Serious auditing with Lynis - gHacks Tech News

Serious auditing with Lynis

If you want to do a thorough system security audit on a Linux machine what do you use? Cobble together a few of the pre-installed tools? Search through the numerous locations for a tool that might give you enough information to determine if your system is safe? Or, do you open up a terminal window and use the Lynis security auditing tool? If you are of the former category, you get a gold star!

The Lynis project is from the same team that brought us Rootkit Hunter, so you know you can trust this tool. Lynis will not only scan your system for security issues, it will also scan and report installed software, general system information, and even configuration mistakes. You can't afford to not use Lynis. In this article I will show you how to install and make use of Lynis.

Installation

Lynis works on the following distributions:

  • Arch Linux
  • CentOS
  • Debian
  • Fedora Core 4 and higher
  • FreeBSD
  • Gentoo
  • Knoppix
  • Mac OS X
  • Mandriva 2007
  • OpenBSD 4.x
  • OpenSolaris
  • OpenSuSE
  • PcBSD
  • PCLinuxOS
  • Red Hat, RHEL 5.x
  • Slackware 12.1
  • Solaris 10
  • Ubuntu

Installation will be done from the command line. You will want to download the required binary, for your system, from the main Lynis page under the download section. You will either download an .rpm, a .deb, or source. If you download the source you will find an executable binary, lynis, within the archive. You can copy that binary to a removable drive (for Lynis on the go), or just issue the command ./lynis from within the archive directory. If you want to keep Lynis on the system copy the lynis file to /usr/sbin/.

To install one of the packages you will do with like so:

sudo dpkg -i lynis-XXX.deb

or

rpm -ivh lynis-XXX.deb

Where XXX is the release number. NOTE: If installing with rpm you will need to do so as the root user.

Usage

Figure 1

If you just want to dive into things you can issue the command sudo lynis --check-all which will run a thorough examination of your system. Figure 1 shows a scan in progress. At certain points in the scan you will need to press the Enter key to continue on with the scan. You can also hit <Ctrl>C to stop the scan.

As the scan runs you will notice various output:

  • OK
  • SUGGESTION
  • NONE
  • FOUND
  • NOT FOUND
  • NOT DISABLED
  • WARNING
  • UNKNOWN
  • SKIPPED
  • DONE
  • RUNNING
  • ACTIVE
  • ON
  • OFF
  • WEAK

And more. When the report completes Lynis will inform you of two log files to view:

/var/log/lynis.log

/var/log/lynis-report.dat

The latter file is where you will want to look first, as it will contain suggestions that can help improve the security of your system. For example, after a running lynis --check-all I was given the suggestion:

suggestion[]=AUTH-9282|When possible set expire dates for all password protected accounts.

Of course that is a fairly generic suggestion.  You will be surprised at the depth and amount of suggestions given by Lynis. You will also notice, mid-way through the log, that every package installed on your system is listed. This does make for a lengthy log file, but it is worth going through.

Final thoughts

If you have been searching for a solid Linux auditing program, search no more. Use this in combination with a good network auditing application, and a good Windows auditing application and you are as good as gold.

We need your help

Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.

We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats or subscription fees.

If you like our content, and would like to help, please consider making a contribution:

Comments

There are no comments on this post yet, be the first one to share your thoughts!

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

Please note that your comment may not appear immediately after you post it.