Versions Compared

Old Version 8

changes.mady.by.user Zhiqi Cheng

Saved on

compared with

New Version Current

changes.mady.by.user Zhiqi Cheng

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  1. Install the lynis-ncsa RedHat package.
  2. Run lynis audit system

Running Lynis NCSA plugin while skipping Lynis built-in checks:

Code Block
languagebash
cd /opt/lynis
sudo ./lynis audit system --profile nodefault.prf

Running Lynis NCSA version with Lynis built-in checks:

Code Block
languagebash
sudo lynis audit system


Checks inside the plugin:

...

Checks if rsyslog remote destination is set per Syslog Remote Logging Best Practices suggests.

NCSA-NTP

(Lazy version) Checks all the NTP sources from either chrony or ntpd (whichever is installed) ends in .illinois.edu. Since IP can change and might even upgrade to IPv6 one day.

...

Reference from: https://www.redhat.com/sysadmin/create-rpm-package

Code Block
languagebash
$ sudo dnfyum install -y rpmdevtools rpmlint
$ rpmdev-setuptree

This will setup the rpm packaging environment. Then, download the Lynis tarball from Lynis official website and place it in ~/rpmbuild/SOURCES, note the filename to use later in the spec file.

Put the plugin_ncsa_phase2, default.prf, and defaultnodefault.prf (which skips default checks) in the ~/rpmbuild/SOURCES directory as well.

Place the following content into lynis.sh under ~/rpmbuild/SOURCES directory as well.

Code Block
languagebash
#!/bin/bash
cd /opt/lynis
exec ./lynis "$@"

Place the following content into lynis-ncsa.spec under ~/rpmbuild/SPECS

Code Block
languagetext
Name:		lynis-ncsa
Version:	0.1
Release:	1%{?dist}
Summary:	NCSA custom Lynis package
BuildArch:	noarch
License:	NCSAGPL
URL:		https://git.ncsa.illinois.edu/irst/lynis-ncsa-plugins
Source0:	lynis-3.0.6.tar.gz
Source1:	lynis.sh
Source2:	default.prf
Source3:	plugin_ncsa_phase2
Source4:	nodefault.prf
Requires:	bash

%description
NCSA custom Lynis package with the NCSA plugin

%prep
cd ${HOME}/rpmbuild/BUILD
tar xf ../SOURCES/lynis-3.0.6.tar.gz
cp ../SOURCES/lynis.sh .
cp ../SOURCES/default.prf .
cp ../SOURCES/nodefault.prf .
cp ../SOURCES/plugin_ncsa_phase2 .

%build
chmod +x lynis.sh
mv default.prf lynis
mv nodefault.prf lynis
mv plugin_ncsa_phase2 lynis/plugins

%install
rm -rf $RPM_BUILD_ROOT
mkdir -p $RPM_BUILD_ROOT/%{_bindir}
mkdir -p $RPM_BUILD_ROOT/opt
mv lynis $RPM_BUILD_ROOT/opt
mv lynis.sh $RPM_BUILD_ROOT/%{_bindir}/lynis

%clean
rm -rf $RPM_BUILD_ROOT

%files
%{_bindir}/lynis
/opt/lynis/

Then run

Code Block
languagebash
rpmbuild -bb ~/rpmbuild/SPECS/lynis-ncsa.spec

which will build the rpm package under ~/rpmbuild/RPMS/noarch/