Lynis 2.3.3

Lynis 2.3.3 (2016-08-23)

Upgrade note

Customized profiles that included sysctl settings need to be altered. See
default.prf for the correct format of the lines.

Additions

• OpenStack detection
• Option to disable automatic refresh of software repository

Languages

• Japanese translation added, contributed by Yukio Takahara

Fixes

• Some tests did not show a warning text
• Typo in man page for tests-from-group

Parameters

• New --bin-dirs to define binary directories to scan
• New option --root-dir to specify a different file system to scan

Nginx

• Rewrite of configuration parsing

PHP

• Support for PHP 5.6

Redis

• Redis test to detect configuration files
• Test Redis configuration for several best practices
• Perform permission check on Redis configuration files

Experimental features (in development)

• --bin-dirs - set what directories should be scanned for binaries
• --root-dir - define the root of the file system, to allow forensics

Settings

• Many settings have a new alias (with dashes instead underscores)
• New setting 'show-report-solution' to show solution in report

Functions

• ExitFatal can now exit program with optional text
• IsNotebook can detect if system is a notebook (or not)
• ShowSymlinkPath and FileIsReadable test for at least one argument
• StoreNginxSettings will save parsed nginx configuration

Tests

• BOOT-5108 - Support for Syslinux bootloader
• DBS-1882 - Redis configuration detection
• DBS-1884 - Redis 'requirepass' check
• DBS-1886 - Redis 'rename-command CONFIG' check
• DBS-1888 - Redis 'bind localhost' check
• FILE-6374 - Improved logging
• KRNL-5830 - Improved logging for detected Linux kernels
• KRNL-6000 - Support for multiple profiles and new format style
• LOGG-2190 - Ignore MySQL files in /tmp from early MySQL 5.x releases
• LOGG-2192 - New test to check opened log files that are empty

Lynis Enterprise integration

• Tag 'redis-server' is added for systems running Redis