From c0ae2e217b7f1fb0171017ce5afb8eb8898470db Mon Sep 17 00:00:00 2001 From: mboelen Date: Tue, 26 Aug 2014 17:33:55 +0200 Subject: Initial import --- FAQ | 92 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 92 insertions(+) create mode 100644 FAQ (limited to 'FAQ') diff --git a/FAQ b/FAQ new file mode 100644 index 00000000..e8dcb244 --- /dev/null +++ b/FAQ @@ -0,0 +1,92 @@ + +================================================================================ + + Lynis - Frequently Asked Questions + +================================================================================ + + Author: Michael Boelen (michael@rootkit.nl) + Description: Security and system auditing tool + Website: http://cisofy.com/lynis/ + http://www.rootkit.nl/projects/lynis.html + Development start: May 2007 + Support policy: See section 'Support' (README file) + Documentation: See web site, README, FAQ and CHANGELOG file + +================================================================================ + +[+] General +------------------------------- + + Q: I don't understand the program (output), what to do? + A: Keep reading this FAQ, then continue with reading the README file, followed + by the log file (default: /var/log/lynis.log). After those sources, check + the documentation on the website. + + Q: I can't find any configuration file for Lynis, where is it? + A: There isn't one (currently), since all options are available as command + parameters. Specific options to control the audit/security scan can be set + or adjusted by changing the 'profile' file you are using (don't use + default.prf for your own custom options, but make a copy of it). + + Q: Why is there no port/package for my operating system? + A: Because there is no maintainer for it yet. If you have the time to keep + the port/package current for your preferred operating system, fill in the + contact form to notify me and confirm no one else is working on it. + + Q: What to do with the report files? + A: The output could be used for monitoring (baseline checks). For user of the + Lynis Enterprise Suite, they will be used to upload data. + + + +[+] Usage problems +------------------------------- + Q: Lynis hangs while testing the group files (grpck) + A: Run the grpck command manually. It will most likely need user input, to + repair incorrect groups. + + Q: Lynis doesn't display all messages on a white background + A: White text is used for general (and important) messages. Most terminals + have a dark background, so it gives extra attention to the message. However + if you have a white background (for example Mac OS X), you can run Lynis + with --no-colors to strip colors or --reverse-colors to reverse the color + scheme. Another option is to change your terminal colors within Mac OS. + + Q: Some tests take very long to finish, what to do? + A: Use a second console (or connection) and check the output of ps/lsof etc, + to see the status of the active subroutine. If a specific test hangs for a + very long time, try to kill that specific process (ie grpck) and see if + Lynis continues. Afterwards, run the command manually to see the cause. + Check the log file for additional information, when possible. + + Q: When running Lynis, it shows me the usage help even while using correct + parameters, why? + A: This can happen with alternative shells. Try using a different shell to + invoke Lynis (example: bash lynis -c). + + Q: One or more tests are giving incorrect output. How to solve that? + A: Check the log file. If that also has incorrect data, fill in the contact + form and describe the issue. + + Q: The program takes long to complete and also uses too much resources. Can it + be tuned? + A: The time it takes to complete is depends on the amount of tests to run. + However the resources it take can be slighty lowered by increasing the + pause_between_tests profile option. Keep in mind this increases the total + length of the scan to complete. + + + +[+] Network related issues +------------------------------- + + Q: Lynis reports promiscuous interfaces, but they are needed for normal operation, + how can I hide this warning? + A: Whitelist the interface in the profile file (if_promisc). + + + +================================================================================ + Lynis - Copyright 2007-2014, Michael Boelen - The Netherlands + http://cisofy.com -- cgit v1.2.3