{"id":491,"date":"2016-05-13T21:55:31","date_gmt":"2016-05-14T01:55:31","guid":{"rendered":"http:\/\/easy-admin.ca\/?p=491"},"modified":"2016-07-12T15:04:08","modified_gmt":"2016-07-12T19:04:08","slug":"lynis-is-a-powerful-auditing-tool-for-linux","status":"publish","type":"post","link":"https:\/\/easy-admin.ca\/index.php\/2016\/05\/13\/lynis-is-a-powerful-auditing-tool-for-linux\/","title":{"rendered":"Lynis is a powerful auditing tool for Linux"},"content":{"rendered":"

Lynis<\/strong> is an open source and much powerful auditing tool<\/strong> for Unix\/Linux like operating systems. It scans system for security information, general system information, installed and available software information, configuration mistakes, security issues, user accounts without password, wrong file permissions, firewall auditing, etc.<\/p>\n

Lynis<\/strong> is one of the most trusted automated auditing tool for software patch management, malware scanning and vulnerability detecting in Unix\/Linux based systems. This tool is useful for auditors<\/strong>, network<\/strong> and system administrators<\/strong>, security specialists<\/strong> and penetration testers<\/strong>.<\/p>\n

Installation of Lynis
\n<\/strong>Lynis doesn\u2019t required any installation, it can be used directly from any directory. So, its good idea to create a custom directory for Lynis under \/usr\/local\/lynis<\/code>.
\n<\/strong><\/p>\n

# mkdir \/usr\/local\/lynis<\/pre>\n
Download stable version of Lynis<\/strong> source files from the trusted website using wget command and unpack it using tar command as shown below.<\/p>\n
# cd \/usr\/local\/lynis\r\n# wget https:\/\/cisofy.com\/files\/lynis-2.2.0.tar.gz<\/pre>\n
Unpack the tarball<\/p>\n
# tar -xvf lynis-2.2.0.tar.gz<\/pre>\n
Running and using Lynis Basics<\/strong>
\nYou must be root<\/strong> user to run Lynis<\/strong>, because it creates and writes output to \/var\/log\/lynis.log<\/code> file. To run Lynis<\/strong> execute the following command.<\/p>\n
# cd lynis\r\n# .\/lynis<\/pre>\n
By running .\/lynis<\/code> without any option, it will provide you a complete list of available parameters and goes back to the shell prompt.<\/p>\n
To start Lynis<\/strong> process, you must define a --check-all<\/code> parameter to begin scanning of your entire Linux<\/strong> system. Use the following command to start scan with parameters as shown below.<\/p>\n
# .\/lynis --check-all<\/pre>\n
Once, you execute above command it will start scanning your system and ask you to Press [Enter] to continue, or [CTRL]+C to stop)<\/strong> every process it scans and completes.<\/p>\n
To prevent such acknowledgment (i.e. \u201cpress enter to continue<\/strong>\u201d) from user while scanning, you need use -c<\/code> and -Q<\/code> parameters as shown below.<\/p>\n
# .\/lynis -c -Q<\/pre>\n
It will do complete scan without waiting for any user acknowledgment. See the following screencast.<\/p>\n
Creating Lynis CronJobs
\n<\/strong>If you would like to create a daily scan report of your system, then you need to set a cron job for it. Run the following command at the shell.<\/p>\n
# crontab -e<\/pre>\n
Add the following cron job with option --cronjob<\/code> all the special characters will be ignored from the output and the scan will run completely automated.<\/p>\n
30\t22\t*\t*\t*\troot    \/path\/to\/lynis -c -Q --auditor \"automated\" --cronjob<\/pre>\n
The above example cron job will run daily at 10:30pm<\/strong> in the night and creates a daily report under \/var\/log\/lynis.log<\/code> file.<\/p>\n
Lynis Scanning Results<\/strong>
\nWhile scanning you will see output as [OK<\/strong>] or [WARNING<\/strong><\/span>]. Where [OK<\/strong>] considered as good result and [WARNING<\/strong><\/span>] as bad. But it doesn\u2019t mean that [OK<\/strong>] result is correctly configured and [WARNING<\/strong><\/span>] doesn\u2019t have to be bad. You should take corrective steps to fix those issues after reading logs at \/var\/log\/lynis.log<\/code>.<\/p>\n
In most cases, the scan provides suggestion to fix<\/strong><\/span> problems at the end of the scan. See the attached figure that provides a list of suggestion to fix problems.<\/p>\n
Updating Lynis<\/strong>
\nIf you want to update<\/strong> or upgrade<\/strong> current lynis version, simple type the following command it will download and install latest version of lynis.<\/p>\n
# .\/lynis update info         [Show update details]\r\n# .\/lynis update release      [Update Lynis release]<\/pre>\n
Lynis Parameters<\/strong>
\nSome of the Lynis parameters for your reference.<\/p>\n
    \n
  1. --checkall or -c<\/code> : Start the scan.<\/li>\n
  2. --check-update<\/code> : Checks for Lynis update.<\/li>\n
  3. --cronjob<\/code> : Runs Lynis as cronjob (includes -c -Q).<\/li>\n
  4. --help or -h<\/code> : Shows valid parameters<\/li>\n
  5. --quick or -Q<\/code> : Don\u2019t wait for user input, except on errors<\/li>\n
  6. --version or -V<\/code> : Shows Lynis version.<\/li>\n<\/ol>\n
    That\u2019s it, we hope this article will be much helpful you all to figure out security issues in running systems. For more information visit the official Lynis page at<\/p>\n
    https:\/\/cisofy.com\/download\/lynis\/<\/a>.<\/p>\n
    Direct Download Lynis 2.2.0 Tar File <\/a><\/p>\n
    Enjoy!<\/strong><\/em><\/p>\n","protected":false},"excerpt":{"rendered":"
    Lynis is an open source and much powerful auditing tool for Unix\/Linux like operating systems. It scans system for security information, general system information, installed and available software information, configuration mistakes, security issues, user accounts without password, wrong file permissions, firewall auditing, etc. Lynis is one of the most trusted automated auditing tool for software … Continue reading Lynis is a powerful auditing tool for Linux<\/span><\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-491","post","type-post","status-publish","format-standard","hentry","category-general"],"_links":{"self":[{"href":"https:\/\/easy-admin.ca\/index.php\/wp-json\/wp\/v2\/posts\/491","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/easy-admin.ca\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/easy-admin.ca\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/easy-admin.ca\/index.php\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/easy-admin.ca\/index.php\/wp-json\/wp\/v2\/comments?post=491"}],"version-history":[{"count":0,"href":"https:\/\/easy-admin.ca\/index.php\/wp-json\/wp\/v2\/posts\/491\/revisions"}],"wp:attachment":[{"href":"https:\/\/easy-admin.ca\/index.php\/wp-json\/wp\/v2\/media?parent=491"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/easy-admin.ca\/index.php\/wp-json\/wp\/v2\/categories?post=491"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/easy-admin.ca\/index.php\/wp-json\/wp\/v2\/tags?post=491"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}