Unix security audit: Perform an audit in 3 minutes

Want to know the vulnerabilities of a Unix/Linux system is in just 3 minutes? How? Perform a scan with Lynis, the open source Unix security audit tool!

Lynis

Lynis is open source software (GPLv3), released in 2007 and a popular choice by many security professionals and system administrators. Hundreds of downloads in the first week of each release and with a lot of community feedback, Lynis is the right tool for the job.

Quick start: installation

Install Lynis via apt-get install lynis or yum install lynis. Or if you want to use the very latest version, go to the CISOfy website, click on products and select Lynis. Download the file (e.g. with wget) and extract the tar ball.

Quick start: running

Time to run Lynis! As we want to stay under the 3 minutes, let’s run Lynis with the command audit system

lynis audit system

This will use the default scan profile and perform all tests without any pauses. The screen will display the output results directly. After all tests are done, a quick overview will be given with the findings (warnings or suggestions).

Additionally a hardening index will be displayed, giving a first impression on how well the system is hardened. If the bar is colored red, then the system really requires some attention. For yellow and green colored bars it’s advised to follow-up on the displayed findings and determine the related risks.

Follow-up

After the first scan is done, the next step would be to actually review the results in-depth. Of course this process will take more time. One proper way of determining what has been scanned and discovered, is by checking the log file. By default the file /var/log/lynis.log is being used.

less /var/log/lynis.log

Now scroll through the file and check the results of each particular test.

Three minutes

See? Running a Unix security audit doesn’t have to take that long. Good luck with hardening!

Don’t know where to start with hardening, or how? See our Lynis Enterprise Suite offering, it will help you by showing an implementation plan with priorities. For enterprise users we also have hardening snippets available, for easier implementation.

Relevant commands in this article

Like to learn more about the commands that were used in this article? Have a look, for some there is a cheat sheet available:

Feedback

Small picture of Michael Boelen

This article has been written by our Linux security expert Michael Boelen. With focus on creating high-quality articles and relevant examples, he wants to improve the field of Linux security. No more web full of copy-pasted blog posts.

Discovered outdated information or have a question? Share your thoughts. Thanks for your contribution.

Mastodon icon