Wednesday 7 February 2018

LYNIS- Open-Source Linux System Auditing Tool


LYNIS- OPEN-SOURCE LINUX SYSTEM AUDITING TOOL


Lynis is a system based auditing and open source tool. It supports with the auditing systems which is running UNIX-systems and providing controls for system hardening and comliance based testing.
By running ‘lynis’ the program is begun and will give the essential parameters accessible. If you are using it for first time Lynis (or utilized Git), at that point utilize “./lynis” to begin the program from the local directory.
The most common command to begin Lynis is utilizing review framework order. This still begin the security scan.
To run Lynis you should meet one essential: have compose access to/tmp (temporary documents).

INSTALLATION VIA PACKAGE

Installing Lynis via a package manager is one option to get started with Lynis. For most operating systems and distributions, a port or package is available.
First add our software repository. This way the latest version will be available to your system.

RED HAT

This applies to systems running YUM, including CentOS, Fedora, Red Hat Enterprise Linux (RHEL).
$ yum install lynis

DEBIAN

Systems running Debian, Linux Mint, Ubuntu, or are based on one of these.
$ apt-get install lynis

OPENSUSE

$ zypper install lynis
After the installation, it is time to run Lynis for the first time.

INSTALLATION VIA GIT

Clone project
The first step is cloning the project. Before doing so, select the parent directory. Git will create a ‘lynis’ subdirectory with the full program in it.
$ cd /Desktop

$ git clone https://github.com/CISOfy/lynis
Cloning into ‘lynis’…
remote: Counting objects: 1733, done.
remote: Compressing objects: 100% (8/8), done.
remote: Total 1733 (delta 3), reused 0 (delta 0), pack-reused 1725
Receiving objects: 100% (1733/1733), 886.18 KiB | 378.00 KiB/s, done.
Resolving deltas: 100% (1204/1204), done.
Checking connectivity... done.
$ cd lynis
That is it. Time to run your first security audit:
$ lynis audit system
Although no configuration is required, there are a few useful commands to learn.

LYNIS COMMANDS

The Lynis tool requires a minimum amount of parameters to run. If you are using it for the first time, just run lynis and see what output it provides.
                                    ./lynis

AUDIT

The audit command tells Lynis to perform an audit.
Targets include:
  • system - audit the host system
  • docker file - audit a docker file

SHOW

The show command informs Lynis to share information, like help or the value of something.
Options:
  • help – show help and tips
  • profiles – show discovered audit profiles
  • settings – show active settings
  • version – show Lynis version
  • Here you can see the commands which are all given in the Lynis auditing tool,There are more options which are given below, some of them are layout options, misc options and Enterprise options too.
  • Lynis scans the system and performs the tests, results should be displayed on the screen. The log files should be displayed on the screen during the system scan. To check that log database to saved here var/log/lynis.log. The log file should store once the backup before the process of running Lynis again and again. During the audit process, Lynis will gather some findings and data points should use where we can find that storage process using varlog/lynis-report.dat.Benefits:
    • Perform audits within a few minutes
    • System hardening can be done
    • Central management
    • Powerful reporting
    • Compliance checks (e.g. PCI DSS)
    • Additional plugins and more tests
    Comparison between Lynis and other tools:
    Hardening process are easily exposed when compared to other auditing tools such as Bastille, TOD (Touch of Death). It conserves time when compared to other auditing tools.
    It helps to track your compliance needs, IT audits, better security defences.
    Operating system Finding:
    It detects the operating system name, operating system version, host name and hardware platform for the Lynis tool.
    Lynis runs almost all UNIX-based systems and versions including,
    AIX
  • FreeBSD
  • Linux
  • macOS, Solaris etc…
  • It even runs on the storage devices like Raspberry Pi, or QNAP
  • System Tools:It find out the Binaries, scanning the tools which are all currently updated or not and used some plugins also in this system tools.
  • Boot configuration:In this boot configuration level issues to be find whether the password is encrypted, booting method like legacy boot or UEFI boot method, Grub checking possibilities, and how many services are running in the system, to check the start-up files also.
Conclusion:
Security need to be reliable. Lynis can remind us to stay consistent. Lynis will scan your system and warn you for any security holes. This blogs gives an idea about Lynis server hardening tool to harden server and also discussed about where the exact location of hardening. BriskInfosec offers end to end server hardening solutions where ever the industry requires to know more get in touch with us.

AUTHOR

Aravind
Security Engineer
BriskInfosec Technology and consulting PVT LTD
Find me @https://www.linkedin.com/in/aravindhan-s-90b98787/
Posted by at No comments:
Labels: , , , , ,
Subscribe to: Posts (Atom)