Skip to content

Networking security controls

Control : FIRE-4520

Lynis uses the built-in check of pf to determine if the configuration has any warnings. When the utility shows any, Lynis will trigger this control.

Control : NAME-4018

A misconfigured resolver configuration may result in unexpected system behavior or a decrease in network performance. Worst case it may even make the system unavailable to other systems.

Control : NAME-4402

This test found multiple duplicates in the hosts file

Control : NAME-4404

Add the IP name and FQDN to /etc/hosts for proper name resolving

Control : NAME-4406

For proper resolving, the entries of localhost and the local defined hostname, could be split. Especially with some middleware and some applications, resolving of the hostname to localhost, might confuse the software.

Control : NETW-2704

Nameservers, or DNS servers, are being used to do host resolving. They resolve a hostname like www.google.com into an IP address like 74.135.133.72. If one or more nameservers are not working as expected, it might influence the performance of the system and result in other unexpected issues.

Control : NETW-2705

Connectivity is the central link for systems to communicate. Most communication occurs on layer 3 (network) for interconnected systems. There DNS resolving is very important for proper functioning.DNS resolving, while it is part of the basics, is often overlooked. To limit the chance of failure or bad performance, at least two working name servers are advised.Lynis tests the availability of name servers and if they actually respond to queries. To determine what DNS servers are used, consult the /etc/resolv.conf file.

Control : NETW-3014

When a network interface is actively listening it is in "promiscuous mode". This may happen when running a tool like tcpdump, an IDS, or some other software component.

Control : NETW-3015

This test determines which network interfaces are in a listening state (promiscuous).

Control : NETW-3028

When systems are exchanging data and one of them is waiting, the connection will be displayed as "WAIT" in netstat. In such case it's up to the systems to decide how long they want to keep the connection open, for possible new data. Too much waiting connections might have a bad influence on new connections, as the kernel needs to maintain a long list. If this control shows up, it's usually a matter of determining if the behavior is common and if related applications need to be fine-tuned.

Control : NETW-3032

Consider the usage of a tool which monitors ARP traffic