Lynis Security auditing tool

Lynis is an open source security auditing tool. Its main goal is to audit and harden Unix and Linux based systems. It scans the system by performing many security control checks. Examples include searching for installed software and determine possible configuration flaws.

Many tests are part of common security guidelines and standards, with on top additional security tests. After the scan a report will be displayed with all discovered findings.

Typical use cases for Lynis:

Security auditing
Vulnerability scanning
System hardening

Examples tests:

Available authentication methods
Expired SSL certificates
Outdated or vulnerable software packages
Time configuration and proper functioning of NTP daemon
User accounts without password
Incorrect file permissions
Configuration errors
Firewall rules.

Supported systems

Since the complexity of auditing different systems and platforms, Lynis is developed on BSD and Linux.

This tool is tested or confirmed to work with at least:
AIX, Linux, FreeBSD, OpenBSD, Mac OS X, Solaris. See website for the full list of tested operating systems.


Lynis Security auditing tool Installation

SSH to your server as root user.

#cd /usr/local/src


#tar -zxvf lynis-1.5.9.tar.gz

#cd lynis-1.5.9/

# ./lynis

Audit/Scan your server now

# ./lynis -c

For more help

#./lynis -h

[+] Initializing program
Scan options:
–auditor “<name>” : Auditor name
–check-all (-c) : Check system
–no-log : Don’t create a log file
–profile <profile> : Scan the system with the given profile file
–quick (-Q) : Quick mode, don’t wait for user input
–tests “<tests>” : Run only tests defined by <tests>
–tests-category “<category>” : Run only tests defined by <category>

Layout options:
–no-colors : Don’t use colors in output
–quiet (-q) : No output, except warnings
–reverse-colors : Optimize color display for light backgrounds

Misc options:
–check-update : Check for updates
–debug : Debug logging to screen
–view-manpage (–man) : View man page
–version (-V) : Display version number and quit

Enterprise options:
–plugin-dir “<path”> : Define path of available plugins
–upload : Upload data to central node

See man page and documentation for all available options.

Thats All..

  • 0 Users Found This Useful
Was this answer helpful?

Related Articles

Prevent users Creating Certain Domains

How to prevent user creating certain domains You can use cPanel & WHM to prevent users...

Enable SSH and WHM login Alert emails

We can enable SSH and WHM login alerts to your email accounts. For security reason, it is...

Email server troubleshooting

Email / Exim server troubleshooting techniques. You can use the following email server...

Powered by WHMCompleteSolution