System integrity plugin for Lynis

Description

One of the cores beliefs in information security, is integrity. Integrity is the assurance that data is transmitted and stored correctly, and no unauthorized modifications have been made.

This module determines the level of protection the system has regarding integrity. It provides a special focus on file integrity. It enhances the existing tests in Lynis and performs very specific tests. Due to the level of testing, it may even discover system intrusions or unauthorized file alterations.

Software
Our solution is unique in the space of Unix auditing, as it uses existing software together with our own tests. This way you can leverage the combined power of common software components and in-depth audits. Lynis determines the available tools that help with determining the level of file and system integrity. It will check the configuration of these tools and checks its status. Any misconfiguration or lack of appropriate security controls will be reported in the central management interface.

Package Integrity
Software components are an important part of the system. Lynis will check the consistency of the package database and the software components used.

Signed packages
One of the tests determines if packages are properly signed and that checksums are valid. Bad system administration or using external resources, can lead to system intrusion. For this reason, checking the package database and installed binaries is important. It is one of the main factors which determines the level of system integrity.

Support for IMA and EVM
The Linux kernel had a lot of progress over the years regarding security. The usage of Linux security modules (LSM) has become standard in many distributions. One of the newer features is hashing and signing of files, including ELF binaries. Our module also checks for the support of IMA and EVM.

Availability

This test is only available to users of Lynis Enterprise, as it collects specific data to be used with the Enterprise version.

Plugin tests

PLGN-2604Recently changed files using data from RPM packages
PLGN-2606Retrieve capabilities of system binaries
PLGN-2608Find binaries with setuid or setgid bit
PLGN-2610Trusted public keys from GPG keyring for APT based systems
PLGN-2612Gather IMA statistics
PLGN-2670Presence of a vulnerability database
PLGN-2672OpenBSD package signing options
PLGN-2680File permissions of cron directories and files