Security Hardening tool

man_user · 10 September 2020 18:53

Previously in my other distro I was using Lynis as a security hardening tool. In Manjaro I can find Lynis bit outdated with some bugs.
Can anybody suggest which hardening tool you are using which best suits manjaro.

chomsky · 10 September 2020 19:04

chomsky@manjaro ~ $ yay lynis
2 aur/lynis-git 2.6.4.2108.5300475-1 (+4 0.38) (Out-of-date: 2020-08-31)
Security and system auditing tool to harden Unix/Linux systems
1 community/lynis 2.7.5-2 (215.7 KiB 1.3 MiB)
Security and system auditin

You dont want the AUR one but the one in the community repo.
sudo pacman -Syyu lynis will install the package

man_user · 11 September 2020 06:22

Community Version is also bit outdated, 3.0.0 is the latest version.

chomsky · 11 September 2020 07:23

Here you will find the latest version. You can follow the readme.md to install the package or just wait until 3.0 drops from upstream.

Strit · 11 September 2020 07:25

Lynis is a package Manjaro inherites from Arch Linux and has been flagged out of date since June.

chomsky · 11 September 2020 07:32

I can see that Arch is also on version 2.7.5-2 but how can you tell it has been flagged out of date? Just curious…

Strit · 11 September 2020 07:35

In the Package Actions:

out-of-date

mbod · 11 September 2020 07:42

I am using my own lynis 3.0.0 package created with this modified PKGBUILD:

# Maintainer: Levente Polyak <anthraxx[at]archlinux[dot]org>
# Contributor: Sébastien Luttringer <seblu@aur.archlinux.org>

pkgname=lynis
pkgver=3.0.0
pkgrel=1
pkgdesc='Security and system auditing tool to harden Unix/Linux systems'
url='https://cisofy.com/lynis/'
arch=('any')
license=('GPL3')
backup=('etc/lynis/default.prf')
depends=('sh' 'awk')
optdepends=('net-tools: networking tests'
            'bind-tools: nameserver tests'
            'iptables: firewall tests'
            'bash-completion: completion for bash')
source=(https://downloads.cisofy.com/lynis/lynis-${pkgver}.tar.gz{,.asc})
sha512sums=('2f156002ff1cfcd2333c95b57e82e76260364fa58419b9414f2bb461aa77a22c2f1af57a6a934e88030baeb69aa9c274045cfcef359eb496d10acd5b886cb856'
            'SKIP')
validpgpkeys=('73AC9FC55848E977024D1A61429A566FD5B79251') # CISOfy (Software Signing Key) <security@cisofy.com>

prepare() {
  cd ${pkgname}
  sed -e 's|/path/to/lynis|/usr/bin/lynis|g' -i extras/systemd/lynis.service
}

package() {
  cd ${pkgname}

  # application
  install -Dm 755 lynis -t "${pkgdir}/usr/bin"
  install -Dm 644 default.prf -t "${pkgdir}/etc/${pkgname}"
  install -d "${pkgdir}/usr/share/${pkgname}"
  cp -ra db include plugins "${pkgdir}/usr/share/${pkgname}"

  # doc files
  install -Dm 644 README INSTALL CHANGELOG.md FAQ \
    -t "${pkgdir}/usr/share/doc/${pkgname}"
  install -Dm 644 "${pkgname}.8" -t "${pkgdir}/usr/share/man/man8"

  # completion
  install -Dm 644 extras/bash_completion.d/${pkgname} \
    -t "${pkgdir}/usr/share/bash-completion/completions"

  # systemd
  install -Dm 644 extras/systemd/{lynis.service,lynis.timer} \
    -t "${pkgdir}/usr/lib/systemd/system"
}

man_user · 13 September 2020 14:00

I built 3.0.0, Thank you

system · 16 September 2020 14:00

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.