Lynis security controls



Controls

ControlCategoryDescription
FILE-6310File IntegritySeparation of partitions

Some partitions like /tmp and /home can be easily filled by users of a system. When not being separated from the root file system, this might increase the risk of filling up this file system and cause malfunctioning to other system components.

FILE-6332File IntegritySwap in /etc/fstab

This control checks if there is a swap partition configured in /etc/fstab. Usually it should be there, depending on how the system has been configured.

FILE-6336File IntegritySwap partition options

The /etc/fstab file determines the available mount points for your system. This particular test looks for a swap partition and determines if there is any unexpected mount parameter used for these kind of partitions.

FILE-6354File IntegrityOld files in /tmp

Lynis tests for the presence of old files in /tmp, as these files might be filling up space without any reason. Secondly to prevent file systems running out of space, or be used as permanent storage. Also malware is commonly found in /tmp, as a temporary staging place.

FILE-6410File IntegrityLocate database

When locate has been found, Lynis checks for the related database.

FILE-7524File IntegrityFile permissions

This control describes the expected file permissions as configured in the profile. Depending on the tested files and related result, determine why a different permission set is being used, or correct it where appropriate.

FINT-4315File IntegrityAIDE configuration check

AIDE configuration errors were found

FINT-4350File IntegrityInstall a file integrity tool

To monitor for unauthorized changes, a file integrity tool can help with the detection of such event. Each time the contents or the properties of a file change, it will have a different checksum. With regular checks of the related integrity database, discovering changes becomes easy.Install a tool like AIDE, Samhain or Tripwire to monitor important system and data files. Additionally configure the tool to alert system or security personnel on events.

FINT-4402File IntegrityUsage of SHA256/SHA512 in AIDE configuration

This check found that SHA256 or SHA512 were not used to create hashes of files.