Lynis 1.1.9 released

Lynis is an auditing tool for Unix (specialists). It scans the system and available software, to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes.

New:

  • New test: AppArmor framework check [MACF-6204]
  • New test: FreeBSD boot loader test [BOOT-5124]
  • New test: PHP option register_globals [PHP-2368]
  • New test: Promiscuous network interfaces (Linux) [NETW-3015]
  • Report option ’bootloader’ added to several tests
  • Added readlink binary check

Changes:

  • Extended file check (IsWorldWritable) for symlinks
  • Show result if no default gateway is found [NETW-3001]
  • Added /usr/local/etc to sudoers test [AUTH-9250]
  • Improved FreeBSD banner output [BANN-7113]
  • Removed incorrect line at promiscuous interface test [NETW-3014]
  • Fix: Show only once the GRUB test output [BOOT-5121]
  • Fix: Typo in NTP test [TIME-3104]
  • Fix: Skip NTP test in /etc/cron.d if empty [TIME-3104]
  • Fix: Initialize values when performing an update check without connection
  • Fix: Solaris id function has been fixed
  • Disabled FreeBSD double packages tests, due minor issues [PKGS-7303]
  • Changed LDAP/MySQL running states [LDAP-2219] [DBS-1804]
  • Replaced ifconfig calls with IFCONFIGBINARY
  • Renamed tests_auditing to tests_mac_frameworks
  • Several tests improved with extended logging

Post scriptum

Compliance Mandates

  • Vulnerability Scanner :

    PCI DSS 11.2, 6.6, SOX A13.3, GLBA 16CFR Part 314.4(c), HIPAA 164.308(a)(8), FISMA RA-5, SI-2, ISO 27001-27002 12.6, 15.2.2


Comments

Related Articles

Configurations checks
Local auditing
Lynis
Vulnerability Scanner