Networking security controls
Control : FIRE-4520
Lynis uses the built-in check of pf to determine if the configuration has any warnings. When the utility shows any, Lynis will trigger this control.
Control : NAME-4018
A misconfigured resolver configuration may result in unexpected system behavior or a decrease in network performance. Worst case it may even make the system unavailable to other systems.
Control : NAME-4402
This test found multiple duplicates in the hosts file
Control : NAME-4404
Add the IP name and FQDN to /etc/hosts for proper name resolving
Control : NAME-4406
For proper resolving, the entries of localhost and the local defined hostname, could be split. Especially with some middleware and some applications, resolving of the hostname to localhost, might confuse the software.
Control : NETW-2704
Nameservers, or DNS servers, are being used to do host resolving. They resolve a hostname like www.google.com into an IP address like 22.214.171.124. If one or more nameservers are not working as expected, it might influence the performance of the system and result in other unexpected issues.
Control : NETW-2705
Connectivity is the central link for systems to communicate. Most communication occurs on layer 3 (network) for interconnected systems. There DNS resolving is very important for proper functioning.DNS resolving, while it is part of the basics, is often overlooked. To limit the chance of failure or bad performance, at least two working name servers are advised.Lynis tests the availability of name servers and if they actually respond to queries. To determine what DNS servers are used, consult the /etc/resolv.conf file.
Control : NETW-3014
When a network interface is actively listening it is in "promiscuous mode". This may happen when running a tool like tcpdump, an IDS, or some other software component.
Control : NETW-3015
This test determines which network interfaces are in a listening state (promiscuous).
Control : NETW-3028
When systems are exchanging data and one of them is waiting, the connection will be displayed as "WAIT" in netstat. In such case it's up to the systems to decide how long they want to keep the connection open, for possible new data. Too much waiting connections might have a bad influence on new connections, as the kernel needs to maintain a long list. If this control shows up, it's usually a matter of determining if the behavior is common and if related applications need to be fine-tuned.
Control : NETW-3032
Consider the usage of a tool which monitors ARP traffic