Package Release Info

lynis-2.6.1-bp151.3.1

Update Info: Base Release
Available in Package Hub : 15 SP1

platforms

AArch64
ppc64le
s390x
x86-64

subpackages

lynis

Change Logs

Version: 2.6.1-bp150.2.4
* Fri Jan 26 2018 astieger@suse.com
- update to 2.6.1:
  * New group 'usb' for tests related to USB devices
  * Updated and enhanced tests
  * Many bug fixes
  * output and UI fixes
* Thu Jun 08 2017 astieger@suse.com
- Lynis 2.5.1:
  * Improved detection of SSL certificate files
  * Minor changes to improve logging and results
  * Firewall tests: Determine if CSF is in testing mode
- includes changes from Lynis 2.5.0:
  * CVE-2017-8108: symlink attack may have allowed arbitrary file
    overwrite or privilege escalation (bsc#1043463)
  * Deleted unused tests from database file
  * Additional sysctls are tested
  * Extended test with Symantec components
  * Snort detection
  * Snort configuration file
* Tue Apr 04 2017 tuukka.pasanen@ilmi.fi
- Lynis 2.4.8 (Changelog from 2.4.1)
  * More PHP paths added
  * Minor changes to text
  * Show atomic test in report
  * Added FileInstalledByPackage function (dpkg and rpm supported)
  * Mark Arch Linux version as rolling release (instead of unknown)
  * Support for Manjaro Linux
  * Escape files when testing if they are readable
  * Code cleanups
  * Allow host alias to be specified in profile
  * Code readability enhancements
  * Solaris support has been improved
  * Fix for upload function to be used from profile
  * Reduce screen output for mail section, unless --verbose is used
  * Code cleanups and removed 'update release' command
  * Colored output can now be tuned with profile (colors=yes/no)
  * Allow data upload to be set as a profile option
  * Properly detect SSH daemon version
  * Generic code improvements
  * Improved the update check and display
  * Finish, Portuguese, and Turkish translation
  * Extended support and tests for DragonFlyBSD
  * Option to configure hostid and hostid2 in profile
  * Support for Trend Micro and Cylance (macOS)
  * Remove comments at end of nginx configuration
  * Used machine ID to create host ID when no SSH keys are available
  * Added detection of iptables-save to binaries
  Tests:
  BANN-7126 - Added more words to test for
  CUPS-2308 - Improve logging for CUPS configuration test, removed exception handler
  HTTP-6641 - Support detection for Apache module mod_reqtimeout
  PKGS-7388 - Minor change to detect security repositories
  CRYP-7902 - Test more certificates names, but only if they are not part of a package
  FILE-7524 - Reduce standard screen output for file permissions check
  MALW-3280 - Added Avira detection as a malware scanner
  NAME-4018 - Only perform name services test when resolv.conf file exists
  PKGS-7387 - Check all repositories if they use GPG signing
  SCHD-7704 - Permission checks
  TIME-3104 - Check permissions before open files
  AUTH-9328 - Add missing 0027 and 0077 umasks
  BOOT-5104 - Add initsplash and minor code enhancements
  DBS-1882 - Include Redis configuration file
  FIRE-4502 - Improved detection for iptables modules when using OpenVZ
  PKGS-7381 - Enhanced package audit for FreeBSD
  AUTH-9308 - Improved test for sulogin string (Debian systems)
  FILE-6372 - Properly deal with comment on lines in /etc/fstab
  MAIL-8817 - New test to check Postfix configuration for errors
  SSH-7408 - Corrected SSH check
  AUTH-9308 - Improved test for sulogin string
  MAIL-8818 - Test if Linux version is known before comparing in Postfix banner
  TIME-3116 - Skip stratum 16 items for time pools
  TIME-3148 - New test to detect TZ variable
  AUTH-9208 - Removed double logging
  AUTH-9222 - Improve logging for double groups
  AUTH-9226 - Improve logging for double groups
  BOOT-5177 - Sort systemctl unit files to make them unique
  DBS-1818 - New test to detect MongoDB
  DBS-1820 - New test for MongoDB authentication
  FIRE-4512 - Lowered minimum number of iptables firewall rules
  FIRE-4586 - Fix applied when searching for "-j LOG"
  HRDN-7222 - Changed reporting key of world executable compilers
  SSH-7408 - Added filtering for PermitRootLogin (prohibit-password, OpenSSH 7.0)
  FIRE-4586 - Check logging for firewall components
  KRNL-5788 - Remove exception and style improvements
  KRNL-5830 - Improved logging
* Fri Nov 04 2016 matthias.gerstner@suse.com
- lynis 2.4.0
  * Mainly improved support for macOS users
  * Support for CoreOS
  * Support for clamconf utility
  * Support for chinese translation
  * More sysctl values in the default profile
  * New commands: "upload-only", "show hostids", "show environment", "show os"
* Wed Sep 28 2016 astieger@suse.com
- lynis 2.3.4 with various improvements, including:
  * Several tests have extended log details
  * Detection of nftables improved
  * Replaced cut, sed, tr and others commands with binary variable
    (for forensics and future intrusion checking capabilities)
  * OS detection improved
* Thu Sep 15 2016 astieger@suse.com
- lynis 2.3.3 with many improvements and updates
* Thu May 12 2016 astieger@suse.com
- lynis 2.2.0:
  * new features and tests, small enhancements
  * optimisation, better detection
  * dealing with OS quirks and unexcepted results
  * adjustments for supporting more compliance in-depth
  * Detection for CFEngine has been improved
  * now tries to determine if failed logins are properly logged
  * New plugin is introduced to analyze PAM settings
  * Initial support to test UEFI settings, including Secure Boot option.
  * Support added for Unbound DNS caching tool, configuration check
  * Record if a name caching utility is being used like nscd or Unbound.
  * Tests chains of iptables and their default policy (ACCEPT or DROP)
  * Support upcoming nftables technology (status check)
  * Test added to include osqueryd as a supported tool.
  * Detection of firewire is enhanced (both ohci and core detected).
  * Extended the test syslog-ng logging to remote systems.
  * ESET and LMD (Linux Malware Detect) have been added.
  * Discovered malware scanners are also logged to the report.
  * Eexpanded test for multiple common mount points and define best
    practice mount flags.
  * Best practices for IPv6 configuration on Linux are now collected.
  * Collect network interface names from most operating systems.
  * Password change test has been extended to both capture minimum and password age.
  * Add Proxu support
  * SystemV init is now detected.
  * Now information will be logged when vulnerable software packages were found.
  * Support for DNF (Dandified YUM) for Fedora systems has been added.
  * Multiple configuration tests of SSH merged.
  * Extend detection of virtual machines (VMware tools)
  * Machine state detection with Puppet, Facter, dmidecode, and lscpu
  * When using pentest mode, it will continue without any delays (=quick mode).
  * Improvements for automatic execution of Lynis
  * Upload improvements
* Wed Jul 29 2015 astieger@suse.com
- lynis 2.1.1:
  * performance improvements
  * additional support for Linux distributions and external utilities
  * Apache module directory /usr/lib64/apache has been added, which
    is used on openSUSE.
  * various other improvements and bug fixes
- update patches for contect changes:
  lynis_1.3.1_include_consts.diff, lynis_1.3.5_lynis.diff
* Tue May 12 2015 astieger@suse.com
- lynis 2.1.0:
  * Screen output has been improved to provide additional information.
  * Core dump check on Linux is extended to check for actual values as well.
  * Software:
    + McAfee detection has been extended by detecting a running cma binary.
    + Security patch checking with zypper extended.
  * Session timeout:
    + Tests to determine shell time out setting have been extended
    + determine also if variable is exported as a readonly variable.
    + Related compliance section PCI DSS 8.1.8 has been extended.
- includes changes from Lynis 2.0.0:
  * New feature: helpers
  * docker build file audit helper
  * Improved OS support
  * support systemd, docker, nftables
  * New parameters:
    + --dump-options (see all options)
    + --report-file (define a different location for the report file)
- use tarball supplied default.prf
- clean or silence rpmlint warnings
* Tue Feb 17 2015 astieger@suse.com
- lynis 1.6.4:
  * New:
    + Boot loader detection for AIX
    + Detection of getcap and lsvg binary
    + Added filesystem_ext to report
    + Detect rootsh
  * Changes:
    + Hide errors when RPM database is faulty and show suggestion instead
    + Allow OpenBSD to gather information on listening network ports
    + Don't trigger warning for Shellshock when doing segfault test
    + Do not run Apache test on OpenBSD and strip control chars
    + Extended AIDE test with configuration validation test
    + Improved Shellshock test regarding non-Linux support
    + Added support for gathering volume groups on AIX
    + Properly parse PAM lines and add them to report
    + Support for boot loader detection on OpenBSD
    + Added uptime detection for OpenBSD systems
    + Support for volume groups on AIX
    + Redirect errors when searching for readlink binary
- includes changes from 1.6.3:
  * New:
    + Added tests for Shellshock bash vulnerability
    + Added test to determine if Snoopy is used
    + New test for qdaemon configuration file
    + Test for GRUB boot loader password
    + New test for qdaemon printer jobs
    + Added ClamXav test for Mac OS X
    + Gentoo vulnerable packages test
    + New test for qdaemon status
    + Gentoo package listing
    + Running Lynis without root permissions will start non-privileged scan
    + Systemd service and timer example file added
    + Added grub2-install to binaries
  * Changes:
    + Adjustments so insecure SSL protocols are detected in nginx config
    + Directories will be skipped when searching for nginx log files
    + Only gather unique name servers from /etc/resolv.conf
    + Properly detect mod_evasive on Gentoo and others
    + Improved swap partition detection in /etc/fstab
    + Improvements to kernel detection (e.g. Gentoo)
    + Test for built-in security options in YUM
    + Improved boot loader detection for GRUB2
    + Split GRUB test into two tests
    + Added Mac OS uptime check
    + Improved GetHostID function for systems having only ip binary
    + Improved testing for symlinked binary directories
    + Minor adjustments to log output
    + Renamed dev directory to extras
- verify source signature
- adjust permissions of items in /usr/share/lynis/include/consts
  to match those requested by main executable
- run spec_cleaner
* Sun Nov 16 2014 Led <ledest@gmail.com>
- fix bashisms in scripts
* Wed Sep 24 2014 citypw@gmail.com
- Upgrade to version 1.6.2
- Remove files:
  * lynis_1.3.7_include-test-filesystem.diff( already fixed)
  * lynis-1.3.9.tar.gz
* Thu Jan 09 2014 saigkill@opensuse.org
- updated to version 1.3.9
- removed patch
  * lynis_1.3.6_include-test-kernel.diff (fixed upstream)
* Wed Dec 11 2013 saigkill@opensuse.org
- updated to version 1.3.7
- Changelog:
  * FileExists() and SearchItem() functions were added. The yum-security
    check and iptables binary check were improved, and the report was
    extended to show which tests have been executed or skipped
- updated patch
  * lynis_1.3.7_include-test-filesystem.diff
* Tue Dec 10 2013 saigkill@opensuse.org
- updated to version 1.3.6
- Removed patches (obsolete):
  * lynis_1.3.5_include_binaries.diff
- Updated patches
  * lynis_1.3.6_include_osdetection.diff
  * lynis_1.3.6_include-test-kernel.diff
* Sun Nov 24 2013 saigkill@opensuse.org
- updated to version 1.3.5
- Updated patches:
  o lynis_1.3.1_lynis.diff
  o lynis_1.3.1_include_binaries.diff
  o lynis_1.3.1_include-osdetection.diff
  o lynis_1.3.1_include-test-kernel.diff
- Removed patches (obsolete)
  o lynis_1.3.1_include-test-databases.diff
  o lynis_1.3.1_include-test-storage.diff
  o lynis_1.3.1_include-test-homedirs.diff
* Fri Jun 21 2013 thomas@suse.com
- fixed typo in prepare_for_suse.sh
* Fri Jan 25 2013 thomas@suse.com
- fixed log message for dbus test
- fixed bash variable incrementation that sneaked in the code
* Mon Jan 14 2013 thomas@suse.com
- fixed tests_network_allowed_ports to increment index vars
  and not loop forever
* Thu Jan 10 2013 thomas@suse.com
- fixed test_homedirs