Lynis

Alternatives to Bastille Linux: system hardening with Lynis

Bastille Linux is a great tool for hardening of Linux systems. With the project looking outdated (or even dead), there are new alternatives to Bastille. One example is hardening your system after...

Summary of Alternatives to Bastille Linux: system hardening with Lynis

Many people used Bastille Linux to harden their Linux systems. Unfortunately the website of Bastille seems very outdated, including the tool. This resulted in people searching for a great alternative to replace this tool. We found the alternative by actually combining different solutions, being more powerful. Security automation is hot, so forget Bastille and do it the right way. Automatic hardening makes sense Most system administrators can’t keep up with the new technologies and security threats.

Read the full article…

Difference between Lynis and Lynis Enterprise

Quick guide about the differences between Lynis and the Lynis Enterprise Suite and what version is best suitable for your Linux or Unix environment.

Summary of Difference between Lynis and Lynis Enterprise

People wonder about the main differences between Lynis and the Lynis Enterprise version. In this article we have a look on what both products are and how you can choose between the two. Lynis Lynis is a security auditing tool for Linux and Unix based systems. With its GPLv3 license it’s open source and freely available. The tool was first released in 2007 and has undergone a lot of development during the years.

Read the full article…

Find Differences Between Two Daily Lynis Audits

It can be useful to see the differences between scans of Lynis, especially when running it daily. Learn how to do this with just a few steps

Summary of Find Differences Between Two Daily Lynis Audits

Lately I saw a great feature request for Lynis, to detect differences between two runs of Lynis. Wouldn’t it be great to run Lynis daily and then see if anything changes and act upon those differences? While our auditing tool doesn’t have such an option itself, it is very easy to implement something and fine-tune it to your needs. Report Lynis has two important files to which is logs data:

Read the full article…

Find the alternatives: CIS-CAT auditing tool

Sometimes time or money is limited. We hunt to find great alternatives to commercial solutions. This time alternatives for the CIS auditing tool CIS-CAT.

Summary of Find the alternatives: CIS-CAT auditing tool

The Center for Internet Security, CIS for short, is the organization behind several in-depth hardening guides. The quality of these hardening guides is outstanding, with a high level of detail. This high level of detail has one downside: it costs a lot of time to read, try and test the recommendations. Sometimes we simply don’t have the time to do an extensive audit by hand. Let alone the time to actually repeat the auditing and hardening steps on a regular basis.

Read the full article…

FreeBSD hardening with Lynis

This article provides tips for FreeBSD hardening by using a powerful tool named Lynis. This script will perform an extensive audit to secure your systems.

Summary of FreeBSD hardening with Lynis

Lynis development has its roots on a FreeBSD system, therefore FreeBSD hardening is also easy and supported when using Lynis. People who want to audit and harden their FreeBSD system will discover Lynis to be a powerful tool for this purpose. In this article we will focus on how to audit your system with Lynis. Ports Lynis is available from the ports tree and usually the version is close or at the latest version.

Read the full article…

How are auditd and Lynis different?

While both being active in the area of Linux auditing, auditd and Lynis have a different goal. This article explains the differences between both tools.

Summary of How are auditd and Lynis different?

Differences between auditd and Lynis Recently I received the question what the difference is between auditd and Lynis. Both focus on auditing, that part is clear. For someone not familiar with both software tools, the technical differences may not directly be obvious. Time to write about that, for everyone that has the same question. Comparing functionality Let’s start with a quick introduction in both tools. Audit daemon Auditd is the daemon process in the Linux Audit Framework, written and maintained by Red Hat.

Read the full article…

How to create custom tests in Lynis

Although Lynis has many tests by default, there are enough reasons to create your own custom tests. Instead of patching up existing files, learn how to do that.

Summary of How to create custom tests in Lynis

Although Lynis has many tests built-in, there are enough reasons to create your own custom tests. Instead of patching up existing files, there is a better way to run them and make use of existing functions. In this article we will have a look on how to create your own tests and what functions can be used. With the software being open source and licensed under GPL, you have the flexibility to see existing tests and adjust them to your needs.

Read the full article…

How to deal with Lynis suggestions?

Auditing tool Lynis for Linux, guides administrators with discovering weaknesses. This article helps in dealing with Lynis suggestions displayed on screen.

Summary of How to deal with Lynis suggestions?

After finishing an audit with Lynis, the screen is usually filled with a lot of suggestions. Most users don’t know where to start with hardening and how to deal with these Lynis suggestions in particular. We provide you some tips! Before we start, we strongly suggest to use the latest version of Lynis. If you are using an outdated version from the software repositories, the output could be slightly different.

Read the full article…

How to keep Lynis up-to-date?

Keeping software up-to-date is more important than ever before. To keep Lynis up-to-date, there are several notification possibilities and upgrade methods.

Summary of How to keep Lynis up-to-date?

Keeping software like Lynis up-to-date is nowadays very important. More and more vendors implement software development methodologies like agile and scrum, to decrease the time between new software versions. This way software enhancements are easier to implement and possible bugs earlier fixed. It’s up to the user of the software to stay up-to-date and therefore we provide some tips on how to update Lynis easily. Notifications Staying up-to-date begins with receiving an update when a new release is available.

Read the full article…

How to update Lynis

Tips and suggestions to keep Lynis up-to-date. With every software tool receiving improvements and bug fixes, it's important to update Lynis as well.

Summary of How to update Lynis

With every software tool receiving improvements and bug fixes, it’s important to update Lynis as well. In this article we have a look at how to easily upgrade Lynis. Options Two common options to keep software up-to-date is by using a package, or the usage of a custom archive. Installing Lynis is optional, running it from remote (or local) storage is a valid option. Lynis Packages On the CISOfy software repository you can find a Lynis package.

Read the full article…

How to use Lynis

Article about how to use Lynis, a security auditing and hardening tool to test Unix and Linux based systems for vulnerabilities.

Summary of How to use Lynis

This article explains in a few quick steps how to start with using Lynis. A more extensive explanation can be found in the documentation of Lynis. Download Lynis wget http://cisofy.com/files/lynis-**version**.tar.gz Unpack tarball tar xfvz lynis-version.tar.gz This will unpack the tarball with a Lynis directory. Run Lynis Go to the newly created directory named lynis. cd lynis When running Lynis for the very first time, use the audit system command. It will start the audit process and pauses after every batch of tests.

Read the full article…

How to: Using Lynis plugins

Within this "how to" we explain when and how to use Lynis plugins. Plugins for Lynis are an extension to the core, with the goal to increase functionality.

Summary of How to: Using Lynis plugins

Within this “how to” we explain when and how to use Lynis plugins. What are plugins? Plugins are small extensions to an existing program. Also Lynis supports the use of external plugins to extend functionality. Lynis plugins are written in shell script and might use system binaries or external binaries to perform additional checks. The big difference between custom tests and plugins in Lynis, are the goal of the tests. If some logic function checks a value and can inform the user to take an action, it’s better to use a normal test.

Read the full article…

Installation of Lynis on Arch Linux systems

Lynis is available as a package for Arch Linux and installation is just a few steps. We look at the options to install Lynis on your favorite Linux distro.

Summary of Installation of Lynis on Arch Linux systems

Tutorial for Lynis installation on Arch Linux Pacman Arch Linux is getting more popular, due to its great community support and the way it is organized. Being a “rolling release” system, it is continuously up-to-date. Of course you want to make sure your security defenses are equally up-to-date, so that’s where Lynis comes in. Normally pacman is used for installing new packages. Unfortunately, the lynis package does not show up.

Read the full article…

Lynis for Auditors: Linux and Unix auditing

Article about Linux / Unix auditing with a focus on the usage of Lynis for auditors. Simplifying the work of the auditor and increasing the quality of work.

Summary of Lynis for Auditors: Linux and Unix auditing

Auditing on Linux Although Unix and Linux based systems are not new, getting an extensive knowledge of the operating system takes years of practice. Even then, with all changes it might be hard to keep up, especially when being an auditor. Examples of these are the differences between package managers, the way services are started and where binaries or configuration files are located. But no worries, there is help! Why Lynis?

Read the full article…

Lynis Hardening Index

What is the Lynis hardening index and how does it help? This article explains the rationale behind the hardening index.

Summary of Lynis Hardening Index

At the end of each Lynis scan, the report will be displayed. This report will include the findings (warnings and suggestions) and general information like the number of security tests performed. Additionally, the location of the log file and report data will be displayed. Between all this information there is a “Lynis hardening index” displayed. This index is unique to Lynis. The index gives the auditor an impression on how well a system is hardened.

Read the full article…

Lynis Security Notice: 1.5.4 and older

A vulnerability was reported in versions up to Lynis 1.5.4. With Lynis being a security audit tool and focused on hardening Linux and Unix based systems, we regret any (security) bug being discovered.

Summary of Lynis Security Notice: 1.5.4 and older

This week a vulnerability was reported in versions up to Lynis 1.5.4. With Lynis being a security audit tool and focused on hardening Linux and Unix based systems, we regret any (security) bug being discovered. Since it is open source software, we like to be open about the issue, to help you understanding it and take the right precautions. Description: The temporary files created in the tests_webservers section are too predictable.

Read the full article…

Lynis stuck during testing

How to deal with issues when running Lynis and looks like it is stuck during any testing being performed. Finding the causing in a few quick steps.

Summary of Lynis stuck during testing

Normal Lynis scans take a few minutes to complete, therefore any test taking more than 1 minute, might be stuck during its test. Within this article we have a look at a few things you can do. When a particular test is taking a long time, the test might be stuck. However, that’s not always the case. To determine what Lynis is doing, open up a second terminal and start with running ps aux to see what processes are active.

Read the full article…

Major release: Lynis 3.x

Learn about the most important changes that form the major 3.x release of the Lynis project, including security enhancements and new tests.

Summary of Major release: Lynis 3.x

After almost a year of work, we are excited to share news about the major 3.x release! It is major for multiple reasons, including the number of submissions from the community and some breaking changes. Some core functions have been rewritten and several new functions were added. Another important area for this release is security. Being a security tool, we want Lynis to be as safe as possible, even though shell script is not specifically known for that.

Read the full article…

Product comparison: Lynis VS Nessus

In this article we do a comparison of Tenable Nessus and Lynis from CISOfy. We look at the features, their goals and where they can be compared or differ.

Summary of Product comparison: Lynis VS Nessus

Professionals ask us often how Lynis is different than Tenable Nessus. As the original author of Lynis, let me address that very interesting question. Different goal Nessus is focused on vulnerability scanning, or in other words, finding weaknesses in you environment. The huge amount of plugins and their actions show that this is the primary focus. Along the way it started to implement others services, like compliance checking. Lynis also detects vulnerabilities, but that is not its main goal.

Read the full article…

Securing Linux: Audit with Lynis (an introduction into auditing)

Introduction article into securing Linux based systems by performing a scan with Lynis. After this first audit it will be much easier to harden the system!

Summary of Securing Linux: Audit with Lynis (an introduction into auditing)

Securing a Linux system can take a lot of time. For this purpose we have written Lynis, a quick and small audit tool. It’s an open source tool and freely available. You just need root permissions and a common shell and you’re ready to do your first audit. The main audience for this tool is auditors, security professionals, penetrating testers and system administrators. First audit Most Linux distributions already have Lynis in their software repository.

Read the full article…

The Non-Technical Changelog: Insights of 6 Months Development

The lessons we learned about open source during the last 6 months, while developing our security auditing tool Lynis. Apply these insights to your projects.

Summary of The Non-Technical Changelog: Insights of 6 Months Development

Lessons learned between our last and current release The Lynis project team is proud to announce a new release of our security auditing tool. With months of work and a variety of changes, we bumped up the version to a “zero release” (2.2.0). The technical changelog is included in the download. We consider it to be a stable release, yet ask all to test it first. Being the original author of Lynis, there is an additional background behind a changelog, which might be even more interesting.

Read the full article…

Tiger is History, Long Live Modern Alternatives!

The tiger tool was known for a long time to help with auditing Unix-based systems. Fortunately there are new tools that are better maintained.

Summary of Tiger is History, Long Live Modern Alternatives!

Recently I saw some tweets showing up from an old friend: Tiger. Surprised to see it being promoted, as I know the tool for years, but never seen any new releases in the last years. Both are actually a shame. An outdated tool is usually of lower value. Promoting old tools might actually disappoint others and harm the initial trust in the software. History of Tiger In its day, the tool was quite good.

Read the full article…

Tools compared: rkhunter VS Lynis

Rootkit Hunter (rkhunter) and Lynis are often seen as similar tools to find malware on Linux systems. In fact, they have a completely different goal. Learn the differences.

Summary of Tools compared: rkhunter VS Lynis

The question about what the differences are between rkhunter and Lynis is showing up more and more. Time to share the purpose of both and show the difference in its usage. As the author of both tools, I should have done this nine years ago. So with some little delay, here it is. Rootkit Hunter Written in 2003, rkhunter had the goal to detect malware on Linux and UNIX-based systems. The main target was rootkits, with an occasional detection mechanism for a common backdoor.

Read the full article…

Troubleshooting guide for Lynis

Troubleshooting Lynis. This document helps with solving most common issues experienced when running Lynis.

Summary of Troubleshooting guide for Lynis

Troubleshooting Lynis This document helps with solving most common issues experienced when running Lynis. Common Lynis errors No hostid and/or hostid2 found Some systems do not have the OpenSSH server package installed. In this case, the hostid2 value may be missing. During the upload it may result in an error. Error: No hostid and/or hostid2 found. Can not upload report file. To see what Lynis discovered, use the show command.

Read the full article…

Unix security audit: Perform an audit in 3 minutes

Quick guide for performing a unix security audit on a Unix or Linux based system. Under three minutes you have the results and finished the first audit!

Summary of Unix security audit: Perform an audit in 3 minutes

Want to know the vulnerabilities of a Unix/Linux system is in just 3 minutes? How? Perform a scan with Lynis, the open source Unix security audit tool! Lynis Lynis is open source software (GPLv3), released in 2007 and a popular choice by many security professionals and system administrators. Hundreds of downloads in the first week of each release and with a lot of community feedback, Lynis is the right tool for the job.

Read the full article…

Viewing available test categories in Lynis

Lynis has all tests categorized and lets the user select which tests to run. Using the --tests-category and --view-categories the selection can be made.

Summary of Viewing available test categories in Lynis

When auditing a server, it may be useful to only run a particular category of tests, like firewall related tests. In that case the -tests-category parameter can be used, together with the category name. Available categories To determine what categories are available, Lynis has a built-in parameter -view-categories which lists all available files. Most of the names are self-explanatory on what of tests they include. For more information about the included tests, have a look in the .

Read the full article…

What’s New in Lynis 2: Features

The upcoming Lynis 2 release will bring many new features. Focus is on simplicity, speed and supporting newer technologies like Docker and systemd.

Summary of What’s New in Lynis 2: Features

Lynis 2.x will bring security auditing of Linux and Unix systems to a new level. In this blog post we share some exciting new features. Release of Lynis 2 is planned for February 2015. Overview: History Lynis 2.x Plugins Systemd Support File Integrity Monitoring Containers & Virtualization Operating Systems Focus on Simplicity Free and Commercial Support History Lynis has been created in 2007, as a follow-up on the well-known tool Rootkit Hunter (rkhunter).

Read the full article…

Why Auditing and Vulnerability Scanning are Different Things

Why Auditing and Vulnerability Scanning are Different Things. As the author of Lynis, we hear often the question: It is like Nessus, right? It seems that everything is compared with Nessus...

Summary of Why Auditing and Vulnerability Scanning are Different Things

As the author of Lynis, we hear often the question: It is like Nessus, right? It seems that everything is compared with Nessus, especially when it comes to Linux security. Surprise, it is not. Let’s get things straight, and talk about the benefits of both. Vulnerability Scanning Scanners like Nessus and OpenVAS are great tools. You drop a system in the network and start scanning. The scanner then usually starts with a ping sweep to detect which systems are alive and providing services.

Read the full article…