Vicky’s server guides

Michael Boelen, the author of RKHUNTER rootkit checker has made another nice auditing tool – Lynis. It works on many Linux/Debian/MacOS/BSD systems and provides you the admin important information about system configuration and security issues.

Update: On 15th December 2009 there was version 1.2.9 released. I updated this how-toa bit late, but better than never .

The installation is very simple.

cd /root/
wget http://www.rootkit.nl/files/lynis-1.2.9.tar.gz
tar xvfz lynis-1.2.9.tar.gz
rm -f lynis-1.2.9.tar.gz
cd lynis-1.2.9

now run “./lynis” to see all available options.

I prefer running it “./lynis -c -Q” so it does complete scan and does not wait after every page for my keypress. There is summary at the end of the scan which gives you info about warnings. I advise you to check all the things it reports. It is very nice tool and I will definitely monitor its future development.

Here is the changelog for version 1.2.9:

New:
 - Support for Squid3
 - Added Squid unsafe ports check [SQD-3624]
 - Added Squid configuration file permission check [SQD-3613]
 - Added Squid test: reply_body_max_size option [SQD-3630]
 - Added /etc/init.d/rc and /etc/init.d/rcS to umask test [AUTH-9328]
 - Check PHP option allow_url_include [PHP-2378]

 Changes:
 - Extended possible Squid configuration file locations
 - Added additional sysctl keys to default profile
 - Fixed typo in squid.conf checks
 - Improved descriptions, logging and reporting for several tests
 - Corrected /etc/security/limits.conf path in test [KRNL-5820]
 - Updated man page, limited lines to 80 chars