Lynis is an auditing-tool for Unix specialists. It scans the system as well as installed software and detects vulnerabilities. Additionally, the scan system provides general information and may point to possible configuration errors.


  • You have to logon as root user login/su or equivalent rights (e.g., by the use of sudo)
  • You need write access to /var/log for the use of a log/debug report
  • You need write access to /tmp for temporary files


lynis can be installed with the Pakfire web interface or via the console:

pakfire install lynis


To start Lynis, change to the Console, change the directory to /var/ipfire/lynis. Execute the following commands:

cd /var/ipfire/lynis

Used without parameters Lynis displays you a list of valid parameters.

With the option audit system Lynis will start a complete scan:

./lynis audit system


Not every alarm of Lynis is extremely critical and needs immediate action; it may also shows notes and hints, which you may use to increase the system security.

Likewise, Lynis is highly customizable, including:

  • The list and level of details of the tests carried out
  • The language in which the results are displayed (section titles, status)
  • Etc.

This can be done by copying the file /var/ipfire/lynis/default.prf to custom.prf then modifying the content of this new file.


Do you see this error when you run lynis?

egrep: warning: egrep is obsolescent; using grep -E

This is a known issue with lynis. See:


Temporarily remove egrep is obsolescent messages:

./lynis audit system 2> >(grep -v 'egrep: warning: egrep is obsolescent; using grep -E')
  • Find more information here
Edit Page ‐ Yes, you can edit!

Older Revisions • July 25 at 4:28 pm • Jon