Test document
View file | ||
---|---|---|
|
|
*The following word file is base file of the above pdf.
View file | ||||
---|---|---|---|---|
|
Pass (XX19/XX 19 test cases)
Bluval Tests
Execute with reference to the following
...
The initial results compare with the Lynis Incubation: PASS/FAIL Criteria, v1.0 as follows.
IoT Gateway
The Lynis Program Update test MUST pass with no errors.
Code Block |
---|
2022-11-22 07:46:44 Test: Checking for program update... 2022-11-22 07:46:44 Current installed version : 308 2022-11-22 07:46:45 Latest stable version : 308 2022-11-22 07:46:45 No Lynis update available. |
...
PC/Server for robot control
The Lynis Program Update test MUST pass with no errors.
Code Block |
---|
2022-03-23 05:13:56 Test: Checking for program update... 2022-03-23 05:14:03 Current installed version : 308 2022-03-23 05:14:03 Latest stable version : 308 2022-03-23 05:14:03 No Lynis update available |
...
No. | Test | Result | Fix |
---|---|---|---|
1 | Test: Checking PASS_MAX_DAYS option in /etc/login.defs | Result: password aging limits are not configured | Set PASS_MAX_DAYS 180 in /etc/login.defs |
2 | Performing test ID AUTH-9328 (Default umask values) | Test: Checking umask value in /etc/login.defs Result: found umask 022, which could be improved | Set UMASK 027 in /etc/login.defs |
3 | Performing test ID SSH-7440 (Check OpenSSH option: AllowUsers and AllowGroups) | Result: AllowUsers is not set | Configure AllowUsers, AllowGroups in /etc/ssh/sshd_config |
4 | Test: checking for file /etc/network/if-up.d/ntpdate | Result: file /etc/network/if-up.d/ntpdate does not exist Result: Found a time syncing daemon/client. Hardening: assigned maximum number of hardening points for this item (3). Currently having 161 points (out of 238) | OK |
5 | Performing test ID KRNL-6000 (Check sysctl key pairs in scan profile) : Following sub-tests required | N/A | N/A |
5a | sysctl key fs.suid_dumpable contains equal expected and current value (0) | sysctl key fs.suid_dumpable has a different value than expected in scan profile. Expected=0, Real=2 Hardening: assigned partial number of hardening points (0 of 1). Currently having 163 points (out of 253) | Set recommended value in /etc/sysctl.d/90-lynis-hardening.conf |
5b | sysctl key kernel.dmesg_restrict contains equal expected and current value (1) | Result: sysctl key kernel.dmesg_restrict has a different value than expected in scan profile. Expected=1, Real=0 | Set recommended value in /etc/sysctl.d/90-lynis-hardening.conf |
5c | sysctl key net.ipv4.conf.default.accept_source_route contains equal expected and current value (0) | Result: sysctl key net.ipv4.conf.default.accept_source_route has a different value than expected in scan profile. Expected=0, Real=1 | Set recommended value in /etc/sysctl.d/90-lynis-hardening.conf echo 'net.ipv4.conf.default.accept_source_route=0' | sudo tee -a /etc/sysctl.d/90-lynis-hardening.conf sudo /sbin/sysctl --system sudo sysctl -a |grep ipv4.conf.default.accept_source_route |
6 | Test: Check if one or more compilers can be found on the system | Result: found installed compiler. See top of logfile which compilers have been found or use /bin/grep to filter on 'compiler' Hardening: assigned partial number of hardening points (1 of 3). Currently having 180 points (out of 286 Found known binary: as (compiler) - /usr/bin/as Found known binary: cc (compiler) - /usr/bin/cc Found known binary: g++ (compiler) - /usr/bin/g++ Found known binary: gcc (compiler) - /usr/bin/gcc | Uninstall gcc and remove /usr/bin/as, /usr/bin/cc |
Cloud/Edge Cloud
The Lynis Program Update test MUST pass with no errors.
Code Block |
---|
2022-11-28 00:14:35 Test: Checking for program update... 2022-11-28 00:14:35 Current installed version : 308 2022-11-28 00:14:35 Latest stable version : 308 2022-11-28 00:14:35 No Lynis update available. |
...