Security and Technology

Lynis 2.4.0 – Security Auditing Tool for Unix/Linux Systems

We are excited to announce this major release of auditing tool Lynis. Several big changes have been made to core functions of Lynis. These changes are the next of simplification improvements we made. There is a risk of breaking your existing configuration.
Lynis is an open source security auditing tool. Used by system administrators, security professionals, and auditors, to evaluate the security defenses of their Linux and UNIX-based systems. It runs on the host itself, so it performs more extensive security scans than vulnerability scanners.

Supported operating systems

The tool has almost no dependencies, therefore it runs on almost all Unix based systems and versions, including:

AIX

FreeBSD

HP-UX

Linux

Mac OS

NetBSD

OpenBSD

Solaris

and others

It even runs on systems like the Raspberry Pi and several storage devices!

Installation optional
Lynis is light-weight and easy to use. Installation is optional: just copy it to a system, and use “./lynis audit system” to start the security scan. It is written in shell script and released as open source software (GPL).

How it works

Lynis performs hundreds of individual tests, to determine the security state of the system. The security scan itself consists of performing a set of steps, from initialization the program, up to the report.

Steps

Determine operating system

Search for available tools and utilities

Check for Lynis update

Run tests from enabled plugins

Run security tests per category

Report status of security scan

Besides the data displayed on screen, all technical details about the scan are stored in a log file. Any findings (warnings, suggestions, data collection) are stored in a report file.

Opportunistic scanning

Lynis scanning is opportunistic: it uses what it can find.

For example if it sees you are running Apache, it will perform an initial round of Apache related tests. When during the Apache scan it also discovers a SSL/TLS configuration, it will perform additional auditing steps on that. While doing that, it then will collect discovered certificates, so they can be scanned later as well.

In-depth security scans

By performing opportunistic scanning, the tool can run with almost no dependencies. The more it finds, the deeper the audit will be. In other words, Lynis will always perform scans which are customized to your system. No audit will be the same!

Use cases

Since Lynis is flexible, it is used for several different purposes. Typical use cases for Lynis include:

Security auditing

Compliance testing (e.g. PCI, HIPAA, SOx)

Vulnerability detection and scanning

System hardening

Resources used for testing

Many other tools use the same data files for performing tests. Since Lynis is not limited to a few common Linux distributions, it uses tests from standards and many custom ones not found in any other tool.

Best practices

CIS

NIST

NSA

OpenSCAP data

Vendor guides and recommendations (e.g. Debian Gentoo, Red Hat)

Lynis Plugins
lugins enable the tool to perform additional tests. They can be seen as an extension (or add-on) to Lynis, enhancing its functionality. One example is the compliance checking plugin, which performs specific tests only applicable to some standard.Changelog

Upgrade note

Lynis 2.4.0 (2016-10-27)Exactly one month after previous release, the Lynis project is proud to announcea new release. This release had the specific focus to improve support for macOSusers. Thanks to testers and contributors to make this possible.New:—-* New group “system integrity” added* Support for clamconf utility* Chinese translation (language=cn)* New command “upload-only” to upload just the data instead of a full audit* Enhanced support for macOS, including HostID2 generation for macOS* Support for CoreOS* Detection for pkg binary (FreeBSD)* New command: lynis show hostids (show host ID)* New command: lynis show environment (hardware, VM, or container type)* New command: lynis show os (show operating system details)Changes:——–* Several new sysctl values have been added to the default profile* Existing tests have been enhanced to support macOSTests:——* AUTH-9234 – Support for macOS user gathering* BOOT-5139 – Support for machine roles in LILO test* BOOT-5202 – Improve uptime detection for macOS and others* FIRE-4518 – Improve pf detection and mark as root-only test* FIRE-4530 – Don’t show error on screen for missing IPFW sysctl key* FIRE-4534 – Check Little Snitch on macOS* INSE-8050 – Test for insecure services on macOS* MACF-6208 – Allow non-privileged execution and filter permission issues* MALW-3280 – Detection for Avast and Bitdefender daemon on macOS* NETW-3004 – Support for macOS* PKGS-7381 – Improve test for pkg audit on FreeBSD* TIME-3104 – Chrony support extendedPlugins (community and commercial):———————————–* PLGN-1430 – Gather installed software packages for macOS* PLGN-4602 – Support for Clam definition check on macOS

Download Lynis 2.4.0 http://ift.tt/2fn0XUf http://ift.tt/2aM8QhC

Deixe uma resposta

Preencha os seus dados abaixo ou clique em um ícone para log in:

Logotipo do WordPress.com

Você está comentando utilizando sua conta WordPress.com. Sair / Alterar )

Imagem do Twitter

Você está comentando utilizando sua conta Twitter. Sair / Alterar )

Foto do Facebook

Você está comentando utilizando sua conta Facebook. Sair / Alterar )

Foto do Google+

Você está comentando utilizando sua conta Google+. Sair / Alterar )

Conectando a %s