How to Audit Your Linux Security With Lynis

For most home-based situations, you won’t have to bother with the security of your Linux machine. It is pretty secure by default. However, if you are using your computer as a server, either SSH server or Web server, or you are the system administrator for your company, then you will have to step up on the Linux security.

Lynis is an auditing tool which tests and gathers (security) information from Unix-based systems. The good thing is that it is easy to use, and you can get a security report on your Linux Security in as fast as five minutes. If you are a security and system auditor, network specialist or system maintainer, this is a tool you will want to have in your arsenal.

In Ubuntu, you can easily install Lynis via the Ubuntu Software Center or from the following link. If you are managing a remote system, you can install with the command line:

For other distros, you can check out the Lynis homepage where there are links to non-official RPMs and Debian packages for various distros.

The usage of Lynis is very simple. In the terminal, you just have to type the command:

and it will check the system for security issues. The things it checks will include:

  • System tools
  • Boot loaders, startup services
  • Kernel: run level, loaded modules, kernel configuration, core dumps
  • Memory and processes: zombie processes, IO waiting processes
  • Users, groups and authentication: group IDs, sudoers, PAM configuration, password aging, default mask
  • File systems: mount points, /tmp files, root file system
  • Storage: usb-storage, firewire ohci
  • NFS Software: name services: DNS search domain, BIND
  • Ports and packages: vulnerable/upgradable packages, security repository
  • Software: firewalls: iptables, pf
  • Software: webserver: Apache, nginx
  • SSH support: SSH configuration
  • SNMP support Databases: MySQL root password LDAP services
  • Software: php: php options
  • Scheduled tasks: crontab/cronjob, atd
  • Time and synchronization: ntp daemon
  • Cryptography: SSL certificate expiration
  • Security frameworks: AppArmor, SELinux, grsecurity status
  • Software: file integrity
  • Software: malware scanners
  • Home directories: shell history files
  • and more

lynis-scanning-in-progress

Once it has finished scanning, it will generate a report and save it to /var/log/lynis.log. Open it up in your terminal:

You can scroll down the list to read all the tests that Lynis has performed. Alternatively, you can just search (using the shortcut key Ctrl + w) for “Warning” to find the entries that need your attention.

lynis-report-warning

Better still, you can use the following command to list all the “Warnings” in the report:

lynis-list-warning

or

to get a list of “Suggestions” provided by Lynis.

lynis-list-suggestion

That’s it.

Even if you are an experienced Linux administrator, there are bound to be certain security loopholes that you have missed in your Linux security. With Lynis, you will be able to audit your system and make sure the all security features are enforced.

Image credit: Up, Tight

6 comments

  1. Please fix typo “sudo lynic -c” -> “sudo lynis -c”.
    Any idea what is the “default value” for an uncustomized Ubuntu installation?
    Thanks,
    Andrey

    • What do you mean by “default value”? What it does is just check your system for security issue and give you a warning or suggestion. There is no configuration required.

      • I had result of 44 after scan, but my Linux installation is customized and so few issues might be introduced by my changes on the environment. So I meant, do you have any idea which “score” has standard, not customized Ubuntu?

        • The score shouldn’t be read as an absolute value. It really depend on how you use your computer. For a home PC, a lot of the warnings are probably irrelevant since they are pertaining to server issue. Rather than using the score as a gauge, it will be better to look through the warnings and suggestions and see what you can/should/want to do to improve the security.

  2. I did try running it on openSUSE 12.2, but it hung on the port scanning section. Everything else seemed to work.

Comments are closed.

Sponsored Stories