Lynis changelog

Version 3.1.1 (2024-03-17)

## Lynis 3.1.1 (2024-03-17)

### Added
- Detection of ArcoLinux

### Changed
- DBS-1882 - Redis configuration file path added for FreeBSD (/usr/local/etc/redis.conf)
- DBS-1882 - Check /snap directory location for Redis configuration file

Version 3.1.0 (2024-03-11)

## Lynis 3.1.0 (2024-03-11)

### Added
- Translation: Indonesian

### Changed
- MALW-3280 - Correction to detect com.avast.daemon
- OS detection added for Guix System, macOS Ventura (13.x)/Sonoma (14.x), NXP LSDK, OpenEmbedded "nodistro", and The Yocto Projects distro "Poky"
- Updated Amazon Linux EOL dates and addition of Amazon Linux 2023
- STATUS_NOT_ACTIVE variable added to translation files
- End-of-life dates updated
- Fixing missing or erroneous test number comments
- Detection of SentinelOne corrected
- Wazuh for file integrity and tooling
- Updated parsing output of arch-audit
- Added support for SentinelOne detection
- Replacing deprecated option -i for xargs
- Path detection for PostgreSQL improved

Version 3.0.9 (2023-08-03)

## Lynis 3.0.9 (2023-08-03)

### Changed
- DBS-1820 - Added newer style format for Mongo authorization setting
- FILE-6410 - Locations added for plocate
- SSH-7408 - Only test Compression if sshd version < 7.4
- Improved fetching timestamp
- Minor changes such as typos

Version 3.0.8 (2022-05-17)

### Added
- MALW-3274 - Detect McAfee VirusScan Command Line Scanner
- PKGS-7346 Check Alpine Package Keeper (apk)
- PKGS-7395 Check Alpine upgradeable packages
- EOL for Alpine Linux 3.14 and 3.15

### Changed
- AUTH-9408 - Check for pam_faillock as well (replacement for pam_tally2)
- FILE-7524 - Test enhanced to support symlinks
- HTTP-6643 - Support ModSecurity version 2 and 3
- KRNL-5788 - Only run relevant tests and improved logging
- KRNL-5820 - Additional path for security/limits.conf
- KRNL-5830 - Check for /var/run/needs_restarting (Slackware)
- KRNL-5830 - Add a presence check for /boot/vmlinuz
- PRNT-2308 - Bugfix that prevented test from storing values correctly
- Extended location of PAM files for AARCH64
- Some messages in log improved

Version 3.0.7 (2022-01-18)

## Lynis 3.0.7 (2022-01-18)

### Added
- MALW-3290 - Show status of malware components
- OS detection for RHEL 6 and Funtoo Linux
- Added service manager openrc

### Changed
- DBS-1804 - Added alias for MariaDB
- FINT-4316 - Support for newer Ubuntu versions
- MALW-3280 - Added Trend Micro malware agent
- NETW-3200 - Allow unknown number of spaces in modprobe blacklists
- PKGS-7320 - Support for Garuda Linux and arch-audit
- Several improvements for busybox shell
- Russian translation of Lynis extended

Version 3.0.6 (2021-07-22)

## Lynis 3.0.6 (2021-07-22)

### Added
- OS detection: Artix Linux, macOS Monterey, NethServer, openSUSE MicroOS
- Check for outdated translation files

### Changed
- DBS-1826 - Check if PostgreSQL is being used
- DBS-1828 - Test multiple PostgreSQL configuration file(s)
- KRNL-5830 - Sort kernels by version instead of modification date
- PKGS-7410 - Don't show exception for systems using LXC
- GetHostID function: fallback options added for Linux systems
- Fix: macOS Big Sur detection
- Fix: show correct text when egrep is missing
- Fix: variable name for PostgreSQL
- German and Spanish translations extended

Version 3.0.5 (2021-07-02)

## Lynis 3.0.5 (2021-07-02)

### Added
- OS detection of Arch Linux 32, BunsenLabs Linux, and Rocky Linux
- CRYP-8006 - Check MemoryOverwriteRequest bit to protect against cold-boot attacks (Linux)

### Changed
- ACCT-9622 - Corrected typo
- HRDN-7231 - When calling wc, use the short -l flag instead of --lines (Busybox compatibility)
- PKGS-7320 - extended to Arch Linux 32
- Generation of host identifiers (hostid/hostid2) extended
- Linux host identifiers are now using ip as preferred input source
- Improved logging in several areas

Version 3.0.4 (2021-05-11)

## Lynis 3.0.4 (2021-05-11)

### Added
- ACCT-9670 - Detection of cmd tooling
- ACCT-9672 - Test cmd configuration file
- BOOT-5140 - Check for ELILO boot loader presence
- OS detection of AlmaLinux, Garuda Linux, Manjaro (ARM), and others

### Changed
- BOOT-5104 - Add service manager detection support for runit
- FILE-6430 - Report suggestion only when at least one kernel module is not in the blacklist
- FIRE-4540 - Corrected nftables empy ruleset test
- LOGG-2138 - Do not check for klogd when metalog is being used
- TIME-3185 - Improved support for Debian stretch
- Corrected issue when Lynis is not executed directly from lynis directory

Version 3.0.3 (2021-01-07)

## Lynis 3.0.3 (2021-01-07)

### Added

- HRDN-7231 - Check for registered non-native binary formats
- OS detection of Parrot GNU/Linux

### Changed

- DBS-1816 - Force test to check only password authentication
- KRNL-5677 - Support for NetBSD
- Bugfix: command 'configure settings' did not work as intended

Version 3.0.2 (2020-12-24)

## Lynis 3.0.2 (2020-12-24)

### Added
- AUTH-9284 - Scan for locked user accounts in /etc/passwd
- LOGG-2153 - Loghost configuration
- TOOL-5130 - Check for active Suricata daemon
- OS detection of Flatcar, IPFire, Mageia, NixOS, ROSA Linux, SLES (extended), Void Linux, Zorin OS
- OS detection of OpenIndiana (Hipster and Legacy), Shillix, SmartOS, Tribblix, and others
- EOL dates for Alpine, macOS, Mageia, OmniosCE, and Solaris 11
- Support for Solaris svcs (service manager)
- Enumeration of Solaris services

### Changed
- ACCT-9626 - Detect sysstat systemd unit
- AUTH-9230 - Only fail if both SHA_CRYPT_MIN_ROUNDS and SHA_CRYPT_MAX_ROUNDS are undefined
- BOOT-5184 - Support for Solaris
- KRNL-5830 - Improved reboot test by ignoring known bad values
- KRNL-5830 - Ignore rescue kernel such as on CentOS systems
- KRNL-5830 - Detection of Alpine Linux kernel
- NETW-2400 - Compatibility change for hostname check
- NETW-3012 - Support for Solaris
- PKGS-7410 - Don't show exception if no kernels were found on the disk
- TIME-3185 - Supports now checking files at multiple locations (systemd)
- ParseNginx function: Support include on absolute paths
- ParseNginx function: Ignore empty included wildcards
- Set 'RHEL' as OS_NAME for Red Hat Enterprise Linux
- HostID: Use first e1000 interface and break after match
- Translations extended and updated
- Test if pgrep exists before using it
- Better support for busybox shell
- Small code enhancements

Version 3.0.1 (2020-10-05)

## Lynis 3.0.1 (2020-10-05)

### Added
- Detection of Alpine Linux
- Detection of CloudLinux
- Detection of Kali Linux
- Detection of Linux Mint
- Detection of macOS Big Sur (11.0)
- Detection of Pop!_OS
- Detection of PHP 7.4
- Malware detection tool: Microsoft Defender ATP
- New flag: --slow-warning to allow tests more time before showing a warning
- Test TIME-3185 to check systemd-timesyncd synchronized time
- rsh host file permissions

### Changed
- AUTH-9229 - Added option for LOCKED accounts and bugfix for older bash versions
- BOOT-5122 - Presence check for grub.d added
- CRYP-7902 - Added support for certificates in DER format
- CRYP-7931 - Added data to report
- CRYP-7931 - Redirect errors (e.g. when swap is not encrypted)
- FILE-6430 - Don't grep nonexistant modprobe.d files
- FIRE-4535 - Set initial firewall state
- INSE-8312 - Corrected text on screen
- KRNL-5728 - Handle zipped kernel configuration correctly
- KRNL-5830 - Improved version detection for non-symlinked kernel
- MALW-3280 - Extended detection of BitDefender
- TIME-3104 - Find more time synchronization commands
- TIME-3182 - Corrected detection of time peers
- Fix: hostid generation routine would sometimes show too short IDs
- Fix: language detection
- Generic improvements for macOS
- German translation updated
- End-of-life database updated
- Several minor code enhancements

Version 3.0.0 (2020-06-18)

# Lynis Changelog

## Lynis 3.0.0 (2020-06-18)

This is a major release of Lynis and includes several big changes.
Some of these changes may break your current usage of the tool, so test before

### Security issues
This release resolves two security issues
* CVE-2020-13882 - Discovered by Sander Bos, code submission by Katarina Durechova
* CVE-2019-13033 - Discovered by Sander Bos

### Breaking change: Non-interactive by default
Lynis now runs non-interactive by default, to be more in line with the Unix
philosophy. So the previously used '--quick' option is now default, and the tool
will only wait when using the '--wait' option.

### Breaking change: Deprecated options
- Option: -c
- Option: --check-update/--info
- Option: --dump-options
- Option: --license-key

### Breaking change: Profile options
The format of all profile options are converted (from key:value to key=value).
You may have to update the changes you made in your custom.prf.

### Security
An important focus area for this release is on security. We added several
measures to further tighten any possible misuse.

## New: DevOps, Forensics, and pentesting mode
This release adds initial support to allow defining a specialized type of audit.
Using the relevant options, the scan will change base on the intended goal.

See full changelog on GitHub page.

Version 2.7.5 (2019-06-24)

## Lynis 2.7.5 (2019-06-24)

### Added
- Danish translation
- Slackware end-of-life information
- Detect BSD-style (rc.d) init in Linux systems
- Detection of Bro and Suricata (IDS)

### Changed
- Corrected end-of-life entries for CentOS 5 and 6
- AUTH-9204 - change name to check in /etc/passwd file for QNAP devices
- AUTH-9268 - AIX enhancement to use correct find statement
- FILE-6310 - Filter on correct field for AIX
- NETW-3012 - set ss command as preferred option for Linux and changed output format
- List of PHP ini file locations has been extended
- Removed several pieces of the code as part of cleanup and code health
- Extended help

Version 2.7.4 (2019-04-21)

## Lynis 2.7.4 (2019-04-21)

This is a bigger release than usual, including several new tests created by
Capashenn (GitHub). It is a coincidence that it is released exactly one month
after the previous version and on Easter. No easter eggs, only improvements!

### Added
- FILE-6324 - Discover XFS mount points
- INSE-8000 - Installed inetd package
- INSE-8100 - Installed xinetd package
- INSE-8102 - Status of xinet daemon
- INSE-8104 - xinetd configuration file
- INSE-8106 - xinetd configuration for inactive daemon
- INSE-8200 - Usage of TCP wrappers
- INSE-8300 - Presence of rsh client
- INSE-8302 - Presence of rsh server
- Detect equery binary detection
- New 'generate' command

### Changed
- AUTH-9278 - Test LDAP in all PAM components on Red Hat and other systems
- PKGS-7410 - Add support for DPKG-based systems to gather installed kernel packages
- PKGS-7420 - Detect toolkit to automatically download and apply upgrades
- PKGS-7328 - Added global Zypper option --non-interactive
- PKGS-7330 - Added global Zypper option --non-interactive
- PKGS-7386 - Only show warning when vulnerable packages were discovered
- PKGS-7392 - Skip test for Zypper-based systems
- Minor changes to improve text output, test descriptions, and logging
- Changed CentOS identifiers in end-of-life database
- AIX enhancement for IsRunning function
- Extended PackageIsInstalled function
- Improve text output on AIX systems
- Corrected lsvg binary detection

Version 2.7.3 (2019-03-21)

## Lynis 2.7.3 (2019-03-21)

### Added
- Detection for Lynis being scheduled (e.g. cronjob)

### Changed
- HTTP-6624 - Improved logging for test
- KRNL-5820 - Changed color for default fs.suid_dumpable value
- LOGG-2154 - Adjusted test to search in configuration file correctly
- NETW-3015 - Added support for ip binary
- SQD-3610 - Description of test changed
- SQD-3613 - Corrected description in code
- SSH-7408 - Increased values for MaxAuthRetries
- Improvements to allow tailored tool tips in future
- Corrected detection of blkid binary
- Minor textual changes and cleanups

Version 2.7.2 (2019-03-07)

## Lynis 2.7.2 (2019-03-07)

### Added
- AUTH-9409 - Support for doas (OpenBSD)
- AUTH-9410 - Test file permissions of doas configuration
- BOOT-5117 - Support for systemd-boot boot loader added
- BOOT-5177 - Simplify service filter and allow multiple dots in service names
- BOOT-5262 - Check OpenBSD boot daemons
- BOOT-5263 - Test permissions for boot files and scripts
- Support for end-of-life detection of the operating system
- New 'lynis show eol' command
- Korean translation

### Changed
- AUTH-9252 - Adds support for files in sudoers.d
- AUTH-9252 - Test extended to check file and directory ownership
- BOOT-5122 - Use NONE instead of WARNING if no password is set
- FIRE-4540 - Modify test to better measure rules
- KRNL-5788 - Resolve false positive warning on missing /vmlinuz
- NETW-2704 - Ignore inline comments in /etc/resolv.conf
- PKGS-7388 - Improve detection for security archive
- RPi/Raspian path to PAM_FILE_LOCATIONS

Version 2.7.1 (2019-01-31)

## Lynis 2.7.1 (2019-01-30)

### Added
- Support for macOS Mojave
- Translation: Slovak

### Changed
- AUTH-9282 - Improve support for Red Hat and clones
- FIRE-4534 - Additional support for Hands Off!, LuLu, and Radio Silence
- LOGG-2190 - Added MariaDB filter for deleted files (tested on CentOS)
- SHLL-6230 - Add /etc/bash.bashrc.local to umask check
- Removed shift statement that did not work on all operating systems
- Minor cleanups and enhancements
- Small improvements to logging

Version 2.7.0 (2018-10-26)

## Lynis 2.7.0 (2018-10-26)

### Added
- MACF-6240 - Detection of TOMOYO binary
- MACF-6242 - Status of TOMOYO framework
- SSH-7406 - OpenSSH server version detection
- TOOL-5160 - Check active OSSEC analysis daemon

### Changed
- Changed several warning labels on screen
- AUTH-9308 - More generic sulogin for systemd rescue.service
- OS detection now ignores quotes for getting the OS ID.

Version 2.6.9 (2018-09-19)

## Lynis 2.6.9 (2018-09-19)

### Changed
- Man page has been updated
- Command 'lynis show options' provides up-to-date list
- Option '--dump-options' is deprecated
- Several options and commands have been extended with more examples
- OS detection now supports openSUSE specific distribution names
- Changed command output when using 'lynis audit system remote'
- DBS-1882 - added /usr/local/redis/etc path and QNAP support
- PKGS-7322 - updated solution text
- KRNL-5788 - ignore exception when no vmlinuz file was discovered
- TIME-3104 - extended logging for test

Version 2.6.8 (2018-08-23)

## Lynis 2.6.8 (2018-08-23)

### Changed
- BOOT-5104 - improved parsing of boot parameters to init process
- PHP-2372 - test all PHP files for expose_php and improved logging
- Alpine Linux detection for Docker audit
- Docker check now tests also for CMD, ENTRYPOINT, and USER configuration
- Improved display in Docker output for showing which keys are used for signing

Version 2.6.7 (2018-08-09)

## Lynis 2.6.7 (2018-08-09)

### Changed
- BOOT-5104 - Added busybox as a service manager
- KRNL-5677 - Limit PAE and no-execute test to AMD64 hardware only
- LOGG-2190 - Ignore /dev/zero and /dev/[aio] as deleted files
- SSH-7408 - Changed classification of SSH root login with keys
- Docker scan uses new format for maintainer value
- New URL structure on CISOfy website implemented for Lynis controls

Version 2.6.6 (2018-07-06)

## Lynis 2.6.6 (2018-07-06)

### Improvements
* New format of changelog (
* KRNL-5830 - improved log text about running kernel version

### Fixed
* Under some condition no hostid2 value was reported
* Solved 'extra operand' issue with tr command

Version 2.6.5 (2018-06-26)

Lynis 2.6.5 (2018-06-26)


* [MAIL-8804] - Exim configuration test
* [NETW-2704] - Use FQDN to test status of a nameserver instead of own IP address
* [SSH-7402] - Improved test to allow configurations with a Match block

Version 2.6.4 (2018-05-02)

Lynis 2.6.4 (2018-05-02)

* Several contributions merged, including grammar improvements
* Initial support for Ubuntu 18.04 LTS
* Small enhancements for usage

* [AUTH-9308] - Made 'sulogin' more generic for systemd rescue shell
* [DNS-1600] - Initial work on DNSSEC validation testing
* [NETW-2704] - Added support for local resolver
* [PHP-2379] - Suhosin test disbled
* [SSH-7408] - Removed 'DELAYED' from OpenSSH Compression setting
* [TIME-3160] - Improvements to detect step-tickers file and entries

Version 2.6.3 (2018-03-07)

Lynis 2.6.3 (2018-03-07)

* Change in routine for host identifiers

* [CRYP-7902] - Do prevalidation for certificates before testing them
* [HRDN-7222] - Enhanced compiler permission test
* [NAME-4402] - Improved test to filter out empty lines
* [PKGS-7384] - Changes to detect yum-utils package and related tooling

* [PLGN-2680] - cron file permissions

Version 2.6.2 (2018-02-13)

Lynis 2.6.2 (2018-02-13)

* Bugfix for Arch Linux (binary detection)
* Textual changes for several tests
* Update of tests database

Version 2.6.1 (2018-01-26)

Lynis 2.6.1 (2018-01-26)

* Tests can have more than 1 required OS (e.g. Linux OR NetBSD)
* Added 'system-groups' option to profile (Enterprise users)
* Overhaul of default profile and migrate to new style (setting=value)
* Show warning if old profile options are used
* Improved detection of binaries
* New group 'usb' for tests related to USB devices

* [FILE-6363] - New test for /var/tmp (sticky bit)
* [MAIL-8802] - Added exim4 process name to improve detection of Exim
* [NETW-3030] - Changed name of dhcp client name process and added udhcpc
* [SSH-7408] - Restored UsePrivilegeSeparation
* [TIME-3170] - Added chrony configuration file for NetBSD

Version 2.6.0 (2018-01-18)

Lynis 2.6.0 (2018-01-18)

* Binary paths are now sorted
* Greek language added
* systemd detection improved
* VirtualBox detection extended
* Several code enhancements

* [PHP-2379] - Small enhancement to resolve error on screen in some cases
* [MALW-3280] - Improved detection for BitDefender tooling

Version 2.5.9 (2018-01-12)

* Don't show upgrade notice when being quiet/silent
* Added --noplugins as an alias to skip execution of plugins
* Use PATH variable for path detection, with predefined list as a backup

* [KRNL-6000] Multiple values are now allowed per sysctl key
* [KRNL-6000] Individual tests can be skipped (skip-test=KRNL-6000:<sysctl-key>)
* [KRNL-6000] Solution text has been added

Version 2.5.8 (2017-12-28)

* Check for empty files improved on several locations
* New allow-auto-purge setting in profile for short-lived systems
* Additional checks for log and report file
* Changes to support time synchronization in old and newer systemd releases
* Enhanced output for systems other than Linux

* New class (hardware) added and enabled in default profile

Version 2.5.7 (2017-10-29)

Lynis 2.5.7 (2017-10-29)

* Update of Portuguese translation
* Added --silent as alias for --quiet
* Reduced screen output when running non-privileged
* IsRunning function now allows full name process match

Version 2.5.6 (2017-10-27)

Lynis 2.5.6 (2017-10-27)

* Added additional keywords for banners
* DirectAdmin extensions
* Enhancements to process detection
* Spanish translation extended
* Extended HP-UX support
* Only show relevant messages in report

* [NETW-2705] - Allow local resolvers to bypass requirement for 2+ name servers
* [SSH-7408] - Define default 'delayed' compression as a sane value for SSH tests
* [SHLL-6220] - Improved detection of shell settings

Version 2.5.5 (2017-09-07)

Minor update to solve screen output issue in 2.5.4.

Version 2.5.4 (2017-09-05)

Lynis 2.5.4 (2017-09-05)

* Improve systemd detection
* Detect Linux Mint version
* Older versions of Mac OS X are detected as well
* Norwegian translation added
* PAM plugin extended

* CRYP-7902 - certificate validation changed
* FIRE-4508 - Improved screen output
* PKGS-7380 - NetBSD vulnerability detection adjusted
* TOOL-5002 - Improved detection of Ansible directories and files

Version 2.5.3 (2017-08-17)

Lynis 2.5.3 (2017-08-17)

* DirectAdmin location added
* Small adjustments to text
* Enhanced detection for LXC and LXC
* Added /opt/apache as a target location
* Default log directory set for HP-UX
* Screen output improvements

* CRYP-7902 - Prevent test from showing error on screen
* FILE-6310 - Detection of mount point now match exact name
* HRDN-7230 - Show single line when no malware scanner was detected
* NETW-3006 - Updated detection of MAC addresses on Linux
* PKGS-2379 - Improvement for OpenBSD usage of PHP suhosin
* TOOL-5002 - Detection capabilities for Ansible added

Version 2.5.2 (2017-07-10)

Lynis 2.5.2 (2017-07-10)

- Support for PHP on CloudLinux
- Check for presence of locale binary
- Suhosin detection improvements
- Generic code improvements
- Changed 'lynis audit system remote' routine
- Support for macOS High Sierra
- French translation updated

Lynis Enterprise:
- Allow 'tags' and 'system-customer-name' to be specified via Lynis client

* CONT-8102 - Check for dockerd instead of docker -d
* FIRE-4594 - Check for presence Advanced Policy Firewall (APF)
* PKGS-2379 - New test for PHP suhosin extension status
* PKGS-7370 - Only use debsums on Debian
* KRNL-6000 - Added kernel.dmesg_restrict testing

Version 2.5.1 (2017-05-31)

Lynis 2.5.1 (2017-05-31)

- Hebrew translation by Dolev Farhi
- Improved detection of SSL certificate files
- Minor changes to improve logging and results

* BOOT-5104 - Added support for macOS
* FIRE-4524 - Determine if CSF is in testing mode
* HTTP-6716 - Improved log message

Version 2.5.0 (2017-05-03)

During the development of this release, the project got informed about a flaw
that possibly could be abused by a local attacker. Even with the small risk of
success, upgrading is highly recommended. See details on

This release is a special maintenance release with focus on cleaning up the code
for readability and future expansion.

* Use ROOTDIR variable instead of fixed paths
* Introduction of IsEmpty and HasData functions for readability of code
* Renamed some variables to better indicate their purpose (counting, data type)
* Removal of unused code and comments
* Deleted unused tests from database file
* Correct levels of identation
* Support for older mac OS X versions (Lion and Mountain Lion)
* Initialized variables for more binaries
* Additional sysctls are tested

* MALW-3280 - Extended test with Symantec components
* PKGS-7332 - Detection of macOS ports tool and installed packages
* TOOL-5120 - Snort detection
* TOOL-5122 - Snort configuration file

Version 2.4.8 (2017-03-29)

Lynis 2.4.8 (2017-03-29)

* More PHP paths added
* Minor changes to text
* Show atomic test in report

* MAIL-8820 - New Postfix configuration check
* TOOL-5002 - Extended Puppet detection

Version 2.4.7 (2017-03-22)

Lynis 2.4.7 (2017-03-22)

* Minor code cleanups

* BANN-7126 - Added more words to test for
* CUPS-2308 - Improve logging for CUPS configuration test, removed exception handler
* HTTP-6641 - Support detection for Apache module mod_reqtimeout
* PKGS-7388 - Minor change to detect security repositories

Version 2.4.6 (2017-03-15)

Lynis 2.4.6 (2017-03-15)

* Added FileInstalledByPackage function (dpkg and rpm supported)
* Mark Arch Linux version as rolling release (instead of unknown)
* Support for Manjaro Linux
* Escape files when testing if they are readable
* Code cleanups

* CRYP-7902 - Test more certificates names, but only if they are not part of a package
* FILE-7524 - Reduce standard screen output for file permissions check
* MALW-3280 - Added Avira detection as a malware scanner
* NAME-4018 - Only perform name services test when resolv.conf file exists
* PKGS-7387 - Check all repositories if they use GPG signing
* SCHD-7704 - Permission checks
* TIME-3104 - Check permissions before open files

Version 2.4.5 (2017-03-09)

Lynis 2.4.5 (2017-03-09)

* Allow host alias to be specified in profile
* Code readability enhancements
* Solaris support has been improved

* AUTH-9328 - Add missing 0027 and 0077 umasks
* BOOT-5104 - Add initsplash and minor code enhancements
* DBS-1882 - Include Redis configuration file
* FIRE-4502 - Improved detection for iptables modules when using OpenVZ
* PKGS-7381 - Enhanced package audit for FreeBSD

Version 2.4.4 (2017-03-01)

Lynis 2.4.4 (2017-03-01)

* Fix for upload function to be used from profile
* Reduce screen output for mail section, unless --verbose is used
* Code cleanups and removed 'update release' command

* AUTH-9308 - Improved test for sulogin string (Debian systems)
* FILE-6372 - Properly deal with comment on lines in /etc/fstab
* MAIL-8817 - New test to check Postfix configuration for errors
* SSH-7408 - Corrected SSH check

Version 2.4.3 (2017-02-22)

Lynis 2.4.3 (2017-02-22)

* Colored output can now be tuned with profile (colors=yes/no)
* Allow data upload to be set as a profile option

* AUTH-9308 - Improved test for sulogin string
* MAIL-8818 - Test if Linux version is known before comparing in Postfix banner
* TIME-3116 - Skip stratum 16 items for time pools
* TIME-3148 - New test to detect TZ variable

Version 2.4.2 (2017-02-15)

Lynis 2.4.2 (2017-02-15)

* Properly detect SSH daemon version

* AUTH-9208 - Removed double logging
* AUTH-9222 - Improve logging for double groups
* AUTH-9226 - Improve logging for double groups
* BOOT-5177 - Sort systemctl unit files to make them unique
* DBS-1818 - New test to detect MongoDB
* DBS-1820 - New test for MongoDB authentication
* FIRE-4512 - Lowered minimum number of iptables firewall rules
* FIRE-4586 - Fix applied when searching for "-j LOG"
* HRDN-7222 - Changed reporting key of world executable compilers
* SSH-7408 - Added filtering for PermitRootLogin (prohibit-password, OpenSSH 7.0)

Version 2.4.1 (2017-02-09)

Lynis 2.4.1 (2017-02-09)

* Generic code improvements
* Improved the update check and display
* Finish, Portuguese, and Turkish translation
* Extended support and tests for DragonFlyBSD
* Option to configure hostid and hostid2 in profile
* Support for Trend Micro and Cylance (macOS)
* Remove comments at end of nginx configuration
* Used machine ID to create host ID when no SSH keys are available
* Added detection of iptables-save to binaries

* FIRE-4586 - Check logging for firewall components
* KRNL-5788 - Remove exception and style improvements
* KRNL-5830 - Improved logging

Version 2.4.0 (2016-10-27)

Lynis 2.4.0 (2016-10-27)

Exactly one month after previous release, the Lynis project is proud to announce
a new release. This release had the specific focus to improve support for macOS
users. Thanks to testers and contributors to make this possible.

* New group "system integrity" added
* Support for clamconf utility
* Chinese translation (language=cn)
* New command "upload-only" to upload just the data instead of a full audit
* Enhanced support for macOS, including HostID2 generation for macOS
* Support for CoreOS
* Detection for pkg binary (FreeBSD)
* New command: lynis show hostids (show host ID)
* New command: lynis show environment (hardware, VM, or container type)
* New command: lynis show os (show operating system details)

* Several new sysctl values have been added to the default profile
* Existing tests have been enhanced to support macOS

* AUTH-9234 - Support for macOS user gathering
* BOOT-5139 - Support for machine roles in LILO test
* BOOT-5202 - Improve uptime detection for macOS and others
* FIRE-4518 - Improve pf detection and mark as root-only test
* FIRE-4530 - Don't show error on screen for missing IPFW sysctl key
* FIRE-4534 - Check Little Snitch on macOS
* INSE-8050 - Test for insecure services on macOS
* MACF-6208 - Allow non-privileged execution and filter permission issues
* MALW-3280 - Detection for Avast and Bitdefender daemon on macOS
* NETW-3004 - Support for macOS
* PKGS-7381 - Improve test for pkg audit on FreeBSD
* TIME-3104 - Chrony support extended

Plugins (community and commercial):
* PLGN-1430 - Gather installed software packages for macOS
* PLGN-4602 - Support for Clam definition check on macOS

Version 2.3.4 (2016-09-27)

* Lynis 2.3.4 (2016-09-27) *

* Skip update message when using the 'show' helper
* Instead of opening the log file, you can now use 'lynis show details' followed
by the test ID. It will show the relevant section.
* Several tests have extended log details
* Many style improvements as part of ongoing refactoring of the code
* Detection of nftables improved
* Replaced cut, sed, tr and others commands with binary variable (for forensics
and future intrusion checking capabilities)
* Swedish translation provided by Peter Carlsson
* Support for arch-audit to scan for presence of vulnerable packages on Arch Linux
* OS detection improved

* CONT-8107 - New test checking number of Docker containers
* CRYP-7902 - Gather more details regarding certificates
* DBS-1816 - Define skip reason
* FILE-6344 - Adjusted /proc test for hidepid option
* FILE-6362 - Removed warning and add skip reason
* FIRE-4520 - Change test to use detected binary
* FIRE-4520 - New test to check for empty nftables ruleset
* KRNL-5820 - Corrected function and style improvements
* LOGG-2146 - Textual change
* NAME-4408 - Check localhost to IP mapping
* PKGS-7320 - Test for arch-audit tool
* PKGS-7322 - Check vulnerable packages on Arch Linux
* PKGS-7381 - Extended vulnerable package detection for FreeBSD
* TIME-3104 - timedatectl test now detects NTP synchronization properly

Version 2.3.3 (2016-08-23)

Upgrade note
Customized profiles that included sysctl settings need to be altered. See default.prf for the correct format of the lines.

OpenStack detection
Option to disable automatic refresh of software repository
Japanese translation added, contributed by Yukio Takahara
Some tests did not show a warning text
Typo in man page for tests-from-group
New --bin-dirs to define binary directories to scan
New option --root-dir to specify a different file system to scan
Rewrite of nginx configuration parsing
Support for PHP 5.6
Redis test to detect configuration files
Test Redis configuration for several best practices
Perform permission check on Redis configuration files

Experimental features (in development)
--bin-dirs - set what directories should be scanned for binaries
--root-dir - define the root of the file system, to allow forensics

Many settings have a new alias (with dashes instead underscores)
New setting 'show-report-solution' to show solution in report

ExitFatal can now exit program with optional text
IsNotebook can detect if system is a notebook (or not)
ShowSymlinkPath and FileIsReadable test for at least one argument
StoreNginxSettings will save parsed nginx configuration

BOOT-5108 - Support for Syslinux bootloader
DBS-1882 - Redis configuration detection
DBS-1884 - Redis 'requirepass' check
DBS-1886 - Redis 'rename-command CONFIG' check
DBS-1888 - Redis 'bind localhost' check
FILE-6374 - Improved logging
KRNL-5830 - Improved logging for detected Linux kernels
KRNL-6000 - Support for multiple profiles and new format style
LOGG-2190 - Ignore MySQL files in /tmp from early MySQL 5.x releases
LOGG-2192 - New test to check opened log files that are empty

Lynis Enterprise integration
Tag 'redis-server' is added for systems running Redis

Version 2.3.2 (2016-08-09)

The full changelog can be found on GitHub:

Version 2.3.1 (2016-07-14)

Minor bugfixes for 2.3.0 release.

Version 2.3.0 (2016-07-13)

This is a major release. See the changelog file in the tarball, or via GitHub:

Version 2.2.0 (2016-03-18)

= Lynis 2.2.0 (2016-03-18) =

We are proud to present this new release of Lynis. It is a major upgrade, and the
result of many months of work. This version includes new features and tests, and
many small enhancements. We encourage all to test and upgrade to this latest

* Highlights
The biggest change in this release is the optimization of several functions. It
allows for better detection, and dealing with the quirks, of every single
operating system. Some functions were fortified to handle unexcepted results
better, like missing a particular binary, or not returning the hostname.

This release also enables tests to be shorter, by adding new functions. Some
functions were renamed or slightly changed, to provide more value to the tooling.
Another big change in this release is a wide set of optimizations and quality
testing. Outdated pieces were removed, or rewritten, to support features seen in
newer distributions.

In the area of compliance, adjustments have been made to start supporting more
in-depth testing for this. Ideal for companies who have a particular compliance
need, or want to test and enforce the system hardening levels of their systems.

Last but not least, many small changes make this software easier to use. On
our website we added new guides to provide help and support.

We like to thank our contributors, in particular Kamil BoratyƄski, Steve Bosek,
and Eric Light. Their contributions helped us greatly shaping this release.

Version 2.1.1 (2015-07-22)

= Lynis 2.1.1 (2015-07-22) =

This release adds a lot of improvements, with focus on performance, and
additional support for common Linux distributions and external utilities.
We recommend to use this latest version.

* Operating system enhancements
Support for systems like CentOS, openSUSE, Slackware is improved.

* Performance
Performance tuning has been applied, to speed up execution of the audit on
systems with many files. This also includes code cleanups.

* Automatic updates
Initial work on an automatic updater has been implemented. This way Lynis
can be scheduled for automatic updating from a trusted source.

* Internal functions
Not all systems have readlink, or the -f option of readlink. The
ShowSymlinkPath function has been extended with a Python based check, which
is often available.

* Software support
Apache module directory /usr/lib64/apache has been added, which is used on

Support for Chef has been added.

Added tests for CSF's lfd utility for integrity monitoring on directories and
files. Related tests are FINT-4334 and FINT-4336.

Added support for Chrony time daemon and timesync daemon. Additionally NTP
sychronization status is checked when it is enabled.

Improved single user mode protection on the rescue.service file.

* Other
Check for user permissions has been extended.
Python binary is now detected, to help with symlink detection.
Several new legal terms have been added, which are used for usage in banners.
In several files old tests have been removed, to further clean up the code.

* Bug fixes
Nginx test showed error when access_log had multiple parameters.
Tests using locate won't be performed if not present.
Fix false positive match on Squid unsafe ports [SQD-3624].
The hardening index is now also inserted into the report if it is not displayed
on screen.

And more!

Version 2.1.0 (2015-04-17)

= Lynis 2.1.0 (2015-04-16) =

Screen output has been improved to provide additional information.

OS support:
CUPS detection on Mac OS has been improved. AIX systems will now use csum
utility to create host ID. Group check have been altered on AIX, to include
the -n ALL. Core dump check on Linux is extended to check for actual values
as well.

McAfee detection has been extended by detecting a running cma binary.
Improved detection of pf firewall on BSD and Mac OS. Security patch checking
with zypper extended.

Session timeout:
Tests to determine shell time out setting have been extended to account for
AIX, HP-UX and other platforms. It will now determine also if variable is
exported as a readonly variable. Related compliance section PCI DSS 8.1.8
has been extended.

- New document: Getting started with Lynis

Plugins (Enterprise):
- Update to file integrity plugin
Changes to PLGN-2606 (capabilities check)

- New configuration plugins:
PLGN-4802 (SSH settings)
PLGN-4804 (login.defs)

Download link:

Version 2.0.0 (2015-02-25)

= Lynis 2.0.0 (2015-02-25) =

The first release within the 2.x branch! It includes several new features, to
simplify or improve auditing on Unix based systems, including BSD, Linux,
Mac OS and more traditional systems like AIX, HPUX and Solaris.

New features and many improvements are the reason for the bump to a major
release, also a beginning of a new era. Many tools to audit or harden systems
have being released, yet none have been maintained over a long period of time.

* Support and Feedback

This software is supported and under development by CISOfy. By providing a
dual license, this software is kept up-to-date and enhanced. Both customers
and the community, benefit from this licensing. This release is available
thanks to your input and feedback.

* Helpers

New in this release is the support for helpers. Small utilities which enhance
Lynis by providing a single goal. The first helper available is to audit
Docker build files.

* Improved OS support

Many changes have been implemented to better support Linux, FreeBSD, NetBSD
DragonBSD and OpenBSD in particular. Upcoming releases will include smaller
"improvement rounds" for other systems as well.

* New technologies

More utilities and technologies are supported now. Technologies and tools
like systemd, Docker, nftables.

* Lynis Enterprise

As this code is shared, customers have an additional option to define to
what server they want to upload the audit results. Also, commercial plugins
have been bundled.

* New parameters

Several new options have been added:
--dump-options (see all options)
--report-file (define a different location for the report file)

* General

Documentation on the website has been extended:
The man page, Lynis binary and several tests have improved texts.

Version 1.6.4 (2014-11-04)

- Boot loader detection for AIX [BOOT-5102]
- Detection of getcap and lsvg binary
- Added filesystem_ext to report
- Detect rootsh

- Hide errors when RPM database is faulty and show suggestion instead [PKGS-7308]
- Allow OpenBSD to gather information on listening network ports [NETW-3012]
- Don't trigger warning for Shellshock when doing segfault test [SHLL-6290]
- Do not run Apache test on OpenBSD and strip control chars [HTTP-6624]
- Extended AIDE test with configuration validation test [FIND-4314]
- Improved Shellshock test regarding non-Linux support [SHLL-6290]
- Added support for gathering volume groups on AIX [FILE-6311]
- Properly parse PAM lines and add them to report [AUTH-9264]
- Support for boot loader detection on OpenBSD [BOOT-5159]
- Added uptime detection for OpenBSD systems [BOOT-5202]
- Support for volume groups on AIX [FILE-6312]
- Redirect errors when searching for readlink binary

Version 1.6.3 (2014-10-14)

- Added tests for Shellshock bash vulnerability [SHLL-6290]
- Added test to determine if Snoopy is used [ACCT-9636]
- New test for qdaemon configuration file [PRNT-2416]
- Test for GRUB boot loader password [BOOT-5122]
- New test for qdaemon printer jobs [PRNT-2420]
- Added ClamXav test for Mac OS X [MALW-3288]
- Gentoo vulnerable packages test [PKGS-7393]
- New test for qdaemon status [PRNT-2418]
- Gentoo package listing [PKGS-7304]
- Running Lynis without root permissions will start non-privileged scan
- Systemd service and timer example file added
- Added grub2-install to binaries

- Adjustments so insecure SSL protocols are detected in nginx config [HTTP-6710]
- Directories will be skipped when searching for nginx log files [HTTP-6720]
- Only gather unique name servers from /etc/resolv.conf [NAME-2704]
- Properly detect mod_evasive on Gentoo and others [HTTP-6640]
- Improved swap partition detection in /etc/fstab [FILE-6336]
- Improvements to kernel detection (e.g. Gentoo) [KRNL-5830]
- Test for built-in security options in YUM [PKGS-7386]
- Improved boot loader detection for GRUB2 [BOOT-5121]
- Split GRUB test into two tests [BOOT-5122]
- Added Mac OS uptime check [BOOT-5202]
- Improved GetHostID function for systems having only ip binary
- Improved testing for symlinked binary directories
- Minor adjustments to log output
- Renamed dev directory to extras

Version 1.6.2 (2014-09-23)

* 1.6.2 (2014-09-22)

- IsVirtualMachine function to check if system is running in VM

VM types: Bochs CPU emulation, IBM z/VM, KVM, Linux Containers,
libvirt LXC driver (Linux Containers), Microsoft Virtual PC, OpenVZ,
Oracle VM VirtualBox, QEMU, Systemd Namespace container,
User-Mode Linux (UML), VMware products, XEN

- Detection for SaltStack configuration management tooling
- ShowSymlinkPath function to check path behind a symlink
- Check of configuration options of pacman [PKGS-7314]
- Support for drill binary to check for Lynis update
- FileIsEmpty function to check for empty files
- Detect updates for Arch Linux [PKGS-7312]
- Add detection for machine ID (systemd)
- Added linux_config_file to report
- Bash completion script for Lynis
- Added detection of ss binary

- Extended system reboot check, to enable it for most Linux versions[KRNL-5830]
- Improved inetd test to avoid false positive with xinetd process [INSE-8002]
- Permissions check has been adjusted to allow packaging and pentest mode
- Added detection for compressed Linux config file [KRNL-5728]
- Added support for compressed Linux config file [KRNL-5730]
- Store PID file in home directory of the user, if needed
- Added usage of ss to gather listening ports [NETW-3012]
- Additional permission added to CUPS check [PRNT-2307]
- Extended telnet in inetd test [INSE-8016]
- Fix for reading at.deny file [SCHD-7720]
- Removed individual warnings [BOOT-5184]
- Several improvements for Arch Linux

Version 1.6.1 (2014-09-09)

- Added --pentest parameter to run a non-privileged scans (e.g. for pentesting)
- Show skipped tests in report if they require root and scan is non-privileged

- Improved vulnerable packages test on Debian based systems (apt-check) [PKGS-7392]
- Don't show warnings for 'swap' in 4th column fstab file [FILE-6336]
- Remove warning for old files in /tmp [FILE-6354]
- CheckUpdates function will have better output when no connection is available
- Changes to parameters and functions, to allow penetration tests with Lynis
- Test for actual files in /etc/modprobe.d before grepping in it
- Improved chown command when file permissions are incorrect
- Changed output of update test, show when status is unknown
- No scanning of symlinked directories (binaries test)
- Extended SafePerms function to also check for UID
- Several tests will have root-only bit set now
- Improved netstat tests on Arch Linux

Version 1.6.0 (2014-08-27)

- Added several new plugins to default profile
- HostID detection for AIX

- Improvements for log file
- GetHostID function improved
- Improved detection of security repository for Debian based systems [PKGS-7388]
- Set default values for update check, to avoid error message on screen
- Cleanup for mail section, adding IMAP and POP3 protocols

Version 1.5.9 (2014-07-31)

- New NetBSD test for vulnerable software packages [PKGS-7380]
- Test if Debian based systems need a reboot [KRNL-5830]
- Test for running Sendmail daemon [MAIL-8880]
- Test for availability of mtree [FINT-4330]
- Check for lp daemon (printing) [PRNT-2314]
- Added Qmail status detection [MAIL-8860]
- New NetBSD boot loader test [BOOT-5126]
- Added test for automation tools like Cfengine and Puppet [TOOL-5002]
- Added KRNL-5830 control to website
- Added detection for Puppet
- Added tooling category

- Security repository test extended with /etc/apt/sources.list.d [PKGS-7388]
- Added exception case for CUPS configuration (listen statement) [PRNT-2308]
- Improved detection of TMOUT setting in shell profile file [SHLL-6220]
- Perform promiscuous interfaces test for NetBSD as well [NETW-3014]
- Perform swap partition parameters test on all systems [FILE-6336]
- Also check password file on DragonFlyBSD and NetBSD [AUTH-9208]
- Show message regarding toor user for all systems [AUTH-9204]
- Check for available interfaces on NetBSD as well [NETW-3004]
- Extended UFS file system test with FFS support [FILE-6329]
- Improvements for step-tickers file test [TIME-3160]
- Perform sockstat test for NetBSD [NETW-3012]
- Gather IP addresses for NetBSD [NETW-3008]
- Test MAC addresses on NetBSD [NETW-3006]
- Added /usr/X11R7/bin directory to search for binaries
- Improved full qualified domain name (FQDN) check for Linux
- Don't show follow-up hints when there are no warnings or suggestions
- Improved IsRunning function to better target processes
- Several smaller adjustments in text and descriptions
- Extended ReportException function with logging text
- Improved GetHostID function for NetBSD and Solaris
- Added printing_daemon and mail_daemon to report
- Binaries extended with tools like kstat, puppet

Version 1.5.8 (2014-07-24)

- Testing for commercial anti-virus solutions like McAfee and Sophos [MALW-3280]
- New control text for MALW-3280 -

- Extended GRUB test with encrypted password (SHA1) [BOOT-5121]
- Check /etc/profile for multiple umask values [AUTH-9328]
- Extended PHP disabled functions test [PHP-2320]
- Add gpgcheck parameter to YUM test [PKGS-7387]
- Squid configuration file permissions test adjusted and control added to website [SQD-3613]
- Logging has been extended and exceptional event text adjusted

Version 1.5.7 (2014-07-09)

- Implementation of SafePerms function
- Added notification when exceptions are found

- Fix for error_log handling in nginx

Version 1.5.6 (2014-06-12)

- Test for PHP binary and PHP version
- Don't perform register_global test for systems running PHP 5.4.0 and later [PHP-2368]
- Debug function (can be activated via --debug or profile)

- Extended IsRunning function
- Removed suggestion from secure shell test [SHLL-6202]
- Check for idle session handlers [SHLL-6220]
- Also check for apache2 binary (file instead of directory)
- New report values: session_timeout_enabled and session_timeout_method
- New report value for plugins: plugins_enabled
- Fixed test to determine active TCP sessions on Linux [NETW-3012]

Version 1.5.5 (2014-06-08)

- Check for nginx access logging [HTTP-6712]
- Check for missing error logs in nginx [HTTP-6714]
- Check for debug mode in nginx [HTTP-6716]

- Extended SSL test for nginx when using listen statements
- Allow debugging via profile (config:debug:yes)
- Check if discovered httpd file is actually a file
- Improved temporary file creation related to security notice
- Adjustments to screen output

Security Note:
This releases solves two issues regarding the usage of temporary
files (predictability of the file names). You are advised to upgrade
to this version as soon as possible. For more information see the
our blog post:

Version 1.5.4 (2014-06-04)

- Check additional configuration files for nginx [HTTP-6706]
- Analysis of nginx settings [HTTP-6708]
- New test for SSL configuration of nginx [HTTP-6710]

- Altered SMBD version check for Mac OS
- Small adjustments to report for readability

Version 1.5.3 (2014-05-19)

- Support for zypper package manager
- Gather installed packages with Zypper on SuSE systems [PKGS-728]
- Check for vulnerable packages with Zypper package manager [PKGS-7330]

- Check for aide.conf also in /etc [FINT-4315]
- Adjusted screen output for unreliable NTP peers [TIME-3120]
- Adjusted check kernel test for non-Linux systems [KRNL-5730]
- Improved screen output on AIX systems with echo command

Version 1.5.2 (2014-05-05)

- Support for runlevel in binaries test

- Added suggestion for kernel availability check [KRNL-5788]
- Added suggestion for services at startup and proper binary call [BOOT-5180]
- Added suggestion to configure accounting on FreeBSD [ACCT-2754]
- Added suggestion to configure Linux process accounting [ACCT-9622]
- Several new controls listed on website
- Adjusted hardening index if total score was zero
- Added suggestion for auditd.conf file [ACCT-9632]
- Removed suggestion for audit log file [ACCT-9634]
- Removed warning from NTP falsetickers test, added data to report [TIME-3132]
- Removed warning from NTP selected time source test [TIME-3124]

Version 1.5.1 (2014-04-22)

- Extended reporting with running databases and frameworks
- Adjusted Oracle status in test [DBS-1840]
- Extended grsecurity test [RBAC-6272]
- Redirect rpcinfo errors to /dev/null
- Adjusted color scheme

Version 1.5.0 (2014-04-10)

- Support for Amazon Linux
- NTP check for step-tickers file (Red Hat and clones) [TIME-3160]

- Minor textual changes in description of several controls
- Removed several warnings (usage of suggestions instead)
- Website has now more information for several controls
- Extended detection for Oracle Linux
- Updated the FAQ and README files

Version 1.4.9 (2014-04-03)

- Added links in report to related control documentation on website
- Detect Linux I/O kernel scheduler [KRNL-5730]

- Check for non-unique accounts on several platforms [AUTH-9208]
- Set initial discover value for PAM modules to zero [AUTH-9268]

Version 1.4.8 (2014-03-27)

- Adjusted resolv.conf domain setting in report [NAME-4016]
- Extend account test with /var/log/pacct [ACCT-9620]
- Added suggestion to DNS domain name test [NAME-4028]
- Changed text strings of ZFS test [FILE-6330]
- Extend LILO password test [BOOT-5139]
- Set default value for pf firewall

Version 1.4.7 (2014-03-21)

- New configuration item to set group name
- Search for AIDE configuration file (aide.conf) [FINT-4315]
- Check for usage of SHA256/SHA512 in AIDE configuration [FINT-4316]
- Added grep to list of binaries

- Added suggestion when using NIS or NIS+ [NAME-4302]
- Clean-up of unneeded plugin section
- Small typo fix

Version 1.4.6 (2014-03-14)

- Check for GPG signing in yum.conf [PKGS-7387]
- Check CUPS configuration file permissions [PRNT-2307]

- Screen cleanup

Version 1.4.5 (2014-03-08)

- Support for Chakra Linux
- Support for pacman binary (package manager)
- Query installed packages on systems with pacman [PKGS-7310]

- Avoid logging to screen when falsetickets are found [TIME-3132]
- Skipping FIFO file on Solaris systems when checking for cron jobs [TIME-3104]
- Extended uptime test for Solaris systems [BOOT-5202]
- Added /usr/lib/security to PAM locations to scan
- Report cronjobs to report [SCHD-7704]
- HostID support for Solaris
- Improved color scheme
- Extended logging

Version 1.4.4 (2014-03-03)

- Detect tune2fs binary
- Added ExitFatal() function
- Added egrep binary to binaries
- Initial plugin support (phase 1)
- Added InsertPluginSection() function

- Adjusted disabled functions tests to properly find functions [PHP-2320]
- Extended time test with egrep binary replace for Solaris [TIME-3104]
- Adjusted color for SNMP test when warning is found [SNMP-3306]
- Adjusted text for PHP risky functions [PHP-2320]
- Refer to discovered binaries for ifconfig, lsmod, tune2fs
- Test plugin directory when provided by --plugin-dir
- Scan report extended with plugin information
- Extended help for Enterprise options
- Improved IsRunning() function
- Extended color scheme

Version 1.4.3 (2014-02-23)

- Support for ClearOS
- Data upload for Lynis Enterprise users (--upload)
- Added debug variable for troubleshooting purposes
- Scan profile option license_key

- Skip password check for Red Hat or clones [AUTH-9282]
- Extended single user login protection [AUTH-9308]
- Adjusted repolist check for yum based systems [PKGS-7383]
- Inserted sleep time when update is found
- Extended report output

Version 1.4.2 (2014-02-19)

- Ignore interfaces aliases for HostID
- Extended umask tests with pam_umask entries [AUTH-9328]
- Check for supressed version on Squid [SQD-3680]

Version 1.4.1 (2014-02-15)

--plugin-dir parameter

- Added 64 bits locations for Apache modules
- Add start of new category to logfile
- Extended sysstat test with /etc/cron.d/sysstat [ACCT-9626]
- Extended cron job tests with entries start with asterix (*) [SCHD-7704]
- Additional check for multiple umask entries (like RHEL 6.x) [AUTH-9328]
- Adjusted PHP test for register_globals (explicit test) [PHP-2368]
- Small adjustments for upcoming plugin support
- Extended man page

Version 1.4.0 (2014-01-29)

- Removed some warnings, to prevent double messages
- Extended accounting check for Linux [ACCT-9622]
- Added consistency check to time test [TIME-3124]
- Added support for anacron jobs [SCHD-7704]
- Rewrite of YUM repository test [PKGS-7383]
- Use binary variables for hostid creation
- AIX version detection changed
- Added rpcinfo to binaries check
- Ignore LANG global setting
- Improved logging

Version 1.3.9 (2014-01-09)

- Additional support for Mac OS
- Support for shasum binary
- Performance adjustment for lsof tests
- Extended interface check for hostid creation
- Improved NSCD detection [NAME-4032]
- Bug fix for passwdqc [AUTH-9262]
- Extended vulnerable packages test [PKGS-7392]
- Hide possible sysctl errors [KRNL-5820]

Version 1.3.8 (2013-12-25)

- New parameter --view-categories to display available test categories
- Added /etc/hosts check (duplicates) [NAME-4402]
- Added /etc/hosts check (hostname) [NAME-4404]
- Added /etc/hosts check (localhost mapping) [NAME-4406]
- Portmaster test for possible port upgrades [PKGS-7378]
- Check for SPARC improve boot loader (SILO) [BOOT-5142]
- NFS client access test [STRG-1930]
- Check system uptime [BOOT-5202]
- YUM repolist check [PKGS-7383]
- Contributors file added

- Improved locate database check and reporting [FILE-6410]
- Improved PAE/No eXecute test for Linux kernel [KRNL-5677]
- Disabled NIS domain name from test [NAME-4028]
- Extended NIS domain test to check BSD sysctl value [NAME-4306]
- Extended PAM tools check with PAM paths [AUTH-9262]
- Adjusted Apache check to avoid skipping it [HTTP-6622]
- Extended USB state testing [STRG-1840]
- Extended Firewire state testing [STRG-1846]
- Extended core dump test [KRNL-5820]
- Added /lib/i386-linux-gnu/security to PAM directories
- Added /usr/X11R6/bin directory to binary paths
- Improved readability of screen output
- Improved logging for several tests
- Improved Debian version detection
- Added warning to BIND test [NAME-4206]
- Extended binaries with showmount and yum
- Updated man page

Version 1.3.7 (2013-12-10)

- Function FileExists() and SearchItem()

- Adjusted yum-security check [PKGS-7386]
- Improved check for iptables binary check
- Extended report with the tests executed and skipped

Version 1.3.6 (2013-12-03)

- Support for the dntpd time daemon
- New Apache test for modules [HTTP-6632]
- Apache test for mod_evasive [HTTP-6640]
- Apache test for mod_qos [HTTP-6641]
- Apache test for mod_spamhaus [HTTP-6642]
- Apache test for ModSecurity [HTTP-6643]
- Check for installed package audit tool [PKGS-7398]
- Added initial support for new pkgng and related tools [PKGS-7381]
- Check for ssh-keyscan binary
- ZFS support for FreeBSD [FILE-6330]
- Test for passwordless accounts [AUTH-9283]
- Initial OS support for DragonFly BSD
- Initial OS support for TrueOS (FreeBSD based)
- Initial OS support for elementary OS (Luna)
- GetHostID for DragonFly, FreeBSD, NetBSD and OpenBSD
- Check for DHCP client [NETW-3030]
- Initial support for OSSEC (system integrity) [FINT-4328]
- New parameter --log-file to adjust log file location
- New function IsRunning() to check status of processes
- New function RealFilename() to determine file name
- New function CheckItem() for parsing files
- New function ReportManual() and ReportException() to simplify code
- New function DirectoryExists() to check existence of a directory
- Support for dntpd [TIME-3104]

- Extended pf checks for FreeBSD/OpenBSD and others [FIRE-4518]
- Extended test to gather listening network ports for Linux [NETW-3012]
- Adjusted lsof statement to ignore warnings (e.g. fuse) [LOGG-2180] [LOGG-2190]
- Added suggestion for discovered shells on FreeBSD [AUTH-9218]
- Extended core dump test with additional details [KRNL-5820]
- Properly display suggestion if portaudit is not installed [PKGS-7382]
- Ignore message if no packages are installed (pkg_info) [PKGS-7320]
- Also try using apt-check on Debian systems [PKGS-7392]
- Adjusted logging for RPM binary on systems not using it [PKGS-7308]
- Extended search in cron directories for rdate/ntpdate [TIME-3104]
- Adjusted PHP check to find ini files [PHP-2211]
- Skip Apache test for NetBSD [HTTP-6622]
- Skip test http version check for NetBSD [HTTP-6624]
- Additional check to supress sort error [HTTP-6626]
- Improved the way binaries are checked (less disk reads)
- Adjusted ReportWarning() function to skip impact rating
- Improved report on screen by leaving out date/time and type
- Redirect errors while checking for OpenSSL version
- Extended reporting with firewall status and software
- Adjusted naming of some operating systems to make them more consistent
- Extended update check by using host binary if dig is not installed
- Count number of installed binaries/packages and report them
- Report about log rotation tool and status
- Updated man page

Version 1.3.5 (2013-11-19)

- OS detection for Mageia Linux, PCLinuxOS, Sabayon Linux and Scientific Linux
- Added some initial systemd support (e.g. boot services)
- Test to display if any known MAC framework is implemented [MACF-6290]

- Improved support for Slackware Linux (OS and version detection)
- Added systemd support (boot and running services) for Linux systems [BOOT-5177]
- Added systemd support (default runlevel) for Linux systems [KRNL-5622]
- Extended USB storage check in modprobe.d directory [STRG-1840]
- Improved output, reporting and check for kernel update [KRNL-5788]
- Optimized code and output of test to check writable scripts [BOOT-5184]
- Fixed detection for writable scripts [BOOT-5184]
- Improved detection IPv6 addresses for Slackware and others [NETW-3008]
- Minor addition to SSH PermitRootLogin check [SSH-7412]
- Extended cronjob tests, reporting and logging [SCHD-7704]
- Extended umask check in /etc/profile [AUTH-9328]
- Added suggestion about BIND version [NAME-4210]
- Merged test NTP daemon test TIME-3108 into TIME-3104
- Improved support for Arch Linux (output, detection)
- Extended common list of directories with SSL certifcates in profile
- New function GetHostID() to determine an unique identifier of the machine
- Added a tests_custom file template
- Perform file permissions test on tests_custom file
- Improved OS detection and extended logging on several tests
- Several layout improvements
- Extended update check functions and output
- Cleaned up reporting and extended it with exceptions

Version 1.3.4 (2013-11-08)

- OS detection support for Arch Linux
- Support for systemd journal

- Test for files in /etc/modprobe.d directory [STRG-1840]
- Extended log daemon detection with systemd journal [LOGG-2130]
- Adjusted hardening value for compiler GCC [HRDN-7222]
- Extended IsWorldWritable and IsWorldExecutable functions to support symlinks
- Adjusted PHP test for disabled functions [PHP-2320]
- Extended testing for PHP files in other directories [PHP-2211]
- Improved screen output for several tests and extended logging

Version 1.3.3 (2013-10-24)

- Added NTP configuration type to report [TIME-3104]

- Do not warn on empty shells for FreeBSD systems [AUTH-9218]
- Extended checks for presence NTP client or daemon [TIME-3104]
- Extended logging

Version 1.3.2 (2013-10-09)

- Test for PowerDNS authoritive servers (master/slave status) [NAME-4238]

- CUPS test extended with hardening rules [PRNT-2308]
- Added hardening points to sticky bit on /tmp [FILE-6362]
- Extended Ubuntu security packages check [PKGS-7392]
- Improved update check, show when no check is performed
- Added additional check for binaries, so checks on CentOS work correctly
- Added word 'restricted' to banner strings
- Adjusted wording for Debian packages purge [PKGS-7346]
- Corrected listing of purgable packages [PKGS-7346]
- Adjusted yum-plugin-security check due to package changes [PKGS-7386]

Version 1.3.1 (2013-10-02)

- Updated generic references in files
- Fixed detection of several binaries (AFICK/awk)
- Performance tweaks when checking for binaries
- Fixed core dump check and dumpable sysctl [KRNL-5820]
- Force test to always to check for binaries [FILE-7502]
- Changed detection to egrep [DBS-1840]
- Adjusted variable checking for Solaris [HOME-9310]
- Adjusted search in modprobe directory [STRG-1840] [STRG-1846]

Version 1.3.0 (2011-12-25)

- Profile option: ignore_home_dir
- TCP wrappers category added
- Tooling category added
- Initial extensions to support plugins in the future
- Test for unpurged Debian packages [PKGS-7346]
- Test for compiler permissions [HRDN-7222]

- Converted all dates to ISO format and updated copyright lines
- Correct suggestion for file integrity tool [FINT-4350]
- Added hint when RPM list is empty on DPKG based systems [PKGS-7308]
- Changed logging for /etc/security/limits.conf file [KRNL-5820]
- Fixed incorrect warning for single user mode [AUTH-9308]
- Improved output for stratum 16 time servers [TIME-3116]
- Added suggestion and screen output for kernel hardening [KRNL-6000]
- Screen layout optimalizations and log file improvements
- Improved list/layout of scan options
- Improved binary check for compilers
- Added configuration option in scan profile (show_tool_tips, default true)

Version 1.2.9 (2009-12-15)

- Support for Squid3
- Added Squid unsafe ports check [SQD-3624]
- Added Squid configuration file permission check [SQD-3613]
- Added Squid test: reply_body_max_size option [SQD-3630]
- Added /etc/init.d/rc and /etc/init.d/rcS to umask test [AUTH-9328]
- Check PHP option allow_url_include [PHP-2378]

- Extended possible Squid configuration file locations
- Added additional sysctl keys to default profile
- Fixed typo in squid.conf checks
- Improved descriptions, logging and reporting for several tests
- Corrected /etc/security/limits.conf path in test [KRNL-5820]
- Updated man page, limited lines to 80 chars

Version 1.2.8 (2009-12-08)

- Squid support added
- Squid daemon detection [SQD-3602]
- Squid configuration file search [SQD-3604]
- Squid version detection [SQD-3606]
- Check /etc/motd banner [BANN-7122]
- Check /etc/ file [BANN-7128]
- Check contents in /etc/ [BANN-7130]
- Solaris single user mode login check (/etc/default/sulogin) [AUTH-9304]
- HP-UX boot authentication check [AUTH-9306]
- Linux single user mode authentication check [AUTH-9308]
- Solaris account locking policy check [AUTH-9340]

- Added prerequisite to SSH test, so the test is skipped properly [SSH-7440]
- Check for /etc/issue symlink [BANN-7124]
- Added file check for possible harmful shells found [AUTH-9218]
- Add user home directories to report [HOME-9302]
- Extended Linux run level test with support for Debian/Ubuntu [KRNL-5622]
- Added /lib64/security to PAM test [AUTH-9262]
- Extended security repository check [PKGS-7388]
- Iptables check should not check for a module in a Linux config [FIRE-4511]
- Ignore APC ups daemon when scanning for CUPS [PRNT-2304]
- Improved kernel logger daemon check [LOGG-2138]
- Added auditctl to binary check [ACCT-9630]
- Log used auditd ruleset [ACCT-9630]
- Corrected logging of Solaris c2audit module [ACCT-9656]
- Fixed warning function for Solaris passwordless accounts [AUTH-9254]
- Commented kern.randompid in default profile
- For sysctl the parameter -n will be used on Linux systems
- Changed syslog daemon detection and state
- Extended report file

Version 1.2.7 (2009-11-01)

- Added Kernel Hardening section
- Sysctl audit support in scan profile and related test [KRNL-6000]
- SSH option StrictModes test [SSH-7416]
- Password aging limit check [AUTH-9286]
- Ubuntu packages check (apt-show-versions) [PKGS-7394]
- Check for metalog daemon [LOGG-2210]
- USB storage driver state check [STRG-1840]
- Firewire storage driver state check [STRG-1846]
- PostgreSQL process check [DBS-1826]
- Oracle process check [DBS-1840]
- Default umask check [AUTH-9328]
- Check for rsyslog daemon [LOGG-2230]
- RFC 3195 compliant daemon check [LOGG-2240]
- Qmail SMTP daemon check [MAIL-8940]
- Test for separation of /tmp and /home from root file system [FILE-6310]
- SSH AllowUsers and AllowGroups usage check [SSH-7440]
- AIX support, thanks to Michael Smerdka

- Fixed crontabs path [SCHD-7704]
- Extended locate database paths for Linux and FreeBSD [FILE-6410]
- pflog detection fix [FIRE-4518]
- Skip /proc/meminfo for non Linux systems [PROC-3602]
- Extended text with rsyslogd [LOGG-2130]
- Ignore comment and empty lines for group tests [AUTH-9222/9226]
- Show firewall as active when iptables is available in config file [FIRE-4511]
- Variable fix for SNMP daemon configuration file [SNMP-3304]
- Freshclam check fix [MALW-3286]
- Fixed waiting search for NIS domain [NAME-4306]
- Check for a maximum of 1 search statement in /etc/resolv.conf [NAME-4018]
- Apache test improved [HTTP-6622]
- Skip klogd test if rsyslogd is available [LOGG-2138]
- Added additional CUPS location to search paths
- Only execute PAM test for systems with PAM [AUTH-9268]
- Fixed logging of sudoers file location [AUTH-9250]
- Improved FreeBSD support for NTP client check [TIME-3104]
- Redirect warning "Unknown host" when DNS domain name is empty [NAME-4028]
- Redirect warning when host name is empty
- Fixed warning color [AUTH-9226]
- Fixed FreeBSD COPYRIGHT file test [BANN-7113]
- Changed text for sudoers text [AUTH-9250]
- Improved text for DNS search domain [NAME-4016]
- Skip nginx configuration test if nginx is not available [HTTP-6704]
- Removed portsclean suggestion [PKGS-7348]
- Fixed non unique IDs
- Fixed cosmetic issue when using Debian with default dash shell
- Improved hostname detection for HP-UX
- Added additional php.ini file locations
- Moved Linux default shell check to OS detection functions
- Fixed CUPS daemon test [PRNT-2304]
- Also check for uppercase chars in issue file [BANN-7126]

Version 1.2.6 (2009-04-05)

- Sudoers file permissions check [AUTH-9252]
- Core dumps configuration check for Linux [KRNL-5820]
- PHP disabled functions check [PHP-2320]
- PHP enable_dl function check [PHP-2374]
- PHP allow_url_fopen function check [PHP-2376]
- OpenBSD smtpd status check [MAIL-8920]
- /etc/issue check [BANN-7124]
- /etc/issue legal keywords check [BANN-7126]
- Show suggestions in report

- Extended support for Red Hat, CentOS and Fedora
- Extended ACL test to test for default mount options as well [FILE-6368]
- Exim status test fixed [MAIL-8812]
- Corrected yum security check [PKGS-7386]
- Replaced LDAP test AUTH-9238 with [AUTH-9402]
- Removed backquotes when locate database is not available [FILE-6410]
- Added /etc/openldap to search path for OpenLDAP
- Fixed typo in crontab path [SCHD-7704]
- Don't show message "No volume groups found" if LVM isn't used [FILE-6310]
- Corrected Syslog-NG status [LOGG-2132]
- Moved TODO to dev directory

Version 1.2.5 (2009-03-27)

- slapd.conf check [LDAP-2224]
- atd status test [SCHD-7718]
- Check LDAP module in PAM [AUTH-9278]
- Check Dovecot status check [MAIL-8838]
- Check log directories from newsyslog.conf [LOGG-2162]
- Check log directories from static list [LOGG-2170]
- Check log directories from logrotate configuration [LOGG-2150]
- syslog check for remote logging [LOGG-2154]
- Open log files check [LOGG-2180]
- Deleted file check [LOGG-2190]
- Solaris active kernel modules check [KRNL-5770]
- Solaris audit daemon status check [ACCT-9650]
- Solaris audit daemon service status [ACCT-9652]
- Solaris audit daemon BSM check [ACCT-9654]
- Solaris audit logging location check [ACCT-9662]
- Solaris audit statistics check [ACCT-9672]
- Check for installed compiler [HRDN-7202]
- BIND process check [NAME-4202]
- BIND configuration file check [NAME-4204]
- BIND configuration consistency check [NAME-4206]
- BIND version check via DNS [NAME-4210]
- Default domain check (/etc/resolv.conf) [NAME-4016]
- Search domains in /etc/resolv.conf check [NAME-4018]
- Parse /etc/resolv.conf options [NAME-4020]
- Solaris /etc/nodename check [NAME-4026]
- DNS domain checks [NAME-4028]
- NSCD status check [NAME-4032]
- PowerDNS presence check [NAME-4230]
- PowerDNS configuration file check [NAME-4232]
- PowerDNS backend check [NAME-4236]
- ypbind status check [NAME-4302]
- Log specific defined SSH daemon options [SSH-7408]
- SSH protocol version check [SSH-7414]
- NIS domain checks [NAME-4304]
- Check pending at jobs [SCHD-7724]
- LVM volume group scan [FILE-6310]
- LVM volumes check [FILE-6312]
- Locate database check [FILE-6410]
- nginx configuration file check [HTTP-6704]
- Exim status check [MAIL-8802]
- Postfix status check [MAIL-8814]

- atd needs to run before testing at files [SCHD-7720]
- Removed Solaris OS requirement from logrotate test [LOGG-2148]
- Sanitized output from logrotate test [LOGG-2148]
- Skip comment fields in loghost check [LOGG-2152]
- Changed auditd tests to Linux only
- Binary scan optimized and partially combined with other check
- Only perform iptables tests if kernel module is active
- Don't show message when /etc/shells can't be found [SHLL-6211]
- Check /var/spool/cron/crontabs first, if it exists [SCHD-7704]
- Renumbered FreeBSD test SHLL-7225 [SHLL-6202]
- Renumbered malware test MALW-3292 [HRDN-7230]
- Improved grep on process status [PRNT-2304]
- Ignore comment lines for nginx log file check [HTTP-6720]
- Added file check for nginx log files [HTTP-6720]
- Display IP addresses only of NTP tests [TIME-3124]
- Fixed Postfix configuration directory path [MAIL-8816]
- Redirected output of yum package duplicate check [PKGS-7384]
- Ignore comment lines for lilo test [BOOT-5139]
- Fixed incorrect iptables status and correct logging [FIRE-4511]
- Check SNMP configuration only if SNMP daemon runs [SNMP-3304]
- Don't scan PAM directories which are symlinks [AUTH-9268]
- Changed hardening category to hardening_tools
- Adjusted hardening points of several tests
- Log and display improvements for several tests

Version 1.2.4 (2009-03-17)

- NTP daemon process test [TIME-3108]
- NTP association ID's check from peer list [TIME-3112]
- NTP time source candidates test [TIME-3128]
- NTP falseticker check [TIME-3132]
- NTP protocol version check [TIME-3136]
- Stratum 16 ntp peers check [TIME-3116]
- Unreliable ntp peers check [TIME-3120]
- Preferred NTP time source test [TIME-3124]
- auditd presence check [ACCT-9628]
- auditd rules check [ACCT-9630]
- auditd configuration file check [ACCT-9632]
- auditd log file location check [ACCT-9634]
- cupsd status check [PRNT-2304]
- cupsd configuration file check [PRNT-2306]
- cupsd address configuration test [PRNT-2308]
- pam.conf configuration check [AUTH-9264]
- pam.d configuration file scan [AUTH-9266]
- PAM modules check [AUTH-9268]
- rpcinfo query [STRG-1902]
- NFS version number check [STRG-1904]
- NFS protocol and port number check [STRG-1906]
- NFS status check [STRG-1920]
- NFS exports check [STRG-1926]
- NFS empty /etc/exports [STRG-1928]
- SSH PermitRootLogin option check [SSH-7412]
- at.allow and at.deny check [SCHD-7720]
- File integrity tool check [FINT-4350]
- nginx process check [HTTP-6702]
- nginx log file test [HTTP-6720]
- ClamAV clamscan presence test [MALW-3282]
- ClamAV daemon check [MALW-3284]
- ClamAV freshclam check [MALW-3286]
- Check for presence malware scanner [MALW-3292]
- clamscan, ntpq binary check
- NTP daemon role and profile option
- Parameter --tests-category, to scan one or more categories
- Category added (Storage: NFS)
- Added hardening points to tests
- Display hardening index to report

- Extended logrotate test [LOGG-2148]
- Added check for inetd.conf before performing test [INSE-8016]
- Added /var/spool/crontabs to search path [TIME-3104]
- Added log line to sysstat test [ACCT-9626]
- Improved screen output on Solaris
- Checking for both rdate and ntpdate in cron files [TIME-3104]
- Changed yum-security package check [PKGS-7386]
- Change output if dig isn't available [NETW-2705]
- Added IPv6 support and output adjustment [NETW-2704]
- Cosmetic change for host based firewall check [FIRE-4590]
- Corrected output in log file [PKGS-7388]
- Corrected passwd options for Red Hat [AUTH-9282]
- Changed text if everything is ok (no warnings)
- Log improvements

Version 1.2.3 (2009-03-02)

- Added syslog-NG daemon check [LOGG-2132]
- Added klogd status test [LOGG-2138]
- Added check to determine minilogd presence [LOGG-2142]
- Added logrotate configuration test [LOGG-2146]
- Added check for loghost entry on Solaris machines [LOGG-2152]
- Added ipf test for Solaris [FIRE-4526]
- Added uname -n test (Solaris) [NAME-4024]
- Added ssh daemon configuration file check [SSH-7404]
- Added BSD newsyslog.conf file check [LOGG-2160]
- Added inetd status check [INSE-8002]
- Added inetd.conf configuration check [INSE-8004]
- Added check for inetd.conf when inetd is not active [INSE-8006]
- Added telnet check via inetd [INSE-8016]
- Added ACL check on root file system [FILE-6368]
- Added check for firewall/packet filter on system [FIRE-4590]
- Added lograte file check [LOGG-2148]
- Added snmp daemon status test [SNMP-3302]
- Added snmp configuration file test [SNMP-3304]
- Added default snmp community strings test [SNMP-3306]
- Added categories: Insecure services and SNMP
- Added binary searches for awk, ipf

- Changed profile name in default profile
- Added path /usr/ucb to binary paths
- Changed color to white if slapd is not running [LDAP-2219]
- Changed test PKG-7345 into PKGS-7345
- Changed logging for several tests [PKGS-7302] [NETW-3004]
- Extended FAQ
- Changed default profile header

- Hostname detection under Solaris
- Disabled tests PROC-3612 PROC3614 for Solaris machines
- Disabled NTP check in cron.d directory on Solaris [TIME-3104]
- Added result at line when querying system users [AUTH-9234]
- Counters (N+1) fixed for some shells, like Solaris
- Removed unneeded line for Solaris test [PROC-3604]
- Disabled grsecurity test for Solaris [RBAC-6272]
- Correct display of files with spaces [FILE-6354]
- Changed several tests so they work correctly with Solaris

Version 1.2.2 (2009-02-15)

- Support for MySQL client
- New test: Test for empty MySQL root password [DBS-1816]
- New test: SSH daemon status test [SSH-7402]
- New test: sysstat account information [ACCT-9626]
- New test: connections in WAIT state [NETW-3028]
- Lynis displays a warning now, if current version is really outdated
- New parameter option (log_tests_incorrect_os) to minimize logging

- Several adjustments to default profile
- Fixed option 'skip_test_always' to let it function properly
- Fixed passwd check for SuSE systems [AUTH-9282]
- Added error redirect for dpkg test [PKG-7345]
- Improved NTP test and messages, excluded check when using xen [TIME-3104]
- Extended DNS nameserver check with local resolver [NETW-2704]
- Skip double nameserver check when a local resolver is found [NETW-2705]
- Renamed tests_nameserver to tests_nameservices
- Improved log output [AUTH-9218]

- Custom profiles should be compared to the default profile, due small changes
in the structure.

Version 1.2.1 (2008-09-05)

- Added support for Samba
- Added support for SELinux framework
- New test: SELinux presence test [MACF-6232]
- New test: SELinux status checks [MACF-6234]
- New test: password PAM availability check [AUTH-9262]
- New test: expire date check for accounts [AUTH-9282]
- Added new option --tests, to run a small set of tests only

- Report and logging messages improved
- Output reduced when using --tests
- Added suggestion to PHP expose_php option [PHP-2372]
- Improved log message for PHP register_globals option [PHP-2368]
- Added virtual host count to log file [HTTP-6626]
- Improved Red Hat and clones detection and display
- Fix: Improved promiscuous detection for Linux [NETW-3015]
- Fix: AUTH-9204 test triggered on group ids as well
- Fix: Only display unique MAC addresses [NETW-3006]
- Extended Postfix test [MAIL-8818]
- Don't show /proc/meminfo if not present [PROC-3602]
- Don't show YABOOT information if not present [BOOT-5155]
- Improved portaudit test (FreeBSD) [PKGS-7382]
- Improved portsclean test (FreeBSD) [PKGS-7348]
- Added --quiet and --tests options to help and man page

Version 1.2.0 (2008-08-26)

- New test: Passwordless Solaris accounts test [AUTH-9254]
- New test: AFICK file integrity [FINT-4310]
- New test: AIDE file integrity [FINT-4314]
- New test: Osiris file integrity [FINT-4318]
- New test: Samhain file integrity [FINT-4322]
- New test: Tripwire file integrity [FINT-4326]
- New tests: NIS and NIS+ authentication test [AUTH-9240/42]
- Initial support added for AFICK, AIDE, Osiris, Samhain, Tripwire

- Changed text of grsecurity test [RBAC-6272]
- Optimized FreeBSD boot services test [BOOT-5165]
- Optimized UID 0 test [AUTH-9204]
- Extended login shells test [AUTH-9218]
- PID file message extended and small output improvement
- A log entry will be written when PID files are removed
- Added operating system name to log file when a test is skipped
- Added file available check when using --view-manpage
- Most program variables are initialized now for future additions

Version 1.1.9 (2008-08-09)

- New test: AppArmor framework check [MACF-6204]
- New test: FreeBSD boot loader test [BOOT-5124]
- New test: PHP option register_globals [PHP-2368]
- New test: Promiscuous network interfaces (Linux) [NETW-3015]
- Report option 'bootloader' added to several tests
- Added readlink binary check

- Extended file check (IsWorldWritable) for symlinks
- Show result if no default gateway is found [NETW-3001]
- Added /usr/local/etc to sudoers test [AUTH-9250]
- Improved FreeBSD banner output [BANN-7113]
- Removed incorrect line at promiscuous interface test [NETW-3014]
- Fix: Show only once the GRUB test output [BOOT-5121]
- Fix: Typo in NTP test [TIME-3104]
- Fix: Skip NTP test in /etc/cron.d if empty [TIME-3104]
- Fix: Initialize values when performing an update check without connection
- Fix: Solaris id function has been fixed
- Disabled FreeBSD double packages tests, due minor issues [PKGS-7303]
- Changed LDAP/MySQL running states [LDAP-2219] [DBS-1804]
- Replaced ifconfig calls with IFCONFIGBINARY
- Renamed tests_auditing to tests_mac_frameworks
- Several tests improved with extended logging

Version 1.1.8 (2008-07-16)

- Mac OS X support extended and new options added

- Extended default profile
- Improved several screen output lines
- User ID check improved, so it works better with older Solaris versions
- Hostname in output and reports will contain only host now, not FQDN
- Added extra php.ini locations to tests_php
- Replaced 'ps' in tests with PSBINARY value for better support
- Added output to zones test [VIRT-1902]
- Updated description [AUTH-9218]
- Extended ntp daemon/ntpdate check [TIME-3104]
- Added suggestion to bootable scripts check [BOOT_5184]
- Bugfix and improvement for FreeBSD portsclean test [PKGS-7348]
- Added Mac OS support to MAC address gathering test [NETW-3006]
- Added MAC OS support to inet and inet6 addresses test [NETW-3008]
- Extended PHP expose_php test to support additional options [PHP-2372]
- Improved LDAP test so it skips correctly on Mac OS AUTH-9238]
- Bugfix: MySQL status check gave incorrect output [DBS-1804]

Version 1.1.7 (2008-06-28)

- New test: check for unused iptables rules [FIRE-4513]
- New test: checking for dead and zombie processes [PROC-3612]
- New test: checking for heavy IO waiting processes [PROC-3614]
- Initial HP-UX support (untested)
- Initial AIX support (untested)
- Added iptables binary check
- Added dig check, for DNS related tests
- Added option --no-colors to remove all colors from screen output
- Added option --reverse-colors for optimizing output at light backgrounds
(Konsole, MacOS terminal etc)

- Improved grpck test for SuSE [AUTH-9216]
- Added dig availability check to DNS test [NETW-2704]
- Bugfix: Fixed iptables test if the binary is not located in /sbin [FIRE-4512]
- Bugfix: Improved yum-utils check to display suggestions correctly [PKGS-7384]
- Bugfix: Fixed prequisits for grpck test [AUTH-9216]
- Improved MySQL check [DBS-1804]
- Changed color at chkconfig boot services test [BOOT-5177]
- Added missing prequisits output to portaudit test [PKGS-7382]
- Test output for FreeBSD mounts (UFS) improved [FILE-6329]
- Extended OpenLDAP test to avoid finding itself in ps output [LDAP-2219]
- Several tests have their warning reporting improved
- Improved SuSE Linux detection
- Improved syslog-ng detection
- Adjusted README with link to online (extended) documentation

Version 1.1.6 (2008-06-19)

- New test: Check writable startup scripts [BOOT-5184]
- New test: Syslog-NG consistency check [LOGG-2134]
- New test: Check yum-utils package and scanning package database [PKGS-7384]
- New test: Test for empty ruleset when iptables is loaded [FIRE-4512]
- New test: Check for expired SSL certificates [CRYP-7902]
- New test: Check for LDAP authentication support [AUTH-9238]
- New test: Read available crontab/cron files [SCHD-7704]
- New test: Query Solaris running zones [VIRT-1902]
- New test: Check availability sudoers file for future tests [AUTH-9250]
- New test: Query all home directories from passwd file [HOME-9302]
- Syslog-NG support added (binary and version check)
- Added new sections: Scheduling, Time and Synchronization, Virtualization

- Extended several tests with suggestions and warnings
- Extended GRUB test with GRUB2 check [BOOT-5121]
- Extended iptables firewall test [FIRE-4511]
- Fixed incorrect variable at Linux kernel config display [KRNL-5728]
- Fixed display for file system test [FILE-6023]
- Reassigned some ID's to match others in category
- Improvement of several logging sections and profile options
- Assigned ID to Ubuntu security update check
- Assigned ID to pwck test for Solaris [AUTH-9230]
- Assigned ID to FreeBSD unused distfiles check [PKGS-7348]
- Assigned ID to RPM package query test [PKGS-7308]
- Assigned ID to /tmp sticky bit test [FILE-6362]
- Assigned ID to old temporary files check [FILE-6354]
- Assigned ID to passwd ID 0 test [AUTH-9204]
- Assigned ID to FreeBSD swap partitions [FILE-6332]
- Assigned ID to FreeBSD swap mount options [FILE-6336]
- Assigned ID to nameserver tests [NETW-2704 and NETW-2705]
- Assigned ID to pf consistency check [FIRE-4520]
- Assigned ID to Postfix configuration check [MAIL-8816]
- Assigned ID to Postfix banner check [MAIL-8818]
- Assigned ID to FreeBSD promiscuous port test [NETW-3014]
- Assigned ID to file permissions check [FILE-7524]

Version 1.1.5 (2008-06-10)

- Assigned ID to Apache configuration file test [HTTP-6624]
- Added pause_between_tests to profile file, to regulate the speed of a scan
- Assigned ID to dpkg test and solved issue with colon in package names [PKG-7345]
- Assigned ID to Solaris package test [PKG-7306]
- New test: which gathers virtual hosts from Apache configuration files [HTTP-6626]
- New test: read all loaded kernel modules (Linux) [KRNL-5726]
- New test: query available FreeBSD network interfaces [NETW-3004]
- New test: query available IPv4 and IPv6 network addresses [NETW-3008]
- New test: for MAC addresses [NETW-3006]
- New test: check if a Linux kernel configuration file is available [KRNL-5728]
- New test: check boot services for Debian/Ubuntu [BOOT-5180]
- Added Lynx, Nmap, Wget version to log file
- Added support for Oracle enterprise Linux (Unbreakable Linux)
- Added new function ReportWarning for better logging to report file

- Improved FreeBSD pkg_info output, logging output and report data [PKG-7302]
- Changed shell history file test, searching files with maxdepth 1 [HOME-9310]
- Extended iptables test, to check Linux kernel configuration file [FIRE-4511]
- Added report warning to promicuous test [NETW-3014]
- Fixed yellow color when being used at text display
- Several logging improvements and cleanups

Version 1.1.4 (2008-05-31)

- Added option to disable Lynis upgrade availability test (profile option)
- Added new option --check-update, to display (update) information
- Added stub for malware and file permissions database
- New section 'LDAP Services'
- Support for OpenLDAP added
- Place holders for new tests are added
- Default profile extended
- [FILE-6023] Added test for Linux ext2, ext3, ext4 file systems
- [BOOT-5155] Added check for YABOOT boot loader

- [BANN-7119] Improved MOTD banner check
- Improved Apache tests for SuSE and Debian systems
- Debian/Ubuntu file tests improved
- Extended man page

Version 1.1.3 (2008-05-21)

- Added security updates check for Fedora, RHEL 5.x, CentOS 5.x
- Added Linux kernel version check
- Most stable tests have an unique ID now
- Skipped tests have their reason to skip logged
- Added /etc/lynis/plugins to searchable plugin directory targets
- Added Register() function, to handle tests, prerequisites and counter
- Added new crypto tests
- Added profile option "test_skip_always" to blacklist a specific test

- Extended default profile location for FreeBSD
- Extended accounting test to include pacct as well
- Improved tests from categories: shells
- Disabled skel tests
- Several tests log their warnings into the report file now
- Changed Linux default runlevel test
- Extended man page

- Auditor name didn't get logged properly to report file.
- Changed Debian/Ubuntu kernel update test, so it won't be tested on others
- Exim test failed, due to using an incorrect variable name

Version 1.1.2 (2008-05-11)

- Added memory test for Solaris (tested on OpenSolaris)
- Password file consistency check for Solaris
- 32/64 bits OS mode check for Solaris
- Added Slackware detection
- Plugin support (see documentation)
- Added monolithic/modular test for Linux kernels

- Improved LILO test and removed double message
- Fixed incorrect message when using --help parameter
- Improved portaudit test (FreeBSD) to show unique packages only
- Updated man page, FAQ, extended documention with plugin information
- Added several php.ini file locations (MacOS X, OpenBSD, OpenSuSE)

** Special release notes [package/ports]: **
- Added several default paths to check for usuable an INCLUDE directory. This
should make packaging Lynis easier for downstream package providers.
- When no profile is set, Lynis will check first /etc/lynis/default.prf,
before setting default.prf (in current work directory) as profile to use.
- New directory added to be installed for future versions: plugins

Version 1.1.1 (2008-04-13)

- Added Solaris package manager (pkginfo) to obtain installed packages
- Added new option to profile to whitelist promiscuous interfaces (if_promisc)
- Added vulnerable packages check for Debian/Ubuntu
- Added package database consistency check for Debian/Ubuntu

- Only perform boot.conf check for OpenBSD when running on i386
- Changed RemovePIDFile to prevent incorrect file presence check (ie on OpenBSD)
- Better OS detection and display output for Ubuntu systems
- Improved text alignment (display) and logging
- Commented out some of the default profile options
- Updated FAQ, readme, man page

Bug fixes:
- Added missing space at OS detection function
- Fixed /etc/group tests to ignore commented lines
- Fixed sticky bit checking on /tmp, so it won't give incorrect results on
SuSE/Debian systems

Version 1.1.0 (2008-04-09)

- Added test: default gateway (Linux/BSD)
- Added boot tasks to report file (boottask)
- Added vulnerable packages to report file (vulnerable_package)

- Fixed some typos
- Several improvements in log output
- Changed display of operating system version (Linux)
- Fixed PHP check

Version 1.0.9 (2008-03-24)

- Added --quiet option (currently not 100% quiet yet)
- Added a spec file to the project page (see web site)
- Added small INSTALL document

- Changed check for PHP (php.ini location)
- Added available shells from /etc/shells to report file
- Updated man page
- Fixed option in main help window for --man option
- Code improvement, splitting up sections to seperated files

Version 1.0.8 (2008-02-10)

- Added pf filter rule test
- Added our PID to PID file
- Added warnings, real users, mount points, total tests to report file

- Changed Apache configuration file test
- Changed old temporary files check
- Changed test to include ubuntu security repository
- Moved UID check to avoid PID creation as non root user
- Moved most functions to seperated files and several code cleanups
- Improved logging output
- Extended FreeBSD (Copyright file) test
- Changed indentation for many tests
- Changed some typos in notice/warning messages

Version 1.0.7 (2008-01-28)

- Test: UFS mount point check (FreeBSD)
- Test: Check swap partitions (FreeBSD)
- Test: find old files in /tmp
- Test: check presence iptables
- Test: check CPU PAE/NX support (Linux)
- Added profile options check
- Added option to skip Debian security repository check (profile option)
- Support for Red Hat and CentOS

- Changed report log location to /var/log instead of current work directory
- Changed --help (and -h) to display general help, instead of man page
- Renamed -man option to --man
- Extended profile file (see default.prf)
- Cleaned up code (rewritten several parts of static code to dynamic
- Added more comments to the program, for curious auditors, developers and
users. Also regrouped parts of text and cleaned useless white spaces.
- General program output improved (spaces, indentation)
- Logging extended
- Updated lynis.spec file (contrib)
- FAQ and README files extended and updated

- Changed postfix banner check (thanks to Henk Bokhoven for reporting)
- Extended skel directory test, with -A (ls) option to check hidden files
(used with most Linux variants)

- Added new mirror
- Updated year number in program and support files
- Added new function Display, to use indentation within lines
- Added function RemovePIDFile before some exit routines, to clean up PID file
- Extracted profile support, parameter support to seperated files
- Created file tests_ports_packages for Ports and Packages
- Deleted lynis.spec file, since it was not working and will be rewritten later

Version 1.0.6 (2007-12-26)

- Added Solaris real users test
- Added hostname check

- Added chkconfig binary test and changed related services test
- Added 'xargs' to version checks, to replace unwanted chars
- Added more breaks to log file.
- Added sorting to rpm/dpkg listings
- FAQ extended

Version 1.0.5 (2007-12-02)

- Test: unique group names
- Test: unique group IDs
- Added check for rpm, chkrootkit and rkhunter binary
- Added function to cleanup at manual interrupt (INT)
- Support added to run Lynis as cronjob (--cronjob)
- Fedora support added
- Added umask 027, to tighten up file permissions

- Changed FreeBSD ttys test
- Changed grpck test, to operate in read-only mode
- Changed Postfix test, to check for mail_name value as well
- Changed GPL line in script which said GPL v2
- Extended README
- Show latest update version, if available, at the end of the screen output
- Lots of code cleanup (see Development)
- Some log improvements
- Changed date notation in changelog to preferred European format (with dots
instead of slashes)

- New function (ShowResult) to avoid repeating the same result line
within the script for standard status values
- Moved program consts to file (include/consts)
- Moved functions to file (include/functions)
- Moved OS detection to file (include/osdetection)
- Added NEVERBREAK to avoid user input (cronjob support)

Version 1.0.4 (2007-11-27)

- Test: query real system users (FreeBSD/Linux)
- Added PID file usage, to warn for unclean program states.
- Added SSHd version test

- Updated documentation
- Changed sticky bit test (/tmp), to skip symlinks
- Changed /etc/motd test, to skip symlinks
- More code cleanup
- Logging extended and improved
- Screen output slightly changed

Version 1.0.3 (2007-11-19)

- Added check for sockstat
- Test: added test for GRUB and password option
- Test: query listening ports (sockstat)

- Fixed NTPd check (bug)
- Extended help for 'double installed package' check (BSD systems, pkg_info)
- Extended Debian kernel update check
- Improved OpenBSD support
- Improved Linux specific detection support (Cobalt, CPU Builders, Debian,
E-Smith, Slackware, SuSE/OpenSuSE, Turbo Linux, Yellowdog and others)
- Improved screen output
- Extended logging, with status/impact flags
- [Bugfix] chkconfig test improved
- [Bugfix] Fixed sticky bit test at Debian
- Extended documentation and changelog file

Version 1.0.2 (2007-11-15)

- Test: Added check for NTP daemon or client
- Test: file permissions (profile option)
- Added -Q (--quick) parameter, to run the program without needing user
input after every few sections.

- Extended documentation (README file) and performed spell check
- Improved screen output (colors, parameter handling and display)
- Cleaned up source code and fixed some bad typos
- Added much more delimiter lines to logfile
- Added version numbers to logfile for used binaries/tools
- Updated list of parameters within Lynis help

Version 1.0.1 (2007-11-12)

- Test: check Exim configuration file location
- Test: added memory check (/proc/meminfo)
- Test: run grpck to check group files (if available)
- Test: boot option check for OpenBSD boot loader
- Test: check if pf (Software: firewall) is active
- Test: check LILO password
- Test: check presence of old distfiles (FreeBSD)
- Added check for binaries: httpd, kldstat, openssl, (s)locate
- Added version check for: exim, openssl
- Added -V (--version) parameter, to show version number
- Added breaks between tests

- [bug] Changed skel directory check
- Fixed display Apache configuration file

Version 1.0.0 (2007-11-08)

- Support for CentOS (Tested: 5 Final)
- Support for Debian (Tested: 4.0)
- Support for FreeBSD (Tested: 6.2)
- Support for Mac OS X (Tested: 10.4)
- Test: Apache (ServerTokens option)
- Test: PHP (expose_php option)
- Test: Postfix (smtpd_banner option)
- Test: check valid shells
- Test: query pkg_info/RPM based systems
- Test: query pkg_info for double installed packages
- Test: query chkprintcap (FreeBSD)
- Test: scan binary directories
- Test: check administrator accounts
- Test: check permissions /etc/motd
- Test: read nameservers from /etc/resolv.conf
- Test: query nameservers and test connectivity
- Test: check promiscuous interfaces (FreeBSD)
- Test: check sticky bit on /tmp directory
- Test: check security brance in /etc/apt/sources.list
- Test: check kernel update on Debian
- Test: query default Linux run level
- Test: query chkconfig to see which services start at boot
- Test /etc/COPYRIGHT banner check for FreeBSD
- Support for program parameters
- Builtin integrity checks
- Color enhanced output for readability
- Support for profiles/templates
- Report file creation (for reporting/monitoring)
- Extended logfile creation (with system suggestions)
- Added lynis.spec file for RPM creation
- Created project page at website
- Added documentation (README), ToDo list (TODO)
- Man page lynis(8)

- No changes

- No bugfixes