Lynis Linux Security Auditing tool in RHEL/CentOS 6.3/5.6

Lynis

Lynis is an open source security auditing tool. Primary goal is to help users with auditing and hardening of Unix and Linux based systems. The software is very flexible and runs on almost every Unix based system (including Mac). Even the installation of the software itself is optional!

How it works

Lynis will perform hundreds of individual tests to determine the security state of the system. Many of these tests are also part of common security guidelines and standards. Examples include searching for installed software and determine possible configuration flaws. Lynis goes further and does also test individual software components, checks related configuration files and measures performance. After these tests, a scan report will be displayed with all discovered findings.

Typical use cases for Lynis:

  • Security auditing
  • Vulnerability scanning
  • System hardening

Why open source?

Open source software provides trust by having people look into the code. Adjustments are easily made, providing you with a flexible solution for your business. But can you trust systems and software with your data? Lynis provides you this confidence. It does so with extensive auditing of your systems. This way you can verify and stay in control of your security needs.

Installation steps for Lynis Linux Security Auditing tool

Lynis doesn’t required any installation, it can be used directly from any directory. So, its good idea to create a custom directory for Lynis under /usr/local/lynis.

mkdir /usr/local/lynis

Download stable version of Lynis source files from the trusted website using wget command and unpack it using tar command as shown below.

cd /usr/local/lynis
wget http://www.rootkit.nl/files/lynis-1.3.0.tar.gz
tar -xvf lynis-1.3.0.tar.gz

Running and Using Lynis Basics

You must be root user to run Lynis, because it creates and writes output to /var/log/lynis.log file. To run Lynis execute the following command.

cd lynis-1.3.0
./lynis --check-all

Once, you execute above command it will start scanning your system and ask you to Press [Enter] to continue, or [CTRL]+C to stop) every process it scans and completes. See figure attached below.

To prevent such acknowledgment (i.e. “press enter to continue”) from user while scanning, you need use -c and -Q parameters as shown below.

./lynis -c -Q

Creating Lynis Cronjobs

Add the folloiwng cron job with option –cronjob all the special characters will be ignored from the output and the scan will run completely automated.

20	20	*	*	*    /usr/local/lynis/lynis-1.3.0/lynis -c -Q --auditor "automated" --cronjob

The above example cron job will run daily at 8:20pm in the night and creates a daily report under /var/log/lynis.log file.

Lynis Parameters

Some of the Lynis parameters for your reference.

  • –checkall or -c : Start the scan.
  • –check-update : Checks for Lynis update.
  • –cronjob : Runs Lynis as cronjob (includes -c -Q).
  • –help or -h : Shows valid parameters
  • –quick or -Q : Don’t wait for user input, except on errors
  • –version or -V : Shows Lynis version.

Balvinder Singh

Hello, I am Balvinder Singh - DevOps Engineer with 2.5+ year of working experience with different server environments. Tag Line:-Linux | AWS| WHM |Monitoring | Virtualization | Optimization | Performance | Security | Release & Deployment. I love helping companies / clients to deploy their code / applicateions to well managed, optimized, secure server and can go extra mile to satisfy.

You may also like...

Leave a Reply

Your email address will not be published.