Lynis security controls
|KRNL-5677||Kernel||PAE kernel test|
Kernels with PAE support have additional security controls like No eXecute. When possible, it is advised to use such kernel. For other systems where it is not possible to run such kernel, this control might be hidden/ignored.
|KRNL-5788||Kernel||Linux kernel update available|
This control is for systems based on Debian/Ubuntu and tests the availability of a new Linux kernel. When an update is available, it's usually a security related update or an update to fix serious flaws.
|KRNL-5820||Kernel||Usage of core dumps|
Lynis tests if core dumps are enabled on the system.
|KRNL-5830||Kernel||Required system reboot|
If this test shows up, a reboot of the system is required. Schedule down time for a reboot.
|KRNL-6000||Kernel||Kernel sysctl values|
By means of sysctl values we can adjust kernel related parameters. Many of them are related to hardening of the network stack, how the kernel deals with processes or files. This control is a generic test with several sysctl variables (configured by the scan profile).