Lynis 2.6.9 releases: Open source auditing in Linux system
Lynis is an open source security auditing tool. Used by system administrators, security professionals, and auditors, to evaluate the security defenses of their Linux and UNIX-based systems. It runs on the host itself, so it performs more extensive security scans than vulnerability scanners. It is also the client in our Lynis Enterprise offering.
Supported operating systems
Lynis runs on almost all UNIX-based systems and versions, including:
- AIX
- FreeBSD
- HP-UX
- Linux
- MacOS
- NetBSD
- OpenBSD
- Solaris
- and others
It even runs on systems like the Raspberry Pi or QNAP storage devices.
Installation optional
Lynis is light-weight and easy to use. Installation is optional: just copy it to a system, and use “./lynis audit system” to start the security scan. It is written in shell script and released as open source software (GPL). Software packages are available from our software repository.
How it works
performs hundreds of individual tests. Each helps to determine the security state of the system. This is what happens during a scan with Lynis:
Steps
- Determine the operating system
- Search for available tools and utilities
- Check for Lynis update
- Run tests with enabled plugins
- Run security tests per category
- Report the status of security scan
Besides the data displayed on the screen, all technical details about the scan are stored in a log file. Any findings (warnings, suggestions, data collection) are stored in a report file.
Changelog
v2.6.9 (2018-09-19)
Changed
- Man page has been updated
- Command ‘lynis show options’ provides up-to-date list
- Option ‘–dump-options’ is deprecated
- Several options and commands have been extended with more examples
- OS detection now supports openSUSE specific distribution names
- Changed command output when using ‘lynis audit system remote’
- DBS-1882 – added /usr/local/redis/etc path and QNAP support
- PKGS-7322 – updated solution text
- KRNL-5788 – ignore exception when no vmlinuz file was discovered
- TIME-3104 – extended logging for test
