linux security scanning with lynis

Linux Security ScanningLearn your weaknesses with Lynis

Nijmegen, 2016-05-10Meetup: Linux Usergroup Nijmegen

Michael Boelenmichael.boelen@cisofy.com

Goals

1. Perform a security audit2. Learn what to protect3. Determine why

2

Agenda

Today1. System Hardening2. Security Auditing3. Lynis

3

Michael Boelen

● Open Source Security○ rkhunter (malware scan)

○ Lynis (security audit)

● 170+ blog posts at Linux-Audit.com

● Founder of CISOfy

4

System Hardening

6

8

9

10

Hardening Basics

Hardening 101

● New defenses

● Existing defenses

● Reduce weaknesses(= attack surface)

12

Photo Credits: http://commons.wikimedia.org/wiki/User:Wilson44691

Hardening 101

● Security is an ongoing process

● It is never finished

● New attacks = more hardening○ POODLE

○ Hearthbleed

13

Hardening 101

Operating System

● Packages

● Processes

● Configuration

14

Linux Security

15

Areas Core Resources Services Environment

System Hardening Boot ProcessContainersFrameworksKernelService ManagerVirtualization

AccountingAuthenticationCgroupsCryptographyLoggingNamespacesNetworkSoftwareStorageTime

DatabaseMailMiddlewareMonitoringPrintingShellWeb

ForensicsIncident ResponseMalwareRisksSecurity MonitoringSystem Integrity

Security Auditing

Compliance

Technical Auditing

Auditing

Why audit?

● Checking defenses

● Assurance

● Quality Control

17

Auditing

Who?

● Auditors● Security Professionals● System Engineers

18

Auditing

How?1. Focus2. Audit3. Focus4. Harden5. Repeat!

19

Resources

Guides

● Center for Internet Security (CIS)● NIST / NSA● OWASP● Vendors

20

Guides

ProsFree to useDetailedYou are in control

21

ConsTime intensiveUsually no toolingLimited distributionsDelayed releasesNo follow-up

Audit Tool: Lynis

Lynis

23

Lynis

2007

24

Lynis

GPL v3

25

Lynis

Shell script

26

Lynis

Goal 1In-depth security scan

27

Lynis

Goal 2Quick and easy to use

28

Lynis

Goal 3Define the next (hardening) step

29

Differences with other tools

Lynis

Simple● No installation needed● Run with simple commands● No configuration needed

31

Lynis

Flexibility● No dependencies*● Can be easily extended● Custom tests

* Besides common tools like awk, grep, ps

32

Lynis

Portability● Run on all UNIX platforms● Detect and use “on the go”● Usable after OS version upgrade

33

Running Lynis

How it works

● Initialise → OS detection → Read profiles→ Detect binaries

● Run helpers / plugins / tests● Show audit results

35

Running Lynis

1. lynis

2. lynis audit system

3. lynis audit system --quick

4. lynis audit system --quick --quiet

36

Lynis Profiles

Optional configuration● Default profile (default.prf)● Custom profile (custom.prf)● Other profiles with --profile

37

Lynis Profiles

Example: developer

38

Plugins

An extension to LynisPlugins are mostly for gathering facts

Customization: include/tests_custom or custom plugin39

Demo?

Lessons Learned

Lessons Learned

Simplicity

● Keep it simple● First impression● Next step

42

Lessons Learned

Less is better

● Dependencies● Program arguments● Screen output

43

Lessons Learned

Documentation

● Understand its power● Focus on new users● Separate properly

44

Lessons Learned

GitHub

Stats: issues / pulls / stars / watchers

45

Lessons Learned

Open Source = Business

It needs PR, blog posts, attention(like a business)

46

Future

Future

● Packages● More tests● Quality control● Linting● Unit tests● Software Development Kit

48

Future

Want to help?● Submit patches● Provide feedback● Deploy Lynis

49

You finished this presentation

Success!

Learn more?

Follow● Blog Linux Audit (linux-audit.com)● Twitter @mboelen

This presentation can be found on michaelboelen.com

51