How to deal with Lynis suggestions?

How to deal with Lynis suggestions?

Lynis (Linux/Unix auditing tool) screenshot

Screenshot of a Unix security audit performed with Lynis.

After finishing an audit with Lynis, the screen is usually filled with a lot of suggestions. Most users don’t know where to start with hardening and how to deal with these Lynis suggestions in particular. We provide you some tips!

Before we start, we strongly suggest to use the latest version of Lynis. If you are using an outdated version from the software repositories, the output could be slightly different.

The latest version can be downloaded on the downloads page.

Step 1: Follow the link

After each warning or suggestion a link is displayed, which is related to the security control. The website contains more information regarding this control, to prevent the screen filled up with long pieces of text. This text will give an initial idea on what could be improved.

Step 2: Check the log

During the Lynis run, it will collect a lot of additional information. This information can be considered as debug information and is very useful after the scan process. It includes information from the start of the program, OS and binary file detection and the outcomes of each individual test.

To quickly determine what has been discovered during a particular test, open the log file with the less command and perform a search for the related control.

# less /var/log/lynis.log

Step 3: Check the source

The big benefit of using open source software components, is the ability to look in the source code. Normally this isn’t easy for novice people, as you require some programming knowledge to understand the logic. Fortunately Lynis is written in shell script and the logic is easy to understand.

When looking why some Lynis suggestions showed up, go to the include directory. Perform a grep to check what files is performing a particular test.

# cd include


# grep FILE-1234 *

The related filename will show up and with less (or your favorite text editor) the contents can be reviewed. Usually it will quickly become clear what files were tested and what particular text strings are related.


While we strongly believe that most people can harden their systems, we still see that most companies and people don’t properly perform this hardening. This is why we created an Enterprise version to help simplifying this process.

If you have more than 10 systems to manage, we strongly suggest to avoid manual hardening. Automation is the key in getting and keeping your systems secure. Whatever method you use, focus on automation and use software configuration management tools like cfengine, Chef and Puppet.

One more thing...

Keep learning

So you are interested in Linux security? Join the Linux Security Expert training program, a practical and lab-based training ground. For those who want to become (or stay) a Linux security expert.

See training package

Lynis Enterprise screenshot to help with system hardeningSecurity scanning with Lynis and Lynis Enterprise

Run automated security scans and increase your defenses. Lynis is an open source security tool to perform in-depth audits. It helps with system hardening, vulnerability discovery, and compliance.


Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.