Skip to content

Releases: CISOfy/lynis

Lynis 3.1.1

17 Mar 10:32
@mboelen mboelen
3.1.1
This tag was signed with the committer’s verified signature.
mboelen Michael Boelen
GPG key ID: 26141F77A09D7F04
Learn about vigilant mode.
60afce6
This commit was signed with the committer’s verified signature.
mboelen Michael Boelen
GPG key ID: 26141F77A09D7F04
Learn about vigilant mode.
Compare
Choose a tag to compare
Lynis 3.1.1 Latest
Latest

Lynis 3.1.1 (2024-03-17)

Added

  • Detection of ArcoLinux

Changed

  • DBS-1882 - Redis configuration file path added for FreeBSD (/usr/local/etc/redis.conf)
  • DBS-1882 - Check /snap directory location for Redis configuration file

New Contributors

Contributors

Ximalas
Assets 2

3.1.0

11 Mar 10:01
@mboelen mboelen
3.1.0
This tag was signed with the committer’s verified signature.
mboelen Michael Boelen
GPG key ID: 26141F77A09D7F04
Learn about vigilant mode.
e2e0998
This commit was signed with the committer’s verified signature.
mboelen Michael Boelen
GPG key ID: 26141F77A09D7F04
Learn about vigilant mode.
Compare
Choose a tag to compare
3.1.0

Lynis 3.1.0 (2024-03-11)

Added

  • Translation: Indonesian

Changed

  • MALW-3280 - Correction to detect com.avast.daemon
  • OS detection added for Guix System, macOS Ventura (13.x)/Sonoma (14.x), NXP LSDK, OpenEmbedded "nodistro", and The Yocto Projects distro "Poky"
  • Updated Amazon Linux EOL dates and addition of Amazon Linux 2023
  • STATUS_NOT_ACTIVE variable added to translation files
  • End-of-life dates updated
  • Fixing missing or erroneous test number comments
  • Detection of SentinelOne corrected
  • Wazuh for file integrity and tooling
  • Updated parsing output of arch-audit
  • Added support for SentinelOne detection
  • Replacing deprecated option -i for xargs
  • Path detection for PostgreSQL improved

New Contributors

Contributors

xambroz, avenjamin, and 7 other contributors
Assets 2

Lynis 3.0.9

03 Aug 11:46
@mboelen mboelen
3.0.9
This tag was signed with the committer’s verified signature.
mboelen Michael Boelen
GPG key ID: 26141F77A09D7F04
Learn about vigilant mode.
c65da1a
This commit was signed with the committer’s verified signature.
mboelen Michael Boelen
GPG key ID: 26141F77A09D7F04
Learn about vigilant mode.
Compare
Choose a tag to compare
Lynis 3.0.9

Lynis 3.0.9 (2023-08-03)

Changed

  • DBS-1820 - Added newer style format for Mongo authorization setting
  • FILE-6410 - Locations added for plocate
  • SSH-7408 - Only test Compression if sshd version < 7.4
  • Improved fetching timestamp
  • Minor changes such as typos
Assets 2

Lynis 3.0.8

17 May 13:10
@mboelen mboelen
3.0.8
This tag was signed with the committer’s verified signature.
mboelen Michael Boelen
GPG key ID: 26141F77A09D7F04
Learn about vigilant mode.
8d9cdb2
This commit was signed with the committer’s verified signature.
mboelen Michael Boelen
GPG key ID: 26141F77A09D7F04
Learn about vigilant mode.
Compare
Choose a tag to compare
Lynis 3.0.8

Added

  • MALW-3274 - Detect McAfee VirusScan Command Line Scanner
  • PKGS-7346 Check Alpine Package Keeper (apk)
  • PKGS-7395 Check Alpine upgradeable packages
  • EOL for Alpine Linux 3.14 and 3.15

Changed

  • AUTH-9408 - Check for pam_faillock as well (replacement for pam_tally2)
  • FILE-7524 - Test enhanced to support symlinks
  • HTTP-6643 - Support ModSecurity version 2 and 3
  • KRNL-5788 - Only run relevant tests and improved logging
  • KRNL-5820 - Additional path for security/limits.conf
  • KRNL-5830 - Check for /var/run/needs_restarting (Slackware)
  • KRNL-5830 - Add a presence check for /boot/vmlinuz
  • PRNT-2308 - Bugfix that prevented test from storing values correctly
  • Extended location of PAM files for AARCH64
  • Some messages in log improved
Assets 2

Lynis 3.0.7

18 Jan 13:28
@mboelen mboelen
3.0.7
This tag was signed with the committer’s verified signature.
mboelen Michael Boelen
GPG key ID: 26141F77A09D7F04
Learn about vigilant mode.
ad5dc53
This commit was signed with the committer’s verified signature.
mboelen Michael Boelen
GPG key ID: 26141F77A09D7F04
Learn about vigilant mode.
Compare
Choose a tag to compare
Lynis 3.0.7

Lynis 3.0.7 (2022-01-18)

Added

  • MALW-3290 - Show status of malware components
  • OS detection for RHEL 6 and Funtoo Linux
  • Added service manager openrc

Changed

  • DBS-1804 - Added alias for MariaDB
  • FINT-4316 - Support for newer Ubuntu versions
  • MALW-3280 - Added Trend Micro malware agent
  • NETW-3200 - Allow unknown number of spaces in modprobe blacklists
  • PKGS-7320 - Support for Garuda Linux and arch-audit
  • Several improvements for busybox shell
  • Russian translation of Lynis extended
Assets 2

Lynis 3.0.6

22 Jul 09:37
@mboelen mboelen
3.0.6
This tag was signed with the committer’s verified signature.
mboelen Michael Boelen
GPG key ID: 26141F77A09D7F04
Learn about vigilant mode.
c89fc24
This commit was signed with the committer’s verified signature.
mboelen Michael Boelen
GPG key ID: 26141F77A09D7F04
Learn about vigilant mode.
Compare
Choose a tag to compare
Lynis 3.0.6

Lynis 3.0.6 (2021-07-22)

Added

  • OS detection: Artix Linux, macOS Monterey, NethServer, openSUSE MicroOS
  • Check for outdated translation files

Changed

  • DBS-1826 - Check if PostgreSQL is being used
  • DBS-1828 - Test multiple PostgreSQL configuration file(s)
  • KRNL-5830 - Sort kernels by version instead of modification date
  • PKGS-7410 - Don't show exception for systems using LXC
  • GetHostID function: fallback options added for Linux systems
  • Fix: macOS Big Sur detection
  • Fix: show correct text when egrep is missing
  • Fix: variable name for PostgreSQL
  • German and Spanish translations extended
Assets 2

Lynis 3.0.5

02 Jul 12:27
@mboelen mboelen
3.0.5
This tag was signed with the committer’s verified signature.
mboelen Michael Boelen
GPG key ID: 26141F77A09D7F04
Learn about vigilant mode.
e4d16f3
This commit was signed with the committer’s verified signature.
mboelen Michael Boelen
GPG key ID: 26141F77A09D7F04
Learn about vigilant mode.
Compare
Choose a tag to compare
Lynis 3.0.5

Lynis 3.0.5 (2021-07-02)

Added

  • OS detection of Arch Linux 32, BunsenLabs Linux, and Rocky Linux
  • CRYP-8006 - Check MemoryOverwriteRequest bit to protect against cold-boot attacks (Linux)

Changed

  • ACCT-9622 - Corrected typo
  • HRDN-7231 - When calling wc, use the short -l flag instead of --lines (Busybox compatibility)
  • PKGS-7320 - extended to Arch Linux 32
  • Generation of host identifiers (hostid/hostid2) extended
  • Linux host identifiers are now using ip as preferred input source
  • Improved logging in several areas
Assets 2

Lynis 3.0.4

11 May 09:30
@mboelen mboelen
3.0.4
This tag was signed with the committer’s verified signature.
mboelen Michael Boelen
GPG key ID: 26141F77A09D7F04
Learn about vigilant mode.
33ff247
This commit was signed with the committer’s verified signature.
mboelen Michael Boelen
GPG key ID: 26141F77A09D7F04
Learn about vigilant mode.
Compare
Choose a tag to compare
Lynis 3.0.4

Lynis 3.0.4 (2021-05-11)

Added

  • ACCT-9670 - Detection of cmd tooling
  • ACCT-9672 - Test cmd configuration file
  • BOOT-5140 - Check for ELILO boot loader presence
  • OS detection of AlmaLinux, Garuda Linux, Manjaro (ARM), and others

Changed

  • BOOT-5104 - Add service manager detection support for runit
  • FILE-6430 - Report suggestion only when at least one kernel module is not in the blacklist
  • FIRE-4540 - Corrected nftables empy ruleset test
  • LOGG-2138 - Do not check for klogd when metalog is being used
  • TIME-3185 - Improved support for Debian stretch
  • Corrected issue when Lynis is not executed directly from lynis directory
Assets 2

Lynis 3.0.3

07 Jan 14:28
@mboelen mboelen
3.0.3
This tag was signed with the committer’s verified signature.
mboelen Michael Boelen
GPG key ID: 26141F77A09D7F04
Learn about vigilant mode.
0b6f300
This commit was signed with the committer’s verified signature.
mboelen Michael Boelen
GPG key ID: 26141F77A09D7F04
Learn about vigilant mode.
Compare
Choose a tag to compare
Lynis 3.0.3

Lynis 3.0.3 (2021-01-07)

Added

  • HRDN-7231 - Check for registered non-native binary formats
  • OS detection of Parrot GNU/Linux

Changed

  • DBS-1816 - Force test to check only password authentication
  • KRNL-5677 - Support for NetBSD
  • Bugfix: command 'configure settings' did not work as intended
Assets 2

Lynis 3.0.2

24 Dec 09:31
@mboelen mboelen
3.0.2
This tag was signed with the committer’s verified signature.
mboelen Michael Boelen
GPG key ID: 26141F77A09D7F04
Learn about vigilant mode.
0c9ae15
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
Lynis 3.0.2

Lynis 3.0.2 (2020-12-24)

Added

  • AUTH-9284 - Scan for locked user accounts in /etc/passwd
  • LOGG-2153 - Loghost configuration
  • TOOL-5130 - Check for active Suricata daemon
  • OS detection of Flatcar, IPFire, Mageia, NixOS, ROSA Linux, SLES (extended), Void Linux, Zorin OS
  • OS detection of OpenIndiana (Hipster and Legacy), Shillix, SmartOS, Tribblix, and others
  • EOL dates for Alpine, macOS, Mageia, OmniosCE, and Solaris 11
  • Support for Solaris svcs (service manager)
  • Enumeration of Solaris services

Changed

  • ACCT-9626 - Detect sysstat systemd unit
  • AUTH-9230 - Only fail if both SHA_CRYPT_MIN_ROUNDS and SHA_CRYPT_MAX_ROUNDS are undefined
  • BOOT-5184 - Support for Solaris
  • KRNL-5830 - Improved reboot test by ignoring known bad values
  • KRNL-5830 - Ignore rescue kernel such as on CentOS systems
  • KRNL-5830 - Detection of Alpine Linux kernel
  • NETW-2400 - Compatibility change for hostname check
  • NETW-3012 - Support for Solaris
  • PKGS-7410 - Don't show exception if no kernels were found on the disk
  • TIME-3185 - Supports now checking files at multiple locations (systemd)
  • ParseNginx function: Support include on absolute paths
  • ParseNginx function: Ignore empty included wildcards
  • Set 'RHEL' as OS_NAME for Red Hat Enterprise Linux
  • HostID: Use first e1000 interface and break after match
  • Translations extended and updated
  • Test if pgrep exists before using it
  • Better support for busybox shell
  • Small code enhancements
Assets 2