Lynis 2.1.0 - Security Auditing Tool for Unix/Linux Systems
Lynis is an open source security auditing tool. Commonly used by
system administrators, security professionals and auditors, to evaluate
the security defenses of their Linux/Unix based
systems. It runs on the host itself, so it can perform very extensive
security scans.
Supported operating systems
The tool has almost no dependencies, therefore it runs on almost all Unix based systems and versions, including:
- AIX
- FreeBSD
- HP-UX
- Linux
- Mac OS
- NetBSD
- OpenBSD
- Solaris
- and others
It even runs on systems like the Raspberry Pi and several storage devices!
No installation required
The tool is very flexible and easy to use. It is one of the few
tools, in which installation is optional. Just place it on the system,
give it a command like "audit system", and it will run.
It is written in shell script and released as open source software (GPL).
How it works
Lynis performs hundreds of individual tests, to determine the
security state of the system. The security scan itself consists of
performing a set of steps, from initialization the program, up to the
report.
Steps
- Determine operating system
- Search for available tools and utilities
- Check for Lynis update
- Run tests from enabled plugins
- Run security tests per category
- Report status of security scan
During the scan, technical details about the scan are stored in a
log file. At the same time findings (warnings, suggestions, data
collection), are stored in a report file.
Opportunistic scanning
Lynis scanning is opportunistic: it uses what it can find.
For example if it sees you are running Apache, it will perform an
initial round of Apache related tests. When during the Apache scan it
also discovers a SSL/TLS configuration,
it will perform additional auditing steps on that. While doing that,
it then will collect discovered certificates, so they can be scanned
later as well.
In-depth security scans
By performing opportunistic scanning, the tool can run with almost
no dependencies. The more it finds, the deeper the audit will be. In
other words, Lynis will always perform scans which are customized to
your system. No audit will be the same!
Use cases
Since Lynis is flexible, it is used for several different purposes. Typical use cases for Lynis include:
- Security auditing
- Compliance testing (e.g. PCI, HIPAA, SOx)
- Vulnerability detection and scanning
- System hardening
Resources used for testing
Many other tools use the same data files for performing tests.
Since Lynis is not limited to a few common Linux distributions, it uses
tests from standards and many custom ones not found
in any other tool.
- Best practices
- CIS
- NIST
- NSA
- OpenSCAP data
- Vendor guides and recommendations (e.g. Debian Gentoo, Red Hat)
Lynis Plugins
Plugins enable the tool to perform additional tests. They can be
seen as an extension (or add-on) to Lynis, enhancing its functionality.
One example is the compliance checking plugin, which
performs specific tests only applicable to some standard.
Comparison with other tools
Lynis has a different way of doing things, so you have more
flexibility. After all, you should be the one deciding what security
controls make sense for your environment. We have a small
comparison with some other well known tools:
Bastille Linux
Bastille was for a long time the best known utility for hardening
Linux systems. It focuses mainly on automatically hardening the system.
Differences with BastilleAutomated hardening tools are helpful, but at the same time might give a false sense of security. Instead of just turning on some settings, Lynis perform an in-depth security scan. You are the one to decide what level of security is appropriate for your environment. After all, not all systems have to be like Fort Knox, unless you want it to be.Benefits of Lynis
- Supports more operating systems
- Won't break your system
- More in-depth audit
OpenVAS / Nessus
These products focus primarily on vulnerability scanning. They do
this via the network by polling services. Optionally they will log in to
a system and gather data.
Differences with OpenVAS / NessusLynis runs on the host itself, therefore it can perform a deeper analysis compared with network based scans. Additionally, there is no risk for your business processes, and log files remain clean from connection attempts and incorrect requests.Although Lynis is an auditing tool, it will actually discover vulnerabilities as well. It does so by using existing tools and analyzing configuration files.Lynis and OpenVAS are both open source and free to use. Nessus is a closed source and paid.Benefits of Lynis
- Much faster
- No pollution of log files, no disruption to business services
- Host based scans provides more in-depth audit
Changelog
Lynis 2.1.0
= Lynis 2.1.0 (2015-04-16) =
General:
---------
Screen output has been improved to provide additional information.
OS support:
------------
CUPS detection on Mac OS has been improved. AIX systems will now use csum
utility to create host ID. Group check have been altered on AIX, to include
the -n ALL. Core dump check on Linux is extended to check for actual values
as well.
Software:
----------
McAfee detection has been extended by detecting a running cma binary.
Improved detection of pf firewall on BSD and Mac OS. Security patch checking
with zypper extended.
Session timeout:
-----------------
Tests to determine shell time out setting have been extended to account for
AIX, HP-UX and other platforms. It will now determine also if variable is
exported as a readonly variable. Related compliance section PCI DSS 8.1.8
has been extended.
Documentation:
---------------
- New document: Getting started with Lynis
https://cisofy.com/documentation/lynis/get-started/
Plugins (Enterprise):
----------------------
- Update to file integrity plugin
Changes to PLGN-2606 (capabilities check)
- New configuration plugins:
PLGN-4802 (SSH settings)
PLGN-4804 (login.defs)
Lynis 2.1.0 - Security Auditing Tool for Unix/Linux Systems
Reviewed by Zion3R
on
4:52 PM
Rating: