Lynis Security auditing tool

Lynis is an open source security auditing tool. Its main goal is to audit and harden Unix and Linux based systems. It scans the system by performing many security control checks. Examples include searching for installed software and determine possible configuration flaws.

Many tests are part of common security guidelines and standards, with on top additional security tests. After the scan a report will be displayed with all discovered findings.

Typical use cases for Lynis:

Security auditing
Vulnerability scanning
System hardening

Examples tests:

Available authentication methods
Expired SSL certificates
Outdated or vulnerable software packages
Time configuration and proper functioning of NTP daemon
User accounts without password
Incorrect file permissions
Configuration errors
Firewall rules.

Supported systems

Since the complexity of auditing different systems and platforms, Lynis is developed on BSD and Linux.

This tool is tested or confirmed to work with at least:
AIX, Linux, FreeBSD, OpenBSD, Mac OS X, Solaris. See website for the full list of tested operating systems.


Lynis Security auditing tool Installation

SSH to your server as root user.

#cd /usr/local/src


#tar -zxvf lynis-1.5.9.tar.gz

#cd lynis-1.5.9/

# ./lynis

Audit/Scan your server now

# ./lynis -c

For more help

#./lynis -h

[+] Initializing program
Scan options:
–auditor “<name>” : Auditor name
–check-all (-c) : Check system
–no-log : Don’t create a log file
–profile <profile> : Scan the system with the given profile file
–quick (-Q) : Quick mode, don’t wait for user input
–tests “<tests>” : Run only tests defined by <tests>
–tests-category “<category>” : Run only tests defined by <category>

Layout options:
–no-colors : Don’t use colors in output
–quiet (-q) : No output, except warnings
–reverse-colors : Optimize color display for light backgrounds

Misc options:
–check-update : Check for updates
–debug : Debug logging to screen
–view-manpage (–man) : View man page
–version (-V) : Display version number and quit

Enterprise options:
–plugin-dir “<path”> : Define path of available plugins
–upload : Upload data to central node

See man page and documentation for all available options.

Thats All..

  • 0 Users Found This Useful
Was this answer helpful?

Related Articles

cPHulk Brute Force Protection

WHM/cPanel has a service, protected from Brute Force attack, which is called “cPHulk Brute Force...

Enable SSH key authorized login without root password

You need to generate SSH Key ( the private key )on your cpanel server and then update remote...

How can I Redirect URLs in cPanel

Login your cpanel 1. Click the Redirects button on the front page under the “domains” 2. Enter...

Enable Custom php.ini for Fast CGI

With fast-cgi, custom php.ini needs to be in the cgi-bin folder. 1) Move php.ini to cgi-bin...

ConfigServer Firewall CSF installation

ConfigServer firewall is a popular linux firewall security suite. It is easy to install, flexible...

Powered by WHMCompleteSolution