Lynis Security Auditing
Lynis is our system and security auditing tool for Linux, Mac OS X, and UNIX-based systems.
It provides insights in how well a system is hardened and what you can do, to improve your security defenses.
The software is open source and free to use. It is updated on a regular basis, to keep up with new technologies.
Security should be simple, but it is definitely not. With Lynis you gain quick insights in how well you are protecting your crown jewels. From your personal notebook to surf the web, up to where your company’s biggest secrets are stored.
We suggest people using it daily & compare the results for example:
https://linux-audit.com/find-differences-between-two-daily-lynis-audits
Installation steps:
cd /tmp
wget https://cisofy.com/files/lynis-2.5.0.tar.gz
tar xvfz lynis-2.5.0.tar.gz
mv lynis cd
Move all contents of /tmp/cd into /usr/local/lynis
* Make sure that lynis file is 775 or else you will get a perm denied 😉
To scan the server first do a update!
# lynis update info
Then to actually scan the system:
# lynis audit system
Once the scan is over you will get a System Scan Summary
Note: This is the actual results of easy-admin.ca server
Lynis suggests also a very good things that might be tampered to make the system more secure, so using some of its output when I have time I’ll work out on hardening all servers.
Commercial support available
For companies who prefer additional support, we have also Lynis Enterprise. It uses Lynis as a client. On top of that, it has additional plugins, reporting, central management, a dashboard, and more guidance (e.g. hardening snippets). With Lynis in its core, you are assured of a stable piece of software, which is up-to-date.
Examples of plugins:
- Compliance (e.g. HIPAA, PCI DSS, ISO27001)
- Docker
- File integrity
- Systemd
Source: https://cisofy.com/lynis
NOTES:
# sysctl -a
# lynis show
# lynis –tests “SSH-7440”
# lynis show help
# lynis update info
# systemctl status -all