Lynis – Automated Security Auditing tool for Linux Servers

Today, as we all know that how security is important for servers and network in this era. We spend our most of time to implement our security policy for infrastructure. So here is a question in mind that, is there any automatic tool which can help us to find out the vulnerability for us. So I would like to introduce free and open source tool called Lynis.

Lynis is a one of the popular security auditing tool for Unix and Linux like systems, it can find out malwares and security related vulnerability in Linux based systems.

Lynis-Security-Auditing-Tool

Normally we run so many things on our Linux server like webserver, database server, Email server, FTP server etc. Lynis can make Linux administrator’s life easy by doing the automated security auditing and penetration testing on their all Linux Boxes.

Lynis is free and open source all in one network and Server auditing tool. Once the audit is complete, we can review the results, warnings, and suggestions, and then we can implement our security related policy according to it. It will show reports of a system, that report can be broken into sections.

Why we should use Lynis :

There are numbers of reasons why we should Lynis in our environment, but prominent are listed below:

  • Network and Servers Security Audit
  • Vulnerability detection and scanning
  • System hardening
  • Penetration Testing

Till date Lynis supports multiple operating systems like :

  • RPM Based OS like Red Hat, CentOS and Fedora
  • Debian Based OS like Ubuntu, Linux Mint
  • FreeBS
  • macOS
  • NetBSD
  • OpenBSD
  • Solaris

In this article this article, we will demonstrate how we can install Lynis on a Linux server and how to perform security auditing of a Linux Server.

Installation of Lynis on Linux Server

Lynis is light weight software, it will not break your system and will not affect any application or services which are hosted on your Linux Box

First of all we will create a directory for Lynis installation,

[[email protected] ~]# mkdir /usr/local/lynis
[[email protected] ~]#

Now go to the directory and download latest Lynis source code with the help of wget command

[[email protected] ~]# cd /usr/local/lynis/
[[email protected] lynis]# wget https://downloads.cisofy.com/lynis/lynis-2.6.4.tar.gz

Extract the downloaded Lynis tar.gz file using below command,

[[email protected] lynis]# ll
total 268
-rw-r--r--. 1 root root 273031 May  2 07:45 lynis-2.6.4.tar.gz
[[email protected] lynis]# tar zxpvf lynis-2.6.4.tar.gz
[[email protected] lynis]# ll
total 272
drwxr-xr-x. 6 root root   4096 Jun  1 23:17 lynis
-rw-r--r--. 1 root root 273031 May  2 07:45 lynis-2.6.4.tar.gz
[[email protected] lynis]#

Now Go to the directory lynis, run lynis script what options available. Root user or user with admin privileges can run the script, all logs and output will be saved in /var/log/lynis.log file

[email protected] lynis]# cd lynis
[[email protected] lynis]# ./lynis

Output of above command will be something like below

Lynis-Command-options

Start auditing and find Vulnerabilities

Now we need to start Lynis process, so we must define a ‘audit system’ parameter for scanning whole system.

Run the either of the below command to start the auditing for whole system,

[[email protected] lynis]# ./lynis audit system
Or
[[email protected] lynis]# ./lynis audit system --wait --> (wait for user to hit enter to display report for next section)

Output above command would be something like below:

1)    Initialize Lynis tool

Initialize-lynis-tool

2) System Tool and Boot & Services

system-tool-Boot-services-lynis

3)    Kernel and Memory & Process auditing

Kernel-Memory-Proccess-Lynis

4) User and Group & Authentication

Users-Group-authentication-Audit-Lynis

5) Shells and File System Auditing

Shells-FileSystem-Audit-Lynis

6) USB, Storage, NFS and Name Service Audit

USB-Storage-NFS-Name-Services-Audit-Lynis

7) Port, Packages, Networking and Printers & Spool Audit

Ports-Packages-Networking-Printer-Spools-Audit-lynis

8) Installed Software Audit

Installed-Software-Audit-Lynis

9) SSH Server and SNMP Audit

SSH-SNMP-Audit-Lynis

10) LDAP Service, PHP, Squid and Logging audit

LDAP-PHP-Squid-Logging-Audit-Lynis

11) Insecure Services, Banners, Cron jobs and Accounting audit 

Insecure-service-Banners-Cronjob-Accounting-Audit-Lynis

12) Time Synchronization, Cryptography, Virtualization, Containers and Security Framework Audit

Time Synchronization-Virtualization-Security-frameworks-audit-lynis

13) File Permissions, Malware detection and Home Directory Audit

Malware-detction-File-Permissions-Audit-Lynis

14) Kernel Hardening Audit

Kernel-Hardening-Audit-Lynis

15) Warning and suggestions

Warnings-Suggestion-Lynis

16) Lynis Scan and Audit results

Lynis-Scan-audit-Result

Sometimes we don’t want to scan or audit full system’s Applications or service, So we can audit custom application by category. Let have a look how to perform it,

[[email protected] lynis]# ./lynis show groups
accounting
authentication
banners
boot_services
containers
crypto
databases
dns
file_integrity
file_permissions
filesystems
firewalls
hardening
homedirs
insecure_services
kernel
kernel_hardening
ldap
logging
mac_frameworks
mail_messaging
malware
memory_processes
nameservices
networking
php
ports_packages
printers_spools
scheduling
shells
snmp
squid
ssh
storage
storage_nfs
system_integrity
time
tooling
usb
virtualization
webservers
[[email protected] lynis]#

So now we will get an simple audit of Linux Kernel and database, We will use the command as below.

[[email protected] lynis]# ./lynis  --tests-from-group "databases kernel"

Audit-Specific-Group-Lynis1

Audit-Specific-Group-Lynis2

Audit-Specific-Group-Lynis3

To check more options of lynis command, please refer its man page,

[[email protected] lynis]# ./lynis --man

That’s all from this article, please do share your feedback & comments.

2 Responses

  1. Amar says:

    Thanks for sharing. very useful for me

  2. shekhar lohach says:

    Article was great, but if i choose a category such as malware and only want to perform specific malware tests such as MALW-3276, how do i perform it ?

Leave a Reply

Your email address will not be published. Required fields are marked *

Pin It on Pinterest