Lynis is a security auditing tool for Unix and Linux based systems. It performs in-depth security scans, with almost no configuration, This tool commonly used by network administrator/system admin, security professionals and pentester/auditor to evaluate linux/unix system.
Requirements: Shell and basic utilities
Permissions: Root permissions or normal user
Operating System Supported:
- Mac OS
The new version of Lynis Security Auditing Tool was already release: Lynis 2.1.0
Security Auditing Tool= Lynis 2.1.0 (2015-04-16)
Screen output has been improved to provide additional information.
CUPS detection on Mac OS has been improved. AIX systems will now use csum
utility to create host ID. Group check have been altered on AIX, to include
the -n ALL. Core dump check on Linux is extended to check for actual values
McAfee detection has been extended by detecting a running cma binary.
Improved detection of pf firewall on BSD and Mac OS. Security patch checking
with zypper extended.
Tests to determine shell time out setting have been extended to account for
AIX, HP-UX and other platforms. It will now determine also if variable is
exported as a readonly variable. Related compliance section PCI DSS 8.1.8
has been extended.
- New document: Getting started with Lynis
- Update to file integrity plugin
Changes to PLGN-2606 (capabilities check)
- New configuration plugins:
PLGN-4802 (SSH settings)
1. Installation via direct download
Create a Directory
mkdir -p /usr/local/lynis
2. Download Lynis here: https://cisofy.com/download/lynis/
curl https://cisofy.com/files/lynis-.tar.gz -o lynis-version.tar.gz
3. Unpack the tarball
4. After unpacking, it is time to run Lynis for the first time.
Lynis can run without any preconfiguration. Configuration and fine-tuning is possible though and will be covered in later sections. For now we will run a basic scan:
lynis audit system
Below the most commonly used parameter when running Lynis.
|–auditor “Given name Surname”||Assign an auditor name to the audit (report)|
|–checkall||-c||Start the check|
|–check-update||Check if Lynis is up-to-date|
|–cronjob||Run Lynis as cronjob (includes -c -Q)|
|–help||-h||Shows valid parameters|
|–manpage||View man page|
|–nocolors||Do not use any colors|
|–pentest||Perform a penetration test scan (non-privileged)|
|–quick||-Q||Don’t wait for user input, except on errors|
|–quiet||Only show warnings (includes –quick, but doesn’t wait)|
|–reverse-colors||Use a different color scheme for lighter backgrounds|
|–version||-V||Check program version (and quit)|
- If Lynis is not installed as package (with included man page), use –man or nroff -man ./lynis.8
- For systems where the shell background is light, use –nocolors or –reverse-colors
- Use –dump-options to see all available parameters of Lynis