Lynis 2.3.1

Lynis 2.3.1 (2016-07-14)

This is a minor patch to improve upon findings in version 2.3.0.

Changes:

• Convert all skipped tests to uppercase
• Only add license key when it is defined
• Updated French translation
• Exclude custom.prf from tarball (download via website)

Lynis 2.3.0

Lynis 2.3.0 (2016-07-13)

We are excited to announce this major release of auditing tool Lynis. Several big
changes have been made to core functions of Lynis. These changes are the next of
simplification improvements we made. There is a risk of breaking your existing
configuration. See the tips below to upgrade.

This release will soon also be available in our software repository. For more
details see https://packages.cisofy.com to install and upgrade Lynis.

Upgrade tips

Default profile and custom profiles:
Settings of multiple profiles can now be merged. Instead of making changes to
default.prf, copy your changes to custom.prf. Use 'lynis show profiles' to show
any detected profiles. Only include your changes in custom.prf, to keep the
configuration clean and tidy. They will then overwrite the defaults. Use
'lynis show settings' to see if they are applied.

Check your cron jobs:
When using --quiet, the output will be really quiet now. Use --show-warnings-only
if you still want to see the warnings. Lynis will now exit with error 0, even
when warnings have been found. Use option error-on-warnings=yes (custom.prf) to
exit with code 78 when it has any warnings.

Details

Ansible

New Ansible examples for deployment: https://github.com/CISOfy/lynis-ansible

Databases

Lynis will check also for DB2 instances and report the status.

Developer Mode

With this release the developer mode is introduced. It can be activated with the
--developer option, or developer-mode=yes in profile. In development mode, some
details are displayed on screen, to help testing of existing or new tests.

To get easy access, a new profile has been added (developer.prf).

Examples:
lynis audit system --profile developer.prf
lynis audit system --developer

A new software development kit (SDK) for Lynis is available on GitHub. This will
help contributors and developers to test software quality, including linting and
running unit tests. The devkit also supports building DEB and RPM files for easy
deployment. The repository can be found on https://github.com/CISOfy/lynis-sdk

Documentation

Template files have been updated to provide better examples on how to create
custom tests and plugins.

To simplify the usage of Lynis, a new helper utility has been added: show.
This helper will show help, or values (e.g. version, plugin directories, etc).
Some examples include: lynis show options, lynis show commands, lynis show
version, etc. See lynis show for all available details.

File Systems

The XFS file system detection has been added. Mount points /dev/shm and /var/tmp
are now checked for their options. Comparison of the mount options has been
improved. A new test has been added to check if /var/tmp has been bound to /tmp.

Language Support

Lynis now supports language translations, with the language profile option.
Initial languages: Dutch (nl), English (en), French (fr).

You can help by translating the language files in the db directory.

Mac OS X Improvements

Package manager Brew has been added

nginx

Show suggestion when weak protocol is used, like SSLv2 or SSLv3. The protocols
are now also parsed and stored as details in the report file.

Packages

Systems running CentOS, Debian, openSUSE, RHEL, Ubuntu and others, may now use
our own software repository: https://packages.cisofy.com

Performance

Several performance improvements have been implemented. This includes rewriting
tests to invoke less commands and enhanced hardware detection at the beginning.

Plugins

You can set the plugin directory now also via a profile. First match wins.
Priority: 1) argument, 2) profile, 3) default

--plugindir is now an alias for --plugin-dir

Profiles

Lynis now support multiple profiles. By using a file 'custom.prf', it allows to
inherit values first from default.prf, then merge it with custom.prf.

Several tests have been altered to support multiple profiles.

New profile options:
quick=yes|no (similar to --quick)
developer (see Developer section)
check-value

Remote scanning

Although Lynis is a aimed on running on local hosts, there is still an ongoing
demand for running remote scans. With 'lynis audit system remote' tips are now
provides to perform such a scan via SSH.

Software

Zypper calls are now marked with a non-interactive flag to prevent it waiting for
any interactive input.

Solaris

Improve execution for Solaris systems.

SSH

The configuration of SSH is now parsed from the SSH daemon directly. This enables
handling with new defaults more easily, as OpenSSH sometimes introduces new keys,
or change their default value between versions.

Systemd

Added support for detecting systemd and reporting it as a service manager. The
systemd plugin has been released as a community plugin.

Uploads

Solved a bug which added the proxy configuration twice.

Profile options: upload-tool and upload-tool-arguments

General Improvements

The screen output has been improved, to show more meaningful things when some
parameters are missing. Several old variables and lines have been cleaned up.

The Display function now allows the --debug flag. This helps in showing some
lines on screen, which would normally be hidden (e.g. items not found or
matched).

Logging has been improved in different areas, like cleaning up and add more
relevant messages where needed.

The interface colors have been changed, to make it more obvious how the software
can be used. Also the wait line between categories have been altered, to properly
display on systems with a white background.

When no auditor name has been specified, it will say that instead of unknown.

Functions file has been cleaned up, including adding developer debug information
when old functions are still be used. Later on these functions will be deleted,
and therefore placed at the bottom.

Program Options

• --developer - Enable developer mode
• --verbose - Show more details on screen, reduce in normal mode
• --show-warnings-only - Only show warnings on screen
• --skip-plugins - Disable running any plugins (alias: --no-plugins)
• --quiet - Changed: become really quiet
• --config - Removed: use 'lynis show profiles' instead

Functions

• AddSetting - New function to store settings (lynis show settings)
• ContainsString - New function to search for a string in another one
• Display - Added --debug, showing details on screen in debug mode
  - Reset identation for lines which are too long
• DisplayToolTip - New function to display tooltips
• IsDebug - Check for usage of --debug
• IsDeveloperMode - Status for development and debugging (--developer)
• IsDeveloperVersion - Check if release is still under development
• IsRunning - Added return state
• IsVerbose - Check for usage of --verbose
• IsOwnedByRoot - Check ownership of files and directories
• IsWorldWritable - Improved test with additional details
• PortIsListening - Check if a service it listening to a specified port
• SkipAtomicTest - Allow smaller tests to be skipped (e.g. SSH-7408)

Tests

• AUTH-9234 - Test for minimal UID in /etc/login.defs when available
• AUTH-9254 - Allow allow root to use this test, due to permissions
• AUTH-9262 - Restructure of test, support for pwquality PAM
• AUTH-9288 - Only check for accounts which have a maximum password age set
• AUTH-9308 - Check for systemd targets
• BANN-7119 - /etc/motd test disabled
• BANN-7122 - /motd content test disabled
• BOOT-5122 - Extended GRUB password check
• BOOT-5184 - Improve file permissions check for CentOS 7 machines
• DBS-1860 - Check for status of DB2
• CRYP-7902 - Improved logging
• FILE-6354 - Restrict searching in /tmp to mount point only
• FILE-6372 - Properly checking for /etc/fstab now, ignore comments
• FILE-6374 - Added /dev/shm and /var/tmp
• FILE-6374 - New test for /var/tmp
• FILE-6430 - New test for detecting specific filesystems
• FILE-7524 - Support for multiple profiles
• HTTP-6632 - Fix for proper detection of Apache modules
• HTTP-6642 - Test disabled
• HTTP-6710 - Trigger suggestion when weak protocols SSLv2/SSLv3 are used
• KRNL-5788 - Support for kernel with grsecurity patches (linux-image-grsec)
• KRNL-5820 - Improved logging for test
• KRNL-6000 - Allow multiple profiles to be used, store more details
• LOGG-2190 - Improvements for Fail2Ban and cron-related files
• NETW-3014 - Support for multiple profiles
• PKGS-7303 - Added Brew package manager
• PKGS-7354 - Test for DNF repoquery plugin before using it
• PKGS-7381 - Check for vuln.xml file
• PRNT-2306 - Check if files are readable before parsing them
• PROC-3612 - Removed wchan output to prevent grsecurity issues
• SCHD-7702 - Test for running cron daemon
• SCHD-7704 - Test ownership of cronjob files
• SSH-7408 - Show weak configurations of SSH on screen as a suggestion
• TOOL-5102 - Test for Fail2ban tooling
• TOOL-5190 - Test for intrusion detection or prevention system

Plugins

• PLGN-1602 - Marked as root-only
• PLGN-2612 - Marked as root-only
• PLGN-2804 - Marked as root-only
• PLGN-3202 - Marked as root-only

Lynis 2.2.0

= Lynis 2.2.0 (2016-03-18) =

We are proud to present this new release of Lynis. It is a major upgrade, and the
result of many months of work. This version includes new features and tests, and
many small enhancements. We encourage all to test and upgrade to this latest
release.

* Highlights

The biggest change in this release is the optimization of several functions. It
allows for better detection, and dealing with the quirks, of every single
operating system. Some functions were fortified to handle unexcepted results
better, like missing a particular binary, or not returning the hostname.

This release also enables tests to be shorter, by adding new functions. Some
functions were renamed or slightly changed, to provide more value to the tooling.
Another big change in this release is a wide set of optimizations and quality
testing. Outdated pieces were removed, or rewritten, to support features seen in
newer distributions.

In the area of compliance, adjustments have been made to start supporting more
in-depth testing for this. Ideal for companies who have a particular compliance
need, or want to test and enforce the system hardening levels of their systems.

Last but not least, many small changes make this software easier to use. On
our website we added new guides to provide help and support.

We like to thank our contributors, in particular Kamil Boratyński, Steve Bosek,
and Eric Light. Their contributions helped us greatly shaping this release.

Below are the changes per category:

* Automation tools

Detection for CFEngine has been improved. Also additional logging and reporting
of automation tools.

* Authentication

Depending on the operating system, Lynis now tries to determine if failed logins
are properly logged. This includes checking for /etc/login.defs file [AUTH-9408].
Merged previous password check for Solaris into test AUTH-9228. User ids on AIX
will be gathered and added to the report [AUTH-9234].

New plugin is introduced to analyze PAM settings. It including items like:

• Two-factor authentication methods
• Minimum password length, password strength and protection status against brute
  force cracking
• Password history

Report option: auth_failed_logins_logged

* Boot

Added detection for Mac OSX boot loader. Initial support to test UEFI settings,
including Secure Boot option. Options boot_uefi_booted and
boot_uefi_booted_secure added to report file

* Compliance

This release prepares for upcoming extensions to assist with compliance testing.
The profile has a new option, which can be used to define what standards should
be tested for, if any test is available. The related option is:
compliance_standards

Right now these standards can be selected:

• CIS benchmarks
• HIPAA
• ISO27001/ISO27002
• PCI DSS

Note that additional tests will be implemented in future releases and then tagged
to these particular standards.

* DNS and Name services

Support added for Unbound DNS caching tool [NAME-4034], including a configuration
check [NAME-4036].

Record if a name caching utility is being used like nscd or Unbound. Also logging
to report as field name_cache_used

* Firewalls

Test for IPFW firewall on FreeBSD has been improved: status of pflogd will no
longer be displayed, when pf is not available.

New test FIRE-4532 introduced for detection of the Mac OS X application firewall.
Also, the status of application firewalls is audited now.

FIRE-4508 is another new test, which tests chains of iptables and their default
policy (ACCEPT or DROP). This release also supports the upcoming nftables
technology with new test FIRE-4536. It is expected that it will replace iptables
later on, so this test will perform a status check. Additional FIRE-4548 will
perform a version detection of the userland utility nft and determine if there
are any rules configured.

Renamed FIRE-4511 to FIRE-4502.

* File Integrity Monitoring

Test added to include osqueryd as a supported tool.

* Hardware

Detection of firewire is enhanced (both ohci and core detected).

* Logging

Extended the test syslog-ng logging to remote systems. The log Lynis itself
produces is also enhanced, to be more detailed for several tests.

* Malware

ESET and LMD (Linux Malware Detect) have been added. Discovered malware scanners
are also logged to the report.

* Mount points

FILE-6374 is expanded to test for multiple common mount points and define best
practice mount flags.

* Networking

Best practices for IPv6 configuration on Linux are now collected. Also network
interface names from most operating systems.

* Operating systems

Improved support for Debian 8 systems, and displaying Gentoo for Gentoo-based
systems. Detection of VMware release has been added. Boot loader exception is not
longer displayed when only a subset of tests is performed. FreeBSD systems can
now use service command to gather information about enabled services.

Several paths have been added to allow better detection on systems running
FreeBSD and others.

* Passwords

AUTH-9286 change has been extended to both capture minimum and password age.

* Proxy support

A proxy can now be specified in the profile, to allow uploads via a HTTP or SOCKS
proxy.

* Service Managers

SystemV init is now detected.

* Software and Packages

Now information will be logged when vulnerable software packages were found.
Support for DNF (Dandified YUM) for Fedora systems has been added. This is done
in several tests: PKGS-7350 (installed packages), PKGS-7352 (security notices),
PKGS-7354 (integrity tests).

* SSH

Multiple configuration tests of SSH are now merged into SSH-7408. This enables
easier testing later on and reduces repetition.

* Virtual machines and Containers

Detection of virtual machines has been extended in several ways. Now VMware tools
(vmtoolsd) are detected and machine state is improved with tools like Puppet
Facter, dmidecode, and lscpu. Properly detect Docker on CoreOS systems, where it
before gave error as it found directory /usr/libexec/docker. Check file
permissions for Docker files, like the socket file [CONT-8108].

* Individual tests

[AUTH-9204] Exclude NIS entries to avoid false positives
[AUTH-9230] Removed test as it was merged into AUTH-9228
[AUTH-9234] Support for AIX added
[AUTH-9288] Test for expired passwords
[AUTH-9328] Show correct message when no umask is found in /etc/profile. It also
includes improved logging, and support for other operating systems.
[BOOT-5104] Rewrote test to detect SysV init and other service managers
[BOOT-5106] New test to test boot loader on Mac OS X
[BOOT-5180] Only gets executed if runlevel 2 is found
[CONT-8108] New test to test for Docker file permissions
[DBS-1816] Removed suggestion
[FILE-6310] Add more details to test when a symlinked path has been found
[FILE-6410] Added /var/lib/locatedb as search path
[FINT-4338] Added osquery test
[FIRE-4508] Added chains test for iptables
[FIRE-4511] Renamed to FIRE-4502
[FIRE-4536] Support for nftables detection
[FIRE-4538] Basic configuration check for for nftables
[HOME-9310] Use POSIX compatible flags to avoid errors on BusyBox
[HTTP-6622] Determine Apache version and log to report
[HTTP-6624] Ignore wildcard and default entries as ServerName for Apache
[LOGG-2154] Additional support for log destinations for syslog-ng
[MALW-3278] New test to detect LMD (Linux Malware Detect)
[NAME-4406] Changed logic for localhost check and more detailed logging
[NETW-2600] IPv6 configuration check for Linux
[NETW-3032] Added ARP monitoring software test
[PKGS-7308] Split package name and version for RPM based package manager
[PKGS-7350] Support for installed packages via Fedora DNF package manager (Dandified YUM)
[PKGS-7352] Query security notices for DNF
[PKGS-7354] Perform integrity tests for package database (DNF)
[SHLL-6230] Test for umask values in shell configuration files (e.g. rc files)
[STRG-1842] New test for checking authorized USB devices
[TIME-3104] Show only suggestion on FreeBSD systems if ntpdate is configured
[TIME-3170] New test to check NTP configuration files

* Functions

[CreateTempFile] Create a temporary file
[DigitsOnly] New function to extract only numbers from a text string
[DisplayManual] New function to show text on screen without any markup
[ExitCustom] New function to allow program to exit with a different exit code, depending on outcome
[GetHostID] If no MAC address is found, use SSH keys for creation of a host identifier
[IsWordWritable] Changed return codes for easier usage of the function
[LogText] Replaces the older logtext function
[RandomString] Creates a random string of characters
[RemoveTempFiles] Remove any created temporary files
[Report] Replaces the older report function
[ReportSuggestion] Allows two additional parameters to store details
(text and external reference to a solution)
[ReportWarning] Like ReportSuggestion() has additional parameters
[ShowComplianceFinding] Display compliance findings
[ShowSymlinkPath] Ensure readlink is available

* General improvements

• When using pentest mode, it will continue without any delays (=quick mode).
• Plugins execution is improved, with improved logged and counting of active
  plugins.
• Data uploads: provide help when self-signed certificates are used.
• Improved output for tests which before showed results as a warning, instead of
  just as a suggestion.
• Lynis now uses different exit codes, depending on errors or finding warnings.
  This helps with automation and any custom scripting you want to apply.
• Preparations to allow compressing the Lynis report file and enhance uploads.
• Added --config option to show what settings file or profile is used.
• Tool tips are displayed, to make Lynis even easier to use.
• Show a warning if the release ...

Lynis 2.1.1

= Lynis 2.1.1 (2015-07-22) =

This release adds a lot of improvements, with focus on performance, and
additional support for common Linux distributions and external utilities.
We recommend to use this latest version.

* Operating system enhancements

Support for systems like CentOS, openSUSE, Slackware is improved.

* Performance

Performance tuning has been applied, to speed up execution of the audit on
systems with many files. This also includes code cleanups.

* Automatic updates

Initial work on an automatic updater has been implemented. This way Lynis
can be scheduled for automatic updating from a trusted source.

* Internal functions

Not all systems have readlink, or the -f option of readlink. The
ShowSymlinkPath function has been extended with a Python based check, which
is often available.

* Software support

Apache module directory /usr/lib64/apache has been added, which is used on
openSUSE.

Support for Chef has been added.

Added tests for CSF's lfd utility for integrity monitoring on directories and
files. Related tests are FINT-4334 and FINT-4336.

Added support for Chrony time daemon and timesync daemon. Additionally NTP
sychronization status is checked when it is enabled.

Improved single user mode protection on the rescue.service file.

* Other

Check for user permissions has been extended.
Python binary is now detected, to help with symlink detection.
Several new legal terms have been added, which are used for usage in banners.
In several files old tests have been removed, to further clean up the code.

* Bug fixes

Nginx test showed error when access_log had multiple parameters.
Tests using locate won't be performed if not present.
Fix false positive match on Squid unsafe ports [SQD-3624].
The hardening index is now also inserted into the report if it is not displayed
on screen.

* Functions

Added AddSystemGroup function

* New tests

Several new tests have been added:

[PKGS-7366] Scan for debsecan utility on Debian systems
[PKGS-7410] Determine amount of installed kernel packages
[TIME-3106] Check synchronization status of NTP on systemd based systems
[CONT-8102] Docker daemon status and gather basic details
[CONT-8104] Check docker info for any Docker warnings
[CONT-8106] Check total, running and unused Docker containers

* Plugins

[PLGN-2602] Disabled by default, as it may be too slow for some machines
[PLGN-3002] Extended with /sbin/nologin

* Documentation

A new document has been created to help with the process of upgrading Lynis.
It is available at https://cisofy.com/documentation/lynis/upgrading/

Lynis 2.1.0

= Lynis 2.1.0 (2015-04-16) =

General:

---

Screen output has been improved to provide additional information.

OS support:

---

CUPS detection on Mac OS has been improved. AIX systems will now use csum
utility to create host ID. Group check have been altered on AIX, to include
the -n ALL. Core dump check on Linux is extended to check for actual values
as well.

Software:

---

McAfee detection has been extended by detecting a running cma binary.
Improved detection of pf firewall on BSD and Mac OS. Security patch checking
with zypper extended.

Session timeout:

---

Tests to determine shell time out setting have been extended to account for
AIX, HP-UX and other platforms. It will now determine also if variable is
exported as a readonly variable. Related compliance section PCI DSS 8.1.8
has been extended.

Documentation:

---

• New document: Getting started with Lynis
  https://cisofy.com/documentation/lynis/get-started/

  Plugins (Enterprise):

• Update to file integrity plugin
  Changes to PLGN-2606 (capabilities check)

• New configuration plugins:
  PLGN-4802 (SSH settings)
  PLGN-4804 (login.defs)

  Download link: https://cisofy.com/download/lynis/

Lynis 2.0.0

= Lynis 2.0.0 (2015-02-25) =

The first release within the 2.x branch! It includes several new features, to
simplify or improve auditing on Unix based systems, including BSD, Linux,
Mac OS and more traditional systems like AIX, HPUX and Solaris.

New features and many improvements are the reason for the bump to a major
release, also a beginning of a new era. Many tools to audit or harden systems
have being released, yet none have been maintained over a long period of time.

• Support and Feedback

  This software is supported and under development by CISOfy. By providing a
  dual license, this software is kept up-to-date and enhanced. Both customers
  and the community, benefit from this licensing. This release is available
  thanks to your input and feedback.

• Helpers

  New in this release is the support for helpers. Small utilities which enhance
  Lynis by providing a single goal. The first helper available is to audit
  Docker build files.

• Improved OS support

  Many changes have been implemented to better support Linux, FreeBSD, NetBSD
  DragonBSD and OpenBSD in particular. Upcoming releases will include smaller
  "improvement rounds" for other systems as well.

• New technologies

  More utilities and technologies are supported now. Technologies and tools
  like systemd, Docker, nftables.

• Lynis Enterprise

  As this code is shared, customers have an additional option to define to
  what server they want to upload the audit results. Also, commercial plugins
  have been bundled.

• New parameters

  Several new options have been added:
  --dump-options (see all options)
  --report-file (define a different location for the report file)

• General

  Documentation on the website has been extended: https://cisofy.com/support/
  The man page, Lynis binary and several tests have improved texts.

  This release is exceptional in that it includes many changes. We have done
  a lot of testing on different platforms. You could expect this software to be
  stable. Still, an assumption is no guarantee and especially no substitution
  for testing in your own environment. If you encounter issues, please report
  them via one of the links above in this changelog.

  Enjoy this new release!

Release 1.6.4

• 1.6.4 (2014-11-04)

  New:

• Boot loader detection for AIX [BOOT-5102]

• Detection of getcap and lsvg binary

• Added filesystem_ext to report

• Detect rootsh

  Changes:

• Hide errors when RPM database is faulty and show suggestion instead [PKGS-7308]

• Allow OpenBSD to gather information on listening network ports [NETW-3012]

• Don't trigger warning for Shellshock when doing segfault test [SHLL-6290]

• Do not run Apache test on OpenBSD and strip control chars [HTTP-6624]

• Extended AIDE test with configuration validation test [FIND-4314]

• Improved Shellshock test regarding non-Linux support [SHLL-6290]

• Added support for gathering volume groups on AIX [FILE-6311]

• Properly parse PAM lines and add them to report [AUTH-9264]

• Support for boot loader detection on OpenBSD [BOOT-5159]

• Added uptime detection for OpenBSD systems [BOOT-5202]

• Support for volume groups on AIX [FILE-6312]

• Redirect errors when searching for readlink binary

Release 1.6.3

New:

• Added tests for Shellshock bash vulnerability [SHLL-6290]

• Added test to determine if Snoopy is used [ACCT-9636]

• New test for qdaemon configuration file [PRNT-2416]

• Test for GRUB boot loader password [BOOT-5122]

• New test for qdaemon printer jobs [PRNT-2420]

• Added ClamXav test for Mac OS X [MALW-3288]

• Gentoo vulnerable packages test [PKGS-7393]

• New test for qdaemon status [PRNT-2418]

• Gentoo package listing [PKGS-7304]

• Running Lynis without root permissions will start non-privileged scan

• Systemd service and timer example file added

• Added grub2-install to binaries

  Changes:

• Adjustments so insecure SSL protocols are detected in nginx config [HTTP-6710]

• Directories will be skipped when searching for nginx log files [HTTP-6720]

• Only gather unique name servers from /etc/resolv.conf [NAME-2704]

• Properly detect mod_evasive on Gentoo and others [HTTP-6640]

• Improved swap partition detection in /etc/fstab [FILE-6336]

• Improvements to kernel detection (e.g. Gentoo) [KRNL-5830]

• Test for built-in security options in YUM [PKGS-7386]

• Improved boot loader detection for GRUB2 [BOOT-5121]

• Split GRUB test into two tests [BOOT-5122]

• Added Mac OS uptime check [BOOT-5202]

• Improved GetHostID function for systems having only ip binary

• Improved testing for symlinked binary directories

• Minor adjustments to log output

• Renamed dev directory to extras

Release 1.6.2

This is the 1.6.2 release.

• 1.6.2 (2014-09-22)

  New:

• IsVirtualMachine function to check if system is running in VM

  VM types: Bochs CPU emulation, IBM z/VM, KVM, Linux Containers,
  libvirt LXC driver (Linux Containers), Microsoft Virtual PC, OpenVZ,
  Oracle VM VirtualBox, QEMU, Systemd Namespace container,
  User-Mode Linux (UML), VMware products, XEN

• Detection for SaltStack configuration management tooling

• ShowSymlinkPath function to check path behind a symlink

• Check of configuration options of pacman [PKGS-7314]

• Support for drill binary to check for Lynis update

• FileIsEmpty function to check for empty files

• Detect updates for Arch Linux [PKGS-7312]

• Add detection for machine ID (systemd)

• Added linux_config_file to report

• Bash completion script for Lynis

• Added detection of ss binary

  Changes:

• Extended system reboot check, to enable it for most Linux versions[KRNL-5830]

• Improved inetd test to avoid false positive with xinetd process [INSE-8002]

• Permissions check has been adjusted to allow packaging and pentest mode

• Added detection for compressed Linux config file [KRNL-5728]

• Added support for compressed Linux config file [KRNL-5730]

• Store PID file in home directory of the user, if needed

• Added usage of ss to gather listening ports [NETW-3012]

• Additional permission added to CUPS check [PRNT-2307]

• Extended telnet in inetd test [INSE-8016]

• Fix for reading at.deny file [SCHD-7720]

• Removed individual warnings [BOOT-5184]

• Several improvements for Arch Linux

Version 1.6.1

Version 1.6.1