Installation and Configuration of Lynis
- 1. Introduction
- 2. Deployment
- 2.1. Tarball
- 2.2. Git
- 2.3. Package
- 2.4. Automation
- 3. First security scan
- 3.1. Directory and files
During this guide, the following machines are used: web01
Last updated at June 30, 2017
Lynis is a system auditing tool focus on Linux, macOS, BSD, and other Unix-derivatives. It is written in shell script, which makes it easy to deploy and requires almost other software components. The Lynis project is created by Michael Boelen, who is also known as the author of Rootkit Hunter (rkhunter. Lynis was first released in 2007.
Most software packages need to be installed. Lynis is an exception here, as installation is optional. In this section, we look at several options on how to deploy the software.
Via the website of CISOfy, download the tarball. Create a specific directory and extract the tarball.
tar xvzf tarball.tar.gz
Extract a tarball by using extract verbosely and using gzipped support
Another way to deploy Lynis is by using GitHub. With the 'git clone' command, you typically get a more recent version than using a tarball or package. If you are familiar with shell scripting, you can even chime in and provide improvements in the form of a pull request.
git clone https://github.com/CISOfy/lynis
Clone the Lynis project with the 'git clone' command
Using a package is the most common method of installing Lynis. Simply use your package manager and tell it to install the latest version of Lynis.
Automation is a great way to save time and do repeating tasks. The deployment of a software package like Lynis may be automated with tools like Ansible, Chef, Puppet, or Salt Stack.
3. First security scan
When Lynis is installed on the system, it is time to learn more about how the tool works. We will first look at the directory structure, its components, and important files. If you are using tmux, consider splitting the screen vertically. With the left pane look into the files, while having the structure at the right pane. Otherwise use two terminal windows, each at 50% width.
Directory and files
The 'lynis' command is the main software component. It is responsible for initializing the program and to guide the security scan. When using a package, this file is stored in a 'bin' directory, like /usr/bin.
The Lynis program has modular design. It retrieves the required components from the 'include' directory. This directory contains the required logic to test which operating system is being used. The generic program functions are being included as well, together with the collection of security tests.
To make Lynis even more modular, plugins can be added to the program. These are custom tests to be performed during the execution of the program.
Definitions and Terms
Below are the relevant definitions and terms for this training guide.