Security audits with Lynis
Professional Hardening
The complexity of modern distributions offers many potential attack vectors for malware. Lynis lets you find these vulnerabilities before an attacker does.
Virtually nobody uses a computer without Internet access. Unfortunately, the network of networks is teeming with malicious programs that exploit vulnerabilities in operating systems, firmware, and application programs looking to inject malware or steal personal data.
Sys admins protect their systems against these attacks as part of their daily grind. Home users also need to protect their systems by keeping their computers up to date and running an occasional security scan to detect any vulnerabilities. Lynis [1], a free software tool from CISOfy, covers a wide range of problem scenarios and lets you perform regular system checks in no time at all.
First Launch
Lynis, a command-line program, comes with a collection of scripts for Unix-style systems. These scripts check various vulnerable system components for insecure settings and display color-coded results.
You will find Lynis in the repositories of many distributions and can install it using any of the popular package management tools. You also can download Lynis from the CISOfy website. I recommend this approach because you will always find the latest version there [2]. CISOfy (located in Vlijmen, Netherlands) offers the community variant of Lynis free of charge. The download contains the actual application, but some additional programs and the Collector are missing. Lynis comes with some community plugins out of the box.
Lynis Enterprise
For companies that need to monitor more than 10 workstations, CISOfy offers Lynis Enterprise, which is available as a software as a service (SaaS, a licensing and sales model where the provider operates software on their own infrastructure and offers a subscription model for use). Lynis Enterprise comes with numerous plugins and additionally generates web-based reports in line with various standards. The Enterprise variant also lets you check Docker files in container environments and monitor remote computer systems.
CISOfy offers the SaaS version of Lynis Enterprise as a subscription for $3 per month. For larger organizations that require monitoring of more than 100 workstations, a self-hosted package is available for setting up a local Lynis instance on the intranet. The self-hosted Enterprise variant also includes all of the additional packages and is suitable for services that provide security audits for other companies [3].
At Your Command
You will find detailed instructions for installing the Lynis community variant on various distributions [4] on the CISOfy website. You then execute the program by typing lynis <parameter>
in a terminal window. To access the available command parameters, type lynis show
.
The central command for auditing the local system is lynis audit system
. The application now runs over 200 test parameters and displays the results in a simple table after a short wait (Figure 1). To the right of each test category, the results appear in green, yellow, or red. If the results are displayed in yellow, you need to check the setting, but if the text color is red, you will want to reconfigure the service in question. Lynis grays out components that are not available on the system, provided that their absence does not affect the security of the system as a whole.
The individual tests are divided into categories. If you launch the software as a normal user, Lynis skips some checks that can only be executed if you are root. The program outputs messages to point out the skipped test routines. After the test results, Lynis also displays a hardening index and shows potential for improvement. Lynis makes suggestions based on the individual test categories on how you can upgrade problematic settings to improve your system's security. You can open these tips by following the links in your web browser (Figure 2).
Buy this article as PDF
(incl. VAT)
Buy Linux Magazine
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters
Support Our Work
Linux Magazine content is made possible with support from readers like you. Please consider contributing when you’ve found an article to be beneficial.
News
-
Juno Tab 3 Launches with Ubuntu 24.04
Anyone looking for a full-blown Linux tablet need look no further. Juno has released the Tab 3.
-
New KDE Slimbook Plasma Available for Preorder
Powered by an AMD Ryzen CPU, the latest KDE Slimbook laptop is powerful enough for local AI tasks.
-
Rhino Linux Announces Latest "Quick Update"
If you prefer your Linux distribution to be of the rolling type, Rhino Linux delivers a beautiful and reliable experience.
-
Plasma Desktop Will Soon Ask for Donations
The next iteration of Plasma has reached the soft feature freeze for the 6.2 version and includes a feature that could be divisive.
-
Linux Market Share Hits New High
For the first time, the Linux market share has reached a new high for desktops, and the trend looks like it will continue.
-
LibreOffice 24.8 Delivers New Features
LibreOffice is often considered the de facto standard office suite for the Linux operating system.
-
Deepin 23 Offers Wayland Support and New AI Tool
Deepin has been considered one of the most beautiful desktop operating systems for a long time and the arrival of version 23 has bolstered that reputation.
-
CachyOS Adds Support for System76's COSMIC Desktop
The August 2024 release of CachyOS includes support for the COSMIC desktop as well as some important bits for video.
-
Linux Foundation Adopts OMI to Foster Ethical LLMs
The Open Model Initiative hopes to create community LLMs that rival proprietary models but avoid restrictive licensing that limits usage.
-
Ubuntu 24.10 to Include the Latest Linux Kernel
Ubuntu users have grown accustomed to their favorite distribution shipping with a kernel that's not quite as up-to-date as other distros but that changes with 24.10.