Lynis for Auditors: Linux and Unix auditing

Lynis for Auditors: Linux and Unix auditing

Auditing on Linux

Although Unix and Linux based systems are not new, getting an extensive knowledge of the operating system takes years of practice. Even then, with all changes it might be hard to keep up, especially when being an auditor. Examples of these are the differences between package managers, the way services are started and where binaries or configuration files are located. But no worries, there is help!

Why Lynis?

The goal of Lynis is to automate the difficulties between each system. Instead of using (outdated) benchmarks or check lists, Lynis will always be using the latest methods to extract data. In the end it is more interesting to know what packages are installed, then knowing the right commands.

To run Lynis only root permissions are required. Installation of the tool is possible, but not a requirement. It can be executed from a remote system or storage device (e.g. USB stick). The software is open source and freely available under the GPLv3 license. So you are assured that many people already looked at the source code. Another benefit is the great feedback the project receives from the community, to keep it properly updated.

Lynis checks available binaries and then determines what tools are available to gather the right information. Depending on each discovery it will decide to enable or disable particular tests.

Lynis screenshot with hardening index

Lynis screenshot with hardening index.

To help you during the audit, all data of the audit process is stored in a log file (by default /var/log/lynis.log). This helps in determining what tests where performed and why some of the tests where skipped. Additionally it will log what findings there are, including any warnings or suggestions. Also particular discoveries (e.g. a path to a file) or data elements will be logged, to help in determining a follow-up plan.

At the end of the Lynis scan a report will be displayed. This includes the findings and a hardening index, giving a first impression on how well the system is hardened.

Why Lynis Enterprise Suite?

Auditors, consultants and security professionals are often very flexible and might work for multiple clients. Therefore we extended Lynis with additional services, which we named the Lynis Enterprise Suite. It consists of:

  • Management interface
  • Central reporting
  • Customized implementation plan
  • API to automate and integrate with other systems

Flexible pricing

To provide auditors with a flexible pricing plan, you can opt for using credits. Each uploaded system represents a credit. This way it’s easy to do a job for a single client, upload all data and create the related reports and implementation plan. After the audit is done, simply sweep out all data and you can use the remaining credits for the next client.

See the Lynis Enterprise pricing for more information about the pricing plan and options.

Lynis Enterprise

Lynis Enterprise screenshot to help with system hardening

This blog post is part of our Linux security series and the mission to get Linux and Unix-based systems more secure.

Does system hardening take a lot of time, or do you have any compliance in your company? Have a look at Lynis Enterprise.

Or start today with the open source security scanner Lynis (GitHub)