怎么利用lynis进行linux漏洞扫描-mile米乐体育

这篇文章给大家分享的是有关怎么利用lynis进行linux漏洞扫描的内容。小编觉得挺实用的,因此分享给大家做个参考,一起跟随小编过来看看吧。

前言

lynis 是一款运行在 unix/linux 平台上的基于主机的、开源的安全审计软件。lynis是针对unix/linux的安全检查工具,可以发现潜在的安全威胁。这个工具覆盖可疑文件监测、漏洞、恶意程序扫描、配置错误等。下面一起来看看使用lynis进行linux漏洞扫描的相关内容吧

安装lynis

在 archlinux 上可以直接通过 pacman 来安装

sudopacman-slynis--noconfirm
resolvingdependencies... lookingforconflictingpackages...  packages(1)lynis-2.6.4-1  totalinstalledsize:1.35mib netupgradesize:0.00mib  ::proceedwithinstallation?[y/n] (0/1)checkingkeysinkeyring[----------------------]0% (1/1)checkingkeysinkeyring[######################]100% (0/1)checkingpackageintegrity[----------------------]0% (1/1)checkingpackageintegrity[######################]100% (0/1)loadingpackagefiles[----------------------]0% (1/1)loadingpackagefiles[######################]100% (0/1)checkingforfileconflicts[----------------------]0% (1/1)checkingforfileconflicts[######################]100% (0/1)checkingavailablediskspace[----------------------]0% (1/1)checkingavailablediskspace[######################]100% ::processingpackagechanges... (1/1)reinstallinglynis[----------------------]0% (1/1)reinstallinglynis[######################]100% ::runningpost-transactionhooks... (1/2)reloadingsystemmanagerconfiguration... (2/2)armingconditionneedsupdate...

使用lynis进行主机扫描

首先让我们不带任何参数运行 lynis, 这会列出 lynis 支持的那些参数

[lujun9972@t520linux和它的小伙伴]$lynis  [lynis2.6.4]  ################################################################################ lyniscomeswithabsolutelynowarranty.thisisfreesoftware,andyouare welcometoredistributeitunderthetermsofthegnugeneralpubliclicense. seethelicensefilefordetailsaboutusingthissoftware.  2007-2018,cisofy-https://cisofy.com/lynis/ enterprisesupportavailable(compliance,plugins,interfaceandtools) ################################################################################   [ ]initializingprogram ------------------------------------   usage:lyniscommand[options]   command:  audit auditsystem:performlocalsecurityscan auditsystemremote:remotesecurityscan auditdockerfile:analyzedockerfile  show show:showallcommands showversion:showlynisversion showhelp:showhelp  update updateinfo:showupdatedetails   options:  --no-log:don'tcreatealogfile --pentest:non-privilegedscan(usefulforpentest) --profile:scanthesystemwiththegivenprofilefile --quick(-q):quickmode,don'twaitforuserinput  layoutoptions --no-colors:don'tusecolorsinoutput --quiet(-q):nooutput --reverse-colors:optimizecolordisplayforlightbackgrounds  miscoptions --debug:debugloggingtoscreen --view-manpage(--man):viewmanpage --verbose:showmoredetailsonscreen --version(-v):displayversionnumberandquit  enterpriseoptions --plugindir:definepathofavailableplugins --upload:uploaddatatocentralnode  moreoptionsavailable.run'/usr/bin/lynisshowoptions',orusethemanpage.  nocommandprovided.exiting..

从上面可以看出,使用 lynis 进行主机扫描很简单,只需要带上参数 audit system 即可。 lynis在审计的过程中,会进行多种类似的测试,在审计过程中会将各种测试结果、调试信息、和对系统的加固建议都被写到 stdin 。 我们可以执行下面命令来跳过检查过程,直接截取最后的扫描建议来看。

sudolynisauditsystem|sed'1,/results/d'

lynis将扫描的内容分成几大类,可以通过 show groups 参数来获取类别

lynisshowgroups

accountingauthenticationbannersboot_servicescontainerscryptodatabasesdnsfile_integrityfile_permissionsfilesystemsfirewallshardeninghomedirsinsecure_serviceskernelkernel_hardeningldaploggingmac_frameworksmail_messagingmalwarememory_processesnameservicesnetworkingphpports_packagesprinters_spoolsschedulingshellssnmpsquidsshstoragestorage_nfssystem_integritytimetoolingusbvirtualizationwebservers

若指向扫描某几类的内容,则可以通过 –tests-from-group 参数来指定。

比如我只想扫描 shells 和 networking 方面的内容,则可以执行

sudolynis--tests-from-group"shellsnetworking"--no-colors
[lynis2.6.4]  ################################################################################ lyniscomeswithabsolutelynowarranty.thisisfreesoftware,andyouare welcometoredistributeitunderthetermsofthegnugeneralpubliclicense. seethelicensefilefordetailsaboutusingthissoftware.  2007-2018,cisofy-https://cisofy.com/lynis/ enterprisesupportavailable(compliance,plugins,interfaceandtools) ################################################################################   [ ]initializingprogram ------------------------------------ -detectingos...[done] -checkingprofiles...[done] -detectinglanguageandlocalization[zh] notice:nolanguagefilefoundfor'zh'(tried:/usr/share/lynis/db/languages/zh)  --------------------------------------------------- programversion:2.6.4 operatingsystem:linux operatingsystemname:archlinux operatingsystemversion:rollingrelease kernelversion:4.16.13 hardwareplatform:x86_64 hostname:t520 --------------------------------------------------- profiles:/etc/lynis/default.prf logfile:/var/log/lynis.log reportfile:/var/log/lynis-report.dat reportversion:1.0 plugindirectory:/usr/share/lynis/plugins --------------------------------------------------- auditor:[notspecified] language:zh testcategory:all testgroup:shellsnetworking --------------------------------------------------- -programupdatestatus...[noupdate]  [ ]systemtools ------------------------------------ -scanningavailabletools... -checkingsystembinaries...  [ ]plugins(phase1) ------------------------------------ note:pluginshavemoreextensivetestsandmaytakeseveralminutestocomplete  -pluginsenabled[none]  [ ]shells ------------------------------------ -checkingshellsfrom/etc/shells result:found5shells(validshells:5). -sessiontimeoutsettings/tools[none] -checkingdefaultumaskvalues -checkingdefaultumaskin/etc/bash.bashrc[none] -checkingdefaultumaskin/etc/profile[weak]  [ ]networking ------------------------------------ -checkingipv6configuration[enabled] configurationmethod[auto] ipv6only[no] -checkingconfigurednameservers -testingnameservers nameserver:202.96.134.33[skipped] nameserver:202.96.128.86[skipped] -minimalof2responsivenameservers[skipped] -gettinglisteningports(tcp/udp)[done] *found11ports -checkingstatusdhcpclient[running] -checkingforarpmonitoringsoftware[notfound]  [ ]customtests ------------------------------------ -runningcustomtests...[none]  [ ]plugins(phase2) ------------------------------------  ================================================================================  -[lynis2.6.4results]-  great,nowarnings  suggestions(1): ---------------------------- *considerrunningarpmonitoringsoftware(arpwatch,arpon)[netw-3032]  https://cisofy.com/controls/netw-3032/  follow-up: ---------------------------- -showdetailsofatest(lynisshowdetailstest-id) -checkthelogfileforalldetails(less/var/log/lynis.log) -readsecuritycontrolstexts(https://cisofy.com) -use--uploadtouploaddatatocentralsystem(lynisenterpriseusers)  ================================================================================  lynissecurityscandetails:  hardeningindex:33[######] testsperformed:13 pluginsenabled:0  components: -firewall[x] -malwarescanner[x]  lynismodules: -compliancestatus[?] -securityaudit[v] -vulnerabilityscan[v]  files: -testanddebuginformation:/var/log/lynis.log -reportdata:/var/log/lynis-report.dat  ================================================================================  lynis2.6.4  auditing,systemhardening,andcomplianceforunix-basedsystems (linux,macos,bsd,andothers)  2007-2018,cisofy-https://cisofy.com/lynis/ enterprisesupportavailable(compliance,plugins,interfaceandtools)  ================================================================================  [tip]:enhancelynisauditsbyaddingyoursettingstocustom.prf(see/etc/lynis/default.prfforallsettings)

查看详细说明

在查看审计结果时,你可以通过 show details 参数来获取关于某条警告/建议的详细说明。其对应的命令形式为:

lynisshowdetails${test_id}

比如,上面图中有一个建议

*considerrunningarpmonitoringsoftware(arpwatch,arpon)[netw-3032]

我们可以运行命令:

sudolynisshowdetailsnetw-3032
2018-06-0818:18:01performingtestidnetw-3032(checkingforarpmonitoringsoftware) 2018-06-0818:18:01isrunning:process'arpwatch'notfound 2018-06-0818:18:01isrunning:process'arpon'notfound 2018-06-0818:18:01suggestion:considerrunningarpmonitoringsoftware(arpwatch,arpon)[test:netw-3032][details:-][solution:-] 2018-06-0818:18:01checkingpermissionsof/usr/share/lynis/include/tests_printers_spools 2018-06-0818:18:01filepermissionsareok 2018-06-0818:18:01===---------------------------------------------------------------===

查看日志文件

lynis在审计完成后会将详细的信息记录在 /var/log/lynis.log 中.

sudotail/var/log/lynis.log
2018-06-0817:59:46================================================================================ 2018-06-0817:59:46lynis2.6.4 2018-06-0817:59:462007-2018,cisofy-https://cisofy.com/lynis/ 2018-06-0817:59:46enterprisesupportavailable(compliance,plugins,interfaceandtools) 2018-06-0817:59:46programendedsuccessfully 2018-06-0817:59:46================================================================================ 2018-06-0817:59:46pidfileremoved(/var/run/lynis.pid) 2018-06-0817:59:46temporaryfiles:/tmp/lynis.sgxcr0hspz 2018-06-0817:59:46action:removingtemporaryfile/tmp/lynis.sgxcr0hspz 2018-06-0817:59:46lynisendedsuccessfully.

同时将报告数据被保存到 /var/log/lynis-report.dat 中.

sudotail/var/log/lynis-report.dat

另外需要注意的是,每次审计都会覆盖原日志文件.

检查更新

审计软件需要随时进行更新从而得到最新的建议和信息,我们可以使用 update info 参数来检查更新:

lynisupdateinfo--no-colors
==lynis==  version:2.6.4 status:up-to-date releasedate:2018-05-02 updatelocation:https://cisofy.com/lynis/   2007-2018,cisofy-https://cisofy.com/lynis/

自定义lynis安全审计策略

lynis的配置信息以 .prf 文件的格式保存在 /etc/lynis 目录中。 其中,默认lynis自带一个名为 default.prf 的默认配置文件。

不过我们无需直接修改这个默认的配置文件,只需要新增一个 custom.prf 文件将自定义的信息加入其中就可以了。

关于配置文件中各配置项的意义,在 default.prf 中都有相应的注释说明,这里就不详述了。

想了解lynis的更多信息,可以访问它的米乐app官网登录官网.

感谢各位的阅读!关于“怎么利用lynis进行linux漏洞扫描”这篇文章就分享到这里了,希望以上内容可以对大家有一定的帮助,让大家可以学到更多知识,如果觉得文章不错,可以把它分享出去让更多的人看到吧!

展开全文
内容来源于互联网和用户投稿,文章中一旦含有米乐app官网登录的联系方式务必识别真假,本站仅做信息展示不承担任何相关责任,如有侵权或涉及法律问题请联系米乐app官网登录删除

最新文章

网站地图