Release 2.1.12.1.1

1 files changed, 104 insertions, 81 deletions

diff --git a/CHANGELOG b/CHANGELOG
index d76e21c5..db90546e 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -8,119 +8,142 @@
   Author:                   Michael Boelen (michael.boelen@cisofy.com)
   Description:              Security and system auditing tool
   Website:                  https://cisofy.com/lynis/
-  GitHub:                   https://github.com/CISOfy/Lynis
+  GitHub:                   https://github.com/CISOfy/lynis
 
-  Support policy:           See section 'Support' (README file);
+  Support policy:           See section 'Support' in README file
                             Commercial support and plugins available via CISOfy
-                            https://cisofy.com
 
   Documentation:            See web site, README, FAQ and CHANGELOG file
 
 ================================================================================
 
-  =  Lynis 2.1.x (2015-xx-xx)  =
 
-  This release adds several improvements and in different areas. Support for systems
-  like CentOS, openSUSE, Slackware is improved. It includes further cleanups of the
-  code, performance tweaks and more support for common software components.
+    =  Lynis 2.1.1 (2015-07-22)  =
 
-  Performance:
-  Performance tuning has been applied, to speed up execution of the audit on
-  systems with many files.
+    This release adds a lot of improvements, with focus on performance, and
+    additional support for common Linux distributions and external utilities.
+    We recommend to use this latest version.
 
-  Automatic updater:
-  Initial work on an automatic updater has been implemented. This way Lynis can
-  be scheduled for updating from a trusted source.
+    * Operating system enhancements
+    -------------------------------
+    Support for systems like CentOS, openSUSE, Slackware is improved.
 
-  Internal functions:
-  As not all systems have readlink, or the -f option of readlink, the
-  ShowSymlinkPath function has been extended with a Python based check.
+    * Performance
+    -------------
+    Performance tuning has been applied, to speed up execution of the audit on
+    systems with many files. This also includes code cleanups.
 
-  Software support:
-  Apache module directory /usr/lib64/apache has been added, which is used on openSUSE.
-  Support for Chef has been added.
+    * Automatic updates
+    -------------------
+    Initial work on an automatic updater has been implemented. This way Lynis
+    can be scheduled for automatic updating from a trusted source.
 
-  File integrity:
-  Added tests for CSF's lfd utility for integrity monitoring on directories and
-  files. Related tests are FINT-4334 and FINT-4336.
+    * Internal functions
+    --------------------
+    Not all systems have readlink, or the -f option of readlink. The
+    ShowSymlinkPath function has been extended with a Python based check, which
+    is often available.
 
-  Time sychronization:
-  Added support for Chrony time daemon and timesync daemon. Additionally NTP
-  sychronization status is checked when it is enabled.
+    * Software support
+    ------------------
+    Apache module directory /usr/lib64/apache has been added, which is used on
+    openSUSE.
 
-  Other:
-  Check for permissions has been extended.
-  Python binary is now detected, to help with symlink detection.
-  Several new legal terms, for usage in banners, have been added.
-  In several files old tests have been removed, to further clean up the code.
-  The hardening index is inserted into the report, even if it is not displayed on screen.
+    Support for Chef has been added.
 
-  Bug fixes:
-  Nginx test showed error when access_log had multiple parameters
+    Added tests for CSF's lfd utility for integrity monitoring on directories and
+    files. Related tests are FINT-4334 and FINT-4336.
 
-  Functions:
-  Added AddSystemGroup function
+    Added support for Chrony time daemon and timesync daemon. Additionally NTP
+    sychronization status is checked when it is enabled.
 
-  New tests:
-  [PKGS-7366] Scan for debsecan utility on Debian systems
-  [PKGS-7410] Determine amount of installed kernel packages
-  [TIME-3106] Check synchronization status of NTP on systemd based systems
-  [CONT-8102] Docker daemon status and gather basic details
-  [CONT-8104] Check docker info for any Docker warnings
-  [CONT-8106] Check total, running and unused Docker containers
+    Improved single user mode protection on the rescue.service file.
 
-  Plugins:
-  [PLGN-2602] Disabled by default, as it may be too slow for some machines
-  [PLGN-3002] Extended with /sbin/nologin
+    * Other
+    -------
+    Check for user permissions has been extended.
+    Python binary is now detected, to help with symlink detection.
+    Several new legal terms have been added, which are used for usage in banners.
+    In several files old tests have been removed, to further clean up the code.
 
-  Documentation:
-  A new document has been created to help with the process of upgrading Lynis.
-  It is available at https://cisofy.com/documentation/lynis/upgrading/
+    * Bug fixes
+    ---------
+    Nginx test showed error when access_log had multiple parameters.
+    Tests using locate won't be performed if not present.
+    Fix false positive match on Squid unsafe ports [SQD-3624].
+    The hardening index is now also inserted into the report if it is not displayed
+    on screen.
+
+    * Functions
+    ---------
+    Added AddSystemGroup function
+
+    * New tests
+    ---------
+    Several new tests have been added:
+
+    [PKGS-7366] Scan for debsecan utility on Debian systems
+    [PKGS-7410] Determine amount of installed kernel packages
+    [TIME-3106] Check synchronization status of NTP on systemd based systems
+    [CONT-8102] Docker daemon status and gather basic details
+    [CONT-8104] Check docker info for any Docker warnings
+    [CONT-8106] Check total, running and unused Docker containers
+
+    * Plugins
+    ---------
+
+    [PLGN-2602] Disabled by default, as it may be too slow for some machines
+    [PLGN-3002] Extended with /sbin/nologin
+
+    * Documentation
+    ---------------
+    A new document has been created to help with the process of upgrading Lynis.
+    It is available at https://cisofy.com/documentation/lynis/upgrading/
 
   --------------------------------------------------------------
 
 
-  =  Lynis 2.1.0 (2015-04-16)  =
+    =  Lynis 2.1.0 (2015-04-16)  =
 
-  General:
-  ---------
-  Screen output has been improved to provide additional information.
+    * General
+    ---------
+    Screen output has been improved to provide additional information.
 
-  OS support:
-  ------------
-  CUPS detection on Mac OS has been improved. AIX systems will now use csum
-  utility to create host ID. Group check have been altered on AIX, to include
-  the -n ALL. Core dump check on Linux is extended to check for actual values
-  as well.
+    * OS support
+    ------------
+    CUPS detection on Mac OS has been improved. AIX systems will now use csum
+    utility to create host ID. Group check have been altered on AIX, to include
+    the -n ALL. Core dump check on Linux is extended to check for actual values
+    as well.
 
-  Software:
-  ----------
-  McAfee detection has been extended by detecting a running cma binary.
-  Improved detection of pf firewall on BSD and Mac OS. Security patch checking
-  with zypper extended.
+    * Software
+    ----------
+    McAfee detection has been extended by detecting a running cma binary.
+    Improved detection of pf firewall on BSD and Mac OS. Security patch checking
+    with zypper extended.
 
-  Session timeout:
-  -----------------
-  Tests to determine shell time out setting have been extended to account for
-  AIX, HP-UX and other platforms. It will now determine also if variable is
-  exported as a readonly variable. Related compliance section PCI DSS 8.1.8
-  has been extended.
+    * Session timeout
+    -----------------
+    Tests to determine shell time out setting have been extended to account for
+    AIX, HP-UX and other platforms. It will now determine also if variable is
+    exported as a readonly variable. Related compliance section PCI DSS 8.1.8
+    has been extended.
 
-  Documentation:
-  ---------------
-  - New document: Getting started with Lynis
-    https://cisofy.com/documentation/lynis/get-started/
+    * Documentation
+    ---------------
+    - New document: Getting started with Lynis
+      https://cisofy.com/documentation/lynis/get-started/
 
-  Plugins (Enterprise):
-  ----------------------
-  - Update to file integrity plugin
-    Changes to PLGN-2606 (capabilities check)
+    * Plugins (Enterprise)
+    ----------------------
+    - Update to file integrity plugin
+      Changes to PLGN-2606 (capabilities check)
 
-  - New configuration plugins:
-    PLGN-4802 (SSH settings)
-    PLGN-4804 (login.defs)
+    - New configuration plugins:
+      PLGN-4802 (SSH settings)
+      PLGN-4804 (login.defs)
 
-  Download link: https://cisofy.com/download/lynis/
+    Download link: https://cisofy.com/download/lynis/
 
   --------------------------------------------------------------