How to audit linux server security with Lynis

Server security has an impotent role in web-hosting industry and also it somewhere difficult to manage. Lynis is a tool for managing the server security concern easily. Here I am going to explain the installation and usage of Lynis tool for managing your Linux server security.

Step 1: SSH to your server as root user.

[[email protected] #] ssh [email protected]

Step 2: Create a directory under the ‘/usr/local’ directory for Lynis

[[email protected] ~]# mkdir /usr/local/lynis
[[email protected] ~]# cd /usr/local/lynis
[[email protected] lynis]#

Step 3: Download and extract tar file of Lynis to the newly created directory

[[email protected] lynis]# wget
[[email protected] lynis]#  ll
total 132
-rw-r--r-- 1 root root 134121 Dec  3 11:57 lynis-1.3.6.tar.gz

[[email protected] lynis]# tar -xvzf lynis-1.3.6.tar.gz
[[email protected] lynis]# cd lynis-1.3.6  [you can see the Lynis script for auditing here by 'll']

Step 4: Start audit and scan
You can start the audit by executing the ‘lynis’ file from the current directory by following the command below:

[[email protected] lynis-1.3.6]# ./lynis

Usages of Lynis:
1 : Command to list all options/parameters under Lynis

[[email protected] lynis-1.3.6]# ./lynis -h


[[email protected] lynis-1.3.6]# ./lynis -h

  Scan options:
    --auditor ""            : Auditor name
    --check-all (-c)              : Check system
    --no-log                      : Don't create a log file
    --profile            : Scan the system with the given profile file
    --quick (-Q)                  : Quick mode, don't wait for user input
    --tests ""             : Run only tests defined by 
    --tests-category "" : Run only tests defined by 

  Layout options:
    --no-colors                   : Don't use colors in output
    --quiet (-q)                  : No output, except warnings
    --reverse-colors              : Optimize color display for light backgrounds

  Misc options:
    --check-update                : Check for updates
    --view-manpage (--man)        : View man page
    --version (-V)                : Display version number and quit

  See man page and documentation for all available options.

2 : Audit/Scan – step by step

[[email protected] lynis-1.3.6]# ./lynis -c

3 : All check at a time

[[email protected] lynis-1.3.6]# ./lynis --check-all

[[email protected] lynis-1.3.6]# ./lynis -c -Q

4 : To check Lynis updates

[[email protected] lynis-1.3.6]# ./lynis --check-update

Analyzing audit report:
Lynis store all the logs of audit report in /var/log/lynis.log file. You can analyze the audit report by using ‘less’ command.

[[email protected] lynis-1.3.6]# less /var/log/lynis.log

These are common usage of Lynis script for auditing linux servers.
Thank you..

Post navigation

Arunlal Ashok

DevOps Engineer. Linux lover. Traveller.
Always happy for an open discussion! Write to arun ((@)) crybit ((dot)) com.

4 thoughts on “How to audit linux server security with Lynis

Leave a Reply

Your email address will not be published. Required fields are marked *