lynis安装与使用-史上最全

• 1、Lynis的介绍
  • 1.1、介绍
  • 1.2、审核步骤
• 2、官网下载软件包
• 3、安装
• 4、运行检测
• 5、日志查看具体项目
• 6、具体项目官网介绍
• 7、查看扫描类别
  • 7.1、指定扫描类别
• 8、查看更新
• 9、配置文件
• 10、自动执行任务
• 11、参数信息
• 12、项目ID

 

1、Lynis的介绍 #官网地址： https://cisofy.com/downloads/

1.1、介绍

审计，系统强化，合规性测试 Lynis是一款经过实战考验的安全工具，适用于运行Linux，macOS或基于Unix的操作系统的系统。它对您的系统执行广泛的运行状况扫描，以支持系统强化和一致性测试。该项目是具有GPL许可证的开源软件，自2007年起可用。 由于Lynis具有灵活性，因此可用于多种不同用途。Lynis的典型用例包括： 安全审计 一致性测试（例如PCI，HIPAA，SOx） 渗透测试 漏洞检测 系统强化

1.2、审核步骤

审核步骤 这是Lynis典型扫描期间发生的情况： 初始化和基本检查 确定操作系统和工具 搜索可用的系统实用程序 检查Lynis更新 运行已启用的插件 每个类别运行安全测试 执行自定义测试 报告安全扫描的状态 除了屏幕上显示的报告和信息外，有关扫描的所有技术细节都存储在日志文件（lynis.log）中。警告和建议等结果存储在单独的报告文件（lynis-report.dat）中。 2、官网下载软件包 目前最新的是3.0.6 lynis-3.0.6.tar.gz

 

3、安装 #解压即是安装，不需要运行安装命令 #在/usr/local/目录下新建目录lynis，如下： [root@king lynis]# pwd /usr/local/lynis #上传软件包，进行解压 [root@king lynis]# ls CHANGELOG.md CONTRIBUTING.md db developer.prf FAQ include LICENSE lynis.8 README TODO.md CODE_OF_CONDUCT.md CONTRIBUTORS.md default.prf extras HAPPY_USERS.md INSTALL lynis plugins SECURITY.md [root@king lynis]# pwd /usr/local/lynis/lynis 4、运行检测 直接执行脚本，没加任何参数，默认会提示你，该输入哪些参数进行

 

#运行检测命令如下： [root@king lynis]# ./lynis audit system

 

5、日志查看具体项目 #警告项目 [root@king lynis]# grep -i warning /var/log/lynis.log 2021-07-26 15:25:14 Warning: Reboot of system is most likely needed [test:KRNL-5830] [details:] [solution:text:reboot] 2021-07-26 15:25:30 Warning: iptables module(s) loaded, but no rules active [test:FIRE-4512] [details:-] [solution:-] 2021-07-26 15:25:36 Skipped test CONT-8104 (Checking Docker info for any warnings) #建议项目 [root@king lynis]# grep -i suggest /var/log/lynis.log 6、具体项目官网介绍

https://cisofy.com/lynis/controls/

7、查看扫描类别 [root@king lynis]# ./lynis show groups accounting authentication banners boot_services containers crypto databases dns file_integrity file_permissions filesystems firewalls hardening homedirs insecure_services kernel kernel_hardening ldap logging mac_frameworks mail_messaging malware memory_processes nameservices networking php ports_packages printers_spoolers scheduling shells snmp squid ssh storage storage_nfs system_integrity time tooling usb virtualization webservers

7.1、指定扫描类别

#指定扫描php和ssh ----也可以单独指定一项 [root@king lynis]# ./lynis --tests-from-group "php ssh"

 

#查看指定参数类别的详细信息 [root@king lynis]# ./lynis show details SSH-7408 8、查看更新 [root@king lynis]# ./lynis update info == Lynis == Version : 3.0.6 Status : Unknown Release date : 2021-07-22 Project page : https://cisofy.com/lynis/ Source code : https://github.com/CISOfy/lynis Latest package : https://packages.cisofy.com/ 2007-2021, CISOfy - https://cisofy.com/lynis/ 9、配置文件 配置文件 默认lynis自带一个名为 default.prf 的默认配置文件 [root@king lynis]# pwd /usr/local/lynis/lynis [root@king lynis]# ll /usr/local/lynis/lynis/default.prf -rw-r--r-- 1 root root 21405 Jul 22 08:00 /usr/local/lynis/lynis/default.prf 无需直接修改这个默认的配置文件，只需要新增一个custom.prf 文件将自定义的信息加入其中就可以了。 10、自动执行任务 自动执行任务 vim /etc/crontab # 添加 00 10 * * * root lynis audit system -Q # 重启服务 systemctl restart crond 11、参数信息 lynis show environment #硬件、虚拟机或容器类型) lynis show groups #测试组 lynis show help #有关参数的详细信息 lynis show hostids #(此系统的唯一ID) lynis show includedir #包含测试和函数目录) lynis show language #(配置或检测到的语言) lynis show license #(许可证详细信息) lynis show logfile #日志文件的位置 lynis show man #显示帮助 lynis show options #可用标志和选项) lynis show os #操作系统和版本) lynis show pidfile #活动文件到存储进程ID) lynis show plugindir #带有插件的目录) lynis show profiles #发现的配置文件) lynis show release #(版本) lynis show releasedate #发布日期） lynis show report #报告数据的位置 lynis show settings #(显示配置的设置，选项：--brief--nocolors) lynis show tests [test] #显示有关一个或多个测试的信息 lynis show tests skipped #根据配置文件跳过哪些测试 lynis show version #Lynis版本 lynis show workdir #工作目录 12、项目ID ACCT-2754 FreeBSD Check for available FreeBSD accounting information (security) ACCT-2760 OpenBSD Check for available OpenBSD accounting information (security) ACCT-9622 Linux Check for available Linux accounting information (security) ACCT-9626 Linux Check for sysstat accounting data (security) ACCT-9628 Linux Check for auditd (security) ACCT-9630 Linux Check for auditd rules (security) ACCT-9632 Linux Check for auditd configuration file (security) ACCT-9634 Linux Check for auditd log file (security) ACCT-9636 Linux Check for Snoopy wrapper and logger (security) ACCT-9650 Solaris Check Solaris audit daemon (security) ACCT-9652 Solaris Check auditd SMF status (security) ACCT-9654 Solaris Check BSM auditing in /etc/system (security) ACCT-9656 Solaris Check BSM auditing in module list (security) ACCT-9660 Solaris Check location of audit events (security) ACCT-9662 Solaris Check Solaris auditing stats (security) AUTH-9204 Check users with an UID of zero (security) AUTH-9208 Check non-unique accounts in passwd file (security) AUTH-9212 Test group file (security) AUTH-9216 Check group and shadow group files (security) AUTH-9218 FreeBSD Check harmful login shells (security) AUTH-9222 Check for non unique groups (security) AUTH-9226 Check non unique group names (security) AUTH-9228 Check password file consistency with pwck (security) AUTH-9234 Query user accounts (security) AUTH-9240 Query NIS+ authentication support (security) AUTH-9242 Query NIS authentication support (security) AUTH-9250 Checking sudoers file (security) AUTH-9252 Check sudoers file (security) AUTH-9254 Solaris Solaris passwordless accounts (security) AUTH-9262 Checking presence password strength testing tools (PAM) (security) AUTH-9264 Checking presence pam.conf (security) AUTH-9266 Checking presence pam.d files (security) AUTH-9268 Checking presence pam.d files (security) AUTH-9278 Checking LDAP pam status (security) AUTH-9282 Checking password protected account without expire date (security) AUTH-9283 Checking accounts without password (security) AUTH-9286 Checking user password aging (security) AUTH-9288 Checking for expired passwords (security) AUTH-9304 Solaris Check single user login configuration (security) AUTH-9306 HP-UX Check single boot authentication (security) AUTH-9308 Linux Check single user login configuration (security) AUTH-9328 Default umask values (security) AUTH-9340 Solaris Solaris account locking (security) AUTH-9402 Query LDAP authentication support (security) AUTH-9406 Query LDAP servers in client configuration (security) AUTH-9408 Logging of failed login attempts via /etc/login.defs (security) AUTH-9409 OpenBSD Check for doas file (security) AUTH-9410 OpenBSD Check for doas file permissions (security) AUTH-9489 DragonFly Check login shells for passwordless accounts (security) BANN-7113 FreeBSD Check COPYRIGHT banner file (security) BANN-7124 Check issue banner file (security) BANN-7126 Check issue banner file contents (security) BANN-7128 Check issue.net banner file (security) BANN-7130 Check issue.net banner file contents (security) BOOT-5102 AIX Check for AIX boot device (security) BOOT-5104 Determine service manager (security) BOOT-5106 MacOS Check EFI boot file on macOS (security) BOOT-5108 Linux Test Syslinux boot loader (security) BOOT-5116 Check if system is booted in UEFI mode (security) BOOT-5117 Linux Check for systemd-boot boot loader (security) BOOT-5121 Check for GRUB boot loader presence (security) BOOT-5122 Check for GRUB boot password (security) BOOT-5124 FreeBSD Check for FreeBSD boot loader presence (security) BOOT-5126 NetBSD Check for NetBSD boot loader presence (security) BOOT-5139 Check for LILO boot loader presence (security) BOOT-5142 Check SPARC Improved boot loader (SILO) (security) BOOT-5155 Check for YABOOT boot loader configuration file (security) BOOT-5159 OpenBSD Check for OpenBSD boot loader presence (security) BOOT-5165 FreeBSD Check for FreeBSD boot services (security) BOOT-5177 Linux Check for Linux boot and running services (security) BOOT-5180 Linux Check for Linux boot services (Debian style) (security) BOOT-5184 Linux Check permissions for boot files/scripts (security) BOOT-5202 Check uptime of system (security) BOOT-5260 Check single user mode for systemd (security) BOOT-5261 DragonFly Check for DragonFly boot loader presence (security) BOOT-5262 OpenBSD Check for OpenBSD boot daemons (security) BOOT-5263 OpenBSD Check permissions for boot files/scripts (security) CONT-8004 Solaris Query running Solaris zones (security) CONT-8102 Checking Docker status and information (security) CONT-8104 Checking Docker info for any warnings (security) CONT-8106 Gather basic stats from Docker (security) CONT-8107 Check number of unused Docker containers (performance) CONT-8108 Check file permissions for Docker files (security) CORE-1000 Check all system binaries (performance) CRYP-7902 Check expire date of SSL certificates (security) DNS-1600 Validating that the DNSSEC signatures are checked (security) DBS-1804 Checking active MySQL process (security) DBS-1816 Checking MySQL root password (security) DBS-1818 MongoDB status (security) DBS-1820 Check MongoDB authentication (security) DBS-1826 Checking active PostgreSQL processes (security) DBS-1840 Checking active Oracle processes (security) DBS-1860 Checking active DB2 instances (security) DBS-1880 Checking active Redis processes (security) DBS-1882 Redis configuration file (security) DBS-1884 Redis configuration (requirepass) (security) DBS-1886 Redis configuration (CONFIG command renamed) (security) DBS-1888 Redis configuration (bind on localhost) (security) FILE-6310 Checking /tmp, /home and /var directory (security) FILE-6311 Checking LVM volume groups (security) FILE-6312 Checking LVM volumes (security) FILE-6323 Linux Checking EXT file systems (security) FILE-6329 Checking FFS/UFS file systems (security) FILE-6330 FreeBSD Checking ZFS file systems (security) FILE-6332 Checking swap partitions (security) FILE-6336 Checking swap mount options (security) FILE-6344 Linux Checking proc mount options (security) FILE-6354 Searching for old files in /tmp (security) FILE-6362 Checking /tmp sticky bit (security) FILE-6363 Checking /var/tmp sticky bit (security) FILE-6368 Linux Checking ACL support on root file system (security) FILE-6372 Linux Checking / mount options (security) FILE-6374 Linux Checking /boot mount options (security) FILE-6376 Linux Determine if /var/tmp is bound to /tmp (security) FILE-6410 Checking Locate database (security) FILE-6430 Disable mounting of some filesystems (security) FILE-6439 DragonFly Checking HAMMER PFS mounts (security) FILE-7524 Perform file permissions check (security) FINT-4310 AFICK availability (security) FINT-4314 AIDE availability (security) FINT-4315 Check AIDE configuration file (security) FINT-4318 Osiris availability (security) FINT-4322 Samhain availability (security) FINT-4326 Tripwire availability (security) FINT-4328 OSSEC syscheck daemon running (security) FINT-4330 mtree availability (security) FINT-4334 Check lfd daemon status (security) FINT-4336 Check lfd configuration status (security) FINT-4338 osqueryd syscheck daemon running (security) FINT-4350 File integrity software installed (security) FINT-4402 Checksums (SHA256 or SHA512) (security) FIRE-4502 Linux Check iptables kernel module (security) FIRE-4508 Check used policies of iptables chains (security) FIRE-4512 Check iptables for empty ruleset (security) FIRE-4513 Check iptables for unused rules (security) FIRE-4518 Check pf firewall components (security) FIRE-4520 Check pf configuration consistency (security) FIRE-4524 Check for CSF presence (security) FIRE-4526 Solaris Check ipf status (security) FIRE-4530 FreeBSD Check IPFW status (security) FIRE-4532 MacOS Check macOS application firewall (security) FIRE-4534 MacOS Check for outbound firewalls (security) FIRE-4536 Linux Check nftables status (security) FIRE-4538 Linux Check nftables basic configuration (security) FIRE-4540 Linux Test for empty nftables configuration (security) FIRE-4586 Check firewall logging (security) FIRE-4590 Check firewall status (security) FIRE-4594 Check for APF presence (security) HOME-9302 Create list with home directories (security) HOME-9310 Checking for suspicious shell history files (security) HOME-9350 Collecting information from home directories (security) HRDN-7220 Check if one or more compilers are installed (security) HRDN-7222 Check compiler permissions (security) HRDN-7230 Check for malware scanner (security) HTTP-6622 Checking Apache presence (security) HTTP-6624 Testing main Apache configuration file (security) HTTP-6626 Testing other Apache configuration file (security) HTTP-6632 Determining all available Apache modules (security) HTTP-6640 Determining existence of specific Apache modules (security) HTTP-6641 Determining existence of specific Apache modules (security) HTTP-6643 Determining existence of specific Apache modules (security) HTTP-6702 Check nginx process (security) HTTP-6704 Check nginx configuration file (security) HTTP-6706 Check for additional nginx configuration files (security) HTTP-6708 Check discovered nginx configuration settings (security) HTTP-6710 Check nginx SSL configuration settings (security) HTTP-6712 Check nginx access logging (security) HTTP-6714 Check for missing error logs in nginx (security) HTTP-6716 Check for debug mode on error log in nginx (security) HTTP-6720 Check Nginx log files (security) INSE-8000 Installed inetd package (security) INSE-8002 Status of inet daemon (security) INSE-8004 Presence of inetd configuration file (security) INSE-8006 Check configuration of inetd when it is disabled (security) INSE-8016 Check for telnet via inetd (security) INSE-8050 MacOS Check for insecure services on macOS systems (security) INSE-8100 Installed xinetd package (security) INSE-8116 Insecure services enabled via xinetd (security) INSE-8200 Usage of TCP wrappers (security) INSE-8300 Presence of rsh client (security) INSE-8302 Presence of rsh server (security) KRNL-5622 Linux Determine Linux default run level (security) KRNL-5677 Linux Check CPU options and support (security) KRNL-5695 Linux Determine Linux kernel version and release number (security) KRNL-5723 Linux Determining if Linux kernel is monolithic (security) KRNL-5726 Linux Checking Linux loaded kernel modules (security) KRNL-5728 Linux Checking Linux kernel config (security) KRNL-5730 Linux Checking disk I/O kernel scheduler (security) KRNL-5745 FreeBSD Checking FreeBSD loaded kernel modules (security) KRNL-5770 Solaris Checking active kernel modules (security) KRNL-5788 Linux Checking availability new Linux kernel (security) KRNL-5820 Linux Checking core dumps configuration (security) KRNL-5830 Linux Checking if system is running on the latest installed kernel (security) KRNL-5831 DragonFly Checking DragonFly loaded kernel modules (security) KRNL-6000 Check sysctl key pairs in scan profile (security) LDAP-2219 Check running OpenLDAP instance (security) LDAP-2224 Check presence slapd.conf (security) LOGG-2130 Check for running syslog daemon (security) LOGG-2132 Check for running syslog-ng daemon (security) LOGG-2134 Checking Syslog-NG configuration file consistency (security) LOGG-2136 Check for running systemd journal daemon (security) LOGG-2138 Linux Checking kernel logger daemon on Linux (security) LOGG-2142 Linux Checking minilog daemon (security) LOGG-2146 Checking logrotate.conf and logrotate.d (security) LOGG-2148 Checking logrotated files (security) LOGG-2150 Checking directories in logrotate configuration (security) LOGG-2152 Checking loghost (security) LOGG-2154 Checking syslog configuration file (security) LOGG-2160 Checking /etc/newsyslog.conf (security) LOGG-2162 Checking directories in /etc/newsyslog.conf (security) LOGG-2164 Checking files specified /etc/newsyslog.conf (security) LOGG-2170 Checking log paths (security) LOGG-2180 Checking open log files (security) LOGG-2190 Checking for deleted files in use (security) LOGG-2192 Checking for opened log files that are empty (security) LOGG-2210 Check for running metalog daemon (security) LOGG-2230 Check for running RSyslog daemon (security) LOGG-2240 Check for running RFC 3195 compliant daemon (security) MACF-6204 Check AppArmor presence (security) MACF-6208 Check if AppArmor is enabled (security) MACF-6232 Check SELINUX presence (security) MACF-6234 Check SELINUX status (security) MACF-6240 Detection of TOMOYO binary (security) MACF-6242 Status of TOMOYO MAC framework (security) MACF-6290 Check for implemented MAC framework (security) MAIL-8802 Check Exim status (security) MAIL-8804 Exim configuration (security) MAIL-8814 Check postfix process status (security) MAIL-8816 Check Postfix configuration (security) MAIL-8817 Check Postfix configuration errors (security) MAIL-8818 Postfix banner (security) MAIL-8820 Postfix configuration (security) MAIL-8838 Check dovecot process (security) MAIL-8860 Check Qmail status (security) MAIL-8880 Check Sendmail status (security) MAIL-8920 Check OpenSMTPD status (security) MALW-3275 Check for chkrootkit (security) MALW-3276 Check for Rootkit Hunter (security) MALW-3278 Check for LMD (security) MALW-3280 Check if anti-virus tool is installed (security) MALW-3282 Check for clamscan (security) MALW-3284 Check for clamd (security) MALW-3286 Check for freshclam (security) MALW-3288 Check for ClamXav (security) NAME-4016 Check /etc/resolv.conf default domain (security) NAME-4018 Check /etc/resolv.conf search domains (security) NAME-4020 Check non default options (security) NAME-4024 Solaris Solaris uname -n output (security) NAME-4026 Solaris Check /etc/nodename (security) NAME-4028 Check domain name (security) NAME-4032 Check nscd status (security) NAME-4034 Check Unbound status (security) NAME-4036 Check Unbound configuration file (security) NAME-4202 Check BIND status (security) NAME-4204 Search BIND configuration file (security) NAME-4206 Check BIND configuration consistency (security) NAME-4210 Check DNS banner (security) NAME-4230 Check PowerDNS status (security) NAME-4232 Search PowerDNS configuration file (security) NAME-4236 Check PowerDNS backends (security) NAME-4238 Check PowerDNS authoritive status (security) NAME-4304 Check NIS ypbind status (security) NAME-4306 Check NIS domain (security) NAME-4402 Check duplicate line in /etc/hosts (security) NAME-4404 Check /etc/hosts contains an entry for this server name (security) NAME-4406 Check server hostname mapping (security) NAME-4408 Check localhost to IP mapping (security) NETW-2600 Linux Checking IPv6 configuration (security) NETW-2704 Basic nameserver configuration tests (security) NETW-2705 Check availability two nameservers (security) NETW-3001 Find default gateway (route) (security) NETW-3004 Search available network interfaces (security) NETW-3006 Get network MAC addresses (security) NETW-3008 Get network IP addresses (security) NETW-3012 Check listening ports (security) NETW-3014 Checking promiscuous interfaces (BSD) (security) NETW-3015 Linux Checking promiscuous interfaces (Linux) (security) NETW-3028 Checking connections in WAIT state (security) NETW-3030 Checking DHCP client status (security) NETW-3032 Linux Checking for ARP monitoring software (security) PHP-2211 Check php.ini presence (security) PHP-2320 Check PHP disabled functions (security) PHP-2368 Check PHP register_globals option (security) PHP-2372 Check PHP expose_php option (security) PHP-2374 Check PHP enable_dl option (security) PHP-2376 Check PHP allow_url_fopen option (security) PHP-2378 Check PHP allow_url_include option (security) PHP-2379 Check PHP suhosin extension status (security) PKGS-7301 Query NetBSD pkg (security) PKGS-7302 Query FreeBSD/NetBSD pkg_info (security) PKGS-7303 Query brew package manager (security) PKGS-7304 Querying Gentoo packages (security) PKGS-7306 Solaris Querying Solaris packages (security) PKGS-7308 Checking package list with RPM (security) PKGS-7310 Checking package list with pacman (security) PKGS-7312 Checking available updates for pacman based system (security) PKGS-7314 Checking pacman configuration options (security) PKGS-7320 Linux Check presence of arch-audit for Arch Linux (security) PKGS-7322 Linux Discover vulnerable packages on Arch Linux (security) PKGS-7328 Querying Zypper for installed packages (security) PKGS-7330 Querying Zypper for vulnerable packages (security) PKGS-7332 Detection of macOS ports and packages (security) PKGS-7334 Detection of available updates for macOS ports (security) PKGS-7345 Querying dpkg (security) PKGS-7346 Search unpurged packages on system (security) PKGS-7348 FreeBSD Check for old distfiles (security) PKGS-7350 Checking for installed packages with DNF utility (security) PKGS-7352 Checking for security updates with DNF utility (security) PKGS-7354 Checking package database integrity (security) PKGS-7366 Checking for debsecan utility (security) PKGS-7370 Checking for debsums utility (security) PKGS-7378 Query portmaster for port upgrades (security) PKGS-7380 NetBSD Check for vulnerable NetBSD packages (security) PKGS-7381 Check for vulnerable FreeBSD packages with pkg (security) PKGS-7382 Check for vulnerable FreeBSD packages with portaudit (security) PKGS-7383 Check for YUM package Update management (security) PKGS-7384 Check for YUM utils package (security) PKGS-7386 Check for YUM security package (security) PKGS-7387 Check for GPG signing in YUM security package (security) PKGS-7388 Check security repository in Debian/ubuntu apt sources.list file (security) PKGS-7390 Linux Check Ubuntu database consistency (security) PKGS-7392 Linux Check for Debian/Ubuntu security updates (security) PKGS-7393 Check for Gentoo vulnerable packages (security) PKGS-7394 Linux Check for Ubuntu updates (security) PKGS-7398 Check for package audit tool (security) PKGS-7410 Count installed kernel packages (security) PKGS-7420 Detect toolkit to automatically download and apply upgrades (security) PRNT-2302 FreeBSD Check for printcap consistency (security) PRNT-2304 Check cupsd status (security) PRNT-2306 Check CUPSd configuration file (security) PRNT-2307 Check CUPSd configuration file permissions (security) PRNT-2308 Check CUPSd network configuration (security) PRNT-2314 Check lpd status (security) PRNT-2316 AIX Checking /etc/qconfig file (security) PRNT-2418 AIX Checking qdaemon printer spooler status (security) PRNT-2420 AIX Checking old print jobs (security) PROC-3602 Linux Checking /proc/meminfo for memory details (security) PROC-3604 Solaris Query prtconf for memory details (security) PROC-3612 Check dead or zombie processes (security) PROC-3614 Check heavy IO waiting based processes (security) RBAC-6272 Check grsecurity presence (security) SCHD-7702 Check status of cron daemon (security) SCHD-7704 Check crontab/cronjobs (security) SCHD-7718 Check at users (security) SCHD-7720 Check at users (security) SCHD-7724 Check at jobs (security) SHLL-6202 FreeBSD Check console TTYs (security) SHLL-6211 Checking available and valid shells (security) SHLL-6220 Checking available and valid shells (security) SHLL-6230 Perform umask check for shell configurations (security) SINT-7010 System Integrity Status (security) SNMP-3302 Check for running SNMP daemon (security) SNMP-3304 Check SNMP daemon file location (security) SNMP-3306 Check SNMP communities (security) SQD-3602 Check for running Squid daemon (security) SQD-3604 Check Squid daemon file location (security) SQD-3606 Check Squid version (security) SQD-3610 Check Squid version (security) SQD-3613 Check Squid file permissions (security) SQD-3614 Check Squid authentication methods (security) SQD-3616 Check external Squid authentication (security) SQD-3620 Check Squid access control lists (security) SQD-3624 Check Squid safe ports (security) SQD-3630 Check Squid reply_body_max_size option (security) SQD-3680 Check Squid version suppression (security) SSH-7402 Check for running SSH daemon (security) SSH-7404 Check SSH daemon file location (security) SSH-7406 Detection of OpenSSH server version (security) SSH-7408 Check SSH specific defined options (security) SSH-7440 AllowUsers and AllowGroups (security) STRG-1840 Linux Check if USB storage is disabled (security) STRG-1842 Linux Check USB authorizations (security) STRG-1846 Linux Check if firewire storage is disabled (security) STRG-1902 Check rpcinfo registered programs (security) STRG-1904 Check nfs rpc (security) STRG-1906 Check nfs rpc (security) STRG-1920 Checking NFS daemon (security) STRG-1926 Checking NFS exports (security) STRG-1928 Checking empty /etc/exports (security) STRG-1930 Check client access to nfs share (security) TIME-3104 Check for running NTP daemon or client (security) TIME-3106 Check systemd NTP time synchronization status (security) TIME-3112 Check active NTP associations ID's (security) TIME-3116 Check peers with stratum value of 16 (security) TIME-3120 Check unreliable NTP peers (security) TIME-3124 Check selected time source (security) TIME-3128 Check preffered time source (security) TIME-3132 Check NTP falsetickers (security) TIME-3136 Linux Check NTP protocol version (security) TIME-3148 Linux Check TZ variable (performance) TIME-3160 Linux Check empty NTP step-tickers (security) TIME-3170 Check configuration files (security) TOOL-5002 Checking for automation tools (security) TOOL-5102 Check for presence of Fail2ban (security) TOOL-5104 Enabled tests for Fail2ban (security) TOOL-5120 Presence of Snort IDS (security) TOOL-5122 Snort IDS configuration file (security) TOOL-5160 Check for active OSSEC analysis daemon (security) TOOL-5190 Check presence of available IDS/IPS tooling (security) USB-3000 Linux Check for presence of USBGuard (security)