Enhancing your system's security and achieving a robust 70%-80% in Lynis audit can be facilitated by studying and installing the following files and tools. While originally designed for openSUSE, you are encouraged to adapt them for compatibility with other Linux distributions. Important Note: Read Before Proceeding
These files do not guarantee an impervious system; they do not preemptively prevent threats or impose mandatory changes to your system configuration. Similar to my approach, you may run Lynis periodically to ensure the foundational aspects of your system are in order. It's important to clarify that these files are not proclaimed as the best, better, or ultimate examples. Instead, they serve as a starting point for an ongoing journey toward a secure system, allowing you to eventually disconnect your servers from the internet and experience a genuine sense of safety.
Feel free to enhance and fine-tune these files through pull requests, recognizing that they provide a foundation for improvement.
It's worth noting that I may lack expertise in system security or sysadmin practices. If you identify areas for improvement or have insights, kindly contribute constructively rather than pointing out my limited knowledge.
To fully satisfy Lynis, consider installing the following tools (in no particular order):
- Rootkit Hunter Project - Website: http://rkhunter.sourceforge.net/
- Open Source Tripwire - Website: https://github.com/Tripwire/tripwire-open-source
- The GNU Accounting Utilities - Website: https://www.gnu.org/software/acct/
- Sysstat - Website: http://sebastien.godard.pagesperso-orange.fr
- Netstat - Website: https://sourceforge.net/projects/net-tools/
- Auditd - Website: http://people.redhat.com/sgrubb/audit/
- Fail2ban - Website: https://www.fail2ban.org
Installing and configuring these tools in combination can contribute significantly to your system's security posture. Remember to stay proactive and adapt these resources to your specific needs.