Viewing available test categories in Lynis

Test categories in Lynis

When auditing a server, it may be useful to only run a particular category of tests, like firewall related tests. In that case the –tests-category parameter can be used, together with the category name.

Available categories

To determine what categories are available, Lynis has a built-in parameter –view-categories which lists all available files. Most of the names are self-explanatory on what of tests they include. For more information about the included tests, have a look in the ./include directory, where files are listed as tests_<category>.

Example

root@host:~# ./lynis --view-categories
[+] Available test categories
 ------------------------------------
 - accounting
 - authentication
 - banners
 - boot_services
 - crypto
 - databases
 - file_integrity
 - file_permissions
 - filesystems
 - firewalls
 - hardening
 - hardening_tools
 - homedirs
 - insecure_services
 - kernel
 - kernel_hardening
 - ldap
 - logging
 - mac_frameworks
 - mail_messaging
 - malware
 - memory_processes
 - nameservices
 - networking
 - php
 - ports_packages
 - printers_spools
 - scheduling
 - shells
 - snmp
 - solaris
 - squid
 - ssh
 - storage
 - storage_nfs
 - tcpwrappers
 - time
 - tooling
 - virtualization
 - webservers

After selecting which category you want to use, simply run Lynis with ./lynis -c –tests-category firewalls to run all firewall related tests.

Lynis Enterprise

Lynis Enterprise screenshot to help with system hardening

This blog post is part of our Linux security series and the mission to get Linux and Unix-based systems more secure.

Does system hardening take a lot of time, or do you have any compliance in your company? Have a look at Lynis Enterprise.

Or start today with the open source security scanner Lynis (GitHub)


Leave a Reply

Your email address will not be published. Required fields are marked *