Lynis is an auditing-tool for Unix specialists. It scans the system as well as installed software and detects vulnerabilities. Additionally, the scan system provides general information and may point to possible configuration errors.
Requirements
- You have to logon as root user login/su or equivalent rights (e.g., by the use of sudo)
- You need write access to
/var/log
for the use of a log/debug report - You need write access to
/tmp
for temporary files
Installation
lynis can be installed with the Pakfire web interface or via the console:
pakfire install lynis
Usage
To start Lynis, change to the Console, change the directory to /var/ipfire/lynis
. Execute the following commands:
cd /var/ipfire/lynis
./lynis
Used without parameters Lynis displays you a list of valid parameters.
With the option audit system
Lynis will start a complete scan:
./lynis audit system
Note
Not every alarm of Lynis is extremely critical and needs immediate action; it may also shows notes and hints, which you may use to increase the system security.
Likewise, Lynis is highly customizable, including:
- The list and level of details of the tests carried out
- The language in which the results are displayed (section titles, status)
- Etc.
This can be done by copying the file /var/ipfire/lynis/default.prf
to custom.prf
then modifying the content of this new file.
Trouble?
Do you see this error when you run lynis
?
egrep: warning: egrep is obsolescent; using grep -E
This is a known issue with lynis
. See:
https://github.com/CISOfy/lynis/issues/1338
Workaround
Temporarily remove egrep is obsolescent
messages:
./lynis audit system 2> >(grep -v 'egrep: warning: egrep is obsolescent; using grep -E')
Links
- Find more information here