Lynis

LSE top 100LSE top 100Lynis (99)Lynis (99)

Tool and Usage

Project details

Year of inception
License
GPLv3
Programming language
shell script
Author
Michael Boelen
Latest release
3.0.9
Latest release date

Project health

100
This score is calculated by different factors, like project age, last release date, etc.

Introduction

Lynis is an open-source security auditing tool that is available since 2007 and created by Michael Boelen. Its primary goal is to evaluate the security defenses of systems running Linux or other flavors of Unix. It provides suggestions to install, configure, or correct any security measures.

Why this tool?

Lynis can detect vulnerabilities and configuration flaws. Where a typical vulnerability scanner will just point out vulnerabilities, Lynis aims for an in-depth audit and continuous improvement. For this reason, it needs to be executed on the host system itself. By seeing the system from the inside out, it can provide more specific details than the average vulnerability scanner.

How it works

Lynis starts with an initialization phase in where it detects the operating system. After that part is finished, the discovery of binaries and tools is done. This collecting of tools is the base for the scanning engine, that performs hundreds of individual tests. Every system will have a different set of performed tests. After completing the scan, a report with findings and suggestions is displayed.

Background information

The tool is typically used by system administrators, security professionals, and auditors. Occasionally a pentester will also use it during a security assignment to discover vulnerabilities or find possible flaws in the system to exploit.

The tests performed by Lynis are a combination of advice found in hardening guides, tips by Linux distributions and vendors, and other best practices within the field.

Lynis was originally written by Michael to automate security scans of systems he managed for his employer at the time. He devoted his spare time to replace printed hardening guides at his desk with the tool. In 2013, Michael went to full-time development on Lynis and the commercial Lynis Enterprise version.

Usage and audience

Lynis is commonly used for IT audit, penetration testing, security assessment, system hardening, or vulnerability scanning. Target users for this tool are auditors, pentesters, security professionals, and system administrators.

Features

  • Command line interface
  • Customization and additions are possible
  • Extendable with custom tests and plugins
  • Installation of tool is optional
  • Tool is modular

Example usage and output

Command: lynis audit system

Lynis security scan details:

Hardening index : 66 [############# ]
Tests performed : 271
Plugins enabled : 18

Components:
- Firewall [V]
- Malware scanner [X]

Lynis Modules:
- Compliance Status [?]
- Security Audit [V]
- Vulnerability Scan [V]

Files:
- Test and debug information : /var/log/lynis.log
- Report data : /var/log/lynis-report.dat
Output of a Lynis security scan on Linux

Tool review and remarks

The review and analysis of this project resulted in the following remarks for this security tool:

Strengths

  • + The source code is easy to read and understand
  • + More than 100 contributors
  • + More than 8000 GitHub stars
  • + Tool is easy to use
  • + Available as package (simplified installation)
  • + Commercial support available
  • + Used language is shell script
  • + Very low number of dependencies
  • + Project is mature (10+ years)
  • + The source code of this software is available

History and highlights

  • Demo at Black Hat Europe 2014 Arsenal
  • Demo at Black Hat Europe 2015 Arsenal
  • Demo at Black Hat Europe 2016 Arsenal
  • Demo at Black Hat USA 2015 Arsenal
  • First Lynis release in 2007 (November)

Author and Maintainers

Lynis is under development by Michael Boelen and maintained by CISOfy.

Installation

Supported operating systems

Lynis is known to work on AIX, FreeBSD, Linux, NetBSD, OpenBSD, Solaris, and macOS.

Installation options

  • No installation required (just extract/run)
  • Git clone
  • Package
  • Tarball (extract)
Lynis installation instructions

Lynis one-liners

Run only Lynis tests from one group
lynis audit system --tests-from-group "firewalls"

Lynis alternatives

Similar tools to Lynis:

70

YASAT

YASAT describes itself as another simple stupid audit tool to test Linux systems. It has many tests for checking the security configuration of the system.

89

OpenSCAP

Tools to assist administrators and auditors with assessment, measurement and enforcement of security baselines

64

Zeus

Zeus is a security tool to provide security audits on AWS environments. It is written in shell script and can be used for security audits.

All Lynis alternatives

This tool page was updated at . Found an improvement? Help the community by submitting an update.

Related tool information

Definitions

Technical audit
A technical audit is the process of information gathering and analysis of company assets. Typical areas that are checked are compliance with security policies.