漏洞扫描之lynis扫描

lynis是一款比较好用的主机扫描软件。

用法

漏洞扫描之lynis扫描_第1张图片

首先,显示lynis可以扫描的内容类别

漏洞扫描之lynis扫描_第2张图片

指向扫描其中某个方面,如选择php和ssh:

root@KaliWittPeng:~# sudo lynis --tests-from-group "php ssh" --no-colors

[ Lynis 2.6.2 ]

################################################################################
  Lynis comes with ABSOLUTELY NO WARRANTY. This is free software, and you are
  welcome to redistribute it under the terms of the GNU General Public License.
  See the LICENSE file for details about using this software.

  2007-2018, CISOfy - https://cisofy.com/lynis/
  Enterprise support available (compliance, plugins, interface and tools)
################################################################################


[+] Initializing program
------------------------------------
  - Detecting OS...                                           [ DONE ]
  - Checking profiles...                                      [ DONE ]
  - Detecting language and localization                       [ zh ]
    Notice: no language file found for 'zh' (tried: /usr/share/lynis/db/languages/zh)

  ---------------------------------------------------
  Program version:           2.6.2
  Operating system:          Linux
  Operating system name:     Debian
  Operating system version:  kali-rolling
  Kernel version:            4.17.0
  Hardware platform:         x86_64
  Hostname:                  KaliWittPeng
  ---------------------------------------------------
  Profiles:                  /etc/lynis/default.prf
  Log file:                  /var/log/lynis.log
  Report file:               /var/log/lynis-report.dat
  Report version:            1.0
  Plugin directory:          /etc/lynis/plugins
  ---------------------------------------------------
  Auditor:                   [Not Specified]
  Language:                  zh
  Test category:             all
  Test group:                php ssh
  ---------------------------------------------------
  - Program update status...                                  [ UPDATE AVAILABLE ]

      ===============================================================================
        Lynis update available
      ===============================================================================

        Current version is more than 4 months old

        Current version : 262   Latest version : 270

        Please update to the latest version.
        New releases include additional features, bug fixes, tests, and baselines.

        Download the latest version:

        Packages (DEB/RPM) -  https://packages.cisofy.com
        Website (TAR)      -  https://cisofy.com/downloads/
        GitHub (source)    -  https://github.com/CISOfy/lynis

      ===============================================================================


[+] System Tools
------------------------------------
  - Scanning available tools...
  - Checking system binaries...

[+] Plugins (phase 1)
------------------------------------
 Note: plugins have more extensive tests and may take several minutes to complete
  
  - Plugin: debian
    [
[+] Debian Tests
------------------------------------
  - Checking for system binaries that are required by Debian Tests...
    - Checking /bin...                                        [ FOUND ]
    - Checking /sbin...                                       [ FOUND ]
    - Checking /usr/bin...                                    [ FOUND ]
    - Checking /usr/sbin...                                   [ FOUND ]
    - Checking /usr/local/bin...                              [ FOUND ]
    - Checking /usr/local/sbin...                             [ FOUND ]
  - Authentication:
    - PAM (Pluggable Authentication Modules):
      - libpam-tmpdir                                         [ Not Installed ]
      - libpam-usb                                            [ Not Installed ]
  - File System Checks:
    - DM-Crypt, Cryptsetup & Cryptmount:
      - Checking / on /dev/sda1                               [ NOT ENCRYPTED ]
      - Checking /tmp on /dev/sda7                            [ NOT ENCRYPTED ]
      - Checking /home on /dev/sda8                           [ NOT ENCRYPTED ]
      - Checking /var on /dev/sda5                            [ NOT ENCRYPTED ]
      - Checking /media/cdrom0 on /dev/sr0                    [ NOT ENCRYPTED ]
  - Software:
    - apt-listbugs                                            [ Not Installed ]
    - apt-listchanges                                         [ Installed and enabled for apt ]
    - checkrestart                                            [ Not Installed ]
    - needrestart                                             [ Not Installed ]
    - debsecan                                                [ Not Installed ]
    - debsums                                                 [ Not Installed ]
    - fail2ban                                                [ Not Installed ]
]

[+] PHP
------------------------------------
  - Checking PHP                                              [ NOT FOUND ]
    - Checking PHP disabled functions                         [ NONE ]
    - Checking PHP suhosin extension status                   [ WARNING ]
      - Suhosin simulation mode status                        [ WARNING ]

[+] SSH Support
------------------------------------
  - Checking running SSH daemon                               [ NOT FOUND ]

[+] Custom Tests
------------------------------------
  - Running custom tests...                                   [ NONE ]

[+] Plugins (phase 2)
------------------------------------

================================================================================

  -[ Lynis 2.6.2 Results ]-

  Great, no warnings

  Suggestions (12):
  ----------------------------
  * Version of Lynis outdated, consider upgrading to the latest version [LYNIS] 
      https://cisofy.com/controls/LYNIS/

  * Install libpam-tmpdir to set $TMP and $TMPDIR for PAM sessions [CUST-0280] 
      https://your-domain.example.org/controls/CUST-0280/

  * Install libpam-usb to enable multi-factor authentication for PAM sessions [CUST-0285] 
      https://your-domain.example.org/controls/CUST-0285/

  * Install apt-listbugs to display a list of critical bugs prior to each APT installation. [CUST-0810] 
      https://your-domain.example.org/controls/CUST-0810/

  * Install debian-goodies so that you can run checkrestart after upgrades to determine which services are using old versions of libraries and need restarting. [CUST-0830] 
      https://your-domain.example.org/controls/CUST-0830/

  * Install needrestart, alternatively to debian-goodies, so that you can run needrestart after upgrades to determine which daemons are using old versions of libraries and need restarting. [CUST-0831] 
      https://your-domain.example.org/controls/CUST-0831/

  * Install debsecan to generate lists of vulnerabilities which affect this installation. [CUST-0870] 
      https://your-domain.example.org/controls/CUST-0870/

  * Install debsums for the verification of installed package files against MD5 checksums. [CUST-0875] 
      https://your-domain.example.org/controls/CUST-0875/

  * Install fail2ban to automatically ban hosts that commit multiple authentication errors. [DEB-0880] 
      https://cisofy.com/controls/DEB-0880/

  * Harden PHP by disabling risky functions [PHP-2320] 
      https://cisofy.com/controls/PHP-2320/

  * Harden PHP by enabling suhosin extension [PHP-2379] 
      https://cisofy.com/controls/PHP-2379/

  * Harden PHP by deactivating suhosin simulation mode [PHP-2379] 
      https://cisofy.com/controls/PHP-2379/

  Follow-up:
  ----------------------------
  - Show details of a test (lynis show details TEST-ID)
  - Check the logfile for all details (less /var/log/lynis.log)
  - Read security controls texts (https://cisofy.com)
  - Use --upload to upload data to central system (Lynis Enterprise users)

================================================================================

  Lynis security scan details:

  Hardening index : 6 [#                   ]
  Tests performed : 16
  Plugins enabled : 1

  Components:
  - Firewall               [X]
  - Malware scanner        [V]

  Lynis Modules:
  - Compliance Status      [?]
  - Security Audit         [V]
  - Vulnerability Scan     [V]

  Files:
  - Test and debug information      : /var/log/lynis.log
  - Report data                     : /var/log/lynis-report.dat

================================================================================
  Notice: Lynis update available
  Current version : 262    Latest version : 270
================================================================================

  Lynis 2.6.2

  Auditing, system hardening, and compliance for UNIX-based systems
  (Linux, macOS, BSD, and others)

  2007-2018, CISOfy - https://cisofy.com/lynis/
  Enterprise support available (compliance, plugins, interface and tools)

================================================================================

  [TIP]: Enhance Lynis audits by adding your settings to custom.prf (see /etc/lynis/default.prf for all settings)

查看详细说明:

show details 参数来获取关于某条警告/建议的详细说明。其对应的命令形式为:

lynis show details ${test_id}

运行命令:

root@KaliWittPeng:~# sudo lynis show details NETW-3032

查看日志文件

lynis在审计完成后会将详细的信息记录在 /var/log/lynis.log 中

root@KaliWittPeng:~# sudo tail /var/log/lynis.log
2018-11-15 21:53:05 ================================================================================
2018-11-15 21:53:05 Lynis 2.6.2
2018-11-15 21:53:05 2007-2018, CISOfy - https://cisofy.com/lynis/
2018-11-15 21:53:05 Enterprise support available (compliance, plugins, interface and tools)
2018-11-15 21:53:05 Program ended successfully
2018-11-15 21:53:05 ================================================================================
2018-11-15 21:53:05 PID file removed (/var/run/lynis.pid)
2018-11-15 21:53:05 Temporary files:  /tmp/lynis.WOUpjSumpG
2018-11-15 21:53:05 Action: removing temporary file /tmp/lynis.WOUpjSumpG
2018-11-15 21:53:05 Lynis ended successfully.
root@KaliWittPeng:~# sudo tail /var/log/lynis-report.dat
test_group=all
plugin_directory=/etc/lynis/plugins
lynis_update_available=0
suggestion[]=LYNIS|This release is more than 4 months old. Consider upgrading|-|-|
vm=1
vmtype=kvm
container=0
systemd=1
hostid2=7d2106ffd9c966d580acf707fe411655546f25717b5bc020ae9ddde60eab5f8f
hostid=6d26a8d66698ec6f34aeb9e97499a6c46b0ecc56

检查更新

审计软件需要随时进行更新从而得到最新的建议和信息,我们可以使用update info 参数来检查更新:

root@KaliWittPeng:~# lynis update info --no-colors

 == Lynis ==

  Version            : 2.6.2
  Status             : Outdated
  Installed version  : 262
  Latest version     : 270
  Release date       : 2018-02-13
  Update location    : https://cisofy.com/lynis/


2007-2018, CISOfy - https://cisofy.com/lynis/

自定义lynis安全审计策略

lynis的配置信息以 .prf 文件的格式保存在 /etc/lynis 目录中。 其中,默认lynis自带一个名为 default.prf 的默认配置文件。

不过我们无需直接修改这个默认的配置文件,只需要新增一个custom.prf 文件将自定义的信息加入其中就可以了。

关于配置文件中各配置项的意义,在default.prf 中都有相应的注释说明,这里就不详述了。

想了解lynis的更多信息,可以访问它的官网.

借鉴自:https://www.jb51.net/article/142531.htm

你可能感兴趣的:(网络信息安全)