Just found this tool: Lynis That runs a detailed audit on your Unix-like operating system and provides warnings and/or suggestions for achieving better security. It is geared towards servers so you will probably have more warnings then you would like on a personal system, but I still found the results very interesting. Thought others here might too!
6 Likes
Awesome ran it and checked my system for rootkits. It didnt find any glaring issues but the following services it complained about:
] Boot and services
- Service Manager [ systemd ]
- Boot loader [ NONE FOUND ]
- Check running services (systemctl [ DONE ]
Result: found 34 running services - Check enabled services at boot (systemctl) [ DONE ]
Result: found 40 enabled services - Check startup files (permissions) [ OK ]
- Running ‘systemd-analyze security’
- ModemManager.service: [ MEDIUM ]
- NetworkManager.service: [ EXPOSED ]
- accounts-daemon.service: [ UNSAFE ]
- alsa-state.service: [ UNSAFE ]
- avahi-daemon.service: [ UNSAFE ]
- bluetooth.service: [ MEDIUM ]
- colord.service: [ EXPOSED ]
- cpufrequtils.service: [ UNSAFE ]
- cron.service: [ UNSAFE ]
- dbus.service: [ UNSAFE ]
- dm-event.service: [ UNSAFE ]
- emergency.service: [ UNSAFE ]
- gdm.service: [ UNSAFE ]
- geoclue.service: [ EXPOSED ]
- getty@tty1.service: [ UNSAFE ]
- gnss-share.service: [ UNSAFE ]
- grub-common.service: [ UNSAFE ]
- iio-sensor-proxy.service: [ EXPOSED ]
- inetd.service: [ UNSAFE ]
- jitterentropy.service: [ PROTECTED ]
- loadcpufreq.service: [ UNSAFE ]
- lvm2-lvmpolld.service: [ UNSAFE ]
- packagekit.service: [ UNSAFE ]
- pcscd.service: [ UNSAFE ]
- phosh.service: [ UNSAFE ]
- plymouth-start.service: [ UNSAFE ]
- polkit.service: [ UNSAFE ]
- rc-local.service: [ UNSAFE ]
- rescue.service: [ UNSAFE ]
- rsync.service: [ EXPOSED ]
- rtkit-daemon.service: [ MEDIUM ]
- serial-getty@ttyGS0.service [ UNSAFE ]
- serial-getty@ttymxc0.service: [ UNSAFE ]
- shairport-sync.service: [ UNSAFE ]
- snapd.service: [ UNSAFE ]
- switcheroo-control.service: [ EXPOSED ]
- syncthing@username.service: [ UNSAFE ]
- systemd-ask-password-console.service: [ UNSAFE ]
- systemd-ask-password-plymouth.service: [ UNSAFE ]
- systemd-ask-password-wall.service: [ UNSAFE ]
- systemd-fsckd.service: [ UNSAFE ]
- systemd-initctl.service: [ UNSAFE ]
- systemd-journald.service: [ PROTECTED ]
- systemd-logind.service: [ PROTECTED ]
- systemd-networkd.service: [ PROTECTED ]
- systemd-resolved.service: [ PROTECTED ]
- systemd-rfkill.service: [ UNSAFE ]
- systemd-timesyncd.service: [ PROTECTED ]
- systemd-udevd.service: [ EXPOSED ]
- udisks2.service: [ UNSAFE ]
- unattended-upgrades.service [ UNSAFE ]
- upower.service: [ PROTECTED ]
- user@1000.service: [ UNSAFE ]
- user@116.service: [ UNSAFE ]
- wpa_supplicant.service: [ UNSAFE ]
Any idea on testing the services and making sense of what lynis means by unsafe vs protected? Also are there any i cam safely disable and turn off?
This is where running it on a personal machine you have to realize you are making some compromises. WPA_supplicant allows you to connect to encrypted wifi networks… something basically essential for a laptop but completely unneeded on a server sitting in a datacenter. The rest of those services are most likely a similar situation, they are enabling your computer to be useful for you where as they wouldn’t be needed on a completely locked down system.
1 Like
ok so unsafe on a server not mobile phone, ill just go through the list and see if any stick out as unneeded. i do need wpa_supplicant.
eg. gnss-share, geoclue i dont need since its not out of dev status yet for the phone anyways.
what are the user@1000, 116 services?
1 Like