Lynis

From Indie IT Wiki
The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.

Lynis is a security auditing tool for Unix and Linux based systems. It performs in-depth security scans, with almost no configuration.

HOWTO: INSTALL:

  • Lynis does not need installation just extraction to a folder and is then run from there.
  • Visit the website and confirm the current version before proceeding and modify the information below to match.
sudo wget https://downloads.cisofy.com/lynis/lynis-3.0.5.tar.gz
sudo tar -xvf /path/to/lynis-3.0.5.tar.gz -C /usr/local/

HOWTO: UPDATE:

cd /usr/local/lynis
sudo ./lynis update info # Show update details
sudo ./lynis update release # Update Lynis release

INFO: PARAMETERS:

  • --checkall or -c : Start the scan.
  • --check-update : Checks for Lynis update.
  • --cronjob : Runs Lynis as cronjob (includes -c -Q).
  • --help or -h : Shows valid parameters
  • --quick or -Q : Don’t wait for user input, except on errors
  • --version or -V : Shows Lynis version.

Running Lynis without any parameters with generate an error: 

sudo /usr/local/lynis./lynis

 Error: No scanning mode specified!
 More scan options are available. See man page and online documentation for details

To run a full system scan run the following: 

sudo ./lynis audit system -Q

All the information is logged at: 

/var/log/lynis.log

Thanks to Techmint.

Retrieved from ‘https://wiki.indie-it.com/index.php?title=Lynis&oldid=1195