We are excited to announce this major release of auditing tool Lynis . Several big changes have been made to core functions of Lynis. These changes are the next of simplification improvements we made. There is a risk of breaking your existing configuration. Lynis is an open source security auditing tool. Used by system administrators, security professionals, and auditors, to evaluate the security defenses of their Linux and UNIX-based systems. It runs on the host itself, so it performs more extensive security scans than vulnerability scanners. Supported operating systems The tool has almost no dependencies, therefore it runs on almost all Unix-based systems and versions, including: AIX FreeBSD HP-UX Linux Mac OS NetBSD OpenBSD Solaris and others It even runs on systems like the Raspberry Pi and several storage devices! Installation optional Lynis is light-weight and easy to use. Installation is optional: just copy it to a system, and use “./lynis audit system” to start the security scan. It is written in shell script and released as open source software ( GPL ). How it works Lynis performs hundreds of individual tests, to determine the security state of the system. The security scan itself consists of performing a set of steps, from initialization the program, up to the report. Steps Determine operating system Search for available tools and utilities Check for Lynis update Run tests from enabled plugins Run security tests per category Report status of security scan Besides the data displayed on the screen, all technical details about the scan are stored in a log file. Any findings (warnings, suggestions, data collection) are stored in a report file. Opportunistic Scanning Lynis scanning is opportunistic: it uses what it can find. For example, if it sees you are running Apache, it will perform an initial round of Apache related tests. When during the Apache scan it also discovers an SSL/TLS configuration, it will perform additional auditing steps on that. While doing that, it then will collect discovered certificates so they can be scanned later as well. In-depth security scans By performing opportunistic scanning, the tool can run with almost no dependencies. The more it finds, the deeper the audit will be. In other words, Lynis will always perform scans which are customized to your system. No audit will be the same! Use cases Since Lynis is flexible, it is used for several different purposes. Typical use cases for Lynis include: Security auditing Compliance testing (e.g. PCI, HIPAA, SOx) Vulnerability detection and scanning System hardening Resources used for testing Many other tools use the same data files for performing tests. Since Lynis is not limited to a few common Linux distributions, it uses tests from standards and many custom ones not found in any other tool. Best practices CIS NIST NSA OpenSCAP data Vendor guides and recommendations (e.g. Debian Gentoo, Red Hat) Lynis Plugins Plugins enable the tool to perform additional tests. They can be seen as an extension (or add-on) to Lynis, enhancing its functionality. One example is the compliance checking plugin, which performs specific tests only applicable to some standard. Changelog Upgrade note ## Lynis 2.7.3 (2019-03-21) ### Added – Detection for Lynis being scheduled (e.g. cronjob) ### Changed – HTTP-6624 – Improved logging for test – KRNL-5820 – Changed color for default fs.suid_dumpable value – LOGG-2154 – Adjusted test to search in configuration file correctly – NETW-3015 – Added support for ip binary – SQD-3610 – Description of test changed – SQD-3613 – Corrected description in code – SSH-7408 – Increased values for MaxAuthRetries – Improvements to allow tailored tool tips in future – Corrected detection of blkid binary – Minor textual changes and cleanups Download Lynis 2.7.2 *[ GPL ]: GNU Public License
https://govanguard.io/wp-content/uploads/2018/04/Header_Logo.png 0 0 govanguard https://govanguard.io/wp-content/uploads/2018/04/Header_Logo.png govanguard2019-03-23 08:05:002019-03-23 08:05:00Lynis 2.7.3 - Security Auditing Tool for Unix/Linux Systems
Our Standard Office Hours
Monday – Friday: 8:00AM – 5:00PM EDT
Saturday – Sunday: Closed
Where to Find Us
Data Privacy Notice
- – All product names, logos, and brands are property of their respective owners.
- – The use of these names, logos, and brands is for identification purposes only and does not imply endorsement.
- – Content syndication and aggregation of public information is solely for the purpose of identifying information security trends, all syndicated content contains source links to the content creator website. All content is owned by it’s respective content creators.
- – If you are an owner of some content and want it to be removed, please email email@example.com