Lynis

Lynis is an auditing-tool for Unix specialists. It scans the system as well as installed software and detects vulnerabilities. Additionally, the scan system provides general information and may point to possible configuration errors.

Requirements

  • You have to logon as root user login/su or equivalent rights (e.g., by the use of sudo)
  • You need write access to /var/log for the use of a log/debug report
  • You need write access to /tmp for temporary files

Installation

lynis can be installed with the Pakfire web interface or via the console:

pakfire install lynis

Usage

To start Lynis, change to the Console, change the directory to /var/ipfire/lynis. Execute the following commands:

cd /var/ipfire/lynis
./lynis

Used without parameters Lynis displays you a list of valid parameters.

With the option audit system Lynis will start a complete scan:

./lynis audit system

Note

Not every alarm of Lynis is extremely critical and needs immediate action; it may also shows notes and hints, which you may use to increase the system security.

Likewise, Lynis is highly customizable, including:

  • The list and level of details of the tests carried out
  • The language in which the results are displayed (section titles, status)
  • Etc.

This can be done by copying the file /var/ipfire/lynis/default.prf to custom.prf then modifying the content of this new file.

Trouble?

Do you see this error when you run lynis?

egrep: warning: egrep is obsolescent; using grep -E

This is a known issue with lynis. See:
https://github.com/CISOfy/lynis/issues/1338

Workaround

Temporarily remove egrep is obsolescent messages:

./lynis audit system 2> >(grep -v 'egrep: warning: egrep is obsolescent; using grep -E')
  • Find more information here
Edit Page ‐ Yes, you can edit!

Older Revisions • July 25 at 4:28 pm • Jon