Download - Linux Security Scanning with Lynis
![Page 1: Linux Security Scanning with Lynis](https://reader034.vdocuments.mx/reader034/viewer/2022042610/589b17b51a28abc1148b5c31/html5/thumbnails/1.jpg)
Linux Security ScanningLearn your weaknesses with Lynis
Nijmegen, 2016-05-10Meetup: Linux Usergroup Nijmegen
Michael [email protected]
![Page 2: Linux Security Scanning with Lynis](https://reader034.vdocuments.mx/reader034/viewer/2022042610/589b17b51a28abc1148b5c31/html5/thumbnails/2.jpg)
Goals
1. Perform a security audit2. Learn what to protect3. Determine why
2
![Page 3: Linux Security Scanning with Lynis](https://reader034.vdocuments.mx/reader034/viewer/2022042610/589b17b51a28abc1148b5c31/html5/thumbnails/3.jpg)
Agenda
Today1. System Hardening2. Security Auditing3. Lynis
3
![Page 4: Linux Security Scanning with Lynis](https://reader034.vdocuments.mx/reader034/viewer/2022042610/589b17b51a28abc1148b5c31/html5/thumbnails/4.jpg)
Michael Boelen
● Open Source Security○ rkhunter (malware scan)
○ Lynis (security audit)
● 170+ blog posts at Linux-Audit.com
● Founder of CISOfy
4
![Page 5: Linux Security Scanning with Lynis](https://reader034.vdocuments.mx/reader034/viewer/2022042610/589b17b51a28abc1148b5c31/html5/thumbnails/5.jpg)
System Hardening
![Page 6: Linux Security Scanning with Lynis](https://reader034.vdocuments.mx/reader034/viewer/2022042610/589b17b51a28abc1148b5c31/html5/thumbnails/6.jpg)
6
![Page 7: Linux Security Scanning with Lynis](https://reader034.vdocuments.mx/reader034/viewer/2022042610/589b17b51a28abc1148b5c31/html5/thumbnails/7.jpg)
![Page 8: Linux Security Scanning with Lynis](https://reader034.vdocuments.mx/reader034/viewer/2022042610/589b17b51a28abc1148b5c31/html5/thumbnails/8.jpg)
8
![Page 9: Linux Security Scanning with Lynis](https://reader034.vdocuments.mx/reader034/viewer/2022042610/589b17b51a28abc1148b5c31/html5/thumbnails/9.jpg)
9
![Page 10: Linux Security Scanning with Lynis](https://reader034.vdocuments.mx/reader034/viewer/2022042610/589b17b51a28abc1148b5c31/html5/thumbnails/10.jpg)
10
![Page 11: Linux Security Scanning with Lynis](https://reader034.vdocuments.mx/reader034/viewer/2022042610/589b17b51a28abc1148b5c31/html5/thumbnails/11.jpg)
Hardening Basics
![Page 12: Linux Security Scanning with Lynis](https://reader034.vdocuments.mx/reader034/viewer/2022042610/589b17b51a28abc1148b5c31/html5/thumbnails/12.jpg)
Hardening 101
● New defenses
● Existing defenses
● Reduce weaknesses(= attack surface)
12
Photo Credits: http://commons.wikimedia.org/wiki/User:Wilson44691
![Page 13: Linux Security Scanning with Lynis](https://reader034.vdocuments.mx/reader034/viewer/2022042610/589b17b51a28abc1148b5c31/html5/thumbnails/13.jpg)
Hardening 101
● Security is an ongoing process
● It is never finished
● New attacks = more hardening○ POODLE
○ Hearthbleed
13
![Page 14: Linux Security Scanning with Lynis](https://reader034.vdocuments.mx/reader034/viewer/2022042610/589b17b51a28abc1148b5c31/html5/thumbnails/14.jpg)
Hardening 101
Operating System
● Packages
● Processes
● Configuration
14
![Page 15: Linux Security Scanning with Lynis](https://reader034.vdocuments.mx/reader034/viewer/2022042610/589b17b51a28abc1148b5c31/html5/thumbnails/15.jpg)
Linux Security
15
Areas Core Resources Services Environment
System Hardening Boot ProcessContainersFrameworksKernelService ManagerVirtualization
AccountingAuthenticationCgroupsCryptographyLoggingNamespacesNetworkSoftwareStorageTime
DatabaseMailMiddlewareMonitoringPrintingShellWeb
ForensicsIncident ResponseMalwareRisksSecurity MonitoringSystem Integrity
Security Auditing
Compliance
![Page 16: Linux Security Scanning with Lynis](https://reader034.vdocuments.mx/reader034/viewer/2022042610/589b17b51a28abc1148b5c31/html5/thumbnails/16.jpg)
Technical Auditing
![Page 17: Linux Security Scanning with Lynis](https://reader034.vdocuments.mx/reader034/viewer/2022042610/589b17b51a28abc1148b5c31/html5/thumbnails/17.jpg)
Auditing
Why audit?
● Checking defenses
● Assurance
● Quality Control
17
![Page 18: Linux Security Scanning with Lynis](https://reader034.vdocuments.mx/reader034/viewer/2022042610/589b17b51a28abc1148b5c31/html5/thumbnails/18.jpg)
Auditing
Who?
● Auditors● Security Professionals● System Engineers
18
![Page 19: Linux Security Scanning with Lynis](https://reader034.vdocuments.mx/reader034/viewer/2022042610/589b17b51a28abc1148b5c31/html5/thumbnails/19.jpg)
Auditing
How?1. Focus2. Audit3. Focus4. Harden5. Repeat!
19
![Page 20: Linux Security Scanning with Lynis](https://reader034.vdocuments.mx/reader034/viewer/2022042610/589b17b51a28abc1148b5c31/html5/thumbnails/20.jpg)
Resources
Guides
● Center for Internet Security (CIS)● NIST / NSA● OWASP● Vendors
20
![Page 21: Linux Security Scanning with Lynis](https://reader034.vdocuments.mx/reader034/viewer/2022042610/589b17b51a28abc1148b5c31/html5/thumbnails/21.jpg)
Guides
ProsFree to useDetailedYou are in control
21
ConsTime intensiveUsually no toolingLimited distributionsDelayed releasesNo follow-up
![Page 22: Linux Security Scanning with Lynis](https://reader034.vdocuments.mx/reader034/viewer/2022042610/589b17b51a28abc1148b5c31/html5/thumbnails/22.jpg)
Audit Tool: Lynis
![Page 23: Linux Security Scanning with Lynis](https://reader034.vdocuments.mx/reader034/viewer/2022042610/589b17b51a28abc1148b5c31/html5/thumbnails/23.jpg)
Lynis
23
![Page 24: Linux Security Scanning with Lynis](https://reader034.vdocuments.mx/reader034/viewer/2022042610/589b17b51a28abc1148b5c31/html5/thumbnails/24.jpg)
Lynis
2007
24
![Page 25: Linux Security Scanning with Lynis](https://reader034.vdocuments.mx/reader034/viewer/2022042610/589b17b51a28abc1148b5c31/html5/thumbnails/25.jpg)
Lynis
GPL v3
25
![Page 26: Linux Security Scanning with Lynis](https://reader034.vdocuments.mx/reader034/viewer/2022042610/589b17b51a28abc1148b5c31/html5/thumbnails/26.jpg)
Lynis
Shell script
26
![Page 27: Linux Security Scanning with Lynis](https://reader034.vdocuments.mx/reader034/viewer/2022042610/589b17b51a28abc1148b5c31/html5/thumbnails/27.jpg)
Lynis
Goal 1In-depth security scan
27
![Page 28: Linux Security Scanning with Lynis](https://reader034.vdocuments.mx/reader034/viewer/2022042610/589b17b51a28abc1148b5c31/html5/thumbnails/28.jpg)
Lynis
Goal 2Quick and easy to use
28
![Page 29: Linux Security Scanning with Lynis](https://reader034.vdocuments.mx/reader034/viewer/2022042610/589b17b51a28abc1148b5c31/html5/thumbnails/29.jpg)
Lynis
Goal 3Define the next (hardening) step
29
![Page 30: Linux Security Scanning with Lynis](https://reader034.vdocuments.mx/reader034/viewer/2022042610/589b17b51a28abc1148b5c31/html5/thumbnails/30.jpg)
Differences with other tools
![Page 31: Linux Security Scanning with Lynis](https://reader034.vdocuments.mx/reader034/viewer/2022042610/589b17b51a28abc1148b5c31/html5/thumbnails/31.jpg)
Lynis
Simple● No installation needed● Run with simple commands● No configuration needed
31
![Page 32: Linux Security Scanning with Lynis](https://reader034.vdocuments.mx/reader034/viewer/2022042610/589b17b51a28abc1148b5c31/html5/thumbnails/32.jpg)
Lynis
Flexibility● No dependencies*● Can be easily extended● Custom tests
* Besides common tools like awk, grep, ps
32
![Page 33: Linux Security Scanning with Lynis](https://reader034.vdocuments.mx/reader034/viewer/2022042610/589b17b51a28abc1148b5c31/html5/thumbnails/33.jpg)
Lynis
Portability● Run on all UNIX platforms● Detect and use “on the go”● Usable after OS version upgrade
33
![Page 34: Linux Security Scanning with Lynis](https://reader034.vdocuments.mx/reader034/viewer/2022042610/589b17b51a28abc1148b5c31/html5/thumbnails/34.jpg)
Running Lynis
![Page 35: Linux Security Scanning with Lynis](https://reader034.vdocuments.mx/reader034/viewer/2022042610/589b17b51a28abc1148b5c31/html5/thumbnails/35.jpg)
How it works
● Initialise → OS detection → Read profiles→ Detect binaries
● Run helpers / plugins / tests● Show audit results
35
![Page 36: Linux Security Scanning with Lynis](https://reader034.vdocuments.mx/reader034/viewer/2022042610/589b17b51a28abc1148b5c31/html5/thumbnails/36.jpg)
Running Lynis
1. lynis
2. lynis audit system
3. lynis audit system --quick
4. lynis audit system --quick --quiet
36
![Page 37: Linux Security Scanning with Lynis](https://reader034.vdocuments.mx/reader034/viewer/2022042610/589b17b51a28abc1148b5c31/html5/thumbnails/37.jpg)
Lynis Profiles
Optional configuration● Default profile (default.prf)● Custom profile (custom.prf)● Other profiles with --profile
37
![Page 38: Linux Security Scanning with Lynis](https://reader034.vdocuments.mx/reader034/viewer/2022042610/589b17b51a28abc1148b5c31/html5/thumbnails/38.jpg)
Lynis Profiles
Example: developer
38
![Page 39: Linux Security Scanning with Lynis](https://reader034.vdocuments.mx/reader034/viewer/2022042610/589b17b51a28abc1148b5c31/html5/thumbnails/39.jpg)
Plugins
An extension to LynisPlugins are mostly for gathering facts
Customization: include/tests_custom or custom plugin39
![Page 40: Linux Security Scanning with Lynis](https://reader034.vdocuments.mx/reader034/viewer/2022042610/589b17b51a28abc1148b5c31/html5/thumbnails/40.jpg)
Demo?
![Page 41: Linux Security Scanning with Lynis](https://reader034.vdocuments.mx/reader034/viewer/2022042610/589b17b51a28abc1148b5c31/html5/thumbnails/41.jpg)
Lessons Learned
![Page 42: Linux Security Scanning with Lynis](https://reader034.vdocuments.mx/reader034/viewer/2022042610/589b17b51a28abc1148b5c31/html5/thumbnails/42.jpg)
Lessons Learned
Simplicity
● Keep it simple● First impression● Next step
42
![Page 43: Linux Security Scanning with Lynis](https://reader034.vdocuments.mx/reader034/viewer/2022042610/589b17b51a28abc1148b5c31/html5/thumbnails/43.jpg)
Lessons Learned
Less is better
● Dependencies● Program arguments● Screen output
43
![Page 44: Linux Security Scanning with Lynis](https://reader034.vdocuments.mx/reader034/viewer/2022042610/589b17b51a28abc1148b5c31/html5/thumbnails/44.jpg)
Lessons Learned
Documentation
● Understand its power● Focus on new users● Separate properly
44
![Page 45: Linux Security Scanning with Lynis](https://reader034.vdocuments.mx/reader034/viewer/2022042610/589b17b51a28abc1148b5c31/html5/thumbnails/45.jpg)
Lessons Learned
GitHub
Stats: issues / pulls / stars / watchers
45
![Page 46: Linux Security Scanning with Lynis](https://reader034.vdocuments.mx/reader034/viewer/2022042610/589b17b51a28abc1148b5c31/html5/thumbnails/46.jpg)
Lessons Learned
Open Source = Business
It needs PR, blog posts, attention(like a business)
46
![Page 47: Linux Security Scanning with Lynis](https://reader034.vdocuments.mx/reader034/viewer/2022042610/589b17b51a28abc1148b5c31/html5/thumbnails/47.jpg)
Future
![Page 48: Linux Security Scanning with Lynis](https://reader034.vdocuments.mx/reader034/viewer/2022042610/589b17b51a28abc1148b5c31/html5/thumbnails/48.jpg)
Future
● Packages● More tests● Quality control● Linting● Unit tests● Software Development Kit
48
![Page 49: Linux Security Scanning with Lynis](https://reader034.vdocuments.mx/reader034/viewer/2022042610/589b17b51a28abc1148b5c31/html5/thumbnails/49.jpg)
Future
Want to help?● Submit patches● Provide feedback● Deploy Lynis
49
![Page 50: Linux Security Scanning with Lynis](https://reader034.vdocuments.mx/reader034/viewer/2022042610/589b17b51a28abc1148b5c31/html5/thumbnails/50.jpg)
You finished this presentation
Success!
![Page 51: Linux Security Scanning with Lynis](https://reader034.vdocuments.mx/reader034/viewer/2022042610/589b17b51a28abc1148b5c31/html5/thumbnails/51.jpg)
Learn more?
Follow● Blog Linux Audit (linux-audit.com)● Twitter @mboelen
This presentation can be found on michaelboelen.com
51
![Page 52: Linux Security Scanning with Lynis](https://reader034.vdocuments.mx/reader034/viewer/2022042610/589b17b51a28abc1148b5c31/html5/thumbnails/52.jpg)