Lynis v1.2.5 released

by

In: Configurations checks , Local auditing , Lynis , Vulnerability Scanner

28 March 2009

Lynis is an auditing tool for Unix (specialists). It scans the system and available software, to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes.

Examples of audit tests:

  • Available authentication methods
  • Expired SSL certificates
  • Outdated software
  • User accounts without password
  • Incorrect file permissions
  • Firewall auditing

Changelog for release 1.2.5

New:

  • slapd.conf check [LDAP-2224]
  • atd status test [SCHD-7718]
  • Check LDAP module in PAM [AUTH-9278]
  • Check Dovecot status check [MAIL-8838]
  • Check log directories from newsyslog.conf [LOGG-2162]
  • Check log directories from static list [LOGG-2170]
  • Check log directories from logrotate configuration [LOGG-2150]
  • syslog check for remote logging [LOGG-2154]
  • Open log files check [LOGG-2180]
  • Deleted file check [LOGG-2190]
  • Solaris active kernel modules check [KRNL-5770]
  • Solaris audit daemon status check [ACCT-9650]
  • Solaris audit daemon service status [ACCT-9652]
  • Solaris audit daemon BSM check [ACCT-9654]
  • Solaris audit logging location check [ACCT-9662]
  • Solaris audit statistics check [ACCT-9672]
  • Check for installed compiler [HRDN-7202]
  • BIND process check [NAME-4202]
  • BIND configuration file check [NAME-4204]
  • BIND configuration consistency check [NAME-4206]
  • BIND version check via DNS [NAME-4210]
  • Default domain check (/etc/resolv.conf) [NAME-4016]
  • Search domains in /etc/resolv.conf check [NAME-4018]
  • Parse /etc/resolv.conf options [NAME-4020]
  • Solaris /etc/nodename check [NAME-4026]
  • DNS domain checks [NAME-4028]
  • NSCD status check [NAME-4032]
  • PowerDNS presence check [NAME-4230]
  • PowerDNS configuration file check [NAME-4232]
  • PowerDNS backend check [NAME-4236]
  • ypbind status check [NAME-4302]
  • Log specific defined SSH daemon options [SSH-7408]
  • SSH protocol version check [SSH-7414]
  • NIS domain checks [NAME-4304]
  • Check pending at jobs [SCHD-7724]
  • LVM volume group scan [FILE-6310]
  • LVM volumes check [FILE-6312]
  • Locate database check [FILE-6410]
  • nginx configuration file check [HTTP-6704]
  • Exim status check [MAIL-8802]
  • Postfix status check [MAIL-8814]

Changes:

  • atd needs to run before testing at files [SCHD-7720]
  • Removed Solaris OS requirement from logrotate test [LOGG-2148]
  • Sanitized output from logrotate test [LOGG-2148]
  • Skip comment fields in loghost check [LOGG-2152]
  • Changed auditd tests to Linux only
  • Binary scan optimized and partially combined with other check
  • Only perform iptables tests if kernel module is active
  • Don’t show message when /etc/shells can’t be found [SHLL-6211]
  • Check /var/spool/cron/crontabs first, if it exists [SCHD-7704]
  • Renumbered FreeBSD test SHLL-7225 [SHLL-6202]
  • Renumbered malware test MALW-3292 [HRDN-7230]
  • Improved grep on process status [PRNT-2304]
  • Ignore comment lines for nginx log file check [HTTP-6720]
  • Added file check for nginx log files [HTTP-6720]
  • Display IP addresses only of NTP tests [TIME-3124]
  • Fixed Postfix configuration directory path [MAIL-8816]
  • Redirected output of yum package duplicate check [PKGS-7384]
  • Ignore comment lines for lilo test [BOOT-5139]
  • Fixed incorrect iptables status and correct logging [FIRE-4511]
  • Check SNMP configuration only if SNMP daemon runs [SNMP-3304]
  • Don’t scan PAM directories which are symlinks [AUTH-9268]
  • Changed hardening category to hardening_tools
  • Adjusted hardening points of several tests
  • Log and display improvements for several tests

Post scriptum

Compliance Mandates

  • Vulnerability Scanner :

    PCI DSS 11.2, 6.6, SOX A13.3, GLBA 16CFR Part 314.4(c), HIPAA 164.308(a)(8), FISMA RA-5, SI-2, ISO 27001-27002 12.6, 15.2.2


Related Articles

Configurations checks
Local auditing
Lynis
Vulnerability Scanner