Lynis

Open source auditing

Lynis is an open source security auditing tool. Commonly used by system administrators, security professionals and auditors, to evaluate the security defenses of their Linux/Unix based systems. It runs on the host itself, so it performs more extensive security scans than vulnerability scanners.

Supported operating systems

Lynis runs on almost all Unix based systems and versions, including:

  • AIX
  • FreeBSD
  • HP-UX
  • Linux
  • Mac OS
  • NetBSD
  • OpenBSD
  • Solaris
  • and others

It even runs on systems like the Raspberry Pi, QNAPs and other storage devices.

No installation required

Lynis is flexible and easy to use. It is one of the few tools, in which installation is optional. Just copy it onto the system and give it a command like "audit system" to run the security scan. It is written in shell script and released as open source software (GPL).

Download Lynis Download


How it works

Lynis performs hundreds of individual tests, to determine the security state of the system. The security scan itself consists of performing a set of steps, from initializing the program, up to the report.

Steps

  1. Determine operating system
  2. Search for available tools and utilities
  3. Check for Lynis update
  4. Run tests from enabled plugins
  5. Run security tests per category
  6. Report status of security scan

During the scan, technical details about the scan are stored in a log file. At the same time findings (warnings, suggestions, data collection), are stored in a report file.


Opportunistic scanning

Lynis scanning is opportunistic: it uses what it can find.

For example if it sees you are running Apache, it will perform an initial round of Apache related tests. When during the Apache scan it also discovers a SSL/TLS configuration, it will perform additional auditing steps on that. While doing that, it then will collect discovered certificates, so they can be scanned later as well.

In-depth security scans

By performing opportunistic scanning, the tool can run with almost no dependencies. The more it finds, the deeper the audit will be. In other words, Lynis will always perform scans which are customized to your system. No audit will be the same!


Use cases

Since Lynis is flexible, it is used for several different purposes. Typical use cases for Lynis include:

  • Security auditing
  • Compliance testing (e.g. PCI, HIPAA, SOx)
  • Vulnerability detection and scanning
  • System hardening

Why open source software?

Open source software provides additional trust, by allowing people to look into the source code. Adjustments are easily made, providing you with a flexible solution for your business.

Lynis is one of the few security auditing solutions available which is truly open source. This explains also its success, as we get feedback from both customers and the community. Lynis is available as a download, or can be cloned via GitHub GitHub.

Our advice: trust software, but ensure you can check it yourself.


Resources used for testing

Many other tools use the same data files for performing tests. Since Lynis is not limited to a few common Linux distributions, it uses tests from standards and many custom ones not found in any other tool.

  • Best practices
  • CIS
  • NIST
  • NSA
  • OpenSCAP data
  • Vendor guides and recommendations (e.g. Debian Gentoo, Red Hat)

Lynis Plugins

Plugins enable the tool to perform additional tests. They can be seen as an extension (or add-on) to Lynis, enhancing its functionality. One example is the compliance checking plugin, which performs specific tests only applicable to some standard.


Comparison with other tools

Lynis has a different way of doing things, so you have more flexibility. After all, you should be the one deciding what security controls make sense for your environment. We have a small comparison with some other well known tools:

Bastille Linux

Bastille was for a long time the best known utility for hardening Linux systems. It focuses mainly on automatically hardening the system.

Differences with Bastille

Automated hardening tools are helpful, but at the same time might give a false sense of security. Instead of just turning on some settings, Lynis perform an in-depth security scan. You are the one to decide what level of security is appropriate for your environment. After all, not all systems have to be like Fort Knox, unless you want it to be.

Benefits of Lynis

  • Supports more operating systems
  • Won't break your system
  • More in-depth audit



OpenVAS / Nessus

These products focus primarily on vulnerability scanning. They do this via the network by polling services. Optionally they will log in to a system and gather data.

Differences with OpenVAS / Nessus

Lynis runs on the host itself, therefore it can perform a deeper analysis compared with network based scans. Additionally, there is no risk for your business processes, and log files remain clean from connection attempts and incorrect requests.

Although Lynis is an auditing tool, it will actually discover vulnerabilities as well. It does so by using existing tools and analyzing configuration files.

Lynis and OpenVAS are both open source and free to use. Nessus is a closed source and paid.

Benefits of Lynis

  • Much faster
  • No pollution of log files, no disruption to business services
  • Host based scans provides more in-depth audit

Download

Lynis is open source software and freely available. To help with the installation we suggest the Get Started guide.

Download Lynis Download



Lynis Enterprise

Our Lynis Enterprise Suite uses Lynis as a core component. Lynis can run as a standalone tool, but also acting as a client for Lynis Enterprise.

Continuous auditing

Security is not a one-time event. For companies who want to do continuous auditing, we provide Lynis Enterprise. This full suite is a security solution that adds central management, plugins, reporting, hardening snippets and more.

Read more about Lynis Enterprise and discover all benefits.