LogoopenSUSE Build Service > Projects
Sign Up | Log In

View File lynis.changes of Package lynis (Project security)

-------------------------------------------------------------------
Tue May 12 15:19:07 UTC 2015 - astieger@suse.com

- lynis 2.1.0:
  * Screen output has been improved to provide additional information.
  * Core dump check on Linux is extended to check for actual values as well.
  * Software:
    + McAfee detection has been extended by detecting a running cma binary.
    + Security patch checking with zypper extended.
  * Session timeout:
    + Tests to determine shell time out setting have been extended
    + determine also if variable is exported as a readonly variable.
    + Related compliance section PCI DSS 8.1.8 has been extended.
- includes changes from Lynis 2.0.0:
  * New feature: helpers
  * docker build file audit helper
  * Improved OS support
  * support systemd, docker, nftables
  * New parameters:
    + --dump-options (see all options)
    + --report-file (define a different location for the report file)
- use tarball supplied default.prf
- clean or silence rpmlint warnings 

-------------------------------------------------------------------
Tue Feb 17 12:32:20 UTC 2015 - astieger@suse.com

- lynis 1.6.4:
  * New:
    + Boot loader detection for AIX 
    + Detection of getcap and lsvg binary
    + Added filesystem_ext to report
    + Detect rootsh
  * Changes:
    + Hide errors when RPM database is faulty and show suggestion instead 
    + Allow OpenBSD to gather information on listening network ports 
    + Don't trigger warning for Shellshock when doing segfault test 
    + Do not run Apache test on OpenBSD and strip control chars 
    + Extended AIDE test with configuration validation test 
    + Improved Shellshock test regarding non-Linux support 
    + Added support for gathering volume groups on AIX 
    + Properly parse PAM lines and add them to report 
    + Support for boot loader detection on OpenBSD 
    + Added uptime detection for OpenBSD systems 
    + Support for volume groups on AIX 
    + Redirect errors when searching for readlink binary
- includes changes from 1.6.3:
  * New:
    + Added tests for Shellshock bash vulnerability 
    + Added test to determine if Snoopy is used 
    + New test for qdaemon configuration file 
    + Test for GRUB boot loader password 
    + New test for qdaemon printer jobs 
    + Added ClamXav test for Mac OS X 
    + Gentoo vulnerable packages test 
    + New test for qdaemon status 
    + Gentoo package listing 
    + Running Lynis without root permissions will start non-privileged scan
    + Systemd service and timer example file added
    + Added grub2-install to binaries
  * Changes:
    + Adjustments so insecure SSL protocols are detected in nginx config 
    + Directories will be skipped when searching for nginx log files 
    + Only gather unique name servers from /etc/resolv.conf 
    + Properly detect mod_evasive on Gentoo and others 
    + Improved swap partition detection in /etc/fstab 
    + Improvements to kernel detection (e.g. Gentoo) 
    + Test for built-in security options in YUM 
    + Improved boot loader detection for GRUB2 
    + Split GRUB test into two tests 
    + Added Mac OS uptime check 
    + Improved GetHostID function for systems having only ip binary
    + Improved testing for symlinked binary directories
    + Minor adjustments to log output
    + Renamed dev directory to extras
- verify source signature
- adjust permissions of items in /usr/share/lynis/include/consts
  to match those requested by main executable
- run spec_cleaner


-------------------------------------------------------------------
Sun Nov 16 00:39:00 UTC 2014 - Led <ledest@gmail.com>

- fix bashisms in scripts

-------------------------------------------------------------------
Wed Sep 24 16:36:21 UTC 2014 - citypw@gmail.com

- Upgrade to version 1.6.2
- Remove files:
  * lynis_1.3.7_include-test-filesystem.diff( already fixed)
  * lynis-1.3.9.tar.gz 

-------------------------------------------------------------------
Thu Jan  9 18:45:44 UTC 2014 - saigkill@opensuse.org

- updated to version 1.3.9
- removed patch
  * lynis_1.3.6_include-test-kernel.diff (fixed upstream) 

-------------------------------------------------------------------
Wed Dec 11 20:14:06 UTC 2013 - saigkill@opensuse.org

- updated to version 1.3.7
- Changelog:
  * FileExists() and SearchItem() functions were added. The yum-security
    check and iptables binary check were improved, and the report was
    extended to show which tests have been executed or skipped
- updated patch
  * lynis_1.3.7_include-test-filesystem.diff 

-------------------------------------------------------------------
Tue Dec 10 18:46:14 UTC 2013 - saigkill@opensuse.org

- updated to version 1.3.6
- Removed patches (obsolete):
  * lynis_1.3.5_include_binaries.diff 

- Updated patches
  * lynis_1.3.6_include_osdetection.diff
  * lynis_1.3.6_include-test-kernel.diff

-------------------------------------------------------------------
Sun Nov 24 14:29:06 UTC 2013 - saigkill@opensuse.org

- updated to version 1.3.5

- Updated patches:
  o lynis_1.3.1_lynis.diff
  o lynis_1.3.1_include_binaries.diff
  o lynis_1.3.1_include-osdetection.diff
  o lynis_1.3.1_include-test-kernel.diff

- Removed patches (obsolete) 
  o lynis_1.3.1_include-test-databases.diff
  o lynis_1.3.1_include-test-storage.diff
  o lynis_1.3.1_include-test-homedirs.diff

-------------------------------------------------------------------
Fri Jun 21 12:22:08 UTC 2013 - thomas@suse.com

- fixed typo in prepare_for_suse.sh

-------------------------------------------------------------------
Fri Jan 25 09:40:52 UTC 2013 - thomas@suse.com

- fixed log message for dbus test
- fixed bash variable incrementation that sneaked in the code 

-------------------------------------------------------------------
Mon Jan 14 14:57:15 UTC 2013 - thomas@suse.com

- fixed tests_network_allowed_ports to increment index vars
  and not loop forever 

-------------------------------------------------------------------
Thu Jan 10 16:53:32 UTC 2013 - thomas@suse.com

- fixed test_homedirs 

-------------------------------------------------------------------
Thu Jan 10 16:46:02 UTC 2013 - thomas@suse.com

- some bugfixing for pathnames, didn't work with sudo
- improved default.prf by adding more sysctl vars
- fixed test_storage
- generated fileperm.db and dbus-whitelist for 12.2 

-------------------------------------------------------------------
Mon Dec 26 16:24:35 UTC 2011 - Sascha.Manns@open-slx.de

- fixed conflict in spec 

-------------------------------------------------------------------
Mon Dec 26 16:18:01 UTC 2011 - Sascha.Manns@open-slx.de

- updated to version 1.3.0
- from Changelog:
- New:
 - Profile option: ignore_home_dir
 - TCP wrappers category added
 - Tooling category added
 - Initial extensions to support plugins in the future
 - Test for unpurged Debian packages [PKGS-7346]
 - Test for compiler permissions [HRDN-7222]
- Changes:
 - Converted all dates to ISO format and updated copyright lines
 - Correct suggestion for file integrity tool [FINT-4350]
 - Added hint when RPM list is empty on DPKG based systems [PKGS-7308]
 - Changed logging for /etc/security/limits.conf file [KRNL-5820]
 - Fixed incorrect warning for single user mode [AUTH-9308]
 - Improved output for stratum 16 time servers [TIME-3116]
 - Added suggestion and screen output for kernel hardening [KRNL-6000]
 - Screen layout optimalizations and log file improvements
 - Improved list/layout of scan options
 - Improved binary check for compilers
 - Added configuration option in scan profile (show_tool_tips, default
   true) 

-------------------------------------------------------------------
Thu Apr  7 15:57:31 UTC 2011 - thomas@novell.com

- added patch for apache2 and oracle detection 

-------------------------------------------------------------------
Fri Apr  1 22:00:13 UTC 2011 - saigkill@opensuse.org

- removed rpmlintrc and fixed non-executable-script 

-------------------------------------------------------------------
Sun Dec 26 19:55:21 UTC 2010 - saigkill@opensuse.org

- prettyfied spec file
- NOTE: Please submit submitrequests to home:saigkill. This Package links to this Repository. 

-------------------------------------------------------------------
Fri Sep  3 05:41:52 UTC 2010 - thomas@novell.com

- fixed %files section to include /etc/lynis 

-------------------------------------------------------------------
Fri Sep  3 05:12:43 UTC 2010 - thomas@novell.com

- fixed %files section to reflect new default.prf location 

-------------------------------------------------------------------
Fri Sep  3 05:09:47 UTC 2010 - thomas@novell.com

- added permdir /root/.gnupg to default.prf 

-------------------------------------------------------------------
Fri Sep  3 05:04:03 UTC 2010 - thomas@novell.com

- copy default.prf to /etc/lynis/ instead of /etc/, otherwise
  lynis will not find it and hang 

-------------------------------------------------------------------
Thu Sep  2 11:32:50 UTC 2010 - thomas@novell.com

- added %{_datadir}/%{name}/prepare_for_suse.sh

-------------------------------------------------------------------
Thu Sep  2 10:56:55 UTC 2010 - thomas@novell.com

- adjusted patch and spec file to make it build 

-------------------------------------------------------------------
Wed Sep  1 12:30:43 UTC 2010 - thomas@novell.com

- put code from Matthias Weckbecker sec_check into lynis
- adjusted lynis for opensuse
- details:
  + tests_tmp_symlinks
  + tests_network_allowed_ports
  + tests_system_proc
  + tests_file_permissions_ww
  + tests_binary_rpath
  + tests_users_wo_password
  + tests_file_permissionsDB
  + tests_system_dbus

-------------------------------------------------------------------
Wed Dec 16 05:19:37 UTC 2009 - saigkill@opensuse.org

- updated to version 1.2.9
- added default.prf 

-------------------------------------------------------------------
Wed Dec  9 16:21:53 UTC 2009 - saigkill@opensuse.org

- update to 1.2.8 

-------------------------------------------------------------------
Mon Nov  2 18:16:38 UTC 2009 - saigkill@opensuse.org

- update to 1.2.7
- This release adds AIX Support and several new tests related to SSH, logging, databases and SMTP. Many minor issues are solved or improved. 

-----------------------------------------------------------------
Mon Apr  6 09:04:05 CEST 2009 - saigkill@opensuse.org

- update to 1.2.6
- This release has several new tests and test improvements, like a sudoers
  file permissions check, a core dumps configuration check for Linux, PHP
  tests, and an /etc/issue banner test.

-----------------------------------------------------------------
Sat Mar 28 10:27:12 CET 2009 - saigkill@opensuse.org

- update to 1.2.5
- This release adds 40+ new tests for services like Dovecot, 
  BIND, PowerDNS, SSH, Exim, and nginx

-----------------------------------------------------------------
Tue Mar 17 2009 20:32 CET - mrdocs@opensuse.org

- added 1.2.4 release
- This release adds more than 30 new tests, 
including NTP, auditd, PAM, NFS and ClamAV. 

------------------------------------------------------------------
Mon Mar 02 22:32 CET 2009 - mrdocs@opensuse.org

- 1.2.3 release see CHANGELOG for changes

-------------------------------------------------------------------
Thu Feb 26 14:16:35 CET 2009 - pgajdos@suse.cz

- removed patches:
  - passwd-args.patch
  - suppress-dpkg-error.patch
- source repacked gz -> bz2

-------------------------------------------------------------------
Sun Feb 17 2009 - mrdocs@opensuse.org

- 1.2.2 release - see CHANGELOG for changes

------------------------------------------------------------------
Mon Feb 16 03:15:44 CET 2009 - saigkill@opensuse.org 

- updated to Version 1.2.2

------------------------------------------------------------------
Wed Jan 07 12:00:00 CET 2009 - saigkill@opensuse.org

- fixed Rpmlint Errors
- branched for Contrib

------------------------------------------------------------------
Wed Nov 10 12:00:00 CET 2008 - saigkill@opensuse.org

- initial version using the buildservice