Lynis Hardening Index

At the end of each Lynis scan, the report will be displayed. This report will include the findings (warnings and suggestions) and general information like the number of security tests performed. Additionally, the location of the log file and report data will be displayed.

Between all this information there is a “Lynis hardening index” displayed. This index is unique to Lynis. The index gives the auditor an impression on how well a system is hardened. This number, however, is just an indicator on taken measures. One should not confuse it with a percentage of how “safe” a system might be.

Lynis screenshot with hardening index.

Increasing the index

So you want to influence the Lynis hardening index? The best way is to actually implement security safeguards! Determine what findings you have on your system and apply any measures. Hardening Lynis and Unix systems is essential to get your security inline with your security policies. Besides that, no company or administrator want their systems being the target of a break-in.

An alternative to increasing the Lynis hardening index is determining what tests are too strict for the role of the particular machine. These tests can then be disabled in the scan profile, resulting in the test to be skipped. By using this method, the hardening rating for those particular tests will be skipped, resulting in a different score. While this might sound like a good idea, it makes the comparison with other systems harder, unless the test is skipped for all systems.

Hardening Index++

Users of the Lynis Enterprise Suite will get an even more powerful version of the Lynis hardening index. Each system is measured and compared to other systems. Depending on the findings, a risk rating will be calculated for the individual system. Additionally, averages and a maximum score will be displayed for similar machines. This gives a better view of what systems pose the most risk or need priority in a hardening project.