Tests

We use Lynis to look for security holes. Unfortunately, Ubuntu (again) contains an old version. The following is how get the newest version:

dpkg -s apt-transport-https | grep -i status

Shows us that the HTTPS transport is not installed. Do this with

sudo apt-get install apt-transport-https

Now that we can use HTTPS we can install the program itself.

sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys C80E383C3DE9F082E01391A0366C67DE91CA5D5F
echo "deb https://packages.cisofy.com/community/lynis/deb/ stable main" | sudo tee /etc/apt/sources.list.d/cisofy-lynis.list
sudo apt update
sudo apt install lynis

Finally we’re ready to rock:

sudo lynis audit system | less -R

Walk through the output and figure out how to secure stuff.

cat /var/log/lynis.log | grep Suggestion

Links

• https://packages.cisofy.com/community/#debian-ubuntu
• https://www.digitalocean.com/community/tutorials/how-to-perform-security-audits-with-lynis-on-ubuntu-16-04
• https://cisofy.com/lynis/controls/