Lynis 2.2.0: Security Review and scanning tools for Linux systems

Lynis is a very powerful open-source review tool for Unix/linux-like operating systems. It scans the system for security information, general system information, installed software and available software information, configuration errors, security issues, user accounts without passwords, incorrect file permissions, and firewall reviews.

Lynis is a very powerful open-source review tool for Unix/linux-like operating systems. It scans the system for security information, general system information, installed software and available software information, configuration errors, security issues, user accounts without passwords, incorrect file permissions, and firewall reviews.

Lynis is one of the most reliable automated review tools available for software patch management, malware scanning, and security vulnerability detection in Unix/linux-based systems. This tool is intended for examiners, network and system administrators, security experts, and penetration testers.

After months of development, a new major upgrade has been released: Lynis 2.2.0, which comes with some new features and tests along with many small improvements. I encourage all Linux users to test and upgrade to this latest version of Lynis.

In this article we will describe how to install Lynis 2.2.0 (Linux Review tool) using Tarball source files in a Linux system.

Installation of Lynis

Lynis does not require any installation, it can be used directly from any directory. Therefore, it is a good idea to create a custom directory for Lynis under/usr/local/lynis.

1. # mkdir/usr/Local/lynis

Use the wget command to download a stable version of the Lynis source file from a reliable web site and extract it using the tar command, as shown below.

1. # cd/usr/Local/lynis
3. # wget https://cisofy.com/files/lynis-2.2.0.tar.gz

Download Lynis Linux Review tool

Unzip the Tarball

# TAR-XVF Lynis-2.2.0.tar.gz

Unzip the Lynis tool

Run and use Lynis basic commands

You must be the root user to run Lynis because it creates the output and writes the output to the/var/log/lynis.log file. To run Lynis, execute the following command.

1. # CD Lynis
3. #./lynis

If you run a./lynis with no options, it will provide you with a complete list of available parameters and return to the shell prompt. See.

Lynis Basic options and help

To start the Lynis process, you must define the--check-all parameter and start scanning your entire Linux system. Use the following command to start with a parametric scan, as shown below.

1. #./lynis --check-all

Once you have executed the above command, it will start scanning your system, asking you to press ENTER to continue, or press [Ctrl]+c key combination to stop it from scanning and completing each process. See the related diagram below.

Lynis: Scanning the entire Linux system

Lynis Security Scan Details

To prevent the user from making this acknowledgment during the scan (that is, "press ENTER to continue"), you need to use the-C and-Q parameters as shown below.

1. #./LYNIS-C-Q

It will perform a full scan without any user confirmation. See the following screen playback.

Lynis: Scanning Linux file system

To create a Lynis scheduled task

If you want to create a daily scan report for your system, you need to set up a scheduled task (Croj job) for it. Run the following command in the shell.

1. # CRONTAB-E

With the option--cronjob, add the following scheduled tasks, all special characters will be ignored by the output, the scan will be fully automated operation.

1. * * * * root/path/to/lynis-c-Q --auditor "automated"--cronjob

The scheduled task for the example above runs daily at 10:30 night and creates a daily report under the/var/log/lynis.log file.

Lynis Scan Results

During the scanning process, you will see that the output is [OK] or [WARNING]. [OK] is considered a good result, and [WARNING] is a bad result. This does not mean, however, that the [OK] result is properly configured and [WARNING] is not necessarily bad. You should take corrective action to solve the problems after reading the/var/log/lynis.log log.

In most cases, the scan will provide recommendations after the end to indicate how to fix the problem. See the chart that lists the suggestions for resolving the problem.

Lynis Suggested Tips

Update Lynis

If you want to update or upgrade the current version of Lynis, simply enter the command below and it will download and install the latest version of Lynis.

1. #./lynis Update info [Show update details]
3. #./lynis Update release [update Lynis release]

See the related output of the above command in the figure. It shows that our Lynis version is the latest version.

Update Lynis Review Tool

Lynis parameters

Some of the Lynis parameters are for reference only.

--checkall or-c: Start scanning.

--check-update: Check the Lynis update version.

--cronjob: Run Lynis (including-c–q) with scheduled tasks.

--help or-h: Shows valid parameters.

--quick or-q: Does not wait for user input unless an error occurs.

--version or-v: Displays the Lynis version.

That's it. We hope this article will help you to understand the security issues that exist in a running system. For more information, please visit the official Lynis page: https://cisofy.com/download/lynis/.

Lynis 2.2.0: Security Review and scanning tools for Linux systems