Fedora 20 Update: lynis-1.6.4-1.fc20

updates at fedoraproject.org updates at fedoraproject.org
Tue Nov 25 15:32:04 UTC 2014 

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2014-15209
2014-11-16 13:42:11
--------------------------------------------------------------------------------

Name        : lynis
Product     : Fedora 20
Version     : 1.6.4
Release     : 1.fc20
URL         : http://cisofy.com/lynis/
Summary     : Security and system auditing tool
Description :
Lynis is an auditing and hardening tool for Unix/Linux and you might even call
it a compliance tool. It scans the system and installed software. Then it
performs many individual security control checks. It determines the hardening
state of the machine, detects security issues and provides suggestions to
improve the security defense of the system.

--------------------------------------------------------------------------------
Update Information:

== 1.6.4 (2014-11-04) ==

New:
- Boot loader detection for AIX [BOOT-5102]
- Detection of getcap and lsvg binary
- Added filesystem_ext to report
- Detect rootsh

Changes:
- Hide errors when RPM database is faulty and show suggestion instead [PKGS-7308]
- Allow OpenBSD to gather information on listening network ports [NETW-3012]
- Don't trigger warning for Shellshock when doing segfault test [SHLL-6290]
- Do not run Apache test on OpenBSD and strip control chars [HTTP-6624]
- Extended AIDE test with configuration validation test [FIND-4314]
- Improved Shellshock test regarding non-Linux support [SHLL-6290]
- Added support for gathering volume groups on AIX [FILE-6311]
- Properly parse PAM lines and add them to report [AUTH-9264]
- Support for boot loader detection on OpenBSD [BOOT-5159]
- Added uptime detection for OpenBSD systems [BOOT-5202]
- Support for volume groups on AIX [FILE-6312]
- Redirect errors when searching for readlink binary

== * 1.6.3 (2014-10-14) ==

New:
- Added tests for Shellshock bash vulnerability [SHLL-6290]
- Added test to determine if Snoopy is used [ACCT-9636]
- New test for qdaemon configuration file [PRNT-2416]
- Test for GRUB boot loader password [BOOT-5122]
- New test for qdaemon printer jobs [PRNT-2420]
- Added ClamXav test for Mac OS X [MALW-3288]
- Gentoo vulnerable packages test [PKGS-7393]
- New test for qdaemon status [PRNT-2418]
- Gentoo package listing [PKGS-7304]
- Running Lynis without root permissions will start non-privileged scan
- Systemd service and timer example file added
- Added grub2-install to binaries

Changes:
- Adjustments so insecure SSL protocols are detected in nginx config [HTTP-6710]
- Directories will be skipped when searching for nginx log files [HTTP-6720]
- Only gather unique name servers from /etc/resolv.conf [NAME-2704]
- Properly detect mod_evasive on Gentoo and others [HTTP-6640]
- Improved swap partition detection in /etc/fstab [FILE-6336]
- Improvements to kernel detection (e.g. Gentoo) [KRNL-5830]
- Test for built-in security options in YUM [PKGS-7386]
- Improved boot loader detection for GRUB2 [BOOT-5121]
- Split GRUB test into two tests [BOOT-5122]
- Added Mac OS uptime check [BOOT-5202]
- Improved GetHostID function for systems having only ip binary
- Improved testing for symlinked binary directories
- Minor adjustments to log output
- Renamed dev directory to extras

== * 1.6.2 (2014-09-22) ==

New:
- IsVirtualMachine function to check if system is running in VM

   VM types: Bochs CPU emulation, IBM z/VM, KVM, Linux Containers,
             libvirt LXC driver (Linux Containers), Microsoft Virtual PC, OpenVZ,
             Oracle VM VirtualBox, QEMU, Systemd Namespace container,
             User-Mode Linux (UML), VMware products, XEN

- Detection for SaltStack configuration management tooling
- ShowSymlinkPath function to check path behind a symlink
- Check of configuration options of pacman [PKGS-7314]
- Support for drill binary to check for Lynis update
- FileIsEmpty function to check for empty files
- Detect updates for Arch Linux [PKGS-7312]
- Add detection for machine ID (systemd)
- Added linux_config_file to report
- Bash completion script for Lynis
- Added detection of ss binary

Changes:
- Extended system reboot check, to enable it for most Linux  versions[KRNL-5830]
- Improved inetd test to avoid false positive with xinetd process [INSE-8002]
- Permissions check has been adjusted to allow packaging and pentest mode
- Added detection for compressed Linux config file [KRNL-5728]
- Added support for compressed Linux config file [KRNL-5730]
- Store PID file in home directory of the user, if needed
- Added usage of ss to gather listening ports [NETW-3012]
- Additional permission added to CUPS check [PRNT-2307]
- Extended telnet in inetd test [INSE-8016]
- Fix for reading at.deny file [SCHD-7720]
- Removed individual warnings [BOOT-5184]
- Several improvements for Arch Linux
--------------------------------------------------------------------------------
ChangeLog:

* Fri Nov 14 2014 Christopher Meng <rpm at cicku.me> - 1.6.4-1
- Update to 1.6.4
* Fri Sep 12 2014 Christopher Meng <rpm at cicku.me> - 1.6.1-1
- Update to 1.6.1
* Sun Aug  3 2014 Christopher Meng <rpm at cicku.me> - 1.5.9-1
- Update to 1.5.9
* Fri Jul 11 2014 Christopher Meng <rpm at cicku.me> - 1.5.7-1
- Update to 1.5.7
* Mon Jun 16 2014 Christopher Meng <rpm at cicku.me> - 1.5.6-1
- Update to 1.5.6
* Sat Jun  7 2014 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1.5.3-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
* Wed May 21 2014 Christopher Meng <rpm at cicku.me> - 1.5.3-1
- Update to 1.5.3
* Fri Apr 11 2014 Christopher Meng <rpm at cicku.me> - 1.5.0-1
- Update to 1.5.0
* Sat Mar  8 2014 Christopher Meng <rpm at cicku.me> - 1.4.4-1
- Update to 1.4.4
* Thu Feb 27 2014 Christopher Meng <rpm at cicku.me> - 1.4.3-1
- Update to 1.4.3
* Fri Feb 21 2014 Christopher Meng <rpm at cicku.me> - 1.4.2-1
- Update to 1.4.2
* Wed Feb 19 2014 Christopher Meng <rpm at cicku.me> - 1.4.1-1
- Update to 1.4.1
* Fri Feb  7 2014 Christopher Meng <rpm at cicku.me> - 1.4.0-1
- Update to 1.4.0
* Fri Jan 10 2014 Christopher Meng <rpm at cicku.me> - 1.3.9-1
- Update to 1.3.9
* Sat Dec 28 2013 Christopher Meng <rpm at cicku.me> - 1.3.8-1
- Update to 1.3.8
* Thu Dec 12 2013 Christopher Meng <rpm at cicku.me> - 1.3.7-1
- Update to 1.3.7
* Wed Dec  4 2013 Christopher Meng <rpm at cicku.me> - 1.3.6-1
- Update to 1.3.6
* Tue Nov 26 2013 Christopher Meng <rpm at cicku.me> - 1.3.5-1
- Update to 1.3.5
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use
su -c 'yum update lynis' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

More information about the package-announce mailing list