Linux system security Audit tool Lynis

Lynis is an open-source system security Audit Utility tool that consists of a series of shell scripts that form a comprehensive security-check tool for systems, accounts, processes, and other levels of security risks and are listed in an intuitive way Support the current mainstream Linux platform.
First, the Lynis inspection project is generally as follows
Whether the system program has been replaced or tampered with to prevent the manager or user from executing malicious programs
Boot programs and system settings, and detect services that are currently turned on
Account information (user, Group) and account verification method in the system
Is there a risk of the three-party software
Whether the firewall settings are turned on
Web Server, MySQL, PHP, postfix check

1. Binaries installed on the system (e.g. in the/bin/sbin/usr/bin/usr/sbin/usr/local/bin/usr/local/sbin directory)
2. Start the service (for example, if grub has password protection)
3. System kernel information (e.g. default runlevel, kernel load module, kernel config file)
4. Memory and process information (e.g. whether there is a zombie process, whether there are waiting I/O operations)
5. Accounts, groups and authentication (such as sudoers files, Pam configuration, password policies, unmask settings, etc.)
6.Shell (/etc/shells)
7. File system (for example, if there is a 90-day file under the TMP directory, the root file system has an ACL policy
8. Whether to prohibit peripherals (Usb,fireware)
9.NFS
10.DNS Domain Name Service (/etc/resolv.conf,bind,powerdns, YPBIND,NSCD)
11. Package Management (DPKG,RPM)
12. Network information (NIC, gateway, IP, connection in waiting state)
13. Printer (Cups)
14. Mail system (E.g.postfix,exim, Qmail smtpd)
15. Firewall (iptable)
16. Web server (APACHE,NIGNX) Security Configuration
17.SSH Security configuration (such as not running root telnet)
18.SNMP Security Configuration
19. Database Security Configuration (mysql,postgresql,oracle)
20.LDAP Security Configuration
21.PHP Security Configuration
22.Squid Security Configuration
23. log file Management (syslog,logrotate)
24. Hazardous Services (INETD.CONF)
25. System Fingerprint (/etc/motd/etc/issue/etc/issue.net)
26. Scheduled Tasks (Crontab/cronjob)
27. Whether the audit module is open (AUDITD)
28. Time Synchronization Service (NTP)
29. Encryption (e.g. SSL certificate validity period)
30. Whether to apply a security framework (Selinux,apparmor, grsecurity)
31. Is there a file system integrity Detection Tool (Afick,aide, Osiris,samhain,tripwire
32. Is there a malicious program Detection Tool (Chkrootkit,rootkit HUNTER,CLAMAV scanner)
33. Whether the permissions for a particular file are reasonable (for example, if/ROOT/.SSH is rwx------)
Whether there are sensitive files in the 34.home directory (for example, if the contents of the shell history file are suspicious)
35. Have you done kernel hardening (scan sysctl content)

Second, installation and operation

wget Http://www.rootkit.nl/files/lynis-1.6.0.tar.gztar zxvf LYNIS-1.6.0.TAR.GZCD lynis-1.6.0/

View Help
sudo./lynis--man
Check all (most commonly used)
sudo./lynis--check-all-q
Automatic check with crontab
sudo./lynis-c--auditor "automated"--cronjob >/var/log/lynis/report.txt

650) this.width=650; "src=" http://static.freebuf.com/uploads/image/20130419/20130419105248_49828.jpg "/>

Third, view sensitive information in the log
grep warning/var/log/lynis.log

grep suggestingon/var/log/lynis.log

Reference: http://www.freebuf.com/tools/43185.html

This article is from the "Boyhack" blog, make sure to keep this source http://461205160.blog.51cto.com/274918/1741234

Linux system security Audit tool Lynis