Lynis

Lynis is an open source command-line auditing tool for Linux/UNIX specialists. It is designed to scan the system configuration and create an overview of the system information and security issues, which can later by used by professional auditors.

Assist users in automated audits

The developers behind the Lynis project warn users that the software won’t become an all round solution for creating a "safe system," as it should only assist users in automated audits. The Intended audience for Lynis is security specialists, system auditors, as well system and network managers.

The software comprises of a central management tool, an implementation and reporting plan, as well as Lynis plugins that will extend the software’s default capabilities, providing support for malware detection, digital forensics, heuristics and system statistics.

A complete solution

Lynis is a complete solution, useful for configuration management, technical auditing, system hardening, security incident detection and system monitoring. It can be successfully used on enterprise environments, as well as on small and medium-sized businesses. The application supports standards like Basel II, SOx (Sarbanes-Oxley), GLBA, ISO27001, ISO27002, HIPAA and PCI-DSS.

Supports mainstream operating systems

As mentioned, Lynis is a cross-platform application. It has been successfully tested on various GNU/Linux distributions, including CentOS, Arch Linux, BackTrack, ClearOS, Fedora, Gentoo, Red Hat Enterprise Linux, Kali, Linux Mint, Knoppix, Mageia, PCLinuxOS, Sabayon, Scientific Linux, Slackware, SuSE, Ubuntu and Debian, several BSD flavors, such as DragonFly BSD, PC-BSD, NetBSD, FreeBSD and OpenBSD, as well as on the Mac OS X, AIX, OpenSolaris and HP-UX operating system. Both 32-bit and 64-bit instruction set architectures are supported at this time.

Availability and requirements

Lynis can be downloaded from Softoware or directly from the project’s official website as a universal source archive for all the aforementioned operating systems. It is written entirely in UNIX Shell scripting language and has no dependencies.

What is new in this release:

• New:
• Support for the dntpd time daemon
• New Apache test for modules [HTTP-6632]
• Apache test for mod_evasive [HTTP-6640]
• Apache test for mod_qos [HTTP-6641]
• Apache test for mod_spamhaus [HTTP-6642]
• Apache test for ModSecurity [HTTP-6643]
• Check for installed package audit tool [PKGS-7398]
• Added initial support for new pkgng and related tools [PKGS-7381]
• Check for ssh-keyscan binary
• ZFS support for FreeBSD [FILE-6330]
• Test for passwordless accounts [AUTH-9283]
• Initial OS support for DragonFly BSD
• Initial OS support for TrueOS (FreeBSD based)
• Initial OS support for elementary OS (Luna)
• GetHostID for DragonFly, FreeBSD, NetBSD and OpenBSD
• Check for DHCP client [NETW-3030]
• Initial support for OSSEC (system integrity) [FINT-4328]
• New parameter --log-file to adjust log file location
• New function IsRunning() to check status of processes
• New function RealFilename() to determine file name
• New function CheckItem() for parsing files
• New function ReportManual() and ReportException() to simplify code
• New function DirectoryExists() to check existence of a directory
• Support for dntpd [TIME-3104]
• Changes:
• Extended pf checks for FreeBSD/OpenBSD and others [FIRE-4518]
• Extended test to gather listening network ports for Linux [NETW-3012]
• Adjusted lsof statement to ignore warnings (e.g. fuse) [LOGG-2180] [LOGG-2190]
• Added suggestion for discovered shells on FreeBSD [AUTH-9218]
• Extended core dump test with additional details [KRNL-5820]
• Properly display suggestion if portaudit is not installed [PKGS-7382]
• Ignore message if no packages are installed (pkg_info) [PKGS-7320]
• Also try using apt-check on Debian systems [PKGS-7392]
• Adjusted logging for RPM binary on systems not using it [PKGS-7308]
• Extended search in cron directories for rdate/ntpdate [TIME-3104]
• Adjusted PHP check to find ini files [PHP-2211]
• Skip Apache test for NetBSD [HTTP-6622]
• Skip test http version check for NetBSD [HTTP-6624]
• Additional check to surpress sort error [HTTP-6626]
• Improved the way binaries are checked (less disk reads)
• Adjusted ReportWarning() function to skip impact rating
• Improved report on screen by leaving out date/time and type
• Redirect errors while checking for OpenSSL version
• Extended reporting with firewall status and software
• Adjusted naming of some operating systems to make them more consistent
• Extended update check by using host binary if dig is not installed
• Count number of installed binaries/packages and report them
• Report about log rotation tool and status
• Updated man page

What is new in version 1.4.2:

• New:
• Support for the dntpd time daemon
• New Apache test for modules [HTTP-6632]
• Apache test for mod_evasive [HTTP-6640]
• Apache test for mod_qos [HTTP-6641]
• Apache test for mod_spamhaus [HTTP-6642]
• Apache test for ModSecurity [HTTP-6643]
• Check for installed package audit tool [PKGS-7398]
• Added initial support for new pkgng and related tools [PKGS-7381]
• Check for ssh-keyscan binary
• ZFS support for FreeBSD [FILE-6330]
• Test for passwordless accounts [AUTH-9283]
• Initial OS support for DragonFly BSD
• Initial OS support for TrueOS (FreeBSD based)
• Initial OS support for elementary OS (Luna)
• GetHostID for DragonFly, FreeBSD, NetBSD and OpenBSD
• Check for DHCP client [NETW-3030]
• Initial support for OSSEC (system integrity) [FINT-4328]
• New parameter --log-file to adjust log file location
• New function IsRunning() to check status of processes
• New function RealFilename() to determine file name
• New function CheckItem() for parsing files
• New function ReportManual() and ReportException() to simplify code
• New function DirectoryExists() to check existence of a directory
• Support for dntpd [TIME-3104]
• Changes:
• Extended pf checks for FreeBSD/OpenBSD and others [FIRE-4518]
• Extended test to gather listening network ports for Linux [NETW-3012]
• Adjusted lsof statement to ignore warnings (e.g. fuse) [LOGG-2180] [LOGG-2190]
• Added suggestion for discovered shells on FreeBSD [AUTH-9218]
• Extended core dump test with additional details [KRNL-5820]
• Properly display suggestion if portaudit is not installed [PKGS-7382]
• Ignore message if no packages are installed (pkg_info) [PKGS-7320]
• Also try using apt-check on Debian systems [PKGS-7392]
• Adjusted logging for RPM binary on systems not using it [PKGS-7308]
• Extended search in cron directories for rdate/ntpdate [TIME-3104]
• Adjusted PHP check to find ini files [PHP-2211]
• Skip Apache test for NetBSD [HTTP-6622]
• Skip test http version check for NetBSD [HTTP-6624]
• Additional check to surpress sort error [HTTP-6626]
• Improved the way binaries are checked (less disk reads)
• Adjusted ReportWarning() function to skip impact rating
• Improved report on screen by leaving out date/time and type
• Redirect errors while checking for OpenSSL version
• Extended reporting with firewall status and software
• Adjusted naming of some operating systems to make them more consistent
• Extended update check by using host binary if dig is not installed
• Count number of installed binaries/packages and report them
• Report about log rotation tool and status
• Updated man page

What is new in version 1.4.1:

• New:
• Support for the dntpd time daemon
• New Apache test for modules [HTTP-6632]
• Apache test for mod_evasive [HTTP-6640]
• Apache test for mod_qos [HTTP-6641]
• Apache test for mod_spamhaus [HTTP-6642]
• Apache test for ModSecurity [HTTP-6643]
• Check for installed package audit tool [PKGS-7398]
• Added initial support for new pkgng and related tools [PKGS-7381]
• Check for ssh-keyscan binary
• ZFS support for FreeBSD [FILE-6330]
• Test for passwordless accounts [AUTH-9283]
• Initial OS support for DragonFly BSD
• Initial OS support for TrueOS (FreeBSD based)
• Initial OS support for elementary OS (Luna)
• GetHostID for DragonFly, FreeBSD, NetBSD and OpenBSD
• Check for DHCP client [NETW-3030]
• Initial support for OSSEC (system integrity) [FINT-4328]
• New parameter --log-file to adjust log file location
• New function IsRunning() to check status of processes
• New function RealFilename() to determine file name
• New function CheckItem() for parsing files
• New function ReportManual() and ReportException() to simplify code
• New function DirectoryExists() to check existence of a directory
• Support for dntpd [TIME-3104]
• Changes:
• Extended pf checks for FreeBSD/OpenBSD and others [FIRE-4518]
• Extended test to gather listening network ports for Linux [NETW-3012]
• Adjusted lsof statement to ignore warnings (e.g. fuse) [LOGG-2180] [LOGG-2190]
• Added suggestion for discovered shells on FreeBSD [AUTH-9218]
• Extended core dump test with additional details [KRNL-5820]
• Properly display suggestion if portaudit is not installed [PKGS-7382]
• Ignore message if no packages are installed (pkg_info) [PKGS-7320]
• Also try using apt-check on Debian systems [PKGS-7392]
• Adjusted logging for RPM binary on systems not using it [PKGS-7308]
• Extended search in cron directories for rdate/ntpdate [TIME-3104]
• Adjusted PHP check to find ini files [PHP-2211]
• Skip Apache test for NetBSD [HTTP-6622]
• Skip test http version check for NetBSD [HTTP-6624]
• Additional check to surpress sort error [HTTP-6626]
• Improved the way binaries are checked (less disk reads)
• Adjusted ReportWarning() function to skip impact rating
• Improved report on screen by leaving out date/time and type
• Redirect errors while checking for OpenSSL version
• Extended reporting with firewall status and software
• Adjusted naming of some operating systems to make them more consistent
• Extended update check by using host binary if dig is not installed
• Count number of installed binaries/packages and report them
• Report about log rotation tool and status
• Updated man page

What is new in version 1.4.0:

• This version adds several improvements to support AIX better, hostid creation, ignoring of the LANG value, and extension of a few tests.

What is new in version 1.3.9:

• New:
• Support for the dntpd time daemon
• New Apache test for modules [HTTP-6632]
• Apache test for mod_evasive [HTTP-6640]
• Apache test for mod_qos [HTTP-6641]
• Apache test for mod_spamhaus [HTTP-6642]
• Apache test for ModSecurity [HTTP-6643]
• Check for installed package audit tool [PKGS-7398]
• Added initial support for new pkgng and related tools [PKGS-7381]
• Check for ssh-keyscan binary
• ZFS support for FreeBSD [FILE-6330]
• Test for passwordless accounts [AUTH-9283]
• Initial OS support for DragonFly BSD
• Initial OS support for TrueOS (FreeBSD based)
• Initial OS support for elementary OS (Luna)
• GetHostID for DragonFly, FreeBSD, NetBSD and OpenBSD
• Check for DHCP client [NETW-3030]
• Initial support for OSSEC (system integrity) [FINT-4328]
• New parameter --log-file to adjust log file location
• New function IsRunning() to check status of processes
• New function RealFilename() to determine file name
• New function CheckItem() for parsing files
• New function ReportManual() and ReportException() to simplify code
• New function DirectoryExists() to check existence of a directory
• Support for dntpd [TIME-3104]
• Changes:
• Extended pf checks for FreeBSD/OpenBSD and others [FIRE-4518]
• Extended test to gather listening network ports for Linux [NETW-3012]
• Adjusted lsof statement to ignore warnings (e.g. fuse) [LOGG-2180] [LOGG-2190]
• Added suggestion for discovered shells on FreeBSD [AUTH-9218]
• Extended core dump test with additional details [KRNL-5820]
• Properly display suggestion if portaudit is not installed [PKGS-7382]
• Ignore message if no packages are installed (pkg_info) [PKGS-7320]
• Also try using apt-check on Debian systems [PKGS-7392]
• Adjusted logging for RPM binary on systems not using it [PKGS-7308]
• Extended search in cron directories for rdate/ntpdate [TIME-3104]
• Adjusted PHP check to find ini files [PHP-2211]
• Skip Apache test for NetBSD [HTTP-6622]
• Skip test http version check for NetBSD [HTTP-6624]
• Additional check to surpress sort error [HTTP-6626]
• Improved the way binaries are checked (less disk reads)
• Adjusted ReportWarning() function to skip impact rating
• Improved report on screen by leaving out date/time and type
• Redirect errors while checking for OpenSSL version
• Extended reporting with firewall status and software
• Adjusted naming of some operating systems to make them more consistent
• Extended update check by using host binary if dig is not installed
• Count number of installed binaries/packages and report them
• Report about log rotation tool and status
• Updated man page

What is new in version 1.3.8:

• This version adds a new parameter (--view-categories), eight new tests, and several improvements to existing tests and functions.

What is new in version 1.3.6:

• New:
• Support for the dntpd time daemon
• New Apache test for modules [HTTP-6632]
• Apache test for mod_evasive [HTTP-6640]
• Apache test for mod_qos [HTTP-6641]
• Apache test for mod_spamhaus [HTTP-6642]
• Apache test for ModSecurity [HTTP-6643]
• Check for installed package audit tool [PKGS-7398]
• Added initial support for new pkgng and related tools [PKGS-7381]
• Check for ssh-keyscan binary
• ZFS support for FreeBSD [FILE-6330]
• Test for passwordless accounts [AUTH-9283]
• Initial OS support for DragonFly BSD
• Initial OS support for TrueOS (FreeBSD based)
• Initial OS support for elementary OS (Luna)
• GetHostID for DragonFly, FreeBSD, NetBSD and OpenBSD
• Check for DHCP client [NETW-3030]
• Initial support for OSSEC (system integrity) [FINT-4328]
• New parameter --log-file to adjust log file location
• New function IsRunning() to check status of processes
• New function RealFilename() to determine file name
• New function CheckItem() for parsing files
• New function ReportManual() and ReportException() to simplify code
• New function DirectoryExists() to check existence of a directory
• Support for dntpd [TIME-3104]
• Changes:
• Extended pf checks for FreeBSD/OpenBSD and others [FIRE-4518]
• Extended test to gather listening network ports for Linux [NETW-3012]
• Adjusted lsof statement to ignore warnings (e.g. fuse) [LOGG-2180] [LOGG-2190]
• Added suggestion for discovered shells on FreeBSD [AUTH-9218]
• Extended core dump test with additional details [KRNL-5820]
• Properly display suggestion if portaudit is not installed [PKGS-7382]
• Ignore message if no packages are installed (pkg_info) [PKGS-7320]
• Also try using apt-check on Debian systems [PKGS-7392]
• Adjusted logging for RPM binary on systems not using it [PKGS-7308]
• Extended search in cron directories for rdate/ntpdate [TIME-3104]
• Adjusted PHP check to find ini files [PHP-2211]
• Skip Apache test for NetBSD [HTTP-6622]
• Skip test http version check for NetBSD [HTTP-6624]
• Additional check to surpress sort error [HTTP-6626]
• Improved the way binaries are checked (less disk reads)
• Adjusted ReportWarning() function to skip impact rating
• Improved report on screen by leaving out date/time and type
• Redirect errors while checking for OpenSSL version
• Extended reporting with firewall status and software
• Adjusted naming of some operating systems to make them more consistent
• Extended update check by using host binary if dig is not installed
• Count number of installed binaries/packages and report them
• Report about log rotation tool and status
• Updated man page

What is new in version 1.3.5:

• New:
• OS detection for Mageia Linux, PCLinuxOS, Sabayon Linux and Scientific Linux
• Added some initial systemd support (e.g. boot services)
• Test to display if any known MAC framework is implemented [MACF-6290]
• Changes:
• Improved support for Slackware Linux (OS and version detection)
• Added systemd support (boot and running services) for Linux systems [BOOT-5177]
• Added systemd support (default runlevel) for Linux systems [KRNL-5622]
• Extended USB storage check in modprobe.d directory [STRG-1840]
• Improved output, reporting and check for kernel update [KRNL-5788]
• Optimized code and output of test to check writable scripts [BOOT-5184]
• Fixed detection for writable scripts [BOOT-5184]
• Improved detection IPv6 addresses for Slackware and others [NETW-3008]
• Minor addition to SSH PermitRootLogin check [SSH-7412]
• Extended cronjob tests, reporting and logging [SCHD-7704]
• Extended umask check in /etc/profile [AUTH-9328]
• Added suggestion about BIND version [NAME-4210]
• Merged test NTP daemon test TIME-3108 into TIME-3104
• Improved support for Arch Linux (output, detection)
• Extended common list of directories with SSL certifcates in profile
• New function GetHostID() to determine an unique identifier of the machine
• Added a tests_custom file template
• Perform file permissions test on tests_custom file
• Improved OS detection and extended logging on several tests
• Several layout improvements
• Extended update check functions and output
• Cleaned up reporting and extended it with exceptions

What is new in version 1.3.4:

• This version add OS detection support for Arch Linux and the systemd journal.
• It also improves several checks so the results are improved, including screen output.