Downloaded 36 times
![Server Hardening
Open source audit tool – Lynis (2/3)
Installing & using Lynis
1] Create /etc/yum.repos.d/cisofy-lynis.repo
# vi /etc/yum.repos.d/cisofy-lynis.repo
and add
[lynis]
name=CISOfy Software - Lynis package
baseurl=https://packages.cisofy.com/community/lynis/rpm/
enabled=1
gpgkey=https://packages.cisofy.com/keys/cisofy-software-rpms-public.key
gpgcheck=1
priority=2
and save the file](https://image.slidesharecdn.com/devsecops-191007230831/85/DevSecOps-17-320.jpg)
![Server Hardening
Open source audit tool – Lynis (3/3)
Lynis (continued)
2] Update additional packages
# yum update ca-certificates curl nss openssl
3] Installing Lynis
# yum install lynis
3] Running audit
# lynis audit system](https://image.slidesharecdn.com/devsecops-191007230831/85/DevSecOps-18-320.jpg)
Uploaded byJoel Divekar
DevSecOps
This document discusses DevSecOps and provides information about integrating security practices into the DevOps process. It describes how DevSecOps improves upon traditional DevOps by adding security checks to code, containers, and infrastructure. These checks help detect vulnerabilities, sensitive information, and non-compliance before code is deployed. The document also introduces the open-source auditing tool Lynis, which scans servers to identify vulnerabilities and compliance issues across the operating system, network settings, authentication methods, and more.
More Related Content
![[DevSecOps Live] DevSecOps: Challenges and Opportunities](https://cdn.slidesharecdn.com/ss_thumbnails/20200316dsochallengesopportunities-200416111818-thumbnail.jpg?width=640&height=640&fit=bounds)
DevSecOps
- 1. DevSecOps Joel Divekar KL, Malaysia WhatsApp: +60 123700515 / +91 9920208223 Mail : joel.divekar@gmail.com Skype : joel_divekar@hotmail.com Blog: http://joeldivekar.blogspot.com/ Linkedin : http://www.linkedin.com/in/joeldivekar Presentation : http://www.slideshare.net/JoelDivekar
- 2.
- 3. DevOps is aPhilosophy Not a method Nor a framework Nor knowledge
- 4. DevOps is Unifying Developmentand Operations It’s a way of doing development activities, a way of thinking Its a Culture
- 5. DevOps is ... Automation ofvarious tasks for application / service deployment and its management
- 6. DevOps process Developerwrites the code and pushes it to centralised repository Central repository maintains version control CI / CD server pulls the code and compiles & builds artifacts/binaries These artifacts/binaries are then pushed to the central repository Then artifacts/binaries are pulled out and deployed to staging for testing Depending upon the deployment stategy services are deployed as a containers After successful UAT/QA the deployment is done on production environment And production uptime is monitored using monitoring services
- 7. Key Phases ofDevOps Version Control Continuous Integration / Continuous Deployment Configuration Management / Automation Virtualisation / Containers Monitoring Logs management
- 8. Open Source Tools Version Control – Git Build and CI – Ant, Maven, Gradle, Jenkin, Hudson ... Configuration Management / Automation – Chef, Puppet, Ansible Virtualisation – VirtualBox, Xen Container – LXC, Docker, Kubernetes, Rocket Monitoring – Nagios Core, Icinga 2 Logging – Graylog, Logstash Security – Nmap, OSSEC, OpenVAS, Metasploit ...
- 9. Well this isold way of doing things Now its ...
- 10.
- 11. DevSecOps brings innew changes
- 12. Before developerscan push the code to centralised repository, it is checked for sensitive information like access keys, SSH keys Also config files are checked for credentials Software stack is analysed for unpatched vulnerabilities & dependencies Automated security code reviews for SQL injections, cross-site scripting etc Web Application scanners are scanning target applications / micro services (APIs) for vulnerabilities
- 13. Container imagesare scanned before being used Also whole production network / environment are scanned for vulnerabilities Organisations apply compliance controls for their infrastructure to abide by defined best practices and regulations like PCI DSS, PA DSS, HIPAA, SOX etc Now that production systems are faced with new and unknow threats or unforseen vectors so monitoring & server logging systems are inplace to alert any anomolies noticed or zero day attacks
- 14.
- 15. DevSecOps – PartIIDated : 26th Aug 2019 Joel Divekar KL, Malaysia WhatsApp : +91 9920208223 / +60 123700515 Mail : joel.divekar@gmail.com Skype : joel_divekar@hotmail.com Blog: http://joeldivekar.blogspot.com/ Linkedin : http://www.linkedin.com/in/joeldivekar Presentation : http://www.slideshare.net/JoelDivekar
- 16. Server Hardening Open sourceaudit tool – Lynis (1/3) Lynis is a tool which audits server to check vulnerabilities and gives you audit report with suggestions - Kernel - Boot & services - Memory & running processes - Users and groups - Authentications - Shells - File system - DNS services - Networking - SSH - SNMP support - Logging - Scheduled / Cron jobs - Time service - File integrity / permissions - Malware / Antivirus tools
- 17. Server Hardening Open sourceaudit tool – Lynis (2/3) Installing & using Lynis 1] Create /etc/yum.repos.d/cisofy-lynis.repo # vi /etc/yum.repos.d/cisofy-lynis.repo and add [lynis] name=CISOfy Software - Lynis package baseurl=https://packages.cisofy.com/community/lynis/rpm/ enabled=1 gpgkey=https://packages.cisofy.com/keys/cisofy-software-rpms-public.key gpgcheck=1 priority=2 and save the file
- 18. Server Hardening Open sourceaudit tool – Lynis (3/3) Lynis (continued) 2] Update additional packages # yum update ca-certificates curl nss openssl 3] Installing Lynis # yum install lynis 3] Running audit # lynis audit system
- 19. Thanks for yourtime & please join my meetup groups DevSecOps Infra / Cloud Security Blockchain