================================================================================ Lynis - To Do ================================================================================ Author: Michael Boelen (michael@rootkit.nl) Description: Security and system auditing tool Website: http://www.rootkit.nl/projects/lynis.html Support policy: See section 'Support' (README file) Documentation: See web site, README, FAQ and CHANGELOG file ================================================================================ [+] Open issues ------------------------------- [+] Project ------------------------------- [+] General ------------------------------- - Activate warning when default profile is being used - Add list of manual audit items, depending on performed tests - Replace awk instances with ${AWKBINARY} [+] Forensics ------------------------------- - Add MD5/SHA1 database [+] Generic Tests ------------------------------- - NFS: Check if there is no localhost line in the /etc/export file - Check /etc/crontab entries (permissions, locations) - Search for all setuid/setgid files and compare against baseline - Skel: Red Hat files are hidden, check with ls -al? - Add MacOS X test for /tmp dir (or redirect location of symlink) - Samba: make sure it does listen only at one interface (not at WAN) - Cleanup some tests by combining options (like NETW-3006) - Check for latest versions of programs - Check if multiple users have group '0' - When using --quiet, use long warnings instead of default lines - Don't show section headers when using --tests - Show Last logon dates for user accounts - Show passwords 30 days or older / trivial passwords / password shadowing - Show duplicate usernames, UIDs and GIDs - System wide policies including: default files creation mask, login timeout intervals, lockout durations... - Permissions on selected sensitive files / directories [+] Applications ------------------------------- - Debian/Ubuntu: check if apt-listbugs is installed [+] Databases ------------------------------- - Warn if MySQL is running on a network interface - Check for empty root login - Check Oracle things (tm) [+] Programming languages/interfaces ------------------------------- - Paranoid option: set binaries to 750 for perl, python, ruby, cc, gcc, *cc* etc [+] DNS ------------------------------- - Bind: check if version is disabled [+] Firewalls ------------------------------- - iptables: show chain numbers when rules are unused [+] Shell/interface/X ------------------------------- - Check for autolog or timeoutd package [+] MTA ------------------------------- - Sendmail: check banner, check file permissions of configuration files - Exim: check banner - SMTP (if running): check if a version shows up in banner [+] Printers/spools ------------------------------- - Printcap consistency check for Linux/Solaris/MacOS [+] Tomcat ------------------------------- - Check if iptables has rules for port 8080, 8009, 8443 - Check if /WEB-INF/ and /META-INF/ are denied in httpd.conf [+] Reporting ------------------------------- - Add possibility to mail directly (instead of log to file) - Find audit templates for reporting (direct post to webserver?) - Allow bonus points, however check a maximum index score of 100 ================================================================================ Lynis - Copyright 2007-2013, Michael Boelen - The Netherlands http://www.rootkit.nl