lynis安装与使用-史上最全
1、Lynis的介绍#官网地址:https://cisofy.com/downloads/
1.1、介绍
审计,系统强化,合规性测试
Lynis是一款经过实战考验的安全工具,适用于运行Linux,macOS或基于Unix的操作系统的系统。它对您的系统执行广泛的运行状况扫描,以支持系统强化和一致性测试。该项目是具有GPL许可证的开源软件,自2007年起可用。
由于Lynis具有灵活性,因此可用于多种不同用途。Lynis的典型用例包括:
安全审计
一致性测试(例如PCI,HIPAA,SOx)
***测试
漏洞检测
系统强化
1.2、审核步骤
审核步骤
这是Lynis典型扫描期间发生的情况:
初始化和基本检查
确定操作系统和工具
搜索可用的系统实用程序
检查Lynis更新
运行已启用的插件
每个类别运行安全测试
执行自定义测试
报告安全扫描的状态
除了屏幕上显示的报告和信息外,有关扫描的所有技术细节都存储在日志文件(lynis.log)中。警告和建议等结果存储在单独的报告文件(lynis-report.dat)中。2、官网下载软件包目前最新的是3.0.6
lynis-3.0.6.tar.gz
3、安装#解压即是安装,不需要运行安装命令
#在/usr/local/目录下新建目录lynis,如下:
# pwd
/usr/local/lynis
#上传软件包,进行解压
# ls
CHANGELOG.md CONTRIBUTING.mddb developer.prfFAQ includeLICENSElynis.8README TODO.md
CODE_OF_CONDUCT.mdCONTRIBUTORS.mddefault.prfextras HAPPY_USERS.mdINSTALLlynis pluginsSECURITY.md
# pwd
/usr/local/lynis/lynis
4、运行检测直接执行脚本,没加任何参数,默认会提示你,该输入哪些参数进行
#运行检测命令如下:
# ./lynis audit system
5、日志查看具体项目#警告项目
# grep -i warning /var/log/lynis.log
2021-07-26 15:25:14 Warning: Reboot of system is most likely needed
2021-07-26 15:25:30 Warning: iptables module(s) loaded, but no rules active
2021-07-26 15:25:36 Skipped test CONT-8104 (Checking Docker info for any warnings)
#建议项目
# grep -i suggest /var/log/lynis.log
6、具体项目官网介绍https://cisofy.com/lynis/controls/
7、查看扫描类别# ./lynis show groups
accounting
authentication
banners
boot_services
containers
crypto
databases
dns
file_integrity
file_permissions
filesystems
firewalls
hardening
homedirs
insecure_services
kernel
kernel_hardening
ldap
logging
mac_frameworks
mail_messaging
malware
memory_processes
nameservices
networking
php
ports_packages
printers_spoolers
scheduling
shells
snmp
squid
ssh
storage
storage_nfs
system_integrity
time
tooling
usb
virtualization
webservers
7.1、指定扫描类别
#指定扫描php和ssh----也可以单独指定一项
# ./lynis --tests-from-group "php ssh"
#查看指定参数类别的详细信息
# ./lynis show details SSH-7408
8、查看更新# ./lynis update info
== Lynis ==
Version : 3.0.6
Status : Unknown
Release date : 2021-07-22
Project page : https://cisofy.com/lynis/
Source code : https://github.com/CISOfy/lynis
Latest package : https://packages.cisofy.com/
2007-2021, CISOfy - https://cisofy.com/lynis/
9、配置文件配置文件
默认lynis自带一个名为 default.prf 的默认配置文件
# pwd
/usr/local/lynis/lynis
# ll /usr/local/lynis/lynis/default.prf
-rw-r--r-- 1 root root 21405 Jul 22 08:00 /usr/local/lynis/lynis/default.prf
无需直接修改这个默认的配置文件,只需要新增一个custom.prf 文件将自定义的信息加入其中就可以了。
10、自动执行任务自动执行任务
vim /etc/crontab
# 添加
00 10 * * * root lynis audit system -Q
# 重启服务
systemctl restart crond
11、参数信息lynis show environment #硬件、虚拟机或容器类型)
lynis show groups #测试组
lynis show help #有关参数的详细信息
lynis show hostids #(此系统的唯一ID)
lynis show includedir #包含测试和函数目录)
lynis show language #(配置或检测到的语言)
lynis show license #(许可证详细信息)
lynis show logfile #日志文件的位置
lynis show man #显示帮助
lynis show options #可用标志和选项)
lynis show os #操作系统和版本)
lynis show pidfile #活动文件到存储进程ID)
lynis show plugindir #带有插件的目录)
lynis show profiles #发现的配置文件)
lynis show release #(版本)
lynis show releasedate #发布日期)
lynis show report #报告数据的位置
lynis show settings #(显示配置的设置,选项:--brief--nocolors)
lynis show tests #显示有关一个或多个测试的信息
lynis show tests skipped #根据配置文件跳过哪些测试
lynis show version #Lynis版本
lynis show workdir #工作目录
12、项目IDACCT-2754FreeBSDCheck for available FreeBSD accounting information (security)
ACCT-2760OpenBSDCheck for available OpenBSD accounting information (security)
ACCT-9622LinuxCheck for available Linux accounting information (security)
ACCT-9626LinuxCheck for sysstat accounting data (security)
ACCT-9628LinuxCheck for auditd (security)
ACCT-9630LinuxCheck for auditd rules (security)
ACCT-9632LinuxCheck for auditd configuration file (security)
ACCT-9634LinuxCheck for auditd log file (security)
ACCT-9636LinuxCheck for Snoopy wrapper and logger (security)
ACCT-9650SolarisCheck Solaris audit daemon (security)
ACCT-9652SolarisCheck auditd SMF status (security)
ACCT-9654SolarisCheck BSM auditing in /etc/system (security)
ACCT-9656SolarisCheck BSM auditing in module list (security)
ACCT-9660SolarisCheck location of audit events (security)
ACCT-9662SolarisCheck Solaris auditing stats (security)
AUTH-9204Check users with an UID of zero (security)
AUTH-9208Check non-unique accounts in passwd file (security)
AUTH-9212Test group file (security)
AUTH-9216Check group and shadow group files (security)
AUTH-9218FreeBSDCheck harmful login shells (security)
AUTH-9222Check for non unique groups (security)
AUTH-9226Check non unique group names (security)
AUTH-9228Check password file consistency with pwck (security)
AUTH-9234Query user accounts (security)
AUTH-9240Query NIS+ authentication support (security)
AUTH-9242Query NIS authentication support (security)
AUTH-9250Checking sudoers file (security)
AUTH-9252Check sudoers file (security)
AUTH-9254SolarisSolaris passwordless accounts (security)
AUTH-9262Checking presence password strength testing tools (PAM) (security)
AUTH-9264Checking presence pam.conf (security)
AUTH-9266Checking presence pam.d files (security)
AUTH-9268Checking presence pam.d files (security)
AUTH-9278Checking LDAP pam status (security)
AUTH-9282Checking password protected account without expire date (security)
AUTH-9283Checking accounts without password (security)
AUTH-9286Checking user password aging (security)
AUTH-9288Checking for expired passwords (security)
AUTH-9304SolarisCheck single user login configuration (security)
AUTH-9306HP-UXCheck single boot authentication (security)
AUTH-9308LinuxCheck single user login configuration (security)
AUTH-9328Default umask values (security)
AUTH-9340SolarisSolaris account locking (security)
AUTH-9402Query LDAP authentication support (security)
AUTH-9406Query LDAP servers in client configuration (security)
AUTH-9408Logging of failed login attempts via /etc/login.defs (security)
AUTH-9409OpenBSDCheck for doas file (security)
AUTH-9410OpenBSDCheck for doas file permissions (security)
AUTH-9489DragonFlyCheck login shells for passwordless accounts (security)
BANN-7113FreeBSDCheck COPYRIGHT banner file (security)
BANN-7124Check issue banner file (security)
BANN-7126Check issue banner file contents (security)
BANN-7128Check issue.net banner file (security)
BANN-7130Check issue.net banner file contents (security)
BOOT-5102AIXCheck for AIX boot device (security)
BOOT-5104Determine service manager (security)
BOOT-5106MacOSCheck EFI boot file on macOS (security)
BOOT-5108LinuxTest Syslinux boot loader (security)
BOOT-5116Check if system is booted in UEFI mode (security)
BOOT-5117LinuxCheck for systemd-boot boot loader (security)
BOOT-5121Check for GRUB boot loader presence (security)
BOOT-5122Check for GRUB boot password (security)
BOOT-5124FreeBSDCheck for FreeBSD boot loader presence (security)
BOOT-5126NetBSDCheck for NetBSD boot loader presence (security)
BOOT-5139Check for LILO boot loader presence (security)
BOOT-5142Check SPARC Improved boot loader (SILO) (security)
BOOT-5155Check for YABOOT boot loader configuration file (security)
BOOT-5159OpenBSDCheck for OpenBSD boot loader presence (security)
BOOT-5165FreeBSDCheck for FreeBSD boot services (security)
BOOT-5177LinuxCheck for Linux boot and running services (security)
BOOT-5180LinuxCheck for Linux boot services (Debian style) (security)
BOOT-5184LinuxCheck permissions for boot files/scripts (security)
BOOT-5202Check uptime of system (security)
BOOT-5260Check single user mode for systemd (security)
BOOT-5261DragonFlyCheck for DragonFly boot loader presence (security)
BOOT-5262OpenBSDCheck for OpenBSD boot daemons (security)
BOOT-5263OpenBSDCheck permissions for boot files/scripts (security)
CONT-8004SolarisQuery running Solaris zones (security)
CONT-8102Checking Docker status and information (security)
CONT-8104Checking Docker info for any warnings (security)
CONT-8106Gather basic stats from Docker (security)
CONT-8107Check number of unused Docker containers (performance)
CONT-8108Check file permissions for Docker files (security)
CORE-1000Check all system binaries (performance)
CRYP-7902Check expire date of SSL certificates (security)
DNS-1600Validating that the DNSSEC signatures are checked (security)
DBS-1804Checking active MySQL process (security)
DBS-1816Checking MySQL root password (security)
DBS-1818MongoDB status (security)
DBS-1820Check MongoDB authentication (security)
DBS-1826Checking active PostgreSQL processes (security)
DBS-1840Checking active Oracle processes (security)
DBS-1860Checking active DB2 instances (security)
DBS-1880Checking active Redis processes (security)
DBS-1882Redis configuration file (security)
DBS-1884Redis configuration (requirepass) (security)
DBS-1886Redis configuration (CONFIG command renamed) (security)
DBS-1888Redis configuration (bind on localhost) (security)
FILE-6310Checking /tmp, /home and /var directory (security)
FILE-6311Checking LVM volume groups (security)
FILE-6312Checking LVM volumes (security)
FILE-6323LinuxChecking EXT file systems (security)
FILE-6329Checking FFS/UFS file systems (security)
FILE-6330FreeBSDChecking ZFS file systems (security)
FILE-6332Checking swap partitions (security)
FILE-6336Checking swap mount options (security)
FILE-6344LinuxChecking proc mount options (security)
FILE-6354Searching for old files in /tmp (security)
FILE-6362Checking /tmp sticky bit (security)
FILE-6363Checking /var/tmp sticky bit (security)
FILE-6368LinuxChecking ACL support on root file system (security)
FILE-6372LinuxChecking / mount options (security)
FILE-6374LinuxChecking /boot mount options (security)
FILE-6376LinuxDetermine if /var/tmp is bound to /tmp (security)
FILE-6410Checking Locate database (security)
FILE-6430Disable mounting of some filesystems (security)
FILE-6439DragonFlyChecking HAMMER PFS mounts (security)
FILE-7524Perform file permissions check (security)
FINT-4310AFICK availability (security)
FINT-4314AIDE availability (security)
FINT-4315Check AIDE configuration file (security)
FINT-4318Osiris availability (security)
FINT-4322Samhain availability (security)
FINT-4326Tripwire availability (security)
FINT-4328OSSEC syscheck daemon running (security)
FINT-4330mtree availability (security)
FINT-4334Check lfd daemon status (security)
FINT-4336Check lfd configuration status (security)
FINT-4338osqueryd syscheck daemon running (security)
FINT-4350File integrity software installed (security)
FINT-4402Checksums (SHA256 or SHA512) (security)
FIRE-4502LinuxCheck iptables kernel module (security)
FIRE-4508Check used policies of iptables chains (security)
FIRE-4512Check iptables for empty ruleset (security)
FIRE-4513Check iptables for unused rules (security)
FIRE-4518Check pf firewall components (security)
FIRE-4520Check pf configuration consistency (security)
FIRE-4524Check for CSF presence (security)
FIRE-4526SolarisCheck ipf status (security)
FIRE-4530FreeBSDCheck IPFW status (security)
FIRE-4532MacOSCheck macOS application firewall (security)
FIRE-4534MacOSCheck for outbound firewalls (security)
FIRE-4536LinuxCheck nftables status (security)
FIRE-4538LinuxCheck nftables basic configuration (security)
FIRE-4540LinuxTest for empty nftables configuration (security)
FIRE-4586Check firewall logging (security)
FIRE-4590Check firewall status (security)
FIRE-4594Check for APF presence (security)
HOME-9302Create list with home directories (security)
HOME-9310Checking for suspicious shell history files (security)
HOME-9350Collecting information from home directories (security)
HRDN-7220Check if one or more compilers are installed (security)
HRDN-7222Check compiler permissions (security)
HRDN-7230Check for malware scanner (security)
HTTP-6622Checking Apache presence (security)
HTTP-6624Testing main Apache configuration file (security)
HTTP-6626Testing other Apache configuration file (security)
HTTP-6632Determining all available Apache modules (security)
HTTP-6640Determining existence of specific Apache modules (security)
HTTP-6641Determining existence of specific Apache modules (security)
HTTP-6643Determining existence of specific Apache modules (security)
HTTP-6702Check nginx process (security)
HTTP-6704Check nginx configuration file (security)
HTTP-6706Check for additional nginx configuration files (security)
HTTP-6708Check discovered nginx configuration settings (security)
HTTP-6710Check nginx SSL configuration settings (security)
HTTP-6712Check nginx access logging (security)
HTTP-6714Check for missing error logs in nginx (security)
HTTP-6716Check for debug mode on error log in nginx (security)
HTTP-6720Check Nginx log files (security)
INSE-8000Installed inetd package (security)
INSE-8002Status of inet daemon (security)
INSE-8004Presence of inetd configuration file (security)
INSE-8006Check configuration of inetd when it is disabled (security)
INSE-8016Check for telnet via inetd (security)
INSE-8050MacOSCheck for insecure services on macOS systems (security)
INSE-8100Installed xinetd package (security)
INSE-8116Insecure services enabled via xinetd (security)
INSE-8200Usage of TCP wrappers (security)
INSE-8300Presence of rsh client (security)
INSE-8302Presence of rsh server (security)
KRNL-5622LinuxDetermine Linux default run level (security)
KRNL-5677LinuxCheck CPU options and support (security)
KRNL-5695LinuxDetermine Linux kernel version and release number (security)
KRNL-5723LinuxDetermining if Linux kernel is monolithic (security)
KRNL-5726LinuxChecking Linux loaded kernel modules (security)
KRNL-5728LinuxChecking Linux kernel config (security)
KRNL-5730LinuxChecking disk I/O kernel scheduler (security)
KRNL-5745FreeBSDChecking FreeBSD loaded kernel modules (security)
KRNL-5770SolarisChecking active kernel modules (security)
KRNL-5788LinuxChecking availability new Linux kernel (security)
KRNL-5820LinuxChecking core dumps configuration (security)
KRNL-5830LinuxChecking if system is running on the latest installed kernel (security)
KRNL-5831DragonFlyChecking DragonFly loaded kernel modules (security)
KRNL-6000Check sysctl key pairs in scan profile (security)
LDAP-2219Check running OpenLDAP instance (security)
LDAP-2224Check presence slapd.conf (security)
LOGG-2130Check for running syslog daemon (security)
LOGG-2132Check for running syslog-ng daemon (security)
LOGG-2134Checking Syslog-NG configuration file consistency (security)
LOGG-2136Check for running systemd journal daemon (security)
LOGG-2138LinuxChecking kernel logger daemon on Linux (security)
LOGG-2142LinuxChecking minilog daemon (security)
LOGG-2146Checking logrotate.conf and logrotate.d (security)
LOGG-2148Checking logrotated files (security)
LOGG-2150Checking directories in logrotate configuration (security)
LOGG-2152Checking loghost (security)
LOGG-2154Checking syslog configuration file (security)
LOGG-2160Checking /etc/newsyslog.conf (security)
LOGG-2162Checking directories in /etc/newsyslog.conf (security)
LOGG-2164Checking files specified /etc/newsyslog.conf (security)
LOGG-2170Checking log paths (security)
LOGG-2180Checking open log files (security)
LOGG-2190Checking for deleted files in use (security)
LOGG-2192Checking for opened log files that are empty (security)
LOGG-2210Check for running metalog daemon (security)
LOGG-2230Check for running RSyslog daemon (security)
LOGG-2240Check for running RFC 3195 compliant daemon (security)
MACF-6204Check AppArmor presence (security)
MACF-6208Check if AppArmor is enabled (security)
MACF-6232Check SELINUX presence (security)
MACF-6234Check SELINUX status (security)
MACF-6240Detection of TOMOYO binary (security)
MACF-6242Status of TOMOYO MAC framework (security)
MACF-6290Check for implemented MAC framework (security)
MAIL-8802Check Exim status (security)
MAIL-8804Exim configuration (security)
MAIL-8814Check postfix process status (security)
MAIL-8816Check Postfix configuration (security)
MAIL-8817Check Postfix configuration errors (security)
MAIL-8818Postfix banner (security)
MAIL-8820Postfix configuration (security)
MAIL-8838Check dovecot process (security)
MAIL-8860Check Qmail status (security)
MAIL-8880Check Sendmail status (security)
MAIL-8920Check OpenSMTPD status (security)
MALW-3275Check for chkrootkit (security)
MALW-3276Check for Rootkit Hunter (security)
MALW-3278Check for LMD (security)
MALW-3280Check if anti-virus tool is installed (security)
MALW-3282Check for clamscan (security)
MALW-3284Check for clamd (security)
MALW-3286Check for freshclam (security)
MALW-3288Check for ClamXav (security)
NAME-4016Check /etc/resolv.conf default domain (security)
NAME-4018Check /etc/resolv.conf search domains (security)
NAME-4020Check non default options (security)
NAME-4024SolarisSolaris uname -n output (security)
NAME-4026SolarisCheck /etc/nodename (security)
NAME-4028Check domain name (security)
NAME-4032Check nscd status (security)
NAME-4034Check Unbound status (security)
NAME-4036Check Unbound configuration file (security)
NAME-4202Check BIND status (security)
NAME-4204Search BIND configuration file (security)
NAME-4206Check BIND configuration consistency (security)
NAME-4210Check DNS banner (security)
NAME-4230Check PowerDNS status (security)
NAME-4232Search PowerDNS configuration file (security)
NAME-4236Check PowerDNS backends (security)
NAME-4238Check PowerDNS authoritive status (security)
NAME-4304Check NIS ypbind status (security)
NAME-4306Check NIS domain (security)
NAME-4402Check duplicate line in /etc/hosts (security)
NAME-4404Check /etc/hosts contains an entry for this server name (security)
NAME-4406Check server hostname mapping (security)
NAME-4408Check localhost to IP mapping (security)
NETW-2600LinuxChecking IPv6 configuration (security)
NETW-2704Basic nameserver configuration tests (security)
NETW-2705Check availability two nameservers (security)
NETW-3001Find default gateway (route) (security)
NETW-3004Search available network interfaces (security)
NETW-3006Get network MAC addresses (security)
NETW-3008Get network IP addresses (security)
NETW-3012Check listening ports (security)
NETW-3014Checking promiscuous interfaces (BSD) (security)
NETW-3015LinuxChecking promiscuous interfaces (Linux) (security)
NETW-3028Checking connections in WAIT state (security)
NETW-3030Checking DHCP client status (security)
NETW-3032LinuxChecking for ARP monitoring software (security)
PHP-2211Check php.ini presence (security)
PHP-2320Check PHP disabled functions (security)
PHP-2368Check PHP register_globals option (security)
PHP-2372Check PHP expose_php option (security)
PHP-2374Check PHP enable_dl option (security)
PHP-2376Check PHP allow_url_fopen option (security)
PHP-2378Check PHP allow_url_include option (security)
PHP-2379Check PHP suhosin extension status (security)
PKGS-7301Query NetBSD pkg (security)
PKGS-7302Query FreeBSD/NetBSD pkg_info (security)
PKGS-7303Query brew package manager (security)
PKGS-7304Querying Gentoo packages (security)
PKGS-7306SolarisQuerying Solaris packages (security)
PKGS-7308Checking package list with RPM (security)
PKGS-7310Checking package list with pacman (security)
PKGS-7312Checking available updates for pacman based system (security)
PKGS-7314Checking pacman configuration options (security)
PKGS-7320LinuxCheck presence of arch-audit for Arch Linux (security)
PKGS-7322LinuxDiscover vulnerable packages on Arch Linux (security)
PKGS-7328Querying Zypper for installed packages (security)
PKGS-7330Querying Zypper for vulnerable packages (security)
PKGS-7332Detection of macOS ports and packages (security)
PKGS-7334Detection of available updates for macOS ports (security)
PKGS-7345Querying dpkg (security)
PKGS-7346Search unpurged packages on system (security)
PKGS-7348FreeBSDCheck for old distfiles (security)
PKGS-7350Checking for installed packages with DNF utility (security)
PKGS-7352Checking for security updates with DNF utility (security)
PKGS-7354Checking package database integrity (security)
PKGS-7366Checking for debsecan utility (security)
PKGS-7370Checking for debsums utility (security)
PKGS-7378Query portmaster for port upgrades (security)
PKGS-7380NetBSDCheck for vulnerable NetBSD packages (security)
PKGS-7381Check for vulnerable FreeBSD packages with pkg (security)
PKGS-7382Check for vulnerable FreeBSD packages with portaudit (security)
PKGS-7383Check for YUM package Update management (security)
PKGS-7384Check for YUM utils package (security)
PKGS-7386Check for YUM security package (security)
PKGS-7387Check for GPG signing in YUM security package (security)
PKGS-7388Check security repository in Debian/ubuntu apt sources.list file (security)
PKGS-7390LinuxCheck Ubuntu database consistency (security)
PKGS-7392LinuxCheck for Debian/Ubuntu security updates (security)
PKGS-7393Check for Gentoo vulnerable packages (security)
PKGS-7394LinuxCheck for Ubuntu updates (security)
PKGS-7398Check for package audit tool (security)
PKGS-7410Count installed kernel packages (security)
PKGS-7420Detect toolkit to automatically download and apply upgrades (security)
PRNT-2302FreeBSDCheck for printcap consistency (security)
PRNT-2304Check cupsd status (security)
PRNT-2306Check CUPSd configuration file (security)
PRNT-2307Check CUPSd configuration file permissions (security)
PRNT-2308Check CUPSd network configuration (security)
PRNT-2314Check lpd status (security)
PRNT-2316AIXChecking /etc/qconfig file (security)
PRNT-2418AIXChecking qdaemon printer spooler status (security)
PRNT-2420AIXChecking old print jobs (security)
PROC-3602LinuxChecking /proc/meminfo for memory details (security)
PROC-3604SolarisQuery prtconf for memory details (security)
PROC-3612Check dead or zombie processes (security)
PROC-3614Check heavy IO waiting based processes (security)
RBAC-6272Check grsecurity presence (security)
SCHD-7702Check status of cron daemon (security)
SCHD-7704Check crontab/cronjobs (security)
SCHD-7718Check at users (security)
SCHD-7720Check at users (security)
SCHD-7724Check at jobs (security)
SHLL-6202FreeBSDCheck console TTYs (security)
SHLL-6211Checking available and valid shells (security)
SHLL-6220Checking available and valid shells (security)
SHLL-6230Perform umask check for shell configurations (security)
SINT-7010System Integrity Status (security)
SNMP-3302Check for running SNMP daemon (security)
SNMP-3304Check SNMP daemon file location (security)
SNMP-3306Check SNMP communities (security)
SQD-3602Check for running Squid daemon (security)
SQD-3604Check Squid daemon file location (security)
SQD-3606Check Squid version (security)
SQD-3610Check Squid version (security)
SQD-3613Check Squid file permissions (security)
SQD-3614Check Squid authentication methods (security)
SQD-3616Check external Squid authentication (security)
SQD-3620Check Squid access control lists (security)
SQD-3624Check Squid safe ports (security)
SQD-3630Check Squid reply_body_max_size option (security)
SQD-3680Check Squid version suppression (security)
SSH-7402Check for running SSH daemon (security)
SSH-7404Check SSH daemon file location (security)
SSH-7406Detection of OpenSSH server version (security)
SSH-7408Check SSH specific defined options (security)
SSH-7440AllowUsers and AllowGroups (security)
STRG-1840LinuxCheck if USB storage is disabled (security)
STRG-1842LinuxCheck USB authorizations (security)
STRG-1846LinuxCheck if firewire storage is disabled (security)
STRG-1902Check rpcinfo registered programs (security)
STRG-1904Check nfs rpc (security)
STRG-1906Check nfs rpc (security)
STRG-1920Checking NFS daemon (security)
STRG-1926Checking NFS exports (security)
STRG-1928Checking empty /etc/exports (security)
STRG-1930Check client access to nfs share (security)
TIME-3104Check for running NTP daemon or client (security)
TIME-3106Check systemd NTP time synchronization status (security)
TIME-3112Check active NTP associations ID's (security)
TIME-3116Check peers with stratum value of 16 (security)
TIME-3120Check unreliable NTP peers (security)
TIME-3124Check selected time source (security)
TIME-3128Check preffered time source (security)
TIME-3132Check NTP falsetickers (security)
TIME-3136LinuxCheck NTP protocol version (security)
TIME-3148LinuxCheck TZ variable (performance)
TIME-3160LinuxCheck empty NTP step-tickers (security)
TIME-3170Check configuration files (security)
TOOL-5002Checking for automation tools (security)
TOOL-5102Check for presence of Fail2ban (security)
TOOL-5104Enabled tests for Fail2ban (security)
TOOL-5120Presence of Snort IDS (security)
TOOL-5122Snort IDS configuration file (security)
TOOL-5160Check for active OSSEC analysis daemon (security)
TOOL-5190Check presence of available IDS/IPS tooling (security)
USB-3000LinuxCheck for presence of USBGuard (security)
文档来源:51CTO技术博客https://blog.51cto.com/u_15114030/3190343
页:
[1]