diff options
Diffstat (limited to 'CHANGELOG')
| -rw-r--r-- | CHANGELOG | 68 |
1 files changed, 51 insertions, 17 deletions
@@ -30,20 +30,22 @@ Depending on the operating system, Lynis now tries to determine if failed logins are properly logged. This includes checking for /etc/login.defs [AUTH-9408]. Merged password check on Solaris into AUTH-9228. - PAM settings are now analyzed, including: + New plugin is introduced to analyze PAM settings. It including items like: - Two-factor authentication methods - Minimum password length, password strength and protection status against brute force cracking + - Password history - report option: auth_failed_logins_logged + Report option: auth_failed_logins_logged * Compliance ------------ - Added new compliance_standards option to default.prf, to define if compliance testing should be performed, and for which standards. + Added new compliance_standards option to default.prf. This defines if compliance testing should be performed in future, and for which standards. - Right now these (partial) standards are included: + Right now these standards can be selected: + - CIS benchmarks - HIPAA - ISO27001/ISO27002 - - PCI-DSS + - PCI DSS * DNS and Name services ----------------------- @@ -53,23 +55,47 @@ * Firewalls ----------- - IPFW firewall on FreeBSD test improved - Don't show pflogd status on screen when pf is not available + Test for IPFW firewall on FreeBSD has been improved and status of pflogd will no longer be displayed on screen when pf is not available. + New test FIRE-4532 now supports detection of the Mac OS X application firewall. Also the status of application firewalls is audited now. + + * Hardware + ---------- + Detection of firewire is enhanced (both ohci and core detected). * Malware --------- - ESET and LMD (Linux Malware Detect) is now recognized as a malware scanner. Discovered malware scanners are now also logged to the report. + ESET and LMD (Linux Malware Detect) are recognized as a malware scanner. Discovered malware scanners are also logged to the report. * Mount points -------------- FILE-6374 is expanded to test for multiple common mount points and define best practice mount flags. + * Networking + ------------ + NETW-3004 now collects network interface names from most common operating systems. + * Operating systems ------------------- - Improved support for Debian 8 systems. + Improved support for Debian 8 systems. Detection for VMware release has been added. Boot loader exception is not longer displayed when only a subset of tests is performed. FreeBSD systems can now use service command to gather information about enabled services. + Support for boot loader detection on Mac OS X + + * Passwords + ----------- + AUTH-9286 change has been extended to both capture minimum and password age. + + * Software + ---------- + Log when vulnerable software packages were found + + * SSH + ----- + Multiple configuration tests of SSH are now merged into SSH-7408. This enables easier testing later on and reduces repetition. + + Special thanks to: Kamil BoratyĆski + * UEFI and Secure Boot ---------------------- Initial support to test UEFI settings, including Secure Boot option @@ -86,10 +112,12 @@ [AUTH-9204] Exclude NIS entries to avoid false positives [AUTH-9230] Removed test as it was merged into AUTH-9228 [AUTH-9328] Show correct message when no umask is found in /etc/profile. It also includes improved logging, and support for /etc/login.conf on systems like FreeBSD. + [BOOT-5106] New test to test boot loader on Mac OS X [BOOT-5180] Only gets executed if runlevel 2 is found [CONT-8108] New test to test for Docker file permissions [FILE-6410] Added /var/lib/locatedb as search path [HOME-9310] Use POSIX compatible flags to avoid errors on BusyBox + [PKGS-7308] Split package name and version for RPM based package manager [MALW-3278] New test to detect LMD (Linux Malware Detect) [SHLL-6230] Test for umask values in shell configuration files (e.g. rc files) [TIME-3104] Show only suggestion on FreeBSD systems if ntpdate is configured, yet ntpd isn't running @@ -99,22 +127,28 @@ [DigitsOnly] New function to extract only numbers from a text string [DisplayManual] New function to show text on screen without any markup [ExitCustom] New function to allow program to exit with a different exit code, depending on outcome + [GetHostID] If no MAC address is found, use SSH keys for creation of a host identifier + [IsWordWritable] Changed return codes for easier usage of the function + [LogText] Replaces the older logtext function + [Report] Replaces the older report function [ReportSuggestion] Allows two additional parameters to store details (text and external reference to a solution) [ReportWarning] Like ReportSuggestion() has additional parameters [ShowComplianceFinding] Display compliance findings + [ShowSymlinkPath] Ensure readlink is available * General improvements ---------------------- - - When using pentest mode, it will continue without any delays (=quick mode) - - Data uploads: provide help when self-signed certificates are used - - Improved output for tests which before showed results as a warning, while actually are just suggestions - - Lynis now uses different exit codes, depending on errors or finding warnings. This helps with automation and any - custom scripting you want to apply - - Tool tips are displayed, to make Lynis even easier to use - - PID file has additional checks, including cleanups + - When using pentest mode, it will continue without any delays (=quick mode). + - Data uploads: provide help when self-signed certificates are used. + - Improved output for tests which before showed results as a warning, while actually are just suggestions. + - Lynis now uses different exit codes, depending on errors or finding warnings. This helps with automation and any custom scripting you want to apply. + - Preparations to allow compressing the Lynis report file and enhance uploads. + - Tool tips are displayed, to make Lynis even easier to use. + - PID file has additional checks, including cleanups. * Plugins --------- + [PAM] New plugin available in all versions of Lynis [PLGN-2804] Limit report output of EXT file systems to 1 item per line -------------------------------------------------------------- @@ -1937,4 +1971,4 @@ ================================================================================ - Lynis - Copyright 2007-2015, Michael Boelen, CISOfy - https://cisofy.com + Lynis - Copyright 2007-2016, Michael Boelen, CISOfy - https://cisofy.com |