Fedora 11 Update: lynis-1.2.9-1.fc11
updates at fedoraproject.org
updates at fedoraproject.org
Thu Feb 18 22:29:01 UTC 2010
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2010-1239
2010-02-18 16:56:05
--------------------------------------------------------------------------------
Name : lynis
Product : Fedora 11
Version : 1.2.9
Release : 1.fc11
URL : http://www.rootkit.nl/projects/lynis.html
Summary : Security and system auditing tool
Description :
Lynis is a security and system auditing tool. It scans a system on the
most interesting parts useful for audits, like:
- Security enhancements
- Logging and auditing options
- Banner identification
- Software availability
Lynis is released as a GPL licensed project and free for everyone to use.
See http://www.rootkit.nl for a full description and documentation.
--------------------------------------------------------------------------------
Update Information:
New: - Support for Squid3 - Added Squid unsafe ports check [SQD-3624]
- Added Squid configuration file permission check [SQD-3613] - Added Squid
test: reply_body_max_size option [SQD-3630] - Added /etc/init.d/rc and
/etc/init.d/rcS to umask test [AUTH-9328] - Check PHP option allow_url_include
[PHP-2378] - Squid support added - Squid daemon detection [SQD-3602] -
Squid configuration file search [SQD-3604] - Squid version detection
[SQD-3606] - Check /etc/motd banner [BANN-7122] - Check /etc/issue.net file
[BANN-7128] - Check contents in /etc/issue.net [BANN-7130] - Solaris single
user mode login check (/etc/default/sulogin) [AUTH-9304] - HP-UX boot
authentication check [AUTH-9306] - Linux single user mode authentication check
[AUTH-9308] - Solaris account locking policy check [AUTH-9340] Changes:
- Extended possible Squid configuration file locations - Added additional
sysctl keys to default profile - Fixed typo in squid.conf checks - Improved
descriptions, logging and reporting for several tests - Corrected
/etc/security/limits.conf path in test [KRNL-5820] - Updated man page, limited
lines to 80 chars - Added prerequisite to SSH test, so the test is skipped
properly [SSH-7440] - Check for /etc/issue symlink [BANN-7124] - Added file
check for possible harmful shells found [AUTH-9218] - Add user home
directories to report [HOME-9302] - Extended Linux run level test with support
for Debian/Ubuntu [KRNL-5622] - Added /lib64/security to PAM test [AUTH-9262]
- Extended security repository check [PKGS-7388] - Iptables check should not
check for a module in a Linux config [FIRE-4511] - Ignore APC ups daemon when
scanning for CUPS [PRNT-2304] - Improved kernel logger daemon check
[LOGG-2138] - Added auditctl to binary check [ACCT-9630] - Log used auditd
ruleset [ACCT-9630] - Corrected logging of Solaris c2audit module [ACCT-9656]
- Fixed warning function for Solaris passwordless accounts [AUTH-9254] -
Commented kern.randompid in default profile - For sysctl the parameter -n will
be used on Linux systems - Changed syslog daemon detection and state -
Extended report file
--------------------------------------------------------------------------------
ChangeLog:
* Sat Jan 30 2010 Rakesh Pandit <rakesh at fedoraproject.org> - 1.2.9-1
- Updated to 1.2.9
* Mon Jun 8 2009 Rakesh Pandit <rakesh at fedoraproject.org> - 1.2.6-2
- fixed requires tag
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #554001 - False positives + Update
https://bugzilla.redhat.com/show_bug.cgi?id=554001
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update lynis' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
More information about the package-announce
mailing list