Three big changes and reasoning behind Lynis 2.3.0

Lynis 2.3.0

Last two releases we invested a lot of work in rebuilding our auditing tool Lynis. The original code is from 2007, and we have plans to add a lot of new tests. Before doing so, we decided to give Lynis a good spring cleanup and enhance its core. This way it will properly deal with the upcoming weight of the new tests.

These major changes also mean a slightly different approach in some areas. So here is the background behind the changes.

Changes to profiles

If you are upgrading from an older version, then be aware of a big change: profiles. Previously only one profile could be active. Now Lynis will apply this logic:

  1. Use default.prf
  2. Check presence custom.prf (and use when available)
  3. Check if you have provided a profile with –profile

The default profile will always be applied. If you like to make changes to the default settings, then it is suggested to copy only those lines to the custom.prf and place it in the same directory (use “lynis show profiles” to detect location).

The –profile option should only be used if you temporarily want to use a different profile for one scan.

Why the change?

To allow a more flexible way of deploying Lynis, keep a set of default settings, and give users the chance to tune things to their environment or security assessments.

New: lynis show

Due to the major changes, we made a new helper utility called “show”. If you run “lynis show” it will provide you all the details. Like what profiles are detected, the version number, language, applied settings, help, etc.

  • lynis show commands
  • lynis show language
  • lynis show options
  • lynis show profiles
  • lynis show version

Why the change?

It was hard to find where people had installed their installation of Lynis. Or… if they had it installed at all. With a set of “show” commands, you can now find that information very easily.

Software packages!

Many of you asked us, and now they are available: DEB and RPM packages. Via our software repository you can easily install and upgrade your Lynis client.

Why the change?

Simplification for installation and upgrades. Some distributions make their releases “stable”, which means all software versions get frozen. This way we can provide always the latest releases, and make the upgrade process a lot easier.


Happy Auditing!


Lynis Enterprise

Lynis Enterprise screenshot to help with system hardening

This blog post is part of our Linux security series and the mission to get Linux and Unix-based systems more secure.

Does system hardening take a lot of time, or do you have any compliance in your company? Have a look at Lynis Enterprise.

Or start today with the open source security scanner Lynis (GitHub)

Leave a Reply

Your email address will not be published. Required fields are marked *