Linux open source security audit and penetration testing tool lynis

Posted by Beatty Bertelsen on February 7th, 2021

Reprinted from FreeBuf. COM Lynis is a UNIX system security audit and reinforcement tool, which can conduct in-depth security scanning. Its purpose is to detect the potential time and supply suggestions for future system reinforcement. The application scans for general system information, vulnerable packages and potential misconfigurations. Following the scan, lynis will also generate a security report for us that contains all of the scan results. Lynis is amongst the most reliable automatic audit tools for patch management, malware scanning and vulnerability detection in UNIX / Linux system. This tool is quite suited to security auditors, network security experts, penetration testers, network and system administrators and security engineers. AIX Arch Linux BackTrack Linux CentOS Debian, DragonFlyBSD Fedora Core, FreeBSD Gentoo HPUX Kali, Knoppix Linux Mint MacOS X, Mageia, Mandriva NetBSD OpenBSD, OpenSolaris, openSUSE, Oracle Linux PcBSD, PCLinuxOS Red Hat Enterprise Linux (RHEL) and derivatives Sabayon, Scientific Linux, Slackware, Solaris 10, SuSE TrueOS Ubuntu and derivatives Database servers: MySQL, Oracle, PostgreSQL Time daemons: dntpd, ntpd, timed Web servers: Apache, Nginx once lynis starts scanning one's body, it'll perform multiple categories of Auditing: system tools: system binaries startup and services: boot loader, boot services kernel: run level, load module, kernel configuration, core dump memory and processes: Zombie process, IO waiting process r> user, group and authentication: group ID, sudoers, PAM configuration, password aging, default mask shells file system: mount point, / tmp file, root file system storage: USB storage, firewall OHCI NFS computer software: Name Service: DNS search domain, bind ports and packages: vulnerable / upgradable packages, secure repositories networks: name servers, promiscuous interfaces, connections printers and spools: Cups configuration pc software: email and message software: Firewall: iptables, PF computer software: webserver: Apache, nginx SSH support: SSH configuration SNMP support Database: MySQL Root password LDAP service computer software: PHP: PHP options squid support logging and files: syslog daemon, log directory insecure services: inetd banners and identity scheduled tasks: crontab / cronjob, ATD Accounting: sysstat data, auditd time and synchronization: NTP Daemon encryption: SSL certificate expired virtualization Security Framework: AppArmor, SELinux, security status pc software: file integrity software: malware scanner Home Directory: shell history file it is suggested to make use of the - C parameter when running lynis for initially, and - C represents the absolute most comprehensive inspection of the system. asIf you intend to add the auditor's name, you need to use the – auditor parameter. Down load and install lynis from GitHub. Use example: Figure 1 ) Initialization Figure 2. System tools Figure 3 Boot & services and kernel Figure 4. Users and groups Figure five. Shell and storage Figure 6. Software, ports and packages Figure 7. Network and printers figure 8. E-mail, firewall and web server Figure 9 SSH, SNMP and database Figure 10. PHP, squid agent and logging Figure 11 Inetd, banner and cron Figure 12. Accounting, NTP and cryptography Figure 13. Virtualization, security framework and file integrity Figure 14. Malware scanner, system tools and home directory Figure 15. Kernel hardening Figure 16. Hardening, custom testing and results Figure 15 Figure 17. your overall testing system may not need to test every thing. For instance , if one's body does not run a web server, we can use the - Tests parameter with the next syntax: you will find more than 100 tests we could do. The next is a partial list of lynis tests IDs. File-7502 (check all binary files of the system) boot-5121 (check the existence of grub boot loader) boot-5139 (check the existence of Lilo boot loader) boot-5142 (check SPARC improved boot loader (solo)) boot-5155 (check the yaboot boot boot loader configuration file) boot-5159 (OpenBSD i386 boot) Loader presence check) boot-5165 (check FreeBSD boot services) boot-5177 (check Linux boot and running services) boot-5180 (check Linux boot services (Debian style)) boot-5184 (check boot file / script permissions) boot-5202 (check system uptime) krnl-5677 (check CPU options and support) krnl-5695 (determine Linux kernel version and version number) krnl-5723 (determine whether the Linux kernel is an individual kernel) krnl-5726 (check Linux loaded kernel modules) krnl-5728 (check Linux kernel configuration) krnl-5745 (check FreeBSD loaded kernel modules) krnl-5770 (check active kernel modules) krnl-5788 (check availability of new kernel) krnl-5820 (check core dump configuration) the next is an example of the command to operate the "check system uptime" and "check core dump configuration" tests. For more tests IDS, you will find them in / var / log/ lynis. log Found in. Here is a trick. - First, we run lynis with the - C (check all) parameter. 2. Then look at / var / log/ lynis. log Documents. Make use of the cat command in conjunction with grep. Suppose you want to search for test IDS related to kernel. You can find it utilising the keyword krnl. The following may be the complete test ID keyword given by lynis. BOOT KRNL (kernel) PROC (processor) AUTH (authentication) SHLL (shell) FILE STRG (storage) NAME (dns) PKGS (packaging) NETW (network) PRNT (printer) MAIL FIRE (firewall) HTTP (webserver) SSH SNMP DBS (database) PHP LDAP SQD (squid proxy) LOGG (logging) INSE (insecure services – inetd) SCHD (scheduling – cron job) ACCT (accounting) TIME (time protocol – NTP) CRYP (cryptography) VIRT (virtualization) MACF (AppArmor – SELINUX) MALW (malware) HOME Hrdn (hardening) if you learn it very troublesome to enter test ID, you need to use the - Test Category parameter. With this method, lynis will run the test ID contained in a particular category. For instance , you wish to run firewall and kernel tests. You are able to enter the following command: as well as the above convenience, we could also automatically run lynis as cronjob on a regular basis. The following is an example of running once per month: save the script to / etc/ cron. monthly/lynis. Also, don't forget to add related paths (/ usr / local / lynis and / var / log / lynis), otherwise the script won't work correctly. *Reference source: gbhackers, FB editor, compiled by secist, reprinted from FreeBuf. COM click baidu

Like it? Share it!


Beatty Bertelsen

About the Author

Beatty Bertelsen
Joined: February 7th, 2021
Articles Posted: 1