Skip to content

Software security controls

Control : PKGS-7308

Empty output of RPM command

Control : PKGS-7312

This control shows up when there are update for systems running pacman.

Control : PKGS-7314

This control checks the configuration of pacman, a package manager used on Arch Linux.

Control : PKGS-7320

To determine which packages have a known vulnerability, consider using a tool like arch-audit.

Control : PKGS-7322

The arch-audit tool may have discovered some vulnerable packages.

Control : PKGS-7330

When this Lynis control is triggered, vulnerable software packages have been found on the system.

Control : PKGS-7346

While not directly a security concern, unpurged packages are not installed but still have remains left on the system (e.g. configuration files). In case software is reinstalled, an old configuration might be applied. Proper cleanups are therefore advised.

Control : PKGS-7348

Lynis tests for unused distfiles on FreeBSD systems

Control : PKGS-7370

Install the debsums utility for additional checks.

Control : PKGS-7380

Vulnerable packages are a serious risk for the stability and security of a system. When this control shows up, one or more vulnerable software packages have been found. These packages, especially when listening on a network interface, might be abused by attackers.

Control : PKGS-7382

Portaudit tests packages on FreeBSD based systems and determines what software is vulnerable. Discovered software is a security risk and should be investigated.

Control : PKGS-7383

For systems using the yum package manager, a repolist is being checked. If not found, this might indicate that the system is not properly configured to receive updates. Check if yum is properly functioning and receiving package updates. Registration might be needed to fix this problem.

Control : PKGS-7384

Install package 'yum-utils' for better consistency checking of the package database

Control : PKGS-7386

Install package yum-plugin-security to maintain security updates easier

Control : PKGS-7387

This control test if the software repositories via YUM are available. If not, it might be due to bad configuration (e.g. missing registration with RHN).

Control : PKGS-7388

This control tests for the presence of a security repository in the updates. On most Debian based systems this line is there by default, to allow the installation of security patches. When this line is not available, it might indicate that this system does not receive security patches. An alternative is that it uses a merged tree, in that case this control should be ignored for this particular system.

Control : PKGS-7392

Lynis tests for vulnerable packages, packages with known security flaws and which already have an update available.

Control : PKGS-7393

This controls checks for vulnerable packages on Gentoo based systems

Control : PKGS-7394

This control tests for available upgrades on Ubuntu. Depending on your software upgrade policy, determine if this control is too strict.

Control : PKGS-7398

Most operating systems provide a tool to check for security packages, to fix vulnerable versions of installed software. When possible, install such tool.

Control : PKGS-7410

Most Linux distributions use a kernel package to easily allow upgrading it when bugs or security flaws were found. This test determines the number of installed packages.

Control : PKGS-7420

This Lynis test determines if there is a toolkit installed to automatically download and apply upgrades.