InfoSec Pentesting Tools Vulnerability Analysis

Lynis – Security Auditing Tool for Unix/Linux

Lynis is a security auditing tool for Unix and Linux based systems. It performs in-depth security scans, with almost no configuration, This tool commonly used by network administrator/system admin, security professionals and pentester/auditor to evaluate linux/unix system.
Requirements: Shell and basic utilities
Permissions: Root permissions or normal user
Operating System Supported:

  • AIX
  • FreeBSD
  • HP-UX
  • Linux
  • Mac OS
  • NetBSD
  • OpenBSD
  • Solaris

The new version of Lynis  Security Auditing Tool was already release: Lynis 2.1.0

Security Auditing Tool= Lynis 2.1.0 (2015-04-16) 
Screen output has been improved to provide additional information.
OS support:
CUPS detection on Mac OS has been improved. AIX systems will now use csum
utility to create host ID. Group check have been altered on AIX, to include
the -n ALL. Core dump check on Linux is extended to check for actual values
as well.
McAfee detection has been extended by detecting a running cma binary.
Improved detection of pf firewall on BSD and Mac OS. Security patch checking
with zypper extended.
Session timeout:
Tests to determine shell time out setting have been extended to account for
AIX, HP-UX and other platforms. It will now determine also if variable is
exported as a readonly variable. Related compliance section PCI DSS 8.1.8
has been extended.
- New document: Getting started with Lynis
Plugins (Enterprise):
- Update to file integrity plugin
Changes to PLGN-2606 (capabilities check)
- New configuration plugins:
PLGN-4802 (SSH settings)
PLGN-4804 (login.defs)

1. Installation via direct download
Create a Directory

mkdir -p /usr/local/lynis
cd /usr/local

2. Download Lynis here:

curl -o lynis-version.tar.gz

3. Unpack the tarball


4. After unpacking, it is time to run Lynis for the first time.


Lynis can run without any preconfiguration. Configuration and fine-tuning is possible though and will be covered in later sections. For now we will run a basic scan:

lynis audit system

Common parameters:
Below the most commonly used parameter when running Lynis.

Parameter Abbreviated Description
–auditor “Given name Surname” Assign an auditor name to the audit (report)
–checkall -c Start the check
–check-update Check if Lynis is up-to-date
–cronjob Run Lynis as cronjob (includes -c -Q)
–help -h Shows valid parameters
–manpage View man page
–nocolors Do not use any colors
–pentest Perform a penetration test scan (non-privileged)
–quick -Q Don’t wait for user input, except on errors
–quiet Only show warnings (includes –quick, but doesn’t wait)
–reverse-colors Use a different color scheme for lighter backgrounds
–version -V Check program version (and quit)


  • If Lynis is not installed as package (with included man page), use –man or nroff -man ./lynis.8
  • For systems where the shell background is light, use –nocolors or –reverse-colors
  • Use –dump-options to see all available parameters of Lynis

Post Comment