Lynis v1.6.2 Released

Lynis is an auditing tool which tests and gathers (security) information from Unix based systems. The audience for this tool are security and system auditors, network specialists and system maintainers.

Some of the (future) features and usage options:

System and security audit checks
File Integrity Assessment
System and file forensics
Usage of templates/baselines (reporting and monitoring)
Extended debugging features

This tool is tested or confirmed to work with at least: AIX, Linux, FreeBSD, OpenBSD, Mac OS X, Solaris. See website for the full list of tested operating systems.

Changelog v1.6.2 (2014-09-22)

New:

IsVirtualMachine function to check if system is running in VM.

VM types: Bochs CPU emulation, IBM z/VM, KVM, Linux Containers, libvirt LXC driver (Linux Containers), Microsoft Virtual PC, OpenVZ, Oracle VM VirtualBox, QEMU, Systemd Namespace container, User-Mode Linux (UML), VMware products, XEN.

Detection for SaltStack configuration management tooling
ShowSymlinkPath function to check path behind a symlink
Check of configuration options of pacman [PKGS-7314]
Support for drill binary to check for Lynis update
FileIsEmpty function to check for empty files
Detect updates for Arch Linux [PKGS-7312]
Add detection for machine ID (systemd)
Added linux_config_file to report
Bash completion script for Lynis
Added detection of ss binary

Changes:

Extended system reboot check, to enable it for most Linux versions[KRNL-5830]
Improved inetd test to avoid false positive with xinetd process [INSE-8002]
Permissions check has been adjusted to allow packaging and pentest mode
Added detection for compressed Linux config file [KRNL-5728]
Added support for compressed Linux config file [KRNL-5730]
Store PID file in home directory of the user, if needed
Added usage of ss to gather listening ports [NETW-3012]
Additional permission added to CUPS check [PRNT-2307]
Extended telnet in inetd test [INSE-8016]
Fix for reading at.deny file [SCHD-7720]
Removed individual warnings [BOOT-5184]
Several improvements for Arch Linux

Changelog v1.6.1 (2014-09-09)

New:

Added –pentest parameter to run a non-privileged scans (e.g. for pentesting)
Show skipped tests in report if they require root and scan is non-privileged

Changes:

Improved vulnerable packages test on Debian based systems (apt-check) [PKGS-7392]
Don’t show warnings for ‘swap’ in 4th column fstab file [FILE-6336]
Remove warning for old files in /tmp [FILE-6354]
CheckUpdates function will have better output when no connection is available
Changes to parameters and functions, to allow penetration tests with Lynis
Test for actual files in /etc/modprobe.d before grepping in it
Improved chown command when file permissions are incorrect
Changed output of update test, show when status is unknown
No scanning of symlinked directories (binaries test)
Extended SafePerms function to also check for UID
Several tests will have root-only bit set now
Improved netstat tests on Arch Linux