Lynis 2.2.0 - Security Auditing Tool for Unix/Linux Systems

Admin
Lynis is an open source security auditing tool. Commonly used by system administrators, security professionals and auditors, to evaluate the security defenses of their Linux/Unix based systems. It runs on the host itself, so it can perform very extensive security scans.

Supported operating systems


The tool has almost no dependencies, therefore it runs on almost all Unix based systems and versions, including:
  • AIX
  • FreeBSD
  • HP-UX
  • Linux
  • Mac OS
  • NetBSD
  • OpenBSD
  • Solaris
  • and others
It even runs on systems like the Raspberry Pi and several storage devices!

No installation required

The tool is very flexible and easy to use. It is one of the few tools, in which installation is optional. Just place it on the system, give it a command like "audit system", and it will run. It is written in shell script and released as open source software (GPL).

How it works

Lynis performs hundreds of individual tests, to determine the security state of the system. The security scan itself consists of performing a set of steps, from initialization the program, up to the report.

Steps
  1. Determine operating system
  2. Search for available tools and utilities
  3. Check for Lynis update
  4. Run tests from enabled plugins
  5. Run security tests per category
  6. Report status of security scan
During the scan, technical details about the scan are stored in a log file. At the same time findings (warnings, suggestions, data collection), are stored in a report file.

Opportunistic scanning

Lynis scanning is opportunistic: it uses what it can find.
For example if it sees you are running Apache, it will perform an initial round of Apache related tests. When during the Apache scan it also discovers a SSL/TLS configuration, it will perform additional auditing steps on that. While doing that, it then will collect discovered certificates, so they can be scanned later as well.

In-depth security scans

By performing opportunistic scanning, the tool can run with almost no dependencies. The more it finds, the deeper the audit will be. In other words, Lynis will always perform scans which are customized to your system. No audit will be the same!

Use cases

Since Lynis is flexible, it is used for several different purposes. Typical use cases for Lynis include:
  • Security auditing
  • Compliance testing (e.g. PCI, HIPAA, SOx)
  • Vulnerability detection and scanning
  • System hardening

Resources used for testing

Many other tools use the same data files for performing tests. Since Lynis is not limited to a few common Linux distributions, it uses tests from standards and many custom ones not found in any other tool.
  • Best practices
  • CIS
  • NIST
  • NSA
  • OpenSCAP data
  • Vendor guides and recommendations (e.g. Debian Gentoo, Red Hat)

Parameters
--auditor "Given name Surname"     Assign an auditor name to the audit (report)
--checkall  -c  Start the check
--check-update     Check if Lynis is up-to-date
--cronjob     Run Lynis as cronjob (includes -c -Q)
--help  -h  Shows valid parameters
--manpage     View man page
--nocolors     Do not use any colors
--pentest     Perform a penetration test scan (non-privileged)
--quick  -Q  Don't wait for user input, except on errors
--quiet     Only show warnings (includes --quick, but doesn't wait)
--reverse-colors   Use a different color scheme for lighter backgrounds
--version  -V  Check program version (and quit)

Changelog
Lynis 2.2.0
= Lynis 2.2.0 (2016-03-18) =

We are proud to present this new release of Lynis. It is a major upgrade, and the
result of many months of work. This version includes new features and tests, and
many small enhancements. We encourage all to test and upgrade to this latest
release.

* Highlights
------------
The biggest change in this release is the optimization of several functions. It
allows for better detection, and dealing with the quirks, of every single
operating system. Some functions were fortified to handle unexcepted results
better, like missing a particular binary, or not returning the hostname.

This release also enables tests to be shorter, by adding new functions. Some
functions were renamed or slightly changed, to provide more value to the tooling.
Another big change in this release is a wide set of optimizations and quality
testing. Outdated pieces were removed, or rewritten, to support features seen in
newer distributions.

In the area of compliance, adjustments have been made to start supporting more
in-depth testing for this. Ideal for companies who have a particular compliance
need, or want to test and enforce the system hardening levels of their systems.

Last but not least, many small changes make this software easier to use. On
our website we added new guides to provide help and support.

We like to thank our contributors, in particular Kamil Boratyński, Steve Bosek,
and Eric Light. Their contributions helped us greatly shaping this release.