mal of 2 responsive nameservers[20C [ SKIPPED ]
[2C- Getting listening ports (TCP/UDP)[24C [ DONE ]
[6C* Found 11 ports[39C
[2C- Checking status DHCP client[30C [ RUNNING ]
[2C- Checking for ARP monitoring software[21C [ NOT FOUND ]
[+] Custom Tests
------------------------------------
[2C- Running custom tests... [33C [ NONE ]
[+] Plugins (phase 2)
------------------------------------
================================================================================
-[ Lynis 2.6.4 Results ]-
Great, no warnings
Suggestions (1):
----------------------------
* Consider running ARP monitoring software (arpwatch,arpon) [NETW-3032]
https://cisofy.com/controls/NETW-3032/
Follow-up:
----------------------------
- Show details of a test (lynis show details TEST-ID)
- Check the logfile for all details (less /var/log/lynis.log)
- Read security controls texts (https://cisofy.com)
- Use --upload to upload data to central system (Lynis Enterprise users)
================================================================================
Lynis security scan details:
Hardening index : 33 [###### ]
Tests performed : 13
Plugins enabled : 0
Components:
- Firewall [X]
- Malware scanner [X]
Lynis Modules:
- Compliance Status [?]
- Security Audit [V]
- Vulnerability Scan [V]
Files:
- Test and debug information : /var/log/lynis.log
- Report data : /var/log/lynis-report.dat
================================================================================
Lynis 2.6.4
Auditing, system hardening, and compliance for UNIX-based systems
(Linux, macOS, BSD, and others)
2007-2018, CISOfy - https://cisofy.com/lynis/
Enterprise support available (compliance, plugins, interface and tools)
================================================================================
[TIP]: Enhance Lynis audits by adding your settings to custom.prf (see /etc/lynis/default.prf for all settings)
查看详细说明
在查看审计结果时,你可以通过 show details 参数来获取关于某条警告/建议的详细说明。其对应的命令形式为:
lynis show details ${test_id}
比如,上面图中有一个建议
* Consider running ARP monitoring software (arpwatch,arpon) [NETW-3032]
我们可以运行命令:
sudo lynis show details NETW-3032
2018-06-08 18:18:01 Performing test ID NETW-3032 (Checking for ARP monitoring software)
2018-06-08 18:18:01 IsRunning: process 'arpwatch' not found
2018-06-08 18:18:01 IsRunning: process 'arpon' not found
2018-06-08 18:18:01 Suggestion: Consider running ARP monitoring software (arpwatch,arpon) [test:NETW-3032] [details:-] [solution:-]
2018-06-08 18:18:01 Checking permissions of /usr/share/lynis/include/tests_printers_spools
2018-06-08 18:18:01 File permissions are OK
2018-06-08 18:18:01 ===---------------------------------------------------------------===
查看日志文件
lynis在审计完成后会将详细的信息记录在 /var/log/lynis.log 中.
sudo tail /var/log/lynis.log
2018-06-08 17:59:46 ================================================================================
2018-06-08 17:59:46 Lynis 2.6.4
2018-06-08 17:59:46 2007-2018, CISOfy - https://cisofy.com/lynis/
2018-06-08 17:59:46 Enterprise support available (compliance, plugins, interface and tools)
2018-06-08 17:59:46 Program ended successfully
2018-06-08 17:59:46 ===========================================================