lynis—*nix安全审计工具
来源:互联网 发布:php参考手册中文版下载 编辑:程序博客网 时间:2024/06/01 07:41
一、介绍
1. 系统上安装的二进制文件(例如/bin /sbin /usr/bin /usr/sbin /usr/local/bin /usr/local/sbin目录下的)2.启动服务(例如GRUB是否有密码保护)3.系统内核信息(例如默认运行级别,内核加载模块,内核配置文件)4.内存与进程信息(例如是否有僵尸进程,是否有等待中的I/O操作)5.账户,群组与身份验证(例如sudoers文件,PAM配置等密码策略,unmask设置等)6.Shell(/etc/shells)7.文件系统(例如tmp目录下是否有90天前的文件,root文件系统是否有ACL策略8.是否禁止外设(usb,fireware)9.NFS10.DNS域名服务(/etc/resolv.conf,BIND,PowerDNS, ypbind,nscd)11.软件包管理(dpkg,rpm)12.网络信息(网卡,网关,ip,处于waiting状态的连接)13.打印机(cups)14.邮件系统(e.g.Postfix,Exim ,Qmail smtpd)15.防火墙(iptable)16、web服务器(apache,nignx)安全配置17.SSH安全配置(例如不运行root远程登录)18.SNMP安全配置19.数据库安全配置(MySQL,PostgreSQL,Oracle)20.LDAP安全配置21.PHP安全配置22.Squid安全配置23.日志文件管理(syslog,logrotate)24.危险服务 (inetd.conf)25.系统指纹(/etc/motd /etc/issue /etc/issue.net)26.定时任务(crontab/cronjob)27.审计模块是否开启(auditd)28. 时间同步服务(NTP)29.加密(例如SSL证书有效期)30.是否应用安全框架(SELinux,AppArmor ,grsecurity)31.是否有文件系统完整性检测工具(AFICK,AIDE, Osiris,Samhain,Tripwire32.是否有恶意程序检测工具(chkrootkit,Rootkit Hunter,ClamAV scanner)33.特定文件的权限是否合理(例如/root/.ssh是否为rwx------)34.home目录下是否有敏感文件(例如shell history文件内容是否可疑)35.是否做过内核加固(扫描sysctl内容)
二、安装及运行
wget http://www.rootkit.nl/files/lynis-1.3.0.tar.gztar zxvf lynis-1.3.0.tar.gzcd lynis-1.3.0/
sudo ./lynis --man
sudo ./lynis --check-all -Q
sudo ./lynis -c --auditor "automated" --cronjob > /var/log/lynis/report.txt
dani@10:~/lynis-1.3.0$ sudo grep Warning /var/log/lynis.log[sudo] password for dani: [14:40:54] Warning: No password set on GRUB bootloader [test:BOOT-5121] [impact:M][14:42:33] Warning: Found 8 files in /tmp which are older than 90 days [test:FILE-6354] [impact:L][14:42:41] Warning: Couldn't find 2 responsive nameservers [test:NETW-2705] [impact:L][14:42:41] Warning: Found promiscuous interface (peth0) [test:NETW-3015] [impact:H][14:52:27] Warning: iptables module(s) loaded, but no rules active [test:FIRE-4512] [impact:L][14:52:49] Warning: Found SSL certificate expiration (/etc/ssl/certs/ca-certificates.crt) [test:CRYP-7902] [impact:M]dani@10:~/lynis-1.3.0$ sudo grep Suggestion /var/log/lynis.log[14:40:54] Suggestion: Run grub-md5-crypt and create a hashed password. Add a line below the line timeout=<value>, add: password --md5 <password hash> [test:BOOT-5121][14:42:29] Suggestion: When possible set expire dates for all password protected accounts [test:AUTH-9282][14:42:29] Suggestion: Default umask in /etc/profile could be more strict like 027 [test:AUTH-9328][14:42:29] Suggestion: Default umask in /etc/login.defs could not be found and defaults usually to 022, which could be more strict like 027 [test:AUTH-9328][14:42:29] Suggestion: Default umask in /etc/init.d/rc could be more strict like 027 [test:AUTH-9328][14:42:33] Suggestion: To decrease the impact of a full /tmp file system, place /tmp on a separated partition [test:FILE-6310][14:42:33] Suggestion: Clean up unused files in /tmp [test:FILE-6354][14:42:34] Suggestion: The database required for 'locate' could not be found. Run 'updatedb' or 'locate.updatedb' to create this file. [test:FILE-6410][14:42:34] Suggestion: Disable drivers like USB storage when not used, to prevent unauthorized storage or data theft [test:STRG-1840][14:42:34] Suggestion: Disable drivers like firewire storage when not used, to prevent unauthorized storage or data theft [test:STRG-1846][14:42:40] Suggestion: Purge removed packages (2 found) with aptitude purge command, to cleanup old configuration files, cron jobs and startup scripts. [test:PKGS-7346][14:42:41] Suggestion: Check your resolv.conf file and fill in a backup nameserver if possible [test:NETW-2705][14:52:27] Suggestion: Disable iptables kernel module if not used or make sure rules are being used [test:FIRE-4512][14:52:27] Suggestion: Configure a firewall/packet filter to filter incoming and outgoing traffic [test:FIRE-4590][14:52:42] Suggestion: Add legal banner to /etc/issue, to warn unauthorized users [test:BANN-7126][14:52:42] Suggestion: Add legal banner to /etc/issue.net, to warn unauthorized users [test:BANN-7130][14:52:48] Suggestion: Enable auditd to collect audit information [test:ACCT-9628][14:52:51] Suggestion: Renew SSL expired certificates. [test:CRYP-7902][14:52:53] Suggestion: Install a file integrity tool [test:FINT-4350][14:53:03] Suggestion: One or more sysctl values differ from the scan profile and could be tweaked [test:KRNL-6000][14:53:03] Suggestion: Harden the system by removing unneeded compilers. This can decrease the chance of customized trojans, backdoors and rootkits to be compiled and installed [test:HRDN-7220][14:53:03] Suggestion: Harden compilers and restrict access to world [test:HRDN-7222][14:53:03] Suggestion: Harden the system by installing one or malware scanners to perform periodic
0 0
- lynis—*nix安全审计工具
- lynis—*nix安全审计工具
- linux安全审计和加固工具-lynis
- Linux安全漏洞审计工具Lynis
- linux安全审计工具
- 了解数据库安全审计工具
- 用使用lynis进行linux系统安全审计
- iAuditor——iOS APP安全审计工具
- 了解数据库安全审计工具(上):什么是数据库审计
- 了解数据库安全审计工具(下):什么是数据库审计
- linux漏洞扫描工具【lynis】
- Auditd - Linux 服务器安全审计工具
- Auditd - Linux 服务器安全审计工具
- 无线安全审计工具aircrack-ng详解
- Web应用安全审计工具WATOBO
- 安全审计
- SQL数据库安全审计工具-xSQL Scanner1.6
- Sharepoint和Frontpage安全审计工具 – Sparty V0.1
- Apache的BeanUtils的使用入门
- 最长递增子序列
- 自定义GrayPageControl 在 IOS7 崩溃解决方案
- 2014年东北地区Oracle杯
- 函数有括号与没括号的区别 -- f1与f1()的区别
- lynis—*nix安全审计工具
- Linux下配置phpMyAdmin
- C++ GUI QT 第4版 第二章 2.3(3)
- OGNL表达式和Struts2标签
- Don't mention it 与 forget it 的区别
- Xcode 5 + iOS 7免证书(iDP)真机调试与生成IPA全攻略
- LeetCode Count and Say
- 好卡不方便看电视不过考试不挂科上百个
- plist 如何换行