Check for improvements with lynis

Lynis is a tool to scan your system looking for improvements in terms of security.

# pkg_add lynis
# lynis audit system

You'll see a lot of messages. Read "/var/log/lynis-report.dat" carefully then :

# less /var/log/lynis-report.dat

As example, you may read :

suggestion[]=SSH-7408|Consider hardening SSH configuration|AllowTcpForwarding (YES --> NO)|-|
suggestion[]=SSH-7408|Consider hardening SSH configuration|ClientAliveCountMax (3 --> 2)|-|
suggestion[]=SSH-7408|Consider hardening SSH configuration|Compression (YES --> NO)|-|

To filter for suggestions :

# grep suggestion /var/log/lynis-report.dat