Lynis for Auditors: Linux and Unix auditing

Auditing on Linux

Although Unix and Linux based systems are not new, getting an extensive knowledge of the operating system takes years of practice. Even then, with all changes it might be hard to keep up, especially when being an auditor. Examples of these are the differences between package managers, the way services are started and where binaries or configuration files are located. But no worries, there is help!

Why Lynis?

The goal of Lynis is to automate the difficulties between each system. Instead of using (outdated) benchmarks or check lists, Lynis will always be using the latest methods to extract data. In the end it is more interesting to know what packages are installed, then knowing the right commands.

To run Lynis only root permissions are required. Installation of the tool is possible, but not a requirement. It can be executed from a remote system or storage device (e.g. USB stick). The software is open source and freely available under the GPLv3 license. So you are assured that many people already looked at the source code. Another benefit is the great feedback the project receives from the community, to keep it properly updated.

Lynis checks available binaries and then determines what tools are available to gather the right information. Depending on each discovery it will decide to enable or disable particular tests.

To help you during the audit, all data of the audit process is stored in a log file (by default /var/log/lynis.log). This helps in determining what tests where performed and why some of the tests where skipped. Additionally it will log what findings there are, including any warnings or suggestions. Also particular discoveries (e.g. a path to a file) or data elements will be logged, to help in determining a follow-up plan.

At the end of the Lynis scan a report will be displayed. This includes the findings and a hardening index, giving a first impression on how well the system is hardened.

Why Lynis Enterprise Suite?

Auditors, consultants and security professionals are often very flexible and might work for multiple clients. Therefore we extended Lynis with additional services, which we named the Lynis Enterprise Suite. It consists of:

  • Management interface
  • Central reporting
  • Customized implementation plan
  • API to automate and integrate with other systems

Flexible pricing

To provide auditors with a flexible pricing plan, you can opt for using credits. Each uploaded system represents a credit. This way it’s easy to do a job for a single client, upload all data and create the related reports and implementation plan. After the audit is done, simply sweep out all data and you can use the remaining credits for the next client.

See the Lynis Enterprise pricing for more information about the pricing plan and options.

Feedback

Small picture of Michael Boelen

This article has been written by our Linux security expert Michael Boelen. With focus on creating high-quality articles and relevant examples, he wants to improve the field of Linux security. No more web full of copy-pasted blog posts.

Discovered outdated information or have a question? Share your thoughts. Thanks for your contribution!

Mastodon icon