{"id":18746,"date":"2023-02-19T17:22:57","date_gmt":"2023-02-19T17:22:57","guid":{"rendered":"https:\/\/webhostinggeeks.com\/howto\/?p=18746"},"modified":"2023-10-14T11:41:26","modified_gmt":"2023-10-14T11:41:26","slug":"how-to-setup-lynis-to-perform-a-security-vulnerability-test-on-a-linux-machine","status":"publish","type":"post","link":"https:\/\/webhostinggeeks.com\/howto\/how-to-setup-lynis-to-perform-a-security-vulnerability-test-on-a-linux-machine\/","title":{"rendered":"How to Setup Lynis to Perform a Security Vulnerability Test on a Linux Machine"},"content":{"rendered":"<p><img decoding=\"async\" data-src=\"https:\/\/webhostinggeeks.com\/howto\/wp-content\/uploads\/2023\/10\/How-to-Setup-Lynis-Tool-for-Server-Vulnerability-Tests-1024x768.jpg\" alt=\"How to Setup Lynis Tool for Server Vulnerability Tests\" width=\"1024\" height=\"768\" class=\"alignnone size-large wp-image-18747 lazyload\" data-srcset=\"https:\/\/webhostinggeeks.com\/howto\/wp-content\/uploads\/2023\/10\/How-to-Setup-Lynis-Tool-for-Server-Vulnerability-Tests-1024x768.jpg 1024w, https:\/\/webhostinggeeks.com\/howto\/wp-content\/uploads\/2023\/10\/How-to-Setup-Lynis-Tool-for-Server-Vulnerability-Tests-300x225.jpg 300w, https:\/\/webhostinggeeks.com\/howto\/wp-content\/uploads\/2023\/10\/How-to-Setup-Lynis-Tool-for-Server-Vulnerability-Tests-128x96.jpg 128w, https:\/\/webhostinggeeks.com\/howto\/wp-content\/uploads\/2023\/10\/How-to-Setup-Lynis-Tool-for-Server-Vulnerability-Tests-420x315.jpg 420w, https:\/\/webhostinggeeks.com\/howto\/wp-content\/uploads\/2023\/10\/How-to-Setup-Lynis-Tool-for-Server-Vulnerability-Tests-540x405.jpg 540w, https:\/\/webhostinggeeks.com\/howto\/wp-content\/uploads\/2023\/10\/How-to-Setup-Lynis-Tool-for-Server-Vulnerability-Tests-720x540.jpg 720w, https:\/\/webhostinggeeks.com\/howto\/wp-content\/uploads\/2023\/10\/How-to-Setup-Lynis-Tool-for-Server-Vulnerability-Tests-960x720.jpg 960w, https:\/\/webhostinggeeks.com\/howto\/wp-content\/uploads\/2023\/10\/How-to-Setup-Lynis-Tool-for-Server-Vulnerability-Tests-1140x855.jpg 1140w, https:\/\/webhostinggeeks.com\/howto\/wp-content\/uploads\/2023\/10\/How-to-Setup-Lynis-Tool-for-Server-Vulnerability-Tests-1320x990.jpg 1320w, https:\/\/webhostinggeeks.com\/howto\/wp-content\/uploads\/2023\/10\/How-to-Setup-Lynis-Tool-for-Server-Vulnerability-Tests.jpg 1400w\" data-sizes=\"(max-width: 1024px) 100vw, 1024px\" src=\"data:image\/svg+xml;base64,PHN2ZyB3aWR0aD0iMSIgaGVpZ2h0PSIxIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPjwvc3ZnPg==\" style=\"--smush-placeholder-width: 1024px; --smush-placeholder-aspect-ratio: 1024\/768;\" \/><\/p>\n<p>Ensuring the security of your <a href=\"https:\/\/webhostinggeeks.com\/blog\/what-are-web-servers-and-why-are-they-needed\/\">server<\/a> is paramount. Vulnerabilities can lead to data breaches, unauthorized access, and other malicious activities. One of the tools that can help you gauge the security of your Linux server is Lynis.<\/p>\n<p>Lynis is an open-source security auditing tool that is used to evaluate the security defenses of Linux, macOS, and Unix systems. It provides suggestions for improvements, making it easier for administrators to harden their systems.<\/p>\n<p>In this guide, we will walk you through the process of setting up Lynis to perform a security vulnerability test on a Linux machine. For those interested in understanding more about server types and their configurations, you can read about <a href=\"https:\/\/webhostinggeeks.com\/blog\/apache-http-server-explained\/\">Apache<\/a>, <a href=\"https:\/\/webhostinggeeks.com\/blog\/nginx-server-explained\/\">Nginx<\/a>, and <a href=\"https:\/\/webhostinggeeks.com\/blog\/litespeed-web-server-explained\/\">LiteSpeed<\/a> on our website.<\/p>\n<p>Let&#8217;s get started.<\/p>\n<h2>Step 1. Installing Lynis<\/h2>\n<p>To get started, you need to install Lynis on your Linux machine. Here&#8217;s how:<\/p>\n<pre>\r\nsudo apt update\r\nsudo apt install lynis\r\n<\/pre>\n<h2>Step 2. Running the Initial Audit<\/h2>\n<p>Once Lynis is installed on your Linux machine, initiating the security audit is a straightforward process. The command:<\/p>\n<pre>\r\nsudo lynis audit system\r\n<\/pre>\n<p>will trigger Lynis to begin its comprehensive examination of your system.<\/p>\n<p>Here&#8217;s what happens during this audit:<\/p>\n<ul>\n<li><span class=\"fw-bold\">System Tools Examination:<\/span> Lynis will check for the presence and versions of essential system tools. For instance, it will verify if you have the latest version of SSH and if any deprecated tools are still active.<\/li>\n<li><span class=\"fw-bold\">Storage Checks:<\/span> The tool will assess storage configurations, looking for encrypted partitions, unused storage devices, and checking the integrity of file systems.<\/li>\n<li><span class=\"fw-bold\">Memory Analysis:<\/span> Lynis will evaluate your system&#8217;s memory usage, ensuring there are no memory leaks or unauthorized processes consuming excessive RAM.<\/li>\n<li><span class=\"fw-bold\">User and Authentication Checks:<\/span> The audit will review user accounts, especially root accounts, for any potential security risks. It will also assess password policies and any authentication methods in place.<\/li>\n<li><span class=\"fw-bold\">Network Configuration:<\/span> Lynis will inspect your system&#8217;s network settings, ensuring secure configurations and checking for open ports or potential network vulnerabilities.<\/li>\n<\/ul>\n<p>Example:<\/p>\n<pre>\r\n[ Lynis 3.0.5 ]\r\n\r\n[+] Initializing program\r\n------------------------------------\r\n- Detecting OS...  [ DONE ]\r\n- Checking profiles... [ DONE ]\r\n\r\n[+] System Tools\r\n------------------------------------\r\n- Scanning available tools...\r\n- Checking system binaries...\r\n\r\n[+] Plugins (phase 1)\r\n------------------------------------\r\nNote: plugins have more extensive tests and may take some time to complete\r\n\r\n- Plugins enabled [ NONE ]\r\n\r\n[+] Boot and services\r\n------------------------------------\r\n- Service Manager [ systemd ]\r\n- Checking UEFI boot [ ENABLED ]\r\n\r\n[+] Kernel\r\n------------------------------------\r\n- Checking for kernel version [ DONE ]\r\n- Checking for vulnerabilities in the kernel [ NONE FOUND ]\r\n\r\n[+] Memory and Processes\r\n------------------------------------\r\n- Checking for zombie processes [ NONE ]\r\n- Checking for kernel protection in memory [ ACTIVE ]\r\n\r\n[+] Users, Groups, and Authentication\r\n------------------------------------\r\n- Administrator accounts [ 1 ]\r\n- Unique UIDs [ OK ]\r\n\r\n[+] Shells\r\n------------------------------------\r\n- Checking shells from \/etc\/shells\r\n- Testing shell \/bin\/bash [ OK ]\r\n- Testing shell \/bin\/dash [ OK ]\r\n\r\n[+] File systems\r\n------------------------------------\r\n- Checking mount points [ DONE ]\r\n- Checking \/tmp files [ OK ]\r\n\r\n[+] USB Devices\r\n------------------------------------\r\n- Checking USB devices... [ NONE FOUND ]\r\n\r\n[+] Software: system tooling\r\n------------------------------------\r\n- Checking presence AIDE [ NOT FOUND ]\r\n- Checking presence ClamAV [ FOUND ]\r\n\r\n[+] Networking\r\n------------------------------------\r\n- Checking for IP tool [ FOUND ]\r\n- Checking IPv6 [ ENABLED ]\r\n\r\n[+] Printers and Spools\r\n------------------------------------\r\n- Checking cups daemon [ RUNNING ]\r\n\r\n[+] Software: e-mail and messaging\r\n------------------------------------\r\n- Checking Exim MTA [ NOT FOUND ]\r\n- Checking Postfix MTA [ FOUND ]\r\n\r\n[+] Lynis conclusion\r\n------------------------------------\r\nTests performed: 120\r\nWarnings: 5\r\nSuggestions: 12\r\n\r\nUse --view-warnings to see the list of warnings\r\nUse --view-suggestions to see the list of suggestions\r\n<\/pre>\n<p>It&#8217;s worth noting that the audit is non-intrusive. Lynis will not make any changes to your system but will only report its findings.<\/p>\n<h2>Step 3. Reviewing the Audit Report<\/h2>\n<p>Once Lynis completes its audit, it will generate a detailed report outlining its findings. This report is a goldmine of information, providing insights into potential vulnerabilities and areas of improvement.<\/p>\n<p>Here&#8217;s how to interpret the report:<\/p>\n<ul>\n<li><span class=\"fw-bold\">Warnings:<\/span> These are potential security risks that Lynis has identified. For instance, if you have an outdated version of a software package, Lynis will flag it as a warning.<\/li>\n<li><span class=\"fw-bold\">Suggestions:<\/span> Lynis will provide actionable recommendations based on its findings. For example, if it finds that a particular service is running without necessity, it might suggest disabling it to enhance security.<\/li>\n<li><span class=\"fw-bold\">Data Collection:<\/span> The report will also contain data about your system, such as the number of installed packages, active users, and running processes. This data can help you get a snapshot of your system&#8217;s current state.<\/li>\n<li><span class=\"fw-bold\">Hardening Index:<\/span> Lynis provides a hardening index score, which gives you an idea of how secure your system is. The closer the score is to 100, the better your system&#8217;s security posture.<\/li>\n<\/ul>\n<p>It&#8217;s essential to review this report in detail. While Lynis provides valuable recommendations, it&#8217;s up to the system administrator to decide which suggestions to implement. Always ensure you understand the implications of each recommendation before making changes to your system.<\/p>\n<h2>Step 4. Implementing Security Recommendations<\/h2>\n<p>Lynis&#8217; security recommendations are based on best practices and common vulnerabilities it identifies during the audit. These suggestions are tailored to your system&#8217;s configuration and the software packages you have installed. Here&#8217;s a breakdown of the types of recommendations you might encounter:<\/p>\n<ul>\n<li><span class=\"fw-bold\">Software Updates:<\/span> One of the most common recommendations is to update software packages. Outdated software can have known vulnerabilities that attackers can exploit. For instance, Lynis might suggest: <code>sudo apt update && sudo apt upgrade<\/code><\/li>\n<li><span class=\"fw-bold\">Configuration Changes:<\/span> Lynis might identify misconfigurations in your system settings or software configurations. For example, if SSH root login is enabled, Lynis will recommend disabling it for security reasons.<\/li>\n<li><span class=\"fw-bold\">Service Management:<\/span> Unnecessary services running on your server can pose security risks. Lynis might suggest disabling services that aren&#8217;t required. For instance, if you have an FTP server running without active use, it might recommend: <code>sudo systemctl disable vsftpd<\/code><\/li>\n<li><span class=\"fw-bold\">User and Permissions:<\/span> Lynis will check for any user accounts without passwords or with weak passwords and recommend strengthening them. It might also flag overly permissive file permissions that should be restricted.<\/li>\n<\/ul>\n<p>When implementing Lynis&#8217; recommendations, always:<\/p>\n<ul>\n<li>Backup your system or configuration files before making changes.<\/li>\n<li>Test changes in a staging environment if possible, especially for critical systems.<\/li>\n<li>Document any changes made for future reference and troubleshooting.<\/li>\n<\/ul>\n<h2>Step 5. Scheduling Regular Audits<\/h2>\n<p>To ensure your system remains secure, it&#8217;s crucial to conduct regular security audits. By scheduling Lynis audits, you can proactively identify and address potential security issues before they become critical threats.<\/p>\n<p>Cron is a time-based job scheduler in Unix-like operating systems. By using cron, you can automate the Lynis audit process, ensuring that your system is checked at regular intervals without manual intervention.<\/p>\n<p>The command:<\/p>\n<pre>\r\necho \"0 0 * * 1 root \/usr\/bin\/lynis audit system\" | sudo tee -a \/etc\/crontab\r\n<\/pre>\n<p>will add a cron job to your system&#8217;s crontab file. Here&#8217;s a breakdown of the command:<\/p>\n<ul>\n<li><span class=\"fw-bold\">0 0 * * 1:<\/span> This specifies the schedule. It means the job will run at 0 minutes past midnight every Monday.<\/li>\n<li><span class=\"fw-bold\">root:<\/span> This indicates that the job will run as the root user.<\/li>\n<li><span class=\"fw-bold\">\/usr\/bin\/lynis audit system:<\/span> This is the command that will be executed, which triggers the Lynis audit.<\/li>\n<\/ul>\n<p>While automating the audit process is efficient, it&#8217;s essential to regularly review the audit logs and reports. Set up notifications or reminders to check the audit results, ensuring that you&#8217;re aware of any new recommendations or warnings that Lynis provides.<\/p>\n<h2>Commands Mentioned<\/h2>\n<ul>\n<li><span class=\"fw-bold\">sudo apt update<\/span> \u2013 Updates the package list for upgrades.<\/li>\n<li><span class=\"fw-bold\">sudo apt install lynis<\/span> \u2013 Installs Lynis on the system.<\/li>\n<li><span class=\"fw-bold\">sudo lynis audit system<\/span> \u2013 Initiates a security audit of the system.<\/li>\n<li><span class=\"fw-bold\">echo &#8220;0 0 * * 1 root \/usr\/bin\/lynis audit system&#8221;<\/span> \u2013 Schedules Lynis to run weekly.<\/li>\n<\/ul>\n<h2>FAQ<\/h2>\n<ol itemscope itemtype=\"https:\/\/schema.org\/FAQPage\">\n<li itemscope itemprop=\"mainEntity\" itemtype=\"https:\/\/schema.org\/Question\">\n<p class=\"fw-bold\" itemprop=\"name\">What is Lynis?<\/p>\n<p itemprop=\"acceptedAnswer\" itemscope itemtype=\"https:\/\/schema.org\/Answer\">\n            <span itemprop=\"text\">Lynis is an open-source security auditing tool designed to evaluate the security defenses of Linux, macOS, and Unix systems. It provides actionable recommendations to improve system security.<\/span>\n        <\/p>\n<\/li>\n<li itemscope itemprop=\"mainEntity\" itemtype=\"https:\/\/schema.org\/Question\">\n<p class=\"fw-bold\" itemprop=\"name\">How often should I run Lynis?<\/p>\n<p itemprop=\"acceptedAnswer\" itemscope itemtype=\"https:\/\/schema.org\/Answer\">\n            <span itemprop=\"text\">It&#8217;s recommended to run Lynis regularly, preferably weekly or monthly, to ensure continuous security monitoring and stay updated with the latest vulnerabilities.<\/span>\n        <\/p>\n<\/li>\n<li itemscope itemprop=\"mainEntity\" itemtype=\"https:\/\/schema.org\/Question\">\n<p class=\"fw-bold\" itemprop=\"name\">Does Lynis fix vulnerabilities automatically?<\/p>\n<p itemprop=\"acceptedAnswer\" itemscope itemtype=\"https:\/\/schema.org\/Answer\">\n            <span itemprop=\"text\">No, Lynis provides recommendations and suggestions to improve security, but it&#8217;s up to the administrator to implement these changes.<\/span>\n        <\/p>\n<\/li>\n<li itemscope itemprop=\"mainEntity\" itemtype=\"https:\/\/schema.org\/Question\">\n<p class=\"fw-bold\" itemprop=\"name\">Is Lynis suitable for all Linux distributions?<\/p>\n<p itemprop=\"acceptedAnswer\" itemscope itemtype=\"https:\/\/schema.org\/Answer\">\n            <span itemprop=\"text\">Yes, Lynis is designed to work with various Linux distributions, including Debian, Ubuntu, CentOS, and more.<\/span>\n        <\/p>\n<\/li>\n<li itemscope itemprop=\"mainEntity\" itemtype=\"https:\/\/schema.org\/Question\">\n<p class=\"fw-bold\" itemprop=\"name\">Can I use Lynis on a production server?<\/p>\n<p itemprop=\"acceptedAnswer\" itemscope itemtype=\"https:\/\/schema.org\/Answer\">\n            <span itemprop=\"text\">Yes, Lynis is non-intrusive and can be safely used on production servers. However, always ensure you have backups and understand the recommendations before making changes.<\/span>\n        <\/p>\n<\/li>\n<\/ol>\n<h2>Conclusion<\/h2>\n<p>Security is a continuous process, and regular audits are essential to ensure that your Linux server remains secure. Lynis offers a comprehensive way to assess your server&#8217;s security posture and provides actionable recommendations to enhance its defenses.<\/p>\n<p>By following this guide, you&#8217;ve taken a significant step towards hardening your Linux machine against potential threats. Remember, security is not a one-time task but an ongoing commitment.<\/p>\n<p>For more insights on server configurations and hosting options, explore our articles on <a href=\"https:\/\/webhostinggeeks.com\/blog\/what-is-dedicated-server-hosting\/\">dedicated servers<\/a>, <a href=\"https:\/\/webhostinggeeks.com\/blog\/what-is-vps-hosting\/\">VPS servers<\/a>, <a href=\"https:\/\/webhostinggeeks.com\/blog\/what-is-cloud-hosting\/\">cloud hosting<\/a>, and <a href=\"https:\/\/webhostinggeeks.com\/blog\/what-is-shared-hosting\/\">shared hosting<\/a>. Each hosting type offers unique advantages, and understanding them can help you make informed decisions for your website or application.<\/p>\n<p>Stay informed, stay updated, and always prioritize the safety of your digital assets.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Ensuring the security of your server is paramount. Vulnerabilities can lead to data breaches, unauthorized access, and other malicious activities. One of the tools that can help you gauge the&#8230;<\/p>\n","protected":false},"author":6,"featured_media":18747,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"wds_primary_category":0,"footnotes":""},"categories":[2152],"tags":[1557,2153],"class_list":["post-18746","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-benchmarking","tag-lynis","tag-test"],"_links":{"self":[{"href":"https:\/\/webhostinggeeks.com\/howto\/wp-json\/wp\/v2\/posts\/18746","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/webhostinggeeks.com\/howto\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/webhostinggeeks.com\/howto\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/webhostinggeeks.com\/howto\/wp-json\/wp\/v2\/users\/6"}],"replies":[{"embeddable":true,"href":"https:\/\/webhostinggeeks.com\/howto\/wp-json\/wp\/v2\/comments?post=18746"}],"version-history":[{"count":0,"href":"https:\/\/webhostinggeeks.com\/howto\/wp-json\/wp\/v2\/posts\/18746\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/webhostinggeeks.com\/howto\/wp-json\/wp\/v2\/media\/18747"}],"wp:attachment":[{"href":"https:\/\/webhostinggeeks.com\/howto\/wp-json\/wp\/v2\/media?parent=18746"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/webhostinggeeks.com\/howto\/wp-json\/wp\/v2\/categories?post=18746"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/webhostinggeeks.com\/howto\/wp-json\/wp\/v2\/tags?post=18746"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}