Tutorial News Comments FAQ Related Articles

How to Install Lynis (Linux Auditing Tool)

To Install Lynis Linux Auditing Tool in RHEL/CentOS 6.3/5.6, Fedora 17-12

Lynis is an open source and much powerful Linux auditing tool for Unix like operating systems, which scans system for security information, general system information, installed and available software information, configuration mistakes, security issues, user accounts without password, wrong file permissions, firewall auditing etc., and is useful for auditors, network and system administrators, security specialists and penetration testers.

In this article, we will learn how to install Linux Auditing Tool (Linux Auditing Tool) in RHEL , CentOS and Fedora using source tarball files.

To Install Linux Auditing Tool

Create a custom directory for Linux Auditing Tool under /usr/local/lynis as it can be used directly from any directory.

[root@linuxhelp ~]# mkdir/usr/local/lynis

Download the latest version of Lynis source files from the trusted website using wget command and unpack it using tar command.

[root@linuxhelp ~]# cd /usr/local/lynis/
[root@linuxhelp lynis]# wget https://cisofy.com/files/lynis-2.2.0.tar.gz
--2016-03-25 13:08:03--  https://cisofy.com/files/lynis-2.2.0.tar.gz
Resolving cisofy.com (cisofy.com)... 149.210.134.182, 2a01:7c8:aab2:209::1
Connecting to cisofy.com (cisofy.com)|149.210.134.182|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 202825 (198K) [application/octet-stream]
Saving to: ' lynis-2.2.0.tar.gz' 

100%[=============================> ] 202,825      291KB/s   in 0.7s   

2016-03-25 13:08:04 (291 KB/s) - ' lynis-2.2.0.tar.gz'  saved [202825/202825]

[root@linuxhelp lynis]# ll
total 200
-rw-r--r--. 1 root root 202825 Mar 18 15:27 lynis-2.2.0.tar.gz

[root@linuxhelp lynis]# tar -xvf lynis-2.2.0.tar.gz 
lynis/CHANGELOG
lynis/CONTRIBUTIONS.md
lynis/CONTRIBUTORS
lynis/FAQ
..
..
lynis/lynis
lynis/lynis.8
lynis/plugins/
lynis/plugins/README
lynis/plugins/custom_plugin.template

[root@linuxhelp lynis]# ll
total 204
drwxr-xr-x. 6 root root   4096 Mar 25 13:09 lynis
-rw-r--r--. 1 root root 202825 Mar 18 15:27 lynis-2.2.0.tar.gz

To Run and Start Linux Auditing Tool

To run Linux Auditing Tool, you must be a root user as it creates and writes output to /var/log/lynis.log file.

Use the following command to run Lynis.

[root@linuxhelp lynis]# cd lynis/
[root@linuxhelp lynis]# ./lynis 
[ Lynis 2.2.0 ]

################################################################################
  comes with ABSOLUTELY NO WARRANTY. This is free software, and you are
 welcome to redistribute it under the terms of the GNU General Public License.
 See the LICENSE file for details about using this software.
&hellip .
&hellip .
[+] Initializing program
------------------------------------

  Usage: lynis [options] mode

  Mode:

    audit
        audit system                  : Perform security scan
        audit dockerfile        : Analyze Dockerfile

    update
        update info                   : Show update details
        update release                : Update Lynis release

To start the Lynis process

Use the following command to start the Lynis process

[root@linuxhelp lynis]# ./lynis --check-all
[ Lynis 2.2.0 ]

################################################################################
  comes with ABSOLUTELY NO WARRANTY. This is free software, and you are
 welcome to redistribute it under the terms of the GNU General Public License.
 See the LICENSE file for details about using this software.
..
..
- Detecting OS...                                           [ DONE ]

  ---------------------------------------------------
  Program version:           2.2.0
  Operating system:          Linux
  Operating system name:     Fedora
  Operating system version:  Fedora release 18 (Spherical Cow)
  Kernel version:            3.11.10
  Hardware platform:         x86_64
  Hostname:                  linuxhelp
  Auditor:                   [Unknown]
  Profile:                   ./default.prf

You have to Press [Enter] to continue, or [CTRL]+C to stop for every process it scans and completes.

To prevent acknowledgement

Use the following command to prevent acknowledgement.

[root@linuxhelp lynis]# ./lynis -c -Q
[ Lynis 2.2.0 ]

################################################################################
  comes with ABSOLUTELY NO WARRANTY. This is free software, and you are
 welcome to redistribute it under the terms of the GNU General Public License.
 See the LICENSE file for details about using this software.

 Copyright 2007-2016 - CISOfy, https://cisofy.com/lynis/
 Enterprise support and plugins available via CISOfy
################################################################################

[+] Initializing program
------------------------------------
  - Detecting OS...                                           [ DONE ]

  ---------------------------------------------------
  Program version:           2.2.0
  Operating system:          Linux
  Operating system name:     Fedora
  Operating system version:  Fedora release 18 (Spherical Cow)
  Kernel version:            3.11.10
  Hardware platform:         x86_64
  Hostname:                  linuxhelp
  Auditor:                   [Unknown]
  Profile:                   ./default.prf
  Log file:                  /var/log/lynis.log
  Report file:               /var/log/lynis-report.dat
  Report version:            1.0
  Plugin directory:          ./plugins
  ---------------------------------------------------
  - Checking profile file (./default.prf)...
  - Program update status...                                  [ NO UPDATE ]

[+] System Tools
------------------------------------
  - Scanning available tools...
  - Checking system binaries...

[+] Plugins (phase 1)
------------------------------------
 Note: plugins have more extensive tests, which may take a few minutes to complete
  
  - Plugins enabled                                           [ NONE ]

To Create Lynis Cronjobs

Run the following command to create a daily scan report of your system.

[root@linuxhelp lynis]# crontab -e
10      20      *       *       *       root    /usr/local/lynis -c -Q --auditor " automated"  &ndash cronjob

The above example cron job will run daily at 8:10pm in the night and creates a daily report under log file /var/log/lynis.log file.

Scan Results of Lynis

The scan provides suggestion to fix problems at the end of the scan, take corrective steps to fix those issues after reading logs.

To view the log file

View the log file, execute the below command line.

[root@linuxhelp lynis]# vim /var/log/lynis.log
### Starting Lynis 2.2.0 with PID 64461, build date 2016-03-18 ###
[15:08:16] ===---------------------------------------------------------------===
[15:08:16] ### Copyright 2007-2016 - CISOfy, https://cisofy.com/lynis/ ###
[15:08:16] Program version:           2.2.0
[15:08:16] Operating system:          Linux
[15:08:16] Operating system name:     Fedora
[15:08:16] Operating system version:  Fedora release 18 (Spherical Cow)
[15:08:16] Kernel version:            3.11.10
[15:08:16] Kernel version (full):     3.11.10-100.fc18.x86_64
[15:08:16] Hardware platform:         x86_64
[15:08:16] -----------------------------------------------------
[15:08:16] Hostname:                  linuxhelp
[15:08:16] Auditor:                   [Unknown]
[15:08:16] Profile:                   ./default.prf
[15:08:16] Include directory:         ./include
[15:08:16] Plugin directory:          ./plugins
[15:08:16] -----------------------------------------------------
[15:08:16] Log file:                  /var/log/lynis.log
[15:08:16] Report file:               /var/log/lynis-report.dat
[15:08:16] Report version:            1.0
[15:08:16] -----------------------------------------------------

To Update Lynis

Use the following command, to upgrade the latest version of Lynis.

[root@linuxhelp lynis]# ./lynis update info
[ Lynis 2.2.0 ]

################################################################################
  comes with ABSOLUTELY NO WARRANTY. This is free software, and you are
 welcome to redistribute it under the terms of the GNU General Public License.
..
..
[+] Helper: update
------------------------------------

 == Lynis ==

  Version         : 2.2.0
  Status          : Up-to-date
  Release date    : 2016-03-18
  Update location : https://cisofy.com/lynis/

Copyright 2007-2016 - CISOfy, https://cisofy.com/lynis/

If you want to update you can use this.

[root@linuxhelp lynis]# ./lynis update release
[ Lynis 2.2.0 ]

################################################################################
  comes with ABSOLUTELY NO WARRANTY. This is free software, and you are
 welcome to redistribute it under the terms of the GNU General Public License.
 See the LICENSE file for details about using this software.

 Copyright 2007-2016 - CISOfy, https://cisofy.com/lynis/
 Enterprise support and plugins available via CISOfy
################################################################################

[+] Initializing program
------------------------------------
  - Detecting OS...                                           [ DONE ]
  - Checking profile file (./default.prf)...
  - Program update status...                                  [ NO UPDATE ]

Parameters used in Lynis

Some of the Lynis parameters for your reference.

&ndash help or -h : Shows valid parameters
&ndash check-update : Checks for Lynis update.
&ndash cronjob : Runs Lynis as cronjob (includes -c -Q).
&ndash version or -V : Shows Lynis version.
&ndash quick or -Q : Don’ t wait for user input, except on errors
&ndash checkall or -c : Start the scan.

Tags:

Author:

Comments ( 0 )

No comments available

Add a comment

Frequently asked questions ( 5 )

Does Lynis need root permissions?

Lynis does not need root permissions to run on a system. It will be able to run most of the tests as a non-privileged user. For the best audit results, we do recommend to use root permissions though. This can be achieved via sudo or switch to the root user

Is Lynis really free?

Yes, lynis is really free to use. Also, it is open source and fairly easy to understand, as it is written in shell script

How can I see the active settings of Lynis?

Use 'lynis show settings' to determine the combined settings of al discovered profiles.

How often should I run Lynis on my system?

As security is an ongoing process, we suggest running Lynis daily. This can be done automatically via a scheduled cronjob.

Where are the Lynis profiles stored?

Lynis looks in a few directories, like /etc/lynis. The easiest way to discover what profiles Lynis discovered, is running: lynis show profiles

Rank

User

Points

Top Contributers

naveelansari

135850

Top Contributers

ayanbhatti

92510

Top Contributers

hamzaahmed

32150

Top Contributers

linuxhelp

31040

Top Contributers

muhammadali

24500

Can you help Luke ?

workbench for debian

I am using workbench in CentOS whereas now I need to use Debian Operating system so could you please help to install and use in Debian?