Viewing available test categories in Lynis

When auditing a server, it may be useful to only run a particular category of tests, like firewall related tests. In that case the -tests-category parameter can be used, together with the category name.

Available categories

To determine what categories are available, Lynis has a built-in parameter -view-categories which lists all available files. Most of the names are self-explanatory on what of tests they include. For more information about the included tests, have a look in the ./include directory, where files are listed as tests_.

Example

# lynis --view-categories

[+] Available test categories
 ------------------------------------
- accounting
- authentication
- banners
- boot_services
- crypto
- databases
- file_integrity
- file_permissions
- filesystems
- firewalls
- hardening
- hardening_tools
- homedirs
- insecure_services
- kernel
- kernel_hardening
- ldap
- logging
- mac_frameworks
- mail_messaging
- malware
- memory_processes
- nameservices
- networking
- php
- ports_packages
- printers_spools
- scheduling
- shells
- snmp
- solaris
- squid
- ssh
- storage
- storage_nfs
- tcpwrappers
- time
- tooling
- virtualization
- webservers

After selecting which category you want to use, simply run Lynis again:

lynis audit system --tests-category firewalls

This will tell Lynis to run all firewall related tests and skip the other categories.

Feedback

Small picture of Michael Boelen

This article has been written by our Linux security expert Michael Boelen. With focus on creating high-quality articles and relevant examples, he wants to improve the field of Linux security. No more web full of copy-pasted blog posts.

Discovered outdated information or have a question? Share your thoughts. Thanks for your contribution.

Mastodon icon