
================================================================================

  Lynis - Changelog

================================================================================

  Author:                   Michael Boelen (michael@rootkit.nl)
  Description:              Security and system auditing tool
  Website:                  http://www.rootkit.nl/projects/lynis.html
  Support policy:           See section 'Support' (README file)
  Documentation:            See web site, README, FAQ and CHANGELOG file

================================================================================

 **** Remarks ****
 
 --> Dates in this file are formatted as DD.MM.YYYY (European format)
 --> When applicable a test number is shown between square brackets

================================================================================

 * 1.1.7 (28.06.2008)
 
 New:
 - New test: check for unused iptables rules [FIRE-4513]
 - New test: checking for dead and zombie processes [PROC-3612]
 - New test: checking for heavy IO waiting processes [PROC-3614]
 - Initial HP-UX support (untested)
 - Initial AIX support (untested)
 - Added iptables binary check 
 - Added dig check, for DNS related tests
 - Added option --no-colors to remove all colors from screen output
 - Added option --reverse-colors for optimizing output at light backgrounds
   (Konsole, MacOS terminal etc)

 Changes:
 - Improved grpck test for SuSE [AUTH-9216]
 - Added dig availability check to DNS test [NETW-2704]
 - Bugfix: Fixed iptables test if the binary is not located in /sbin [FIRE-4512]
 - Bugfix: Improved yum-utils check to display suggestions correctly [PKGS-7384]
 - Bugfix: Fixed prequisits for grpck test [AUTH-9216]
 - Improved MySQL check [DBS-1804]
 - Changed color at chkconfig boot services test [BOOT-5177]
 - Added missing prequisits output to portaudit test [PKGS-7382]
 - Test output for FreeBSD mounts (UFS) improved [FILE-6329]
 - Extended OpenLDAP test to avoid finding itself in ps output [LDAP-2219]
 - Several tests have their warning reporting improved
 - Improved SuSE Linux detection
 - Improved syslog-ng detection
 - Adjusted README with link to online (extended) documentation 
  
 --

 * 1.1.6 (19.06.2008)
 
 New:
 - New test: Check writable startup scripts [BOOT-5184]
 - New test: Syslog-NG consistency check [LOGG-2134]
 - New test: Check yum-utils package and scanning package database [PKGS-7384]
 - New test: Test for empty ruleset when iptables is loaded [FIRE-4512] 
 - New test: Check for expired SSL certificates [CRYP-7902]
 - New test: Check for LDAP authentication support [AUTH-9238]
 - New test: Read available crontab/cron files [SCHD-7704]
 - New test: Query Solaris running zones [VIRT-1902]
 - New test: Check availability sudoers file for future tests [AUTH-9250]
 - New test: Query all home directories from passwd file [HOME-9302]
 - Syslog-NG support added (binary and version check)
 - Added new sections: Scheduling, Time and Synchronization, Virtualization
 
 Changes:
 - Extended several tests with suggestions and warnings
 - Extended GRUB test with GRUB2 check [BOOT-5121]
 - Extended iptables firewall test [FIRE-4511]
 - Fixed incorrect variable at Linux kernel config display [KRNL-5728]
 - Fixed display for file system test [FILE-6023]
 - Reassigned some ID's to match others in category
 - Improvement of several logging sections and profile options
 - Assigned ID to Ubuntu security update check
 - Assigned ID to pwck test for Solaris [AUTH-9230]
 - Assigned ID to FreeBSD unused distfiles check [PKGS-7348]
 - Assigned ID to RPM package query test [PKGS-7308]
 - Assigned ID to /tmp sticky bit test [FILE-6362]
 - Assigned ID to old temporary files check [FILE-6354]
 - Assigned ID to passwd ID 0 test [AUTH-9204]
 - Assigned ID to FreeBSD swap partitions [FILE-6332]
 - Assigned ID to FreeBSD swap mount options [FILE-6336]
 - Assigned ID to nameserver tests [NETW-2704 and NETW-2705]
 - Assigned ID to pf consistency check [FIRE-4520]
 - Assigned ID to Postfix configuration check [MAIL-8816]
 - Assigned ID to Postfix banner check [MAIL-8818]
 - Assigned ID to FreeBSD promiscuous port test [NETW-3014]
 - Assigned ID to file permissions check [FILE-7524]
 
 --

 * 1.1.5 (10.06.2008)
 
 New:
 - Assigned ID to Apache configuration file test [HTTP-6624] 
 - Added pause_between_tests to profile file, to regulate the speed of a scan
 - Assigned ID to dpkg test and solved issue with colon in package names [PKG-7345]
 - Assigned ID to Solaris package test [PKG-7306]
 - New test: which gathers virtual hosts from Apache configuration files [HTTP-6626]
 - New test: read all loaded kernel modules (Linux) [KRNL-5726]
 - New test: query available FreeBSD network interfaces [NETW-3004]
 - New test: query available IPv4 and IPv6 network addresses [NETW-3008]
 - New test: for MAC addresses [NETW-3006]
 - New test: check if a Linux kernel configuration file is available [KRNL-5728]
 - New test: check boot services for Debian/Ubuntu [BOOT-5180]
 - Added Lynx, Nmap, Wget version to log file
 - Added support for Oracle enterprise Linux (Unbreakable Linux)
 - Added new function ReportWarning for better logging to report file
 
 Changes:
 - Improved FreeBSD pkg_info output, logging output and report data [PKG-7302]
 - Changed shell history file test, searching files with maxdepth 1 [HOME-9310]
 - Extended iptables test, to check Linux kernel configuration file [FIRE-4511]
 - Added report warning to promicuous test [NETW-3014]
 - Fixed yellow color when being used at text display
 - Several logging improvements and cleanups
 
 --

 * 1.1.4 (31.05.2008)
 
 New:
 - Added option to disable Lynis upgrade availability test (profile option)
 - Added new option --check-update, to display (update) information
 - Added stub for malware and file permissions database
 - New section 'LDAP Services'
 - Support for OpenLDAP added
 - Place holders for new tests are added
 - Default profile extended
 - [FILE-6023] Added test for Linux ext2, ext3, ext4 file systems
 - [BOOT-5155] Added check for YABOOT boot loader

 Changes:
 - [BANN-7119] Improved MOTD banner check
 - Improved Apache tests for SuSE and Debian systems
 - Debian/Ubuntu file tests improved
 - Extended man page
 
 --

 * 1.1.3 (21.05.2008)
 
 New:
 - Added security updates check for Fedora, RHEL 5.x, CentOS 5.x
 - Added Linux kernel version check
 - Most stable tests have an unique ID now
 - Skipped tests have their reason to skip logged
 - Added /etc/lynis/plugins to searchable plugin directory targets
 - Added Register() function, to handle tests, prerequisites and counter
 - Added new crypto tests
 - Added profile option "test_skip_always" to blacklist a specific test
  
 Changes:
 - Extended default profile location for FreeBSD
 - Extended accounting test to include pacct as well
 - Improved tests from categories: shells
 - Disabled skel tests
 - Several tests log their warnings into the report file now
 - Changed Linux default runlevel test
 - Extended man page

 Fixes:
 - Auditor name didn't get logged properly to report file.
 - Changed Debian/Ubuntu kernel update test, so it won't be tested on others
 - Exim test failed, due to using an incorrect variable name
 
 --

 * 1.1.2 (11.05.2008)
 
 New:
 - Added memory test for Solaris (tested on OpenSolaris)
 - Password file consistency check for Solaris
 - 32/64 bits OS mode check for Solaris
 - Added Slackware detection
 - Plugin support (see documentation)
 - Added monolithic/modular test for Linux kernels
 
 Changes:
 - Improved LILO test and removed double message
 - Fixed incorrect message when using --help parameter
 - Improved portaudit test (FreeBSD) to show unique packages only
 - Updated man page, FAQ, extended documention with plugin information
 - Added several php.ini file locations (MacOS X, OpenBSD, OpenSuSE)
 
 ** Special release notes [package/ports]: **
 - Added several default paths to check for usuable an INCLUDE directory. This
   should make packaging Lynis easier for downstream package providers.
 - When no profile is set, Lynis will check first /etc/lynis/default.prf,
   before setting default.prf (in current work directory) as profile to use.
 - New directory added to be installed for future versions: plugins

 --

 * 1.1.1 (13.04.2008)
 
 New:
 - Added Solaris package manager (pkginfo) to obtain installed packages
 - Added new option to profile to whitelist promiscuous interfaces (if_promisc)
 - Added vulnerable packages check for Debian/Ubuntu
 - Added package database consistency check for Debian/Ubuntu
 
 Changes:
 - Only perform boot.conf check for OpenBSD when running on i386
 - Changed RemovePIDFile to prevent incorrect file presence check (ie on OpenBSD)
 - Better OS detection and display output for Ubuntu systems
 - Improved text alignment (display) and logging
 - Commented out some of the default profile options
 - Updated FAQ, readme, man page
 
 Bug fixes:
 - Added missing space at OS detection function
 - Fixed /etc/group tests to ignore commented lines
 - Fixed sticky bit checking on /tmp, so it won't give incorrect results on
   SuSE/Debian systems
 
 --

 * 1.1.0 (09.04.2008)

 New:
 - Added test: default gateway (Linux/BSD)
 - Added boot tasks to report file (boottask)
 - Added vulnerable packages to report file (vulnerable_package)

 Changes:
 - Fixed some typos
 - Several improvements in log output
 - Changed display of operating system version (Linux)
 - Fixed PHP check

 -- 

 * 1.0.9 (24.03.2008)

 New: 
 - Added --quiet option (currently not 100% quiet yet)
 - Added a spec file to the project page (see web site)
 - Added small INSTALL document
  
 Changes:
 - Changed check for PHP (php.ini location)
 - Added available shells from /etc/shells to report file
 - Updated man page
 - Fixed option in main help window for --man option
 - Code improvement, splitting up sections to seperated files
 
 --

 * 1.0.8 (10.02.2008)
 
 New:
 - Added pf filter rule test
 - Added our PID to PID file
 - Added warnings, real users, mount points, total tests to report file

 Changes:
 - Changed Apache configuration file test
 - Changed old temporary files check
 - Changed test to include ubuntu security repository
 - Moved UID check to avoid PID creation as non root user
 - Moved most functions to seperated files and several code cleanups
 - Improved logging output
 - Extended FreeBSD (Copyright file) test
 - Changed indentation for many tests
 - Changed some typos in notice/warning messages
 
 --

 * 1.0.7 (28.01.2008)
 
 New:
 - Test: UFS mount point check (FreeBSD)
 - Test: Check swap partitions (FreeBSD)
 - Test: find old files in /tmp
 - Test: check presence iptables
 - Test: check CPU PAE/NX support (Linux)
 - Added profile options check
 - Added option to skip Debian security repository check (profile option)
 - Support for Red Hat and CentOS
 
 Changes:
 - Changed report log location to /var/log instead of current work directory
 - Changed --help (and -h) to display general help, instead of man page
 - Renamed -man option to --man
 - Extended profile file (see default.prf)
 - Cleaned up code (rewritten several parts of static code to dynamic
   functions)
 - Added more comments to the program, for curious auditors, developers and
   users. Also regrouped parts of text and cleaned useless white spaces.
 - General program output improved (spaces, indentation)
 - Logging extended
 - Updated lynis.spec file (contrib)
 - FAQ and README files extended and updated

 Bugfixes:
 - Changed postfix banner check (thanks to Henk Bokhoven for reporting)
 - Extended skel directory test, with -A (ls) option to check hidden files
   (used with most Linux variants)
 
 Development:
 - Added new mirror
 - Updated year number in program and support files
 - Added new function Display, to use indentation within lines
 - Added function RemovePIDFile before some exit routines, to clean up PID file
 - Extracted profile support, parameter support to seperated files
 - Created file tests_ports_packages for Ports and Packages
 - Deleted lynis.spec file, since it was not working and will be rewritten later
 
 --

 * 1.0.6 (26.12.2007)
 
 New:
 - Added Solaris real users test
 - Added hostname check
 
 Changes:
 - Added chkconfig binary test and changed related services test
 - Added 'xargs' to version checks, to replace unwanted chars
 - Added more breaks to log file.
 - Added sorting to rpm/dpkg listings
 - FAQ extended

 --

  * 1.0.5 (02.12.2007)
 
 New:
 - Test: unique group names
 - Test: unique group IDs
 - Added check for rpm, chkrootkit and rkhunter binary
 - Added function to cleanup at manual interrupt (INT)
 - Support added to run Lynis as cronjob (--cronjob)
 - Fedora support added
 - Added umask 027, to tighten up file permissions

 Changes:
 - Changed FreeBSD ttys test
 - Changed grpck test, to operate in read-only mode
 - Changed Postfix test, to check for mail_name value as well
 - Changed GPL line in script which said GPL v2
 - Extended README
 - Show latest update version, if available, at the end of the screen output
 - Lots of code cleanup (see Development)
 - Some log improvements
 - Changed date notation in changelog to preferred European format (with dots
   instead of slashes)
 
 Development:
 - New function (ShowResult) to avoid repeating the same result line
   within the script for standard status values
 - Moved program consts to file (include/consts)
 - Moved functions to file (include/functions)
 - Moved OS detection to file (include/osdetection)
 - Added NEVERBREAK to avoid user input (cronjob support)
  
 --

  * 1.0.4 (27.11.2007)
  
 New:
 - Test: query real system users (FreeBSD/Linux)
 - Added PID file usage, to warn for unclean program states.
 - Added SSHd version test
 
 Changes:
 - Updated documentation
 - Changed sticky bit test (/tmp), to skip symlinks
 - Changed /etc/motd test, to skip symlinks
 - More code cleanup
 - Logging extended and improved
 - Screen output slightly changed

 --

  * 1.0.3 (19.11.2007)
  
 New:
 - Added check for sockstat
 - Test: added test for GRUB and password option
 - Test: query listening ports (sockstat)
 
 Changes:
 - Fixed NTPd check (bug)
 - Extended help for 'double installed package' check (BSD systems, pkg_info)
 - Extended Debian kernel update check
 - Improved OpenBSD support
 - Improved Linux specific detection support (Cobalt, CPU Builders, Debian,
   E-Smith, Slackware, SuSE/OpenSuSE, Turbo Linux, Yellowdog and others)
 - Improved screen output
 - Extended logging, with status/impact flags
 - [Bugfix] chkconfig test improved
 - [Bugfix] Fixed sticky bit test at Debian
 - Extended documentation and changelog file
 
 --

  * 1.0.2 (15/11/2007)
  
 New:
 - Test: Added check for NTP daemon or client
 - Test: file permissions (profile option)
 - Added -Q (--quick) parameter, to run the program without needing user
   input after every few sections.
 
 Changes:
 - Extended documentation (README file) and performed spell check
 - Improved screen output (colors, parameter handling and display)
 - Cleaned up source code and fixed some bad typos
 - Added much more delimiter lines to logfile
 - Added version numbers to logfile for used binaries/tools
 - Updated list of parameters within Lynis help

 --

  * 1.0.1 (12.11.2007)

 New:
 - Test: check Exim configuration file location
 - Test: added memory check (/proc/meminfo)
 - Test: run grpck to check group files (if available)
 - Test: boot option check for OpenBSD boot loader
 - Test: check if pf (Software: firewall) is active
 - Test: check LILO password
 - Test: check presence of old distfiles (FreeBSD)
 - Added check for binaries: httpd, kldstat, openssl, (s)locate
 - Added version check for: exim, openssl
 - Added -V (--version) parameter, to show version number
 - Added breaks between tests

 Changes:
 - [bug] Changed skel directory check
 - Fixed display Apache configuration file
 
 --

  * 1.0.0 (08.11.2007)

 New:
 - Support for CentOS (Tested: 5 Final)
 - Support for Debian (Tested: 4.0)
 - Support for FreeBSD (Tested: 6.2)
 - Support for Mac OS X (Tested: 10.4)
 - Test: Apache (ServerTokens option)
 - Test: PHP (expose_php option)
 - Test: Postfix (smtpd_banner option)
 - Test: check valid shells
 - Test: query pkg_info/RPM based systems
 - Test: query pkg_info for double installed packages
 - Test: query chkprintcap (FreeBSD)
 - Test: scan binary directories
 - Test: check administrator accounts
 - Test: check permissions /etc/motd
 - Test: read nameservers from /etc/resolv.conf
 - Test: query nameservers and test connectivity
 - Test: check promiscuous interfaces (FreeBSD)
 - Test: check sticky bit on /tmp directory
 - Test: check debian.org security brance in /etc/apt/sources.list
 - Test: check kernel update on Debian
 - Test: query default Linux run level
 - Test: query chkconfig to see which services start at boot
 - Test  /etc/COPYRIGHT banner check for FreeBSD
 - Support for program parameters
 - Builtin integrity checks
 - Color enhanced output for readability
 - Support for profiles/templates
 - Report file creation (for reporting/monitoring)
 - Extended logfile creation (with system suggestions)
 - Added lynis.spec file for RPM creation
 - Created project page at website
 - Added documentation (README), ToDo list (TODO)
 - Man page lynis(8)
 
 Changes:
 - No changes
 
 Bugfixes:
 - No bugfixes


================================================================================
 Lynis - Copyright 2007-2008, Michael Boelen - The Netherlands
 http://www.rootkit.nl

