How to audit linux server security with Lynis

Server security has an impotent role in web-hosting industry and also it somewhere difficult to manage. Lynis is a tool for managing the server security concern easily. Here I am going to explain the installation and usage of Lynis tool for managing your Linux server security.

Step 1: SSH to your server as root user.

[root@sup #] ssh root@IPaddress

Step 2: Create a directory under the ‘/usr/local’ directory for Lynis

[root@server ~]# mkdir /usr/local/lynis
[root@server ~]# cd /usr/local/lynis
[root@server lynis]#

Step 3: Download and extract tar file of Lynis to the newly created directory

[root@server lynis]# wget
[root@server lynis]#  ll
total 132
-rw-r--r-- 1 root root 134121 Dec  3 11:57 lynis-1.3.6.tar.gz

[root@server lynis]# tar -xvzf lynis-1.3.6.tar.gz
[root@server lynis]# cd lynis-1.3.6  [you can see the Lynis script for auditing here by 'll']

Step 4: Start audit and scan
You can start the audit by executing the ‘lynis’ file from the current directory by following the command below:

[root@server lynis-1.3.6]# ./lynis

Usages of Lynis:
1 : Command to list all options/parameters under Lynis

[root@server lynis-1.3.6]# ./lynis -h


[root@server lynis-1.3.6]# ./lynis -h

  Scan options:
    --auditor ""            : Auditor name
    --check-all (-c)              : Check system
    --no-log                      : Don't create a log file
    --profile            : Scan the system with the given profile file
    --quick (-Q)                  : Quick mode, don't wait for user input
    --tests ""             : Run only tests defined by 
    --tests-category "" : Run only tests defined by 

  Layout options:
    --no-colors                   : Don't use colors in output
    --quiet (-q)                  : No output, except warnings
    --reverse-colors              : Optimize color display for light backgrounds

  Misc options:
    --check-update                : Check for updates
    --view-manpage (--man)        : View man page
    --version (-V)                : Display version number and quit

  See man page and documentation for all available options.

2 : Audit/Scan – step by step

[root@server lynis-1.3.6]# ./lynis -c

3 : All check at a time

[root@server lynis-1.3.6]# ./lynis --check-all

[root@server lynis-1.3.6]# ./lynis -c -Q

4 : To check Lynis updates

[root@server lynis-1.3.6]# ./lynis --check-update

Analyzing audit report:
Lynis store all the logs of audit report in /var/log/lynis.log file. You can analyze the audit report by using ‘less’ command.

[root@server lynis-1.3.6]# less /var/log/lynis.log

These are common usage of Lynis script for auditing linux servers.
Thank you..

Arunlal Ashok

DevOps (Server & Cloud infrastructure) Engineer. I'm managing Linux servers since 2012. I started this blog to share and discuss my ideas. Any questions? Write to arun (@)

You may also like...

4 Responses

  1. Michael says:

    Thanks for the great article about how to use Lynis!

Leave a Reply

Your email address will not be published. Required fields are marked *