Lynis Versions Save

Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.

3.0.1

3 years ago

Lynis 3.0.1 (2020-10-05)

Added

  • Detection of Alpine Linux
  • Detection of CloudLinux
  • Detection of Kali Linux
  • Detection of Linux Mint
  • Detection of macOS Big Sur (11.0)
  • Detection of Pop!_OS
  • Detection of PHP 7.4
  • Malware detection tool: Microsoft Defender ATP
  • New flag: --slow-warning to allow tests more time before showing a warning
  • Test TIME-3185 to check systemd-timesyncd synchronized time
  • rsh host file permissions

Changed

  • AUTH-9229 - Added option for LOCKED accounts and bugfix for older bash versions
  • BOOT-5122 - Presence check for grub.d added
  • CRYP-7902 - Added support for certificates in DER format
  • CRYP-7931 - Added data to report
  • CRYP-7931 - Redirect errors (e.g. when swap is not encrypted)
  • FILE-6430 - Don't grep nonexistant modprobe.d files
  • FIRE-4535 - Set initial firewall state
  • INSE-8312 - Corrected text on screen
  • KRNL-5728 - Handle zipped kernel configuration correctly
  • KRNL-5830 - Improved version detection for non-symlinked kernel
  • MALW-3280 - Extended detection of BitDefender
  • TIME-3104 - Find more time synchronization commands
  • TIME-3182 - Corrected detection of time peers
  • Fix: hostid generation routine would sometimes show too short IDs
  • Fix: language detection
  • Generic improvements for macOS
  • German translation updated
  • End-of-life database updated
  • Several minor code enhancements

3.0.0

3 years ago

Major release with security fixes. See CHANGELOG for all details.

2.7.5

4 years ago

Lynis 2.7.5 (2019-06-24)

Added

  • Danish translation
  • Slackware end-of-life information
  • Detect BSD-style (rc.d) init in Linux systems
  • Detection of Bro and Suricata (IDS)

Changed

  • Corrected end-of-life entries for CentOS 5 and 6
  • AUTH-9204 - change name to check in /etc/passwd file for QNAP devices
  • AUTH-9268 - AIX enhancement to use correct find statement
  • FILE-6310 - Filter on correct field for AIX
  • NETW-3012 - set ss command as preferred option for Linux and changed output format
  • List of PHP ini file locations has been extended
  • Removed several pieces of the code as part of cleanup and code health
  • Extended help

2.7.4

5 years ago

Lynis 2.7.4 (2019-04-21)

This is a bigger release than usual, including several new tests created by Capashenn (GitHub). It is a coincidence that it is released exactly one month after the previous version and on Easter. No easter eggs, only improvements!

Added

  • FILE-6324 - Discover XFS mount points
  • INSE-8000 - Installed inetd package
  • INSE-8100 - Installed xinetd package
  • INSE-8102 - Status of xinet daemon
  • INSE-8104 - xinetd configuration file
  • INSE-8106 - xinetd configuration for inactive daemon
  • INSE-8200 - Usage of TCP wrappers
  • INSE-8300 - Presence of rsh client
  • INSE-8302 - Presence of rsh server
  • Detect equery binary detection
  • New 'generate' command

Changed

  • AUTH-9278 - Test LDAP in all PAM components on Red Hat and other systems
  • PKGS-7410 - Add support for DPKG-based systems to gather installed kernel packages
  • PKGS-7420 - Detect toolkit to automatically download and apply upgrades
  • PKGS-7328 - Added global Zypper option --non-interactive
  • PKGS-7330 - Added global Zypper option --non-interactive
  • PKGS-7386 - Only show warning when vulnerable packages were discovered
  • PKGS-7392 - Skip test for Zypper-based systems
  • Minor changes to improve text output, test descriptions, and logging
  • Changed CentOS identifiers in end-of-life database
  • AIX enhancement for IsRunning function
  • Extended PackageIsInstalled function
  • Improve text output on AIX systems
  • Corrected lsvg binary detection

2.7.3

5 years ago

Lynis 2.7.3 (2019-03-21)

Added

  • Detection for Lynis being scheduled (e.g. cronjob)

Changed

  • HTTP-6624 - Improved logging for test
  • KRNL-5820 - Changed color for default fs.suid_dumpable value
  • LOGG-2154 - Adjusted test to search in configuration file correctly
  • NETW-3015 - Added support for ip binary
  • SQD-3610 - Description of test changed
  • SQD-3613 - Corrected description in code
  • SSH-7408 - Increased values for MaxAuthRetries
  • Improvements to allow tailored tool tips in future
  • Corrected detection of blkid binary
  • Minor textual changes and cleanups

2.7.2

5 years ago

Lynis 2.7.2 (2019-03-07)

Added

  • AUTH-9409 - Support for doas (OpenBSD)
  • AUTH-9410 - Test file permissions of doas configuration
  • BOOT-5117 - Support for systemd-boot boot loader added
  • BOOT-5177 - Simplify service filter and allow multiple dots in service names
  • BOOT-5262 - Check OpenBSD boot daemons
  • BOOT-5263 - Test permissions for boot files and scripts
  • Support for end-of-life detection of the operating system
  • New 'lynis show eol' command
  • Korean translation

Changed

  • AUTH-9252 - Adds support for files in sudoers.d
  • AUTH-9252 - Test extended to check file and directory ownership
  • BOOT-5122 - Use NONE instead of WARNING if no password is set
  • FIRE-4540 - Modify test to better measure rules
  • KRNL-5788 - Resolve false positive warning on missing /vmlinuz
  • NETW-2704 - Ignore inline comments in /etc/resolv.conf
  • PKGS-7388 - Improve detection for security archive
  • RPi/Raspian path to PAM_FILE_LOCATIONS

2.7.1

5 years ago

Lynis 2.7.1 (2019-01-30)

Added

  • Support for macOS Mojave
  • Translation: Slovak

Changed

  • AUTH-9282 - Improve support for Red Hat and clones
  • FIRE-4534 - Additional support for Hands Off!, LuLu, and Radio Silence
  • LOGG-2190 - Added MariaDB filter for deleted files (tested on CentOS)
  • SHLL-6230 - Add /etc/bash.bashrc.local to umask check
  • Removed shift statement that did not work on all operating systems
  • Minor cleanups and enhancements
  • Small improvements to logging

2.7.0

5 years ago

Lynis 2.7.0 (2018-10-26)

Added

  • MACF-6240 - Detection of TOMOYO binary
  • MACF-6242 - Status of TOMOYO framework
  • SSH-7406 - OpenSSH server version detection
  • TOOL-5160 - Check active OSSEC analysis daemon

Changed

  • Changed several warning labels on screen
  • AUTH-9308 - More generic sulogin for systemd rescue.service
  • OS detection now ignores quotes for getting the OS ID.

2.6.9

5 years ago

Lynis 2.6.9 (2018-09-19)

Changed

  • Man page has been updated
  • Command 'lynis show options' provides up-to-date list
  • Option '--dump-options' is deprecated
  • Several options and commands have been extended with more examples
  • OS detection now supports openSUSE specific distribution names
  • Changed command output when using 'lynis audit system remote'
  • DBS-1882 - added /usr/local/redis/etc path and QNAP support
  • PKGS-7322 - updated solution text
  • KRNL-5788 - ignore exception when no vmlinuz file was discovered
  • TIME-3104 - extended logging for test

2.6.8

5 years ago

Lynis 2.6.8 (2018-08-23)

Changed

  • BOOT-5104 - improved parsing of boot parameters to init process
  • PHP-2372 - test all PHP files for expose_php and improved logging
  • Alpine Linux detection for Docker audit
  • Docker check now tests also for CMD, ENTRYPOINT, and USER configuration
  • Improved display in Docker output for showing which keys are used for signing