고정 헤더 영역
상세 컨텐츠
본문
Lynis를 이용하여 시스템 하드닝(Hardening), 보안 감사, 보안 취약점 진단을 쉽고 빠르게 할 수 있습니다. 이번 포스팅에서는 Lynis 설치와 사용법에 대해 알아보겠습니다.
Lynis 설치
▷ Lynis는 epel 레포지토리를 이용하여 아래와 같이 쉽게 설치가 가능합니다.
# epel 레포지토리 설치
[root@localhost ~]# dnf -y install epel-release
# lynis 설치
[root@localhost ~]# dnf --enablerepo=epel -y install lynis
▷ Lynis 사용법은 아래와 같습니다.
# lynis 사용법
[root@localhost ~]# lynis
[ Lynis 3.0.1 ]
################################################################################
Lynis comes with ABSOLUTELY NO WARRANTY. This is free software, and you are
welcome to redistribute it under the terms of the GNU General Public License.
See the LICENSE file for details about using this software.
2007-2020, CISOfy - https://cisofy.com/lynis/
Enterprise support available (compliance, plugins, interface and tools)
################################################################################
[+] Initializing program
------------------------------------
Usage: lynis command [options]
Command:
audit
audit system : Perform local security scan
audit system remote : Remote security scan
audit dockerfile : Analyze Dockerfile
show
show : Show all commands
show version : Show Lynis version
show help : Show help
update
update info : Show update details
Options:
Alternative system audit modes
--forensics : Perform forensics on a running or mounted system
--pentest : Non-privileged, show points of interest for pentesting
Layout options
--no-colors : Don't use colors in output
--quiet (-q) : No output
--reverse-colors : Optimize color display for light backgrounds
--reverse-colours : Optimize colour display for light backgrounds
Misc options
--debug : Debug logging to screen
--no-log : Don't create a log file
--profile : Scan the system with the given profile file
--view-manpage (--man) : View man page
--verbose : Show more details on screen
--version (-V) : Display version number and quit
--wait : Wait between a set of tests
--slow-warning : Threshold for slow test warning in seconds (default 10)
Enterprise options
--plugindir : Define path of available plugins
--upload : Upload data to central node
More options available. Run '/usr/bin/lynis show options', or use the man page.
No command provided. Exiting..
Lynis를 이용한 시스템 점검
▷ Lynis를 이용한 시스템 점검은 아래와 같이 진행 합니다.
# lynis를 이용한 시스템 점검
[root@localhost ~]# lynis audit system
[ Lynis 3.0.1 ]
################################################################################
Lynis comes with ABSOLUTELY NO WARRANTY. This is free software, and you are
welcome to redistribute it under the terms of the GNU General Public License.
See the LICENSE file for details about using this software.
2007-2020, CISOfy - https://cisofy.com/lynis/
Enterprise support available (compliance, plugins, interface and tools)
################################################################################
[+] Initializing program
------------------------------------
- Detecting OS... [ DONE ]
- Checking profiles... [ DONE ]
.
.
.
================================================================================
Notice: Lynis update available
Current version : 301 Latest version : 303
================================================================================
Lynis 3.0.1
Auditing, system hardening, and compliance for UNIX-based systems
(Linux, macOS, BSD, and others)
2007-2020, CISOfy - https://cisofy.com/lynis/
Enterprise support available (compliance, plugins, interface and tools)
================================================================================
# lynis 시스템 점검 결과 중 warning(경고), suggestion(조치 제안) 로그 보기
[root@localhost ~]# grep -E "^warning|^suggestion" /var/log/lynis-report.dat
suggestion[]=LYNIS|Version of Lynis outdated, consider upgrading to the latest version|-|-|
suggestion[]=KRNL-5820|If not required, consider explicit disabling of core dump in /etc/security/limits.conf file|-|-|
suggestion[]=AUTH-9229|Check PAM configuration, add rounds if applicable and expire passwords to encrypt with new values|-|-|
suggestion[]=AUTH-9230|Configure minimum encryption algorithm rounds in /etc/login.defs|-|-|
suggestion[]=AUTH-9230|Configure maximum encryption algorithm rounds in /etc/login.defs|-|-|
suggestion[]=AUTH-9282|When possible set expire dates for all password protected accounts|-|-|
suggestion[]=AUTH-9286|Configure minimum password age in /etc/login.defs|-|-|
suggestion[]=AUTH-9286|Configure maximum password age in /etc/login.defs|-|-|
suggestion[]=AUTH-9328|Default umask in /etc/profile or /etc/profile.d/custom.sh could be more strict (e.g. 027)|-|-|
suggestion[]=FILE-6310|To decrease the impact of a full /home file system, place /home on a separate partition|-|-|
suggestion[]=FILE-6310|To decrease the impact of a full /tmp file system, place /tmp on a separate partition|-|-|
suggestion[]=FILE-6310|To decrease the impact of a full /var file system, place /var on a separate partition|-|-|
Lynis를 이용한 보안 취약점 점검
▷ Lynis를 이용한 보안 취약점 점검은 아래와 같이 진행 합니다.
# lynis를 이용한 취약점 진단
[root@localhost ~]# lynis audit system --pentest
# 취약점 진단 로그 보기
[root@localhost ~]# vi /var/log/lynis.log
2021-01-29 08:31:04 Starting Lynis 3.0.1 with PID 1986, build date 2020-10-05
2021-01-29 08:31:04 ====
2021-01-29 08:31:04 ### 2007-2020, CISOfy - https://cisofy.com/lynis/ ###
2021-01-29 08:31:04 Checking permissions of /usr/share/lynis/include/profiles
2021-01-29 08:31:04 File permissions are OK
2021-01-29 08:31:04 Reading profile/configuration /etc/lynis/default.prf
2021-01-29 08:31:04 Action: created temporary file /tmp/lynis.8GdlhYXtAr
...
2021-01-29 08:31:38 ================================================================================
2021-01-29 08:31:38 Tests performed: 251
2021-01-29 08:31:38 Total tests: 432
2021-01-29 08:31:38 Active plugins: 0
2021-01-29 08:31:38 Total plugins: 0
2021-01-29 08:31:38 ================================================================================
2021-01-29 08:31:38 Lynis 3.0.1
2021-01-29 08:31:38 2007-2020, CISOfy - https://cisofy.com/lynis/
2021-01-29 08:31:38 Enterprise support available (compliance, plugins, interface and tools)
2021-01-29 08:31:38 Program ended successfully
2021-01-29 08:31:38 ================================================================================
2021-01-29 08:31:38 PID file removed (/var/run/lynis.pid)
2021-01-29 08:31:38 Temporary files: /tmp/lynis.8GdlhYXtAr /tmp/lynis.yLYwsTkJw1 /tmp/lynis.vBs8auavai /tmp/lynis.c0fKpAT5Ck
2021-01-29 08:31:38 Action: removing temporary file /tmp/lynis.8GdlhYXtAr
2021-01-29 08:31:38 Info: temporary file /tmp/lynis.yLYwsTkJw1 was already removed
2021-01-29 08:31:38 Info: temporary file /tmp/lynis.vBs8auavai was already removed
2021-01-29 08:31:38 Action: removing temporary file /tmp/lynis.c0fKpAT5Ck
2021-01-29 08:31:38 Lynis ended successfully.
▷ 점검 결과 화면에서 "Warnings"와 "Suggestions" 내용 중 각각의 URL에서 조치방법을 제공하고 있어, 해당 내용을 참고하여 조치를 하면 됩니다.
▽ 같이 보면 더 좋은 블로그 글 ▽
[CentOS 8] rkhunter 설치와 사용법
루트킷(rootkit)은 악의적인 목적을 가진 공격자가 시스템에 침투하여 사용권한을 얻어낸 후 백도어 프로세스나 파일 등을 심어놓고 시스템 상에서 정상적인 관리자가 흔적을 볼 수 없도록 하는
mpjamong.tistory.com
[CentOS 8] ClamAV 설치와 사용법
ClamAV는 시스코 시스템즈에서 지원하는 오픈소스 소프트웨어 기반 바이러스 검사 소프트웨어로 무료로 사용이 가능합니다. 크로스 플랫폼(AIX, BSD, HP-UX, 리눅스, OS X, 오픈VMS, OSF, 솔라리스, Windows)
mpjamong.tistory.com
'Linux' 카테고리의 다른 글
| [CentOS 8] Snoopy Logger를 이용한 명령어 히스토리 로깅하는 방법 (2) | 2021.02.02 |
|---|---|
| [CentOS 8] 명령어 히스토리(history) 관리하는 방법 (1) | 2021.02.01 |
| [CentOS 8] psacct 로 사용자 활동 모니터링하는 방법 (2) | 2021.01.28 |
| [CentOS 8] rkhunter 설치와 사용법 (0) | 2021.01.26 |
| [CentOS 8] 파이썬3 설치하는 방법 (4) | 2021.01.25 |
댓글 영역