Lynis: Security auditing and hardening tool for Linux, Unix and macOS
Lynis is a powerful security auditing tool designed for systems based on UNIX, such as Linux, macOS, and BSD, among others. It performs a comprehensive and thorough security scan directly on the system itself. The main objective of Lynis is to evaluate the effectiveness of security defenses and provide valuable insights and recommendations for further enhancing system hardening.
In addition to conducting a detailed analysis of the system's security, Lynis also examines general system information, identifies vulnerable software packages, and detects potential configuration issues.
Over the years, Lynis has gained popularity among system administrators and auditors who rely on it to assess the robustness of their systems' security defenses. Furthermore, Lynis has become an essential tool in the arsenal of penetration testers, expanding its usage beyond just the "blue team.”
Goals
The main goals are:
- Automated security auditing
- Compliance testing (e.g. ISO27001, PCI-DSS, HIPAA)
- Vulnerability detection
The software (also) assists with:
- Configuration and asset management
- Software patch management
- System hardening
- Penetration testing (privilege escalation)
- Intrusion detection
Audience
Typical users of the software:
- Developers: Test that Docker image, or improve the hardening of your deployed web application.
- System administrators: Run daily health scans to discover new weaknesses.
- IT auditors: Show colleagues or clients what can be done to improve security.
- Penetration testers: Discover security weaknesses on systems of your clients, that may eventually result in system compromise.
Supported operating systems
Lynis runs on almost all UNIX-based systems and versions, including:
- AIX
- FreeBSD
- HP-UX
- Linux
- macOS
- NetBSD
- NixOS
- OpenBSD
- Solaris
- and others
It even runs on systems like the Raspberry Pi, IoT devices, and QNAP storage devices.
License
- GPLv3
Resources
CISOfy
CISOfy
