<?xml version="1.0"?>
<feed xmlns="http://www.w3.org/2005/Atom" xml:lang="fr">
	<id>https://wikiold.home.tartarefr.eu/index.php?action=history&amp;feed=atom&amp;title=Security%2FAudit%2FLynis%2FBrief</id>
	<title>Security/Audit/Lynis/Brief - Historique des versions</title>
	<link rel="self" type="application/atom+xml" href="https://wikiold.home.tartarefr.eu/index.php?action=history&amp;feed=atom&amp;title=Security%2FAudit%2FLynis%2FBrief"/>
	<link rel="alternate" type="text/html" href="https://wikiold.home.tartarefr.eu/index.php?title=Security/Audit/Lynis/Brief&amp;action=history"/>
	<updated>2026-07-08T06:34:42Z</updated>
	<subtitle>Historique des versions pour cette page sur le wiki</subtitle>
	<generator>MediaWiki 1.43.8</generator>
	<entry>
		<id>https://wikiold.home.tartarefr.eu/index.php?title=Security/Audit/Lynis/Brief&amp;diff=2625&amp;oldid=prev</id>
		<title>Didier : Page créée avec « == introduction ==  Lynis est un petit soft qui s’utilise en ligne de commande. Lynis n’est pas à proprement parler un outil de pentest (ce à quoi l’on pourrait s... »</title>
		<link rel="alternate" type="text/html" href="https://wikiold.home.tartarefr.eu/index.php?title=Security/Audit/Lynis/Brief&amp;diff=2625&amp;oldid=prev"/>
		<updated>2014-03-21T07:54:58Z</updated>

		<summary type="html">&lt;p&gt;Page créée avec « == introduction ==  Lynis est un petit soft qui s’utilise en ligne de commande. Lynis n’est pas à proprement parler un outil de pentest (ce à quoi l’on pourrait s... »&lt;/p&gt;
&lt;p&gt;&lt;b&gt;Nouvelle page&lt;/b&gt;&lt;/p&gt;&lt;div&gt;== introduction ==&lt;br /&gt;
&lt;br /&gt;
Lynis est un petit soft qui s’utilise en ligne de commande. Lynis n’est pas à proprement parler un outil de pentest (ce à quoi l’on pourrait s’attendre quand on parle d’audit).&lt;br /&gt;
&lt;br /&gt;
Il a pour but de vérifier via un scan, quasiment tous les paramètres du système avant de faire une synthèse complète et d&amp;#039;afficher des suggestions qui vont permettre d’agir sur les points faibles de celui-ci.&lt;br /&gt;
&lt;br /&gt;
Il va analyser tout un tas de paramètres concernant entre-autres :&lt;br /&gt;
&lt;br /&gt;
* Les chargeurs et services de démarrage&lt;br /&gt;
* La configuration du noyau, les modules chargés, ceux en cours d’exécution&lt;br /&gt;
* La mémoire et les processus&lt;br /&gt;
* Les utilisateurs et les groupes&lt;br /&gt;
* Les points de montage et le système de fichiers racine&lt;br /&gt;
* Les services NFS et BIND&lt;br /&gt;
* Les mises à jour et les référentiels de vos logiciels&lt;br /&gt;
* Les règles Iptables et la configurations SELinux&lt;br /&gt;
* Les serveurs Web Apache et nginx&lt;br /&gt;
* La configurations SSH&lt;br /&gt;
* Le mot de passe root, MySQL et les services LDAP&lt;br /&gt;
* Les options PHP&lt;br /&gt;
* Les options crontab / cron et ATD&lt;br /&gt;
* Le démon NTP&lt;br /&gt;
* L’expiration du certificat SSL&lt;br /&gt;
* La présence de malwares&lt;br /&gt;
* Les répertoires personnels&lt;br /&gt;
&lt;br /&gt;
== Exemple d&amp;#039;exécution ==&lt;br /&gt;
&lt;br /&gt;
&amp;lt;pre&amp;gt;&lt;br /&gt;
lynis -Q -c&lt;br /&gt;
&lt;br /&gt;
[ Lynis 1.4.6 ]&lt;br /&gt;
&lt;br /&gt;
################################################################################&lt;br /&gt;
 Lynis comes with ABSOLUTELY NO WARRANTY. This is free software, and you are&lt;br /&gt;
 welcome to redistribute it under the terms of the GNU General Public License.&lt;br /&gt;
 See the LICENSE file for details about using this software.&lt;br /&gt;
&lt;br /&gt;
 Copyright 2007-2014 - Michael Boelen, http://cisofy.com&lt;br /&gt;
 Enterprise support and plugins available via CISOfy - http://cisofy.com&lt;br /&gt;
################################################################################&lt;br /&gt;
&lt;br /&gt;
[+] Initializing program&lt;br /&gt;
------------------------------------&lt;br /&gt;
  - Detecting OS...                                           [ DONE ]&lt;br /&gt;
  - Clearing log file (/var/log/lynis.log)...                 [ DONE ]&lt;br /&gt;
&lt;br /&gt;
  ---------------------------------------------------&lt;br /&gt;
  Program version:           1.4.6&lt;br /&gt;
  Operating system:          Linux&lt;br /&gt;
  Operating system name:     CentOS&lt;br /&gt;
  Operating system version:  CentOS release 6.5 (Final)&lt;br /&gt;
  Kernel version:            2.6.32-431.el6.x86_64&lt;br /&gt;
  Hardware platform:         x86_64&lt;br /&gt;
  Hostname:                  scapmaster&lt;br /&gt;
  Auditor:                   [Unknown]&lt;br /&gt;
  Profile:                   /etc/lynis/default.prf&lt;br /&gt;
  Log file:                  /var/log/lynis.log&lt;br /&gt;
  Report file:               /var/log/lynis-report.dat&lt;br /&gt;
  Report version:            1.0&lt;br /&gt;
  Plugin directory:          /usr/share/lynis/plugins&lt;br /&gt;
  ---------------------------------------------------&lt;br /&gt;
  - Checking profile file (/etc/lynis/default.prf)...&lt;br /&gt;
  - Program update status...                                  [ NO UPDATE ]&lt;br /&gt;
&lt;br /&gt;
[+] System Tools&lt;br /&gt;
------------------------------------&lt;br /&gt;
  - Scanning available tools...&lt;br /&gt;
  - Checking system binaries...&lt;br /&gt;
    - Checking /bin...                                        [ FOUND ]&lt;br /&gt;
    - Checking /sbin...                                       [ FOUND ]&lt;br /&gt;
    - Checking /usr/bin...                                    [ FOUND ]&lt;br /&gt;
    - Checking /usr/sbin...                                   [ FOUND ]&lt;br /&gt;
    - Checking /usr/local/bin...                              [ FOUND ]&lt;br /&gt;
    - Checking /usr/local/sbin...                             [ FOUND ]&lt;br /&gt;
    - Checking /usr/local/libexec...                          [ FOUND ]&lt;br /&gt;
    - Checking /usr/libexec...                                [ FOUND ]&lt;br /&gt;
    - Checking /usr/sfw/bin...                                [ NOT FOUND ]&lt;br /&gt;
    - Checking /usr/sfw/sbin...                               [ NOT FOUND ]&lt;br /&gt;
    - Checking /usr/sfw/libexec...                            [ NOT FOUND ]&lt;br /&gt;
    - Checking /opt/sfw/bin...                                [ NOT FOUND ]&lt;br /&gt;
    - Checking /opt/sfw/sbin...                               [ NOT FOUND ]&lt;br /&gt;
    - Checking /opt/sfw/libexec...                            [ NOT FOUND ]&lt;br /&gt;
    - Checking /usr/xpg4/bin...                               [ NOT FOUND ]&lt;br /&gt;
    - Checking /usr/css/bin...                                [ NOT FOUND ]&lt;br /&gt;
    - Checking /usr/ucb...                                    [ NOT FOUND ]&lt;br /&gt;
    - Checking /usr/X11R6/bin...                              [ NOT FOUND ]&lt;br /&gt;
&lt;br /&gt;
[+] Plugins (phase 1)&lt;br /&gt;
------------------------------------&lt;br /&gt;
  - Plugins enabled                                           [ NONE ]&lt;br /&gt;
&lt;br /&gt;
[+] Boot and services&lt;br /&gt;
------------------------------------&lt;br /&gt;
  - Checking boot loaders&lt;br /&gt;
    - Checking presence GRUB...                               [ OK ]&lt;br /&gt;
      - Checking for password protection...                   [ OK ]&lt;br /&gt;
    - Checking presence LILO...                               [ NOT FOUND ]&lt;br /&gt;
    - Checking boot loader SILO                               [ NOT FOUND ]&lt;br /&gt;
    - Checking boot loader YABOOT                             [ NOT FOUND ]&lt;br /&gt;
  - Check services at startup (chkconfig)...                  [ DONE ]&lt;br /&gt;
        Result: found 19 services&lt;br /&gt;
  - Check startup files (permissions)...                      [ OK ]&lt;br /&gt;
&lt;br /&gt;
[+] Kernel&lt;br /&gt;
------------------------------------&lt;br /&gt;
  - Checking default run level...                             [ 3 ]&lt;br /&gt;
  - Checking CPU support (NX/PAE)&lt;br /&gt;
    CPU support: PAE and/or NoeXecute supported               [ FOUND ]&lt;br /&gt;
  - Checking kernel version and release                       [ DONE ]&lt;br /&gt;
  - Checking kernel type                                      [ DONE ]&lt;br /&gt;
  - Checking loaded kernel modules                            [ DONE ]&lt;br /&gt;
      Found 35 active modules&lt;br /&gt;
  - Checking Linux kernel configuration file...               [ FOUND ]&lt;br /&gt;
  - Checking core dumps configuration...                      [ ENABLED ]&lt;br /&gt;
    - Checking setuid core dumps configuration...             [ DEFAULT ]&lt;br /&gt;
&lt;br /&gt;
[+] Memory and processes&lt;br /&gt;
------------------------------------&lt;br /&gt;
  - Checking /proc/meminfo...                                 [ FOUND ]&lt;br /&gt;
  - Searching for dead/zombie processes...                    [ OK ]&lt;br /&gt;
  - Searching for IO waiting processes...                     [ OK ]&lt;br /&gt;
&lt;br /&gt;
[+] Users, Groups and Authentication&lt;br /&gt;
------------------------------------&lt;br /&gt;
  - Search administrator accounts...                          [ OK ]&lt;br /&gt;
  - Checking consistency of group files (grpck)...            [ OK ]&lt;br /&gt;
  - Checking non unique group ID&amp;#039;s...                         [ OK ]&lt;br /&gt;
  - Checking non unique group names...                        [ OK ]&lt;br /&gt;
  - Checking password file consistency...                     [ OK ]&lt;br /&gt;
  - Query system users (non daemons)...                       [ DONE ]&lt;br /&gt;
  - Checking NIS+ authentication support                      [ NOT ENABLED ]&lt;br /&gt;
  - Checking NIS authentication support                       [ NOT ENABLED ]&lt;br /&gt;
  - Checking sudoers file                                     [ FOUND ]&lt;br /&gt;
    - Check sudoers file permissions                          [ OK ]&lt;br /&gt;
  - Checking PAM password strength tools                      [ OK ]&lt;br /&gt;
  - Checking PAM configuration file (pam.conf)                [ NOT FOUND ]&lt;br /&gt;
  - Checking PAM configuration files (pam.d)                  [ FOUND ]&lt;br /&gt;
  - Checking PAM modules                                      [ FOUND ]&lt;br /&gt;
  - Checking user password aging                              [ OK ]&lt;br /&gt;
  - Checking Linux single user mode authentication            [ OK ]&lt;br /&gt;
  - Determining default umask&lt;br /&gt;
    - Checking umask (/etc/profile)                           [ UNKNOWN ]&lt;br /&gt;
    - Checking umask (/etc/login.defs)                        [ OK ]&lt;br /&gt;
    - Checking umask (/etc/init.d/functions)                  [ OK ]&lt;br /&gt;
  - Checking LDAP authentication support                      [ NOT ENABLED ]&lt;br /&gt;
&lt;br /&gt;
[+] Shells&lt;br /&gt;
------------------------------------&lt;br /&gt;
  - Checking shells from /etc/shells...&lt;br /&gt;
    Result: found 6 shells (valid shells: 6).&lt;br /&gt;
&lt;br /&gt;
[+] File systems&lt;br /&gt;
------------------------------------&lt;br /&gt;
  - Checking mount points&lt;br /&gt;
    - Checking /home mount point...                           [ OK ]&lt;br /&gt;
    - Checking /tmp mount point...                            [ OK ]&lt;br /&gt;
  - Checking LVM volume groups...                             [ FOUND ]&lt;br /&gt;
    - Checking LVM volumes...                                 [ FOUND ]&lt;br /&gt;
  - Checking for old files in /tmp...                         [ OK ]&lt;br /&gt;
  - Checking /tmp sticky bit...                               [ OK ]&lt;br /&gt;
  - ACL support root file system...                           [ ENABLED ]&lt;br /&gt;
  - Checking Locate database...                               [ FOUND ]&lt;br /&gt;
&lt;br /&gt;
[+] Storage&lt;br /&gt;
------------------------------------&lt;br /&gt;
  - Checking usb-storage driver (modprobe config)...          [ NOT DISABLED ]&lt;br /&gt;
  - Checking firewire ohci driver (modprobe config)...        [ NOT DISABLED ]&lt;br /&gt;
&lt;br /&gt;
[+] NFS&lt;br /&gt;
------------------------------------&lt;br /&gt;
  - Check running NFS daemon...                               [ NOT FOUND ]&lt;br /&gt;
&lt;br /&gt;
[+] Software: name services&lt;br /&gt;
------------------------------------&lt;br /&gt;
  - Checking default DNS search domain...                     [ NONE ]&lt;br /&gt;
  - Checking /etc/resolv.conf options...                      [ NONE ]&lt;br /&gt;
  - Searching DNS domain name...                              [ FOUND ]&lt;br /&gt;
      Domain name: didier.b2pweb.com&lt;br /&gt;
  - Checking nscd status...                                   [ NOT FOUND ]&lt;br /&gt;
  - Checking BIND status...                                   [ NOT FOUND ]&lt;br /&gt;
  - Checking PowerDNS status...                               [ NOT FOUND ]&lt;br /&gt;
  - Checking ypbind status...                                 [ NOT FOUND ]&lt;br /&gt;
  - Checking /etc/hosts&lt;br /&gt;
    - Checking /etc/hosts (duplicates)                        [ OK ]&lt;br /&gt;
    - Checking /etc/hosts (hostname)                          [ OK ]&lt;br /&gt;
    - Checking /etc/hosts (localhost)                         [ OK ]&lt;br /&gt;
&lt;br /&gt;
[+] Ports and packages&lt;br /&gt;
------------------------------------&lt;br /&gt;
  - Searching package managers...&lt;br /&gt;
    - Searching RPM package manager...                        [ FOUND ]&lt;br /&gt;
      - Querying RPM package manager...&lt;br /&gt;
  - Checking YUM package management consistency               [ OK ]&lt;br /&gt;
  - Checking package database duplicates...                   [ OK ]&lt;br /&gt;
  - Checking package database for problems...                 [ OK ]&lt;br /&gt;
  - Checking missing security packages...                     [ OK ]&lt;br /&gt;
  - Checking GPG checks (yum.conf)                            [ OK ]&lt;br /&gt;
  - Checking package audit tool...                            [ INSTALLED ]&lt;br /&gt;
    Found: yum-security&lt;br /&gt;
&lt;br /&gt;
[+] Networking&lt;br /&gt;
------------------------------------&lt;br /&gt;
  - Checking configured nameservers...&lt;br /&gt;
    - Testing nameservers...&lt;br /&gt;
        Nameserver: 192.168.122.1...                          [ OK ]&lt;br /&gt;
    - Minimal of 2 responsive nameservers...                  [ WARNING ]&lt;br /&gt;
  - Checking default gateway...                               [ DONE ]&lt;br /&gt;
  - Getting listening ports (TCP/TCP)...                      [ DONE ]&lt;br /&gt;
      * Found 4 ports&lt;br /&gt;
  - Checking promiscuous interfaces...                        [ OK ]&lt;br /&gt;
  - Checking waiting connections...                           [ OK ]&lt;br /&gt;
  - Checking status DHCP client...                            [ RUNNING ]&lt;br /&gt;
&lt;br /&gt;
[+] Printers and Spools&lt;br /&gt;
------------------------------------&lt;br /&gt;
  - Checking cups daemon...                                   [ NOT FOUND ]&lt;br /&gt;
&lt;br /&gt;
[+] Software: e-mail and messaging&lt;br /&gt;
------------------------------------&lt;br /&gt;
  - Checking Exim status...                                   [ NOT FOUND ]&lt;br /&gt;
  - Checking Postfix status...                                [ RUNNING ]&lt;br /&gt;
  - Checking Postfix configuration...                         [ FOUND ]&lt;br /&gt;
    - Checking Postfix banner...                              [ OK ]&lt;br /&gt;
  - Checking Dovecot status...                                [ NOT FOUND ]&lt;br /&gt;
  - Checking Qmail smtpd status...                            [ NOT FOUND ]&lt;br /&gt;
&lt;br /&gt;
[+] Software: firewalls&lt;br /&gt;
------------------------------------&lt;br /&gt;
  - Checking iptables kernel module                           [ FOUND ]&lt;br /&gt;
    - Checking for empty ruleset                              [ OK ]&lt;br /&gt;
    - Checking for unused rules                               [ WARNING ]&lt;br /&gt;
    Status pf                                                 [ NOT FOUND ]&lt;br /&gt;
  - Checking host based firewall                              [ ACTIVE ]&lt;br /&gt;
&lt;br /&gt;
[+] Software: webserver&lt;br /&gt;
------------------------------------&lt;br /&gt;
  - Checking Apache (binary /usr/sbin/httpd)...               [ FOUND ]&lt;br /&gt;
      Info: Configuration file found (/etc/httpd/conf/httpd.conf)4C&lt;br /&gt;
      Info: No virtual hosts found&lt;br /&gt;
    * Loadable modules                                        [ FOUND ]&lt;br /&gt;
        - Found 65 loadable modules&lt;br /&gt;
          mod_evasive: anti-DoS/brute force                   [ NOT FOUND ]&lt;br /&gt;
          mod_qos: anti-Slowloris                             [ NOT FOUND ]&lt;br /&gt;
          mod_spamhaus: anti-spam (spamhaus)                  [ NOT FOUND ]&lt;br /&gt;
          ModSecurity: web application firewall               [ NOT FOUND ]&lt;br /&gt;
  - Checking nginx...                                         [ NOT FOUND ]&lt;br /&gt;
&lt;br /&gt;
[+] SSH Support&lt;br /&gt;
------------------------------------&lt;br /&gt;
  - Checking running SSH daemon...                            [ FOUND ]&lt;br /&gt;
    - Searching SSH configuration...                          [ FOUND ]&lt;br /&gt;
    - Checking defined SSH options...                         [ DONE ]&lt;br /&gt;
    - SSH option: PermitRootLogin...                          [ DISABLED ]&lt;br /&gt;
    - SSH option: Protocol...                                 [ OK ]&lt;br /&gt;
    - SSH option: StrictModes...                              [ OK ]&lt;br /&gt;
    - SSH option: AllowUsers...                               [ FOUND ]&lt;br /&gt;
    - SSH option: AllowGroups...                              [ NOT FOUND ]&lt;br /&gt;
&lt;br /&gt;
[+] SNMP Support&lt;br /&gt;
------------------------------------&lt;br /&gt;
  - Checking running SNMP daemon...                           [ NOT FOUND ]&lt;br /&gt;
&lt;br /&gt;
[+] Databases&lt;br /&gt;
------------------------------------&lt;br /&gt;
  - MySQL process status...                                   [ NOT FOUND ]&lt;br /&gt;
  - PostgreSQL processes status...                            [ NOT FOUND ]&lt;br /&gt;
  - Oracle processes status...                                [ NOT FOUND ]&lt;br /&gt;
&lt;br /&gt;
[+] LDAP Services&lt;br /&gt;
------------------------------------&lt;br /&gt;
  - Checking OpenLDAP instance...                             [ NOT FOUND ]&lt;br /&gt;
&lt;br /&gt;
[+] Software: PHP&lt;br /&gt;
------------------------------------&lt;br /&gt;
  - Checking PHP...                                           [ NOT FOUND ]&lt;br /&gt;
&lt;br /&gt;
[+] Squid Support&lt;br /&gt;
------------------------------------&lt;br /&gt;
  - Checking running Squid daemon...                          [ NOT FOUND ]&lt;br /&gt;
&lt;br /&gt;
[+] Logging and files&lt;br /&gt;
------------------------------------&lt;br /&gt;
  - Checking for a running log daemon...                      [ OK ]&lt;br /&gt;
    - Checking Syslog-NG status                               [ NOT FOUND ]&lt;br /&gt;
    - Checking Metalog status                                 [ NOT FOUND ]&lt;br /&gt;
    - Checking RSyslog status                                 [ FOUND ]&lt;br /&gt;
    - Checking RFC 3195 daemon status                         [ NOT FOUND ]&lt;br /&gt;
    - Checking minilogd instances                             [ NOT FOUND ]&lt;br /&gt;
  - Checking logrotate presence                               [ OK ]&lt;br /&gt;
  - Checking log directories (static list)                    [ DONE ]&lt;br /&gt;
  - Checking open log files                                   [ DONE ]&lt;br /&gt;
  - Checking deleted files in use                             [ DONE ]&lt;br /&gt;
&lt;br /&gt;
[+] Insecure services&lt;br /&gt;
------------------------------------&lt;br /&gt;
  - Checking inetd status...                                  [ NOT ACTIVE ]&lt;br /&gt;
&lt;br /&gt;
[+] Banners and identification&lt;br /&gt;
------------------------------------&lt;br /&gt;
  - /etc/motd...                                              [ FOUND ]&lt;br /&gt;
    - /etc/motd permissions...                                [ OK ]&lt;br /&gt;
    - /etc/motd contents...                                   [ OK ]&lt;br /&gt;
  - /etc/issue...                                             [ FOUND ]&lt;br /&gt;
    - /etc/issue contents...                                  [ OK ]&lt;br /&gt;
  - /etc/issue.net...                                         [ FOUND ]&lt;br /&gt;
    - /etc/issue.net contents...                              [ WEAK ]&lt;br /&gt;
&lt;br /&gt;
[+] Scheduled tasks&lt;br /&gt;
------------------------------------&lt;br /&gt;
  - Checking crontab/cronjob                                  [ DONE ]&lt;br /&gt;
  - Checking atd status                                       [ NOT RUNNING ]&lt;br /&gt;
&lt;br /&gt;
[+] Accounting&lt;br /&gt;
------------------------------------&lt;br /&gt;
  - Checking accounting information...                        [ OK ]&lt;br /&gt;
  - Checking sysstat accounting data                          [ ENABLED ]&lt;br /&gt;
  - Checking auditd                                           [ ENABLED ]&lt;br /&gt;
    - Checking audit rules                                    [ OK ]&lt;br /&gt;
    - Checking audit configuration file                       [ OK ]&lt;br /&gt;
    - Checking auditd log file                                [ FOUND ]&lt;br /&gt;
&lt;br /&gt;
[+] Time and Synchronization&lt;br /&gt;
------------------------------------&lt;br /&gt;
  - Checking running NTP daemon (ntpd)...                     [ FOUND ]&lt;br /&gt;
  - Checking running NTP daemon (timed)...                    [ NOT FOUND ]&lt;br /&gt;
  - Checking running NTP daemon (dntpd)...                    [ NOT FOUND ]&lt;br /&gt;
  - Checking NTP client in crontab file (/etc/anacrontab)...  [ NOT FOUND ]&lt;br /&gt;
  - Checking NTP client in crontab file (/etc/crontab)...     [ NOT FOUND ]&lt;br /&gt;
  - Checking NTP client in cron.d files...                    [ NOT FOUND ]&lt;br /&gt;
  - Checking for a running NTP daemon or client...            [ OK ]&lt;br /&gt;
  - Checking valid association ID&amp;#039;s...                        [ FOUND ]&lt;br /&gt;
  - Checking high stratum ntp peers...                        [ OK ]&lt;br /&gt;
  - Checking unreliable ntp peers...                          [ NOTICE ]&lt;br /&gt;
  - Checking selected time source...                          [ OK ]&lt;br /&gt;
  - Checking time source candidates...                        [ OK ]&lt;br /&gt;
  - Checking falsetickers...                                  [ OK ]&lt;br /&gt;
  - Checking NTP version...                                   [ FOUND ]&lt;br /&gt;
&lt;br /&gt;
[+] Cryptography&lt;br /&gt;
------------------------------------&lt;br /&gt;
  - Checking SSL certificate expiration...                    [ OK ]&lt;br /&gt;
&lt;br /&gt;
[+] Virtualization&lt;br /&gt;
------------------------------------&lt;br /&gt;
&lt;br /&gt;
[+] Security frameworks&lt;br /&gt;
------------------------------------&lt;br /&gt;
  - Checking presence AppArmor                                [ NOT FOUND ]&lt;br /&gt;
  - Checking presence SELinux                                 [ FOUND ]&lt;br /&gt;
    - Checking SELinux status                                 [ ENABLED ]&lt;br /&gt;
      - Checking current mode and config file                 [ OK ]&lt;br /&gt;
        Current SELinux mode: enforcing&lt;br /&gt;
  - Checking presence grsecurity                              [ NOT FOUND ]&lt;br /&gt;
  - Checking for implemented MAC framework                    [ OK ]&lt;br /&gt;
&lt;br /&gt;
[+] Software: file integrity&lt;br /&gt;
------------------------------------&lt;br /&gt;
  - Checking file integrity tools...&lt;br /&gt;
    - AFICK...                                                [ NOT FOUND ]&lt;br /&gt;
    - AIDE...                                                 [ FOUND ]&lt;br /&gt;
    - Osiris...                                               [ NOT FOUND ]&lt;br /&gt;
    - Samhain...                                              [ NOT FOUND ]&lt;br /&gt;
    - Tripwire...                                             [ NOT FOUND ]&lt;br /&gt;
    - OSSEC (syscheck)...                                     [ NOT FOUND ]&lt;br /&gt;
  - Checking presence integrity tool...                       [ FOUND ]&lt;br /&gt;
&lt;br /&gt;
[+] Software: Malware scanners&lt;br /&gt;
------------------------------------&lt;br /&gt;
  - Checking chkrootkit...                                    [ FOUND ]&lt;br /&gt;
  - Checking Rootkit Hunter...                                [ FOUND ]&lt;br /&gt;
  - Checking ClamAV scanner...                                [ NOT FOUND ]&lt;br /&gt;
  - Checking ClamAV daemon...                                 [ NOT FOUND ]&lt;br /&gt;
&lt;br /&gt;
[+] System Tools&lt;br /&gt;
------------------------------------&lt;br /&gt;
  - Starting file permissions check...&lt;br /&gt;
    /etc/lilo.conf                                            [ NOT FOUND ]&lt;br /&gt;
    /root/.ssh                                                [ OK ]&lt;br /&gt;
&lt;br /&gt;
[+] Home directories&lt;br /&gt;
------------------------------------&lt;br /&gt;
  - Checking shell history files...                           [ OK ]&lt;br /&gt;
&lt;br /&gt;
[+] Kernel Hardening&lt;br /&gt;
------------------------------------&lt;br /&gt;
  - Comparing sysctl key pairs with scan profile...&lt;br /&gt;
    - kernel.core_uses_pid (exp: 1)                           [ OK ]&lt;br /&gt;
    - kernel.ctrl-alt-del (exp: 0)                            [ OK ]&lt;br /&gt;
    - kernel.exec-shield (exp: 1)                             [ OK ]&lt;br /&gt;
    - kernel.sysrq (exp: 0)                                   [ OK ]&lt;br /&gt;
    - net.ipv4.conf.all.accept_redirects (exp: 0)             [ OK ]&lt;br /&gt;
    - net.ipv4.conf.all.accept_source_route (exp: 0)          [ OK ]&lt;br /&gt;
    - net.ipv4.conf.all.bootp_relay (exp: 0)                  [ OK ]&lt;br /&gt;
    - net.ipv4.conf.all.forwarding (exp: 0)                   [ OK ]&lt;br /&gt;
    - net.ipv4.conf.all.log_martians (exp: 1)                 [ OK ]&lt;br /&gt;
    - net.ipv4.conf.all.mc_forwarding (exp: 0)                [ OK ]&lt;br /&gt;
    - net.ipv4.conf.all.proxy_arp (exp: 0)                    [ OK ]&lt;br /&gt;
    - net.ipv4.conf.all.rp_filter (exp: 1)                    [ OK ]&lt;br /&gt;
    - net.ipv4.conf.all.send_redirects (exp: 0)               [ OK ]&lt;br /&gt;
    - net.ipv4.conf.default.accept_redirects (exp: 0)         [ OK ]&lt;br /&gt;
    - net.ipv4.conf.default.accept_source_route (exp: 0)      [ OK ]&lt;br /&gt;
    - net.ipv4.conf.default.log_martians (exp: 1)             [ OK ]&lt;br /&gt;
    - net.ipv4.icmp_echo_ignore_broadcasts (exp: 1)           [ OK ]&lt;br /&gt;
    - net.ipv4.icmp_ignore_bogus_error_responses (exp: 1)     [ OK ]&lt;br /&gt;
    - net.ipv4.tcp_syncookies (exp: 1)                        [ OK ]&lt;br /&gt;
    - net.ipv4.tcp_timestamps (exp: 0)                        [ DIFFERENT ]&lt;br /&gt;
&lt;br /&gt;
[+] Hardening&lt;br /&gt;
------------------------------------&lt;br /&gt;
    - Installed compiler(s)...                                [ FOUND ]&lt;br /&gt;
    - Installed malware scanner...                            [ FOUND ]&lt;br /&gt;
&lt;br /&gt;
[+] Custom Tests&lt;br /&gt;
------------------------------------&lt;br /&gt;
  - Running custom tests...                                   [ NONE ]&lt;br /&gt;
&lt;br /&gt;
================================================================================&lt;br /&gt;
&lt;br /&gt;
  -[ Lynis 1.4.6 Results ]-&lt;br /&gt;
&lt;br /&gt;
  Tests performed: 174   Plugins enabled: 0&lt;br /&gt;
&lt;br /&gt;
  Warnings:&lt;br /&gt;
  ----------------------------&lt;br /&gt;
  - Couldn&amp;#039;t find 2 responsive nameservers [NETW-2705]&lt;br /&gt;
&lt;br /&gt;
  Suggestions:&lt;br /&gt;
  ----------------------------&lt;br /&gt;
  - Run chkconfig --list to see all services and disable unneeded services&lt;br /&gt;
  - Disable drivers like USB storage when not used, to prevent unauthorized storage or data theft [STRG-1840]&lt;br /&gt;
  - Disable drivers like firewire storage when not used, to prevent unauthorized storage or data theft [STRG-1846]&lt;br /&gt;
  - Check your resolv.conf file and fill in a backup nameserver if possible [NETW-2705]&lt;br /&gt;
  - Check iptables rules to see which rules are currently not used [FIRE-4513]&lt;br /&gt;
  - Install Apache mod_evasive to guard webserver against DoS/brute force attempts [HTTP-6640]&lt;br /&gt;
  - Install Apache mod_qos to guard webserver against Slowloris attacks [HTTP-6641]&lt;br /&gt;
  - Install Apache mod_spamhaus to guard webserver against spammers [HTTP-6642]&lt;br /&gt;
  - Install Apache modsecurity to guard webserver against web application attacks [HTTP-6643]&lt;br /&gt;
  - Add legal banner to /etc/issue.net, to warn unauthorized users [BANN-7130]&lt;br /&gt;
  - Check ntpq peers output for unreliable ntp peers and correct/replace them [TIME-3120]&lt;br /&gt;
  - One or more sysctl values differ from the scan profile and could be tweaked [KRNL-6000]&lt;br /&gt;
  - Harden the system by removing unneeded compilers. This can decrease the chance of customized trojans, backdoors and rootkits to be compiled and installed [HRDN-7220]&lt;br /&gt;
  - Harden compilers and restrict access to world [HRDN-7222]&lt;br /&gt;
&lt;br /&gt;
  Follow-up:&lt;br /&gt;
  ----------------------------&lt;br /&gt;
  - Fix findings, see security controls overview and documentation&lt;br /&gt;
  - Upload data to Lynis Enterprise for further analysis&lt;br /&gt;
  - Create a report and implementation plan&lt;br /&gt;
&lt;br /&gt;
  Enterprise support and plugins available via CISOfy - http://cisofy.com&lt;br /&gt;
================================================================================&lt;br /&gt;
  Hardening index : [89]   [#################   ]&lt;br /&gt;
================================================================================&lt;br /&gt;
  Files:&lt;br /&gt;
  - Test and debug information      : /var/log/lynis.log&lt;br /&gt;
  - Report data                     : /var/log/lynis-report.dat&lt;br /&gt;
================================================================================&lt;br /&gt;
  Tip: Disable all tests which are not relevant or are too strict for the&lt;br /&gt;
       purpose of this particular machine. This will remove unwanted suggestions&lt;br /&gt;
       and also boost the hardening index. Each test should be properly analyzed&lt;br /&gt;
       to see if the related risks can be accepted, before disabling the test.&lt;br /&gt;
================================================================================&lt;br /&gt;
  Lynis 1.4.6&lt;br /&gt;
  Copyright 2007-2014 - Michael Boelen, http://cisofy.com&lt;br /&gt;
================================================================================&lt;br /&gt;
&amp;lt;/pre&amp;gt;&lt;/div&gt;</summary>
		<author><name>Didier</name></author>
	</entry>
</feed>