Lynis is an open-source security auditing tool. It’s used by system administrators and auditors to evaluate the security defenses of their Linux and Unix-based systems. Lynis comes with hundreds of tests, including those for checking the system configuration, system processes, and the presence of malware.<\/p>\n
Before you start, ensure you have:<\/p>\n
Follow these steps to install Lynis:<\/p>\n
Use the following command to download Lynis:<\/p>\n
\r\nwget http:\/\/www.rootkit.nl\/files\/lynis-1.3.0.tar.gz\r\n<\/pre>\nFor example:<\/p>\n
\r\n# wget http:\/\/www.rootkit.nl\/files\/lynis-1.3.0.tar.gz\r\n<\/pre>\nExample :<\/p>\n
[root@centos63 ~]# wget http:\/\/www.rootkit.nl\/files\/lynis-1.3.0.tar.gz\r\n--2012-10-06 12:18:13-- http:\/\/www.rootkit.nl\/files\/lynis-1.3.0.tar.gz\r\nResolving www.rootkit.nl... 31.7.1.110\r\nConnecting to www.rootkit.nl|31.7.1.110|:80... connected.\r\nHTTP request sent, awaiting response... 200 OK\r\nLength: 119797 (117K) [application\/x-gzip]\r\nSaving to: lynis-1.3.0.tar.gz\r\n\r\n100%[==========================================================>] 119,797 96.3K\/s in 1.2s\r\n\r\n2012-10-06 12:18:15 (96.3 KB\/s) - lynis-1.3.0.tar.gz\r\n<\/pre>\nStep 2: Extract the Downloaded File<\/h3>\n
After downloading, extract the file using the command:<\/p>\n
\r\ntar xzvf lynis-1.3.0.tar.gz\r\n<\/pre>\nExample:<\/p>\n
\r\n[root@centos63 lynis]# tar xzvf lynis-1.3.0.tar.gz\r\nlynis-1.3.0\/CHANGELOG\r\nlynis-1.3.0\/FAQ\r\nlynis-1.3.0\/INSTALL\r\nlynis-1.3.0\/LICENSE\r\nlynis-1.3.0\/README\r\nlynis-1.3.0\/db\/\r\nlynis-1.3.0\/db\/integrity.db\r\nlynis-1.3.0\/db\/sbl.db\r\nlynis-1.3.0\/db\/fileperms.db\r\nlynis-1.3.0\/db\/malware-susp.db\r\nlynis-1.3.0\/db\/malware.db\r\nlynis-1.3.0\/db\/hints.db\r\nlynis-1.3.0\/default.prf\r\nlynis-1.3.0\/dev\/\r\nlynis-1.3.0\/dev\/README\r\nlynis-1.3.0\/dev\/files.dat\r\nlynis-1.3.0\/dev\/TODO\r\nlynis-1.3.0\/dev\/openbsd\/\r\nlynis-1.3.0\/dev\/openbsd\/+CONTENTS\r\nlynis-1.3.0\/dev\/check-lynis.sh\r\nlynis-1.3.0\/dev\/build-lynis.sh\r\nlynis-1.3.0\/include\/\r\nlynis-1.3.0\/include\/profiles\r\nlynis-1.3.0\/include\/tests_malware\r\nlynis-1.3.0\/include\/tests_accounting\r\nlynis-1.3.0\/include\/parameters\r\nlynis-1.3.0\/include\/tests_ssh\r\nlynis-1.3.0\/include\/tests_time\r\nlynis-1.3.0\/include\/tests_firewalls\r\nlynis-1.3.0\/include\/tests_nameservices\r\nlynis-1.3.0\/include\/binaries\r\nlynis-1.3.0\/include\/tests_webservers\r\nlynis-1.3.0\/include\/tests_squid\r\nlynis-1.3.0\/include\/tests_storage_nfs\r\nlynis-1.3.0\/include\/tests_insecure_services\r\nlynis-1.3.0\/include\/tests_scheduling\r\nlynis-1.3.0\/include\/tests_tooling\r\nlynis-1.3.0\/include\/tests_hardening\r\nlynis-1.3.0\/include\/tests_networking\r\nlynis-1.3.0\/include\/report\r\nlynis-1.3.0\/include\/tests_boot_services\r\nlynis-1.3.0\/include\/functions\r\nlynis-1.3.0\/include\/tests_memory_processes\r\nlynis-1.3.0\/include\/tests_file_permissions\r\nlynis-1.3.0\/include\/tests_file_integrity\r\nlynis-1.3.0\/include\/tests_shells\r\nlynis-1.3.0\/include\/tests_databases\r\nlynis-1.3.0\/include\/tests_homedirs\r\nlynis-1.3.0\/include\/osdetection\r\nlynis-1.3.0\/include\/tests_ldap\r\nlynis-1.3.0\/include\/tests_ports_packages\r\nlynis-1.3.0\/include\/tests_hardening_tools\r\nlynis-1.3.0\/include\/tests_logging\r\nlynis-1.3.0\/include\/tests_mail_messaging\r\nlynis-1.3.0\/include\/tests_banners\r\nlynis-1.3.0\/include\/tests_crypto\r\nlynis-1.3.0\/include\/tests_kernel\r\nlynis-1.3.0\/include\/tests_mac_frameworks\r\nlynis-1.3.0\/include\/tests_solaris\r\nlynis-1.3.0\/include\/tests_virtualization\r\nlynis-1.3.0\/include\/tests_kernel_hardening\r\nlynis-1.3.0\/include\/tests_snmp\r\nlynis-1.3.0\/include\/tests_authentication\r\nlynis-1.3.0\/include\/tests_filesystems\r\nlynis-1.3.0\/include\/tests_storage\r\nlynis-1.3.0\/include\/tests_printers_spools\r\nlynis-1.3.0\/include\/tests_php\r\nlynis-1.3.0\/include\/consts\r\nlynis-1.3.0\/include\/tests_tcpwrappers\r\nlynis-1.3.0\/lynis\r\nlynis-1.3.0\/lynis.8\r\nlynis-1.3.0\/plugins\/\r\nlynis-1.3.0\/plugins\/README\r\nlynis-1.3.0\/plugins\/custom_plugin.template\r\n<\/pre>\nStep 3: Navigate to the Lynis Directory<\/h3>\n
Change to the Lynis directory with:<\/p>\n
\r\ncd lynis\r\n<\/pre>\nStep 4: Check if Lynis is up-to-date<\/h3>\n
\r\n# .\/lynis --check-update\r\n<\/pre>\nExample:<\/p>\n
\r\n[root@centos63 lynis-1.3.0]# .\/lynis --check-update\r\n\r\n == Lynis ==\r\n\r\n Version : 1.3.0\r\n Release date : 28 April 2011\r\n Update location : http:\/\/www.rootkit.nl\/\r\n\r\n == Databases ==\r\n Current Latest Status\r\n -----------------------------------------------------------------------------\r\n Malware : 2008062700 2008062700 Up-to-date\r\n File perms : 2008053000 2008053000 Up-to-date\r\n\r\n\r\nCopyright 2007-2012 - Michael Boelen, http:\/\/www.rootkit.nl\/\r\n<\/pre>\nBy running .\/lynis<\/strong> without any option, it will provide you a complete list of available parameters and you can use this as a references:<\/p>\n
Example:<\/p>\n
\r\n[root@centos63 lynis-1.3.0]# .\/lynis\r\n\r\n[ Lynis 1.3.0 ]\r\n\r\n################################################################################\r\n Lynis comes with ABSOLUTELY NO WARRANTY. This is free software, and you are\r\n welcome to redistribute it under the terms of the GNU General Public License.\r\n See LICENSE file for details about using this software.\r\n\r\n Copyright 2007-2012 - Michael Boelen, http:\/\/www.rootkit.nl\/\r\n################################################################################\r\n\r\n[+] Initializing program\r\n------------------------------------\r\n Scan options:\r\n --auditor \"\" : Auditor name\r\n --check-all (-c) : Check system\r\n --no-log : Don't create a log file\r\n --profile : Scan the system with the given profile file\r\n --quick (-Q) : Quick mode, don't wait for user input\r\n --tests \" \" : Run only tests defined by \r\n --tests-category \" \" : Run only tests defined by \r\n\r\n Layout options:\r\n --no-colors : Don't use colors in output\r\n --quiet (-q) : No output, except warnings\r\n --reverse-colors : Optimize color display for light backgrounds\r\n\r\n Misc options:\r\n --check-update : Check for updates\r\n --view-manpage (--man) : View man page\r\n --version (-V) : Display version number and quit\r\n\r\n Error: No parameters specified!\r\n See man page and documentation for all available options.\r\n\r\nExiting..\r\n<\/pre>\n Step 5: Run Lynis<\/h3>\n
You can now run Lynis with the command:<\/p>\n
\r\n.\/lynis audit system\r\n<\/pre>\nExample:<\/p>\n
\r\n\r\n[+] Software: PHP\r\n------------------------------------\r\n - Checking PHP... [ FOUND ]\r\n - Checking PHP disabled functions... [ FOUND ]\r\n - Checking register_globals option... [ OK ]\r\n - Checking expose_php option... [ ON ]\r\n - Checking enable_dl option... [ OFF ]\r\n - Checking allow_url_fopen option... [ ON ]\r\n - Checking allow_url_include option... [ OFF ]\r\n\r\n[+] Squid Support\r\n------------------------------------\r\n - Checking running Squid daemon... [ NOT FOUND ]\r\n\r\n[+] Logging and files\r\n------------------------------------\r\n - Checking for a running syslog daemon... [ OK ]\r\n - Checking Syslog-NG status [ NOT FOUND ]\r\n - Checking Metalog status [ NOT FOUND ]\r\n - Checking RSyslog status [ FOUND ]\r\n - Checking RFC 3195 daemon status [ NOT FOUND ]\r\n - Checking minilogd instances [ NONE ]\r\n - Checking logrotate presence [ OK ]\r\n - Checking log directories (static list) [ DONE ]\r\n - Checking open log files [ DONE ]\r\n - Checking deleted files in use [ FILES FOUND ]\r\n\r\n[+] Insecure services\r\n------------------------------------\r\n - Checking inetd status... [ ACTIVE ]\r\n - Checking inetd.conf... [ NOT FOUND ]\r\n\r\n[+] Banners and identification\r\n------------------------------------\r\n - \/etc\/motd... [ FOUND ]\r\n - \/etc\/motd permissions... [ OK ]\r\n - \/etc\/motd contents... [ WEAK ]\r\n - \/etc\/issue... [ FOUND ]\r\n - \/etc\/issue contents... [ WEAK ]\r\n - \/etc\/issue.net... [ FOUND ]\r\n - \/etc\/issue.net contents... [ WEAK ]\r\n\r\n[+] Scheduled tasks\r\n------------------------------------\r\n - Checking crontab\/cronjob [ DONE ]\r\n - Checking atd status [ NOT RUNNING ]\r\n\r\n[+] Accounting\r\n------------------------------------\r\n - Checking accounting information... [ NOT FOUND ]\r\n - Checking auditd [ ENABLED ]\r\n - Checking audit rules [ SUGGESTION ]\r\n - Checking audit configuration file [ OK ]\r\n - Checking auditd log file [ FOUND ]\r\n\r\n[+] Time and Synchronization\r\n------------------------------------\r\n - Checking running NTP daemon... [ FOUND ]\r\n - Checking NTP client in crontab file... [ NOT FOUND ]\r\n - Checking NTP client in cron.d files... [ NOT FOUND ]\r\n - Checking for a running NTP daemon or client... [ OK ]\r\n - Checking NTP daemon... [ FOUND ]\r\n - Checking valid association ID's... [ FOUND ]\r\n - Checking high stratum ntp peers... [ OK ]\r\n - Checking unreliable ntp peers... [ FOUND ]\r\n - Checking selected time source... [ OK ]\r\n - Checking time source candidates... [ OK ]\r\n - Checking falsetickers... [ OK ]\r\n - Checking NTP version... [ FOUND ]\r\n\r\n[+] Cryptography\r\n------------------------------------\r\n - Checking SSL certificate expiration... [ OK ]\r\n\r\n[+] Virtualization\r\n------------------------------------\r\n\r\n[+] Security frameworks\r\n------------------------------------\r\n - Checking presence AppArmor [ NOT FOUND ]\r\n - Checking presence SELinux [ FOUND ]\r\n - Checking SELinux status [ DISABLED ]\r\n - Checking presence grsecurity [ NOT FOUND ]\r\n\r\n[+] Software: file integrity\r\n------------------------------------\r\n - Checking AFICK... [ NOT FOUND ]\r\n - Checking AIDE... [ NOT FOUND ]\r\n - Checking Osiris... [ NOT FOUND ]\r\n - Checking Samhain... [ NOT FOUND ]\r\n - Checking Tripwire... [ NOT FOUND ]\r\n - Checking presence integrity tool... [ NOT FOUND ]\r\n\r\n[+] Software: Malware scanners\r\n------------------------------------\r\n - Checking chkrootkit... [ NOT FOUND ]\r\n - Checking Rootkit Hunter... [ NOT FOUND ]\r\n - Checking ClamAV scanner... [ FOUND ]\r\n - Checking ClamAV daemon... [ NOT FOUND ]\r\n\r\n[+] System Tools\r\n------------------------------------\r\n - Starting file permissions check...\r\n \/etc\/lilo.conf [ NOT FOUND ]\r\n \/root\/.ssh [ OK ]\r\n\r\n[+] Home directories\r\n------------------------------------\r\n - Checking shell history files... [ OK ]\r\n\r\n[+] Kernel Hardening\r\n------------------------------------\r\n - Comparing sysctl key pairs with scan profile...\r\n - kernel.core_uses_pid (exp: 1) [ OK ]\r\n - kernel.ctrl-alt-del (exp: 0) [ OK ]\r\n - kernel.exec-shield (exp: 1) [ OK ]\r\n - kernel.sysrq (exp: 0) [ OK ]\r\n - net.ipv4.conf.all.accept_redirects (exp: 0) [ DIFFERENT ]\r\n - net.ipv4.conf.all.accept_source_route (exp: 0) [ OK ]\r\n - net.ipv4.conf.all.bootp_relay (exp: 0) [ OK ]\r\n - net.ipv4.conf.all.forwarding (exp: 0) [ OK ]\r\n - net.ipv4.conf.all.log_martians (exp: 1) [ DIFFERENT ]\r\n - net.ipv4.conf.all.mc_forwarding (exp: 0) [ OK ]\r\n - net.ipv4.conf.all.proxy_arp (exp: 0) [ OK ]\r\n - net.ipv4.conf.all.rp_filter (exp: 1) [ DIFFERENT ]\r\n - net.ipv4.conf.all.send_redirects (exp: 0) [ DIFFERENT ]\r\n - net.ipv4.conf.default.accept_redirects (exp: 0) [ DIFFERENT ]\r\n - net.ipv4.conf.default.accept_source_route (exp: 0) [ OK ]\r\n - net.ipv4.conf.default.log_martians (exp: 1) [ DIFFERENT ]\r\n - net.ipv4.icmp_echo_ignore_broadcasts (exp: 1) [ OK ]\r\n - net.ipv4.icmp_ignore_bogus_error_responses (exp: 1) [ OK ]\r\n - net.ipv4.tcp_syncookies (exp: 1) [ OK ]\r\n - net.ipv4.tcp_timestamps (exp: 0) [ DIFFERENT ]\r\n - net.ipv6.conf.all.accept_redirects (exp: 0) [ DIFFERENT ]\r\n - net.ipv6.conf.all.accept_source_route (exp: 0) [ OK ]\r\n - net.ipv6.conf.default.accept_redirects (exp: 0) [ DIFFERENT ]\r\n - net.ipv6.conf.default.accept_source_route (exp: 0) [ OK ]\r\n\r\n[+] Hardening\r\n------------------------------------\r\n - Installed compiler(s)... [ FOUND ]\r\n - Installed malware scanner... [ FOUND ]\r\n\r\n================================================================================\r\n\r\n -[ Lynis 1.3.0 Results ]-\r\n\r\n Tests performed: 164\r\n Warnings:\r\n ----------------------------\r\n - [12:34:29] Warning: No password set on GRUB bootloader [test:BOOT-5121] [impact:M]\r\n - [12:34:33] Warning: No password set for single mode [test:AUTH-9308] [impact:L]\r\n - [12:34:51] Warning: Couldn't find 2 responsive nameservers [test:NETW-2705] [impact:L]\r\n - [12:34:52] Warning: Found mail_name in SMTP banner, and\/or mail_name contains 'Postfix' [test:MAIL-8818] [impact:L]\r\n - [12:34:57] Warning: PHP option expose_php is possibly turned on, which can reveal useful information for attackers. [test:PHP-2372] [impact:M]\r\n\r\n Suggestions:\r\n ----------------------------\r\n - [12:34:29] Suggestion: Run grub-md5-crypt and create a hashed password. Add a line below the line timeout=, add: password --md5 [test:BOOT-5121]\r\n - [12:34:33] Suggestion: Configure password aging limits to enforce password changing on a regular base [test:AUTH-9286]\r\n - [12:34:33] Suggestion: Set password for single user mode to minimize physical access attack surface [test:AUTH-9308]\r\n - [12:34:33] Suggestion: Default umask in \/etc\/profile could be more strict like 027 [test:AUTH-9328]\r\n - [12:34:33] Suggestion: To decrease the impact of a full \/home file system, place \/home on a separated partition [test:FILE-6310]\r\n - [12:34:33] Suggestion: To decrease the impact of a full \/tmp file system, place \/tmp on a separated partition [test:FILE-6310]\r\n - [12:34:39] Suggestion: The database required for 'locate' could not be found. Run 'updatedb' or 'locate.updatedb' to create this file. [test:FILE-6410]\r\n - [12:34:39] Suggestion: Disable drivers like USB storage when not used, to prevent unauthorized storage or data theft [test:STRG-1840]\r\n - [12:34:39] Suggestion: Disable drivers like firewire storage when not used, to prevent unauthorized storage or data theft [test:STRG-1846]\r\n - [12:34:48] Suggestion: Install package 'yum-utils' for better consistency checking of the package database [test:PKGS-7384]\r\n - [12:34:51] Suggestion: Check your resolv.conf file and fill in a backup nameserver if possible [test:NETW-2705]\r\n - [12:34:52] Suggestion: You are adviced to hide the mail_name (option: smtpd_banner) from your postfix configuration. Use postconf -e or change your main.cf file (\/etc\/postfix\/main.cf) [test:MAIL-8818]\r\n - [12:34:53] Suggestion: Configure a firewall\/packet filter to filter incoming and outgoing traffic [test:FIRE-4590]\r\n<\/pre>\n Conclusion<\/h2>\n
Lynis is a powerful tool for auditing and hardening Unix and Linux systems. It’s easy to install and provides a comprehensive security audit. Regularly running Lynis on your system can help identify weaknesses and guide you in hardening your system’s defenses.<\/p>\n","protected":false},"excerpt":{"rendered":"
Lynis is an open-source security auditing tool. It’s used by system administrators and auditors to evaluate the security defenses of their Linux and Unix-based systems. Lynis comes with hundreds of…<\/p>\n","protected":false},"author":6,"featured_media":4024,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"wds_primary_category":0,"footnotes":""},"categories":[1003],"tags":[2111,1244,1253,1254,1536,1540,1557,1744],"class_list":["post-4020","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-lynis","tag-audit","tag-centos","tag-centos-6-2","tag-centos-6-3","tag-linux","tag-linux-hardening","tag-lynis","tag-security"],"_links":{"self":[{"href":"https:\/\/webhostinggeeks.com\/howto\/wp-json\/wp\/v2\/posts\/4020","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/webhostinggeeks.com\/howto\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/webhostinggeeks.com\/howto\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/webhostinggeeks.com\/howto\/wp-json\/wp\/v2\/users\/6"}],"replies":[{"embeddable":true,"href":"https:\/\/webhostinggeeks.com\/howto\/wp-json\/wp\/v2\/comments?post=4020"}],"version-history":[{"count":0,"href":"https:\/\/webhostinggeeks.com\/howto\/wp-json\/wp\/v2\/posts\/4020\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/webhostinggeeks.com\/howto\/wp-json\/wp\/v2\/media\/4024"}],"wp:attachment":[{"href":"https:\/\/webhostinggeeks.com\/howto\/wp-json\/wp\/v2\/media?parent=4020"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/webhostinggeeks.com\/howto\/wp-json\/wp\/v2\/categories?post=4020"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/webhostinggeeks.com\/howto\/wp-json\/wp\/v2\/tags?post=4020"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}