Hello community, here is the log from the commit of package lynis for openSUSE:Factory checked in at 2018-10-11 11:55:12 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/lynis (Old) and /work/SRC/openSUSE:Factory/.lynis.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "lynis" Thu Oct 11 11:55:12 2018 rev:30 rq:640827 version:2.6.9 Changes: -------- --- /work/SRC/openSUSE:Factory/lynis/lynis.changes 2018-09-24 13:12:24.369796768 +0200 +++ /work/SRC/openSUSE:Factory/.lynis.new/lynis.changes 2018-10-11 11:55:31.326018185 +0200 @@ -1,0 +2,13 @@ +Tue Oct 9 08:20:47 UTC 2018 - Robert Frohl <[email protected]> + +- update to 2.6.9 + * Man page has been updated + * Command 'lynis show options' provides up-to-date list + * Option '--dump-options' is deprecated + * Several options and commands have been extended with more examples + * OS detection now supports openSUSE specific distribution names + * Changed command output when using 'lynis audit system remote' + * added /usr/local/redis/etc path and QNAP support + * ignore exception when no vmlinuz file was discovered + +------------------------------------------------------------------- Old: ---- lynis-2.6.8.tar.gz lynis-2.6.8.tar.gz.asc New: ---- lynis-2.6.9.tar.gz lynis-2.6.9.tar.gz.asc ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ lynis.spec ++++++ --- /var/tmp/diff_new_pack.CpGXhH/_old 2018-10-11 11:55:33.294015682 +0200 +++ /var/tmp/diff_new_pack.CpGXhH/_new 2018-10-11 11:55:33.298015677 +0200 @@ -13,7 +13,7 @@ # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. -# Please submit bugfixes or comments via http://bugs.opensuse.org/ +# Please submit bugfixes or comments via https://bugs.opensuse.org/ # @@ -23,7 +23,7 @@ %define _pluginsdir %{_datadir}/lynis/plugins %define _dbdir %{_datadir}/lynis/db Name: lynis -Version: 2.6.8 +Version: 2.6.9 Release: 0 Summary: Security and System auditing tool License: GPL-3.0-only ++++++ lynis-2.6.8.tar.gz -> lynis-2.6.9.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lynis/CHANGELOG.md new/lynis/CHANGELOG.md --- old/lynis/CHANGELOG.md 2018-08-23 02:00:00.000000000 +0200 +++ new/lynis/CHANGELOG.md 2018-09-19 02:00:00.000000000 +0200 @@ -1,5 +1,21 @@ # Lynis Changelog +## Lynis 2.6.9 (2018-09-19) + +### Changed +- Man page has been updated +- Command 'lynis show options' provides up-to-date list +- Option '--dump-options' is deprecated +- Several options and commands have been extended with more examples +- OS detection now supports openSUSE specific distribution names +- Changed command output when using 'lynis audit system remote' +- DBS-1882 - added /usr/local/redis/etc path and QNAP support +- PKGS-7322 - updated solution text +- KRNL-5788 - ignore exception when no vmlinuz file was discovered +- TIME-3104 - extended logging for test + +--------------------------------------------------------------------------------- + ## Lynis 2.6.8 (2018-08-23) ### Changed diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lynis/include/consts new/lynis/include/consts --- old/lynis/include/consts 2018-08-23 02:00:00.000000000 +0200 +++ new/lynis/include/consts 2018-09-19 02:00:00.000000000 +0200 @@ -214,6 +214,7 @@ PSBINARY="ps" PSOPTIONS="" PUPPETBINARY="" + QNAP_DEVICE=0 READLINKBINARY="" REDIS_RUNNING=0 REFRESH_REPOSITORIES=1 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lynis/include/functions new/lynis/include/functions --- old/lynis/include/functions 2018-08-23 02:00:00.000000000 +0200 +++ new/lynis/include/functions 2018-09-19 02:00:00.000000000 +0200 @@ -496,11 +496,11 @@ INDENT=$1 ;; --result) - shift + shift $(( $# > 0 ? 1 : 0 )) RESULT=$1 ;; --text) - shift + shift $(( $# > 0 ? 1 : 0 )) TEXT=$1 ;; *) @@ -509,7 +509,7 @@ ;; esac # Go to next parameter - shift + shift $(( $# > 0 ? 1 : 0 )) done if [ -z "${RESULT}" ]; then @@ -2994,7 +2994,6 @@ ViewCategories() { for CATEGORY in ${TEST_AVAILABLE_CATEGORIES}; do echo "${CATEGORY}"; done - echo "" ExitClean } @@ -3009,13 +3008,11 @@ ################################################################################ ViewGroups() { - if [ ! "${INCLUDEDIR}" = "" ]; then - InsertSection "Available test groups" + if [ ! -z "${INCLUDEDIR}" ]; then for I in $(ls ${INCLUDEDIR}/tests_* | xargs -n 1 basename | sed 's/tests_//' | grep -v "custom.template"); do echo "${I}" done fi - echo "" ExitClean } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lynis/include/helper_audit_dockerfile new/lynis/include/helper_audit_dockerfile --- old/lynis/include/helper_audit_dockerfile 2018-08-23 02:00:00.000000000 +0200 +++ new/lynis/include/helper_audit_dockerfile 2018-09-19 02:00:00.000000000 +0200 @@ -61,17 +61,23 @@ FIND=$(grep "^FROM" ${AUDIT_FILE} | sed 's/ /:space:/g') for I in ${FIND}; do IMAGE=$(echo ${I} | sed 's/:space:/ /g' | awk '{ if ($1=="FROM") { print $2 }}') + TAG=$(echo ${IMAGE} | cut -d':' -f2) Display --indent 2 --text "Found image:" --result "${IMAGE}" IS_DEBIAN=$(echo ${IMAGE} | grep -i debian) IS_FEDORA=$(echo ${IMAGE} | grep -i fedora) IS_UBUNTU=$(echo ${IMAGE} | grep -i ubuntu) IS_ALPINE=$(echo ${IMAGE} | grep -i alpine) + IS_LATEST=$(echo ${TAG} | grep -i latest) if [ ! "${IS_DEBIAN}" = "" ]; then IMAGE="debian"; fi if [ ! "${IS_FEDORA}" = "" ]; then IMAGE="fedora"; fi if [ ! "${IS_UBUNTU}" = "" ]; then IMAGE="ubuntu"; fi if [ ! "${IS_ALPINE}" = "" ]; then IMAGE="alpine"; fi + + if [ ! "${IS_LATEST}" = "" ]; then + ReportWarning "dockerfile" "latest TAG used. Specifying the version is better." + fi case ${IMAGE} in "debian") diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lynis/include/helper_show new/lynis/include/helper_show --- old/lynis/include/helper_show 2018-08-23 02:00:00.000000000 +0200 +++ new/lynis/include/helper_show 2018-09-19 02:00:00.000000000 +0200 @@ -30,7 +30,7 @@ COMMANDS="audit configure show update upload-only" HELPERS="audit configure show update" -OPTIONS="--auditor\n--check-all (-c)\n--cronjob (--cron)\n--debug\n--developer\n--help (-h)\n--license-key\n--log-file\n--manpage (--man)\n--no-colors --no-log\n--pentest\n--profile\n--plugins-dir\n--quiet (-q)\n--quick (-Q)\n--report-file\n--reverse-colors\n--tests\n--tests-from-category\n--tests-from-group\n--upload\n--verbose\n--version (-V)\n--wait" +OPTIONS="--auditor\n--cronjob (--cron)\n--debug\n--developer\n--help (-h)\n--license-key\n--log-file\n--manpage (--man)\n--no-colors\n--no-log\n--pentest\n--profile\n--plugin-dir\n--quick (-Q)\n--quiet (-q)\n--report-file\n--reverse-colors\n--skip-plugins\n--tests\n--tests-from-category\n--tests-from-group\n--upload\n--verbose\n--version (-V)\n--wait\n--warnings-only" SHOW_ARGS="categories changelog commands dbdir details environment groups help hostids includedir language license logfile man options os pidfile plugindir profiles release releasedate report settings tests version workdir" SHOW_HELP="lynis show ${BROWN}categories${NORMAL} (display test categories) @@ -218,7 +218,7 @@ "details") if [ -z "${LOGFILE}" ]; then DisplayError "Could not find log file to parse"; fi if [ $# -eq 1 ]; then - DisplayError "This command needs a test ID (e.g. CORE-1000) to search for." + DisplayError "This command needs a test ID (e.g. CORE-1000) to search for. This command is used after a scan (lynis audit system). Run 'lynis show tests' to see all available tests." else shift if [ $# -eq 1 ]; then @@ -433,8 +433,8 @@ ${ECHOCMD} " lynis show ${BROWN}${ITEM}${NORMAL}" done ${ECHOCMD} "\n" - - ${ECHOCMD} "Use '$0 show commands show' for extended help about the show command" + ${ECHOCMD} "" + ${ECHOCMD} "Extended help about the show command can be provided with: $0 show commands show" fi diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lynis/include/osdetection new/lynis/include/osdetection --- old/lynis/include/osdetection 2018-08-23 02:00:00.000000000 +0200 +++ new/lynis/include/osdetection 2018-09-19 02:00:00.000000000 +0200 @@ -162,6 +162,19 @@ OS_VERSION=$(grep "^VERSION_ID=" /etc/os-release | awk -F= '{print $2}' | tr -d '"') OS_NAME="Ubuntu Linux" ;; + "opensuse-tumbleweed") + LINUX_VERSION="openSUSE Tumbleweed" + OS_FULLNAME=$(grep "^PRETTY_NAME=" /etc/os-release | awk -F= '{print $2}' | tr -d '"') + # It's rolling release but has a snapshot version (the date of the snapshot) + OS_VERSION=$(grep "^VERSION_ID=" /etc/os-release | awk -F= '{print $2}' | tr -d '"') + OS_NAME="openSUSE" + ;; + "opensuse-leap") + LINUX_VERSION="openSUSE Leap" + OS_FULLNAME=$(grep "^PRETTY_NAME=" /etc/os-release | awk -F= '{print $2}' | tr -d '"') + OS_VERSION=$(grep "^VERSION_ID=" /etc/os-release | awk -F= '{print $2}' | tr -d '"') + OS_NAME="openSUSE" + ;; *) Debug "Unknown OS found in /etc/os-release. Do you know what it is? Create an issue at ${PROGRAM_SOURCE}" ;; @@ -488,5 +501,13 @@ fi fi + # Specific checks for hardware + + # Detect if we are using a QNAP NAS + if [ -d /share/CACHEDEV1_DATA/.qpkg ]; then + QNAP_DEVICE=1 + fi + + #================================================================================ # Lynis - Security Auditing and System Hardening for Linux and UNIX - https://cisofy.com diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lynis/include/parameters new/lynis/include/parameters --- old/lynis/include/parameters 2018-08-23 02:00:00.000000000 +0200 +++ new/lynis/include/parameters 2018-09-19 02:00:00.000000000 +0200 @@ -60,8 +60,7 @@ shift; shift; shift # shift out first three arguments EXTRA_PARAMS="" if [ ! "$1" = "" ]; then EXTRA_PARAMS=" $@"; fi - # --quick is added to be non-interactive - REMOTE_COMMAND="./lynis audit system --quick${EXTRA_PARAMS}" + REMOTE_COMMAND="./lynis audit system" echo "" echo " How to perform a remote scan:" echo " =============================" @@ -235,6 +234,9 @@ for ITEM in ${OPTIONS}; do echo "${ITEM}" | tr '_' ' ' done + echo "This option is deprecated" + echo "Use: lynis show options" + ExitClean ;; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lynis/include/tests_databases new/lynis/include/tests_databases --- old/lynis/include/tests_databases 2018-08-23 02:00:00.000000000 +0200 +++ new/lynis/include/tests_databases 2018-09-19 02:00:00.000000000 +0200 @@ -259,7 +259,10 @@ if [ ${REDIS_RUNNING} -eq 1 ]; then PREQS_METS="YES"; else PREQS_MET="NO"; SKIPREASON="Redis not running"; fi Register --test-no DBS-1882 --weight L --network NO --preqs-met "${PREQS_MET}" --skip-reason "${SKIPREASON}" --category security --description "Redis configuration file" if [ ${SKIPTEST} -eq 0 ]; then - PATHS="${ROOTDIR}etc/redis ${ROOTDIR}usr/local/etc/redis" + PATHS="${ROOTDIR}etc/redis ${ROOTDIR}usr/local/etc/redis ${ROOTDIR}usr/local/redis/etc" + if [ ${QNAP_DEVICE} -eq 1 ]; then + PATHS="${PATHS} ${ROOTDIR}share/CACHEDEV1_DATA/.qpkg/QKVM/usr/etc/redis.conf" + fi ALLFILES=$(${LSBINARY} ${ROOTDIR}etc/redis.conf 2> /dev/null) FOUND=0 for DIR in ${PATHS}; do diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lynis/include/tests_filesystems new/lynis/include/tests_filesystems --- old/lynis/include/tests_filesystems 2018-08-23 02:00:00.000000000 +0200 +++ new/lynis/include/tests_filesystems 2018-09-19 02:00:00.000000000 +0200 @@ -52,7 +52,7 @@ if IsEmpty "${FIND}"; then LogText "Result: ${I} not found in mount list. Directory most likely stored on / file system" Display --indent 4 --text "- Checking ${I} mount point" --result "${STATUS_SUGGESTION}" --color YELLOW - ReportSuggestion ${TEST_NO} "To decrease the impact of a full ${I} file system, place ${I} on a separated partition" + ReportSuggestion ${TEST_NO} "To decrease the impact of a full ${I} file system, place ${I} on a separate partition" AddHP 9 10 else LogText "Result: found ${I} as a separated mount point" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lynis/include/tests_firewalls new/lynis/include/tests_firewalls --- old/lynis/include/tests_firewalls 2018-08-23 02:00:00.000000000 +0200 +++ new/lynis/include/tests_firewalls 2018-09-19 02:00:00.000000000 +0200 @@ -108,6 +108,7 @@ # Test : FIRE-4508 # Description : Check iptables chain policies # Notes : Suggestions are currently disabled, until related page and documentation is available + # TODO : grep -z is not supported on BusyBox if [ ! "${IPTABLESBINARY}" = "" -a ${IPTABLES_ACTIVE} -eq 1 ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi Register --test-no FIRE-4508 --preqs-met ${PREQS_MET} --os Linux --weight L --network NO --root-only YES --category security --description "Check used policies of iptables chains" if [ ${SKIPTEST} -eq 0 ]; then diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lynis/include/tests_kernel new/lynis/include/tests_kernel --- old/lynis/include/tests_kernel 2018-08-23 02:00:00.000000000 +0200 +++ new/lynis/include/tests_kernel 2018-09-19 02:00:00.000000000 +0200 @@ -370,11 +370,13 @@ if [ "${LINUX_VERSION}" = "Debian" -o "${LINUX_VERSION}" = "Ubuntu" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi Register --test-no KRNL-5788 --os Linux --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Checking availability new Linux kernel" if [ ${SKIPTEST} -eq 0 ]; then + HAS_VMLINUZ=0 LogText "Test: Searching apt-cache, to determine if a newer kernel is available" if [ -x ${ROOTDIR}usr/bin/apt-cache ]; then LogText "Result: found ${ROOTDIR}usr/bin/apt-cache" LogText "Test: checking readlink location of ${ROOTDIR}vmlinuz" if [ -f ${ROOTDIR}vmlinuz ]; then + HAS_VMLINUZ=1 FINDKERNFILE=$(readlink -f ${ROOTDIR}vmlinuz) LogText "Output: readlink reported file ${FINDKERNFILE}" LogText "Test: checking package from dpkg -S" @@ -395,9 +397,11 @@ if IsEmpty "${FINDINST}"; then Display --indent 2 --text "- Checking for available kernel update" --result "${STATUS_UNKNOWN}" --color YELLOW LogText "Result: Exception occurred, no output from apt-cache policy" - ReportException "${TEST_NO}:01" - LogText "Exception: apt-cache policy did not return an installed kernel version" - ReportSuggestion ${TEST_NO} "Check the output of apt-cache policy manually to determine why output is empty" + if [ ${HAS_VMLINUZ} -eq 1 ]; then + ReportException "${TEST_NO}:01" + ReportSuggestion ${TEST_NO} "Check the output of apt-cache policy to determine why its output is empty" + fi + LogText "Result: apt-cache policy did not return an installed kernel version" else if [ "${FINDINST}" = "${FINDCAND}" ]; then if [ -e /dev/grsec ]; then diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lynis/include/tests_ports_packages new/lynis/include/tests_ports_packages --- old/lynis/include/tests_ports_packages 2018-08-23 02:00:00.000000000 +0200 +++ new/lynis/include/tests_ports_packages 2018-09-19 02:00:00.000000000 +0200 @@ -330,7 +330,7 @@ Report "vulnerable_package[]=${ITEM}" AddHP 1 2 done - ReportWarning "${TEST_NO}" "Vulnerable packages found" "arch-audit has output" "text:Update packages with pacman -Suy" + ReportWarning "${TEST_NO}" "Vulnerable packages found" "arch-audit has output" "text:Run arch-audit to see the output, and when needed update the packages with pacman -Suy" fi fi # diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lynis/include/tests_time new/lynis/include/tests_time --- old/lynis/include/tests_time 2018-08-23 02:00:00.000000000 +0200 +++ new/lynis/include/tests_time 2018-09-19 02:00:00.000000000 +0200 @@ -102,14 +102,19 @@ FIND=$(${TIMEDATECTL} status | ${EGREPBINARY} "(NTP|System clock) synchronized: yes") if [ ! -z "${FIND}" ]; then # Check for systemd-timesyncd - if [ -f /etc/systemd/timesyncd.conf ]; then + if [ -f ${ROOTDIR}etc/systemd/timesyncd.conf ]; then + LogText "Result: found ${ROOTDIR}etc/systemd/timesyncd.conf" FOUND=1; NTP_DAEMON_RUNNING=1; NTP_CONFIG_TYPE_DAEMON=1; NTP_DAEMON="systemd-timesyncd" Display --indent 2 --text "- NTP daemon found: systemd (timesyncd)" --result "${STATUS_FOUND}" --color GREEN SYSTEMD_NTP_ENABLED=1 + else + LogText "Result: ${ROOTDIR}etc/systemd/timesyncd.conf does not exist" fi else LogText "Result: time sychronization not performed according timedatectl command" fi + else + LogText "Result: timedatectl command not available on this system" fi # Check crontab for OpenBSD/FreeBSD diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lynis/lynis new/lynis/lynis --- old/lynis/lynis 2018-08-23 02:00:00.000000000 +0200 +++ new/lynis/lynis 2018-09-19 02:00:00.000000000 +0200 @@ -35,10 +35,10 @@ PROGRAM_AUTHOR_CONTACT="[email protected]" # Version details - PROGRAM_RELEASE_DATE="2018-08-23" - PROGRAM_RELEASE_TIMESTAMP=1535019859 + PROGRAM_RELEASE_DATE="2018-09-19" + PROGRAM_RELEASE_TIMESTAMP=1537349608 PROGRAM_RELEASE_TYPE="final" # dev or final - PROGRAM_VERSION="2.6.8" + PROGRAM_VERSION="2.6.9" # Source, documentation and license PROGRAM_SOURCE="https://github.com/CISOfy/lynis"; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lynis/lynis.8 new/lynis/lynis.8 --- old/lynis/lynis.8 2018-08-23 02:00:00.000000000 +0200 +++ new/lynis/lynis.8 2018-09-19 02:00:00.000000000 +0200 @@ -1,4 +1,4 @@ -.TH Lynis 8 "13 Oct 2016" "1.26" "Unix System Administrator's Manual" +.TH Lynis 8 "27 Aug 2018" "1.27" "Unix System Administrator's Manual" .SH "NAME" @@ -16,12 +16,13 @@ .fi .SH "DESCRIPTION" -\fBLynis\fP is a security auditing tool for Linux, Mac OSX, and UNIX systems. It -checks the system and the software configuration, to see if there is any room for -improvement the security defenses. All details are stored in a log file. Findings -and other discovered data is stored in a report file. This can be used to compare -differences between audits. \fBLynis\fP can run interactively or as a cronjob. Root permissions (e.g. sudo) -are not required, however provide more details during the audit. +\fBLynis\fP is a security auditing tool for Linux, macOS, and other systems based +on UNIX. The tool checks the system and the software configuration, to see if +there is any room for improvement the security defenses. All details are stored +in a log file. Findings and other discovered data is stored in a report file. +This can be used to compare differences between audits. \fBLynis\fP can run +interactively or as a cronjob. Root permissions (e.g. sudo) are not required, +however provide more details during the audit. .PP The following system areas may be checked: .IP @@ -41,7 +42,7 @@ .IP "audit \<type\>" Perform an audit of the selected type .IP "show \<parameter\>" -Show varies information details like configuration and paths +Show information, such as configuration and paths .IP "update \<parameter\>" Perform activities regarding updating .IP "upload-only" @@ -59,20 +60,10 @@ .SH "OPTIONS" .TP -.B \-\-auditor <full name> -Define the name of the auditor/pen-tester. When a full name is used, add double +.B \-\-auditor <name> +Define the name of the auditor/pentester. When a full name is used, add double quotes, like "Your Name". .TP -.B \-\-checkall (or \-c) -\fBLynis\fP performs a full check of the system, printing out the results of -each test to stdout. Additional information will be saved into a log file -(default is /var/log/lynis.log). This option invokes scan mode "audit system". -.IP -In case the outcome of a scan needs to be automated, use the report file. -.TP -.B \-\-config -Show which settings file or profile is being used, then quit. -.TP .B \-\-cronjob Perform automatic scan with cron safe options (no colors, no questions, no breaks). @@ -83,22 +74,25 @@ .B \-\-developer Display developer information when creating tests. .TP -.B \-\-dump\-options -Show all available parameters. +.B \-\-help +Show available commands and most-used options. .TP .B \-\-logfile </path/to/logfile> Defines location and name of log file, instead of default /var/log/lynis.log. .TP +.B \-\-man +Show the man page. Useful for systems that do not have the man page installed. +.TP .B \-\-no\-colors -Do not use colors for messages, warnings and sections. +Disable colored output. .TP .B \-\-no\-log Redirect all logging information to /dev/null, prevent sensitive information to be written to disk. .TP .B \-\-pentest -Run a non-privileged scan, usually for penetration testing. Some of the tests -will be skipped if they require root permissions. +Run a non-privileged scan, usually used for penetration testing. Some of the +tests will be skipped if they require root permissions. .TP .B \-\-plugin\-dir </path/to/plugins> Define location where plugins can be found. @@ -125,19 +119,27 @@ Only run the specific test(s). When using multiple tests, add quotes around the line. .TP +.B \-\-tests\-from\-category "<category>" +Tests are only performed if they belong to the defined category. Use the command +'show categories' to determine all valid options. +.TP .B \-\-tests\-from\-group "<group>" -Only perform tests from particular group of tests. Use 'show groups' to determine -valid options. +Similar to \-\-tests\-from\-category. Only perform tests from a particular group. +Use 'show categories' to determine valid options. .TP .B \-\-upload -Upload data to Lynis Enterprise server. +Upload data to Lynis Enterprise server (profile option: upload=yes). +.TP +.B \-\-verbose +Show more details on screen, such as components that could not found. These +details are hidden by default. .TP .B \-\-wait Wait for user to continue. This adds a break after each section (opposed of \-\-quick). .TP .B \-\-warnings\-only -Run quietly, except warnings. +Run quietly, except show warnings. .RE .PP .RS @@ -182,7 +184,7 @@ Supporting documentation can be found via https://cisofy.com/support/ .SH "LICENSING" -Lynis is licensed as GPL v3. It was created by Michael Boelen in 2007. Development has been taken over by CISOfy. Plugins may have a different license. +Lynis is licensed as GPLv3. It was created by Michael Boelen in 2007. Development has been taken over by CISOfy. Plugins may have a different license. .SH "CONTACT INFORMATION" Support requests and project related questions can be addressed via e-mail: [email protected]. ++++++ lynis-rpmlintrc ++++++ --- /var/tmp/diff_new_pack.CpGXhH/_old 2018-10-11 11:55:33.458015474 +0200 +++ /var/tmp/diff_new_pack.CpGXhH/_new 2018-10-11 11:55:33.458015474 +0200 @@ -1,3 +1,4 @@ # lynis demands 640 on these scripts -addFilter("non-executable-script /usr/share/lynis/include/[^ ]+ 0640L /bin/(ba|)sh") - +addFilter("non-executable-script /usr/share/lynis/include/[^ ]+ 0?640L? /bin/(ba|)sh") +# identical translations +addFilter("files-duplicate /usr/share/lynis/db/languages/(en|nl|pt|br)") ++++++ lynis_1.3.6_include-osdetection.diff ++++++ --- /var/tmp/diff_new_pack.CpGXhH/_old 2018-10-11 11:55:33.474015454 +0200 +++ /var/tmp/diff_new_pack.CpGXhH/_new 2018-10-11 11:55:33.474015454 +0200 @@ -1,8 +1,8 @@ Index: include/osdetection =================================================================== ---- include/osdetection.orig 2018-01-26 18:04:07.704680628 +0100 -+++ include/osdetection 2018-01-26 18:04:19.468796573 +0100 -@@ -386,7 +386,7 @@ +--- include/osdetection.orig ++++ include/osdetection +@@ -399,7 +399,7 @@ OS_NAME="${LINUX_VERSION}" fi # If Linux version (full name) is unknown, use uname value
