文章目录

环境
安装
使用方法

运行扫描

扫描类别
指定类别扫描
查看扫描详细信息

查看日志与数据文件
检查更新

配置文件
自动执行任务

环境

产品	版本
Centos 7	3.10.0-1062.9.1.el7.x86_64
lynis	lynis-2.7.5-4.el7.noarch

需要安装epel源，可以参考下面的链接
阿里云Epel 镜像

安装

找到相应版本

yum search lynis

安装

yum install lynis

使用方法

输入lynis查看用法

[ Lynis 2.7.5 ]

################################################################################
  Lynis comes with ABSOLUTELY NO WARRANTY. This is free software, and you are
  welcome to redistribute it under the terms of the GNU General Public License.
  See the LICENSE file for details about using this software.

  2007-2019, CISOfy - https://cisofy.com/lynis/
  Enterprise support available (compliance, plugins, interface and tools)
################################################################################


[+] Initializing program
------------------------------------


  Usage: lynis command [options]


  Command:

    audit
        audit system                  : Perform local security scan
        audit system remote <host>    : Remote security scan
        audit dockerfile <file>       : Analyze Dockerfile

    show
        show                          : Show all commands
        show version                  : Show Lynis version
        show help                     : Show help

    update
        update info                   : Show update details


  Options:

    --no-log                          : Don't create a log file
    --pentest                         : Non-privileged scan (useful for pentest)
    --profile <profile>               : Scan the system with the given profile file
    --quick (-Q)                      : Quick mode, don't wait for user input

    Layout options
    --no-colors                       : Don't use colors in output
    --quiet (-q)                      : No output
    --reverse-colors                  : Optimize color display for light backgrounds

    Misc options
    --debug                           : Debug logging to screen
    --view-manpage (--man)            : View man page
    --verbose                         : Show more details on screen
    --version (-V)                    : Display version number and quit

    Enterprise options
    --plugindir <path>                : Define path of available plugins
    --upload                          : Upload data to central node

    More options available. Run '/usr/bin/lynis show options', or use the man page.

运行扫描

lynis audit system

扫描结果
提供评分和扫描日志、数据路径

  Lynis security scan details:

  Hardening index : 70 [##############      ]
  Tests performed : 248
  Plugins enabled : 0

  Components:
  - Firewall               [V]
  - Malware scanner        [X]

  Lynis modules:
  - Compliance status      [?]
  - Security audit         [V]
  - Vulnerability scan     [V]

  Files:
  - Test and debug information      : /var/log/lynis.log
  - Report data                     : /var/log/lynis-report.dat

提供Warnings和Suggestions信息

  -[ Lynis 2.7.5 Results ]-

  Warnings (4):
  ----------------------------
  ! Found one or more problems in the package database [PKGS-7384]
      https://cisofy.com/lynis/controls/PKGS-7384/

  ! Found one or more vulnerable packages. [PKGS-7386]
      https://cisofy.com/lynis/controls/PKGS-7386/

  ! Found promiscuous interface [NETW-3015]
    - Details  : virbr0-nic
    - Solution : Determine if this mode is required or whitelist interface in profile
      https://cisofy.com/lynis/controls/NETW-3015/

  ! Found some information disclosure in SMTP banner (OS or software name) [MAIL-8818]
      https://cisofy.com/lynis/controls/MAIL-8818/

  Suggestions (43):
  ----------------------------
  * This release is more than 4 months old. Consider upgrading [LYNIS]
      https://cisofy.com/lynis/controls/LYNIS/

  * Check the output of ps for dead or zombie processes [PROC-3612]
      https://cisofy.com/lynis/controls/PROC-3612/

  * Configure minimum password age in /etc/login.defs [AUTH-9286]
      https://cisofy.com/lynis/controls/AUTH-9286/

  * Configure maximum password age in /etc/login.defs [AUTH-9286]
      https://cisofy.com/lynis/controls/AUTH-9286/

  * Default umask in /etc/profile or /etc/profile.d/custom.sh could be more strict (e.g. 027) [AUTH-9328]
      https://cisofy.com/lynis/controls/AUTH-9328/

  * To decrease the impact of a full /tmp file system, place /tmp on a separate partition [FILE-6310]
      https://cisofy.com/lynis/controls/FILE-6310/

分类别扫描，以firewalls为例：

扫描类别

看扫描类别

lynis show groups

有以下分类，在扫描后可以看到每个类别的报告

accounting
authentication
banners
boot_services
containers
crypto
databases
dns
file_integrity
file_permissions
filesystems
firewalls
hardening
homedirs
insecure_services
kernel
kernel_hardening
ldap
logging
mac_frameworks
mail_messaging
malware
memory_processes
nameservices
networking
php
ports_packages
printers_spools
scheduling
shells
snmp
squid
ssh
storage
storage_nfs
system_integrity
time
tooling
usb
virtualization
webservers

指定类别扫描

例：指定扫描php和ssh

lynis --tests-from-group "php ssh"

查看扫描详细信息

每次扫描完成后，show details 参数来获取关于某条警告/建议的详细说明。

This command is used after a scan (lynis audit system). 
Run 'lynis show tests' to see all available tests.

其对应的命令形式为:

lynis show details ${test_id}

其中test_id可以通过查看每次扫描结果，以lynis --tests-from-group "php ssh"为例
在这里插入图片描述

在每项suggestion和warning后有test_id
通过lynis show tests查看所有test_id

查看详细lynis show details PHP-2372

查看日志与数据文件

  Files:
  - Test and debug information      : /var/log/lynis.log
  - Report data                     : /var/log/lynis-report.dat

检查告内容：

grep Warning /var/log/lynis.log
more /var/log/lynis.log|grep Warning
more /var/log/lynis.log|grep Suggestion

检查建议内容：

grep Suggestion /var/log/lynis.log

检查更新

lynis update info

配置文件

默认lynis自带一个名为 default.prf 的默认配置文件

/etc/lynis/default.prf

无需直接修改这个默认的配置文件，只需要新增一个custom.prf 文件将自定义的信息加入其中就可以了。

自动执行任务

vim /etc/crontab
# 添加
00 10 * * * root lynis audit system -Q
# 重启服务
systemctl restart crond

Centos 7 | Lynis安装与使用