Test document
Lynis
Nexus URL TBD
The initial results compare with the Lynis Incubation: PASS/FAIL Criteria, v1.0 as follows.
PC/Server for robot control
The Lynis Program Update test MUST pass with no errors.
Fix: Download and run the latest Lynis directly on SUT.
Steps To Implement Security Scan Requirements#InstallandExecute
The following list of tests MUST complete as passing
| No. | Test | Result | Fix |
|---|---|---|---|
| 1 | Test: Checking PASS_MAX_DAYS option in /etc/login.defs | Result: number of password hashing rounds is not configured | |
| 2 | Performing test ID AUTH-9328 (Default umask values) | ||
| 3 | Performing test ID SSH-7440 (Check OpenSSH option: AllowUsers and AllowGroups) | ||
| 4 | Test: checking for file /etc/network/if-up.d/ntpdate | ||
| 5 | Performing test ID KRNL-6000 (Check sysctl key pairs in scan profile) : Following sub-tests required | ||
| 5a | sysctl key fs.suid_dumpable contains equal expected and current value (0) | ||
| 5b | sysctl key kernel.dmesg_restrict contains equal expected and current value (1) | ||
| 5c | sysctl key net.ipv4.conf.default.accept_source_route contains equal expected and current value (0) | ||
| 6 | Test: Check if one or more compilers can be found on the system |