LYNIS

Security Auditor

Lynis is an open-source security auditing tool for UNIX derivatives like Linux, Mac OS, BSD, other Unix-based operating systems etc. Performing extensive health scan of systems that support System Hardening and Compliance Testing. An open-source software with GPL License. This tool also scans for general system information, vulnerable software packages, and configuration issues. It is useful for System Administrators, Auditors, Security Professionals.

DOWNLOADS

SYSTEM REQUIREMENTS

RAM : Minimum 1 gb.

Storage : Minimum 10 MB for installation.

OS : Compatible with Linux, macOS, and Unix-based systems.

Architecture : Supports both 32-bit and 64-bit architectures.

Available On : PC


ADDITIONAL INFORMATION

Published By

CISOfy.

Release Date

2007

Approximate Size

1.67 MB

Publisher Info

CISOfy specializes in security tools and system hardening.

Supported Languages

English

Last Update

March 12, 2025

Version 2023-07-R1.

Programming Language

Written in Shell scripting.

Operating System

Cross-platform

License

Open Source under the GNU General Public License (GPL).

Since Lynis is flexible, it is used for several different purposes. Typical use cases for Lynis include:

  1. Security auditing
  2. Compliance testing (e.g. PCI, HIPAA, SOx)
  3. Penetration testing
  4. Vulnerability detection
  5. System hardening

  1. Lynis scanning is modular and opportunistic. This means it will only use and test the components that it can find, such as the available system tools and its libraries. The benefit is that no installation of other tools is needed, so you can keep your systems clean.
  2. By using this scanning method, the tool can run with almost no dependencies. Also, the more components it discovers, the more extensive the audit will be. In other words: Lynis will always perform scans that are tailored to your system. No audit will be the same!

    3. Example : When Lynis detects that you are running Apache, it will perform an initial round of Apache related tests. Then when it performs the specific Apache tests, it may also discover a SSL/TLS configuration. It then performs additional auditing steps based on that. A good example is collecting any discovered certificates, so that they can be scanned later as well.

  • Developers : Test that Docker image, or improve the hardening of your deployed web application.
  • System administrators : Run daily health scans to discover new weaknesses
  • IT auditors : Show colleagues or clients what can be done to improve security.
  • Penetration testers : Discover security weaknesses on systems of your clients, that may eventually result in system compromise.

Lynis is a powerful security auditing tool for Linux, macOS, and Unix-based systems. It helps assess system vulnerabilities, compliance, and hardening. Here are some examples of its usage :

Basic Commands
  1. Run a System Audit : sudo lynis audit system

    2. This performs a comprehensive security audit of the system, checking configurations, software, and vulnerabilities.

  2. Check for Updates : sudo lynis update info

    3. Ensures that Lynis is up-to-date with the latest features and security checks.

  3. Audit a Dockerfile : sudo lynis audit dockerfile /path/to/dockerfile

    4. Analyzes a Dockerfile for security issues and provides recommendations.

  4. Run in Pentest Mode : sudo lynis --pentest

    5. Executes Lynis in penetration testing mode for non-privileged scans.

  5. Generate a Report : sudo lynis audit system --report-file /path/to/report.txt

    6. Saves the audit results to a specified file for later review.

Advanced Examples
  1. Custom Profiles : sudo lynis audit system --profile /path/to/custom.profile

    2. Uses a custom profile for tailored security checks.

  2. Run as a Cron Job : sudo lynis --cronjob

    3. Automates regular audits by running Lynis as a scheduled task.

  3. Filter Specific Checks : sudo lynis audit system --checkall

    4. Runs all available checks for a thorough audit.

  • e2fsprogs

Terminal Installation Commands ...

$ sudo apt-get update

$ sudo apt -y install lynis

GUI Installation Steps ...
Linux
  1. Using Package Manager :
    • Debian-based (Ubuntu, Mint, etc.) : sudo apt-get install lynis
    • Red Hat-based (CentOS, Fedora, RHEL) : sudo yum install lynis
    • openSUSE : sudo zypper install lynis
  2. Using Git :

    $ cd /usr/local

    $ git clone https://github.com/CISOfy/lynis

    $ cd lynis
  3. Using Direct Download :

    $ mkdir -p /usr/local/lynis

    $ cd /usr/local

    $ wget https://cisofy.com/files/lynis-<version>.tar.gz

    $ tar -xvzf lynis-<version>.tar.gz

    $ cd lynis
Windows

Lynis is primarily designed for Unix-based systems, including Linux and macOS. It does not natively support Windows. However, you can run it inside Windows Subsystem for Linux (WSL) by installing it on a Linux distribution within WSL.

  1. Ensure WSL is Installed
    • Open PowerShell as Administrator and run : wsl --install
    • Restart your system if required.
  2. Launch WSL and Update Packages
    • Open WSL (Ubuntu, Debian, etc.) and update the package list : sudo apt update && sudo apt upgrade -y
  3. Install Lynis
    • Run the following command : sudo apt install lynis
    • Verify installation : lynis --version
MacOS
  • Using Homebrew : brew install lynis

Terminal Uninstallation Commands ...

$ sudo apt-get remove lynis

$ sudo apt autoclean && apt autoremove

GUI Uninstallation Steps ...
Linux
  • If installed via package manager :

    $ sudo apt-get remove lynis # Debian-based

    $ sudo yum remove lynis # Red Hat-based

    $ sudo zypper remove lynis # openSUSE
  • If installed via Git or direct download, simply delete the Lynis directory : rm -rf /usr/local/lynis
Windows
  1. Remove Lynis
    • Run : sudo apt remove lynis
    • To remove all dependencies : sudo apt autoremove
  2. Uninstall WSL (if needed)
    • Open PowerShell as Administrator and run : wsl --unregister<distro_name>
    • Replace <distro_name> with your installed Linux distribution (e.g., Ubuntu).
MacOS
  • Using Homebrew : brew uninstall lynis

Copyright © 2025 HACKERSPOT

All original content, including tools, software, and other information, is protected by copyright and remains the property of its respective owners.

Subscribe for more Information
HACKERSPOT

HackerSpot is an informational platform that offers resources such as tools, software, courses, internships, and various other materials aimed at supporting individuals passionate about CyberSecurity and IT.

About Us
Docs / Links

Documentation

Tools

Softwares

Operating Systems

Learning

Courses

Internships

Virtual Labs

Colleges

Youtube Channels

Resources

Devices & Hardware

Browsers

Cyber Threat Maps

Other Resources

Contacts

Bapatla, Andhrapradesh, India 237101

bablunannam@gmail.com

+91 7995819235