Lynis – Security Auditing Tool for Unix/Linux

Wednesday, May 06, 2015 Sensei Fedon 0 Comments

Lynis is a security auditing tool for Unix and Linux based systems. It performs in-depth security scans, with almost no configuration, This tool commonly used by network administrator/system admin, security professionals and pentester/auditor to evaluate linux/unix system.

Requirements: Shell and basic utilities

Permissions: Root permissions or normal user

Operating System Supported:

AIX
FreeBSD
HP-UX
Linux
Mac OS
NetBSD
OpenBSD
Solaris

The new version of Lynis Security Auditing Tool was already release: Lynis 2.1.0

Changelog:

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

32

33

34

35

36

37

38

Security Auditing Tool= Lynis 2.1.0 (2015-04-16) 

General:

---------

Screen output has been improved to provide additional information.

OS support:

------------

CUPS detection on Mac OS has been improved. AIX systems will now use csum

utility to create host ID. Group check have been altered on AIX, to include

the -n ALL. Core dump check on Linux is extended to check for actual values

as well.

Software:

----------

McAfee detection has been extended by detecting a running cma binary.

Improved detection of pf firewall on BSD and Mac OS. Security patch checking

with zypper extended.

Session timeout:

-----------------

Tests to determine shell time out setting have been extended to account for

AIX, HP-UX and other platforms. It will now determine also if variable is

exported as a readonly variable. Related compliance section PCI DSS 8.1.8

has been extended.

Documentation:

---------------

- New document: Getting started with Lynis

https://cisofy.com/documentation/lynis/get-started/

Plugins (Enterprise):

----------------------

- Update to file integrity plugin

Changes to PLGN-2606 (capabilities check)

- New configuration plugins:

PLGN-4802 (SSH settings)

PLGN-4804 (login.defs)

1. Installation via direct download

Create a Directory

1

2

mkdir -p /usr/local/lynis

cd /usr/local

2. Download Lynis here: https://cisofy.com/download/lynis/

1

2

 wget https://cisofy.com/files/lynis-.tar.gz

curl https://cisofy.com/files/lynis-.tar.gz -o lynis-version.tar.gz

3. Unpack the tarball

1

.tar.gz

4. After unpacking, it is time to run Lynis for the first time.

1

 ./lynis

Lynis can run without any preconfiguration. Configuration and fine-tuning is possible though and will be covered in later sections. For now we will run a basic scan:

1

lynis audit system

Common parameters:

Below the most commonly used parameter when running Lynis.

Parameter	Abbreviated	Description
–auditor “Given name Surname”		Assign an auditor name to the audit (report)
–checkall	-c	Start the check
–check-update		Check if Lynis is up-to-date
–cronjob		Run Lynis as cronjob (includes -c -Q)
–help	-h	Shows valid parameters
–manpage		View man page
–nocolors		Do not use any colors
–pentest		Perform a penetration test scan (non-privileged)
–quick	-Q	Don’t wait for user input, except on errors
–quiet		Only show warnings (includes –quick, but doesn’t wait)
–reverse-colors		Use a different color scheme for lighter backgrounds
–version	-V	Check program version (and quit)

Tips

If Lynis is not installed as package (with included man page), use –man or nroff -man ./lynis.8
For systems where the shell background is light, use –nocolors or –reverse-colors
Use –dump-options to see all available parameters of Lynis

Network Security

Lynis – Security Auditing Tool for Unix/Linux

0 comments:

Advertising

About

Follow Us

Popular Posts

Labels

Total Pageviews

Blog Archive

Popular Posts