Lynis Linux Security Auditing tool in RHEL/CentOS 6.3/5.6
Lynis is an open source security auditing tool. Primary goal is to help users with auditing and hardening of Unix and Linux based systems. The software is very flexible and runs on almost every Unix based system (including Mac). Even the installation of the software itself is optional!
How it works
Lynis will perform hundreds of individual tests to determine the security state of the system. Many of these tests are also part of common security guidelines and standards. Examples include searching for installed software and determine possible configuration flaws. Lynis goes further and does also test individual software components, checks related configuration files and measures performance. After these tests, a scan report will be displayed with all discovered findings.
Typical use cases for Lynis:
- Security auditing
- Vulnerability scanning
- System hardening
Why open source?
Open source software provides trust by having people look into the code. Adjustments are easily made, providing you with a flexible solution for your business. But can you trust systems and software with your data? Lynis provides you this confidence. It does so with extensive auditing of your systems. This way you can verify and stay in control of your security needs.
Installation steps for Lynis Linux Security Auditing tool
Lynis doesn’t required any installation, it can be used directly from any directory. So, its good idea to create a custom directory for Lynis under /usr/local/lynis.
Download stable version of Lynis source files from the trusted website using wget command and unpack it using tar command as shown below.
cd /usr/local/lynis wget http://www.rootkit.nl/files/lynis-1.3.0.tar.gz tar -xvf lynis-1.3.0.tar.gz
Running and Using Lynis Basics
You must be root user to run Lynis, because it creates and writes output to /var/log/lynis.log file. To run Lynis execute the following command.
cd lynis-1.3.0 ./lynis --check-all
Once, you execute above command it will start scanning your system and ask you to Press [Enter] to continue, or [CTRL]+C to stop) every process it scans and completes. See figure attached below.
To prevent such acknowledgment (i.e. “press enter to continue”) from user while scanning, you need use -c and -Q parameters as shown below.
./lynis -c -Q
Creating Lynis Cronjobs
Add the folloiwng cron job with option –cronjob all the special characters will be ignored from the output and the scan will run completely automated.
20 20 * * * /usr/local/lynis/lynis-1.3.0/lynis -c -Q --auditor "automated" --cronjob
The above example cron job will run daily at 8:20pm in the night and creates a daily report under /var/log/lynis.log file.
Some of the Lynis parameters for your reference.
- –checkall or -c : Start the scan.
- –check-update : Checks for Lynis update.
- –cronjob : Runs Lynis as cronjob (includes -c -Q).
- –help or -h : Shows valid parameters
- –quick or -Q : Don’t wait for user input, except on errors
- –version or -V : Shows Lynis version.