Friday, September 1, 2017

11 - Linux Security: system auditing with LYNIS open source tool


- Layout for this exercise:

Lynis is a open source security auditing tool for UNIX derivatives like Linux, macOS, BSD, Solaris, AIX, and others, performing an in-depth security scan.

- Creating a directory for lynis:

- Downloading lynis:

- Extracting:

- Contents of folder lynis:

- Running lynis without commands/parameters/options gives us information about the possibilities of this application:

- Commands to be used:

- Options: 

- Now let's run lynis audit system. As its name indicates linys performs auditing for the system in a really deep way so the displayed output is huge. 

- Let's see some of the information generated by linys:

......... etc .............

- Also some suggestions are provided:

......... etc .............

- A final summary:

- The whole report can be found at files lynis.log and lynis-report.dat inside the folder /var/log:

- Opening lynis-report.dat:

- At the suggestions section there is a lot of interesting information:

- For instance, the consideration of setting to no the directive PermitRootLogin with the purpose of disabling SSH root connection, like we saw in a previous exercise: