Linux is a very secure operating system, but it can be insecure when it is not configured correctly. It’s up to you to strengthen your Linux computers (boxes) to thwart remote attacks. No one can guarantee an operating system to be 100% secured, but when a computer user does everything in his or her power (knowledge) to strengthen a computer’s security, it’s sure to be one tough nut to crack.
I’ve found a new tool that can help strengthen a Linux computer’s security known as Lynis. Lynis creates by the same creator of Rootkit Hunter (also known as Rkhunter). Lynis does not needed to be installed, and Lynis isn’t offering any function to secure a Linux box. So why it’s useful? Lynis is a tool that you unzip it into a directory such as /tmp, and run it so you’ll know what parts of your Linux computer needs to be secured. It’s an auditing tool!
Some people may not know how to use Lynis at all even though they know how to unzip it into a directory, and run it. Why? Lynis only points out what need to be fix so a Linux computer can be secured, but it does not show you step by step in configuring your Linux computer. This is why you need to know how to use Linux commands, and you need to have a general knowledge about Linux. For an example, my Linux computer had a global umask 022 that resided in /etc/profile, Lynis suggested me to change umask of 022 to 027 which is a stricter permission setting for all files and directories.
Following Lynis’s suggestions to the letter is not a good thing, because some settings that Lynis suggests for you to configure may hamper the usability of your Linux computer. This is why you need to know when to go all out in configuring a setting, and when not to so your computer is not too secured to a point that it won’t be easy to use and convenient. So why not give Lynis a try!
Download Lynis at here. The download file will be in .tar.gz extension. To extract the download, you have to do [tar xzvf your-download-file] in a directory that you won’t forget and so you can revisit Lynis whenever you need it. To use Lynis, just [cd lynis-1.2.9] (your version may be newer), and as root do [sh lynis -c]. The last command is to tell Lynis to run a check on your Linux computer, and at the intervals, it will tell you to hit enter to continue on different checks, and at the end of all checks you have to read its suggestions to see what need to be configured so your Linux computer can be more secured. If you do [sh lynis] without any parameter, it will tell you that you enter the wrong command and it will list a bunch of commands that you can use with Lynis.
Storing Lynis on a flash drive is great, because you can carry your flash drive from one computer to another to run a security check on each computer. Nonetheless, flash drive itself can pose a security threat, because an infected flash drive can spread a computer virus. It’s certainly true for Windows system, but it’s less so for Linux! A better way is to burn Lynis onto a blank CD, and pop the CD into each computer to run Lynis that way. CD is a read only medium, and so virus cannot infect a CD.
Although Lynis is a great tool in helping you figuring out the Linux computer’s weak points, it’s not the end in securing a Linux computer. Lynis may point out some weak points of your Linux computer, and may miss entirely on something else. This is why it’s important for you to utilize all known security tools and knowledge to secure your Linux computer. I say Lynis is only one tool, and it won’t do everything! For an example, if your computer is already infected with rootkit, it’s best to use another tool to figure if that is certainly true! Such tools are Rkhunter (Rootkit Hunter) and Chkrootkit and so on. So on…
Vinh Nguyen
Comments
The download file will be in .tar.gz extension.