Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Backports:SLE-15:Update
lynis
lynis.changes
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File lynis.changes of Package lynis
------------------------------------------------------------------- Fri Jan 26 17:00:07 UTC 2018 - astieger@suse.com - update to 2.6.1: * New group 'usb' for tests related to USB devices * Updated and enhanced tests * Many bug fixes * output and UI fixes ------------------------------------------------------------------- Thu Jun 8 19:36:22 UTC 2017 - astieger@suse.com - Lynis 2.5.1: * Improved detection of SSL certificate files * Minor changes to improve logging and results * Firewall tests: Determine if CSF is in testing mode - includes changes from Lynis 2.5.0: * CVE-2017-8108: symlink attack may have allowed arbitrary file overwrite or privilege escalation (bsc#1043463) * Deleted unused tests from database file * Additional sysctls are tested * Extended test with Symantec components * Snort detection * Snort configuration file ------------------------------------------------------------------- Tue Apr 4 09:35:48 UTC 2017 - tuukka.pasanen@ilmi.fi - Lynis 2.4.8 (Changelog from 2.4.1) * More PHP paths added * Minor changes to text * Show atomic test in report * Added FileInstalledByPackage function (dpkg and rpm supported) * Mark Arch Linux version as rolling release (instead of unknown) * Support for Manjaro Linux * Escape files when testing if they are readable * Code cleanups * Allow host alias to be specified in profile * Code readability enhancements * Solaris support has been improved * Fix for upload function to be used from profile * Reduce screen output for mail section, unless --verbose is used * Code cleanups and removed 'update release' command * Colored output can now be tuned with profile (colors=yes/no) * Allow data upload to be set as a profile option * Properly detect SSH daemon version * Generic code improvements * Improved the update check and display * Finish, Portuguese, and Turkish translation * Extended support and tests for DragonFlyBSD * Option to configure hostid and hostid2 in profile * Support for Trend Micro and Cylance (macOS) * Remove comments at end of nginx configuration * Used machine ID to create host ID when no SSH keys are available * Added detection of iptables-save to binaries Tests: BANN-7126 - Added more words to test for CUPS-2308 - Improve logging for CUPS configuration test, removed exception handler HTTP-6641 - Support detection for Apache module mod_reqtimeout PKGS-7388 - Minor change to detect security repositories CRYP-7902 - Test more certificates names, but only if they are not part of a package FILE-7524 - Reduce standard screen output for file permissions check MALW-3280 - Added Avira detection as a malware scanner NAME-4018 - Only perform name services test when resolv.conf file exists PKGS-7387 - Check all repositories if they use GPG signing SCHD-7704 - Permission checks TIME-3104 - Check permissions before open files AUTH-9328 - Add missing 0027 and 0077 umasks BOOT-5104 - Add initsplash and minor code enhancements DBS-1882 - Include Redis configuration file FIRE-4502 - Improved detection for iptables modules when using OpenVZ PKGS-7381 - Enhanced package audit for FreeBSD AUTH-9308 - Improved test for sulogin string (Debian systems) FILE-6372 - Properly deal with comment on lines in /etc/fstab MAIL-8817 - New test to check Postfix configuration for errors SSH-7408 - Corrected SSH check AUTH-9308 - Improved test for sulogin string MAIL-8818 - Test if Linux version is known before comparing in Postfix banner TIME-3116 - Skip stratum 16 items for time pools TIME-3148 - New test to detect TZ variable AUTH-9208 - Removed double logging AUTH-9222 - Improve logging for double groups AUTH-9226 - Improve logging for double groups BOOT-5177 - Sort systemctl unit files to make them unique DBS-1818 - New test to detect MongoDB DBS-1820 - New test for MongoDB authentication FIRE-4512 - Lowered minimum number of iptables firewall rules FIRE-4586 - Fix applied when searching for "-j LOG" HRDN-7222 - Changed reporting key of world executable compilers SSH-7408 - Added filtering for PermitRootLogin (prohibit-password, OpenSSH 7.0) FIRE-4586 - Check logging for firewall components KRNL-5788 - Remove exception and style improvements KRNL-5830 - Improved logging ------------------------------------------------------------------- Fri Nov 4 13:41:25 UTC 2016 - matthias.gerstner@suse.com - lynis 2.4.0 * Mainly improved support for macOS users * Support for CoreOS * Support for clamconf utility * Support for chinese translation * More sysctl values in the default profile * New commands: "upload-only", "show hostids", "show environment", "show os" ------------------------------------------------------------------- Wed Sep 28 11:45:44 UTC 2016 - astieger@suse.com - lynis 2.3.4 with various improvements, including: * Several tests have extended log details * Detection of nftables improved * Replaced cut, sed, tr and others commands with binary variable (for forensics and future intrusion checking capabilities) * OS detection improved ------------------------------------------------------------------- Thu Sep 15 14:44:27 UTC 2016 - astieger@suse.com - lynis 2.3.3 with many improvements and updates ------------------------------------------------------------------- Thu May 12 08:32:25 UTC 2016 - astieger@suse.com - lynis 2.2.0: * new features and tests, small enhancements * optimisation, better detection * dealing with OS quirks and unexcepted results * adjustments for supporting more compliance in-depth * Detection for CFEngine has been improved * now tries to determine if failed logins are properly logged * New plugin is introduced to analyze PAM settings * Initial support to test UEFI settings, including Secure Boot option. * Support added for Unbound DNS caching tool, configuration check * Record if a name caching utility is being used like nscd or Unbound. * Tests chains of iptables and their default policy (ACCEPT or DROP) * Support upcoming nftables technology (status check) * Test added to include osqueryd as a supported tool. * Detection of firewire is enhanced (both ohci and core detected). * Extended the test syslog-ng logging to remote systems. * ESET and LMD (Linux Malware Detect) have been added. * Discovered malware scanners are also logged to the report. * Eexpanded test for multiple common mount points and define best practice mount flags. * Best practices for IPv6 configuration on Linux are now collected. * Collect network interface names from most operating systems. * Password change test has been extended to both capture minimum and password age. * Add Proxu support * SystemV init is now detected. * Now information will be logged when vulnerable software packages were found. * Support for DNF (Dandified YUM) for Fedora systems has been added. * Multiple configuration tests of SSH merged. * Extend detection of virtual machines (VMware tools) * Machine state detection with Puppet, Facter, dmidecode, and lscpu * When using pentest mode, it will continue without any delays (=quick mode). * Improvements for automatic execution of Lynis * Upload improvements ------------------------------------------------------------------- Wed Jul 29 11:05:22 UTC 2015 - astieger@suse.com - lynis 2.1.1: * performance improvements * additional support for Linux distributions and external utilities * Apache module directory /usr/lib64/apache has been added, which is used on openSUSE. * various other improvements and bug fixes - update patches for contect changes: lynis_1.3.1_include_consts.diff, lynis_1.3.5_lynis.diff ------------------------------------------------------------------- Tue May 12 15:19:07 UTC 2015 - astieger@suse.com - lynis 2.1.0: * Screen output has been improved to provide additional information. * Core dump check on Linux is extended to check for actual values as well. * Software: + McAfee detection has been extended by detecting a running cma binary. + Security patch checking with zypper extended. * Session timeout: + Tests to determine shell time out setting have been extended + determine also if variable is exported as a readonly variable. + Related compliance section PCI DSS 8.1.8 has been extended. - includes changes from Lynis 2.0.0: * New feature: helpers * docker build file audit helper * Improved OS support * support systemd, docker, nftables * New parameters: + --dump-options (see all options) + --report-file (define a different location for the report file) - use tarball supplied default.prf - clean or silence rpmlint warnings ------------------------------------------------------------------- Tue Feb 17 12:32:20 UTC 2015 - astieger@suse.com - lynis 1.6.4: * New: + Boot loader detection for AIX + Detection of getcap and lsvg binary + Added filesystem_ext to report + Detect rootsh * Changes: + Hide errors when RPM database is faulty and show suggestion instead + Allow OpenBSD to gather information on listening network ports + Don't trigger warning for Shellshock when doing segfault test + Do not run Apache test on OpenBSD and strip control chars + Extended AIDE test with configuration validation test + Improved Shellshock test regarding non-Linux support + Added support for gathering volume groups on AIX + Properly parse PAM lines and add them to report + Support for boot loader detection on OpenBSD + Added uptime detection for OpenBSD systems + Support for volume groups on AIX + Redirect errors when searching for readlink binary - includes changes from 1.6.3: * New: + Added tests for Shellshock bash vulnerability + Added test to determine if Snoopy is used + New test for qdaemon configuration file + Test for GRUB boot loader password + New test for qdaemon printer jobs + Added ClamXav test for Mac OS X + Gentoo vulnerable packages test + New test for qdaemon status + Gentoo package listing + Running Lynis without root permissions will start non-privileged scan + Systemd service and timer example file added + Added grub2-install to binaries * Changes: + Adjustments so insecure SSL protocols are detected in nginx config + Directories will be skipped when searching for nginx log files + Only gather unique name servers from /etc/resolv.conf + Properly detect mod_evasive on Gentoo and others + Improved swap partition detection in /etc/fstab + Improvements to kernel detection (e.g. Gentoo) + Test for built-in security options in YUM + Improved boot loader detection for GRUB2 + Split GRUB test into two tests + Added Mac OS uptime check + Improved GetHostID function for systems having only ip binary + Improved testing for symlinked binary directories + Minor adjustments to log output + Renamed dev directory to extras - verify source signature - adjust permissions of items in /usr/share/lynis/include/consts to match those requested by main executable - run spec_cleaner ------------------------------------------------------------------- Sun Nov 16 00:39:00 UTC 2014 - Led <ledest@gmail.com> - fix bashisms in scripts ------------------------------------------------------------------- Wed Sep 24 16:36:21 UTC 2014 - citypw@gmail.com - Upgrade to version 1.6.2 - Remove files: * lynis_1.3.7_include-test-filesystem.diff( already fixed) * lynis-1.3.9.tar.gz ------------------------------------------------------------------- Thu Jan 9 18:45:44 UTC 2014 - saigkill@opensuse.org - updated to version 1.3.9 - removed patch * lynis_1.3.6_include-test-kernel.diff (fixed upstream) ------------------------------------------------------------------- Wed Dec 11 20:14:06 UTC 2013 - saigkill@opensuse.org - updated to version 1.3.7 - Changelog: * FileExists() and SearchItem() functions were added. The yum-security check and iptables binary check were improved, and the report was extended to show which tests have been executed or skipped - updated patch * lynis_1.3.7_include-test-filesystem.diff ------------------------------------------------------------------- Tue Dec 10 18:46:14 UTC 2013 - saigkill@opensuse.org - updated to version 1.3.6 - Removed patches (obsolete): * lynis_1.3.5_include_binaries.diff - Updated patches * lynis_1.3.6_include_osdetection.diff * lynis_1.3.6_include-test-kernel.diff ------------------------------------------------------------------- Sun Nov 24 14:29:06 UTC 2013 - saigkill@opensuse.org - updated to version 1.3.5 - Updated patches: o lynis_1.3.1_lynis.diff o lynis_1.3.1_include_binaries.diff o lynis_1.3.1_include-osdetection.diff o lynis_1.3.1_include-test-kernel.diff - Removed patches (obsolete) o lynis_1.3.1_include-test-databases.diff o lynis_1.3.1_include-test-storage.diff o lynis_1.3.1_include-test-homedirs.diff ------------------------------------------------------------------- Fri Jun 21 12:22:08 UTC 2013 - thomas@suse.com - fixed typo in prepare_for_suse.sh ------------------------------------------------------------------- Fri Jan 25 09:40:52 UTC 2013 - thomas@suse.com - fixed log message for dbus test - fixed bash variable incrementation that sneaked in the code ------------------------------------------------------------------- Mon Jan 14 14:57:15 UTC 2013 - thomas@suse.com - fixed tests_network_allowed_ports to increment index vars and not loop forever ------------------------------------------------------------------- Thu Jan 10 16:53:32 UTC 2013 - thomas@suse.com - fixed test_homedirs ------------------------------------------------------------------- Thu Jan 10 16:46:02 UTC 2013 - thomas@suse.com - some bugfixing for pathnames, didn't work with sudo - improved default.prf by adding more sysctl vars - fixed test_storage - generated fileperm.db and dbus-whitelist for 12.2 ------------------------------------------------------------------- Mon Dec 26 16:24:35 UTC 2011 - Sascha.Manns@open-slx.de - fixed conflict in spec ------------------------------------------------------------------- Mon Dec 26 16:18:01 UTC 2011 - Sascha.Manns@open-slx.de - updated to version 1.3.0 - from Changelog: - New: - Profile option: ignore_home_dir - TCP wrappers category added - Tooling category added - Initial extensions to support plugins in the future - Test for unpurged Debian packages [PKGS-7346] - Test for compiler permissions [HRDN-7222] - Changes: - Converted all dates to ISO format and updated copyright lines - Correct suggestion for file integrity tool [FINT-4350] - Added hint when RPM list is empty on DPKG based systems [PKGS-7308] - Changed logging for /etc/security/limits.conf file [KRNL-5820] - Fixed incorrect warning for single user mode [AUTH-9308] - Improved output for stratum 16 time servers [TIME-3116] - Added suggestion and screen output for kernel hardening [KRNL-6000] - Screen layout optimalizations and log file improvements - Improved list/layout of scan options - Improved binary check for compilers - Added configuration option in scan profile (show_tool_tips, default true) ------------------------------------------------------------------- Thu Apr 7 15:57:31 UTC 2011 - thomas@novell.com - added patch for apache2 and oracle detection ------------------------------------------------------------------- Fri Apr 1 22:00:13 UTC 2011 - saigkill@opensuse.org - removed rpmlintrc and fixed non-executable-script ------------------------------------------------------------------- Sun Dec 26 19:55:21 UTC 2010 - saigkill@opensuse.org - prettyfied spec file - NOTE: Please submit submitrequests to home:saigkill. This Package links to this Repository. ------------------------------------------------------------------- Fri Sep 3 05:41:52 UTC 2010 - thomas@novell.com - fixed %files section to include /etc/lynis ------------------------------------------------------------------- Fri Sep 3 05:12:43 UTC 2010 - thomas@novell.com - fixed %files section to reflect new default.prf location ------------------------------------------------------------------- Fri Sep 3 05:09:47 UTC 2010 - thomas@novell.com - added permdir /root/.gnupg to default.prf ------------------------------------------------------------------- Fri Sep 3 05:04:03 UTC 2010 - thomas@novell.com - copy default.prf to /etc/lynis/ instead of /etc/, otherwise lynis will not find it and hang ------------------------------------------------------------------- Thu Sep 2 11:32:50 UTC 2010 - thomas@novell.com - added %{_datadir}/%{name}/prepare_for_suse.sh ------------------------------------------------------------------- Thu Sep 2 10:56:55 UTC 2010 - thomas@novell.com - adjusted patch and spec file to make it build ------------------------------------------------------------------- Wed Sep 1 12:30:43 UTC 2010 - thomas@novell.com - put code from Matthias Weckbecker sec_check into lynis - adjusted lynis for opensuse - details: + tests_tmp_symlinks + tests_network_allowed_ports + tests_system_proc + tests_file_permissions_ww + tests_binary_rpath + tests_users_wo_password + tests_file_permissionsDB + tests_system_dbus ------------------------------------------------------------------- Wed Dec 16 05:19:37 UTC 2009 - saigkill@opensuse.org - updated to version 1.2.9 - added default.prf ------------------------------------------------------------------- Wed Dec 9 16:21:53 UTC 2009 - saigkill@opensuse.org - update to 1.2.8 ------------------------------------------------------------------- Mon Nov 2 18:16:38 UTC 2009 - saigkill@opensuse.org - update to 1.2.7 - This release adds AIX Support and several new tests related to SSH, logging, databases and SMTP. Many minor issues are solved or improved. ----------------------------------------------------------------- Mon Apr 6 09:04:05 CEST 2009 - saigkill@opensuse.org - update to 1.2.6 - This release has several new tests and test improvements, like a sudoers file permissions check, a core dumps configuration check for Linux, PHP tests, and an /etc/issue banner test. ----------------------------------------------------------------- Sat Mar 28 10:27:12 CET 2009 - saigkill@opensuse.org - update to 1.2.5 - This release adds 40+ new tests for services like Dovecot, BIND, PowerDNS, SSH, Exim, and nginx ----------------------------------------------------------------- Tue Mar 17 2009 20:32 CET - mrdocs@opensuse.org - added 1.2.4 release - This release adds more than 30 new tests, including NTP, auditd, PAM, NFS and ClamAV. ------------------------------------------------------------------ Mon Mar 02 22:32 CET 2009 - mrdocs@opensuse.org - 1.2.3 release see CHANGELOG for changes ------------------------------------------------------------------- Thu Feb 26 14:16:35 CET 2009 - pgajdos@suse.cz - removed patches: - passwd-args.patch - suppress-dpkg-error.patch - source repacked gz -> bz2 ------------------------------------------------------------------- Sun Feb 17 2009 - mrdocs@opensuse.org - 1.2.2 release - see CHANGELOG for changes ------------------------------------------------------------------ Mon Feb 16 03:15:44 CET 2009 - saigkill@opensuse.org - updated to Version 1.2.2 ------------------------------------------------------------------ Wed Jan 07 12:00:00 CET 2009 - saigkill@opensuse.org - fixed Rpmlint Errors - branched for Contrib ------------------------------------------------------------------ Wed Nov 10 12:00:00 CET 2008 - saigkill@opensuse.org - initial version using the buildservice
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor