agenda - security auditing and compliance solutions - cisofy · 2018. 6. 6. · security auditing...
TRANSCRIPT
Agenda
Linux security
1. System hardening2. Technical audits3. Automation
2
Michael Boelen
3
Linux security
4
Areas Core Resources Services Environment
System Hardening Boot ProcessContainersFrameworksKernelService ManagerVirtualization
AccountingAuthenticationCgroupsCryptographyLoggingNamespacesNetworkSoftwareStorageTime
DatabaseMailMiddlewareMonitoringPrintingShellWeb
ForensicsIncident ResponseMalwareRisksSecurity MonitoringSystem Integrity
Security Auditing
Compliance
System Hardening
Security 101
● Ongoing process
● Prevention || Detection
● React and mitigate:○ Hearthbleed
○ Spectre and Meltdown
6
7
8
Hardening 101
Defenses
● New● Existing● Reduce weaknesses
(= attack surface)
9
Photo Credits: http://commons.wikimedia.org/wiki/User:Wilson44691
Hardening
Resources
● Center for Internet Security (CIS)● NSA → NIST● OWASP● Vendors● The Internet
10
11
Auditing
Auditing
Why?
● Quality
● Assurance
14
15
Audit (or some pentests)
Typically:10 Run vulnerability scanner20 Apply fix30 goto 10
16
Audit
Better:10 Select target(s)20 Perform audit30 Risk analysis40 Define automation steps50 Implement hardening60 goto 10
17
Automation
Lynis
19
How it works
● Initialization● Run
○ Helpers○ Plugins○ Tests
● Show audit results
20
21
22
Why Lynis?
Flexibility● No dependencies*● Understandable● Create your own tests
* Besides common tools like awk, grep, ps
23
Why Lynis?
Three pillars1. First impression2. Keep it simple3. Next step
24
Why Lynis?
Next step:
25
Running Lynis
● lynis
● lynis audit system
● lynis show
● lynis show commands
26
Lynis Profiles
Optional configuration● Default.prf● Custom.prf● Other profiles
28
Automation
Dealing with findings● Log + website● Create hardening snippet● Automate via Chef, Puppet, Salt, etc.
29
Let’s summarize
Summary
Take action:
1. Perform regular scans2. Get that low-hanging fruit3. Automate the outcome
31
You finished this presentation
Success!
Questions?
Connect● Twitter: @mboelen● LinkedIn: Michael Boelen
Relevant project: https://LinuxSecurity.Expert(security tools, checklists, guides)
33
Learn more?
Follow● Blog Linux Audit (linux-audit.com)● Twitter @mboelen
This presentation will be available at michaelboelen.com
34