lynis簡介
Lynis是一款Unix系統的安全審計以及加固工具,能夠進行深層次的安全掃描,其目的是檢測潛在的時間並對未來的系統加固提供建議。這款軟件會掃描一般系統信息,脆弱軟件包以及潛在的錯誤配置。掃描完成後,Lynis還會爲我們生成一份包含所有掃描結果的安全報告。
Get Started with Lynis - Installation Guide - CISOfy
https://cisofy.com/documentation/lynis/get-started/#first-run
Lynis受衆與用例
1) Lynis的典型用例包括:
- 安全審覈
- 一致性測試(例如,PCI,HIPAA,SOx)
- 滲透測試
- 漏洞檢測
- 系統強化
2) 受衆和用例
- 開發人員:測試該Docker映像,或改善已部署Web應用程序的強化。
- 系統管理員:運行日常運行狀況掃描,以發現新的漏洞。
- IT審覈員:向同事或客戶展示可以採取哪些措施來提高安全性。
- 滲透測試人員:發現客戶端系統上的安全漏洞,最終可能導致系統受損。
- 支持的操作系統
支持的系統
Lynis幾乎可以在所有基於UNIX的系統和版本上運行,包括:
1) AIX
2) FreeBSD
3) HP-UX
4) Linux
5) macOS
6) NetBSD
7) NixOS
8) OpenBSD
9) Solaris
10) and others
同樣也可以在Raspberry Pi,IoT設備和QNAP存儲設備等系統上運行。
Audit步驟
使用Lynis進行的典型掃描過程:
1) 初始化
2) 執行基本檢查,例如文件所有權
3) 確定操作系統和工具
4) 搜索可用的軟件組件
5) 檢查最新的Lynis版本
6) 運行啓用的插件
7) 按類別運行安全測試
8) 執行您的自定義測試(可選)
9) 報告安全掃描狀態
除了屏幕上顯示的報告和信息外,有關掃描的所有技術細節都存儲在日誌文件(lynis.log)中。警告和建議之類的結果存儲在單獨的報告文件(lynis-report.dat)中。
Lynis執行數百項單獨的測試。大多數測試是用Shell腳本編寫的,並且具有唯一的標識符(例如KRNL-6000)。使用唯一標識符,可以調整安全掃描。
Lynis是模塊化的,可以運行您自己創建的測試。您甚至可以用其他腳本或編程語言創建它們。
Lynis插件
插件是Lynis的模塊化擴展。藉助插件,Lynis將執行附加測試並收集更多系統信息。
每個插件都有收集特定數據的目的。此數據存儲在Lynis報告文件(lynis-report.dat)中。根據您對Lynis的使用情況,收集的數據可能會提供系統之間或各個掃描之間的寶貴見解。爲了確保持續的開發,作者Michael Boelen創建了一個使用Lynis掃描輸出的基於Web的付費解決方案。此解決方案稱爲Lynis Enterprise,並同時利用Lynis和插件。
該插件在擁有10個以上系統的環境中提供最大的價值。下載部分提供了一些插件。
插件網址:
Lynis plugins - CISOfy
自定義插件
可以通過利用通用的shell腳本來創建自定義插件,運行自己創建的測試。
Lynis Plugins - Development Guide - CISOfy
Available plugins
| Plugin | Tests | Community | Customers |
|---|---|---|---|
| Accounting | 2 | No | Yes |
| Compliance | 2 | No | Yes |
| Configuration | 1 | No | Yes |
| Cryptography | 0 | No | Yes |
| Docker | 2 | No | Yes |
| File systems | 0 | No | Yes |
| Firewalls | 0 | No | Yes |
| Memory | 0 | No | Yes |
| PAM | 1 | Yes | Yes |
| Processes | 0 | No | Yes |
| Software | 8 | No | Yes |
| Software: systemd | 16 | Yes | Yes |
| System integrity | 8 | No | Yes |
| Total: | 40 |
1.5 支持的標準
- CIS benchmarks
- NIST
- NSA
- OpenSCAP data Vendor guides and
recommendations (e.g. Debian Gentoo, Red Hat)
2 Lynis審計模塊介紹
命令行輸入lynis show groups後可查看掃描類別.共有41個大類
審查示例
可以參考我這篇博客:
Centos7|Lynis安裝與使用_我是一塊小石頭-CSDN博客_centos下lynis安裝步驟
- 系統審查
lynis audit system
- 單獨模塊審查
lynis --tests-from-group "group name"
審查惡意軟件
lynis --tests-from-group “hardening malware”,需要安裝malware scanner才能完成這個功能
Lynis control HRDN-7230: Presence malware scanner - CISOfy
審計一致性
審計模塊明細表
輸入指令 lynis show tests,實際只有39個大類
Lynis security controls: Accounting - CISOfy
Test-ID 詳細
ACCT-2754 FreeBSD Check for available FreeBSD accounting information (security)
ACCT-2760 OpenBSD Check for available OpenBSD accounting information (security)
ACCT-9622 Linux Check for available Linux accounting information (security)
ACCT-9626 Linux Check for sysstat accounting data (security)
ACCT-9628 Linux Check for auditd (security)
ACCT-9630 Linux Check for auditd rules (security)
ACCT-9632 Linux Check for auditd configuration file (security)
ACCT-9634 Linux Check for auditd log file (security)
ACCT-9636 Linux Check for Snoopy wrapper and logger (security)
ACCT-9650 Solaris Check Solaris audit daemon (security)
ACCT-9652 Solaris Check auditd SMF status (security)
ACCT-9654 Solaris Check BSM auditing in /etc/system (security)
ACCT-9656 Solaris Check BSM auditing in module list (security)
ACCT-9660 Solaris Check location of audit events (security)
ACCT-9662 Solaris Check Solaris auditing stats (security)
AUTH-9204 Check users with an UID of zero (security)
AUTH-9208 Check non-unique accounts in passwd file (security)
AUTH-9212 Test group file (security)
AUTH-9216 Check group and shadow group files (security)
AUTH-9218 FreeBSD Check harmful login shells (security)
AUTH-9222 Check for non unique groups (security)
AUTH-9226 Check non unique group names (security)
AUTH-9228 Check password file consistency with pwck (security)
AUTH-9234 Query user accounts (security)
AUTH-9240 Query NIS+ authentication support (security)
AUTH-9242 Query NIS authentication support (security)
AUTH-9250 Checking sudoers file (security)
AUTH-9252 Check sudoers file (security)
AUTH-9254 Solaris Solaris passwordless accounts (security)
AUTH-9262 Checking presence password strength testing tools (PAM) (security)
AUTH-9264 Checking presence pam.conf (security)
AUTH-9266 Checking presence pam.d files (security)
AUTH-9268 Checking presence pam.d files (security)
AUTH-9278 Checking LDAP pam status (security)
AUTH-9282 Checking password protected account without expire date (security)
AUTH-9283 Checking accounts without password (security)
AUTH-9286 Checking user password aging (security)
AUTH-9288 Checking for expired passwords (security)
AUTH-9304 Solaris Check single user login configuration (security)
AUTH-9306 HP-UX Check single boot authentication (security)
AUTH-9308 Linux Check single user login configuration (security)
AUTH-9328 Default umask values (security)
AUTH-9340 Solaris Solaris account locking (security)
AUTH-9402 Query LDAP authentication support (security)
AUTH-9406 Query LDAP servers in client configuration (security)
AUTH-9408 Logging of failed login attempts via /etc/login.defs (security)
AUTH-9409 OpenBSD Check for doas file (security)
AUTH-9410 OpenBSD Check for doas file permissions (security)
AUTH-9489 DragonFly Check login shells for passwordless accounts (security)
BANN-7113 FreeBSD Check COPYRIGHT banner file (security)
BANN-7124 Check issue banner file (security)
BANN-7126 Check issue banner file contents (security)
BANN-7128 Check issue.net banner file (security)
BANN-7130 Check issue.net banner file contents (security)
BOOT-5102 AIX Check for AIX boot device (security)
BOOT-5104 Determine service manager (security)
BOOT-5106 MacOS Check EFI boot file on macOS (security)
BOOT-5108 Linux Test Syslinux boot loader (security)
BOOT-5116 Check if system is booted in UEFI mode (security)
BOOT-5117 Linux Check for systemd-boot boot loader (security)
BOOT-5121 Check for GRUB boot loader presence (security)
BOOT-5122 Check for GRUB boot password (security)
BOOT-5124 FreeBSD Check for FreeBSD boot loader presence (security)
BOOT-5126 NetBSD Check for NetBSD boot loader presence (security)
BOOT-5139 Check for LILO boot loader presence (security)
BOOT-5142 Check SPARC Improved boot loader (SILO) (security)
BOOT-5155 Check for YABOOT boot loader configuration file (security)
BOOT-5159 OpenBSD Check for OpenBSD boot loader presence (security)
BOOT-5165 FreeBSD Check for FreeBSD boot services (security)
BOOT-5177 Linux Check for Linux boot and running services (security)
BOOT-5180 Linux Check for Linux boot services (Debian style) (security)
BOOT-5184 Linux Check permissions for boot files/scripts (security)
BOOT-5202 Check uptime of system (security)
BOOT-5260 Check single user mode for systemd (security)
BOOT-5261 DragonFly Check for DragonFly boot loader presence (security)
BOOT-5262 OpenBSD Check for OpenBSD boot daemons (security)
BOOT-5263 OpenBSD Check permissions for boot files/scripts (security)
CONT-8004 Solaris Query running Solaris zones (security)
CONT-8102 Checking Docker status and information (security)
CONT-8104 Checking Docker info for any warnings (security)
CONT-8106 Gather basic stats from Docker (security)
CONT-8107 Check number of unused Docker containers (performance)
CONT-8108 Check file permissions for Docker files (security)
CORE-1000 Check all system binaries (performance)
CRYP-7902 Check expire date of SSL certificates (security)
DNS-1600 Validating that the DNSSEC signatures are checked (security)
DBS-1804 Checking active MySQL process (security)
DBS-1816 Checking MySQL root password (security)
DBS-1818 MongoDB status (security)
DBS-1820 Check MongoDB authentication (security)
DBS-1826 Checking active PostgreSQL processes (security)
DBS-1840 Checking active Oracle processes (security)
DBS-1860 Checking active DB2 instances (security)
DBS-1880 Checking active Redis processes (security)
DBS-1882 Redis configuration file (security)
DBS-1884 Redis configuration (requirepass) (security)
DBS-1886 Redis configuration (CONFIG command renamed) (security)
DBS-1888 Redis configuration (bind on localhost) (security)
FILE-6310 Checking /tmp, /home and /var directory (security)
FILE-6311 Checking LVM volume groups (security)
FILE-6312 Checking LVM volumes (security)
FILE-6323 Linux Checking EXT file systems (security)
FILE-6329 Checking FFS/UFS file systems (security)
FILE-6330 FreeBSD Checking ZFS file systems (security)
FILE-6332 Checking swap partitions (security)
FILE-6336 Checking swap mount options (security)
FILE-6344 Linux Checking proc mount options (security)
FILE-6354 Searching for old files in /tmp (security)
FILE-6362 Checking /tmp sticky bit (security)
FILE-6363 Checking /var/tmp sticky bit (security)
FILE-6368 Linux Checking ACL support on root file system (security)
FILE-6372 Linux Checking / mount options (security)
FILE-6374 Linux Checking /boot mount options (security)
FILE-6376 Linux Determine if /var/tmp is bound to /tmp (security)
FILE-6410 Checking Locate database (security)
FILE-6430 Disable mounting of some filesystems (security)
FILE-6439 DragonFly Checking HAMMER PFS mounts (security)
FILE-7524 Perform file permissions check (security)
FINT-4310 AFICK availability (security)
FINT-4314 AIDE availability (security)
FINT-4315 Check AIDE configuration file (security)
FINT-4318 Osiris availability (security)
FINT-4322 Samhain availability (security)
FINT-4326 Tripwire availability (security)
FINT-4328 OSSEC syscheck daemon running (security)
FINT-4330 mtree availability (security)
FINT-4334 Check lfd daemon status (security)
FINT-4336 Check lfd configuration status (security)
FINT-4338 osqueryd syscheck daemon running (security)
FINT-4350 File integrity software installed (security)
FINT-4402 Checksums (SHA256 or SHA512) (security)
FIRE-4502 Linux Check iptables kernel module (security)
FIRE-4508 Check used policies of iptables chains (security)
FIRE-4512 Check iptables for empty ruleset (security)
FIRE-4513 Check iptables for unused rules (security)
FIRE-4518 Check pf firewall components (security)
FIRE-4520 Check pf configuration consistency (security)
FIRE-4524 Check for CSF presence (security)
FIRE-4526 Solaris Check ipf status (security)
FIRE-4530 FreeBSD Check IPFW status (security)
FIRE-4532 MacOS Check macOS application firewall (security)
FIRE-4534 MacOS Check for outbound firewalls (security)
FIRE-4536 Linux Check nftables status (security)
FIRE-4538 Linux Check nftables basic configuration (security)
FIRE-4540 Linux Test for empty nftables configuration (security)
FIRE-4586 Check firewall logging (security)
FIRE-4590 Check firewall status (security)
FIRE-4594 Check for APF presence (security)
HOME-9302 Create list with home directories (security)
HOME-9310 Checking for suspicious shell history files (security)
HOME-9350 Collecting information from home directories (security)
HRDN-7220 Check if one or more compilers are installed (security)
HRDN-7222 Check compiler permissions (security)
HRDN-7230 Check for malware scanner (security)
HTTP-6622 Checking Apache presence (security)
HTTP-6624 Testing main Apache configuration file (security)
HTTP-6626 Testing other Apache configuration file (security)
HTTP-6632 Determining all available Apache modules (security)
HTTP-6640 Determining existence of specific Apache modules (security)
HTTP-6641 Determining existence of specific Apache modules (security)
HTTP-6643 Determining existence of specific Apache modules (security)
HTTP-6702 Check nginx process (security)
HTTP-6704 Check nginx configuration file (security)
HTTP-6706 Check for additional nginx configuration files (security)
HTTP-6708 Check discovered nginx configuration settings (security)
HTTP-6710 Check nginx SSL configuration settings (security)
HTTP-6712 Check nginx access logging (security)
HTTP-6714 Check for missing error logs in nginx (security)
HTTP-6716 Check for debug mode on error log in nginx (security)
HTTP-6720 Check Nginx log files (security)
INSE-8000 Installed inetd package (security)
INSE-8002 Status of inet daemon (security)
INSE-8004 Presence of inetd configuration file (security)
INSE-8006 Check configuration of inetd when it is disabled (security)
INSE-8016 Check for telnet via inetd (security)
INSE-8050 MacOS Check for insecure services on macOS systems (security)
INSE-8100 Installed xinetd package (security)
INSE-8116 Insecure services enabled via xinetd (security)
INSE-8200 Usage of TCP wrappers (security)
INSE-8300 Presence of rsh client (security)
INSE-8302 Presence of rsh server (security)
KRNL-5622 Linux Determine Linux default run level (security)
KRNL-5677 Linux Check CPU options and support (security)
KRNL-5695 Linux Determine Linux kernel version and release number (security)
KRNL-5723 Linux Determining if Linux kernel is monolithic (security)
KRNL-5726 Linux Checking Linux loaded kernel modules (security)
KRNL-5728 Linux Checking Linux kernel config (security)
KRNL-5730 Linux Checking disk I/O kernel scheduler (security)
KRNL-5745 FreeBSD Checking FreeBSD loaded kernel modules (security)
KRNL-5770 Solaris Checking active kernel modules (security)
KRNL-5788 Linux Checking availability new Linux kernel (security)
KRNL-5820 Linux Checking core dumps configuration (security)
KRNL-5830 Linux Checking if system is running on the latest installed kernel (security)
KRNL-5831 DragonFly Checking DragonFly loaded kernel modules (security)
KRNL-6000 Check sysctl key pairs in scan profile (security)
LDAP-2219 Check running OpenLDAP instance (security)
LDAP-2224 Check presence slapd.conf (security)
LOGG-2130 Check for running syslog daemon (security)
LOGG-2132 Check for running syslog-ng daemon (security)
LOGG-2134 Checking Syslog-NG configuration file consistency (security)
LOGG-2136 Check for running systemd journal daemon (security)
LOGG-2138 Linux Checking kernel logger daemon on Linux (security)
LOGG-2142 Linux Checking minilog daemon (security)
LOGG-2146 Checking logrotate.conf and logrotate.d (security)
LOGG-2148 Checking logrotated files (security)
LOGG-2150 Checking directories in logrotate configuration (security)
LOGG-2152 Checking loghost (security)
LOGG-2154 Checking syslog configuration file (security)
LOGG-2160 Checking /etc/newsyslog.conf (security)
LOGG-2162 Checking directories in /etc/newsyslog.conf (security)
LOGG-2164 Checking files specified /etc/newsyslog.conf (security)
LOGG-2170 Checking log paths (security)
LOGG-2180 Checking open log files (security)
LOGG-2190 Checking for deleted files in use (security)
LOGG-2192 Checking for opened log files that are empty (security)
LOGG-2210 Check for running metalog daemon (security)
LOGG-2230 Check for running RSyslog daemon (security)
LOGG-2240 Check for running RFC 3195 compliant daemon (security)
MACF-6204 Check AppArmor presence (security)
MACF-6208 Check if AppArmor is enabled (security)
MACF-6232 Check SELINUX presence (security)
MACF-6234 Check SELINUX status (security)
MACF-6240 Detection of TOMOYO binary (security)
MACF-6242 Status of TOMOYO MAC framework (security)
MACF-6290 Check for implemented MAC framework (security)
MAIL-8802 Check Exim status (security)
MAIL-8804 Exim configuration (security)
MAIL-8814 Check postfix process status (security)
MAIL-8816 Check Postfix configuration (security)
MAIL-8817 Check Postfix configuration errors (security)
MAIL-8818 Postfix banner (security)
MAIL-8820 Postfix configuration (security)
MAIL-8838 Check dovecot process (security)
MAIL-8860 Check Qmail status (security)
MAIL-8880 Check Sendmail status (security)
MAIL-8920 Check OpenSMTPD status (security)
MALW-3275 Check for chkrootkit (security)
MALW-3276 Check for Rootkit Hunter (security)
MALW-3278 Check for LMD (security)
MALW-3280 Check if anti-virus tool is installed (security)
MALW-3282 Check for clamscan (security)
MALW-3284 Check for clamd (security)
MALW-3286 Check for freshclam (security)
MALW-3288 Check for ClamXav (security)
NAME-4016 Check /etc/resolv.conf default domain (security)
NAME-4018 Check /etc/resolv.conf search domains (security)
NAME-4020 Check non default options (security)
NAME-4024 Solaris Solaris uname -n output (security)
NAME-4026 Solaris Check /etc/nodename (security)
NAME-4028 Check domain name (security)
NAME-4032 Check nscd status (security)
NAME-4034 Check Unbound status (security)
NAME-4036 Check Unbound configuration file (security)
NAME-4202 Check BIND status (security)
NAME-4204 Search BIND configuration file (security)
NAME-4206 Check BIND configuration consistency (security)
NAME-4210 Check DNS banner (security)
NAME-4230 Check PowerDNS status (security)
NAME-4232 Search PowerDNS configuration file (security)
NAME-4236 Check PowerDNS backends (security)
NAME-4238 Check PowerDNS authoritive status (security)
NAME-4304 Check NIS ypbind status (security)
NAME-4306 Check NIS domain (security)
NAME-4402 Check duplicate line in /etc/hosts (security)
NAME-4404 Check /etc/hosts contains an entry for this server name (security)
NAME-4406 Check server hostname mapping (security)
NAME-4408 Check localhost to IP mapping (security)
NETW-2600 Linux Checking IPv6 configuration (security)
NETW-2704 Basic nameserver configuration tests (security)
NETW-2705 Check availability two nameservers (security)
NETW-3001 Find default gateway (route) (security)
NETW-3004 Search available network interfaces (security)
NETW-3006 Get network MAC addresses (security)
NETW-3008 Get network IP addresses (security)
NETW-3012 Check listening ports (security)
NETW-3014 Checking promiscuous interfaces (BSD) (security)
NETW-3015 Linux Checking promiscuous interfaces (Linux) (security)
NETW-3028 Checking connections in WAIT state (security)
NETW-3030 Checking DHCP client status (security)
NETW-3032 Linux Checking for ARP monitoring software (security)
PHP-2211 Check php.ini presence (security)
PHP-2320 Check PHP disabled functions (security)
PHP-2368 Check PHP register_globals option (security)
PHP-2372 Check PHP expose_php option (security)
PHP-2374 Check PHP enable_dl option (security)
PHP-2376 Check PHP allow_url_fopen option (security)
PHP-2378 Check PHP allow_url_include option (security)
PHP-2379 Check PHP suhosin extension status (security)
PKGS-7301 Query NetBSD pkg (security)
PKGS-7302 Query FreeBSD/NetBSD pkg_info (security)
PKGS-7303 Query brew package manager (security)
PKGS-7304 Querying Gentoo packages (security)
PKGS-7306 Solaris Querying Solaris packages (security)
PKGS-7308 Checking package list with RPM (security)
PKGS-7310 Checking package list with pacman (security)
PKGS-7312 Checking available updates for pacman based system (security)
PKGS-7314 Checking pacman configuration options (security)
PKGS-7320 Linux Check presence of arch-audit for Arch Linux (security)
PKGS-7322 Linux Discover vulnerable packages on Arch Linux (security)
PKGS-7328 Querying Zypper for installed packages (security)
PKGS-7330 Querying Zypper for vulnerable packages (security)
PKGS-7332 Detection of macOS ports and packages (security)
PKGS-7334 Detection of available updates for macOS ports (security)
PKGS-7345 Querying dpkg (security)
PKGS-7346 Search unpurged packages on system (security)
PKGS-7348 FreeBSD Check for old distfiles (security)
PKGS-7350 Checking for installed packages with DNF utility (security)
PKGS-7352 Checking for security updates with DNF utility (security)
PKGS-7354 Checking package database integrity (security)
PKGS-7366 Checking for debsecan utility (security)
PKGS-7370 Checking for debsums utility (security)
PKGS-7378 Query portmaster for port upgrades (security)
PKGS-7380 NetBSD Check for vulnerable NetBSD packages (security)
PKGS-7381 Check for vulnerable FreeBSD packages with pkg (security)
PKGS-7382 Check for vulnerable FreeBSD packages with portaudit (security)
PKGS-7383 Check for YUM package Update management (security)
PKGS-7384 Check for YUM utils package (security)
PKGS-7386 Check for YUM security package (security)
PKGS-7387 Check for GPG signing in YUM security package (security)
PKGS-7388 Check security repository in Debian/ubuntu apt sources.list file (security)
PKGS-7390 Linux Check Ubuntu database consistency (security)
PKGS-7392 Linux Check for Debian/Ubuntu security updates (security)
PKGS-7393 Check for Gentoo vulnerable packages (security)
PKGS-7394 Linux Check for Ubuntu updates (security)
PKGS-7398 Check for package audit tool (security)
PKGS-7410 Count installed kernel packages (security)
PKGS-7420 Detect toolkit to automatically download and apply upgrades (security)
PRNT-2302 FreeBSD Check for printcap consistency (security)
PRNT-2304 Check cupsd status (security)
PRNT-2306 Check CUPSd configuration file (security)
PRNT-2307 Check CUPSd configuration file permissions (security)
PRNT-2308 Check CUPSd network configuration (security)
PRNT-2314 Check lpd status (security)
PRNT-2316 AIX Checking /etc/qconfig file (security)
PRNT-2418 AIX Checking qdaemon printer spooler status (security)
PRNT-2420 AIX Checking old print jobs (security)
PROC-3602 Linux Checking /proc/meminfo for memory details (security)
PROC-3604 Solaris Query prtconf for memory details (security)
PROC-3612 Check dead or zombie processes (security)
PROC-3614 Check heavy IO waiting based processes (security)
RBAC-6272 Check grsecurity presence (security)
SCHD-7702 Check status of cron daemon (security)
SCHD-7704 Check crontab/cronjobs (security)
SCHD-7718 Check at users (security)
SCHD-7720 Check at users (security)
SCHD-7724 Check at jobs (security)
SHLL-6202 FreeBSD Check console TTYs (security)
SHLL-6211 Checking available and valid shells (security)
SHLL-6220 Checking available and valid shells (security)
SHLL-6230 Perform umask check for shell configurations (security)
SINT-7010 System Integrity Status (security)
SNMP-3302 Check for running SNMP daemon (security)
SNMP-3304 Check SNMP daemon file location (security)
SNMP-3306 Check SNMP communities (security)
SQD-3602 Check for running Squid daemon (security)
SQD-3604 Check Squid daemon file location (security)
SQD-3606 Check Squid version (security)
SQD-3610 Check Squid version (security)
SQD-3613 Check Squid file permissions (security)
SQD-3614 Check Squid authentication methods (security)
SQD-3616 Check external Squid authentication (security)
SQD-3620 Check Squid access control lists (security)
SQD-3624 Check Squid safe ports (security)
SQD-3630 Check Squid reply_body_max_size option (security)
SQD-3680 Check Squid version suppression (security)
SSH-7402 Check for running SSH daemon (security)
SSH-7404 Check SSH daemon file location (security)
SSH-7406 Detection of OpenSSH server version (security)
SSH-7408 Check SSH specific defined options (security)
SSH-7440 AllowUsers and AllowGroups (security)
STRG-1840 Linux Check if USB storage is disabled (security)
STRG-1842 Linux Check USB authorizations (security)
STRG-1846 Linux Check if firewire storage is disabled (security)
STRG-1902 Check rpcinfo registered programs (security)
STRG-1904 Check nfs rpc (security)
STRG-1906 Check nfs rpc (security)
STRG-1920 Checking NFS daemon (security)
STRG-1926 Checking NFS exports (security)
STRG-1928 Checking empty /etc/exports (security)
STRG-1930 Check client access to nfs share (security)
TIME-3104 Check for running NTP daemon or client (security)
TIME-3106 Check systemd NTP time synchronization status (security)
TIME-3112 Check active NTP associations ID's (security)
TIME-3116 Check peers with stratum value of 16 (security)
TIME-3120 Check unreliable NTP peers (security)
TIME-3124 Check selected time source (security)
TIME-3128 Check preffered time source (security)
TIME-3132 Check NTP falsetickers (security)
TIME-3136 Linux Check NTP protocol version (security)
TIME-3148 Linux Check TZ variable (performance)
TIME-3160 Linux Check empty NTP step-tickers (security)
TIME-3170 Check configuration files (security)
TOOL-5002 Checking for automation tools (security)
TOOL-5102 Check for presence of Fail2ban (security)
TOOL-5104 Enabled tests for Fail2ban (security)
TOOL-5120 Presence of Snort IDS (security)
TOOL-5122 Snort IDS configuration file (security)
TOOL-5160 Check for active OSSEC analysis daemon (security)
TOOL-5190 Check presence of available IDS/IPS tooling (security)
USB-3000 Linux Check for presence of USBGuard (security)