openSUSE-SU-2017:1595-1

Описание

This update for lynis fixes the following issues:

Lynis 2.5.1:

• Improved detection of SSL certificate files
• Minor changes to improve logging and results
• Firewall tests: Determine if CSF is in testing mode

The Update also includes changes from Lynis 2.5.0:

• CVE-2017-8108: symlink attack may have allowed arbitrary file overwrite or privilege escalation (boo#1043463)
• Deleted unused tests from database file
• Additional sysctls are tested
• Extended test with Symantec components
• Snort detection
• Snort configuration file

The update also includes Lynis 2.4.8 (Changelog from 2.4.1)

• More PHP paths added
• Minor changes to text
• Show atomic test in report
• Added FileInstalledByPackage function (dpkg and rpm supported)
• Mark Arch Linux version as rolling release (instead of unknown)
• Support for Manjaro Linux
• Escape files when testing if they are readable
• Code cleanups
• Allow host alias to be specified in profile
• Code readability enhancements
• Solaris support has been improved
• Fix for upload function to be used from profile
• Reduce screen output for mail section, unless --verbose is used
• Code cleanups and removed 'update release' command
• Colored output can now be tuned with profile (colors=yes/no)
• Allow data upload to be set as a profile option
• Properly detect SSH daemon version
• Generic code improvements
• Improved the update check and display
• Finish, Portuguese, and Turkish translation
• Extended support and tests for DragonFlyBSD
• Option to configure hostid and hostid2 in profile
• Support for Trend Micro and Cylance (macOS)
• Remove comments at end of nginx configuration
• Used machine ID to create host ID when no SSH keys are available
• Added detection of iptables-save to binaries

And Lynis 2.4.0

• Mainly improved support for macOS users
• Support for CoreOS
• Support for clamconf utility
• Support for chinese translation
• More sysctl values in the default profile
• New commands: 'upload-only', 'show hostids', 'show environment', 'show os'