Lynis security controls



Controls

ControlCategoryDescription
ACCT-2754AccountingFreeBSD process accounting

Process accounting is a method to track system resources. It includes a way to monitor system resources and how these resources are used for the users on the system. On FreeBSD accounting can be enabled to track these resources.

ACCT-9622AccountingLinux process accounting

Process accounting is a method to track system resources. It includes a way to monitor system resources and how these resources are used for the users on the system. On Linux systems, process accounting can be enabled to track these resources.

ACCT-9626AccountingSysstat accounting data

Sysstat collects system information

ACCT-9628AccountingAudit daemon status

For Linux systems the Linux audit daemon can audit files and processes. This control checks for the status of the audit daemon. Suspicious changes or activities will trigger an event to be logged by the audit daemon.

ACCT-9630AccountingEmpty Linux audit daemon ruleset

This control checks for an empty ruleset of the Linux audit daemon.

ACCT-9632AccountingAuditd configuration file location

The Linux audit framework consists of an audit daemon (auditd), utilities, audit rules and a configuration file for the daemon. This file (auditd.conf) is generally located in the /etc/audit directory or similar. Lynis tries to determine where this file is located. If this control shows up, the location could not be discovered. This is unusual, as the binaries of the framework are present and the audit daemon is running.

ACCT-9636AccountingLinux audit trail (Snoopy)

This control checks if the Snoopy library can be found, which is a wrapper around execve() and logger. By implementing Snoopy an audit trail can be created by logging all executed commands.