Lynis security controls



Controls

ControlCategoryDescription
KRNL-5677KernelPAE kernel test

Kernels with PAE support have additional security controls like No eXecute. When possible, it is advised to use such kernel. For other systems where it is not possible to run such kernel, this control might be hidden/ignored.

KRNL-5788KernelLinux kernel update available

This control is for systems based on Debian/Ubuntu and tests the availability of a new Linux kernel. When an update is available, it's usually a security related update or an update to fix serious flaws.

KRNL-5830KernelRequired system reboot

If this test shows up, a reboot of the system is required. Schedule down time for a reboot.

KRNL-6000KernelKernel sysctl values

By means of sysctl values we can adjust kernel related parameters. Many of them are related to hardening of the network stack, how the kernel deals with processes or files. This control is a generic test with several sysctl variables (configured by the scan profile).