Index index by Group index by Distribution index by Vendor index by creation date index by Name Mirrors Help Search

lynis-2.6.1-lp152.3.2 RPM for noarch

From OpenSuSE Leap 15.2 for noarch

Name: lynis Distribution: openSUSE Leap 15.2
Version: 2.6.1 Vendor: openSUSE
Release: lp152.3.2 Build date: Fri Sep 20 19:33:59 2019
Group: System/Monitoring Build host: lamb60
Size: 1390740 Source RPM: lynis-2.6.1-lp152.3.2.src.rpm
Packager: https://bugs.opensuse.org
Url: https://cisofy.com/lynis/
Summary: Security and System auditing tool
 
Lynis is a security and system auditing tool. It scans a system on the
most interesting parts useful for audits, like:
     - Security enhancements
     - Logging and auditing options
     - Banner identification
     - Software availability

Provides

Requires

License

GPL-3.0

Changelog

* Fri Jan 26 2018 astieger@suse.com
  - update to 2.6.1:
    * New group 'usb' for tests related to USB devices
    * Updated and enhanced tests
    * Many bug fixes
    * output and UI fixes
* Thu Jun 08 2017 astieger@suse.com
  - Lynis 2.5.1:
    * Improved detection of SSL certificate files
    * Minor changes to improve logging and results
    * Firewall tests: Determine if CSF is in testing mode
  - includes changes from Lynis 2.5.0:
    * CVE-2017-8108: symlink attack may have allowed arbitrary file
      overwrite or privilege escalation (bsc#1043463)
    * Deleted unused tests from database file
    * Additional sysctls are tested
    * Extended test with Symantec components
    * Snort detection
    * Snort configuration file
* Tue Apr 04 2017 tuukka.pasanen@ilmi.fi
  - Lynis 2.4.8 (Changelog from 2.4.1)
    * More PHP paths added
    * Minor changes to text
    * Show atomic test in report
    * Added FileInstalledByPackage function (dpkg and rpm supported)
    * Mark Arch Linux version as rolling release (instead of unknown)
    * Support for Manjaro Linux
    * Escape files when testing if they are readable
    * Code cleanups
    * Allow host alias to be specified in profile
    * Code readability enhancements
    * Solaris support has been improved
    * Fix for upload function to be used from profile
    * Reduce screen output for mail section, unless --verbose is used
    * Code cleanups and removed 'update release' command
    * Colored output can now be tuned with profile (colors=yes/no)
    * Allow data upload to be set as a profile option
    * Properly detect SSH daemon version
    * Generic code improvements
    * Improved the update check and display
    * Finish, Portuguese, and Turkish translation
    * Extended support and tests for DragonFlyBSD
    * Option to configure hostid and hostid2 in profile
    * Support for Trend Micro and Cylance (macOS)
    * Remove comments at end of nginx configuration
    * Used machine ID to create host ID when no SSH keys are available
    * Added detection of iptables-save to binaries
    Tests:
    BANN-7126 - Added more words to test for
    CUPS-2308 - Improve logging for CUPS configuration test, removed exception handler
    HTTP-6641 - Support detection for Apache module mod_reqtimeout
    PKGS-7388 - Minor change to detect security repositories
    CRYP-7902 - Test more certificates names, but only if they are not part of a package
    FILE-7524 - Reduce standard screen output for file permissions check
    MALW-3280 - Added Avira detection as a malware scanner
    NAME-4018 - Only perform name services test when resolv.conf file exists
    PKGS-7387 - Check all repositories if they use GPG signing
    SCHD-7704 - Permission checks
    TIME-3104 - Check permissions before open files
    AUTH-9328 - Add missing 0027 and 0077 umasks
    BOOT-5104 - Add initsplash and minor code enhancements
    DBS-1882 - Include Redis configuration file
    FIRE-4502 - Improved detection for iptables modules when using OpenVZ
    PKGS-7381 - Enhanced package audit for FreeBSD
    AUTH-9308 - Improved test for sulogin string (Debian systems)
    FILE-6372 - Properly deal with comment on lines in /etc/fstab
    MAIL-8817 - New test to check Postfix configuration for errors
    SSH-7408 - Corrected SSH check
    AUTH-9308 - Improved test for sulogin string
    MAIL-8818 - Test if Linux version is known before comparing in Postfix banner
    TIME-3116 - Skip stratum 16 items for time pools
    TIME-3148 - New test to detect TZ variable
    AUTH-9208 - Removed double logging
    AUTH-9222 - Improve logging for double groups
    AUTH-9226 - Improve logging for double groups
    BOOT-5177 - Sort systemctl unit files to make them unique
    DBS-1818 - New test to detect MongoDB
    DBS-1820 - New test for MongoDB authentication
    FIRE-4512 - Lowered minimum number of iptables firewall rules
    FIRE-4586 - Fix applied when searching for "-j LOG"
    HRDN-7222 - Changed reporting key of world executable compilers
    SSH-7408 - Added filtering for PermitRootLogin (prohibit-password, OpenSSH 7.0)
    FIRE-4586 - Check logging for firewall components
    KRNL-5788 - Remove exception and style improvements
    KRNL-5830 - Improved logging
* Fri Nov 04 2016 matthias.gerstner@suse.com
  - lynis 2.4.0
    * Mainly improved support for macOS users
    * Support for CoreOS
    * Support for clamconf utility
    * Support for chinese translation
    * More sysctl values in the default profile
    * New commands: "upload-only", "show hostids", "show environment", "show os"
* Wed Sep 28 2016 astieger@suse.com
  - lynis 2.3.4 with various improvements, including:
    * Several tests have extended log details
    * Detection of nftables improved
    * Replaced cut, sed, tr and others commands with binary variable
      (for forensics and future intrusion checking capabilities)
    * OS detection improved
* Thu Sep 15 2016 astieger@suse.com
  - lynis 2.3.3 with many improvements and updates
* Thu May 12 2016 astieger@suse.com
  - lynis 2.2.0:
    * new features and tests, small enhancements
    * optimisation, better detection
    * dealing with OS quirks and unexcepted results
    * adjustments for supporting more compliance in-depth
    * Detection for CFEngine has been improved
    * now tries to determine if failed logins are properly logged
    * New plugin is introduced to analyze PAM settings
    * Initial support to test UEFI settings, including Secure Boot option.
    * Support added for Unbound DNS caching tool, configuration check
    * Record if a name caching utility is being used like nscd or Unbound.
    * Tests chains of iptables and their default policy (ACCEPT or DROP)
    * Support upcoming nftables technology (status check)
    * Test added to include osqueryd as a supported tool.
    * Detection of firewire is enhanced (both ohci and core detected).
    * Extended the test syslog-ng logging to remote systems.
    * ESET and LMD (Linux Malware Detect) have been added.
    * Discovered malware scanners are also logged to the report.
    * Eexpanded test for multiple common mount points and define best
      practice mount flags.
    * Best practices for IPv6 configuration on Linux are now collected.
    * Collect network interface names from most operating systems.
    * Password change test has been extended to both capture minimum and password age.
    * Add Proxu support
    * SystemV init is now detected.
    * Now information will be logged when vulnerable software packages were found.
    * Support for DNF (Dandified YUM) for Fedora systems has been added.
    * Multiple configuration tests of SSH merged.
    * Extend detection of virtual machines (VMware tools)
    * Machine state detection with Puppet, Facter, dmidecode, and lscpu
    * When using pentest mode, it will continue without any delays (=quick mode).
    * Improvements for automatic execution of Lynis
    * Upload improvements
* Wed Jul 29 2015 astieger@suse.com
  - lynis 2.1.1:
    * performance improvements
    * additional support for Linux distributions and external utilities
    * Apache module directory /usr/lib64/apache has been added, which
      is used on openSUSE.
    * various other improvements and bug fixes
  - update patches for contect changes:
    lynis_1.3.1_include_consts.diff, lynis_1.3.5_lynis.diff
* Tue May 12 2015 astieger@suse.com
  - lynis 2.1.0:
    * Screen output has been improved to provide additional information.
    * Core dump check on Linux is extended to check for actual values as well.
    * Software:
      + McAfee detection has been extended by detecting a running cma binary.
      + Security patch checking with zypper extended.
    * Session timeout:
      + Tests to determine shell time out setting have been extended
      + determine also if variable is exported as a readonly variable.
      + Related compliance section PCI DSS 8.1.8 has been extended.
  - includes changes from Lynis 2.0.0:
    * New feature: helpers
    * docker build file audit helper
    * Improved OS support
    * support systemd, docker, nftables
    * New parameters:
      + --dump-options (see all options)
      + --report-file (define a different location for the report file)
  - use tarball supplied default.prf
  - clean or silence rpmlint warnings
* Tue Feb 17 2015 astieger@suse.com
  - lynis 1.6.4:
    * New:
      + Boot loader detection for AIX
      + Detection of getcap and lsvg binary
      + Added filesystem_ext to report
      + Detect rootsh
    * Changes:
      + Hide errors when RPM database is faulty and show suggestion instead
      + Allow OpenBSD to gather information on listening network ports
      + Don't trigger warning for Shellshock when doing segfault test
      + Do not run Apache test on OpenBSD and strip control chars
      + Extended AIDE test with configuration validation test
      + Improved Shellshock test regarding non-Linux support
      + Added support for gathering volume groups on AIX
      + Properly parse PAM lines and add them to report
      + Support for boot loader detection on OpenBSD
      + Added uptime detection for OpenBSD systems
      + Support for volume groups on AIX
      + Redirect errors when searching for readlink binary
  - includes changes from 1.6.3:
    * New:
      + Added tests for Shellshock bash vulnerability
      + Added test to determine if Snoopy is used
      + New test for qdaemon configuration file
      + Test for GRUB boot loader password
      + New test for qdaemon printer jobs
      + Added ClamXav test for Mac OS X
      + Gentoo vulnerable packages test
      + New test for qdaemon status
      + Gentoo package listing
      + Running Lynis without root permissions will start non-privileged scan
      + Systemd service and timer example file added
      + Added grub2-install to binaries
    * Changes:
      + Adjustments so insecure SSL protocols are detected in nginx config
      + Directories will be skipped when searching for nginx log files
      + Only gather unique name servers from /etc/resolv.conf
      + Properly detect mod_evasive on Gentoo and others
      + Improved swap partition detection in /etc/fstab
      + Improvements to kernel detection (e.g. Gentoo)
      + Test for built-in security options in YUM
      + Improved boot loader detection for GRUB2
      + Split GRUB test into two tests
      + Added Mac OS uptime check
      + Improved GetHostID function for systems having only ip binary
      + Improved testing for symlinked binary directories
      + Minor adjustments to log output
      + Renamed dev directory to extras
  - verify source signature
  - adjust permissions of items in /usr/share/lynis/include/consts
    to match those requested by main executable
  - run spec_cleaner
* Sun Nov 16 2014 Led <ledest@gmail.com>
  - fix bashisms in scripts

Files

/etc/lynis
/etc/lynis/default.prf
/usr/bin/lynis
/usr/share/doc/packages/lynis
/usr/share/doc/packages/lynis/CHANGELOG.md
/usr/share/doc/packages/lynis/CONTRIBUTORS.md
/usr/share/doc/packages/lynis/FAQ
/usr/share/doc/packages/lynis/LICENSE
/usr/share/doc/packages/lynis/README
/usr/share/lynis
/usr/share/lynis/db
/usr/share/lynis/db/dbus-whitelist.db
/usr/share/lynis/db/fileperms.db
/usr/share/lynis/db/hints.db
/usr/share/lynis/db/integrity.db
/usr/share/lynis/db/languages
/usr/share/lynis/db/languages/br
/usr/share/lynis/db/languages/cn
/usr/share/lynis/db/languages/de
/usr/share/lynis/db/languages/en
/usr/share/lynis/db/languages/en-GB
/usr/share/lynis/db/languages/en-US
/usr/share/lynis/db/languages/es
/usr/share/lynis/db/languages/fi
/usr/share/lynis/db/languages/fr
/usr/share/lynis/db/languages/gr
/usr/share/lynis/db/languages/he
/usr/share/lynis/db/languages/hu
/usr/share/lynis/db/languages/it
/usr/share/lynis/db/languages/ja
/usr/share/lynis/db/languages/nb-NO
/usr/share/lynis/db/languages/nl
/usr/share/lynis/db/languages/nl-BE
/usr/share/lynis/db/languages/nl-NL
/usr/share/lynis/db/languages/pl
/usr/share/lynis/db/languages/pt
/usr/share/lynis/db/languages/ru
/usr/share/lynis/db/languages/se
/usr/share/lynis/db/languages/tr
/usr/share/lynis/db/malware-susp.db
/usr/share/lynis/db/malware.db
/usr/share/lynis/db/sbl.db
/usr/share/lynis/db/tests.db
/usr/share/lynis/include
/usr/share/lynis/include/binaries
/usr/share/lynis/include/consts
/usr/share/lynis/include/data_upload
/usr/share/lynis/include/functions
/usr/share/lynis/include/helper_audit_dockerfile
/usr/share/lynis/include/helper_configure
/usr/share/lynis/include/helper_show
/usr/share/lynis/include/helper_system_remote_scan
/usr/share/lynis/include/helper_update
/usr/share/lynis/include/osdetection
/usr/share/lynis/include/parameters
/usr/share/lynis/include/profiles
/usr/share/lynis/include/report
/usr/share/lynis/include/tests_accounting
/usr/share/lynis/include/tests_authentication
/usr/share/lynis/include/tests_banners
/usr/share/lynis/include/tests_binary_rpath
/usr/share/lynis/include/tests_boot_services
/usr/share/lynis/include/tests_containers
/usr/share/lynis/include/tests_crypto
/usr/share/lynis/include/tests_custom.template
/usr/share/lynis/include/tests_databases
/usr/share/lynis/include/tests_file_integrity
/usr/share/lynis/include/tests_file_permissions
/usr/share/lynis/include/tests_file_permissionsDB
/usr/share/lynis/include/tests_file_permissions_ww
/usr/share/lynis/include/tests_filesystems
/usr/share/lynis/include/tests_firewalls
/usr/share/lynis/include/tests_hardening
/usr/share/lynis/include/tests_homedirs
/usr/share/lynis/include/tests_insecure_services
/usr/share/lynis/include/tests_kernel
/usr/share/lynis/include/tests_kernel_hardening
/usr/share/lynis/include/tests_ldap
/usr/share/lynis/include/tests_logging
/usr/share/lynis/include/tests_mac_frameworks
/usr/share/lynis/include/tests_mail_messaging
/usr/share/lynis/include/tests_malware
/usr/share/lynis/include/tests_memory_processes
/usr/share/lynis/include/tests_nameservices
/usr/share/lynis/include/tests_network_allowed_ports
/usr/share/lynis/include/tests_networking
/usr/share/lynis/include/tests_php
/usr/share/lynis/include/tests_ports_packages
/usr/share/lynis/include/tests_printers_spools
/usr/share/lynis/include/tests_scheduling
/usr/share/lynis/include/tests_shells
/usr/share/lynis/include/tests_snmp
/usr/share/lynis/include/tests_squid
/usr/share/lynis/include/tests_ssh
/usr/share/lynis/include/tests_storage
/usr/share/lynis/include/tests_storage_nfs
/usr/share/lynis/include/tests_system_dbus
/usr/share/lynis/include/tests_system_integrity
/usr/share/lynis/include/tests_system_proc
/usr/share/lynis/include/tests_time
/usr/share/lynis/include/tests_tmp_symlinks
/usr/share/lynis/include/tests_tooling
/usr/share/lynis/include/tests_usb
/usr/share/lynis/include/tests_users_wo_password
/usr/share/lynis/include/tests_virtualization
/usr/share/lynis/include/tests_webservers
/usr/share/lynis/include/tool_tips
/usr/share/lynis/plugins
/usr/share/lynis/plugins/README
/usr/share/lynis/plugins/custom_plugin.template
/usr/share/lynis/prepare_for_suse.sh
/usr/share/man/man8/lynis.8.gz

Generated by rpm2html 1.8.1

Fabrice Bellet, Tue Jul 9 11:27:19 2024