Lynis: Security auditing software on Linux, macOS and UNIX
In the post immediately preceding this, we have covered a tutorial on the technical details, installation and use of the audit command, better known as the Linux Audit Framework (Linux Audit Framework). Which, and as its name reflects, It provides a CAPP compliant audit system, which is capable of reliably collecting information about any security-relevant (or not) event on a Linux operating system.
For this reason, we have seen that it is appropriate and pertinent to address today a similar software, much more complete, advanced and practical, called "Lynis". which is also a security audit software, free, open and free, and serves the same and more, as we will see below.
Linux Audit Framework: All About the Auditd Command
But, before starting this interesting post about the security audit software "Lynis", we recommend the previous related post, for later reading:
Lynis: Automated Security Audit Tool
What is Lynis?
According to its official website, its developers briefly describe said software, as follows:
“Lynis is a battle-tested security tool for systems running Linux, macOS, or Unix-based operating systems. Performs a comprehensive analysis of the health of your systems to support system hardening and compliance testing. The project is open source software licensed under the GPL and has been available since 2007." Lynis: Audit, system hardening, compliance testing
Which makes its objective and operation very clear. However, in his official section on GitHub, add to it, the following:
“The main purpose of Lynis is to test security defenses and provide suggestions to further strengthen the system. For that, it looks for general system information, vulnerable software packages, and possible configuration problems. What makes it suitable, so that system administrators and IT auditors can assess the security defenses of their systems and an organization's equipment.
Furthermore, it is important to highlight Lynis, that thanks to your great conset of tools included, it is a preferred tool for many pen testers (System Penetration Testers) and other Information Security professionals around the world.
How is it installed and used on Linux?
Installing it from GitHub and running it on Linux is really easy and fast. To do this, you only need to perform the following 2 steps:
git clone https://github.com/CISOfy/lyniscd lynis && ./lynis audit systemAnd then, each time it needs to be executed, just the last command line. However, variations of the following order may be used if necessary:
cd lynis && ./lynis audit system --quick
cd lynis && ./lynis audit system --wait
For a more express execution or a slower execution with the intervention of the user who executes it.
What information does it offer?
Once it is executed, it offers information on the following technical points:
At the beginning
- The initialization values of the Lynis tool, the operating system used, the tools and plugins installed or not, and the boot configurations and services detected on it.
- The Kernel, memory and OS processes.
- Users and groups, and OS authentication.
- The Shell and File Systems of the OS.
- audit information on: The USB and storage devices present in the OS.
- The NFS, DNS, Ports and Packages of the OS.
- Network Connectivity, Printers and Spools, and Email and Messaging Software installed.
- Firewalls and Web Servers installed in the OS.
- The SSH service configured in the OS.
- SNMP support, the databases, the LDAP service and the PHP system configured in the OS.
- Squid support, Logging and its files, insecure Services and Banners and identification mechanisms configured in the OS.
- Scheduled tasks, Accounting, Time and synchronization.
- Cryptography, Virtualization, Container systems, Security Frameworks, and software related to file integrity and system tools
- Malware-type Software, File Permissions, Home Directories, Kernel Hardening and General Hardening, and Custom Testing.
At the end
When Lynis ends, summarizes the results found, divided into:
- Warnings and suggestions (urgent problems and important suggestions)
Nota: To see later, the warnings and the suggestions we can execute the following commands
sudo grep Warning /var/log/lynis.log
sudo grep Suggestion /var/log/lynis.log- The details of the security scan
At this point, we will be able little by little Review the files with the generated audit, in the indicated path, as shown in the penultimate image above, to start solving each problem, deficiency and vulnerability detected.
Files (files with the generated audit):
– Test and debug information : /home/myuser/lynis.log
– Report data : /home/myusername/lynis-report.dat
And finally, Lynis offers the possibility to obtain more information about each suggestion generated, using the command show details followed by number TEST_ID, as shown below:
lynis show details KRNL-5830
lynis show details FILE-7524
And to More about Lynis the following links are available:
Summary
In summary, we hope that this publication related to free, open and free, security auditing software on Linux, macOS and Unix called "Lynis", allow many, the power audit (examine and evaluate) their respective computer and server operating systems more easily. So that, consequently, they can fortify (harden) them in terms of software, by detecting and correcting any aspect or configuration, deficient, inadequate or non-existent. In such a way, to be able to mitigate and avoid possible failures or attacks through unknown vulnerabilities.
Finally, do not forget to contribute your opinion on today's topic, via comments. And if you liked this post, do not stop sharing it with others. Also, remember visit our home page en «FromLinux» to explore more news, and join our official channel of Telegram from DesdeLinux, West group for more information on today's topic.