Security Auditing on Ubuntu Server using Lynis.

Lynis is a highly effective and very practical tool for auditors, network and system administrators, and penetration testers. Lynis makes it simple to test, scan, and detect vulnerabilities in Linux-based systems.
Because lynis is adaptable, it is used for a variety of purposes, including:

  • Security auditing
  • Compliance testing
  • Penetration testing
  • Vulnerability detection
  • System hardening

Lynis does not automatically harden your system. However, it will make suggestions and issue security warnings to improve your system's security.
Lynis is compatible with a wide range of operating systems, including AIX, Ubuntu, Centos, FreeBSD, Debian, Fedora, Gentoo, kali, NetBSD, RHEL, OpenBSD, OpenSolaris, TrueOS, and many others. Lynis can also audit MySQL, Oracle, PostgreSQL, Apache, Nginx, and NTP.

Installation

You can install lynis in two ways.

Method 1: Install from package

$ sudo apt install lynis

Once Lynis installed, you can run it by typing lynis from your console.

Please notice that lynis will need root privilege (or equal) to run.

Method 2: Install from source

You can download the source file and run it directly from any directory. So, it is a good idea to create a custom directory for Lynis under /usr/local/lynis.

$ mkdir /usr/local/lynis

Download a stable version of lynis source files from the trusted website using the wget command and unpack it using the tar command as shown below.

$ cd /usr/local/lynis
$ wget https://downloads.cisofy.com/lynis/lynis-3.0.4.tar.gz

Output

wget https://downloads.cisofy.com/lynis/lynis-3.0.4.tar.gz
--2021-06-14 15:20:59--  https://downloads.cisofy.com/lynis/lynis-3.0.4.tar.gz
Resolving downloads.cisofy.com (downloads.cisofy.com)... 37.97.194.171, 2a01:7c8:aac2:37b::1
Connecting to downloads.cisofy.com (downloads.cisofy.com)|37.97.194.171|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 332004 (324K) [application/octet-stream]
Saving to: ‘lynis-3.0.4.tar.gz’

lynis-3.0.4.tar.gz  100%[===================>] 324.22K  916KB/s  in 0.4s    

2021-06-14 15:21:00 (916 KB/s) - ‘lynis-3.0.4.tar.gz’ saved [332004/332004]

Extract it

$ tar -xvf lynis-3.0.4.tar.gz

Running and Using Lynis Basics

You must be the root user to run lynis because it creates and writes output to /var/log/lynis.log file. To run lynis execute the following command.

$ cd lynis
Or
$ ./lynis

Running ./lynis without any option, it will provide you a complete list of available parameters and goes back to the shell prompt.

System Audit Scan Details

To start the lynis process, you must define a audit system parameter to begin scanning your entire linux system. Use the following command to start a scan with parameters as shown below.

$ sudo ./lynis audit system
Or
$ sudo lynis audit system
System Audit Scan Details 
System Audit Scan Details

Scanning Results

While scanning you will see the output as [OK] or [WARNING]. Where [OK] is considered a good result and [WARNING] as bad. But it doesn’t mean that the [OK] result is correctly configured and [WARNING] doesn’t have to be bad. You should take corrective steps to fix those issues after reading logs at /var/log/lynis.log.

In most cases, the scan provides suggestions to fix problems at the end of the scan. See the attached figure that provides a list of suggestions to fix problems.

Creating Lynis Cronjobs

If you want to generate a daily scan report for your system, you must create a cron job for it. Use the shell to execute the following command.

$ crontab -e

With the option –– cronjob, all special characters in the output will be ignored, and the scan will run completely automatically.

45	23	*	*	*	root    /path/to/lynis -c -Q --auditor "automated" --cronjob

The above ie. will run daily @ 11:45 pm and create a daily report under /var/log/lynis.log

Updating Lynis


If you want to update or upgrade the current Lynis version, simply type the following command it will download and install the latest version of Lynis.

$ ./lynis update info         
Or
$ lynis update info  

See the screenshot attached below.