Harden your systems with Lynis
More Customization Options
In addition to the command-line parameters, a configuration (profile) file also controls the test process. By default, Lynis orients its actions on the specifications from the default.prf
file supplied with the package. This file will probably be fine for most scenarios. You will typically only need to modify the file if you are using Lynis Enterprise. The structure and settings of the profile are explained in the comments it contains. You can tell Lynis to use your own profile from the myprofile.prf
file by passing in the parameter --profile myprofile.prf
.
You can add a number of tests to Lynis as plugins. A plugin is simply a normal shell script that begins with a couple of special comments containing details about its purpose. The script uses the functions provided by Lynis and resides in the plugins subdirectory. One example of a small plugin is the plugins/custom_plugin.template
file. For Lynis to integrate and use the plugin, you need to register it in the profile. To do so, add a line stating plugin=myplugin
for a plugin by the name of myplugin
.
Conclusions
Lynis helps administrators identify vulnerabilities and problematic configurations. The tool is only capable of discovering problems that it is familiar with, of course. In particular, any homegrown scripts or other self-programmed software will be ignored. Additionally, Lynis only provides tips; it is up to the administrator to interpret the test results. Lynis is thus only one building block in your overall security system.
Infos
- Lynis https://cisofy.com/lynis/
- Lynis Enterprise: https://cisofy.com/lynis-enterprise/
- Lynis download page: https://cisofy.com/download/lynis/
- Lynis documentation: https://cisofy.com/documentation/lynis/
« Previous 1 2 3
Buy this article as PDF
(incl. VAT)
Buy Linux Magazine
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters
Support Our Work
Linux Magazine content is made possible with support from readers like you. Please consider contributing when you’ve found an article to be beneficial.
News
-
TUXEDO Computers Unveils Linux Laptop Featuring AMD Ryzen CPU
This latest release is the first laptop to include the new CPU from Ryzen and Linux preinstalled.
-
XZ Gets the All-Clear
The back door xz vulnerability has been officially reverted for Fedora 40 and versions 38 and 39 were never affected.
-
Canonical Collaborates with Qualcomm on New Venture
This new joint effort is geared toward bringing Ubuntu and Ubuntu Core to Qualcomm-powered devices.
-
Kodi 21.0 Open-Source Entertainment Hub Released
After a year of development, the award-winning Kodi cross-platform, media center software is now available with many new additions and improvements.
-
Linux Usage Increases in Two Key Areas
If market share is your thing, you'll be happy to know that Linux is on the rise in two areas that, if they keep climbing, could have serious meaning for Linux's future.
-
Vulnerability Discovered in xz Libraries
An urgent alert for Fedora 40 has been posted and users should pay attention.
-
Canonical Bumps LTS Support to 12 years
If you're worried that your Ubuntu LTS release won't be supported long enough to last, Canonical has a surprise for you in the form of 12 years of security coverage.
-
Fedora 40 Beta Released Soon
With the official release of Fedora 40 coming in April, it's almost time to download the beta and see what's new.
-
New Pentesting Distribution to Compete with Kali Linux
SnoopGod is now available for your testing needs
-
Juno Computers Launches Another Linux Laptop
If you're looking for a powerhouse laptop that runs Ubuntu, the Juno Computers Neptune 17 v6 should be on your radar.