This is the supporting documentation for Lynis Enterprise, with focus on the Lynis Control Panel and related modules. For the installation of Lynis there is the Installation Guide available.
Part I: Lynis Control Panel
Lynis Enterprise is a flexible software solution which can be used as Software-as-a-Service (SaaS) or standalone within your network. When using the SaaS based solution, you can skip this section.
- Minimal 2 GB of RAM
- 10 GB of disk space
- Internet access
The software is installed via an installer. Companies who are eligible for using the on-premise version, will receive the related link to the installer.This installation utility will act both as an installer and updater tool. It can be executed on a regular basis to refresh existing components or upgrade them.
During the first time the installer is used, it will ask several configuration settings. For example the license key and an administrative e-mail address to send updates regarding any follow-up actions. All other configuration is done in the Control Panel itself, after installation.
The Control Panel is the central component of the Lynis Enterprise solution. It allows you to centrally manage, control and report about your IT environment.
Lynis Enterprise overview
Control Panel Usage
The Control Panel is web based and accessible on most devices with a modern web browser. For devices with a smaller screen, the interface will scale or adjust where needed.
First time users
The first time using the interface, you may be asked to link your account. Usually this is done against an order code to verify you are allowed access to a particular company entity.
Help & Documentation
At most pages of the website the icon will link you to the appropriate section in this document.
When you want to perform a search, use the icon to access the search. The search can be used to find different elements, like tags.
The Control Panel has support for several account types. These roles indicate what a user can do and what is restricted.Examples
- Normal user
This user type has only access to the dashboard. Ideal for displaying the dashboard without the risk of colleagues using the account anonymously.
Users with the read-only role can browse most areas, but can not add, change or delete items. Ideal for users who do not perform system administration duties, like customers, managers, auditors or colleagues from other teams.
This type of account can do most actions, except administrative ones like creating accounts.
The administrator role has all permissions and should used with care. This type of account could be additionally safeguarded to prevent unauthorized creation of new users.
The compliance module helps with enforcing security policies by comparing actual and expected results. Besides predefined policies, custom policies can be made. Each policy consists of multiple rule sets. These rule sets, with its rules, shape the policy and instruct the system what to look for. From checks as simple as the operating system, up to particular tests and their results.
There are two type of policies, global and custom policies. The first group are predefined policies and managed for you. If you like to use them, just add a system to the policy and it will tested against that policy. If you want to use your own policies, create a new policy. This will then be a policy of the second group.
Policies are created by filling them with rule sets. Each set is formed by adding one or multiple rules to it.
Purpose: a rule set combines multiple similar rules into a logical group. In other words, keeping similar tests together and describing them properly.
The rule set also have an action when one, multiple or all rules within that set are matched. Default there are 3 different action: do nothing, mark as compliant, and mark as non-compliant.
Rules are the smallest individual tests there can be. It is as simple as a test like "Does this operating system equal 'Linux'?"
Lynis Enterprise uses events to signal administrators about important discoveries. These events are small messages to tell what has been found and what action is needed.
The idea behind events is to provide a daily activity plan to keep your environment as healthy as possible. After an event is solved you can mark it as done and it will be gone.
To avoid flooding the administrator, each event type will be listed only once. If an event already exists, it will be updated with a new date to show that the event is still current.
Some events might never get solved, so this is why there is an option to hide them. The system will still update them, but not show them anymore.
By default events will be activated if they are part of your license. No configuration is needed.
File Integrity Module
The file integrity module helps with monitoring the file integrity of the system. While the name may suggest it monitors just files, it also checks other areas of the system, like software package management. It includes multiple levels of integrity checking, using both external and internal utilities. File integrity can go as far as full integrated OS support, like IMA/EVM on Linux.Used icons:
- Status of machine unclear
- One or more issues found
- All tests seem to be fine
Specific test is fine
Specific test is fine
File Integrity Plugin for Lynis
For Enterprise users of the software, there is a dedicated plugin available for file integrity monitoring. The plugin performs individual tests and collects information, which is then processed by the Lynis Control Panel.
When the file integrity plugin is not installed, the interface will report this. Registered users can download a bundled version of Lynis, which includes the plugins. It comes with the file integrity plugin.
Integrity of Binaries
Software is besides the actual data one of the most precious files stored on disk. The integrity of these files are important, to ensure no unauthorized alterations have been made. The file integrity monitoring solution helps with discovering these alterations.
No binaries tested
Depending on the operating system used, some tests might not be available. If "no binaries tested" is displayed, specific tools might be missing. What you can do is send a support e-mail, together with the operating system being used, so we can investigate the options.
Binaries mismatches found
During the check some binaries might should up as mismatches (). This indicates that one or more binaries have been found with a different hash than expected. To determine the specific details, run Lynis with the plugins and look in the log file (/var/log/lynis.log).
Some operating systems have a specific vulnerability database available. It may be used to check the state of packages and discover vulnerable packages. Lynis determines if this database is available, its integrity and aging.
Lynis Enterprise provides a dashboard which provides a quick overview of your environment. Our solution is different in that it provides three different dashboards by default. Your manager might be interested in compliance, while you want to know if all components are at the latest patch level. For every type of user there is a tailored dashboard.
This level is most suitable for consultants and engineers, as it provides all (technical) details of your IT environment. It will also include items related to the configuration of Lynis Enterprise, like plugin configuration.
Where the technical dashboard provides all details, this dashboard focuses on the operational aspects of your environment. It is tailored to managerial staff, like the IT manager, security manager or process managers. Not only will some details be left out, it will also list different risks and other representations of the stored data about your environment.
Where the technical dashboard provides all details, this dashboard focuses on the operational aspects of your environment. It is tailored to managers, like the IT manager, security manager or process managers.
The reports are a different type of view on your systems. Usually it will contain more fields, so you have all information available in one overview. The reports can be easily copied into your spreadsheet program. This way you have full on control on what you want to do with the data, or embed it in your corporate reporting templates.
Deciding where to start hardening your systems can be challenging. The improvement plan solves this issue by calculating what areas would be most interesting for your environment. It helps you even select them via different methods, like quick wins or systems with the highest risk rating.Examples
- Quick wins: Low risk, low effort
- Impact: High impact, low to high risk
- Controls: Control matching most comes first
- System risk: Focus on high risk systems
In the system overview, all systems belonging to your company are displayed. It includes basic information, like scan date, Lynis version, compliance status and amount of findings.
To get deep insights on what is known about a system, the system details page will show most of the information on one page. It includes the basic information of the system, up till every applicable category it discovered.
Adding or Removing Systems
To add a system to Lynis Enterprise, only three steps are needed:
- Add license key to your profile
- Add the central host
- Use the --upload as additional paramater
The license key can be found in the configuration screen. The central host value is usually equal to the address you used before, to log in on the central interface. These changes to be applied to the profile you are using. You may use the default.prf file, or copy it and use your custom file.Example configuration:
After changing the file, run Lynis:
# lynis audit system --quick --upload --profile name_of_file.prf
Tags are an easy way to define properties of a system. Examples may include software running on the system, the role of the system, or the status of services.
Tags are listed in the configuration screen and as a tag cloud under the system details. By clicking on a tag it will search for all systems which that particular tag.
By default the Lynis Control Panel performs "auto-tagging" and applies built-in tags to the system. These are then available for easy ordering or searching.