Security audit in our case is am automatic technical assessment of our server and web applications in the context of security by performing security vulnerability scans, reviewing application and operating system access controls some softwares or scripts. At the ens, we will gather a software generated audit report. Here is how to perform security audits on Ubuntu 16.04 with Lynis and other tools which are appropriate on cloud server’s shared environment. Security audits are often included in regulatory compliance, like with legislation of HIPAA, such acts specifies how an organisation must secure system. MacOS X and FreeBSD supports audit event logging with use of OpenBSM library.
How To Perform Security Audits On Ubuntu 16.04 On Cloud Server
Definitely there are paid third party costly services. However, they are not practical for day to day checking as we do not need certification. We have some free tools like Lynis, auditd. Lynis is a host-based free security auditing application to evaluate security profile of GNU/Linux systems. Cloud servers itself not 100% secure as guest OS. How host is secure, that also determines the security. In our case, the reason to use these tools to have an overall idea of vulnerability to protect from common attacks like bruteforce, attacks by script kiddies.
Running security audit tools usually consume a good time and patience. We suggest to read through the whole article before running the commands to install Lynis on server.
---
How To Perform Security Audits On Ubuntu 16.04 With Lynis
Lynis is developed by https://cisofy.com, and we are using the community edition. Of course, latest version is available on GitHub :
|
1 |
https://github.com/CISOfy/lynis |
Lynis uses HTTPS repo only and we need apt-transport-https installed for it. I must inform you that this package may give Fix E: Sub-process /usr/bin/dpkg returned an error code (1) error upon update, upgrade later, which we have an odd fix – Fix E: Sub-process returned an error code. Reverse situation is also true.
You van install apt-transport-https and Lynis from apt repo :
|
1 2 |
sudo apt-get install apt-transport-https sudo apt-get install lynis |
But it is more practical to clone the repo from Github and run it :
|
1 2 3 |
cd /usr/local git clone https://github.com/CISOfy/lynis Cloning into 'lynis'... |
Now change directory to lynis and run command :
|
1 2 |
cd lynis ./lynis audit system --quick |
Lynis will check everything like system tools, startup services, run level, loaded modules, kernel configuration, zombie processes, group IDs, sudoers, PAM configuration, vulnerable/upgradable packages, security repository, iptables, Apache, SSH configuration, MySQL root password, php options, cronjob, SSL certificate expiration, malware scanners, shell history files and so on.
You will get the manuals online on Lynis website and on Ubuntu repo :
|
1 2 |
https://cisofy.com/documentation/lynis/get-started/#first-run http://manpages.ubuntu.com/manpages/precise/man8/lynis.8.html |
