Linux Server Security Audit with LBSA

February 6, 2015 / Dedicated Server Hosting

First of all, we will see what LBSA is: The security of Linux systems often requires regular testing with various settings and configurations. That is also often common to several systems.

For an instance, you have large Linux server farm on which you want to change the default port for the SSH service. It useful to have a tool that allows you to quickly check whether the configuration has made. This is where LBSA (Linux Security Audit Basic Script) can be used.

This is a bash script (.sh) that performs a set of verification on system security in order to establish a final report on areas for improvement. The goal is to have a set of security issue checked to establish a base on the safety of the system.

Among the audits conducted by the script:

* Rules on the .ssh directory users.
* Vulnerability in the assembly or the rights assigned to fixtures and common directories (e.g. / tmp)
* SSH configuration (Port RootPermitLogin …)
* Type and strength of the hash used in the file /etc./shadow
* Etc…

It is important to know that the scripts are far from exhaustive. And it is not because it does not return for improvement that your system is 100% secure. LBSA only checks security issues it designed to check and probably not go beyond. LBSA is just there to have an audit based on the system.

Using the script LBSA: The first thing to do is to write the script on your system, do not panic. It can found quickly on the following website:

Linux Security Audit Basic script (LBSA) – http://wiki.metawerx.net/wiki/LBSA

Just then open a file on your system (for example: lbsa.sh) with your favorite text editor. And write the contents of the script in it (note: while copying and pasting, do not copy it to have fun hand). You will then need to save this file and make it executable. Adjust the file’s rights so it cannot be changed by anyone:

Chmod 500 lbsa.sh

You can then run the script to carry out its audits:

./lbsa.sh

Note: It is important to know that LBSA does not make any configuration changes or write on the system.

Depending on the configuration of your system you can then see a set of tips. For example, if your one or more account passwords are using a single round of hashing. Then LBSA will advise you to harden the hash used in the file /etc. /shadow. Which by default uses 1 round hash.

In this case, LBSA will recommend you to set up multiple “towers” (round) has to make the crack more complex and longer hash. It will also give you the associate commands line.

LBSA also detects the rights of vulnerable SSH configurations:

Here are tips on the rights to be positioned on the SSH configuration to no longer be changed easily. I also think about running this script on my system recommendations for the rights to affect my SSH directories.

You can often use LBSA to check configured scripts status to detect configuration changes that may indicate the presence of an intrusion.

During an intrusion, a hacker will often seek to change some settings to return later or have more privileges. LBSA and differential results can then highlight a configuration change or a change in law in relation to a previous audit.

Modification and customization of LBSA:

The fact that this script is bash makes its modification and adaptation to any simple environment if one has some bash notions.

Indeed, one can well imagine matching security check to a company security policy by adding additional checks built right into the script.

For our part, we add such testing rights to a different folder. But more complex audits, we just need to understand how the script was written and add our own checks. While enjoying the examination basis LBSA provides.