Security experts always strive for best security practices and system hardening is an activity generally performed by security experts to make systems safer. This activity make more sense if you have some audit tool in place to help find how effective your hardening policies are and where the loopholes exist. One such audit tool available for linux/unix system is lynis. This scans your system for securtity holes, look for expired SSL certs, incorrect file permissions, outdated packages and more. In this post I will run this tool on my linux machine and show you how effective this tool can be.
Audit your linux machine using lynis auditing tool CentOS/RHEL, Fedora, Ubuntu, Debian
Download the lynis auditing
# wget http://www.rootkit.nl/files/lynis-1.3.0.tar.gz
# tar zxvf lynis-1.3.0.tar.gz
# cd lynis-1.3.0
Execute the audit script with -c flag to check the system. The script will pause for your input after each category test, if you want to perform a quick scan and do not wish to be prompted after each category scan use the -Q flag.
# sh lynis -c --auditor "keenan" -Q
Once completed the script will return the Hardening Index, in my case it was a poor 48 out of max 100 and some suggestions to improve it.
To see all the available options run the script with -h flag on
# sh lynis -h