Description
Although Linux is considered by many to be secure by default, some settings or misconfiguration can weaken a Linux system. To protect your data it is recommended to harden the system. For this purpose, many hardening guides and benchmarks are written (you can find a quick overview here).
Linux comes in different flavours, but some security advices are independent of the distribution. With Greenbone it is possible to check compliance with a policy for Linux hosts (GSF content only).
Scan Configuration
To run a policy scan against a Linux target, import this scan configuration (685.8 KB). If any of the policy test do not match your site policy, you can disable (uncheck) the VT in family “Policy”. Also you can modify the default values of some tests to be more or less restrictive by clicking “Select and edit NVT details” of the VT you want to modify. The default value of a VT is taken to determine the compliance status.
You can suppress reporting for each policy test and instead show summary VTs only by disable “Verbose Policy Controls” in VT “Compliance Tests” (1.3.6.1.4.1.25623.1.0.95888, family: Compliance).
Included VTs
| Name | Family | OID | Details |
|---|---|---|---|
| Compliance Tests | Compliance | 1.3.6.1.4.1.25623.1.0.95888 | Check that Launch Compliance Test and Verbose Policy Controls (optional) are set to yes
|
| Policy Controls Summary | Compliance | 1.3.6.1.4.1.25623.1.0.109006 | |
| Policy Controls: Ok | Policy | 1.3.6.1.4.1.25623.1.0.109804 | Summary of all passed tests |
| Policy Controls: Fail | Policy | 1.3.6.1.4.1.25623.1.0.109805 | Summary of all failed tests |
Linux tests (beginning with Linux: ) |
Policy | 1.3.6.1.4.1.25623.1.0.109714 - 1.3.6.1.4.1.25623.1.0.109836 | VTs performing the actual tests |