Lynis security controls

Some partitions like /tmp and /home can be easily filled by users of a system. When not being separated from the root file system, this might increase the risk of filling up this file system and cause malfunctioning to other system components.

This control checks if there is a swap partition configured in /etc/fstab. Usually it should be there, depending on how the system has been configured.

The /etc/fstab file determines the available mount points for your system. This particular test looks for a swap partition and determines if there is any unexpected mount parameter used for these kind of partitions.

Lynis tests for the presence of old files in /tmp, as these files might be filling up space without any reason. Secondly to prevent file systems running out of space, or be used as permanent storage. Also malware is commonly found in /tmp, as a temporary staging place.

When locate has been found, Lynis checks for the related database.

This control describes the expected file permissions as configured in the profile. Depending on the tested files and related result, determine why a different permission set is being used, or correct it where appropriate.

AIDE configuration errors were found

To monitor for unauthorized changes, a file integrity tool can help with the detection of such event. Each time the contents or the properties of a file change, it will have a different checksum. With regular checks of the related integrity database, discovering changes becomes easy.Install a tool like AIDE, Samhain or Tripwire to monitor important system and data files. Additionally configure the tool to alert system or security personnel on events.

This check found that SHA256 or SHA512 were not used to create hashes of files.