System integrity plugin for Lynis
One of the cores beliefs in information security, is integrity. Integrity is the assurance that data is transmitted and stored correctly, and no unauthorized modifications have been made.
This module determines the level of protection the system has regarding integrity. It provides a special focus on file integrity. It enhances the existing tests in Lynis and performs very specific tests. Due to the level of testing, it may even discover system intrusions or unauthorized file alterations.
Our solution is unique in the space of Unix auditing, as it uses existing software together with our own tests. This way you can leverage the combined power of common software components and in-depth audits. Lynis determines the available tools that help with determining the level of file and system integrity. It will check the configuration of these tools and checks its status. Any misconfiguration or lack of appropriate security controls will be reported in the central management interface.
Software components are an important part of the system. Lynis will check the consistency of the package database and the software components used.
One of the tests determines if packages are properly signed and that checksums are valid. Bad system administration or using external resources, can lead to system intrusion. For this reason, checking the package database and installed binaries is important. It is one of the main factors which determines the level of system integrity.
Support for IMA and EVM
The Linux kernel had a lot of progress over the years regarding security. The usage of Linux security modules (LSM) has become standard in many distributions. One of the newer features is hashing and signing of files, including ELF binaries. Our module also checks for the support of IMA and EVM.
This test is only available to users of Lynis Enterprise, as it collects specific data to be used with the Enterprise version.
|PLGN-2604||Recently changed files using data from RPM packages|
|PLGN-2606||Retrieve capabilities of system binaries|
|PLGN-2608||Find binaries with setuid or setgid bit|
|PLGN-2610||Trusted public keys from GPG keyring for APT based systems|
|PLGN-2612||Gather IMA statistics|
|PLGN-2670||Presence of a vulnerability database|
|PLGN-2672||OpenBSD package signing options|
|PLGN-2680||File permissions of cron directories and files|