Lynis security controls
|FILE-6310||File Integrity||Separation of partitions|
Some partitions like /tmp and /home can be easily filled by users of a system. When not being separated from the root file system, this might increase the risk of filling up this file system and cause malfunctioning to other system components.
|FILE-6332||File Integrity||Swap in /etc/fstab|
This control checks if there is a swap partition configured in /etc/fstab. Usually it should be there, depending on how the system has been configured.
|FILE-6336||File Integrity||Swap partition options|
The /etc/fstab file determines the available mount points for your system. This particular test looks for a swap partition and determines if there is any unexpected mount parameter used for these kind of partitions.
|FILE-6354||File Integrity||Old files in /tmp|
Lynis tests for the presence of old files in /tmp, as these files might be filling up space without any reason. Secondly to prevent file systems running out of space, or be used as permanent storage. Also malware is commonly found in /tmp, as a temporary staging place.
|FILE-6410||File Integrity||Locate database|
When locate has been found, Lynis checks for the related database.
|FILE-7524||File Integrity||File permissions|
This control describes the expected file permissions as configured in the profile. Depending on the tested files and related result, determine why a different permission set is being used, or correct it where appropriate.
|FINT-4315||File Integrity||AIDE configuration check|
AIDE configuration errors were found
|FINT-4350||File Integrity||Install a file integrity tool|
To monitor for unauthorized changes, a file integrity tool can help with the detection of such event. Each time the contents or the properties of a file change, it will have a different checksum. With regular checks of the related integrity database, discovering changes becomes easy.Install a tool like AIDE, Samhain or Tripwire to monitor important system and data files. Additionally configure the tool to alert system or security personnel on events.
|FINT-4402||File Integrity||Usage of SHA256/SHA512 in AIDE configuration|
This check found that SHA256 or SHA512 were not used to create hashes of files.