Table of Contents
Lynis
is an open-source security auditing tool used to check security controls and settings on Linux and Unix-based systems. This tool performs a series of tests and checks to identify potential security vulnerabilities and areas for improvement on the system.
Key features of Lynis include:
- Security Audits: Checks security settings and vulnerabilities on the system.
- Performance Optimization: Examines configurations that may impact system performance.
- Compliance Checks: Verifies compliance with relevant security standards (e.g., CIS Benchmarks).
- Log and File Analysis: Analyzes log files and system files to identify abnormalities.
- System Configuration: Checks system settings and provides recommendations.
- Comprehensive Reporting: Generates detailed reports summarizing the system’s status.
Installing Lynis:
Here are basic commands to install Lynis:
Debian/Ubuntu-Based Distributions (Using apt Package Management):
sudo apt update
sudo apt install lynis
Red Hat/Fedora/CentOS-Based Distributions (Using yum or dnf Package Management):
sudo yum install lynis
or
sudo dnf install lynis
openSUSE-Based Distributions (Using zypper Package Management):
sudo zypper install lynis
After installation, you can start a security audit on the system with the command lynis audit system
.
Lynis Cheat Sheet:
- Run Security Audit:
sudo lynis audit system
- Initiates a security audit on the system.
- Update Lynis Database:
sudo lynis update info
- Updates the Lynis vulnerability database for the latest information.
- Display Lynis Version:
lynis show version
- Displays the version information of Lynis.
- Custom Tests Only:
sudo lynis audit system --tests "test1,test2"
- Runs specific tests only (replace
test1
andtest2
with test names).
- Runs specific tests only (replace
- Generate Report:
sudo lynis audit system --output-file /path/to/output/report.log
- Generates a report and saves it to a specified file.
- View Available Tests:
lynis show tests
- Displays a list of available tests.
- Run Tests Verbosely:
sudo lynis audit system --verbose
- Runs tests with verbose output for detailed information.
- Suppress Warnings:
sudo lynis audit system --no-headers
- Runs the audit without displaying warning headers.
- Run Non-Interactive Audit:
sudo lynis audit system --cronjob
- Runs Lynis in non-interactive mode suitable for cronjobs.
- Quick System Check:
sudo lynis audit system --quick
- Performs a quick system audit, skipping some tests for faster results.
These commands provide a quick reference for using Lynis to perform security audits on Linux and Unix-based systems. Customize the commands based on your specific requirements.