Lynis is an open source security auditing tool. Primary goal is to help users with auditing and hardening of Unix and Linux based systems. The software is very flexible and runs on almost every Unix based system (including Mac). Even the installation of the software itself is optional!

Lynis will perform hundreds of individual tests to determine the security state of the system. Many of these tests are also part of common security guidelines and standards. Examples include searching for installed software and determine possible configuration flaws. Lynis goes further and does also test individual software components, checks related configuration files and measures performance. After these tests, a scan report will be displayed with all discovered findings.

Typical use cases for Lynis:

Requirements:
Changelog:
New:
- Boot loader detection for AIX [BOOT-5102]
- Detection of getcap and lsvg binary
- Added filesystem_ext to report
- Detect rootsh
Changes:
- Hide errors when RPM database is faulty and show suggestion instead [PKGS-7308]
- Allow OpenBSD to gather information on listening network ports [NETW-3012]
- Don't trigger warning for Shellshock when doing segfault test [SHLL-6290]
- Do not run Apache test on OpenBSD and strip control chars [HTTP-6624]
- Extended AIDE test with configuration validation test [FIND-4314]
- Improved Shellshock test regarding non-Linux support [SHLL-6290]
- Added support for gathering volume groups on AIX [FILE-6311]
- Properly parse PAM lines and add them to report [AUTH-9264]
- Support for boot loader detection on OpenBSD [BOOT-5159]
- Added uptime detection for OpenBSD systems [BOOT-5202]
- Support for volume groups on AIX [FILE-6312]
- Redirect errors when searching for readlink binary

Lynis is a security auditing tool for the Linux, Unix and Mac platform. Being open source and free to use, it is an accessible and great solution to perform security scans. Within just a matter of minutes, it displays the weaknesses in your defenses, and tips for improving them. While Lynis was initially an auditing solution, version 1.6.1 brought a very exciting new pentest option (--pentest). It allows to perform a non-privileged scans, so root access is not longer needed. Great for pentesting and to determine if there are other holes to exploit.

This tool is the result of 7 years of development and much feedback by the community. Now it supported by the original author and his company, development is active and regular updates are being released. The author also stated Lynis would remain free and open source. His way of giving back to the community and make sure nice tools do not get behind a paywall.

Lynis is an open source security auditing tool. Primary goal is to help users with auditing and hardening of Unix and Linux based systems. The software is very flexible and runs on almost every Unix based system (including Mac). Even the installation of the software itself is optional!

Lynis will perform hundreds of individual tests to determine the security state of the system. Many of these tests are also part of common security guidelines and standards. Examples include searching for installed software and determine possible configuration flaws. Lynis goes further and does also test individual software components, checks related configuration files and measures performance. After these tests, a scan report will be displayed with all discovered findings.

Typical use cases for Lynis:

Open source software provides trust by having people look into the code. Adjustments are easily made, providing you with a flexible solution for your business. But can you trust systems and software with your data? Lynis provides you this confidence. It does so with extensive auditing of your systems. This way you can verify and stay in control of your security needs.

Lynis is an open source security auditing tool. Primary goal is to help users with auditing and hardening of Unix and Linux based systems. The software is very flexible and runs on almost every Unix based system (including Mac). Even the installation of the software itself is optional!

Lynis will perform hundreds of individual tests to determine the security state of the system. Many of these tests are also part of common security guidelines and standards. Examples include searching for installed software and determine possible configuration flaws. Lynis goes further and does also test individual software components, checks related configuration files and measures performance. After these tests, a scan report will be displayed with all discovered findings.

Typical use cases for Lynis:

Open source software provides trust by having people look into the code. Adjustments are easily made, providing you with a flexible solution for your business. But can you trust systems and software with your data? Lynis provides you this confidence. It does so with extensive auditing of your systems. This way you can verify and stay in control of your security needs.

Lynis is an auditing tool for Unix/Linux. It performs a security scan and determines the hardening state of the machine. Any detected security issues will be provided in the form of a suggestion or warning. Beside security related information it will also scan for general system information, installed packages and possible configuration errors.

This software aims in assisting automated auditing, hardening, software patch management, vulnerability and malware scanning of Unix/Linux based systems. It can be run without prior installation, so inclusion on read only storage is possible (USB stick, cd/dvd).

Lynis assists auditors in performing Basel II, GLBA, HIPAA, PCI DSS and SOx (Sarbanes-Oxley) compliance audits.

Intended audience:Security specialists, penetration testers, system auditors, system/network managers.

Lynis is an auditing tool for Unix/Linux. It performs a security scan and determines the hardening state of the machine. Any detected security issues will be provided in the form of a suggestion or warning. Beside security related information it will also scan for general system information, installed packages and possible configuration errors.

This software aims in assisting automated auditing, hardening, software patch management, vulnerability and malware scanning of Unix/Linux based systems. It can be run without prior installation, so inclusion on read only storage is possible (USB stick, cd/dvd).

Lynis assists auditors in performing Basel II, GLBA, HIPAA, PCI DSS and SOx (Sarbanes-Oxley) compliance audits.

Lynis is an auditing tool for Unix/Linux. It performs a security scan and determines the hardening state of the machine. Any detected security issues will be provided in the form of a suggestion or warning. Beside security related information it will also scan for general system information, installed packages and possible configuration errors.

This software aims in assisting automated auditing, hardening, software patch management, vulnerability and malware scanning of Unix/Linux based systems. It can be run without prior installation, so inclusion on read only storage is possible (USB stick, cd/dvd).

Lynis assists auditors in performing Basel II, GLBA, HIPAA, PCI DSS and SOx (Sarbanes-Oxley) compliance audits.