Lynis: Security auditing and hardening tool for Linux, Unix and macOS

Lynis: Security auditing and hardening tool for Linux, Unix and macOS
Photo by Fleur / Unsplash

Lynis is a powerful security auditing tool designed for systems based on UNIX, such as Linux, macOS, and BSD, among others. It performs a comprehensive and thorough security scan directly on the system itself. The main objective of Lynis is to evaluate the effectiveness of security defenses and provide valuable insights and recommendations for further enhancing system hardening.

In addition to conducting a detailed analysis of the system's security, Lynis also examines general system information, identifies vulnerable software packages, and detects potential configuration issues.

Over the years, Lynis has gained popularity among system administrators and auditors who rely on it to assess the robustness of their systems' security defenses. Furthermore, Lynis has become an essential tool in the arsenal of penetration testers, expanding its usage beyond just the "blue team.”

Goals

The main goals are:

  • Automated security auditing
  • Compliance testing (e.g. ISO27001, PCI-DSS, HIPAA)
  • Vulnerability detection

The software (also) assists with:

  • Configuration and asset management
  • Software patch management
  • System hardening
  • Penetration testing (privilege escalation)
  • Intrusion detection

Audience

Typical users of the software:

  • Developers: Test that Docker image, or improve the hardening of your deployed web application.
  • System administrators: Run daily health scans to discover new weaknesses.
  • IT auditors: Show colleagues or clients what can be done to improve security.
  • Penetration testers: Discover security weaknesses on systems of your clients, that may eventually result in system compromise.

Supported operating systems

Lynis runs on almost all UNIX-based systems and versions, including:

  • AIX
  • FreeBSD
  • HP-UX
  • Linux
  • macOS
  • NetBSD
  • NixOS
  • OpenBSD
  • Solaris
  • and others

It even runs on systems like the Raspberry Pi, IoT devices, and QNAP storage devices.

License

  • GPLv3

Resources

GitHub - CISOfy/lynis: Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.
Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional. - GitHu…
Lynis - Security auditing and hardening tool for Linux/Unix
Lynis is an open source security auditing tool. Part of Lynis Enterprise Suite, its main goal is to audit and harden Unix and Linux based systems.