LYNIS - Documentation
Usage
The basic syntax for using Lynis is as follows:
lynis [OPTIONS] [COMMAND]
Where `OPTIONS` define the behavior of the scan and `COMMAND` specifies which audit tasks to perform.
Command Line Options
Lynis offers a range of command-line options that allow for customization of the audit process.
Common Options
- `--help`
Displays the help message, listing all available commands and options.
lynis --help
- `--version`
Displays the version of Lynis installed on the system.
lynis --version
- `--verbose`
Provides additional details about the tests being performed. Can be used multiple times to increase verbosity.
lynis --verbose
- `--quick`
Performs a faster scan by skipping certain checks that may take more time.
lynis --quick
- `--cron`
Runs Lynis in cron mode, which generates less output for automated reports.
lynis --cron
Specific Commands
- `audit system`
Initiates a full audit of the system, checking configuration settings, software packages, and security policies.
lynis audit system
- `audit plugin`
Runs an audit using specific plugins. Plugins are modular checks that can be enabled or disabled based on user requirements.
lynis audit plugin
- `--tests <testfile>`
Specifies a custom test file to use instead of the default. This can be useful for focusing on a specific set of checks.
lynis --tests my_testfile
Output and Reporting
Lynis produces output in several formats, including detailed console output and reports saved to files.
Output Types
- `stdout`
The standard output for the audit results is printed to the terminal by default.
lynis audit system
- `report-file`
Lynis can store the audit results in a file, which can be later reviewed or processed. The file path can be specified using the `--report-file` option.
lynis audit system --report-file /path/to/report.txt
- `json`
For easier automation, Lynis can output the results in JSON format. This allows integration with other tools and scripting.
lynis audit system --json
Log Files
Lynis creates log files in the `/var/log/lynis` directory by default. These logs store detailed information about each scan, including any issues detected.
cat /var/log/lynis/lynis.log
Detailed Audit
The detailed audit output provides information about the security posture of the system and highlights areas that need attention. Each item is assigned a severity score, ranging from 0 (no issue) to 100 (critical issue).
For example, you may see something like:
+ Test name: File Permissions Severity: 50 Description: Check file permissions to ensure sensitive files are not accessible by unauthorized users.
These results are grouped by categories, such as:
- System
- Networking
- Authentication
- Applications
- Filesystem
Customizing Lynis Audits
Lynis allows users to customize the tests that are run during an audit by using configuration files or command-line options. For advanced use cases, users may modify the `/etc/lynis/lynis.cfg` file to disable or enable specific tests.
Example: Disable Specific Tests
To disable specific tests, edit the configuration file `/etc/lynis/lynis.cfg` and comment out unwanted tests.
# Disable check for empty passwords disable-tests = 1830
Example: Enable Custom Test Suite
To use a custom test suite, specify the location of the test file with the `--tests` option.
lynis audit system --tests /path/to/custom_tests
Scheduling Lynis Audits
Lynis can be automated through cron jobs for periodic scans. A common approach is to schedule a nightly audit to monitor system security on an ongoing basis.
Example Cron Job
To schedule a nightly Lynis audit at 2 AM, add the following cron job:
0 2 * * * /usr/local/bin/lynis audit system --cron
