lynis 是一款运行在 Unix/Linux 平台上的基于主机的、开源的安详审计软件。
安装lynis
在 archlinux 上可以直接通过 pacman 来安装
sudo pacman -S lynis --noconfirm
resolving dependencies... looking for conflicting packages... Packages (1) lynis-2.6.4-1 Total Installed Size: 1.35 MiB Net Upgrade Size: 0.00 MiB :: Proceed with installation? [Y/n] (0/1) checking keys in keyring [----------------------] 0% (1/1) checking keys in keyring [######################] 100% (0/1) checking package integrity [----------------------] 0% (1/1) checking package integrity [######################] 100% (0/1) loading package files [----------------------] 0% (1/1) loading package files [######################] 100% (0/1) checking for file conflicts [----------------------] 0% (1/1) checking for file conflicts [######################] 100% (0/1) checking available disk space [----------------------] 0% (1/1) checking available disk space [######################] 100% :: Processing package changes... (1/1) reinstalling lynis [----------------------] 0% (1/1) reinstalling lynis [######################] 100% :: Running post-transaction hooks... (1/2) Reloading system manager configuration... (2/2) Arming ConditionNeedsUpdate...
利用lynis举办主机扫描
首先让我们不带任何参数运行 lynis, 这会列出 lynis 支持的那些参数
[lujun9972@T520 linux和它的小同伴]$ lynis [ Lynis 2.6.4 ] ################################################################################ Lynis comes with ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to redistribute it under the terms of the GNU General Public License. See the LICENSE file for details about using this software. 2007-2018, CISOfy - https://cisofy.com/lynis/ Enterprise support available (compliance, plugins, interface and tools) ################################################################################ [+] Initializing program ------------------------------------ Usage: lynis command [options] Command: audit audit system : Perform local security scan audit system remote <host> : Remote security scan audit dockerfile <file> : Analyze Dockerfile show show : Show all commands show version : Show Lynis version show help : Show help update update info : Show update details Options: --no-log : Don't create a log file --pentest : Non-privileged scan (useful for pentest) --profile <profile> : Scan the system with the given profile file --quick (-Q) : Quick mode, don't wait for user input Layout options --no-colors : Don't use colors in output --quiet (-q) : No output --reverse-colors : Optimize color display for light backgrounds Misc options --debug : Debug logging to screen --view-manpage (--man) : View man page --verbose : Show more details on screen --version (-V) : Display version number and quit Enterprise options --plugindir <path> : Define path of available plugins --upload : Upload data to central node More options available. Run '/usr/bin/lynis show options', or use the man page. No command provided. Exiting..
从上面可以看出,
sudo lynis audit system |sed '1,/Results/d'
lynis将扫描的内容分成几大类,可以通过 show groups 参数来获取种别
lynis show groups
accounting authentication banners boot_services containers crypto databases dns file_integrity file_permissions filesystems firewalls hardening homedirs insecure_services kernel kernel_hardening ldap logging mac_frameworks mail_messaging malware memory_processes nameservices networking php ports_packages printers_spools scheduling shells snmp squid ssh storage storage_nfs system_integrity time tooling usb virtualization webservers
若指向扫描某几类的内容,则可以通过 –tests-from-group 参数来指定。
联系电话:0512-55008018
传真:0512-55008018
邮箱:sales@baoding-soft.com
地址:昆山市巴城镇学院路828号浦东软件园区1栋4楼A座
微信交流
关注我们
首页
