Lynis security controls



Controls

ControlCategoryDescription
SSH-7408SSHSSH configuration

Proper hardening of your SSH configuration can reduce known weaknesses

SSH-7412SSHSSH permit root login

For proper authorization purposes, do not use direct root logins. Doing so, may result in actions being performed by administrators without any traceability. Also using root permissions directly might increase the risk of intrusion or availability. (e.g. brute force attacks on the password, account lockout)Unless the owner of each key is traceable, public key authentication can be considered.

SSH-7416SSHStrictModes option in SSH

SSH has the option to check for file permissions before use configuration and other files. With the StrictModes option, it will only use those files which are properly configured (e.g. not using chmod 777 applied).