Lynis – Auditing tool for Unix/Linux v1.3.5

Lynis is an auditing tool for Unix/Linux. It performs a security scan and determines the hardening state of the machine. Any detected security issues will be provided in the form of a suggestion or warning. Beside security related information it will also scan for general system information, installed packages and possible configuration errors.

This software aims in assisting automated auditing, hardening, software patch management, vulnerability and malware scanning of Unix/Linux based systems. It can be run without prior installation, so inclusion on read only storage is possible (USB stick, cd/dvd).

Lynis assists auditors in performing Basel II, GLBA, HIPAA, PCI DSS and SOx (Sarbanes-Oxley) compliance audits.

Intended audience:

Security specialists, penetration testers, system auditors, system/network managers.

Examples of audit tests:

  • Available authentication methods
  • Expired SSL certificates
  • Outdated software
  • User accounts without password
  • Incorrect file permissions
  • Configuration errors
  • Firewall auditing

Change log

New:
– OS detection for Mageia Linux, PCLinuxOS, Sabayon Linux and Scientific Linux
– Added some initial systemd support (e.g. boot services)
– Test to display if any known MAC framework is implemented [MACF-6290]

Changes:
– Improved support for Slackware Linux (OS and version detection)
– Added systemd support (boot and running services) for Linux systems [BOOT-5177]
– Added systemd support (default runlevel) for Linux systems [KRNL-5622]
– Extended USB storage check in modprobe.d directory [STRG-1840]
– Improved output, reporting and check for kernel update [KRNL-5788]
– Optimized code and output of test to check writable scripts [BOOT-5184]
– Fixed detection for writable scripts [BOOT-5184]
– Improved detection IPv6 addresses for Slackware and others [NETW-3008]
– Minor addition to SSH PermitRootLogin check [SSH-7412]
– Extended cronjob tests, reporting and logging [SCHD-7704]
– Extended umask check in /etc/profile [AUTH-9328]
– Added suggestion about BIND version [NAME-4210]
– Merged test NTP daemon test TIME-3108 into TIME-3104
– Improved support for Arch Linux (output, detection)
– Extended common list of directories with SSL certifcates in profile
– New function GetHostID() to determine an unique identifier of the machine
– Added a tests_custom file template
– Perform file permissions test on tests_custom file
– Improved OS detection and extended logging on several tests
– Several layout improvements
– Extended update check functions and output
– Cleaned up reporting and extended it with exceptions

Credit: ToolsWatch

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s