diff options
| author | mboelen <michael@cisofy.com> | 2016-01-25 15:43:21 +0300 |
|---|---|---|
| committer | mboelen <michael@cisofy.com> | 2016-01-25 15:43:21 +0300 |
| commit | a00b37f5b6aa45e305e5045784c91615fdac9307 (patch) | |
| tree | 36e12ca571e4781a5b91aa7a55b6458902272c70 | |
| parent | e3c88fe766e743c5068eced476f6ddc2e2e81845 (diff) | |
Updated changelog
| -rw-r--r-- | CHANGELOG | 34 |
1 files changed, 28 insertions, 6 deletions
@@ -5,7 +5,7 @@ ================================================================================ - Author: Michael Boelen (michael.boelen@cisofy.com) + Author: Michael Boelen, CISOfy (michael.boelen@cisofy.com) Description: Security and system auditing tool Website: https://cisofy.com/lynis/ GitHub: https://github.com/CISOfy/lynis @@ -32,8 +32,11 @@ CFEngine detection has been further extended. Additional logging and reporting o * Authentication ---------------- -Depending on the operating system, Lynis now tries to determine if failed logins are properly logged. This includes -checking for /etc/login.defs [AUTH-9408]. Merged previous password check for Solaris into test AUTH-9228. +Depending on the operating system, Lynis now tries to determine if failed logins +are properly logged. This includes checking for /etc/login.defs file [AUTH-9408]. +Merged previous password check for Solaris into test AUTH-9228. User ids on AIX +will be gathered and added to the report [AUTH-9234]. + New plugin is introduced to analyze PAM settings. It including items like: - Two-factor authentication methods @@ -44,8 +47,10 @@ Report option: auth_failed_logins_logged * Compliance ------------ -This release prepares for upcoming extensions to assist with compliance testing. The profile has a new option, which can b -Added new compliance_standards option to default.prf. This defines if compliance testing should be performed in future, and for which standards. +This release prepares for upcoming extensions to assist with compliance testing. +The profile has a new option, which can be used to define what standards should +be tested for, if any test is available. The related option is: +compliance_standards Right now these standards can be selected: - CIS benchmarks @@ -53,6 +58,9 @@ Right now these standards can be selected: - ISO27001/ISO27002 - PCI DSS +Note that additional tests will be implemented in future releases and then tagged +to these particular standards. + * DNS and Name services ----------------------- Support added for Unbound DNS caching tool [NAME-4034] @@ -109,9 +117,16 @@ Support for boot loader detection on Mac OS X ----------- AUTH-9286 change has been extended to both capture minimum and password age. +* Proxy support +--------------- +A proxy can now be specified in the profile, to allow uploads via a HTTP or SOCKS proxy. + * Software and Packages ----------------------- -Log when vulnerable software packages were found +Now informationed will be logged when vulnerable software packages were found. +Support for DNF (Dandified YUM) for Fedora systems has been added. This is done +in several tests: PKGS-7350 (installed packages), PKGS-7352 (security notices), +PKGS-7354 (integrity tests). * SSH ----- @@ -132,6 +147,7 @@ Check file permissions for Docker files, like socket file [CONT-8108] ------------------ [AUTH-9204] Exclude NIS entries to avoid false positives [AUTH-9230] Removed test as it was merged into AUTH-9228 +[AUTH-9234] Support for AIX added [AUTH-9288] Test for expired passwords [AUTH-9328] Show correct message when no umask is found in /etc/profile. It also includes improved logging, and support for /etc/login.conf on systems like FreeBSD. [BOOT-5106] New test to test boot loader on Mac OS X @@ -145,6 +161,9 @@ Check file permissions for Docker files, like socket file [CONT-8108] [HOME-9310] Use POSIX compatible flags to avoid errors on BusyBox [LOGG-2154] Additional support for log destinations for syslog-ng [PKGS-7308] Split package name and version for RPM based package manager +[PKGS-7350] Support for querying installed packages via Fedora DNF package manager (Dandified YUM) +[PKGS-7352] Query security notices for DNF +[PKGS-7354] Perform integrity tests for package database (DNF) [MALW-3278] New test to detect LMD (Linux Malware Detect) [NETW-2600] IPv6 configuration check for Linux [NETW-3032] Added ARP monitoring software test @@ -154,6 +173,7 @@ Check file permissions for Docker files, like socket file [CONT-8108] * Functions ----------- +[CreateTempFile] Create a temporary file [DigitsOnly] New function to extract only numbers from a text string [DisplayManual] New function to show text on screen without any markup [ExitCustom] New function to allow program to exit with a different exit code, depending on outcome @@ -161,6 +181,7 @@ Check file permissions for Docker files, like socket file [CONT-8108] [IsWordWritable] Changed return codes for easier usage of the function [LogText] Replaces the older logtext function [RandomString] Creates a random string of characters +[RemoveTempFiles] Remove any created temporary files [Report] Replaces the older report function [ReportSuggestion] Allows two additional parameters to store details (text and external reference to a solution) [ReportWarning] Like ReportSuggestion() has additional parameters @@ -170,6 +191,7 @@ Check file permissions for Docker files, like socket file [CONT-8108] * General improvements ---------------------- - When using pentest mode, it will continue without any delays (=quick mode). +- Plugins execution is improved, with improved logged and counting of active plugins. - Data uploads: provide help when self-signed certificates are used. - Improved output for tests which before showed results as a warning, while actually are just suggestions. - Lynis now uses different exit codes, depending on errors or finding warnings. This helps with automation and any custom scripting you want to apply. |