Lynis is an open source and powerful audit tool for Unix/ Linux-like operating systems that can scan system security information, general system information, installed and available software information, configuration errors, security issues, passwordless user accounts, incorrect file permissions, firewall audits, and more. Lynis can be used for software patch management, malicious scanning, and more. It is very flexible and is often used for security auditing, compliance testing, penetration testing, vulnerability testing, system hardening, etc. Common steps for security assessment of Linux systems using Lynis tool are as follows!

Before you begin a security audit, make sure your Linux system is up to date and use the package manager to install all available updates to fix known vulnerabilities.

Lynis can be installed using the package manager, or you can download the latest version from GitHub and install it, such as on a Debian or Ubuntu system, using the following command:

apt-get install lynis

Or clone the repository on GitHub and install:

git clone https://github.com/CISOfy/lynis

cd lynis && ./lynis audit system

This will install Lynis and perform a local security scan.

To run a Lynis audit:

lynis audit system

The above command runs a full security audit and generates a report. Lynis records detailed audit information in the /var/log/lynis.log file and saves the report data to the /var/log/lynis-report.dat file. You can see the results of the audit by reviewing these documents.

The audit report is divided into sections, each beginning with a [+] symbol. The report provides an overview of all the issues found and recommended solutions, grouped into different categories such as startup and services, networking, storage, security, and more.

Based on the warnings and recommendations in the Lynis report, appropriate measures are taken to address potential security issues. This may include applying patches, reconfiguring services, modifying file permissions, and so on.

In order to ensure the security of the system, it is necessary to periodically use Lynis to conduct security audits, so that new problems can be discovered and solved in time. The Lynis tool can detect a variety of common security vulnerabilities in the Linux system, including but not limited to the following types:

System information detection can detect system binary files, startup loaders, and startup services. You can also detect kernel and system configurations, checking run levels, loaded modules, kernel configurations, and core dump configurations.

Authenticate users, groups, and identities. Check group ID, sudoers, PAM configuration, password aging, default mask, etc. For file systems and storage, you can check mount points, /tmp files, root file systems, and USB storage and Firewire ohci.

For network services and ports, vulnerable/upgradeable software packages, secure repositories, name services can be detected. Network configurations such as name servers, promiscuous interfaces, and connections can be checked in network connections.

For software packages and databases, you can check the MySQL root password, LDAP service, PHP configuration, and more. It can also be used to check logging and auditing, as well as the configuration of the syslog daemon, logging, and audit framework.

Check the configuration and usage of insecure services such as inetd and xinetd in insecure services. Check crontab/cronjob, atd, and compiler installation and permissions. SSH and SNMP support Check SSH configuration, SNMP configuration, and support.

For malicious scanning sinks, Lynis is able to find malware and security vulnerabilities in Linux-based systems.

Lynis improves system security by performing multiple types of audits to help users identify security issues in their systems and provide recommendations for fixes.