Quantcast
Linux Hacks

Linux Hack of the Week #10 – Lynis Security Audit Tool

By August 10, 2018 No Comments

When you do a fresh install of Linux, you’ll find a lot software and services that can be improved to secure your system. There are helpful guides such as the DISA (Defense Information Systems Agency) Secure Technical Implementation Guidelines (STIGs), and others. However, if you want to run a tool to audit your system, it really is hard to beat Lynis. In this tip, I’ll do a fresh install of Fedora 28, and then run Lynis.

Installation

Lynis is in the Fedora repository, which makes for an easy install. Run the command: yum install lynis and Lynis is installed:

For this demo, I am using Fedora 28. With any luck, all of these steps should work on Red Hat, CentOS, and Fedora. To install the module run:

Execution

There are several options to run Lynis, including auditing docker files. For our purposes, we will just run the lynis audit system. You may wish to pipe it to more, although it does create a log in /var/log/lynis.log:

When it is finished, you will see a score. On this fresh Fedora install, it received a mediocre 70/100. That is a C-, and we are not C- people:

At this point, you should be looking through the log for ways to improve security. It is fairly lengthy so I use less, and then search for the word partial. Below are examples of a few things were performed to raise that pitiful security score:

  • Set a max password age and min password age
  • Tightened up the umask in /etc/profile
  • FAILLOG_ENAB set in login.defs
  • Added nodev noexec nosuid to /boot in fstab
  • Installed RootKit Checker
  • …and few other things

After those steps were completed, I ran Lynis again and got a score of 82/100. There’s clearly much more to be done, but the machine now a solid B.

Conclusion

Lynis is not the only tool that can do this. That being said, as an open source free tool available in the Fedora repo, there is really no reason not to run it. Always verify the tool’s results and since you will be editing system files, make sure you have a test box to work on first. As always, if you have any questions feel free to reach out: mcmanus@automox.com.  

About Automox

Automox is a cloud-based patch management and endpoint protection platform that provides the foundation for a strong security framework by automating the fundamentals of security hygiene to reduce a company’s attack surface by over 80 percent. A powerful set of user-defined controls enables IT managers to filter and report on the vulnerability status of their infrastructure and intuitively manage cross-platform OS patching, third party patching, software deployment, and configuration management. To sign up for a free, 15-day trial of Automox’s cloud-based, automated patch management solution, visit www.automox.com/signup.

 

Joe McManus, CISO

Author Joe McManus, CISO

Joe is a Senior Cyber Security Researcher at CERT and a Professor at the University of Colorado College of Engineering where he teaches graduate courses in information security and forensics. Recently, Joe was the Director of Security at SolidFire, (acquired by NetApp [NTAP]). He is an avid cyclist, climber and leads the Automox security team.

More posts by Joe McManus, CISO

Leave a Reply