Lynis 3.0.1 releases: Open source auditing in Linux system

Lynis is an open source security auditing tool. Used by system administrators, security professionals, and auditors, to evaluate the security defenses of their Linux and UNIX-based systems. It runs on the host itself, so it performs more extensive security scans than vulnerability scanners. It is also the client in our Lynis Enterprise offering.

Supported operating systems

Lynis runs on almost all UNIX-based systems and versions, including:

• AIX
• FreeBSD
• HP-UX
• Linux
• MacOS
• NetBSD
• OpenBSD
• Solaris
• and others

It even runs on systems like the Raspberry Pi or QNAP storage devices.

Installation optional

Lynis is light-weight and easy to use. Installation is optional: just copy it to a system, and use “./lynis audit system” to start the security scan. It is written in shell script and released as open source software (GPL). Software packages are available from our software repository.

How it works

performs hundreds of individual tests. Each helps to determine the security state of the system. This is what happens during a scan with Lynis:

Steps

1. Determine the operating system
2. Search for available tools and utilities
3. Check for Lynis update
4. Run tests with enabled plugins
5. Run security tests per category
6. Report the status of security scan

Besides the data displayed on the screen, all technical details about the scan are stored in a log file. Any findings (warnings, suggestions, data collection) are stored in a report file.

Changelog

Lynis 3.0.1

Added

• • • Detection of Alpine Linux
    • Detection of CloudLinux
    • Detection of Kali Linux
    • Detection of Linux Mint
    • Detection of macOS Big Sur (11.0)
    • Detection of Pop!_OS
    • Detection of PHP 7.4
    • Malware detection tool: Microsoft Defender ATP
    • New flag: –slow-warning to allow tests more time before showing a warning
    • Test TIME-3185 to check systemd-timesyncd synchronized time
    • rsh host file permissions

Changed

• • AUTH-9229 – Added option for LOCKED accounts and bugfix for older bash versions
  • BOOT-5122 – Presence check for grub.d added
  • CRYP-7902 – Added support for certificates in DER format
  • CRYP-7931 – Added data to report
  • CRYP-7931 – Redirect errors (e.g. when swap is not encrypted)
  • FILE-6430 – Don’t grep nonexistant modprobe.d files
  • FIRE-4535 – Set initial firewall state
  • INSE-8312 – Corrected text on screen
  • KRNL-5728 – Handle zipped kernel configuration correctly
  • KRNL-5830 – Improved version detection for non-symlinked kernel
  • MALW-3280 – Extended detection of BitDefender
  • TIME-3104 – Find more time synchronization commands
  • TIME-3182 – Corrected detection of time peers
  • Fix: hostid generation routine would sometimes show too short IDs
  • Fix: language detection
  • Generic improvements for macOS
  • German translation updated
  • End-of-life database updated
  • Several minor code enhancements

Download

Copyright (C) 2014 CISOfy