Any operating system is as strong as its weakest link. In the case of Linux, any weakness in its kernel would imply a total compromise of the system. Hence it is necessary to check the security configuration of the Linux kernel.
In this topic, we will see how to use Lynis to check for kernel parameters automatically. Lynis has several predefined key pairs to look for in kernel configuration and accordingly provide advice.
To view or edit any security related parameter of Linux kernel, there is the /etc/sysctl.conf
file. All the parameters are stored in this file and this is read during boot time. If you wish to see the available kernel parameters in this file, you can do so by running the command:sysctl -a
. This command will display an extensive list of configuration settings. The kernel security parameters are also in this list. Lynis helps check the kernel security parameters in this file automatically, thus avoiding the hassle of checking...