================================================================================ Lynis - Changelog ================================================================================ Author: Michael Boelen (michael@rootkit.nl) Description: Security and system auditing tool Website: http://www.rootkit.nl/projects/lynis.html Support policy: See section 'Support' (README file) Documentation: See web site, README, FAQ and CHANGELOG file ================================================================================ * 1.2.9 (2009-12-15) New: - Support for Squid3 - Added Squid unsafe ports check [SQD-3624] - Added Squid configuration file permission check [SQD-3613] - Added Squid test: reply_body_max_size option [SQD-3630] - Added /etc/init.d/rc and /etc/init.d/rcS to umask test [AUTH-9328] - Check PHP option allow_url_include [PHP-2378] Changes: - Extended possible Squid configuration file locations - Added additional sysctl keys to default profile - Fixed typo in squid.conf checks - Improved descriptions, logging and reporting for several tests - Corrected /etc/security/limits.conf path in test [KRNL-5820] - Updated man page, limited lines to 80 chars -- * 1.2.8 (2009-12-08) New: - Squid support added - Squid daemon detection [SQD-3602] - Squid configuration file search [SQD-3604] - Squid version detection [SQD-3606] - Check /etc/motd banner [BANN-7122] - Check /etc/issue.net file [BANN-7128] - Check contents in /etc/issue.net [BANN-7130] - Solaris single user mode login check (/etc/default/sulogin) [AUTH-9304] - HP-UX boot authentication check [AUTH-9306] - Linux single user mode authentication check [AUTH-9308] - Solaris account locking policy check [AUTH-9340] Changes: - Added prerequisite to SSH test, so the test is skipped properly [SSH-7440] - Check for /etc/issue symlink [BANN-7124] - Added file check for possible harmful shells found [AUTH-9218] - Add user home directories to report [HOME-9302] - Extended Linux run level test with support for Debian/Ubuntu [KRNL-5622] - Added /lib64/security to PAM test [AUTH-9262] - Extended security repository check [PKGS-7388] - Iptables check should not check for a module in a Linux config [FIRE-4511] - Ignore APC ups daemon when scanning for CUPS [PRNT-2304] - Improved kernel logger daemon check [LOGG-2138] - Added auditctl to binary check [ACCT-9630] - Log used auditd ruleset [ACCT-9630] - Corrected logging of Solaris c2audit module [ACCT-9656] - Fixed warning function for Solaris passwordless accounts [AUTH-9254] - Commented kern.randompid in default profile - For sysctl the parameter -n will be used on Linux systems - Changed syslog daemon detection and state - Extended report file -- * 1.2.7 (2009-11-01) New: - Added Kernel Hardening section - Sysctl audit support in scan profile and related test [KRNL-6000] - SSH option StrictModes test [SSH-7416] - Password aging limit check [AUTH-9286] - Ubuntu packages check (apt-show-versions) [PKGS-7394] - Check for metalog daemon [LOGG-2210] - USB storage driver state check [STRG-1840] - Firewire storage driver state check [STRG-1846] - PostgreSQL process check [DBS-1826] - Oracle process check [DBS-1840] - Default umask check [AUTH-9328] - Check for rsyslog daemon [LOGG-2230] - RFC 3195 compliant daemon check [LOGG-2240] - Qmail SMTP daemon check [MAIL-8940] - Test for separation of /tmp and /home from root file system [FILE-6310] - SSH AllowUsers and AllowGroups usage check [SSH-7440] - AIX support, thanks to Michael Smerdka Changes: - Fixed crontabs path [SCHD-7704] - Extended locate database paths for Linux and FreeBSD [FILE-6410] - pflog detection fix [FIRE-4518] - Skip /proc/meminfo for non Linux systems [PROC-3602] - Extended text with rsyslogd [LOGG-2130] - Ignore comment and empty lines for group tests [AUTH-9222/9226] - Show firewall as active when iptables is available in config file [FIRE-4511] - Variable fix for SNMP daemon configuration file [SNMP-3304] - Freshclam check fix [MALW-3286] - Fixed waiting search for NIS domain [NAME-4306] - Check for a maximum of 1 search statement in /etc/resolv.conf [NAME-4018] - Apache test improved [HTTP-6622] - Skip klogd test if rsyslogd is available [LOGG-2138] - Added additional CUPS location to search paths - Only execute PAM test for systems with PAM [AUTH-9268] - Fixed logging of sudoers file location [AUTH-9250] - Improved FreeBSD support for NTP client check [TIME-3104] - Redirect warning "Unknown host" when DNS domain name is empty [NAME-4028] - Redirect warning when host name is empty - Fixed warning color [AUTH-9226] - Fixed FreeBSD COPYRIGHT file test [BANN-7113] - Changed text for sudoers text [AUTH-9250] - Improved text for DNS search domain [NAME-4016] - Skip nginx configuration test if nginx is not available [HTTP-6704] - Removed portsclean suggestion [PKGS-7348] - Fixed non unique IDs - Fixed cosmetic issue when using Debian with default dash shell - Improved hostname detection for HP-UX - Added additional php.ini file locations - Moved Linux default shell check to OS detection functions - Fixed CUPS daemon test [PRNT-2304] - Also check for uppercase chars in issue file [BANN-7126] -- * 1.2.6 (2009-05-04) New: - Sudoers file permissions check [AUTH-9252] - Core dumps configuration check for Linux [KRNL-5820] - PHP disabled functions check [PHP-2320] - PHP enable_dl function check [PHP-2374] - PHP allow_url_fopen function check [PHP-2376] - OpenBSD smtpd status check [MAIL-8920] - /etc/issue check [BANN-7124] - /etc/issue legal keywords check [BANN-7126] - Show suggestions in report Changes: - Extended support for Red Hat, CentOS and Fedora - Extended ACL test to test for default mount options as well [FILE-6368] - Exim status test fixed [MAIL-8812] - Corrected yum security check [PKGS-7386] - Replaced LDAP test AUTH-9238 with [AUTH-9402] - Removed backquotes when locate database is not available [FILE-6410] - Added /etc/openldap to search path for OpenLDAP - Fixed typo in crontab path [SCHD-7704] - Don't show message "No volume groups found" if LVM isn't used [FILE-6310] - Corrected Syslog-NG status [LOGG-2132] - Moved TODO to dev directory -- * 1.2.5 (27.03.2009) New: - slapd.conf check [LDAP-2224] - atd status test [SCHD-7718] - Check LDAP module in PAM [AUTH-9278] - Check Dovecot status check [MAIL-8838] - Check log directories from newsyslog.conf [LOGG-2162] - Check log directories from static list [LOGG-2170] - Check log directories from logrotate configuration [LOGG-2150] - syslog check for remote logging [LOGG-2154] - Open log files check [LOGG-2180] - Deleted file check [LOGG-2190] - Solaris active kernel modules check [KRNL-5770] - Solaris audit daemon status check [ACCT-9650] - Solaris audit daemon service status [ACCT-9652] - Solaris audit daemon BSM check [ACCT-9654] - Solaris audit logging location check [ACCT-9662] - Solaris audit statistics check [ACCT-9672] - Check for installed compiler [HRDN-7202] - BIND process check [NAME-4202] - BIND configuration file check [NAME-4204] - BIND configuration consistency check [NAME-4206] - BIND version check via DNS [NAME-4210] - Default domain check (/etc/resolv.conf) [NAME-4016] - Search domains in /etc/resolv.conf check [NAME-4018] - Parse /etc/resolv.conf options [NAME-4020] - Solaris /etc/nodename check [NAME-4026] - DNS domain checks [NAME-4028] - NSCD status check [NAME-4032] - PowerDNS presence check [NAME-4230] - PowerDNS configuration file check [NAME-4232] - PowerDNS backend check [NAME-4236] - ypbind status check [NAME-4302] - Log specific defined SSH daemon options [SSH-7408] - SSH protocol version check [SSH-7414] - NIS domain checks [NAME-4304] - Check pending at jobs [SCHD-7724] - LVM volume group scan [FILE-6310] - LVM volumes check [FILE-6312] - Locate database check [FILE-6410] - nginx configuration file check [HTTP-6704] - Exim status check [MAIL-8802] - Postfix status check [MAIL-8814] Changes: - atd needs to run before testing at files [SCHD-7720] - Removed Solaris OS requirement from logrotate test [LOGG-2148] - Sanitized output from logrotate test [LOGG-2148] - Skip comment fields in loghost check [LOGG-2152] - Changed auditd tests to Linux only - Binary scan optimized and partially combined with other check - Only perform iptables tests if kernel module is active - Don't show message when /etc/shells can't be found [SHLL-6211] - Check /var/spool/cron/crontabs first, if it exists [SCHD-7704] - Renumbered FreeBSD test SHLL-7225 [SHLL-6202] - Renumbered malware test MALW-3292 [HRDN-7230] - Improved grep on process status [PRNT-2304] - Ignore comment lines for nginx log file check [HTTP-6720] - Added file check for nginx log files [HTTP-6720] - Display IP addresses only of NTP tests [TIME-3124] - Fixed Postfix configuration directory path [MAIL-8816] - Redirected output of yum package duplicate check [PKGS-7384] - Ignore comment lines for lilo test [BOOT-5139] - Fixed incorrect iptables status and correct logging [FIRE-4511] - Check SNMP configuration only if SNMP daemon runs [SNMP-3304] - Don't scan PAM directories which are symlinks [AUTH-9268] - Changed hardening category to hardening_tools - Adjusted hardening points of several tests - Log and display improvements for several tests -- * 1.2.4 (17.03.2009) New: - NTP daemon process test [TIME-3108] - NTP association ID's check from peer list [TIME-3112] - NTP time source candidates test [TIME-3128] - NTP falseticker check [TIME-3132] - NTP protocol version check [TIME-3136] - Stratum 16 ntp peers check [TIME-3116] - Unreliable ntp peers check [TIME-3120] - Preferred NTP time source test [TIME-3124] - auditd presence check [ACCT-9628] - auditd rules check [ACCT-9630] - auditd configuration file check [ACCT-9632] - auditd log file location check [ACCT-9634] - cupsd status check [PRNT-2304] - cupsd configuration file check [PRNT-2306] - cupsd address configuration test [PRNT-2308] - pam.conf configuration check [AUTH-9264] - pam.d configuration file scan [AUTH-9266] - PAM modules check [AUTH-9268] - rpcinfo query [STRG-1902] - NFS version number check [STRG-1904] - NFS protocol and port number check [STRG-1906] - NFS status check [STRG-1920] - NFS exports check [STRG-1926] - NFS empty /etc/exports [STRG-1928] - SSH PermitRootLogin option check [SSH-7412] - at.allow and at.deny check [SCHD-7720] - File integrity tool check [FINT-4350] - nginx process check [HTTP-6702] - nginx log file test [HTTP-6720] - ClamAV clamscan presence test [MALW-3282] - ClamAV daemon check [MALW-3284] - ClamAV freshclam check [MALW-3286] - Check for presence malware scanner [MALW-3292] - clamscan, ntpq binary check - NTP daemon role and profile option - Parameter --tests-category, to scan one or more categories - Category added (Storage: NFS) - Added hardening points to tests - Display hardening index to report Changes: - Extended logrotate test [LOGG-2148] - Added check for inetd.conf before performing test [INSE-8016] - Added /var/spool/crontabs to search path [TIME-3104] - Added log line to sysstat test [ACCT-9626] - Improved screen output on Solaris - Checking for both rdate and ntpdate in cron files [TIME-3104] - Changed yum-security package check [PKGS-7386] - Change output if dig isn't available [NETW-2705] - Added IPv6 support and output adjustment [NETW-2704] - Cosmetic change for host based firewall check [FIRE-4590] - Corrected output in log file [PKGS-7388] - Corrected passwd options for Red Hat [AUTH-9282] - Changed text if everything is ok (no warnings) - Log improvements -- * 1.2.3 (02.03.2009) New: - Added syslog-NG daemon check [LOGG-2132] - Added klogd status test [LOGG-2138] - Added check to determine minilogd presence [LOGG-2142] - Added logrotate configuration test [LOGG-2146] - Added check for loghost entry on Solaris machines [LOGG-2152] - Added ipf test for Solaris [FIRE-4526] - Added uname -n test (Solaris) [NAME-4024] - Added ssh daemon configuration file check [SSH-7404] - Added BSD newsyslog.conf file check [LOGG-2160] - Added inetd status check [INSE-8002] - Added inetd.conf configuration check [INSE-8004] - Added check for inetd.conf when inetd is not active [INSE-8006] - Added telnet check via inetd [INSE-8016] - Added ACL check on root file system [FILE-6368] - Added check for firewall/packet filter on system [FIRE-4590] - Added lograte file check [LOGG-2148] - Added snmp daemon status test [SNMP-3302] - Added snmp configuration file test [SNMP-3304] - Added default snmp community strings test [SNMP-3306] - Added categories: Insecure services and SNMP - Added binary searches for awk, ipf Changes: - Changed profile name in default profile - Added path /usr/ucb to binary paths - Changed color to white if slapd is not running [LDAP-2219] - Changed test PKG-7345 into PKGS-7345 - Changed logging for several tests [PKGS-7302] [NETW-3004] - Extended FAQ - Changed default profile header Fixes: - Hostname detection under Solaris - Disabled tests PROC-3612 PROC3614 for Solaris machines - Disabled NTP check in cron.d directory on Solaris [TIME-3104] - Added result at line when querying system users [AUTH-9234] - Counters (N+1) fixed for some shells, like Solaris - Removed unneeded line for Solaris test [PROC-3604] - Disabled grsecurity test for Solaris [RBAC-6272] - Correct display of files with spaces [FILE-6354] - Changed several tests so they work correctly with Solaris -- * 1.2.2 (15.02.2009) New: - Support for MySQL client - New test: Test for empty MySQL root password [DBS-1816] - New test: SSH daemon status test [SSH-7402] - New test: sysstat account information [ACCT-9626] - New test: connections in WAIT state [NETW-3028] - Lynis displays a warning now, if current version is really outdated - New parameter option (log_tests_incorrect_os) to minimize logging Changes: - Several adjustments to default profile - Fixed option 'skip_test_always' to let it function properly - Fixed passwd check for SuSE systems [AUTH-9282] - Added error redirect for dpkg test [PKG-7345] - Improved NTP test and messages, excluded check when using xen [TIME-3104] - Extended DNS nameserver check with local resolver [NETW-2704] - Skip double nameserver check when a local resolver is found [NETW-2705] - Renamed tests_nameserver to tests_nameservices - Improved log output [AUTH-9218] Notes: - Custom profiles should be compared to the default profile, due small changes in the structure. -- * 1.2.1 (05.09.2008) New: - Added support for Samba - Added support for SELinux framework - New test: SELinux presence test [MACF-6232] - New test: SELinux status checks [MACF-6234] - New test: password PAM availability check [AUTH-9262] - New test: expire date check for accounts [AUTH-9282] - Added new option --tests, to run a small set of tests only Changes: - Report and logging messages improved - Output reduced when using --tests - Added suggestion to PHP expose_php option [PHP-2372] - Improved log message for PHP register_globals option [PHP-2368] - Added virtual host count to log file [HTTP-6626] - Improved Red Hat and clones detection and display - Fix: Improved promiscuous detection for Linux [NETW-3015] - Fix: AUTH-9204 test triggered on group ids as well - Fix: Only display unique MAC addresses [NETW-3006] - Extended Postfix test [MAIL-8818] - Don't show /proc/meminfo if not present [PROC-3602] - Don't show YABOOT information if not present [BOOT-5155] - Improved portaudit test (FreeBSD) [PKGS-7382] - Improved portsclean test (FreeBSD) [PKGS-7348] - Added --quiet and --tests options to help and man page -- * 1.2.0 (26.08.2008) New: - New test: Passwordless Solaris accounts test [AUTH-9254] - New test: AFICK file integrity [FINT-4310] - New test: AIDE file integrity [FINT-4314] - New test: Osiris file integrity [FINT-4318] - New test: Samhain file integrity [FINT-4322] - New test: Tripwire file integrity [FINT-4326] - New tests: NIS and NIS+ authentication test [AUTH-9240/42] - Initial support added for AFICK, AIDE, Osiris, Samhain, Tripwire Changes: - Changed text of grsecurity test [RBAC-6272] - Optimized FreeBSD boot services test [BOOT-5165] - Optimized UID 0 test [AUTH-9204] - Extended login shells test [AUTH-9218] - PID file message extended and small output improvement - A log entry will be written when PID files are removed - Added operating system name to log file when a test is skipped - Added file available check when using --view-manpage - Most program variables are initialized now for future additions -- * 1.1.9 (09.08.2008) New: - New test: AppArmor framework check [MACF-6204] - New test: FreeBSD boot loader test [BOOT-5124] - New test: PHP option register_globals [PHP-2368] - New test: Promiscuous network interfaces (Linux) [NETW-3015] - Report option 'bootloader' added to several tests - Added readlink binary check Changes: - Extended file check (IsWorldWritable) for symlinks - Show result if no default gateway is found [NETW-3001] - Added /usr/local/etc to sudoers test [AUTH-9250] - Improved FreeBSD banner output [BANN-7113] - Removed incorrect line at promiscuous interface test [NETW-3014] - Fix: Show only once the GRUB test output [BOOT-5121] - Fix: Typo in NTP test [TIME-3104] - Fix: Skip NTP test in /etc/cron.d if empty [TIME-3104] - Fix: Initialize values when performing an update check without connection - Fix: Solaris id function has been fixed - Disabled FreeBSD double packages tests, due minor issues [PKGS-7303] - Changed LDAP/MySQL running states [LDAP-2219] [DBS-1804] - Replaced ifconfig calls with IFCONFIGBINARY - Renamed tests_auditing to tests_mac_frameworks - Several tests improved with extended logging -- * 1.1.8 (16.07.2008) New: - Mac OS X support extended and new options added Changes: - Extended default profile - Improved several screen output lines - User ID check improved, so it works better with older Solaris versions - Hostname in output and reports will contain only host now, not FQDN - Added extra php.ini locations to tests_php - Replaced 'ps' in tests with PSBINARY value for better support - Added output to zones test [VIRT-1902] - Updated description [AUTH-9218] - Extended ntp daemon/ntpdate check [TIME-3104] - Added suggestion to bootable scripts check [BOOT_5184] - Bugfix and improvement for FreeBSD portsclean test [PKGS-7348] - Added Mac OS support to MAC address gathering test [NETW-3006] - Added MAC OS support to inet and inet6 addresses test [NETW-3008] - Extended PHP expose_php test to support additional options [PHP-2372] - Improved LDAP test so it skips correctly on Mac OS AUTH-9238] - Bugfix: MySQL status check gave incorrect output [DBS-1804] -- * 1.1.7 (28.06.2008) New: - New test: check for unused iptables rules [FIRE-4513] - New test: checking for dead and zombie processes [PROC-3612] - New test: checking for heavy IO waiting processes [PROC-3614] - Initial HP-UX support (untested) - Initial AIX support (untested) - Added iptables binary check - Added dig check, for DNS related tests - Added option --no-colors to remove all colors from screen output - Added option --reverse-colors for optimizing output at light backgrounds (Konsole, MacOS terminal etc) Changes: - Improved grpck test for SuSE [AUTH-9216] - Added dig availability check to DNS test [NETW-2704] - Bugfix: Fixed iptables test if the binary is not located in /sbin [FIRE-4512] - Bugfix: Improved yum-utils check to display suggestions correctly [PKGS-7384] - Bugfix: Fixed prequisits for grpck test [AUTH-9216] - Improved MySQL check [DBS-1804] - Changed color at chkconfig boot services test [BOOT-5177] - Added missing prequisits output to portaudit test [PKGS-7382] - Test output for FreeBSD mounts (UFS) improved [FILE-6329] - Extended OpenLDAP test to avoid finding itself in ps output [LDAP-2219] - Several tests have their warning reporting improved - Improved SuSE Linux detection - Improved syslog-ng detection - Adjusted README with link to online (extended) documentation -- * 1.1.6 (19.06.2008) New: - New test: Check writable startup scripts [BOOT-5184] - New test: Syslog-NG consistency check [LOGG-2134] - New test: Check yum-utils package and scanning package database [PKGS-7384] - New test: Test for empty ruleset when iptables is loaded [FIRE-4512] - New test: Check for expired SSL certificates [CRYP-7902] - New test: Check for LDAP authentication support [AUTH-9238] - New test: Read available crontab/cron files [SCHD-7704] - New test: Query Solaris running zones [VIRT-1902] - New test: Check availability sudoers file for future tests [AUTH-9250] - New test: Query all home directories from passwd file [HOME-9302] - Syslog-NG support added (binary and version check) - Added new sections: Scheduling, Time and Synchronization, Virtualization Changes: - Extended several tests with suggestions and warnings - Extended GRUB test with GRUB2 check [BOOT-5121] - Extended iptables firewall test [FIRE-4511] - Fixed incorrect variable at Linux kernel config display [KRNL-5728] - Fixed display for file system test [FILE-6023] - Reassigned some ID's to match others in category - Improvement of several logging sections and profile options - Assigned ID to Ubuntu security update check - Assigned ID to pwck test for Solaris [AUTH-9230] - Assigned ID to FreeBSD unused distfiles check [PKGS-7348] - Assigned ID to RPM package query test [PKGS-7308] - Assigned ID to /tmp sticky bit test [FILE-6362] - Assigned ID to old temporary files check [FILE-6354] - Assigned ID to passwd ID 0 test [AUTH-9204] - Assigned ID to FreeBSD swap partitions [FILE-6332] - Assigned ID to FreeBSD swap mount options [FILE-6336] - Assigned ID to nameserver tests [NETW-2704 and NETW-2705] - Assigned ID to pf consistency check [FIRE-4520] - Assigned ID to Postfix configuration check [MAIL-8816] - Assigned ID to Postfix banner check [MAIL-8818] - Assigned ID to FreeBSD promiscuous port test [NETW-3014] - Assigned ID to file permissions check [FILE-7524] -- * 1.1.5 (10.06.2008) New: - Assigned ID to Apache configuration file test [HTTP-6624] - Added pause_between_tests to profile file, to regulate the speed of a scan - Assigned ID to dpkg test and solved issue with colon in package names [PKG-7345] - Assigned ID to Solaris package test [PKG-7306] - New test: which gathers virtual hosts from Apache configuration files [HTTP-6626] - New test: read all loaded kernel modules (Linux) [KRNL-5726] - New test: query available FreeBSD network interfaces [NETW-3004] - New test: query available IPv4 and IPv6 network addresses [NETW-3008] - New test: for MAC addresses [NETW-3006] - New test: check if a Linux kernel configuration file is available [KRNL-5728] - New test: check boot services for Debian/Ubuntu [BOOT-5180] - Added Lynx, Nmap, Wget version to log file - Added support for Oracle enterprise Linux (Unbreakable Linux) - Added new function ReportWarning for better logging to report file Changes: - Improved FreeBSD pkg_info output, logging output and report data [PKG-7302] - Changed shell history file test, searching files with maxdepth 1 [HOME-9310] - Extended iptables test, to check Linux kernel configuration file [FIRE-4511] - Added report warning to promicuous test [NETW-3014] - Fixed yellow color when being used at text display - Several logging improvements and cleanups -- * 1.1.4 (31.05.2008) New: - Added option to disable Lynis upgrade availability test (profile option) - Added new option --check-update, to display (update) information - Added stub for malware and file permissions database - New section 'LDAP Services' - Support for OpenLDAP added - Place holders for new tests are added - Default profile extended - [FILE-6023] Added test for Linux ext2, ext3, ext4 file systems - [BOOT-5155] Added check for YABOOT boot loader Changes: - [BANN-7119] Improved MOTD banner check - Improved Apache tests for SuSE and Debian systems - Debian/Ubuntu file tests improved - Extended man page -- * 1.1.3 (21.05.2008) New: - Added security updates check for Fedora, RHEL 5.x, CentOS 5.x - Added Linux kernel version check - Most stable tests have an unique ID now - Skipped tests have their reason to skip logged - Added /etc/lynis/plugins to searchable plugin directory targets - Added Register() function, to handle tests, prerequisites and counter - Added new crypto tests - Added profile option "test_skip_always" to blacklist a specific test Changes: - Extended default profile location for FreeBSD - Extended accounting test to include pacct as well - Improved tests from categories: shells - Disabled skel tests - Several tests log their warnings into the report file now - Changed Linux default runlevel test - Extended man page Fixes: - Auditor name didn't get logged properly to report file. - Changed Debian/Ubuntu kernel update test, so it won't be tested on others - Exim test failed, due to using an incorrect variable name -- * 1.1.2 (11.05.2008) New: - Added memory test for Solaris (tested on OpenSolaris) - Password file consistency check for Solaris - 32/64 bits OS mode check for Solaris - Added Slackware detection - Plugin support (see documentation) - Added monolithic/modular test for Linux kernels Changes: - Improved LILO test and removed double message - Fixed incorrect message when using --help parameter - Improved portaudit test (FreeBSD) to show unique packages only - Updated man page, FAQ, extended documention with plugin information - Added several php.ini file locations (MacOS X, OpenBSD, OpenSuSE) ** Special release notes [package/ports]: ** - Added several default paths to check for usuable an INCLUDE directory. This should make packaging Lynis easier for downstream package providers. - When no profile is set, Lynis will check first /etc/lynis/default.prf, before setting default.prf (in current work directory) as profile to use. - New directory added to be installed for future versions: plugins -- * 1.1.1 (13.04.2008) New: - Added Solaris package manager (pkginfo) to obtain installed packages - Added new option to profile to whitelist promiscuous interfaces (if_promisc) - Added vulnerable packages check for Debian/Ubuntu - Added package database consistency check for Debian/Ubuntu Changes: - Only perform boot.conf check for OpenBSD when running on i386 - Changed RemovePIDFile to prevent incorrect file presence check (ie on OpenBSD) - Better OS detection and display output for Ubuntu systems - Improved text alignment (display) and logging - Commented out some of the default profile options - Updated FAQ, readme, man page Bug fixes: - Added missing space at OS detection function - Fixed /etc/group tests to ignore commented lines - Fixed sticky bit checking on /tmp, so it won't give incorrect results on SuSE/Debian systems -- * 1.1.0 (09.04.2008) New: - Added test: default gateway (Linux/BSD) - Added boot tasks to report file (boottask) - Added vulnerable packages to report file (vulnerable_package) Changes: - Fixed some typos - Several improvements in log output - Changed display of operating system version (Linux) - Fixed PHP check -- * 1.0.9 (24.03.2008) New: - Added --quiet option (currently not 100% quiet yet) - Added a spec file to the project page (see web site) - Added small INSTALL document Changes: - Changed check for PHP (php.ini location) - Added available shells from /etc/shells to report file - Updated man page - Fixed option in main help window for --man option - Code improvement, splitting up sections to seperated files -- * 1.0.8 (10.02.2008) New: - Added pf filter rule test - Added our PID to PID file - Added warnings, real users, mount points, total tests to report file Changes: - Changed Apache configuration file test - Changed old temporary files check - Changed test to include ubuntu security repository - Moved UID check to avoid PID creation as non root user - Moved most functions to seperated files and several code cleanups - Improved logging output - Extended FreeBSD (Copyright file) test - Changed indentation for many tests - Changed some typos in notice/warning messages -- * 1.0.7 (28.01.2008) New: - Test: UFS mount point check (FreeBSD) - Test: Check swap partitions (FreeBSD) - Test: find old files in /tmp - Test: check presence iptables - Test: check CPU PAE/NX support (Linux) - Added profile options check - Added option to skip Debian security repository check (profile option) - Support for Red Hat and CentOS Changes: - Changed report log location to /var/log instead of current work directory - Changed --help (and -h) to display general help, instead of man page - Renamed -man option to --man - Extended profile file (see default.prf) - Cleaned up code (rewritten several parts of static code to dynamic functions) - Added more comments to the program, for curious auditors, developers and users. Also regrouped parts of text and cleaned useless white spaces. - General program output improved (spaces, indentation) - Logging extended - Updated lynis.spec file (contrib) - FAQ and README files extended and updated Bugfixes: - Changed postfix banner check (thanks to Henk Bokhoven for reporting) - Extended skel directory test, with -A (ls) option to check hidden files (used with most Linux variants) Development: - Added new mirror - Updated year number in program and support files - Added new function Display, to use indentation within lines - Added function RemovePIDFile before some exit routines, to clean up PID file - Extracted profile support, parameter support to seperated files - Created file tests_ports_packages for Ports and Packages - Deleted lynis.spec file, since it was not working and will be rewritten later -- * 1.0.6 (26.12.2007) New: - Added Solaris real users test - Added hostname check Changes: - Added chkconfig binary test and changed related services test - Added 'xargs' to version checks, to replace unwanted chars - Added more breaks to log file. - Added sorting to rpm/dpkg listings - FAQ extended -- * 1.0.5 (02.12.2007) New: - Test: unique group names - Test: unique group IDs - Added check for rpm, chkrootkit and rkhunter binary - Added function to cleanup at manual interrupt (INT) - Support added to run Lynis as cronjob (--cronjob) - Fedora support added - Added umask 027, to tighten up file permissions Changes: - Changed FreeBSD ttys test - Changed grpck test, to operate in read-only mode - Changed Postfix test, to check for mail_name value as well - Changed GPL line in script which said GPL v2 - Extended README - Show latest update version, if available, at the end of the screen output - Lots of code cleanup (see Development) - Some log improvements - Changed date notation in changelog to preferred European format (with dots instead of slashes) Development: - New function (ShowResult) to avoid repeating the same result line within the script for standard status values - Moved program consts to file (include/consts) - Moved functions to file (include/functions) - Moved OS detection to file (include/osdetection) - Added NEVERBREAK to avoid user input (cronjob support) -- * 1.0.4 (27.11.2007) New: - Test: query real system users (FreeBSD/Linux) - Added PID file usage, to warn for unclean program states. - Added SSHd version test Changes: - Updated documentation - Changed sticky bit test (/tmp), to skip symlinks - Changed /etc/motd test, to skip symlinks - More code cleanup - Logging extended and improved - Screen output slightly changed -- * 1.0.3 (19.11.2007) New: - Added check for sockstat - Test: added test for GRUB and password option - Test: query listening ports (sockstat) Changes: - Fixed NTPd check (bug) - Extended help for 'double installed package' check (BSD systems, pkg_info) - Extended Debian kernel update check - Improved OpenBSD support - Improved Linux specific detection support (Cobalt, CPU Builders, Debian, E-Smith, Slackware, SuSE/OpenSuSE, Turbo Linux, Yellowdog and others) - Improved screen output - Extended logging, with status/impact flags - [Bugfix] chkconfig test improved - [Bugfix] Fixed sticky bit test at Debian - Extended documentation and changelog file -- * 1.0.2 (15/11/2007) New: - Test: Added check for NTP daemon or client - Test: file permissions (profile option) - Added -Q (--quick) parameter, to run the program without needing user input after every few sections. Changes: - Extended documentation (README file) and performed spell check - Improved screen output (colors, parameter handling and display) - Cleaned up source code and fixed some bad typos - Added much more delimiter lines to logfile - Added version numbers to logfile for used binaries/tools - Updated list of parameters within Lynis help -- * 1.0.1 (12.11.2007) New: - Test: check Exim configuration file location - Test: added memory check (/proc/meminfo) - Test: run grpck to check group files (if available) - Test: boot option check for OpenBSD boot loader - Test: check if pf (Software: firewall) is active - Test: check LILO password - Test: check presence of old distfiles (FreeBSD) - Added check for binaries: httpd, kldstat, openssl, (s)locate - Added version check for: exim, openssl - Added -V (--version) parameter, to show version number - Added breaks between tests Changes: - [bug] Changed skel directory check - Fixed display Apache configuration file -- * 1.0.0 (08.11.2007) New: - Support for CentOS (Tested: 5 Final) - Support for Debian (Tested: 4.0) - Support for FreeBSD (Tested: 6.2) - Support for Mac OS X (Tested: 10.4) - Test: Apache (ServerTokens option) - Test: PHP (expose_php option) - Test: Postfix (smtpd_banner option) - Test: check valid shells - Test: query pkg_info/RPM based systems - Test: query pkg_info for double installed packages - Test: query chkprintcap (FreeBSD) - Test: scan binary directories - Test: check administrator accounts - Test: check permissions /etc/motd - Test: read nameservers from /etc/resolv.conf - Test: query nameservers and test connectivity - Test: check promiscuous interfaces (FreeBSD) - Test: check sticky bit on /tmp directory - Test: check debian.org security brance in /etc/apt/sources.list - Test: check kernel update on Debian - Test: query default Linux run level - Test: query chkconfig to see which services start at boot - Test /etc/COPYRIGHT banner check for FreeBSD - Support for program parameters - Builtin integrity checks - Color enhanced output for readability - Support for profiles/templates - Report file creation (for reporting/monitoring) - Extended logfile creation (with system suggestions) - Added lynis.spec file for RPM creation - Created project page at website - Added documentation (README), ToDo list (TODO) - Man page lynis(8) Changes: - No changes Bugfixes: - No bugfixes ================================================================================ Lynis - Copyright 2007-2009, Michael Boelen - The Netherlands http://www.rootkit.nl
