SYSTEM AUDITING WITH LYNIS OPEN SOURCE TOOL
- Layout for this exercise:
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjJk1N94M-1MRiJz8CfjVXXAJl5a53yM92JN8cKWVbFw9hfoERuhR8CNSkO7r3LOll8IjfRJVXj5cinw_T9JRjWJQHLRcJtvJ4xuL8mwP6QavxgwR9Zg8HywDCeqsP9yIZSIK1G7USuN2zm/s1600/debian.jpg)
- Lynis is a open source security auditing tool for UNIX derivatives like Linux, macOS, BSD, Solaris, AIX, and others, performing an in-depth security scan.
- Creating a directory for lynis:
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh5FXaAKFtjQka4fnaXTD3dKsAQAD8dNh5TiaF5qK8VDJH-CqF47ia9x2P92cZpzVb6-fvTavSx8GrhGMTtmTd-vZnmgPrlNRXt_sn87ies2yztdhrUt9mykNJE-tXQln83-X1xFOdx5T-B/s1600/screenshot.1.jpg)
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhniG6BDhNnUshODGqOeNgx40l0ayqkneUAOVtv9YRCQ9lmfr8X3Sbz8mSBSXc1WWVhbPSjUHPxK726BueUEKCqSOiQQOhmijOcNx2P9UPl3jg0jRHAtf12hEnNKKZlESfCXeC6uFsNBt84/s1600/screenshot.2.jpg)
- Downloading lynis:
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhcPy1O33U1inJFddBhLg7pgh_UbrEppiFp0SkhqgTUZ2TEMsk1OUrJWY57Y5IWQWZ8wVkvbp91E1oVdpS6NUWUaQZjg7sJY-c16143m-mRI-4VoMwi-s_eCiOjylfUq9BVDmPW2KcDQPqI/s1600/screenshot.3.jpg)
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiRpZuj9q9am_1voKvjIHlphVI45z3qLsMub11NoeTw11iSj9WIS7UPuyUMLopOe_nEQw6u8U1Sb2XSdf2KnsoTRJQBAbc2KqInHoBXfjfG_pum-J_Y4JBL17Q0l9jpmZg4iHvGKE-E7SBr/s400/screenshot.4.jpg)
- Extracting:
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg9L4SyEyZBs1Imy6sh_I2rZVVL6K7VaSA4Oufk06iLWwFiPOGDe93orRvJhDXnK4gRa8DqkNLLTxrg0G5Mf__s1V9t4Ieivn2NmVwIrz5H81xN9WG18Wrpjs9sr8Tel2J5Uuus-ZoK3AYa/s1600/screenshot.5.jpg)
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiBqsJYDTGfF0854v6S9sanedKD7yfWoMW8-nAVmJ4FK0F3_YqPD-xK5ooZkFK0LdGn6d-yp3HMFOp6sj822ajZozaLBUTXbVbuEyWDBdAwU5IzjkJn-Cxyh0GkKDbIkuXEmYmaTVmi2b_f/s400/screenshot.6.jpg)
- Contents of folder lynis:
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjx92pUMKdoAsrpMWdqm58OKQUs51Lrz2bIFjcvXyC_sIPya5GXYKTm30-piIgVsEg8InXIs4TvjGjetF6vK_v-p_bHQrro6I3e5j_6wqkuAdLbVXodD9ODX12BM1t3V-eGqM4vp5Z-o_j6/s1600/screenshot.7.jpg)
- Running lynis without commands/parameters/options gives us information about the possibilities of this application:
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgI4vXAyQEGfMSxdu8dVhIJtSiUD7jJgfbW8eew3o1vavPRvpzB39fSqZBxIuK2jpUvveBDRyinQBpnN8_rLX5jYc8YWlcMLOvBsbU1yJSWsf41ISw7uSouZBJHMiFEaPF_pIYRsPu6-FAm/s1600/screenshot.8.jpg)
- Commands to be used:
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjA-5jRy7QJd7b5lJpOF0PwiW4evAdG1WTv_OLPiRYN7W3vXpR7a0XNxJz54zXDsWtwW626rtYFfuauA_3alFcNqnuuJu-xCHDRvXylKvECwHNSjXSDYj-b_fL_jAvSUOwPWtIoIGa7FPze/s1600/screenshot.9.jpg)
- Options:
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiO7iRwqnkfShRVJczq_qMM5Dl9lp4ALzjriAghSljtPuiOEc_v8otvJDiQSlrumejS8Mykfjy_pTAICjbymX-9bc3X6cKx-Zx6LxVpE4qB8NaOnVkckehpsqKyCZ0CVE-c48YdFnxBj1rG/s1600/screenshot.10.jpg)
- Now let's run lynis audit system. As its name indicates linys performs auditing for the system in a really deep way so the displayed output is huge.
- Let's see some of the information generated by linys:
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh8uPD0oo7IpfxAKUhLki9tkftvoUFZSMEkKe4vc9v761dzo4SoI1x9ZG8US6kS8aMZsdhK6vTyM4szXKHiUJNDpcfgekxYFukRZssQ_KXUPlZAv1GJS2XKChmlbTSelpSBr4qhcEmIlqlq/s1600/screenshot.13.jpg)
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjr4oYr5GvGvrMDA_q-utuIynAnTfuJCgzyBDwSCTZqABiYtsI_uWUpeR-mE-iEnC-8YupGyAh8TzZhZBhfiKcD6EUPosLOd2O9K3YpdnbXKPVZl6GW1Ug_EA-thAmU4UnvhWZDTR6Ywt4p/s1600/screenshot.14.jpg)
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgOUBl8VlnYnOJy3N2UE-jKmerNJ6Knmx1DHYfPJM_gnREXvXaNh92got49EvF9c0Z6xjVOoe6ohzGCxZ5QNtKoB9o4cUWPJ1dpNRCc5RiUxxyZcucjwjPCU7GtD0Cn_VKYmTh9DoCfy2X9/s1600/screenshot.15.jpg)
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhTqn84L-UmujBILBHYTpl_2Ayqqyl3f4fId8j6nxjsRdv2q1x3CIQaX3UkgH1-1PW7W6Drb8NGqeDnUbzxCIiwI9_CwLDNi4gQaYpO99Pma7zNKojpJk2IVb17pL8wA_yH1uKUhIDQ3TqJ/s1600/screenshot.16.jpg)
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgYQ1PODnzGzFPgqpPMDj_w4mtJMRDBdHJ7gHHha42Laiml2DOvfJQYcnRZzwIVCSl3kjF0qkUzmrPUxMZSXpRH3hYV26il2Xv0_nJ0ckeZ6NUm1KUlJ3Cy0z_9kWQiund1CeE7FPQVWL9M/s1600/screenshot.17.jpg)
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhloNOBXMxOnu2MJti-3y0jcGg6P8daUs37LKd69n5Wp1rlzdes6wFLfr4dceeaKUijXaEy3YBeaBO0FO1LInkmWY7v0VMLvF_i7gCCgVvaFW6PfbeOyWP6Nn-0DAF0KJCricla2bObQriG/s1600/screenshot.18.jpg)
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjOLkk7t1AzOCVVR1VtU_pYKb8jA7u-numNIGOzVSl0KjL09k3Gn0pp9UNNG2ORKs2SCyul2lDDkST72VeENFmMBHsYctZhQgnAvjRS4Uooiw7u4VArXu0vcT_RyrVC6XOQxKbQSEJADpLy/s1600/screenshot.19.jpg)
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhOoJNs0Z948iSlHaKLTKYqWs5k6vcrALdEo0eg2WW4JcRC3kHMaT0PJlpoWrf-X9NE-goM8vaxXv6lTphe3bU-MCeRDBBbuoB1CSZqx3d_hR9fysnN2DVyX7UGCvzokX8tMcyHigWDwgxv/s1600/screenshot.20.jpg)
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEitJIVUtbtGcYy7yCrPdDngGmrvBYxvYbYJDbiE6uYLDmd7hFmIfmj-t9n8tNxrpHKHqLWC0Iqfmn3CDxnXzHv5wprQxr1bM7V0pe21Df08gRuWD-Rtq58l_hktVivuC1n85vRZiTthyphenhyphenDn9/s1600/screenshot.21.jpg)
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEidAURokQkTo7vVy5xFEPReQkYAlbc_jufSXDCQWv9lodMDaG7aAunMTFoLt_gpp-BwdR_IzPFTE6r8xZqe9P3GnfgmNTEbxQY9CI7XfgmLMEShtmADYgj_SWxANCLmgjYnQiAvg7a3v784/s1600/screenshot.22.jpg)
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi_TNeoLRvNUhudwcU0TBmFVPfJfiJpheUQ5mEklAn1SiQ5FZ2jhs89lF8jkRz2BSPzhhf1D8AwYNKxdehsXy7vt69Sqvy252n1P_xg15mSkoKV6tKdHZ1Hg1t0-PPmuCpPf2jOeJavzu8U/s1600/screenshot.23.jpg)
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiL4iFlrm3R7cSXoJc41aVM1YHbAw7Yn-IfqNFgqODKUK9KEbE498H89FFtQohr18Gyl9W8sOzQxgkKkll8t48vMc6AZNRK1dZwQvKIqhIyYqHTj3kwCbPPZgJql1ga7gdGT8K5ssoDOdFN/s1600/screenshot.24.jpg)
......... etc .............
- Also some suggestions are provided:
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjqUQ4cd6dnBArCmHSnTvgC8cNL3B7CIWeFzFn975bGpfKXHGUC9VNOhMfXy7xr-ozZGAJdUNre1cYeKaJOyUMJsabHHCZiJpxE-VcfCFrmLdSo_KNtnXIK8lOIp1dOp0qca5UNBaETVw9T/s1600/screenshot.25.jpg)
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjGOlHOcR0BK7q9vQ576aTvRrIx2leG7ILn9EPTsrM58KDlVdMyu8m1-xbRoBJ5Kr7frjUVxKM0_OcdGk-YRWyk2JgvO-BiKb4Tgt8FVjVKDttW5lviBdc135mVOQZcreIZCv39lsMqOez1/s1600/screenshot.27.jpg)
......... etc .............
- A final summary:
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi33iGdgTHbKB37HuKWHoRwSLJFoi0I-S75Wy9F0MgwPNiXN9EJr-mhnd6ZbOM5zd1lHh0rpRvm_j3vK2ZQDR_3pNdTc1YdiXL6sryb5ni68TQwbGz0C5cjWrfXv3M829U66U3jWGeMU4t5/s1600/screenshot.29.jpg)
- The whole report can be found at files lynis.log and lynis-report.dat inside the folder /var/log:
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg-BSwANZfJbHfgwIypQAYpQcukC3nsyQr4vbiKP3z7_7JvgLmOOugklyXt3RboWL8cj7m1rxdEtXIeRsh3WgQhS4iAlZbE1x4fzRg0rYmlHPRCFE5jJvTl9DmHSeMl9VxFAMyFm5nqjYr3/s1600/screenshot.30.jpg)
- Opening lynis-report.dat:
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiEMNm4n406z9D1xxnTsddzbojcDgbdGWvzKbo4igUO3VqI2S1XHz-A7DK6_TYbA-ruRJzXi8JR8xHz8g_NNii9tJd7IYFSyWQsVAbOX11TK3NBA5-uiCFjtTDzTOcr1TDYcLu6ij2GRYRU/s1600/screenshot.1.jpg)
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiGRuBTHHFRnPuJvrNyOTGQhBuuQG1suttga4cLLKw6VXbfzInRg3GHNL5gNUDX62jHsOwbAtdzIXoU3JvswY96xhMNjZisLRvsUJckbF5U8Uc0QQlJVn4Kpv9PY1UYYtb2TKKd9CxWuLAi/s1600/screenshot.31.jpg)
- At the suggestions section there is a lot of interesting information:
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEisyz5ML5JyE8ZzotFHmtQMU-jUG7VYMoACSH4qge7HpZYkNiCSV7DywIlqjae2gAMEVoP57QNEjwflBqbkfAkb6hT8hNxEVhlLVON6as9n4vCpZZxrikJFn_-ufiTPxdB8BpbgUguo-E9R/s1600/screenshot.33.jpg)
- For instance, the consideration of setting to no the directive PermitRootLogin with the purpose of disabling SSH root connection, like we saw in a previous exercise:
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj-rqyU0X75STRRWcNMlkzO3cpCq9OojoeuHwofoCFKqzP2naSQWBAGMhwjjd4V9QPSgHm4KSR-5FixXkC9RRWVriOuu9Z1criJvEd4WvUELcaePvxPdo0emsDGgJfZU-JBWfxvYgla1T0n/s1600/screenshot.34.jpg)