Recent releases for lynis

lynis 2.1.0

2015-04-17T10:56:14+00:00

= Lynis 2.1.0 (2015-04-16) = General: --- Screen output has been improved to provide additional information. OS support: --- CUPS detection on Mac OS has been improved. AIX systems will now use csum utility to create host ID. Group check have been altered on AIX, to include the -n ALL. Core dump check on Linux is extended to check for actual values as well. Software: --- McAfee detection has been extended by detecting a running cma binary. Improved detection of pf firewall on BSD and Mac OS. Security patch checking with zypper extended. Session timeout: --- Tests to determine shell time out setting have been extended to account for AIX, HP-UX and other platforms. It will now determine also if variable is exported as a readonly variable. Related compliance section PCI DSS 8.1.8 has been extended. Documentation: --- - New document: Getting started with Lynis https://cisofy.com/documentation/lynis/get-started/ ## Plugins (Enterprise): - Update to file integrity plugin Changes to PLGN-2606 (capabilities check) - New configuration plugins: PLGN-4802 (SSH settings) PLGN-4804 (login.defs) Download link: https://cisofy.com/download/lynis/

lynis 2.1.1

2015-07-22T18:48:34+00:00

= Lynis 2.1.1 (2015-07-22) = This release adds a lot of improvements, with focus on performance, and additional support for common Linux distributions and external utilities. We recommend to use this latest version. ## \* Operating system enhancements Support for systems like CentOS, openSUSE, Slackware is improved. ## \* Performance Performance tuning has been applied, to speed up execution of the audit on systems with many files. This also includes code cleanups. ## \* Automatic updates Initial work on an automatic updater has been implemented. This way Lynis can be scheduled for automatic updating from a trusted source. ## \* Internal functions Not all systems have readlink, or the -f option of readlink. The ShowSymlinkPath function has been extended with a Python based check, which is often available. ## \* Software support Apache module directory /usr/lib64/apache has been added, which is used on openSUSE. Support for Chef has been added. Added tests for CSF's lfd utility for integrity monitoring on directories and files. Related tests are FINT-4334 and FINT-4336. Added support for Chrony time daemon and timesync daemon. Additionally NTP sychronization status is checked when it is enabled. Improved single user mode protection on the rescue.service file. ## \* Other Check for user permissions has been extended. Python binary is now detected, to help with symlink detection. Several new legal terms have been added, which are used for usage in banners. In several files old tests have been removed, to further clean up the code. ## \* Bug fixes Nginx test showed error when access_log had multiple parameters. Tests using locate won't be performed if not present. Fix false positive match on Squid unsafe ports [SQD-3624]. The hardening index is now also inserted into the report if it is not displayed on screen. ## \* Functions Added AddSystemGroup function ## \* New tests Several new tests have been added: [PKGS-7366] Scan for debsecan utility on Debian systems [PKGS-7410] Determine amount of installed kernel packages [TIME-3106] Check synchronization status of NTP on systemd based systems [CONT-8102] Docker daemon status and gather basic details [CONT-8104] Check docker info for any Docker warnings [CONT-8106] Check total, running and unused Docker containers ## \* Plugins [PLGN-2602] Disabled by default, as it may be too slow for some machines [PLGN-3002] Extended with /sbin/nologin ## \* Documentation A new document has been created to help with the process of upgrading Lynis. It is available at https://cisofy.com/documentation/lynis/upgrading/

lynis 2.2.0

2016-03-18T10:02:50+00:00

= Lynis 2.2.0 (2016-03-18) = We are proud to present this new release of Lynis. It is a major upgrade, and the result of many months of work. This version includes new features and tests, and many small enhancements. We encourage all to test and upgrade to this latest release. ## \* Highlights The biggest change in this release is the optimization of several functions. It allows for better detection, and dealing with the quirks, of every single operating system. Some functions were fortified to handle unexcepted results better, like missing a particular binary, or not returning the hostname. This release also enables tests to be shorter, by adding new functions. Some functions were renamed or slightly changed, to provide more value to the tooling. Another big change in this release is a wide set of optimizations and quality testing. Outdated pieces were removed, or rewritten, to support features seen in newer distributions. In the area of compliance, adjustments have been made to start supporting more in-depth testing for this. Ideal for companies who have a particular compliance need, or want to test and enforce the system hardening levels of their systems. Last but not least, many small changes make this software easier to use. On our website we added new guides to provide help and support. We like to thank our contributors, in particular Kamil Boratyński, Steve Bosek, and Eric Light. Their contributions helped us greatly shaping this release. Below are the changes per category: ## \* Automation tools Detection for CFEngine has been improved. Also additional logging and reporting of automation tools. ## \* Authentication Depending on the operating system, Lynis now tries to determine if failed logins are properly logged. This includes checking for /etc/login.defs file [AUTH-9408]. Merged previous password check for Solaris into test AUTH-9228. User ids on AIX will be gathered and added to the report [AUTH-9234]. New plugin is introduced to analyze PAM settings. It including items like: - Two-factor authentication methods - Minimum password length, password strength and protection status against brute force cracking - Password history Report option: auth_failed_logins_logged ## \* Boot Added detection for Mac OSX boot loader. Initial support to test UEFI settings, including Secure Boot option. Options boot_uefi_booted and boot_uefi_booted_secure added to report file ## \* Compliance This release prepares for upcoming extensions to assist with compliance testing. The profile has a new option, which can be used to define what standards should be tested for, if any test is available. The related option is: compliance_standards Right now these standards can be selected: - CIS benchmarks - HIPAA - ISO27001/ISO27002 - PCI DSS Note that additional tests will be implemented in future releases and then tagged to these particular standards. ## \* DNS and Name services Support added for Unbound DNS caching tool [NAME-4034], including a configuration check [NAME-4036]. Record if a name caching utility is being used like nscd or Unbound. Also logging to report as field name_cache_used ## \* Firewalls Test for IPFW firewall on FreeBSD has been improved: status of pflogd will no longer be displayed, when pf is not available. New test FIRE-4532 introduced for detection of the Mac OS X application firewall. Also, the status of application firewalls is audited now. FIRE-4508 is another new test, which tests chains of iptables and their default policy (ACCEPT or DROP). This release also supports the upcoming nftables technology with new test FIRE-4536. It is expected that it will replace iptables later on, so this test will perform a status check. Additional FIRE-4548 will perform a version detection of the userland utility nft and determine if there are any rules configured. Renamed FIRE-4511 to FIRE-4502. ## \* File Integrity Monitoring Test added to include osqueryd as a supported tool. ## \* Hardware Detection of firewire is enhanced (both ohci and core detected). ## \* Logging Extended the test syslog-ng logging to remote systems. The log Lynis itself produces is also enhanced, to be more detailed for several tests. ## \* Malware ESET and LMD (Linux Malware Detect) have been added. Discovered malware scanners are also logged to the report. ## \* Mount points FILE-6374 is expanded to test for multiple common mount points and define best practice mount flags. ## \* Networking Best practices for IPv6 configuration on Linux are now collected. Also network interface names from most operating systems. ## \* Operating systems Improved support for Debian 8 systems, and displaying Gentoo for Gentoo-based systems. Detection of VMware release has been added. Boot loader exception is not longer displayed when only a subset of tests is performed. FreeBSD systems can now use service command to gather information about enabled services. Several paths have been added to allow better detection on systems running FreeBSD and others. ## \* Passwords AUTH-9286 change has been extended to both capture minimum and password age. ## \* Proxy support A proxy can now be specified in the profile, to allow uploads via a HTTP or SOCKS proxy. ## \* Service Managers SystemV init is now detected. ## \* Software and Packages Now information will be logged when vulnerable software packages were found. Support for DNF (Dandified YUM) for Fedora systems has been added. This is done in several tests: PKGS-7350 (installed packages), PKGS-7352 (security notices), PKGS-7354 (integrity tests). ## \* SSH Multiple configuration tests of SSH are now merged into SSH-7408. This enables easier testing later on and reduces repetition. ## \* Virtual machines and Containers Detection of virtual machines has been extended in several ways. Now VMware tools (vmtoolsd) are detected and machine state is improved with tools like Puppet Facter, dmidecode, and lscpu. Properly detect Docker on CoreOS systems, where it before gave error as it found directory /usr/libexec/docker. Check file permissions for Docker files, like the socket file [CONT-8108]. ## \* Individual tests [AUTH-9204] Exclude NIS entries to avoid false positives [AUTH-9230] Removed test as it was merged into AUTH-9228 [AUTH-9234] Support for AIX added [AUTH-9288] Test for expired passwords [AUTH-9328] Show correct message when no umask is found in /etc/profile. It also includes improved logging, and support for other operating systems. [BOOT-5104] Rewrote test to detect SysV init and other service managers [BOOT-5106] New test to test boot loader on Mac OS X [BOOT-5180] Only gets executed if runlevel 2 is found [CONT-8108] New test to test for Docker file permissions [DBS-1816] Removed suggestion [FILE-6310] Add more details to test when a symlinked path has been found [FILE-6410] Added /var/lib/locatedb as search path [FINT-4338] Added osquery test [FIRE-4508] Added chains test for iptables [FIRE-4511] Renamed to FIRE-4502 [FIRE-4536] Support for nftables detection [FIRE-4538] Basic configuration check for for nftables [HOME-9310] Use POSIX compatible flags to avoid errors on BusyBox [HTTP-6622] Determine Apache version and log to report [HTTP-6624] Ignore wildcard and default entries as ServerName for Apache [LOGG-2154] Additional support for log destinations for syslog-ng [MALW-3278] New test to detect LMD (Linux Malware Detect) [NAME-4406] Changed logic for localhost check and more detailed logging [NETW-2600] IPv6 configuration check for Linux [NETW-3032] Added ARP monitoring software test [PKGS-7308] Split package name and version for RPM based package manager [PKGS-7350] Support for installed packages via Fedora DNF package manager (Dandified YUM) [PKGS-7352] Query security notices for DNF [PKGS-7354] Perform integrity tests for package database (DNF) [SHLL-6230] Test for umask values in shell configuration files (e.g. rc files) [STRG-1842] New test for checking authorized USB devices [TIME-3104] Show only suggestion on FreeBSD systems if ntpdate is configured [TIME-3170] New test to check NTP configuration files ## \* Functions [CreateTempFile] Create a temporary file [DigitsOnly] New function to extract only numbers from a text string [DisplayManual] New function to show text on screen without any markup [ExitCustom] New function to allow program to exit with a different exit code, depending on outcome [GetHostID] If no MAC address is found, use SSH keys for creation of a host identifier [IsWordWritable] Changed return codes for easier usage of the function [LogText] Replaces the older logtext function [RandomString] Creates a random string of characters [RemoveTempFiles] Remove any created temporary files [Report] Replaces the older report function [ReportSuggestion] Allows two additional parameters to store details (text and external reference to a solution) [ReportWarning] Like ReportSuggestion() has additional parameters [ShowComplianceFinding] Display compliance findings [ShowSymlinkPath] Ensure readlink is available ## \* General improvements - When using pentest mode, it will continue without any delays (=quick mode). - Plugins execution is improved, with improved logged and counting of active plugins. - Data uploads: provide help when self-signed certificates are used. - Improved output for tests which before showed results as a warning, instead of just as a suggestion. - Lynis now uses different exit codes, depending on errors or finding warnings. This helps with automation and any custom scripting you want to apply. - Preparations to allow compressing the Lynis report file and enhance uploads. - Added --config option to show what settings file or profile is used. - Tool tips are displayed, to make Lynis even easier to use. - Show a warning if the release is older than four months. - PID file has additional checks, including cleanups. ## \* Plugins [PAM] New plugin available in all versions of Lynis [PLGN-2602] Replaced mktemp commands with CreateTempFile function [PLGN-2804] Limit report output of EXT file systems to 1 item per line

lynis 2.3.0

2016-07-13T11:51:29+00:00

## Lynis 2.3.0 (2016-07-13) We are excited to announce this major release of auditing tool Lynis. Several big changes have been made to core functions of Lynis. These changes are the next of simplification improvements we made. There is a risk of breaking your existing configuration. See the tips below to upgrade. This release will soon also be available in our software repository. For more details see https://packages.cisofy.com to install and upgrade Lynis. # Upgrade tips Default profile and custom profiles: Settings of multiple profiles can now be merged. Instead of making changes to default.prf, copy your changes to custom.prf. Use 'lynis show profiles' to show any detected profiles. Only include your changes in custom.prf, to keep the configuration clean and tidy. They will then overwrite the defaults. Use 'lynis show settings' to see if they are applied. Check your cron jobs: When using --quiet, the output will be really quiet now. Use --show-warnings-only if you still want to see the warnings. Lynis will now exit with error 0, even when warnings have been found. Use option error-on-warnings=yes (custom.prf) to exit with code 78 when it has any warnings. # Details ## Ansible New Ansible examples for deployment: https://github.com/CISOfy/lynis-ansible ## Databases Lynis will check also for DB2 instances and report the status. ## Developer Mode With this release the developer mode is introduced. It can be activated with the --developer option, or developer-mode=yes in profile. In development mode, some details are displayed on screen, to help testing of existing or new tests. To get easy access, a new profile has been added (developer.prf). Examples: lynis audit system --profile developer.prf lynis audit system --developer A new software development kit (SDK) for Lynis is available on GitHub. This will help contributors and developers to test software quality, including linting and running unit tests. The devkit also supports building DEB and RPM files for easy deployment. The repository can be found on https://github.com/CISOfy/lynis-sdk ## Documentation Template files have been updated to provide better examples on how to create custom tests and plugins. To simplify the usage of Lynis, a new helper utility has been added: show. This helper will show help, or values (e.g. version, plugin directories, etc). Some examples include: lynis show options, lynis show commands, lynis show version, etc. See lynis show for all available details. ## File Systems The XFS file system detection has been added. Mount points /dev/shm and /var/tmp are now checked for their options. Comparison of the mount options has been improved. A new test has been added to check if /var/tmp has been bound to /tmp. ## Language Support Lynis now supports language translations, with the language profile option. Initial languages: Dutch (nl), English (en), French (fr). You can help by translating the language files in the db directory. ## Mac OS X Improvements Package manager Brew has been added ## nginx Show suggestion when weak protocol is used, like SSLv2 or SSLv3. The protocols are now also parsed and stored as details in the report file. ## Packages Systems running CentOS, Debian, openSUSE, RHEL, Ubuntu and others, may now use our own software repository: https://packages.cisofy.com ## Performance Several performance improvements have been implemented. This includes rewriting tests to invoke less commands and enhanced hardware detection at the beginning. ## Plugins You can set the plugin directory now also via a profile. First match wins. Priority: 1) argument, 2) profile, 3) default --plugindir is now an alias for --plugin-dir ## Profiles Lynis now support multiple profiles. By using a file 'custom.prf', it allows to inherit values first from default.prf, then merge it with custom.prf. Several tests have been altered to support multiple profiles. New profile options: quick=yes|no (similar to --quick) developer (see Developer section) check-value ## Remote scanning Although Lynis is a aimed on running on local hosts, there is still an ongoing demand for running remote scans. With 'lynis audit system remote' tips are now provides to perform such a scan via SSH. ## Software Zypper calls are now marked with a non-interactive flag to prevent it waiting for any interactive input. ## Solaris Improve execution for Solaris systems. ## SSH The configuration of SSH is now parsed from the SSH daemon directly. This enables handling with new defaults more easily, as OpenSSH sometimes introduces new keys, or change their default value between versions. ## Systemd Added support for detecting systemd and reporting it as a service manager. The systemd plugin has been released as a community plugin. ## Uploads Solved a bug which added the proxy configuration twice. Profile options: upload-tool and upload-tool-arguments ## General Improvements The screen output has been improved, to show more meaningful things when some parameters are missing. Several old variables and lines have been cleaned up. The Display function now allows the --debug flag. This helps in showing some lines on screen, which would normally be hidden (e.g. items not found or matched). Logging has been improved in different areas, like cleaning up and add more relevant messages where needed. The interface colors have been changed, to make it more obvious how the software can be used. Also the wait line between categories have been altered, to properly display on systems with a white background. When no auditor name has been specified, it will say that instead of unknown. Functions file has been cleaned up, including adding developer debug information when old functions are still be used. Later on these functions will be deleted, and therefore placed at the bottom. ## Program Options - --developer - Enable developer mode - --verbose - Show more details on screen, reduce in normal mode - --show-warnings-only - Only show warnings on screen - --skip-plugins - Disable running any plugins (alias: --no-plugins) - --quiet - Changed: become really quiet - --config - Removed: use 'lynis show profiles' instead ## Functions - AddSetting - New function to store settings (lynis show settings) - ContainsString - New function to search for a string in another one - Display - Added --debug, showing details on screen in debug mode - Reset identation for lines which are too long - DisplayToolTip - New function to display tooltips - IsDebug - Check for usage of --debug - IsDeveloperMode - Status for development and debugging (--developer) - IsDeveloperVersion - Check if release is still under development - IsRunning - Added return state - IsVerbose - Check for usage of --verbose - IsOwnedByRoot - Check ownership of files and directories - IsWorldWritable - Improved test with additional details - PortIsListening - Check if a service it listening to a specified port - SkipAtomicTest - Allow smaller tests to be skipped (e.g. SSH-7408) ## Tests - AUTH-9234 - Test for minimal UID in /etc/login.defs when available - AUTH-9254 - Allow allow root to use this test, due to permissions - AUTH-9262 - Restructure of test, support for pwquality PAM - AUTH-9288 - Only check for accounts which have a maximum password age set - AUTH-9308 - Check for systemd targets - BANN-7119 - /etc/motd test disabled - BANN-7122 - /motd content test disabled - BOOT-5122 - Extended GRUB password check - BOOT-5184 - Improve file permissions check for CentOS 7 machines - DBS-1860 - Check for status of DB2 - CRYP-7902 - Improved logging - FILE-6354 - Restrict searching in /tmp to mount point only - FILE-6372 - Properly checking for /etc/fstab now, ignore comments - FILE-6374 - Added /dev/shm and /var/tmp - FILE-6374 - New test for /var/tmp - FILE-6430 - New test for detecting specific filesystems - FILE-7524 - Support for multiple profiles - HTTP-6632 - Fix for proper detection of Apache modules - HTTP-6642 - Test disabled - HTTP-6710 - Trigger suggestion when weak protocols SSLv2/SSLv3 are used - KRNL-5788 - Support for kernel with grsecurity patches (linux-image-grsec) - KRNL-5820 - Improved logging for test - KRNL-6000 - Allow multiple profiles to be used, store more details - LOGG-2190 - Improvements for Fail2Ban and cron-related files - NETW-3014 - Support for multiple profiles - PKGS-7303 - Added Brew package manager - PKGS-7354 - Test for DNF repoquery plugin before using it - PKGS-7381 - Check for vuln.xml file - PRNT-2306 - Check if files are readable before parsing them - PROC-3612 - Removed wchan output to prevent grsecurity issues - SCHD-7702 - Test for running cron daemon - SCHD-7704 - Test ownership of cronjob files - SSH-7408 - Show weak configurations of SSH on screen as a suggestion - TOOL-5102 - Test for Fail2ban tooling - TOOL-5190 - Test for intrusion detection or prevention system ## Plugins - PLGN-1602 - Marked as root-only - PLGN-2612 - Marked as root-only - PLGN-2804 - Marked as root-only - PLGN-3202 - Marked as root-only

lynis 2.3.1

2016-07-14T18:33:54+00:00

## Lynis 2.3.1 (2016-07-14) This is a minor patch to improve upon findings in version 2.3.0. Changes: - Convert all skipped tests to uppercase - Only add license key when it is defined - Updated French translation - Exclude custom.prf from tarball (download via website)

lynis 2.3.2

2016-08-09T14:53:19+00:00

Lynis 2.3.2 (2016-08-09) ## Categories and Groups Tests are now grouped by their focus area and named 'groups' accordingly. Besides groups, each test will belong to a category (performance, privacy, or security). Commands: lynis show categories, lynis show groups Options: --tests-from-category, --tests-from-group Note: You might need to change your scripts if you previously defined the group of tests to scan. ## Development A new 'strict' option is available in the profiles and by default enabled for the initialization phases of Lynis. It will perform a strict code check for the tests, to detect any uninitialized variables, improving code quality. ## Helpers With 'lynis update check' you can now check for updates. This is the preferred new method. The command 'lynis show changelog' allows reviewing the changes. Optionally a release can be specified as additional argument. ## Languages Initial translation for German has been contributed by Kai Raven. The Italian translation by Stefano Marty (stefanomarty). Hungarian translation by Zoltan Paldi (paldiz) ## Profiles Parsing of the profiles has been improved, which prevented some settings from overriding default settings. ## Tests - AUTH-9212 - Added prerequisite to log - AUTH-9216 - Simplified test and make it more efficient - AUTH-9218 - Clean ups and improve readability - AUTH-9226 - Style, text, and removed warning - AUTH-9228 - Provide just a suggestion instead of warning - AUTH-9268 - Improve test for readability - AUTH-9328 - Test /etc/profile.d for umask setting - AUTH-9406 - Readability and code style changes - CONT-8102 - Determine if all Docker tests should be performed - DBS-1880 - Initial support for Redis server - HTTP-6720 - Readability improvement of test - KRNL-5830 - Readability and style improvements, ignore rescue images - MAIL-8818 - Style and refactoring - PHP-2211 - Readability improvement and code style changes - PHP-2374 - Changed text and cleanups - PHP-2376 - Log result to log file instead of report - PKGS-7383 - Simplified test - PKGS-7388 - Style and readability improvements - TIME-3106 - Corrected string to test for status - TOOL-5102 - Split of fail2ban tests - TOOL-5104 - Test for enabled fail2ban jails ## Languages Translation of Spanish (es) added Proper display of text strings when accented characters are used More text strings added ## General - Added bold and header as new colors - Changed header and footer of screen output - Allow atomic tests to be skipped (e.g. SSH-7408) - Extended tests database with category (lynis show tests) - By default Lynis will now run in 'quick mode' and not break after each section. You can get this behavior by adding the --wait option. ## Functions - RemoveColors - New test to clear colors - DisplayError - Display error on screen in uniform format and colors Use an optional exit code to quit the program - SkipAtomicTest - This function is now properly working with lowercase strings ## Website Several controls on the website are added or updated, including: - FILE-6344 - FINT-4315 - FINT-4402 - HTTP-6714 - MACF-6234 - NAME-4018 - NAME-4402 - PHP-2374 - PROC-3612 - TIME-3106

lynis 2.3.3

2016-08-23T08:53:27+00:00

Lynis 2.3.3 (2016-08-23) ## Upgrade note Customized profiles that included sysctl settings need to be altered. See default.prf for the correct format of the lines. ## Additions - OpenStack detection - Option to disable automatic refresh of software repository ## Languages - Japanese translation added, contributed by Yukio Takahara ## Fixes - Some tests did not show a warning text - Typo in man page for tests-from-group ## Parameters - New --bin-dirs to define binary directories to scan - New option --root-dir to specify a different file system to scan ## Nginx - Rewrite of configuration parsing ## PHP - Support for PHP 5.6 ## Redis - Redis test to detect configuration files - Test Redis configuration for several best practices - Perform permission check on Redis configuration files ## Experimental features (in development) - --bin-dirs - set what directories should be scanned for binaries - --root-dir - define the root of the file system, to allow forensics ## Settings - Many settings have a new alias (with dashes instead underscores) - New setting 'show-report-solution' to show solution in report ## Functions - ExitFatal can now exit program with optional text - IsNotebook can detect if system is a notebook (or not) - ShowSymlinkPath and FileIsReadable test for at least one argument - StoreNginxSettings will save parsed nginx configuration ## Tests - BOOT-5108 - Support for Syslinux bootloader - DBS-1882 - Redis configuration detection - DBS-1884 - Redis 'requirepass' check - DBS-1886 - Redis 'rename-command CONFIG' check - DBS-1888 - Redis 'bind localhost' check - FILE-6374 - Improved logging - KRNL-5830 - Improved logging for detected Linux kernels - KRNL-6000 - Support for multiple profiles and new format style - LOGG-2190 - Ignore MySQL files in /tmp from early MySQL 5.x releases - LOGG-2192 - New test to check opened log files that are empty ## Lynis Enterprise integration - Tag 'redis-server' is added for systems running Redis

lynis 2.3.4

2016-09-27T11:14:34+00:00

- Lynis 2.3.4 (2016-09-27) * ## Changes: - Skip update message when using the 'show' helper - Instead of opening the log file, you can now use 'lynis show details' followed by the test ID. It will show the relevant section. - Several tests have extended log details - Many style improvements as part of ongoing refactoring of the code - Detection of nftables improved - Replaced cut, sed, tr and others commands with binary variable (for forensics and future intrusion checking capabilities) - Swedish translation provided by Peter Carlsson - Support for arch-audit to scan for presence of vulnerable packages on Arch Linux - OS detection improved ## Tests: - CONT-8107 - New test checking number of Docker containers - CRYP-7902 - Gather more details regarding certificates - DBS-1816 - Define skip reason - FILE-6344 - Adjusted /proc test for hidepid option - FILE-6362 - Removed warning and add skip reason - FIRE-4520 - Change test to use detected binary - FIRE-4520 - New test to check for empty nftables ruleset - KRNL-5820 - Corrected function and style improvements - LOGG-2146 - Textual change - NAME-4408 - Check localhost to IP mapping - PKGS-7320 - Test for arch-audit tool - PKGS-7322 - Check vulnerable packages on Arch Linux - PKGS-7381 - Extended vulnerable package detection for FreeBSD - TIME-3104 - timedatectl test now detects NTP synchronization properly

lynis 2.4.0

2016-10-27T10:51:01+00:00

Lynis 2.4.0 (2016-10-27) Exactly one month after previous release, the Lynis project is proud to announce a new release. This release had the specific focus to improve support for macOS users. Thanks to testers and contributors to make this possible. ## New: - New group "system integrity" added - Support for clamconf utility - Chinese translation (language=cn) - New command "upload-only" to upload just the data instead of a full audit - Enhanced support for macOS, including HostID2 generation for macOS - Support for CoreOS - Detection for pkg binary (FreeBSD) - New command: lynis show hostids (show host ID) - New command: lynis show environment (hardware, VM, or container type) - New command: lynis show os (show operating system details) ## Changes: - Several new sysctl values have been added to the default profile - Existing tests have been enhanced to support macOS ## Tests: - AUTH-9234 - Support for macOS user gathering - BOOT-5139 - Support for machine roles in LILO test - BOOT-5202 - Improve uptime detection for macOS and others - FIRE-4518 - Improve pf detection and mark as root-only test - FIRE-4530 - Don't show error on screen for missing IPFW sysctl key - FIRE-4534 - Check Little Snitch on macOS - INSE-8050 - Test for insecure services on macOS - MACF-6208 - Allow non-privileged execution and filter permission issues - MALW-3280 - Detection for Avast and Bitdefender daemon on macOS - NETW-3004 - Support for macOS - PKGS-7381 - Improve test for pkg audit on FreeBSD - TIME-3104 - Chrony support extended ## Plugins (community and commercial): - PLGN-1430 - Gather installed software packages for macOS - PLGN-4602 - Support for Clam definition check on macOS

lynis 2.4.1

2017-02-09T12:38:25+00:00

Lynis 2.4.1 (2017-02-09) ## Changes: - Generic code improvements - Improved the update check and display - Finish, Portuguese, and Turkish translation - Extended support and tests for DragonFlyBSD - Option to configure hostid and hostid2 in profile - Support for Trend Micro and Cylance (macOS) - Remove comments at end of nginx configuration - Used machine ID to create host ID when no SSH keys are available - Added detection of iptables-save to binaries ## Tests: - FIRE-4586 - Check logging for firewall components - KRNL-5788 - Remove exception and style improvements - KRNL-5830 - Improved logging

lynis 2.4.2

2017-02-15T13:15:42+00:00

Lynis 2.4.2 (2017-02-15) ## Changes: - Properly detect SSH daemon version ## Tests: - AUTH-9208 - Removed double logging - AUTH-9222 - Improve logging for double groups - AUTH-9226 - Improve logging for double groups - BOOT-5177 - Sort systemctl unit files to make them unique - DBS-1818 - New test to detect MongoDB - DBS-1820 - New test for MongoDB authentication - FIRE-4512 - Lowered minimum number of iptables firewall rules - FIRE-4586 - Fix applied when searching for "-j LOG" - HRDN-7222 - Changed reporting key of world executable compilers - SSH-7408 - Added filtering for PermitRootLogin (prohibit-password, OpenSSH 7.0)

lynis 2.4.3

2017-02-22T14:52:06+00:00

Lynis 2.4.3 (2017-02-22) ## Changes: - Colored output can now be tuned with profile (colors=yes/no) - Allow data upload to be set as a profile option ## Tests: - AUTH-9308 - Improved test for sulogin string - MAIL-8818 - Test if Linux version is known before comparing in Postfix banner - TIME-3116 - Skip stratum 16 items for time pools - TIME-3148 - New test to detect TZ variable

lynis 2.4.4

2017-03-01T15:42:30+00:00

Lynis 2.4.4 (2017-03-01) ## Changes: - Fix for upload function to be used from profile - Reduce screen output for mail section, unless --verbose is used - Code cleanups and removed 'update release' command ## Tests: - AUTH-9308 - Improved test for sulogin string (Debian systems) - FILE-6372 - Properly deal with comment on lines in /etc/fstab - MAIL-8817 - New test to check Postfix configuration for errors - SSH-7408 - Corrected SSH check

lynis 2.4.5

2017-03-09T12:08:40+00:00

Lynis 2.4.5 (2017-03-09) Changes: -------- * Allow host alias to be specified in profile * Code readability enhancements * Solaris support has been improved Tests: ------ * AUTH-9328 - Add missing 0027 and 0077 umasks * BOOT-5104 - Add initsplash and minor code enhancements * DBS-1882 - Include Redis configuration file * FIRE-4502 - Improved detection for iptables modules when using OpenVZ * PKGS-7381 - Enhanced package audit for FreeBSD

lynis 2.4.6

2017-03-15T09:36:24+00:00

Lynis 2.4.6 (2017-03-15) Changes: -------- * Added FileInstalledByPackage function (dpkg and rpm supported) * Mark Arch Linux version as rolling release (instead of unknown) * Support for Manjaro Linux * Escape files when testing if they are readable * Code cleanups Tests: ------ * CRYP-7902 - Test more certificates names, but only if they are not part of a package * FILE-7524 - Reduce standard screen output for file permissions check * MALW-3280 - Added Avira detection as a malware scanner * NAME-4018 - Only perform name services test when resolv.conf file exists * PKGS-7387 - Check all repositories if they use GPG signing * SCHD-7704 - Permission checks * TIME-3104 - Check permissions before open files

lynis 2.4.7

2017-03-22T10:54:51+00:00

Lynis 2.4.7 (2017-03-22) Changes: * Minor code cleanups Tests: ------ * BANN-7126 - Added more words to test for * CUPS-2308 - Improve logging for CUPS configuration test, removed exception handler * HTTP-6641 - Support detection for Apache module mod_reqtimeout * PKGS-7388 - Minor change to detect security repositories

lynis 2.4.8

2017-03-29T15:10:46+00:00

Lynis 2.4.8 (2017-03-29) Changes: * More PHP paths added * Minor changes to text * Show atomic test in report Tests: ------ * MAIL-8820 - New Postfix configuration check * TOOL-5002 - Extended Puppet detection

lynis 2.5.0

2017-05-03T09:06:04+00:00

During the development of this release, the project got informed about a flaw that possibly could be abused by a local attacker. Even with the small risk of success, upgrading is highly recommended. See details on [CVE-2017-8108](https://cisofy.com/security/cve/cve-2017-8108/) This release is a special maintenance release with focus on cleaning up the code for readability and future expansion. Changes: -------- * Use ROOTDIR variable instead of fixed paths * Introduction of IsEmpty and HasData functions for readability of code * Renamed some variables to better indicate their purpose (counting, data type) * Removal of unused code and comments * Deleted unused tests from database file * Correct levels of identation * Support for older mac OS X versions (Lion and Mountain Lion) * Initialized variables for more binaries * Additional sysctls are tested Tests: ------ * MALW-3280 - Extended test with Symantec components * PKGS-7332 - Detection of macOS ports tool and installed packages * TOOL-5120 - Snort detection * TOOL-5122 - Snort configuration file

lynis 2.5.1

2017-05-31T13:58:26+00:00

Lynis 2.5.1 (2017-05-31) Changes: - Hebrew translation by Dolev Farhi - Improved detection of SSL certificate files - Minor changes to improve logging and results Tests: -------- * BOOT-5104 - Added support for macOS * FIRE-4524 - Determine if CSF is in testing mode * HTTP-6716 - Improved log message

lynis 2.5.2

2017-07-10T14:18:43+00:00

Lynis 2.5.2 (2017-07-10) Changes: -------- - Support for PHP on CloudLinux - Check for presence of locale binary - Suhosin detection improvements - Generic code improvements - Changed 'lynis audit system remote' routine - Support for macOS High Sierra - French translation updated Lynis Enterprise: ----------------- - Allow 'tags' and 'system-customer-name' to be specified via Lynis client Tests: ------ * CONT-8102 - Check for dockerd instead of docker -d * FIRE-4594 - Check for presence Advanced Policy Firewall (APF) * PKGS-2379 - New test for PHP suhosin extension status * PKGS-7370 - Only use debsums on Debian * KRNL-6000 - Added kernel.dmesg_restrict testing

lynis 2.5.3

2017-08-17T12:32:22+00:00

# Lynis 2.5.3 (2017-08-17) Changes: -------- * DirectAdmin location added * Small adjustments to text * Enhanced detection for LXC and LXC * Added /opt/apache as a target location * Default log directory set for HP-UX * Screen output improvements Tests: ------ * CRYP-7902 - Prevent test from showing error on screen * FILE-6310 - Detection of mount point now match exact name * HRDN-7230 - Show single line when no malware scanner was detected * NETW-3006 - Updated detection of MAC addresses on Linux * PKGS-2379 - Improvement for OpenBSD usage of PHP suhosin * TOOL-5002 - Detection capabilities for Ansible added

lynis 2.5.4

2017-09-05T11:51:34+00:00

Lynis 2.5.4 (2017-09-05) Changes: -------- * Improve systemd detection * Detect Linux Mint version * Older versions of Mac OS X are detected as well * Norwegian translation added * PAM plugin extended Tests: ------ * CRYP-7902 - certificate validation changed * FIRE-4508 - Improved screen output * PKGS-7380 - NetBSD vulnerability detection adjusted * TOOL-5002 - Improved detection of Ansible directories and files

lynis 2.5.5

2017-09-07T08:37:40+00:00

Lynis 2.5.5 (2017-09-07) Changes: -------- Minor release to solve errors on screen Tests: ------ * CRYP-7902 - certificate validation changed

lynis 2.8.0

2017-09-19T03:47:29+00:00

# New features in 2.8.0 This release merges the osqueryi shell into the osqueryd daemon. Both binaries will still be shipped with all platforms packages and the osqueryi binary is simply a copy of osqueryd binary. The core logic of the shell meerly checks the name of the running executable, and if it's osqueryi we launch into the shell. This release also sees various changes to our third party dependencies. Firstly we have dropped snappy and LZ4 from our dependency chain in favor of ZSTD, so these packages will no longer be required for builds. Further we have upgraded all platforms to make use of Boost 1.65.0, and finally we have successfully seen Firehose/Kinesis logging brought to the Windows platform. Lastly a few hardening changes to the RocksDB interface will ensure a better and more robust interface with the local caching database and strive to recover from database corruption. #3635 RocksDB interface has been extended to include a 'backup' and recover feature #3641 Firehose/Kinesis logging is now supported on Windows ## Bug fixes #3613 Fixed boost 1.65.0 builds for macos #3599 Addressed an issue in the Kinesis/Firehose record size check #3628 Wrapped the Windows shutdown event logic in a Mutex #3651 New query counter added to ignore initial results for differential querying #3661 Fixed listening_ports table to use readlink instead of readpath #3663 Fixed RocksDB interface to avoid calling DB::Flush so often #3662 Fixed debug info breakage introduced via binary merging #3673 Fixed builds linking against shared objects #3671 Fixed bug which had changed enrollment tests path #3685 Use PackageKit to better enumerate package receipts on macos #3698 Address shutdown behavior on Windows to ensure safe service stop ## Table changes (from 2.7.0 to 2.8.0) Added table `python_packages` to All Platforms Added table `chocolatey_packages` to Microsoft Windows Added table `curl` to POSIX-compatible Plaforms Added column `friendly_name` (`TEXT_TYPE`) to table `interface_addresses` Added column `friendly_name` (`TEXT_TYPE`) to table `interface_details` Added column `host` (`TEXT_TYPE`) to table `preferences` Removed table `process_file_events` from Darwin (Apple OS X) Removed table `python_packages` from POSIX-compatible Plaforms

lynis 2.8.1

2017-09-29T17:24:01+00:00

## New features in 2.8.1 This is largely a break-fix release addressing an issue with Kinesis/Firehose logging format. This release also sees a few small changes to the newly designed website as well as a small overhaul to the filesystem abstraction to make use of boosts `path` objects. ## Bug fixes #3746 Check Crypt API values for `nullptr` before using in `disk_encryption` table #3743 Add newline character between loglines for Firehose/Kinesis ## Table changes (from 2.8.0 to 2.8.1) Added column `last_opened_time` (`DOUBLE_TYPE`) to table `apps`

lynis 2.9.0

2017-10-05T00:37:07+00:00

## New features in 2.9.0 This is a security release, it includes fixes for weaknesses in several virtual tables. Please check out the new [`SECURITY.md`](https://github.com/facebook/osquery/blob/master/SECURITY.md) security issues tracker for more details. This release has updated several dependency formulas. The focus for those updates was also security related. While it is unclear if weaknesses in dependencies have an exact adverse effect on osquery, it is important to update them regardless. These updates mean a stronger and safer set of binary versions available on the https://osquery.io downloads page. ## Bug fixes #3785 (**CVE-2017-15026**) Use sanitized SQL for `ie_extensions` on Windows #3783 Drop temporary privileges to the intended user within `safari_extensions` #3782 (**CVE-2017-15027**) Use the owner of parent path in `dropToParent` event if the parent is a symlink #3781 (**CVE-2017-15028**) Drop temporary privileges to the intended user within `known_hosts` The notable dependency updates include: #3780 `libmagic` updated to 5.32 #3775 `libxml2` updated to 2.9.5 #3767 `augeas` updated to 1.8.1 #3770 `libarchive` updated to 3.3.3

lynis 2.9.1

2017-10-17T06:31:31+00:00

lynis 2.9.2

2017-10-21T21:54:01+00:00

lynis 2.10.0

2017-10-24T18:45:28+00:00

## New features in 2.10.0 We've ported our HTTP client to Boost Beast to allow for more meaningful TLS errors and support for HTTP proxies. #3623 Use Boost Beast as the HTTP client implementation (previously we used cpp-netlib) ## Bug fixes #3862 Lock access to individual SQL databases #3856 Fix extended_schema on Windows (previously all extended columns were HIDDEN) ## Table changes (from 2.9.0 to 2.10.0) Added table `key_events` to Darwin (Apple OS X) Added table `authenticode` to Microsoft Windows Added table `logical_drives` to Microsoft Windows Added table `physical_disk_performance` to Microsoft Windows Added column `version` (`TEXT_TYPE`) to table `usb_devices`

lynis 2.5.6

2017-10-27T11:02:58+00:00

Lynis 2.5.6 (2017-10-27) Changes: -------- * Added additional keywords for banners * DirectAdmin extensions * Enhancements to process detection * Spanish translation extended * Extended HP-UX support * Only show relevant messages in report Tests: ------ * [NETW-2705] - Allow local resolvers to bypass requirement for 2+ name servers * [SSH-7408] - Define default 'delayed' compression as a sane value for SSH tests * [SHLL-6220] - Improved detection of shell settings

lynis 2.5.7

2017-10-29T16:07:33+00:00

Lynis 2.5.7 (2017-10-29) Changes: -------- * Update of Portuguese translation * Added --silent as alias for --quiet * Reduced screen output when running non-privileged * IsRunning function now allows full name process match

lynis 2.10.1

2017-11-01T17:26:51+00:00

lynis 2.10.2

2017-11-09T21:22:08+00:00

## New features in 2.10.2 #3884 The macOS firewall exception URLs are now included in `alf_exceptions` The systemd service unit includes a post-init script to reload the units properly. ## Bug fixes #3892 Use better precision for calculating process start time on macOS #3917 Event tap publisher resource management fixes ## Table changes (from 2.10.0 to 2.10.2) Added table `curl` to All Platforms Added table `curl_certificate` to All Platforms Added table `pipes` to Microsoft Windows Added column `dst_port` (`TEXT_TYPE`) to table `iptables` Added column `src_port` (`TEXT_TYPE`) to table `iptables`

lynis 2.10.3

2017-11-20T16:32:25+00:00

This is a pre-release for internal testing of extensions changes.

lynis 2.10.4

2017-11-27T19:56:55+00:00

lynis 2.11.0

2017-12-18T22:22:12+00:00

## New features in 2.11.0 This version adds more features to osquery extensions. For a few examples, the Thrift API calls now enforce a 5 minutes maximum execution time to protect osquery from hung extensions (#3847); extension processes that are autoloaded, will respawn if they exit prematurely (#3944). We now depend on the newest `libaugeas` and have altered our integration to achieve much better performance (#3911). Several changes in the new Augeas version were designed for osquery's use cases. Finally, along with the bug and features below, this version adds more care to Windows Services and MSI packaging (#3927). #3921 Kafka SSL support #3814 Hash table cache #3887 Windows Event Log (as a logger plugin) support #4005 Non-blacklistable queries ## Bug fixes #3909 Print correct address family id for AF_UNIX sockets #3938 Remove 'removed' results correctly #3943 Stop renaming worker and extension argv[0] #3958 Fix header calculation with HTTP client and AWS Firehose #3979 Only daemon-reload if systemd is running #3985 Removing newline from Windows Event Log lines #4001 Remove invalid assumptions about status logging (refactor status logging) ## Table changes (from 2.10.2 to 2.11.0) Added table `groups` to All Platforms Added table `intel_me_info` to Linux and Windows Added table `shadow` to Linux Added column `blacklisted` (`INTEGER_TYPE`) to table `osquery_schedule` Added column `install_location` (`TEXT_TYPE`) to table `programs` Added column `type` (`TEXT_TYPE`) to table `users` Renamed table `key_events` to `user_interaction_events` on MacOS

lynis 2.11.1

2017-12-24T06:16:56+00:00

This tag includes dependency changes to accommodate Homebrew builds.

lynis 2.5.8

2017-12-28T11:52:45+00:00

Changes: -------- * Check for empty files improved on several locations * New allow-auto-purge setting in profile for short-lived systems * Additional checks for log and report file * Changes to support time synchronization in old and newer systemd releases * Enhanced output for systems other than Linux Plugins: -------- * New class (hardware) added and enabled in default profile

lynis 2.11.2

2017-12-30T20:34:49+00:00

This is a small release that adds mitigations for #3984. It also includes a new `crashes` table for Windows, a bugfix #4022 for `startup_items` not including non-existent paths, and upgraded our internal dependencies for boost (1.66) and thrift (0.11). This release is also the first using the new ASL2.0 and GPL2 dual license.

lynis 2.5.9

2018-01-12T14:31:24+00:00

Lynis 2.5.9 (2018-01-12) Changes: -------- * Don't show upgrade notice when being quiet/silent * Added --noplugins as an alias to skip execution of plugins * Use PATH variable for path detection, with predefined list as a backup Tests: ------ * [KRNL-6000] Multiple values are now allowed per sysctl key * [KRNL-6000] Individual tests can be skipped (skip-test=KRNL-6000:) * [KRNL-6000] Solution text has been added

lynis 3.0.0

2018-01-16T04:33:17+00:00

Welcome to the 3.0.0 series! In this series we'll be moving fast to incorporate new features that improve performance and safety. Minor releases will indicate new landed features. We'll highlight what to expect for compatibility in the release notes for each version. In this kick-off tag, we're ratcheting the build "runtime" that is installed with `make deps`. On macOS and Linux this is completely rebuilt to minimize the final binary size. We have also nitpicked compatibility options for macOS and believe this version is much safer for older versions, below 10.13. Finally, this version pays attention to OS and package manager maintainers. It will be a struggle to find the correct dependencies, but 3.0.0 supports a traditional `cmake` build if the `SKIP_DEPS` environment variable exists.

lynis 2.6.0

2018-01-18T16:14:49+00:00

Lynis 2.6.0 (2018-01-18) Changes: -------- * Binary paths are now sorted * Greek language added * systemd detection improved * VirtualBox detection extended * Several code enhancements Tests: ------ * [PHP-2379] - Small enhancement to resolve error on screen in some cases * [MALW-3280] - Improved detection for BitDefender tooling

lynis 2.6.1

2018-01-26T12:09:07+00:00

Lynis 2.6.1 (2018-01-26) Changes: -------- * Tests can have more than 1 required OS (e.g. Linux OR NetBSD) * Added 'system-groups' option to profile (Enterprise users) * Overhaul of default profile and migrate to new style (setting=value) * Show warning if old profile options are used * Improved detection of binaries * New group 'usb' for tests related to USB devices Tests: ------ * [FILE-6363] - New test for /var/tmp (sticky bit) * [MAIL-8802] - Added exim4 process name to improve detection of Exim * [NETW-3030] - Changed name of dhcp client name process and added udhcpc * [SSH-7408] - Restored UsePrivilegeSeparation * [TIME-3170] - Added chrony configuration file for NetBSD

lynis 3.1.0

2018-02-08T00:46:43+00:00

See the 3.0.0 release notes about the 3.0 series! This release includes the Linux Audit redesign. This redesign is faster, more reliable, and more extensible!

lynis 2.6.2

2018-02-13T15:19:58+00:00

Lynis 2.6.2 (2018-02-13) Changes: -------- * Bugfix for Arch Linux (binary detection) * Textual changes for several tests * Update of tests database

lynis 2.6.3

2018-03-07T15:26:49+00:00

Lynis 2.6.3 (2018-03-07) Changes: -------- * Change in routine for host identifiers Tests: ------ * [CRYP-7902] - Do prevalidation for certificates before testing them * [HRDN-7222] - Enhanced compiler permission test * [NAME-4402] - Improved test to filter out empty lines * [PKGS-7384] - Changes to detect yum-utils package and related tooling Plugins: -------- * [PLGN-2680] - cron file permissions

lynis 3.2.0

2018-03-21T16:47:25+00:00

lynis 3.2.1

2018-03-29T20:40:24+00:00

lynis 3.2.2

2018-03-29T23:16:04+00:00

lynis 3.2.3

2018-04-18T17:51:06+00:00

lynis 3.2.4

2018-04-25T03:26:12+00:00

## osquery 3.2.4 release notes This tag represents the first stable release of the osquery 3.0.0 series. The biggest change for 3.0.0 is a migration from boost property trees to Rapid JSON documents. This effects content in our RocksDB persistent store, and JSON interpretation of configuration and logging. Because of this migration we have introduced new database upgrading logic to automatically handle any subsequent database changes. This release also publishes the audit redesign first introduced in 3.1.0, as well as a variety of new tables for all platforms detailed below. Finally, this release introduces numerous new unit and integration tests for various components of osquery. Going forward, we will be more strict about requiring integration or unit tests for new features introduced to the code base in an effort to make our product more reliable and robust. ## New features in osquery 3 * We've migrated away from boost property trees in favor of RapidJSON objects. This migration resulted in massive performance gains for serialization to and from the database. * The linux audit subsystem has been rearchitected to be more performant, reliably, and extensible. * The osquery.io website has been overhauled! Use this as a landing portal for table schemas, package downloads, and any news round the product ## Bug fixes #4323 fix HANDLE leak in Windows processes functions #4325 fix conversion of empty ptree to be empty RJ list #4305 addressed memory leak in macos sip_config table #4286 prevent runnable threads from deadlocking Windows service exit #4276 ensure registry interface is thread safe #4281 config parser keys are now objects or arrays #4256 use specific release files in Linux os_version table #4240 correctly divide uptime on Windows #4236 ensure accelerated mode handles rapidjson correctly #4234 filter process open sockets correctly when pid = -1 #4229 continue processing if a namespace lookup fails #4222 fix crash in parsing stack traces for Windows crashes #4125 fix leak in darwin disk_encryption table #4169 correct external plugin name lookup #4129 add loop detection to fs globbing #4140 prevent duplicate build linkage by removing WEL as system logger #4086 address RJ assertion failures in configuration #4109 address sslv3 handshake failure in carver #4051 fixes a crash in extended_attributes if file access fails due to permissions #4047 fixes on_disk entry in processes table for linux ## Table changes (from 2.11.2 to 3.2.4) Added table `account_policy_data` to Darwin (Apple OS X) Added table `bitlocker_info` to Microsoft Windows Added table `disk_info` to Microsoft Windows Added table `kva_speculative_info` to Microsoft Windows Added table `video_info` to Microsoft Windows Added table `apt_sources` to POSIX-compatible Plaforms Added table `yum_sources` to POSIX-compatible Plaforms Added table `process_file_events` to Ubuntu, CentOS Added column `serial` (`TEXT_TYPE`) to table `certificates` Added column `cgroup_namespace` (`TEXT_TYPE`) to table `docker_containers` Added column `config_entrypoint` (`TEXT_TYPE`) to table `docker_containers` Added column `env_variables` (`TEXT_TYPE`) to table `docker_containers` Added column `finished_at` (`TEXT_TYPE`) to table `docker_containers` Added column `ipc_namespace` (`TEXT_TYPE`) to table `docker_containers` Added column `mnt_namespace` (`TEXT_TYPE`) to table `docker_containers` Added column `net_namespace` (`TEXT_TYPE`) to table `docker_containers` Added column `path` (`TEXT_TYPE`) to table `docker_containers` Added column `pid` (`BIGINT_TYPE`) to table `docker_containers` Added column `pid_namespace` (`TEXT_TYPE`) to table `docker_containers` Added column `privileged` (`INTEGER_TYPE`) to table `docker_containers` Added column `security_options` (`TEXT_TYPE`) to table `docker_containers` Added column `started_at` (`TEXT_TYPE`) to table `docker_containers` Added column `user_namespace` (`TEXT_TYPE`) to table `docker_containers` Added column `uts_namespace` (`TEXT_TYPE`) to table `docker_containers` Added column `signed` (`INTEGER_TYPE`) to table `drivers` Added column `fd` (`BIGINT_TYPE`) to table `listening_ports` Added column `net_namespace` (`TEXT_TYPE`) to table `listening_ports` Added column `path` (`TEXT_TYPE`) to table `listening_ports` Added column `socket` (`BIGINT_TYPE`) to table `listening_ports` Added column `net_namespace` (`TEXT_TYPE`) to table `process_open_sockets` Added column `state` (`TEXT_TYPE`) to table `process_open_sockets` Added column `disk_bytes_read` (`BIGINT_TYPE`) to table `processes` Added column `disk_bytes_written` (`BIGINT_TYPE`) to table `processes` Added column `cpu_microcode` (`TEXT_TYPE`) to table `system_info` Removed table `apt_sources` from Ubuntu, CentOS

lynis 2.6.4

2018-05-02T11:37:53+00:00

Lynis 2.6.4 (2018-05-02) Changes: -------- * Several contributions merged, including grammar improvements * Initial support for Ubuntu 18.04 LTS * Small enhancements for usage Tests: ------ * [AUTH-9308] - Made 'sulogin' more generic for systemd rescue shell * [DNS-1600] - Initial work on DNSSEC validation testing * [NETW-2704] - Added support for local resolver 127.0.0.53 * [PHP-2379] - Suhosin test disbled * [SSH-7408] - Removed 'DELAYED' from OpenSSH Compression setting * [TIME-3160] - Improvements to detect step-tickers file and entries

lynis 3.2.5

2018-05-11T21:30:45+00:00

lynis 3.2.6

2018-05-22T21:10:54+00:00

Lots of bug fixes! ## Bug fixes #4284 Improve `yum_sources` reporting #4310 Fix unicode parsing errors in the configuration #4341 Fix races in plugin methods (caused by extension registrations) #4321 Improve EventData parsing in Windows Events #4328 Fix various errors in the `system_controls` table on MacOS #4374 Handle placeholder hardware UUIDs by using an ephemeral UUID #4399 Fix socket-reuse after failed-connection segfault (large-bug!) #4401 Fix debuginfo build-id paths #4404 Fix over-release in `disk_encryption` on MacOS ## Table Changes (from 3.2.4 to 3.2.6) Added table `user_groups` to All Platforms (moved from POSIX) Added table `cups_destinations` to Darwin (Apple OS X) Added table `cups_jobs` to Darwin (Apple OS X) Added table `mdfind` to Darwin (Apple OS X) Added table `startup_items` to MacOS and Windows Added table `powershell_events` to Microsoft Windows Added table `wmi_bios_info` to Microsoft Windows Added table `memory_devices` to POSIX-compatible Plaforms Added table `npm_packages` to Linux Added column `encryption_method` (`TEXT_TYPE`) to table `bitlocker_info` Added column `link_speed` (`BIGINT_TYPE`) to table `interface_details` Added column `pci_slot` (`TEXT_TYPE`) to table `interface_details` Added column `service` (`TEXT_TYPE`) to table `interface_details` Added column `cgroup_namespace` (`TEXT_TYPE`) to table `processes` Added column `ipc_namespace` (`TEXT_TYPE`) to table `processes` Added column `is_elevated_token` (`INTEGER_TYPE`) to table `processes` Added column `mnt_namespace` (`TEXT_TYPE`) to table `processes` Added column `net_namespace` (`TEXT_TYPE`) to table `processes` Added column `pid_namespace` (`TEXT_TYPE`) to table `processes` Added column `user_namespace` (`TEXT_TYPE`) to table `processes` Added column `uts_namespace` (`TEXT_TYPE`) to table `processes`

lynis 3.2.7

2018-06-11T21:04:32+00:00

This release is made available to address CVE-2018-6336. The fix results in the macOS `signature` table reporting lines for each architecture within FAT bundled executables. ## Improvements We added lite-support for building the dependencies toolchain with GCC7. The goal is to help folks building dependencies from source on Ubuntu 18.04 builds. This also removes native compilation optimizations for RapidJSON. #4437 Update AWS-SDK-CPP to version 1.4.55 #4439 Update libdpkg to version 1.19.0.5 #4440 Update The SleuthKit to version 4.6.1 #4393 Reduce drift time in query schedule There was a minor unintentional drifting-effect on the query schedule. This was adding slight delays to when queries are executed. C++ extensions built using the external make target can now be bundled into a single executable. ## Bug fixes #3307 Various improvements to the `python_packages` table. #4525 Address CVE-2018-6336 by making macOS `signatures` architecture-aware. ## Table changes (from 3.2.6 to 3.2.7) Added table `battery` to Darwin (Apple OS X) Added table `cpu_info` to Microsoft Windows Added table `memory_array_mapped_addresses` to POSIX-compatible Plaforms Added table `memory_arrays` to POSIX-compatible Plaforms Added table `memory_device_mapped_addresses` to POSIX-compatible Plaforms Added table `memory_error_info` to POSIX-compatible Plaforms Added table `ulimit_info` to POSIX-compatible Plaforms Added column `readonly_rootfs` (`INTEGER_TYPE`) to table `docker_containers` Added column `directory` (`TEXT_TYPE`) to table `python_packages` Added column `arch` (`TEXT_TYPE`) to table `signature`

lynis 3.2.8

2018-06-13T20:53:05+00:00

This release fixes a serious issue causing dead locks in the Registry. The bug was introduced in the 3.2 release. ## Bug fixes #4538 - Windows Events may drop events due to case-mismatches #4549 - Writes to /dev/null on macOS caused performance issues #4359 - Autoloaded extensions could outlive the main process #4531 - Do note reset audit handle when poll returns EINTR #4528 - Fix potential local in Registry caused by extensions ## Table changes (from 3.2.7 to 3.2.8) Added table `process_namespaces` to Linux Removed column `cgroup_namespace` (`TEXT_TYPE`) from table `processes` Removed column `ipc_namespace` (`TEXT_TYPE`) from table `processes` Removed column `mnt_namespace` (`TEXT_TYPE`) from table `processes` Removed column `net_namespace` (`TEXT_TYPE`) from table `processes` Removed column `pid_namespace` (`TEXT_TYPE`) from table `processes` Removed column `user_namespace` (`TEXT_TYPE`) from table `processes` Removed column `uts_namespace` (`TEXT_TYPE`) from table `processes`

lynis 3.2.9

2018-06-19T22:49:38+00:00

This releases updates some code dependencies and addresses several bugs. Update libxml to version 2.9.7 Update yara to version 3.7.1 Update openssl to version 1.0.20 ## Bug fixes #4561 Fix Dispatcher race conditions #4597 Fix memory leak in Dispatcher #4585 Never give up on failed extensions ## Table changes (from 3.2.8 to 3.2.9) Added table `ntfs_acl_permissions` to Microsoft Windows

lynis 2.6.5

2018-06-26T13:16:13+00:00

Lynis 2.6.5 (2018-06-26) Tests: ------ * [MAIL-8804] - Exim configuration test * [NETW-2704] - Use FQDN to test status of a nameserver instead of own IP address * [SSH-7402] - Improved test to allow configurations with a Match block

lynis 2.6.6

2018-07-06T13:09:27+00:00

## Lynis 2.6.6 (2018-07-06) ### Improvements * New format of changelog (https://keepachangelog.com/en/1.0.0/) * KRNL-5830 - improved log text about running kernel version ### Fixed * Under some condition no hostid2 value was reported * Solved 'extra operand' issue with tr command

lynis 3.3.0

2018-08-06T17:27:49+00:00

New features include #4094 Add opt-in write-support for extensions #4224 Add SELinux event recording on Linux #4626 Add number monitoring system concept ## Bug fixes #4416 Added custom version of realpath #4599 Resource protection for udev structures #4579 Fix case where regular files were reported as symlinks #4695 Fix use of incorrect directory separator #4686 Improve etc_hosts table data #4647 Improve audit-based table performance ## Table changes (from 3.2.7 to 3.2.8) Added table `logon_sessions` to Microsoft Windows Added table `winbaseobj` to Microsoft Windows Added table `ssh_configs` to POSIX-compatible Plaforms Added table `smart_drive_info` to SMART Added table `elf_dynamic` to Ubuntu, CentOS Added table `elf_info` to Ubuntu, CentOS Added table `elf_sections` to Ubuntu, CentOS Added table `elf_segments` to Ubuntu, CentOS Added table `elf_symbols` to Ubuntu, CentOS Added table `selinux_events` to Ubuntu, CentOS Added column `socket_designation` (`TEXT_TYPE`) to table `cpu_info` Added column `encryption_status` (`TEXT_TYPE`) to table `disk_encryption` Added column `attributes` (`TEXT_TYPE`) to table `file` Added column `file_id` (`TEXT_TYPE`) to table `file` Added column `volume_serial` (`TEXT_TYPE`) to table `file` Added column `ssdeep` (`TEXT_TYPE`) to table `hash` Added column `cpu_subtype` (`INTEGER_TYPE`) to table `processes` Added column `cpu_type` (`INTEGER_TYPE`) to table `processes`

lynis 2.6.7

2018-08-09T13:20:39+00:00

## Lynis 2.6.7 (2018-08-09) ### Changed - BOOT-5104 - Added busybox as a service manager - KRNL-5677 - Limit PAE and no-execute test to AMD64 hardware only - LOGG-2190 - Ignore /dev/zero and /dev/[aio] as deleted files - SSH-7408 - Changed classification of SSH root login with keys - Docker scan uses new format for maintainer value - New URL structure on CISOfy website implemented for Lynis controls

lynis 2.6.8

2018-08-23T10:29:54+00:00

## Lynis 2.6.8 (2018-08-23) ### Changed - BOOT-5104 - improved parsing of boot parameters to init process - PHP-2372 - test all PHP files for expose_php and improved logging - Alpine Linux detection for Docker audit - Docker check now tests also for CMD, ENTRYPOINT, and USER configuration - Improved display in Docker output for showing which keys are used for signing

lynis 2.6.9

2018-09-19T12:04:14+00:00

## Lynis 2.6.9 (2018-09-19) ### Changed - Man page has been updated - Command 'lynis show options' provides up-to-date list - Option '--dump-options' is deprecated - Several options and commands have been extended with more examples - OS detection now supports openSUSE specific distribution names - Changed command output when using 'lynis audit system remote' - DBS-1882 - added /usr/local/redis/etc path and QNAP support - PKGS-7322 - updated solution text - KRNL-5788 - ignore exception when no vmlinuz file was discovered - TIME-3104 - extended logging for test

lynis 3.3.1

2018-09-19T17:48:50+00:00

lynis 2.7.0

2018-10-26T12:35:15+00:00

## Lynis 2.7.0 (2018-10-26) ### Added - MACF-6240 - Detection of TOMOYO binary - MACF-6242 - Status of TOMOYO framework - SSH-7406 - OpenSSH server version detection - TOOL-5160 - Check active OSSEC analysis daemon ### Changed - Changed several warning labels on screen - AUTH-9308 - More generic sulogin for systemd rescue.service - OS detection now ignores quotes for getting the OS ID.

lynis 3.3.2

2019-01-10T01:17:06+00:00

lynis 2.7.1

2019-01-31T13:50:45+00:00

## Lynis 2.7.1 (2019-01-30) ### Added - Support for macOS Mojave - Translation: Slovak ### Changed - AUTH-9282 - Improve support for Red Hat and clones - FIRE-4534 - Additional support for Hands Off!, LuLu, and Radio Silence - LOGG-2190 - Added MariaDB filter for deleted files (tested on CentOS) - SHLL-6230 - Add /etc/bash.bashrc.local to umask check - Removed shift statement that did not work on all operating systems - Minor cleanups and enhancements - Small improvements to logging

lynis 2.7.2

2019-03-07T10:57:57+00:00

## Lynis 2.7.2 (2019-03-07) ### Added - AUTH-9409 - Support for doas (OpenBSD) - AUTH-9410 - Test file permissions of doas configuration - BOOT-5117 - Support for systemd-boot boot loader added - BOOT-5177 - Simplify service filter and allow multiple dots in service names - BOOT-5262 - Check OpenBSD boot daemons - BOOT-5263 - Test permissions for boot files and scripts - Support for end-of-life detection of the operating system - New 'lynis show eol' command - Korean translation ### Changed - AUTH-9252 - Adds support for files in sudoers.d - AUTH-9252 - Test extended to check file and directory ownership - BOOT-5122 - Use NONE instead of WARNING if no password is set - FIRE-4540 - Modify test to better measure rules - KRNL-5788 - Resolve false positive warning on missing /vmlinuz - NETW-2704 - Ignore inline comments in /etc/resolv.conf - PKGS-7388 - Improve detection for security archive - RPi/Raspian path to PAM_FILE_LOCATIONS

lynis 2.7.3

2019-03-21T08:38:58+00:00

## Lynis 2.7.3 (2019-03-21) ### Added - Detection for Lynis being scheduled (e.g. cronjob) ### Changed - HTTP-6624 - Improved logging for test - KRNL-5820 - Changed color for default fs.suid_dumpable value - LOGG-2154 - Adjusted test to search in configuration file correctly - NETW-3015 - Added support for ip binary - SQD-3610 - Description of test changed - SQD-3613 - Corrected description in code - SSH-7408 - Increased values for MaxAuthRetries - Improvements to allow tailored tool tips in future - Corrected detection of blkid binary - Minor textual changes and cleanups

lynis 2.7.4

2019-04-21T14:30:55+00:00

## Lynis 2.7.4 (2019-04-21) This is a bigger release than usual, including several new tests created by Capashenn (GitHub). It is a coincidence that it is released exactly one month after the previous version and on Easter. No easter eggs, only improvements! ### Added - FILE-6324 - Discover XFS mount points - INSE-8000 - Installed inetd package - INSE-8100 - Installed xinetd package - INSE-8102 - Status of xinet daemon - INSE-8104 - xinetd configuration file - INSE-8106 - xinetd configuration for inactive daemon - INSE-8200 - Usage of TCP wrappers - INSE-8300 - Presence of rsh client - INSE-8302 - Presence of rsh server - Detect equery binary detection - New 'generate' command ### Changed - AUTH-9278 - Test LDAP in all PAM components on Red Hat and other systems - PKGS-7410 - Add support for DPKG-based systems to gather installed kernel packages - PKGS-7420 - Detect toolkit to automatically download and apply upgrades - PKGS-7328 - Added global Zypper option --non-interactive - PKGS-7330 - Added global Zypper option --non-interactive - PKGS-7386 - Only show warning when vulnerable packages were discovered - PKGS-7392 - Skip test for Zypper-based systems - Minor changes to improve text output, test descriptions, and logging - Changed CentOS identifiers in end-of-life database - AIX enhancement for IsRunning function - Extended PackageIsInstalled function - Improve text output on AIX systems - Corrected lsvg binary detection

lynis 2.7.5

2019-06-24T13:51:27+00:00

## Lynis 2.7.5 (2019-06-24) ### Added - Danish translation - Slackware end-of-life information - Detect BSD-style (rc.d) init in Linux systems - Detection of Bro and Suricata (IDS) ### Changed - Corrected end-of-life entries for CentOS 5 and 6 - AUTH-9204 - change name to check in /etc/passwd file for QNAP devices - AUTH-9268 - AIX enhancement to use correct find statement - FILE-6310 - Filter on correct field for AIX - NETW-3012 - set ss command as preferred option for Linux and changed output format - List of PHP ini file locations has been extended - Removed several pieces of the code as part of cleanup and code health - Extended help

lynis 3.0.1

2020-10-05T11:25:42+00:00

## Lynis 3.0.1 (2020-10-05) ### Added - Detection of Alpine Linux - Detection of CloudLinux - Detection of Kali Linux - Detection of Linux Mint - Detection of macOS Big Sur (11.0) - Detection of Pop!_OS - Detection of PHP 7.4 - Malware detection tool: Microsoft Defender ATP - New flag: --slow-warning to allow tests more time before showing a warning - Test TIME-3185 to check systemd-timesyncd synchronized time - rsh host file permissions ### Changed - AUTH-9229 - Added option for LOCKED accounts and bugfix for older bash versions - BOOT-5122 - Presence check for grub.d added - CRYP-7902 - Added support for certificates in DER format - CRYP-7931 - Added data to report - CRYP-7931 - Redirect errors (e.g. when swap is not encrypted) - FILE-6430 - Don't grep nonexistant modprobe.d files - FIRE-4535 - Set initial firewall state - INSE-8312 - Corrected text on screen - KRNL-5728 - Handle zipped kernel configuration correctly - KRNL-5830 - Improved version detection for non-symlinked kernel - MALW-3280 - Extended detection of BitDefender - TIME-3104 - Find more time synchronization commands - TIME-3182 - Corrected detection of time peers - Fix: hostid generation routine would sometimes show too short IDs - Fix: language detection - Generic improvements for macOS - German translation updated - End-of-life database updated - Several minor code enhancements

lynis 3.0.2

2020-12-24T09:31:27+00:00

## Lynis 3.0.2 (2020-12-24) ### Added - AUTH-9284 - Scan for locked user accounts in /etc/passwd - LOGG-2153 - Loghost configuration - TOOL-5130 - Check for active Suricata daemon - OS detection of Flatcar, IPFire, Mageia, NixOS, ROSA Linux, SLES (extended), Void Linux, Zorin OS - OS detection of OpenIndiana (Hipster and Legacy), Shillix, SmartOS, Tribblix, and others - EOL dates for Alpine, macOS, Mageia, OmniosCE, and Solaris 11 - Support for Solaris svcs (service manager) - Enumeration of Solaris services ### Changed - ACCT-9626 - Detect sysstat systemd unit - AUTH-9230 - Only fail if both SHA_CRYPT_MIN_ROUNDS and SHA_CRYPT_MAX_ROUNDS are undefined - BOOT-5184 - Support for Solaris - KRNL-5830 - Improved reboot test by ignoring known bad values - KRNL-5830 - Ignore rescue kernel such as on CentOS systems - KRNL-5830 - Detection of Alpine Linux kernel - NETW-2400 - Compatibility change for hostname check - NETW-3012 - Support for Solaris - PKGS-7410 - Don't show exception if no kernels were found on the disk - TIME-3185 - Supports now checking files at multiple locations (systemd) - ParseNginx function: Support include on absolute paths - ParseNginx function: Ignore empty included wildcards - Set 'RHEL' as OS_NAME for Red Hat Enterprise Linux - HostID: Use first e1000 interface and break after match - Translations extended and updated - Test if pgrep exists before using it - Better support for busybox shell - Small code enhancements

lynis 3.0.3

2021-01-07T14:28:23+00:00

## Lynis 3.0.3 (2021-01-07) ### Added - HRDN-7231 - Check for registered non-native binary formats - OS detection of Parrot GNU/Linux ### Changed - DBS-1816 - Force test to check only password authentication - KRNL-5677 - Support for NetBSD - Bugfix: command 'configure settings' did not work as intended

lynis 3.0.4

2021-05-11T09:30:29+00:00

## Lynis 3.0.4 (2021-05-11) ### Added - ACCT-9670 - Detection of cmd tooling - ACCT-9672 - Test cmd configuration file - BOOT-5140 - Check for ELILO boot loader presence - OS detection of AlmaLinux, Garuda Linux, Manjaro (ARM), and others ### Changed - BOOT-5104 - Add service manager detection support for runit - FILE-6430 - Report suggestion only when at least one kernel module is not in the blacklist - FIRE-4540 - Corrected nftables empy ruleset test - LOGG-2138 - Do not check for klogd when metalog is being used - TIME-3185 - Improved support for Debian stretch - Corrected issue when Lynis is not executed directly from lynis directory

lynis 3.0.5

2021-07-02T12:27:52+00:00

## Lynis 3.0.5 (2021-07-02) ### Added - OS detection of Arch Linux 32, BunsenLabs Linux, and Rocky Linux - CRYP-8006 - Check MemoryOverwriteRequest bit to protect against cold-boot attacks (Linux) ### Changed - ACCT-9622 - Corrected typo - HRDN-7231 - When calling wc, use the short -l flag instead of --lines (Busybox compatibility) - PKGS-7320 - extended to Arch Linux 32 - Generation of host identifiers (hostid/hostid2) extended - Linux host identifiers are now using ip as preferred input source - Improved logging in several areas

lynis 3.0.6

2021-07-22T09:37:34+00:00

## Lynis 3.0.6 (2021-07-22) ### Added - OS detection: Artix Linux, macOS Monterey, NethServer, openSUSE MicroOS - Check for outdated translation files ### Changed - DBS-1826 - Check if PostgreSQL is being used - DBS-1828 - Test multiple PostgreSQL configuration file(s) - KRNL-5830 - Sort kernels by version instead of modification date - PKGS-7410 - Don't show exception for systems using LXC - GetHostID function: fallback options added for Linux systems - Fix: macOS Big Sur detection - Fix: show correct text when egrep is missing - Fix: variable name for PostgreSQL - German and Spanish translations extended

lynis 3.0.7

2022-01-18T13:28:06+00:00

## Lynis 3.0.7 (2022-01-18) ### Added - MALW-3290 - Show status of malware components - OS detection for RHEL 6 and Funtoo Linux - Added service manager openrc ### Changed - DBS-1804 - Added alias for MariaDB - FINT-4316 - Support for newer Ubuntu versions - MALW-3280 - Added Trend Micro malware agent - NETW-3200 - Allow unknown number of spaces in modprobe blacklists - PKGS-7320 - Support for Garuda Linux and arch-audit - Several improvements for busybox shell - Russian translation of Lynis extended

lynis 3.0.8

2022-05-17T13:10:32+00:00

### Added - MALW-3274 - Detect McAfee VirusScan Command Line Scanner - PKGS-7346 Check Alpine Package Keeper (apk) - PKGS-7395 Check Alpine upgradeable packages - EOL for Alpine Linux 3.14 and 3.15 ### Changed - AUTH-9408 - Check for pam_faillock as well (replacement for pam_tally2) - FILE-7524 - Test enhanced to support symlinks - HTTP-6643 - Support ModSecurity version 2 and 3 - KRNL-5788 - Only run relevant tests and improved logging - KRNL-5820 - Additional path for security/limits.conf - KRNL-5830 - Check for /var/run/needs_restarting (Slackware) - KRNL-5830 - Add a presence check for /boot/vmlinuz - PRNT-2308 - Bugfix that prevented test from storing values correctly - Extended location of PAM files for AARCH64 - Some messages in log improved

lynis 3.0.9

2023-08-03T11:46:26+00:00

## Lynis 3.0.9 (2023-08-03) ### Changed - DBS-1820 - Added newer style format for Mongo authorization setting - FILE-6410 - Locations added for plocate - SSH-7408 - Only test Compression if sshd version < 7.4 - Improved fetching timestamp - Minor changes such as typos