lynis
lynis copied to clipboard
Added initial version of a Kerberos plugin
As it says in the title, this is only an initial version. I wanted to open this PR to also open the discussion on the Kerberos hardening topic.
All the feedback is very welcome.
I'm planning on extending this and adding tests for at least:
- Checking
krb5.conf
(clients) andkdc.conf
(KDC) for hardened settings - ~~Checking for keys with weak encryption types~~ -> 075e3a6
- Checking various security related attributes on different principals
- The principals first need to be placed into different categories such as: hosts, users, services & krb5 internal etc.