Software security controls
Control : PKGS-7308
Empty output of RPM command
Control : PKGS-7312
This control shows up when there are update for systems running pacman.
Control : PKGS-7314
This control checks the configuration of pacman, a package manager used on Arch Linux.
Control : PKGS-7320
To determine which packages have a known vulnerability, consider using a tool like arch-audit.
Control : PKGS-7322
The arch-audit tool may have discovered some vulnerable packages.
Control : PKGS-7330
When this Lynis control is triggered, vulnerable software packages have been found on the system.
Control : PKGS-7346
While not directly a security concern, unpurged packages are not installed but still have remains left on the system (e.g. configuration files). In case software is reinstalled, an old configuration might be applied. Proper cleanups are therefore advised.
Control : PKGS-7348
Lynis tests for unused distfiles on FreeBSD systems
Control : PKGS-7370
Install the debsums utility for additional checks.
Control : PKGS-7380
Vulnerable packages are a serious risk for the stability and security of a system. When this control shows up, one or more vulnerable software packages have been found. These packages, especially when listening on a network interface, might be abused by attackers.
Control : PKGS-7382
Portaudit tests packages on FreeBSD based systems and determines what software is vulnerable. Discovered software is a security risk and should be investigated.
Control : PKGS-7383
For systems using the yum package manager, a repolist is being checked. If not found, this might indicate that the system is not properly configured to receive updates. Check if yum is properly functioning and receiving package updates. Registration might be needed to fix this problem.
Control : PKGS-7384
Install package 'yum-utils' for better consistency checking of the package database
Control : PKGS-7386
Install package yum-plugin-security to maintain security updates easier
Control : PKGS-7387
This control test if the software repositories via YUM are available. If not, it might be due to bad configuration (e.g. missing registration with RHN).
Control : PKGS-7388
This control tests for the presence of a security repository in the updates. On most Debian based systems this line is there by default, to allow the installation of security patches. When this line is not available, it might indicate that this system does not receive security patches. An alternative is that it uses a merged tree, in that case this control should be ignored for this particular system.
Control : PKGS-7392
Lynis tests for vulnerable packages, packages with known security flaws and which already have an update available.
Control : PKGS-7393
This controls checks for vulnerable packages on Gentoo based systems
Control : PKGS-7394
This control tests for available upgrades on Ubuntu. Depending on your software upgrade policy, determine if this control is too strict.
Control : PKGS-7398
Most operating systems provide a tool to check for security packages, to fix vulnerable versions of installed software. When possible, install such tool.
Control : PKGS-7410
Most Linux distributions use a kernel package to easily allow upgrading it when bugs or security flaws were found. This test determines the number of installed packages.
Control : PKGS-7420
This Lynis test determines if there is a toolkit installed to automatically download and apply upgrades.