Lynix helps by not only telling you what's wrong, but how it found out what's wrong. For instance:
Warning: pwck found one or more errors/warnings in the password file [test:AUTH-9228] [impact:M]
My early background is Data General Unix, not Linux, and even though I've been running Linux for a decade I learn new tricks every day. I never knew the pwck command existed. Handy little thing:
[root@roosevelt master]# pwck
user adm: directory /var/adm does not exist
user news: directory /etc/news does not exist
user uucp: directory /var/spool/uucp does not exist
user gopher: directory /var/gopher does not exist
uucp?? gopher?? Yeesh, this must have been something left over from the mid-90s. Let's userdel those right away.
Suggestion: Audit daemon is enabled with an empty ruleset. Disable the daemon or define rules [test:ACCT-9630]
Yeah, it is kinda stupid to have the audit daemon running, with nothing to audit. Time to read up on my audit.rules syntax.
Suggestion: Check file permissions of /etc/squid/squid.conf to limit access [test:SQD-3613]
Whoops, world writable - wonder how that happened? Easy fix.
Suggestion: Add legal banner to /etc/motd, to warn unauthorized users [test:BANN-7122]
Nah. I've always thought that the legal notice thing was stupid. It's not a binding contract - does anyone think that putting 'Anyone sending me unsolicited email owes me $10,000!' at the bottom of your web page will actually allow you to collect anything? It's a waste of electrons. But it's easy to fix - just add it to the Lynis default.prf file, like so:
config:test_skip_always:BANN-7122:
Anyway, you get the idea. It's easy to configure, easy to run once a week or so, and catches the things that falls through the cracks. Nice tool to have. Thanks, Michael!
Posts
No comments:
Post a Comment