Audit the security of your Unix/Linux systems using lynis
Lynis is an auditing tool for unix/linux like systems which is used to scan the entire unix/linux systems for security issues, installed software informations, general system information, configuration issues or mistakes, software patch management, malware and vulnerability, firewall auditing, user accounts without passwords, invalid file permissions and many more.
This tool is quite often used for novice system administrators, system auditors, network and security specialists. The notable feature of this tool is easy to use and it tests and gathers the linux systems security informations in few minutes. Sounds good, why don’t you give it a try?
Install lynis in Ubuntu / Debian Distros
Installation is quite easy in ubuntu/debian like systems. You can install it either from synaptic manager or from terminal. For other distros plaese check offical homepage.
unixmen@server:~$ sudo apt-get install lynis
Usage and Run lynis
The running and using of lynis is faily simple. All you need to do is just open the terminal and type following command.
unixmen@server:~$ sudo lynis -c
unixmen@server:~$ sudo lynis --check-all
Now lynis will begin to audit the entire system including the following:
- Boot loaders and startup services.
- kernel configuration, core dumps, run level and loaded modules.
- Memory and processes.
- Users and groups.
- mount points, /tmp files and root file system
- NFS and BIND services.
- Update/upgradeable packages and software repositories.
- Iptables and SElinux issues/configurations.
- Apache and nginx web servers.
- SSH configurations and Issues.
- MySQL root password and LDAP services.
- php options.
- crontab/cronjob and atd.
- ntp daemon.
- SSL certificate expiration and Issues.
- Home directories.
The following output will open when you type above commands.
Now pressing enter will lead you through the next screens.
To stop asking “Press Enter” every time, use the parameters ‘-c and -Q’ as shown below.
unixmen@server:~$ sudo lynis -c -Q
After completing the scanning, it will generate a output report in ‘/var/log/lynis.log’ file.
unixmen@server:~$ sudo vi /var/log/lynis.log [13:13:13] ### Starting Lynis 1.3.0 with PID 4356, build date 28 April 2011 ### [13:13:13] ### Copyright 2007-2012 - Michael Boelen, http://www.rootkit.nl/ ### [13:13:13] Program version: 1.3.0 [13:13:13] Operating system: Linux [13:13:13] Operating system name: Ubuntu [13:13:13] Operating system version: 12.10 [13:13:13] Kernel version: 3.5.0-17-generic [13:13:13] Hardware platform: i686 [13:13:13] Hostname: server [13:13:13] Auditor: [Unknown] [13:13:13] Profile: /etc/lynis/default.prf [13:13:13] Log file: /var/log/lynis.log [13:13:13] Report file: /var/log/lynis-report.dat [13:13:13] Report version: 1.0 [13:13:13] ----------------------------------------------------- [13:13:13] Include directory: /usr/share/lynis/include [13:13:13] Plugin directory: /etc/lynis/plugins [13:13:13] Database directory: /usr/share/lynis/db [13:13:13] ===---------------------------------------------------------------=== [13:13:13] Reading profile/configuration /etc/lynis/default.prf [13:13:13] Profile option set: profile_name (with value Default Audit Template) [13:13:13] Profile option set: pause_between_tests (with value 0) [13:13:14] Profile option set: show_tool_tips (with value 1)
You can scroll down through the log file for any Warnings or Suggestions or use the following commands to view the ‘Warnings’ and ‘Suggestions’ found in the log file.
To list out the ‘Warnings’, use the following command:
unixmen@server:~$ sudo grep Warning /var/log/lynis.log [13:14:10] Warning: Found BIND version in banner [test:NAME-4210] [impact:M] [13:18:43] Warning: Couldn't find 2 responsive nameservers [test:NETW-2705] [impact:L] [13:18:47] Warning: Found mail_name in SMTP banner, and/or mail_name contains 'Postfix' [test:MAIL-8818] [impact:L] [13:19:02] Warning: Root can directly login via SSH [test:SSH-7412] [impact:M] [13:19:06] Warning: PHP option register_globals option is turned on, which can be a risk for variable value overwriting [test:PHP-2368] [impact:M] [13:19:06] Warning: PHP option expose_php is possibly turned on, which can reveal useful information for attackers. [test:PHP-2372] [impact:M] [13:19:30] Warning: No running NTP daemon or available client found [test:TIME-3104] [impact:M]
To list out the ‘Suggestions’, use the following command:
unixmen@server:~$ sudo grep Suggestion /var/log/lynis.log [13:13:57] Suggestion: Install a PAM module for password strength testing like pam_cracklib or pam_passwdqc [test:AUTH-9262] [13:13:59] Suggestion: When possible set expire dates for all password protected accounts [test:AUTH-9282] [13:13:59] Suggestion: Configure password aging limits to enforce password changing on a regular base [test:AUTH-9286] [13:14:00] Suggestion: Default umask in /etc/profile could be more strict like 027 [test:AUTH-9328] [13:14:00] Suggestion: Default umask in /etc/login.defs could be more strict like 027 [test:AUTH-9328] [13:14:00] Suggestion: Default umask in /etc/init.d/rc could be more strict like 027 [test:AUTH-9328] [13:14:02] Suggestion: To decrease the impact of a full /home file system, place /home on a separated partition [test:FILE-6310] [13:14:02] Suggestion: To decrease the impact of a full /tmp file system, place /tmp on a separated partition [test:FILE-6310] [13:14:05] Suggestion: Disable drivers like USB storage when not used, to prevent unauthorized storage or data theft [test:STRG-1840] [13:14:06] Suggestion: Disable drivers like firewire storage when not used, to prevent unauthorized storage or data theft [test:STRG-1846] [13:18:42] Suggestion: Install package apt-show-versions for patch management purposes [test:PKGS-7394] [13:18:43] Suggestion: Check your resolv.conf file and fill in a backup nameserver if possible [test:NETW-2705] [13:18:47] Suggestion: You are adviced to hide the mail_name (option: smtpd_banner) from your postfix configuration. Use postconf -e or change your main.cf file (/etc/postfix/main.cf) [test:MAIL-8818] [13:18:50] Suggestion: Configure a firewall/packet filter to filter incoming and outgoing traffic [test:FIRE-4590] [13:19:06] Suggestion: Change the register_globals line to: register_globals = Off [test:PHP-2368] [13:19:07] Suggestion: Change the expose_php line to: expose_php = Off [test:PHP-2372] [13:19:07] Suggestion: Change the allow_url_fopen line to: allow_url_fopen = Off, to disable downloads via PHP [test:PHP-2376] [13:19:26] Suggestion: Add legal banner to /etc/issue, to warn unauthorized users [test:BANN-7126] [13:19:27] Suggestion: Add legal banner to /etc/issue.net, to warn unauthorized users [test:BANN-7130] [13:19:29] Suggestion: Enable auditd to collect audit information [test:ACCT-9628] [13:19:30] Suggestion: Check if any NTP daemon is running or a NTP client gets executed daily, to prevent big time differences and avoid problems with services like kerberos, authentication or logging differences. [test:TIME-3104] [13:19:36] Suggestion: Install a file integrity tool [test:FINT-4350] [13:19:51] Suggestion: One or more sysctl values differ from the scan profile and could be tweaked [test:KRNL-6000] [13:19:52] Suggestion: Harden the system by installing one or malware scanners to perform periodic file system scans [test:HRDN-7230]
Thats it. Now you can rectify the security loopholes even if you are unexperienced system administrator in your Unix/Linux systems.
Like us on Facebook
This week Top Posts
- Top Things To Do After Installing Ubuntu 13.10 'Saucy Salamander' : Ubuntu 13.10 Saucy Salamander will be released on coming October 17th with many new salient featur...0 comments |
- Manage Databases And Hosted Servers Remotely With DbNinja : Database administration via command line is bit difficult for newbie system and database administrat...0 comments |
- Setup IT And Asset Management System With GLPI On Debian/Ubuntu : GLPI is the Information Resource-Manager with an additional Administration Interface. You can use it...0 comments |
- How To Configure Linux Clients To Authenticate Using OpenLDAP : This is the continuation of our previous tutorial. In our previous tutorial we learned how to instal...0 comments |
- Install FrostWire 5.6.9 In Elementary OS 'Luna'/ Ubuntu / Linux Mint : FrostWire is a peer-to-peer file sharing program for the gnutella and BitTorrent protocols. FrostWir...0 comments |
- How To Upgrade From Ubuntu 13.04 Raring To Ubuntu 13.10 Saucy Salamander : Ubuntu 13.10 Saucy will be released on October 17th. Hope it will come with lot of improvements and ...0 comments |
- How To Install Linux Kernel 3.12.4 In Ubuntu
- Firefox 26 Has Been Released, How To Install It In Ubuntu And Its Derivates
- How To Install Brasero In Elementary OS ‘Luna’
- Install Sayonara Player In Elementary OS / Ubuntu / Linux Mint
- Manage Databases And Hosted Servers Remotely With DbNinja
- Install FrostWire 5.6.9 In Elementary OS ‘Luna’/ Ubuntu / Linux Mint
- Setup IT And Asset Management System With GLPI On Debian/Ubuntu
- How To Configure Linux Clients To Authenticate Using OpenLDAP
- How To Install Netflix In Ubuntu
- cowsay And fortune Combined Together
This work by unixmen.com is licensed under a Creative Commons Attribution-NonCommercial-NoDerivs 3.0 Unported License.
Copyright © 2008-2013 Unixmen.com .