Lynis Hardening Index

Lynis Hardening Index

At the end of each Lynis scan the report will be displayed. This report will include the findings (warnings and suggestions) and general information like the amount of security tests performed. Additionally the location of the log file and report data will be displayed.

Between all this information there is a “Lynis hardening index” displayed. This index isĀ  unique to Lynis. The index gives the auditor an impression on how well a system is hardened. This number however is just an indicator on taken measures. One should not confused it with a percentage on how “safe” a system might be.

Lynis screenshot with hardening index

Lynis screenshot with hardening index.

 

 

 

 

 

 

Increasing the index

So you want to influence the Lynis hardening index? The best way is to actually implement security safeguards! Determine what findings you have on your system and apply any measures. Hardening Lynis and Unix systems is essential, to get your security inline with your security policies. Besides that, no company or administrator want their systems being the target of a break-in.

An alternative to increase the Lynis hardening index, is determining what tests are too strict for the role of the particular machine. These tests can then be disabled in the scan profile, resulting in the test to be skipped. By using this method, the hardening rating for those particular tests will be skipped, resulting in a different score. While this might sound like a good idea, it makes comparison with other systems harder, unless the test is skipped for all systems.

Hardening Index++

Users of the Lynis Enterprise Suite will get an even more powerful version of the Lynis hardening index. Each system is measured and compared to other systems. Depending on the findings, a risk rating will be calculated for the individual system. Additionally averages and a maximum score will be displayed for similar machines. This gives a better view on what systems pose the most risk or need priority in a hardening project.

 

Automate security audits with Lynis and Lynis Enterprise
Lynis Enterprise screenshot to help with system hardening

This blog post is part of our Linux security series to get Linux (and Unix-based) systems more secure.

Daily security checks

Want to go to the next level of security scanning and system hardening? Start with automated security scans for Linux: Lynis and Lynis Enterprise.


Automate Scanning »