Security Auditing on Ubuntu Server using Lynis.
Lynis is a highly effective and very practical tool for auditors, network and system administrators, and penetration testers. Lynis makes it simple to test, scan, and detect vulnerabilities in Linux-based systems.
Because lynis is adaptable, it is used for a variety of purposes, including:
- Security auditing
- Compliance testing
- Penetration testing
- Vulnerability detection
- System hardening
Lynis does not automatically harden your system. However, it will make suggestions and issue security warnings to improve your system's security.
Lynis is compatible with a wide range of operating systems, including AIX, Ubuntu, Centos, FreeBSD, Debian, Fedora, Gentoo, kali, NetBSD, RHEL, OpenBSD, OpenSolaris, TrueOS, and many others. Lynis can also audit MySQL, Oracle, PostgreSQL, Apache, Nginx, and NTP.
Installation
You can install lynis in two ways.
Method 1: Install from package
$ sudo apt install lynis
Once Lynis installed, you can run it by typing lynis from your console.
Please notice that lynis will need root privilege (or equal) to run.
Method 2: Install from source
You can download the source file and run it directly from any directory. So, it is a good idea to create a custom directory for Lynis under /usr/local/lynis
.
$ mkdir /usr/local/lynis
Download a stable version of lynis source files from the trusted website using the wget command and unpack it using the tar command as shown below.
$ cd /usr/local/lynis
$ wget https://downloads.cisofy.com/lynis/lynis-3.0.4.tar.gz
Output
wget https://downloads.cisofy.com/lynis/lynis-3.0.4.tar.gz
--2021-06-14 15:20:59-- https://downloads.cisofy.com/lynis/lynis-3.0.4.tar.gz
Resolving downloads.cisofy.com (downloads.cisofy.com)... 37.97.194.171, 2a01:7c8:aac2:37b::1
Connecting to downloads.cisofy.com (downloads.cisofy.com)|37.97.194.171|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 332004 (324K) [application/octet-stream]
Saving to: ‘lynis-3.0.4.tar.gz’
lynis-3.0.4.tar.gz 100%[===================>] 324.22K 916KB/s in 0.4s
2021-06-14 15:21:00 (916 KB/s) - ‘lynis-3.0.4.tar.gz’ saved [332004/332004]
Extract it
$ tar -xvf lynis-3.0.4.tar.gz
Running and Using Lynis Basics
You must be the root user to run lynis because it creates and writes output to /var/log/lynis.log
file. To run lynis execute the following command.
$ cd lynis
Or
$ ./lynis
Running ./lynis
without any option, it will provide you a complete list of available parameters and goes back to the shell prompt.
To start the lynis process, you must define a audit system
parameter to begin scanning your entire linux system. Use the following command to start a scan with parameters as shown below.
$ sudo ./lynis audit system
Or
$ sudo lynis audit system
Scanning Results
While scanning you will see the output as [OK] or [WARNING]. Where [OK] is considered a good result and [WARNING] as bad. But it doesn’t mean that the [OK] result is correctly configured and [WARNING] doesn’t have to be bad. You should take corrective steps to fix those issues after reading logs at /var/log/lynis.log
.
In most cases, the scan provides suggestions to fix problems at the end of the scan. See the attached figure that provides a list of suggestions to fix problems.
Creating Lynis Cronjobs
If you want to generate a daily scan report for your system, you must create a cron job for it. Use the shell to execute the following command.
$ crontab -e
With the option –– cronjob, all special characters in the output will be ignored, and the scan will run completely automatically.
45 23 * * * root /path/to/lynis -c -Q --auditor "automated" --cronjob
The above ie. will run daily @ 11:45 pm and create a daily report under /var/log/lynis.log
Updating Lynis
If you want to update or upgrade the current Lynis version, simply type the following command it will download and install the latest version of Lynis.
$ ./lynis update info
Or
$ lynis update info
See the screenshot attached below.