Lynis security controls
Controls
| Control | Category | Description |
|---|---|---|
| ACCT-2754 | Accounting | FreeBSD process accounting Process accounting is a method to track system resources. It includes a way to monitor system resources and how these resources are used for the users on the system. On FreeBSD accounting can be enabled to track these resources. |
| ACCT-9622 | Accounting | Linux process accounting Process accounting is a method to track system resources. It includes a way to monitor system resources and how these resources are used for the users on the system. On Linux systems, process accounting can be enabled to track these resources. |
| ACCT-9626 | Accounting | Sysstat accounting data Sysstat collects system information |
| ACCT-9628 | Accounting | Audit daemon status For Linux systems the Linux audit daemon can audit files and processes. This control checks for the status of the audit daemon. Suspicious changes or activities will trigger an event to be logged by the audit daemon. |
| ACCT-9630 | Accounting | Empty Linux audit daemon ruleset This control checks for an empty ruleset of the Linux audit daemon. |
| ACCT-9632 | Accounting | Auditd configuration file location The Linux audit framework consists of an audit daemon (auditd), utilities, audit rules and a configuration file for the daemon. This file (auditd.conf) is generally located in the /etc/audit directory or similar. Lynis tries to determine where this file is located. If this control shows up, the location could not be discovered. This is unusual, as the binaries of the framework are present and the audit daemon is running. |
| ACCT-9636 | Accounting | Linux audit trail (Snoopy) This control checks if the Snoopy library can be found, which is a wrapper around execve() and logger. By implementing Snoopy an audit trail can be created by logging all executed commands. |