CHANGELOG Lynis v2.3.3 (2016-08-23):
Upgrade note:Customized profiles that included sysctl settings need to be altered. See default.prf for the correct format of the lines.
* Additions
++ OpenStack detection
++ Option to disable automatic refresh of software repository
* Languages
++ Japanese translation added, contributed by Yukio Takahara
* Fixes
++ Some tests did not show a warning text
++ Typo in man page for tests-from-group
Parameters
++ New –bin-dirs to define binary directories to scan
++ New option –root-dir to specify a different file system to scan
* Nginx
++ Rewrite of configuration parsing
* PHP
++ Support for PHP 5.6
* Redis
++ Redis test to detect configuration files
++ Test Redis configuration for several best practices
++ Perform permission check on Redis configuration files
* Experimental features (in development)
++ –bin-dirs – set what directories should be scanned for binaries
++ –root-dir – define the root of the file system, to allow forensics
* Settings
++ Many settings have a new alias (with dashes instead underscores)
++ New setting ‘show-report-solution’ to show solution in report
* Functions
++ ExitFatal can now exit program with optional text
++ IsNotebook can detect if system is a notebook (or not)
++ ShowSymlinkPath and FileIsReadable test for at least one argument
++ StoreNginxSettings will save parsed nginx configuration
* Tests
++ BOOT-5108 – Support for Syslinux bootloader
++ DBS-1882 – Redis configuration detection
++ DBS-1884 – Redis ‘requirepass’ check
++ DBS-1886 – Redis ‘rename-command CONFIG’ check
++ DBS-1888 – Redis ‘bind localhost’ check
++ FILE-6374 – Improved logging
++ KRNL-5830 – Improved logging for detected Linux kernels
++ KRNL-6000 – Support for multiple profiles and new format style
++ LOGG-2190 – Ignore MySQL files in /tmp from early MySQL 5.x releases
++ LOGG-2192 – New test to check opened log files that are empty
Lynis Enterprise integration
++ Tag ‘redis-server’ is added for systems running Redis
lynis v2.3.3
lynis v2.2.1
lynis v2.2.0
lynis-v-2-1-8
Lynis is a security auditing for Unix derivatives like Linux, BSD, and Solaris. It performs an in-depth security scan on the system to detect software and security issues. Besides information related to security, it will also scan for general system information, vulnerable software packages, and possible configuration issues.
We believe software should be simple, updated on a regular basis and open. You should be able to trust, understand, and even alter the software. Many agree with us, as the software is being used by thousands every day to protect their systems.
Main goals:
+ Security auditing (automated)
+ Compliance testing (e.g. PCI-DSS, HIPAA)
+ Vulnerability testing
The software aims to also assist with:
+ Configuration management
+ Software patch management
+ System hardening
+ Penetration testing
+ Malware scanning
+ Intrusion detection
Installation:
git clone https://github.com/CISOfy/lynis cd lynis ./lynis audit system ----------------------------------------- update cd <your lynis folder> git pull origin master
Or
Download : 2.3.3.zip | 2.3.3.tar.gz
Our post Before : http://seclist.us/lynis-v2-3-0-is-a-system-and-security-auditing-tool-for-unixlinux.html
Source: https://cisofy.com/lynis/