Lynis - аудит системы.
17-07-2010. Разместил: admin В нашем арсенале программ прибавление. Сегодня речь пойдет о полезной утилите, носящей название Lynis.
Она предназначена для аудите системы. Она проверяет систему и конфигарционные файлы, данные выводит в виде отчет, выставляя оценку и выводя предупреждения и советы. Умеет запускаться с cron'a. Если требуется проверить систему полностью, нужно ее запускать от root'а или через sudo.
Ставим
#whereis lynis
lynis: /usr/ports/security/lynis
#cd /usr/ports/security/lynis
#make install clean
lynis: /usr/ports/security/lynis
#cd /usr/ports/security/lynis
#make install clean
Некоторые опции:
-с Проверить все.
-Q "Бесшумный" режим. Без этой опции утилита после каждого блока проверок будет ждать нажатия клавиши от пользователя.
-q Вывод только предупреждений.
-v Вывод версии утилиты.
Запускаем
#lynis -c -Q
Выводится отчет. Особое внимание следует обратить на Warnings и исправлять в первую очеред. Рекомендации, приведенные в Suggestions - желательно тоже.
-[ Lynis 1.2.9 Results ]-
[Tests performed: 134
[Warnings:
----------------------------
- [13:41:04] Warning: Found one or more stratum 16 peers [test:TIME-3116] [impact:L]
[Suggestions:
----------------------------
- [13:40:50] Suggestion: Default umask in /etc/profile could be more strict like 027 [test:AUTH-9328]
- [13:41:00] Suggestion: Unused distfiles found. Use portsclean to delete these files. For example: portsclean -DD. [test:PKGS-7348]
- [13:41:02] Suggestion: Configure a firewall/packet filter to filter incoming and outgoing traffic [test:FIRE-4590]
- [13:41:03] Suggestion: Change the allow_url_fopen line to: allow_url_fopen = Off, to disable downloads via PHP [test:PHP-2376]
- [13:41:04] Suggestion: Enable logging to an external logging host for archiving purposes and additional protection [test:LOGG-2154]
- [13:41:04] Suggestion: Add legal banner to /etc/motd, to warn unauthorized users [test:BANN-7122]
- [13:41:04] Suggestion: Check ntpq peers output [test:TIME-3116]
- [13:41:05] Suggestion: Harden the system by removing unneeded compilers. This can decrease the chance of customized trojans, backdoors and rootkits to be compiled and installed [test:HRDN-7220]
================================================================================
[Files:
- Test and debug information : /var/log/lynis.log
- Report data : /var/log/lynis-report.dat
================================================================================
Hardening index : [71] [############## ]
================================================================================
Lynis 1.2.9
Copyright 2007-2009 - Michael Boelen, https://www.rootkit.nl/
================================================================================
[Tests performed: 134
[Warnings:
----------------------------
- [13:41:04] Warning: Found one or more stratum 16 peers [test:TIME-3116] [impact:L]
[Suggestions:
----------------------------
- [13:40:50] Suggestion: Default umask in /etc/profile could be more strict like 027 [test:AUTH-9328]
- [13:41:00] Suggestion: Unused distfiles found. Use portsclean to delete these files. For example: portsclean -DD. [test:PKGS-7348]
- [13:41:02] Suggestion: Configure a firewall/packet filter to filter incoming and outgoing traffic [test:FIRE-4590]
- [13:41:03] Suggestion: Change the allow_url_fopen line to: allow_url_fopen = Off, to disable downloads via PHP [test:PHP-2376]
- [13:41:04] Suggestion: Enable logging to an external logging host for archiving purposes and additional protection [test:LOGG-2154]
- [13:41:04] Suggestion: Add legal banner to /etc/motd, to warn unauthorized users [test:BANN-7122]
- [13:41:04] Suggestion: Check ntpq peers output [test:TIME-3116]
- [13:41:05] Suggestion: Harden the system by removing unneeded compilers. This can decrease the chance of customized trojans, backdoors and rootkits to be compiled and installed [test:HRDN-7220]
================================================================================
[Files:
- Test and debug information : /var/log/lynis.log
- Report data : /var/log/lynis-report.dat
================================================================================
Hardening index : [71] [############## ]
================================================================================
Lynis 1.2.9
Copyright 2007-2009 - Michael Boelen, https://www.rootkit.nl/
================================================================================
Особенно заинтересовала строчка с числовым значением, я понял как степень защищенности. Чем выше значение - тем лучше.
Таким образом мы добавили еще один инструмент в наш арсенал, помогающий надежно защитить систему. Ведь не зря говорят - "Предупрежден - значит вооружен".
Вернуться назад