How to install and use Lynis on CentOS


Lynis is an open source and much powerful auditing tool for Unix/Linux like operating systems. It scans system for security information, general system information, installed and available software information, configuration Lynis is a security auditing tool for UNIX derivatives like Linux, macOS, BSD, Solaris, AIX, and others. It performs an in-depth security scan. Software packages are available via https://packages.cisofy.com.

A new major upgrade version of Lynis 2.7.5 is released just now, after months of development, which comes with some new features and tests, and many small improvements. I encourage all Linux users to test and upgrade to this most recent version of Lynis.

Home page: https://cisofy.com/

Product features

  • in-depth audits In-depth audits by host based scanning
  • optional installation Installation is optional
  • no dependencies Even dependencies are optional
  • Unix, Linux, BSD and macOS supported All Unix, Linux, BSD and macOS versions
  • Free version available Free community version available
  • Action plans Action plans, with priority based hardening strategies
  • Discover vulnerabilities Find undiscovered vulnerabilities
  • Compliance testing Compliance testing (PCI, HIPAA, SOx and others)
  • Intrusion detection and monitoring Detect intruders and monitor for configuration issues
  • Continuous auditing Continuous auditing, discover changes
  • Layered dashboards Layered dashboards (technical and managerial)
  • Reporting and data exports Reporting and data export
  • User management Different levels of user access
  • open source components Open source software

In this article we are going to show you how to install Lynis 2.7.5 (Linux Auditing Tool) in Linux systems using source tarball files.

Installation of Lynis:
Step 1: Create or use any directory to store Lynis. e.g /usr/local/lynis

mkdir /usr/local/lynis

Step 2: change directory to this directory then download Lynis source tarball file

cd /usr/local/lynis
wget https://downloads.cisofy.com/lynis/lynis-2.7.5.tar.gz

You can go to this link to find download links

Result:

[root@tutorialspots ~]# mkdir /usr/local/lynis
[root@tutorialspots ~]# cd /usr/local/lynis
[root@tutorialspots lynis]# wget https://downloads.cisofy.com/lynis/lynis-2.7.5.tar.gz
--2019-12-23 14:02:20--  https://downloads.cisofy.com/lynis/lynis-2.7.5.tar.gz
Resolving downloads.cisofy.com (downloads.cisofy.com)... 2a01:7c8:aac2:37b::1, 37.97.194.171
Connecting to downloads.cisofy.com (downloads.cisofy.com)|2a01:7c8:aac2:37b::1|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 288688 (282K) [application/octet-stream]
Saving to: ‘lynis-2.7.5.tar.gz’

100%[======================================>] 288,688      601KB/s   in 0.5s

2019-12-23 14:02:22 (601 KB/s) - ‘lynis-2.7.5.tar.gz’ saved [288688/288688]

download lynis

Step 3: Unpack the source tarball

tar -xvf lynis-2.7.5.tar.gz

Result:

[root@downappz lynis]# tar -xvf lynis-2.7.5.tar.gz
lynis/CHANGELOG.md
lynis/CODE_OF_CONDUCT.md
lynis/CONTRIBUTING.md
lynis/CONTRIBUTORS.md
lynis/FAQ
lynis/INSTALL
lynis/LICENSE
lynis/README
lynis/db/
lynis/db/languages/
lynis/db/languages/da
lynis/db/languages/ru
lynis/db/languages/sk
lynis/db/languages/he
lynis/db/languages/pl
lynis/db/languages/gr
lynis/db/languages/pt
lynis/db/languages/en-GB
lynis/db/languages/fr
lynis/db/languages/en
lynis/db/languages/de
lynis/db/languages/cn
lynis/db/languages/br
lynis/db/languages/nl-BE
lynis/db/languages/nl-NL
lynis/db/languages/ko
lynis/db/languages/tr
lynis/db/languages/hu
lynis/db/languages/es
lynis/db/languages/se
lynis/db/languages/ja
lynis/db/languages/nl
lynis/db/languages/en-US
lynis/db/languages/az
lynis/db/languages/fi
lynis/db/languages/nb-NO
lynis/db/languages/it
lynis/db/tests.db
lynis/db/malware.db
lynis/db/integrity.db
lynis/db/hints.db
lynis/db/software-eol.db
lynis/db/malware-susp.db
lynis/db/fileperms.db
lynis/db/sbl.db
lynis/default.prf
lynis/developer.prf
lynis/extras/
lynis/extras/build-lynis.sh
lynis/extras/bash_completion.d/
lynis/extras/bash_completion.d/lynis
lynis/extras/systemd/
lynis/extras/systemd/lynis.timer
lynis/extras/systemd/lynis.service
lynis/extras/README
lynis/extras/files.dat
lynis/extras/openbsd/
lynis/extras/openbsd/+CONTENTS
lynis/extras/lynis.spec
lynis/extras/travis-ci/
lynis/extras/travis-ci/before_script.sh
lynis/extras/check-lynis.sh
lynis/include/
lynis/include/tests_system_integrity
lynis/include/tests_usb
lynis/include/tests_homedirs
lynis/include/profiles
lynis/include/tests_kernel_hardening
lynis/include/tool_tips
lynis/include/tests_networking
lynis/include/helper_update
lynis/include/tests_virtualization
lynis/include/tests_banners
lynis/include/helper_generate
lynis/include/functions
lynis/include/tests_filesystems
lynis/include/parameters
lynis/include/tests_file_integrity
lynis/include/tests_php
lynis/include/tests_databases
lynis/include/tests_accounting
lynis/include/tests_file_permissions
lynis/include/tests_storage
lynis/include/tests_custom.template
lynis/include/helper_system_remote_scan
lynis/include/data_upload
lynis/include/tests_squid
lynis/include/tests_ports_packages
lynis/include/tests_scheduling
lynis/include/binaries
lynis/include/tests_authentication
lynis/include/tests_logging
lynis/include/tests_time
lynis/include/tests_printers_spools
lynis/include/tests_containers
lynis/include/tests_webservers
lynis/include/tests_insecure_services
lynis/include/tests_tooling
lynis/include/tests_storage_nfs
lynis/include/osdetection
lynis/include/tests_ssh
lynis/include/tests_mail_messaging
lynis/include/consts
lynis/include/tests_memory_processes
lynis/include/tests_ldap
lynis/include/tests_malware
lynis/include/tests_crypto
lynis/include/report
lynis/include/helper_configure
lynis/include/tests_dns
lynis/include/tests_snmp
lynis/include/tests_shells
lynis/include/helper_audit_dockerfile
lynis/include/helper_show
lynis/include/tests_hardening
lynis/include/tests_mac_frameworks
lynis/include/tests_firewalls
lynis/include/tests_nameservices
lynis/include/tests_boot_services
lynis/include/tests_kernel
lynis/lynis
lynis/lynis.8
lynis/plugins/
lynis/plugins/custom_plugin.template
lynis/plugins/README

Use Lynis
You must use account root to run Lynis
Step 1: change directory to child folder lynis (/usr/local/lynis/lynis)

cd lynis

See help documentation:

./lynis -h

Result:

[root@tutorialspots lynis]# ./lynis -h

[ Lynis 2.7.5 ]

################################################################################
  Lynis comes with ABSOLUTELY NO WARRANTY. This is free software, and you are
  welcome to redistribute it under the terms of the GNU General Public License.
  See the LICENSE file for details about using this software.

  2007-2019, CISOfy - https://cisofy.com/lynis/
  Enterprise support available (compliance, plugins, interface and tools)
################################################################################


[+] Initializing program
------------------------------------


  Usage: lynis command [options]


  Command:

    audit
        audit system                  : Perform local security scan
        audit system remote <host>    : Remote security scan
        audit dockerfile <file>       : Analyze Dockerfile

    show
        show                          : Show all commands
        show version                  : Show Lynis version
        show help                     : Show help

    update
        update info                   : Show update details


  Options:

    --no-log                          : Don't create a log file
    --pentest                         : Non-privileged scan (useful for pentest)
    --profile <profile>               : Scan the system with the given profile file
    --quick (-Q)                      : Quick mode, don't wait for user input

    Layout options
    --no-colors                       : Don't use colors in output
    --quiet (-q)                      : No output
    --reverse-colors                  : Optimize color display for light backgrounds

    Misc options
    --debug                           : Debug logging to screen
    --view-manpage (--man)            : View man page
    --verbose                         : Show more details on screen
    --version (-V)                    : Display version number and quit

    Enterprise options
    --plugindir <path>                : Define path of available plugins
    --upload                          : Upload data to central node

    More options available. Run './lynis show options', or use the man page.

Step 2: To perform local security scan

./lynis audit system

Result:

[root@tutorialspots lynis]# ./lynis audit system

[ Lynis 2.7.5 ]

################################################################################
  Lynis comes with ABSOLUTELY NO WARRANTY. This is free software, and you are
  welcome to redistribute it under the terms of the GNU General Public License.
  See the LICENSE file for details about using this software.

  2007-2019, CISOfy - https://cisofy.com/lynis/
  Enterprise support available (compliance, plugins, interface and tools)
################################################################################


[+] Initializing program
------------------------------------
  - Detecting OS...                                           [ DONE ]
  - Checking profiles...                                      [ DONE ]

  ---------------------------------------------------
  Program version:           2.7.5
  Operating system:          Linux
  Operating system name:     CentOS
  Operating system version:  CentOS Linux release 7.5.1804 (Core)
  Kernel version:            3.10.0
  Hardware platform:         x86_64
  Hostname:                  tutorialspots
  ---------------------------------------------------
  Profiles:                  /usr/local/lynis/lynis/default.prf
  Log file:                  /var/log/lynis.log
  Report file:               /var/log/lynis-report.dat
  Report version:            1.0
  Plugin directory:          ./plugins
  ---------------------------------------------------
  Auditor:                   [Not Specified]
  Language:                  en
  Test category:             all
  Test group:                all
  ---------------------------------------------------
  - Program update status...                                  [ NO UPDATE ]

      ===============================================================================
        Lynis update available
      ===============================================================================

        Current version is more than 4 months old

        Current version : 275   Latest version : 275

        Please update to the latest version.
        New releases include additional features, bug fixes, tests, and baselines.

        Download the latest version:

        Packages (DEB/RPM) -  https://packages.cisofy.com
        Website (TAR)      -  https://cisofy.com/downloads/
        GitHub (source)    -  https://github.com/CISOfy/lynis

      ===============================================================================


[+] System Tools
------------------------------------
  - Scanning available tools...
  - Checking system binaries...
/usr/bin/mysql: unknown variable 'innodb_force_recovery=6'

[+] Plugins (phase 1)
------------------------------------
 Note: plugins have more extensive tests and may take several minutes to complete

  - Plugins enabled                                           [ NONE ]

[+] Boot and services
------------------------------------
  - Service Manager                                           [ systemd ]
  - Checking UEFI boot                                        [ DISABLED ]
  - Checking presence GRUB2                                   [ FOUND ]
    - Checking for password protection                        [ OK ]
  - Check running services (systemctl)                        [ DONE ]
        Result: found 19 running services
  - Check enabled services at boot (systemctl)                [ DONE ]
        Result: found 35 enabled services
  - Check startup files (permissions)                         [ OK ]

[+] Kernel
------------------------------------
  - Checking default runlevel                                 [ runlevel 3 ]
  - Checking CPU support (NX/PAE)
    CPU support: PAE and/or NoeXecute supported               [ FOUND ]
  - Checking kernel version and release                       [ DONE ]
  - Checking kernel type                                      [ DONE ]
  - Checking loaded kernel modules                            [ DONE ]
      Found 79 active modules
  - Checking Linux kernel configuration file                  [ FOUND ]
  - Checking default I/O kernel scheduler                     [ FOUND ]
  - Checking core dumps configuration                         [ DISABLED ]
    - Checking setuid core dumps configuration                [ DEFAULT ]
  - Check if reboot is needed                                 [ NO ]

[+] Memory and Processes
------------------------------------
  - Checking /proc/meminfo                                    [ FOUND ]
  - Searching for dead/zombie processes                       [ OK ]
  - Searching for IO waiting processes                        [ OK ]

[+] Users, Groups and Authentication
------------------------------------
  - Administrator accounts                                    [ OK ]
  - Unique UIDs                                               [ OK ]
  - Consistency of group files (grpck)                        [ OK ]
  - Unique group IDs                                          [ OK ]
  - Unique group names                                        [ OK ]
  - Password file consistency                                 [ OK ]
  - Query system users (non daemons)                          [ DONE ]
  - NIS+ authentication support                               [ NOT ENABLED ]
  - NIS authentication support                                [ NOT ENABLED ]
  - sudoers file                                              [ FOUND ]
    - Permissions for directory: /etc/sudoers.d               [ OK ]
    - Permissions for: /etc/sudoers                           [ OK ]
  - PAM password strength tools                               [ OK ]
  - PAM configuration file (pam.conf)                         [ NOT FOUND ]
  - PAM configuration files (pam.d)                           [ FOUND ]
./lynis audit system  - PAM modules                                             [ FOUND ]
  - LDAP module in PAM                                        [ NOT FOUND ]
  - Accounts without expire date                              [ OK ]
  - Accounts without password                                 [ OK ]
  - Checking user password aging (minimum)                    [ DISABLED ]
  - User password aging (maximum)                             [ DISABLED ]
  - Checking expired passwords                                [ OK ]
  - Checking Linux single user mode authentication            [ OK ]
  - Determining default umask
    - umask (/etc/profile and /etc/profile.d)                 [ SUGGESTION ]
    - umask (/etc/login.defs)                                 [ OK ]
    - umask (/etc/init.d/functions)                           [ SUGGESTION ]
  - LDAP authentication support                               [ NOT ENABLED ]
  - Logging failed login attempts                             [ DISABLED ]

[+] Shells
------------------------------------
  - Checking shells from /etc/shells
    Result: found 6 shells (valid shells: 6).
    - Session timeout settings/tools                          [ NONE ]
  - Checking default umask values
    - Checking default umask in /etc/bashrc                   [ WEAK ]
    - Checking default umask in /etc/csh.cshrc                [ WEAK ]
    - Checking default umask in /etc/profile                  [ WEAK ]

[+] File systems
------------------------------------
  - Checking mount points
    - Checking /home mount point                              [ SUGGESTION ]
    - Checking /tmp mount point                               [ SUGGESTION ]
    - Checking /var mount point                               [ SUGGESTION ]
  - Query swap partitions (fstab)                             [ NONE ]
  - Testing swap partitions                                   [ OK ]
  - Testing /proc mount (hidepid)                             [ SUGGESTION ]
  - Checking for old files in /tmp                            [ OK ]
  - Checking /tmp sticky bit                                  [ OK ]
  - Checking /var/tmp sticky bit                              [ OK ]
  - ACL support root file system                              [ ENABLED ]
  - Mount options of /                                        [ OK ]
  - Disable kernel support of some filesystems
    - Discovered kernel modules: cramfs squashfs udf

[+] USB Devices
------------------------------------
  - Checking usb-storage driver (modprobe config)             [ NOT DISABLED ]
  - Checking USB devices authorization                        [ ENABLED ]
  - Checking USBGuard                                         [ NOT FOUND ]

[+] Storage
------------------------------------
  - Checking firewire ohci driver (modprobe config)           [ NOT DISABLED ]

[+] NFS
------------------------------------
  - Check running NFS daemon                                  [ NOT FOUND ]

[+] Name services
------------------------------------
  - Searching DNS domain name                                 [ FOUND ]
      Domain name: com
  - Checking /etc/hosts
    - Checking /etc/hosts (duplicates)                        [ OK ]
    - Checking /etc/hosts (hostname)                          [ OK ]
    - Checking /etc/hosts (localhost)                         [ SUGGESTION ]
    - Checking /etc/hosts (localhost to IP)                   [ OK ]

[+] Ports and packages
------------------------------------
  - Searching package managers
    - Searching RPM package manager                           [ FOUND ]
      - Querying RPM package manager
  - YUM package management consistency                        [ OK ]
  - Checking package database duplicates                      [ OK ]
...

Watch Lynis scan result:

cat /var/log/lynis.log|more

Leave a Reply