bsdnerds logo

bsdnerds.org

What is Lynis?

Lynis represents an open source command line, but it is also an audit tool for Linux.

It establishes an overview of data and security problems. Developers believe it is a reliable solution for establishing one of the safest systems.

Lynis comes with a main management tool, an implementation and reporting plan, along with several plugins.

It is used to test the security of system, audits.

What is Lynis used for?

Lynis is a versatile tool, which allows distinct usages. Yet the most common situations in which Lynis is applied are:

  • Security auditing
  • Compliance verification
  • Penetration testing
  • Vulnerability verification
  • System hardening
    Also, there are several audience cases for which Lynis can be applied:
  • Developers can verify the Docker image, or better the hardening of deployed web apps;
  • System administrators can use Lynis on daily basis to scan for weaknesses in the security system;
  • IT auditors can present a thorough representation on how to better security;
  • Penetration supervisors can identify security breaches on systems, that have the power to compromise the system.

How to install

To install lynis, you can use the command:

$ sudo apt install lynis

Scan

To scan your system with Lynis, you can run this command:

$ lynis audit system

Lynis will run through your files and scan your system for malware. It shows the results in the terminal.

To do a detailed scan, you can tell Lynis to scan the complete system with the -c flag.

$ lynis audit system -c

Like the demo below:

lynis security scan on linux

I interrupted the scan (Ctrl+c), but it will report on everything about your system.

How Lynis works

Lynis allows a modular scanning, identifying that it will make use and test the components that it can identify, including available system tools or libraries.

The main advantage of Lynis is the fact that it requires no installation of other tools. Therefore, it maintains your system clean and without hassle.

This tool can function with almost no dependencies. Besides, the more components it discovers, the broader the audit will become. Lynis will provide scan specially designed to a particular system, meaning that no result will be identical.

The steps that need to be taken while using Lynis are:

  1. Initialization
  2. Standard check-ups
  3. Identification of the operating system and its tools
  4. Identification of available software components
  5. Identification of the latest Lynis version
  6. Activation of plugins
  7. Activation of security tests per category
  8. The possibility to tun an optional custom test
  9. Access of a report status about the security scan
lynis scan report

Also, the distinct identifiers allow the user to tune a security scan. As an example, if a test is too restrictive, it can be disabled without hassle. This will get you access to a newer, and optimal system audit for your situation.

Lynis comes with the possibility of using distinct plugins, as they are a modular extension to it. In turn, this will gather more system data, offering a more realistic security report. All the data collected can be accessed in the Lynis report file.

There are several advantages that come from using Lynis, including a faster solution scanning, no pollution of log files, a lower risk of activity disruption, or a host-based scan for a thorough audit.

It runs on almost all UNIX-based systems, while it can be run on systems such as Raspberry Pi, IoT devices, or QNAP devices. And the best thing about Lynis is that it wont break your system due to the in-depth scan.