Lynis security controls



Controls

ControlCategoryDescription
HRDN-7220HardeningLimit access to compilers

Compilers are usually not needed on production systems, unless the upgrade mechanism of the particular system uses the source code of a package and compiles it into an executable form. Leaving compilers accessible to all users increases the risk of abuse or give attackers additional leverage when finding other flaws. One example is privilege escalation, by compiling and execution a discovered weakness in an existing system component.

HRDN-7222HardeningPermissions on installed compilers

Compilers turn source code into binary executable code. For a production system a compiler is usually not needed, unless package upgrades are performed by means of their source code. If a compiler is found, execution should be limited to authorized users only (e.g. root user).

INSE-8006HardeningInetd configuration

When inetd is not used in production, remove it all together, or make sure no entries can be started by accident.