I cannot seem to resolve these Lynis warnings, should I ignore them?

Question

I’m using this tutorial:https://www.digitalocean.com/community/tutorials/how-to-perform-security-audits-with-lynis-on-ubuntu-16-04 But I cannot resolve these warnings: ! No password set for single mode [AUTH-9308]https://cisofy.com/controls/AUTH-9308/ (I ran passwd as root and set a root password, so it should prevent single user mode login without that password. So do I configure Lynis to ignore this?) ! Couldn’t find 2 responsive nameservers [NETW-2705]https://cisofy.com/controls/NETW-2705/ (/etc/resolv.conf on all Ubuntu systems I have ever used only have nameserver 127.0.0.53. I can see two nameservers when I run systemd-resolve --status, and both are responsive. So do I configure Lynis to ignore this?) ! No MySQL root password set [DBS-1816]https://cisofy.com/controls/DBS-1816/ (Can’t figure this one out. I cannot seem to prevent the root user from logging in as root to the database. The password has indeed been set and I flushed privileges. The /root/.digitalocean_password file contains root_mysql_pass. So that’s why Lynis is flagging on this, right? Wrong. If I rename that file and even restart the daemon, flush privileges, etc., it still allows login. At least it is only accessible by root. So do I configure Lynis to ignore this?)

Christopher de Vidal · Accepted Answer

Thought it might be good for others to know that these issues were resolved by simply upgrading Lynis to the latest :-)

Michael Boelen · Answer

Lynis author here.

Sure, if you can’t resolve a particular item and you feel you can accept the risk or took other measures, then it is totally fine to skip a particular test.

To skip a test: add ‘skip-test=AAAA-1234’ (without quotes) to custom.prf (lynis show profiles). Replace the ID with the one you see between the brackets.

Related Questions

Question

I cannot seem to resolve these Lynis warnings, should I ignore them?

Want to learn more? Join the DigitalOcean Community!

Popular Topics