\u5728\u7576\u4eca\u7684\u6578\u4f4d\u6642\u4ee3\uff0c\u4f3a\u670d\u5668\u7684\u5b89\u5168\u6027\u548c\u7a69\u5b9a\u6027\u5c0d\u65bc\u4f01\u696d\u904b\u71df\u81f3\u95dc\u91cd\u8981\u3002Linux\u4f5c\u70ba\u4e00\u500b\u958b\u6e90\u7684\u64cd\u4f5c\u7cfb\u7d71\uff0c\u5ee3\u6cdb\u61c9\u7528\u65bc\u4f3a\u670d\u5668\u74b0\u5883\u4e2d\u3002\u7136\u800c\uff0c\u96a8\u8457\u7db2\u7d61\u653b\u64ca\u7684\u65e5\u76ca\u589e\u591a\uff0c\u78ba\u4fdd\u4f3a\u670d\u5668\u7684\u5b89\u5168\u6027\u8b8a\u5f97\u6108\u52a0\u91cd\u8981\u3002\u57fa\u7dda\u6aa2\u67e5\u5de5\u5177\u4fbf\u662f\u4fdd\u969c\u4f3a\u670d\u5668\u5b89\u5168\u7684\u4e00\u500b\u91cd\u8981\u624b\u6bb5\u3002\u672c\u6587\u5c07\u4ecb\u7d39\u5e7e\u6b3e\u63a8\u85a6\u7684Linux\u57fa\u7dda\u6aa2\u67e5\u5de5\u5177\uff0c\u5e6b\u52a9\u60a8\u5168\u65b9\u4f4d\u4fdd\u969c\u4f3a\u670d\u5668\u7684\u5b89\u5168\u6027\u3002<\/p>\n
\u57fa\u7dda\u6aa2\u67e5\u5de5\u5177\u662f\u7528\u4f86\u8a55\u4f30\u7cfb\u7d71\u914d\u7f6e\u662f\u5426\u7b26\u5408\u5b89\u5168\u6a19\u6e96\u7684\u5de5\u5177\u3002\u9019\u4e9b\u5de5\u5177\u53ef\u4ee5\u81ea\u52d5\u6aa2\u67e5\u7cfb\u7d71\u7684\u8a2d\u7f6e\uff0c\u4e26\u8207\u9810\u5b9a\u7684\u5b89\u5168\u57fa\u7dda\u9032\u884c\u6bd4\u8f03\uff0c\u5f9e\u800c\u8b58\u5225\u6f5b\u5728\u7684\u5b89\u5168\u98a8\u96aa\u3002\u57fa\u7dda\u6aa2\u67e5\u4e0d\u50c5\u80fd\u5e6b\u52a9\u7cfb\u7d71\u7ba1\u7406\u54e1\u767c\u73fe\u914d\u7f6e\u932f\u8aa4\uff0c\u9084\u80fd\u78ba\u4fdd\u7cfb\u7d71\u9075\u5faa\u6700\u4f73\u5b89\u5168\u5be6\u8e10\u3002<\/p>\n
Lynis\u662f\u4e00\u6b3e\u958b\u6e90\u7684\u5b89\u5168\u5be9\u8a08\u5de5\u5177\uff0c\u5c08\u70baUnix\/Linux\u7cfb\u7d71\u8a2d\u8a08\u3002\u5b83\u80fd\u5920\u9032\u884c\u5168\u9762\u7684\u7cfb\u7d71\u6aa2\u67e5\uff0c\u4e26\u63d0\u4f9b\u8a73\u7d30\u7684\u5831\u544a\u548c\u5efa\u8b70\u3002\u4f7f\u7528\u8005\u53ea\u9700\u5728\u7d42\u7aef\u4e2d\u904b\u884c\u4ee5\u4e0b\u547d\u4ee4\u5373\u53ef\u555f\u52d5\u6aa2\u67e5\uff1a<\/p>\n
sudo lynis audit system<\/code><\/pre>\nLynis\u6703\u6aa2\u67e5\u7cfb\u7d71\u7684\u5b89\u5168\u6027\u3001\u5408\u898f\u6027\u548c\u6700\u4f73\u5be6\u8e10\uff0c\u4e26\u6839\u64da\u6aa2\u67e5\u7d50\u679c\u63d0\u4f9b\u6539\u9032\u5efa\u8b70\u3002\u9019\u4f7f\u5f97Lynis\u6210\u70ba\u4e00\u500b\u975e\u5e38\u53d7\u6b61\u8fce\u7684\u57fa\u7dda\u6aa2\u67e5\u5de5\u5177\u3002<\/p>\n
2. OpenSCAP<\/h3>\n
OpenSCAP\u662f\u4e00\u500b\u57fa\u65bcSCAP\uff08\u5b89\u5168\u5167\u5bb9\u81ea\u52d5\u5316\u5354\u8b70\uff09\u7684\u958b\u6e90\u5de5\u5177\uff0c\u5c08\u6ce8\u65bc\u5b89\u5168\u5408\u898f\u6027\u548c\u98a8\u96aa\u7ba1\u7406\u3002\u5b83\u63d0\u4f9b\u4e86\u4e00\u7cfb\u5217\u7684\u6aa2\u67e5\u548c\u5831\u544a\u529f\u80fd\uff0c\u5e6b\u52a9\u7528\u6236\u78ba\u4fdd\u7cfb\u7d71\u7b26\u5408\u5404\u7a2e\u5b89\u5168\u6a19\u6e96\u3002\u7528\u6236\u53ef\u4ee5\u4f7f\u7528\u4ee5\u4e0b\u547d\u4ee4\u4f86\u904b\u884cOpenSCAP\u6aa2\u67e5\uff1a<\/p>\n
oscap xccdf eval --profile <\/code><\/pre>\nOpenSCAP\u652f\u6301\u591a\u7a2e\u5b89\u5168\u57fa\u6e96\uff0c\u5982CIS\u3001DISA STIG\u7b49\uff0c\u9069\u5408\u9700\u8981\u9075\u5faa\u7279\u5b9a\u5408\u898f\u6a19\u6e96\u7684\u4f01\u696d\u3002<\/p>\n
3. CIS-CAT<\/h3>\n
CIS-CAT\uff08CIS Configuration Assessment Tool\uff09\u662f\u7531CIS\uff08Center for Internet Security\uff09\u63d0\u4f9b\u7684\u4e00\u6b3e\u5de5\u5177\uff0c\u5c08\u9580\u7528\u65bc\u8a55\u4f30\u7cfb\u7d71\u914d\u7f6e\u662f\u5426\u7b26\u5408CIS\u57fa\u6e96\u3002CIS-CAT\u53ef\u4ee5\u751f\u6210\u8a73\u7d30\u7684\u5831\u544a\uff0c\u5e6b\u52a9\u7528\u6236\u8b58\u5225\u4e0d\u7b26\u5408\u57fa\u6e96\u7684\u914d\u7f6e\u3002\u4f7f\u7528\u8005\u53ef\u4ee5\u901a\u904e\u4ee5\u4e0b\u547d\u4ee4\u904b\u884cCIS-CAT\uff1a<\/p>\n
java -jar cis-cat.jar -b -r <\/code><\/pre>\n\u9019\u6b3e\u5de5\u5177\u7279\u5225\u9069\u5408\u9700\u8981\u9075\u5faaCIS\u57fa\u6e96\u7684\u4f01\u696d\uff0c\u80fd\u5920\u6709\u6548\u63d0\u5347\u7cfb\u7d71\u7684\u5b89\u5168\u6027\u3002<\/p>\n
\u57fa\u7dda\u6aa2\u67e5\u7684\u6700\u4f73\u5be6\u8e10<\/h2>\n\n- \u5b9a\u671f\u6aa2\u67e5\uff1a<\/strong>\u5efa\u8b70\u5b9a\u671f\u904b\u884c\u57fa\u7dda\u6aa2\u67e5\u5de5\u5177\uff0c\u4ee5\u4fbf\u53ca\u6642\u767c\u73fe\u548c\u4fee\u5fa9\u5b89\u5168\u6f0f\u6d1e\u3002<\/li>\n
- \u81ea\u52d5\u5316\u6aa2\u67e5\uff1a<\/strong>\u53ef\u4ee5\u8003\u616e\u5c07\u57fa\u7dda\u6aa2\u67e5\u81ea\u52d5\u5316\uff0c\u5b9a\u671f\u751f\u6210\u5831\u544a\uff0c\u6e1b\u5c11\u4eba\u5de5\u5e72\u9810\u3002<\/li>\n
- \u6301\u7e8c\u5b78\u7fd2\uff1a<\/strong>\u96a8\u8457\u5b89\u5168\u5a01\u8105\u7684\u6f14\u8b8a\uff0c\u6301\u7e8c\u5b78\u7fd2\u6700\u65b0\u7684\u5b89\u5168\u6700\u4f73\u5be6\u8e10\u548c\u57fa\u6e96\u662f\u975e\u5e38\u91cd\u8981\u7684\u3002<\/li>\n<\/ul>\n
\u7e3d\u7d50<\/h2>\n
\u4f7f\u7528Linux\u57fa\u7dda\u6aa2\u67e5\u5de5\u5177\u662f\u4fdd\u969c\u4f3a\u670d\u5668\u5b89\u5168\u7684\u91cd\u8981\u6b65\u9a5f\u3002\u900f\u904e\u5de5\u5177\u5982Lynis\u3001OpenSCAP\u548cCIS-CAT\uff0c\u7cfb\u7d71\u7ba1\u7406\u54e1\u53ef\u4ee5\u6709\u6548\u5730\u8a55\u4f30\u548c\u6539\u5584\u4f3a\u670d\u5668\u7684\u5b89\u5168\u914d\u7f6e\u3002\u9019\u4e0d\u50c5\u80fd\u5920\u964d\u4f4e\u6f5b\u5728\u7684\u5b89\u5168\u98a8\u96aa\uff0c\u9084\u80fd\u78ba\u4fdd\u7cfb\u7d71\u7b26\u5408\u884c\u696d\u6a19\u6e96\u548c\u5408\u898f\u8981\u6c42\u3002\u82e5\u60a8\u6b63\u5728\u5c0b\u627e\u53ef\u9760\u7684 \u9999\u6e2fVPS<\/a> \u89e3\u6c7a\u65b9\u6848\uff0cServer.HK\u63d0\u4f9b\u591a\u7a2e\u9078\u64c7\uff0c\u52a9\u60a8\u8f15\u9b06\u7ba1\u7406\u4f3a\u670d\u5668\u5b89\u5168\u3002<\/p>\n","protected":false},"excerpt":{"rendered":"\u63a2\u7d22\u63a8\u85a6\u7684Linux\u57fa\u7dda\u6aa2\u67e5\u5de5\u5177\uff0c\u5168\u9762\u4fdd\u969c\u4f3a\u670d\u5668\u5b89\u5168\uff0c\u78ba\u4fdd\u7cfb\u7d71\u7a69\u5b9a\u8207\u5408\u898f\uff0c\u63d0\u5347\u904b\u884c\u6548\u7387\u3002<\/p>\n","protected":false},"author":0,"featured_media":0,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4924],"tags":[],"class_list":["post-198680","post","type-post","status-publish","format-standard","hentry","category-setup-tutorials"],"_links":{"self":[{"href":"https:\/\/server.hk\/cnblog\/wp-json\/wp\/v2\/posts\/198680","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/server.hk\/cnblog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/server.hk\/cnblog\/wp-json\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"https:\/\/server.hk\/cnblog\/wp-json\/wp\/v2\/comments?post=198680"}],"version-history":[{"count":0,"href":"https:\/\/server.hk\/cnblog\/wp-json\/wp\/v2\/posts\/198680\/revisions"}],"wp:attachment":[{"href":"https:\/\/server.hk\/cnblog\/wp-json\/wp\/v2\/media?parent=198680"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/server.hk\/cnblog\/wp-json\/wp\/v2\/categories?post=198680"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/server.hk\/cnblog\/wp-json\/wp\/v2\/tags?post=198680"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}