The Lynis is a UNIX-system security audit and hardening tool that enables deep-seated security scans to detect potential time and advise on future system hardening. The software scans general system information, fragile packages, and potential misconfiguration.
Characteristics:
- Vulnerability scanning
- System reinforcement
- Intrusion detection
- Center Management
- Custom Behavior Planning
- Report
- Security panel
- Continuous monitoring
- Technical support
Goal:
- Automated security audits
- Compliance Testing
- Vulnerability detection
Help:
- Configuration Management
- Software Patch Management
- System reinforcement
- Penetration Testing
- Malicious software scanning
- Intrusion detection
1. Install the Package
# Yum--enablerepo=epel-y Install Lynis
You can also install it using the following method
Mode one: [email protected]:~# wget https:////cisofy.com/files/lynis-2.2.0.tar.gz Mode II: [Email protected]:~ # Curl HTTPS:///cisofy.com/files/lynis-2.2.0.tar.gz-o lynis.tar.gz mode three: Open page directly using browser: https:// cisofy.com/download/lynis/ , then select Download, download, unzip, compile and install
2. Scanning system
Or
Lynis--check-all
You can skip user input by using the-C and-Q options If you always need to enter a carriage return to execute the above command:
$ sudo./lynis-c-Q
3. View Logs
Log saved in/var/log/lynis-report.dat
Search for "warning" "suggestion" to find suggested content
# "^warning|^suggestion" /var/log/lynis-report.dat
4. Create a Lynis scheduled task
If you want to create a daily scan report for your system, you can set up cron:
$ crontab-e add cron task:* * */usr/bin/lynis-c--auditor "automated"--cronjob >/var/log/lynis/report . txt the above task performs a scan 10:30 every night and saves the output information to the/var/log/lynis.log log file.
Linux Vulnerability Scan Tool "Lynis"