In addition to Weibo, there is also WeChat
Please pay attention
WeChat public account
Shulou
2025-04-04 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Servers >
Share
Shulou(Shulou.com)06/02 Report--
This article is about how to use lynis to scan for linux vulnerabilities. The editor thinks it is very practical, so share it with you as a reference and follow the editor to have a look.
Preface
Lynis is a host-based, open source security audit software running on the Unix/Linux platform. Lynis is a security check tool for Unix/Linux that can detect potential security threats. This tool covers suspicious file monitoring, vulnerabilities, malicious program scanning, configuration errors, etc. Let's take a look at the content related to linux vulnerability scanning using lynis.
Install lynis
It can be installed directly through pacman on archlinux.
Sudo pacman-S lynis-- noconfirmresolving dependencies...looking for conflicting packages... Packages (1) lynis-2.6.4-1 Total Installed Size: 1.35 MiBNet Upgrade Size: 0.00 MiB:: Proceed with installation? [YBO] (0 amp 1) checking keys in keyring [- -] 0% (1) checking keys in keyring [# #] 100% (0 Accord 1) checking package integrity [-] 0% (1) / 1) checking package integrity [# #] 100% (0) loading package files [-] 0% (1) loading package files [#] 100% (0) checking for file conflicts [ --] 0% (1 amp 1) checking for file conflicts [# #] 100% (0 pm 1) checking available disk space [- -] 0% (1 amp 1) checking available disk space [# #] 100% Reloading system manager configuration...: Processing package changes... (1Accord 1) reinstalling lynis [-] 0% (1Accord 1) reinstalling lynis [# #] 100% reinstalling lynis: Running post-transaction hooks... (1Accord 2) Reloading system manager configuration... (2Accord 2) Arming ConditionNeedsUpdate...
Host scanning using lynis
First let's run lynis without any parameters, which will list the parameters supported by lynis
[lujun9972@T520 linux and its buddies] $lynis [Lynis 2.6.4] # Lynis comes with ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to redistribute it under the terms of the GNU General Public License. See the LICENSE file for details about using this software. 2007-2018, CISOfy-https://cisofy.com/lynis/ Enterprise support available (compliance, plugins Interface and tools) # [+] Initializing program-- -Usage: lynis command [options] Command: audit audit system: Perform local security scan audit system remote: Remote security scan audit dockerfile: Analyze Dockerfile show show: Show all commands show version: Show Lynis version show help: Show help update update info: Show update details Options:-- no-log: Don't create a log file-- pentest: Non-privileged scan (useful for pentest)-- profile: Scan The system with the given profile file-- quick (- Q): Quick mode Don't wait for user input Layout options-no-colors: Don't use colors in output-quiet (- Q): No output-- reverse-colors: Optimize color display for light backgrounds Misc options-- debug: Debug logging to screen-- view-manpage (--man): View manpage-- verbose: Show more details on screen-- version (- V): Display version number and quit Enterprise options-- plugindir: Define path of Available plugins-upload: Upload data to central node More options available. Run'/ usr/bin/lynis show options', or use the man page. No command provided. Exiting..
As you can see from the above, it is easy to scan the host with lynis, just take the parameter audit system. In the process of audit, Lynis will conduct a variety of similar tests, in the audit process, a variety of test results, debugging information, and recommendations for system reinforcement will be written to stdin. We can execute the following command to skip the inspection process and directly intercept the final scan recommendation.
Sudo lynis audit system | sed '1gamma ResultsCompact d'
Lynis divides the scanned content into several categories, which can be obtained through the show groups parameter.
Lynis show groups
Accounting
Authentication
Banners
Boot_services
Containers
Crypto
Databases
Dns
File_integrity
File_permissions
Filesystems
Firewalls
Hardening
Homedirs
Insecure_services
Kernel
Kernel_hardening
Ldap
Logging
Mac_frameworks
Mail_messaging
Malware
Memory_processes
Nameservices
Networking
Php
Ports_packages
Printers_spools
Scheduling
Shells
Snmp
Squid
Ssh
Storage
Storage_nfs
System_integrity
Time
Tooling
Usb
Virtualization
Webservers
If you point to scanning for certain types of content, you can specify it with the-tests-from-group parameter.
For example, if I only want to scan the contents of shells and networking, I can execute
Sudo lynis-- tests-from-group "shells networking"-- no-colors [Lynis 2.6.4] # Lynis comes with ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to redistribute it under the terms of the GNU General Public License. See the LICENSE file for details about using this software. 2007-2018, CISOfy-https://cisofy.com/lynis/ Enterprise support available (compliance, plugins Interface and tools) # [+] Initializing program-- -[2C-Detecting OS... [41C [DONE] [2C-Checking profiles... [37C [DONE] [2C-Detecting language and localization [22C [zh] [4CNotice: no language file found for 'zh' (tried: / usr/share/lynis/db/languages/zh)] [0C-Program version: 2.6C .4 Operating system: Linux Operating system name: Arch Linux Operating system version: Rolling release Kernel version: 4.16.13 Hardware platform: x86: 64 Hostname: T520-Profiles: / etc/lynis/default.prf Log file: / var/log/lynis.log Report File: / var/log/lynis-report.dat Report version: 1.0Plugin directory: / usr/share/lynis/plugins-Auditor: [Not Specified] Language: zh Test category: all Test group: shells networking- -[2C-Program update status...] [32C [NO UPDATE] [+] System Tools-- [2C-Scanning available tools... [30C [2C-Checking system binaries... [30C [+] Plugins (phase 1)-- [0CNote: plugins have more] Extensive tests and may take several minutes to complete [0C [0C [2C-Plugins enabled [42C [NONE] [+] Shells-- [2C-Checking shells from / etc/ shells [25C [4CResult: found 5 shells (valid shells: 5). [16C [4C-Session timeout settings/tools [25C [NONE]] [2C-Checking default umask values [28C [4C-Checking default] Umask in / etc/bash.bashrc [13C [NONE] [4C-Checking default umask in / etc/profile [17C [WEAK] [+] Networking-- [2C-Checking IPv6 configuration [30C [ENABLED] [6CConfiguration method [35C [AUTO] [6CIPv6 only [46C [NO]] [2C-Checking configured nameservers [26C [4C-Testing nameserver: 202.96.134] .33 [30C [SKIPPED] [6CNameserver: 202.96.128.86 [SKIPPED] [4C-Minimal of 2 responsive nameservers [20C [SKIPPED] [2C-Getting listening ports (TCP/UDP) [24C [DONE] [6C * Found 11 ports [39C [2C-Checking status DHCP client [30C [RUNNING] [2C-Checking for ARP monitoring software [21C [NOT FOUND] [+] Custom Tests-- -[2C-Running custom tests... [33C [NONE] [+] Plugins (phase 2)-- = =-[Lynis 2.6.4 Results]-Great, no warnings Suggestions (1):-- * Consider running ARP monitoring software (arpwatch) Arpon) [NETW-3032] https://cisofy.com/controls/NETW-3032/ Follow-up:-Show details of a test (lynis show details TEST-ID)-Check the logfile for all details (less / var/log/lynis.log)-Read security controls texts (https://cisofy.com)-Use-upload to upload data to central system (Lynis) Enterprise users) = Lynis security scan details: Hardening index: 33 [#] Tests performed: 13 Plugins enabled: 0 Components:-Firewall [X]-Malware scanner [X] Lynis Modules:-Compliance Status [?]-Security Audit [V]-Vulnerability Scan [V] Files:-Test and debug information: / var/log/lynis.log-Report data: / var/log/lynis-report.dat = Lynis 2.6.4 Auditing System hardening, and compliance for UNIX-based systems (Linux, macOS, BSD, and others) 2007-2018, CISOfy-https://cisofy.com/lynis/ Enterprise support available (compliance, plugins, interface and tools) = = [TIP]: Enhance Lynis audits by adding your settings to custom.prf (see / etc/lynis/default.prf for all settings)
View detailed description
When viewing the audit results, you can use the show details parameter to get a detailed description of a warning / recommendation. The corresponding command form is:
Lynis show details ${test_id}
For example, there is a suggestion in the picture above.
* Consider running ARP monitoring software (arpwatch,arpon) [NETW-3032]
We can run the command:
Sudo lynis show details NETW-30322018-06-08 18:18:01 Performing test ID NETW-3032 (Checking for ARP monitoring software) 2018-06-08 18:18:01 IsRunning: process' arpwatch' not found2018-06-08 18:18:01 IsRunning: process' arpon' not found2018-06-08 18:18:01 Suggestion: Consider running ARP monitoring software (arpwatch Arpon) [test:NETW-3032] [details:-] [solution:-] 2018-06-08 18:18:01 Checking permissions of / usr/share/lynis/include/tests_printers_spools2018-06-08 18:18:01 File permissions are OK2018-06-08 18:18:01 = -=
View log files
Lynis records the details in / var/log/lynis.log after the audit is completed.
Sudo tail / var/log/lynis.log2018-06-08 17:59:46 = 2018-06-08 17:59:46 Lynis 2.6.42018-06-08 17:59:46 2007-2018, CISOfy-https://cisofy.com/lynis/2018-06-08 17:59:46 Enterprise support available (compliance, plugins Interface and tools) 2018-06-08 17:59:46 Program ended successfully2018-06-08 17:59:46 = 2018-06-08 17:59:46 PID file removed (/ var/run/lynis.pid) 2018-06-08 17:59:46 Temporary files: / tmp/lynis.sGxCR0hSPz2018-06-08 17:59:46 Action: removing temporary file / tmp/lynis.sGxCR0hSPz2018-06-08 17:59:46 Lynis ended successfully.
At the same time, the report data is saved to / var/log/lynis-report.dat.
Sudo tail / var/log/lynis-report.dat
It is also important to note that each audit will overwrite the original log file.
Check for updates
The audit software needs to be updated at any time to get the latest recommendations and information, and we can use the update info parameter to check for updates:
Lynis update info-- no-colors== [1trans37mLynis [0m = = Version: 2.6.4 Status: [1trans32mUpripto Update location date [0m Release date: 2018-05-02 Update location: https://cisofy.com/lynis/ 2007-2018, CISOfy-https://cisofy.com/lynis/
Customize lynis security audit policy
The configuration information for lynis is saved in the / etc/lynis directory in the .prf file format. Where the default lynis comes with a default configuration file called default.prf.
However, we do not need to modify the default configuration file directly, we just need to add a new custom.prf file to add custom information.
There are corresponding comments on the meaning of each configuration item in the configuration file in default.prf, so I won't go into detail here.
For more information about lynis, you can visit its website.
Thank you for reading! This is the end of the article on "how to scan linux vulnerabilities with lynis". I hope the above content can be of some help to you, so that you can learn more knowledge. if you think the article is good, you can share it for more people to see!
Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.
Views: 0
*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.
Continue with the installation of the previous hadoop.First, install zookooper1. Decompress zookoope
"Every 5-10 years, there's a rare product, a really special, very unusual product that's the most un
© 2024 shulou.com SLNews company. All rights reserved.