Lynis: Open-source security auditing tool
Lynis is a comprehensive open-source security auditing tool for UNIX-based systems, including Linux, macOS, and BSD.
Hardening with Lynis
Lynis conducts a thorough security examination of the system directly. Its main objective is to evaluate security measures and recommend enhancing system hardening. The tool also checks for general system details, identifies vulnerable software packages, and detects potential configuration problems.
Lynis is developed using shell script, a flexible scripting language compatible with all Linux systems or those operating on a UNIX-based OS. Most system administrators find it straightforward to develop custom tests for Lynis, a particularly beneficial feature for those interested in creating personalized tests or plugins.
“Lynis is now a well-seasoned tool and known to many system administrators. Its stability and community are features that many like. The focus on simplicity and ease of use is another important aspect. Many hours went into simplifying the commands and use of parameters or configuration. Its lightweight footprint and the fact that Lynis is written in shell scripts make it usable on many systems. For example, it can also run within containers, on systems using busybox, IoT devices, and NAS, or headless devices,” Michael Boelen, the creator of Lynis, told Help Net Security.
Features at a glance
- Automated security auditing
- Compliance testing (e.g. ISO 27001, PCI DSS, HIPAA)
- Vulnerability detection
- Configuration and asset management
- Software patch management
- System hardening
- Penetration testing (privilege escalation)
- Intrusion detection
Future plans and download
“In the near future, we’ll focus on extending tests and implementing feedback and code suggestions. In addition to the Linux kernel, many software components around it evolve. So, we will focus on these recent developments and ensure the tool is adjusted to these changes. Another interesting aspect is that the tool has no logo or icon. So maybe it is time to do something about the design aspects around the project as well,” Boelen concluded.
Lynis is available for free on GitHub.
Must read:
- 15 open-source cybersecurity tools you’ll wish you’d known earlier
- 20 essential open-source cybersecurity tools that save you time