Versions Compared

Old Version 25

changes.mady.by.user Wenhui Zhang

Saved on

compared with

New Version 26

changes.mady.by.user Wenhui Zhang

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Table of Contents

Vuls

Vuls will be integrated with Blueprint Validation Framework (Bluval User Guide)

...

Exceptions for vulnerabilities must be sent to the security sub-committee.

Lynis

Lynis requires to run on SUT (System Under Test). The overall test framework will the similar to that of Vuls. As to the Lynis installation, there are two options:

...

1Performing test ID BOOT-5122 (Check for GRUB boot password)
2Performing test ID BOOT-5184 (Check permissions for boot files/scripts)
3Test: Checking presence /var/run/reboot-required.pkgs
4Performing test ID AUTH-9228 (Check password file consistency with pwck)
5Performing test ID AUTH-9229 (Check password hashing methods)
6Test: Checking SHA_CRYPT_MIN_ROUNDS option in /etc/login.defs
7Test: Checking PASS_MAX_DAYS option in /etc/login.defs
8Test: collecting accounts which have an expired password (last day changed + maximum change time)
9Performing test ID AUTH-9328 (Default umask values)
10Performing test ID FILE-6368 (Checking ACL support on root file system)
11Performing test ID USB-2000 (Check USB authorizations)
12Performing test ID USB-3000 (Check for presence of USBGuard)
13Performing test ID PKGS-7370 (Checking for debsums utility)
14Performing test ID PKGS-7388 (Check security repository in apt sources.list file)
15Performing test ID SSH-7408 (Check SSH specific defined options)
16Test: Checking AllowTcpForwarding in /tmp/lynis.ZotHQ7RQAj
17Test: Checking ClientAliveCountMax in /tmp/lynis.ZotHQ7RQAj
18Test: Checking ClientAliveInterval in /tmp/lynis.ZotHQ7RQAj
19Test: Checking FingerprintHash in /tmp/lynis.ZotHQ7RQAj
20Test: Checking IgnoreRhosts in /tmp/lynis.ZotHQ7RQAj
21Test: Checking MaxAuthTries in /tmp/lynis.ZotHQ7RQAj
22Test: Checking MaxSessions in /tmp/lynis.ZotHQ7RQAj
23Test: Checking Port in /tmp/lynis.ZotHQ7RQAj
24Test: Checking StrictModes in /tmp/lynis.ZotHQ7RQAj
25Test: Checking TCPKeepAlive in /tmp/lynis.ZotHQ7RQAj
26Performing test ID SSH-7440 (Check OpenSSH option: AllowUsers and AllowGroups)
27Test: checking for file /etc/network/if-up.d/ntpdate
28Performing test ID KRNL-6000 (Check sysctl key pairs in scan profile)
29Test: Check if one or more compilers can be found on the system

...


Kuber-Hunter

PASS/FAIL Criteria

The kube-hunter vulnerabilities listed as 'Yes' in the 'Critical' column MUST be resolved.

...