« Back to Vulnerabilities

Open source vulnerability scanner for Linux systems – Lynis

There are several open source vulnerability scanners for Linux, like OpenVASExternal link . While tools like these are powerful as well, we will have a look at Lynis, our auditing tool to detect vulnerabilities of Linux and Unix systems. Why is it different than others and how can it help you in securing your systems?

Vulnerabilities

Every piece of software will have sooner or later a vulnerability, a minor or major weakness which can be abused by evildoers. Within information security we have the goal to protect the confidentiality, integrity and availability of systems and the related information (or data). One of the biggest threats to this goal are people, tools and actions which make “use” of a vulnerability. Sometimes by accident, but usually on purpose, like exploiting toolkits which search the internet for systems with a known vulnerability. Therefore it’s advised to focusing on discovering and reducing the amount of vulnerabilities as soon as possible, to prevent unauthorized people from gaining access to our systems.

Outside versus Inside scanning

Many vulnerability scanners perform on a network level (outside). They can detect missing security patches due to discovered weaknesses. Still, in many cases leaks can be present while detection via the network is close to impossible. An additional downside is version banners on which some of the tools rely, providing you with a false positive when the software vendor is using a patched version.

Lynis focuses on scanning from the inside, on the system itself. This doesn’t mean it has to be installed on the system though. Lynis can run from local or external storage and only requires root permissions. The big benefit from running it on the system itself is that all information is available, including running processes, open network ports, being able to discover user accounts etc.

Depending on your needs and how in-depth a security scan has to be, scanning from the inside might be a preferred method. More information will be available, while the chance of getting false positives is lower as well.

Related articles

Like to learn more? Here is a list of articles within the same category or having similar tags.

Feedback

Small picture of Michael Boelen

This article has been written by our Linux security expert Michael Boelen. With focus on creating high-quality articles and relevant examples, he wants to improve the field of Linux security. No more web full of copy-pasted blog posts.

Discovered outdated information or have a question? Share your thoughts. Thanks for your contribution!

Mastodon icon