Linux Server Security Audit with LBSA

By | February 6, 2015

linux_servers First of all we will see what LBSA is: The security of Linux system often requires regular testing with various settings and configurations that are also often common to several systems. For an instance, you have large Linux server farm on which you want to change the default port for the SSH service, it may be useful to have a tool that allows to quickly check whether the configuration has been made. This is where LBSA (Linux Security Audit Basic Script) can be used.

This is a bash script (.sh) that performs a set of verification on system security in order to establish a final report on areas for improvement. The goal is to have a set of security issue checked to establish a base on the safety of the system.

Among the audits conducted by the script:

* Rules on the .ssh directory users.
* Vulnerability in the assembly or the rights assigned to fixtures and common directories (e.g. / tmp)
* SSH configuration (Port RootPermitLogin …)
* Type and strength of the hash used in the file /etc./shadow
* Etc…

It is important to know what the scripts is far from exhaustive, and it is not because it does not return for improvement that your system is 100% secure. LBSA only check security issues it is designed for to check and probably not go beyond. LBSA is just there to have an audit based on the system.

Using the script LBSA: The first thing to do is to write the script on your system, do not panic, it can be found quickly on the following website:

Linux Security Audit Basic script (LBSA) –

Just then open a file on your system (for example: with your favorite text editor and write the contents of the script in it (note: while copy and pasting, do not copy it to have fun hand), you will then need to save this file and make it executable, adjust the file’s rights so it cannot be changed by anyone:

You can then run the script to carry out its audits:

Note: It is important to know that LBSA not make any configuration changes or write on the system.

Depending on the configuration of your system you can then see a set of tips. For example, if your one or more account passwords are using a single round of hashing, then LBSA will advise you to harden the hash used in the file /etc. /shadow which by default use 1 round hash. In this case, LBSA will recommend you to setup multiple “towers” (round) has to make the crack more complex and longer hash. It will also give you the associate commands line.

LBSA also detects the rights of vulnerable SSH configuration:

Here are tips on the rights to be positioned on the SSH configuration to no longer be changed easily. I also think about running this script on my system recommendations for the rights to affect my SSH directories.

You can often use LBSA to check configured scripts status to detect configuration changes that may indicate the presence of an intrusion. During an intrusion, a hacker will often seek to change some settings to return later or have more privileges, LBSA and differential results can then highlight a configuration change or a change in law in relation to a previous audit.

Modification and customization of LBSA:

The fact that this script is bash makes its modification and adaptation to any simple environment if one has some bash notions. Indeed, one can well imagine matching security check to a company security policy by adding additional checks built right into the script.

For our part, we add such testing rights to a different folder, but it can be more complex audits, we just need to understand how the script was written and add our own checks, while enjoying examination basis LBSA provides.