How to deal with Lynis suggestions?

After finishing an audit with Lynis, the screen is usually filled with a lot of suggestions. Most users don’t know where to start with hardening and how to deal with these Lynis suggestions in particular. We provide you some tips!

Before we start, we strongly suggest to use the latest version of Lynis. If you are using an outdated version from the software repositories, the output could be slightly different.

The latest version can be downloaded on the downloads page.

After each warning or suggestion a link is displayed, which is related to the security control. The website contains more information regarding this control, to prevent the screen filled up with long pieces of text. This text will give an initial idea on what could be improved.

Step 2: Check the log

During the Lynis run, it will collect a lot of additional information. This information can be considered as debug information and is very useful after the scan process. It includes information from the start of the program, OS and binary file detection and the outcomes of each individual test.

To quickly determine what has been discovered during a particular test, open the log file with the less command and perform a search for the related control.

# less /var/log/lynis.log

Step 3: Check the source

The big benefit of using open source software components, is the ability to look in the source code. Normally this isn’t easy for novice people, as you require some programming knowledge to understand the logic. Fortunately Lynis is written in shell script and the logic is easy to understand.

When looking why some Lynis suggestions showed up, go to the include directory. Perform a grep to check what files is performing a particular test.

# cd include

 

# grep FILE-1234 *

The related filename will show up and with less (or your favorite text editor) the contents can be reviewed. Usually it will quickly become clear what files were tested and what particular text strings are related.

Notes

While we strongly believe that most people can harden their systems, we still see that most companies and people don’t properly perform this hardening. This is why we created an Enterprise version to help simplifying this process.

If you have more than 10 systems to manage, we strongly suggest to avoid manual hardening. Automation is the key in getting and keeping your systems secure. Whatever method you use, focus on automation and use software configuration management tools like cfengine, Chef and Puppet.

Feedback

Small picture of Michael Boelen

This article has been written by our Linux security expert Michael Boelen. With focus on creating high-quality articles and relevant examples, he wants to improve the field of Linux security. No more web full of copy-pasted blog posts.

Discovered outdated information or have a question? Share your thoughts. Thanks for your contribution!

Mastodon icon