Hello community, here is the log from the commit of package lynis for openSUSE:Factory checked in at 2015-05-15 07:43:38 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/lynis (Old) and /work/SRC/openSUSE:Factory/.lynis.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "lynis" Changes: -------- --- /work/SRC/openSUSE:Factory/lynis/lynis.changes 2015-02-18 12:09:04.000000000 +0100 +++ /work/SRC/openSUSE:Factory/.lynis.new/lynis.changes 2015-05-15 07:43:42.000000000 +0200 @@ -1,0 +2,24 @@ +Tue May 12 15:19:07 UTC 2015 - [email protected] + +- lynis 2.1.0: + * Screen output has been improved to provide additional information. + * Core dump check on Linux is extended to check for actual values as well. + * Software: + + McAfee detection has been extended by detecting a running cma binary. + + Security patch checking with zypper extended. + * Session timeout: + + Tests to determine shell time out setting have been extended + + determine also if variable is exported as a readonly variable. + + Related compliance section PCI DSS 8.1.8 has been extended. +- includes changes from Lynis 2.0.0: + * New feature: helpers + * docker build file audit helper + * Improved OS support + * support systemd, docker, nftables + * New parameters: + + --dump-options (see all options) + + --report-file (define a different location for the report file) +- use tarball supplied default.prf +- clean or silence rpmlint warnings + +------------------------------------------------------------------- Old: ---- default.prf lynis-1.6.4.tar.gz lynis-1.6.4.tar.gz.asc New: ---- lynis-2.1.0.tar.gz lynis-2.1.0.tar.gz.asc lynis-rpmlintrc ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ lynis.spec ++++++ --- /var/tmp/diff_new_pack.xY8ngH/_old 2015-05-15 07:43:43.000000000 +0200 +++ /var/tmp/diff_new_pack.xY8ngH/_new 2015-05-15 07:43:43.000000000 +0200 @@ -24,14 +24,13 @@ %define _dbdir %{_datadir}/lynis/db %define _bindir %{_prefix}/bin Name: lynis -Version: 1.6.4 +Version: 2.1.0 Release: 0 Summary: Security and System auditing tool License: GPL-3.0 Group: System/Monitoring Url: https://cisofy.com/lynis/ Source0: https://cisofy.com/files/%{name}-%{version}.tar.gz -Source1: default.prf Source2: tests_binary_rpath Source3: tests_file_permissionsDB Source4: tests_file_permissions_ww @@ -45,6 +44,7 @@ Source12: fileperms.db.openSUSE_12.2_x86_64 Source13: https://cisofy.com/files/%{name}-%{version}.tar.gz.asc Source14: https://cisofy.com/files/cisofy-software.pub#/%{name}.keyring +Source15: %{name}-rpmlintrc # PATCH-OPENSUSE-FIX -- [email protected] - modifying for openSUSE Patch0: %{name}_1.3.5_lynis.diff # PATCH-OPENSUSE-FIX -- [email protected] - modifying for openSUSE @@ -71,8 +71,6 @@ - Banner identification - Software availability -Lynis is released as a GPL licensed project and free for everyone to use. - %prep %setup -q -n %{name} %patch0 @@ -85,7 +83,7 @@ # Install Profile (default.prf) install -d %{buildroot}%{_sysconfdir}/%{name} -install -m 644 %{SOURCE1} %{buildroot}%{_sysconfdir}/%{name}/default.prf +install -m 644 default.prf %{buildroot}%{_sysconfdir}/%{name}/default.prf # install binary install -d %{buildroot}%{_bindir} install -d %{buildroot}%{_datadir}/%{name} @@ -113,19 +111,17 @@ install -pm 644 db/* %{buildroot}%{_dbdir} install -pm 644 %{SOURCE11} %{buildroot}%{_dbdir}/dbus-whitelist.db install -pm 644 %{SOURCE12} %{buildroot}%{_dbdir}/fileperms.db -#rm %{buildroot}%{_dbdir}/fileperms.db -#ln -s $(basename %{SOURCE11}) %{_dbdir}/dbus-whitelist.db -#ln -s $(basename %{SOURCE12}) %{_dbdir}/fileperms.db +#rm %%{buildroot}%%{_dbdir}/fileperms.db +#ln -s $(basename %%{SOURCE11}) %%{_dbdir}/dbus-whitelist.db +#ln -s $(basename %%{SOURCE12}) %%{_dbdir}/fileperms.db # pacify rpmlint -#rm %{buildroot}%{_includedir}/tests_filesystems.orig -#rm %{buildroot}%{_includedir}/osdetection.orig chmod +x %{buildroot}%{_pluginsdir}/custom_plugin.template %files %defattr(-,root,root) %{_bindir}/%{name} -%config %{_sysconfdir}/%{name}/default.prf +%config(noreplace) %{_sysconfdir}/%{name}/default.prf %{_dbdir}/* %{_includedir}/* %{_pluginsdir}/* @@ -136,7 +132,7 @@ %attr(640,root,root) %{_datadir}/%{name}/include/* %dir %{_datadir}/%{name}/plugins %doc CHANGELOG FAQ LICENSE README -%doc %{_mandir}/man8/%{name}.8.* +%{_mandir}/man8/%{name}.8.* %{_datadir}/%{name}/prepare_for_suse.sh %changelog ++++++ lynis-1.6.4.tar.gz -> lynis-2.1.0.tar.gz ++++++ ++++ 5024 lines of diff (skipped) ++++++ lynis-rpmlintrc ++++++ # lynis demands 640 on these scripts addFilter("non-executable-script /usr/share/lynis/include/[^ ]+ 0640L /bin/(ba|)sh") ++++++ lynis_1.3.1_include_consts.diff ++++++ --- /var/tmp/diff_new_pack.xY8ngH/_old 2015-05-15 07:43:43.000000000 +0200 +++ /var/tmp/diff_new_pack.xY8ngH/_new 2015-05-15 07:43:43.000000000 +0200 @@ -2,11 +2,11 @@ =================================================================== --- include/consts.orig +++ include/consts -@@ -72,6 +72,7 @@ unset LANG - CHKROOTKITBINARY="" - CHKCONFIGBINARY="" +@@ -78,6 +78,7 @@ unset LANG + CUSTOM_URL_APPEND="" + CUSTOM_URL_PREPEND="" FILEVALUE="" + FILE_NUM_TOTAL=0 FIND="" FOUNDPATH=0 - GRPCKBINARY="" + GREPBINARY="grep" ++++++ lynis_1.3.5_lynis.diff ++++++ --- /var/tmp/diff_new_pack.xY8ngH/_old 2015-05-15 07:43:43.000000000 +0200 +++ /var/tmp/diff_new_pack.xY8ngH/_new 2015-05-15 07:43:43.000000000 +0200 @@ -2,14 +2,19 @@ =================================================================== --- lynis.orig +++ lynis -@@ -707,7 +707,9 @@ +@@ -744,7 +744,14 @@ webservers ssh snmp databases ldap php squid logging \ insecure_services banners scheduling accounting \ time crypto virtualization mac_frameworks file_integrity hardening_tools tooling \ - malware file_permissions homedirs kernel_hardening hardening" -+ malware file_permissions file_permissionsDB homedirs kernel_hardening hardening \ -+ system_dbus users_wo_password binary_rpath tmp_symlinks file_permissions_ww \ -+ system_proc network_allowed_ports" - else - INCLUDE_TESTS="${TESTS_CATEGORY_TO_PERFORM}" - logtext "Info: only performing tests from categories: ${TESTS_CATEGORY_TO_PERFORM}" ++ malware file_permissions homedirs kernel_hardening hardening \ ++ system_dbus \ ++ users_wo_password \ ++ binary_rpath \ ++ tmp_symlinks \ ++ file_permissions_ww \ ++ system_proc \ ++ network_allowed_ports" + else + INCLUDE_TESTS="${TESTS_CATEGORY_TO_PERFORM}" + logtext "Info: only performing tests from categories: ${TESTS_CATEGORY_TO_PERFORM}" ++++++ lynis_1.3.6_include-osdetection.diff ++++++ --- /var/tmp/diff_new_pack.xY8ngH/_old 2015-05-15 07:43:43.000000000 +0200 +++ /var/tmp/diff_new_pack.xY8ngH/_new 2015-05-15 07:43:43.000000000 +0200 @@ -2,7 +2,7 @@ =================================================================== --- include/osdetection.orig +++ include/osdetection -@@ -303,7 +303,7 @@ +@@ -301,7 +301,7 @@ OS_NAME="${LINUX_VERSION}" fi # If Linux version (full name) is unknown, use uname value
