怎么利用lynis进行linux漏洞扫描-亚博电竞手机版

tangjin linux 2021年02月23日 07:38

这篇文章给大家分享的是有关怎么利用lynis进行linux漏洞扫描的内容。小编觉得挺实用的，因此分享给大家做个参考，一起跟随小编过来看看吧。

前言

lynis 是一款运行在 unix/linux 平台上的基于主机的、开源的安全审计软件。lynis是针对unix/linux的安全检查工具，可以发现潜在的安全威胁。这个工具覆盖可疑文件监测、漏洞、恶意程序扫描、配置错误等。下面一起来看看使用lynis进行linux漏洞扫描的相关内容吧

安装lynis

在 archlinux 上可以直接通过 pacman 来安装

sudopacman-slynis--noconfirm

resolvingdependencies... lookingforconflictingpackages...  packages(1)lynis-2.6.4-1  totalinstalledsize:1.35mib netupgradesize:0.00mib  ::proceedwithinstallation?[y/n] (0/1)checkingkeysinkeyring[----------------------]0% (1/1)checkingkeysinkeyring[######################]100% (0/1)checkingpackageintegrity[----------------------]0% (1/1)checkingpackageintegrity[######################]100% (0/1)loadingpackagefiles[----------------------]0% (1/1)loadingpackagefiles[######################]100% (0/1)checkingforfileconflicts[----------------------]0% (1/1)checkingforfileconflicts[######################]100% (0/1)checkingavailablediskspace[----------------------]0% (1/1)checkingavailablediskspace[######################]100% ::processingpackagechanges... (1/1)reinstallinglynis[----------------------]0% (1/1)reinstallinglynis[######################]100% ::runningpost-transactionhooks... (1/2)reloadingsystemmanagerconfiguration... (2/2)armingconditionneedsupdate...

使用lynis进行主机扫描

首先让我们不带任何参数运行 lynis, 这会列出 lynis 支持的那些参数

[lujun9972@t520linux和它的小伙伴]$lynis  [lynis2.6.4]  ################################################################################ lyniscomeswithabsolutelynowarranty.thisisfreesoftware,andyouare welcometoredistributeitunderthetermsofthegnugeneralpubliclicense. seethelicensefilefordetailsaboutusingthissoftware.  2007-2018,cisofy-https://cisofy.com/lynis/ enterprisesupportavailable(compliance,plugins,interfaceandtools) ################################################################################   [ ]initializingprogram ------------------------------------   usage:lyniscommand[options]   command:  audit auditsystem:performlocalsecurityscan auditsystemremote:remotesecurityscan auditdockerfile:analyzedockerfile  show show:showallcommands showversion:showlynisversion showhelp:showhelp  update updateinfo:showupdatedetails   options:  --no-log:don'tcreatealogfile --pentest:non-privilegedscan(usefulforpentest) --profile:scanthesystemwiththegivenprofilefile --quick(-q):quickmode,don'twaitforuserinput  layoutoptions --no-colors:don'tusecolorsinoutput --quiet(-q):nooutput --reverse-colors:optimizecolordisplayforlightbackgrounds  miscoptions --debug:debugloggingtoscreen --view-manpage(--man):viewmanpage --verbose:showmoredetailsonscreen --version(-v):displayversionnumberandquit  enterpriseoptions --plugindir:definepathofavailableplugins --upload:uploaddatatocentralnode  moreoptionsavailable.run'/usr/bin/lynisshowoptions',orusethemanpage.  nocommandprovided.exiting..

从上面可以看出，使用 lynis 进行主机扫描很简单，只需要带上参数 audit system 即可。 lynis在审计的过程中,会进行多种类似的测试,在审计过程中会将各种测试结果、调试信息、和对系统的加固建议都被写到 stdin 。我们可以执行下面命令来跳过检查过程,直接截取最后的扫描建议来看。

sudolynisauditsystem|sed'1,/results/d'

lynis将扫描的内容分成几大类，可以通过 show groups 参数来获取类别

lynisshowgroups

accountingauthenticationbannersboot_servicescontainerscryptodatabasesdnsfile_integrityfile_permissionsfilesystemsfirewallshardeninghomedirsinsecure_serviceskernelkernel_hardeningldaploggingmac_frameworksmail_messagingmalwarememory_processesnameservicesnetworkingphpports_packagesprinters_spoolsschedulingshellssnmpsquidsshstoragestorage_nfssystem_integritytimetoolingusbvirtualizationwebservers

若指向扫描某几类的内容，则可以通过 –tests-from-group 参数来指定。

比如我只想扫描 shells 和 networking 方面的内容，则可以执行

sudolynis--tests-from-group"shellsnetworking"--no-colors

[lynis2.6.4]  ################################################################################ lyniscomeswithabsolutelynowarranty.thisisfreesoftware,andyouare welcometoredistributeitunderthetermsofthegnugeneralpubliclicense. seethelicensefilefordetailsaboutusingthissoftware.  2007-2018,cisofy-https://cisofy.com/lynis/ enterprisesupportavailable(compliance,plugins,interfaceandtools) ################################################################################   [ ]initializingprogram ------------------------------------ [2c-detectingos...[41c[done] [2c-checkingprofiles...[37c[done] [2c-detectinglanguageandlocalization[22c[zh] [4cnotice:nolanguagefilefoundfor'zh'(tried:/usr/share/lynis/db/languages/zh)[0c  --------------------------------------------------- programversion:2.6.4 operatingsystem:linux operatingsystemname:archlinux operatingsystemversion:rollingrelease kernelversion:4.16.13 hardwareplatform:x86_64 hostname:t520 --------------------------------------------------- profiles:/etc/lynis/default.prf logfile:/var/log/lynis.log reportfile:/var/log/lynis-report.dat reportversion:1.0 plugindirectory:/usr/share/lynis/plugins --------------------------------------------------- auditor:[notspecified] language:zh testcategory:all testgroup:shellsnetworking --------------------------------------------------- [2c-programupdatestatus...[32c[noupdate]  [ ]systemtools ------------------------------------ [2c-scanningavailabletools...[30c [2c-checkingsystembinaries...[30c  [ ]plugins(phase1) ------------------------------------ [0cnote:pluginshavemoreextensivetestsandmaytakeseveralminutestocomplete[0c [0c[0c [2c-pluginsenabled[42c[none]  [ ]shells ------------------------------------ [2c-checkingshellsfrom/etc/shells[25c [4cresult:found5shells(validshells:5).[16c [4c-sessiontimeoutsettings/tools[25c[none] [2c-checkingdefaultumaskvalues[28c [4c-checkingdefaultumaskin/etc/bash.bashrc[13c[none] [4c-checkingdefaultumaskin/etc/profile[17c[weak]  [ ]networking ------------------------------------ [2c-checkingipv6configuration[30c[enabled] [6cconfigurationmethod[35c[auto] [6cipv6only[46c[no] [2c-checkingconfigurednameservers[26c [4c-testingnameservers[36c [6cnameserver:202.96.134.33[30c[skipped] [6cnameserver:202.96.128.86[30c[skipped] [4c-minimalof2responsivenameservers[20c[skipped] [2c-gettinglisteningports(tcp/udp)[24c[done] [6c*found11ports[39c [2c-checkingstatusdhcpclient[30c[running] [2c-checkingforarpmonitoringsoftware[21c[notfound]  [ ]customtests ------------------------------------ [2c-runningcustomtests...[33c[none]  [ ]plugins(phase2) ------------------------------------  ================================================================================  -[lynis2.6.4results]-  great,nowarnings  suggestions(1): ---------------------------- *considerrunningarpmonitoringsoftware(arpwatch,arpon)[netw-3032]  https://cisofy.com/controls/netw-3032/  follow-up: ---------------------------- -showdetailsofatest(lynisshowdetailstest-id) -checkthelogfileforalldetails(less/var/log/lynis.log) -readsecuritycontrolstexts(https://cisofy.com) -use--uploadtouploaddatatocentralsystem(lynisenterpriseusers)  ================================================================================  lynissecurityscandetails:  hardeningindex:33[######] testsperformed:13 pluginsenabled:0  components: -firewall[x] -malwarescanner[x]  lynismodules: -compliancestatus[?] -securityaudit[v] -vulnerabilityscan[v]  files: -testanddebuginformation:/var/log/lynis.log -reportdata:/var/log/lynis-report.dat  ================================================================================  lynis2.6.4  auditing,systemhardening,andcomplianceforunix-basedsystems (linux,macos,bsd,andothers)  2007-2018,cisofy-https://cisofy.com/lynis/ enterprisesupportavailable(compliance,plugins,interfaceandtools)  ================================================================================  [tip]:enhancelynisauditsbyaddingyoursettingstocustom.prf(see/etc/lynis/default.prfforallsettings)

查看详细说明

在查看审计结果时,你可以通过 show details 参数来获取关于某条警告/建议的详细说明。其对应的命令形式为:

lynisshowdetails${test_id}

比如，上面图中有一个建议

*considerrunningarpmonitoringsoftware(arpwatch,arpon)[netw-3032]

我们可以运行命令：

sudolynisshowdetailsnetw-3032

2018-06-0818:18:01performingtestidnetw-3032(checkingforarpmonitoringsoftware) 2018-06-0818:18:01isrunning:process'arpwatch'notfound 2018-06-0818:18:01isrunning:process'arpon'notfound 2018-06-0818:18:01suggestion:considerrunningarpmonitoringsoftware(arpwatch,arpon)[test:netw-3032][details:-][solution:-] 2018-06-0818:18:01checkingpermissionsof/usr/share/lynis/include/tests_printers_spools 2018-06-0818:18:01filepermissionsareok 2018-06-0818:18:01===---------------------------------------------------------------===

查看日志文件

lynis在审计完成后会将详细的信息记录在 /var/log/lynis.log 中.

sudotail/var/log/lynis.log

2018-06-0817:59:46================================================================================ 2018-06-0817:59:46lynis2.6.4 2018-06-0817:59:462007-2018,cisofy-https://cisofy.com/lynis/ 2018-06-0817:59:46enterprisesupportavailable(compliance,plugins,interfaceandtools) 2018-06-0817:59:46programendedsuccessfully 2018-06-0817:59:46================================================================================ 2018-06-0817:59:46pidfileremoved(/var/run/lynis.pid) 2018-06-0817:59:46temporaryfiles:/tmp/lynis.sgxcr0hspz 2018-06-0817:59:46action:removingtemporaryfile/tmp/lynis.sgxcr0hspz 2018-06-0817:59:46lynisendedsuccessfully.

同时将报告数据被保存到 /var/log/lynis-report.dat 中.

sudotail/var/log/lynis-report.dat

另外需要注意的是，每次审计都会覆盖原日志文件.

检查更新

审计软件需要随时进行更新从而得到最新的建议和信息，我们可以使用 update info 参数来检查更新:

lynisupdateinfo--no-colors

==[1;37mlynis[0m==  version:2.6.4 status:[1;32mup-to-date[0m releasedate:2018-05-02 updatelocation:https://cisofy.com/lynis/   2007-2018,cisofy-https://cisofy.com/lynis/

自定义lynis安全审计策略

lynis的配置信息以 .prf 文件的格式保存在 /etc/lynis 目录中。其中，默认lynis自带一个名为 default.prf 的默认配置文件。

不过我们无需直接修改这个默认的配置文件，只需要新增一个 custom.prf 文件将自定义的信息加入其中就可以了。

关于配置文件中各配置项的意义，在 default.prf 中都有相应的注释说明,这里就不详述了。

想了解lynis的更多信息，可以访问它的亚博电竞手机版官网.

感谢各位的阅读！关于“怎么利用lynis进行linux漏洞扫描”这篇文章就分享到这里了，希望以上内容可以对大家有一定的帮助，让大家可以学到更多知识，如果觉得文章不错，可以把它分享出去让更多的人看到吧！

展开全文

linux

内容来源于互联网和用户投稿,文章中一旦含有亚博电竞手机版的联系方式务必识别真假，本站仅做信息展示不承担任何相关责任，如有侵权或涉及法律问题请联系亚博电竞手机版删除

亚博电竞手机版-亚博vip888

怎么利用lynis进行linux漏洞扫描-亚博电竞手机版

linux

ubuntu轻松编译openjdk的方法

linux下查杀stopped进程的方法

最新文章

10种象征爱情的花(寓意爱情的花？)

邢台十大美食有哪些(邢台特色美食？)

越南下龙湾简介(越南的下龙湾风景怎么样？)

国家加班费(怎么计算加班费？)

ubuntu轻松编译openjdk的方法

linux下查杀stopped进程的方法

最新文章

手机扫一扫关注亚博电竞手机版