Lynis is an open source security auditing tool. Its main goal is to audit and harden Unix and Linux based systems. It scans the system by performing many security control checks. Examples include searching for installed software and determine possible configuration flaws.
Many tests are part of common security guidelines and standards, with on top additional security tests. After the scan a report will be displayed with all discovered findings.
Typical use cases for Lynis:
Available authentication methods
Expired SSL certificates
Outdated or vulnerable software packages
Time configuration and proper functioning of NTP daemon
User accounts without password
Incorrect file permissions
Since the complexity of auditing different systems and platforms, Lynis is developed on BSD and Linux.
This tool is tested or confirmed to work with at least:
AIX, Linux, FreeBSD, OpenBSD, Mac OS X, Solaris. See website for the full list of tested operating systems.
Lynis Security auditing tool Installation
SSH to your server as root user.
#tar -zxvf lynis-1.5.9.tar.gz
Audit/Scan your server now
# ./lynis -c
For more help
[+] Initializing program
–auditor “<name>” : Auditor name
–check-all (-c) : Check system
–no-log : Don’t create a log file
–profile <profile> : Scan the system with the given profile file
–quick (-Q) : Quick mode, don’t wait for user input
–tests “<tests>” : Run only tests defined by <tests>
–tests-category “<category>” : Run only tests defined by <category>
–no-colors : Don’t use colors in output
–quiet (-q) : No output, except warnings
–reverse-colors : Optimize color display for light backgrounds
–check-update : Check for updates
–debug : Debug logging to screen
–view-manpage (–man) : View man page
–version (-V) : Display version number and quit
–plugin-dir “<path”> : Define path of available plugins
–upload : Upload data to central node
See man page and documentation for all available options.