Security Dashboard
Sunday 8 November 2009 - 552 read - ( Keywords : Configurations checks , Local auditing , Lynis , Vulnerability Scanner )
Lynis is an auditing tool for Unix (specialists). It scans the system and available software, to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes.Changelog :
New:
Added Kernel Hardening section
Sysctl audit support in scan profile and related test [KRNL-6000]
SSH option StrictModes test [SSH-7416]
Password aging limit check [AUTH-9286]
Ubuntu packages check (apt-show-versions) [PKGS-7394]
Check for metalog daemon [LOGG-2210]
USB storage driver state check [STRG-1840]
Firewire storage driver state check [STRG-1846]
PostgreSQL process check [DBS-1826]
Oracle process check [DBS-1840]
Default umask check [AUTH-9328]
Check for rsyslog daemon [LOGG-2230]
RFC 3195 compliant daemon check [LOGG-2240]
Qmail SMTP daemon check [MAIL-8940]
Test for separation of /tmp and /home from root file system [FILE-6310]
SSH AllowUsers and AllowGroups usage check [SSH-7440]
AIX support, thanks to Michael Smerdka
Changes:
Fixed crontabs path [SCHD-7704]
Extended locate database paths for Linux and FreeBSD [FILE-6410]
pflog detection fix [FIRE-4518]
Skip /proc/meminfo for non Linux systems [PROC-3602]
Extended text with rsyslogd [LOGG-2130]
Ignore comment and empty lines for group tests [AUTH-9222/9226]
Show firewall as active when iptables is available in config file [FIRE-4511]
Variable fix for SNMP daemon configuration file [SNMP-3304]
Freshclam check fix [MALW-3286]
Fixed waiting search for NIS domain [NAME-4306]
Check for a maximum of 1 search statement in /etc/resolv.conf [NAME-4018]
Apache test improved [HTTP-6622]
Skip klogd test if rsyslogd is available [LOGG-2138]
Added additional CUPS location to search paths
Only execute PAM test for systems with PAM [AUTH-9268]
Fixed logging of sudoers file location [AUTH-9250]
Improved FreeBSD support for NTP client check [TIME-3104]
Redirect warning "Unknown host" when DNS domain name is empty [NAME-4028]
Redirect warning when host name is empty
Fixed warning color [AUTH-9226]
Fixed FreeBSD COPYRIGHT file test [BANN-7113]
Changed text for sudoers text [AUTH-9250]
Improved text for DNS search domain [NAME-4016]
Skip nginx configuration test if nginx is not available [HTTP-6704]
Removed portsclean suggestion [PKGS-7348]
Fixed non unique IDs
Fixed cosmetic issue when using Debian with default dash shell
Improved hostname detection for HP-UX
Added additional php.ini file locations - Moved Linux default shell check to OS detection functions
Fixed CUPS daemon test [PRNT-2304]
Also check for uppercase chars in issue file [BANN-7126]
POSTSCRIPTUM
COMPLIANCE MANDATES
Vulnerability Scanner : PCI DSS 11.2, 6.6, SOX A13.3, GLBA 16CFR Part 314.4(c), HIPAA 164.308(a)(8), FISMA RA-5, SI-2, ISO 27001-27002 12.6, 15.2.2RELATED ARTICLES
Configurations checks,
Local auditing,
Lynis,
Vulnerability Scanner,
16 December 2009 : Lynis version 1.2.9 just released9 December 2009 : Lynis v1.2.8 released3 December 2009 : Lynis v1.2.7 released (updated)8 November 2009 : Lynis updated to version 1.2.77 April 2009 : Lynis updated to v1.2.6
