...
- Install the lynis-ncsa RedHat package.
- Run lynis audit system
Running Lynis NCSA plugin while skipping Lynis built-in checks:
Code Block | ||
---|---|---|
| ||
cd /opt/lynis
sudo ./lynis audit system --profile nodefault.prf |
Running Lynis NCSA version with Lynis built-in checks:
Code Block | ||
---|---|---|
| ||
sudo lynis audit system |
Checks inside the plugin:
...
Checks if rsyslog remote destination is set per Syslog Remote Logging Best Practices suggests.
NCSA-NTP
(Lazy version) Checks all the NTP sources from either chrony or ntpd (whichever is installed) ends in .illinois.edu. Since IP can change and might even upgrade to IPv6 one day.
...
Code Block | ||
---|---|---|
| ||
sudo dnfyum install -y rpmdevtools rpmdev-setuptree |
...
Put the plugin_ncsa_phase2, default.prf, and defaultnodefault.prf (which skips default checks) in the ~/rpmbuild/SOURCES directory as well.
...
Code Block | ||
---|---|---|
| ||
Name: lynis-ncsa Version: 0.1 Release: 1%{?dist} Summary: NCSA custom Lynis package BuildArch: noarch License: NCSAGPL URL: https://git.ncsa.illinois.edu/irst/lynis-ncsa-plugins Source0: lynis-3.0.6.tar.gz Source1: lynis.sh Source2: default.prf Source3: plugin_ncsa_phase2 Source4: nodefault.prf Requires: bash %description NCSA custom Lynis package with the NCSA plugin %prep cd ${HOME}/rpmbuild/BUILD tar xf ../SOURCES/lynis-3.0.6.tar.gz cp ../SOURCES/lynis.sh . cp ../SOURCES/default.prf . cp ../SOURCES/nodefault.prf . cp ../SOURCES/plugin_ncsa_phase2 . %build chmod +x lynis.sh mv default.prf lynis mv nodefault.prf lynis mv plugin_ncsa_phase2 lynis/plugins %install rm -rf $RPM_BUILD_ROOT mkdir -p $RPM_BUILD_ROOT/%{_bindir} mkdir -p $RPM_BUILD_ROOT/opt mv lynis $RPM_BUILD_ROOT/opt mv lynis.sh $RPM_BUILD_ROOT/%{_bindir}/lynis %clean rm -rf $RPM_BUILD_ROOT %files %{_bindir}/lynis /opt/lynis/ |
Then run
Code Block | ||
---|---|---|
| ||
rpmbuild -bb ~/rpmbuild/SPECS/lynis-ncsa.spec |
...