Lynis is an open source and widely used security auditing tool for Unix like operating systems. It will help system administrators and security professionals to run security scans in just few minutes and find vulnerabilities in your operating system.
Lynis scans the whole operating system and determines system information like OS type, installed packages, security issues, and system configuration.
Lynis supports almost all UNIX based operating systems such as Linux, macOS, OpenBSD, Solaris, AIX, FreeBSD, HP-UX, PcBSD, PCLinuxOS, NetBSD, Scientific Linux, Slackware, Ubuntu and many more. Lynis can also used to audit software such as Apache, Nginx, MySQL, Oracle, PostgreSQL etc.
In this tutorial, we will learn how to install and use Lynis on CentOS-7.
Requirements
- A server running CentOS-7.
- A non-root user with sudo privileges setup on your server.
Installing Lynis
You can install Lynis either from the source or repository.
To install Lynis from repository, you will need to install the EPEL repository first.
You can install the EPEL repo by running following command.
sudo yum install -y epel-release
Then, install Lynis with the following command:
sudo yum --enablerepo=epel install lynis
Output:
Loaded plugins: fastestmirror
epel/x86_64/metalink | 5.2 kB 00:00
epel | 4.3 kB 00:00
epel/x86_64/primary_db FAILED
http://mirror.rise.ph/fedora-epel/7/x86_64/repodata/c7a12e6bbbd439507bb53843a486e92ea43ac3cb24d7465428abfe4abdb81fb2-primary.sqlite.xz: [Errno 14] HTTP Error 404 - Not Found
Trying other mirror.
(truncated...)
To install Lynis from repository, download the Lynis source with the following command:
wget https://cisofy.com/files/lynis-2.4.0.tar.gz
Next, extract the downloaded file with the following command:
tar -xvf lynis-2.4.0.tar.gz
Change the directory to the Lynis folder and run it:
cd lynis-2.4.0sudo lynis
Working with Lynis
Running lynis without any option will provide you a complete list of all available parameters as follows:
sudo lynis
Output:
[ Lynis 2.3.2 ]
################################################################################
Lynis comes with ABSOLUTELY NO WARRANTY. This is free software, and you are
welcome to redistribute it under the terms of the GNU General Public License.
See the LICENSE file for details about using this software.
2007-2016, CISOfy - https://cisofy.com/lynis/
Enterprise support available (compliance, plugins, interface and tools)
################################################################################
[+] Initializing program
------------------------------------
Usage: lynis command [options]
Command:
audit
audit system : Perform local security scan
audit system remote : Remote security scan
audit dockerfile : Analyze Dockerfile
show
show : Show all commands
show version : Show Lynis version
show help : Show help
update
update info : Show update details
update release : Update Lynis release
Options:
--no-log : Don't create a log file
--pentest : Non-privileged scan (useful for pentest)
--profile : Scan the system with the given profile file
--quick (-Q) : Quick mode, don't wait for user input
Layout options
--no-colors : Don't use colors in output
--quiet (-q) : No output
--reverse-colors : Optimize color display for light backgrounds
Misc options
--debug : Debug logging to screen
--view-manpage (--man) : View man page
--verbose : Show more details on screen
--version (-V) : Display version number and quit
Enterprise options
--plugin-dir "" : Define path of available plugins
--upload : Upload data to central node
More options available. Run '/bin/lynis show options', or use the man page.
No command provided. Exiting..
(truncated...)
Now, let’s start the Lynis process, run lynis with -c parameter to begin scanning of your entire Linux system:
sudo lynis -c
Once you run above command it will scan your entire system and ask you to Press [Enter] to continue for every process it scans as follows:
[ Lynis 2.3.2 ]
################################################################################
Lynis comes with ABSOLUTELY NO WARRANTY. This is free software, and you are
welcome to redistribute it under the terms of the GNU General Public License.
See the LICENSE file for details about using this software.
2007-2016, CISOfy - https://cisofy.com/lynis/
Enterprise support available (compliance, plugins, interface and tools)
################################################################################
[+] Initializing program
(truncated...)
Run Lynis with Custom Tests
It is not important to run all the tests. If you will need to test only Apache web server, then you can use –test parameter:
sudo lynis --tests "HTTP-6632 HTTP-6622 HTTP-6624 HTTP-6626"
Output:
[+] Software: webserver
------------------------------------
- Checking Apache (binary /usr/sbin/httpd) [ FOUND ]
Info: Configuration file found (/etc/httpd/conf/httpd.conf)
Info: No virtual hosts found
* Loadable modules [ FOUND ]
- Found 100 loadable modules
================================================================================
-[ Lynis 2.3.2 Results ]-
Great, no warnings
No suggestions
================================================================================
You can find more Tests-IDs inside /var/log/lynis.log.
For example, if you want to find out Kernel related Test-IDs, run the following command:
cat /var/log/lynis.log | grep KRNL
You should see the following list:
2016-11-02 21:17:56 Skipped test KRNL-5622 (Determine Linux default run level)
2016-11-02 21:17:56 Skipped test KRNL-5677 (Check CPU options and support)
2016-11-02 21:17:56 Skipped test KRNL-5695 (Determine Linux kernel version and release number)
2016-11-02 21:17:56 Skipped test KRNL-5723 (Determining if Linux kernel is monolithic)
2016-11-02 21:17:56 Skipped test KRNL-5726 (Checking Linux loaded kernel modules)
2016-11-02 21:17:56 Skipped test KRNL-5728 (Checking Linux kernel config)
2016-11-02 21:17:56 Skipped test KRNL-5730 (Checking disk I/O kernel scheduler)
2016-11-02 21:17:56 Skipped test KRNL-5745 (Checking FreeBSD loaded kernel modules)
2016-11-02 21:17:56 Skipped test KRNL-5770 (Checking active kernel modules)
2016-11-02 21:17:56 Skipped test KRNL-5788 (Checking availability new Linux kernel)
2016-11-02 21:17:56 Skipped test KRNL-5820 (Checking core dumps configuration)
2016-11-02 21:17:56 Skipped test KRNL-5830 (Checking if system is running on the latest installed kernel)
2016-11-02 21:18:13 Skipped test KRNL-6000 (Check sysctl key pairs in scan profile)
Next, run lynis with the parameters below:
`sudo lynis –tests “KRNL-5622 KRNL-5677 KRNL-5695 KRNL-5723 KRNL-5726 KRNL-5728 KRNL-5730 KRNL-5745 KRNL-5770 KRNL-5788 KRNL-5720 KRNL-5730 KRNL-5830 KRNL-6000”
You should see the following output:
[+] Kernel
------------------------------------
- Checking default runlevel [ runlevel 3 ]
- Checking CPU support (NX/PAE)
CPU support: PAE and/or NoeXecute supported [ FOUND ]
- Checking kernel version and release [ DONE ]
- Checking kernel type [ DONE ]
- Checking loaded kernel modules [ DONE ]
Found 70 active modules
- Checking Linux kernel configuration file [ FOUND ]
- Checking default I/O kernel scheduler [ FOUND ]
- Check if reboot is needed [ NO ]
(truncated...)
Check and Update your Version of Lynis
If you want to see the current version of Lynis on your system run the following command:
sudo lynis update info
Output:
== Lynis ==
Version : 2.3.2
Status : Unknown
Release date : 2016-08-09
Update location : https://cisofy.com/lynis/
2007-2016, CISOfy - https://cisofy.com/lynis/
To upgrade current lynis version, run the following command:
sudo lynis update release
That’s it..
Share this Article!
