Lynis Enterprise - CISOfy · Non-privileged /tmp Privileged (root) /var/log Commands lynis show...
Transcript of Lynis Enterprise - CISOfy · Non-privileged /tmp Privileged (root) /var/log Commands lynis show...
![Page 1: Lynis Enterprise - CISOfy · Non-privileged /tmp Privileged (root) /var/log Commands lynis show logfile lynis show report 27. Report Scan results Compare Store Upload 28. Report ...](https://reader036.fdocuments.in/reader036/viewer/2022071008/5fc6818818a7484f536b892c/html5/thumbnails/1.jpg)
Lynis EnterpriseTechnical Training: Product and Deployment
2017 edition (V001) - Sponsored by CISOfy
Trainer:
Michael Boelen
Classification: public
![Page 2: Lynis Enterprise - CISOfy · Non-privileged /tmp Privileged (root) /var/log Commands lynis show logfile lynis show report 27. Report Scan results Compare Store Upload 28. Report ...](https://reader036.fdocuments.in/reader036/viewer/2022071008/5fc6818818a7484f536b892c/html5/thumbnails/2.jpg)
Training
Topics● Lynis● Lynis Enterprise● Additional resources
2
![Page 3: Lynis Enterprise - CISOfy · Non-privileged /tmp Privileged (root) /var/log Commands lynis show logfile lynis show report 27. Report Scan results Compare Store Upload 28. Report ...](https://reader036.fdocuments.in/reader036/viewer/2022071008/5fc6818818a7484f536b892c/html5/thumbnails/3.jpg)
LynisLynis (client)● Installation● Usage● Advanced● Deployment
3
![Page 4: Lynis Enterprise - CISOfy · Non-privileged /tmp Privileged (root) /var/log Commands lynis show logfile lynis show report 27. Report Scan results Compare Store Upload 28. Report ...](https://reader036.fdocuments.in/reader036/viewer/2022071008/5fc6818818a7484f536b892c/html5/thumbnails/4.jpg)
Installation
Options● Tarball● GitHub● Package
○ RPM○ DPKG○ Brew
4
![Page 5: Lynis Enterprise - CISOfy · Non-privileged /tmp Privileged (root) /var/log Commands lynis show logfile lynis show report 27. Report Scan results Compare Store Upload 28. Report ...](https://reader036.fdocuments.in/reader036/viewer/2022071008/5fc6818818a7484f536b892c/html5/thumbnails/5.jpg)
InstallationPackageDistributions may have an old version
CISOfy repository https://packages.cisofy.com
5
![Page 6: Lynis Enterprise - CISOfy · Non-privileged /tmp Privileged (root) /var/log Commands lynis show logfile lynis show report 27. Report Scan results Compare Store Upload 28. Report ...](https://reader036.fdocuments.in/reader036/viewer/2022071008/5fc6818818a7484f536b892c/html5/thumbnails/6.jpg)
Structure
lynisinclude
helperstests
pluginsplugin
6
![Page 7: Lynis Enterprise - CISOfy · Non-privileged /tmp Privileged (root) /var/log Commands lynis show logfile lynis show report 27. Report Scan results Compare Store Upload 28. Report ...](https://reader036.fdocuments.in/reader036/viewer/2022071008/5fc6818818a7484f536b892c/html5/thumbnails/7.jpg)
Structurelynis
dbextras
includeplugins
default.prfcustom.prf
Main programDatabase filesSupporting filesScripts, helpers, testsAny available pluginsDefault configurationYour customizations
7
![Page 8: Lynis Enterprise - CISOfy · Non-privileged /tmp Privileged (root) /var/log Commands lynis show logfile lynis show report 27. Report Scan results Compare Store Upload 28. Report ...](https://reader036.fdocuments.in/reader036/viewer/2022071008/5fc6818818a7484f536b892c/html5/thumbnails/8.jpg)
Running Lynis
![Page 9: Lynis Enterprise - CISOfy · Non-privileged /tmp Privileged (root) /var/log Commands lynis show logfile lynis show report 27. Report Scan results Compare Store Upload 28. Report ...](https://reader036.fdocuments.in/reader036/viewer/2022071008/5fc6818818a7484f536b892c/html5/thumbnails/9.jpg)
Commands
Run Lynis to see most common commands
All options: man page or use ‘lynis show commands’
9
![Page 10: Lynis Enterprise - CISOfy · Non-privileged /tmp Privileged (root) /var/log Commands lynis show logfile lynis show report 27. Report Scan results Compare Store Upload 28. Report ...](https://reader036.fdocuments.in/reader036/viewer/2022071008/5fc6818818a7484f536b892c/html5/thumbnails/10.jpg)
Command: Auditlynis audit systemPerforms an in-depth security scan
Test data● On screen● Log file● Report
10
![Page 11: Lynis Enterprise - CISOfy · Non-privileged /tmp Privileged (root) /var/log Commands lynis show logfile lynis show report 27. Report Scan results Compare Store Upload 28. Report ...](https://reader036.fdocuments.in/reader036/viewer/2022071008/5fc6818818a7484f536b892c/html5/thumbnails/11.jpg)
Command: Audit SystemWhat is it?The command ‘audit system’ runs many small tests created in shell script language.
Why use it?The tests form the basis of a security audit to detect room for improvement, like possible weaknesses in the configuration of the system.
Background
TipLearn how tests work by looking at include/functions and the tests_* files.
11
![Page 12: Lynis Enterprise - CISOfy · Non-privileged /tmp Privileged (root) /var/log Commands lynis show logfile lynis show report 27. Report Scan results Compare Store Upload 28. Report ...](https://reader036.fdocuments.in/reader036/viewer/2022071008/5fc6818818a7484f536b892c/html5/thumbnails/12.jpg)
Command: Show
lynis show
12
![Page 13: Lynis Enterprise - CISOfy · Non-privileged /tmp Privileged (root) /var/log Commands lynis show logfile lynis show report 27. Report Scan results Compare Store Upload 28. Report ...](https://reader036.fdocuments.in/reader036/viewer/2022071008/5fc6818818a7484f536b892c/html5/thumbnails/13.jpg)
Options
Many options™
lynis show options
13
![Page 14: Lynis Enterprise - CISOfy · Non-privileged /tmp Privileged (root) /var/log Commands lynis show logfile lynis show report 27. Report Scan results Compare Store Upload 28. Report ...](https://reader036.fdocuments.in/reader036/viewer/2022071008/5fc6818818a7484f536b892c/html5/thumbnails/14.jpg)
OptionsWhat is it?Options are flags that can be specified while running Lynis and start with two minus signs (--).
Why use it?By providing additional options you can alter the behavior of the scan.
Background
TipTry all options to see how it influences the output of a scan.
Commandslynis show options
14
![Page 15: Lynis Enterprise - CISOfy · Non-privileged /tmp Privileged (root) /var/log Commands lynis show logfile lynis show report 27. Report Scan results Compare Store Upload 28. Report ...](https://reader036.fdocuments.in/reader036/viewer/2022071008/5fc6818818a7484f536b892c/html5/thumbnails/15.jpg)
Lynis Controls
![Page 16: Lynis Enterprise - CISOfy · Non-privileged /tmp Privileged (root) /var/log Commands lynis show logfile lynis show report 27. Report Scan results Compare Store Upload 28. Report ...](https://reader036.fdocuments.in/reader036/viewer/2022071008/5fc6818818a7484f536b892c/html5/thumbnails/16.jpg)
Controls
Lynis Control = testGrouped by ‘group’
16
![Page 17: Lynis Enterprise - CISOfy · Non-privileged /tmp Privileged (root) /var/log Commands lynis show logfile lynis show report 27. Report Scan results Compare Store Upload 28. Report ...](https://reader036.fdocuments.in/reader036/viewer/2022071008/5fc6818818a7484f536b892c/html5/thumbnails/17.jpg)
Custom tests
include/tests_custom
Tests can be written in shell script or use data from other tools and scripts (e.g. output of Python script)
17
![Page 18: Lynis Enterprise - CISOfy · Non-privileged /tmp Privileged (root) /var/log Commands lynis show logfile lynis show report 27. Report Scan results Compare Store Upload 28. Report ...](https://reader036.fdocuments.in/reader036/viewer/2022071008/5fc6818818a7484f536b892c/html5/thumbnails/18.jpg)
ControlsWhat is it?Controls are individual tests within Lynis.
Why use it?Each test has an unique identifier and is referenced on screen, in the log file, report, and at the website. It allows the tool to provide a next step to take.
BackgroundTest identifiers start with 3 or 4 characters, followed by a dash and four numbers (e.g. TEST-1234).
Commandslynis show details KRNL-6000
Custom tests should go into include/tests_custom. ID should be CUST-xxxx (xxxx = number)
18
![Page 19: Lynis Enterprise - CISOfy · Non-privileged /tmp Privileged (root) /var/log Commands lynis show logfile lynis show report 27. Report Scan results Compare Store Upload 28. Report ...](https://reader036.fdocuments.in/reader036/viewer/2022071008/5fc6818818a7484f536b892c/html5/thumbnails/19.jpg)
Controls
Tests flags include:● ID● Operating system● Description● Category
19
![Page 20: Lynis Enterprise - CISOfy · Non-privileged /tmp Privileged (root) /var/log Commands lynis show logfile lynis show report 27. Report Scan results Compare Store Upload 28. Report ...](https://reader036.fdocuments.in/reader036/viewer/2022071008/5fc6818818a7484f536b892c/html5/thumbnails/20.jpg)
Operating System
include/osdetection
20
![Page 21: Lynis Enterprise - CISOfy · Non-privileged /tmp Privileged (root) /var/log Commands lynis show logfile lynis show report 27. Report Scan results Compare Store Upload 28. Report ...](https://reader036.fdocuments.in/reader036/viewer/2022071008/5fc6818818a7484f536b892c/html5/thumbnails/21.jpg)
Functions
include/functions
21
![Page 22: Lynis Enterprise - CISOfy · Non-privileged /tmp Privileged (root) /var/log Commands lynis show logfile lynis show report 27. Report Scan results Compare Store Upload 28. Report ...](https://reader036.fdocuments.in/reader036/viewer/2022071008/5fc6818818a7484f536b892c/html5/thumbnails/22.jpg)
Functions
Register--test-no--preqs-met--category
22
![Page 23: Lynis Enterprise - CISOfy · Non-privileged /tmp Privileged (root) /var/log Commands lynis show logfile lynis show report 27. Report Scan results Compare Store Upload 28. Report ...](https://reader036.fdocuments.in/reader036/viewer/2022071008/5fc6818818a7484f536b892c/html5/thumbnails/23.jpg)
Screen, Logging, Report
![Page 24: Lynis Enterprise - CISOfy · Non-privileged /tmp Privileged (root) /var/log Commands lynis show logfile lynis show report 27. Report Scan results Compare Store Upload 28. Report ...](https://reader036.fdocuments.in/reader036/viewer/2022071008/5fc6818818a7484f536b892c/html5/thumbnails/24.jpg)
Screen output
Results● Warnings● Suggestions
24
![Page 25: Lynis Enterprise - CISOfy · Non-privileged /tmp Privileged (root) /var/log Commands lynis show logfile lynis show report 27. Report Scan results Compare Store Upload 28. Report ...](https://reader036.fdocuments.in/reader036/viewer/2022071008/5fc6818818a7484f536b892c/html5/thumbnails/25.jpg)
Screen outputWhat is it?Screen output is the outcome of an audit and displays the related details.
Why use it?The screen output is useful for interactive scans when scanning a system for the first time. It can help with testing and confirming the effectiveness of implemented security measures.
Background
Options--debug--verbose
25
![Page 26: Lynis Enterprise - CISOfy · Non-privileged /tmp Privileged (root) /var/log Commands lynis show logfile lynis show report 27. Report Scan results Compare Store Upload 28. Report ...](https://reader036.fdocuments.in/reader036/viewer/2022071008/5fc6818818a7484f536b892c/html5/thumbnails/26.jpg)
Logging
Log file
26
![Page 27: Lynis Enterprise - CISOfy · Non-privileged /tmp Privileged (root) /var/log Commands lynis show logfile lynis show report 27. Report Scan results Compare Store Upload 28. Report ...](https://reader036.fdocuments.in/reader036/viewer/2022071008/5fc6818818a7484f536b892c/html5/thumbnails/27.jpg)
LoggingWhat is it?Logging is detailed information about the scan.
Why use it?Technical users of Lynis can quickly determine what a test did and what it found. It is also a great source for troubleshooting.
BackgroundLocationsNon-privileged /tmpPrivileged (root) /var/log
Commandslynis show logfilelynis show report
27
![Page 28: Lynis Enterprise - CISOfy · Non-privileged /tmp Privileged (root) /var/log Commands lynis show logfile lynis show report 27. Report Scan results Compare Store Upload 28. Report ...](https://reader036.fdocuments.in/reader036/viewer/2022071008/5fc6818818a7484f536b892c/html5/thumbnails/28.jpg)
Report
Scan results● Compare● Store● Upload
28
![Page 29: Lynis Enterprise - CISOfy · Non-privileged /tmp Privileged (root) /var/log Commands lynis show logfile lynis show report 27. Report Scan results Compare Store Upload 28. Report ...](https://reader036.fdocuments.in/reader036/viewer/2022071008/5fc6818818a7484f536b892c/html5/thumbnails/29.jpg)
ReportWhat is it?A file containing all scan results.
Why use it?Use the report file to compare with previous scans, or share the data with a central management interface like Lynis Enterprise. It can also be used together with a Security Incident and Event Management system (SIEM).
BackgroundKey and value are separated with the is (=) sign
LocationsNon-privileged /tmpPrivileged (root) /var/log
Commandslynis show report
29
![Page 30: Lynis Enterprise - CISOfy · Non-privileged /tmp Privileged (root) /var/log Commands lynis show logfile lynis show report 27. Report Scan results Compare Store Upload 28. Report ...](https://reader036.fdocuments.in/reader036/viewer/2022071008/5fc6818818a7484f536b892c/html5/thumbnails/30.jpg)
Hardening Index
Measure security
30
![Page 31: Lynis Enterprise - CISOfy · Non-privileged /tmp Privileged (root) /var/log Commands lynis show logfile lynis show report 27. Report Scan results Compare Store Upload 28. Report ...](https://reader036.fdocuments.in/reader036/viewer/2022071008/5fc6818818a7484f536b892c/html5/thumbnails/31.jpg)
Hardening IndexWhat is it?Number displayed on screen near the bottom of the output.
Why use it?The index value provides a calculated number to quickly get an idea on the hardening level of the system. Good for comparing systems, or striving to increase the defense level.
BackgroundThe hardening index is calculated based on the performed tests. Each test has a specific number of points to achieve.
The value is between 1 and a maximum of 100. It is also stored in the log and report files.
31
![Page 32: Lynis Enterprise - CISOfy · Non-privileged /tmp Privileged (root) /var/log Commands lynis show logfile lynis show report 27. Report Scan results Compare Store Upload 28. Report ...](https://reader036.fdocuments.in/reader036/viewer/2022071008/5fc6818818a7484f536b892c/html5/thumbnails/32.jpg)
Configuration
![Page 33: Lynis Enterprise - CISOfy · Non-privileged /tmp Privileged (root) /var/log Commands lynis show logfile lynis show report 27. Report Scan results Compare Store Upload 28. Report ...](https://reader036.fdocuments.in/reader036/viewer/2022071008/5fc6818818a7484f536b892c/html5/thumbnails/33.jpg)
Configuration
Profiles● default.prf● custom.prf● [your-profile.prf]
Custom settings overrule default settings
33
![Page 34: Lynis Enterprise - CISOfy · Non-privileged /tmp Privileged (root) /var/log Commands lynis show logfile lynis show report 27. Report Scan results Compare Store Upload 28. Report ...](https://reader036.fdocuments.in/reader036/viewer/2022071008/5fc6818818a7484f536b892c/html5/thumbnails/34.jpg)
ProfilesWhat is it?A configuration file for Lynis
Why use it?Tune how Lynis runs and the actions it should take, or skip. The default profile will always be used. The custom profile will overrule default. A temporary profile can be also specified to overrule the previous two.
BackgroundFilesdefault.prf, [custom.prf], [xxxxxx.prf]
Options--profile <profile-name.prf>
Commandslynis configure settingslynis show profiles
34
![Page 35: Lynis Enterprise - CISOfy · Non-privileged /tmp Privileged (root) /var/log Commands lynis show logfile lynis show report 27. Report Scan results Compare Store Upload 28. Report ...](https://reader036.fdocuments.in/reader036/viewer/2022071008/5fc6818818a7484f536b892c/html5/thumbnails/35.jpg)
Basics: Plugins
Primary goal Collecting data
Two phases1. “Pre”2. “Post”
35
![Page 36: Lynis Enterprise - CISOfy · Non-privileged /tmp Privileged (root) /var/log Commands lynis show logfile lynis show report 27. Report Scan results Compare Store Upload 28. Report ...](https://reader036.fdocuments.in/reader036/viewer/2022071008/5fc6818818a7484f536b892c/html5/thumbnails/36.jpg)
PluginsWhat is it?Plugins are little extensions to Lynis.
Why use it?Plugins help collecting more data than with the plain version of Lynis.
BackgroundTipsEach dot represents a test. This provides a visual queue when a test takes a while to execute.
36
![Page 37: Lynis Enterprise - CISOfy · Non-privileged /tmp Privileged (root) /var/log Commands lynis show logfile lynis show report 27. Report Scan results Compare Store Upload 28. Report ...](https://reader036.fdocuments.in/reader036/viewer/2022071008/5fc6818818a7484f536b892c/html5/thumbnails/37.jpg)
System Upload
--upload Configure● License code● Server
37
![Page 38: Lynis Enterprise - CISOfy · Non-privileged /tmp Privileged (root) /var/log Commands lynis show logfile lynis show report 27. Report Scan results Compare Store Upload 28. Report ...](https://reader036.fdocuments.in/reader036/viewer/2022071008/5fc6818818a7484f536b892c/html5/thumbnails/38.jpg)
System UploadOption: --upload
HTTPS protocolUsing self-signed certificates?upload-options=--insecure
38
![Page 39: Lynis Enterprise - CISOfy · Non-privileged /tmp Privileged (root) /var/log Commands lynis show logfile lynis show report 27. Report Scan results Compare Store Upload 28. Report ...](https://reader036.fdocuments.in/reader036/viewer/2022071008/5fc6818818a7484f536b892c/html5/thumbnails/39.jpg)
System UploadWhat is it?The option to upload data with --upload
Why use it?By using --upload the data will be uploaded to the data collection server. This is useful for storing the data on a central system where the data is processed.
Background
TipsUse lynis upload-only to perform just the upload of data
39
![Page 40: Lynis Enterprise - CISOfy · Non-privileged /tmp Privileged (root) /var/log Commands lynis show logfile lynis show report 27. Report Scan results Compare Store Upload 28. Report ...](https://reader036.fdocuments.in/reader036/viewer/2022071008/5fc6818818a7484f536b892c/html5/thumbnails/40.jpg)
● Lynis Collector● Installation● Configuration● Data uploads● Modules
Lynis Enterprise
40
![Page 41: Lynis Enterprise - CISOfy · Non-privileged /tmp Privileged (root) /var/log Commands lynis show logfile lynis show report 27. Report Scan results Compare Store Upload 28. Report ...](https://reader036.fdocuments.in/reader036/viewer/2022071008/5fc6818818a7484f536b892c/html5/thumbnails/41.jpg)
Lynis Collector
![Page 42: Lynis Enterprise - CISOfy · Non-privileged /tmp Privileged (root) /var/log Commands lynis show logfile lynis show report 27. Report Scan results Compare Store Upload 28. Report ...](https://reader036.fdocuments.in/reader036/viewer/2022071008/5fc6818818a7484f536b892c/html5/thumbnails/42.jpg)
Lynis Collector
Upload in batches● Offline deployments● Networked
environments
42
![Page 43: Lynis Enterprise - CISOfy · Non-privileged /tmp Privileged (root) /var/log Commands lynis show logfile lynis show report 27. Report Scan results Compare Store Upload 28. Report ...](https://reader036.fdocuments.in/reader036/viewer/2022071008/5fc6818818a7484f536b892c/html5/thumbnails/43.jpg)
Lynis CollectorWhat is it?Utility to upload data reports
Why use it?Lynis Collector overcomes any barrier with segmented networks. It also helps when you only have the reports, but no access to the systems (e.g. security assessments).
Background
TipsUse this utility when systems can not directly reach the central system.
43
![Page 44: Lynis Enterprise - CISOfy · Non-privileged /tmp Privileged (root) /var/log Commands lynis show logfile lynis show report 27. Report Scan results Compare Store Upload 28. Report ...](https://reader036.fdocuments.in/reader036/viewer/2022071008/5fc6818818a7484f536b892c/html5/thumbnails/44.jpg)
Lynis Enterprise: Framework
Open Source● Django● Nginx● PostgreSQL
44
Requirements
Operating SystemCentOS, Debian, OEL, openSUSE, RHEL, Ubuntu
Memory1 GB or more
See https://cisofy.com/support/ for the self-hosted guide
![Page 45: Lynis Enterprise - CISOfy · Non-privileged /tmp Privileged (root) /var/log Commands lynis show logfile lynis show report 27. Report Scan results Compare Store Upload 28. Report ...](https://reader036.fdocuments.in/reader036/viewer/2022071008/5fc6818818a7484f536b892c/html5/thumbnails/45.jpg)
Lynis Enterprise: Framework
Django● Security● Quick iterations● Many modules
45
![Page 46: Lynis Enterprise - CISOfy · Non-privileged /tmp Privileged (root) /var/log Commands lynis show logfile lynis show report 27. Report Scan results Compare Store Upload 28. Report ...](https://reader036.fdocuments.in/reader036/viewer/2022071008/5fc6818818a7484f536b892c/html5/thumbnails/46.jpg)
Lynis Enterprise: Installation
Lynis Updater● Installation● Packages● Database migrations● Configuration● Monitoring
Note: this applies only to self-hosted installations
46
![Page 47: Lynis Enterprise - CISOfy · Non-privileged /tmp Privileged (root) /var/log Commands lynis show logfile lynis show report 27. Report Scan results Compare Store Upload 28. Report ...](https://reader036.fdocuments.in/reader036/viewer/2022071008/5fc6818818a7484f536b892c/html5/thumbnails/47.jpg)
Lynis UpdaterWhat is it?Installation and update utility for self-hosted Lynis Enterprise installations.
Why use it?Run the utility regularly to keep your Enterprise installation up-to-date.
Background
Commandslynis-updater checklynis-updater statuslynis-updater updatelynis-updater upgrade
47
![Page 48: Lynis Enterprise - CISOfy · Non-privileged /tmp Privileged (root) /var/log Commands lynis show logfile lynis show report 27. Report Scan results Compare Store Upload 28. Report ...](https://reader036.fdocuments.in/reader036/viewer/2022071008/5fc6818818a7484f536b892c/html5/thumbnails/48.jpg)
Lynis Enterprise: Configuration
Multi-tenancy CompaniesLicensesAccounts
48
![Page 49: Lynis Enterprise - CISOfy · Non-privileged /tmp Privileged (root) /var/log Commands lynis show logfile lynis show report 27. Report Scan results Compare Store Upload 28. Report ...](https://reader036.fdocuments.in/reader036/viewer/2022071008/5fc6818818a7484f536b892c/html5/thumbnails/49.jpg)
Admin PanelReportingAdditional reports
InternalsDatabase synchronization
StatusSystem monitoring
Note: these options are only visible when running a self-hosted installation.
49
![Page 50: Lynis Enterprise - CISOfy · Non-privileged /tmp Privileged (root) /var/log Commands lynis show logfile lynis show report 27. Report Scan results Compare Store Upload 28. Report ...](https://reader036.fdocuments.in/reader036/viewer/2022071008/5fc6818818a7484f536b892c/html5/thumbnails/50.jpg)
Uploads
50
![Page 51: Lynis Enterprise - CISOfy · Non-privileged /tmp Privileged (root) /var/log Commands lynis show logfile lynis show report 27. Report Scan results Compare Store Upload 28. Report ...](https://reader036.fdocuments.in/reader036/viewer/2022071008/5fc6818818a7484f536b892c/html5/thumbnails/51.jpg)
Data UploadClient
Run Lynislynis audit system --upload
Repeat uploadComplete uploads can be uploaded again with lynis upload-only.Otherwise you will see an error:
51
Server
Phase 1 - Collect:● Retrieve data uploads
Phase 2 - Import data:● Host IDs● Ownership● License check● Previous scans● Compliance
![Page 52: Lynis Enterprise - CISOfy · Non-privileged /tmp Privileged (root) /var/log Commands lynis show logfile lynis show report 27. Report Scan results Compare Store Upload 28. Report ...](https://reader036.fdocuments.in/reader036/viewer/2022071008/5fc6818818a7484f536b892c/html5/thumbnails/52.jpg)
Host IDs
Identifier
Allow multiple uploads● MAC address● SSH public key
52
![Page 53: Lynis Enterprise - CISOfy · Non-privileged /tmp Privileged (root) /var/log Commands lynis show logfile lynis show report 27. Report Scan results Compare Store Upload 28. Report ...](https://reader036.fdocuments.in/reader036/viewer/2022071008/5fc6818818a7484f536b892c/html5/thumbnails/53.jpg)
Host IDSWhat is it?Identification strings that Lynis generate for a system.
Why use it?To allow repeated uploads, each system needs to be unique. The identifiers automatically created.
Background
Commandslynis show hostids
53
![Page 54: Lynis Enterprise - CISOfy · Non-privileged /tmp Privileged (root) /var/log Commands lynis show logfile lynis show report 27. Report Scan results Compare Store Upload 28. Report ...](https://reader036.fdocuments.in/reader036/viewer/2022071008/5fc6818818a7484f536b892c/html5/thumbnails/54.jpg)
Ownership
License keyExisting owner
Background
When a system is uploaded, a check will be performed to see if the system is already know. If the owner of the license does not match the system owner, the data upload will be cancelled.
54
![Page 55: Lynis Enterprise - CISOfy · Non-privileged /tmp Privileged (root) /var/log Commands lynis show logfile lynis show report 27. Report Scan results Compare Store Upload 28. Report ...](https://reader036.fdocuments.in/reader036/viewer/2022071008/5fc6818818a7484f536b892c/html5/thumbnails/55.jpg)
License KeyWhat is it?Unique identifier for a company.
Why use it?Typically the license key is used when uploading a system.
BackgroundMaster license keyUsed for setting up Lynis Enterprise as a self-hosted installation and retrieve updates.
Sub license keyKey linked to a company in Lynis Enterprise, to proof ownership of a system. Also used on software repository.
55
![Page 56: Lynis Enterprise - CISOfy · Non-privileged /tmp Privileged (root) /var/log Commands lynis show logfile lynis show report 27. Report Scan results Compare Store Upload 28. Report ...](https://reader036.fdocuments.in/reader036/viewer/2022071008/5fc6818818a7484f536b892c/html5/thumbnails/56.jpg)
Modules
56
![Page 57: Lynis Enterprise - CISOfy · Non-privileged /tmp Privileged (root) /var/log Commands lynis show logfile lynis show report 27. Report Scan results Compare Store Upload 28. Report ...](https://reader036.fdocuments.in/reader036/viewer/2022071008/5fc6818818a7484f536b892c/html5/thumbnails/57.jpg)
Lynis Enterprise
57
![Page 58: Lynis Enterprise - CISOfy · Non-privileged /tmp Privileged (root) /var/log Commands lynis show logfile lynis show report 27. Report Scan results Compare Store Upload 28. Report ...](https://reader036.fdocuments.in/reader036/viewer/2022071008/5fc6818818a7484f536b892c/html5/thumbnails/58.jpg)
System Details
58
![Page 59: Lynis Enterprise - CISOfy · Non-privileged /tmp Privileged (root) /var/log Commands lynis show logfile lynis show report 27. Report Scan results Compare Store Upload 28. Report ...](https://reader036.fdocuments.in/reader036/viewer/2022071008/5fc6818818a7484f536b892c/html5/thumbnails/59.jpg)
System Overview
Available systems● Hostname● Version● Compliance● Warnings / Suggestions● Updated● Client version
59
![Page 60: Lynis Enterprise - CISOfy · Non-privileged /tmp Privileged (root) /var/log Commands lynis show logfile lynis show report 27. Report Scan results Compare Store Upload 28. Report ...](https://reader036.fdocuments.in/reader036/viewer/2022071008/5fc6818818a7484f536b892c/html5/thumbnails/60.jpg)
System Details
60
![Page 61: Lynis Enterprise - CISOfy · Non-privileged /tmp Privileged (root) /var/log Commands lynis show logfile lynis show report 27. Report Scan results Compare Store Upload 28. Report ...](https://reader036.fdocuments.in/reader036/viewer/2022071008/5fc6818818a7484f536b892c/html5/thumbnails/61.jpg)
Tags
Quickly find systems with tag (or without)
61
![Page 62: Lynis Enterprise - CISOfy · Non-privileged /tmp Privileged (root) /var/log Commands lynis show logfile lynis show report 27. Report Scan results Compare Store Upload 28. Report ...](https://reader036.fdocuments.in/reader036/viewer/2022071008/5fc6818818a7484f536b892c/html5/thumbnails/62.jpg)
Compliance
62
![Page 63: Lynis Enterprise - CISOfy · Non-privileged /tmp Privileged (root) /var/log Commands lynis show logfile lynis show report 27. Report Scan results Compare Store Upload 28. Report ...](https://reader036.fdocuments.in/reader036/viewer/2022071008/5fc6818818a7484f536b892c/html5/thumbnails/63.jpg)
Compliance● PCI DSS● HIPAA● Sarbanes-Oxley Act (SOx)● General Data Protection Regulation (GDPR)● CIS benchmarks● Your policies?
63
![Page 64: Lynis Enterprise - CISOfy · Non-privileged /tmp Privileged (root) /var/log Commands lynis show logfile lynis show report 27. Report Scan results Compare Store Upload 28. Report ...](https://reader036.fdocuments.in/reader036/viewer/2022071008/5fc6818818a7484f536b892c/html5/thumbnails/64.jpg)
Compliance: Policies
Policy Policy PolicyRule set
RuleRule
Rule setRule
64
![Page 65: Lynis Enterprise - CISOfy · Non-privileged /tmp Privileged (root) /var/log Commands lynis show logfile lynis show report 27. Report Scan results Compare Store Upload 28. Report ...](https://reader036.fdocuments.in/reader036/viewer/2022071008/5fc6818818a7484f536b892c/html5/thumbnails/65.jpg)
Compliance: Policies
Policy Policy PolicyRule set
RuleRule
Rule setRule
65
![Page 66: Lynis Enterprise - CISOfy · Non-privileged /tmp Privileged (root) /var/log Commands lynis show logfile lynis show report 27. Report Scan results Compare Store Upload 28. Report ...](https://reader036.fdocuments.in/reader036/viewer/2022071008/5fc6818818a7484f536b892c/html5/thumbnails/66.jpg)
Compliance: Policies
RulesetsOne or more rules
66
![Page 67: Lynis Enterprise - CISOfy · Non-privileged /tmp Privileged (root) /var/log Commands lynis show logfile lynis show report 27. Report Scan results Compare Store Upload 28. Report ...](https://reader036.fdocuments.in/reader036/viewer/2022071008/5fc6818818a7484f536b892c/html5/thumbnails/67.jpg)
Compliance
67
![Page 68: Lynis Enterprise - CISOfy · Non-privileged /tmp Privileged (root) /var/log Commands lynis show logfile lynis show report 27. Report Scan results Compare Store Upload 28. Report ...](https://reader036.fdocuments.in/reader036/viewer/2022071008/5fc6818818a7484f536b892c/html5/thumbnails/68.jpg)
Compliance
68
![Page 69: Lynis Enterprise - CISOfy · Non-privileged /tmp Privileged (root) /var/log Commands lynis show logfile lynis show report 27. Report Scan results Compare Store Upload 28. Report ...](https://reader036.fdocuments.in/reader036/viewer/2022071008/5fc6818818a7484f536b892c/html5/thumbnails/69.jpg)
Compliance: ExplainWhat is it?The ‘explain’ utility shows the details of rule sets.
Why use it?Use ‘explain’ to see what Lynis Enterprise does in the background. It provides the steps, data from the database, and guidance.
69
BackgroundCreate custom policy rules with your own Lynis tests. Example: if some event is true, use Report function.
Report “has_my_event=1”
![Page 70: Lynis Enterprise - CISOfy · Non-privileged /tmp Privileged (root) /var/log Commands lynis show logfile lynis show report 27. Report Scan results Compare Store Upload 28. Report ...](https://reader036.fdocuments.in/reader036/viewer/2022071008/5fc6818818a7484f536b892c/html5/thumbnails/70.jpg)
Compliance
Policies
70
Customization:Policy Editor
![Page 71: Lynis Enterprise - CISOfy · Non-privileged /tmp Privileged (root) /var/log Commands lynis show logfile lynis show report 27. Report Scan results Compare Store Upload 28. Report ...](https://reader036.fdocuments.in/reader036/viewer/2022071008/5fc6818818a7484f536b892c/html5/thumbnails/71.jpg)
Compliance: Policy EditorWhat is it?The policy editor imports rule sets from other policies.
Why use it?Quickly create custom policies by using rule sets from other security policies and standards.
BackgroundTipsStart out with the available policies before creating your own.
First test a policy against a few systems, to see what kind of issues show up. Otherwise you will end up with all systems being non-compliant.
71
![Page 72: Lynis Enterprise - CISOfy · Non-privileged /tmp Privileged (root) /var/log Commands lynis show logfile lynis show report 27. Report Scan results Compare Store Upload 28. Report ...](https://reader036.fdocuments.in/reader036/viewer/2022071008/5fc6818818a7484f536b892c/html5/thumbnails/72.jpg)
Solve findings: Snippets
72
![Page 73: Lynis Enterprise - CISOfy · Non-privileged /tmp Privileged (root) /var/log Commands lynis show logfile lynis show report 27. Report Scan results Compare Store Upload 28. Report ...](https://reader036.fdocuments.in/reader036/viewer/2022071008/5fc6818818a7484f536b892c/html5/thumbnails/73.jpg)
Hardening Snippets
73
![Page 74: Lynis Enterprise - CISOfy · Non-privileged /tmp Privileged (root) /var/log Commands lynis show logfile lynis show report 27. Report Scan results Compare Store Upload 28. Report ...](https://reader036.fdocuments.in/reader036/viewer/2022071008/5fc6818818a7484f536b892c/html5/thumbnails/74.jpg)
Hardening SnippetsWhat is it?Small scripts to solve findings.
Why use it?Use the snippets to implement system hardening measures, or disable/enable components. Combine these snippets with a configuration management solution
74
BackgroundSnippets for configuration managements: Ansible, Cfengine, Chef, or Puppet.
Usually there is also a generic shell script available.
![Page 75: Lynis Enterprise - CISOfy · Non-privileged /tmp Privileged (root) /var/log Commands lynis show logfile lynis show report 27. Report Scan results Compare Store Upload 28. Report ...](https://reader036.fdocuments.in/reader036/viewer/2022071008/5fc6818818a7484f536b892c/html5/thumbnails/75.jpg)
Improvement Plan
75
![Page 76: Lynis Enterprise - CISOfy · Non-privileged /tmp Privileged (root) /var/log Commands lynis show logfile lynis show report 27. Report Scan results Compare Store Upload 28. Report ...](https://reader036.fdocuments.in/reader036/viewer/2022071008/5fc6818818a7484f536b892c/html5/thumbnails/76.jpg)
Improvement Plan
Prioritize your work● Quick wins● Impact● Control count● System risk
76
![Page 77: Lynis Enterprise - CISOfy · Non-privileged /tmp Privileged (root) /var/log Commands lynis show logfile lynis show report 27. Report Scan results Compare Store Upload 28. Report ...](https://reader036.fdocuments.in/reader036/viewer/2022071008/5fc6818818a7484f536b892c/html5/thumbnails/77.jpg)
Improvement PlanWhat is it?The improvement plan shows a small list of controls or systems, sorted by count or priority.
Why use it?It may be hard to start with system hardening as there is so much to do. Get started by solving some quick wins, or items that affect many systems.
77
BackgroundThe improvement plan is an ideal step to use the very first few times when using Lynis Enterprise.
Have junior system administrators pick easier tasks from the quick wins category.
Select controls that may show up in multiple categories (quick wins, count).
![Page 78: Lynis Enterprise - CISOfy · Non-privileged /tmp Privileged (root) /var/log Commands lynis show logfile lynis show report 27. Report Scan results Compare Store Upload 28. Report ...](https://reader036.fdocuments.in/reader036/viewer/2022071008/5fc6818818a7484f536b892c/html5/thumbnails/78.jpg)
Reporting and API
78
![Page 79: Lynis Enterprise - CISOfy · Non-privileged /tmp Privileged (root) /var/log Commands lynis show logfile lynis show report 27. Report Scan results Compare Store Upload 28. Report ...](https://reader036.fdocuments.in/reader036/viewer/2022071008/5fc6818818a7484f536b892c/html5/thumbnails/79.jpg)
Reporting
Formats● CSV● PDF● JSON
79
![Page 80: Lynis Enterprise - CISOfy · Non-privileged /tmp Privileged (root) /var/log Commands lynis show logfile lynis show report 27. Report Scan results Compare Store Upload 28. Report ...](https://reader036.fdocuments.in/reader036/viewer/2022071008/5fc6818818a7484f536b892c/html5/thumbnails/80.jpg)
Reporting
Grouping dataUse available fields
Security tipQuickly detect vulnerable systems
80
![Page 81: Lynis Enterprise - CISOfy · Non-privileged /tmp Privileged (root) /var/log Commands lynis show logfile lynis show report 27. Report Scan results Compare Store Upload 28. Report ...](https://reader036.fdocuments.in/reader036/viewer/2022071008/5fc6818818a7484f536b892c/html5/thumbnails/81.jpg)
API
Connect your data● CMDB● Monitoring system● Reporting● SIEM
https://hostname/api/
81
![Page 82: Lynis Enterprise - CISOfy · Non-privileged /tmp Privileged (root) /var/log Commands lynis show logfile lynis show report 27. Report Scan results Compare Store Upload 28. Report ...](https://reader036.fdocuments.in/reader036/viewer/2022071008/5fc6818818a7484f536b892c/html5/thumbnails/82.jpg)
Resources
82
![Page 83: Lynis Enterprise - CISOfy · Non-privileged /tmp Privileged (root) /var/log Commands lynis show logfile lynis show report 27. Report Scan results Compare Store Upload 28. Report ...](https://reader036.fdocuments.in/reader036/viewer/2022071008/5fc6818818a7484f536b892c/html5/thumbnails/83.jpg)
Support
Documentation● Installation● Plugins● Controls
URL: https://cisofy.com/support/
83
![Page 84: Lynis Enterprise - CISOfy · Non-privileged /tmp Privileged (root) /var/log Commands lynis show logfile lynis show report 27. Report Scan results Compare Store Upload 28. Report ...](https://reader036.fdocuments.in/reader036/viewer/2022071008/5fc6818818a7484f536b892c/html5/thumbnails/84.jpg)
Configuration
Deployment tip
Use lynis configure settingsShip custom.prf with Ansible, Puppet,etc
84
![Page 85: Lynis Enterprise - CISOfy · Non-privileged /tmp Privileged (root) /var/log Commands lynis show logfile lynis show report 27. Report Scan results Compare Store Upload 28. Report ...](https://reader036.fdocuments.in/reader036/viewer/2022071008/5fc6818818a7484f536b892c/html5/thumbnails/85.jpg)
Deployment
85
![Page 86: Lynis Enterprise - CISOfy · Non-privileged /tmp Privileged (root) /var/log Commands lynis show logfile lynis show report 27. Report Scan results Compare Store Upload 28. Report ...](https://reader036.fdocuments.in/reader036/viewer/2022071008/5fc6818818a7484f536b892c/html5/thumbnails/86.jpg)
TasksClient
● Install Lynis● Configure● Upload data
86
Interface● See system details● Define policy● Test compliance
Server● Run lynis-updater
![Page 87: Lynis Enterprise - CISOfy · Non-privileged /tmp Privileged (root) /var/log Commands lynis show logfile lynis show report 27. Report Scan results Compare Store Upload 28. Report ...](https://reader036.fdocuments.in/reader036/viewer/2022071008/5fc6818818a7484f536b892c/html5/thumbnails/87.jpg)
87