How to Audit System Security with Lynis on FreeBSD Operating System

Learn how to install, configure, and run security audits using Lynis on a FreeBSD system.

Introduction

System security auditing is a crucial practice to ensure the integrity, confidentiality, and availability of data. FreeBSD, known for its security and performance, provides a robust foundation for secure computing. However, to maintain and strengthen security, administrators must perform regular audits. Lynis is a powerful and widely used open-source security auditing tool that helps identify vulnerabilities, misconfigurations, and potential security weaknesses in Unix-based operating systems, including FreeBSD.

This guide provides a comprehensive overview of how to install, configure, and run security audits using Lynis on a FreeBSD system.

Why Use Lynis for Security Auditing?

Lynis is an industry-standard tool for security auditing, offering several benefits:

  • Comprehensive Security Checks: Scans for security vulnerabilities, misconfigurations, and compliance issues.
  • Lightweight and Non-intrusive: Runs without installing intrusive agents.
  • Customization: Allows tailored security tests based on system requirements.
  • Compliance Checks: Helps with security frameworks like PCI-DSS, ISO 27001, and HIPAA.
  • Detailed Reporting: Provides in-depth logs and reports for further analysis.

Installing Lynis on FreeBSD

Lynis can be installed on FreeBSD using the Ports Collection or the pkg package manager.

Using the pkg Package Manager

  1. Update the FreeBSD package repository:

    sudo pkg update
    
  2. Install Lynis:

    sudo pkg install lynis
    
  3. Verify the installation:

    lynis show version
    

Using the FreeBSD Ports Collection

  1. Navigate to the security section of the Ports tree:

    cd /usr/ports/security/lynis
    
  2. Compile and install Lynis:

    sudo make install clean
    

Running a Basic Security Audit with Lynis

Once installed, you can run a basic security audit using the following command:

sudo lynis audit system

This command performs an in-depth security scan of the FreeBSD system and provides a detailed output, highlighting areas that require attention.

Understanding the Lynis Output

Lynis categorizes findings into different levels:

  • [OK] - No issues found.
  • [WARNING] - Potential security risks that require review.
  • [SUGGESTION] - Recommended improvements for security best practices.

At the end of the audit, Lynis generates a report summarizing security weaknesses and improvement suggestions.

Configuring Lynis for Automated Audits

Customizing Lynis Configuration

Lynis uses a configuration file located at:

/etc/lynis/custom.prf

You can modify this file to customize Lynis’ behavior. For example, to enable or disable specific tests, edit the file accordingly:

echo "skip-test=MAIL-1234" >> /etc/lynis/custom.prf

Scheduling Regular Audits with Cron

To ensure continuous security monitoring, schedule Lynis to run automatically using cron.

  1. Open the crontab editor:

    sudo crontab -e
    
  2. Add a scheduled task to run Lynis daily:

    0 3 * * * /usr/local/bin/lynis audit system --quick > /var/log/lynis.log
    

This ensures that Lynis runs at 3 AM every day and logs the results.

Analyzing and Interpreting Audit Results

Lynis logs its findings in:

/var/log/lynis.log

To review the latest audit results, use:

tail -100 /var/log/lynis.log

Addressing Security Recommendations

  • Kernel Hardening: If Lynis suggests strengthening kernel security, enable security-related sysctl parameters in /etc/sysctl.conf.
  • User and Group Management: Review weak passwords, inactive users, and unnecessary privileged accounts.
  • Firewall Configuration: Ensure that pf (Packet Filter) is enabled and properly configured.
  • Service Hardening: Disable unnecessary services and ensure secure configurations for SSH, Nginx, and other running applications.

Enhancing Security with Lynis Plugins

Lynis supports additional plugins for more advanced security checks. To list available plugins:

lynis show plugins

To enable a specific plugin, modify the Lynis configuration:

echo "activate-plugin=malware" >> /etc/lynis/custom.prf

Keeping Lynis Up to Date

Regular updates ensure that Lynis detects the latest vulnerabilities and security threats.

To update Lynis using pkg:

sudo pkg upgrade lynis

For Ports users:

cd /usr/ports/security/lynis
sudo make clean install

Conclusion

Lynis is a powerful and easy-to-use security auditing tool for FreeBSD that helps identify vulnerabilities and compliance issues. Regular audits with Lynis enhance system security, ensuring a hardened FreeBSD environment. By automating audits and addressing security recommendations, administrators can proactively protect their systems against threats. Implement Lynis as part of your security strategy to maintain a secure and resilient FreeBSD infrastructure.