网站运营
位置:首页>> 网站运营>> 利用lynis如何进行linux漏洞扫描详解

利用lynis如何进行linux漏洞扫描详解

作者:暗无天日  发布时间:2023-08-20 00:36:51 

标签:linux,lynis,漏洞扫描

前言

lynis 是一款运行在 Unix/Linux 平台上的基于主机的、开源的安全审计软件。Lynis是针对Unix/Linux的安全检查工具,可以发现潜在的安全威胁。这个工具覆盖可疑文件监测、漏洞、恶意程序扫描、配置错误等。下面一起来看看使用lynis进行linux漏洞扫描的相关内容吧

安装lynis

在 archlinux 上可以直接通过 pacman 来安装


sudo pacman -S lynis --noconfirm

resolving dependencies...
looking for conflicting packages...

Packages (1) lynis-2.6.4-1

Total Installed Size: 1.35 MiB
Net Upgrade Size:  0.00 MiB

:: Proceed with installation? [Y/n]
(0/1) checking keys in keyring      [----------------------] 0%
(1/1) checking keys in keyring      [######################] 100%
(0/1) checking package integrity     [----------------------] 0%
(1/1) checking package integrity     [######################] 100%
(0/1) loading package files      [----------------------] 0%
(1/1) loading package files      [######################] 100%
(0/1) checking for file conflicts     [----------------------] 0%
(1/1) checking for file conflicts     [######################] 100%
(0/1) checking available disk space    [----------------------] 0%
(1/1) checking available disk space    [######################] 100%
:: Processing package changes...
(1/1) reinstalling lynis       [----------------------] 0%
(1/1) reinstalling lynis       [######################] 100%
:: Running post-transaction hooks...
(1/2) Reloading system manager configuration...
(2/2) Arming ConditionNeedsUpdate...

使用lynis进行主机扫描

首先让我们不带任何参数运行 lynis, 这会列出 lynis 支持的那些参数


[lujun9972@T520 linux和它的小伙伴]$ lynis

[ Lynis 2.6.4 ]

################################################################################
Lynis comes with ABSOLUTELY NO WARRANTY. This is free software, and you are
welcome to redistribute it under the terms of the GNU General Public License.
See the LICENSE file for details about using this software.

2007-2018, CISOfy - https://cisofy.com/lynis/
Enterprise support available (compliance, plugins, interface and tools)
################################################################################

[+] Initializing program
------------------------------------

Usage: lynis command [options]

Command:

audit
 audit system     : Perform local security scan
 audit system remote <host> : Remote security scan
 audit dockerfile <file>  : Analyze Dockerfile

show
 show       : Show all commands
 show version     : Show Lynis version
 show help      : Show help

update
 update info     : Show update details

Options:

--no-log       : Don't create a log file
--pentest       : Non-privileged scan (useful for pentest)
--profile <profile>    : Scan the system with the given profile file
--quick (-Q)      : Quick mode, don't wait for user input

Layout options
--no-colors      : Don't use colors in output
--quiet (-q)      : No output
--reverse-colors     : Optimize color display for light backgrounds

Misc options
--debug       : Debug logging to screen
--view-manpage (--man)   : View man page
--verbose       : Show more details on screen
--version (-V)     : Display version number and quit

Enterprise options
--plugindir <path>    : Define path of available plugins
--upload       : Upload data to central node

More options available. Run '/usr/bin/lynis show options', or use the man page.

No command provided. Exiting..

从上面可以看出,使用 lynis 进行主机扫描很简单,只需要带上参数 audit system 即可。 Lynis在审计的过程中,会进行多种类似的测试,在审计过程中会将各种测试结果、调试信息、和对系统的加固建议都被写到 stdin 。 我们可以执行下面命令来跳过检查过程,直接截取最后的扫描建议来看。


sudo lynis audit system |sed '1,/Results/d'

lynis将扫描的内容分成几大类,可以通过 show groups 参数来获取类别


lynis show groups

accounting
authentication
banners
boot_services
containers
crypto
databases
dns
file_integrity
file_permissions
filesystems
firewalls
hardening
homedirs
insecure_services
kernel
kernel_hardening
ldap
logging
mac_frameworks
mail_messaging
malware
memory_processes
nameservices
networking
php
ports_packages
printers_spools
scheduling
shells
snmp
squid
ssh
storage
storage_nfs
system_integrity
time
tooling
usb
virtualization
webservers

若指向扫描某几类的内容,则可以通过 –tests-from-group 参数来指定。

比如我只想扫描 shells 和 networking 方面的内容,则可以执行


sudo lynis --tests-from-group "shells networking" --no-colors

[ Lynis 2.6.4 ]

################################################################################
Lynis comes with ABSOLUTELY NO WARRANTY. This is free software, and you are
welcome to redistribute it under the terms of the GNU General Public License.
See the LICENSE file for details about using this software.

2007-2018, CISOfy - https://cisofy.com/lynis/
Enterprise support available (compliance, plugins, interface and tools)
################################################################################

[+] Initializing program
------------------------------------
- Detecting OS...  [ DONE ]
- Checking profiles... [ DONE ]
- Detecting language and localization [ zh ]
Notice: no language file found for 'zh' (tried: /usr/share/lynis/db/languages/zh)

---------------------------------------------------
Program version:   2.6.4
Operating system:   Linux
Operating system name:  Arch Linux
Operating system version: Rolling release
Kernel version:   4.16.13
Hardware platform:   x86_64
Hostname:     T520
---------------------------------------------------
Profiles:     /etc/lynis/default.prf
Log file:     /var/log/lynis.log
Report file:    /var/log/lynis-report.dat
Report version:   1.0
Plugin directory:   /usr/share/lynis/plugins
---------------------------------------------------
Auditor:     [Not Specified]
Language:     zh
Test category:    all
Test group:    shells networking
---------------------------------------------------
- Program update status...  [ NO UPDATE ]

[+] System Tools
------------------------------------
- Scanning available tools...
- Checking system binaries...

[+] Plugins (phase 1)
------------------------------------
Note: plugins have more extensive tests and may take several minutes to complete
 
- Plugins enabled [ NONE ]

[+] Shells
------------------------------------
- Checking shells from /etc/shells
Result: found 5 shells (valid shells: 5).
- Session timeout settings/tools [ NONE ]
- Checking default umask values
- Checking default umask in /etc/bash.bashrc [ NONE ]
- Checking default umask in /etc/profile [ WEAK ]

[+] Networking
------------------------------------
- Checking IPv6 configuration [ ENABLED ]
Configuration method [ AUTO ]
IPv6 only [ NO ]
- Checking configured nameservers
- Testing nameservers
Nameserver: 202.96.134.33 [ SKIPPED ]
Nameserver: 202.96.128.86 [ SKIPPED ]
- Minimal of 2 responsive nameservers [ SKIPPED ]
- Getting listening ports (TCP/UDP) [ DONE ]
* Found 11 ports
- Checking status DHCP client [ RUNNING ]
- Checking for ARP monitoring software [ NOT FOUND ]

[+] Custom Tests
------------------------------------
- Running custom tests...  [ NONE ]

[+] Plugins (phase 2)
------------------------------------

================================================================================

-[ Lynis 2.6.4 Results ]-

Great, no warnings

Suggestions (1):
----------------------------
* Consider running ARP monitoring software (arpwatch,arpon) [NETW-3032]

https://cisofy.com/controls/NETW-3032/

Follow-up:
----------------------------
- Show details of a test (lynis show details TEST-ID)
- Check the logfile for all details (less /var/log/lynis.log)
- Read security controls texts (https://cisofy.com)
- Use --upload to upload data to central system (Lynis Enterprise users)

================================================================================

Lynis security scan details:

Hardening index : 33 [######    ]
Tests performed : 13
Plugins enabled : 0

Components:
- Firewall    [X]
- Malware scanner  [X]

Lynis Modules:
- Compliance Status  [?]
- Security Audit   [V]
- Vulnerability Scan  [V]

Files:
- Test and debug information  : /var/log/lynis.log
- Report data      : /var/log/lynis-report.dat

================================================================================

Lynis 2.6.4

Auditing, system hardening, and compliance for UNIX-based systems
(Linux, macOS, BSD, and others)

2007-2018, CISOfy - https://cisofy.com/lynis/
Enterprise support available (compliance, plugins, interface and tools)

================================================================================

[TIP]: Enhance Lynis audits by adding your settings to custom.prf (see /etc/lynis/default.prf for all settings)

查看详细说明

在查看审计结果时,你可以通过 show details 参数来获取关于某条警告/建议的详细说明。其对应的命令形式为:


lynis show details ${test_id}

比如,上面图中有一个建议


* Consider running ARP monitoring software (arpwatch,arpon) [NETW-3032]

我们可以运行命令:


sudo lynis show details NETW-3032

2018-06-08 18:18:01 Performing test ID NETW-3032 (Checking for ARP monitoring software)
2018-06-08 18:18:01 IsRunning: process 'arpwatch' not found
2018-06-08 18:18:01 IsRunning: process 'arpon' not found
2018-06-08 18:18:01 Suggestion: Consider running ARP monitoring software (arpwatch,arpon) [test:NETW-3032] [details:-] [solution:-]
2018-06-08 18:18:01 Checking permissions of /usr/share/lynis/include/tests_printers_spools
2018-06-08 18:18:01 File permissions are OK
2018-06-08 18:18:01 ===---------------------------------------------------------------===

查看日志文件

lynis在审计完成后会将详细的信息记录在 /var/log/lynis.log 中.


sudo tail /var/log/lynis.log

2018-06-08 17:59:46 ================================================================================
2018-06-08 17:59:46 Lynis 2.6.4
2018-06-08 17:59:46 2007-2018, CISOfy - https://cisofy.com/lynis/
2018-06-08 17:59:46 Enterprise support available (compliance, plugins, interface and tools)
2018-06-08 17:59:46 Program ended successfully
2018-06-08 17:59:46 ================================================================================
2018-06-08 17:59:46 PID file removed (/var/run/lynis.pid)
2018-06-08 17:59:46 Temporary files: /tmp/lynis.sGxCR0hSPz
2018-06-08 17:59:46 Action: removing temporary file /tmp/lynis.sGxCR0hSPz
2018-06-08 17:59:46 Lynis ended successfully.

同时将报告数据被保存到 /var/log/lynis-report.dat 中.


sudo tail /var/log/lynis-report.dat

另外需要注意的是,每次审计都会覆盖原日志文件.

检查更新

审计软件需要随时进行更新从而得到最新的建议和信息,我们可以使用 update info 参数来检查更新:


lynis update info --no-colors

== Lynis ==

Version   : 2.6.4
Status    : Up-to-date
Release date  : 2018-05-02
Update location : https://cisofy.com/lynis/

2007-2018, CISOfy - https://cisofy.com/lynis/

自定义lynis安全审计策略

lynis的配置信息以 .prf 文件的格式保存在 /etc/lynis 目录中。 其中,默认lynis自带一个名为 default.prf 的默认配置文件。

不过我们无需直接修改这个默认的配置文件,只需要新增一个 custom.prf 文件将自定义的信息加入其中就可以了。

关于配置文件中各配置项的意义,在 default.prf 中都有相应的注释说明,这里就不详述了。

想了解lynis的更多信息,可以访问它的官网.

来源:https://lujun9972.github.io/blog/2018/06/08/使用lynis进行linux漏洞扫描/

0
投稿

猜你喜欢

  • Flv文件不能播放的原因有种种,最近遇到了“Flv文件在本地能显示,上传到服务器上不能播放”,解决流程如下:首先是检查网页中FLV相关文件上
  • 10月16日消息,据知情人士透露,在媒体前低调一年多的巨人网络董事长兼CEO史玉柱,近期有望推出一款心血大作《绿色征途》。上述人士称该游戏凝
  • 喜欢看电影吗?有收藏电影的习惯吗?网上看电影,资源太多,纵使再大的硬盘都会很快装满,你是否在为无法保存自己喜爱的影片而发愁呢?我想大部分着迷
  • 注意:此文为个人修改办法,非官方!请不要误会!你可以不使用本人提供的代码,如果你使用了本人提供的代码,我就认为你愿意自行担负可能造成的错误和
  • 核心提示:鞭牛士与搜狐IT共同打造的公益性平台网编训练营,第35期嘉宾是CNET中国现CBSi)执行主编高飞先生,谈网络编辑初入行业如何起步
  • 导航请确保你的网站导航都是以html的形式链接。所有页面之间应该有广泛的互联,如果无法实现这一点,可以考虑建立一个网站地图。首页网站的首页(
  • 发布商都很关注收入的波动问题,今天我们就帮大家深入分析一下如何知道收入波动的背后原因,并采取相应的措施。首先,大家都知道,AdSense 收
  • 很多人谈架构师,其实有两种架构师,一种是业务架构,一种是技术架构。我的经验和教训局限于技术架构,所以本文特指技术架构师。毕业前一年,毕业后7
  • 博客程序从Z-blog到WordPress的转换过程全纪录:1.前期准备网站未做,空间先找。我曾考虑过国外主机,由于有被墙的风险,访问速度也
  • 俗称“脚本小鬼”的家伙是属于那种很糟糕的黑客,因为基本上他们中的许多和大多数人都是如此的没有技巧。可以这样说,如果你安装了所有正确的补丁,拥
  • 很多的站长都会在一些大的网站上发表一些软文来提高自已网站的流量,但有很多的软文都被K了,或是效果不好.我曾在网易里发过一帖软文,每天都有上百
  • 注意:入侵时目标如果是linux服务器,看切忌清理痕迹的时候别忘记history命令的记录哦!1、修改/etc/profile将HISTSI
  • GoDaddy主机帐户的操作系统决定着自己的网站可以使用的脚本语言及网站功能。下面是GoDaddy虚拟主机帐户支持的脚本语言及功能列表:&n
  • 各位 Google AdSense 发布商您好,如果10月份您选择的付款方式为西联汇款,现在开始您就可以去领取您的西联汇款的收入了!领取西联
  • 前段时间,一位使用帝国CMS的朋友问我,帝国的碎片是什么意思,是做什么用的?我是这样回答的:现在很多门户网站的首页的信息大部分不是自动读取的
  • 视频分享网站们是时候好好思考什么才是真正有效的商业模式了——现金流永远都是最硬的道理,而不能仅仅盯在人气与流量上。三年前,当Google以1
  • 我们用到的比较多的可能是Limit的使用,Limit大致有以下动作,基本能覆盖全部的权限了。CMD:Change Working Direc
  • 博客评论投票是一个常见的功能,如果对某网友的评论比较认同,那么可以对其进行“支持”投票。如果感觉评论内容不好,不同意其观点,可以对其投“反对
  • PushMail在中国热起来,最有名的莫过于BlackBerry 这项早在2001 年已在美加地区推出的服务。BlackBerry 针对的是
  • 裸设备,也叫裸分区(原始分区),是一种没有经过格式化,不被Unix通过文件系统来读取的特殊字符设备。本文收集裸设备和Oracle问答20例。
手机版 网站运营 asp之家 www.aspxhome.com