From 424f6cccd039ec84b73b93c4f2fd0b9b18fb5829 Mon Sep 17 00:00:00 2001 From: mboelen Date: Wed, 22 Jul 2015 20:34:14 +0200 Subject: Release 2.1.1 --- CHANGELOG | 185 +++++++++++++++++++++++++++++++++++--------------------------- 1 file changed, 104 insertions(+), 81 deletions(-) diff --git a/CHANGELOG b/CHANGELOG index d76e21c5..db90546e 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -8,119 +8,142 @@ Author: Michael Boelen (michael.boelen@cisofy.com) Description: Security and system auditing tool Website: https://cisofy.com/lynis/ - GitHub: https://github.com/CISOfy/Lynis + GitHub: https://github.com/CISOfy/lynis - Support policy: See section 'Support' (README file); + Support policy: See section 'Support' in README file Commercial support and plugins available via CISOfy - https://cisofy.com Documentation: See web site, README, FAQ and CHANGELOG file ================================================================================ - = Lynis 2.1.x (2015-xx-xx) = - This release adds several improvements and in different areas. Support for systems - like CentOS, openSUSE, Slackware is improved. It includes further cleanups of the - code, performance tweaks and more support for common software components. + = Lynis 2.1.1 (2015-07-22) = - Performance: - Performance tuning has been applied, to speed up execution of the audit on - systems with many files. + This release adds a lot of improvements, with focus on performance, and + additional support for common Linux distributions and external utilities. + We recommend to use this latest version. - Automatic updater: - Initial work on an automatic updater has been implemented. This way Lynis can - be scheduled for updating from a trusted source. + * Operating system enhancements + ------------------------------- + Support for systems like CentOS, openSUSE, Slackware is improved. - Internal functions: - As not all systems have readlink, or the -f option of readlink, the - ShowSymlinkPath function has been extended with a Python based check. + * Performance + ------------- + Performance tuning has been applied, to speed up execution of the audit on + systems with many files. This also includes code cleanups. - Software support: - Apache module directory /usr/lib64/apache has been added, which is used on openSUSE. - Support for Chef has been added. + * Automatic updates + ------------------- + Initial work on an automatic updater has been implemented. This way Lynis + can be scheduled for automatic updating from a trusted source. - File integrity: - Added tests for CSF's lfd utility for integrity monitoring on directories and - files. Related tests are FINT-4334 and FINT-4336. + * Internal functions + -------------------- + Not all systems have readlink, or the -f option of readlink. The + ShowSymlinkPath function has been extended with a Python based check, which + is often available. - Time sychronization: - Added support for Chrony time daemon and timesync daemon. Additionally NTP - sychronization status is checked when it is enabled. + * Software support + ------------------ + Apache module directory /usr/lib64/apache has been added, which is used on + openSUSE. - Other: - Check for permissions has been extended. - Python binary is now detected, to help with symlink detection. - Several new legal terms, for usage in banners, have been added. - In several files old tests have been removed, to further clean up the code. - The hardening index is inserted into the report, even if it is not displayed on screen. + Support for Chef has been added. - Bug fixes: - Nginx test showed error when access_log had multiple parameters + Added tests for CSF's lfd utility for integrity monitoring on directories and + files. Related tests are FINT-4334 and FINT-4336. - Functions: - Added AddSystemGroup function + Added support for Chrony time daemon and timesync daemon. Additionally NTP + sychronization status is checked when it is enabled. - New tests: - [PKGS-7366] Scan for debsecan utility on Debian systems - [PKGS-7410] Determine amount of installed kernel packages - [TIME-3106] Check synchronization status of NTP on systemd based systems - [CONT-8102] Docker daemon status and gather basic details - [CONT-8104] Check docker info for any Docker warnings - [CONT-8106] Check total, running and unused Docker containers + Improved single user mode protection on the rescue.service file. - Plugins: - [PLGN-2602] Disabled by default, as it may be too slow for some machines - [PLGN-3002] Extended with /sbin/nologin + * Other + ------- + Check for user permissions has been extended. + Python binary is now detected, to help with symlink detection. + Several new legal terms have been added, which are used for usage in banners. + In several files old tests have been removed, to further clean up the code. - Documentation: - A new document has been created to help with the process of upgrading Lynis. - It is available at https://cisofy.com/documentation/lynis/upgrading/ + * Bug fixes + --------- + Nginx test showed error when access_log had multiple parameters. + Tests using locate won't be performed if not present. + Fix false positive match on Squid unsafe ports [SQD-3624]. + The hardening index is now also inserted into the report if it is not displayed + on screen. + + * Functions + --------- + Added AddSystemGroup function + + * New tests + --------- + Several new tests have been added: + + [PKGS-7366] Scan for debsecan utility on Debian systems + [PKGS-7410] Determine amount of installed kernel packages + [TIME-3106] Check synchronization status of NTP on systemd based systems + [CONT-8102] Docker daemon status and gather basic details + [CONT-8104] Check docker info for any Docker warnings + [CONT-8106] Check total, running and unused Docker containers + + * Plugins + --------- + + [PLGN-2602] Disabled by default, as it may be too slow for some machines + [PLGN-3002] Extended with /sbin/nologin + + * Documentation + --------------- + A new document has been created to help with the process of upgrading Lynis. + It is available at https://cisofy.com/documentation/lynis/upgrading/ -------------------------------------------------------------- - = Lynis 2.1.0 (2015-04-16) = + = Lynis 2.1.0 (2015-04-16) = - General: - --------- - Screen output has been improved to provide additional information. + * General + --------- + Screen output has been improved to provide additional information. - OS support: - ------------ - CUPS detection on Mac OS has been improved. AIX systems will now use csum - utility to create host ID. Group check have been altered on AIX, to include - the -n ALL. Core dump check on Linux is extended to check for actual values - as well. + * OS support + ------------ + CUPS detection on Mac OS has been improved. AIX systems will now use csum + utility to create host ID. Group check have been altered on AIX, to include + the -n ALL. Core dump check on Linux is extended to check for actual values + as well. - Software: - ---------- - McAfee detection has been extended by detecting a running cma binary. - Improved detection of pf firewall on BSD and Mac OS. Security patch checking - with zypper extended. + * Software + ---------- + McAfee detection has been extended by detecting a running cma binary. + Improved detection of pf firewall on BSD and Mac OS. Security patch checking + with zypper extended. - Session timeout: - ----------------- - Tests to determine shell time out setting have been extended to account for - AIX, HP-UX and other platforms. It will now determine also if variable is - exported as a readonly variable. Related compliance section PCI DSS 8.1.8 - has been extended. + * Session timeout + ----------------- + Tests to determine shell time out setting have been extended to account for + AIX, HP-UX and other platforms. It will now determine also if variable is + exported as a readonly variable. Related compliance section PCI DSS 8.1.8 + has been extended. - Documentation: - --------------- - - New document: Getting started with Lynis - https://cisofy.com/documentation/lynis/get-started/ + * Documentation + --------------- + - New document: Getting started with Lynis + https://cisofy.com/documentation/lynis/get-started/ - Plugins (Enterprise): - ---------------------- - - Update to file integrity plugin - Changes to PLGN-2606 (capabilities check) + * Plugins (Enterprise) + ---------------------- + - Update to file integrity plugin + Changes to PLGN-2606 (capabilities check) - - New configuration plugins: - PLGN-4802 (SSH settings) - PLGN-4804 (login.defs) + - New configuration plugins: + PLGN-4802 (SSH settings) + PLGN-4804 (login.defs) - Download link: https://cisofy.com/download/lynis/ + Download link: https://cisofy.com/download/lynis/ -------------------------------------------------------------- -- cgit v1.2.3