Lynis是针对Unix操作系统的开源和强大的审核工具。它会扫描系统以获取保护知识,通用方法知识,任何预装的软件知识,配置错误,安全性障碍,无密码的用户帐户,不合适的文件权限,防火墙审核等。
Linux执行个别测试用例以保护您的Linux系统。要显示测试报告,请遵循以下情况–
确定操作系统
搜索可用的工具和实用程序
检查Lynis更新
从启用的插件运行测试
按类别运行安全测试
报告安全扫描状态
在测试案例中,所有扫描的详细信息都存储在日志文件中,所有警告和错误都存储在报告文件中。
要安装Lynis,请使用以下命令-
# yum install lynis
样本输出应如下所示–
Loaded plugins: fastestmirror, langpacks base | 3.6 kB 00:00 elrepo | 2.9 kB 00:00 epel/x86_64/metalink | 3.2 kB 00:00 epel | 4.3 kB 00:00 extras | 3.4 kB 00:00 google-chrome | 951 B 00:00 updates | 3.4 kB 00:00 (1/2): epel/x86_64/updateinfo | 501 kB 00:02 (2/2): epel/x86_64/primary_db | 3.9 MB 00:02 Loading mirror speeds from cached hostfile * base: ftp.iitm.ac.in * elrepo: mirrors.ircam.fr * epel: mirrors.hustunique.com * extras: ftp.iitm.ac.in * updates: ftp.iitm.ac.in Resolving Dependencies --> Running transaction check ---> Package lynis.noarch 0:2.1.0-1.el7 will be installed .......
请注意,Lynis将需要具有root特权才能运行。
在运行Lynis之前,您应该了解以下参数–
–checkall或-c-将开始扫描
–check- update-检查Lynis更新
–cronjob −将Lynis作为cronjob运行(包括-c -Q)
–help或-h-显示有效参数
–quick或-Q –不要等待用户输入,除非出现错误
–version或-V-显示Lynis版本
要运行Lynis,请使用以下命令–
# lynis -c --auditor “nhooo”
建议使用-c参数。-c参数表示进行所有测试以检查系统。如果要输入审核员姓名,只需添加–auditor参数。
在上面的示例中,nhooo是审核员姓名。上面命令的示例输出应如下所示–
[+] Initializing program ------------------------------------ - Detecting OS... [ DONE ] --------------------------------------------------- Program version: 2.1.0 Operating system: Linux Operating system name: CentOS Operating system version: CentOS Linux release 7.2.1511 (Core) Kernel version: 3.10.0 Hardware platform: x86_64 Hostname: linux Auditor: “nhooo” Profile: /etc/lynis/default.prf Log file: /var/log/lynis.log Report file: /var/log/lynis-report.dat Report version: 1.0 Plugin directory: /usr/share/lynis/plugins --------------------------------------------------- - Checking profile file (/etc/lynis/default.prf)... - Program update status... [ UPDATE AVAILABLE ] .......
以上结果表明Lynis的初始化程序。
[+] Users, Groups and Authentication ------------------------------------ - Search administrator accounts [ OK ] - Checking for non-unique UIDs [ OK ] - Checking consistency of group files (grpck) [ OK ] - Checking non unique group ID's [ OK ] - Checking non unique group names [ OK ] - Checking password file consistency [ OK ] - Query system users (non daemons) [ DONE ] - Checking NIS+ authentication support [ NOT ENABLED ] - Checking NIS authentication support [ NOT ENABLED ] - Checking sudoers file [ FOUND ] - Check sudoers file permissions [ OK ] - Checking PAM password strength tools [ OK ] - Checking PAM configuration file (pam.conf) [ NOT FOUND ] - Checking PAM configuration files (pam.d) [ FOUND ] - Checking PAM modules [ FOUND ] - Checking user password aging [ DISABLED ] - Checking Linux single user mode authentication [ WARNING ] - Determining default umask - Checking umask (/etc/profile) [ SUGGESTION ] - Checking umask (/etc/login.defs) [ OK ] - Checking umask (/etc/init.d/functions) [ SUGGESTION ] - Checking LDAP authentication support [ NOT ENABLED ] ......
上面的输出指示用户,组和身份验证。
[+] File systems ------------------------------------ - Checking mount points - Checking /home mount point [ OK ] - Checking /tmp mount point [ SUGGESTION ] - Checking /var mount point [ OK ] - Checking LVM volume groups [ FOUND ] - Checking LVM volumes [ FOUND ] - Querying FFS/UFS mount points (fstab) [ NONE ] - Query swap partitions (fstab) [ OK ] - Testing swap partitions [ WARNING ] - Checking for old files in /tmp [ OK ] - Checking /tmp sticky bit [ OK ] - ACL support root file system [ DISABLED ] - Checking Locate database [ FOUND ] ........
以上结果表明文件系统。
[+] Ports and packages ------------------------------------ - Searching package managers - Searching RPM package manager [ FOUND ] - Querying RPM package manager - Checking YUM package management consistency [ OK ] - Checking package database duplicates [ OK ] - Checking package database for problems [ OK ] - Checking missing security packages [ OK ] - Checking GPG checks (yum.conf) [ OK ] - Checking package audit tool [ INSTALLED ] Found: yum-security .......
上面的结果表明了Linux系统的端口和软件包。
[+] Networking ------------------------------------ - Checking configured nameservers - Testing nameservers Nameserver: 192.168.1.1 [ OK ] - Minimal of 2 responsive nameservers [ WARNING ] - Checking default gateway [ DONE ] - Getting listening ports (TCP/UDP) [ DONE ] * Found 22 ports - Checking promiscuous interfaces [ OK ] - Checking waiting connections [ OK ] - Checking status DHCP client .....
以上结果说明网络信息。
[+] Printers and Spools ------------------------------------ - Checking cups daemon [ RUNNING ] - Checking CUPS configuration file [ OK ] - File permissions [ OK ] - Checking CUPS addresses/sockets [ FOUND ] - Checking lp daemon ......
以上结果表明打印机和线轴信息。
要创建系统的每日扫描,请使用以下命令–
# crontab -e
使用选项–e添加以下cron作业。 所有特殊字符将从输出中忽略,并且扫描将自动运行。
3022***root /path/to/lynis -c -Q --auditor "automated" --cronjob
上面的示例cron作业每天晚上10:30在晚上运行,并在/var/log/lynis.log文件下创建每日报告。
要更新Lynis,请使用以下命令-
# lynis --check-update
恭喜你!现在,您知道“如何在CentOS中安装Lynis(Linux审核工具)”。在我们的下一篇Linux文章中,我们将详细了解这些类型的命令。继续阅读!