Lynis is an open-source security auditing tool for extensive scanning of systems and its security defense to achieve compliance testing and system hardening. This software has been distributed under a GPL license since 2004. It assists in server hardening guidelines, software patch management, fully automatic auditing, Actually lynis doesn’t harden the server by itself but it will provide information about the vulnerability and suggest a different way to harden the software.
This article will help you to install Lynis from its official package repository and audit the system security in Ubuntu 20.04 LTS system.
lynis command [options]
You can view all the applicable commands using the following command.
$ lynis show command
Lynis commands list.
Installing Lynis via Package
Lynis can be installed using various methods but installing via package manager is the easiest way to install as well as updating the Lynis. You can find the lynis package already being maintained in Ubuntu 20.04 but it’s not the most recent one. So, we will use the official Lynis package repository to install the latest one.
The Lynis repository uses HTTP Secure Protocol for secure transport so make sure you have installed apt-transport-https it does not use the following command.
$ sudo apt update
$ sudo apt install apt-transport-https
Before implementing the Lynis repo we need to add the repo key using the following command.
$ sudo wget -O - https://packages.cisofy.com/keys/cisofy-software-public.key | sudo apt-key add -
To use Lynis only English skip the translation using the following command and this saves on bandwidth.
$ echo 'Acquire::Languages "none";' | sudo tee /etc/apt/apt.conf.d/99disable-translations
Now, add the Lynis repository to the system package repository list using the following command.
$ echo "deb https://packages.cisofy.com/community/lynis/deb/ stable main" | sudo tee /etc/apt/sources.list.d/cisofy-lynis.list
Update package info before installing the package,
$ sudo apt update
$ sudo apt install lynis
Now, once installation completes, check the Lynis version if the latest one was installed using the following command.
$ lynis show version
Auditing a Linux System Using Lynis
Using the following lynis command you can perform basic system auditing. To run this command we don’t need root privilege but using it will provide auditing results.
$ sudo lynis audit system
During the auditing process, it performs the various test and results in the stream of tests to the standard output. In the auditing process, it performs the test and results in the output divided into different categories such as security, suggestion, file system, test result, debug information, etc. All the test and debug information are logged to /var/log/lynis.log and the auditing report is saved to /var/log/lynis-report.dat. You can find general information about the system application, server vulnerable packages, etc. in the report file. Each time you run the system auditing it will overwrite the previous test results.
In the following example of system auditing, you can see different auditing results labeled by keywords like Ok, Found, Not Found, Suggestion, Warning, etc. The output labeled with the Warning keyword needs to be fixed according to Lynis’s advice.
System Auditing Output
System Auditing Output.
At the end of the auditing output, you can see security scan details where Lynis calculate our system harden index, several scans performed, and many more related to security.
Lynis Security Scan Details.
Evaluating Lynis Audit Warnings & Suggestions
In the result section, you see the list of warnings if there are any. In the first line, you can see the issue type along with its test-id. Second-line contains the suggested solution if exists if not it will not show any. At the last, you can see the URL referring to the guidance on the warning.
As you can see in the above audit warning section there is no solution given to the warning. You can view more information on the warning using the following command with the help of the test-id.
$ sudo lynis show details PKGS-7392
As you can see the following output when viewing more info on specific warnings. In the end, it also shows the optimal solution to the warning.
View more info on the warning.
Next in the suggestion section, we have got 37 suggestions to harden our system. Similarly, you can also view more info on suggested security fixes using test-id.
Create a Custom Lynis Profile
Lynis uses profiles to have a set of predefined options for system auditing. You can skip auditing on specific test-id by creating a custom profile and using the skip-test directive along with the test id. In the example below I have created a custom profile (custom.prf) and added a skip-test directive along with the test id one per line. Basically, we can skip the test on the warning that we find appropriate to the system.
$ sudo vim /etc/lynis/custom.prf
Save and run the system auditing again, you will see two of the previous warnings have been skipped by lynis.
Result after skipping warnings.
In this article, we learn to audit the system using Lynis and to review the fixes for the warning along with suggestions for hardening the system security. You can learn more from its official site if you want. Thank you for reading this article.