centos7/8部署Lynis自动安全审计工具[0]

鉴于前篇已经部署了audit作为安全审计工具，详见centos7 部署audit安全审计，本篇主要以Lynis进行自动安全审计工具。Lynis默认是一次执行的审计，audit是自动在后台执行的审计。Lynis可以采用定时任务实现自动审计。

官网：https://cisofy.com/

• 安装

mkdir /lnmp
cd /lnmp
wget https://www.fanlog.org/wp-content/uploads/2020/12/lynis-3.0.4.zip
unzip lynis-3.0.4.zip
tar xvf lynis-3.0.4.tar.gz
cd lynis
./lynis

可选的安装方式适合centos8

cat << 'EOL' > /etc/yum.repos.d/cisofy-lynis.repo
[lynis]
name=CISOfy Software - Lynis package
baseurl=https://packages.cisofy.com/community/lynis/rpm/
enabled=1
gpgkey=https://packages.cisofy.com/keys/cisofy-software-rpms-public.key
gpgcheck=1
priority=2
EOL

yum update
yum install  lynis

• 运行检查

审计全部系统

./lynis audit system

显示所有的检查选项

./lynis show groups

检查防火墙

./lynis --tests-from-group "kernel firewalls"

• 查看审计结果

nano /var/log/lynis-report.dat

参考资料：

1. https://www.linuxprobe.com/lynis-accouting-tools.html
2. http://blog.lujun9972.win/blog/2018/06/08/%E4%BD%BF%E7%94%A8lynis%E8%BF%9B%E8%A1%8Clinux%E6%BC%8F%E6%B4%9E%E6%89%AB%E6%8F%8F/index.html
3. https://zh.codepre.com/how-to-11851.html
4. https://www.freebuf.com/articles/security-management/210391.html
5. https://os.51cto.com/art/202010/628841.htm