Major release: Lynis 3.x

Learn about the most important changes that form the major 3.x release of the Lynis project, including security enhancements and new tests.


After almost a year of work, we are excited to share news about the major 3.x release! It is major for multiple reasons, including the number of submissions from the community and some breaking changes. Some core functions have been rewritten and several new functions were added. Another important area for this release is security. Being a security tool, we want Lynis to be as safe as possible, even though shell script is not specifically known for that.

How are auditd and Lynis different?

While both being active in the area of Linux auditing, auditd and Lynis have a different goal. This article explains the differences between both tools.


Differences between auditd and Lynis Recently I received the question what the difference is between auditd and Lynis. Both focus on auditing, that part is clear. For someone not familiar with both software tools, the technical differences may not directly be obvious. Time to write about that, for everyone that has the same question. Comparing functionality Let’s start with a quick introduction in both tools. Audit daemon Auditd is the daemon process in the Linux Audit Framework, written and maintained by Red Hat.

The Non-Technical Changelog: Insights of 6 Months Development

The lessons we learned about open source during the last 6 months, while developing our security auditing tool Lynis. Apply these insights to your projects.


Lessons learned between our last and current release The Lynis project team is proud to announce a new release of our security auditing tool. With months of work and a variety of changes, we bumped up the version to a “zero release” (2.2.0). The technical changelog is included in the download. We consider it to be a stable release, yet ask all to test it first. Being the original author of Lynis, there is an additional background behind a changelog, which might be even more interesting.

Viewing available test categories in Lynis

Lynis has all tests categorized and lets the user select which tests to run. Using the --tests-category and --view-categories the selection can be made.


When auditing a server, it may be useful to only run a particular category of tests, like firewall related tests. In that case the -tests-category parameter can be used, together with the category name. Available categories To determine what categories are available, Lynis has a built-in parameter -view-categories which lists all available files. Most of the names are self-explanatory on what of tests they include. For more information about the included tests, have a look in the .

What’s New in Lynis 2: Features

The upcoming Lynis 2 release will bring many new features. Focus is on simplicity, speed and supporting newer technologies like Docker and systemd.


Lynis 2.x will bring security auditing of Linux and Unix systems to a new level. In this blog post we share some exciting new features. Release of Lynis 2 is planned for February 2015. Overview: History Lynis 2.x Plugins Systemd Support File Integrity Monitoring Containers & Virtualization Operating Systems Focus on Simplicity Free and Commercial Support History Lynis has been created in 2007, as a follow-up on the well-known tool Rootkit Hunter (rkhunter).

Product comparison: Lynis VS Nessus

In this article we do a comparison of Tenable Nessus and Lynis from CISOfy. We look at the features, their goals and where they can be compared or differ.


Professionals ask us often how Lynis is different than Tenable Nessus. As the original author of Lynis, let me address that very interesting question. Different goal Nessus is focused on vulnerability scanning, or in other words, finding weaknesses in you environment. The huge amount of plugins and their actions show that this is the primary focus. Along the way it started to implement others services, like compliance checking. Lynis also detects vulnerabilities, but that is not its main goal.

Alternatives to Bastille Linux: system hardening with Lynis

Bastille Linux is a great tool for hardening of Linux systems. With the project looking outdated (or even dead), there are new alternatives to Bastille.


Many people used Bastille Linux to harden their Linux systems. Unfortunately the website of Bastille seems very outdated, including the tool. This resulted in people searching for a great alternative to replace this tool. We found the alternative by actually combining different solutions, being more powerful. Security automation is hot, so forget Bastille and do it the right way. Automatic hardening makes sense Most system administrators can’t keep up with the new technologies and security threats.

How to create custom tests in Lynis

Although Lynis has many tests by default, there are enough reasons to create your own custom tests. Instead of patching up existing files, learn how to do that.


Create custom tests in Lynis to tune the tool to your needs

Installation of Lynis on Arch Linux systems

Lynis is available as a package for Arch Linux and installation is just a few steps. We look at the options to install Lynis on your favorite Linux distro.


Tutorial for Lynis installation on Arch Linux Pacman Arch Linux is getting more popular due to its great community support and the way it is organized. Being a “rolling release” system, it is continuously up-to-date. Still, you want to make sure your security defenses are equally up-to-date, so that’s where Lynis comes in. Normally pacman is used for installing new packages. Unfortunately, the lynis package does not show up. # pacman -Ss lynis # pacman -Ss rkhunter community/rkhunter 1.

How to deal with Lynis suggestions?

Auditing tool Lynis for Linux, guides administrators with discovering weaknesses. This article helps in dealing with Lynis suggestions displayed on screen.


After finishing an audit with Lynis, the screen is usually filled with a lot of suggestions. Most users don’t know where to start with hardening and how to deal with these Lynis suggestions in particular. We provide you some tips! Before we start, we strongly suggest to use the latest version of Lynis. If you are using an outdated version from the software repositories, the output could be slightly different.

Lynis Security Notice: 1.5.4 and older

A vulnerability was reported in versions up to Lynis 1.5.4. Learn more about the details.


This week a vulnerability was reported in versions up to Lynis 1.5.4. With Lynis being a security audit tool and focused on hardening Linux and Unix based systems, we regret any (security) bug being discovered. Since it is open source software, we like to be open about the issue, to help you understanding it and take the right precautions. Description: The temporary files created in the tests_webservers section are too predictable.

How to keep Lynis up-to-date?

Keeping software up-to-date is more important than ever before. To keep Lynis up-to-date, there are several notification possibilities and upgrade methods.


Keeping software like Lynis up-to-date is nowadays very important. More and more vendors implement software development methodologies like agile and scrum, to decrease the time between new software versions. This way software enhancements are easier to implement and possible bugs earlier fixed. It’s up to the user of the software to stay up-to-date and therefore we provide some tips on how to update Lynis easily. Notifications Staying up-to-date begins with receiving an update when a new release is available.

Unix security audit: Perform an audit in 3 minutes

Quick guide for performing a Unix security audit on a Unix or Linux based system. Under three minutes you have the results and finished the first audit!


Perform a security audit

Become a Linux auditor: tips to start with auditing the Linux platform

Guide to become a Linux auditor in just a matter of minutes. Focus on how to determine running processes, installed software or possible vulnerabilities.


This guide helps people new to the Linux platform to get a grasp on how the system works. Whenever you are an IT auditor, or simply want to know more about the basics, this guide helps you in determining where to start an audit. Processes Each operating system consists of smaller running processes. In case of Linux this is true as well and can be displayed with the ps tool. Without parameters it will already show some processes, but the list is not complete.

How to: Using Lynis plugins

Learn how to use Lynis plugins and troubleshoot them.


Within this “how to” we explain when and how to use Lynis plugins. What are plugins? Plugins are small extensions to an existing program. Also Lynis supports the use of external plugins to extend functionality. Lynis plugins are written in shell script and might use system binaries or external binaries to perform additional checks. The big difference between custom tests and plugins in Lynis, are the goal of the tests. If some logic function checks a value and can inform the user to take an action, it’s better to use a normal test.

Linux server security: Three steps to secure each system

Article about Linux server security and guidance for securing your Linux systems. Focus on auditing, hardening and compliance, to improve security defenses.


Determining the level of Linux server security can only by measuring the actual implemented security safeguards. This process is called auditing and focuses on comparing common security measures with the ones implemented. While there is almost no system with all possible safeguards implemented, we still can determine how well (or badly) the system is protected. Security is about finding the weakest link(s) and associate risk with each weakness. Depending on the role of the system, sensitivity of data and possible threats, we can then select what security safeguards are appropriate.

Lynis for Auditors: Linux and Unix auditing

Article about Linux / Unix auditing with a focus on the usage of Lynis for auditors. Simplifying the work of the auditor and increasing the quality of work.


Auditing on Linux Although Unix and Linux based systems are not new, getting an extensive knowledge of the operating system takes years of practice. Even then, with all changes it might be hard to keep up, especially when being an auditor. Examples of these are the differences between package managers, the way services are started and where binaries or configuration files are located. But no worries, there is help! Why Lynis?

Difference between Lynis and Lynis Enterprise

Quick guide about the differences between Lynis and the Lynis Enterprise Suite and what version is best suitable for your Linux or Unix environment.


People wonder about the main differences between Lynis and the Lynis Enterprise version. In this article we have a look on what both products are and how you can choose between the two. Lynis Lynis is a security auditing tool for Linux and Unix based systems. With its GPLv3 license it’s open source and freely available. The tool was first released in 2007 and has undergone a lot of development during the years.

Open source vulnerability scanner for Linux systems – Lynis

Within this article we discuss the possibilities of using an open source vulnerability scanner for Linux based systems.


There are several open source vulnerability scanners for Linux, like OpenVAS. While tools like these are powerful as well, we will have a look at Lynis, our auditing tool to detect vulnerabilities of Linux and Unix systems. Why is it different than others and how can it help you in securing your systems? Vulnerabilities Every piece of software will have sooner or later a vulnerability, a minor or major weakness which can be abused by evildoers.

FreeBSD hardening with Lynis

This article provides tips for FreeBSD hardening by using a powerful tool named Lynis. This script will perform an extensive audit to secure your systems.


Lynis development has its roots on a FreeBSD system, therefore FreeBSD hardening is also easy and supported when using Lynis. People who want to audit and harden their FreeBSD system will discover Lynis to be a powerful tool for this purpose. In this article we will focus on how to audit your system with Lynis. Ports Lynis is available from the ports tree and usually the version is close or at the latest version.

How to update Lynis

Tips and suggestions to keep Lynis up-to-date. With every software tool receiving improvements and bug fixes, it's important to update Lynis as well.


With every software tool receiving improvements and bug fixes, it’s important to update Lynis as well. In this article we have a look at how to easily upgrade Lynis. Options Two common options to keep software up-to-date is by using a package, or the usage of a custom archive. Installing Lynis is optional, running it from remote (or local) storage is a valid option. Lynis Packages On the CISOfy software repository you can find a Lynis package.

CAATTs for Linux: Lynis

Article about a tool within CAATTs for Linux: Lynis. Helping auditors with computer-assisted audit tools and techniques, with focus on Linux and Unix scans.


Within the field of the audit profession the usage of CAAT (Computer-assisted audit techniques) or CAATTs (computer-assisted audit tools and techniques) is growing. Lynis is filling this gap for Linux and Unix based systems. It’s a well-known and stable tool in this area and improves the audit process by automation. Only a few items could then be checked manually. This saves time, makes the audit more predictable and increases the quality of the overall audit.

How to use Lynis

Article about how to use Lynis, a security auditing and hardening tool to test Unix and Linux based systems for vulnerabilities.


This article explains in a few quick steps how to start with using Lynis. A more extensive explanation can be found in the documentation of Lynis. Download Lynis wget**version**.tar.gz Unpack tarball tar xfvz lynis-version.tar.gz This will unpack the tarball with a Lynis directory. Run Lynis Go to the newly created directory named lynis. cd lynis When running Lynis for the very first time, use the audit system command. It will start the audit process and pauses after every batch of tests.

Lynis Hardening Index

What is the Lynis hardening index and how does it help? This article explains the rationale behind the hardening index.


At the end of each Lynis scan, the report will be displayed. This report will include the findings (warnings and suggestions) and general information like the number of security tests performed. Additionally, the location of the log file and report data will be displayed. Between all this information there is a “Lynis hardening index” displayed. This index is unique to Lynis. The index gives the auditor an impression on how well a system is hardened.

Securing Linux: Audit with Lynis (an introduction into auditing)

Introduction article into securing Linux based systems by performing a scan with Lynis. After this first audit it will be much easier to harden the system!


Securing a Linux system can take a lot of time. For this purpose we have written Lynis, a quick and small audit tool. It’s an open source tool and freely available. You just need root permissions and a common shell and you’re ready to do your first audit. The main audience for this tool is auditors, security professionals, penetrating testers and system administrators. First audit Most Linux distributions already have Lynis in their software repository.

Lynis stuck during testing

How to deal with issues when running Lynis and looks like it is stuck during any testing being performed. Finding the causing in a few quick steps.


Normal Lynis scans take a few minutes to complete, therefore any test taking more than 1 minute, might be stuck during its test. Within this article we have a look at a few things you can do. When a particular test is taking a long time, the test might be stuck. However, that’s not always the case. To determine what Lynis is doing, open up a second terminal and start with running ps aux to see what processes are active.