Lynis is a security auditing tool for Unix and Linux based systems. It performs in-depth security scans, with almost no configuration, This tool commonly used by network administrator/system admin, security professionals and pentester/auditor to evaluate linux/unix system.
Requirements: Shell and basic utilities
Permissions: Root permissions or normal user
Operating System Supported:
- AIX
- FreeBSD
- HP-UX
- Linux
- Mac OS
- NetBSD
- OpenBSD
- Solaris
The new version of Lynis Security Auditing Tool was already release: Lynis 2.1.0
Changelog:
Security Auditing Tool= Lynis 2.1.0 (2015-04-16) General: --------- Screen output has been improved to provide additional information. OS support: ------------ CUPS detection on Mac OS has been improved. AIX systems will now use csum utility to create host ID. Group check have been altered on AIX, to include the -n ALL. Core dump check on Linux is extended to check for actual values as well. Software: ---------- McAfee detection has been extended by detecting a running cma binary. Improved detection of pf firewall on BSD and Mac OS. Security patch checking with zypper extended. Session timeout: ----------------- Tests to determine shell time out setting have been extended to account for AIX, HP-UX and other platforms. It will now determine also if variable is exported as a readonly variable. Related compliance section PCI DSS 8.1.8 has been extended. Documentation: --------------- - New document: Getting started with Lynis https://cisofy.com/documentation/lynis/get-started/ Plugins (Enterprise): ---------------------- - Update to file integrity plugin Changes to PLGN-2606 (capabilities check) - New configuration plugins: PLGN-4802 (SSH settings) PLGN-4804 (login.defs)
1. Installation via direct download
Create a Directory
mkdir -p /usr/local/lynis cd /usr/local
2. Download Lynis here: https://cisofy.com/download/lynis/
wget https://cisofy.com/files/lynis-.tar.gz curl https://cisofy.com/files/lynis-.tar.gz -o lynis-version.tar.gz
3. Unpack the tarball
.tar.gz
4. After unpacking, it is time to run Lynis for the first time.
./lynis
Lynis can run without any preconfiguration. Configuration and fine-tuning is possible though and will be covered in later sections. For now we will run a basic scan:
lynis audit system
Common parameters:
Below the most commonly used parameter when running Lynis.
Parameter | Abbreviated | Description |
–auditor “Given name Surname” | Assign an auditor name to the audit (report) | |
–checkall | -c | Start the check |
–check-update | Check if Lynis is up-to-date | |
–cronjob | Run Lynis as cronjob (includes -c -Q) | |
–help | -h | Shows valid parameters |
–manpage | View man page | |
–nocolors | Do not use any colors | |
–pentest | Perform a penetration test scan (non-privileged) | |
–quick | -Q | Don’t wait for user input, except on errors |
–quiet | Only show warnings (includes –quick, but doesn’t wait) | |
–reverse-colors | Use a different color scheme for lighter backgrounds | |
–version | -V | Check program version (and quit) |
Tips
- If Lynis is not installed as package (with included man page), use –man or nroff -man ./lynis.8
- For systems where the shell background is light, use –nocolors or –reverse-colors
- Use –dump-options to see all available parameters of Lynis