网站运营
位置:首页>> 网站运营>> 利用lynis如何进行linux漏洞扫描详解

利用lynis如何进行linux漏洞扫描详解

作者:暗无天日  发布时间:2023-08-20 00:36:51 

标签:linux,lynis,漏洞扫描

前言

lynis 是一款运行在 Unix/Linux 平台上的基于主机的、开源的安全审计软件。Lynis是针对Unix/Linux的安全检查工具,可以发现潜在的安全威胁。这个工具覆盖可疑文件监测、漏洞、恶意程序扫描、配置错误等。下面一起来看看使用lynis进行linux漏洞扫描的相关内容吧

安装lynis

在 archlinux 上可以直接通过 pacman 来安装


sudo pacman -S lynis --noconfirm

resolving dependencies...
looking for conflicting packages...

Packages (1) lynis-2.6.4-1

Total Installed Size: 1.35 MiB
Net Upgrade Size:  0.00 MiB

:: Proceed with installation? [Y/n]
(0/1) checking keys in keyring      [----------------------] 0%
(1/1) checking keys in keyring      [######################] 100%
(0/1) checking package integrity     [----------------------] 0%
(1/1) checking package integrity     [######################] 100%
(0/1) loading package files      [----------------------] 0%
(1/1) loading package files      [######################] 100%
(0/1) checking for file conflicts     [----------------------] 0%
(1/1) checking for file conflicts     [######################] 100%
(0/1) checking available disk space    [----------------------] 0%
(1/1) checking available disk space    [######################] 100%
:: Processing package changes...
(1/1) reinstalling lynis       [----------------------] 0%
(1/1) reinstalling lynis       [######################] 100%
:: Running post-transaction hooks...
(1/2) Reloading system manager configuration...
(2/2) Arming ConditionNeedsUpdate...

使用lynis进行主机扫描

首先让我们不带任何参数运行 lynis, 这会列出 lynis 支持的那些参数


[lujun9972@T520 linux和它的小伙伴]$ lynis

[ Lynis 2.6.4 ]

################################################################################
Lynis comes with ABSOLUTELY NO WARRANTY. This is free software, and you are
welcome to redistribute it under the terms of the GNU General Public License.
See the LICENSE file for details about using this software.

2007-2018, CISOfy - https://cisofy.com/lynis/
Enterprise support available (compliance, plugins, interface and tools)
################################################################################

[+] Initializing program
------------------------------------

Usage: lynis command [options]

Command:

audit
 audit system     : Perform local security scan
 audit system remote <host> : Remote security scan
 audit dockerfile <file>  : Analyze Dockerfile

show
 show       : Show all commands
 show version     : Show Lynis version
 show help      : Show help

update
 update info     : Show update details

Options:

--no-log       : Don't create a log file
--pentest       : Non-privileged scan (useful for pentest)
--profile <profile>    : Scan the system with the given profile file
--quick (-Q)      : Quick mode, don't wait for user input

Layout options
--no-colors      : Don't use colors in output
--quiet (-q)      : No output
--reverse-colors     : Optimize color display for light backgrounds

Misc options
--debug       : Debug logging to screen
--view-manpage (--man)   : View man page
--verbose       : Show more details on screen
--version (-V)     : Display version number and quit

Enterprise options
--plugindir <path>    : Define path of available plugins
--upload       : Upload data to central node

More options available. Run '/usr/bin/lynis show options', or use the man page.

No command provided. Exiting..

从上面可以看出,使用 lynis 进行主机扫描很简单,只需要带上参数 audit system 即可。 Lynis在审计的过程中,会进行多种类似的测试,在审计过程中会将各种测试结果、调试信息、和对系统的加固建议都被写到 stdin 。 我们可以执行下面命令来跳过检查过程,直接截取最后的扫描建议来看。


sudo lynis audit system |sed '1,/Results/d'

lynis将扫描的内容分成几大类,可以通过 show groups 参数来获取类别


lynis show groups

accounting
authentication
banners
boot_services
containers
crypto
databases
dns
file_integrity
file_permissions
filesystems
firewalls
hardening
homedirs
insecure_services
kernel
kernel_hardening
ldap
logging
mac_frameworks
mail_messaging
malware
memory_processes
nameservices
networking
php
ports_packages
printers_spools
scheduling
shells
snmp
squid
ssh
storage
storage_nfs
system_integrity
time
tooling
usb
virtualization
webservers

若指向扫描某几类的内容,则可以通过 –tests-from-group 参数来指定。

比如我只想扫描 shells 和 networking 方面的内容,则可以执行


sudo lynis --tests-from-group "shells networking" --no-colors

[ Lynis 2.6.4 ]

################################################################################
Lynis comes with ABSOLUTELY NO WARRANTY. This is free software, and you are
welcome to redistribute it under the terms of the GNU General Public License.
See the LICENSE file for details about using this software.

2007-2018, CISOfy - https://cisofy.com/lynis/
Enterprise support available (compliance, plugins, interface and tools)
################################################################################

[+] Initializing program
------------------------------------
- Detecting OS...  [ DONE ]
- Checking profiles... [ DONE ]
- Detecting language and localization [ zh ]
Notice: no language file found for 'zh' (tried: /usr/share/lynis/db/languages/zh)

---------------------------------------------------
Program version:   2.6.4
Operating system:   Linux
Operating system name:  Arch Linux
Operating system version: Rolling release
Kernel version:   4.16.13
Hardware platform:   x86_64
Hostname:     T520
---------------------------------------------------
Profiles:     /etc/lynis/default.prf
Log file:     /var/log/lynis.log
Report file:    /var/log/lynis-report.dat
Report version:   1.0
Plugin directory:   /usr/share/lynis/plugins
---------------------------------------------------
Auditor:     [Not Specified]
Language:     zh
Test category:    all
Test group:    shells networking
---------------------------------------------------
- Program update status...  [ NO UPDATE ]

[+] System Tools
------------------------------------
- Scanning available tools...
- Checking system binaries...

[+] Plugins (phase 1)
------------------------------------
Note: plugins have more extensive tests and may take several minutes to complete
 
- Plugins enabled [ NONE ]

[+] Shells
------------------------------------
- Checking shells from /etc/shells
Result: found 5 shells (valid shells: 5).
- Session timeout settings/tools [ NONE ]
- Checking default umask values
- Checking default umask in /etc/bash.bashrc [ NONE ]
- Checking default umask in /etc/profile [ WEAK ]

[+] Networking
------------------------------------
- Checking IPv6 configuration [ ENABLED ]
Configuration method [ AUTO ]
IPv6 only [ NO ]
- Checking configured nameservers
- Testing nameservers
Nameserver: 202.96.134.33 [ SKIPPED ]
Nameserver: 202.96.128.86 [ SKIPPED ]
- Minimal of 2 responsive nameservers [ SKIPPED ]
- Getting listening ports (TCP/UDP) [ DONE ]
* Found 11 ports
- Checking status DHCP client [ RUNNING ]
- Checking for ARP monitoring software [ NOT FOUND ]

[+] Custom Tests
------------------------------------
- Running custom tests...  [ NONE ]

[+] Plugins (phase 2)
------------------------------------

================================================================================

-[ Lynis 2.6.4 Results ]-

Great, no warnings

Suggestions (1):
----------------------------
* Consider running ARP monitoring software (arpwatch,arpon) [NETW-3032]

https://cisofy.com/controls/NETW-3032/

Follow-up:
----------------------------
- Show details of a test (lynis show details TEST-ID)
- Check the logfile for all details (less /var/log/lynis.log)
- Read security controls texts (https://cisofy.com)
- Use --upload to upload data to central system (Lynis Enterprise users)

================================================================================

Lynis security scan details:

Hardening index : 33 [######    ]
Tests performed : 13
Plugins enabled : 0

Components:
- Firewall    [X]
- Malware scanner  [X]

Lynis Modules:
- Compliance Status  [?]
- Security Audit   [V]
- Vulnerability Scan  [V]

Files:
- Test and debug information  : /var/log/lynis.log
- Report data      : /var/log/lynis-report.dat

================================================================================

Lynis 2.6.4

Auditing, system hardening, and compliance for UNIX-based systems
(Linux, macOS, BSD, and others)

2007-2018, CISOfy - https://cisofy.com/lynis/
Enterprise support available (compliance, plugins, interface and tools)

================================================================================

[TIP]: Enhance Lynis audits by adding your settings to custom.prf (see /etc/lynis/default.prf for all settings)

查看详细说明

在查看审计结果时,你可以通过 show details 参数来获取关于某条警告/建议的详细说明。其对应的命令形式为:


lynis show details ${test_id}

比如,上面图中有一个建议


* Consider running ARP monitoring software (arpwatch,arpon) [NETW-3032]

我们可以运行命令:


sudo lynis show details NETW-3032

2018-06-08 18:18:01 Performing test ID NETW-3032 (Checking for ARP monitoring software)
2018-06-08 18:18:01 IsRunning: process 'arpwatch' not found
2018-06-08 18:18:01 IsRunning: process 'arpon' not found
2018-06-08 18:18:01 Suggestion: Consider running ARP monitoring software (arpwatch,arpon) [test:NETW-3032] [details:-] [solution:-]
2018-06-08 18:18:01 Checking permissions of /usr/share/lynis/include/tests_printers_spools
2018-06-08 18:18:01 File permissions are OK
2018-06-08 18:18:01 ===---------------------------------------------------------------===

查看日志文件

lynis在审计完成后会将详细的信息记录在 /var/log/lynis.log 中.


sudo tail /var/log/lynis.log

2018-06-08 17:59:46 ================================================================================
2018-06-08 17:59:46 Lynis 2.6.4
2018-06-08 17:59:46 2007-2018, CISOfy - https://cisofy.com/lynis/
2018-06-08 17:59:46 Enterprise support available (compliance, plugins, interface and tools)
2018-06-08 17:59:46 Program ended successfully
2018-06-08 17:59:46 ================================================================================
2018-06-08 17:59:46 PID file removed (/var/run/lynis.pid)
2018-06-08 17:59:46 Temporary files: /tmp/lynis.sGxCR0hSPz
2018-06-08 17:59:46 Action: removing temporary file /tmp/lynis.sGxCR0hSPz
2018-06-08 17:59:46 Lynis ended successfully.

同时将报告数据被保存到 /var/log/lynis-report.dat 中.


sudo tail /var/log/lynis-report.dat

另外需要注意的是,每次审计都会覆盖原日志文件.

检查更新

审计软件需要随时进行更新从而得到最新的建议和信息,我们可以使用 update info 参数来检查更新:


lynis update info --no-colors

== Lynis ==

Version   : 2.6.4
Status    : Up-to-date
Release date  : 2018-05-02
Update location : https://cisofy.com/lynis/

2007-2018, CISOfy - https://cisofy.com/lynis/

自定义lynis安全审计策略

lynis的配置信息以 .prf 文件的格式保存在 /etc/lynis 目录中。 其中,默认lynis自带一个名为 default.prf 的默认配置文件。

不过我们无需直接修改这个默认的配置文件,只需要新增一个 custom.prf 文件将自定义的信息加入其中就可以了。

关于配置文件中各配置项的意义,在 default.prf 中都有相应的注释说明,这里就不详述了。

想了解lynis的更多信息,可以访问它的官网.

来源:https://lujun9972.github.io/blog/2018/06/08/使用lynis进行linux漏洞扫描/

0
投稿

猜你喜欢

  • 今天公司的兄弟好象是去参加了什么google的新产品说明会,带回了些小纪念品,还带回了些资料,其中有关于Sitemap的介绍,就用我的blo
  • 在即将开始测试UCenter Home 2.0中,针对1.5版本新增了六大互动新特性,使得新版本拥有更强的互动性。在此特别提前为大家做一下道
  • Google通用搜索无所不包,它包括博客搜索、图书搜索、Google Base和产品搜索、代码搜索、Google列表搜索、Google图像搜
  • 路由器设置实现DDoS防御的操作是什么呢?首先我们要认识到做好DDoS防御之前我们要明白DDoS攻击的原理是什么,然后我们针对原因逐一分析并
  • 在Linux上采用bash作为标准,基本上它描述了对带有“.sh”扩展名的vi编辑器等文本的处理并执行。与编程一样,它有许多函数,如变量,函
  • 本文实例为大家分享了IIS7 网站发布常见问题,以及五种问题的解决方法,供大家参考,具体内容如下1、不是有效的Win32位应用程序:解决方案
  • 北京时间10月25日消息,据科技博客网站TechCrunch报道,在最近一次谷歌Google页面排名更新中,谷歌处罚了大量的博客“链接农场”
  • 最近网站图片被盗链,导致服务器负担过重于是上网找了一下关于防盗链的方法大多数都是用.htaccess防盗链的,可我使用的虚拟主机是windo
  • 关于新发布的IE8 Beta1,网友们都纷纷下载来使用,尝到了功能强大的甜头;有的却因网络流传:安装后会覆盖原来的IE7,并且不能
  • 你的服务器上是否存有一些不能随意公开的重要数据呢?当然有吧。最近,偏偏服务器遭受的风险又特别大,越来越多的病毒、心怀不轨的黑客,以及那些商业
  • web集群系统,是由一群同时运行同一个web应用的服务器组成的集群系统,在外界看来,就像是一个服务器一样。为了均衡集群服务器的负载,达到优化
  • 最近总有朋友问我同一个问题:如何才能让discuz 7.2 发帖和回复的时候直接采用高级模式,而不是默认是那个弹窗模式,如下图所示:如果站长
  • ◎金流,物流,信息流的改变互联网发展10年以降,「金流,物流,信息流」这三流人人琅琅上口,特别是在电子商务的领域中,这三者的完备足以产生许多
  • 不管是Windows2000或者是WindowsXP,系统默认的注册表编辑器都不能摆脱这样的事实:只要是修改注册表键值,就必须在注册表编辑中
  • 这几天有点忙,一直抽不出时间写这篇日记。最近很多站长一直催我把中篇写出来,所以我决定今天放下手中的工作,把中篇写完。自上次写了网站运营日记(
  • 前几天发布了一篇网志《电子版〈名博是怎样炼成的〉》其中第一段是关于四位作者的描述:《名博是怎样炼成的》全名《名博是怎样炼成的:个人品牌博客全
  • 北京时间10月16日消息,据国外媒体报道,甲骨文高管周四表示,将发布43种Web软件模块,帮助企业管理财务、人力资源、销售和采购等任务。这将
  • 如果要允许用户在站点中上载或下载文件,就需要在 Web 服务器上设置 FTP。无论站点是位于 Intranet 还是位于 Internet
  • 在很早之前,麦田老师抛出“博客过时论”之后,就真的再也没有见麦田老师更新过博客,似乎是从本身的行动来证明自己的言论。从那时起或者是更早之前,
  • #cccccc 1px dotted; TABLE-LAYOUT: fixed; BORDER-TOP: #cccccc 1px dotte
手机版 网站运营 asp之家 www.aspxhome.com