Lynis security audit tool for linux

Posted on by Leave a comment

Lynis is an open source and one of the most trusted automated auditing tool for software patch management, malware scanning and vulnerability detecting in Unix based systems. This tool is useful for auditors, network and system administrators, security specialists and penetration testers. This Lynis security audit tool for linux.

Lynis performs hundreds of individual tests, to determine the security state of the system. The security scan itself consists of performing a set of steps, from initializing the program, up to the displaying the report.

security audit tool

security audit tool

What Lynis is doing?

  • Determine operating system
  • Search for available tools and utilities
  • Check for Lynis update
  • Run tests from enabled plugins
  • Run security tests per category
  • Report status of security scan
  • During the scan, technical details about the scan are stored in a log file. At the same time findings (warnings, suggestions, data collection), are stored in a report file.

Download and Install

Download latest version from https://cisofy.com/download/lynis/

Login your server using root permission

[root@testvm1]# wget https://cisofy.com/files/lynis-2.2.0.tar.gz
[root@testvm1]# tar -zxvf lynis-2.2.0.tar.gz
[root@testvm1]# cd lynis

[root@testvm1 lynis]# ./lynis audit system

[ Lynis 2.1.8 ]

################################################################################
comes with ABSOLUTELY NO WARRANTY. This is free software, and you are
welcome to redistribute it under the terms of the GNU General Public License.
See the LICENSE file for details about using this software.

Copyright 2007-2016 – CISOfy, https://cisofy.com
Enterprise support and plugins available via CISOfy
################################################################################

[+] Initializing program
————————————
– Detecting OS… [ DONE ]

—————————————————
Program version: 2.1.8
Operating system: Linux
Operating system name: CentOS
Operating system version: CentOS Linux release 7.1.1503 (Core)
Kernel version: 3.10.0
Hardware platform: x86_64
Hostname: testvm1
Auditor: [Unknown]
Profile: ./default.prf
Log file: /var/log/lynis.log
Report file: /var/log/lynis-report.dat
Report version: 1.0
Plugin directory: ./plugins
—————————————————
– Checking profile file (./default.prf)…
– Program update status… [ SKIPPED ]

[+] System Tools
————————————
– Scanning available tools…
– Checking system binaries…

[+] Plugins (phase 1)
————————————
Note: plugins have more extensive tests, which may take a few minutes to complete

– Plugin: pam
[.]

[+] Boot and services
————————————
– Service Manager [ systemd ]
– Checking UEFI boot [ DISABLED ]
– Checking presence GRUB [ OK ]
– Checking presence GRUB2 [ FOUND ]
– Checking for password protection [ WARNING ]
– Check running services (systemctl) [ DONE ]
Result: found 14 running services
– Check enabled services at boot (systemctl) [ DONE ]
Result: found 18 enabled services
– Check startup files (permissions) [ OK ]

[ Press [ENTER] to continue, or [CTRL]+C to stop ]
use help option for more information

[root@testvm1 lynis]# ./lynis –help

[ Lynis 2.2.0 ]

################################################################################
comes with ABSOLUTELY NO WARRANTY. This is free software, and you are
welcome to redistribute it under the terms of the GNU General Public License.
See the LICENSE file for details about using this software.

Copyright 2007-2016 – CISOfy, https://cisofy.com/lynis/
Enterprise support and plugins available via CISOfy
################################################################################

[+] Initializing program
————————————

Usage: lynis [options] mode
Mode:

audit
audit system : Perform security scan
audit dockerfile <file> : Analyze Dockerfile

update
update info : Show update details
update release : Update Lynis release
Scan options:
–auditor “<name>” : Auditor name
–dump-options : See all available options
–no-log : Don’t create a log file
–pentest : Non-privileged scan (useful for pentest)
–profile <profile> : Scan the system with the given profile file
–quick (-Q) : Quick mode, don’t wait for user input
–tests “<tests>” : Run only tests defined by <tests>
–tests-category “<category>” : Run only tests defined by <category>

Layout options:
–no-colors : Don’t use colors in output
–quiet (-q) : No output, except warnings
–reverse-colors : Optimize color display for light backgrounds

Misc options:
–debug : Debug logging to screen
–view-manpage (–man) : View man page
–version (-V) : Display version number and quit

Enterprise options:
–plugin-dir “<path>” : Define path of available plugins
–upload : Upload data to central node
More scan options are available. See man page and online documentation for details.