2

使用lynis进行linux漏洞扫描

 1 year ago
source link: https://www.lujun9972.win/blog/2018/06/08/%E4%BD%BF%E7%94%A8lynis%E8%BF%9B%E8%A1%8Clinux%E6%BC%8F%E6%B4%9E%E6%89%AB%E6%8F%8F/index.html
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.

使用lynis进行主机扫描

首先让我们不带任何参数运行 lynis, 这会列出 lynis 支持的那些参数

[[email protected] linux和它的小伙伴]$ lynis

[ Lynis 2.6.4 ]

################################################################################
  Lynis comes with ABSOLUTELY NO WARRANTY. This is free software, and you are
  welcome to redistribute it under the terms of the GNU General Public License.
  See the LICENSE file for details about using this software.

  2007-2018, CISOfy - https://cisofy.com/lynis/
  Enterprise support available (compliance, plugins, interface and tools)
################################################################################


[+] Initializing program
------------------------------------


  Usage: lynis command [options]


  Command:

    audit
        audit system                  : Perform local security scan
        audit system remote <host>    : Remote security scan
        audit dockerfile <file>       : Analyze Dockerfile

    show
        show                          : Show all commands
        show version                  : Show Lynis version
        show help                     : Show help

    update
        update info                   : Show update details


  Options:

    --no-log                          : Don't create a log file
    --pentest                         : Non-privileged scan (useful for pentest)
    --profile <profile>               : Scan the system with the given profile file
    --quick (-Q)                      : Quick mode, don't wait for user input

    Layout options
    --no-colors                       : Don't use colors in output
    --quiet (-q)                      : No output
    --reverse-colors                  : Optimize color display for light backgrounds

    Misc options
    --debug                           : Debug logging to screen
    --view-manpage (--man)            : View man page
    --verbose                         : Show more details on screen
    --version (-V)                    : Display version number and quit

    Enterprise options
    --plugindir <path>                : Define path of available plugins
    --upload                          : Upload data to central node

    More options available. Run '/usr/bin/lynis show options', or use the man page.

  No command provided. Exiting..

从上面可以看出,使用 lynis 进行主机扫描很简单,只需要带上参数 audit system 即可。 Lynis在审计的过程中,会进行多种类似的测试,在审计过程中会将各种测试结果、调试信息、和对系统的加固建议都被写到 stdin 。 我们可以执行下面命令来跳过检查过程,直接截取最后的扫描建议来看。

sudo lynis audit system |sed '1,/Results/d'

lynis将扫描的内容分成几大类,可以通过 show groups 参数来获取类别

lynis show groups
accounting
authentication
banners
boot_services
containers
crypto
databases
dns
file_integrity
file_permissions
filesystems
firewalls
hardening
homedirs
insecure_services
kernel
kernel_hardening
ldap
logging
mac_frameworks
mail_messaging
malware
memory_processes
nameservices
networking
php
ports_packages
printers_spools
scheduling
shells
snmp
squid
ssh
storage
storage_nfs
system_integrity
time
tooling
usb
virtualization
webservers

若指向扫描某几类的内容,则可以通过 --tests-from-group 参数来指定。

比如我只想扫描 shells 和 networking 方面的内容,则可以执行

sudo lynis --tests-from-group "shells networking" --no-colors
[ Lynis 2.6.4 ]

################################################################################
  Lynis comes with ABSOLUTELY NO WARRANTY. This is free software, and you are
  welcome to redistribute it under the terms of the GNU General Public License.
  See the LICENSE file for details about using this software.

  2007-2018, CISOfy - https://cisofy.com/lynis/
  Enterprise support available (compliance, plugins, interface and tools)
################################################################################


[+] Initializing program
------------------------------------
[2C- Detecting OS... [41C [ DONE ]
[2C- Checking profiles...[37C [ DONE ]
[2C- Detecting language and localization[22C [ zh ]
[4CNotice: no language file found for 'zh' (tried: /usr/share/lynis/db/languages/zh)[0C

  ---------------------------------------------------
  Program version:           2.6.4
  Operating system:          Linux
  Operating system name:     Arch Linux
  Operating system version:  Rolling release
  Kernel version:            4.16.13
  Hardware platform:         x86_64
  Hostname:                  T520
  ---------------------------------------------------
  Profiles:                  /etc/lynis/default.prf
  Log file:                  /var/log/lynis.log
  Report file:               /var/log/lynis-report.dat
  Report version:            1.0
  Plugin directory:          /usr/share/lynis/plugins
  ---------------------------------------------------
  Auditor:                   [Not Specified]
  Language:                  zh
  Test category:             all
  Test group:                shells networking
  ---------------------------------------------------
[2C- Program update status... [32C [ NO UPDATE ]

[+] System Tools
------------------------------------
[2C- Scanning available tools...[30C
[2C- Checking system binaries...[30C

[+] Plugins (phase 1)
------------------------------------
[0CNote: plugins have more extensive tests and may take several minutes to complete[0C
[0C [0C
[2C- Plugins enabled[42C [ NONE ]

[+] Shells
------------------------------------
[2C- Checking shells from /etc/shells[25C
[4CResult: found 5 shells (valid shells: 5).[16C
[4C- Session timeout settings/tools[25C [ NONE ]
[2C- Checking default umask values[28C
[4C- Checking default umask in /etc/bash.bashrc[13C [ NONE ]
[4C- Checking default umask in /etc/profile[17C [ WEAK ]

[+] Networking
------------------------------------
[2C- Checking IPv6 configuration[30C [ ENABLED ]
[6CConfiguration method[35C [ AUTO ]
[6CIPv6 only[46C [ NO ]
[2C- Checking configured nameservers[26C
[4C- Testing nameservers[36C
[6CNameserver: 202.96.134.33[30C [ SKIPPED ]
[6CNameserver: 202.96.128.86[30C [ SKIPPED ]
[4C- Minimal of 2 responsive nameservers[20C [ SKIPPED ]
[2C- Getting listening ports (TCP/UDP)[24C [ DONE ]
[6C* Found 11 ports[39C
[2C- Checking status DHCP client[30C [ RUNNING ]
[2C- Checking for ARP monitoring software[21C [ NOT FOUND ]

[+] Custom Tests
------------------------------------
[2C- Running custom tests... [33C [ NONE ]

[+] Plugins (phase 2)
------------------------------------

================================================================================

  -[ Lynis 2.6.4 Results ]-

  Great, no warnings

  Suggestions (1):
  ----------------------------
  * Consider running ARP monitoring software (arpwatch,arpon) [NETW-3032] 
      https://cisofy.com/controls/NETW-3032/

  Follow-up:
  ----------------------------
  - Show details of a test (lynis show details TEST-ID)
  - Check the logfile for all details (less /var/log/lynis.log)
  - Read security controls texts (https://cisofy.com)
  - Use --upload to upload data to central system (Lynis Enterprise users)

================================================================================

  Lynis security scan details:

  Hardening index : 33 [######              ]
  Tests performed : 13
  Plugins enabled : 0

  Components:
  - Firewall               [X]
  - Malware scanner        [X]

  Lynis Modules:
  - Compliance Status      [?]
  - Security Audit         [V]
  - Vulnerability Scan     [V]

  Files:
  - Test and debug information      : /var/log/lynis.log
  - Report data                     : /var/log/lynis-report.dat

================================================================================

  Lynis 2.6.4

  Auditing, system hardening, and compliance for UNIX-based systems
  (Linux, macOS, BSD, and others)

  2007-2018, CISOfy - https://cisofy.com/lynis/
  Enterprise support available (compliance, plugins, interface and tools)

================================================================================

  [TIP]: Enhance Lynis audits by adding your settings to custom.prf (see /etc/lynis/default.prf for all settings)


About Joyk


Aggregate valuable and interesting links.
Joyk means Joy of geeK