lynis on linux 1

How to Install and Run Lynis on Linux

Install and run Lynis on Linux and secure your system like never before. From detecting and removing vulnerabilities to all sorts of compliance and testing, Lynis is like a much-needed utility.

First thing first, let’s get to know what Lynis is? So the answer is that Lynis is an open-source tool that helps us harden the system by performing various activities such as security audit, vulnerability scan & detection, penetration testing, and compliance testing.

Like any other vulnerability or auditing tool, e.g. Nessus, it scans the system for vulnerabilities & risks. It provides us with a thorough report of any weakness found in the system. Additionally, it recommends solutions to those vulnerabilities or weaknesses such as weak passwords, patch requirements, security updates, etc.

This software is equally helpful for Unix, Linux, macOS, AIX, FreeBSD, OpenBSD, Solaris, etc. This tool is useful for security auditors, penetration testers, system/network administrators, and developers. This tool is available in two variations:

  • Enterprise
  • Community

We would suggest you go with the enterprise edition as it can perform more tests, and when implemented with its plugins, this tool provides us with a deeper inside report of the system. Before moving any further, let’s understand the working mechanism of this tool.

Working Mechanism

The best thing about this tool is its modularity, as with the help of its plugins/  can scan the system more deeply, and it can only rely on its libraries. What it means is that there is not need to integrate its result with any other tool , or even install any other tool. 

Below are some typical steps that it follows during a typical scan

  1. Initialization
  2. Perform basic checks, such as file ownership
  3. Determine operating system and tools
  4. Search for available software components
  5. Check the latest Lynis version
  6. Run enabled plugins
  7. Run security tests per category
  8. Perform execution of your custom tests (optional)
  9. Report status of security scan

This article has tried to summarize the installation and usage of lines over the Linux distribution. 

Pre-Requisites

Before starting the procedure, we must be prepared with certain tools to install and run the Lynis on Linux systems. These things are as follows:

  • A stable Linux distribution to perform the whole process and run the scanner afterwards
  • Access to inbound SSH and ICMP traffic generates from the Lynis host to the remotely auditable machines (client machines on which auditing will take place).
  • A non-root user with sudo privileges or a root user access
  • Latest apt package repository containing Lynis packages

How to Install & Run Lynis on Linux?

As already mentioned, installing Lynis on Linux is no big deal provided you’ve got the most appropriate approach sorted. To help you deal with that, here is the most digestible guide on Lynis installation.

Step 1: Installation of Lynis

We can download & install Lynis on the Linux machine with various methods discussed in this article, but it is up to you which one you want to opt for.

Installation via Package manager

It is a method supported by most operating systems and distributions of Linux. To install the Lynis employing the package manager, we need to add the software repository. This will help us bag the latest version available which eventually would assist in getting  more authentic and updated logs and reports.

But remember, the different command is applicable on a different distribution of Linux, such as

For RedHat:

Red Hat, CentOS, and Fedora use YUM (Yellowdog, Updater, Modified) command-line package management utility. Now, let’s run the command

$ yum install lynis  
install lynis on linux
For Debian:

For all the distribution which relies on Debian, APT (advanced package tool) is responsible for handling the installation and uninstallation of packages. In this case, the command to install the Lynis will be as follows:

$ apt-get install lynis 
update your system
For Open SUSE:

SUSE uses zypper as a command-line interface to install, remove, manage, or update packages. The command will remain straightforward:

$ zypper install lynis  

Installation via Git

It is another way of downloading and installing the Lynis package; for this, we need to clone the project but before that, move into the required directory as shown below:

$ cd /usr/local

With the help of the cd command, we will jump into the directory now; we will clone the project:

$ git clone [link]
using cd command

Once the clone is complete, we can go to the Lynis directory by cd command and run it for auditing the system.

$ cd lynis

Installation via Direct Download

Another way of installing the Lynis is via direct download, for which we will create a separate directory and install the Lynis in it.

$ mkdir -p /usr/local/lynis

Now move into the directory

$ cd /usr/local

After this, we download the files in the directory

$ wget [link]
install and run lynis

Once downloaded, we unpack the compressed files by the following command

$ tar xfvz lynis-<version>.tar.gz (where version means the version of the package)

Installation via Homebrew

The last method of installing the Lynis is via Homebrew; to facilitate the macOS users for this; we run the following command

$ brew install lynis

By all the four methods, we will be able to install the Lynis; now, the next step is to run the software.

Step 2: Running the Lynis

After installing the Lynis, it is time to run it for system checking & vulnerability scanning. But before running the package, we must ensure that we are in the correct directory where we have installed the package.

If we have chosen Homebrew or package installation, then we do not need to go into the same directory. However, for the rest of the two installations, heading to the correct directory is crucial. Now let’s run the package

$ lynx audit system -- quick
running lynis

audit system command performs an audit where the -- parameter allows it to generate a report without pauses which it takes after every set of test, and a quick option force it to perform the test quickly. 

Step 3: Final Output

Once the Lynis runs on the target systems successfully, it will generate output in the form of a comprehensive report. The same usually covers security, suggestions, and many other things, which get store at /var/log/lynis-report .dat.

Remember, it overwrites the report every time a test is performed.

That wraps up our guide on how to install and run Lynis. Here you’ve learned what it takes to operate Lynis and strengthen your system’s security. 

If this guide helped you, please share it.

Leave a Reply
Related Posts