Ethical Hacking Tools Security Auditing and Compliance Testing Using Lynis 3.0.0

Security Auditing and Compliance Testing Using Lynis 3.0.0

Today, as all of us know that how security is important for servers and network on this period. We spend our most of time to implement our security policy for infrastructure. So here’s a query in mind that, is there any automatic tool which can assist us to find out the vulnerability for us. So I would really like to introduce free and open source tool called Lynis.
Lynis is a one of many popular security auditing tool for Unix and Linux like systems, it may well find out malwares and security related vulnerability in Linux based systems. Used by system administrators, security professionals, and auditors, to evaluate the security defenses of their Linux and UNIX-based systems. It runs on the host itself, so it performs more extensive security scans than vulnerability scanners.

Supported operating systems

The tool has almost no dependencies, due to this fact it runs on almost all Unix-based systems and versions, including:

  • AIX
  • FreeBSD
  • HP-UX
  • Linux (Kali Linux, Ubuntu etc)
  • Mac OS
  • NetBSD
  • OpenBSD
  • Solaris
  • and others
It even runs on systems just like the Raspberry Pi and several storage devices!
Installation optionalLynis is lightweight and easy to make use of. Installation is optional: just copy it to a system, and use “./lynis audit system” to start the security scan. It is written in shell script and released as open source software (GPL).

How it really works

Lynis performs hundreds of individual tests, to find out the security state of the system. The security scan itself consists of performing a set of steps, from initialization the program, as much as the report.

Steps

  1. Determine operating system
  2. Search for available tools and utilities
  3. Check for Lynis update
  4. Run tests from enabled plugins
  5. Run security tests per category
  6. Report status of security scan

Besides the data displayed on the screen, all technical details concerning the scan are stored in a log file. Any findings (warnings, strategies, data collection) are stored in a report file.

Opportunistic Scanning

Lynis scanning is opportunistic: it uses what it may well find. For example, if it sees you might be running Apache, it should perform an initial spherical of Apache related tests. When throughout the Apache scan it also discovers an SSL/TLS configuration, it should perform additional auditing steps on that. While doing that, it then will collect discovered certificates to allow them to be scanned later as well.

In-depth security scans

By performing opportunistic scanning, the tool can run with almost no dependencies. The more it finds, the deeper the audit can be. In other words, Lynis will at all times perform scans that are customized to your system. No audit would be the similar!

Why we should always use Lynis :

There are numbers of explanation why we should always Lynis in our environment, however distinguished are listed below:

  • Network and Servers Security Audit
  • Vulnerability detection and scanning
  • System hardening
  • Penetration Testing

Resources used for testing

Many other tools use the identical data files for performing tests. Since Lynis is just not limited to a few common Linux distributions, it uses tests from standards and many {custom} ones not present in every other tool.

  • Best practices
  • CIS
  • NIST
  • NSA
  • OpenSCAP data
  • Vendor guides and recommendations (e.g. Debian Gentoo, Red Hat)
Lynis PluginsPlugins enable the tool to perform additional tests. They might be seen as an extension (or add-on) to Lynis, enhancing its functionality. One example is the compliance checking plugin, which performs particular tests only relevant to some standard.

Change log

Upgrade note

## Lynis 3.0.0 (2020-06-18)

This is a serious release of Lynis and includes several large changes.
Some of those changes could break your current usage of the tool, so test before
deployment!

### Security issues
This release resolves two security issues
* CVE-2020-13882 - Discovered by Sander Bos, code submission by Katarina Durechova
* CVE-2019-13033 - Discovered by Sander Bos

### Breaking change: Non-interactive by default
Lynis now runs non-interactive by default, to be more in keeping with the Unix
philosophy. So the previously used '--quick' option is now default, and the tool
will only wait when utilizing the '--wait' option.

### Breaking change: Deprecated options
- Option: -c
- Option: --check-update/--info
- Option: --dump-options
- Option: --license-key

### Breaking change: Profile options
The format of all profile options are converted (from key:worth to key=worth).
You could must update the changes you made in your {custom}.prf.

### Security
An important focus area for this release is on security. We added several
measures to further tighten any attainable misuse.

## New: DevOps, Forensics, and pentesting mode
This release adds initial assist to permit defining a specialised type of audit.
Using the relevant options, the scan will change base on the supposed aim.

See full changelog on GitHub page.

LEAVE A REPLY

Please enter your comment!
Please enter your name here