Tuesday, December 31, 2013

[Lynis v1.3.8] The Unix/Linux Hardening tool


Lynis is a security tool to audit and harden Unix and Linux based systems. It scans the system by performing many security control checks, looks for installed software and determines compliance to standards. Also will it detects security issues and errors in configuration. At the end of the scan it will provide the warnings and suggestions to help you improving the security defense of your systems.

Some of the (future) features and usage options:
  • System and security audit checks
  • File Integrity Assessment
  • System and file forensics
  • Usage of templates/baselines (reporting and monitoring)
  • Extended debugging features

This tool is tested or confirmed to work with:
AIX, Linux, FreeBSD, OpenBSD, Mac OS X, Solaris

Changelog

  • New parameter –view-categories to display available test categories
  • Added /etc/hosts check (duplicates) [NAME-4402]
  • Added /etc/hosts check (hostname) [NAME-4404]
  • Added /etc/hosts check (localhost mapping) [NAME-4406]
  • Portmaster test for possible port upgrades [PKGS-7378]
  • Check for SPARC improve boot loader (SILO) [BOOT-5142]
  • NFS client access test [STRG-1930]
  • Check system uptime [BOOT-5202]
  • YUM repolist check [PKGS-7383]
  • Contributors file added
  • Improved locate database check and reporting [FILE-6410]
  • Improved PAE/No eXecute test for Linux kernel [KRNL-5677]
  • Disabled NIS domain name from test [NAME-4028]
  • Extended NIS domain test to check BSD sysctl value [NAME-4306]
  • Extended PAM tools check with PAM paths [AUTH-9262]
  • Adjusted Apache check to avoid skipping it [HTTP-6622]
  • Extended USB state testing [STRG-1840]
  • Extended Firewire state testing [STRG-1846]
  • Extended core dump test [KRNL-5820]
  • Added /lib/i386-linux-gnu/security to PAM directories
  • Added /usr/X11R6/bin directory to binary paths
  • Improved readability of screen output
  • Improved logging for several tests
  • Improved Debian version detection
  • Added warning to BIND test [NAME-4206]
  • Extended binaries with showmount and yum
  • Updated man page

No comments:

Post a Comment