I’d like to write short articles about cool hardening/sec tools , this is one i found the other day:

There’s a bunch of security tools around to do hardening , but one i liked very much recently is: Lynis.

Lynis is a collection of scripts in bash (?) that parse/run different things and give you a score, for example

(running ./lynis — profile default.prf ,

(default.prf is obvious your default profile where you can disable/enable things etc)

image

The output is much more extensive than that , but you get the idea.

One of the things is pretty cool is how easy is to add plugins , you just need to drop a file inside plugins/ called plugin_myplugin_phase1 and that’s it , you will still need to define some checks and add score.

For example you could do something like:

Demo Plugin.

You get the idea , inside the inside includes/ there’s a function file with a bunch of bash functions like “Display” for example and some others that you should take a look , that produces an output similar to:

image

Lynis comes pre-loaded with a ton of plugins that check from ssh config files to selinux policies.

The function AddHP X Y , adds X points of the total Y , those points will be added to the overall score.

Obviously these are all relative scores but it is much better to have an idea of common pitfalls when making images before hitting live.

Github

Give it a go!