lynis—nix安全审计工具

三、查看日志中的敏感信息

grep Warning /var/log/lynis.log
grep Suggestingon /var/log/lynis.log

结果如下（以一台debian操作系统为例）

dani@10:~/lynis-1.3.0$ sudo grep Warning /var/log/lynis.log
[sudo] password for dani: 
[14:40:54] Warning: No password set on GRUB bootloader [test:BOOT-5121] [impact:M]
[14:42:33] Warning: Found 8 files in /tmp which are older than 90 days [test:FILE-6354] [impact:L]
[14:42:41] Warning: Couldn't find 2 responsive nameservers [test:NETW-2705] [impact:L]
[14:42:41] Warning: Found promiscuous interface (peth0) [test:NETW-3015] [impact:H]
[14:52:27] Warning: iptables module(s) loaded, but no rules active [test:FIRE-4512] [impact:L]
[14:52:49] Warning: Found SSL certificate expiration (/etc/ssl/certs/ca-certificates.crt) [test:CRYP-7902] [impact:M]
dani@10:~/lynis-1.3.0$ sudo grep Suggestion /var/log/lynis.log
[14:40:54] Suggestion: Run grub-md5-crypt and create a hashed password. Add a line below the line timeout=<value>, add: password --md5 <password hash> [test:BOOT-5121]
[14:42:29] Suggestion: When possible set expire dates for all password protected accounts [test:AUTH-9282]
[14:42:29] Suggestion: Default umask in /etc/profile could be more strict like 027 [test:AUTH-9328]
[14:42:29] Suggestion: Default umask in /etc/login.defs could not be found and defaults usually to 022, which could be more strict like 027 [test:AUTH-9328]
[14:42:29] Suggestion: Default umask in /etc/init.d/rc could be more strict like 027 [test:AUTH-9328]
[14:42:33] Suggestion: To decrease the impact of a full /tmp file system, place /tmp on a separated partition [test:FILE-6310]
[14:42:33] Suggestion: Clean up unused files in /tmp [test:FILE-6354]
[14:42:34] Suggestion: The database required for 'locate' could not be found. Run 'updatedb' or 'locate.updatedb' to create this file. [test:FILE-6410]
[14:42:34] Suggestion: Disable drivers like USB storage when not used, to prevent unauthorized storage or data theft [test:STRG-1840]
[14:42:34] Suggestion: Disable drivers like firewire storage when not used, to prevent unauthorized storage or data theft [test:STRG-1846]
[14:42:40] Suggestion: Purge removed packages (2 found) with aptitude purge command, to cleanup old configuration files, cron jobs and startup scripts. [test:PKGS-7346]
[14:42:41] Suggestion: Check your resolv.conf file and fill in a backup nameserver if possible [test:NETW-2705]
[14:52:27] Suggestion: Disable iptables kernel module if not used or make sure rules are being used [test:FIRE-4512]
[14:52:27] Suggestion: Configure a firewall/packet filter to filter incoming and outgoing traffic [test:FIRE-4590]
[14:52:42] Suggestion: Add legal banner to /etc/issue, to warn unauthorized users [test:BANN-7126]
[14:52:42] Suggestion: Add legal banner to /etc/issue.net, to warn unauthorized users [test:BANN-7130]
[14:52:48] Suggestion: Enable auditd to collect audit information [test:ACCT-9628]
[14:52:51] Suggestion: Renew SSL expired certificates. [test:CRYP-7902]
[14:52:53] Suggestion: Install a file integrity tool [test:FINT-4350]
[14:53:03] Suggestion: One or more sysctl values differ from the scan profile and could be tweaked [test:KRNL-6000]
[14:53:03] Suggestion: Harden the system by removing unneeded compilers. This can decrease the chance of customized trojans, backdoors and rootkits to be compiled and installed [test:HRDN-7220]
[14:53:03] Suggestion: Harden compilers and restrict access to world [test:HRDN-7222]
[14:53:03] Suggestion: Harden the system by installing one or malware scanners to perform periodic 

结果如下（以一台debian操作系统为例）

四、小结
该款工具比较全面的涵盖了系统安全的审计内容，但每个审计项都不深入，需要具体的扩展，例如PHP、Apache，MySQL的安全配置，就需要细化。