HOW TO INSTALL AND USE LYNIS SECURITY AUDITING TOOL IN LINUX OPERATING SYSTEM

In this post i will show you how to install and use lynis auditing tool in linux .

  • First i will unzip my .tar.gz file
[root@dhcppc6 ~]# ls
3usageeks     avg85flx-r287-a2632.i386.rpm     install.log    lynis-1.3.0.tar.gz  rkhunter-1.4.0.tar.gz
anaconda-ks.cfg  Desktop       install.log.syslog     rkhunter-1.4.0
  • To unzip .tar.gz file type the commands shown below
[root@dhcppc6 ~]# tar xvzf lynis-1.3.0.tar.gz
lynis-1.3.0/CHANGELOG
lynis-1.3.0/FAQ
lynis-1.3.0/INSTALL
lynis-1.3.0/LICENSE
lynis-1.3.0/README
lynis-1.3.0/db/
lynis-1.3.0/db/integrity.db
lynis-1.3.0/db/sbl.db
lynis-1.3.0/db/fileperms.db
lynis-1.3.0/db/malware-susp.db
lynis-1.3.0/db/malware.db
lynis-1.3.0/db/hints.db
lynis-1.3.0/default.prf
lynis-1.3.0/dev/
lynis-1.3.0/dev/README
lynis-1.3.0/dev/files.dat
lynis-1.3.0/dev/TODO
lynis-1.3.0/dev/openbsd/
lynis-1.3.0/dev/openbsd/+CONTENTS
lynis-1.3.0/dev/check-lynis.sh
lynis-1.3.0/dev/build-lynis.sh
lynis-1.3.0/include/
lynis-1.3.0/include/profiles
lynis-1.3.0/include/tests_malware
lynis-1.3.0/include/tests_accounting
lynis-1.3.0/include/parameters
lynis-1.3.0/include/tests_ssh
lynis-1.3.0/include/tests_time
lynis-1.3.0/include/tests_firewalls
lynis-1.3.0/include/tests_nameservices
lynis-1.3.0/include/binaries
lynis-1.3.0/include/tests_webservers
lynis-1.3.0/include/tests_squid
lynis-1.3.0/include/tests_storage_nfs
lynis-1.3.0/include/tests_insecure_services
lynis-1.3.0/include/tests_scheduling
lynis-1.3.0/include/tests_tooling
lynis-1.3.0/include/tests_hardening
lynis-1.3.0/include/tests_networking
lynis-1.3.0/include/report
lynis-1.3.0/include/tests_boot_services
lynis-1.3.0/include/functions
lynis-1.3.0/include/tests_memory_processes
lynis-1.3.0/include/tests_file_permissions
lynis-1.3.0/include/tests_file_integrity
lynis-1.3.0/include/tests_shells
lynis-1.3.0/include/tests_databases
lynis-1.3.0/include/tests_homedirs
lynis-1.3.0/include/osdetection
lynis-1.3.0/include/tests_ldap
lynis-1.3.0/include/tests_ports_packages
lynis-1.3.0/include/tests_hardening_tools
lynis-1.3.0/include/tests_logging
lynis-1.3.0/include/tests_mail_messaging
lynis-1.3.0/include/tests_banners
lynis-1.3.0/include/tests_crypto
lynis-1.3.0/include/tests_kernel
lynis-1.3.0/include/tests_mac_frameworks
lynis-1.3.0/include/tests_solaris
lynis-1.3.0/include/tests_virtualization
lynis-1.3.0/include/tests_kernel_hardening
lynis-1.3.0/include/tests_snmp
lynis-1.3.0/include/tests_authentication
lynis-1.3.0/include/tests_filesystems
lynis-1.3.0/include/tests_storage
lynis-1.3.0/include/tests_printers_spools
lynis-1.3.0/include/tests_php
lynis-1.3.0/include/consts
lynis-1.3.0/include/tests_tcpwrappers
lynis-1.3.0/lynis
lynis-1.3.0/lynis.8
lynis-1.3.0/plugins/
lynis-1.3.0/plugins/README
lynis-1.3.0/plugins/custom_plugin.template
  • Then i will move that folder to /usr/local/lynis .
  • Create one folder named lynis in /usr/local/  then move lynis extrated folder over there
[root@dhcppc6 ~]# mv lynis-1.3.0 /usr/local/lynis/
  • Give permission to this folder .
[root@dhcppc6 lynis]# chmod -R 777 lynis-1.3.0
  • Go to that folder .
[root@dhcppc6 lynis]# cd lynis-1.3.0/
[root@dhcppc6 lynis-1.3.0]# ls
CHANGELOG  db  default.prf  dev  FAQ  include  INSTALL  LICENSE  
lynis  lynis.8  plugins  README
  • Now start using lynis auditing tool by typing the below command .
[root@dhcppc6 lynis-1.3.0]# ./lynis --check-all
[ Lynis 1.3.0 ]
################################################################################
 Lynis comes with ABSOLUTELY NO WARRANTY. This is free software, and you are
 welcome to redistribute it under the terms of the GNU General Public License.
 See LICENSE file for details about using this software.
 Copyright 2007-2012 - Michael Boelen, http://www.rootkit.nl/
################################################################################
[+] Initializing program
------------------------------------
  - Detecting OS...                                           [ DONE ]
  - Clearing log file (/var/log/lynis.log)...                 [ DONE ]
  ---------------------------------------------------
  Program version:           1.3.0
  Operating system:          Linux
  Operating system name:     Red Hat
  Operating system version:  Red Hat Enterprise Linux Server release 5.4 (Tikanga)
  Kernel version:            2.6.18-164.el5
  Hardware platform:         i686
  Hostname:
  Auditor:                   [Unknown]
  Profile:                   ./default.prf
  Log file:                  /var/log/lynis.log
  Report file:               /var/log/lynis-report.dat
  Report version:            1.0
  ---------------------------------------------------
[ Press [ENTER] to continue, or [CTRL]+C to stop ]
  
- Checking profile file (./default.prf)...
  - Program update status...                                  [ WARNING ]
      ===============================================================================
        Notice: Lynis update available
          Current version : 130   Latest version : 240
          Please update to the latest version for new features, bug fixes, tests
          and baselines.
      ===============================================================================
[ Press [ENTER] to continue, or [CTRL]+C to stop ]

[+] System Tools
------------------------------------
  - Scanning available tools...
  - Checking system binaries...
    - Checking /bin...                                        [ FOUND ]
    - Checking /sbin...                                       [ FOUND ]
    - Checking /usr/bin...                                    [ FOUND ]
    - Checking /usr/sbin...                                   [ FOUND ]
    - Checking /usr/local/bin...                              [ FOUND ]
    - Checking /usr/local/sbin...                             [ FOUND ]
    - Checking /usr/local/libexec...                          [ FOUND ]
    - Checking /usr/libexec...                                [ FOUND ]
    - Checking /usr/sfw/bin...                                [ NOT FOUND ]
    - Checking /usr/sfw/sbin...                               [ NOT FOUND ]
    - Checking /usr/sfw/libexec...                            [ NOT FOUND ]
    - Checking /opt/sfw/bin...                                [ NOT FOUND ]
    - Checking /opt/sfw/sbin...                               [ NOT FOUND ]
    - Checking /opt/sfw/libexec...                            [ NOT FOUND ]
    - Checking /usr/xpg4/bin...                               [ NOT FOUND ]
    - Checking /usr/css/bin...                                [ NOT FOUND ]
    - Checking /usr/ucb...                                    [ NOT FOUND ]
[ Press [ENTER] to continue, or [CTRL]+C to stop ]

[+] Boot and services
------------------------------------
  - Checking boot loaders
    - Checking presence GRUB...                               [ OK ]
      - Checking for password protection...                   [ WARNING ]
    - Checking presence LILO...                               [ NOT FOUND ]
    - Checking presence YABOOT...                             [ NOT FOUND ]
  - Check services at startup (chkconfig)...                  [ DONE ]
        Result: found 47 services
  - Check startup files (permissions)...                      [ OK ]
[ Press [ENTER] to continue, or [CTRL]+C to stop ]

[+] Kernel
------------------------------------
  - Checking default run level...                             [ 5 ]
  - Checking CPU support (NX/PAE)
      CPU supports PAE and NoeXecute                          [ YES ]
  - Checking kernel version                                   [ DONE ]
  - Checking kernel type                                      [ DONE ]
  - Checking loaded kernel modules                            [ DONE ]
      Found 76 active modules
  - Checking Linux kernel configuration file...               [ FOUND ]
  - Checking core dumps configuration...                      [ ENABLED ]
    - Checking setuid core dumps configuration...             [ DISABLED ]
[ Press [ENTER] to continue, or [CTRL]+C to stop ]

[+] Memory and processes
------------------------------------
  - Checking /proc/meminfo...                                 [ FOUND ]
  - Searching for dead/zombie processes...                    [ OK ]
  - Searching for IO waiting processes...                     [ OK ]
[ Press [ENTER] to continue, or [CTRL]+C to stop ]

[+] Users, Groups and Authentication
------------------------------------
  - Search administrator accounts...                          [ OK ]
  - Checking consistency of group files (grpck)...            [ OK ]
  - Checking non unique group ID's...                         [ OK ]
  - Checking non unique group names...                        [ OK ]
  - Checking password file consistency...                     [ OK ]
  - Query system users (non daemons)...                       [ DONE ]
  - Checking NIS+ authentication support                      [ NOT ENABLED ]
  - Checking NIS authentication support                       [ NOT ENABLED ]
  - Checking sudoers file                                     [ FOUND ]
    - Check sudoers file permissions                          [ OK ]
  - Checking PAM password strength tools                      [ OK ]
  - Checking PAM configuration file (pam.conf)                [ NOT FOUND ]
  - Checking PAM configuration files (pam.d)                  [ FOUND ]
  - Checking PAM modules                                      [ FOUND ]
  - Checking user password aging                              [ DISABLED ]
  - Checking Linux single user mode authentication            [ WARNING ]
  - Determining default umask
    - Checking umask (/etc/profile)                           [ SUGGESTION ]
    - Checking umask (/etc/login.defs)                        [ OK ]
    - Checking umask (/etc/init.d/functions)                  [ SUGGESTION ]
  - Checking LDAP authentication support                      [ NOT ENABLED ]
[ Press [ENTER] to continue, or [CTRL]+C to stop ]

[+] Shells
------------------------------------
  - Checking shells from /etc/shells...
    Result: found 6 shells (valid shells: 6).
[ Press [ENTER] to continue, or [CTRL]+C to stop ]

[+] File systems
------------------------------------
  - Checking mount points
    - Checking /home mount point...                           [ SUGGESTION ]
    - Checking /tmp mount point...                            [ SUGGESTION ]
  - Checking LVM volume groups...                             [ NONE ]
  - Checking for old files in /tmp...                         [ OK ]
  - Checking /tmp sticky bit...                               [ OK ]
  - ACL support root file system...                           [ ENABLED ]
  - Checking Locate database...                               [ FOUND ]
[ Press [ENTER] to continue, or [CTRL]+C to stop ]

[+] Storage
------------------------------------
  - Checking usb-storage driver (modprobe config)...          [ NOT DISABLED ]
  - Checking firewire ohci driver (modprobe config)...        [ NOT DISABLED ]
[ Press [ENTER] to continue, or [CTRL]+C to stop ]

[+] NFS
------------------------------------
  - Check running NFS daemon...                               [ NOT FOUND ]
[ Press [ENTER] to continue, or [CTRL]+C to stop ]

[+] Software: name services
------------------------------------
  - Checking default DNS search domain...                     [ NONE ]
  - Checking /etc/resolv.conf options...                      [ NONE ]
  - Searching DNS domain name...                              [ UNKNOWN ]
  - Checking nscd status...                                   [ NOT FOUND ]
  - Checking BIND status...                                   [ NOT FOUND ]
  - Checking PowerDNS status...                               [ NOT FOUND ]
  - Checking ypbind status...                                 [ NOT FOUND ]
[ Press [ENTER] to continue, or [CTRL]+C to stop ]

[+] Ports and packages
------------------------------------
  - Searching package managers...
    - Searching RPM package manager...                        [ FOUND ]
      - Querying RPM package manager...
  - yum-utils package not installed                           [ SUGGESTION ]
Repository 'a' is missing name in configuration, using id
This system is not registered with RHN.
RHN support will be disabled.
      Result: no vulnerable packages found                    [ OK ]
[ Press [ENTER] to continue, or [CTRL]+C to stop ]

[+] Networking
------------------------------------
  - Checking configured nameservers...
    - Testing nameservers...
        Nameserver: 192.168.1.1...                            [ OK ]
    - Minimal of 2 responsive nameservers...                  [ WARNING ]
  - Checking default gateway...                               [ DONE ]
  - Checking promiscuous interfaces...                        [ OK ]
  - Checking waiting connections...                           [ OK ]
[ Press [ENTER] to continue, or [CTRL]+C to stop ]

[+] Printers and Spools
------------------------------------
  - Checking cups daemon...                                   [ RUNNING ]
  - Checking cups configuration file...                       [ OK ]
  - Checking cups addresses/sockets...                        [ FOUND ]
[ Press [ENTER] to continue, or [CTRL]+C to stop ]

[+] Software: e-mail and messaging
------------------------------------
  - Checking Exim status...                                   [ NOT FOUND ]
  - Checking Postfix status...                                [ NOT FOUND ]
  - Checking Qmail smtpd status...                            [ NOT FOUND ]
[ Press [ENTER] to continue, or [CTRL]+C to stop ]

[+] Software: firewalls
------------------------------------
  - Checking iptables kernel module...                        [ FOUND ]
    - Checking for empty ruleset...                           [ OK ]
    - Checking for unused rules...                            [ WARNING ]
  - Checking pf configuration...                              [ NOT FOUND ]
  - Checking host based firewall                              [ ACTIVE ]
[ Press [ENTER] to continue, or [CTRL]+C to stop ]

[+] Software: webserver
------------------------------------
  - Checking Apache...                                        [ NOT FOUND ]
  - Searching nginx process...                                [ NOT FOUND ]
[ Press [ENTER] to continue, or [CTRL]+C to stop ]

[+] SSH Support
------------------------------------
  - Checking running SSH daemon...                            [ FOUND ]
    - Searching SSH configuration...                          [ FOUND ]
    - Checking defined SSH options...                         [ DONE ]
    - SSH option: PermitRootLogin...                          [ DEFAULT ]
    - SSH option: Protocol...                                 [ OK ]
    - SSH option: StrictModes...                              [ DEFAULT ]
    - SSH option: AllowUsers...                               [ NOT FOUND ]
    - SSH option: AllowGroups...                              [ NOT FOUND ]
[ Press [ENTER] to continue, or [CTRL]+C to stop ]

[+] SNMP Support
------------------------------------
  - Checking running SNMP daemon...                           [ NOT FOUND ]
[ Press [ENTER] to continue, or [CTRL]+C to stop ]

[+] Databases
------------------------------------
  - MySQL process status...                                   [ NOT FOUND ]
  - PostgreSQL processes status...                            [ NOT FOUND ]
  - Oracle processes status...                                [ NOT FOUND ]
[ Press [ENTER] to continue, or [CTRL]+C to stop ]

[+] LDAP Services
------------------------------------
  - Checking OpenLDAP instance...                             [ NOT FOUND ]
[ Press [ENTER] to continue, or [CTRL]+C to stop ]

[+] Software: PHP
------------------------------------
  - Checking PHP...                                           [ NOT FOUND ]
[ Press [ENTER] to continue, or [CTRL]+C to stop ]

[+] Squid Support
------------------------------------
  - Checking running Squid daemon...                          [ NOT FOUND ]
[ Press [ENTER] to continue, or [CTRL]+C to stop ]

[+] Logging and files
------------------------------------
  - Checking for a running syslog daemon...                   [ OK ]
    - Checking Syslog-NG status                               [ NOT FOUND ]
    - Checking Metalog status                                 [ NOT FOUND ]
    - Checking RSyslog status                                 [ NOT FOUND ]
    - Checking RFC 3195 daemon status                         [ NOT FOUND ]
  - Checking klogd                                            [ FOUND ]
  - Checking minilogd instances                               [ NONE ]
  - Checking logrotate presence                               [ OK ]
  - Checking remote logging                                   [ NOT ENABLED ]
  - Checking log directories (static list)                    [ DONE ]
  - Checking open log files                                   [ DONE ]
  - Checking deleted files in use                             [ DONE ]
[ Press [ENTER] to continue, or [CTRL]+C to stop ]

[+] Insecure services
------------------------------------
  - Checking inetd status...                                  [ ACTIVE ]
    - Checking inetd.conf...                                  [ NOT FOUND ]
[ Press [ENTER] to continue, or [CTRL]+C to stop ]

[+] Banners and identification
------------------------------------
  - /etc/motd...                                              [ FOUND ]
    - /etc/motd permissions...                                [ OK ]
    - /etc/motd contents...                                   [ WEAK ]
  - /etc/issue...                                             [ FOUND ]
    - /etc/issue contents...                                  [ WEAK ]
  - /etc/issue.net...                                         [ FOUND ]
    - /etc/issue.net contents...                              [ WEAK ]
[ Press [ENTER] to continue, or [CTRL]+C to stop ]

[+] Scheduled tasks
------------------------------------
  - Checking crontab/cronjob                                  [ DONE ]
  - Checking atd status                                       [ RUNNING ]
    - Checking at users                                       [ DONE ]
    - Checking at jobs                                        [ NONE ]
[ Press [ENTER] to continue, or [CTRL]+C to stop ]

[+] Accounting
------------------------------------
  - Checking accounting information...                        [ OK ]
  - Checking auditd                                           [ ENABLED ]
    - Checking audit rules                                    [ SUGGESTION ]
    - Checking audit configuration file                       [ OK ]
    - Checking auditd log file                                [ FOUND ]
[ Press [ENTER] to continue, or [CTRL]+C to stop ]

[+] Time and Synchronization
------------------------------------
  - Checking running NTP daemon...                            [ NOT FOUND ]
  - Checking NTP client in crontab file...                    [ NOT FOUND ]
  - Checking for a running NTP daemon or client...            [ WARNING ]
  - Checking NTP daemon...                                    [ NOT FOUND ]
[ Press [ENTER] to continue, or [CTRL]+C to stop ]

[+] Cryptography
------------------------------------
  - Checking SSL certificate expiration...                    [ OK ]
[ Press [ENTER] to continue, or [CTRL]+C to stop ]

[+] Virtualization
------------------------------------
[ Press [ENTER] to continue, or [CTRL]+C to stop ]

[+] Security frameworks
------------------------------------
  - Checking presence AppArmor                                [ NOT FOUND ]
  - Checking presence SELinux                                 [ FOUND ]
    - Checking SELinux status                                 [ ENABLED ]
        Current SELinux mode: permissive
      - Checking current mode and config file                 [ OK ]
  - Checking presence grsecurity                              [ NOT FOUND ]
[ Press [ENTER] to continue, or [CTRL]+C to stop ]

[+] Software: file integrity
------------------------------------
  - Checking AFICK...                                         [ NOT FOUND ]
  - Checking AIDE...                                          [ NOT FOUND ]
  - Checking Osiris...                                        [ NOT FOUND ]
  - Checking Samhain...                                       [ NOT FOUND ]
  - Checking Tripwire...                                      [ NOT FOUND ]
  - Checking presence integrity tool...                       [ NOT FOUND ]
[ Press [ENTER] to continue, or [CTRL]+C to stop ]

[+] Software: Malware scanners
------------------------------------
  - Checking chkrootkit...                                    [ NOT FOUND ]
  - Checking Rootkit Hunter...                                [ FOUND ]
  - Checking ClamAV scanner...                                [ NOT FOUND ]
  - Checking ClamAV daemon...                                 [ NOT FOUND ]
[ Press [ENTER] to continue, or [CTRL]+C to stop ]

[+] System Tools
------------------------------------
  - Starting file permissions check...
    /etc/lilo.conf                                            [ NOT FOUND ]
    /root/.ssh                                                [ NOT FOUND ]
[ Press [ENTER] to continue, or [CTRL]+C to stop ]

[+] Home directories
------------------------------------
  - Checking shell history files...                           [ OK ]
[ Press [ENTER] to continue, or [CTRL]+C to stop ]

[+] Kernel Hardening
------------------------------------
  - Comparing sysctl key pairs with scan profile...
      - kernel.core_uses_pid (exp: 1)                         [ OK ]
      - kernel.ctrl-alt-del (exp: 0)                          [ OK ]
      - kernel.exec-shield (exp: 1)                           [ OK ]
      - kernel.sysrq (exp: 0)                                 [ OK ]
      - net.ipv4.conf.all.accept_redirects (exp: 0)           [ DIFFERENT ]
      - net.ipv4.conf.all.accept_source_route (exp: 0)        [ OK ]
      - net.ipv4.conf.all.bootp_relay (exp: 0)                [ OK ]
      - net.ipv4.conf.all.forwarding (exp: 0)                 [ OK ]
      - net.ipv4.conf.all.log_martians (exp: 1)               [ DIFFERENT ]
      - net.ipv4.conf.all.mc_forwarding (exp: 0)              [ OK ]
      - net.ipv4.conf.all.proxy_arp (exp: 0)                  [ OK ]
      - net.ipv4.conf.all.rp_filter (exp: 1)                  [ DIFFERENT ]
      - net.ipv4.conf.all.send_redirects (exp: 0)             [ DIFFERENT ]
      - net.ipv4.conf.default.accept_redirects (exp: 0)       [ DIFFERENT ]
      - net.ipv4.conf.default.accept_source_route (exp: 0)    [ OK ]
      - net.ipv4.conf.default.log_martians (exp: 1)           [ DIFFERENT ]
      - net.ipv4.icmp_echo_ignore_broadcasts (exp: 1)         [ OK ]
      - net.ipv4.icmp_ignore_bogus_error_responses (exp: 1)   [ OK ]
      - net.ipv4.tcp_syncookies (exp: 1)                      [ OK ]
      - net.ipv4.tcp_timestamps (exp: 0)                      [ DIFFERENT ]
      - net.ipv6.conf.all.accept_redirects (exp: 0)           [ DIFFERENT ]
      - net.ipv6.conf.default.accept_redirects (exp: 0)       [ DIFFERENT ]
[ Press [ENTER] to continue, or [CTRL]+C to stop ]

[+] Hardening
------------------------------------
    - Installed compiler(s)...                                [ FOUND ]
    - Installed malware scanner...                            [ FOUND ]
[ Press [ENTER] to continue, or [CTRL]+C to stop ]

================================================================================
  -[ Lynis 1.3.0 Results ]-
  Tests performed: 151
  Warnings:
  ----------------------------
   - [10:17:04] Warning: No password set on GRUB bootloader [test:BOOT-5121] [impact:M]
   - [10:17:13] Warning: No password set for single mode [test:AUTH-9308] [impact:L]
   - [10:17:42] Warning: Couldn't find 2 responsive nameservers [test:NETW-2705] [impact:L]
   - [10:17:48] Warning: Found possible unused iptables rules (1 2 3 4 6 7) [test:FIRE-4513] [impact:L]
   - [10:18:12] Warning: No running NTP daemon or available client found [test:TIME-3104] [impact:M]
  Suggestions:
  ----------------------------
   - [10:16:40] Suggestion: update to the latest stable release.
   - [10:17:04] Suggestion: Run grub-md5-crypt and create a hashed password. Add a line below the line timeout=<value>, add: password --md5 <password hash> [test:BOOT-5121]
   - [10:17:13] Suggestion: Configure password aging limits to enforce password changing on a regular base [test:AUTH-9286]
   - [10:17:13] Suggestion: Set password for single user mode to minimize physical access attack surface [test:AUTH-9308]
   - [10:17:13] Suggestion: Default umask in /etc/profile could be more strict like 027 [test:AUTH-9328]
   - [10:17:17] Suggestion: To decrease the impact of a full /home file system, place /home on a separated partition [test:FILE-6310]
   - [10:17:17] Suggestion: To decrease the impact of a full /tmp file system, place /tmp on a separated partition [test:FILE-6310]
   - [10:17:20] Suggestion: Disable drivers like USB storage when not used, to prevent unauthorized storage or data theft [test:STRG-1840]
   - [10:17:20] Suggestion: Disable drivers like firewire storage when not used, to prevent unauthorized storage or data theft [test:STRG-1846]
   - [10:17:31] Suggestion: Install package 'yum-utils' for better consistency checking of the package database [test:PKGS-7384]
   - [10:17:42] Suggestion: Check your resolv.conf file and fill in a backup nameserver if possible [test:NETW-2705]
   - [10:17:48] Suggestion: Check iptables rules to see which rules are currently not used (iptables --list --numeric --verbose) [test:FIRE-4513]
   - [10:18:02] Suggestion: Enable logging to an external logging host for archiving purposes and additional protection [test:LOGG-2154]
   - [10:18:08] Suggestion: Add legal banner to /etc/motd, to warn unauthorized users [test:BANN-7122]
   - [10:18:08] Suggestion: Add legal banner to /etc/issue, to warn unauthorized users [test:BANN-7126]
   - [10:18:08] Suggestion: Add legal banner to /etc/issue.net, to warn unauthorized users [test:BANN-7130]
   - [10:18:10] Suggestion: Audit daemon is enabled with an empty ruleset. Disable the daemon or define rules [test:ACCT-9630]
   - [10:18:12] Suggestion: Check if any NTP daemon is running or a NTP client gets executed daily, to prevent big time differences and avoid problems with services like kerberos, authentication or logging differences. [test:TIME-3104]
   - [10:18:16] Suggestion: Install a file integrity tool [test:FINT-4350]
   - [10:18:23] Suggestion: One or more sysctl values differ from the scan profile and could be tweaked [test:KRNL-6000]
   - [10:18:23] Suggestion: Harden the system by removing unneeded compilers. This can decrease the chance of customized trojans, backdoors and rootkits to be compiled and installed [test:HRDN-7220]
   - [10:18:23] Suggestion: Harden compilers and restrict access to world [test:HRDN-7222]
================================================================================
  Files:
  - Test and debug information      : /var/log/lynis.log
  - Report data                     : /var/log/lynis-report.dat
================================================================================
  Notice: Lynis update available
  Current version : 130    Latest version : 240
================================================================================
  Hardening index : [58]     [###########         ]
================================================================================
  Tip: Disable all tests which are not relevant or are too strict for the
       purpose of the particular machine. This will remove unwanted suggestions
       and also boost the hardening index. Each test should be properly analyzed
       to see if the related risks can be accepted, before disabling the test.
================================================================================
  Lynis 1.3.0
  Copyright 2007-2012 - Michael Boelen, http://www.rootkit.nl/
================================================================================
  • File audited will be saved in this path shown .
[root@dhcppc6 ~]# vim /var/log/lynis.log
  • In log file it will be shown like this .
[10:16:03] ### Starting Lynis 1.3.0 with PID 3098, build date 28 April 2011 ###
[10:16:04] ### Copyright 2007-2012 - Michael Boelen, http://www.rootkit.nl/ ###
[10:16:04] Program version:           1.3.0
[10:16:04] Operating system:          Linux
[10:16:04] Operating system name:     Red Hat
[10:16:04] Operating system version:  Red Hat Enterprise Linux Server release 5.4 (Tikanga)
[10:16:04] Kernel version:            2.6.18-164.el5
[10:16:04] Hardware platform:         i686
[10:16:04] Hostname:
[10:16:04] Auditor:                   [Unknown]
[10:16:04] Profile:                   ./default.prf
[10:16:04] Log file:                  /var/log/lynis.log
[10:16:04] Report file:               /var/log/lynis-report.dat
[10:16:04] Report version:            1.0
[10:16:04] -----------------------------------------------------
[10:16:04] Include directory:         ./include
[10:16:04] Plugin directory:          ./plugins
[10:16:04] Database directory:        ./db
[10:16:04] ===---------------------------------------------------------------===
[10:16:39] Reading profile/configuration ./default.prf
[10:16:39] Profile option set: profile_name (with value Default Audit Template)
[10:16:39] Profile option set: pause_between_tests (with value 0)
[10:16:39] Profile option set: show_tool_tips (with value 1)
[10:16:39] Set option to default value: MACHINE_ROLE --> server
[10:16:39] Set option to default value: NTPD_ROLE --> client
[10:16:39] ===---------------------------------------------------------------===
[10:16:39] Test: Checking for program update...
[10:16:40] Current installed version  : 130
[10:16:40] Latest stable version      : 240
[10:16:40] Minimum required version   : 230
[10:16:40] Result: This version is VERY outdated. Newer Lynis release available!
[10:16:40] Suggestion: update to the latest stable release.
[10:16:48] ===---------------------------------------------------------------===
[10:16:48] Start scanning for available audit binaries and tools...
[10:16:48] ===---------------------------------------------------------------===
[10:16:48] Performing test ID FILE-7502 (Check all system binaries)
[10:16:48] Status: Starting binary scan...
  • You can type below command to check all about lynis tool in linux .
[root@dhcppc6 lynis-1.3.0]# ./lynis --view-manpage
Lynis(8)              Unix System Administrator’s Manual              Lynis(8)
NAME
        Lynis - Run an system and security audit on the system
SYNOPSIS
       lynis --check-all(-c) [other options]
DESCRIPTION
       Lynis  is an auditing tool for Unix (specialists). It checks the system
       and software configuration and logs all the found  information  into  a
       log  file for debugging purposes, and in a report file suitable to cre-
       ate fancy looking auditing reports.  Lynis can be run as a cronjob,  or
       from  the  command line. It needs to have full access to the system, so
       running it as root (or with sudo rights) is required.
       The following system areas may be checked:
              - Boot loader files
              - Configuration files
              - Common files by software packages
              - Directories and files related to logging and auditing
OPTIONS
       --auditor <full name>
              Define the name of the auditor/pen-tester. When a full  name  is
              used, add double quotes, like "Michael Boelen".
       --checkall (or -c)
              Lynis  performs  a  full  check  of the system, printing out the
              results of each test to stdout. Additional information  will  be
              saved into a log file (default is /var/log/lynis.log).
              In  case  the  outcome  of a scan needs to be automated, use the
              report file.
       --check-update (or --info)
              Show program, database and update information
       --cronjob
              Perform automatic scan with cron safe  options  (no  colors,  no
              questions, no breaks).
       --no-colors
              Do not use colors for messages, warnings and sections.
       --no-log
              Redirect all logging information to /dev/null, prevent sensitive
              information to be written to disk.
       --quick (-Q)
              Do a quick scan (don’t wait for user input)
       --quiet (-q)
              Try to run as silent as possible, showing  only  warnings.  This
              option activates --quick as well.
       --reverse-colors
              Optimize screen output for light backgrounds.
       --tests TEST-IDs
              Only  run  the  specific test(s). When using multiple tests, add
              quotes around the line.
       Multiple parameters are allowed, though some  parameters  can  only  be
       used  together  with others. When running Lynis without any parameters,
       help will be shown and the program will exit.
BUGS
       There are no known bugs. Bugs can be reported directly to author.
LICENSING
       Lynis is licensed under the GPL v3 license  and  under  development  by
       Michael Boelen.
CONTACT INFORMATION
       Project   related   questions   and   comments   should  be  asked  via
       http://www.rootkit.nl/contact/.
1.08                           15 December 2009                       Lynis(8)
  • When you type below commands , you don’t have to type ENTER again and again .
  • It will only show you WARNINGS .
[root@dhcppc6 lynis-1.3.0]# ./lynis --quiet
  - Program update status...                                  [ WARNING ]
      ===============================================================================
        Notice: Lynis update available
          Current version : 130   Latest version : 240
          Please update to the latest version for new features, bug fixes, tests
          and baselines.
      ===============================================================================
      - Checking for password protection...                   [ WARNING ]
  - Checking Linux single user mode authentication            [ WARNING ]
Repository 'a' is missing name in configuration, using id
This system is not registered with RHN.
RHN support will be disabled.
    - Minimal of 2 responsive nameservers...                  [ WARNING ]
    - Checking for unused rules...                            [ WARNING ]
  - Checking for a running NTP daemon or client...            [ WARNING ]
  • To check update for lynis software .
[root@dhcppc6 lynis-1.3.0]# ./lynis --check-update
 == Lynis ==
  Version         :   1.3.0 [ Outdated ]
  Release date    :   28 April 2011
  Update location :   http://www.rootkit.nl/
 == Databases ==
                      Current          Latest           Status
  -----------------------------------------------------------------------------
  Malware         :   2008062700       2008062700       Up-to-date
  File perms      :   2008053000              ./lynis: line 150: [: -gt: unary operator expected
Up-to-date
Copyright 2007-2012 - Michael Boelen, http://www.rootkit.nl/
  • To add auditor name in this file . Type below command.
  • Like i have given name DEEPIT .
[root@dhcppc6 lynis-1.3.0]# ./lynis --auditor "<DEEPIT>"
[ Lynis 1.3.0 ]
################################################################################
 Lynis comes with ABSOLUTELY NO WARRANTY. This is free software, and you are
 welcome to redistribute it under the terms of the GNU General Public License.
 See LICENSE file for details about using this software.
 Copyright 2007-2012 - Michael Boelen, http://www.rootkit.nl/
################################################################################
[+] Initializing program
------------------------------------
  - Detecting OS...                                           [ DONE ]
  - Clearing log file (/var/log/lynis.log)...                 [ DONE ]
  ---------------------------------------------------
  Program version:           1.3.0
  Operating system:          Linux
  Operating system name:     Red Hat
  Operating system version:  Red Hat Enterprise Linux Server release 5.4 (Tikanga)
  Kernel version:            2.6.18-164.el5
  Hardware platform:         i686
  Hostname:
  Auditor:                   <DEEPIT>
  Profile:                   ./default.prf
  Log file:                  /var/log/lynis.log
  Report file:               /var/log/lynis-report.dat
  Report version:            1.0

 

 

WHAT’S RUNLEVELS AND HOW TO CONFIGURE RUNLEVELS IN LINUX

VIRUS IN LINUX . LEARN HOW TO INSTALL AND RUN AVG ANTIVIRUS IN LINUX

HOW TO INSTALL WINDOWS SOFTWARE IN LINUX THROUGH CROSSOVER .

 

 

One thought on “HOW TO INSTALL AND USE LYNIS SECURITY AUDITING TOOL IN LINUX OPERATING SYSTEM

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s