Lynis 1.6.4 - Security auditing tool for Unix/Linux systems
Lynis is an open source security auditing tool. Primary goal is to help users with auditing and hardening
of Unix and Linux based systems. The software
is very flexible and runs on almost every Unix based system (including
Mac). Even the installation of the software itself is optional!
How it works
Lynis will perform hundreds of individual tests to determine
the security state of the system. Many of these tests are also part of
common security guidelines and standards. Examples
include searching for installed software and determine possible
configuration flaws. Lynis goes further and does also test individual
software components, checks related configuration
files and measures performance. After these tests, a scan report will
be displayed with all discovered findings.
Typical use cases for Lynis:
Typical use cases for Lynis:
- Security auditing
- Vulnerability scanning
- System hardening
Requirements:
Changelog:
New:
- Boot loader detection for AIX [BOOT-5102]
- Detection of getcap and lsvg binary
- Added filesystem_ext to report
- Detect rootsh
Changes:
- Hide errors when RPM database is faulty and show suggestion instead [PKGS-7308]
- Allow OpenBSD to gather information on listening network ports [NETW-3012]
- Don't trigger warning for Shellshock when doing segfault test [SHLL-6290]
- Do not run Apache test on OpenBSD and strip control chars [HTTP-6624]
- Extended AIDE test with configuration validation test [FIND-4314]
- Improved Shellshock test regarding non-Linux support [SHLL-6290]
- Added support for gathering volume groups on AIX [FILE-6311]
- Properly parse PAM lines and add them to report [AUTH-9264]
- Support for boot loader detection on OpenBSD [BOOT-5159]
- Added uptime detection for OpenBSD systems [BOOT-5202]
- Support for volume groups on AIX [FILE-6312]
- Redirect errors when searching for readlink binary
Privileged or non-privileged
New:
- Boot loader detection for AIX [BOOT-5102]
- Detection of getcap and lsvg binary
- Added filesystem_ext to report
- Detect rootsh
Changes:
- Hide errors when RPM database is faulty and show suggestion instead [PKGS-7308]
- Allow OpenBSD to gather information on listening network ports [NETW-3012]
- Don't trigger warning for Shellshock when doing segfault test [SHLL-6290]
- Do not run Apache test on OpenBSD and strip control chars [HTTP-6624]
- Extended AIDE test with configuration validation test [FIND-4314]
- Improved Shellshock test regarding non-Linux support [SHLL-6290]
- Added support for gathering volume groups on AIX [FILE-6311]
- Properly parse PAM lines and add them to report [AUTH-9264]
- Support for boot loader detection on OpenBSD [BOOT-5159]
- Added uptime detection for OpenBSD systems [BOOT-5202]
- Support for volume groups on AIX [FILE-6312]
- Redirect errors when searching for readlink binary
Lynis 1.6.4 - Security auditing tool for Unix/Linux systems
Reviewed by Zion3R
on
1:03 PM
Rating: