Linux security audit tool-How to use

Linux Security (Lynis) audit tool introduction

Linux security has become very important aspect in technology world. As more and more servers has become dependent on Linux. No doubt Linux is considered to be very secure when used as a server, but inspite of this Linux security feature one has to take care of its internal security.  Lynis is a security auditing tool that you can use in Linux and Unix operating system.It is a open source tool. It is widely used for Linux security audit, linux vulnerability scanning, Network vulnerability scanning.
It provides many useful information regarding firewalls, wrong file permissions, system information, security information of the OS, badly configured files.
For system administrator, or any one who is associated with network security are advisable to use this Linux security audit software.

Also see Nmap port scan command

Linux security (Lynis) tool installation

Before installing lynis you can check if the lynis package is already available or not in your Linux with yum list command.
If it is available like the one given below, then you can install it.

[root@server1 ~]# yum list lynis
Loaded plugins: fastestmirror, langpacks
Loading mirror speeds from cached hostfile
 * base: centos.excellmedia.net
 * epel: kartolo.sby.datautama.net.id
 * extras: mirrors.nhanhoa.com
 * nux-dextop: mirror.li.nux.ro
 * rpmforge: apt.sw.be
 * updates: centos.excellmedia.net
Available Packages
lynis.noarch 

To install lyins do the following.

# yum install lynis

Download lynis

In case the package is not available download it by wget command.

# cd /opt/
# wget https://cisofy.com/files/lynis-2.2.0.tar.gz
--2016-04-02 14:15:31-- https://cisofy.com/files/lynis-2.2.0.tar.gz
Resolving cisofy.com (cisofy.com)... 149.210.134.182, 2a01:7c8:aab2:209::1
Connecting to cisofy.com (cisofy.com)|149.210.134.182|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 202825 (198K) [application/octet-stream]
Saving to: ‘lynis-2.2.0.tar.gz’

Extract lynis

To use lynis you have to unpack the package. To extract the package use tar command

[root@server1 opt]# tar xvf lynis-2.2.0.tar.gz

 

Scanning with Linux security (Lynis) scanner

To scan your whole system go to directory lynis and run lynis. See the below example.
This will initiate the Linux vulnerability scanning process. You will be able to see the lynis system audit output on the screen.

# cd /opt/lynis/
# ./lynis --check-all

 

Linux security scanning
Linux security scan with lynis

 

With the above command you need to give acknowledgement everytime by pressing enter to continue.
To avoid that you can use the command  ./lynis -c -Q  It will not require any acknowledgement from you and continue with the next output.

# ./lynis -c -Q

 

Checking lynis log files

By default lynis log files are stored in lynis.log file under  /var/log/ directory.
To check log files you can use cat.

# cat /var/log/lynis.log

Linux security auditing tool
Linux security audit in log file

 

If you are a system administrator, you can set up a cron job with lynis for daily monitoring at a schedule time.
To set up a cron job for lynis you can do the following.
Create a lyn.sh script under opt directory.

# cd /opt
# vi lyn.sh

Inside the lyn.sh paste the following script and save it with :wq

#!/bin/sh
AUDITOR="Lynis System Audit"
cd /opt/lynis
./lynis -c --auditor "${AUDITOR}" --cronjob

 

Now set the crontab as follows.

# crontab -e
45 00 * * * /bin/bash /opt/lyn.sh


The above crontab will run the script lyn.sh every night at 12:45.  You can check the logs in /var/log/lynis.log

Common Parameters to use with lynis

The most common parameters that you can use with lynis are given.

 
                                                              Linux  Security Auditing Tool
         Parameters   Abbreviation                                Full Description
--auditor "Any name" Assign name for auditor
--checkall             -cCheck
--check-update Update check for lynis
--cronjob Lynis as cronjob (Use -c and -Q) with it.
--help            -hShows parameters
--nocolors Skip colors
--quick            -QSkip user input
--quiet show warnings
--version            -VCheck for lynis version

 

Lynis updating

To update lynis you can use the following command. Go to the directory where the lynis package is stored and run as it is given.

# cd /opt/lynis/

 

To check any update of lynis

# ./lynis update info

To update current package with the latest version if available.

# ./lynis update release

 

Lynis man page

Finally for more information and parameters you can see the lynis man page by the following command.

# ./lynis --man page


This is it with Linux security audit tool-How to use

Image credit: Perspecsys Photos

 

Download Our Free eBook now

Linux and UNIX Shell scripting ebook

2 Comments on Linux security audit tool-How to use

  1. Very efficiently written information. It will be beneficial to anyone who usess it, as well as myself. Keep doing what you are doing looking forward to more posts.

Leave a Reply

Your email address will not be published.


*


shares