rootkit.nl logo

Lynis


Changelog






Author:  
Michael Boelen (michael@rootkit.nl)
Description:
Security and system auditing tool
Web site: 
http://www.rootkit.nl/projects/lynis.html





 * 1.3.6 (2013-12-03)

 New:
 - Support for the dntpd time daemon
 - New Apache test for modules [HTTP-6632]
 - Apache test for mod_evasive [HTTP-6640]
 - Apache test for mod_qos [HTTP-6641]
 - Apache test for mod_spamhaus [HTTP-6642]
 - Apache test for ModSecurity [HTTP-6643]
 - Check for installed package audit tool [PKGS-7398]
 - Added initial support for new pkgng and related tools [PKGS-7381]
 - Check for ssh-keyscan binary
 - ZFS support for FreeBSD [FILE-6330]
 - Test for passwordless accounts [AUTH-9283]
 - Initial OS support for DragonFly BSD
 - Initial OS support for TrueOS (FreeBSD based)
 - Initial OS support for elementary OS (Luna)
 - GetHostID for DragonFly, FreeBSD, NetBSD and OpenBSD
 - Check for DHCP client [NETW-3030]
 - Initial support for OSSEC (system integrity) [FINT-4328]
 - New parameter --log-file to adjust log file location
 - New function IsRunning() to check status of processes
 - New function RealFilename() to determine file name
 - New function CheckItem() for parsing files
 - New function ReportManual() and ReportException() to simplify code
 - New function DirectoryExists() to check existence of a directory
 - Support for dntpd [TIME-3104]

 Changes:
 - Extended pf checks for FreeBSD/OpenBSD and others [FIRE-4518]
 - Extended test to gather listening network ports for Linux [NETW-3012]
 - Adjusted lsof statement to ignore warnings (e.g. fuse) [LOGG-2180] [LOGG-2190]
 - Added suggestion for discovered shells on FreeBSD [AUTH-9218]
 - Extended core dump test with additional details [KRNL-5820]
 - Properly display suggestion if portaudit is not installed [PKGS-7382]
 - Ignore message if no packages are installed (pkg_info) [PKGS-7320]
 - Also try using apt-check on Debian systems [PKGS-7392]
 - Adjusted logging for RPM binary on systems not using it [PKGS-7308]
 - Extended search in cron directories for rdate/ntpdate [TIME-3104]
 - Adjusted PHP check to find ini files [PHP-2211]
 - Skip Apache test for NetBSD [HTTP-6622]
 - Skip test http version check for NetBSD [HTTP-6624]
 - Additional check to surpress sort error [HTTP-6626]
 - Improved the way binaries are checked (less disk reads)
 - Adjusted ReportWarning() function to skip impact rating
 - Improved report on screen by leaving out date/time and type
 - Redirect errors while checking for OpenSSL version
 - Extended reporting with firewall status and software
 - Adjusted naming of some operating systems to make them more consistent
 - Extended update check by using host binary if dig is not installed
 - Count number of installed binaries/packages and report them
 - Report about log rotation tool and status
 - Updated man page

 -- 
 
 * 1.3.5 (2013-11-19)

 New:
 - OS detection for Mageia Linux, PCLinuxOS, Sabayon Linux and Scientific Linux
 - Added some initial systemd support (e.g. boot services)
 - Test to display if any known MAC framework is implemented [MACF-6290]

 Changes:
 - Improved support for Slackware Linux (OS and version detection)
 - Added systemd support (boot and running services) for Linux systems [BOOT-5177]
 - Added systemd support (default runlevel) for Linux systems [KRNL-5622]
 - Extended USB storage check in modprobe.d directory [STRG-1840]
 - Improved output, reporting and check for kernel update [KRNL-5788]
 - Optimized code and output of test to check writable scripts [BOOT-5184]
 - Fixed detection for writable scripts [BOOT-5184]
 - Improved detection IPv6 addresses for Slackware and others [NETW-3008]
 - Minor addition to SSH PermitRootLogin check [SSH-7412]
 - Extended cronjob tests, reporting and logging [SCHD-7704]
 - Extended umask check in /etc/profile [AUTH-9328]
 - Added suggestion about BIND version [NAME-4210]
 - Merged test NTP daemon test TIME-3108 into TIME-3104
 - Improved support for Arch Linux (output, detection)
 - Extended common list of directories with SSL certifcates in profile
 - New function GetHostID() to determine an unique identifier of the machine
 - Added a tests_custom file template
 - Perform file permissions test on tests_custom file
 - Improved OS detection and extended logging on several tests
 - Several layout improvements
 - Extended update check functions and output
 - Cleaned up reporting and extended it with exceptions

 --

 * 1.3.4 (2013-11-08)

 New:
 - OS detection support for Arch Linux
 - Support for systemd journal

 Changes:
 - Test for files in /etc/modprobe.d directory [STRG-1840]
 - Extended log daemon detection with systemd journal [LOGG-2130]
 - Adjusted hardening value for compiler GCC [HRDN-7222]
 - Extended IsWorldWritable and IsWorldExecutable functions to support symlinks
 - Adjusted PHP test for disabled functions [PHP-2320]
 - Extended testing for PHP files in other directories [PHP-2211]
 - Improved screen output for several tests and extended logging

 --

 * 1.3.3 (2013-10-24)

 New:
 - Added NTP configuration type to report [TIME-3104]

 Changes:
 - Do not warn on empty shells for FreeBSD systems [AUTH-9218]
 - Extended checks for presence NTP client or daemon [TIME-3104]
 - Extended logging

 --
 
 * 1.3.2 (2013-10-09)

 New:
 - Test for PowerDNS authoritive servers (master/slave status) [NAME-4238]

 Changes:
 - CUPS test extended with hardening rules [PRNT-2308]
 - Added hardening points to sticky bit on /tmp [FILE-6362]
 - Extended Ubuntu security packages check [PKGS-7392]
 - Improved update check, show when no check is performed
 - Added additional check for binaries, so checks on CentOS work correctly
 - Added word 'restricted' to banner strings
 - Adjusted wording for Debian packages purge [PKGS-7346]
 - Corrected listing of purgable packages [PKGS-7346]
 - Adjusted yum-plugin-security check due to package changes [PKGS-7386]

 --

 * 1.3.1 (2013-10-02)

 Changes:
 - Updated generic references in files
 - Fixed detection of several binaries (AFICK/awk)
 - Performance tweaks when checking for binaries
 - Fixed core dump check and dumpable sysctl [KRNL-5820]
 - Force test to always to check for binaries [FILE-7502]
 - Changed detection to egrep [DBS-1840]
 - Adjusted variable checking for Solaris [HOME-9310]
 - Adjusted search in modprobe directory [STRG-1840] [STRG-1846]

 --

 * 1.3.0 (2011-12-25)

 New:
 - Profile option: ignore_home_dir
 - TCP wrappers category added
 - Tooling category added
 - Initial extensions to support plugins in the future
 - Test for unpurged Debian packages [PKGS-7346]
 - Test for compiler permissions [HRDN-7222]

 Changes:
 - Converted all dates to ISO format and updated copyright lines
 - Correct suggestion for file integrity tool [FINT-4350]
 - Added hint when RPM list is empty on DPKG based systems [PKGS-7308]
 - Changed logging for /etc/security/limits.conf file [KRNL-5820]
 - Fixed incorrect warning for single user mode [AUTH-9308]
 - Improved output for stratum 16 time servers [TIME-3116]
 - Added suggestion and screen output for kernel hardening [KRNL-6000]
 - Screen layout optimalizations and log file improvements
 - Improved list/layout of scan options
 - Improved binary check for compilers
 - Added configuration option in scan profile (show_tool_tips, default true)

 * 1.2.9 (2009-12-15)

 New:
 - Support for Squid3
 - Added Squid unsafe ports check [SQD-3624]
 - Added Squid configuration file permission check [SQD-3613]
 - Added Squid test: reply_body_max_size option [SQD-3630]
 - Added /etc/init.d/rc and /etc/init.d/rcS to umask test [AUTH-9328]
 - Check PHP option allow_url_include [PHP-2378]

 Changes:
 - Extended possible Squid configuration file locations
 - Added additional sysctl keys to default profile
 - Fixed typo in squid.conf checks
 - Improved descriptions, logging and reporting for several tests
 - Corrected /etc/security/limits.conf path in test [KRNL-5820]
 - Updated man page, limited lines to 80 chars

 --

 * 1.2.8 (2009-12-08)

 New:
 - Squid support added
 - Squid daemon detection [SQD-3602]
 - Squid configuration file search [SQD-3604]
 - Squid version detection [SQD-3606]
 - Check /etc/motd banner [BANN-7122]
 - Check /etc/issue.net file [BANN-7128]
 - Check contents in /etc/issue.net [BANN-7130]
 - Solaris single user mode login check (/etc/default/sulogin) [AUTH-9304]
 - HP-UX boot authentication check [AUTH-9306]
 - Linux single user mode authentication check [AUTH-9308]
 - Solaris account locking policy check [AUTH-9340]

 Changes:
 - Added prerequisite to SSH test, so the test is skipped properly [SSH-7440]
 - Check for /etc/issue symlink [BANN-7124]
 - Added file check for possible harmful shells found [AUTH-9218]
 - Add user home directories to report [HOME-9302]
 - Extended Linux run level test with support for Debian/Ubuntu [KRNL-5622]
 - Added /lib64/security to PAM test [AUTH-9262]
 - Extended security repository check [PKGS-7388]
 - Iptables check should not check for a module in a Linux config [FIRE-4511]
 - Ignore APC ups daemon when scanning for CUPS [PRNT-2304]
 - Improved kernel logger daemon check [LOGG-2138]
 - Added auditctl to binary check [ACCT-9630]
 - Log used auditd ruleset [ACCT-9630]
 - Corrected logging of Solaris c2audit module [ACCT-9656]
 - Fixed warning function for Solaris passwordless accounts [AUTH-9254]
 - Commented kern.randompid in default profile
 - For sysctl the parameter -n will be used on Linux systems
 - Changed syslog daemon detection and state
 - Extended report file

 --

 * 1.2.7 (2009-11-01)

 New:
 - Added Kernel Hardening section
 - Sysctl audit support in scan profile and related test [KRNL-6000]
 - SSH option StrictModes test [SSH-7416]
 - Password aging limit check [AUTH-9286]
 - Ubuntu packages check (apt-show-versions) [PKGS-7394]
 - Check for metalog daemon [LOGG-2210]
 - USB storage driver state check [STRG-1840]
 - Firewire storage driver state check [STRG-1846]
 - PostgreSQL process check [DBS-1826]
 - Oracle process check [DBS-1840]
 - Default umask check [AUTH-9328]
 - Check for rsyslog daemon [LOGG-2230]
 - RFC 3195 compliant daemon check [LOGG-2240]
 - Qmail SMTP daemon check [MAIL-8940]
 - Test for separation of /tmp and /home from root file system [FILE-6310]
 - SSH AllowUsers and AllowGroups usage check [SSH-7440]
 - AIX support, thanks to Michael Smerdka

 Changes:
 - Fixed crontabs path [SCHD-7704]
 - Extended locate database paths for Linux and FreeBSD [FILE-6410]
 - pflog detection fix [FIRE-4518]
 - Skip /proc/meminfo for non Linux systems [PROC-3602]
 - Extended text with rsyslogd [LOGG-2130]
 - Ignore comment and empty lines for group tests [AUTH-9222/9226]
 - Show firewall as active when iptables is available in config file [FIRE-4511]
 - Variable fix for SNMP daemon configuration file [SNMP-3304]
 - Freshclam check fix [MALW-3286]
 - Fixed waiting search for NIS domain [NAME-4306]
 - Check for a maximum of 1 search statement in /etc/resolv.conf [NAME-4018]
 - Apache test improved [HTTP-6622]
 - Skip klogd test if rsyslogd is available [LOGG-2138]
 - Added additional CUPS location to search paths
 - Only execute PAM test for systems with PAM [AUTH-9268]
 - Fixed logging of sudoers file location [AUTH-9250]
 - Improved FreeBSD support for NTP client check [TIME-3104]
 - Redirect warning "Unknown host" when DNS domain name is empty [NAME-4028]
 - Redirect warning when host name is empty
 - Fixed warning color [AUTH-9226]
 - Fixed FreeBSD COPYRIGHT file test [BANN-7113]
 - Changed text for sudoers text [AUTH-9250]
 - Improved text for DNS search domain [NAME-4016]
 - Skip nginx configuration test if nginx is not available [HTTP-6704]
 - Removed portsclean suggestion [PKGS-7348]
 - Fixed non unique IDs
 - Fixed cosmetic issue when using Debian with default dash shell
 - Improved hostname detection for HP-UX
 - Added additional php.ini file locations
 - Moved Linux default shell check to OS detection functions
 - Fixed CUPS daemon test [PRNT-2304]
 - Also check for uppercase chars in issue file [BANN-7126]

 --

 * 1.2.6 (05.04.2009)

 New:
 - Sudoers file permissions check [AUTH-9252]
 - Core dumps configuration check for Linux [KRNL-5820]
 - PHP disabled functions check [PHP-2320]
 - PHP enable_dl function check [PHP-2374]
 - PHP allow_url_fopen function check [PHP-2376]
 - OpenBSD smtpd status check [MAIL-8920]
 - /etc/issue check [BANN-7124]
 - /etc/issue legal keywords check [BANN-7126]
 - Show suggestions in report

 Changes:
 - Extended support for Red Hat, CentOS and Fedora
 - Extended ACL test to test for default mount options as well [FILE-6368]
 - Exim status test fixed [MAIL-8812]
 - Corrected yum security check [PKGS-7386]
 - Replaced LDAP test AUTH-9238 with [AUTH-9402]
 - Removed backquotes when locate database is not available [FILE-6410]
 - Added /etc/openldap to search path for OpenLDAP
 - Fixed typo in crontab path [SCHD-7704]
 - Don't show message "No volume groups found" if LVM isn't used [FILE-6310]
 - Corrected Syslog-NG status [LOGG-2132]
 - Moved TODO to dev directory

 --
 
 * 1.2.5 (27.03.2009)

 New:
 - slapd.conf check [LDAP-2224]
 - atd status test [SCHD-7718]
 - Check LDAP module in PAM [AUTH-9278]
 - Check Dovecot status check [MAIL-8838]
 - Check log directories from newsyslog.conf [LOGG-2162]
 - Check log directories from static list [LOGG-2170]
 - Check log directories from logrotate configuration [LOGG-2150]
 - syslog check for remote logging [LOGG-2154]
 - Open log files check [LOGG-2180]
 - Deleted file check [LOGG-2190]
 - Solaris active kernel modules check [KRNL-5770]
 - Solaris audit daemon status check [ACCT-9650]
 - Solaris audit daemon service status [ACCT-9652]
 - Solaris audit daemon BSM check [ACCT-9654]
 - Solaris audit logging location check [ACCT-9662]
 - Solaris audit statistics check [ACCT-9672]
 - Check for installed compiler [HRDN-7202]
 - BIND process check [NAME-4202]
 - BIND configuration file check [NAME-4204]
 - BIND configuration consistency check [NAME-4206]
 - BIND version check via DNS [NAME-4210]
 - Default domain check (/etc/resolv.conf) [NAME-4016]
 - Search domains in /etc/resolv.conf check [NAME-4018]
 - Parse /etc/resolv.conf options [NAME-4020]
 - Solaris /etc/nodename check [NAME-4026]
 - DNS domain checks [NAME-4028]
 - NSCD status check [NAME-4032]
 - PowerDNS presence check [NAME-4230]
 - PowerDNS configuration file check [NAME-4232]
 - PowerDNS backend check [NAME-4236]
 - ypbind status check [NAME-4302]
 - Log specific defined SSH daemon options [SSH-7408]
 - SSH protocol version check [SSH-7414]
 - NIS domain checks [NAME-4304]
 - Check pending at jobs [SCHD-7724]
 - LVM volume group scan [FILE-6310]
 - LVM volumes check [FILE-6312]
 - Locate database check [FILE-6410]
 - nginx configuration file check [HTTP-6704]
 - Exim status check [MAIL-8802]
 - Postfix status check [MAIL-8814]

 Changes:
 - atd needs to run before testing at files [SCHD-7720]
 - Removed Solaris OS requirement from logrotate test [LOGG-2148]
 - Sanitized output from logrotate test [LOGG-2148]
 - Skip comment fields in loghost check [LOGG-2152]
 - Changed auditd tests to Linux only
 - Binary scan optimized and partially combined with other check
 - Only perform iptables tests if kernel module is active
 - Don't show message when /etc/shells can't be found [SHLL-6211]
 - Check /var/spool/cron/crontabs first, if it exists [SCHD-7704]
 - Renumbered FreeBSD test SHLL-7225 [SHLL-6202]
 - Renumbered malware test MALW-3292 [HRDN-7230]
 - Improved grep on process status [PRNT-2304]
 - Ignore comment lines for nginx log file check [HTTP-6720]
 - Added file check for nginx log files [HTTP-6720]
 - Display IP addresses only of NTP tests [TIME-3124]
 - Fixed Postfix configuration directory path [MAIL-8816]
 - Redirected output of yum package duplicate check [PKGS-7384]
 - Ignore comment lines for lilo test [BOOT-5139]
 - Fixed incorrect iptables status and correct logging [FIRE-4511]
 - Check SNMP configuration only if SNMP daemon runs [SNMP-3304]
 - Don't scan PAM directories which are symlinks [AUTH-9268]
 - Changed hardening category to hardening_tools
 - Adjusted hardening points of several tests
 - Log and display improvements for several tests
 
 --

 * 1.2.4 (17.03.2009)
 
 New:
 - NTP daemon process test [TIME-3108]
 - NTP association ID's check from peer list [TIME-3112]
 - NTP time source candidates test [TIME-3128]
 - NTP falseticker check [TIME-3132]
 - NTP protocol version check [TIME-3136]
 - Stratum 16 ntp peers check [TIME-3116]
 - Unreliable ntp peers check [TIME-3120]
 - Preferred NTP time source test [TIME-3124]
 - auditd presence check [ACCT-9628]
 - auditd rules check [ACCT-9630]
 - auditd configuration file check [ACCT-9632]
 - auditd log file location check [ACCT-9634]
 - cupsd status check [PRNT-2304]
 - cupsd configuration file check [PRNT-2306]
 - cupsd address configuration test [PRNT-2308]
 - pam.conf configuration check [AUTH-9264]
 - pam.d configuration file scan [AUTH-9266]
 - PAM modules check [AUTH-9268]
 - rpcinfo query [STRG-1902]
 - NFS version number check [STRG-1904]
 - NFS protocol and port number check [STRG-1906]
 - NFS status check [STRG-1920]
 - NFS exports check [STRG-1926]
 - NFS empty /etc/exports [STRG-1928]
 - SSH PermitRootLogin option check [SSH-7412]
 - at.allow and at.deny check [SCHD-7720]
 - File integrity tool check [FINT-4350]
 - nginx process check [HTTP-6702]
 - nginx log file test [HTTP-6720]
 - ClamAV clamscan presence test [MALW-3282]
 - ClamAV daemon check [MALW-3284]
 - ClamAV freshclam check [MALW-3286]
 - Check for presence malware scanner [MALW-3292]
 - clamscan, ntpq binary check
 - NTP daemon role and profile option
 - Parameter --tests-category, to scan one or more categories
 - Category added (Storage: NFS)
 - Added hardening points to tests
 - Display hardening index to report
 
 Changes:
 - Extended logrotate test [LOGG-2148]
 - Added check for inetd.conf before performing test [INSE-8016]
 - Added /var/spool/crontabs to search path [TIME-3104]
 - Added log line to sysstat test [ACCT-9626]
 - Improved screen output on Solaris
 - Checking for both rdate and ntpdate in cron files [TIME-3104]
 - Changed yum-security package check [PKGS-7386]
 - Change output if dig isn't available [NETW-2705]
 - Added IPv6 support and output adjustment [NETW-2704]
 - Cosmetic change for host based firewall check [FIRE-4590]
 - Corrected output in log file [PKGS-7388]
 - Corrected passwd options for Red Hat [AUTH-9282]
 - Changed text if everything is ok (no warnings)
 - Log improvements
 
 --

 * 1.2.3 (02.03.2009)
 
 New:
 - Added syslog-NG daemon check [LOGG-2132]
 - Added klogd status test [LOGG-2138]
 - Added check to determine minilogd presence [LOGG-2142]
 - Added logrotate configuration test [LOGG-2146]
 - Added check for loghost entry on Solaris machines [LOGG-2152]
 - Added ipf test for Solaris [FIRE-4526]
 - Added uname -n test (Solaris) [NAME-4024]
 - Added ssh daemon configuration file check [SSH-7404]
 - Added BSD newsyslog.conf file check [LOGG-2160]
 - Added inetd status check [INSE-8002]
 - Added inetd.conf configuration check [INSE-8004]
 - Added check for inetd.conf when inetd is not active [INSE-8006]
 - Added telnet check via inetd [INSE-8016]
 - Added ACL check on root file system [FILE-6368]
 - Added check for firewall/packet filter on system [FIRE-4590]
 - Added lograte file check [LOGG-2148]
 - Added snmp daemon status test [SNMP-3302]
 - Added snmp configuration file test [SNMP-3304]
 - Added default snmp community strings test [SNMP-3306]
 - Added categories: Insecure services and SNMP
 - Added binary searches for awk, ipf
 
 Changes:
 - Changed profile name in default profile
 - Added path /usr/ucb to binary paths
 - Changed color to white if slapd is not running [LDAP-2219]
 - Changed test PKG-7345 into PKGS-7345
 - Changed logging for several tests [PKGS-7302] [NETW-3004]
 - Extended FAQ
 - Changed default profile header

 Fixes:
 - Hostname detection under Solaris
 - Disabled tests PROC-3612 PROC3614 for Solaris machines
 - Disabled NTP check in cron.d directory on Solaris [TIME-3104]
 - Added result at line when querying system users [AUTH-9234]
 - Counters (N+1) fixed for some shells, like Solaris
 - Removed unneeded line for Solaris test [PROC-3604]
 - Disabled grsecurity test for Solaris [RBAC-6272]
 - Correct display of files with spaces [FILE-6354]
 - Changed several tests so they work correctly with Solaris
 
 --

 * 1.2.2 (15.02.2009)
 
 New:
 - Support for MySQL client
 - New test: Test for empty MySQL root password [DBS-1816]
 - New test: SSH daemon status test [SSH-7402]
 - New test: sysstat account information [ACCT-9626]
 - New test: connections in WAIT state [NETW-3028]
 - Lynis displays a warning now, if current version is really outdated
 - New parameter option (log_tests_incorrect_os) to minimize logging
 
 Changes:
 - Several adjustments to default profile
 - Fixed option 'skip_test_always' to let it function properly
 - Fixed passwd check for SuSE systems [AUTH-9282]
 - Added error redirect for dpkg test [PKG-7345]
 - Improved NTP test and messages, excluded check when using xen [TIME-3104]
 - Extended DNS nameserver check with local resolver [NETW-2704]
 - Skip double nameserver check when a local resolver is found [NETW-2705]
 - Renamed tests_nameserver to tests_nameservices
 - Improved log output [AUTH-9218]
 
 Notes:
 - Custom profiles should be compared to the default profile, due small changes
   in the structure.
 
 --

 * 1.2.1 (05.09.2008)
 
 New:
 - Added support for Samba
 - Added support for SELinux framework
 - New test: SELinux presence test [MACF-6232]
 - New test: SELinux status checks [MACF-6234]
 - New test: password PAM availability check [AUTH-9262]
 - New test: expire date check for accounts [AUTH-9282]
 - Added new option --tests, to run a small set of tests only
 
 Changes:
 - Report and logging messages improved
 - Output reduced when using --tests
 - Added suggestion to PHP expose_php option [PHP-2372]
 - Improved log message for PHP register_globals option [PHP-2368]
 - Added virtual host count to log file [HTTP-6626]
 - Improved Red Hat and clones detection and display
 - Fix: Improved promiscuous detection for Linux [NETW-3015]
 - Fix: AUTH-9204 test triggered on group ids as well
 - Fix: Only display unique MAC addresses [NETW-3006]
 - Extended Postfix test [MAIL-8818]
 - Don't show /proc/meminfo if not present [PROC-3602]
 - Don't show YABOOT information if not present [BOOT-5155]
 - Improved portaudit test (FreeBSD) [PKGS-7382]
 - Improved portsclean test (FreeBSD) [PKGS-7348]
 - Added --quiet and --tests options to help and man page

 --

 * 1.2.0 (26.08.2008)
 
 New:
 - New test: Passwordless Solaris accounts test [AUTH-9254]
 - New test: AFICK file integrity [FINT-4310]
 - New test: AIDE file integrity [FINT-4314]  
 - New test: Osiris file integrity [FINT-4318]  
 - New test: Samhain file integrity [FINT-4322]  
 - New test: Tripwire file integrity [FINT-4326]   
 - New tests: NIS and NIS+ authentication test [AUTH-9240/42]
 - Initial support added for AFICK, AIDE, Osiris, Samhain, Tripwire

 Changes:
 - Changed text of grsecurity test [RBAC-6272]
 - Optimized FreeBSD boot services test [BOOT-5165]
 - Optimized UID 0 test [AUTH-9204]
 - Extended login shells test [AUTH-9218]
 - PID file message extended and small output improvement
 - A log entry will be written when PID files are removed
 - Added operating system name to log file when a test is skipped
 - Added file available check when using --view-manpage
 - Most program variables are initialized now for future additions

 --

 * 1.1.9 (09.08.2008)
 
 New:
 - New test: AppArmor framework check [MACF-6204]
 - New test: FreeBSD boot loader test [BOOT-5124]
 - New test: PHP option register_globals [PHP-2368]
 - New test: Promiscuous network interfaces (Linux) [NETW-3015]
 - Report option 'bootloader' added to several tests
 - Added readlink binary check
 
 Changes:
 - Extended file check (IsWorldWritable) for symlinks
 - Show result if no default gateway is found [NETW-3001]
 - Added /usr/local/etc to sudoers test [AUTH-9250]
 - Improved FreeBSD banner output [BANN-7113] 
 - Removed incorrect line at promiscuous interface test [NETW-3014]
 - Fix: Show only once the GRUB test output [BOOT-5121]
 - Fix: Typo in NTP test [TIME-3104]
 - Fix: Skip NTP test in /etc/cron.d if empty [TIME-3104]
 - Fix: Initialize values when performing an update check without connection
 - Fix: Solaris id function has been fixed
 - Disabled FreeBSD double packages tests, due minor issues [PKGS-7303]
 - Changed LDAP/MySQL running states [LDAP-2219] [DBS-1804]
 - Replaced ifconfig calls with IFCONFIGBINARY
 - Renamed tests_auditing to tests_mac_frameworks
 - Several tests improved with extended logging
 
 --

 * 1.1.8 (16.07.2008)
 
 New:
 - Mac OS X support extended and new options added
 
 Changes:
 - Extended default profile
 - Improved several screen output lines
 - User ID check improved, so it works better with older Solaris versions
 - Hostname in output and reports will contain only host now, not FQDN
 - Added extra php.ini locations to tests_php
 - Replaced 'ps' in tests with PSBINARY value for better support
 - Added output to zones test [VIRT-1902]
 - Updated description [AUTH-9218]
 - Extended ntp daemon/ntpdate check [TIME-3104]
 - Added suggestion to bootable scripts check [BOOT_5184]
 - Bugfix and improvement for FreeBSD portsclean test [PKGS-7348]
 - Added Mac OS support to MAC address gathering test [NETW-3006]
 - Added MAC OS support to inet and inet6 addresses test [NETW-3008]
 - Extended PHP expose_php test to support additional options [PHP-2372]
 - Improved LDAP test so it skips correctly on Mac OS AUTH-9238]
 - Bugfix: MySQL status check gave incorrect output [DBS-1804]
 
 --
 
 * 1.1.7 (28.06.2008)
 
 New:
 - New test: check for unused iptables rules [FIRE-4513]
 - New test: checking for dead and zombie processes [PROC-3612]
 - New test: checking for heavy IO waiting processes [PROC-3614]
 - Initial HP-UX support (untested)
 - Initial AIX support (untested)
 - Added iptables binary check 
 - Added dig check, for DNS related tests
 - Added option --no-colors to remove all colors from screen output
 - Added option --reverse-colors for optimizing output at light backgrounds
   (Konsole, MacOS terminal etc)

 Changes:
 - Improved grpck test for SuSE [AUTH-9216]
 - Added dig availability check to DNS test [NETW-2704]
 - Bugfix: Fixed iptables test if the binary is not located in /sbin [FIRE-4512]
 - Bugfix: Improved yum-utils check to display suggestions correctly [PKGS-7384]
 - Bugfix: Fixed prequisits for grpck test [AUTH-9216]
 - Improved MySQL check [DBS-1804]
 - Changed color at chkconfig boot services test [BOOT-5177]
 - Added missing prequisits output to portaudit test [PKGS-7382]
 - Test output for FreeBSD mounts (UFS) improved [FILE-6329]
 - Extended OpenLDAP test to avoid finding itself in ps output [LDAP-2219]
 - Several tests have their warning reporting improved
 - Improved SuSE Linux detection
 - Improved syslog-ng detection
 - Adjusted README with link to online (extended) documentation 
  
 --

 * 1.1.6 (19.06.2008)
 
 New:
 - New test: Check writable startup scripts [BOOT-5184]
 - New test: Syslog-NG consistency check [LOGG-2134]
 - New test: Check yum-utils package and scanning package database [PKGS-7384]
 - New test: Test for empty ruleset when iptables is loaded [FIRE-4512] 
 - New test: Check for expired SSL certificates [CRYP-7902]
 - New test: Check for LDAP authentication support [AUTH-9238]
 - New test: Read available crontab/cron files [SCHD-7704]
 - New test: Query Solaris running zones [VIRT-1902]
 - New test: Check availability sudoers file for future tests [AUTH-9250]
 - New test: Query all home directories from passwd file [HOME-9302]
 - Syslog-NG support added (binary and version check)
 - Added new sections: Scheduling, Time and Synchronization, Virtualization
 
 Changes:
 - Extended several tests with suggestions and warnings
 - Extended GRUB test with GRUB2 check [BOOT-5121]
 - Extended iptables firewall test [FIRE-4511]
 - Fixed incorrect variable at Linux kernel config display [KRNL-5728]
 - Fixed display for file system test [FILE-6023]
 - Reassigned some ID's to match others in category
 - Improvement of several logging sections and profile options
 - Assigned ID to Ubuntu security update check
 - Assigned ID to pwck test for Solaris [AUTH-9230]
 - Assigned ID to FreeBSD unused distfiles check [PKGS-7348]
 - Assigned ID to RPM package query test [PKGS-7308]
 - Assigned ID to /tmp sticky bit test [FILE-6362]
 - Assigned ID to old temporary files check [FILE-6354]
 - Assigned ID to passwd ID 0 test [AUTH-9204]
 - Assigned ID to FreeBSD swap partitions [FILE-6332]
 - Assigned ID to FreeBSD swap mount options [FILE-6336]
 - Assigned ID to nameserver tests [NETW-2704 and NETW-2705]
 - Assigned ID to pf consistency check [FIRE-4520]
 - Assigned ID to Postfix configuration check [MAIL-8816]
 - Assigned ID to Postfix banner check [MAIL-8818]
 - Assigned ID to FreeBSD promiscuous port test [NETW-3014]
 - Assigned ID to file permissions check [FILE-7524]
 
 --

 * 1.1.5 (10.06.2008)
 
 New:
 - Assigned ID to Apache configuration file test [HTTP-6624] 
 - Added pause_between_tests to profile file, to regulate the speed of a scan
 - Assigned ID to dpkg test and solved issue with colon in package names [PKG-7345]
 - Assigned ID to Solaris package test [PKG-7306]
 - New test: which gathers virtual hosts from Apache configuration files [HTTP-6626]
 - New test: read all loaded kernel modules (Linux) [KRNL-5726]
 - New test: query available FreeBSD network interfaces [NETW-3004]
 - New test: query available IPv4 and IPv6 network addresses [NETW-3008]
 - New test: for MAC addresses [NETW-3006]
 - New test: check if a Linux kernel configuration file is available [KRNL-5728]
 - New test: check boot services for Debian/Ubuntu [BOOT-5180]
 - Added Lynx, Nmap, Wget version to log file
 - Added support for Oracle enterprise Linux (Unbreakable Linux)
 - Added new function ReportWarning for better logging to report file
 
 Changes:
 - Improved FreeBSD pkg_info output, logging output and report data [PKG-7302]
 - Changed shell history file test, searching files with maxdepth 1 [HOME-9310]
 - Extended iptables test, to check Linux kernel configuration file [FIRE-4511]
 - Added report warning to promicuous test [NETW-3014]
 - Fixed yellow color when being used at text display
 - Several logging improvements and cleanups
 
 --

 * 1.1.4 (31.05.2008)
 
 New:
 - Added option to disable Lynis upgrade availability test (profile option)
 - Added new option --check-update, to display (update) information
 - Added stub for malware and file permissions database
 - New section 'LDAP Services'
 - Support for OpenLDAP added
 - Place holders for new tests are added
 - Default profile extended
 - [FILE-6023] Added test for Linux ext2, ext3, ext4 file systems
 - [BOOT-5155] Added check for YABOOT boot loader

 Changes:
 - [BANN-7119] Improved MOTD banner check
 - Improved Apache tests for SuSE and Debian systems
 - Debian/Ubuntu file tests improved
 - Extended man page
 
 --

 * 1.1.3 (21.05.2008)
 
 New:
 - Added security updates check for Fedora, RHEL 5.x, CentOS 5.x
 - Added Linux kernel version check
 - Most stable tests have an unique ID now
 - Skipped tests have their reason to skip logged
 - Added /etc/lynis/plugins to searchable plugin directory targets
 - Added Register() function, to handle tests, prerequisites and counter
 - Added new crypto tests
 - Added profile option "test_skip_always" to blacklist a specific test
  
 Changes:
 - Extended default profile location for FreeBSD
 - Extended accounting test to include pacct as well
 - Improved tests from categories: shells
 - Disabled skel tests
 - Several tests log their warnings into the report file now
 - Changed Linux default runlevel test
 - Extended man page

 Fixes:
 - Auditor name didn't get logged properly to report file.
 - Changed Debian/Ubuntu kernel update test, so it won't be tested on others
 - Exim test failed, due to using an incorrect variable name
 
 --

 * 1.1.2 (11.05.2008)
 
 New:
 - Added memory test for Solaris (tested on OpenSolaris)
 - Password file consistency check for Solaris
 - 32/64 bits OS mode check for Solaris
 - Added Slackware detection
 - Plugin support (see documentation)
 - Added monolithic/modular test for Linux kernels
 
 Changes:
 - Improved LILO test and removed double message
 - Fixed incorrect message when using --help parameter
 - Improved portaudit test (FreeBSD) to show unique packages only
 - Updated man page, FAQ, extended documention with plugin information
 - Added several php.ini file locations (MacOS X, OpenBSD, OpenSuSE)
 
 ** Special release notes [package/ports]: **
 - Added several default paths to check for usuable an INCLUDE directory. This
   should make packaging Lynis easier for downstream package providers.
 - When no profile is set, Lynis will check first /etc/lynis/default.prf,
   before setting default.prf (in current work directory) as profile to use.
 - New directory added to be installed for future versions: plugins

 --

 * 1.1.1 (13.04.2008)
 
 New:
 - Added Solaris package manager (pkginfo) to obtain installed packages
 - Added new option to profile to whitelist promiscuous interfaces (if_promisc)
 - Added vulnerable packages check for Debian/Ubuntu
 - Added package database consistency check for Debian/Ubuntu
 
 Changes:
 - Only perform boot.conf check for OpenBSD when running on i386
 - Changed RemovePIDFile to prevent incorrect file presence check (ie on OpenBSD)
 - Better OS detection and display output for Ubuntu systems
 - Improved text alignment (display) and logging
 - Commented out some of the default profile options
 - Updated FAQ, readme, man page
 
 Bug fixes:
 - Added missing space at OS detection function
 - Fixed /etc/group tests to ignore commented lines
 - Fixed sticky bit checking on /tmp, so it won't give incorrect results on
   SuSE/Debian systems
 
 --

 * 1.1.0 (09.04.2008)

 New:
 - Added test: default gateway (Linux/BSD)
 - Added boot tasks to report file (boottask)
 - Added vulnerable packages to report file (vulnerable_package)

 Changes:
 - Fixed some typos
 - Several improvements in log output
 - Changed display of operating system version (Linux)
 - Fixed PHP check

 -- 

 * 1.0.9 (24.03.2008)

 New: 
 - Added --quiet option (currently not 100% quiet yet)
 - Added a spec file to the project page (see web site)
 - Added small INSTALL document
  
 Changes:
 - Changed check for PHP (php.ini location)
 - Added available shells from /etc/shells to report file
 - Updated man page
 - Fixed option in main help window for --man option
 - Code improvement, splitting up sections to seperated files
 
 --

 * 1.0.8 (10.02.2008)
 
 New:
 - Added pf filter rule test
 - Added our PID to PID file
 - Added warnings, real users, mount points, total tests to report file

 Changes:
 - Changed Apache configuration file test
 - Changed old temporary files check
 - Changed test to include ubuntu security repository
 - Moved UID check to avoid PID creation as non root user
 - Moved most functions to seperated files and several code cleanups
 - Improved logging output
 - Extended FreeBSD (Copyright file) test
 - Changed indentation for many tests
 - Changed some typos in notice/warning messages
 
 --

 * 1.0.7 (28.01.2008)
 
 New:
 - Test: UFS mount point check (FreeBSD)
 - Test: Check swap partitions (FreeBSD)
 - Test: find old files in /tmp
 - Test: check presence iptables
 - Test: check CPU PAE/NX support (Linux)
 - Added profile options check
 - Added option to skip Debian security repository check (profile option)
 - Support for Red Hat and CentOS
 
 Changes:
 - Changed report log location to /var/log instead of current work directory
 - Changed --help (and -h) to display general help, instead of man page
 - Renamed -man option to --man
 - Extended profile file (see default.prf)
 - Cleaned up code (rewritten several parts of static code to dynamic
   functions)
 - Added more comments to the program, for curious auditors, developers and
   users. Also regrouped parts of text and cleaned useless white spaces.
 - General program output improved (spaces, indentation)
 - Logging extended
 - Updated lynis.spec file (contrib)
 - FAQ and README files extended and updated

 Bugfixes:
 - Changed postfix banner check (thanks to Henk Bokhoven for reporting)
 - Extended skel directory test, with -A (ls) option to check hidden files
   (used with most Linux variants)
 
 Development:
 - Added new mirror
 - Updated year number in program and support files
 - Added new function Display, to use indentation within lines
 - Added function RemovePIDFile before some exit routines, to clean up PID file
 - Extracted profile support, parameter support to seperated files
 - Created file tests_ports_packages for Ports and Packages
 - Deleted lynis.spec file, since it was not working and will be rewritten later
 
 --

 * 1.0.6 (26.12.2007)
 
 New:
 - Added Solaris real users test
 - Added hostname check
 
 Changes:
 - Added chkconfig binary test and changed related services test
 - Added 'xargs' to version checks, to replace unwanted chars
 - Added more breaks to log file.
 - Added sorting to rpm/dpkg listings
 - FAQ extended

 --

  * 1.0.5 (02.12.2007)
 
 New:
 - Test: unique group names
 - Test: unique group IDs
 - Added check for rpm, chkrootkit and rkhunter binary
 - Added function to cleanup at manual interrupt (INT)
 - Support added to run Lynis as cronjob (--cronjob)
 - Fedora support added
 - Added umask 027, to tighten up file permissions

 Changes:
 - Changed FreeBSD ttys test
 - Changed grpck test, to operate in read-only mode
 - Changed Postfix test, to check for mail_name value as well
 - Changed GPL line in script which said GPL v2
 - Extended README
 - Show latest update version, if available, at the end of the screen output
 - Lots of code cleanup (see Development)
 - Some log improvements
 - Changed date notation in changelog to preferred European format (with dots
   instead of slashes)
 
 Development:
 - New function (ShowResult) to avoid repeating the same result line
   within the script for standard status values
 - Moved program consts to file (include/consts)
 - Moved functions to file (include/functions)
 - Moved OS detection to file (include/osdetection)
 - Added NEVERBREAK to avoid user input (cronjob support)
  
 --

  * 1.0.4 (27.11.2007)
  
 New:
 - Test: query real system users (FreeBSD/Linux)
 - Added PID file usage, to warn for unclean program states.
 - Added SSHd version test
 
 Changes:
 - Updated documentation
 - Changed sticky bit test (/tmp), to skip symlinks
 - Changed /etc/motd test, to skip symlinks
 - More code cleanup
 - Logging extended and improved
 - Screen output slightly changed

 --

  * 1.0.3 (19.11.2007)
  
 New:
 - Added check for sockstat
 - Test: added test for GRUB and password option
 - Test: query listening ports (sockstat)
 
 Changes:
 - Fixed NTPd check (bug)
 - Extended help for 'double installed package' check (BSD systems, pkg_info)
 - Extended Debian kernel update check
 - Improved OpenBSD support
 - Improved Linux specific detection support (Cobalt, CPU Builders, Debian,
   E-Smith, Slackware, SuSE/OpenSuSE, Turbo Linux, Yellowdog and others)
 - Improved screen output
 - Extended logging, with status/impact flags
 - [Bugfix] chkconfig test improved
 - [Bugfix] Fixed sticky bit test at Debian
 - Extended documentation and changelog file
 
 --

  * 1.0.2 (15/11/2007)
  
 New:
 - Test: Added check for NTP daemon or client
 - Test: file permissions (profile option)
 - Added -Q (--quick) parameter, to run the program without needing user
   input after every few sections.
 
 Changes:
 - Extended documentation (README file) and performed spell check
 - Improved screen output (colors, parameter handling and display)
 - Cleaned up source code and fixed some bad typos
 - Added much more delimiter lines to logfile
 - Added version numbers to logfile for used binaries/tools
 - Updated list of parameters within Lynis help

 --

  * 1.0.1 (12.11.2007)

 New:
 - Test: check Exim configuration file location
 - Test: added memory check (/proc/meminfo)
 - Test: run grpck to check group files (if available)
 - Test: boot option check for OpenBSD boot loader
 - Test: check if pf (Software: firewall) is active
 - Test: check LILO password
 - Test: check presence of old distfiles (FreeBSD)
 - Added check for binaries: httpd, kldstat, openssl, (s)locate
 - Added version check for: exim, openssl
 - Added -V (--version) parameter, to show version number
 - Added breaks between tests

 Changes:
 - [bug] Changed skel directory check
 - Fixed display Apache configuration file
 
 --

  * 1.0.0 (08.11.2007)

 New:
 - Support for CentOS (Tested: 5 Final)
 - Support for Debian (Tested: 4.0)
 - Support for FreeBSD (Tested: 6.2)
 - Support for Mac OS X (Tested: 10.4)
 - Test: Apache (ServerTokens option)
 - Test: PHP (expose_php option)
 - Test: Postfix (smtpd_banner option)
 - Test: check valid shells
 - Test: query pkg_info/RPM based systems
 - Test: query pkg_info for double installed packages
 - Test: query chkprintcap (FreeBSD)
 - Test: scan binary directories
 - Test: check administrator accounts
 - Test: check permissions /etc/motd
 - Test: read nameservers from /etc/resolv.conf
 - Test: query nameservers and test connectivity
 - Test: check promiscuous interfaces (FreeBSD)
 - Test: check sticky bit on /tmp directory
 - Test: check debian.org security brance in /etc/apt/sources.list
 - Test: check kernel update on Debian
 - Test: query default Linux run level
 - Test: query chkconfig to see which services start at boot
 - Test  /etc/COPYRIGHT banner check for FreeBSD
 - Support for program parameters
 - Builtin integrity checks
 - Color enhanced output for readability
 - Support for profiles/templates
 - Report file creation (for reporting/monitoring)
 - Extended logfile creation (with system suggestions)
 - Added lynis.spec file for RPM creation
 - Created project page at website
 - Added documentation (README), ToDo list (TODO)
 - Man page lynis(8)
 
 Changes:
 - No changes
 
 Bugfixes:
 - No bugfixes


================================================================================
 Lynis - Copyright 2007-2013, Michael Boelen - The Netherlands
 http://www.rootkit.nl