After all, not all systems have to be like Fort Knox, unless you want it to be. You are the one to decide what level of security is appropriate for your environment. Instead of just turning on some settings, Lynis perform an in-depth security scan. Differences with BastilleĪutomated hardening tools are helpful, but at the same time might give a false sense of security. It focuses mainly on automatically hardening the system. Bastille Linuxīastille was for a long time the best known utility for hardening Linux systems. Here are some comparisons with some other well-known tools. After all, you should be the one deciding what security controls make sense for your environment. Lynis has a different way of doing things, so you gain more flexibility. Findings like warnings and suggestions are stored in a separate report file (lynis-report.dat). Perform execution of your custom tests (optional)īesides the report and information displayed on screen, all technical details about the scan are stored in a log file (lynis.log).Search for available software components.Perform basic checks, such as file ownership.This is what happens during a typical scan with Lynis: A good example is collecting any discovered certificates, so that they can be scanned later as well. It then performs additional auditing steps based on that. Then when it performs the specific Apache tests, it may also discover a SSL/TLS configuration. No audit will be the same!Įxample: When Lynis detects that you are running Apache, it will perform an initial round of Apache related tests. In other words: Lynis will always perform scans that are tailored to your system. Also, the more components it discovers, the more extensive the audit will be. The benefit is that no installation of other tools is needed, so you can keep your systems clean.īy using this scanning method, the tool can run with almost no dependencies. This means it will only use and test the components that it can find, such as the available system tools and its libraries. Lynis scanning is modular and opportunistic.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |