Lynis
From Indie IT Wiki
Revision as of 17:14, 18 March 2016 by imported>Indieit (→INFO: PARAMETERS:)
Lynis is a security auditing tool for Unix and Linux based systems. It performs in-depth security scans, with almost no configuration.
HOWTO: INSTALL:
- Lynis does not need installation just extraction to a folder and is then run from there.
- Visit the website and confirm the current version before proceeding and modify the information below to match.
sudo wget https://cisofy.com/files/lynis-2.2.0.tar.gz sudo tar -xvf /path/to/lynis-2.2.0.tar.gz -C /usr/local/
HOWTO: UPDATE:
cd /usr/local/lynis sudo ./lynis update info # Show update details sudo ./lynis update release # Update Lynis release
INFO: PARAMETERS:
- --checkall or -c : Start the scan.
- --check-update : Checks for Lynis update.
- --cronjob : Runs Lynis as cronjob (includes -c -Q).
- --help or -h : Shows valid parameters
- --quick or -Q : Don’t wait for user input, except on errors
- --version or -V : Shows Lynis version.
Running Lynis without any parameters with generate an error:
sudo /usr/local/lynis./lynis Error: No scanning mode specified! More scan options are available. See man page and online documentation for details
To run a full system scan run the following:
sudo ./lynis --check-all
As each section completes you will be presented with:
[ Press [ENTER] to continue, or [CTRL]+C to stop ]
To run a full scan without prompting use the following:
sudo ./lynis -c -Q
All the information is logged at:
/var/log/lynis.log
Thanks to Techmint.