Daily Archives: December 17, 2016


Top tip: Linux security & auditing tool Lynis

For my work I often deploy Linux VM’s. I use Lynis for checking my system for security isssues en baseline(s). ¬†Lynis is a security auditing tool for UNIX derivatives like Linux, macOS, BSD, Solaris, AIX, and others. It performs an in-depth security scan. Extensive reports in HTML and TXT are delivered. The company behind Linus (CISOfy) delivers great support and has a community of people working together.

Screenshot of Lynis:

lynis-screenshot

Installation is very simple (if you know your way round Linux)

Ensure that cURL, NSS, openssl, and CA certificates are up-to-date.

Create /etc/yum.repos.d/cisofy-lynis.repo

Next step is installing Lynis with yum.

First time it might ask to import the GPG key. This ensures you only updates are received from Cisofy.

Now you start using Lynis. First time users are advised to use the Get Started guide.

You see something like this (DONE/FOUND/YES/NO etc). You can open the logfiles afterwards in /var/log. Personally I prefer to pipe the output to a file also. (lynis audit system >> output_file)

lynis-check

Download Lynis here.

It is also possible to add extra checks (plugins) and/or change the default one. I created my own baseline which I can use every time.

Good luck with scanning your system! (and securing afterwards :-))