Professional Documents
Culture Documents
elisangela@elisangela-Inspiron-1525 ~ $ sudo su
[sudo] password for elisangela:
elisangela-Inspiron-1525 elisangela # cd Downloads (entra na pasta do download)
elisangela-Inspiron-1525 Downloads # tar -zxvf lynis-1.5.2.tar.gz (descompacta o arquivo)
lynis-1.5.2/CHANGELOG
lynis-1.5.2/CONTRIBUTORS
lynis-1.5.2/FAQ
lynis-1.5.2/INSTALL
lynis-1.5.2/LICENSE
lynis-1.5.2/README
lynis-1.5.2/db/
lynis-1.5.2/db/integrity.db
lynis-1.5.2/db/sbl.db
lynis-1.5.2/db/fileperms.db
lynis-1.5.2/db/malware-susp.db
lynis-1.5.2/db/malware.db
lynis-1.5.2/db/hints.db
lynis-1.5.2/default.prf
lynis-1.5.2/dev/
lynis-1.5.2/dev/README
lynis-1.5.2/dev/files.dat
lynis-1.5.2/dev/TODO
lynis-1.5.2/dev/openbsd/
lynis-1.5.2/dev/openbsd/+CONTENTS
lynis-1.5.2/dev/check-lynis.sh
lynis-1.5.2/dev/build-lynis.sh
lynis-1.5.2/include/
lynis-1.5.2/include/profiles
lynis-1.5.2/include/tests_malware
lynis-1.5.2/include/tests_accounting
lynis-1.5.2/include/parameters
lynis-1.5.2/include/tests_ssh
lynis-1.5.2/include/tests_time
lynis-1.5.2/include/tests_firewalls
lynis-1.5.2/include/tests_nameservices
lynis-1.5.2/include/binaries
lynis-1.5.2/include/tests_webservers
lynis-1.5.2/include/tests_squid
lynis-1.5.2/include/tests_storage_nfs
lynis-1.5.2/include/tests_insecure_services
lynis-1.5.2/include/tests_scheduling
lynis-1.5.2/include/tests_tooling
lynis-1.5.2/include/tests_hardening
lynis-1.5.2/include/tests_networking
lynis-1.5.2/include/tests_custom.template
lynis-1.5.2/include/report
lynis-1.5.2/include/tests_boot_services
lynis-1.5.2/include/functions
lynis-1.5.2/include/tests_memory_processes
lynis-1.5.2/include/tests_file_permissions
lynis-1.5.2/include/tests_file_integrity
lynis-1.5.2/include/tests_shells
lynis-1.5.2/include/tests_databases
lynis-1.5.2/include/tests_homedirs
lynis-1.5.2/include/osdetection
lynis-1.5.2/include/tests_ldap
lynis-1.5.2/include/tests_ports_packages
lynis-1.5.2/include/tests_hardening_tools
lynis-1.5.2/include/tests_logging
lynis-1.5.2/include/tests_mail_messaging
lynis-1.5.2/include/tests_banners
lynis-1.5.2/include/tests_crypto
lynis-1.5.2/include/tests_kernel
lynis-1.5.2/include/tests_mac_frameworks
lynis-1.5.2/include/tests_solaris
lynis-1.5.2/include/tests_virtualization
lynis-1.5.2/include/tests_kernel_hardening
lynis-1.5.2/include/tests_snmp
lynis-1.5.2/include/tests_authentication
lynis-1.5.2/include/tests_filesystems
lynis-1.5.2/include/tests_storage
lynis-1.5.2/include/data_upload
lynis-1.5.2/include/tests_printers_spools
lynis-1.5.2/include/tests_php
lynis-1.5.2/include/consts
lynis-1.5.2/include/tests_tcpwrappers
lynis-1.5.2/lynis
lynis-1.5.2/lynis.8
lynis-1.5.2/plugins/
lynis-1.5.2/plugins/README
lynis-1.5.2/plugins/custom_plugin.template
elisangela-Inspiron-1525 Downloads # cd lynis-1.5.2/ (entra na pasta descompactada)
elisangela-Inspiron-1525 lynis-1.5.2 # sh lynis (instala o lynis)
[ Lynis 1.5.2 ]
################################################################################
Lynis comes with ABSOLUTELY NO WARRANTY. This is free software, and you are
welcome to redistribute it under the terms of the GNU General Public License.
See the LICENSE file for details about using this software.
Copyright 2007-2014 - Michael Boelen, http://cisofy.com
Enterprise support and plugins available via CISOfy - http://cisofy.com
################################################################################
[+] Initializing program
------------------------------------
Scan options:
--auditor "<name>"
: Auditor name
--check-all (-c)
: Check system
--no-log
: Don't create a log file
--profile <profile>
: Scan the system with the given profile file
--quick (-Q)
: Quick mode, don't wait for user input
--tests "<tests>"
: Run only tests defined by <tests>
--tests-category "<category>" : Run only tests defined by <category>
Layout options:
--no-colors
--quiet (-q)
--reverse-colors
Misc options:
--check-update
: Check for updates
--debug
: Debug logging to screen
--view-manpage (--man)
: View man page
--version (-V)
: Display version number and quit
Enterprise options:
--plugin-dir "<path">
: Define path of available plugins
--upload
: Upload data to central node
Error: No parameters specified!
See man page and documentation for all available options.
Exiting..
elisangela-Inspiron-1525 lynis-1.5.2 # ./lynis
[ Lynis 1.5.2 ]
################################################################################
Lynis comes with ABSOLUTELY NO WARRANTY. This is free software, and you are
welcome to redistribute it under the terms of the GNU General Public License.
See the LICENSE file for details about using this software.
Copyright 2007-2014 - Michael Boelen, http://cisofy.com
Enterprise support and plugins available via CISOfy - http://cisofy.com
################################################################################
[+] Initializing program
-----------------------------------Scan options:
--auditor "<name>"
: Auditor name
--check-all (-c)
: Check system
--no-log
: Don't create a log file
--profile <profile>
: Scan the system with the given profile file
--quick (-Q)
: Quick mode, don't wait for user input
--tests "<tests>"
: Run only tests defined by <tests>
--tests-category "<category>" : Run only tests defined by <category>
Layout options:
--no-colors
--quiet (-q)
--reverse-colors
Misc options:
--check-update
: Check for updates
--debug
: Debug logging to screen
--view-manpage (--man)
: View man page
--version (-V)
: Display version number and quit
Enterprise options:
--plugin-dir "<path">
: Define path of available plugins
--upload
: Upload data to central node
Error: No parameters specified!
See man page and documentation for all available options.
Exiting..
elisangela-Inspiron-1525 lynis-1.5.2 # sh lynis --auditor "elis" -c
auditor)
(criando um usurio
[ Lynis 1.5.2 ]
################################################################################
Lynis comes with ABSOLUTELY NO WARRANTY. This is free software, and you are
welcome to redistribute it under the terms of the GNU General Public License.
See the LICENSE file for details about using this software.
Copyright 2007-2014 - Michael Boelen, http://cisofy.com
Enterprise support and plugins available via CISOfy - http://cisofy.com
################################################################################
[+] Initializing program
------------------------------------ Detecting OS...
- Clearing log file (/var/log/lynis.log)...
[ DONE ]
[ DONE ]
--------------------------------------------------Program version:
1.5.2
Operating system:
Linux
Operating system name: Debian
Operating system version: wheezy/sid
Kernel version:
3.11.0-12-generic
Hardware platform:
x86_64
Hostname:
elisangela-Inspiron-1525
Auditor:
elis
Profile:
./default.prf
Log file:
/var/log/lynis.log
Report file:
/var/log/lynis-report.dat
Report version:
1.0
Plugin directory:
./plugins
--------------------------------------------------[ Press [ENTER] to continue, or [CTRL]+C to stop ]
Inicializando o Lynis - Varredura por auditor Resultado
[+] Initializing program
------------------------------------ Detecting OS...
- Clearing log file (/var/log/lynis.log)...
[ DONE ]
[ DONE ]
--------------------------------------------------Program version:
1.5.2
Operating system:
Linux
Operating system name: Debian
Operating system version: wheezy/sid
Kernel version:
3.11.0-12-generic
Hardware platform:
x86_64
Hostname:
elisangela-Inspiron-1525
Auditor:
elisangela
Profile:
./default.prf
Log file:
/var/log/lynis.log
Report file:
/var/log/lynis-report.dat
Report version:
1.0
Plugin directory:
./plugins
--------------------------------------------------[ Press [ENTER] to continue, or [CTRL]+C to stop ]
- Checking profile file (./default.prf)...
- Program update status...
[+] System Tools
------------------------------------ Scanning available tools...
- Checking system binaries...
- Checking /bin...
- Checking /sbin...
- Checking /usr/bin...
- Checking /usr/sbin...
- Checking /usr/local/bin...
- Checking /usr/local/sbin...
- Checking /usr/local/libexec...
- Checking /usr/libexec...
- Checking /usr/sfw/bin...
- Checking /usr/sfw/sbin...
- Checking /usr/sfw/libexec...
- Checking /opt/sfw/bin...
- Checking /opt/sfw/sbin...
- Checking /opt/sfw/libexec...
[ NO UPDATE ]
[ FOUND ]
[ FOUND ]
[ FOUND ]
[ FOUND ]
[ FOUND ]
[ FOUND ]
[ NOT FOUND ]
[ NOT FOUND ]
[ NOT FOUND ]
[ NOT FOUND ]
[ NOT FOUND ]
[ NOT FOUND ]
[ NOT FOUND ]
[ NOT FOUND ]
- Checking /usr/xpg4/bin...
- Checking /usr/css/bin...
- Checking /usr/ucb...
- Checking /usr/X11R6/bin...
[ NOT FOUND ]
[ NOT FOUND ]
[ NOT FOUND ]
[ NOT FOUND ]
[ NONE ]
[ FOUND ]
[ NOT FOUND ]
[ NOT FOUND ]
[ NOT FOUND ]
[ DONE ]
[ OK ]
[ FOUND ]
[ OK ]
[ WARNING ]
[ SUGGESTION ]
[ SUGGESTION ]
[ NONE ]
[ OK ]
[ OK ]
[ ENABLED ]
[ FOUND ]
[+] Storage
------------------------------------ Checking usb-storage driver (modprobe config)...
- Checking firewire ohci driver (modprobe config)...
[ NOT DISABLED ]
[ DISABLED ]
[ NOT FOUND ]
[ NONE ]
[ FOUND ]
[ NONE ]
[ UNKNOWN ]
[ NOT FOUND ]
[ NOT FOUND ]
[ NOT FOUND ]
[ NOT FOUND ]
[ OK ]
[ OK ]
[ OK ]
[ OK ]
[ WARNING ]
[ DONE ]
[ DONE ]
[ OK ]
[ OK ]
[ RUNNING ]
[ RUNNING ]
[ OK ]
[ WARNING ]
[ FOUND ]
[ NOT FOUND ]
[ NOT FOUND ]
[ NOT FOUND ]
[ NOT FOUND ]
[ NOT FOUND ]
[ NOT ACTIVE ]
[ NOT FOUND ]
[ NOT FOUND ]
[ NOT FOUND ]
[ NOT FOUND ]
[ NOT FOUND ]
[ NOT FOUND ]
[ NOT FOUND ]
[ NOT FOUND ]
[ OK ]
[ NOT FOUND ]
[ NOT FOUND ]
[ FOUND ]
[ NOT FOUND ]
[ NOT FOUND ]
[ OK ]
[ DONE ]
[ DONE ]
[ FILES FOUND ]
[ NOT ACTIVE ]
[ NOT FOUND ]
[ FOUND ]
[ WEAK ]
[ FOUND ]
[ WEAK ]
[ DONE ]
[ NOT RUNNING ]
[ NOT FOUND ]
[ NOT FOUND ]
[ NOT FOUND ]
[+] Cryptography
------------------------------------ Checking SSL certificate expiration...
[ OK ]
[ NOT FOUND ]
[ NOT FOUND ]
[ NOT FOUND ]
[ NONE ]
[ NOT FOUND ]
[ NOT FOUND ]
[ NOT FOUND ]
[ NOT FOUND ]
[ NOT FOUND ]
[ NOT FOUND ]
[ NOT FOUND ]
[ NOT FOUND ]
[ NOT FOUND ]
[ NOT FOUND ]
[ NOT FOUND ]
[ NOT FOUND ]
/root/.ssh
[ NOT FOUND ]
[ OK ]
[ FOUND ]
[ NOT FOUND ]
[ NONE ]
=======================================================================
=========
-[ Lynis 1.5.2 Results ]Tests performed: 158 Plugins enabled: 0
Warnings:
---------------------------- Can't find any security repository in /etc/apt/sources.list. [PKGS-7388]
http://cisofy.com/controls/PKGS-7388/
- Couldn't find 2 responsive nameservers [NETW-2705]
http://cisofy.com/controls/NETW-2705/
Suggestions:
---------------------------- Check process listing for processes waiting for IO requests [PROC-3614]
http://cisofy.com/controls/PROC-3614/
- Install a PAM module for password strength testing like pam_cracklib or pam_passwdqc
[AUTH-9262]
http://cisofy.com/controls/AUTH-9262/
- Configure password aging limits to enforce password changing on a regular base [AUTH-9286]
http://cisofy.com/controls/AUTH-9286/
- Default umask in /etc/login.defs could be more strict like 027 [AUTH-9328]
http://cisofy.com/controls/AUTH-9328/
- Default umask in /etc/init.d/rc could be more strict like 027 [AUTH-9328]
http://cisofy.com/controls/AUTH-9328/
- To decrease the impact of a full /home file system, place /home on a separated partition [FILE6310]
http://cisofy.com/controls/FILE-6310/
- To decrease the impact of a full /tmp file system, place /tmp on a separated partition [FILE-6310]
http://cisofy.com/controls/FILE-6310/
- Disable drivers like USB storage when not used, to prevent unauthorized storage or data theft
[STRG-1840]
http://cisofy.com/controls/STRG-1840/
- Check DNS configuration for the dns domain name [NAME-4028]
http://cisofy.com/controls/NAME-4028/
- Purge old/removed packages (3 found) with aptitude purge or dpkg --purge command. This will
cleanup old configuration files, cron jobs and startup scripts. [PKGS-7346]
http://cisofy.com/controls/PKGS-7346/
- Check /etc/apt/sources.list if a security repository is configured correctly [PKGS-7388]
http://cisofy.com/controls/PKGS-7388/
- Install a package audit tool to determine vulnerable packages [PKGS-7398]
http://cisofy.com/controls/PKGS-7398/
- Check your resolv.conf file and fill in a backup nameserver if possible [NETW-2705]
http://cisofy.com/controls/NETW-2705/