Lynis Plugins

Introduction

Purpose

Lynis is written in shell script, a versatile scripting language available on all systems running Linux or a UNIX-based operating system. For this reason, most system administrators can easily create their own tests for Lynis. This is useful when you want to write your own tests or plugins. In this document we have a look at how to create a plugin, with some custom tests in it.

Plugins within Lynis have the primary function of collecting (more) data. This data can then be used by any predefined or custom test. Another option is that the data is just stored in the report file and analyzed by third party tools.

Plugin Phases

Lynis runs each time a full cycle of steps. For plugins there are two moments when they can run, which we call phase 1 and phase 2. The complete cycle looks like this:

1. Initialization
2. OS detection
3. Detection of binaries
4. Plugins phase 1
5. Run built-in tests
6. Run any custom tests (optional)
7. Plugins phase 2
8. Show report
9. Stop program

Plugin Location

The first step is to know where Lynis is installed, and in particular in which directory your plugins are stored.

lynis show plugindir

Note: this path is also displayed on screen when running Lynis, and stored in your log file (usually /var/log/lynis.log).