Lynis is an open source and much powerful auditing tool for Unix/Linux like operating systems. It scans system for security information, general system information, installed and available software information, configuration Lynis is a security auditing tool for UNIX derivatives like Linux, macOS, BSD, Solaris, AIX, and others. It performs an in-depth security scan. Software packages are available via https://packages.cisofy.com.
A new major upgrade version of Lynis 2.7.5 is released just now, after months of development, which comes with some new features and tests, and many small improvements. I encourage all Linux users to test and upgrade to this most recent version of Lynis.
Home page: https://cisofy.com/
Product features
In-depth audits by host based scanning
Installation is optional
Even dependencies are optional
All Unix, Linux, BSD and macOS versions
Free community version available
Action plans, with priority based hardening strategies
Find undiscovered vulnerabilities
Compliance testing (PCI, HIPAA, SOx and others)
Detect intruders and monitor for configuration issues
Continuous auditing, discover changes
Layered dashboards (technical and managerial)
Reporting and data export
Different levels of user access
Open source software
In this article we are going to show you how to install Lynis 2.7.5 (Linux Auditing Tool) in Linux systems using source tarball files.
Installation of Lynis:
Step 1: Create or use any directory to store Lynis. e.g /usr/local/lynis
mkdir /usr/local/lynis
Step 2: change directory to this directory then download Lynis source tarball file
cd /usr/local/lynis wget https://downloads.cisofy.com/lynis/lynis-2.7.5.tar.gz
You can go to this link to find download links
Result:
[root@tutorialspots ~]# mkdir /usr/local/lynis [root@tutorialspots ~]# cd /usr/local/lynis [root@tutorialspots lynis]# wget https://downloads.cisofy.com/lynis/lynis-2.7.5.tar.gz --2019-12-23 14:02:20-- https://downloads.cisofy.com/lynis/lynis-2.7.5.tar.gz Resolving downloads.cisofy.com (downloads.cisofy.com)... 2a01:7c8:aac2:37b::1, 37.97.194.171 Connecting to downloads.cisofy.com (downloads.cisofy.com)|2a01:7c8:aac2:37b::1|:443... connected. HTTP request sent, awaiting response... 200 OK Length: 288688 (282K) [application/octet-stream] Saving to: ‘lynis-2.7.5.tar.gz’ 100%[======================================>] 288,688 601KB/s in 0.5s 2019-12-23 14:02:22 (601 KB/s) - ‘lynis-2.7.5.tar.gz’ saved [288688/288688]
Step 3: Unpack the source tarball
tar -xvf lynis-2.7.5.tar.gz
Result:
[root@downappz lynis]# tar -xvf lynis-2.7.5.tar.gz lynis/CHANGELOG.md lynis/CODE_OF_CONDUCT.md lynis/CONTRIBUTING.md lynis/CONTRIBUTORS.md lynis/FAQ lynis/INSTALL lynis/LICENSE lynis/README lynis/db/ lynis/db/languages/ lynis/db/languages/da lynis/db/languages/ru lynis/db/languages/sk lynis/db/languages/he lynis/db/languages/pl lynis/db/languages/gr lynis/db/languages/pt lynis/db/languages/en-GB lynis/db/languages/fr lynis/db/languages/en lynis/db/languages/de lynis/db/languages/cn lynis/db/languages/br lynis/db/languages/nl-BE lynis/db/languages/nl-NL lynis/db/languages/ko lynis/db/languages/tr lynis/db/languages/hu lynis/db/languages/es lynis/db/languages/se lynis/db/languages/ja lynis/db/languages/nl lynis/db/languages/en-US lynis/db/languages/az lynis/db/languages/fi lynis/db/languages/nb-NO lynis/db/languages/it lynis/db/tests.db lynis/db/malware.db lynis/db/integrity.db lynis/db/hints.db lynis/db/software-eol.db lynis/db/malware-susp.db lynis/db/fileperms.db lynis/db/sbl.db lynis/default.prf lynis/developer.prf lynis/extras/ lynis/extras/build-lynis.sh lynis/extras/bash_completion.d/ lynis/extras/bash_completion.d/lynis lynis/extras/systemd/ lynis/extras/systemd/lynis.timer lynis/extras/systemd/lynis.service lynis/extras/README lynis/extras/files.dat lynis/extras/openbsd/ lynis/extras/openbsd/+CONTENTS lynis/extras/lynis.spec lynis/extras/travis-ci/ lynis/extras/travis-ci/before_script.sh lynis/extras/check-lynis.sh lynis/include/ lynis/include/tests_system_integrity lynis/include/tests_usb lynis/include/tests_homedirs lynis/include/profiles lynis/include/tests_kernel_hardening lynis/include/tool_tips lynis/include/tests_networking lynis/include/helper_update lynis/include/tests_virtualization lynis/include/tests_banners lynis/include/helper_generate lynis/include/functions lynis/include/tests_filesystems lynis/include/parameters lynis/include/tests_file_integrity lynis/include/tests_php lynis/include/tests_databases lynis/include/tests_accounting lynis/include/tests_file_permissions lynis/include/tests_storage lynis/include/tests_custom.template lynis/include/helper_system_remote_scan lynis/include/data_upload lynis/include/tests_squid lynis/include/tests_ports_packages lynis/include/tests_scheduling lynis/include/binaries lynis/include/tests_authentication lynis/include/tests_logging lynis/include/tests_time lynis/include/tests_printers_spools lynis/include/tests_containers lynis/include/tests_webservers lynis/include/tests_insecure_services lynis/include/tests_tooling lynis/include/tests_storage_nfs lynis/include/osdetection lynis/include/tests_ssh lynis/include/tests_mail_messaging lynis/include/consts lynis/include/tests_memory_processes lynis/include/tests_ldap lynis/include/tests_malware lynis/include/tests_crypto lynis/include/report lynis/include/helper_configure lynis/include/tests_dns lynis/include/tests_snmp lynis/include/tests_shells lynis/include/helper_audit_dockerfile lynis/include/helper_show lynis/include/tests_hardening lynis/include/tests_mac_frameworks lynis/include/tests_firewalls lynis/include/tests_nameservices lynis/include/tests_boot_services lynis/include/tests_kernel lynis/lynis lynis/lynis.8 lynis/plugins/ lynis/plugins/custom_plugin.template lynis/plugins/README
Use Lynis
You must use account root to run Lynis
Step 1: change directory to child folder lynis (/usr/local/lynis/lynis)
cd lynis
See help documentation:
./lynis -h
Result:
[root@tutorialspots lynis]# ./lynis -h
[ Lynis 2.7.5 ]
################################################################################
Lynis comes with ABSOLUTELY NO WARRANTY. This is free software, and you are
welcome to redistribute it under the terms of the GNU General Public License.
See the LICENSE file for details about using this software.
2007-2019, CISOfy - https://cisofy.com/lynis/
Enterprise support available (compliance, plugins, interface and tools)
################################################################################
[+] Initializing program
------------------------------------
Usage: lynis command [options]
Command:
audit
audit system : Perform local security scan
audit system remote <host> : Remote security scan
audit dockerfile <file> : Analyze Dockerfile
show
show : Show all commands
show version : Show Lynis version
show help : Show help
update
update info : Show update details
Options:
--no-log : Don't create a log file
--pentest : Non-privileged scan (useful for pentest)
--profile <profile> : Scan the system with the given profile file
--quick (-Q) : Quick mode, don't wait for user input
Layout options
--no-colors : Don't use colors in output
--quiet (-q) : No output
--reverse-colors : Optimize color display for light backgrounds
Misc options
--debug : Debug logging to screen
--view-manpage (--man) : View man page
--verbose : Show more details on screen
--version (-V) : Display version number and quit
Enterprise options
--plugindir <path> : Define path of available plugins
--upload : Upload data to central node
More options available. Run './lynis show options', or use the man page.
Step 2: To perform local security scan
./lynis audit system
Result:
[root@tutorialspots lynis]# ./lynis audit system
[ Lynis 2.7.5 ]
################################################################################
Lynis comes with ABSOLUTELY NO WARRANTY. This is free software, and you are
welcome to redistribute it under the terms of the GNU General Public License.
See the LICENSE file for details about using this software.
2007-2019, CISOfy - https://cisofy.com/lynis/
Enterprise support available (compliance, plugins, interface and tools)
################################################################################
[+] Initializing program
------------------------------------
- Detecting OS... [ DONE ]
- Checking profiles... [ DONE ]
---------------------------------------------------
Program version: 2.7.5
Operating system: Linux
Operating system name: CentOS
Operating system version: CentOS Linux release 7.5.1804 (Core)
Kernel version: 3.10.0
Hardware platform: x86_64
Hostname: tutorialspots
---------------------------------------------------
Profiles: /usr/local/lynis/lynis/default.prf
Log file: /var/log/lynis.log
Report file: /var/log/lynis-report.dat
Report version: 1.0
Plugin directory: ./plugins
---------------------------------------------------
Auditor: [Not Specified]
Language: en
Test category: all
Test group: all
---------------------------------------------------
- Program update status... [ NO UPDATE ]
===============================================================================
Lynis update available
===============================================================================
Current version is more than 4 months old
Current version : 275 Latest version : 275
Please update to the latest version.
New releases include additional features, bug fixes, tests, and baselines.
Download the latest version:
Packages (DEB/RPM) - https://packages.cisofy.com
Website (TAR) - https://cisofy.com/downloads/
GitHub (source) - https://github.com/CISOfy/lynis
===============================================================================
[+] System Tools
------------------------------------
- Scanning available tools...
- Checking system binaries...
/usr/bin/mysql: unknown variable 'innodb_force_recovery=6'
[+] Plugins (phase 1)
------------------------------------
Note: plugins have more extensive tests and may take several minutes to complete
- Plugins enabled [ NONE ]
[+] Boot and services
------------------------------------
- Service Manager [ systemd ]
- Checking UEFI boot [ DISABLED ]
- Checking presence GRUB2 [ FOUND ]
- Checking for password protection [ OK ]
- Check running services (systemctl) [ DONE ]
Result: found 19 running services
- Check enabled services at boot (systemctl) [ DONE ]
Result: found 35 enabled services
- Check startup files (permissions) [ OK ]
[+] Kernel
------------------------------------
- Checking default runlevel [ runlevel 3 ]
- Checking CPU support (NX/PAE)
CPU support: PAE and/or NoeXecute supported [ FOUND ]
- Checking kernel version and release [ DONE ]
- Checking kernel type [ DONE ]
- Checking loaded kernel modules [ DONE ]
Found 79 active modules
- Checking Linux kernel configuration file [ FOUND ]
- Checking default I/O kernel scheduler [ FOUND ]
- Checking core dumps configuration [ DISABLED ]
- Checking setuid core dumps configuration [ DEFAULT ]
- Check if reboot is needed [ NO ]
[+] Memory and Processes
------------------------------------
- Checking /proc/meminfo [ FOUND ]
- Searching for dead/zombie processes [ OK ]
- Searching for IO waiting processes [ OK ]
[+] Users, Groups and Authentication
------------------------------------
- Administrator accounts [ OK ]
- Unique UIDs [ OK ]
- Consistency of group files (grpck) [ OK ]
- Unique group IDs [ OK ]
- Unique group names [ OK ]
- Password file consistency [ OK ]
- Query system users (non daemons) [ DONE ]
- NIS+ authentication support [ NOT ENABLED ]
- NIS authentication support [ NOT ENABLED ]
- sudoers file [ FOUND ]
- Permissions for directory: /etc/sudoers.d [ OK ]
- Permissions for: /etc/sudoers [ OK ]
- PAM password strength tools [ OK ]
- PAM configuration file (pam.conf) [ NOT FOUND ]
- PAM configuration files (pam.d) [ FOUND ]
./lynis audit system - PAM modules [ FOUND ]
- LDAP module in PAM [ NOT FOUND ]
- Accounts without expire date [ OK ]
- Accounts without password [ OK ]
- Checking user password aging (minimum) [ DISABLED ]
- User password aging (maximum) [ DISABLED ]
- Checking expired passwords [ OK ]
- Checking Linux single user mode authentication [ OK ]
- Determining default umask
- umask (/etc/profile and /etc/profile.d) [ SUGGESTION ]
- umask (/etc/login.defs) [ OK ]
- umask (/etc/init.d/functions) [ SUGGESTION ]
- LDAP authentication support [ NOT ENABLED ]
- Logging failed login attempts [ DISABLED ]
[+] Shells
------------------------------------
- Checking shells from /etc/shells
Result: found 6 shells (valid shells: 6).
- Session timeout settings/tools [ NONE ]
- Checking default umask values
- Checking default umask in /etc/bashrc [ WEAK ]
- Checking default umask in /etc/csh.cshrc [ WEAK ]
- Checking default umask in /etc/profile [ WEAK ]
[+] File systems
------------------------------------
- Checking mount points
- Checking /home mount point [ SUGGESTION ]
- Checking /tmp mount point [ SUGGESTION ]
- Checking /var mount point [ SUGGESTION ]
- Query swap partitions (fstab) [ NONE ]
- Testing swap partitions [ OK ]
- Testing /proc mount (hidepid) [ SUGGESTION ]
- Checking for old files in /tmp [ OK ]
- Checking /tmp sticky bit [ OK ]
- Checking /var/tmp sticky bit [ OK ]
- ACL support root file system [ ENABLED ]
- Mount options of / [ OK ]
- Disable kernel support of some filesystems
- Discovered kernel modules: cramfs squashfs udf
[+] USB Devices
------------------------------------
- Checking usb-storage driver (modprobe config) [ NOT DISABLED ]
- Checking USB devices authorization [ ENABLED ]
- Checking USBGuard [ NOT FOUND ]
[+] Storage
------------------------------------
- Checking firewire ohci driver (modprobe config) [ NOT DISABLED ]
[+] NFS
------------------------------------
- Check running NFS daemon [ NOT FOUND ]
[+] Name services
------------------------------------
- Searching DNS domain name [ FOUND ]
Domain name: com
- Checking /etc/hosts
- Checking /etc/hosts (duplicates) [ OK ]
- Checking /etc/hosts (hostname) [ OK ]
- Checking /etc/hosts (localhost) [ SUGGESTION ]
- Checking /etc/hosts (localhost to IP) [ OK ]
[+] Ports and packages
------------------------------------
- Searching package managers
- Searching RPM package manager [ FOUND ]
- Querying RPM package manager
- YUM package management consistency [ OK ]
- Checking package database duplicates [ OK ]
...
Watch Lynis scan result:
cat /var/log/lynis.log|more
