Lynis is an open source security auditing tool. Its main goal is to audit and harden Unix and Linux based systems. It scans the system by performing many security control checks. Examples include searching for installed software and determine possible configuration flaws.

Many tests are part of common security guidelines and standards, with on top additional security tests. After the scan a report will be displayed with all discovered findings.

Typical use cases for Lynis:

Security auditing
Vulnerability scanning
System hardening

Examples tests:

Available authentication methods
Expired SSL certificates
Outdated or vulnerable software packages
Time configuration and proper functioning of NTP daemon
User accounts without password
Incorrect file permissions
Configuration errors
Firewall rules.

Supported systems

Since the complexity of auditing different systems and platforms, Lynis is developed on BSD and Linux.

This tool is tested or confirmed to work with at least:
AIX, Linux, FreeBSD, OpenBSD, Mac OS X, Solaris. See website for the full list of tested operating systems.

 

lynis-security-tool

 

 

Lynis Security auditing tool Installation

SSH to your server as root user.

 

#cd /usr/local/src

#wget http://cisofy.com/files/lynis-1.5.9.tar.gz

#tar -zxvf lynis-1.5.9.tar.gz

#cd lynis-1.5.9/

# ./lynis

 

Audit/Scan your server now

# ./lynis -c

 

For more help

#./lynis -h

 

[+] Initializing program
————————————
Scan options:
–auditor “<name>” : Auditor name
–check-all (-c) : Check system
–no-log : Don’t create a log file
–profile <profile> : Scan the system with the given profile file
–quick (-Q) : Quick mode, don’t wait for user input
–tests “<tests>” : Run only tests defined by <tests>
–tests-category “<category>” : Run only tests defined by <category>

Layout options:
–no-colors : Don’t use colors in output
–quiet (-q) : No output, except warnings
–reverse-colors : Optimize color display for light backgrounds

Misc options:
–check-update : Check for updates
–debug : Debug logging to screen
–view-manpage (–man) : View man page
–version (-V) : Display version number and quit

Enterprise options:
–plugin-dir “<path”> : Define path of available plugins
–upload : Upload data to central node

See man page and documentation for all available options.

Thats All..

 

0.00 avg. rating (0% score) - 0 votes
Website Pin Facebook Twitter Myspace Friendfeed Technorati del.icio.us Digg Google StumbleUpon Premium Responsive