HxHippy

Lynis Security Auditing

Automated security auditing and hardening suggestions with Lynis.

Last updated: 2025-01-15

Lynis Security Auditing

Lynis performs comprehensive security audits on Unix-based systems.

Installation

# Debian/Ubuntu
sudo apt install lynis

# RHEL/CentOS
sudo dnf install lynis

# From Git (latest)
git clone https://github.com/CISOfy/lynis.git
cd lynis && sudo ./lynis audit system

Running Audits

# Full system audit
sudo lynis audit system

# Quick audit
sudo lynis audit system --quick

# Pentest profile
sudo lynis audit system --pentest

# Specific profile
sudo lynis audit system --profile /etc/lynis/custom.prf

Understanding Results

Hardening Index

Hardening index : 67 [#############       ]
Tests performed : 256
Plugins enabled : 0

Score interpretation:

  • 80+ : Good
  • 60-79 : Needs improvement
  • 40-59 : Vulnerable
  • <40 : Critical

Warnings and Suggestions

# View suggestions
grep "Suggestion" /var/log/lynis.log

# View warnings
grep "Warning" /var/log/lynis.log

Automated Auditing

# Cron job for weekly audit
0 2 * * 0 /usr/sbin/lynis audit system --cronjob --quiet

# Email results
sudo lynis audit system --cronjob | mail -s "Lynis Report" [email protected]

Common Findings

Finding Priority Typical Fix
Weak permissions High chmod/chown
Missing updates High apt upgrade
SSH hardening Medium sshd_config
Kernel parameters Medium sysctl
File integrity Low AIDE/Tripwire
beginner Tools Updated 2025-01-15
  • lynis
  • security audit
  • hardening
  • compliance
  • vulnerability