2014-05-12 (last updated at October 20th, 2014) Michael BoelenAuditing, Linux, Lynis

Become a Linux auditor: tips to start with auditing the Linux platform

Become a Linux auditor: tips to start with auditing the Linux platform This guide helps people new to the Linux platform to get a grasp on how the system works. Whenever you are an IT auditor, or simply want to know more about the basics, this guide helps you in determining where to start an audit. Processes Each operating system consists of smaller running processes. In case of Linux this is true as well and can be displayed with the […]

2014-05-06 (last updated at October 20th, 2014) Michael BoelenAuditing, Intrusion Detection, Linux

Linux Audit Framework: using aureport

Linux Audit Framework: using aureport The Linux audit framework logs events, as specified by the configured watches. To extract particular events we can use the ausearch or aureport tools. The latter is the one we will focus on in this article, to get the most out of the tool. Aureport The aureport utility can be executed without any parameters. It will then extract all audit events available from the log. Since the audit log can be very big, it might […]

2014-05-03 (last updated at October 20th, 2014) Michael BoelenAuditing, Compliance, Hardening, Lynis

Linux server security: Three steps to secure each system

Linux server security: Three steps to secure each system Determining the level of Linux server security can only by measuring the actual implemented security safeguards. This process is called auditing and focuses on comparing common security measures with the ones implemented. While there is almost no system with all possible safeguards implemented, we still can determine how well (or badly) the system is protected. Security is about finding the weakest link(s) and associate risk with each weakness. Depending on the […]

2014-04-30 (last updated at October 20th, 2014) Michael BoelenAuditing, Logging

Linux audit log: dealing with audit.log file

Linux audit log: dealing with audit.log file The Linux kernel audit framework consists of several components including a daemon, control client, audit rules and Linux audit log. In this article we take additional measures to protect the audit.log file. Aureport The first useful utility to parse the audit.log is aureport. Without parameters it will give a summary of all events. This includes the files, users, audit keys and also items like suspicious events (anomalies). Each sub item can be read […]

2014-04-24 (last updated at October 20th, 2014) Michael BoelenAuditing, Lynis

Lynis for Auditors: Linux and Unix auditing

Lynis for Auditors: Linux and Unix auditing Auditing on Linux Although Unix and Linux based systems are not new, getting an extensive knowledge of the operating system takes years of practice. Even then, with all changes it might be hard to keep up, especially when being an auditor. Examples of these are the differences between package managers, the way services are started and where binaries or configuration files are located. But no worries, there is help! Why Lynis? The goal […]

2014-04-21 (last updated at June 23rd, 2018) Michael BoelenAuditing, Linux

Conducting a Linux Server Security Audit

Conducting a Linux Server Security Audit Auditing a system can be a time-consuming job, which is no different when conducting a Linux server security audit. Within this article, we give some highlights regarding the audit and tips to automate them by using Lynis. The business goal Before auditing any system, determine the business goal of the system. How critical is this system for doing business? What if the system goes down? Usually each system has a clear role or multiple […]

2014-04-15 (last updated at October 20th, 2014) Michael BoelenAuditing, Linux, Lynis, Software

Open source vulnerability scanner for Linux systems – Lynis

Open source vulnerability scanner for Linux There are several open source vulnerability scanners for Linux, like OpenVAS. While tools like these are powerful as well, we will have a look at Lynis, our auditing tool to detect vulnerabilities of Linux and Unix systems. Why is it different than others and how can it help you in securing your systems? Vulnerabilities Every piece of software will have sooner or later a vulnerability, a minor or major weakness which can be abused […]

2014-04-12 (last updated at October 20th, 2014) Michael BoelenAuditing

What is a security audit?

What is a security audit? In the world of compliance, reported break-ins on the news and many security incidents, it’s common to see a security audit showing up sooner or later. Still, many people in our field don’t like them. But what is a security audit and why should we actually embrace them? Why audit? Auditing has a simple goal: check if something is configured according to best practices, a baseline or a preferred state. In an ideal situation these […]

2014-04-09 (last updated at October 20th, 2014) Michael BoelenAuditing, FreeBSD, Hardening, Lynis

FreeBSD hardening with Lynis

FreeBSD hardening with Lynis Lynis development has its roots on a FreeBSD system, therefore FreeBSD hardening is also easy and supported when using Lynis. People who want to audit and harden their FreeBSD system will discover Lynis to be a powerful tool for this purpose. In this article we will focus on how to audit your system with Lynis. Lynis Lynis is an open source audit tool. It only requires root access and a normal shell and the tool is […]

2014-04-06 (last updated at June 13th, 2018) Michael BoelenAuditing

Configuring and auditing Linux systems with Audit daemon

Configuring and auditing Linux systems with Audit daemon The Linux Audit Daemon is a framework to allow auditing events on a Linux system. Within this article we will have a look at installation, configuration and using the framework to perform Linux system and security auditing. Auditing goals By using a powerful audit framework, the system can track many event types to monitor and audit the system. Examples include: Audit file access and modification See who changed a particular file Detect […]

2014-03-30 (last updated at October 20th, 2014) Michael BoelenAuditing, Linux, Lynis

CAATTs for Linux: Lynis

CAATTs for Linux Within the field of the audit profession the usage of CAAT (Computer-assisted audit techniques) or CAATTs (computer-assisted audit tools and techniques) is growing. Lynis is filling this gap for Linux and Unix based systems. It’s a well-known and stable tool in this area and improves the audit process by automation. Only a few items could then be checked manually. This saves time, makes the audit more predictable and increases the quality of the overall audit. Lynis Based […]

2014-03-27 (last updated at October 20th, 2014) Michael BoelenAuditing, Hardening, Lynis

How to use Lynis

How to use Lynis This article explains in a few quick steps how to start with using Lynis. A more extensive explanation can be found in the documentation of Lynis. Download Lynis: wget http://cisofy.com/files/lynis-version.tar.gz Unpack tarball: tar xfvz lynis-version.tar.gz This will unpack the tarball with a Lynis directory. Go into this directory: cd lynis-version When running Lynis for the very first time, just just the -c parameter. It will start the audit process and pauses after every batch of tests. […]

2014-03-09 (last updated at October 20th, 2014) Michael BoelenAuditing, Lynis

Securing Linux: Audit with Lynis (an introduction into auditing)

Introduction Securing a Linux system can take a lot of time. For this purpose we have written Lynis, a quick and small audit tool. It’s an open source tool and freely available. You just need root permissions and a common shell and you’re ready to do your first audit. The main audience for this tool is auditors, security professionals, penetrating testers and system administrators. First audit Most Linux distributions already have Lynis in their software repository. If not, then download Lynis […]

2014-03-06 (last updated at April 7th, 2016) Michael BoelenAuditing

Linux Audit: Auditing the Network Configuration

Introduction Within this article we have a look on how to audit and check the network configuration of Linux and other systems. The main focus is on gathering information and discover how systems are configured. By taking these steps we will do a manual audit. For efficiency reasons we suggest to use an automated tool like Lynis. Where to start? Each Linux distribution has their own way and files to configure the network. Therefore we look at the basic components […]

«1 2 34