Introduction
Lynis is a security auditing tool for Linux, macOS, and UNIX-based systems, mostly used by system administrators & security auditors. Security audit has always been tough job when done manually, as systems are gone through compliance like HIPAA/ISO27001/PCI DSS. As commented by ethical hacking researcher of International Institute of Cyber Security, this tool automates audit job to some extent. This tool can also be used for security scanning the system files and for system hardening. After completing the automated scan, it reports about the audit score.
Lynis Goals
- Automated Security Auditing: When a test is performed manually it is very time consuming, this tool automatically check most of the compliance’s.
- Compliance Testing: It is used to validate or to check whether the test meets the organization’s given standards or not, which is a part of conformances testing. It covers audit guidelines of following compliance:
- Compliance ISO 27001: It covers policies & procedures of organization information risk management processes.
- Compliance PCI DSS: Payment Card Industry, Data Security Standard – Developed for cardholder data security industry. Most of the banks use PCI DSS to maintain security compliance.
- Compliance HIPAA: The Health Insurance Portability and Accountability. This used for maintaining secure data of Health and human services.
- Vulnerability detection: Vulnerability detection means it identifies the weakness in the system
Environment
- Os: Kali Linux 2019 64 bit
- Kernel version: 5.2.0
Installation Steps
- Use this command to clone git clone https://github.com/CISOfy/lynis
root@kali:/home/iicybersecurity# git clone https://github.com/CISOfy/lynis Cloning into 'lynis'... remote: Enumerating objects: 30, done. remote: Counting objects: 100% (30/30), done. remote: Compressing objects: 100% (30/30), done. remote: Total 12566 (delta 15), reused 4 (delta 0), pack-reused 12536 Receiving objects: 100% (12566/12566), 6.35 MiB | 1.49 MiB/s, done. Resolving deltas: 100% (9264/9264), done.
- Use the cd command to enter into Lynis directory
- cd lynis/
root@kali:/home/iicybersecurity# cd lynis/ root@kali:/home/iicybersecurity/lynis#
- Now, use this command to find the help options
- ./lynis
- Here we see all the options, related to the tool.
Quick Audit
- Use this command to audit the complete system. It scans automatically once the command is entered.
- ./lynis audit system –quick –auditor “The Auditor”
Hardening index: At the end of the lynis scan, it will display the report of suggestions/warnings and other general information.
- This will audit the complete system and all the audited files will be stored at this location /var/log/lynis-report.dat
Results
- After performing the test with different options. It collects unique results and stores at /var/log/lynis-report.dat
- The report or results that we see might be suggestions or security-related warnings to increase the security of the system.
- Use can command to view the results
- cat /var/log/lynis.log
Conclusion
This is one among good tool for auditing or for deep system security scanning. It can be included in system audits to automate the legacy task of manual auditing.
Cyber Security Specialist with 18+ years of industry experience . Worked on the projects with AT&T, Citrix, Google, Conexant, IPolicy Networks (Tech Mahindra) and HFCL. Constantly keeping world update on the happening in Cyber Security Area.
