How to perform security audits on Linux with Lynis
Whether you are a Linux administrator or user, a secure server or PC should be your top priority. Although Linux is a secure operating system, like other operating systems, it is also susceptible to attack or security breach.
In this guide, you will learn how to use Lynis to check for security vulnerabilities and vulnerabilities on your Linux computer. Lynis is an open source tool and available on most Unix based operating systems like Linux, macOS, Solaris, FreeBSD, etc.
How does Lynis work?
Lynis performs integrity and security scans on your PC or server to improve security hardening and compliance testing.
Lynis is modular and only tests the components on your computer that it can find. for example system tools and their corresponding libraries.
One of the main advantages of Lynis is that you don’t have to install it to run an audit. If you want, you can just run it from a configuration folder, which will keep your system in a very clean state.
All Lynis reviews are customizable, which means that each review is unique based on your system configuration, software installed, and other factors. The more components are available on your system, the more extensive the audit report will be.
Lynis not only displays audit information on your screen, but also stores technical information in the lynis.log File. A separate file called lynis-report.dat saves suggested actions and warnings. These two log files are located in the / var / log / Directory.
Lynis surveillance reports give you plenty of insight and knowledge of the security measures you should take to ensure that your system remains secure, robust, and resilient to potential security attacks.
Install Lynis on Linux
There are several methods you can use to run or install Lynis on Linux, but for simplicity, let’s look at two of the most popular methods.
1. Install Lynis using a package manager
You can easily install Lynis on your system using the standard package manager, depending on your Linux distribution.
On Debian-based Linux distributions like Ubuntu, just do the following:
sudo apt install lynis
On RHEL-based Linux distributions like Fedora and CentOS:
sudo dnf install lynis
On Arch-based Linux distributions:
sudo pacman -S lynis
You can check the installed version of Lynis with the following command:
sudo lynis --version
note: You need elevated privileges by using either sudo or su to run Lynis commands.
2. Run Lynis straight from the source
For the minimal footprint on your PC, you can run Lynis from the tarball file without installing it.
Just download the Lynis tarball file and extract it using the tar command. Then go to the extracted folder and perform a Lynis audit as follows:
sudo ./lynis audit system
Monitoring a Linux machine with Lynis
Monitoring is one of the most common uses of Lynis by system administrators, system auditors, and other security professionals.
You can start a scan of your system by running the following command:
sudo lynis audit system
Lynis first creates a profile of your computer system, ie it checks which operating system you are using, the kernel, the hardware and other important parameters for the execution of the audit.
How to review Lynis audit reports
Lynis audits are divided into sections so that you can easily understand the outcome of the audits.
The important categories include, for example:
- Boats and services: In this category Lynis gives you an overview of the boot process and the service manager that is used on your system, eg systemd, OpenRC, etc. Lynis also shows you how many services are currently running and which are activated when booting Time. Eventually, you will be shown which services pose a security threat to your system because they are insecure or exposed.
- Users, groups and authentication: Lynis will scan your user administrator accounts, check the password strength and expiration date, and also check that important files like / etc / passwd and the PAM configuration have the correct permissions and are secure.
- USB devices: Checks for USB devices and authorization methods to protect your system.
- Ports and packages: Lynis gives you an overview of unsecure and open ports that intruders can use to exploit your system over the network. It also notifies you of outdated packages that can pose a security risk.
- Logging and files: Lynis checks whether the logging daemon is active and running. It also checks the availability and security of important log files on your system.
Aside from these categories, Lynis also scans your network, file systems, shells, storage and processes, and other critical parts of your system.
In addition to categorization, Lynis uses three main color codes to indicate the severity of a security vulnerability or potential security risk.
Green indicates that the scanned module or software is considered OK and you do not need to take any action. The rest of the color codes usually require your urgent attention in order to fix the vulnerability or to take some other form of action. For example, to update or update software.
Orange indicates that there is a suggestion that you should look into. For example, a software module or service is disabled, so Lynis was unable to perform an audit. Or it could be that the Lynis software module was not found.
The last color code is red. Pay particular attention to report outputs marked in red. This indicates that you should urgently repair the highlighted item as it poses a great threat to the security of your system.
Lynis audit proposals
At the end of the report, Lynis gives you suggestions with web links. Open the web links in your browser for steps or instructions on how to implement the suggested corrective actions.
Help with Lynis orders
To learn more about Lynis and the options available, use the following command:
sudo lynis show
You can also refer to the man pages for more detailed information.
Getting started with ethical hacking on Linux
This guide examined how to monitor and analyze the security of your Linux system with Lynis. Don’t compromise on the security of your Linux PC or server. Always have the latest software available and check your system regularly.
One of the best ways to learn about system security is to become an ethical hacker using Kali Linux and Raspberry Pi.
Ethical hacking is great for learning new skills, and a great way to get started is using Kali Linux and Raspberry Pi.
About the author