April 25, 2013 · Security, Server · Email This Post

Sponsored Link
Lynis is an auditing tool for Unix (specialists). It scans the system and available software, to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes.

This software aims in assisting automated auditing, software patch management, vulnerability and malware scanning of Unix based systems. It can be run without prior installation, so inclusion on read only storage is no problem (USB stick, cd/dvd).

Lynis assists auditors in performing Basel II, GLBA, HIPAA, PCI DSS and SOX (Sarbanes-Oxley) compliance audits.

Intended audience:

Security specialists, penetration testers, system auditors, system/network managers.

Examples of audit tests:

- Available authentication methods
- Expired SSL certificates
- Outdated software
- User accounts without password
- Incorrect file permissions
- Firewall auditing

Install lynis in ubuntu

Open the terminal and run the following command

sudo apt-get install lynis

Using Lynis : Basics

To run Lynis you should meet a few requirements:

-- You have to be root (log in as normal user, su to root)
or have equivalent rights (for example by using sudo).
-- Have write access to /var/log (for using a log/debug and report file)
-- Have write access to /tmp (temporary files)

Lynis Syntax

lynis [parameters]

Parameters

-c Start the check

-h -- Shows valid parameters

-Q -- Don't wait for user input, except on errors

-V -- Check program version (and quit)

Using Lynis : Cronjobs

In case you want to create a daily report, you could create a cron job. By adding the option --cronjob all special chars will be stripped from
the output and the scan will be run completely automated (no user intervention is needed)

Example:

16 6 * * * root /path/to/lynis -c --auditor "automated" --cronjob

Though most options will be set correctly, you are still able to change other parameters where needed.

Tips:

-- If you only want to see the warnings while running Lynis as a cronjob, use the options --cronjob and --quiet together.
-- The profile option ‘pause_between_tests' can be used to increase the wait time between tests. Of course this increases the amount of time
to finish the tests, but decreases the load on the machine. If you set this option to 10 seconds and normally an amount of 60 tests is performed,this will add 600 seconds to the total amount of testing time.
-- If you want to sync the report file to a central host, you could write a small script to run Lynis and sync/copy the report file afterwards.

Sponsored Link

Incoming search terms:

Related posts

1 Comment to “Lynis – Security and system auditing tool”

  1. dcsln says:

    It looks like Lynis development has stopped since version 1.3.0 (2011-12-25).

    [Reply]

Leave a Reply