lynis : Unix ±â¹ÝÀÇ º¸¾È°¨»ç ¹× °Èµµ±¸
# git clone https://github.com/CISOfy/lynis.git# cd lynis
Warning : Ãë¾àÁ¡ °æ°í¹®±¸
# grep Warning /var/log/lynis.log
[09:19:31] Warning: Found world writable startup scripts [BOOT-5184]
[09:19:32] Warning: Multiple users with UID 0 found in passwd file [AUTH-9204]
[09:19:53] Warning: Found one or more vulnerable packages. [PKGS-7392]
[09:19:53] Warning: Couldn't find 2 responsive nameservers [NETW-2705]
[09:19:54] Warning: Root can directly login via SSH [SSH-7412]
¡Ø Suggestion : º¸¾È°È¸¦ À§ÇÑ Á¦¾È
Once lynis starts scanning your system, it will perform auditing in a number of categories:
- System tools: system binaries
- Boot and services: boot loaders, startup services
- Kernel: run level, loaded modules, kernel configuration, core dumps
- Memory and processes: zombie processes, IO waiting processes
- Users, groups and authentication: group IDs, sudoers, PAM configuration, password aging, default mask
- Shells
- File systems: mount points, /tmp files, root file system
- Storage: usb-storage, firewire ohci
- NFS
- Software: name services: DNS search domain, BIND
- Ports and packages: vulnerable/upgradable packages, security repository
- Networking: nameservers, promiscuous interfaces, connections
- Printers and spools: cups configuration
- Software: e-mail and messaging
- Software: firewalls: iptables, pf
- Software: webserver: Apache, nginx
- SSH support: SSH configuration
- SNMP support
- Databases: MySQL root password
- LDAP services
- Software: php: php options
- Squid support
- Logging and files: syslog daemon, log directories
- Insecure services: inetd
- Banners and identification
- Scheduled tasks: crontab/cronjob, atd
- Accounting: sysstat data, auditd
- Time and synchronization: ntp daemon
- Cryptography: SSL certificate expiration
- Virtualization
- Security frameworks: AppArmor, SELinux, grsecurity status
- Software: file integrity
- Software: malware scanners
- Home directories: shell history files