Lynis is an open source security auditing tool. Commonly used by  system administrators, security professionals and auditors, to evaluate  the security defenses of their Linux/Unix based   systems. It runs on the host itself, so it can perform very extensive  security scans.
Supported operating systems
The tool has almost no dependencies, therefore it runs on almost all Unix based systems and versions, including:
- AIX
- FreeBSD
- HP-UX
- Linux
- Mac OS
- NetBSD
- OpenBSD
- Solaris
- and others
It even runs on systems like the Raspberry Pi and several storage devices!
No installation required
The tool is very flexible and easy to use. It is one of the few  tools, in which installation is optional. Just place it on the system,  give it a command like "audit system", and it will run.   It is written in shell script and released as open source software (GPL).
How it works
Lynis performs hundreds of individual tests, to determine the  security state of the system. The security scan itself consists of  performing a set of steps, from initialization the program, up to the   report.
Steps
- Determine operating system
- Search for available tools and utilities
- Check for Lynis update
- Run tests from enabled plugins
- Run security tests per category
- Report status of security scan
During the scan, technical details about the scan are stored in a  log file. At the same time findings (warnings, suggestions, data  collection), are stored in a report file.
Opportunistic scanning
Lynis scanning is opportunistic: it uses what it can find.
For example if it sees you are running Apache, it will perform an  initial round of Apache related tests. When during the Apache scan it  also discovers a SSL/TLS configuration,   it will perform additional auditing steps on that. While doing that,  it then will collect discovered certificates, so they can be scanned  later as well.
In-depth security scans
By performing opportunistic scanning, the tool can run with almost  no dependencies. The more it finds, the deeper the audit will be. In  other words, Lynis will always perform scans which are customized to  your system. No audit will be the same!
Use cases
Since Lynis is flexible, it is used for several different purposes. Typical use cases for Lynis include:
- Security auditing
- Compliance testing (e.g. PCI, HIPAA, SOx)
- Vulnerability detection and scanning
- System hardening
Resources used for testing
Many other tools use the same data files for performing tests.  Since Lynis is not limited to a few common Linux distributions, it uses  tests from standards and many custom ones not found   in any other tool.
- Best practices
- CIS
- NIST
- NSA
- OpenSCAP data
- Vendor guides and recommendations (e.g. Debian Gentoo, Red Hat)
Parameters
--auditor "Given name Surname"     Assign an auditor name to the audit (report)
--checkall  -c  Start the check
--check-update     Check if Lynis is up-to-date
--cronjob     Run Lynis as cronjob (includes -c -Q)
--help  -h  Shows valid parameters
--manpage     View man page
--nocolors     Do not use any colors
--pentest     Perform a penetration test scan (non-privileged)
--quick  -Q  Don't wait for user input, except on errors
--quiet     Only show warnings (includes --quick, but doesn't wait)
--reverse-colors   Use a different color scheme for lighter backgrounds
--version  -V  Check program version (and quit)Changelog
Lynis 2.1.1
=  Lynis 2.1.1 (2015-07-22)  =
    This release adds a lot of improvements, with focus on performance, and
    additional support for common Linux distributions and external utilities.
    We recommend to use this latest version.
    * Operating system enhancements
    -------------------------------
    Support for systems like CentOS, openSUSE, Slackware is improved.
    * Performance
    -------------
    Performance tuning has been applied, to speed up execution of the audit on
    systems with many files. This also includes code cleanups.
    * Automatic updates
    -------------------
    Initial work on an automatic updater has been implemented. This way Lynis
    can be scheduled for automatic updating from a trusted source.
    * Internal functions
    --------------------
    Not all systems have readlink, or the -f option of readlink. The
    ShowSymlinkPath function has been extended with a Python based check, which
    is often available.
    * Software support
    ------------------
    Apache module directory /usr/lib64/apache has been added, which is used on
    openSUSE.
    Support for Chef has been added.
    Added tests for CSF's lfd utility for integrity monitoring on directories and
    files. Related tests are FINT-4334 and FINT-4336.
    Added support for Chrony time daemon and timesync daemon. Additionally NTP
    sychronization status is checked when it is enabled.
    Improved single user mode protection on the rescue.service file.
    * Other
    -------
    Check for user permissions has been extended.
    Python binary is now detected, to help with symlink detection.
    Several new legal terms have been added, which are used for usage in banners.
    In several files old tests have been removed, to further clean up the code.
    * Bug fixes
    ---------
    Nginx test showed error when access_log had multiple parameters.
    Tests using locate won't be performed if not present.
    Fix false positive match on Squid unsafe ports [SQD-3624].
    The hardening index is now also inserted into the report if it is not displayed
    on screen.
    * Functions
    ---------
    Added AddSystemGroup function
    * New tests
    ---------
    Several new tests have been added:
    [PKGS-7366] Scan for debsecan utility on Debian systems
    [PKGS-7410] Determine amount of installed kernel packages
    [TIME-3106] Check synchronization status of NTP on systemd based systems
    [CONT-8102] Docker daemon status and gather basic details
    [CONT-8104] Check docker info for any Docker warnings
    [CONT-8106] Check total, running and unused Docker containers
    * Plugins
    ---------
    [PLGN-2602] Disabled by default, as it may be too slow for some machines
    [PLGN-3002] Extended with /sbin/nologin
    * Documentation
    ---------------
    A new document has been created to help with the process of upgrading Lynis.
    It is available at https://cisofy.com/documentation/lynis/upgrading/
  --------------------------------------------------------------
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.