Releases: CISOfy/lynis
Releases · CISOfy/lynis
Lynis 2.6.8
Lynis 2.6.8 (2018-08-23)
Changed
- BOOT-5104 - improved parsing of boot parameters to init process
- PHP-2372 - test all PHP files for expose_php and improved logging
- Alpine Linux detection for Docker audit
- Docker check now tests also for CMD, ENTRYPOINT, and USER configuration
- Improved display in Docker output for showing which keys are used for signing
Lynis 2.6.7
Lynis 2.6.7 (2018-08-09)
Changed
- BOOT-5104 - Added busybox as a service manager
- KRNL-5677 - Limit PAE and no-execute test to AMD64 hardware only
- LOGG-2190 - Ignore /dev/zero and /dev/[aio] as deleted files
- SSH-7408 - Changed classification of SSH root login with keys
- Docker scan uses new format for maintainer value
- New URL structure on CISOfy website implemented for Lynis controls
Lynis 2.6.6
Lynis 2.6.6 (2018-07-06)
Improvements
- New format of changelog (https://keepachangelog.com/en/1.0.0/)
- KRNL-5830 - improved log text about running kernel version
Fixed
- Under some condition no hostid2 value was reported
- Solved 'extra operand' issue with tr command
Lynis 2.6.5
Lynis 2.6.5 (2018-06-26)
Tests:
- [MAIL-8804] - Exim configuration test
- [NETW-2704] - Use FQDN to test status of a nameserver instead of own IP address
- [SSH-7402] - Improved test to allow configurations with a Match block
Lynis 2.6.4
Lynis 2.6.4 (2018-05-02)
Changes:
- Several contributions merged, including grammar improvements
- Initial support for Ubuntu 18.04 LTS
- Small enhancements for usage
Tests:
- [AUTH-9308] - Made 'sulogin' more generic for systemd rescue shell
- [DNS-1600] - Initial work on DNSSEC validation testing
- [NETW-2704] - Added support for local resolver 127.0.0.53
- [PHP-2379] - Suhosin test disbled
- [SSH-7408] - Removed 'DELAYED' from OpenSSH Compression setting
- [TIME-3160] - Improvements to detect step-tickers file and entries
Lynis 2.6.3
Lynis 2.6.3 (2018-03-07)
Changes:
- Change in routine for host identifiers
Tests:
- [CRYP-7902] - Do prevalidation for certificates before testing them
- [HRDN-7222] - Enhanced compiler permission test
- [NAME-4402] - Improved test to filter out empty lines
- [PKGS-7384] - Changes to detect yum-utils package and related tooling
Plugins:
- [PLGN-2680] - cron file permissions
Lynis 2.6.2
Lynis 2.6.2 (2018-02-13)
Changes:
- Bugfix for Arch Linux (binary detection)
- Textual changes for several tests
- Update of tests database
Lynis 2.6.1
Lynis 2.6.1 (2018-01-26)
Changes:
- Tests can have more than 1 required OS (e.g. Linux OR NetBSD)
- Added 'system-groups' option to profile (Enterprise users)
- Overhaul of default profile and migrate to new style (setting=value)
- Show warning if old profile options are used
- Improved detection of binaries
- New group 'usb' for tests related to USB devices
Tests:
- [FILE-6363] - New test for /var/tmp (sticky bit)
- [MAIL-8802] - Added exim4 process name to improve detection of Exim
- [NETW-3030] - Changed name of dhcp client name process and added udhcpc
- [SSH-7408] - Restored UsePrivilegeSeparation
- [TIME-3170] - Added chrony configuration file for NetBSD
Lynis 2.6.0
Lynis 2.6.0 (2018-01-18)
Changes:
- Binary paths are now sorted
- Greek language added
- systemd detection improved
- VirtualBox detection extended
- Several code enhancements
Tests:
- [PHP-2379] - Small enhancement to resolve error on screen in some cases
- [MALW-3280] - Improved detection for BitDefender tooling
Lynis 2.5.9
Lynis 2.5.9 (2018-01-12)
Changes:
- Don't show upgrade notice when being quiet/silent
- Added --noplugins as an alias to skip execution of plugins
- Use PATH variable for path detection, with predefined list as a backup
Tests:
- [KRNL-6000] Multiple values are now allowed per sysctl key
- [KRNL-6000] Individual tests can be skipped (skip-test=KRNL-6000:)
- [KRNL-6000] Solution text has been added