed

  • 🛠 AUTH-9229 - Added option for LOCKED accounts and bugfix for older bash versions
  • BOOT-5122 - Presence check for grub.d added
  • 👍 CRYP-7902 - Added support for certificates in DER format
  • CRYP-7931 - Added data to report
  • CRYP-7931 - Redirect errors (e.g. when swap is not encrypted)
  • FILE-6430 - Don't grep nonexistant modprobe.d files
  • FIRE-4535 - Set initial firewall state
  • INSE-8312 - Corrected text on screen
  • 🔧 KRNL-5728 - Handle zipped kernel configuration correctly
  • KRNL-5830 - Improved version detection for non-symlinked kernel
  • MALW-3280 - Extended detection of BitDefender
  • 🔀 TIME-3104 - Find more time synchronization commands
  • TIME-3182 - Corrected detection of time peers
  • 🛠 Fix: hostid generation routine would sometimes show too short IDs
  • 🛠 Fix: language detection
  • 🍎 Generic improvements for macOS
  • ⚡️ German translation updated
  • ⚡️ End-of-life database updated
  • Several minor code enhancements

• v3.0.0 Changes

  June 18, 2020

  🚀 Major release with security fixes. See CHANGELOG for all details.

• v2.7.5 Changes

  June 24, 2019

  Lynis 2.7.5 (2019-06-24)

  ➕ Added

  • 🌐 Danish translation
  • Slackware end-of-life information
  • 💅 Detect BSD-style (rc.d) init in Linux systems
  • Detection of Bro and Suricata (IDS)

  🔄 Changed

  • Corrected end-of-life entries for CentOS 5 and 6
  • AUTH-9204 - change name to check in /etc/passwd file for QNAP devices
  • AUTH-9268 - AIX enhancement to use correct find statement
  • FILE-6310 - Filter on correct field for AIX
  • 🐧 NETW-3012 - set ss command as preferred option for Linux and changed output format
  • List of PHP ini file locations has been extended
  • ✂ Removed several pieces of the code as part of cleanup and code health
  • Extended help

• v2.7.4 Changes

  April 21, 2019

  Lynis 2.7.4 (2019-04-21)

  🚀 This is a bigger release than usual, including several new tests created by
  🚀 Capashenn (GitHub). It is a coincidence that it is released exactly one month
  after the previous version and on Easter. No easter eggs, only improvements!

  ➕ Added

  • FILE-6324 - Discover XFS mount points
  • 📦 INSE-8000 - Installed inetd package
  • 📦 INSE-8100 - Installed xinetd package
  • INSE-8102 - Status of xinet daemon
  • 🔧 INSE-8104 - xinetd configuration file
  • 🔧 INSE-8106 - xinetd configuration for inactive daemon
  • INSE-8200 - Usage of TCP wrappers
  • INSE-8300 - Presence of rsh client
  • INSE-8302 - Presence of rsh server
  • Detect equery binary detection
  • 🆕 New 'generate' command

  🔄 Changed

  • ✅ AUTH-9278 - Test LDAP in all PAM components on Red Hat and other systems
  • 📦 PKGS-7410 - Add support for DPKG-based systems to gather installed kernel packages
  • ⬆️ PKGS-7420 - Detect toolkit to automatically download and apply upgrades
  • PKGS-7328 - Added global Zypper option --non-interactive
  • PKGS-7330 - Added global Zypper option --non-interactive
  • 📦 PKGS-7386 - Only show warning when vulnerable packages were discovered
  • ✅ PKGS-7392 - Skip test for Zypper-based systems
  • ✅ Minor changes to improve text output, test descriptions, and logging
  • 🔄 Changed CentOS identifiers in end-of-life database
  • AIX enhancement for IsRunning function
  • 📦 Extended PackageIsInstalled function
  • 👌 Improve text output on AIX systems
  • Corrected lsvg binary detection

• v2.7.3 Changes

  March 21, 2019

  Lynis 2.7.3 (2019-03-21)

  ➕ Added

  • ⏱ Detection for Lynis being scheduled (e.g. cronjob)

  🔄 Changed

  • ✅ HTTP-6624 - Improved logging for test
  • 0️⃣ KRNL-5820 - Changed color for default fs.suid_dumpable value
  • 🔧 LOGG-2154 - Adjusted test to search in configuration file correctly
  • 👍 NETW-3015 - Added support for ip binary
  • ✅ SQD-3610 - Description of test changed
  • SQD-3613 - Corrected description in code
  • SSH-7408 - Increased values for MaxAuthRetries
  • 👌 Improvements to allow tailored tool tips in future
  • Corrected detection of blkid binary
  • Minor textual changes and cleanups

• v2.7.2 Changes

  March 07, 2019

  Lynis 2.7.2 (2019-03-07)

  ➕ Added

  • 👍 AUTH-9409 - Support for doas (OpenBSD)
  • 🔧 AUTH-9410 - Test file permissions of doas configuration
  • 👍 BOOT-5117 - Support for systemd-boot boot loader added
  • BOOT-5177 - Simplify service filter and allow multiple dots in service names
  • BOOT-5262 - Check OpenBSD boot daemons
  • ✅ BOOT-5263 - Test permissions for boot files and scripts
  • 👌 Support for end-of-life detection of the operating system
  • 🆕 New 'lynis show eol' command
  • 🌐 Korean translation

  🔄 Changed

  • 👍 AUTH-9252 - Adds support for files in sudoers.d
  • ✅ AUTH-9252 - Test extended to check file and directory ownership
  • ⚠ BOOT-5122 - Use NONE instead of WARNING if no password is set
  • ✅ FIRE-4540 - Modify test to better measure rules
  • ⚠ KRNL-5788 - Resolve false positive warning on missing /vmlinuz
  • NETW-2704 - Ignore inline comments in /etc/resolv.conf
  • 🔒 PKGS-7388 - Improve detection for security archive
  • RPi/Raspian path to PAM_FILE_LOCATIONS

• v2.7.1 Changes

  January 31, 2019

  Lynis 2.7.1 (2019-01-30)

  ➕ Added

  • 👌 Support for macOS Mojave
  • 🌐 Translation: Slovak

  🔄 Changed

  • 👯 AUTH-9282 - Improve support for Red Hat and clones
  • 👍 FIRE-4534 - Additional support for Hands Off!, LuLu, and Radio Silence
  • ✅ LOGG-2190 - Added MariaDB filter for deleted files (tested on CentOS)
  • SHLL-6230 - Add /etc/bash.bashrc.local to umask check
  • ✂ Removed shift statement that did not work on all operating systems
  • Minor cleanups and enhancements
  • 🌲 Small improvements to logging

• v2.7.0 Changes

  October 26, 2018

  Lynis 2.7.0 (2018-10-26)

  ➕ Added

  • MACF-6240 - Detection of TOMOYO binary
  • MACF-6242 - Status of TOMOYO framework
  • SSH-7406 - OpenSSH server version detection
  • TOOL-5160 - Check active OSSEC analysis daemon

  🔄 Changed

  • 🔄 Changed several warning labels on screen
  • AUTH-9308 - More generic sulogin for systemd rescue.service
  • OS detection now ignores quotes for getting the OS ID.

• v2.6.9 Changes

  September 19, 2018

  Lynis 2.6.9 (2018-09-19)

  🔄 Changed

  • ⚡️ Man page has been updated
  • Command 'lynis show options' provides up-to-date list
  • 🗄 Option '--dump-options' is deprecated
  • Several options and commands have been extended with more examples
  • 👍 OS detection now supports openSUSE specific distribution names
  • 🔄 Changed command output when using 'lynis audit system remote'
  • 👍 DBS-1882 - added /usr/local/redis/etc path and QNAP support
  • ⚡️ PKGS-7322 - updated solution text
  • 👻 KRNL-5788 - ignore exception when no vmlinuz file was discovered
  • ✅ TIME-3104 - extended logging for test

• v2.6.8 Changes

  August 23, 2018

  Lynis 2.6.8 (2018-08-23)

  🔄 Changed

  • 📜 BOOT-5104 - improved parsing of boot parameters to init process
  • ✅ PHP-2372 - test all PHP files for expose_php and improved logging
  • 🐧 Alpine Linux detection for Docker audit
  • 🐳 Docker check now tests also for CMD, ENTRYPOINT, and USER configuration
  • 👌 Improved display in Docker output for showing which keys are used for signing

• 1
• 2
• Next ›
• Last »