How to perform security checks on Linux with Lynis

Whether you are an administrator or a Linux user, having a secure server or PC should be a priority. Although Linux is a secure operating system, it is just as vulnerable to attacks or security breaches as other operating systems.

In this article, you will learn how to check and scan your Linux for security holes using Lynis. Lynis is an open source tool and is available on most Unix-based operating systems such as Linux, macOS, Solaris, FreeBSD, etc.

How does Lynis work?

Lynis performs security health scans on your PC or server for enhanced security and compliance checks.

Lynis is modular and only checks for components on the computer that it can find; for example, system tools and their respective libraries.

One of the main advantages of Lynis is that it does not require you to install to perform the test. You can simply run it from a config directory if you want, so your system stays in a very clean state.

All Lynis tests are custom, meaning each test is unique depending on your system configuration, installed software, and other factors. The more components your system has, the more extensive the evaluation report will be.

In addition to displaying test information on your screen, Lynis also stores technical information in a lynis.log file. A separate file named lynis-report.dat stores recommended actions and warnings. Both of these log files are located in the /var/log/ directory.

Lynis audit reports give you a wealth of insight and knowledge about the security measures you should take to ensure that your system remains safe from potential security attacks. hidden.

Install Lynis on Linux

There are a few ways that you can run or install Lynis on Linux, but to keep things simple, we’ll go over two of the most common.

1. Install Lynis through Package Manager

You can easily install Lynis using the default package manager on your system, depending on your Linux distribution.

On Debian-based Linux distributions, such as Ubuntu, simply run:

sudo apt install lynis

On RHEL-based Linux distributions like Fedora and CentOS:

sudo dnf install lynis

On Arch-based Linux distributions:

sudo pacman -S lynis

You can check the installed Lynis version with the following command:

sudo lynis --version

Note: You need elevated privileges using the command sudo or su to run Lynis commands.

2. Run Lynis directly from the source code

To clean your PC, you can run Lynis from a tarball file without installation. Just download the Lynis tarball file and extract it with the tar command. Then go to the extracted folder and run the Lynis test command:

sudo ./lynis audit system

Download: Lynis

Test Linux machines with Lynis

Auditing (Audit) is one of the most common Lynis use cases among system administrators, system testers, and other security professionals.

You can start testing your system by running the following command:

sudo lynis audit system

Lynis first configures your computer system, which means it checks the operating system you are using, the kernel, the hardware and other important parameters to conduct the test.

How to do a security audit using Lynis

Lynis audits are categorized into sections to make it easier for you to understand the results of the audit.

For example, some important categories include:

• Boot and Services: In this section, Lynis gives you an overview of the startup process and service manager being used on your system, for example: systemd, OpenRC, etc. Lynis will also tell you how many currently running services and those enabled at startup. Finally, you will be shown which services pose a security threat to your system because they are unsafe or faulty.
• Users, Groups, and Authentication: Lynis scans your user admin account, checks password strength and duration, and checks that important files like /etc/passwd and PAM configuration have proper permissions and are safe. are not.
• USB Devices: Check USB device and permissions to protect your system.
• Ports and Packages: Here Lynis will give you an overview of open and insecure ports that intruders can use to exploit your system over the network. It will also notify you of outdated packages that may pose a security risk.
• Logging and Files: Lynis checks if the logging daemon is active. In addition, it checks the availability and security of important log files on your system.

In addition to these categories, Lynis also checks your network, file system, shell, memory and processes, and other important parts of your system.

Color code

Further on classification, Lynis uses three primary color codes to represent the severity of a vulnerability or potential security risk.

Green color indicates that the scanned module or software is considered fine and you do not need to take any action. The rest of the color codes, usually require you to fix a security hole or some other action. For example, to update or upgrade software.

Orange indicates that there is a suggestion that you should consider. For example, a software or service module is disabled, so Lynis cannot perform the test. Or maybe it’s because Lynis can’t find the software module.

The final color code is red. You should pay extra attention to the reported results highlighted in red. This shows that you should urgently fix the highlighted item as it poses a great threat to your system.

Lynis .’s suggested fix

At the end of the report, Lynis gives you suggestions with web links. Open web links in your browser for steps or instructions on how to take the recommended measures.

Get help with the Lynis . command

You can learn more about Lynis and the options it provides by using the following command:

sudo lynis show

In addition, you can also see more top 5 Linux operating systems for pentester here.