A UNIX security auditing tool based on several security frameworks. This scripts generates a scored audit report of a Unix host’s security. It is based on the CIS and other frameworks. Where possible there are references to the CIS and other benchmarks in the code documentation.
It can perform a lockdown. Unlike some other scripts it has the capability to backout changes. Files are backed up using cpio to a directory based on the date. Although it can perform a lockdown, as previously stated, we would recommend you address the warnings via policy, documentation and configuration management.
Supported Operating System
-
Linux
- RHEL 5,6,7
- Centos 5,6,7
- Scientific Linux
- SLES 10,11,12
- Debian
- Ubuntu
- Amazon Linux
- Solaris (6,7,8,9,10 and 11)
- Mac OS X
- FreeBSD (needs more testing)
- AIX (needs more testing)
- ESXi (initial support – some tests)
How to run
Enter the following command to run lunar.
Usage: ./lunar.sh -[a|A|s|S|d|p|c|l|h|c|V] -[u]
-a: Run in audit mode (no changes made to system)
-A: Run in audit mode (no changes made to system)
[includes filesystem checks which take some time]
-s: Run in selective mode (only run tests you want to)
-d: Print information for a specific test
-S: List functions available to selective mode
-l: Run in lockdown mode (changes made to system)
-L: Run in lockdown mode (changes made to system)
[includes filesystem checks which take some time]
-c: Show changes previously made to system
-p: Show previously versions of file
-u: Undo lockdown (changes made to system)
-h: Display usage
-V: Display version
-v: Verbose mode [used with -a and -A]
[Provides more information about the audit taking place]