diff options
author | Kr1ss | 2020-12-29 02:25:30 +0100 |
---|---|---|
committer | Kr1ss | 2020-12-29 02:25:30 +0100 |
commit | 5f2c1b7740140bd20d3dd546e5b0f8f1463e94db (patch) | |
tree | 60495aa87b9b58171f53d762e465774f0c1efa8c | |
parent | 8c53d094e5607897a77a4f32a46efdf200d311ac (diff) | |
download | aur-5f2c1b7740140bd20d3dd546e5b0f8f1463e94db.tar.gz |
update: lynis3 3.0.2-1
upstream release
hat tip @MTibke for flagging the package
-rw-r--r-- | .SRCINFO | 10 | ||||
-rw-r--r-- | CHANGELOG.md | 75 | ||||
-rw-r--r-- | PKGBUILD | 4 |
3 files changed, 62 insertions, 27 deletions
@@ -1,6 +1,6 @@ pkgbase = lynis3 pkgdesc = Security and system auditing tool to harden Unix/Linux systems - pkgver = 3.0.1 + pkgver = 3.0.2 pkgrel = 1 url = https://cisofy.com/lynis changelog = CHANGELOG.md @@ -12,13 +12,13 @@ pkgbase = lynis3 optdepends = bind-tools: nameserver tests optdepends = iptables: firewall tests optdepends = bash-completion: completion for bash - provides = lynis=3.0.1 + provides = lynis=3.0.2 conflicts = lynis backup = etc/lynis/default.prf - source = https://downloads.cisofy.com/lynis/lynis-3.0.1.tar.gz - source = https://downloads.cisofy.com/lynis/lynis-3.0.1.tar.gz.asc + source = https://downloads.cisofy.com/lynis/lynis-3.0.2.tar.gz + source = https://downloads.cisofy.com/lynis/lynis-3.0.2.tar.gz.asc validpgpkeys = 73AC9FC55848E977024D1A61429A566FD5B79251 - sha512sums = e237984b404752bd0856e1cbb884d0191a1177023780d9d0f885538846e419fcb75302a33320ba41e5895cabca0ead094e1c49865677906e547e255b4f5aab41 + sha512sums = a23207a1f227f723b3f7a1d46ac84b3cc14b0ac1a9727f57ca3f6f112d1b62ade6e6f21983fb74570aa1209bce8c7b8395f91245309d616c22cd245103028031 sha512sums = SKIP pkgname = lynis3 diff --git a/CHANGELOG.md b/CHANGELOG.md index 0728f8c9d1f1..c14bb6d01fd1 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,39 @@ # Lynis Changelog +## Lynis 3.0.2 (2020-12-24) + +### Added +- AUTH-9284 - Scan for locked user accounts in /etc/passwd +- LOGG-2153 - Loghost configuration +- TOOL-5130 - Check for active Suricata daemon +- OS detection of Flatcar, IPFire, Mageia, NixOS, ROSA Linux, SLES (extended), Void Linux, Zorin OS +- OS detection of OpenIndiana (Hipster and Legacy), Shillix, SmartOS, Tribblix, and others +- EOL dates for Alpine, macOS, Mageia, OmniosCE, and Solaris 11 +- Support for Solaris svcs (service manager) +- Enumeration of Solaris services + +### Changed +- ACCT-9626 - Detect sysstat systemd unit +- AUTH-9230 - Only fail if both SHA_CRYPT_MIN_ROUNDS and SHA_CRYPT_MAX_ROUNDS are undefined +- BOOT-5184 - Support for Solaris +- KRNL-5830 - Improved reboot test by ignoring known bad values +- KRNL-5830 - Ignore rescue kernel such as on CentOS systems +- KRNL-5830 - Detection of Alpine Linux kernel +- NETW-2400 - Compatibility change for hostname check +- NETW-3012 - Support for Solaris +- PKGS-7410 - Don't show exception if no kernels were found on the disk +- TIME-3185 - Supports now checking files at multiple locations (systemd) +- ParseNginx function: Support include on absolute paths +- ParseNginx function: Ignore empty included wildcards +- Set 'RHEL' as OS_NAME for Red Hat Enterprise Linux +- HostID: Use first e1000 interface and break after match +- Translations extended and updated +- Test if pgrep exists before using it +- Better support for busybox shell +- Small code enhancements + +--------------------------------------------------------------------------------- + ## Lynis 3.0.1 (2020-10-05) ### Added @@ -21,7 +55,7 @@ - CRYP-7902 - Added support for certificates in DER format - CRYP-7931 - Added data to report - CRYP-7931 - Redirect errors (e.g. when swap is not encrypted) -- FILE-6430 - Don't grep nonexistant modprobe.d files +- FILE-6430 - Don't grep nonexistent modprobe.d files - FIRE-4535 - Set initial firewall state - INSE-8312 - Corrected text on screen - KRNL-5728 - Handle zipped kernel configuration correctly @@ -139,7 +173,7 @@ Using the relevant options, the scan will change base on the intended goal. - AUTH-9268 - Perform test also on DragonFly, FreeBSD, and NetBSD - AUTH-9282 - fix: temporary variable was overwritten - AUTH-9408 - added support for pam_tally2 to log failed logins -- AUTH-9489 - test removedd as it is merged with AUTH-9218 +- AUTH-9489 - test removed as it is merged with AUTH-9218 - BANN-7126 - additional words for login banner are accepted - BOOT-5122 - check for defined password in all GRUB configuration files - CONT-8106 - support newer 'docker info' output @@ -166,6 +200,7 @@ Using the relevant options, the scan will change base on the intended goal. - KRNL-5820 - extended check to include limits.d directory - KRNL-5830 - skip test partially when running non-privileged - KRNL-5830 - detect required reboots on Raspbian +- KRNL-6000 - check more sysctls - LOGG-2154 - added support for rsyslog configurations - LOGG-2190 - skip mysqld related entries - MACF-6234 - SELinux tests extended @@ -425,7 +460,7 @@ Tests: * [AUTH-9308] - Made 'sulogin' more generic for systemd rescue shell * [DNS-1600] - Initial work on DNSSEC validation testing * [NETW-2704] - Added support for local resolver 127.0.0.53 -* [PHP-2379] - Suhosin test disbled +* [PHP-2379] - Suhosin test disabled * [SSH-7408] - Removed 'DELAYED' from OpenSSH Compression setting * [TIME-3160] - Improvements to detect step-tickers file and entries @@ -672,7 +707,7 @@ Changes: * Renamed some variables to better indicate their purpose (counting, data type) * Removal of unused code and comments * Deleted unused tests from database file -* Correct levels of identation +* Correct levels of indentation * Support for older mac OS X versions (Lion and Mountain Lion) * Initialized variables for more binaries * Additional sysctls are tested @@ -1333,7 +1368,7 @@ Functions * AddSetting - New function to store settings (lynis show settings) * ContainsString - New function to search for a string in another one * Display - Added --debug, showing details on screen in debug mode - - Reset identation for lines which are too long + - Reset indentation for lines which are too long * DisplayToolTip - New function to display tooltips * IsDebug - Check for usage of --debug * IsDeveloperMode - Status for development and debugging (--developer) @@ -1406,7 +1441,7 @@ release. ------------ The biggest change in this release is the optimization of several functions. It allows for better detection, and dealing with the quirks, of every single -operating system. Some functions were fortified to handle unexcepted results +operating system. Some functions were fortified to handle unexpected results better, like missing a particular binary, or not returning the hostname. This release also enables tests to be shorter, by adding new functions. Some @@ -1684,7 +1719,7 @@ Added tests for CSF's lfd utility for integrity monitoring on directories and files. Related tests are FINT-4334 and FINT-4336. Added support for Chrony time daemon and timesync daemon. Additionally NTP -sychronization status is checked when it is enabled. +synchronization status is checked when it is enabled. Improved single user mode protection on the rescue.service file. @@ -2266,7 +2301,7 @@ Lynis 1.4.2 (2014-02-19) Changes: - Ignore interfaces aliases for HostID - Extended umask tests with pam_umask entries [AUTH-9328] - - Check for supressed version on Squid [SQD-3680] + - Check for suppressed version on Squid [SQD-3680] --------------------------------------------------------------------------------- @@ -2279,7 +2314,7 @@ Lynis 1.4.1 (2014-02-15) - Added 64 bits locations for Apache modules - Add start of new category to logfile - Extended sysstat test with /etc/cron.d/sysstat [ACCT-9626] - - Extended cron job tests with entries start with asterix (*) [SCHD-7704] + - Extended cron job tests with entries start with asterisk (*) [SCHD-7704] - Additional check for multiple umask entries (like RHEL 6.x) [AUTH-9328] - Adjusted PHP test for register_globals (explicit test) [PHP-2368] - Small adjustments for upcoming plugin support @@ -2406,7 +2441,7 @@ Lynis 1.3.6 (2013-12-03) - Adjusted PHP check to find ini files [PHP-2211] - Skip Apache test for NetBSD [HTTP-6622] - Skip test http version check for NetBSD [HTTP-6624] - - Additional check to supress sort error [HTTP-6626] + - Additional check to suppress sort error [HTTP-6626] - Improved the way binaries are checked (less disk reads) - Adjusted ReportWarning() function to skip impact rating - Improved report on screen by leaving out date/time and type @@ -2442,7 +2477,7 @@ Lynis 1.3.5 (2013-11-19) - Added suggestion about BIND version [NAME-4210] - Merged test NTP daemon test TIME-3108 into TIME-3104 - Improved support for Arch Linux (output, detection) - - Extended common list of directories with SSL certifcates in profile + - Extended common list of directories with SSL certificates in profile - New function GetHostID() to determine an unique identifier of the machine - Added a tests_custom file template - Perform file permissions test on tests_custom file @@ -2485,7 +2520,7 @@ Lynis 1.3.3 (2013-10-24) Lynis 1.3.2 (2013-10-09) New: - - Test for PowerDNS authoritive servers (master/slave status) [NAME-4238] + - Test for PowerDNS authoritative servers (master/slave status) [NAME-4238] Changes: - CUPS test extended with hardening rules [PRNT-2308] @@ -2532,7 +2567,7 @@ Lynis 1.3.0 (2011-12-25) - Fixed incorrect warning for single user mode [AUTH-9308] - Improved output for stratum 16 time servers [TIME-3116] - Added suggestion and screen output for kernel hardening [KRNL-6000] - - Screen layout optimalizations and log file improvements + - Screen layout optimizations and log file improvements - Improved list/layout of scan options - Improved binary check for compilers - Added configuration option in scan profile (show_tool_tips, default true) @@ -3095,7 +3130,7 @@ Lynis 1.1.5 (2008-06-10) - Improved FreeBSD pkg_info output, logging output and report data [PKG-7302] - Changed shell history file test, searching files with maxdepth 1 [HOME-9310] - Extended iptables test, to check Linux kernel configuration file [FIRE-4511] - - Added report warning to promicuous test [NETW-3014] + - Added report warning to promiscuous test [NETW-3014] - Fixed yellow color when being used at text display - Several logging improvements and cleanups @@ -3164,11 +3199,11 @@ Lynis 1.1.2 (2008-05-11) - Improved LILO test and removed double message - Fixed incorrect message when using --help parameter - Improved portaudit test (FreeBSD) to show unique packages only - - Updated man page, FAQ, extended documention with plugin information + - Updated man page, FAQ, extended documentation with plugin information - Added several php.ini file locations (MacOS X, OpenBSD, OpenSuSE) ** Special release notes [package/ports]: ** - - Added several default paths to check for usuable an INCLUDE directory. This + - Added several default paths to check for usable INCLUDE directory. This should make packaging Lynis easier for downstream package providers. - When no profile is set, Lynis will check first /etc/lynis/default.prf, before setting default.prf (in current work directory) as profile to use. @@ -3227,7 +3262,7 @@ Lynis 1.0.9 (2008-03-24) - Added available shells from /etc/shells to report file - Updated man page - Fixed option in main help window for --man option - - Code improvement, splitting up sections to seperated files + - Code improvement, splitting up sections to separated files --------------------------------------------------------------------------------- @@ -3243,7 +3278,7 @@ Lynis 1.0.8 (2008-02-10) - Changed old temporary files check - Changed test to include ubuntu security repository - Moved UID check to avoid PID creation as non root user - - Moved most functions to seperated files and several code cleanups + - Moved most functions to separated files and several code cleanups - Improved logging output - Extended FreeBSD (Copyright file) test - Changed indentation for many tests @@ -3287,7 +3322,7 @@ Lynis 1.0.7 (2008-01-28) - Updated year number in program and support files - Added new function Display, to use indentation within lines - Added function RemovePIDFile before some exit routines, to clean up PID file - - Extracted profile support, parameter support to seperated files + - Extracted profile support, parameter support to separated files - Created file tests_ports_packages for Ports and Packages - Deleted lynis.spec file, since it was not working and will be rewritten later @@ -3440,7 +3475,7 @@ Lynis 1.0.0 (2007-11-08) - Test: query nameservers and test connectivity - Test: check promiscuous interfaces (FreeBSD) - Test: check sticky bit on /tmp directory - - Test: check debian.org security brance in /etc/apt/sources.list + - Test: check debian.org security branch in /etc/apt/sources.list - Test: check kernel update on Debian - Test: query default Linux run level - Test: query chkconfig to see which services start at boot @@ -6,7 +6,7 @@ pkgname=lynis3 _pkgname="${pkgname%[0-9]*}" -pkgver=3.0.1 +pkgver=3.0.2 pkgrel=1 pkgdesc='Security and system auditing tool to harden Unix/Linux systems' @@ -26,7 +26,7 @@ optdepends=('net-tools: networking tests' changelog=CHANGELOG.md backup=("etc/$_pkgname/default.prf") source=("https://downloads.cisofy.com/$_pkgname/$_pkgname-$pkgver.tar.gz"{,.asc}) -sha512sums=('e237984b404752bd0856e1cbb884d0191a1177023780d9d0f885538846e419fcb75302a33320ba41e5895cabca0ead094e1c49865677906e547e255b4f5aab41' +sha512sums=('a23207a1f227f723b3f7a1d46ac84b3cc14b0ac1a9727f57ca3f6f112d1b62ade6e6f21983fb74570aa1209bce8c7b8395f91245309d616c22cd245103028031' 'SKIP') validpgpkeys=('73AC9FC55848E977024D1A61429A566FD5B79251') # CISOfy (Software Signing Key) <security@cisofy.com> |