Lynis:linux System Security Check tool

Project background:

Software patch management, malware scanning, file integrity checking, security review, configuration error checking, and more. To have a security vulnerability automatic scanning Tool!!

Better not money!

Test environment:

VMware Workstation 11

Server: ip:192.168.0.19 off iptables setenforce0

SECURECRT (SSH remote connection software)

Lynis-2.1.0-1.el6.noarch

Experimental process

First, Software Installation

Yum Install-y Lynis

Second, the use of software

Check the security of the entire file system

Lynis--check-all-q

650) this.width=650; "src=" Http://s2.51cto.com/wyfs02/M02/7D/92/wKioL1bravuhPljqAAEgn_Oc7vY526.png "title=" The software uses the. png "alt=" wkiol1bravuhpljqaaegn_oc7vy526.png "/> I just cut off the beginning part.

Once Lynis starts scanning your system, it performs a number of categories of review work:

System Tools : Binary code system

Boot and service : Boot loader and start service.

cores : runlevel, mounted modules, kernel configuration, and core dumps

Memory and Process : Zombie process and input/output wait process

user, user group, and authentication : User group number, sudoers file, pluggable authentication module (PAM) configuration, password aging, and default mask

Shell

file system : mount point, temp file, and root file system

storage : USB storage (Usb-storage) and FireWire Open Host Controller interface (FireWire OHCI)

Nfs

software : Name service: DNS search domain and bind

ports and packages: vulnerable/upgradeable packages and secure repositories

Network : Name servers, promiscuous interfaces, and connections.

Printers and spooling : Universal UNIX Print System (CUPS) configuration

software : e-mail and message delivery

software : Firewalls: iptables and PF

software : Web server: Apache and Nginx

ssh support : SSH configuration

SNMP Support

database : MySQL root password

LDAP Service

software : php:php options

Squid support

logs and files : syslog daemon and log directory

Unsafe Services : inetd

Banner information and proof of identity

scheduling Tasks : Crontab/cronjob and ATD

Audit : Sysstat data and AUDITD

time and synchronization : NTP daemon

Password : SSL certificate expires

Virtualization of

security Framework : AppArmor, SELinux, and grsecurity states

software : File integrity

software : Malicious software Scanning Tool

home directory : Shell history files

Iii. viewing warning messages for potential security vulnerabilities

Once the scan is complete, your system's review report is automatically generated and saved in the/var/log/lynis.log.

650) this.width=650; "src=" Http://s1.51cto.com/wyfs02/M02/7D/9E/wKiom1brqb-ik7AWAABMzi7lUUA287.png "title=" warning. png "alt=" Wkiom1brqb-ik7awaabmzi7luua287.png "/> Four, view suggestions

650) this.width=650; "src=" Http://s5.51cto.com/wyfs02/M00/7D/9B/wKioL1brqp_Bf9nMAAHMX8sDaxE298.png "title=" recommendations. png "alt=" Wkiol1brqp_bf9nmaahmx8sdaxe298.png "/>

Summary: This is a good security scanning software, for our system security has a great help!.

This article is from the "Make a few" blog, be sure to keep this source http://9399369.blog.51cto.com/9389369/1752591

Lynis:linux System Security Check tool