How to read Lynis reports to improve Linux security Use Lynis' scans and reports to find and fix Linux security issues August 10, 2020 https://opensource.com/article/20/8/linux-lynis-security Scan your Linux security with Lynis (May 12, 2020)
Lynis for Linux, macOS, and Unix-based systems 3.0.7 Released (January 18, 2022) Homepage Spoiler: 3.0.7 Changelog ## Lynis 3.0.7 ( 2022-01-18 ) ### Added - MALW-3290 - Show status of malware components - OS detection for RHEL 6 and Funtoo Linux - Added service manager openrc ### Changed - DBS-1804 - Added alias for MariaDB - FINT-4316 - Support for newer Ubuntu versions - MALW-3280 - Added Trend Micro malware agent - NETW-3200 - Allow unknown number of spaces in modprobe blacklists - PKGS-7320 - Support for Garuda Linux and arch-audit - Several improvements for busybox shell - Russian translation of Lynis extended
I hadn't seen this until today. Thanks @mood and @1PW ! Installed and ran Audit option. This seems best suited for experienced IT personnel in an enterprise environment. I think for most home users of Linux, basic security measures such as enabling the firewall, requiring sudo elevation, a password to login to account, sticking to the recommended repositories and keeping everything up to date are probably adequate.
Hello @wat0114 I strongly agree with your assessment of Lynis. The tool can also find weak implementations of home user systems and application setups using the audit's notifications. In my own audit run, I may have found at least one security exposure that I'll need to investigate. Thank you @wat0114 for your post and to @mood creating this topic.
I did follow the recommendation to strengthen file permissions on my home directory using the chmod command
I too likely have the same (HOME-9304) suggestion. Similarly, I also have a sensible suggestion in one of my computer's /opt directory. Excellent! Approximately twenty years ago, I first started using Michael Boelen's RKHunter when my then Red Hat Linux system had to "live" in a dangerous environment, and when his Lynis was released, I didn't need much convincing. Lynis has matured nicely.
Most suggestions on mine non-standard install of Debian are not important for not-shared home user, but I have also find something worth correction. Thanks @mood