pkgsrc-Changes archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
CVS commit: pkgsrc/security/lynis
Module Name: pkgsrc
Committed By: kim
Date: Mon Mar 23 19:12:51 UTC 2026
Modified Files:
pkgsrc/security/lynis: Makefile PLIST distinfo
pkgsrc/security/lynis/patches: patch-include_functions patch-lynis
Log Message:
lynis: Update to 3.1.6
Lynis 3.1.6 (2025-10-22)
Added
* Add notice to screen output if end-of-life state is unclear
* Support for CachyOS, macOS Tahoe, and OpenMandriva Lx
Changed
* Releases are now considered to be old if they are 6 months or older
* Removed generic suggestion for outdated/old Lynis release, instead
show to screen output
* Generic clarifications on variable usage for operating system and
its version
* Updated end-of-life database
* Updated Japanese translation
* For Debian and similar systems ignore kernel packages with 'rc'
state
* ACCT-9634 - Define default auditd log file location
* FIRE-4586 - Also accept NFLOG as a logging target for iptables
* MALW-3280 - Adjusted detection of Wazuh agent
Lynis 3.1.5 (2025-07-29)
Added
* Support for OpenWrt
* Bitdefender detection on Linux
* Detection of openSUSE Tumbleweed-Slowroll
Changed
* Corrected detection of service manager SMF
* Extended GetHostID function to allow HostID and HostID2 creation on
OpenWrt
* Check modules also under /usr/lib/modules.d
Lynis 3.1.4 (2025-01-28)
Changed
* Update of translations: Portuguese
* Add macOS Sequoia
* Update of EOL database
* Bugfix for using slashes in parameters (SafeInput function)
* Simplified copyright line and meta data in files
* Support for powerpc64le in authentication section
* Don't show error "kadmin.local: unable to get default realm"
Lynis 3.1.3 (2024-12-16)
This release introduces additional documentation in the form of blog
articles to support the (missing) control information on the website.
Added
* Detection of Buildroot, Fedora Linux Asahi Remix, Garden Linux,
Peppermint OS
* Support for blog posts and articles to enhance suggestions
Changed
* BOOT-5264 - Changed output of systemd-analyze test and added link
* FILE-6398 - Test temporarily disabled as on modern kernels JDB
support is built-in
* FIRE-4508 - Several changes to expand the test, make it more
generic, resolve minor issues
* KRNL-5622 - Test if systemctl binary is set
* Several improvements for busybox
* Update of translations: Italian, Russian, Spanish
Lynis 3.1.2 (2024-09-26)
Added
* Detection of ALT Linux
* Detection of Athena OS
* Detection of Container-Optimized OS from Google
* Detection of Koozali SME Server
* Detection of Nobara Linux
* Detection of Open Source Media Center (OSMC)
* Detection of PostmarketOS
* CRYP-7932 - macOS FileVault encryption test
* FILE-6398 - Check if JBD (Journal Block Device) driver is loaded
* FINT-4344 - Wazuh system running state
* PKGS-7305 - Query macOS Apps in /Applications and CoreServices
* File added: .editorconfig, which is used by editors to standardize
formatting
Changed
* Correction of software EOL database and inclusion of AIX entries
* Support sysctl value perf_event_paranoid -> 2|3
* Update of translations: German, Portuguest, Turkish
* Grammar and spell improvements
* Improved package detection on Alpine Linux
* Slackware support to check installed packges
(functionPackageIsInstalled())
* Added words prosecute/report to LEGAL_BANNER_STRINGS
* Busybox support: Replace newer tr command syntax with older ascii
specific operations
* Added Wazuh as a malware scanner/antivirus and rootkit detection
tool
* Updated PHP versions and removed PHP 5 (deprecated)
* AUTH-9262 - Corrected message with advised PAM libary
(libpam-passwdqc)
* CONT-8104 - Checking for errors, not only warning in docker info
output
* DBS-1826 - PostgreSQL detection improved for AlmaLinux, Rocky
Linux, and FreeBSD
* FILE-6344 - Test kernel version (major/minor)
* INSE-8000 - Added inetd package and service name used in ubuntu
24.04
* KRNL-5622 - Use systemctl get-default instead of following link
* KRNL-5820 - Accept ulimit with -H parameter also
* LOGG-2144 - Check for wazuh-agent presence on Linux systems
* MACF-6234 - Test if semanage binary is available
* MALW-3200 - ESET Endpoint Antivirus added
* MALW-3280 - McAfee Antivirus for Linux deprecated
* MALW-3291 - Check if Microsoft Defender Antivirus is installe
* NETW-3200 - Added regex to allow both /bin/true as /bin/false
* PKGS-7303 - Added version numbers to brew packages
* PKGS-7370 - Cron job check for debsums improved
* PKGS-7392 - Improved filtering of apt-check output (Ubuntu 24.04
may give an error)
* PKGS-7410 - Added kernel name for Hardkernel odroid XU4
Lynis 3.1.1 (2024-03-17)
Added
* Detection of ArcoLinux
Changed
* DBS-1882 - Redis configuration file path added for FreeBSD
(/usr/local/etc/redis.conf)
* DBS-1882 - Check /snap directory location for Redis configuration
file
Lynis 3.1.0 (2024-03-11)
Added
* Translation: Indonesian
Changed
* MALW-3280 - Correction to detect com.avast.daemon
* OS detection added for Guix System, macOS Ventura (13.x)/Sonoma
(14.x), NXP LSDK, OpenEmbedded "nodistro", and The Yocto Projects
distro "Poky"
* Updated Amazon Linux EOL dates and addition of Amazon Linux 2023
* STATUS_NOT_ACTIVE variable added to translation files
* End-of-life dates updated
* Fixing missing or erroneous test number comments
* Detection of SentinelOne corrected
* Wazuh for file integrity and tooling
* Updated parsing output of arch-audit
* Added support for SentinelOne detection
* Replacing deprecated option -i for xargs
* Path detection for PostgreSQL improved
Lynis 3.0.9 (2023-08-03)
Changed
* DBS-1820 - Added newer style format for Mongo authorization setting
* FILE-6410 - Locations added for plocate
* SSH-7408 - Only test Compression if sshd version < 7.4
* Improved fetching timestamp
* Minor changes such as typos
Lynis 3.0.8
Added
* MALW-3274 - Detect McAfee VirusScan Command Line Scanner
* PKGS-7346 Check Alpine Package Keeper (apk)
* PKGS-7395 Check Alpine upgradeable packages
* EOL for Alpine Linux 3.14 and 3.15
Changed
* AUTH-9408 - Check for pam_faillock as well (replacement for
pam_tally2)
* FILE-7524 - Test enhanced to support symlinks
* HTTP-6643 - Support ModSecurity version 2 and 3
* KRNL-5788 - Only run relevant tests and improved logging
* KRNL-5820 - Additional path for security/limits.conf
* KRNL-5830 - Check for /var/run/needs_restarting (Slackware)
* KRNL-5830 - Add a presence check for /boot/vmlinuz
* PRNT-2308 - Bugfix that prevented test from storing values
correctly
* Extended location of PAM files for AARCH64
* Some messages in log improved
Lynis 3.0.7 (2022-01-18)
Added
* MALW-3290 - Show status of malware components
* OS detection for RHEL 6 and Funtoo Linux
* Added service manager openrc
Changed
* DBS-1804 - Added alias for MariaDB
* FINT-4316 - Support for newer Ubuntu versions
* MALW-3280 - Added Trend Micro malware agent
* NETW-3200 - Allow unknown number of spaces in modprobe blacklists
* PKGS-7320 - Support for Garuda Linux and arch-audit
* Several improvements for busybox shell
* Russian translation of Lynis extended
Lynis 3.0.6 (2021-07-22)
Added
* OS detection: Artix Linux, macOS Monterey, NethServer, openSUSE
MicroOS
* Check for outdated translation files
Changed
* DBS-1826 - Check if PostgreSQL is being used
* DBS-1828 - Test multiple PostgreSQL configuration file(s)
* KRNL-5830 - Sort kernels by version instead of modification date
* PKGS-7410 - Don't show exception for systems using LXC
* GetHostID function: fallback options added for Linux systems
* Fix: macOS Big Sur detection
* Fix: show correct text when egrep is missing
* Fix: variable name for PostgreSQL
* German and Spanish translations extended
Lynis 3.0.5 (2021-07-02)
Added
* OS detection of Arch Linux 32, BunsenLabs Linux, and Rocky Linux
* CRYP-8006 - Check MemoryOverwriteRequest bit to protect against
cold-boot attacks (Linux)
Changed
* ACCT-9622 - Corrected typo
* HRDN-7231 - When calling wc, use the short -l flag instead of
--lines (Busybox compatibility)
* PKGS-7320 - extended to Arch Linux 32
* Generation of host identifiers (hostid/hostid2) extended
* Linux host identifiers are now using ip as preferred input source
* Improved logging in several areas
Lynis 3.0.4 (2021-05-11)
Added
* ACCT-9670 - Detection of cmd tooling
* ACCT-9672 - Test cmd configuration file
* BOOT-5140 - Check for ELILO boot loader presence
* OS detection of AlmaLinux, Garuda Linux, Manjaro (ARM), and others
Changed
* BOOT-5104 - Add service manager detection support for runit
* FILE-6430 - Report suggestion only when at least one kernel module
is not in the blacklist
* FIRE-4540 - Corrected nftables empy ruleset test
* LOGG-2138 - Do not check for klogd when metalog is being used
* TIME-3185 - Improved support for Debian stretch
* Corrected issue when Lynis is not executed directly from lynis
directory
Lynis 3.0.3 (2021-01-07)
Added
* HRDN-7231 - Check for registered non-native binary formats
* OS detection of Parrot GNU/Linux
Changed
* DBS-1816 - Force test to check only password authentication
* KRNL-5677 - Support for NetBSD
* Bugfix: command 'configure settings' did not work as intended
Lynis 3.0.2 (2020-12-24)
Added
* AUTH-9284 - Scan for locked user accounts in /etc/passwd
* LOGG-2153 - Loghost configuration
* TOOL-5130 - Check for active Suricata daemon
* OS detection of Flatcar, IPFire, Mageia, NixOS, ROSA Linux, SLES
(extended), Void Linux, Zorin OS
* OS detection of OpenIndiana (Hipster and Legacy), Shillix, SmartOS,
Tribblix, and others
* EOL dates for Alpine, macOS, Mageia, OmniosCE, and Solaris 11
* Support for Solaris svcs (service manager)
* Enumeration of Solaris services
Changed
* ACCT-9626 - Detect sysstat systemd unit
* AUTH-9230 - Only fail if both SHA_CRYPT_MIN_ROUNDS and
SHA_CRYPT_MAX_ROUNDS are undefined
* BOOT-5184 - Support for Solaris
* KRNL-5830 - Improved reboot test by ignoring known bad values
* KRNL-5830 - Ignore rescue kernel such as on CentOS systems
* KRNL-5830 - Detection of Alpine Linux kernel
* NETW-2400 - Compatibility change for hostname check
* NETW-3012 - Support for Solaris
* PKGS-7410 - Don't show exception if no kernels were found on the
disk
* TIME-3185 - Supports now checking files at multiple locations
(systemd)
* ParseNginx function: Support include on absolute paths
* ParseNginx function: Ignore empty included wildcards
* Set 'RHEL' as OS_NAME for Red Hat Enterprise Linux
* HostID: Use first e1000 interface and break after match
* Translations extended and updated
* Test if pgrep exists before using it
* Better support for busybox shell
* Small code enhancements
Lynis 3.0.1 (2020-10-05)
Added
* Detection of Alpine Linux
* Detection of CloudLinux
* Detection of Kali Linux
* Detection of Linux Mint
* Detection of macOS Big Sur (11.0)
* Detection of Pop!_OS
* Detection of PHP 7.4
* Malware detection tool: Microsoft Defender ATP
* New flag: --slow-warning to allow tests more time before showing a
warning
* Test TIME-3185 to check systemd-timesyncd synchronized time
* rsh host file permissions
Changed
* AUTH-9229 - Added option for LOCKED accounts and bugfix for older
bash versions
* BOOT-5122 - Presence check for grub.d added
* CRYP-7902 - Added support for certificates in DER format
* CRYP-7931 - Added data to report
* CRYP-7931 - Redirect errors (e.g. when swap is not encrypted)
* FILE-6430 - Don't grep nonexistant modprobe.d files
* FIRE-4535 - Set initial firewall state
* INSE-8312 - Corrected text on screen
* KRNL-5728 - Handle zipped kernel configuration correctly
* KRNL-5830 - Improved version detection for non-symlinked kernel
* MALW-3280 - Extended detection of BitDefender
* TIME-3104 - Find more time synchronization commands
* TIME-3182 - Corrected detection of time peers
* Fix: hostid generation routine would sometimes show too short IDs
* Fix: language detection
* Generic improvements for macOS
* German translation updated
* End-of-life database updated
* Several minor code enhancements
Assets 2
Loading
Uh oh!
There was an error while loading. [162]Please reload this page.
All reactions
Lynis 3.0.0
Major release with security fixes. See CHANGELOG for all details.
Lynis 2.7.5 (2019-06-24)
Added
* Danish translation
* Slackware end-of-life information
* Detect BSD-style (rc.d) init in Linux systems
* Detection of Bro and Suricata (IDS)
Changed
* Corrected end-of-life entries for CentOS 5 and 6
* AUTH-9204 - change name to check in /etc/passwd file for QNAP
devices
* AUTH-9268 - AIX enhancement to use correct find statement
* FILE-6310 - Filter on correct field for AIX
* NETW-3012 - set ss command as preferred option for Linux and
changed output format
* List of PHP ini file locations has been extended
* Removed several pieces of the code as part of cleanup and code
health
* Extended help
Lynis 2.7.4 (2019-04-21)
This is a bigger release than usual, including several new tests
created by Capashenn (GitHub). It is a coincidence that it is
released exactly one month after the previous version and on
Easter. No easter eggs, only improvements!
Added
* FILE-6324 - Discover XFS mount points
* INSE-8000 - Installed inetd package
* INSE-8100 - Installed xinetd package
* INSE-8102 - Status of xinet daemon
* INSE-8104 - xinetd configuration file
* INSE-8106 - xinetd configuration for inactive daemon
* INSE-8200 - Usage of TCP wrappers
* INSE-8300 - Presence of rsh client
* INSE-8302 - Presence of rsh server
* Detect equery binary detection
* New 'generate' command
Changed
* AUTH-9278 - Test LDAP in all PAM components on Red Hat and other
systems
* PKGS-7410 - Add support for DPKG-based systems to gather installed
kernel packages
* PKGS-7420 - Detect toolkit to automatically download and apply
upgrades
* PKGS-7328 - Added global Zypper option --non-interactive
* PKGS-7330 - Added global Zypper option --non-interactive
* PKGS-7386 - Only show warning when vulnerable packages were
discovered
* PKGS-7392 - Skip test for Zypper-based systems
* Minor changes to improve text output, test descriptions, and
logging
* Changed CentOS identifiers in end-of-life database
* AIX enhancement for IsRunning function
* Extended PackageIsInstalled function
* Improve text output on AIX systems
* Corrected lsvg binary detection
Lynis 2.7.3 (2019-03-21)
Added
* Detection for Lynis being scheduled (e.g. cronjob)
Changed
* HTTP-6624 - Improved logging for test
* KRNL-5820 - Changed color for default fs.suid_dumpable value
* LOGG-2154 - Adjusted test to search in configuration file correctly
* NETW-3015 - Added support for ip binary
* SQD-3610 - Description of test changed
* SQD-3613 - Corrected description in code
* SSH-7408 - Increased values for MaxAuthRetries
* Improvements to allow tailored tool tips in future
* Corrected detection of blkid binary
* Minor textual changes and cleanups
Lynis 2.7.2 (2019-03-07)
Added
* AUTH-9409 - Support for doas (OpenBSD)
* AUTH-9410 - Test file permissions of doas configuration
* BOOT-5117 - Support for systemd-boot boot loader added
* BOOT-5177 - Simplify service filter and allow multiple dots in
service names
* BOOT-5262 - Check OpenBSD boot daemons
* BOOT-5263 - Test permissions for boot files and scripts
* Support for end-of-life detection of the operating system
* New 'lynis show eol' command
* Korean translation
Changed
* AUTH-9252 - Adds support for files in sudoers.d
* AUTH-9252 - Test extended to check file and directory ownership
* BOOT-5122 - Use NONE instead of WARNING if no password is set
* FIRE-4540 - Modify test to better measure rules
* KRNL-5788 - Resolve false positive warning on missing /vmlinuz
* NETW-2704 - Ignore inline comments in /etc/resolv.conf
* PKGS-7388 - Improve detection for security archive
* RPi/Raspian path to PAM_FILE_LOCATIONS
Lynis 2.7.1 (2019-01-30)
Added
* Support for macOS Mojave
* Translation: Slovak
Changed
* AUTH-9282 - Improve support for Red Hat and clones
* FIRE-4534 - Additional support for Hands Off!, LuLu, and Radio
Silence
* LOGG-2190 - Added MariaDB filter for deleted files (tested on
CentOS)
* SHLL-6230 - Add /etc/bash.bashrc.local to umask check
* Removed shift statement that did not work on all operating systems
* Minor cleanups and enhancements
* Small improvements to logging
Lynis 2.7.0 (2018-10-26)
Added
* MACF-6240 - Detection of TOMOYO binary
* MACF-6242 - Status of TOMOYO framework
* SSH-7406 - OpenSSH server version detection
* TOOL-5160 - Check active OSSEC analysis daemon
Changed
* Changed several warning labels on screen
* AUTH-9308 - More generic sulogin for systemd rescue.service
* OS detection now ignores quotes for getting the OS ID.
Lynis 2.6.9 (2018-09-19)
Changed
* Man page has been updated
* Command 'lynis show options' provides up-to-date list
* Option '--dump-options' is deprecated
* Several options and commands have been extended with more examples
* OS detection now supports openSUSE specific distribution names
* Changed command output when using 'lynis audit system remote'
* DBS-1882 - added /usr/local/redis/etc path and QNAP support
* PKGS-7322 - updated solution text
* KRNL-5788 - ignore exception when no vmlinuz file was discovered
* TIME-3104 - extended logging for test
Lynis 2.6.8 (2018-08-23)
Changed
* BOOT-5104 - improved parsing of boot parameters to init process
* PHP-2372 - test all PHP files for expose_php and improved logging
* Alpine Linux detection for Docker audit
* Docker check now tests also for CMD, ENTRYPOINT, and USER
configuration
* Improved display in Docker output for showing which keys are used
for signing
Lynis 2.6.7 (2018-08-09)
Changed
* BOOT-5104 - Added busybox as a service manager
* KRNL-5677 - Limit PAE and no-execute test to AMD64 hardware only
* LOGG-2190 - Ignore /dev/zero and /dev/[aio] as deleted files
* SSH-7408 - Changed classification of SSH root login with keys
* Docker scan uses new format for maintainer value
* New URL structure on CISOfy website implemented for Lynis controls
Lynis 2.6.6 (2018-07-06)
Improvements
* New format of changelog ([174]https://keepachangelog.com/en/1.0.0/)
* KRNL-5830 - improved log text about running kernel version
Fixed
* Under some condition no hostid2 value was reported
* Solved 'extra operand' issue with tr command
Lynis 2.6.5 (2018-06-26)
Tests:
* [MAIL-8804] - Exim configuration test
* [NETW-2704] - Use FQDN to test status of a nameserver instead of
own IP address
* [SSH-7402] - Improved test to allow configurations with a Match
block
Lynis 2.6.4 (2018-05-02)
Changes:
* Several contributions merged, including grammar improvements
* Initial support for Ubuntu 18.04 LTS
* Small enhancements for usage
Tests:
* [AUTH-9308] - Made 'sulogin' more generic for systemd rescue shell
* [DNS-1600] - Initial work on DNSSEC validation testing
* [NETW-2704] - Added support for local resolver 127.0.0.53
* [PHP-2379] - Suhosin test disbled
* [SSH-7408] - Removed 'DELAYED' from OpenSSH Compression setting
* [TIME-3160] - Improvements to detect step-tickers file and entries
Lynis 2.6.3 (2018-03-07)
Changes:
* Change in routine for host identifiers
Tests:
* [CRYP-7902] - Do prevalidation for certificates before testing them
* [HRDN-7222] - Enhanced compiler permission test
* [NAME-4402] - Improved test to filter out empty lines
* [PKGS-7384] - Changes to detect yum-utils package and related
tooling
Plugins:
* [PLGN-2680] - cron file permissions
To generate a diff of this commit:
cvs rdiff -u -r1.8 -r1.9 pkgsrc/security/lynis/Makefile
cvs rdiff -u -r1.3 -r1.4 pkgsrc/security/lynis/PLIST
cvs rdiff -u -r1.7 -r1.8 pkgsrc/security/lynis/distinfo
cvs rdiff -u -r1.3 -r1.4 \
pkgsrc/security/lynis/patches/patch-include_functions
cvs rdiff -u -r1.1 -r1.2 pkgsrc/security/lynis/patches/patch-lynis
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: pkgsrc/security/lynis/Makefile
diff -u pkgsrc/security/lynis/Makefile:1.8 pkgsrc/security/lynis/Makefile:1.9
--- pkgsrc/security/lynis/Makefile:1.8 Wed Jun 23 20:27:16 2021
+++ pkgsrc/security/lynis/Makefile Mon Mar 23 19:12:51 2026
@@ -1,12 +1,12 @@
-# $NetBSD: Makefile,v 1.8 2021/06/23 20:27:16 nia Exp $
+# $NetBSD: Makefile,v 1.9 2026/03/23 19:12:51 kim Exp $
#
-DISTNAME= lynis-2.6.2
+DISTNAME= lynis-3.1.6
CATEGORIES= security
-MASTER_SITES= https://cisofy.com/files/
+MASTER_SITES= https://downloads.cisofy.com/lynis/
MAINTAINER= pkgsrc-users%NetBSD.org@localhost
-HOMEPAGE= https://cisofy.com/solutions/
+HOMEPAGE= https://cisofy.com/lynis/
COMMENT= Perform security health scans
LICENSE= gnu-gpl-v3
Index: pkgsrc/security/lynis/PLIST
diff -u pkgsrc/security/lynis/PLIST:1.3 pkgsrc/security/lynis/PLIST:1.4
--- pkgsrc/security/lynis/PLIST:1.3 Tue Jan 30 08:43:02 2018
+++ pkgsrc/security/lynis/PLIST Mon Mar 23 19:12:51 2026
@@ -1,11 +1,15 @@
-@comment $NetBSD: PLIST,v 1.3 2018/01/30 08:43:02 sborrill Exp $
+@comment $NetBSD: PLIST,v 1.4 2026/03/23 19:12:51 kim Exp $
bin/lynis
+lib/lynis/db/control-links.db
lib/lynis/db/fileperms.db
lib/lynis/db/hints.db
lib/lynis/db/integrity.db
+lib/lynis/db/languages/az
lib/lynis/db/languages/br
lib/lynis/db/languages/cn
+lib/lynis/db/languages/da
lib/lynis/db/languages/de
+lib/lynis/db/languages/de-AT
lib/lynis/db/languages/en
lib/lynis/db/languages/en-GB
lib/lynis/db/languages/en-US
@@ -15,8 +19,10 @@ lib/lynis/db/languages/fr
lib/lynis/db/languages/gr
lib/lynis/db/languages/he
lib/lynis/db/languages/hu
+lib/lynis/db/languages/id
lib/lynis/db/languages/it
lib/lynis/db/languages/ja
+lib/lynis/db/languages/ko
lib/lynis/db/languages/nb-NO
lib/lynis/db/languages/nl
lib/lynis/db/languages/nl-BE
@@ -25,10 +31,12 @@ lib/lynis/db/languages/pl
lib/lynis/db/languages/pt
lib/lynis/db/languages/ru
lib/lynis/db/languages/se
+lib/lynis/db/languages/sk
lib/lynis/db/languages/tr
lib/lynis/db/malware-susp.db
lib/lynis/db/malware.db
lib/lynis/db/sbl.db
+lib/lynis/db/software-eol.db
lib/lynis/db/tests.db
lib/lynis/extras/README
lib/lynis/extras/bash_completion.d/lynis
@@ -46,6 +54,7 @@ lib/lynis/include/data_upload
lib/lynis/include/functions
lib/lynis/include/helper_audit_dockerfile
lib/lynis/include/helper_configure
+lib/lynis/include/helper_generate
lib/lynis/include/helper_show
lib/lynis/include/helper_system_remote_scan
lib/lynis/include/helper_update
@@ -61,6 +70,7 @@ lib/lynis/include/tests_containers
lib/lynis/include/tests_crypto
lib/lynis/include/tests_custom.template
lib/lynis/include/tests_databases
+lib/lynis/include/tests_dns
lib/lynis/include/tests_file_integrity
lib/lynis/include/tests_file_permissions
lib/lynis/include/tests_filesystems
@@ -68,6 +78,7 @@ lib/lynis/include/tests_firewalls
lib/lynis/include/tests_hardening
lib/lynis/include/tests_homedirs
lib/lynis/include/tests_insecure_services
+lib/lynis/include/tests_kerberos
lib/lynis/include/tests_kernel
lib/lynis/include/tests_kernel_hardening
lib/lynis/include/tests_ldap
@@ -80,7 +91,7 @@ lib/lynis/include/tests_nameservices
lib/lynis/include/tests_networking
lib/lynis/include/tests_php
lib/lynis/include/tests_ports_packages
-lib/lynis/include/tests_printers_spools
+lib/lynis/include/tests_printers_spoolers
lib/lynis/include/tests_scheduling
lib/lynis/include/tests_shells
lib/lynis/include/tests_snmp
Index: pkgsrc/security/lynis/distinfo
diff -u pkgsrc/security/lynis/distinfo:1.7 pkgsrc/security/lynis/distinfo:1.8
--- pkgsrc/security/lynis/distinfo:1.7 Tue Oct 26 11:17:18 2021
+++ pkgsrc/security/lynis/distinfo Mon Mar 23 19:12:51 2026
@@ -1,7 +1,7 @@
-$NetBSD: distinfo,v 1.7 2021/10/26 11:17:18 nia Exp $
+$NetBSD: distinfo,v 1.8 2026/03/23 19:12:51 kim Exp $
-BLAKE2s (lynis-2.6.2.tar.gz) = 330aeb4d3a289b9c6fbb637823cc3069b4adf72f32bd807523e7135270997590
-SHA512 (lynis-2.6.2.tar.gz) = 3aeb94c416236f8fd30b6e6ede015fa539b6138a2b43eb659f609a41b60fbb05671256d8d2d72e632c4b90dad9e7201a3b932e8cbd53945752f5b7cf4e7a3970
-Size (lynis-2.6.2.tar.gz) = 271113 bytes
-SHA1 (patch-include_functions) = 157c720799d27adc8e90266f78de8da2db4b58cb
-SHA1 (patch-lynis) = f35b682d9c30afdd6bc4e35ca684a4bd7209f63d
+BLAKE2s (lynis-3.1.6.tar.gz) = 970a1d15fdf8d8a2906ae7e992599c57a62e1ed46af2a952a61469d2c7e414b8
+SHA512 (lynis-3.1.6.tar.gz) = a462be0e4177033b01db7573b1a30c46e1b263cda782963b6f2fdc1f79309362961cd1ae667d974e586500e21f903ebe36f208cc6b69a4017076f3586d7c4ba8
+Size (lynis-3.1.6.tar.gz) = 354692 bytes
+SHA1 (patch-include_functions) = fd4d4a6545e0f3f42a3d4503cb57fb269bb9cf29
+SHA1 (patch-lynis) = ed043fe50a71b874225ef9074e588b7cfa86f522
Index: pkgsrc/security/lynis/patches/patch-include_functions
diff -u pkgsrc/security/lynis/patches/patch-include_functions:1.3 pkgsrc/security/lynis/patches/patch-include_functions:1.4
--- pkgsrc/security/lynis/patches/patch-include_functions:1.3 Thu Jan 18 16:42:40 2018
+++ pkgsrc/security/lynis/patches/patch-include_functions Mon Mar 23 19:12:51 2026
@@ -1,15 +1,15 @@
-$NetBSD: patch-include_functions,v 1.3 2018/01/18 16:42:40 sborrill Exp $
+$NetBSD: patch-include_functions,v 1.4 2026/03/23 19:12:51 kim Exp $
Set location of default profiles.
---- include/functions.orig 2018-01-12 00:00:00.000000000 +0000
-+++ include/functions 2018-01-15 11:38:48.000000000 +0000
-@@ -426,7 +426,7 @@
- DEFAULT_PROFILE=""
- PROFILEDIR=""
- tPROFILE_NAMES="default.prf custom.prf"
-- tPROFILE_TARGETS="/usr/local/etc/lynis /etc/lynis /usr/local/lynis ."
-+ tPROFILE_TARGETS="@CONFDIR@ ."
+--- include/functions.orig 2025-10-23 00:00:00.000000000 +0000
++++ include/functions 2026-03-23 18:09:39.647838507 +0000
+@@ -434,7 +434,7 @@
+ if [ ${USE_CWD} -eq 1 ]; then
+ tPROFILE_TARGETS="."
+ else
+- tPROFILE_TARGETS="/usr/local/etc/lynis /etc/lynis /usr/local/lynis ."
++ tPROFILE_TARGETS="@CONFDIR@ /usr/local/lynis ."
+ fi
for PNAME in ${tPROFILE_NAMES}; do
for PLOC in ${tPROFILE_TARGETS}; do
- # Only use one default.prf
Index: pkgsrc/security/lynis/patches/patch-lynis
diff -u pkgsrc/security/lynis/patches/patch-lynis:1.1 pkgsrc/security/lynis/patches/patch-lynis:1.2
--- pkgsrc/security/lynis/patches/patch-lynis:1.1 Mon Jan 15 12:38:37 2018
+++ pkgsrc/security/lynis/patches/patch-lynis Mon Mar 23 19:12:51 2026
@@ -1,44 +1,45 @@
-$NetBSD: patch-lynis,v 1.1 2018/01/15 12:38:37 sborrill Exp $
+$NetBSD: patch-lynis,v 1.2 2026/03/23 19:12:51 kim Exp $
Remove hardwired paths to allow installation in a separate dir to the
main script.
---- lynis.orig 2018-01-12 00:00:00.000000000 +0000
-+++ lynis 2018-01-15 11:32:35.000000000 +0000
-@@ -72,15 +72,7 @@
-
- # Test from which directories we can use all functions and tests
-
-- INCLUDEDIR="" # Set default include directory to none
+--- lynis.orig 2025-10-23 00:00:00.000000000 +0000
++++ lynis 2026-03-23 18:03:32.102635624 +0000
+@@ -82,16 +82,7 @@
+ USE_CWD=1
+ INCLUDEDIR="./include"
+ else
+- INCLUDEDIR=""
- tINCLUDE_TARGETS="/usr/local/include/lynis /usr/local/lynis/include /usr/share/lynis/include ./include" # Default paths to check (CWD as last option, in case we run from standalone)
- for I in ${tINCLUDE_TARGETS}; do
- if [ "${I}" = "./include" ]; then
-- if [ -d ${WORKDIR}/include ]; then INCLUDEDIR="${WORKDIR}/include"; fi
+- if [ -d "${WORKDIR}/include" ]; then INCLUDEDIR="${WORKDIR}/include"; fi
- elif [ -d ${I} -a -z "${INCLUDEDIR}" ]; then
- INCLUDEDIR=${I}
+- break
- fi
- done
+ INCLUDEDIR="@PREFIX@/lib/lynis/include"
+ fi
# Drop out if our include directory can't be found
- if [ -z "${INCLUDEDIR}" ]; then
-@@ -92,14 +84,7 @@
-
- # Test for database directory
-
+@@ -104,14 +95,7 @@
+ if [ ${USE_CWD} -eq 1 ]; then
+ DBDIR="./db"
+ else
- DBDIR=""; tDB_TARGETS="/usr/local/share/lynis/db /usr/local/lynis/db /usr/share/lynis/db ./db"
- for I in ${tDB_TARGETS}; do
- if [ "${I}" = "./db" ]; then
-- if [ -d ${WORKDIR}/db ]; then DBDIR="${WORKDIR}/db"; fi
+- if [ -d "${WORKDIR}/db" ]; then DBDIR="${WORKDIR}/db"; fi
- elif [ -d ${I} -a -z "${DBDIR}" ]; then
- DBDIR="${I}"
- fi
- done
+ DBDIR="@PREFIX@/lib/lynis/db"
-
- # Import translations. First import English to prefill all texts
- if [ ! -f ${DBDIR}/languages/en ]; then
-@@ -303,7 +288,7 @@
+ fi
+ #
+ #################################################################################
+@@ -340,7 +324,7 @@
DiscoverProfiles
# Initialize and check profile file, auditor name, log file and report file
@@ -47,7 +48,14 @@ main script.
if [ -z "${AUDITORNAME}" ]; then AUDITORNAME="[Not Specified]"; fi
if [ -z "${LOGFILE}" ]; then LOGFILE="${LOGDIR}/lynis.log"; fi
if [ -z "${REPORTFILE}" ]; then REPORTFILE="${LOGDIR}/lynis-report.dat"; fi
-@@ -321,14 +306,14 @@
+@@ -352,20 +336,20 @@
+ #################################################################################
+ #
+ # Decide where to write our PID file. For unprivileged users this will be in their home directory, or /tmp if their
+- # home directory isn't set. For root it will be /var/run, or the current working directory if /var/run doesn't exist.
++ # home directory isn't set. For root it will be @VARBASE@/run, or the current working directory if @VARBASE@/run doesn't exist.
+ MYHOMEDIR=$(echo ~ 2> /dev/null)
+ if [ -z "${MYHOMEDIR}" ]; then MYHOMEDIR="/tmp"; fi
if [ ${PRIVILEGED} -eq 0 ]; then
PIDFILE="${MYHOMEDIR}/lynis.pid"
@@ -65,7 +73,7 @@ main script.
printf "%s" "
${WARNING}Warning${NORMAL}: ${WHITE}PID file exists, probably another Lynis process is running.${NORMAL}
-@@ -354,7 +339,7 @@
+@@ -391,7 +375,7 @@
# Deleting any stale PID files that might exist. Note: Display function does not work yet at this point
if [ -f "${MYHOMEDIR}/lynis.pid" ]; then rm -f "${MYHOMEDIR}/lynis.pid"; fi
if [ -f "./lynis.pid" ]; then rm -f "./lynis.pid"; fi
@@ -74,7 +82,7 @@ main script.
fi
# Ensure symlink attack is not possible, by confirming there is no symlink of the file already
-@@ -577,14 +562,7 @@
+@@ -642,14 +626,7 @@
#
# Plugin directory test
if [ -z "${PLUGINDIR}" ]; then
Home |
Main Index |
Thread Index |
Old Index