From the wikipedia :
'Lynis is an extensible security audit tool for computer systems running Linux, FreeBSD, macOS, Solaris and other Unix-derivatives. It assists system administrators and security professionals with scanning a system and its security defenses, with the final goal of something called system hardening.'
Lynis is great & can provide a wealth of information about points in a system which could pose as issues in the realm of security. Running it on my VPS gave me a comprehensive report on its configuration status. I was hesitant at first to produce this here, but upon proper consideration, my linode has since had this specific setup wiped from the drive.
Lynis begins its report with some OS information, & directories to log & report files :
Next, lynis checks system tools, boot loaders , services & kernel information and configuration :
For the following image, settings for Users & Groups are displayed, with a 'suggestion' marker beside a few parameters. Recommendations for system hardening related to these will be displayed at the end of the audit, a great feature. Following this, lynis finds 5 valid shells on the system, and whether or not these are vulnerable to a number of CVE's :
A wealth of other information on system vulnerabilities is subsequently provided & their inclusion here would result in a lengthy tome. The ability to export auditing results to a custom location means that information can be reviewed at a later time instead of just in-shell. Lynis is available in these two places :
https://cisofy.com/lynis/
https://github.com/CISOfy/lynis
No comments:
Post a Comment