0x00前言
lynis是一款開源的unix-based平台的審計工具。可以幫助審計員掃描unix系統以及可用的軟件。程序主要探測,系統上安裝的程序包,配置上的錯誤,以及安全問題和系統信息。
0x01 下載與安裝
1 通過直接下載進行安裝
步驟一:建立下載的目錄
root@kali:~# mkdir -p /usr/local/lynis && cd /usr/local
步驟二:下載lynis
方式一:root@kali:~# wgethttps://cisofy.com/files/lynis-2.2.0.tar.gz
方式二:root@kali:~# curlhttps://cisofy.com/files/lynis-2.2.0.tar.gz -o lynis.tar.gz
方式三:直接使用浏覽器打開頁面:https://cisofy.com/download/lynis/
, 然後選擇下載
步驟三:解壓
方式一:root@kali:~# tar xfvz lynis.tar.gz
方式二:直接使用系統的解壓軟件直接進行解壓(或者在win7解壓,再拖入虛擬機)
2 通過 Git 進行安裝
克隆項目
root@kali:~# cd /usr/local
root@kali:~# git clonehttps://github.com/CISOfy/lynis
root@kali:~# cd lynis
3. 通過包進行安裝
Red Hat $ yum install lynis
Debian $ apt-get install lynis
openSUSE $ zypper install lynis
4. 通過 Homebrew進行安裝
對於Mac OS 用戶來說, Homebrew 是可供選擇的手工安裝方式以及使用GIt
$ brew install lynis
0x02 運行
1 查看幫助
如果我們是通過包形式進行安裝的話,我們可以在任何目錄調用lynis,例如root@kali:~# lynis -h,否則我們需要通過以下方式進行使用:
root@kali:~/lynis# ./lynis -h #進入解壓後的lynis目錄,然後查看幫助信息;root@kali:~/lynis# ./lynis --man 該命令查看詳細使用幫助
2 審計系統
root@kali:~/lynis# ./lynis audit system #該方式需要人工進行手動確認,確認後才能進行下一步檢查
root@kali:~/lynis# ./lynis audit system -Q #該方式可以避免人工確認
root@kali:~/lynis# ./lynis -c -Q#全部檢查(最常用)
root@kali:~/lynis# ./lynis -c -Q --pentestroot@kali:~# lynis -c -Q -q --auditor "yy mm" #只顯示告警輸出root@kali:~/lynis#./lynis -c -Q --auditor "yy mm" --cronjob > /var/log/lynis/report.txt3停止和暫停
CTRL + C 去停止該程序的運行;
4 小技巧
4.1 如果lynis 不是通過帶有man 頁面的包進行安裝的話,可以輸入root@kali:~# man lynis
4.2 對於那些SHELL終端背景是淺色的某些系統,可以使用root@kali:~# lynis --nocolors 後者root@kali:~# lynis --reverse-colors
4.3 可以使用-h 選項去顯示所有可用參數,即是root@kali:~# lynis -h
0x03 報告和日志
1 屏幕輸出:
OK or Warning
Found or Not found
A value
2. 日志文件
默認的日志文件位置:/var/log/lynis.log
該日志文件包含以下方面的內容:
每次行為/時間的時間
測試失敗或者被忽略的原因
測試的輸出
關於配置選項或者怎樣去修補/改善問題的建議
威脅/影響分數
root@kali:~# leafpad /var/log/lynis.log3 報告文件
默認的報告文件位置:/var/log/lynis-report.dat.
root@kali:~# leafpad /var/log/lynis-report.dat4 命令參數
lynis [scan mode] [other options]
FIRST TIME USAGE
When running Lynis for the first time, run: lynis audit system --quick
OPTIONS
--auditor <full name> Define the name of the auditor/pen-tester. When a full name is used, add double quotes, like "Your Name".
--checkall (or -c) Lynis performs a full check of the system,
--config Show which settings file or profile is being used, then quit.
--cronjob Perform automatic scan with cron safe options (no colors, no questions, no breaks).
--debug Display debug information to screen for troubleshooting purposes.
--dump-options Show all available parameters.
--logfile </path/to/logfile> Defines location and name of log file, instead of default /var/log/lynis.log.
--no-colors Do not use colors for messages, warnings and sections.
--no-log Redirect all logging information to /dev/null, prevent sensitive information to be written to disk.
--pentest Run a non-privileged scan, usually for penetration testing. Some of the tests will be skipped if they require root permissions.
--plugin-dir </path/to/plugins> Define location where plugins can be found.
--profile </path/to/profile> Provide alternative profile to perform the scan.
--quick (-Q) Do a quick scan (don't wait for user input).
--quiet (-q) Try to run as silent as possible, showing only warnings. This option activates --quick as well.
--report-file </path/to/report> Provide an alternative name for report file.
--reverse-colors Optimize screen output for light backgrounds.
--tests TEST-IDs Only run the specific test(s). When using multiple tests,add quotes around the line.
--tests-category <category> Only perform tests from particular tests. Use --view-categories to determine valid options.
--upload Upload data to Lynis Enterprise server.
--view-categories Display all available test categories.
Multiple parameters are allowed, though some parameters can only be
used together with others. When running Lynis without any parameters,
help will be shown and the program will exit.
EXIT CODES
Lynis uses exit codes to signal any invoking script. Currently the fol-
lowing codes are used:
0 Program exited normally, nothing found
1 Fatal error
64 An unknown parameter is used, or incomplete
65 Incorrect data encountered
66 Can't open file or directory
78 Lynis found 1 or more warnings or configurations errors
0x04 查看日志
grep Warning /var/log/lynis.log
grep Suggestingon /var/log/lynis.log
0x05 擴展閱讀
1. lynis官方幫助文檔
https://cisofy.com/documentation/lynis/get-started/
2. lynis官方介紹資料
https://cisofy.com
3github地址
https://github.com/CISOfy/lynis
歡迎大家分享更好的思路,熱切期待^^_^^ !!!
