Changelog Lynis 2.3.0 (2016-07-13):
We are excited to announce this major release of auditing tool Lynis. Several big changes have been made to core functions of Lynis. These changes are the next of simplification improvements we made. There is a risk of breaking your existing configuration. See the tips below to upgrade.
This release will soon also be available in our software repository. For more details see https://packages.cisofy.com to install and upgrade Lynis. Upgrade tips
Default profile and custom profiles:
Settings of multiple profiles can now be merged. Instead of making changes to default.prf, copy your changes to custom.prf. Use ‘lynis show profiles’ to show any detected profiles. Only include your changes in custom.prf, to keep the configuration clean and tidy. They will then overwrite the defaults. Use ‘lynis show settings’ to see if they are applied.
Check your cron jobs:
When using –quiet, the output will be really quiet now. Use –show-warnings-only
if you still want to see the warnings. Lynis will now exit with error 0, even
when warnings have been found. Use option error-on-warnings=yes (custom.prf) to
exit with code 78 when it has any warnings.
New Ansible examples for deployment: https://github.com/CISOfy/lynis-ansible
Lynis will check also for DB2 instances and report the status.
With this release the developer mode is introduced. It can be activated with the –developer option, or developer-mode=yes in profile. In development mode, some details are displayed on screen, to help testing of existing or new tests.
To get easy access, a new profile has been added (developer.prf).
lynis audit system –profile developer.prf
lynis audit system –developer
A new software development kit (SDK) for Lynis is available on GitHub. This will help contributors and developers to test software quality, including linting and running unit tests. The devkit also supports building DEB and RPM files for easy deployment. The repository can be found on https://github.com/CISOfy/lynis-sdk
Template files have been updated to provide better examples on how to create
custom tests and plugins.
To simplify the usage of Lynis, a new helper utility has been added: show.
This helper will show help, or values (e.g. version, plugin directories, etc).
Some examples include: lynis show options, lynis show commands, lynis show
version, etc. See lynis show for all available details.
The XFS file system detection has been added. Mount points /dev/shm and /var/tmp are now checked for their options. Comparison of the mount options has been improved. A new test has been added to check if /var/tmp has been bound to /tmp.
Lynis now supports language translations, with the language profile option.
Initial languages: Dutch (nl), English (en), French (fr).
You can help by translating the language files in the db directory.
Mac OS X Improvements
Package manager Brew has been added
Show suggestion when weak protocol is used, like SSLv2 or SSLv3. The protocols are now also parsed and stored as details in the report file.
Systems running CentOS, Debian, openSUSE, RHEL, Ubuntu and others, may now use our own software repository: https://packages.cisofy.com
Several performance improvements have been implemented. This includes rewriting tests to invoke less commands and enhanced hardware detection at the beginning.
You can set the plugin directory now also via a profile. First match wins.
Priority: 1) argument, 2) profile, 3) default
–plugindir is now an alias for –plugin-dir
Lynis now support multiple profiles. By using a file ‘custom.prf’, it allows to inherit values first from default.prf, then merge it with custom.prf.
Several tests have been altered to support multiple profiles.
New profile options:
quick=yes|no (similar to –quick)
developer (see Developer section)
Although Lynis is a aimed on running on local hosts, there is still an ongoing
demand for running remote scans. With ‘lynis audit system remote’ tips are now
provides to perform such a scan via SSH.
Zypper calls are now marked with a non-interactive flag to prevent it waiting for
any interactive input.
Improve execution for Solaris systems.
The configuration of SSH is now parsed from the SSH daemon directly. This enables handling with new defaults more easily, as OpenSSH sometimes introduces new keys, or change their default value between versions. Systemd
Added support for detecting systemd and reporting it as a service manager. The systemd plugin has been released as a community plugin.
Solved a bug which added the proxy configuration twice.
Profile options: upload-tool and upload-tool-arguments
The screen output has been improved, to show more meaningful things when some
parameters are missing. Several old variables and lines have been cleaned up.
The Display function now allows the –debug flag. This helps in showing some
lines on screen, which would normally be hidden (e.g. items not found or
Logging has been improved in different areas, like cleaning up and add more
relevant messages where needed.
The interface colors have been changed, to make it more obvious how the software
can be used. Also the wait line between categories have been altered, to properly
display on systems with a white background.
When no auditor name has been specified, it will say that instead of unknown.
Functions file has been cleaned up, including adding developer debug information
when old functions are still be used. Later on these functions will be deleted,
and therefore placed at the bottom.
–developer – Enable developer mode
–verbose – Show more details on screen, reduce in normal mode
–show-warnings-only – Only show warnings on screen
–skip-plugins – Disable running any plugins (alias: –no-plugins)
–quiet – Changed: become really quiet
–config – Removed: use ‘lynis show profiles’ instead
AddSetting – New function to store settings (lynis show settings)
ContainsString – New function to search for a string in another one
Display – Added –debug, showing details on screen in debug mode – Reset identation for lines which are too long
DisplayToolTip – New function to display tooltips
IsDebug – Check for usage of –debug
IsDeveloperMode – Status for development and debugging (–developer)
IsDeveloperVersion – Check if release is still under development
IsRunning – Added return state
IsVerbose – Check for usage of –verbose
IsOwnedByRoot – Check ownership of files and directories
IsWorldWritable – Improved test with additional details
PortIsListening – Check if a service it listening to a specified port
SkipAtomicTest – Allow smaller tests to be skipped (e.g. SSH-7408)
AUTH-9234 – Test for minimal UID in /etc/login.defs when available
AUTH-9254 – Allow allow root to use this test, due to permissions
AUTH-9262 – Restructure of test, support for pwquality PAM
AUTH-9288 – Only check for accounts which have a maximum password age set
AUTH-9308 – Check for systemd targets
BANN-7119 – /etc/motd test disabled
BANN-7122 – /motd content test disabled
BOOT-5122 – Extended GRUB password check
BOOT-5184 – Improve file permissions check for CentOS 7 machines
DBS-1860 – Check for status of DB2
CRYP-7902 – Improved logging
FILE-6354 – Restrict searching in /tmp to mount point only
FILE-6372 – Properly checking for /etc/fstab now, ignore comments
FILE-6374 – Added /dev/shm and /var/tmp
FILE-6374 – New test for /var/tmp
FILE-6430 – New test for detecting specific filesystems
FILE-7524 – Support for multiple profiles
HTTP-6632 – Fix for proper detection of Apache modules
HTTP-6642 – Test disabled
HTTP-6710 – Trigger suggestion when weak protocols SSLv2/SSLv3 are used
KRNL-5788 – Support for kernel with grsecurity patches (linux-image-grsec)
KRNL-5820 – Improved logging for test
KRNL-6000 – Allow multiple profiles to be used, store more details
LOGG-2190 – Improvements for Fail2Ban and cron-related files
NETW-3014 – Support for multiple profiles
PKGS-7303 – Added Brew package manager
PKGS-7354 – Test for DNF repoquery plugin before using it
PKGS-7381 – Check for vuln.xml file
PRNT-2306 – Check if files are readable before parsing them
PROC-3612 – Removed wchan output to prevent grsecurity issues
SCHD-7702 – Test for running cron daemon
SCHD-7704 – Test ownership of cronjob files
SSH-7408 – Show weak configurations of SSH on screen as a suggestion
TOOL-5102 – Test for Fail2ban tooling
TOOL-5190 – Test for intrusion detection or prevention system
Template files have been updated to provide better examples on how to create custom tests and plugins.
Lynis is a security auditing for Unix derivatives like Linux, BSD, and Solaris. It performs an in-depth security scan on the system to detect software and security issues. Besides information related to security, it will also scan for general system information, vulnerable software packages, and possible configuration issues.
We believe software should be simple, updated on a regular basis and open. You should be able to trust, understand, and even alter the software. Many agree with us, as the software is being used by thousands every day to protect their systems.
+ Security auditing (automated)
+ Compliance testing (e.g. PCI-DSS, HIPAA)
+ Vulnerability testing
The software aims to also assist with:
+ Configuration management
+ Software patch management
+ System hardening
+ Penetration testing
+ Malware scanning
+ Intrusion detection
git clone https://github.com/CISOfy/lynis
./lynis audit system
cd <your lynis folder>
git pull origin master
Download : 2.3.0.zip | 2.3.0.tar.gz
Our post Before : http://seclist.us/lynis-v2-2-1-is-a-system-and-security-auditing-tool-for-unixlinux.html