Lynis 2.7.2

Lynis 2.7.2 (2019-03-07)

Added

• AUTH-9409 - Support for doas (OpenBSD)
• AUTH-9410 - Test file permissions of doas configuration
• BOOT-5117 - Support for systemd-boot boot loader added
• BOOT-5177 - Simplify service filter and allow multiple dots in service names
• BOOT-5262 - Check OpenBSD boot daemons
• BOOT-5263 - Test permissions for boot files and scripts
• Support for end-of-life detection of the operating system
• New 'lynis show eol' command
• Korean translation

Changed

• AUTH-9252 - Adds support for files in sudoers.d
• AUTH-9252 - Test extended to check file and directory ownership
• BOOT-5122 - Use NONE instead of WARNING if no password is set
• FIRE-4540 - Modify test to better measure rules
• KRNL-5788 - Resolve false positive warning on missing /vmlinuz
• NETW-2704 - Ignore inline comments in /etc/resolv.conf
• PKGS-7388 - Improve detection for security archive
• RPi/Raspian path to PAM_FILE_LOCATIONS

Lynis 2.7.1

Lynis 2.7.1 (2019-01-30)

Added

• Support for macOS Mojave
• Translation: Slovak

Changed

• AUTH-9282 - Improve support for Red Hat and clones
• FIRE-4534 - Additional support for Hands Off!, LuLu, and Radio Silence
• LOGG-2190 - Added MariaDB filter for deleted files (tested on CentOS)
• SHLL-6230 - Add /etc/bash.bashrc.local to umask check
• Removed shift statement that did not work on all operating systems
• Minor cleanups and enhancements
• Small improvements to logging

Lynis 2.7.0

Lynis 2.7.0 (2018-10-26)

Added

• MACF-6240 - Detection of TOMOYO binary
• MACF-6242 - Status of TOMOYO framework
• SSH-7406 - OpenSSH server version detection
• TOOL-5160 - Check active OSSEC analysis daemon

Changed

• Changed several warning labels on screen
• AUTH-9308 - More generic sulogin for systemd rescue.service
• OS detection now ignores quotes for getting the OS ID.

Lynis 2.6.9

Lynis 2.6.9 (2018-09-19)

Changed

• Man page has been updated
• Command 'lynis show options' provides up-to-date list
• Option '--dump-options' is deprecated
• Several options and commands have been extended with more examples
• OS detection now supports openSUSE specific distribution names
• Changed command output when using 'lynis audit system remote'
• DBS-1882 - added /usr/local/redis/etc path and QNAP support
• PKGS-7322 - updated solution text
• KRNL-5788 - ignore exception when no vmlinuz file was discovered
• TIME-3104 - extended logging for test

Lynis 2.6.8

Lynis 2.6.8 (2018-08-23)

Changed

• BOOT-5104 - improved parsing of boot parameters to init process
• PHP-2372 - test all PHP files for expose_php and improved logging
• Alpine Linux detection for Docker audit
• Docker check now tests also for CMD, ENTRYPOINT, and USER configuration
• Improved display in Docker output for showing which keys are used for signing

Lynis 2.6.7

Lynis 2.6.7 (2018-08-09)

Changed

• BOOT-5104 - Added busybox as a service manager
• KRNL-5677 - Limit PAE and no-execute test to AMD64 hardware only
• LOGG-2190 - Ignore /dev/zero and /dev/[aio] as deleted files
• SSH-7408 - Changed classification of SSH root login with keys
• Docker scan uses new format for maintainer value
• New URL structure on CISOfy website implemented for Lynis controls

Lynis 2.6.6

Lynis 2.6.6 (2018-07-06)

Improvements

• New format of changelog (https://keepachangelog.com/en/1.0.0/)
• KRNL-5830 - improved log text about running kernel version

Fixed

• Under some condition no hostid2 value was reported
• Solved 'extra operand' issue with tr command

Lynis 2.6.5

Lynis 2.6.5 (2018-06-26)

Tests:

• [MAIL-8804] - Exim configuration test
• [NETW-2704] - Use FQDN to test status of a nameserver instead of own IP address
• [SSH-7402] - Improved test to allow configurations with a Match block

Lynis 2.6.4

Lynis 2.6.4 (2018-05-02)

Changes:

• Several contributions merged, including grammar improvements
• Initial support for Ubuntu 18.04 LTS
• Small enhancements for usage

Tests:

• [AUTH-9308] - Made 'sulogin' more generic for systemd rescue shell
• [DNS-1600] - Initial work on DNSSEC validation testing
• [NETW-2704] - Added support for local resolver 127.0.0.53
• [PHP-2379] - Suhosin test disbled
• [SSH-7408] - Removed 'DELAYED' from OpenSSH Compression setting
• [TIME-3160] - Improvements to detect step-tickers file and entries

Lynis 2.6.3

Lynis 2.6.3 (2018-03-07)

Changes:

• Change in routine for host identifiers

Tests:

• [CRYP-7902] - Do prevalidation for certificates before testing them
• [HRDN-7222] - Enhanced compiler permission test
• [NAME-4402] - Improved test to filter out empty lines
• [PKGS-7384] - Changes to detect yum-utils package and related tooling

Plugins:

• [PLGN-2680] - cron file permissions