Lynis 2.7.3 - Safety Auditing Tool For Unix/Linux Systems
We are excited to denote this major unloosen of auditing tool Lynis. Several large changes convey been made to pith functions of Lynis. These changes are the side yesteryear side of simplification improvements nosotros made. There is a gamble of breaking your existing configuration.
Lynis is an opened upward origin safety auditing tool. Used yesteryear arrangement administrators, safety professionals, together with auditors, to evaluate the safety defenses of their Linux together with UNIX-based systems. It runs on the host itself, so it performs to a greater extent than extensive safety scans than vulnerability scanners.
Lynis is an opened upward origin safety auditing tool. Used yesteryear arrangement administrators, safety professionals, together with auditors, to evaluate the safety defenses of their Linux together with UNIX-based systems. It runs on the host itself, so it performs to a greater extent than extensive safety scans than vulnerability scanners.
Supported operating systems
The tool has almost no dependencies, thus it runs on almost all Unix-based systems together with versions, including:
- AIX
- FreeBSD
- HP-UX
- Linux
- Mac OS
- NetBSD
- OpenBSD
- Solaris
- and others
It fifty-fifty runs on systems similar the Raspberry Pi together with several storage devices!
Installation optional
Lynis is light-weight together with slow to use. Installation is optional: only re-create it to a system, together with utilisation "./lynis audit system" to kickoff the safety scan. It is written inwards rhythm out script together with released equally opened upward origin software (GPL).
Lynis is light-weight together with slow to use. Installation is optional: only re-create it to a system, together with utilisation "./lynis audit system" to kickoff the safety scan. It is written inwards rhythm out script together with released equally opened upward origin software (GPL).
How it works
Lynis performs hundreds of private tests, to hit upward one's hear the safety Earth of the system. The safety scan itself consists of performing a laid upward of steps, from initialization the program, upward to the report.
Steps
- Determine operating system
- Search for available tools together with utilities
- Check for Lynis update
- Run tests from enabled plugins
- Run safety tests per category
- Report condition of safety scan
Besides the information displayed on the screen, all technical details most the scan are stored inwards a log file. Any findings (warnings, suggestions, information collection) are stored inwards a study file.
Opportunistic Scanning
Lynis scanning is opportunistic: it uses what it tin find.
For example, if it sees yous are running Apache, it volition perform an initial circular of Apache related tests. When during the Apache scan it also discovers an SSL/TLS configuration, it volition perform additional auditing steps on that. While doing that, it together with so volition collect discovered certificates so they tin hold out scanned afterwards equally well.
In-depth safety scans
By performing opportunistic scanning, the tool tin run alongside almost no dependencies. The to a greater extent than it finds, the deeper the audit volition be. In other words, Lynis volition ever perform scans which are customized to your system. No audit volition hold out the same!
Use cases
Since Lynis is flexible, it is used for several unlike purposes. Typical utilisation cases for Lynis include:
- Security auditing
- Compliance testing (e.g. PCI, HIPAA, SOx)
- Vulnerability detection together with scanning
- System hardening
Resources used for testing
Many other tools utilisation the same information files for performing tests. Since Lynis is non express to a few mutual Linux distributions, it uses tests from standards together with many custom ones non flora inwards whatever other tool.
- Best practices
- CIS
- NIST
- NSA
- OpenSCAP data
- Vendor guides together with recommendations (e.g. Debian Gentoo, Red Hat)
Lynis Plugins
Plugins enable the tool to perform additional tests. They tin hold out seen equally an extension (or add-on) to Lynis, enhancing its functionality. One illustration is the compliance checking plugin, which performs specific tests solely applicable to roughly standard.
Changelog
Upgrade notePlugins enable the tool to perform additional tests. They tin hold out seen equally an extension (or add-on) to Lynis, enhancing its functionality. One illustration is the compliance checking plugin, which performs specific tests solely applicable to roughly standard.
Changelog
## Lynis 2.7.3 (2019-03-21) ### Added - Detection for Lynis beingness scheduled (e.g. cronjob) ### Changed - HTTP-6624 - Improved logging for assay - KRNL-5820 - Changed coloring for default fs.suid_dumpable value - LOGG-2154 - Adjusted assay to search inwards configuration file correctly - NETW-3015 - Added back upward for ip binary - SQD-3610 - Description of assay changed - SQD-3613 - Corrected description inwards code - SSH-7408 - Increased values for MaxAuthRetries - Improvements to let tailored tool tips inwards futurity - Corrected detection of blkid binary - Minor textual changes together with cleanups