[LOGG-2154] Check for remote syslogging, more in-depth testing

1 files changed, 146 insertions, 135 deletions

diff --git a/CHANGELOG b/CHANGELOG
index c8617835..4db4e446 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -17,141 +17,152 @@
 
 ================================================================================
 
-    =  Lynis 2.1.x (2.2.0 release in development)  =
-
-    This is an major release, which includes both new features and enhancements to existing tests.
-
-    * Automation tools
-    ------------------
-    CFEngine detection has been further extended. Additional logging and reporting of automation tools.
-
-    * Authentication
-    ----------------
-    Depending on the operating system, Lynis now tries to determine if failed logins are properly logged. This includes
-    checking for /etc/login.defs [AUTH-9408]. Merged password check on Solaris into AUTH-9228.
-
-    New plugin is introduced to analyze PAM settings. It including items like:
-    - Two-factor authentication methods
-    - Minimum password length, password strength and protection status against brute force cracking
-    - Password history
-
-    Report option: auth_failed_logins_logged
-
-    * Compliance
-    ------------
-    Added new compliance_standards option to default.prf. This defines if compliance testing should be performed in future, and for which standards.
-
-    Right now these standards can be selected:
-    - CIS benchmarks
-    - HIPAA
-    - ISO27001/ISO27002
-    - PCI DSS
-
-    * DNS and Name services
-    -----------------------
-    Support added for Unbound DNS caching tool [NAME-4034]
-    Configuration check for Unbound [NAME-4036]
-    Record if a name caching utility is being used like nscd or Unbound. Also logging to report as field name_cache_used
-
-    * Firewalls
-    -----------
-    Test for IPFW firewall on FreeBSD has been improved and status of pflogd will no longer be displayed on screen when pf is not available.
-    New test FIRE-4532 now supports detection of the Mac OS X application firewall. Also the status of application firewalls is audited now.
-
-    * Hardware
-    ----------
-    Detection of firewire is enhanced (both ohci and core detected).
-
-    * Malware
-    ---------
-    ESET and LMD (Linux Malware Detect) are recognized as a malware scanner. Discovered malware scanners are also logged to the report.
-
-    * Mount points
-    --------------
-    FILE-6374 is expanded to test for multiple common mount points and define best practice mount flags.
-
-    * Networking
-    ------------
-    NETW-3004 now collects network interface names from most common operating systems.
-
-    * Operating systems
-    -------------------
-    Improved support for Debian 8 systems. Detection for VMware release has been added.
-    Boot loader exception is not longer displayed when only a subset of tests is performed.
-    FreeBSD systems can now use service command to gather information about enabled services.
-
-    Support for boot loader detection on Mac OS X
-
-    * Passwords
-    -----------
-    AUTH-9286 change has been extended to both capture minimum and password age.
-
-    * Software
-    ----------
-    Log when vulnerable software packages were found
-
-    * SSH
-    -----
-    Multiple configuration tests of SSH are now merged into SSH-7408. This enables easier testing later on and reduces repetition.
-
-    Special thanks to: Kamil Boratyński
-
-    * UEFI and Secure Boot
-    ----------------------
-    Initial support to test UEFI settings, including Secure Boot option
-    Options boot_uefi_booted and boot_uefi_booted_secure added to report file
-
-    * Virtual machines and Containers
-    ---------------------------------
-    Detection of virtual machines has been extended in several ways. Now VMware tools (vmtoolsd) are detected and machine state is improved with tools
-    like Puppet Facter, dmidecode, and lscpu. Properly detect Docker on CoreOS systems, where it before gave error as it found directory /usr/libexec/docker.
-    Check file permissions for Docker files, like socket file [CONT-8108]
-
-    * Individual tests
-    ------------------
-    [AUTH-9204] Exclude NIS entries to avoid false positives
-    [AUTH-9230] Removed test as it was merged into AUTH-9228
-    [AUTH-9328] Show correct message when no umask is found in /etc/profile. It also includes improved logging, and support for /etc/login.conf on systems like FreeBSD.
-    [BOOT-5106] New test to test boot loader on Mac OS X
-    [BOOT-5180] Only gets executed if runlevel 2 is found
-    [CONT-8108] New test to test for Docker file permissions
-    [FILE-6410] Added /var/lib/locatedb as search path
-    [HOME-9310] Use POSIX compatible flags to avoid errors on BusyBox
-    [PKGS-7308] Split package name and version for RPM based package manager
-    [MALW-3278] New test to detect LMD (Linux Malware Detect)
-    [SHLL-6230] Test for umask values in shell configuration files (e.g. rc files)
-    [TIME-3104] Show only suggestion on FreeBSD systems if ntpdate is configured, yet ntpd isn't running
-
-    * Functions
-    -----------
-    [DigitsOnly]             New function to extract only numbers from a text string
-    [DisplayManual]          New function to show text on screen without any markup
-    [ExitCustom]             New function to allow program to exit with a different exit code, depending on outcome
-    [GetHostID]              If no MAC address is found, use SSH keys for creation of a host identifier
-    [IsWordWritable]         Changed return codes for easier usage of the function
-    [LogText]                Replaces the older logtext function
-    [Report]                 Replaces the older report function
-    [ReportSuggestion]       Allows two additional parameters to store details (text and external reference to a solution)
-    [ReportWarning]          Like ReportSuggestion() has additional parameters
-    [ShowComplianceFinding]  Display compliance findings
-    [ShowSymlinkPath]        Ensure readlink is available
-
-    * General improvements
-    ----------------------
-    - When using pentest mode, it will continue without any delays (=quick mode).
-    - Data uploads: provide help when self-signed certificates are used.
-    - Improved output for tests which before showed results as a warning, while actually are just suggestions.
-    - Lynis now uses different exit codes, depending on errors or finding warnings. This helps with automation and any custom scripting you want to apply.
-    - Preparations to allow compressing the Lynis report file and enhance uploads.
-    - Tool tips are displayed, to make Lynis even easier to use.
-    - PID file has additional checks, including cleanups.
-
-    * Plugins
-    ---------
-    [PAM]       New plugin available in all versions of Lynis
-    [PLGN-2804] Limit report output of EXT file systems to 1 item per line
-
-  --------------------------------------------------------------
+=  Lynis 2.1.6 (development version for 2.2.x)  =
+
+*** THIS CHANGELOG IS IN PREPARATION FOR THE NEW 2.2.0 RELEASE ***
+
+We are proud to present this new release of Lynis. It is a major upgrade, and the
+result of many months of work. This version includes new features and tests, and
+many small enhancements, to improve the tool. We encourage all to test and
+upgrade to this latest release.
+
+* Automation tools
+------------------
+CFEngine detection has been further extended. Additional logging and reporting of automation tools.
+
+* Authentication
+----------------
+Depending on the operating system, Lynis now tries to determine if failed logins are properly logged. This includes
+checking for /etc/login.defs [AUTH-9408]. Merged previous password check for Solaris into test AUTH-9228.
+New plugin is introduced to analyze PAM settings. It including items like:
+
+- Two-factor authentication methods
+- Minimum password length, password strength and protection status against brute force cracking
+- Password history
+
+Report option: auth_failed_logins_logged
+
+* Compliance
+------------
+This release prepares for upcoming extensions to assist with compliance testing. The profile has a new option, which can b
+Added new compliance_standards option to default.prf. This defines if compliance testing should be performed in future, and for which standards.
+
+Right now these standards can be selected:
+- CIS benchmarks
+- HIPAA
+- ISO27001/ISO27002
+- PCI DSS
+
+* DNS and Name services
+-----------------------
+Support added for Unbound DNS caching tool [NAME-4034]
+Configuration check for Unbound [NAME-4036]
+Record if a name caching utility is being used like nscd or Unbound. Also logging to report as field name_cache_used
+
+* Firewalls
+-----------
+Test for IPFW firewall on FreeBSD has been improved and status of pflogd will no longer be displayed on screen when pf is not available.
+New test FIRE-4532 now supports detection of the Mac OS X application firewall. Also the status of application firewalls is audited now.
+
+* Hardware
+----------
+Detection of firewire is enhanced (both ohci and core detected).
+
+* Malware
+---------
+ESET and LMD (Linux Malware Detect) are recognized as a malware scanner. Discovered malware scanners are also logged to the report.
+
+* Mount points
+--------------
+FILE-6374 is expanded to test for multiple common mount points and define best practice mount flags.
+
+* Networking
+------------
+NETW-3004 now collects network interface names from most common operating systems.
+
+* Operating systems
+-------------------
+Improved support for Debian 8 systems. Detection for VMware release has been added.
+Boot loader exception is not longer displayed when only a subset of tests is performed.
+FreeBSD systems can now use service command to gather information about enabled services.
+
+Support for boot loader detection on Mac OS X
+
+* Passwords
+-----------
+AUTH-9286 change has been extended to both capture minimum and password age.
+
+* Software and Packages
+-----------------------
+Log when vulnerable software packages were found
+
+* SSH
+-----
+Multiple configuration tests of SSH are now merged into SSH-7408. This enables easier testing later on and reduces repetition.
+
+* UEFI and Secure Boot
+----------------------
+Initial support to test UEFI settings, including Secure Boot option
+Options boot_uefi_booted and boot_uefi_booted_secure added to report file
+
+* Virtual machines and Containers
+---------------------------------
+Detection of virtual machines has been extended in several ways. Now VMware tools (vmtoolsd) are detected and machine state is improved with tools
+like Puppet Facter, dmidecode, and lscpu. Properly detect Docker on CoreOS systems, where it before gave error as it found directory /usr/libexec/docker.
+Check file permissions for Docker files, like socket file [CONT-8108]
+
+* Individual tests
+------------------
+[AUTH-9204] Exclude NIS entries to avoid false positives
+[AUTH-9230] Removed test as it was merged into AUTH-9228
+[AUTH-9288] Test for expired passwords
+[AUTH-9328] Show correct message when no umask is found in /etc/profile. It also includes improved logging, and support for /etc/login.conf on systems like FreeBSD.
+[BOOT-5106] New test to test boot loader on Mac OS X
+[BOOT-5180] Only gets executed if runlevel 2 is found
+[CONT-8108] New test to test for Docker file permissions
+[FILE-6410] Added /var/lib/locatedb as search path
+[HOME-9310] Use POSIX compatible flags to avoid errors on BusyBox
+[PKGS-7308] Split package name and version for RPM based package manager
+[MALW-3278] New test to detect LMD (Linux Malware Detect)
+[SHLL-6230] Test for umask values in shell configuration files (e.g. rc files)
+[TIME-3104] Show only suggestion on FreeBSD systems if ntpdate is configured, yet ntpd isn't running
+[TIME-3170] New test to check NTP configuration files and determine if any of them are world writable
+
+* Functions
+-----------
+[DigitsOnly]             New function to extract only numbers from a text string
+[DisplayManual]          New function to show text on screen without any markup
+[ExitCustom]             New function to allow program to exit with a different exit code, depending on outcome
+[GetHostID]              If no MAC address is found, use SSH keys for creation of a host identifier
+[IsWordWritable]         Changed return codes for easier usage of the function
+[LogText]                Replaces the older logtext function
+[RandomString]           Creates a random string of characters
+[Report]                 Replaces the older report function
+[ReportSuggestion]       Allows two additional parameters to store details (text and external reference to a solution)
+[ReportWarning]          Like ReportSuggestion() has additional parameters
+[ShowComplianceFinding]  Display compliance findings
+[ShowSymlinkPath]        Ensure readlink is available
+
+* General improvements
+----------------------
+- When using pentest mode, it will continue without any delays (=quick mode).
+- Data uploads: provide help when self-signed certificates are used.
+- Improved output for tests which before showed results as a warning, while actually are just suggestions.
+- Lynis now uses different exit codes, depending on errors or finding warnings. This helps with automation and any custom scripting you want to apply.
+- Preparations to allow compressing the Lynis report file and enhance uploads.
+- Tool tips are displayed, to make Lynis even easier to use.
+- PID file has additional checks, including cleanups.
+
+* Special thanks
+----------------
+We like to specifically thank Kamil Boratyński for his contributions to this release.
+
+* Plugins
+---------
+[PAM]       New plugin available in all versions of Lynis
+[PLGN-2804] Limit report output of EXT file systems to 1 item per line
+
+--------------------------------------------------------------
 
     =  Lynis 2.1.1 (2015-07-22)  =