1.Introduction
Lynis is a free and open source auditing tool for Unix-based operating system. It will provide report and makes suggestion after it scans the system and detect general system information, installed packages, configuration errors and security issues. Lynis aims in assisting automated auditing, software patch management, vulnerability and malware scanning of Unix based systems. Follow this steps to setup Linux Auditing Tool on CentOS 6.3.
2. Install
Step 1. Create lynis directory under /usr/local/ :
[root@centos63 ~]# mkdir /usr/local/lynis
Step 2. Download lynis software from http://www.rootkit.nl/projects/lynis.html :# wget http://www.rootkit.nl/files/lynis-1.3.0.tar.gz
Example :[root@centos63 ~]# wget http://www.rootkit.nl/files/lynis-1.3.0.tar.gz
--2012-10-06 12:18:13-- http://www.rootkit.nl/files/lynis-1.3.0.tar.gz
Resolving www.rootkit.nl... 31.7.1.110
Connecting to www.rootkit.nl|31.7.1.110|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 119797 (117K) [application/x-gzip]
Saving to: âlynis-1.3.0.tar.gzâ
100%[==========================================================>] 119,797 96.3K/s in 1.2s
2012-10-06 12:18:15 (96.3 KB/s) - âlynis-1.3.0.tar.gzâ
Step 3. Copy lynis-1.3.0.tar.gz to the created directory :[root@centos63 ~]# cp lynis-1.3.0.tar.gz /usr/local/lynis
Then go to the created lynis directory :[root@centos63 ~]# cd /usr/local/lynis
Step 4. Extract lynis-1.3.0.tar.gz into /usr/local/lynis :# tar xzvf lynis-1.3.0.tar.gz
Example :[root@centos63 lynis]# tar xzvf lynis-1.3.0.tar.gz
lynis-1.3.0/CHANGELOG
lynis-1.3.0/FAQ
lynis-1.3.0/INSTALL
lynis-1.3.0/LICENSE
lynis-1.3.0/README
lynis-1.3.0/db/
lynis-1.3.0/db/integrity.db
lynis-1.3.0/db/sbl.db
lynis-1.3.0/db/fileperms.db
lynis-1.3.0/db/malware-susp.db
lynis-1.3.0/db/malware.db
lynis-1.3.0/db/hints.db
lynis-1.3.0/default.prf
lynis-1.3.0/dev/
lynis-1.3.0/dev/README
lynis-1.3.0/dev/files.dat
lynis-1.3.0/dev/TODO
lynis-1.3.0/dev/openbsd/
lynis-1.3.0/dev/openbsd/+CONTENTS
lynis-1.3.0/dev/check-lynis.sh
lynis-1.3.0/dev/build-lynis.sh
lynis-1.3.0/include/
lynis-1.3.0/include/profiles
lynis-1.3.0/include/tests_malware
lynis-1.3.0/include/tests_accounting
lynis-1.3.0/include/parameters
lynis-1.3.0/include/tests_ssh
lynis-1.3.0/include/tests_time
lynis-1.3.0/include/tests_firewalls
lynis-1.3.0/include/tests_nameservices
lynis-1.3.0/include/binaries
lynis-1.3.0/include/tests_webservers
lynis-1.3.0/include/tests_squid
lynis-1.3.0/include/tests_storage_nfs
lynis-1.3.0/include/tests_insecure_services
lynis-1.3.0/include/tests_scheduling
lynis-1.3.0/include/tests_tooling
lynis-1.3.0/include/tests_hardening
lynis-1.3.0/include/tests_networking
lynis-1.3.0/include/report
lynis-1.3.0/include/tests_boot_services
lynis-1.3.0/include/functions
lynis-1.3.0/include/tests_memory_processes
lynis-1.3.0/include/tests_file_permissions
lynis-1.3.0/include/tests_file_integrity
lynis-1.3.0/include/tests_shells
lynis-1.3.0/include/tests_databases
lynis-1.3.0/include/tests_homedirs
lynis-1.3.0/include/osdetection
lynis-1.3.0/include/tests_ldap
lynis-1.3.0/include/tests_ports_packages
lynis-1.3.0/include/tests_hardening_tools
lynis-1.3.0/include/tests_logging
lynis-1.3.0/include/tests_mail_messaging
lynis-1.3.0/include/tests_banners
lynis-1.3.0/include/tests_crypto
lynis-1.3.0/include/tests_kernel
lynis-1.3.0/include/tests_mac_frameworks
lynis-1.3.0/include/tests_solaris
lynis-1.3.0/include/tests_virtualization
lynis-1.3.0/include/tests_kernel_hardening
lynis-1.3.0/include/tests_snmp
lynis-1.3.0/include/tests_authentication
lynis-1.3.0/include/tests_filesystems
lynis-1.3.0/include/tests_storage
lynis-1.3.0/include/tests_printers_spools
lynis-1.3.0/include/tests_php
lynis-1.3.0/include/consts
lynis-1.3.0/include/tests_tcpwrappers
lynis-1.3.0/lynis
lynis-1.3.0/lynis.8
lynis-1.3.0/plugins/
lynis-1.3.0/plugins/README
lynis-1.3.0/plugins/custom_plugin.template
Step 5. Enter the extracted lynis directory, lynis-1.3.0 :[root@centos63 lynis]# cd lynis-1.3.0
Step 6. Check if Lynis is up-to-date :# ./lynis --check-update
Example :[root@centos63 lynis-1.3.0]# ./lynis --check-update
== Lynis ==
Version : 1.3.0
Release date : 28 April 2011
Update location : http://www.rootkit.nl/
== Databases ==
Current Latest Status
-----------------------------------------------------------------------------
Malware : 2008062700 2008062700 Up-to-date
File perms : 2008053000 2008053000 Up-to-date
Copyright 2007-2012 - Michael Boelen, http://www.rootkit.nl/
Step 7. By running ./lynis without any option, it will provide you a complete list of available parameters and you can use this as a references :# ./lynis
Example :[root@centos63 lynis-1.3.0]# ./lynis
[ Lynis 1.3.0 ]
################################################################################
Lynis comes with ABSOLUTELY NO WARRANTY. This is free software, and you are
welcome to redistribute it under the terms of the GNU General Public License.
See LICENSE file for details about using this software.
Copyright 2007-2012 - Michael Boelen, http://www.rootkit.nl/
################################################################################
[+] Initializing program
------------------------------------
Scan options:
--auditor "" : Auditor name
--check-all (-c) : Check system
--no-log : Don't create a log file
--profile : Scan the system with the given profile file
--quick (-Q) : Quick mode, don't wait for user input
--tests "" : Run only tests defined by
--tests-category "" : Run only tests defined by
Layout options:
--no-colors : Don't use colors in output
--quiet (-q) : No output, except warnings
--reverse-colors : Optimize color display for light backgrounds
Misc options:
--check-update : Check for updates
--view-manpage (--man) : View man page
--version (-V) : Display version number and quit
Error: No parameters specified!
See man page and documentation for all available options.
Exiting..
Step 8. To start Lynis with full system scanning, define a –check-all or -c
option to begin scanning of your entire Linux system. It will prompt
you “[ Press [ENTER] to continue, or [CTRL]+C to stop ]” for every
process that it scans.# ./lynis -c
Example :[root@centos63 lynis-1.3.0]# ./lynis -c
[ Lynis 1.3.0 ]
################################################################################
Lynis comes with ABSOLUTELY NO WARRANTY. This is free software, and you are
welcome to redistribute it under the terms of the GNU General Public License.
See LICENSE file for details about using this software.
Copyright 2007-2012 - Michael Boelen, http://www.rootkit.nl/
################################################################################
[+] Initializing program
------------------------------------
- Detecting OS... [ DONE ]
- Clearing log file (/var/log/lynis.log)... [ DONE ]
---------------------------------------------------
Program version: 1.3.0
Operating system: Linux
Operating system name: CentOS
Operating system version: CentOS release 6.3 (Final)
Kernel version: 2.6.32-279.1.1.el6.i686
Hardware platform: i686
Hostname: centos63
Auditor: [Unknown]
Profile: ./default.prf
Log file: /var/log/lynis.log
Report file: /var/log/lynis-report.dat
Report version: 1.0
---------------------------------------------------
[ Press [ENTER] to continue, or [CTRL]+C to stop ]
Step 9. To proceed with quick mode and avoid user input, execute lynis command with -c and -Q options as shown below :# ./lynis -c -Q
Examples :[root@centos63 lynis-1.3.0]# ./lynis -c -Q
Examples result :[+] Software: PHP
------------------------------------
- Checking PHP... [ FOUND ]
- Checking PHP disabled functions... [ FOUND ]
- Checking register_globals option... [ OK ]
- Checking expose_php option... [ ON ]
- Checking enable_dl option... [ OFF ]
- Checking allow_url_fopen option... [ ON ]
- Checking allow_url_include option... [ OFF ]
[+] Squid Support
------------------------------------
- Checking running Squid daemon... [ NOT FOUND ]
[+] Logging and files
------------------------------------
- Checking for a running syslog daemon... [ OK ]
- Checking Syslog-NG status [ NOT FOUND ]
- Checking Metalog status [ NOT FOUND ]
- Checking RSyslog status [ FOUND ]
- Checking RFC 3195 daemon status [ NOT FOUND ]
- Checking minilogd instances [ NONE ]
- Checking logrotate presence [ OK ]
- Checking log directories (static list) [ DONE ]
- Checking open log files [ DONE ]
- Checking deleted files in use [ FILES FOUND ]
[+] Insecure services
------------------------------------
- Checking inetd status... [ ACTIVE ]
- Checking inetd.conf... [ NOT FOUND ]
[+] Banners and identification
------------------------------------
- /etc/motd... [ FOUND ]
- /etc/motd permissions... [ OK ]
- /etc/motd contents... [ WEAK ]
- /etc/issue... [ FOUND ]
- /etc/issue contents... [ WEAK ]
- /etc/issue.net... [ FOUND ]
- /etc/issue.net contents... [ WEAK ]
[+] Scheduled tasks
------------------------------------
- Checking crontab/cronjob [ DONE ]
- Checking atd status [ NOT RUNNING ]
[+] Accounting
------------------------------------
- Checking accounting information... [ NOT FOUND ]
- Checking auditd [ ENABLED ]
- Checking audit rules [ SUGGESTION ]
- Checking audit configuration file [ OK ]
- Checking auditd log file [ FOUND ]
[+] Time and Synchronization
------------------------------------
- Checking running NTP daemon... [ FOUND ]
- Checking NTP client in crontab file... [ NOT FOUND ]
- Checking NTP client in cron.d files... [ NOT FOUND ]
- Checking for a running NTP daemon or client... [ OK ]
- Checking NTP daemon... [ FOUND ]
- Checking valid association ID's... [ FOUND ]
- Checking high stratum ntp peers... [ OK ]
- Checking unreliable ntp peers... [ FOUND ]
- Checking selected time source... [ OK ]
- Checking time source candidates... [ OK ]
- Checking falsetickers... [ OK ]
- Checking NTP version... [ FOUND ]
[+] Cryptography
------------------------------------
- Checking SSL certificate expiration... [ OK ]
[+] Virtualization
------------------------------------
[+] Security frameworks
------------------------------------
- Checking presence AppArmor [ NOT FOUND ]
- Checking presence SELinux [ FOUND ]
- Checking SELinux status [ DISABLED ]
- Checking presence grsecurity [ NOT FOUND ]
[+] Software: file integrity
------------------------------------
- Checking AFICK... [ NOT FOUND ]
- Checking AIDE... [ NOT FOUND ]
- Checking Osiris... [ NOT FOUND ]
- Checking Samhain... [ NOT FOUND ]
- Checking Tripwire... [ NOT FOUND ]
- Checking presence integrity tool... [ NOT FOUND ]
[+] Software: Malware scanners
------------------------------------
- Checking chkrootkit... [ NOT FOUND ]
- Checking Rootkit Hunter... [ NOT FOUND ]
- Checking ClamAV scanner... [ FOUND ]
- Checking ClamAV daemon... [ NOT FOUND ]
[+] System Tools
------------------------------------
- Starting file permissions check...
/etc/lilo.conf [ NOT FOUND ]
/root/.ssh [ OK ]
[+] Home directories
------------------------------------
- Checking shell history files... [ OK ]
[+] Kernel Hardening
------------------------------------
- Comparing sysctl key pairs with scan profile...
- kernel.core_uses_pid (exp: 1) [ OK ]
- kernel.ctrl-alt-del (exp: 0) [ OK ]
- kernel.exec-shield (exp: 1) [ OK ]
- kernel.sysrq (exp: 0) [ OK ]
- net.ipv4.conf.all.accept_redirects (exp: 0) [ DIFFERENT ]
- net.ipv4.conf.all.accept_source_route (exp: 0) [ OK ]
- net.ipv4.conf.all.bootp_relay (exp: 0) [ OK ]
- net.ipv4.conf.all.forwarding (exp: 0) [ OK ]
- net.ipv4.conf.all.log_martians (exp: 1) [ DIFFERENT ]
- net.ipv4.conf.all.mc_forwarding (exp: 0) [ OK ]
- net.ipv4.conf.all.proxy_arp (exp: 0) [ OK ]
- net.ipv4.conf.all.rp_filter (exp: 1) [ DIFFERENT ]
- net.ipv4.conf.all.send_redirects (exp: 0) [ DIFFERENT ]
- net.ipv4.conf.default.accept_redirects (exp: 0) [ DIFFERENT ]
- net.ipv4.conf.default.accept_source_route (exp: 0) [ OK ]
- net.ipv4.conf.default.log_martians (exp: 1) [ DIFFERENT ]
- net.ipv4.icmp_echo_ignore_broadcasts (exp: 1) [ OK ]
- net.ipv4.icmp_ignore_bogus_error_responses (exp: 1) [ OK ]
- net.ipv4.tcp_syncookies (exp: 1) [ OK ]
- net.ipv4.tcp_timestamps (exp: 0) [ DIFFERENT ]
- net.ipv6.conf.all.accept_redirects (exp: 0) [ DIFFERENT ]
- net.ipv6.conf.all.accept_source_route (exp: 0) [ OK ]
- net.ipv6.conf.default.accept_redirects (exp: 0) [ DIFFERENT ]
- net.ipv6.conf.default.accept_source_route (exp: 0) [ OK ]
[+] Hardening
------------------------------------
- Installed compiler(s)... [ FOUND ]
- Installed malware scanner... [ FOUND ]
================================================================================
-[ Lynis 1.3.0 Results ]-
Tests performed: 164
Warnings:
----------------------------
- [12:34:29] Warning: No password set on GRUB bootloader [test:BOOT-5121] [impact:M]
- [12:34:33] Warning: No password set for single mode [test:AUTH-9308] [impact:L]
- [12:34:51] Warning: Couldn't find 2 responsive nameservers [test:NETW-2705] [impact:L]
- [12:34:52] Warning: Found mail_name in SMTP banner, and/or mail_name contains 'Postfix' [test:MAIL-8818] [impact:L]
- [12:34:57] Warning: PHP option expose_php is possibly turned on, which can reveal useful information for attackers. [test:PHP-2372] [impact:M]
Suggestions:
----------------------------
- [12:34:29] Suggestion: Run grub-md5-crypt and create a hashed password. Add a line below the line timeout=, add: password --md5 [test:BOOT-5121]
- [12:34:33] Suggestion: Configure password aging limits to enforce password changing on a regular base [test:AUTH-9286]
- [12:34:33] Suggestion: Set password for single user mode to minimize physical access attack surface [test:AUTH-9308]
- [12:34:33] Suggestion: Default umask in /etc/profile could be more strict like 027 [test:AUTH-9328]
- [12:34:33] Suggestion: To decrease the impact of a full /home file system, place /home on a separated partition [test:FILE-6310]
- [12:34:33] Suggestion: To decrease the impact of a full /tmp file system, place /tmp on a separated partition [test:FILE-6310]
- [12:34:39] Suggestion: The database required for 'locate' could not be found. Run 'updatedb' or 'locate.updatedb' to create this file. [test:FILE-6410]
- [12:34:39] Suggestion: Disable drivers like USB storage when not used, to prevent unauthorized storage or data theft [test:STRG-1840]
- [12:34:39] Suggestion: Disable drivers like firewire storage when not used, to prevent unauthorized storage or data theft [test:STRG-1846]
- [12:34:48] Suggestion: Install package 'yum-utils' for better consistency checking of the package database [test:PKGS-7384]
- [12:34:51] Suggestion: Check your resolv.conf file and fill in a backup nameserver if possible [test:NETW-2705]
- [12:34:52] Suggestion: You are adviced to hide the mail_name (option: smtpd_banner) from your postfix configuration. Use postconf -e or change your main.cf file (/etc/postfix/main.cf) [test:MAIL-8818]
- [12:34:53] Suggestion: Configure a firew
Good Luck For You!!
A lot of people desire rock solid, good, six pack abs.
ReplyDeleteMakers you'll find generating from outfits to boots to pharmaceutical
products to farming compounds. Fact About Six Pack Abs Ebook - Can it be Well worth
Obtaining?
The Correct Master Plan :: Mirna
Basically, selling property in Spain is usually a number's online game.
ReplyDeleteYou can even updated Languages like german vehicles deliver
about three digit speeds very quickly. Which means that on condition that you get good at the Uk words on a conversational level, you can seize
the German expressions.
Soups (damaged or food processor highly
processed) this scam
Be sure that the charges are typical comprehensive so that you do not get jolt prices
ReplyDeletethat might find yourself getting more costly. A proven way to effectively get a reliable store is to
execute a standard on line research. This is important--certainly not get a Spanish language discovering application with out giving it a
go out primary.
The Many Many Benefits Adjoining Glycobiology - Bays
Today demonstrated that undertaking body building and
ReplyDeletecardio exercise collectively can burn extra fat than cardiovascular exercise on it's own.
You'll notice that those people minor upgrades and successes tally up rapidly.
Because of this as long as you grasp the Uk emails fluently, you can record the In
german vocabulary.
An Appropriate Detoxing Diet Tactic :: fourth
The simplest way can be your motion! Just performing
ReplyDeletelower calf thrusts over a downfall counter or sleeping
pad was obviously a task with me. So somehow you will find a leg
up to the cadence and terminology of your language.
3 Do you start exercising regularly? this download
Language adjectives through an -ic in their conclusion
ReplyDeletealso have the similar indicating in Spanish automobile 'o' is
scheduled following your -ic. Mixing Spanish to your regular actives can help you acquaint yourself more quickly.
Following the mandarin Chinese language and Spanish, British may be the 3 rd-most natively spoken dialect
that is known.
Discuss With Local Speakers this: Ramirez
Ton avenir selon le tarot de marseille cartomancie gratuite horoscope gratuit cancer
ReplyDeleteMy page voyance par telephone gratuit
you can eat, or give to customers. disaster.
ReplyDeleteOur large natural talent pool area of specialist
A language like german professional medical translators features science and anatomist experts
in medical, scientific research and pharmaceutic businesses.
1 - Indeed Is equal to Oui: Book