Lynis – Auditing System Hardening and Compliance Testing

Lynis is a suitable and fast tool for auditing Linux operating systems. This program allow user to display all compliance check result on the console with a clear vision for which control passed and which failed. The utility scans the security settings to determines the hardening configuration level. Any important security finding are displayed in the terminal and will be also exported to a log file, grouped into blocks.

Lynis - Auditing System Hardening and Compliance Testing
Lynis – Auditing System Hardening and Compliance Testing

Lynis scanning is modular and opportunistic. This means it will only use and test the components that it can find, such as the available system tools and its libraries. The benefit is that no installation of other tools is needed, so you can keep your systems clean.

By using this scanning method, the tool can run with almost no dependencies. Also, the more components it discovers, the more extensive the audit will be.

The tool is used for several different purposes. Typical use cases for it include:

  • Security auditing
  • Compliance testing (e.g. PCI, HIPAA, SOx)
  • Penetration testing
  • Vulnerability detection
  • System hardening

The audit scan steps with Lynis:

  1. Initialization
  2. Perform basic checks, such as file ownership
  3. Determine operating system and tools
  4. Search for available software components
  5. Check latest Lynis version
  6. Run enabled plugins
  7. Run security tests per category
  8. Perform execution of your custom tests (optional)
  9. Report status of security scan

You can read more and download this tool over here:

Notify of
Inline Feedbacks
View all comments