Introduction:
In the security industry, there is so much emphasis on Windows server and workstation security with thousands of security products dedicated to finding vulnerabilities and hardening servers. A few products that we have in the market are Nessus, Nexpose, and OpenVAS, one may say they do support Linux and I agree entirely, but they are not that integrated for Linux systems.
To tackle that we have CISOFY’s Lynis project. It is an open-source security tool that performs system hardening and compliance testing on Linux, macOS, or Unix-based operating systems. As per their official website, the typical use case for the project is Security auditing, Compliance testing (eg. PCI, HIPAA, Sox), Penetration Testing, Vulnerability Detection, and System hardening
The workings of these tools are described as such, Lynis scans target system tools and their libraries installed on the system and its scanning method is described as modular and opportunistic. Some of the benefits described on the website are that there are no external dependencies required to run the scan and it also does not require installation.
Let’s look at the working of the Lynis typical scan:
- Initialization
- Perform basic checks, such as file ownership
- Determine operating system and tools
- Search for available software components
- Check the latest Lynis version
- Run enabled plugins
- Run security tests per category
- Perform execution of your custom tests (optional)
- Report status of security scan
Installation:
Installation can be done by multiple methods but the recommended one is by using a git clone. Multiple methods for installation can be found in reference link 2. Now we should jump on the installation of Lynis:
- Go to /usr/local/ and do git clone
git clone https://github.com/CISOfy/lynis
- Change directory to lynis git folder
- To run a default scan run the following command
./lynis audit system
After running a default it will provide a very detailed result on warning and suggestions as follow:
Help Menu:
Some common parameters that are available are with Lynis are:
[ Lynis 3.0.8 ]
################################################################################
Lynis comes with ABSOLUTELY NO WARRANTY. This is free software, and you are
welcome to redistribute it under the terms of the GNU General Public License.
See the LICENSE file for details about using this software.
2007-2021, CISOfy – https://cisofy.com/lynis/
Enterprise support available (compliance, plugins, interface and tools)
################################################################################
[+] Initializing program
————————————
Usage: lynis command [options]
Command:
audit
audit system : Perform local security scan
audit system remote <host> : Remote security scan
audit dockerfile <file> : Analyze Dockerfile
show
show : Show all commands
show version : Show Lynis version
show help : Show help
update
update info : Show update details
Options:
Alternative system audit modes
–forensics : Perform forensics on a running or mounted system
–pentest : Non-privileged, show points of interest for pentesting
Layout options
–no-colors : Don’t use colors in output
–quiet (-q) : No output
–reverse-colors : Optimize color display for light backgrounds
–reverse-colours : Optimize colour display for light backgrounds
Misc options
–debug : Debug logging to screen
–no-log : Don’t create a log file
–profile <profile> : Scan the system with the given profile file
–view-manpage (–man) : View man page
–verbose : Show more details on screen
–version (-V) : Display version number and quit
–wait : Wait between a set of tests
–slow-warning <seconds> : Threshold for slow test warning in seconds (default 10)
Enterprise options
–plugindir <path> : Define path of available plugins
–upload : Upload data to central node
More options available. Run ‘./lynis show options’, or use the man page.