Read full details here: In light of recent Linux exploits, Linux security audit is a must!
How many Linux vulnerabilities and exploits were exposed since last 6 months? Many! With recent Shellshock, Heartbleed, Poodle, Ghost and maybe many more to come. Suddenly, I didn’t feel that much secure anymore with my Linux as it’s the core packages that are affected.. What’s next? My openVPN is not secured anymore? My SSH session keys are vulnerable? I decided to do a Linux security audit of my Linux system. After setting up an external firewall, I suddenly realized, it’s just too big for me to do it manually. That’s when I found Lynis. Lynis is an open source security auditing tool. It was reasonably well documented and did many things quickly that could’ve took me ages.
For this whole test, I used Lynis free version.
Typical use cases for Lynis:
Read the rest of it here: In light of recent Linux exploits, Linux security audit is a must!
How many Linux vulnerabilities and exploits were exposed since last 6 months? Many! With recent Shellshock, Heartbleed, Poodle, Ghost and maybe many more to come. Suddenly, I didn’t feel that much secure anymore with my Linux as it’s the core packages that are affected.. What’s next? My openVPN is not secured anymore? My SSH session keys are vulnerable? I decided to do a Linux security audit of my Linux system. After setting up an external firewall, I suddenly realized, it’s just too big for me to do it manually. That’s when I found Lynis. Lynis is an open source security auditing tool. It was reasonably well documented and did many things quickly that could’ve took me ages.
For this whole test, I used Lynis free version.
Contents
How Linux security audit works?
Lynis will perform hundreds of individual tests to determine the security state of the system. Many of these tests are also part of common security guidelines and standards. Examples include searching for installed software and determine possible configuration flaws. Lynis goes further and does also test individual software components, checks related configuration files and measures performance. After these tests, a scan report will be displayed with all discovered findings.Typical use cases for Lynis:
- Security auditing
- Vulnerability scanning
- System hardening
Installation
You can install Lynis from repository (i.e. using yum or apt-get) but I found that it’s not the most up-to-date version of Lynis. You’re better off downloading it to a local directory and running it from there.Lynis with Installation – package
Although no installation is needed, a common method to use Lynis is installing it via a package. This could be with the repositories provided by the operating system, or a manually created package. Please note that some repositories go for stability and don’t update software after the release, with exception of security updates. This might result in using a very old version of Lynis and is usually not preferred. So before using a package, confirm that updates are provided.Red Hat based: $ sudo yum install lynis Debian based: $ sudo apt-get install lynis
Read the rest of it here: In light of recent Linux exploits, Linux security audit is a must!