What's new in YASAT 839
Apr 17, 2015
- Fix crashes when /etc/apache2/envvars is absent. Solve debian bug #756840
- Add more setuid to binaries database. Solve debian bug #756839
- Add jessie to osdetection
- Some internal rewriting of apache plugins (merging of apache_user in apache_conf)
- The firewall plugin could badly detect default policy
- accounting plugin now know blowfish
- Add dovecot plugin
- dovecot plugin test cipherlist and ssl protocols
- dns plugin test for chrooted bind
- dns plugin test if dynamic update are enabled
- dns plugin test if dnssec validation is enabled
- dns plugin now handle better file inclusion
- And still lots of minor enhancement
New in YASAT 755 (May 1, 2014)
- Fix the "cant shift that many" bug
- Fix the make test
- Lots of internal rewritting
New in YASAT 700 (Jul 9, 2013)
- Check_certificate check for unsecured algorithms like md5
- Check_certificate test RSA key size
- Check certificate used by apache
- Fix debian bug #690636 (logwatch plugin)
- Check cipher list of cyrus
- Check all certificate in firefox/thunderbird certificate store
- Check all certificate in java certificate store
- Check all certificate in openssl
- Handle very old find (4.1.20)
- Begin of work for adding the scanroot options
- New plugin for testing package repository
- New option (--compliance) for printing compliance to the NSA Guide
- New plugin SELinux
- Add the testing of yum repositories
- Check hash methods for system password
- Check for SamHain presence
- Test the crypt method of password protected keys
- Handle better embedded system with less or different binaries (tput, expr, ...) but still lots of work like for OpenWrt
- Detection of OpenWrt
- General enhancement of all plugins
New in YASAT 526 (May 23, 2012)
- Now test the SSLCipherSuite for apache
- Enhancement: Check size of private key
- bug: The availability of echo -e was badly tested
- bug: apache_vhost tested certificate as private key instead of certificate filetype
- bug: apache_vhost could badly analyze order by clause
- typo some advice links was bad
- internal: link tester for advices
- Enhancement: ssh test
- Enhancement: vsftpd test
- Fix some remaining bashism
- Check the presence of Firewire kernel modules
- Correction of some problems with dash and some empty variables (shift: cant shift that many)
- Renamed yasat.sh to yasat
- Lots of spelling fix
- Enhancement: now correctly find the user running bind9 under debian
- Lots of small fix for future Debian Wheezy
New in YASAT 456 (Dec 30, 2011)
- add chronyd to known ntpd servers
- add logwatch test from Mr Sande
- add password encryption test for shadow
- add the list of command needed to correct problems reported by yasat in yasat_correct.shell
- More kernel checks
- Check for remote syslog logging
- Check for auditd daemon
- Arch Linux detection and pacman support
- Lots of misc enhancement
New in YASAT 421 (Jun 21, 2011)
- Skip option patch from Mr Sande
- Misc enhancement from Mr Didier
- Lots of known location added to apache_vhosts
- Typo in partition.test
- Misc enhancement
- POSIX CAPS test for setuid binaries
New in YASAT 400 (Mar 11, 2011)
- YASAT incorrectly searched umask value (thanks to Mikal Sande for report and patch)
- YASAT manpages
- The CheckFile function will now check if the binary tested have SSP and PIE
- Lots of advice spell checking and enhancement by Mikal Sande.
New in YASAT 385 (Jan 4, 2011)
- Misc modifications of PHP, apache, LDAP, SSH, MySQL
- Initial test of security options of firefox
- Better BIND server test
- Basic support of checking technology behind a vhost (like PHP for testing php_admin_values like open_basedir)
- Test of NFS mount options and NFSD exports options
- Basic test if private key is password protected
New in YASAT 351 (Aug 2, 2010)
- Minor corrections for FreeBSD
- yasat.sh is no longer /bin/bash (all bashisms seems fixed)