Check your hardening index of your Linux systems

October 6, 2014

I found a small program called Lynis, which does a system check of your Linux and Unix System. From the homepage:

Lynis is an open source security auditing tool. Primary goal is to help users with auditing and hardening of Unix and Linux based systems. The software is very flexible and runs on almost every Unix based system (including Mac). Even the installation of the software itself is optional!

To test a system is really easy, just download the tar.gz from here and extract the tar as root (otherwise it will complain) and change into its directory and call

./lynis -c

for the interactive mode (waits after each section) or

./lynis -q

for the quick mode which only logs the results to the log file. In both cases the log is written to /var/log/lynis.log.

For the following screenshots a I did setup a test system with some changes to show you some errors and warnings :-):

lynis_1

and at the end you get a summary with entries like this:

 

lynis_2

 

And you’ll get also a “Hardening index”  which allows you to compare various systems against each other. lynis_3 lynis_3

I you want to check multiple systems it it also possible to create an rpm file with the lynis.spec file from the Lynis homepage. You should run this software every time you setup a new system to make sure that you didn’t leave the big whole open.

No Comments yet »

RSS feed for comments on this post. TrackBack URI

Leave a comment

XHTML: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

Powered by WordPress
Entries and comments feeds. Valid XHTML and CSS. 72 queries. 0.557 seconds.