For my work I often deploy Linux VM’s. I use Lynis for checking my system for security isssues en baseline(s). Lynis is a security auditing tool for UNIX derivatives like Linux, macOS, BSD, Solaris, AIX, and others. It performs an in-depth security scan. Extensive reports in HTML and TXT are delivered. The company behind Linus (CISOfy) delivers great support and has a community of people working together.
Screenshot of Lynis:
Installation is very simple (if you know your way round Linux)
Ensure that cURL, NSS, openssl, and CA certificates are up-to-date.
yum update ca-certificates curl nss openssl
Create /etc/yum.repos.d/cisofy-lynis.repo
[lynis] name=CISOfy Software - Lynis package baseurl=https://packages.cisofy.com/community/lynis/rpm/ enabled=1 gpgkey=https://packages.cisofy.com/keys/cisofy-software-rpms-public.key gpgcheck=1
Next step is installing Lynis with yum.
yum makecache fast
yum install lynis
First time it might ask to import the GPG key. This ensures you only updates are received from Cisofy.
Now you start using Lynis. First time users are advised to use the Get Started guide.
lynis audit system
You see something like this (DONE/FOUND/YES/NO etc). You can open the logfiles afterwards in /var/log. Personally I prefer to pipe the output to a file also. (lynis audit system >> output_file)
Download Lynis here.
It is also possible to add extra checks (plugins) and/or change the default one. I created my own baseline which I can use every time.
Good luck with scanning your system! (and securing afterwards :-))