Server security has an impotent role in web-hosting industry and also it somewhere difficult to manage. Lynis is a tool for managing the server security concern easily. Here I am going to explain the installation and usage of Lynis tool for managing your Linux server security.
Step 1: SSH to your server as root user.
[[email protected] #] ssh [email protected]
Step 2: Create a directory under the ‘/usr/local’ directory for Lynis
[[email protected] ~]# mkdir /usr/local/lynis
[[email protected] ~]# cd /usr/local/lynis
[[email protected] lynis]#
Step 3: Download and extract tar file of Lynis to the newly created directory
[[email protected] lynis]# wget http://cisofy.com/files/lynis-1.3.6.tar.gz
[[email protected] lynis]# ll
total 132
-rw-r--r-- 1 root root 134121 Dec 3 11:57 lynis-1.3.6.tar.gz
[[email protected] lynis]# tar -xvzf lynis-1.3.6.tar.gz
[[email protected] lynis]# cd lynis-1.3.6 [you can see the Lynis script for auditing here by 'll']
Step 4: Start audit and scan
You can start the audit by executing the ‘lynis’ file from the current directory by following the command below:
[[email protected] lynis-1.3.6]# ./lynis
Usages of Lynis:
1 : Command to list all options/parameters under Lynis
[[email protected] lynis-1.3.6]# ./lynis -h
Example:
[[email protected] lynis-1.3.6]# ./lynis -h Scan options: --auditor "" : Auditor name --check-all (-c) : Check system --no-log : Don't create a log file --profile : Scan the system with the given profile file --quick (-Q) : Quick mode, don't wait for user input --tests "" : Run only tests defined by --tests-category "" : Run only tests defined by Layout options: --no-colors : Don't use colors in output --quiet (-q) : No output, except warnings --reverse-colors : Optimize color display for light backgrounds Misc options: --check-update : Check for updates --view-manpage (--man) : View man page --version (-V) : Display version number and quit See man page and documentation for all available options. Exiting..
2 : Audit/Scan – step by step
[[email protected] lynis-1.3.6]# ./lynis -c
3 : All check at a time
[[email protected] lynis-1.3.6]# ./lynis --check-all
Or
[[email protected] lynis-1.3.6]# ./lynis -c -Q
4 : To check Lynis updates
[[email protected] lynis-1.3.6]# ./lynis --check-update
Analyzing audit report:
Lynis store all the logs of audit report in /var/log/lynis.log file. You can analyze the audit report by using ‘less’ command.
[[email protected] lynis-1.3.6]# less /var/log/lynis.log
These are common usage of Lynis script for auditing linux servers.
Thank you..
Thanks for the great article about how to use Lynis!
Thanks for your feedback. 🙂
Nice
Thanks