Signup/Sign In
PUBLISHED ON: FEBRUARY 13, 2023

Linux Security Auditing and Hardening guide

Lynis is an extendable security audit tool for computers running Linux, FreeBSD, macOS, OpenBSD, Solaris, and other Unix-derived operating systems. System hardening is the end result, and it helps system administrators and security experts scan a system and its defences.

How to install latest version of Lynis tool?

Method 1: Installation in Debian-based systems.

Although most repositories have a version of Lynis available by default. In most Linux distributions Lynis package is avialable, The version you get from the default package manager might not be the latest. It's crucial to manually set up the CISOfy repository in order to guarantee that Lynis is loaded with the most recent version available.

echo "deb https://packages.cisofy.com/community/lynis/deb/ stable main" | sudo tee /etc/apt/sources.list.d/cisofy-lynis.list

Then, import a public GPG key for a secure Lynis installation:

sudo wget -O - https://packages.cisofy.com/keys/cisofy-software-public.key | sudo apt-key add -

You may need to manually install gnupg2 on some systems in order to import GPG keys. Use the following command:

sudo apt-get install gnupg2

To make sure that your system is ready to use all of the packages present in the CISOfy repository, update and upgrade:

sudo apt-get update && sudo apt-get upgrade

We can install it on Debian by typing the following command:

sudo apt install lynis

Finally, Check the version of lynis and ensure that it is the latest version before proceeding. Use the following command for version information.

sudo lynis update info

== Lynis ==

Version : 3.0.8
Status : Up-to-date
Release date : 2022-05-17
Project page : https://cisofy.com/lynis/
Source code : https://github.com/CISOfy/lynis
Latest package : https://packages.cisofy.com/


2007-2021, CISOfy - https://cisofy.com/lynis/

Method 2: Get the very latest development version via git.

  1. Clone or download the project files (no compilation nor installation is required) ;

     git clone https://github.com/CISOfy/lynis.git
    
  2. Change the directory and start using the tool using the lynis binary.

    cd lynis
    ./lynis update info

Options in Lynis tool:

We can use the following command to see help menu, options and commands:

lynis show help

We can use the following command to only see all the available options and commands:

lynis show options

Lynis show help command in Linux terminal

Get started with Lynis command to harden Linux Security

1. Run Lynis command with no arguments and options to see initial help menu.

$ lynis



[ Lynis 3.0.8 ]
[+] Initializing program
------------------------------------

Usage: lynis command [options]

Command:
audit
audit system : Perform local security scan
audit system remote <host> : Remote security scan
audit dockerfile <file> : Analyze Dockerfile
.......

To do a system audit with Lynis. We run the following command using Lynis to do a system audit:

Lynis will output a large amount of data, which will also be archived for convenient access under the /var/log/lynis.log file. The system audit report will provide crucial details about the security posture of your system as well as numerous security vulnerabilities and misconfigurations. Lynis will also produce information on how to correct or modify these flaws and configuration errors.

sudo lynis system audit



[TIP]: Enhance Lynis audits by adding your settings to custom.prf (see /etc/lynis/default.prf for all settings)

The result also includes a hardening index score, which provides a trackable, quantifiable evaluation of the existing security posture of your system and is graded out of 100.

Linus will also show any potential warnings that could point to a serious security flaw or configuration error that needs to be repaired or patched in the report. In this situation, we should update the firewall's rules:

To increase our hardening index score, Lynis provides us with helpful suggestions that detail the various security configurations we need to make.

After following the suggestions and making the necessary changes, we can run the system audit with Lynis again.

Once all the changes are made, you can expect to see a significant improvement in the hardening index score that confirms the changes and configurations we’ve applied are effective.

    audit
        audit system                  : Perform local security scan
        audit system remote <host>    : Remote security scan
        audit dockerfile <file>       : Analyze Dockerfile
  • Do a Penetration test With Lynis (Non-privileged, show points of interest for pentesting)

We can also simulate a priviledged/internal penetration test with Lynis by using the following command:

sudo lynis --pentest

Lynis pentest in linux terminal

Conclusion

Lynis is a great powerful tool for security auditing tool for many unix-derived operating systems. It can be used to find and exploiting potential vulnerabilities.



About the author:
Pradeep has expertise in Linux, Go, Nginx, Apache, CyberSecurity, AppSec and various other technical areas. He has contributed to numerous publications and websites, providing his readers with insightful and informative content.