Lynis 介绍

Lynis是一个开放源码的安全审计工具。它的主要目标是审计和加强Unix和Linux的系统。它运行许多安全控制检查工具来扫描系统。例如包括搜索已安装的软件,并确定可能存在的配置缺陷。

许多测试都是常见的安全指南和标准方针的一部分,在顶部的额外安全检查。扫描后的报告将显示所有已发现的结果。为您提供初步的指导,链接会共享给相关Lynis的控制。

资料来源:http://rootkit.nl/projects/lynis.html
Lynis 首页
Lynis 源代码版本库

包含在lynis包工具

lynis - 开源安全审计工具

:~# lynis -h

[ Lynis 1.4.1 ]

################################################################################
 Lynis comes with ABSOLUTELY NO WARRANTY. This is free software, and you are
 welcome to redistribute it under the terms of the GNU General Public License.
 See the LICENSE file for details about using this software.

 Copyright 2007-2014 - Michael Boelen, http://cisofy.com
 Enterprise support and plugins available via CISOfy - http://cisofy.com
################################################################################

[+] Initializing program
------------------------------------
  Scan options:
    --auditor "<name>"            : Auditor name
    --check-all (-c)              : Check system
    --no-log                      : Don't create a log file
    --profile <profile>           : Scan the system with the given profile file
    --quick (-Q)                  : Quick mode, don't wait for user input
    --tests "<tests>"             : Run only tests defined by <tests>
    --tests-category "<category>" : Run only tests defined by <category>

  Layout options:
    --no-colors                   : Don't use colors in output
    --quiet (-q)                  : No output, except warnings
    --reverse-colors              : Optimize color display for light backgrounds

  Misc options:
    --check-update                : Check for updates
    --view-manpage (--man)        : View man page
    --version (-V)                : Display version number and quit

  See man page and documentation for all available options.

Exiting..

lynis 用法示例

扫描系统以安静模式(-Q)和输出为cronjob格式(-cronjob):

:~# lynis -Q --cronjob

[ Lynis 1.5.5 ]

################################################################################
 Lynis comes with ABSOLUTELY NO WARRANTY. This is free software, and you are
 welcome to redistribute it under the terms of the GNU General Public License.
 See the LICENSE file for details about using this software.

 Copyright 2007-2014 - Michael Boelen, http://cisofy.com
 Enterprise support and plugins available via CISOfy - http://cisofy.com
################################################################################

[+] Initializing program
-----------------------------------------------------
- Detecting OS...  [ DONE ]
- Clearing log file (/var/log/lynis.log)...  [ DONE ]
-----------------------------------------------------
  Program version:           1.5.5
  Operating system:          Linux
  Operating system name:     Debian
  Operating system version:  Kali Linux 1.0.9
  Kernel version:            3.14-kali1-686-pae
  Hardware platform:         i686
  Hostname:                  kali
  Auditor:                   [Unknown]
  Profile:                   /etc/lynis/default.prf
  Log file:                  /var/log/lynis.log
  Report file:               /var/log/lynis-report.dat
  Report version:            1.0
  Plugin directory:          /etc/lynis/plugins
  ---------------------------------------------------
- Checking profile file (/etc/lynis/default.prf)...