Much better than just getting CVS numbers from nmap . I increased my home server’s rating 10 points in 15 minutes . More hardening will take some research and time. I don’t know how much of a real difference it makes but every little bit helps .
I just heard about this tool on the enterprise linux security podcast, and man this looks like a awesome tool I wish I knew about earlier. I'll be running it on my servers as a way of double checking my work, you can never be too sure.
I ran it on my AlmaLinux (Electric Cheetah) and got a score of 67 pretty impressive consider I have not done much to secure it. This server is really only a test server to check out new apps like this i do have a malware scanner running its the one you did a video on a while back. I have been using and or playing with Linux since 2007 but never went to deeply into really learning it like I should for work. Most of my distros have been Red-hat based linux.
Useful video. I scored 65 on an Ubuntu 21.10 Desktop. What amazed me is, that more than half the systemd services are considered: unsafe. And the lynis.service is considered very unsafe with a 9.6 out of 10 score in systemd-analyze security. The best systemd services are medium safe with a score of 6.x.
Another tool I wasn't familiar with. Security isn't my job, but it's always been an interest for me, but with limited time to learn much. I can see I'll be spending my holidays learning about what I need to do to lock down my boxes. :)
Great tool I will definitely try it later. But, I think what is missing here is the other half of the equation, now that I've identified the issues what tools do I use to resolved them. I don' think installing manually all the suggestion would be fine. Therefore, what tool can we use to complement Lynis?. Thanks in advance.
Super introduction! Have you tried it on a TrueNAS Scale host? If not, would you care to in the future? I'm unfortunately not knowledgeable to be sure if I tried myself.
👍👍👍👍👍THANK You Jay!!! Great tool. Will get it on my Linux "Desktop". Should be a great place to start hardening my systems. Might hv 1 or 2 lab servers to harden, they are seldom power-up. Glad tt I hv subscribed to your channel. Once again, thank you.
What about locking down SSH in Proxmox? I've been reading that it's not recommended because it performs several functions through SSH, like backups for example. What is your recommendation? Thanks
well this just brought up a million questions, hope you have the million videos to answer these questions, some I'm sure I can find like how to enable secure boot, but all those [unsafe] in Systemd may be a little more difficult to solve, maybe not and tons of other things , well I guess I found something to both learn and keep me busy. I got a 64 on Ubuntu 21.10, we'll see if I can raise that Ok well I don't need to worry about secure boot, and maybe this isn't as hard or as bad as I thought. I would think 64 is a low score, but what do I know, lol
Ha ha, my debian sid machine gets 90 updates a week, it's impossible to keep it up to date. (It's our experimental, on-prem minecraft-only server, so no big deal.)
Nothing is 100% secure or safe. Unless it has never been connected to the Internet and has no sensitive data on it - then it is safe and secure, but completely useless.
Much better than just getting CVS numbers from nmap .
I increased my home server’s rating 10 points in 15 minutes . More hardening will take some research and time.
I don’t know how much of a real difference it makes but every little bit helps .
I just heard about this tool on the enterprise linux security podcast, and man this looks like a awesome tool I wish I knew about earlier.
I'll be running it on my servers as a way of double checking my work, you can never be too sure.
OS: Debian 10 Buster
Lynis security scan details:
Hardening index : 61 [############ ]
Tests performed : 248
Plugins enabled : 1
Components:
- Firewall [V]
- Malware scanner [V]
Lynis Modules:
- Compliance Status [?]
- Security Audit [V]
- Vulnerability Scan [V]
Lynis Tech Tips
I ran it on my AlmaLinux (Electric Cheetah) and got a score of 67 pretty impressive consider I have not done much to secure it. This server is really only a test server to check out new apps like this i do have a malware scanner running its the one you did a video on a while back. I have been using and or playing with Linux since 2007 but never went to deeply into really learning it like I should for work. Most of my distros have been Red-hat based linux.
Useful video. I scored 65 on an Ubuntu 21.10 Desktop. What amazed me is, that more than half the systemd services are considered: unsafe. And the lynis.service is considered very unsafe with a 9.6 out of 10 score in systemd-analyze security. The best systemd services are medium safe with a score of 6.x.
Another tool I wasn't familiar with. Security isn't my job, but it's always been an interest for me, but with limited time to learn much. I can see I'll be spending my holidays learning about what I need to do to lock down my boxes. :)
Awesome, glad you were able to discover something new.
Great tool I will definitely try it later. But, I think what is missing here is the other half of the equation, now that I've identified the issues what tools do I use to resolved them.
I don' think installing manually all the suggestion would be fine. Therefore, what tool can we use to complement Lynis?.
Thanks in advance.
66 on an Arch desktop. Love the tool. Thanks, Jay
Hello Jay,
Can you make a video on Amavis ?
I hope it would be really helpful.
Thank you for this video. I am trying it now.
66 on my CentOS web server. Nice suggestion!
Thanks Jay... I got a 64 on my Ubuntu server and 62 on my EndeavourOS desktop,,, :)
LLAP
Super introduction! Have you tried it on a TrueNAS Scale host? If not, would you care to in the future? I'm unfortunately not knowledgeable to be sure if I tried myself.
My hardening index is already growing just watching this.
👍👍👍👍👍THANK You Jay!!!
Great tool. Will get it on my Linux "Desktop". Should be a great place to start hardening my systems.
Might hv 1 or 2 lab servers to harden, they are seldom power-up.
Glad tt I hv subscribed to your channel.
Once again, thank you.
Would be great if there was a dektop version as many recommendations for server would not apply to normal desktop users.
Thanks for the video! Keep up the great work!
What about locking down SSH in Proxmox? I've been reading that it's not recommended because it performs several functions through SSH, like backups for example. What is your recommendation? Thanks
Thanks for sharing, 62 on Manjaro PC
"Linis" in the Philippine language called Tagalog, means "clean" :)
is there any automated script that will.... just do what lyns is showing to do? ;)
On open SUSE Leap 15.3 hardening index 94, but after a fresh install, it is 69.
Hi jay how did you get a domain name for your linode server ??
well this just brought up a million questions, hope you have the million videos to answer these questions, some I'm sure I can find like how to enable secure boot, but all those [unsafe] in Systemd may be a little more difficult to solve, maybe not and tons of other things , well I guess I found something to both learn and keep me busy.
I got a 64 on Ubuntu 21.10, we'll see if I can raise that
Ok well I don't need to worry about secure boot, and maybe this isn't as hard or as bad as I thought. I would think 64 is a low score, but what do I know, lol
nice. thanks
Any partir reason why you use sudo su instead of sudo -i?
I ran it a few weeks ago on my Arch install and got a 65 score.
What is the difference of Lynis to tiger?
Lynis tech tips?
I have the most secure server, it's 100% offline :)
Congratulations, you win! It would be a bit difficult to hack that one.
Ha ha, my debian sid machine gets 90 updates a week, it's impossible to keep it up to date. (It's our experimental, on-prem minecraft-only server, so no big deal.)
Score 82 on Fedora
I thought Linux was safe by default? Now I need the same kind of tool that I need on Windows? Seriously?
Nothing is 100% secure or safe. Unless it has never been connected to the Internet and has no sensitive data on it - then it is safe and secure, but completely useless.
@@HiltonT69 I know that, I am simply making fun of the fanboys who think otherwise.