installing lynis on ubuntu 16.04 notes

auditing linux security

Security auditing on Ubuntu 16.04? If not you should be. One great tool you can use in your arsenal is Lynis security auditing. Yes this is completely redundant with OSSEC wazuh and third party Cloud Trail audits, but there is no harm in triple checking.

Why the paranoia? Because you can’t completely rely on any one system imho so human spot checks, particularly on your endpoints (or honeypots #heh) is an essential part of the process. Plus at AWS you can create a temp “hot” AMI and tear the thing apart while it is in an ACL/Security Group cage, and then delete it without an attacker ever knowing.

Regarding Lynis security auditing, the ubuntu apt package for lynis (e.g. apt install) is still on version 2.1 and the current version is 2.6. First off 2.6 is much faster. Secondarily it gives a lot fewer false positives on Ubuntu 16.04.

My notes from:
https://packages.cisofy.com/community/#debian-ubuntu

# auditing -posts age CHECK THE LINK ABOVE
sudo su
apt install lynis
wget -O - https://packages.cisofy.com/keys/cisofy-software-public.key | sudo apt-key add -
apt install apt-transport-https
echo 'Acquire::Languages "none";' | sudo tee /etc/apt/apt.conf.d/99disable-translations
echo "deb https://packages.cisofy.com/community/lynis/deb/ xenial main" | sudo tee /etc/apt/sources.list.d/cisofy-lynis.list
apt update
apt upgrade
lynis show version

Again – check your version! Note I specified xenial in my notes, because that particular server is on xenial. You might not be. Read the Lynis docs. And happy auditing!

RIP Ian Murdock – you will be remembered

RIP Ian Murdock, founder of Debian Linux which is what powers Tendenci. Without his work in the Open Source Community there could be no Tendenci Membership Software. This is a sad way to end 2015, but I would like to think Ian would want us to continue to invent and create greater freedom and transparency in the world.

I am not good at wording such a tragedy so I will leave you with the respectful post on the debian project blog and links to some news stories on the topid.

ian-murdock