How to Install Lynis 2.2.0 – Security Auditing Tool for Linux



Lynis is a security audit tool for Unix and Linux based systems. It assists auditor in scanning the system and its security defenses helps in improving system hardening. This software will determine system information which is specific to OS type, installed packages, system and network configuration. Additionally, it will check the system for configuration errors and security issues. This article explains about how to install lynis on Ubuntu.

Features

  • It is an open source
  • It supported shell script
  • No dependencies
  • Easy to understand
  • Dynamic OS detection
  • It supported 300+ built-in tests
  • It supports for custom tests
  • Plugin support
  • It supports compliance checks
  • Extensive software support

Installing of Lynis

Lynis doesn’t required any installation, it can be used directly from any directory. To practice in a better way, create a directory for Lynis under /usr/local/lynis as shown below –

# mkdir /usr/local/lynis

Download the stable version of Lynis source files as shown below –

# cd /usr/local/lynis
    # wget www.cisofy.com/files/lynis-2.2.0.tar.gz 

The sample output should be like this –

--2016-05-05 10:27:09-- www.cisofy.com/files/lynis-2.2.0.tar.gz Resolving cisofy.com (cisofy.com)... 149.210.134.182, 2a01:7c8:aab2:209::1
    Connecting to cisofy.com (cisofy.com)|149.210.134.182|:443... connected.
    HTTP request sent, awaiting response... 200 OK
    Length: 202825 (198K) [application/octet-stream]
    Saving to: ‘lynis-2.2.0.tar.gz’

    lynis-2.2.0.tar.gz 100%[===================>] 198.07K 209KB/s in 0.9s

    2016-05-05 10:27:11 (209 KB/s) - ‘lynis-2.2.0.tar.gz’ saved [202825/202825]

Now Unpack the above packages as shown below –

# tar -xvf lynis-2.2.0.tar.gz

The sample output should be like this-

lynis/CHANGELOG
    lynis/CONTRIBUTIONS.md
    lynis/CONTRIBUTORS
    lynis/FAQ
    lynis/INSTALL
    lynis/LICENSE
    lynis/README
    lynis/db/
    lynis/db/integrity.db
    lynis/db/sbl.db
    lynis/db/fileperms.db
    lynis/db/malware-susp.db
    lynis/db/malware.db
    lynis/db/hints.db
    lynis/default.prf
    lynis/extras/
    lynis/extras/README
    lynis/extras/files.dat
    lynis/extras/lynis.spec
    lynis/extras/systemd/
    lynis/extras/systemd/lynis.service
    lynis/extras/systemd/lynis.timer
    lynis/extras/openbsd/
    lynis/extras/openbsd/+CONTENTS
    lynis/extras/check-lynis.sh
    lynis/extras/bash_completion.d/
    lynis/extras/bash_completion.d/lynis
    lynis/extras/.bzrignore
    lynis/extras/build-lynis.sh
    lynis/include/
    lynis/include/helper_audit_dockerfile
    lynis/include/profiles
    lynis/include/tests_malware
    lynis/include/tests_containers
    lynis/include/tests_accounting
    lynis/include/parameters
    lynis/include/tests_ssh
    lynis/include/tool_tips
    lynis/include/tests_time
    lynis/include/tests_firewalls
    lynis/include/tests_nameservices
    lynis/include/binaries
    lynis/include/tests_webservers
    lynis/include/tests_squid
    lynis/include/tests_storage_nfs
    lynis/include/tests_insecure_services
    lynis/include/tests_scheduling
    lynis/include/tests_tooling
    lynis/include/tests_hardening
    lynis/include/tests_networking
    lynis/include/tests_custom.template

    ......................................

Running and Using Lynis Basics

To run Lynis, it requires root user permission and writes output to /var/log/lynis.log file. Use the below commands to run Lynis-

# cd lynis
    # ./lynis

The above command will provide you a complete list of available parameters as shown below-

[ Lynis 2.2.0 ]

    ################################################################################
       comes with ABSOLUTELY NO WARRANTY. This is free software, and you are
       welcome to redistribute it under the terms of the GNU General Public License.
       See the LICENSE file for details about using this software.

       Copyright 2007-2016 - CISOfy, https://cisofy.com/lynis/
       Enterprise support and plugins available via CISOfy
    ################################################################################

    [+] Initializing program
    ------------------------------------

       Usage: lynis [options] mode


       Mode:

          audit
             audit system          : Perform security scan
             audit dockerfile      : Analyze Dockerfile

          update
             update info           : Show update details
             update release       : Update Lynis release


       Scan options:
          --auditor ""           : Auditor name
          --dump-options           : See all available options
          --no-log             : Don't create a log file
          --pentest             : Non-privileged scan (useful for pentest)
          --profile             : Scan the system with the given profile file
          --quick (-Q)           : Quick mode, don't wait for user input
          --tests ""             : Run only tests defined by
          --tests-category "" : Run only tests defined by

       Layout options:
          --no-colors           : Don't use colors in output
          --quiet (-q)           : No output, except warnings
          --reverse-colors       : Optimize color display for light backgrounds

    ...............................................................................................

To start Lynis process, you must define a –check-all parameter to begin scanning of your entire Linux system as shown below –

# ./lynis --check-all

The sample output should be like this –

[+] Initializing program
    ------------------------------------
       - Detecting OS...                         [ DONE ]

    ---------------------------------------------------
       Program version:             2.2.0
       Operating system:             Linux
       Operating system name:       Ubuntu
       Operating system version:     16.04
       Kernel version:             4.4.0
       Hardware platform:           x86_64
       Hostname:                   linux
       Auditor:                   [Unknown]
       Profile:                   ./default.prf
       Log file:                   /var/log/lynis.log
       Report file:                /var/log/lynis-report.dat
       Report version:             1.0
       Plugin directory:           ./plugins
       ---------------------------------------------------
       - Checking profile file (./default.prf)...
       - Program update status...                [ NO UPDATE ]

    [+] System Tools
    ------------------------------------
       - Scanning available tools...
       - Checking system binaries...

    [+] Plugins (phase 1)
    ------------------------------------
       Note: plugins have more extensive tests, which may take a few minutes to complete

          - Plugins enabled                      [ NONE ]

    [+] Boot and services
    ------------------------------------
       - Service Manager                         [ systemd ]
       - Checking UEFI boot                       [ ENABLED ]
       - Checking Secure Boot                   [ DISABLED ]
       - Checking presence GRUB2                 [ FOUND ]
          - Checking for password protection     [ WARNING ]
       - Check running services (systemctl)       [ DONE ]
             Result: found 31 running services
       - Check enabled services at boot (systemctl) [ DONE ]
             Result: found 38 enabled services
       - Check startup files (permissions)          [ OK ]

Creating Lynis Cronjobs

To create Lynis cronJobs for a daily scan report of your system, use the following command –

# crontab -e

The sample output should be like this –

# crontab -e# Edit this file to introduce tasks to be run by cron.
    #
    # Each task to run has to be defined through a single line
    # indicating with different fields when the task will be run
    # and what command to run for the task
    #
    # To define the time you can provide concrete values for
    # minute (m), hour (h), day of month (dom), month (mon),
    # and day of week (dow) or use '*' in these fields (for 'any').#
    # Notice that tasks will be started based on the cron's system
    # daemon's notion of time and timezones.
    #
    # Output of the crontab jobs (including errors) is sent through
    # email to the user the crontab file belongs to (unless redirected).
    #
    # For example, you can run a backup of all your user accounts
    # at 5 a.m every week with:
    # 0 5 * * 1 tar -zcf /var/backups/home.tgz /home/

Add the following line to run cron job daily at 10:30pm

3022***root /path/to/lynis -c -Q --auditor "automated" --cronjob

Updating Lynis

Updating Lynis, use the following commands-

# ./lynis update info       [Show update details]
    # ./lynis update release    [Update Lynis release]

After this article, you will be able to understand – “How to install Lynis 2.2.0 ”. In our next articles, we will come up with more Linux based tricks and tips. Keep reading!

Updated on: 2020-01-22T06:37:33+05:30

238 Views

Kickstart Your Career

Get certified by completing the course

Get Started
Advertisements