Lynis Security Notice: 1.5.4 and older

Lynis Security Notice: 1.5.4 and older This week a vulnerability was reported in versions up to Lynis 1.5.4. With Lynis being a security audit tool and focused on hardening Linux and Unix based systems, we regret any (security) bug being discovered. Since it is open source software, we like to be open about the issue, to help you understanding it and take the right precautions. Description: The temporary files created in the tests_webservers section are too predictable. This may resulting […]

Read more

How to keep Lynis up-to-date?

How to keep Lynis up-to-date? Keeping software like Lynis up-to-date is nowadays very important. More and more vendors implement software development methodologies like agile and scrum, to decrease the time between new software versions. This way software enhancements are easier to implement and possible bugs earlier fixed. It’s up to the user of the software to stay up-to-date and therefore we provide some tips on how to update Lynis easily. Notifications Staying up-to-date begins with receiving an update when a […]

Read more

Unix security audit: Perform an audit in 3 minutes

Unix security audit: Perform an audit in 3 minutes Want to know the vulnerabilities of a Unix/Linux system is in just 3 minutes? How? Perform a scan with Lynis, the open source Unix security audit tool! Lynis Lynis is open source software (GPLv3), released in 2007 and a popular choice by many security professionals and system administrators. Hundreds of downloads in the first week of each release and with a lot of community feedback, Lynis is the right tool for […]

Read more

How to: Using Lynis plugins

Within this “how to” we explain when and how to use Lynis plugins. What are plugins? Plugins are small extensions to an existing program. Also Lynis supports the use of external plugins to extend functionality. Lynis plugins are written in shell script and might use system binaries or external binaries to perform additional checks. The big difference between custom tests and plugins in Lynis, are the goal of the tests. If some logic function checks a value and can inform […]

Read more

Lynis for Auditors: Linux and Unix auditing

Lynis for Auditors: Linux and Unix auditing Auditing on Linux Although Unix and Linux based systems are not new, getting an extensive knowledge of the operating system takes years of practice. Even then, with all changes it might be hard to keep up, especially when being an auditor. Examples of these are the differences between package managers, the way services are started and where binaries or configuration files are located. But no worries, there is help! Why Lynis? The goal […]

Read more

Difference between Lynis and Lynis Enterprise

Difference between Lynis and Lynis Enterprise People wonder about the main differences between Lynis and the Lynis Enterprise version. In this article we have a look on what both products are and how you can choose between the two. Lynis Lynis is a security auditing tool for Linux and Unix based systems. With its GPLv3 license it’s open source and freely available. The tool was first released in 2007 and has undergone a lot of development during the years. Lynis is […]

Read more

FreeBSD hardening with Lynis

FreeBSD hardening with Lynis Lynis development has its roots on a FreeBSD system, therefore FreeBSD hardening is also easy and supported when using Lynis. People who want to audit and harden their FreeBSD system will discover Lynis to be a powerful tool for this purpose. In this article we will focus on how to audit your system with Lynis. Lynis Lynis is an open source audit tool. It only requires root access and a normal shell and the tool is […]

Read more

How to update Lynis

How to update Lynis With every software tool receiving improvements and bug fixes, it’s important to update Lynis as well. In this article we have a look at how to easily upgrade Lynis. Options Two common options to keep software up-to-date is by using a package, or the usage of a custom archive. Installing Lynis is optional, running it from remote (or local) storage is a valid option. Lynis Packages On the CISOfy software repository you can find a Lynis […]

Read more

How to use Lynis

How to use Lynis This article explains in a few quick steps how to start with using Lynis. A more extensive explanation can be found in the documentation of Lynis. Download Lynis: wget http://cisofy.com/files/lynis-version.tar.gz Unpack tarball: tar xfvz lynis-version.tar.gz This will unpack the tarball with a Lynis directory. Go into this directory: cd lynis-version When running Lynis for the very first time, just just the -c parameter. It will start the audit process and pauses after every batch of tests. […]

Read more

Lynis Hardening Index

At the end of each Lynis scan, the report will be displayed. This report will include the findings (warnings and suggestions) and general information like the number of security tests performed. Additionally, the location of the log file and report data will be displayed. Between all this information there is a “Lynis hardening index” displayed. This index is unique to Lynis. The index gives the auditor an impression on how well a system is hardened. This number, however, is just […]

Read more

Securing Linux: Audit with Lynis (an introduction into auditing)

Introduction Securing a Linux system can take a lot of time. For this purpose we have written Lynis, a quick and small audit tool. It’s an open source tool and freely available. You just need root permissions and a common shell and you’re ready to do your first audit. The main audience for this tool is auditors, security professionals, penetrating testers and system administrators. First audit Most Linux distributions already have Lynis in their software repository. If not, then download Lynis […]

Read more

Lynis stuck during testing

Introduction Normal Lynis scans take a few minutes to complete, therefore any test taking more than 1 minute, might be stuck during its test. Within this article we have a look at a few things you can do. Stuck When a particular test is taking a long time, the test might be stuck. However, that’s not always the case. To determine what Lynis is doing, open up a second terminal and start with running ps aux to see what processes […]

Read more
12