Lynis 2.3.3
Lynis 2.3.3 (2016-08-23)
Upgrade note
Customized profiles that included sysctl settings need to be altered. See
default.prf for the correct format of the lines.
Additions
- OpenStack detection
- Option to disable automatic refresh of software repository
Languages
- Japanese translation added, contributed by Yukio Takahara
Fixes
- Some tests did not show a warning text
- Typo in man page for tests-from-group
Parameters
- New --bin-dirs to define binary directories to scan
- New option --root-dir to specify a different file system to scan
Nginx
- Rewrite of configuration parsing
PHP
- Support for PHP 5.6
Redis
- Redis test to detect configuration files
- Test Redis configuration for several best practices
- Perform permission check on Redis configuration files
Experimental features (in development)
- --bin-dirs - set what directories should be scanned for binaries
- --root-dir - define the root of the file system, to allow forensics
Settings
- Many settings have a new alias (with dashes instead underscores)
- New setting 'show-report-solution' to show solution in report
Functions
- ExitFatal can now exit program with optional text
- IsNotebook can detect if system is a notebook (or not)
- ShowSymlinkPath and FileIsReadable test for at least one argument
- StoreNginxSettings will save parsed nginx configuration
Tests
- BOOT-5108 - Support for Syslinux bootloader
- DBS-1882 - Redis configuration detection
- DBS-1884 - Redis 'requirepass' check
- DBS-1886 - Redis 'rename-command CONFIG' check
- DBS-1888 - Redis 'bind localhost' check
- FILE-6374 - Improved logging
- KRNL-5830 - Improved logging for detected Linux kernels
- KRNL-6000 - Support for multiple profiles and new format style
- LOGG-2190 - Ignore MySQL files in /tmp from early MySQL 5.x releases
- LOGG-2192 - New test to check opened log files that are empty
Lynis Enterprise integration
- Tag 'redis-server' is added for systems running Redis