Scan LINUX for vulnerabilities.

Build it and learn to secure your system/server.


Scan LINUX for vulnerabilities.

Postby tanmay.01 » Mon Apr 15, 2013 12:57 pm

Article by Dan Nanni first published on xmodulo.com

As a system administrator, Linux security technician or system auditor, your responsibility can involve any combination of these: software patch management, malware scanning, file integrity checks, security audit, configuration error checking, etc. If there is an automatic vulnerability scanning tool, it can save you a lot of time checking up on common security issues.

One such vulnerability scanner on Linux is lynis. This tool is actually supported on multiple platforms including CentOS, Debian, Fedora, FreeBSD, Mac OS and Ubuntu.

To install lynis on Linux, open a terminal and run the following commands:

Code: Select all
wget http://www.rootkit.nl/files/lynis-1.3.0.tar.gz
sudo tar xvfvz lynis-1.3.0.tar.gz -C /opt


To scan Linux for vulnerabilities with lynis, run the following.

Code: Select all
cd /opt/lynis-1.3.0/
sudo /opt/lynis-1.3.0/lynis --check-all -Q


Once lynis starts scanning your system, it will perform auditing in a number of categories:

System tools: system binaries
Boot and services: boot loaders, startup services
Kernel: run level, loaded modules, kernel configuration, core dumps
Memory and processes: zombie processes, IO waiting processes
Users, groups and authentication: group IDs, sudoers, PAM configuration, password aging, default mask
Shells
File systems: mount points, /tmp files, root file system
Storage: usb-storage, firewire ohci
NFS
Software: name services: DNS search domain, BIND
Ports and packages: vulnerable/upgradable packages, security repository
Networking: nameservers, promiscuous interfaces, connections
Printers and spools: cups configuration
Software: e-mail and messaging
Software: firewalls: iptables, pf
Software: webserver: Apache, nginx
SSH support: SSH configuration
SNMP support
Databases: MySQL root password
LDAP services
Software: php: php options
Squid support
Logging and files: syslog daemon, log directories
Insecure services: inetd
Banners and identification
Scheduled tasks: crontab/cronjob, atd
Accounting: sysstat data, auditd
Time and synchronization: ntp daemon
Cryptography: SSL certificate expiration
Virtualization
Security frameworks: AppArmor, SELinux, grsecurity status
Software: file integrity
Software: malware scanners
Home directories: shell history files

The screenshot of lynis in action is shown below:

Image

Once scanning is completed, the auditing report of your system is generated and stored in /var/log/lynis.log.

The audit report contains warnings for potential vulnerabilities detected by the tool. For example:

Code: Select all
sudo grep Warning /var/log/lynis.log


[20:20:04] Warning: Root can directly login via SSH [test:SSH-7412] [impact:M]
[20:20:04] Warning: PHP option expose_php is possibly turned on, which can reveal useful information for attackers. [test:PHP-2372] [impact:M]
[20:20:06] Warning: No running NTP daemon or available client found [test:TIME-3104] [impact:M]


The audit report also contains a number of suggestions that can help harden your Linux system. For example:

Code: Select all
sudo grep Suggestion /var/log/lynis.log


[20:19:41] Suggestion: Install a PAM module for password strength testing like pam_cracklib or pam_passwdqc [test:AUTH-9262]
[20:19:41] Suggestion: When possible set expire dates for all password protected accounts [test:AUTH-9282]
[20:19:41] Suggestion: Configure password aging limits to enforce password changing on a regular base [test:AUTH-9286]
[20:19:41] Suggestion: Default umask in /etc/profile could be more strict like 027 [test:AUTH-9328]
[20:19:42] Suggestion: Default umask in /etc/login.defs could be more strict like 027 [test:AUTH-9328]
[20:19:42] Suggestion: Default umask in /etc/init.d/rc could be more strict like 027 [test:AUTH-9328]
[20:19:42] Suggestion: To decrease the impact of a full /tmp file system, place /tmp on a separated partition [test:FILE-6310]
[20:19:42] Suggestion: Disable drivers like USB storage when not used, to prevent unauthorized storage or data theft [test:STRG-1840]
[20:19:42] Suggestion: Disable drivers like firewire storage when not used, to prevent unauthorized storage or data theft [test:STRG-1846]
[20:20:03] Suggestion: Install package apt-show-versions for patch management purposes [test:PKGS-7394]


How to scan your system for vulnerabilities on a daily basis

To get the most out of lynis, it’s recommended to run it on a regular basis, for example, as a daily cronjob. When run with “--cronjob” option, lynis runs in automatic, non-interactive scan mode.

The following is a daily cronjob script that runs lynis in automatic mode to audit your system, and archives daily scan reports.

Code: Select all
sudo vi /etc/cron.daily/scan.sh


#!/bin/sh

AUDITOR="automated"
DATE=$(date +%Y%m%d)
HOST=$(hostname)
LOG_DIR="/var/log/lynis"
REPORT="$LOG_DIR/report-${HOST}.${DATE}"
DATA="$LOG_DIR/report-data-${HOST}.${DATE}.txt"

cd /opt/lynis-1.3.0
./lynis -c --auditor "${AUDITOR}" --cronjob > ${REPORT}

mv /var/log/lynis-report.dat ${DATA}


Code: Select all
sudo chmod 755 /etc/cron.daily/scan.sh
HP ENVY 15
•3rd generation Intel(R) Core(TheeMahn) i5-3210M Processor (2.5 GHz with Turbo Boost up to 3.1 GHz)
• 1GB Radeon(TheeMahn) HD 7750M GDDR5 Graphics [HDMI]
• 6GB 1600DDR3 System Memory (2 Dimm)
• 750GB 7200 rpm Hard Drive
• Intel 2x2 802.11a/b/g/n WLAN + Bluetooth(R)
• Full-size Radiance backlit keyboard.

Image
User avatar
tanmay.01
Moderator
 
Posts: 253
Joined: Wed Dec 07, 2011 1:03 pm
Location: India
Age: 28
Operating System: Other Linux



Re: Scan LINUX for vulnerabilities.

Postby ryanvade » Mon Apr 15, 2013 2:54 pm

Cool.
Image

Laptop: HP dv6t-7000 CTO Desktop: Compaq Presario SR21632wm
i5 2450m Pentium D 960 @ 4 GHz
6 GB ram 2 GB ram
Intel HD 3000 Graphics / Nvidia GT 630M Nvidia GT 520 @ 820 MHz
Diamond II-B 3.10-rc4/Windows 7 Home Premium KDE | Windows 7 Starter/Arch Linux

Paid supporter of the Linux Foundation
User avatar
ryanvade
Moderator
 
Posts: 499
Joined: Sat Apr 28, 2012 10:54 am
Operating System: Other Linux



Re: Scan LINUX for vulnerabilities.

Postby ryanvade » Mon Apr 15, 2013 10:25 pm

Would you mind if I shared?
Image

Laptop: HP dv6t-7000 CTO Desktop: Compaq Presario SR21632wm
i5 2450m Pentium D 960 @ 4 GHz
6 GB ram 2 GB ram
Intel HD 3000 Graphics / Nvidia GT 630M Nvidia GT 520 @ 820 MHz
Diamond II-B 3.10-rc4/Windows 7 Home Premium KDE | Windows 7 Starter/Arch Linux

Paid supporter of the Linux Foundation
User avatar
ryanvade
Moderator
 
Posts: 499
Joined: Sat Apr 28, 2012 10:54 am
Operating System: Other Linux



Re: Scan LINUX for vulnerabilities.

Postby tanmay.01 » Mon Apr 15, 2013 10:54 pm

even I have shared it from some other place .... so yes you can
HP ENVY 15
•3rd generation Intel(R) Core(TheeMahn) i5-3210M Processor (2.5 GHz with Turbo Boost up to 3.1 GHz)
• 1GB Radeon(TheeMahn) HD 7750M GDDR5 Graphics [HDMI]
• 6GB 1600DDR3 System Memory (2 Dimm)
• 750GB 7200 rpm Hard Drive
• Intel 2x2 802.11a/b/g/n WLAN + Bluetooth(R)
• Full-size Radiance backlit keyboard.

Image
User avatar
tanmay.01
Moderator
 
Posts: 253
Joined: Wed Dec 07, 2011 1:03 pm
Location: India
Age: 28
Operating System: Other Linux



Re: Scan LINUX for vulnerabilities.

Postby linuxfreack » Tue Apr 16, 2013 4:24 am

Very good find tanmay.01 testing as we speak. :D
Last edited by ryanvade on Tue Apr 16, 2013 10:56 am, edited 1 time in total.
Reason: removed accidental curse. (removed an s from as)
User avatar
linuxfreack
U.E. Pro
U.E. Pro
 
Posts: 160
Joined: Fri Jan 30, 2009 5:08 pm
Operating System: Ultimate Edition 3.2 64 BIT


Return to Server and Security

Who is online

Users browsing this forum: No registered users and 1 guest