大旗谷资源网

利用lynis如何进行linux漏洞扫描详解
服务器 2024/11/11 佚名
2 0
大旗谷资源网 Design By www.zqyou.com

前言

lynis 是一款运行在 Unix/Linux 平台上的基于主机的、开源的安全审计软件。Lynis是针对Unix/Linux的安全检查工具,可以发现潜在的安全威胁。这个工具覆盖可疑文件监测、漏洞、恶意程序扫描、配置错误等。下面一起来看看使用lynis进行linux漏洞扫描的相关内容吧

安装lynis

在 archlinux 上可以直接通过 pacman 来安装

sudo pacman -S lynis --noconfirm
resolving dependencies...
looking for conflicting packages...
 
Packages (1) lynis-2.6.4-1
 
Total Installed Size: 1.35 MiB
Net Upgrade Size:  0.00 MiB
 
:: Proceed with installation"color: #ff0000">使用lynis进行主机扫描


首先让我们不带任何参数运行 lynis, 这会列出 lynis 支持的那些参数





[lujun9972@T520 linux和它的小伙伴]$ lynis
 
[ Lynis 2.6.4 ]
 
################################################################################
 Lynis comes with ABSOLUTELY NO WARRANTY. This is free software, and you are
 welcome to redistribute it under the terms of the GNU General Public License.
 See the LICENSE file for details about using this software.
 
 2007-2018, CISOfy - https://cisofy.com/lynis/
 Enterprise support available (compliance, plugins, interface and tools)
################################################################################
 
 
[+] Initializing program
------------------------------------
 
 
 Usage: lynis command [options]
 
 
 Command:
 
 audit
  audit system     : Perform local security scan
  audit system remote <host> : Remote security scan
  audit dockerfile <file>  : Analyze Dockerfile
 
 show
  show       : Show all commands
  show version     : Show Lynis version
  show help      : Show help
 
 update
  update info     : Show update details
 
 
 Options:
 
 --no-log       : Don't create a log file
 --pentest       : Non-privileged scan (useful for pentest)
 --profile <profile>    : Scan the system with the given profile file
 --quick (-Q)      : Quick mode, don't wait for user input
 
 Layout options
 --no-colors      : Don't use colors in output
 --quiet (-q)      : No output
 --reverse-colors     : Optimize color display for light backgrounds
 
 Misc options
 --debug       : Debug logging to screen
 --view-manpage (--man)   : View man page
 --verbose       : Show more details on screen
 --version (-V)     : Display version number and quit
 
 Enterprise options
 --plugindir <path>    : Define path of available plugins
 --upload       : Upload data to central node
 
 More options available. Run '/usr/bin/lynis show options', or use the man page.
 
 No command provided. Exiting..





从上面可以看出,使用 lynis 进行主机扫描很简单,只需要带上参数 audit system 即可。 Lynis在审计的过程中,会进行多种类似的测试,在审计过程中会将各种测试结果、调试信息、和对系统的加固建议都被写到 stdin 。 我们可以执行下面命令来跳过检查过程,直接截取最后的扫描建议来看。





sudo lynis audit system |sed '1,/Results/d'





lynis将扫描的内容分成几大类,可以通过 show groups 参数来获取类别





lynis show groups







accounting

authentication

banners

boot_services

containers

crypto

databases

dns

file_integrity

file_permissions

filesystems

firewalls

hardening

homedirs

insecure_services

kernel

kernel_hardening

ldap

logging

mac_frameworks

mail_messaging

malware

memory_processes

nameservices

networking

php

ports_packages

printers_spools

scheduling

shells

snmp

squid

ssh

storage

storage_nfs

system_integrity

time

tooling

usb

virtualization

webservers






若指向扫描某几类的内容,则可以通过 –tests-from-group 参数来指定。


比如我只想扫描 shells 和 networking 方面的内容,则可以执行





sudo lynis --tests-from-group "shells networking" --no-colors








[ Lynis 2.6.4 ]
 
################################################################################
 Lynis comes with ABSOLUTELY NO WARRANTY. This is free software, and you are
 welcome to redistribute it under the terms of the GNU General Public License.
 See the LICENSE file for details about using this software.
 
 2007-2018, CISOfy - https://cisofy.com/lynis/
 Enterprise support available (compliance, plugins, interface and tools)
################################################################################
 
 
[+] Initializing program
------------------------------------
- Detecting OS...  [ DONE ]
- Checking profiles... [ DONE ]
- Detecting language and localization [ zh ]
Notice: no language file found for 'zh' (tried: /usr/share/lynis/db/languages/zh)
 
 ---------------------------------------------------
 Program version:   2.6.4
 Operating system:   Linux
 Operating system name:  Arch Linux
 Operating system version: Rolling release
 Kernel version:   4.16.13
 Hardware platform:   x86_64
 Hostname:     T520
 ---------------------------------------------------
 Profiles:     /etc/lynis/default.prf
 Log file:     /var/log/lynis.log
 Report file:    /var/log/lynis-report.dat
 Report version:   1.0
 Plugin directory:   /usr/share/lynis/plugins
 ---------------------------------------------------
 Auditor:     [Not Specified]
 Language:     zh
 Test category:    all
 Test group:    shells networking
 ---------------------------------------------------
- Program update status...  [ NO UPDATE ]
 
[+] System Tools
------------------------------------
- Scanning available tools...
- Checking system binaries...
 
[+] Plugins (phase 1)
------------------------------------
Note: plugins have more extensive tests and may take several minutes to complete
 
- Plugins enabled [ NONE ]
 
[+] Shells
------------------------------------
- Checking shells from /etc/shells
Result: found 5 shells (valid shells: 5).
- Session timeout settings/tools [ NONE ]
- Checking default umask values
- Checking default umask in /etc/bash.bashrc [ NONE ]
- Checking default umask in /etc/profile [ WEAK ]
 
[+] Networking
------------------------------------
- Checking IPv6 configuration [ ENABLED ]
Configuration method [ AUTO ]
IPv6 only [ NO ]
- Checking configured nameservers
- Testing nameservers
Nameserver: 202.96.134.33 [ SKIPPED ]
Nameserver: 202.96.128.86 [ SKIPPED ]
- Minimal of 2 responsive nameservers [ SKIPPED ]
- Getting listening ports (TCP/UDP) [ DONE ]
* Found 11 ports
- Checking status DHCP client [ RUNNING ]
- Checking for ARP monitoring software [ NOT FOUND ]
 
[+] Custom Tests
------------------------------------
- Running custom tests...  [ NONE ]
 
[+] Plugins (phase 2)
------------------------------------
 
================================================================================
 
 -[ Lynis 2.6.4 Results ]-
 
 Great, no warnings
 
 Suggestions (1):
 ----------------------------
 * Consider running ARP monitoring software (arpwatch,arpon) [NETW-3032] 
 
https://cisofy.com/controls/NETW-3032/
 
 Follow-up:
 ----------------------------
 - Show details of a test (lynis show details TEST-ID)
 - Check the logfile for all details (less /var/log/lynis.log)
 - Read security controls texts (https://cisofy.com)
 - Use --upload to upload data to central system (Lynis Enterprise users)
 
================================================================================
 
 Lynis security scan details:
 
 Hardening index : 33 [######    ]
 Tests performed : 13
 Plugins enabled : 0
 
 Components:
 - Firewall    [X]
 - Malware scanner  [X]
 
 Lynis Modules:
 - Compliance Status  ["color: #ff0000">查看详细说明


在查看审计结果时,你可以通过 show details 参数来获取关于某条警告/建议的详细说明。其对应的命令形式为:





lynis show details ${test_id}





比如,上面图中有一个建议





* Consider running ARP monitoring software (arpwatch,arpon) [NETW-3032]





我们可以运行命令:





sudo lynis show details NETW-3032








2018-06-08 18:18:01 Performing test ID NETW-3032 (Checking for ARP monitoring software)
2018-06-08 18:18:01 IsRunning: process 'arpwatch' not found
2018-06-08 18:18:01 IsRunning: process 'arpon' not found
2018-06-08 18:18:01 Suggestion: Consider running ARP monitoring software (arpwatch,arpon) [test:NETW-3032] [details:-] [solution:-]
2018-06-08 18:18:01 Checking permissions of /usr/share/lynis/include/tests_printers_spools
2018-06-08 18:18:01 File permissions are OK
2018-06-08 18:18:01 ===---------------------------------------------------------------===





查看日志文件


lynis在审计完成后会将详细的信息记录在 /var/log/lynis.log 中.





sudo tail /var/log/lynis.log








2018-06-08 17:59:46 ================================================================================
2018-06-08 17:59:46 Lynis 2.6.4
2018-06-08 17:59:46 2007-2018, CISOfy - https://cisofy.com/lynis/
2018-06-08 17:59:46 Enterprise support available (compliance, plugins, interface and tools)
2018-06-08 17:59:46 Program ended successfully
2018-06-08 17:59:46 ================================================================================
2018-06-08 17:59:46 PID file removed (/var/run/lynis.pid)
2018-06-08 17:59:46 Temporary files: /tmp/lynis.sGxCR0hSPz
2018-06-08 17:59:46 Action: removing temporary file /tmp/lynis.sGxCR0hSPz
2018-06-08 17:59:46 Lynis ended successfully.





同时将报告数据被保存到 /var/log/lynis-report.dat 中.





sudo tail /var/log/lynis-report.dat





另外需要注意的是,每次审计都会覆盖原日志文件.


检查更新


审计软件需要随时进行更新从而得到最新的建议和信息,我们可以使用 update info 参数来检查更新:





lynis update info --no-colors








== Lynis ==
 
 Version   : 2.6.4
 Status    : Up-to-date
 Release date  : 2018-05-02
 Update location : https://cisofy.com/lynis/
 
 
2007-2018, CISOfy - https://cisofy.com/lynis/





自定义lynis安全审计策略


lynis的配置信息以 .prf 文件的格式保存在 /etc/lynis 目录中。 其中,默认lynis自带一个名为 default.prf 的默认配置文件。


不过我们无需直接修改这个默认的配置文件,只需要新增一个 custom.prf 文件将自定义的信息加入其中就可以了。


关于配置文件中各配置项的意义,在 default.prf 中都有相应的注释说明,这里就不详述了。


想了解lynis的更多信息,可以访问它的官网.


总结


以上就是这篇文章的全部内容了,希望本文的内容对大家的学习或者工作具有一定的参考学习价值,如果有疑问大家可以留言交流,谢谢大家对的支持。
标签:
linux,lynis,linux漏洞扫描,linux,漏洞扫描工具
大旗谷资源网 Design By www.zqyou.com
广告合作:本站广告合作请联系QQ:858582 申请时备注:广告合作(否则不回)
免责声明:本站文章均来自网站采集或用户投稿,网站不提供任何软件下载或自行开发的软件! 如有用户或公司发现本站内容信息存在侵权行为,请邮件告知! 858582#qq.com
大旗谷资源网 Design By www.zqyou.com

评论“利用lynis如何进行linux漏洞扫描详解”

暂无利用lynis如何进行linux漏洞扫描详解的评论...
www.zqyou.com 大旗谷资源网
139,976影音资源
144,792福利资源
21,817软件资源
631,128技术资源

更新日志

友情链接

杰晶网络 DDR爱好者之家 桃源资源网 杰网资源 富贵资源网 南强小屋 铁雪资源网 幽灵资源网 万梅资源网 狼山资源网 白云岛资源网 昆仑资源网 相思资源网 明霞山资源网 内蒙古资源网 黑松山资源网 茶园资源网 饿虎岗资源网 大旗谷资源网 常春岛资源网 岱庙资源网 兴国资源网 快活林资源网 蝙蝠岛资源网 帝王谷资源网 白云城资源网 伏龙阁资源网 清风细雨楼 天枫庄资源网 圆月山庄资源网 无争山庄资源网 神水资源网 移花宫资源网 神剑山庄资源网 无为清净楼资源网 金钱帮资源网 丐帮资源网 华山资源网 极乐门资源网 小李飞刀资源网 凤求凰客栈 风云阁资源网 金狮镖局 鸳鸯亭资源网 千金楼资源网 更多链接
大旗谷资源网 Design By www.zqyou.com