Linux Vulnerability Scan Tool "Lynis"

The Lynis is a UNIX-system security audit and hardening tool that enables deep-seated security scans to detect potential time and advise on future system hardening. The software scans general system information, fragile packages, and potential misconfiguration.

Characteristics:

1. Vulnerability scanning
2. System reinforcement
3. Intrusion detection
4. Center Management
5. Custom Behavior Planning
6. Report
7. Security panel
8. Continuous monitoring
9. Technical support

Goal:

1. Automated security audits
2. Compliance Testing
3. Vulnerability detection

Help:

1. Configuration Management
2. Software Patch Management
3. System reinforcement
4. Penetration Testing
5. Malicious software scanning
6. Intrusion detection

1. Install the Package

# Yum--enablerepo=epel-y Install Lynis

You can also install it using the following method

Mode one: [email protected]:~# wget https:////cisofy.com/files/lynis-2.2.0.tar.gz Mode II: [Email protected]:~ # Curl HTTPS:///cisofy.com/files/lynis-2.2.0.tar.gz-o lynis.tar.gz mode three: Open page directly using browser: https://  cisofy.com/download/lynis/  , then select Download, download, unzip, compile and install

2. Scanning system

Or

Lynis--check-all

You can skip user input by using the-C and-Q options If you always need to enter a carriage return to execute the above command:

$ sudo./lynis-c-Q

3. View Logs
Log saved in/var/log/lynis-report.dat
Search for "warning" "suggestion" to find suggested content

#  "^warning|^suggestion" /var/log/lynis-report.dat

4. Create a Lynis scheduled task

If you want to create a daily scan report for your system, you can set up cron:

$ crontab-e add cron task:* * */usr/bin/lynis-c--auditor "automated"--cronjob >/var/log/lynis/report . txt the above task performs a scan 10:30 every night and saves the output information to the/var/log/lynis.log log file.

Linux Vulnerability Scan Tool "Lynis"