Objective
Install Lynis and use it to scan for vulnerabilities.
Distributions
Lynis is available for most major distributions.
Requirements
A working Linux install with root privileges.
Difficulty
Easy
Conventions
- # – requires given linux commands to be executed with root privileges either directly as a root user or by use of
sudocommand - $ – requires given linux commands to be executed as a regular non-privileged user
Introduction
Lynis is a tool for performing an automated audit of your system. It’s not a virus scanner or an antivirus. Instead, it checks certain criteria on your system to see how it’s configured. By evaluating the system configuration, Lynis can give you an idea what areas are reasonably secure, and which ones need additional hardening.
Install Lynis
Lynis is packaged for just about every distribution. It’s fairly simple to get installed.
Ubuntu 17.10/Debian Testing and Sid
Ubuntu Artful and the testing releases of Debian have the latest version already available. Just install it.
$ sudo apt install lynis
Ubuntu 16.04/Debian Stable
Debian Stable and Ubuntu 16.04 both have Lynis in their repositories, but it’s old. To install the latest version, add the repository from the Lynis developers.
$ sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys C80E383C3DE9F082E01391A0366C67DE91CA5D5F
Add Apt transport over HTTPS.
$ sudo apt install apt-transport-https
Create a file at /etc/apt/sources.list.d/lynis.list. Add in he following line.
Ubuntu 16.04
deb https://packages.cisofy.com/community/lynis/deb/ xenial main
Debian Stretch
deb https://packages.cisofy.com/community/lynis/deb/ stretch main
Then, update and install Lynis.
$ sudo apt update $ sudo apt install lynis
CentOS/RHEL and Fedora
First, install all of the dependencies.
# yum/dnf install ca-certificates curl nss openssl
Next, create a file at /etc/yum.repos.d/lynis.repo. Place the following configuration in the file.
[lynis] name=CISOfy Software - Lynis package baseurl=https://packages.cisofy.com/community/lynis/rpm/ enabled=1 gpgkey=https://packages.cisofy.com/keys/cisofy-software-rpms-public.key gpgcheck=1
Update and install Lynis.
# yum/dnf update # yum/dnf install lynis
Scan
Scanning with Lynis is very simple. You really just tell Lynis to audit the system, and it runs with it.
# lynis audit system
Lynis will run through and scan your system. As it runs, it prints its results in the terminal. For a more detailed scan, you can tell Lynis to check the entire system with the -c flag.
# lynis audit system -c
The Report
The report that Lynis generates might be a little confusing at first. The entire report is broken down into sections. The sections break down potential vulnerabilities by service or logical grouping to make the report easier to read.
Next, the results use a color code from green to red to denote the severity of the issue. The results will also tell you the basic status of different things. The results are usually basic, and let you know if something is present or on.
Ultimately, it’s up to you to determine whether the results of the report concern you or not. The purpose is to make you aware of potential issues. It’s your call on whether or not to act.
