Lynis is an auditing tool for Unix (specialists). It scans the system configuration and creates an overview of system information and security issues usable by professional auditors.
This software aims in assisting automated auditing of Unix based systems and can be used in addition to other software, like security scanners, system benchmarking and fine tuning tools.
Examples of audit tests:
- Available authentication methods
- Expired SSL certificates
- Outdated software
- User accounts without password
- Incorrect file permissions
- Firewall auditing
Supported operating systems
- CentOS 5
- Debian 4.0
- Fedora Core 4 and higher
- FreeBSD 6.x, 7.0
- Mac OS X 10.x (Tiger, Leopard)
- Mandriva 2007
- OpenBSD 4.x
- Red Hat, RHEL 5.x
- Slackware 12.1
- Ubuntu 7.04, 7.10, 8.04
Using Lynis : Basics
To run Lynis you should meet a few requirements:
- You have to be root (log in as normal user, su to root)
or have equivalent rights (for example by using sudo).
- Have write access to /var/log (for using a log/debug and report file)
- Have write access to /tmp (temporary files)
Depending on the installation or the path you run Lynis from, you can start it with 'lynis' (if installed and the file is available in your binary path) or 'sh lynis' or './lynis'.