Lynis is a system based auditing and open source tool. It supports with the auditing systems which is running UNIX-systems and providing controls for system hardening and comliance based testing.
By running ‘lynis’ the program is begun and will give the essential parameters accessible. If you are using it for first time Lynis (or utilized Git), at that point utilize “./lynis” to begin the program from the local directory.
The most common command to begin Lynis is utilizing review framework order. This still begin the security scan.
To run Lynis you should meet one essential: have compose access to/tmp (temporary documents).
Installation via package
Installing Lynis via a package manager is one option to get started with Lynis. For most operating systems and distributions, a port or package is available.
First add our software repository. This way the latest version will be available to your system.
This applies to systems running YUM, including CentOS, Fedora, Red Hat Enterprise Linux (RHEL).
$ yum install lynis
Systems running Debian, Linux Mint, Ubuntu, or are based on one of these.
$ apt-get install lynis
$ zypper install lynis
After the installation, it is time to run Lynis for the first time.
Installation via Git
The first step is cloning the project. Before doing so, select the parent directory. Git will create a ‘lynis’ subdirectory with the full program in it.
$ cd /Desktop $ git clone https://github.com/CISOfy/lynis
Cloning into ‘lynis’…
remote: Counting objects: 1733, done. remote: Compressing objects: 100% (8/8), done. remote: Total 1733 (delta 3), reused 0 (delta 0), pack-reused 1725 Receiving objects: 100% (1733/1733), 886.18 KiB | 378.00 KiB/s, done. Resolving deltas: 100% (1204/1204), done. Checking connectivity... done. $ cd lynis
That is it. Time to run your first security audit:
$ lynis audit system
Although no configuration is required, there are a few useful commands to learn.
The Lynis tool requires a minimum amount of parameters to run. If you are using it for the first time, just run lynis and see what output it provides.
The audit command tells Lynis to perform an audit.
system - audit the host system
docker file - audit a docker file
The show command informs Lynis to share information, like help or the value of something.
- help – show help and tips
- profiles – show discovered audit profiles
- settings – show active settings
- version – show Lynis version
- Here you can see the commands which are all given in the Lynis auditing tool,There are more options which are given below, some of them are layout options, misc options and Enterprise options too.
- Lynis scans the system and performs the tests, results should be displayed on the screen. The log files should be displayed on the screen during the system scan. To check that log database to saved here var/log/lynis.log. The log file should store once the backup before the process of running Lynis again and again. During the audit process, Lynis will gather some findings and data points should use where we can find that storage process using varlog/lynis-report.dat.Benefits:
- Perform audits within a few minutes
- System hardening can be done
- Central management
- Powerful reporting
- Compliance checks (e.g. PCI DSS)
- Additional plugins and more tests
Comparison between Lynis and other tools:
Hardening process are easily exposed when compared to other auditing tools such as Bastille, TOD (Touch of Death). It conserves time when compared to other auditing tools.
It helps to track your compliance needs, IT audits, better security defences.
Operating system Finding:
It detects the operating system name, operating system version, host name and hardware platform for the Lynis tool.
Lynis runs almost all UNIX-based systems and versions including,
- macOS, Solaris etc…
- It even runs on the storage devices like Raspberry Pi, or QNAP
- System Tools:It find out the Binaries, scanning the tools which are all currently updated or not and used some plugins also in this system tools.
- Boot configuration:In this boot configuration level issues to be find whether the password is encrypted, booting method like legacy boot or UEFI boot method, Grub checking possibilities, and how many services are running in the system, to check the start-up files also.
Security need to be reliable. Lynis can remind us to stay consistent. Lynis will scan your system and warn you for any security holes. This blogs gives an idea about Lynis server hardening tool to harden server and also discussed about where the exact location of hardening. BriskInfosec offers end to end server hardening solutions where ever the industry requires to know more get in touch with us.
BriskInfosec Technology and consulting PVT LTD
Find me @https://www.linkedin.com/in/aravindhan-s-90b98787/