-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2010-1239 2010-02-18 16:56:05 --------------------------------------------------------------------------------
Name : lynis Product : Fedora 11 Version : 1.2.9 Release : 1.fc11 URL : http://www.rootkit.nl/projects/lynis.html Summary : Security and system auditing tool Description : Lynis is a security and system auditing tool. It scans a system on the most interesting parts useful for audits, like: - Security enhancements - Logging and auditing options - Banner identification - Software availability Lynis is released as a GPL licensed project and free for everyone to use. See http://www.rootkit.nl for a full description and documentation. -------------------------------------------------------------------------------- Update Information: New: - Support for Squid3 - Added Squid unsafe ports check [SQD-3624] - Added Squid configuration file permission check [SQD-3613] - Added Squid test: reply_body_max_size option [SQD-3630] - Added /etc/init.d/rc and /etc/init.d/rcS to umask test [AUTH-9328] - Check PHP option allow_url_include [PHP-2378] - Squid support added - Squid daemon detection [SQD-3602] - Squid configuration file search [SQD-3604] - Squid version detection [SQD-3606] - Check /etc/motd banner [BANN-7122] - Check /etc/issue.net file [BANN-7128] - Check contents in /etc/issue.net [BANN-7130] - Solaris single user mode login check (/etc/default/sulogin) [AUTH-9304] - HP-UX boot authentication check [AUTH-9306] - Linux single user mode authentication check [AUTH-9308] - Solaris account locking policy check [AUTH-9340] Changes: - Extended possible Squid configuration file locations - Added additional sysctl keys to default profile - Fixed typo in squid.conf checks - Improved descriptions, logging and reporting for several tests - Corrected /etc/security/limits.conf path in test [KRNL-5820] - Updated man page, limited lines to 80 chars - Added prerequisite to SSH test, so the test is skipped properly [SSH-7440] - Check for /etc/issue symlink [BANN-7124] - Added file check for possible harmful shells found [AUTH-9218] - Add user home directories to report [HOME-9302] - Extended Linux run level test with support for Debian/Ubuntu [KRNL-5622] - Added /lib64/security to PAM test [AUTH-9262] - Extended security repository check [PKGS-7388] - Iptables check should not check for a module in a Linux config [FIRE-4511] - Ignore APC ups daemon when scanning for CUPS [PRNT-2304] - Improved kernel logger daemon check [LOGG-2138] - Added auditctl to binary check [ACCT-9630] - Log used auditd ruleset [ACCT-9630] - Corrected logging of Solaris c2audit module [ACCT-9656] - Fixed warning function for Solaris passwordless accounts [AUTH-9254] - Commented kern.randompid in default profile - For sysctl the parameter -n will be used on Linux systems - Changed syslog daemon detection and state - Extended report file -------------------------------------------------------------------------------- ChangeLog: * Sat Jan 30 2010 Rakesh Pandit <[email protected]> - 1.2.9-1 - Updated to 1.2.9 * Mon Jun 8 2009 Rakesh Pandit <[email protected]> - 1.2.6-2 - fixed requires tag -------------------------------------------------------------------------------- References: [ 1 ] Bug #554001 - False positives + Update https://bugzilla.redhat.com/show_bug.cgi?id=554001 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update lynis' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/. All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list [email protected] https://admin.fedoraproject.org/mailman/listinfo/package-announce
