Lynis is an extensible security audit tool for computer systems running Linux, FreeBSD, macOS, OpenBSD, Solaris, and other Unix-derivatives. It assists system administrators and security professionals with scanning a system and its security defenses, with the final goal being system hardening.
|Original author(s)||Michael Boelen|
2.7.3 / 21 March 2019
|Written in||Shell script|
|Operating system||FreeBSD, Linux, macOS, OpenBSD, Solaris|
|Type||Security Software, Audit tool|
The software determines various system information, such as the specific OS type, kernel parameters, authentication and accounting mechanism, installed packages, installed services, network configuration, logging and monitoring (e.g. syslog-ng), cryptography (e.g. SSL/TLS certificates) and installed malware scanners (e.g. ClamAV or rkhunter). Additionally, it will check the system for configuration errors and security issues. By request of the auditor, those checks may conform to international standards such as ISO 27001, PCI-DSS 3.2 and HIPAA.
The software also helps with fully automated or semi-automatic auditing, software patch management, evaluation of server hardening guidelines and vulnerability/malware scanning of Unix-based systems. It can be locally installed from most system repositories, or directly started from disk, including USB stick, CD or DVD.
The intended audience is auditors, security specialists, penetration testers, and sometimes system/network administrators. Usually members of a First Line of Defense within a company or larger organization tend to employ such audit tools. According to the official documentation, there is also a Lynis Enterprise version, available with support for more than 10 computer systems, providing malware scanning, intrusion detection and additional guidance for auditors.
- "Releases - CISOfy/lynis". Retrieved 21 March 2019 – via GitHub.
- "lynis: Lynis - CONTRIBUTORS - doxygen documentation - Fossies Dox". M. Boelen, fossies.org. 2017-03-15. Retrieved 2017-03-20.
- "Lynis 2.2.0 Released – Security Auditing and Scanning Tool for Linux Systems". Ravi Saive, tecmint.com. 2016-03-18. Retrieved 2017-03-20.
- "Lynis/README at master · CISOfy/lynis · GitHub". M. Boelen, GitHub. 2017-03-15. Retrieved 2017-03-20.