Security audits with Lynis

Professional Hardening

© Photo by FLY:D on Unsplash

© Photo by FLY:D on Unsplash

Article from Issue 266/2023

The complexity of modern distributions offers many potential attack vectors for malware. Lynis lets you find these vulnerabilities before an attacker does.

Virtually nobody uses a computer without Internet access. Unfortunately, the network of networks is teeming with malicious programs that exploit vulnerabilities in operating systems, firmware, and application programs looking to inject malware or steal personal data.

Sys admins protect their systems against these attacks as part of their daily grind. Home users also need to protect their systems by keeping their computers up to date and running an occasional security scan to detect any vulnerabilities. Lynis [1], a free software tool from CISOfy, covers a wide range of problem scenarios and lets you perform regular system checks in no time at all.

First Launch

Lynis, a command-line program, comes with a collection of scripts for Unix-style systems. These scripts check various vulnerable system components for insecure settings and display color-coded results.

You will find Lynis in the repositories of many distributions and can install it using any of the popular package management tools. You also can download Lynis from the CISOfy website. I recommend this approach because you will always find the latest version there [2]. CISOfy (located in Vlijmen, Netherlands) offers the community variant of Lynis free of charge. The download contains the actual application, but some additional programs and the Collector are missing. Lynis comes with some community plugins out of the box.

Lynis Enterprise

For companies that need to monitor more than 10 workstations, CISOfy offers Lynis Enterprise, which is available as a software as a service (SaaS, a licensing and sales model where the provider operates software on their own infrastructure and offers a subscription model for use). Lynis Enterprise comes with numerous plugins and additionally generates web-based reports in line with various standards. The Enterprise variant also lets you check Docker files in container environments and monitor remote computer systems.

CISOfy offers the SaaS version of Lynis Enterprise as a subscription for $3 per month. For larger organizations that require monitoring of more than 100 workstations, a self-hosted package is available for setting up a local Lynis instance on the intranet. The self-hosted Enterprise variant also includes all of the additional packages and is suitable for services that provide security audits for other companies [3].

At Your Command

You will find detailed instructions for installing the Lynis community variant on various distributions [4] on the CISOfy website. You then execute the program by typing lynis <parameter> in a terminal window. To access the available command parameters, type lynis show.

The central command for auditing the local system is lynis audit system. The application now runs over 200 test parameters and displays the results in a simple table after a short wait (Figure 1). To the right of each test category, the results appear in green, yellow, or red. If the results are displayed in yellow, you need to check the setting, but if the text color is red, you will want to reconfigure the service in question. Lynis grays out components that are not available on the system, provided that their absence does not affect the security of the system as a whole.

Figure 1: Lynis displays the color-coded test results in groups on the terminal.

The individual tests are divided into categories. If you launch the software as a normal user, Lynis skips some checks that can only be executed if you are root. The program outputs messages to point out the skipped test routines. After the test results, Lynis also displays a hardening index and shows potential for improvement. Lynis makes suggestions based on the individual test categories on how you can upgrade problematic settings to improve your system's security. You can open these tips by following the links in your web browser (Figure 2).

Figure 2: Lynis suggests potential improvements to the configuration in the form of URLs (shown in gray).

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy Linux Magazine

Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

comments powered by Disqus
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters

Support Our Work

Linux Magazine content is made possible with support from readers like you. Please consider contributing when you’ve found an article to be beneficial.

Learn More