Lynis The Auditing tool for Unix/Linux v1.3.5 (With the support of many Linux flavors)

Special Note

Please join me to wish to Michael Boelen the fabulous author of Lynis a great success for his new venture CISOfy >> http://cisofy.com/ . In fact, Michael released an Entreprise Edition based on Lynis. I checked on features of this commercial version and it sounds totally awesome (Reporting, Integration with SIEM, new plugins…). Michael will fill the gap of the hardening niche as we miss software to accomplish such uneasy task. The great news is Lynis light version is still open source and will certainly get a lot of support.

Lynis is an auditing tool for Unix/Linux. It performs a security scan and determines the hardening state of the machine. Any detected security issues will be provided in the form of a suggestion or warning. Beside security related information it will also scan for general system information, installed packages and possible configuration errors.

This software aims in assisting automated auditing, hardening, software patch management, vulnerability and malware scanning of Unix/Linux based systems. It can be run without prior installation, so inclusion on read only storage is possible (USB stick, cd/dvd).

Lynis assists auditors in performing Basel II, GLBA, HIPAA, PCI DSS and SOx (Sarbanes-Oxley) compliance audits.

Intended audience:
Security specialists, penetration testers, system auditors, system/network managers.

Examples of audit tests:

Available authentication methods
Expired SSL certificates
Outdated software
User accounts without password
Incorrect file permissions
Configuration errors
Firewall auditing

Changelog

New:
– OS detection for Mageia Linux, PCLinuxOS, Sabayon Linux and Scientific Linux
– Added some initial systemd support (e.g. boot services)
– Test to display if any known MAC framework is implemented [MACF-6290]

Changes:
– Improved support for Slackware Linux (OS and version detection)
– Added systemd support (boot and running services) for Linux systems [BOOT-5177]
– Added systemd support (default runlevel) for Linux systems [KRNL-5622]
– Extended USB storage check in modprobe.d directory [STRG-1840]
– Improved output, reporting and check for kernel update [KRNL-5788]
– Optimized code and output of test to check writable scripts [BOOT-5184]
– Fixed detection for writable scripts [BOOT-5184]
– Improved detection IPv6 addresses for Slackware and others [NETW-3008]
– Minor addition to SSH PermitRootLogin check [SSH-7412]
– Extended cronjob tests, reporting and logging [SCHD-7704]
– Extended umask check in /etc/profile [AUTH-9328]
– Added suggestion about BIND version [NAME-4210]
– Merged test NTP daemon test TIME-3108 into TIME-3104
– Improved support for Arch Linux (output, detection)
– Extended common list of directories with SSL certifcates in profile
– New function GetHostID() to determine an unique identifier of the machine
– Added a tests_custom file template
– Perform file permissions test on tests_custom file
– Improved OS detection and extended logging on several tests
– Several layout improvements
– Extended update check functions and output
– Cleaned up reporting and extended it with exceptions