Installation guide for first-time Lynis users
Step 1: Download and Installation
To obtain a copy of Lynis, several options are available. We advise to choose the option you are most familiar with.
Installing using your package manager. Supported packages in DEB and RPM format.Select
If you use Git, a great option. Always the latest version.Select
The latest stable version of Lynis, as a normal download. Good match for AIX, HPUX.Select
4. Homebrew (macOS)
Great choice for users of macOS, to install Lynis and keep it up-to-date.Select
1. Installation via package
Installing Lynis via a package manager is one option to get started with Lynis. For most operating systems and distributions, a port or package is available.
First add our software repository. This way the latest version will be available to your system.
This applies to systems running YUM, including CentOS, Fedora, Red Hat Enterprise Linux (RHEL).$ yum install lynis
Systems running Debian, Linux Mint, Ubuntu, or are based on one of these.$ apt-get install lynis
openSUSE$ zypper install lynis
After the installation, it is time to run Lynis for the first time.To First Run
2. Installation via Git
The first step is cloning the project. Before doing so, select the parent directory. Git will create a 'lynis' subdirectory with the full program in it.$ cd /usr/local$ git clone https://github.com/CISOfy/lynis Cloning into 'lynis'... remote: Counting objects: 1733, done. remote: Compressing objects: 100% (8/8), done. remote: Total 1733 (delta 3), reused 0 (delta 0), pack-reused 1725 Receiving objects: 100% (1733/1733), 886.18 KiB | 378.00 KiB/s, done. Resolving deltas: 100% (1204/1204), done. Checking connectivity... done.$ cd lynis
That is it. Time to run your first security audit:$ lynis audit system
Although no configuration is required, there are a few useful commands to learn.Learn Commands
3. Installation via direct download
Step 1. Create a directory
Lynis can be started from each directory. So choose a directory where you want to store Lynis. For our example purpose we use /usr/local/lynis, as the /usr/local directory exists on most distributions.$ mkdir -p /usr/local/lynis $ cd /usr/local
Step 2. Download
Next step is downloading the latest version of Lynis into the /usr/local directory. In this method we use the compressed tarball, which is an archive of all files.
Go to the Lynis download page. Copy the link to the Lynis tarball (ends with lynis-<version>.tar.gz).
Use this link together with wget (usually installed by default). macOS users can use curl tool, where BSD users could use fetch.$ wget https://cisofy.com/files/lynis-<version>.tar.gz
or$ curl https://cisofy.com/files/lynis-<version>.tar.gz -o lynis.tar.gz
Step 3. Unpack the tarball$ tar xfvz lynis-<version>.tar.gz
After unpacking, it is time to run Lynis for the first time.To First Run
4. Installation via Homebrew
For users of macOS, Homebrew can be used as an alternative to manual installation and using Git.$ brew install lynis
After the installation with Homebrew, it is time to run Lynis for the first time.To First Run
Step 2: First Run
If Lynis was installed via a package or Homebrew, you can run Lynis from any directory.
For the other methods, ensure that you are in the right directory and add './' in front of the command, like:
Lynis can run without any preconfiguration. Configuration and fine-tuning is possible though and will be covered in later sections. For now we will run a basic scan:
$ lynis audit system
(use ./lynis audit system to start Lynis from the local directory if you didn't install it as a software package)
Lynis and pauses
By default Lynis starts and pauses after the first section. With CTRL+C you can stop the program. With ENTER it will continue to the next set of tests. If we want to run Lynis without any pauses, we could give it an additional parameter: --quick. This will enable the "quick" option, ideal for running Lynis while you do other things.
$ lynis audit system --quick
Lynis is started with at least one command, usually followed by one or more options.
|audit system||Perform a system audit|
|show commands||Show available Lynis commands|
|show help||Provide a help screen|
|show profiles||Display discovered profiles|
|show settings||List all active settings from profiles|
|show version||Display current Lynis version|
The show command requires an up-to-date version of Lynis.
|--auditor "Given name Surname"||Assign an auditor name to the audit (report)|
|--cronjob||Run Lynis as cronjob (includes -c -Q)|
|--debug||Show debug information, useful for troubleshooting and development|
|--help||-h||Shows valid parameters|
|--man-page||View man page|
|--no-colors||Do not use any colors|
|--pentest||Perform a penetration test scan (non-privileged)|
|--quick||-Q||Don't wait for user input, except on errors|
|--quiet||-q||Only show warnings (includes --quick, but doesn't wait)|
|--reverse-colors||Use a different color scheme for lighter backgrounds|
|--verbose||Show more screen output|
- If Lynis is not installed as package (with included man page), use --man or nroff -man ./lynis.8
- For systems where the shell background is light, use --nocolors or --reverse-colors
- Use command show options to see all available parameters of Lynis
Step 3: Report and Logging
Lynis performs an in-depth audit and reports its findings to the following outputs:
1. Screen output
Lynis scans the system and performs hundreds of tests. For most of these tests, a result will be displayed on the screen.
Possible tests results include:
- OK or Warning
- Found or Not found
- A value
2. Log fileThe results are displayed on screen during the system scan. Additional details are logged in a separate file (default: /var/log/lynis.log). This information is useful for advanced testers, to see what the program did in the background, or where anomalies showed up.
Information in the log file:
- Time of an action/event
- Reason(s) why a test failed or was skipped
- Output of (internal) tests
- Suggestions about configuration options or how to fix/improve things
- Threat/impact score
Remark: the log file is purged every scan. If you need debugging or logging information for previous scans, schedule log rotation or make a backup before running Lynis again.
3. Report files
During the audit process, Lynis will gather findings and other data points. This information is stored in the report file, which is by default /var/log/lynis-report.dat.
Lynis supports one report format, which can be used to gather results and display them in a custom or (more) friendly presentation. The report file can also be used to compare scan results from the past with a current scan. Lynis Enterprise has much more possibilities to display data, including extended reports in several formats.
Contents of report file:
- Remarks = #<remark>
- Section = [<section name>]
- Option/value = <option name>=<value of option>
When an option could have multiple values (like installed packages for example), brackets () are added. Example: installed_package=Package-1.0.0
Tips and Suggestions
Staying up-to-date with software is important. Some options to ensure your Lynis installation is up-to-date:
Frequently Asked Questions
Is Lynis really free?
Yes, Lynis is open source and free to use. Lynis is released under GPL and comes without warranties or support. If you still prefer support or Enterprise features, then Lynis Enterprise is a better choice.
Is Lynis restricted in functionality compared with the Enterprise version?
There are no limitations regarding functionality. Lynis is also part of the Enterprise version. Therefore it has similar functionality, with the exception of (some) plugins.
What systems are supported?
All common systems based on UNIX are supported. Examples include Linux, AIX, *BSD, HP-UX, macOS, and Solaris.
For package management are the following tools supported:
- apt/dpkg, DNF, pacman, pkg_info, ports, RPM, YUM, zypper
The colors used are hard to read with my white background, how can I solve this?
Disable color usage or use the --reverse-colors option
What is the difference between a normal test and a plugin?
Both look very similar in what they can do. A normal test has the main goal of performing a check, and conclude. Something is present or not, the outcome is good or bad etc.
The purpose of plugins is to collect data for later analysis. In particular the Lynis Enterprise solution will use plugins to collect extra data which will be later analyzed. One example would be to determine exceptions or outliers. It would not make sense to have everyone build up databases of data, while all information is already centrally stored.
Can I create my own tests or plugins?
A good start is using the development guide for Lynis plugins.
Where can I report any issues?
The best way to discuss any findings or issues, is using the Lynis project page on GitHub.
Lynis is licensed under the GPLv3 license.