What is a security audit?

What is a security audit? In the world of compliance, reported break-ins on the news and many security incidents, it’s common to see a security audit showing up sooner or later. Still, many people in our field don’t like them. But what is a security audit and why should we actually embrace them? Why audit? Auditing has a simple goal: check if something is configured according to best practices, a baseline or a preferred state. In an ideal situation these […]

Read more

FreeBSD hardening with Lynis

FreeBSD hardening with Lynis Lynis development has its roots on a FreeBSD system, therefore FreeBSD hardening is also easy and supported when using Lynis. People who want to audit and harden their FreeBSD system will discover Lynis to be a powerful tool for this purpose. In this article we will focus on how to audit your system with Lynis. Lynis Lynis is an open source audit tool. It only requires root access and a normal shell and the tool is […]

Read more

Configuring and auditing Linux systems with Audit daemon

Configuring and auditing Linux systems with Audit daemon The Linux Audit Daemon is a framework to allow auditing events on a Linux system. Within this article we will have a look at installation, configuration and using the framework to perform Linux system and security auditing. Auditing goals By using a powerful audit framework, the system can track many event types to monitor and audit the system. Examples include: Audit file access and modification See who changed a particular file Detect […]

Read more

How to update Lynis

How to update Lynis With every software tool receiving improvements and bug fixes, it’s important to update Lynis as well. In this article we have a look at how to easily upgrade Lynis. Options Two common options to keep software up-to-date is by using a package, or the usage of a custom archive. Installing Lynis is optional, running it from remote (or local) storage is a valid option. Lynis Packages On the CISOfy software repository you can find a Lynis […]

Read more

CAATTs for Linux: Lynis

CAATTs for Linux Within the field of the audit profession the usage of CAAT (Computer-assisted audit techniques) or CAATTs (computer-assisted audit tools and techniques) is growing. Lynis is filling this gap for Linux and Unix based systems. It’s a well-known and stable tool in this area and improves the audit process by automation. Only a few items could then be checked manually. This saves time, makes the audit more predictable and increases the quality of the overall audit. Lynis Based […]

Read more

How to use Lynis

How to use Lynis This article explains in a few quick steps how to start with using Lynis. A more extensive explanation can be found in the documentation of Lynis. Download Lynis: wget http://cisofy.com/files/lynis-version.tar.gz Unpack tarball: tar xfvz lynis-version.tar.gz This will unpack the tarball with a Lynis directory. Go into this directory: cd lynis-version When running Lynis for the very first time, just just the -c parameter. It will start the audit process and pauses after every batch of tests. […]

Read more

Antivirus for Linux: is it really needed?

The question regarding the need for antivirus for Linux is after years still relevant. It is asked at forums and shows up regularly at Quora. As the original author of rkhunter, a malware scanner for Linux and Unix systems, I analyzed many malicious software components. You might be wondering that if there is malware, there is also a need for a scanner, right? It is actually not that easy to answer. It depends… So is antivirus on Linux really needed […]

Read more

How to deal with a compromised Linux system

One day your web hoster or yourself may discover that your Linux system is slow. Upon logging in, you see a high load consumed by a suspicious process name or maybe just the Apache web server. Is your system compromised? How do you know it is? Let’s have a look at how to deal with security breaches and incident response. Recognizing a security breach Not all security breaches are directly visible. Attackers may have compromised your system a while ago […]

Read more

Auditing Linux: Software Packages and Managers

Auditing Linux: Software Packages and Managers No system can do its job without any installed software packages. However after installation of the system, or running it for a while, it often becomes unclear why some software was ever installed. This article looks at methods on auditing installed software, check for security updates and the related follow-up. Package managers To enable system administrators to properly manage software and upgrading them, Linux uses a package manager. This suite often consists of a […]

Read more

Lynis Hardening Index

At the end of each Lynis scan, the report will be displayed. This report will include the findings (warnings and suggestions) and general information like the number of security tests performed. Additionally, the location of the log file and report data will be displayed. Between all this information there is a “Lynis hardening index” displayed. This index is unique to Lynis. The index gives the auditor an impression on how well a system is hardened. This number, however, is just […]

Read more

Securing Linux: Audit with Lynis (an introduction into auditing)

Introduction Securing a Linux system can take a lot of time. For this purpose we have written Lynis, a quick and small audit tool. It’s an open source tool and freely available. You just need root permissions and a common shell and you’re ready to do your first audit. The main audience for this tool is auditors, security professionals, penetrating testers and system administrators. First audit Most Linux distributions already have Lynis in their software repository. If not, then download Lynis […]

Read more

Linux Audit: Auditing the Network Configuration

Introduction Within this article we have a look on how to audit and check the network configuration of Linux and other systems. The main focus is on gathering information and discover how systems are configured. By taking these steps we will do a manual audit. For efficiency reasons we suggest to use an automated tool like Lynis. Where to start? Each Linux distribution has their own way and files to configure the network. Therefore we look at the basic components […]

Read more

Lynis stuck during testing

Introduction Normal Lynis scans take a few minutes to complete, therefore any test taking more than 1 minute, might be stuck during its test. Within this article we have a look at a few things you can do. Stuck When a particular test is taking a long time, the test might be stuck. However, that’s not always the case. To determine what Lynis is doing, open up a second terminal and start with running ps aux to see what processes […]

Read more
1131415