1. 程式人生 > >漏洞掃描之lynis掃描

漏洞掃描之lynis掃描

lynis是一款比較好用的主機掃描軟體。

用法

首先,顯示lynis可以掃描的內容類別

指向掃描其中某個方面,如選擇php和ssh:

[email protected]:~# sudo lynis --tests-from-group "php ssh" --no-colors

[ Lynis 2.6.2 ]

################################################################################
  Lynis comes with ABSOLUTELY NO WARRANTY. This is free software, and you are
  welcome to redistribute it under the terms of the GNU General Public License.
  See the LICENSE file for details about using this software.

  2007-2018, CISOfy - https://cisofy.com/lynis/
  Enterprise support available (compliance, plugins, interface and tools)
################################################################################


[+] Initializing program
------------------------------------
  - Detecting OS...                                           [ DONE ]
  - Checking profiles...                                      [ DONE ]
  - Detecting language and localization                       [ zh ]
    Notice: no language file found for 'zh' (tried: /usr/share/lynis/db/languages/zh)

  ---------------------------------------------------
  Program version:           2.6.2
  Operating system:          Linux
  Operating system name:     Debian
  Operating system version:  kali-rolling
  Kernel version:            4.17.0
  Hardware platform:         x86_64
  Hostname:                  KaliWittPeng
  ---------------------------------------------------
  Profiles:                  /etc/lynis/default.prf
  Log file:                  /var/log/lynis.log
  Report file:               /var/log/lynis-report.dat
  Report version:            1.0
  Plugin directory:          /etc/lynis/plugins
  ---------------------------------------------------
  Auditor:                   [Not Specified]
  Language:                  zh
  Test category:             all
  Test group:                php ssh
  ---------------------------------------------------
  - Program update status...                                  [ UPDATE AVAILABLE ]

      ===============================================================================
        Lynis update available
      ===============================================================================

        Current version is more than 4 months old

        Current version : 262   Latest version : 270

        Please update to the latest version.
        New releases include additional features, bug fixes, tests, and baselines.

        Download the latest version:

        Packages (DEB/RPM) -  https://packages.cisofy.com
        Website (TAR)      -  https://cisofy.com/downloads/
        GitHub (source)    -  https://github.com/CISOfy/lynis

      ===============================================================================


[+] System Tools
------------------------------------
  - Scanning available tools...
  - Checking system binaries...

[+] Plugins (phase 1)
------------------------------------
 Note: plugins have more extensive tests and may take several minutes to complete
  
  - Plugin: debian
    [
[+] Debian Tests
------------------------------------
  - Checking for system binaries that are required by Debian Tests...
    - Checking /bin...                                        [ FOUND ]
    - Checking /sbin...                                       [ FOUND ]
    - Checking /usr/bin...                                    [ FOUND ]
    - Checking /usr/sbin...                                   [ FOUND ]
    - Checking /usr/local/bin...                              [ FOUND ]
    - Checking /usr/local/sbin...                             [ FOUND ]
  - Authentication:
    - PAM (Pluggable Authentication Modules):
      - libpam-tmpdir                                         [ Not Installed ]
      - libpam-usb                                            [ Not Installed ]
  - File System Checks:
    - DM-Crypt, Cryptsetup & Cryptmount:
      - Checking / on /dev/sda1                               [ NOT ENCRYPTED ]
      - Checking /tmp on /dev/sda7                            [ NOT ENCRYPTED ]
      - Checking /home on /dev/sda8                           [ NOT ENCRYPTED ]
      - Checking /var on /dev/sda5                            [ NOT ENCRYPTED ]
      - Checking /media/cdrom0 on /dev/sr0                    [ NOT ENCRYPTED ]
  - Software:
    - apt-listbugs                                            [ Not Installed ]
    - apt-listchanges                                         [ Installed and enabled for apt ]
    - checkrestart                                            [ Not Installed ]
    - needrestart                                             [ Not Installed ]
    - debsecan                                                [ Not Installed ]
    - debsums                                                 [ Not Installed ]
    - fail2ban                                                [ Not Installed ]
]

[+] PHP
------------------------------------
  - Checking PHP                                              [ NOT FOUND ]
    - Checking PHP disabled functions                         [ NONE ]
    - Checking PHP suhosin extension status                   [ WARNING ]
      - Suhosin simulation mode status                        [ WARNING ]

[+] SSH Support
------------------------------------
  - Checking running SSH daemon                               [ NOT FOUND ]

[+] Custom Tests
------------------------------------
  - Running custom tests...                                   [ NONE ]

[+] Plugins (phase 2)
------------------------------------

================================================================================

  -[ Lynis 2.6.2 Results ]-

  Great, no warnings

  Suggestions (12):
  ----------------------------
  * Version of Lynis outdated, consider upgrading to the latest version [LYNIS] 
      https://cisofy.com/controls/LYNIS/

  * Install libpam-tmpdir to set $TMP and $TMPDIR for PAM sessions [CUST-0280] 
      https://your-domain.example.org/controls/CUST-0280/

  * Install libpam-usb to enable multi-factor authentication for PAM sessions [CUST-0285] 
      https://your-domain.example.org/controls/CUST-0285/

  * Install apt-listbugs to display a list of critical bugs prior to each APT installation. [CUST-0810] 
      https://your-domain.example.org/controls/CUST-0810/

  * Install debian-goodies so that you can run checkrestart after upgrades to determine which services are using old versions of libraries and need restarting. [CUST-0830] 
      https://your-domain.example.org/controls/CUST-0830/

  * Install needrestart, alternatively to debian-goodies, so that you can run needrestart after upgrades to determine which daemons are using old versions of libraries and need restarting. [CUST-0831] 
      https://your-domain.example.org/controls/CUST-0831/

  * Install debsecan to generate lists of vulnerabilities which affect this installation. [CUST-0870] 
      https://your-domain.example.org/controls/CUST-0870/

  * Install debsums for the verification of installed package files against MD5 checksums. [CUST-0875] 
      https://your-domain.example.org/controls/CUST-0875/

  * Install fail2ban to automatically ban hosts that commit multiple authentication errors. [DEB-0880] 
      https://cisofy.com/controls/DEB-0880/

  * Harden PHP by disabling risky functions [PHP-2320] 
      https://cisofy.com/controls/PHP-2320/

  * Harden PHP by enabling suhosin extension [PHP-2379] 
      https://cisofy.com/controls/PHP-2379/

  * Harden PHP by deactivating suhosin simulation mode [PHP-2379] 
      https://cisofy.com/controls/PHP-2379/

  Follow-up:
  ----------------------------
  - Show details of a test (lynis show details TEST-ID)
  - Check the logfile for all details (less /var/log/lynis.log)
  - Read security controls texts (https://cisofy.com)
  - Use --upload to upload data to central system (Lynis Enterprise users)

================================================================================

  Lynis security scan details:

  Hardening index : 6 [#                   ]
  Tests performed : 16
  Plugins enabled : 1

  Components:
  - Firewall               [X]
  - Malware scanner        [V]

  Lynis Modules:
  - Compliance Status      [?]
  - Security Audit         [V]
  - Vulnerability Scan     [V]

  Files:
  - Test and debug information      : /var/log/lynis.log
  - Report data                     : /var/log/lynis-report.dat

================================================================================
  Notice: Lynis update available
  Current version : 262    Latest version : 270
================================================================================

  Lynis 2.6.2

  Auditing, system hardening, and compliance for UNIX-based systems
  (Linux, macOS, BSD, and others)

  2007-2018, CISOfy - https://cisofy.com/lynis/
  Enterprise support available (compliance, plugins, interface and tools)

================================================================================

  [TIP]: Enhance Lynis audits by adding your settings to custom.prf (see /etc/lynis/default.prf for all settings)

檢視詳細說明:

show details 引數來獲取關於某條警告/建議的詳細說明。其對應的命令形式為:

lynis show details ${test_id}

執行命令:

[email protected]:~# sudo lynis show details NETW-3032

檢視日誌檔案

lynis在審計完成後會將詳細的資訊記錄在 /var/log/lynis.log 中

[email protected]:~# sudo tail /var/log/lynis.log
2018-11-15 21:53:05 ================================================================================
2018-11-15 21:53:05 Lynis 2.6.2
2018-11-15 21:53:05 2007-2018, CISOfy - https://cisofy.com/lynis/
2018-11-15 21:53:05 Enterprise support available (compliance, plugins, interface and tools)
2018-11-15 21:53:05 Program ended successfully
2018-11-15 21:53:05 ================================================================================
2018-11-15 21:53:05 PID file removed (/var/run/lynis.pid)
2018-11-15 21:53:05 Temporary files:  /tmp/lynis.WOUpjSumpG
2018-11-15 21:53:05 Action: removing temporary file /tmp/lynis.WOUpjSumpG
2018-11-15 21:53:05 Lynis ended successfully.
[email protected]
:~# sudo tail /var/log/lynis-report.dat test_group=all plugin_directory=/etc/lynis/plugins lynis_update_available=0 suggestion[]=LYNIS|This release is more than 4 months old. Consider upgrading|-|-| vm=1 vmtype=kvm container=0 systemd=1 hostid2=7d2106ffd9c966d580acf707fe411655546f25717b5bc020ae9ddde60eab5f8f hostid=6d26a8d66698ec6f34aeb9e97499a6c46b0ecc56

檢查更新

審計軟體需要隨時進行更新從而得到最新的建議和資訊,我們可以使用update info 引數來檢查更新:

[email protected]:~# lynis update info --no-colors

 == Lynis ==

  Version            : 2.6.2
  Status             : Outdated
  Installed version  : 262
  Latest version     : 270
  Release date       : 2018-02-13
  Update location    : https://cisofy.com/lynis/


2007-2018, CISOfy - https://cisofy.com/lynis/

自定義lynis安全審計策略

lynis的配置資訊以 .prf 檔案的格式儲存在 /etc/lynis 目錄中。 其中,預設lynis自帶一個名為 default.prf 的預設配置檔案。

不過我們無需直接修改這個預設的配置檔案,只需要新增一個custom.prf 檔案將自定義的資訊加入其中就可以了。

關於配置檔案中各配置項的意義,在default.prf 中都有相應的註釋說明,這裡就不詳述了。

想了解lynis的更多資訊,可以訪問它的官網.

借鑑自:https://www.jb51.net/article/142531.htm