= Changelog Lynis 2.1.5 =
This is an major release, which includes both new features and enhancements to existing tests.
* Automation tools
CFEngine detection has been further extended. Additional logging and reporting of automation tools.
Depending on the operating system, Lynis now tries to determine if failed logins are properly logged. This includes checking for /etc/login.defs [AUTH-9408]. Merged password check on Solaris into AUTH-9228.
PAM settings are now analyzed, including:
– Two-factor authentication methods
– Minimum password length, password strength and protection status against brute force cracking
report option: auth_failed_logins_logged
Added new compliance_standards option to default.prf, to define if compliance testing should be performed, and for which standards.
Right now these (partial) standards are included:
* DNS and Name services
Support added for Unbound DNS caching tool [NAME-4034]
Configuration check for Unbound [NAME-4036]
Record if a name caching utility is being used like nscd or Unbound. Also logging to report as field name_cache_used
IPFW firewall on FreeBSD test improved.
Don’t show pflogd status on screen when pf is not available
ESET and LMD (Linux Malware Detect) is now recognized as a malware scanner. Discovered malware scanners are now also logged to the report.
* Mount points
FILE-6374 is expanded to test for multiple common mount points and define best practice mount flags.
* Operating systems
Improved support for Debian 8 systems.
Boot loader exception is not longer displayed when only a subset of tests is performed.
FreeBSD systems can now use service command to gather information about enabled services.
* UEFI and Secure Boot
Initial support to test UEFI settings, including Secure Boot option Options boot_uefi_booted and boot_uefi_booted_secure added to report file
* Virtual machines and Containers
Detection of virtual machines has been extended in several ways. Now VMware tools (vmtoolsd) are detected and machine state is improved with tools like Puppet Facter, dmidecode, and lscpu. Properly detect Docker on CoreOS systems, where it before gave error as it found directory /usr/libexec/docker.
Check file permissions for Docker files, like socket file [CONT-8108]
* Individual tests
[AUTH-9204] Exclude NIS entries to avoid false positives
[AUTH-9230] Removed test as it was merged into AUTH-9228
[AUTH-9328] Show correct message when no umask is found in /etc/profile. It also includes improved logging, and support for /etc/login.conf on systems like FreeBSD.
[BOOT-5180] Only gets executed if runlevel 2 is found
[CONT-8108] New test to test for Docker file permissions
[FILE-6410] Added /var/lib/locatedb as search path
[HOME-9310] Use POSIX compatible flags to avoid errors on BusyBox
[MALW-3278] New test to detect LMD (Linux Malware Detect)
[SHLL-6230] Test for umask values in shell configuration files (e.g. rc files)
[TIME-3104] Show only suggestion on FreeBSD systems if ntpdate is configured, yet ntpd isn’t running
[DigitsOnly] New function to extract only numbers from a text string
[DisplayManual] New function to show text on screen without any markup
[ExitCustom] New function to allow program to exit with a different exit code, depending on outcome
[ReportSuggestion] Allows two additional parameters to store details (text and external reference to a solution)
[ReportWarning] Like ReportSuggestion() has additional parameters
[ShowComplianceFinding] Display compliance findings
* General improvements
– When using pentest mode, it will continue without any delays (=quick mode)
– Data uploads: provide help when self-signed certificates are used
– Improved output for tests which before showed results as a warning, while actually are just suggestions
– Lynis now uses different exit codes, depending on errors or finding warnings. This helps with automation and any custom scripting you want to apply
– Tool tips are displayed, to make Lynis even easier to use
– PID file has additional checks, including cleanups
[PLGN-2804] Limit report output of EXT file systems to 1 item per line
Lynis is a security auditing for Unix derivatives like Linux, BSD, and Solaris. It performs an in-depth security scan on the system to detect software and security issues. Besides information related to security, it will also scan for general system information, vulnerable software packages, and possible configuration issues.
We believe software should be simple, updated on a regular basis and open. You should be able to trust, understand, and even alter the software. Many agree with us, as the software is being used by thousands every day to protect their systems.
+ Security auditing (automated)
+ Compliance testing (e.g. PCI-DSS, HIPAA)
+ Vulnerability testing
The software aims to also assist with:
+ Configuration management
+ Software patch management
+ System hardening
+ Penetration testing
+ Malware scanning
+ Intrusion detection
git clone https://github.com/CISOfy/lynis
./lynis audit system
cd <your lynis folder>
Download old Binary v2.1.1: 2.1.1.zip | 2.1.1.tar.gz
Our post Before : http://seclist.us/updates-lynis-v-2-1-0-is-a-system-and-security-auditing-tool-for-unixlinux.html