All Versions
Latest Version
Avg Release Cycle
75 days
Latest Release
845 days ago

Changelog History
Page 1

  • v3.0.1 Changes

    October 05, 2020

    Lynis 3.0.1 (2020-10-05)

    โž• Added

    • ๐Ÿง Detection of Alpine Linux
    • ๐Ÿง Detection of CloudLinux
    • ๐Ÿง Detection of Kali Linux
    • ๐Ÿง Detection of Linux Mint
    • ๐ŸŽ Detection of macOS Big Sur (11.0)
    • Detection of Pop!_OS
    • Detection of PHP 7.4
    • Malware detection tool: Microsoft Defender ATP
    • ๐Ÿ†• New flag: --slow-warning to allow tests more time before showing a warning
    • ๐Ÿ”€ Test TIME-3185 to check systemd-timesyncd synchronized time
    • rsh host file permissions

    ๐Ÿ”„ Changed

    • ๐Ÿ›  AUTH-9229 - Added option for LOCKED accounts and bugfix for older bash versions
    • BOOT-5122 - Presence check for grub.d added
    • ๐Ÿ‘ CRYP-7902 - Added support for certificates in DER format
    • CRYP-7931 - Added data to report
    • CRYP-7931 - Redirect errors (e.g. when swap is not encrypted)
    • FILE-6430 - Don't grep nonexistant modprobe.d files
    • FIRE-4535 - Set initial firewall state
    • INSE-8312 - Corrected text on screen
    • ๐Ÿ”ง KRNL-5728 - Handle zipped kernel configuration correctly
    • KRNL-5830 - Improved version detection for non-symlinked kernel
    • MALW-3280 - Extended detection of BitDefender
    • ๐Ÿ”€ TIME-3104 - Find more time synchronization commands
    • TIME-3182 - Corrected detection of time peers
    • ๐Ÿ›  Fix: hostid generation routine would sometimes show too short IDs
    • ๐Ÿ›  Fix: language detection
    • ๐ŸŽ Generic improvements for macOS
    • โšก๏ธ German translation updated
    • โšก๏ธ End-of-life database updated
    • Several minor code enhancements
  • v3.0.0 Changes

    June 18, 2020

    ๐Ÿš€ Major release with security fixes. See CHANGELOG for all details.

  • v2.7.5 Changes

    June 24, 2019

    Lynis 2.7.5 (2019-06-24)

    โž• Added

    • ๐ŸŒ Danish translation
    • Slackware end-of-life information
    • ๐Ÿ’… Detect BSD-style (rc.d) init in Linux systems
    • Detection of Bro and Suricata (IDS)

    ๐Ÿ”„ Changed

    • Corrected end-of-life entries for CentOS 5 and 6
    • AUTH-9204 - change name to check in /etc/passwd file for QNAP devices
    • AUTH-9268 - AIX enhancement to use correct find statement
    • FILE-6310 - Filter on correct field for AIX
    • ๐Ÿง NETW-3012 - set ss command as preferred option for Linux and changed output format
    • List of PHP ini file locations has been extended
    • โœ‚ Removed several pieces of the code as part of cleanup and code health
    • Extended help
  • v2.7.4 Changes

    April 21, 2019

    Lynis 2.7.4 (2019-04-21)

    ๐Ÿš€ This is a bigger release than usual, including several new tests created by
    ๐Ÿš€ Capashenn (GitHub). It is a coincidence that it is released exactly one month
    after the previous version and on Easter. No easter eggs, only improvements!

    โž• Added

    • FILE-6324 - Discover XFS mount points
    • ๐Ÿ“ฆ INSE-8000 - Installed inetd package
    • ๐Ÿ“ฆ INSE-8100 - Installed xinetd package
    • INSE-8102 - Status of xinet daemon
    • ๐Ÿ”ง INSE-8104 - xinetd configuration file
    • ๐Ÿ”ง INSE-8106 - xinetd configuration for inactive daemon
    • INSE-8200 - Usage of TCP wrappers
    • INSE-8300 - Presence of rsh client
    • INSE-8302 - Presence of rsh server
    • Detect equery binary detection
    • ๐Ÿ†• New 'generate' command

    ๐Ÿ”„ Changed

    • โœ… AUTH-9278 - Test LDAP in all PAM components on Red Hat and other systems
    • ๐Ÿ“ฆ PKGS-7410 - Add support for DPKG-based systems to gather installed kernel packages
    • โฌ†๏ธ PKGS-7420 - Detect toolkit to automatically download and apply upgrades
    • PKGS-7328 - Added global Zypper option --non-interactive
    • PKGS-7330 - Added global Zypper option --non-interactive
    • ๐Ÿ“ฆ PKGS-7386 - Only show warning when vulnerable packages were discovered
    • โœ… PKGS-7392 - Skip test for Zypper-based systems
    • โœ… Minor changes to improve text output, test descriptions, and logging
    • ๐Ÿ”„ Changed CentOS identifiers in end-of-life database
    • AIX enhancement for IsRunning function
    • ๐Ÿ“ฆ Extended PackageIsInstalled function
    • ๐Ÿ‘Œ Improve text output on AIX systems
    • Corrected lsvg binary detection
  • v2.7.3 Changes

    March 21, 2019

    Lynis 2.7.3 (2019-03-21)

    โž• Added

    • โฑ Detection for Lynis being scheduled (e.g. cronjob)

    ๐Ÿ”„ Changed

    • โœ… HTTP-6624 - Improved logging for test
    • 0๏ธโƒฃ KRNL-5820 - Changed color for default fs.suid_dumpable value
    • ๐Ÿ”ง LOGG-2154 - Adjusted test to search in configuration file correctly
    • ๐Ÿ‘ NETW-3015 - Added support for ip binary
    • โœ… SQD-3610 - Description of test changed
    • SQD-3613 - Corrected description in code
    • SSH-7408 - Increased values for MaxAuthRetries
    • ๐Ÿ‘Œ Improvements to allow tailored tool tips in future
    • Corrected detection of blkid binary
    • Minor textual changes and cleanups
  • v2.7.2 Changes

    March 07, 2019

    Lynis 2.7.2 (2019-03-07)

    โž• Added

    • ๐Ÿ‘ AUTH-9409 - Support for doas (OpenBSD)
    • ๐Ÿ”ง AUTH-9410 - Test file permissions of doas configuration
    • ๐Ÿ‘ BOOT-5117 - Support for systemd-boot boot loader added
    • BOOT-5177 - Simplify service filter and allow multiple dots in service names
    • BOOT-5262 - Check OpenBSD boot daemons
    • โœ… BOOT-5263 - Test permissions for boot files and scripts
    • ๐Ÿ‘Œ Support for end-of-life detection of the operating system
    • ๐Ÿ†• New 'lynis show eol' command
    • ๐ŸŒ Korean translation

    ๐Ÿ”„ Changed

    • ๐Ÿ‘ AUTH-9252 - Adds support for files in sudoers.d
    • โœ… AUTH-9252 - Test extended to check file and directory ownership
    • โš  BOOT-5122 - Use NONE instead of WARNING if no password is set
    • โœ… FIRE-4540 - Modify test to better measure rules
    • โš  KRNL-5788 - Resolve false positive warning on missing /vmlinuz
    • NETW-2704 - Ignore inline comments in /etc/resolv.conf
    • ๐Ÿ”’ PKGS-7388 - Improve detection for security archive
    • RPi/Raspian path to PAM_FILE_LOCATIONS
  • v2.7.1 Changes

    January 31, 2019

    Lynis 2.7.1 (2019-01-30)

    โž• Added

    • ๐Ÿ‘Œ Support for macOS Mojave
    • ๐ŸŒ Translation: Slovak

    ๐Ÿ”„ Changed

    • ๐Ÿ‘ฏ AUTH-9282 - Improve support for Red Hat and clones
    • ๐Ÿ‘ FIRE-4534 - Additional support for Hands Off!, LuLu, and Radio Silence
    • โœ… LOGG-2190 - Added MariaDB filter for deleted files (tested on CentOS)
    • SHLL-6230 - Add /etc/bash.bashrc.local to umask check
    • โœ‚ Removed shift statement that did not work on all operating systems
    • Minor cleanups and enhancements
    • ๐ŸŒฒ Small improvements to logging
  • v2.7.0 Changes

    October 26, 2018

    Lynis 2.7.0 (2018-10-26)

    โž• Added

    • MACF-6240 - Detection of TOMOYO binary
    • MACF-6242 - Status of TOMOYO framework
    • SSH-7406 - OpenSSH server version detection
    • TOOL-5160 - Check active OSSEC analysis daemon

    ๐Ÿ”„ Changed

    • ๐Ÿ”„ Changed several warning labels on screen
    • AUTH-9308 - More generic sulogin for systemd rescue.service
    • OS detection now ignores quotes for getting the OS ID.
  • v2.6.9 Changes

    September 19, 2018

    Lynis 2.6.9 (2018-09-19)

    ๐Ÿ”„ Changed

    • โšก๏ธ Man page has been updated
    • Command 'lynis show options' provides up-to-date list
    • ๐Ÿ—„ Option '--dump-options' is deprecated
    • Several options and commands have been extended with more examples
    • ๐Ÿ‘ OS detection now supports openSUSE specific distribution names
    • ๐Ÿ”„ Changed command output when using 'lynis audit system remote'
    • ๐Ÿ‘ DBS-1882 - added /usr/local/redis/etc path and QNAP support
    • โšก๏ธ PKGS-7322 - updated solution text
    • ๐Ÿ‘ป KRNL-5788 - ignore exception when no vmlinuz file was discovered
    • โœ… TIME-3104 - extended logging for test
  • v2.6.8 Changes

    August 23, 2018

    Lynis 2.6.8 (2018-08-23)

    ๐Ÿ”„ Changed

    • ๐Ÿ“œ BOOT-5104 - improved parsing of boot parameters to init process
    • โœ… PHP-2372 - test all PHP files for expose_php and improved logging
    • ๐Ÿง Alpine Linux detection for Docker audit
    • ๐Ÿณ Docker check now tests also for CMD, ENTRYPOINT, and USER configuration
    • ๐Ÿ‘Œ Improved display in Docker output for showing which keys are used for signing