Documentation and tips about the modules within Lynis Enterprise
This is the supporting documentation for Lynis Enterprise, with focus on the Lynis Control Panel and related modules. For the installation of Lynis there is the Installation Guide available.
Other subjectsLynis Control Panel
Part I: Lynis Control Panel
Lynis Enterprise is a flexible software solution which can be used online as Software-as-a-Service (SaaS) or self-hosted within your network. When using the SaaS based solution, you can skip this section.
The installation is covered in the Lynis Enterprise Self-Hosted Guide
The Control Panel is the central component of the Lynis Enterprise solution. It allows you to centrally manage, control and report about your IT environment.
Lynis Enterprise overview
Control Panel Usage
The Control Panel is web based and accessible on most devices with a modern web browser. For devices with a smaller screen, the interface will scale or adjust where needed.
Help & Documentation
At most pages of the website the icon will link you to the appropriate section in this document.
When you want to perform a search, use the icon to access the search. The search can be used to find different elements, like tags.
The Control Panel has support for several account types. Each role defines what a user can do.Examples
- Normal user
This user type has only access to the dashboard. Ideal for displaying the dashboard without the risk of colleagues using the account anonymously.
Users with the read-only role can browse most areas, but can not add, change or delete items. Ideal for users who do not perform system administration duties, like customers, managers, auditors or colleagues from other teams.
This type of account can do most actions, except administrative ones like creating accounts.
The administrator role has all permissions and should used with care. This type of account could be additionally safeguarded to prevent unauthorized creation of new users.
The compliance module helps with enforcing security policies by comparing actual and expected results. Each policy consists of multiple rule sets. These rule sets, with its rules, shape the policy and instruct the system what to look for. It includes a wide variety of checks and data points to check the system's security. Besides predefined policies, policies can be created and customized.
Lynis Enterprise has data available for standards and best practices like CIS, GDPR, HIPAA, ISO27001 and ISO27002, PCI-DSS, SOC, SOx, and others.
The compliance module provides several features to simplify testing the security of a system against a predefined set of rules.
- Predefined policies include common standards and best practices
- Create custom policies with the policy editor
- Test compliance on each data upload
- Automatically link a system to a policy based on system characteristics (hostname, OS, etc)
There are two type of policies, global and custom policies. The first group are predefined policies and managed for you. If you like to use them, just add a system to the policy and it will tested against that policy. If you want to use your own policies, create a new policy. This will then be a policy of the second group.
Policies are created by filling them with rule sets. Each set is formed by adding one or multiple rules to it.
Purpose: a rule set combines multiple similar rules into a logical group. In other words, keeping similar tests together and describing them properly.
The rule set also have an action when one, multiple or all rules within that set are matched. Default there are 3 different action: do nothing, mark as compliant, and mark as non-compliant.
Rules are the smallest individual tests there can be. It is as simple as a test like "Does this operating system equal 'Linux'?"
The policy engine evaluates all relevant rules and uses the outcome for further processing. Depending on its linked action, a rule can mark a system non-compliant, compliant, or do nothing.
Lynis Enterprise uses events to signal administrators about important discoveries. These events are small messages to tell what has been found and what action is needed.
The idea behind events is to provide a daily activity plan to keep your environment as healthy as possible. After an event is solved you can mark it as done and it will be gone.
To avoid flooding the administrator, each event type will be listed only once. If an event already exists, it will be updated with a new date to show that the event is still current.
Some events might never get solved, so this is why there is an option to hide them. The system will still update them, but not show them anymore.
By default events will be activated if they are part of your license. No configuration is needed.
System integrity module
The system integrity module helps with monitoring the integrity of the system. It includes areas like file integrity, package manager, vulnerability information, and more. It uses internal functions and external utilities to get a better picture of the system.Used icons:
- Status of machine unclear
- One or more issues found
- All tests seem to be fine
Specific test is fine
Specific test needs attention
File Integrity Plugin for Lynis
For Enterprise users of the software, there is a dedicated plugin available related to system and file integrity. The plugin performs individual tests and collects information, which is then processed by the Lynis Control Panel.
When the file integrity plugin is not installed, the interface will report this. Registered users can download a bundled version of Lynis, which includes the plugins. It comes with the file integrity plugin.
Integrity of Binaries
Software is, besides the actual data, one of the most sensitive components stored on disk. The integrity of these files are important, to ensure no unauthorized alterations have been made. Several tests are performed to provide a 'confidence level', to give a better idea on how well alterations can be prevented or detected.
No binaries tested
Depending on the operating system used, some tests might not be available. If "no binaries tested" is displayed, specific tools might be missing. What you can do is send a support e-mail, together with the operating system being used, so we can investigate the options.
Binaries mismatches found
During the check some binaries might should up as mismatches (). This indicates that one or more binaries have been found with a different hash than expected. To determine the specific details, run Lynis with the plugins and look in the log file (/var/log/lynis.log).
Some operating systems have a specific vulnerability database available. It may be used to check the state of packages and discover vulnerable packages. Lynis determines if this database is available, its integrity and aging.
Lynis Enterprise provides a dashboard which provides a quick overview of your environment. Our solution is different in that it provides three different dashboards by default. Your manager might be interested in compliance, while you want to know if all components are at the latest patch level. For every type of user there is a tailored dashboard.
This level is most suitable for consultants and engineers, as it provides all (technical) details of your IT environment. It will also include items related to the configuration of Lynis Enterprise, like plugin configuration.
Where the technical dashboard provides all details, this dashboard focuses on the operational aspects of your environment. It is tailored to managerial staff, like the IT manager, security manager or process managers. Not only will some details be left out, it will also list different risks and other representations of the stored data about your environment.
Where the technical dashboard provides all details, this dashboard focuses on the operational aspects of your environment. It is tailored to managers, like the IT manager, security manager or process managers.
The reports are a different type of view on your systems. Usually it will contain more fields, so you have all information available in one overview. The reports can be easily copied into your spreadsheet program. This way you have full on control on what you want to do with the data, or embed it in your corporate reporting templates.
Deciding where to start hardening your systems can be challenging. The improvement plan solves this issue by calculating what areas would be most interesting for your environment. It helps you even select them via different methods, like quick wins or systems with the highest risk rating.Examples
- Quick wins: Low risk, low effort
- Impact: High impact, low to high risk
- Controls: Control matching most comes first
- System risk: Focus on high risk systems
In the system overview, all systems belonging to your company are displayed. It includes basic information, like scan date, Lynis version, compliance status and amount of findings.
To get deep insights on what is known about a system, the system details page will show most of the information on one page. It includes the basic information of the system, up till every applicable category it discovered.
Adding or Removing Systems
To add a system to Lynis Enterprise, only two steps are needed:
- Configure the license key and central server
- Use the --upload to send data to central server
The license key can be found in the configuration screen. The central host value is usually equal to the address you used before, to log in on the central interface.
Add your changes to /etc/lynis/custom.prfExample configuration:
After changing the file, run Lynis:
# lynis audit system --upload