-->

Linux Hardening with Lynis

Lynis is a powerful open source auditing tool for Unix/Linux like operating systems. It scans the system for security information, general system information, installed software information, configuration mistakes, security issues, user accounts without password, wrong file permissions, firewall auditing, etc.

Lynis is also one of the most trusted automated auditing tools for software patch management, malware scanning and vulnerability detecting in Unix/Linux based systems. This tool is useful for auditors, network and system administrators, security specialists and penetration testers.

Installing Lynis in Ubuntu

This application doesn’t require any installation, it can be used directly from any directory. So, it’s a good idea to create a custom directory for Lynis:

sudo mkdir /usr/local/lynis

Download the stable version of Lynis from the website and unpack it:

cd /usr/local/lynis

sudo wget https://cisofy.com/files/lynis-2.4.0.tar.gz

image

Unpack the tarball

sudo tar -xvf lynis-2.4.0.tar.gz

image

 

Running Lynis

You must be root user to run Lynis, because it creates and writes output to /var/log/lynis.log file. Therefore, to run Lynis execute the following commands:

cd lynis

./lynis

By running ./lynis without any option, it will provide you a complete list of available parameters and goes back to the shell prompt:

image

To start the Lynis analysis, you must define the proper parameter to begin scanning of your entire Linux system. Use the following command to start scanning:

sudo ./lynis audit system --quick

The "quick" option will run the scanner without any pauses between sections and will allow you to run Lynis while you doing other things.

image  

Lynis Scanning Results

While scanning, you will see output as [OK] or [WARNING] where the first is considered as a good result and the later as bad. You should take corrective steps to fix those issues after reading logs at /var/log/lynis.log.

Ubuntu 16.04 LTS results:

image

image

Fedora Workstation 25 results:

image

image

CentOS 7-1611 Core results:

image

image

In most cases, the application provides suggestions to fix problems.

However, you should follow the provided links to get more info:

  • https://cisofy.com/controls/AUTH-XXXX
  • https://cisofy.com/controls/FILE-XXXX

Or go to the general page with info on all Lynis controls

Updating Lynis

Lynis is often updated so you should check the status of your version on a regular basis:

./lynis update info

If outdated, go to the Cisofy downloads page and get the latest version

Previous post: Linux Hardening with Tiger

Next post: Linux Hardening with OpenVAS