How to Audit Your Linux Security With Lynis

For most home-based situations, you won’t have to bother with the security of your Linux machine. It is pretty secure by default. However, if you are using your computer as a server, either SSH server or Web server, or you are the system administrator for your company, then you will have to step up on the Linux security.

Lynis is an auditing tool which tests and gathers (security) information from Unix-based systems. The good thing is that it is easy to use, and you can get a security report on your Linux Security in as fast as five minutes. If you are a security and system auditor, network specialist or system maintainer, this is a tool you will want to have in your arsenal.

In Ubuntu, you can easily install Lynis via the Ubuntu Software Center or from the following link. If you are managing a remote system, you can install with the command line:

sudo apt-get install lynis

For other distros, you can check out the Lynis homepage where there are links to non-official RPMs and Debian packages for various distros.

The usage of Lynis is very simple. In the terminal, you just have to type the command:

sudo lynis -c

and it will check the system for security issues. The things it checks will include:

  • System tools
  • Boot loaders, startup services
  • Kernel: run level, loaded modules, kernel configuration, core dumps
  • Memory and processes: zombie processes, IO waiting processes
  • Users, groups and authentication: group IDs, sudoers, PAM configuration, password aging, default mask
  • File systems: mount points, /tmp files, root file system
  • Storage: usb-storage, firewire ohci
  • NFS Software: name services: DNS search domain, BIND
  • Ports and packages: vulnerable/upgradable packages, security repository
  • Software: firewalls: iptables, pf
  • Software: webserver: Apache, nginx
  • SSH support: SSH configuration
  • SNMP support Databases: MySQL root password LDAP services
  • Software: php: php options
  • Scheduled tasks: crontab/cronjob, atd
  • Time and synchronization: ntp daemon
  • Cryptography: SSL certificate expiration
  • Security frameworks: AppArmor, SELinux, grsecurity status
  • Software: file integrity
  • Software: malware scanners
  • Home directories: shell history files
  • and more

lynis-scanning-in-progress

Once it has finished scanning, it will generate a report and save it to /var/log/lynis.log. Open it up in your terminal:

sudo nano /var/log/lynis.log

You can scroll down the list to read all the tests that Lynis has performed. Alternatively, you can just search (using the shortcut key Ctrl + w) for “Warning” to find the entries that need your attention.

lynis-report-warning

Better still, you can use the following command to list all the “Warnings” in the report:

sudo grep Warning /var/log/lynis.log

lynis-list-warning

or

sudo grep Suggestion /var/log/lynis.log

to get a list of “Suggestions” provided by Lynis.

lynis-list-suggestion

That’s it.

Even if you are an experienced Linux administrator, there are bound to be certain security loopholes that you have missed in your Linux security. With Lynis, you will be able to audit your system and make sure the all security features are enforced.

Image credit: Up, Tight