Just found this tool: Lynis That runs a detailed audit on your Unix-like operating system and provides warnings and/or suggestions for achieving better security. It is geared towards servers so you will probably have more warnings then you would like on a personal system, but I still found the results very interesting. Thought others here might too!
Awesome ran it and checked my system for rootkits. It didnt find any glaring issues but the following services it complained about:
] Boot and services
- Service Manager [ systemd ]
- Boot loader [ NONE FOUND ]
- Check running services (systemctl [ DONE ]
Result: found 34 running services - Check enabled services at boot (systemctl) [ DONE ]
Result: found 40 enabled services - Check startup files (permissions) [ OK ]
- Running ‘systemd-analyze security’
- ModemManager.service: [ MEDIUM ]
- NetworkManager.service: [ EXPOSED ]
- accounts-daemon.service: [ UNSAFE ]
- alsa-state.service: [ UNSAFE ]
- avahi-daemon.service: [ UNSAFE ]
- bluetooth.service: [ MEDIUM ]
- colord.service: [ EXPOSED ]
- cpufrequtils.service: [ UNSAFE ]
- cron.service: [ UNSAFE ]
- dbus.service: [ UNSAFE ]
- dm-event.service: [ UNSAFE ]
- emergency.service: [ UNSAFE ]
- gdm.service: [ UNSAFE ]
- geoclue.service: [ EXPOSED ]
- getty@tty1.service: [ UNSAFE ]
- gnss-share.service: [ UNSAFE ]
- grub-common.service: [ UNSAFE ]
- iio-sensor-proxy.service: [ EXPOSED ]
- inetd.service: [ UNSAFE ]
- jitterentropy.service: [ PROTECTED ]
- loadcpufreq.service: [ UNSAFE ]
- lvm2-lvmpolld.service: [ UNSAFE ]
- packagekit.service: [ UNSAFE ]
- pcscd.service: [ UNSAFE ]
- phosh.service: [ UNSAFE ]
- plymouth-start.service: [ UNSAFE ]
- polkit.service: [ UNSAFE ]
- rc-local.service: [ UNSAFE ]
- rescue.service: [ UNSAFE ]
- rsync.service: [ EXPOSED ]
- rtkit-daemon.service: [ MEDIUM ]
- serial-getty@ttyGS0.service [ UNSAFE ]
- serial-getty@ttymxc0.service: [ UNSAFE ]
- shairport-sync.service: [ UNSAFE ]
- snapd.service: [ UNSAFE ]
- switcheroo-control.service: [ EXPOSED ]
- syncthing@username.service: [ UNSAFE ]
- systemd-ask-password-console.service: [ UNSAFE ]
- systemd-ask-password-plymouth.service: [ UNSAFE ]
- systemd-ask-password-wall.service: [ UNSAFE ]
- systemd-fsckd.service: [ UNSAFE ]
- systemd-initctl.service: [ UNSAFE ]
- systemd-journald.service: [ PROTECTED ]
- systemd-logind.service: [ PROTECTED ]
- systemd-networkd.service: [ PROTECTED ]
- systemd-resolved.service: [ PROTECTED ]
- systemd-rfkill.service: [ UNSAFE ]
- systemd-timesyncd.service: [ PROTECTED ]
- systemd-udevd.service: [ EXPOSED ]
- udisks2.service: [ UNSAFE ]
- unattended-upgrades.service [ UNSAFE ]
- upower.service: [ PROTECTED ]
- user@1000.service: [ UNSAFE ]
- user@116.service: [ UNSAFE ]
- wpa_supplicant.service: [ UNSAFE ]
Any idea on testing the services and making sense of what lynis means by unsafe vs protected? Also are there any i cam safely disable and turn off?
This is where running it on a personal machine you have to realize you are making some compromises. WPA_supplicant allows you to connect to encrypted wifi networks… something basically essential for a laptop but completely unneeded on a server sitting in a datacenter. The rest of those services are most likely a similar situation, they are enabling your computer to be useful for you where as they wouldn’t be needed on a completely locked down system.
ok so unsafe on a server not mobile phone, ill just go through the list and see if any stick out as unneeded. i do need wpa_supplicant.
eg. gnss-share, geoclue i dont need since its not out of dev status yet for the phone anyways.
what are the user@1000, 116 services?