head 1.4; access; symbols pkgsrc-2026Q1:1.4.0.2 pkgsrc-2026Q1-base:1.4 pkgsrc-2025Q4:1.3.0.64 pkgsrc-2025Q4-base:1.3 pkgsrc-2025Q3:1.3.0.62 pkgsrc-2025Q3-base:1.3 pkgsrc-2025Q2:1.3.0.60 pkgsrc-2025Q2-base:1.3 pkgsrc-2025Q1:1.3.0.58 pkgsrc-2025Q1-base:1.3 pkgsrc-2024Q4:1.3.0.56 pkgsrc-2024Q4-base:1.3 pkgsrc-2024Q3:1.3.0.54 pkgsrc-2024Q3-base:1.3 pkgsrc-2024Q2:1.3.0.52 pkgsrc-2024Q2-base:1.3 pkgsrc-2024Q1:1.3.0.50 pkgsrc-2024Q1-base:1.3 pkgsrc-2023Q4:1.3.0.48 pkgsrc-2023Q4-base:1.3 pkgsrc-2023Q3:1.3.0.46 pkgsrc-2023Q3-base:1.3 pkgsrc-2023Q2:1.3.0.44 pkgsrc-2023Q2-base:1.3 pkgsrc-2023Q1:1.3.0.42 pkgsrc-2023Q1-base:1.3 pkgsrc-2022Q4:1.3.0.40 pkgsrc-2022Q4-base:1.3 pkgsrc-2022Q3:1.3.0.38 pkgsrc-2022Q3-base:1.3 pkgsrc-2022Q2:1.3.0.36 pkgsrc-2022Q2-base:1.3 pkgsrc-2022Q1:1.3.0.34 pkgsrc-2022Q1-base:1.3 pkgsrc-2021Q4:1.3.0.32 pkgsrc-2021Q4-base:1.3 pkgsrc-2021Q3:1.3.0.30 pkgsrc-2021Q3-base:1.3 pkgsrc-2021Q2:1.3.0.28 pkgsrc-2021Q2-base:1.3 pkgsrc-2021Q1:1.3.0.26 pkgsrc-2021Q1-base:1.3 pkgsrc-2020Q4:1.3.0.24 pkgsrc-2020Q4-base:1.3 pkgsrc-2020Q3:1.3.0.22 pkgsrc-2020Q3-base:1.3 pkgsrc-2020Q2:1.3.0.20 pkgsrc-2020Q2-base:1.3 pkgsrc-2020Q1:1.3.0.16 pkgsrc-2020Q1-base:1.3 pkgsrc-2019Q4:1.3.0.18 pkgsrc-2019Q4-base:1.3 pkgsrc-2019Q3:1.3.0.14 pkgsrc-2019Q3-base:1.3 pkgsrc-2019Q2:1.3.0.12 pkgsrc-2019Q2-base:1.3 pkgsrc-2019Q1:1.3.0.10 pkgsrc-2019Q1-base:1.3 pkgsrc-2018Q4:1.3.0.8 pkgsrc-2018Q4-base:1.3 pkgsrc-2018Q3:1.3.0.6 pkgsrc-2018Q3-base:1.3 pkgsrc-2018Q2:1.3.0.4 pkgsrc-2018Q2-base:1.3 pkgsrc-2018Q1:1.3.0.2 pkgsrc-2018Q1-base:1.3; locks; strict; comment @# @; 1.4 date 2026.03.23.19.12.51; author kim; state Exp; branches; next 1.3; commitid hGCloo1FsfG6j8zG; 1.3 date 2018.01.30.08.43.02; author sborrill; state Exp; branches; next 1.2; commitid lMQMX6DoyNsVpSoA; 1.2 date 2018.01.18.16.42.40; author sborrill; state Exp; branches; next 1.1; commitid MGT9GVrzWu7jsnnA; 1.1 date 2018.01.15.12.38.37; author sborrill; state Exp; branches; next ; commitid pJvgCIIcxhpCcYmA; desc @@ 1.4 log @lynis: Update to 3.1.6 Lynis 3.1.6 (2025-10-22) Added * Add notice to screen output if end-of-life state is unclear * Support for CachyOS, macOS Tahoe, and OpenMandriva Lx Changed * Releases are now considered to be old if they are 6 months or older * Removed generic suggestion for outdated/old Lynis release, instead show to screen output * Generic clarifications on variable usage for operating system and its version * Updated end-of-life database * Updated Japanese translation * For Debian and similar systems ignore kernel packages with 'rc' state * ACCT-9634 - Define default auditd log file location * FIRE-4586 - Also accept NFLOG as a logging target for iptables * MALW-3280 - Adjusted detection of Wazuh agent Lynis 3.1.5 (2025-07-29) Added * Support for OpenWrt * Bitdefender detection on Linux * Detection of openSUSE Tumbleweed-Slowroll Changed * Corrected detection of service manager SMF * Extended GetHostID function to allow HostID and HostID2 creation on OpenWrt * Check modules also under /usr/lib/modules.d Lynis 3.1.4 (2025-01-28) Changed * Update of translations: Portuguese * Add macOS Sequoia * Update of EOL database * Bugfix for using slashes in parameters (SafeInput function) * Simplified copyright line and meta data in files * Support for powerpc64le in authentication section * Don't show error "kadmin.local: unable to get default realm" Lynis 3.1.3 (2024-12-16) This release introduces additional documentation in the form of blog articles to support the (missing) control information on the website. Added * Detection of Buildroot, Fedora Linux Asahi Remix, Garden Linux, Peppermint OS * Support for blog posts and articles to enhance suggestions Changed * BOOT-5264 - Changed output of systemd-analyze test and added link * FILE-6398 - Test temporarily disabled as on modern kernels JDB support is built-in * FIRE-4508 - Several changes to expand the test, make it more generic, resolve minor issues * KRNL-5622 - Test if systemctl binary is set * Several improvements for busybox * Update of translations: Italian, Russian, Spanish Lynis 3.1.2 (2024-09-26) Added * Detection of ALT Linux * Detection of Athena OS * Detection of Container-Optimized OS from Google * Detection of Koozali SME Server * Detection of Nobara Linux * Detection of Open Source Media Center (OSMC) * Detection of PostmarketOS * CRYP-7932 - macOS FileVault encryption test * FILE-6398 - Check if JBD (Journal Block Device) driver is loaded * FINT-4344 - Wazuh system running state * PKGS-7305 - Query macOS Apps in /Applications and CoreServices * File added: .editorconfig, which is used by editors to standardize formatting Changed * Correction of software EOL database and inclusion of AIX entries * Support sysctl value perf_event_paranoid -> 2|3 * Update of translations: German, Portuguest, Turkish * Grammar and spell improvements * Improved package detection on Alpine Linux * Slackware support to check installed packges (functionPackageIsInstalled()) * Added words prosecute/report to LEGAL_BANNER_STRINGS * Busybox support: Replace newer tr command syntax with older ascii specific operations * Added Wazuh as a malware scanner/antivirus and rootkit detection tool * Updated PHP versions and removed PHP 5 (deprecated) * AUTH-9262 - Corrected message with advised PAM libary (libpam-passwdqc) * CONT-8104 - Checking for errors, not only warning in docker info output * DBS-1826 - PostgreSQL detection improved for AlmaLinux, Rocky Linux, and FreeBSD * FILE-6344 - Test kernel version (major/minor) * INSE-8000 - Added inetd package and service name used in ubuntu 24.04 * KRNL-5622 - Use systemctl get-default instead of following link * KRNL-5820 - Accept ulimit with -H parameter also * LOGG-2144 - Check for wazuh-agent presence on Linux systems * MACF-6234 - Test if semanage binary is available * MALW-3200 - ESET Endpoint Antivirus added * MALW-3280 - McAfee Antivirus for Linux deprecated * MALW-3291 - Check if Microsoft Defender Antivirus is installe * NETW-3200 - Added regex to allow both /bin/true as /bin/false * PKGS-7303 - Added version numbers to brew packages * PKGS-7370 - Cron job check for debsums improved * PKGS-7392 - Improved filtering of apt-check output (Ubuntu 24.04 may give an error) * PKGS-7410 - Added kernel name for Hardkernel odroid XU4 Lynis 3.1.1 (2024-03-17) Added * Detection of ArcoLinux Changed * DBS-1882 - Redis configuration file path added for FreeBSD (/usr/local/etc/redis.conf) * DBS-1882 - Check /snap directory location for Redis configuration file Lynis 3.1.0 (2024-03-11) Added * Translation: Indonesian Changed * MALW-3280 - Correction to detect com.avast.daemon * OS detection added for Guix System, macOS Ventura (13.x)/Sonoma (14.x), NXP LSDK, OpenEmbedded "nodistro", and The Yocto Projects distro "Poky" * Updated Amazon Linux EOL dates and addition of Amazon Linux 2023 * STATUS_NOT_ACTIVE variable added to translation files * End-of-life dates updated * Fixing missing or erroneous test number comments * Detection of SentinelOne corrected * Wazuh for file integrity and tooling * Updated parsing output of arch-audit * Added support for SentinelOne detection * Replacing deprecated option -i for xargs * Path detection for PostgreSQL improved Lynis 3.0.9 (2023-08-03) Changed * DBS-1820 - Added newer style format for Mongo authorization setting * FILE-6410 - Locations added for plocate * SSH-7408 - Only test Compression if sshd version < 7.4 * Improved fetching timestamp * Minor changes such as typos Lynis 3.0.8 Added * MALW-3274 - Detect McAfee VirusScan Command Line Scanner * PKGS-7346 Check Alpine Package Keeper (apk) * PKGS-7395 Check Alpine upgradeable packages * EOL for Alpine Linux 3.14 and 3.15 Changed * AUTH-9408 - Check for pam_faillock as well (replacement for pam_tally2) * FILE-7524 - Test enhanced to support symlinks * HTTP-6643 - Support ModSecurity version 2 and 3 * KRNL-5788 - Only run relevant tests and improved logging * KRNL-5820 - Additional path for security/limits.conf * KRNL-5830 - Check for /var/run/needs_restarting (Slackware) * KRNL-5830 - Add a presence check for /boot/vmlinuz * PRNT-2308 - Bugfix that prevented test from storing values correctly * Extended location of PAM files for AARCH64 * Some messages in log improved Lynis 3.0.7 (2022-01-18) Added * MALW-3290 - Show status of malware components * OS detection for RHEL 6 and Funtoo Linux * Added service manager openrc Changed * DBS-1804 - Added alias for MariaDB * FINT-4316 - Support for newer Ubuntu versions * MALW-3280 - Added Trend Micro malware agent * NETW-3200 - Allow unknown number of spaces in modprobe blacklists * PKGS-7320 - Support for Garuda Linux and arch-audit * Several improvements for busybox shell * Russian translation of Lynis extended Lynis 3.0.6 (2021-07-22) Added * OS detection: Artix Linux, macOS Monterey, NethServer, openSUSE MicroOS * Check for outdated translation files Changed * DBS-1826 - Check if PostgreSQL is being used * DBS-1828 - Test multiple PostgreSQL configuration file(s) * KRNL-5830 - Sort kernels by version instead of modification date * PKGS-7410 - Don't show exception for systems using LXC * GetHostID function: fallback options added for Linux systems * Fix: macOS Big Sur detection * Fix: show correct text when egrep is missing * Fix: variable name for PostgreSQL * German and Spanish translations extended Lynis 3.0.5 (2021-07-02) Added * OS detection of Arch Linux 32, BunsenLabs Linux, and Rocky Linux * CRYP-8006 - Check MemoryOverwriteRequest bit to protect against cold-boot attacks (Linux) Changed * ACCT-9622 - Corrected typo * HRDN-7231 - When calling wc, use the short -l flag instead of --lines (Busybox compatibility) * PKGS-7320 - extended to Arch Linux 32 * Generation of host identifiers (hostid/hostid2) extended * Linux host identifiers are now using ip as preferred input source * Improved logging in several areas Lynis 3.0.4 (2021-05-11) Added * ACCT-9670 - Detection of cmd tooling * ACCT-9672 - Test cmd configuration file * BOOT-5140 - Check for ELILO boot loader presence * OS detection of AlmaLinux, Garuda Linux, Manjaro (ARM), and others Changed * BOOT-5104 - Add service manager detection support for runit * FILE-6430 - Report suggestion only when at least one kernel module is not in the blacklist * FIRE-4540 - Corrected nftables empy ruleset test * LOGG-2138 - Do not check for klogd when metalog is being used * TIME-3185 - Improved support for Debian stretch * Corrected issue when Lynis is not executed directly from lynis directory Lynis 3.0.3 (2021-01-07) Added * HRDN-7231 - Check for registered non-native binary formats * OS detection of Parrot GNU/Linux Changed * DBS-1816 - Force test to check only password authentication * KRNL-5677 - Support for NetBSD * Bugfix: command 'configure settings' did not work as intended Lynis 3.0.2 (2020-12-24) Added * AUTH-9284 - Scan for locked user accounts in /etc/passwd * LOGG-2153 - Loghost configuration * TOOL-5130 - Check for active Suricata daemon * OS detection of Flatcar, IPFire, Mageia, NixOS, ROSA Linux, SLES (extended), Void Linux, Zorin OS * OS detection of OpenIndiana (Hipster and Legacy), Shillix, SmartOS, Tribblix, and others * EOL dates for Alpine, macOS, Mageia, OmniosCE, and Solaris 11 * Support for Solaris svcs (service manager) * Enumeration of Solaris services Changed * ACCT-9626 - Detect sysstat systemd unit * AUTH-9230 - Only fail if both SHA_CRYPT_MIN_ROUNDS and SHA_CRYPT_MAX_ROUNDS are undefined * BOOT-5184 - Support for Solaris * KRNL-5830 - Improved reboot test by ignoring known bad values * KRNL-5830 - Ignore rescue kernel such as on CentOS systems * KRNL-5830 - Detection of Alpine Linux kernel * NETW-2400 - Compatibility change for hostname check * NETW-3012 - Support for Solaris * PKGS-7410 - Don't show exception if no kernels were found on the disk * TIME-3185 - Supports now checking files at multiple locations (systemd) * ParseNginx function: Support include on absolute paths * ParseNginx function: Ignore empty included wildcards * Set 'RHEL' as OS_NAME for Red Hat Enterprise Linux * HostID: Use first e1000 interface and break after match * Translations extended and updated * Test if pgrep exists before using it * Better support for busybox shell * Small code enhancements Lynis 3.0.1 (2020-10-05) Added * Detection of Alpine Linux * Detection of CloudLinux * Detection of Kali Linux * Detection of Linux Mint * Detection of macOS Big Sur (11.0) * Detection of Pop!_OS * Detection of PHP 7.4 * Malware detection tool: Microsoft Defender ATP * New flag: --slow-warning to allow tests more time before showing a warning * Test TIME-3185 to check systemd-timesyncd synchronized time * rsh host file permissions Changed * AUTH-9229 - Added option for LOCKED accounts and bugfix for older bash versions * BOOT-5122 - Presence check for grub.d added * CRYP-7902 - Added support for certificates in DER format * CRYP-7931 - Added data to report * CRYP-7931 - Redirect errors (e.g. when swap is not encrypted) * FILE-6430 - Don't grep nonexistant modprobe.d files * FIRE-4535 - Set initial firewall state * INSE-8312 - Corrected text on screen * KRNL-5728 - Handle zipped kernel configuration correctly * KRNL-5830 - Improved version detection for non-symlinked kernel * MALW-3280 - Extended detection of BitDefender * TIME-3104 - Find more time synchronization commands * TIME-3182 - Corrected detection of time peers * Fix: hostid generation routine would sometimes show too short IDs * Fix: language detection * Generic improvements for macOS * German translation updated * End-of-life database updated * Several minor code enhancements Assets 2 Loading Uh oh! There was an error while loading. [162]Please reload this page. All reactions Lynis 3.0.0 Major release with security fixes. See CHANGELOG for all details. Lynis 2.7.5 (2019-06-24) Added * Danish translation * Slackware end-of-life information * Detect BSD-style (rc.d) init in Linux systems * Detection of Bro and Suricata (IDS) Changed * Corrected end-of-life entries for CentOS 5 and 6 * AUTH-9204 - change name to check in /etc/passwd file for QNAP devices * AUTH-9268 - AIX enhancement to use correct find statement * FILE-6310 - Filter on correct field for AIX * NETW-3012 - set ss command as preferred option for Linux and changed output format * List of PHP ini file locations has been extended * Removed several pieces of the code as part of cleanup and code health * Extended help Lynis 2.7.4 (2019-04-21) This is a bigger release than usual, including several new tests created by Capashenn (GitHub). It is a coincidence that it is released exactly one month after the previous version and on Easter. No easter eggs, only improvements! Added * FILE-6324 - Discover XFS mount points * INSE-8000 - Installed inetd package * INSE-8100 - Installed xinetd package * INSE-8102 - Status of xinet daemon * INSE-8104 - xinetd configuration file * INSE-8106 - xinetd configuration for inactive daemon * INSE-8200 - Usage of TCP wrappers * INSE-8300 - Presence of rsh client * INSE-8302 - Presence of rsh server * Detect equery binary detection * New 'generate' command Changed * AUTH-9278 - Test LDAP in all PAM components on Red Hat and other systems * PKGS-7410 - Add support for DPKG-based systems to gather installed kernel packages * PKGS-7420 - Detect toolkit to automatically download and apply upgrades * PKGS-7328 - Added global Zypper option --non-interactive * PKGS-7330 - Added global Zypper option --non-interactive * PKGS-7386 - Only show warning when vulnerable packages were discovered * PKGS-7392 - Skip test for Zypper-based systems * Minor changes to improve text output, test descriptions, and logging * Changed CentOS identifiers in end-of-life database * AIX enhancement for IsRunning function * Extended PackageIsInstalled function * Improve text output on AIX systems * Corrected lsvg binary detection Lynis 2.7.3 (2019-03-21) Added * Detection for Lynis being scheduled (e.g. cronjob) Changed * HTTP-6624 - Improved logging for test * KRNL-5820 - Changed color for default fs.suid_dumpable value * LOGG-2154 - Adjusted test to search in configuration file correctly * NETW-3015 - Added support for ip binary * SQD-3610 - Description of test changed * SQD-3613 - Corrected description in code * SSH-7408 - Increased values for MaxAuthRetries * Improvements to allow tailored tool tips in future * Corrected detection of blkid binary * Minor textual changes and cleanups Lynis 2.7.2 (2019-03-07) Added * AUTH-9409 - Support for doas (OpenBSD) * AUTH-9410 - Test file permissions of doas configuration * BOOT-5117 - Support for systemd-boot boot loader added * BOOT-5177 - Simplify service filter and allow multiple dots in service names * BOOT-5262 - Check OpenBSD boot daemons * BOOT-5263 - Test permissions for boot files and scripts * Support for end-of-life detection of the operating system * New 'lynis show eol' command * Korean translation Changed * AUTH-9252 - Adds support for files in sudoers.d * AUTH-9252 - Test extended to check file and directory ownership * BOOT-5122 - Use NONE instead of WARNING if no password is set * FIRE-4540 - Modify test to better measure rules * KRNL-5788 - Resolve false positive warning on missing /vmlinuz * NETW-2704 - Ignore inline comments in /etc/resolv.conf * PKGS-7388 - Improve detection for security archive * RPi/Raspian path to PAM_FILE_LOCATIONS Lynis 2.7.1 (2019-01-30) Added * Support for macOS Mojave * Translation: Slovak Changed * AUTH-9282 - Improve support for Red Hat and clones * FIRE-4534 - Additional support for Hands Off!, LuLu, and Radio Silence * LOGG-2190 - Added MariaDB filter for deleted files (tested on CentOS) * SHLL-6230 - Add /etc/bash.bashrc.local to umask check * Removed shift statement that did not work on all operating systems * Minor cleanups and enhancements * Small improvements to logging Lynis 2.7.0 (2018-10-26) Added * MACF-6240 - Detection of TOMOYO binary * MACF-6242 - Status of TOMOYO framework * SSH-7406 - OpenSSH server version detection * TOOL-5160 - Check active OSSEC analysis daemon Changed * Changed several warning labels on screen * AUTH-9308 - More generic sulogin for systemd rescue.service * OS detection now ignores quotes for getting the OS ID. Lynis 2.6.9 (2018-09-19) Changed * Man page has been updated * Command 'lynis show options' provides up-to-date list * Option '--dump-options' is deprecated * Several options and commands have been extended with more examples * OS detection now supports openSUSE specific distribution names * Changed command output when using 'lynis audit system remote' * DBS-1882 - added /usr/local/redis/etc path and QNAP support * PKGS-7322 - updated solution text * KRNL-5788 - ignore exception when no vmlinuz file was discovered * TIME-3104 - extended logging for test Lynis 2.6.8 (2018-08-23) Changed * BOOT-5104 - improved parsing of boot parameters to init process * PHP-2372 - test all PHP files for expose_php and improved logging * Alpine Linux detection for Docker audit * Docker check now tests also for CMD, ENTRYPOINT, and USER configuration * Improved display in Docker output for showing which keys are used for signing Lynis 2.6.7 (2018-08-09) Changed * BOOT-5104 - Added busybox as a service manager * KRNL-5677 - Limit PAE and no-execute test to AMD64 hardware only * LOGG-2190 - Ignore /dev/zero and /dev/[aio] as deleted files * SSH-7408 - Changed classification of SSH root login with keys * Docker scan uses new format for maintainer value * New URL structure on CISOfy website implemented for Lynis controls Lynis 2.6.6 (2018-07-06) Improvements * New format of changelog ([174]https://keepachangelog.com/en/1.0.0/) * KRNL-5830 - improved log text about running kernel version Fixed * Under some condition no hostid2 value was reported * Solved 'extra operand' issue with tr command Lynis 2.6.5 (2018-06-26) Tests: * [MAIL-8804] - Exim configuration test * [NETW-2704] - Use FQDN to test status of a nameserver instead of own IP address * [SSH-7402] - Improved test to allow configurations with a Match block Lynis 2.6.4 (2018-05-02) Changes: * Several contributions merged, including grammar improvements * Initial support for Ubuntu 18.04 LTS * Small enhancements for usage Tests: * [AUTH-9308] - Made 'sulogin' more generic for systemd rescue shell * [DNS-1600] - Initial work on DNSSEC validation testing * [NETW-2704] - Added support for local resolver 127.0.0.53 * [PHP-2379] - Suhosin test disbled * [SSH-7408] - Removed 'DELAYED' from OpenSSH Compression setting * [TIME-3160] - Improvements to detect step-tickers file and entries Lynis 2.6.3 (2018-03-07) Changes: * Change in routine for host identifiers Tests: * [CRYP-7902] - Do prevalidation for certificates before testing them * [HRDN-7222] - Enhanced compiler permission test * [NAME-4402] - Improved test to filter out empty lines * [PKGS-7384] - Changes to detect yum-utils package and related tooling Plugins: * [PLGN-2680] - cron file permissions @ text @@@comment $NetBSD: PLIST,v 1.3 2018/01/30 08:43:02 sborrill Exp $ bin/lynis lib/lynis/db/control-links.db lib/lynis/db/fileperms.db lib/lynis/db/hints.db lib/lynis/db/integrity.db lib/lynis/db/languages/az lib/lynis/db/languages/br lib/lynis/db/languages/cn lib/lynis/db/languages/da lib/lynis/db/languages/de lib/lynis/db/languages/de-AT lib/lynis/db/languages/en lib/lynis/db/languages/en-GB lib/lynis/db/languages/en-US lib/lynis/db/languages/es lib/lynis/db/languages/fi lib/lynis/db/languages/fr lib/lynis/db/languages/gr lib/lynis/db/languages/he lib/lynis/db/languages/hu lib/lynis/db/languages/id lib/lynis/db/languages/it lib/lynis/db/languages/ja lib/lynis/db/languages/ko lib/lynis/db/languages/nb-NO lib/lynis/db/languages/nl lib/lynis/db/languages/nl-BE lib/lynis/db/languages/nl-NL lib/lynis/db/languages/pl lib/lynis/db/languages/pt lib/lynis/db/languages/ru lib/lynis/db/languages/se lib/lynis/db/languages/sk lib/lynis/db/languages/tr lib/lynis/db/malware-susp.db lib/lynis/db/malware.db lib/lynis/db/sbl.db lib/lynis/db/software-eol.db lib/lynis/db/tests.db lib/lynis/extras/README lib/lynis/extras/bash_completion.d/lynis lib/lynis/extras/build-lynis.sh lib/lynis/extras/check-lynis.sh lib/lynis/extras/files.dat lib/lynis/extras/lynis.spec lib/lynis/extras/openbsd/+CONTENTS lib/lynis/extras/systemd/lynis.service lib/lynis/extras/systemd/lynis.timer lib/lynis/extras/travis-ci/before_script.sh lib/lynis/include/binaries lib/lynis/include/consts lib/lynis/include/data_upload lib/lynis/include/functions lib/lynis/include/helper_audit_dockerfile lib/lynis/include/helper_configure lib/lynis/include/helper_generate lib/lynis/include/helper_show lib/lynis/include/helper_system_remote_scan lib/lynis/include/helper_update lib/lynis/include/osdetection lib/lynis/include/parameters lib/lynis/include/profiles lib/lynis/include/report lib/lynis/include/tests_accounting lib/lynis/include/tests_authentication lib/lynis/include/tests_banners lib/lynis/include/tests_boot_services lib/lynis/include/tests_containers lib/lynis/include/tests_crypto lib/lynis/include/tests_custom.template lib/lynis/include/tests_databases lib/lynis/include/tests_dns lib/lynis/include/tests_file_integrity lib/lynis/include/tests_file_permissions lib/lynis/include/tests_filesystems lib/lynis/include/tests_firewalls lib/lynis/include/tests_hardening lib/lynis/include/tests_homedirs lib/lynis/include/tests_insecure_services lib/lynis/include/tests_kerberos lib/lynis/include/tests_kernel lib/lynis/include/tests_kernel_hardening lib/lynis/include/tests_ldap lib/lynis/include/tests_logging lib/lynis/include/tests_mac_frameworks lib/lynis/include/tests_mail_messaging lib/lynis/include/tests_malware lib/lynis/include/tests_memory_processes lib/lynis/include/tests_nameservices lib/lynis/include/tests_networking lib/lynis/include/tests_php lib/lynis/include/tests_ports_packages lib/lynis/include/tests_printers_spoolers lib/lynis/include/tests_scheduling lib/lynis/include/tests_shells lib/lynis/include/tests_snmp lib/lynis/include/tests_squid lib/lynis/include/tests_ssh lib/lynis/include/tests_storage lib/lynis/include/tests_storage_nfs lib/lynis/include/tests_system_integrity lib/lynis/include/tests_time lib/lynis/include/tests_tooling lib/lynis/include/tests_usb lib/lynis/include/tests_virtualization lib/lynis/include/tests_webservers lib/lynis/include/tool_tips lib/lynis/plugins/README lib/lynis/plugins/custom_plugin.template man/man8/lynis.8 share/examples/lynis/default.prf share/examples/lynis/developer.prf @ 1.3 log @lynis: update to 2.6.1 Changes: -------- * Tests can have more than 1 required OS (e.g. Linux OR NetBSD) * Added 'system-groups' option to profile (Enterprise users) * Overhaul of default profile and migrate to new style (setting=value) * Show warning if old profile options are used * Improved detection of binaries * New group 'usb' for tests related to USB devices Tests: ------ * [FILE-6363] - New test for /var/tmp (sticky bit) * [MAIL-8802] - Added exim4 process name to improve detection of Exim * [NETW-3030] - Changed name of dhcp client name process and added udhcpc * [SSH-7408] - Restored UsePrivilegeSeparation * [TIME-3170] - Added chrony configuration file for NetBSD @ text @d1 1 a1 1 @@comment $NetBSD: PLIST,v 1.2 2018/01/18 16:42:40 sborrill Exp $ d3 1 d7 1 d10 1 d12 1 d22 1 d25 1 d34 1 d39 1 d57 1 d73 1 d81 1 d94 1 a94 1 lib/lynis/include/tests_printers_spools @ 1.2 log @lynis: update to 2.6.0 Changes: -------- * Binary paths are now sorted * Greek language added * systemd detection improved * VirtualBox detection extended * Several code enhancements Tests: ------ * [PHP-2379] - Small enhancement to resolve error on screen in some cases * [MALW-3280] - Improved detection for BitDefender tooling @ text @d1 1 a1 1 @@comment $NetBSD$ d94 1 @ 1.1 log @lynis: add 2.5.9 Lynis is an open source security auditing tool. Used by system administrators, security professionals, and auditors, to evaluate the security defenses of their Linux and Unix-based systems. It runs on the host itself, so it performs more extensive security scans than vulnerability scanners. @ text @d15 1 @