Lynis – Security and system auditing tool
Sponsored Link
This software aims in assisting automated auditing, software patch management, vulnerability and malware scanning of Unix based systems. It can be run without prior installation, so inclusion on read only storage is no problem (USB stick, cd/dvd).
Lynis assists auditors in performing Basel II, GLBA, HIPAA, PCI DSS and SOX (Sarbanes-Oxley) compliance audits.
Intended audience:
Security specialists, penetration testers, system auditors, system/network managers.
Examples of audit tests:
-- Available authentication methods
-- Expired SSL certificates
-- Outdated software
-- User accounts without password
-- Incorrect file permissions
-- Firewall auditing
Install lynis in ubuntu
Open the terminal and run the following command
sudo apt-get install lynis
Using Lynis : Basics
To run Lynis you should meet a few requirements:
-- You have to be root (log in as normal user, su to root)
or have equivalent rights (for example by using sudo).
-- Have write access to /var/log (for using a log/debug and report file)
-- Have write access to /tmp (temporary files)
Lynis Syntax
lynis [parameters]
Parameters
-c Start the check
-h -- Shows valid parameters
-Q -- Don't wait for user input, except on errors
-V -- Check program version (and quit)
Using Lynis : Cronjobs
In case you want to create a daily report, you could create a cron job. By adding the option --cronjob all special chars will be stripped from
the output and the scan will be run completely automated (no user intervention is needed)
Example:
16 6 * * * root /path/to/lynis -c --auditor "automated" --cronjob
Though most options will be set correctly, you are still able to change other parameters where needed.
Tips:
-- If you only want to see the warnings while running Lynis as a cronjob, use the options --cronjob and --quiet together.
-- The profile option ‘pause_between_tests' can be used to increase the wait time between tests. Of course this increases the amount of time
to finish the tests, but decreases the load on the machine. If you set this option to 10 seconds and normally an amount of 60 tests is performed,this will add 600 seconds to the total amount of testing time.
-- If you want to sync the report file to a central host, you could write a small script to run Lynis and sync/copy the report file afterwards.
It looks like Lynis development has stopped since version 1.3.0 (2011-12-25).