In this tutorial, we’ll show you how to do Security Auditing of CentOS System Using Lynis Tool. Lynis is an open-source security tool for UNIX-like system (Linux, macOS, BSD and others). Lynis provide guidance/tips for further system hardening.
This tool is mostly used by auditors, system admin, penetration testers or security admin.
Steps to Install Lynis on Linux:
Install Lynis tool on CentOS/RHEL/Oracle
Install Prerequisite tools and packages.
yum install ca-certificates curl nss openssl
Command to create Lynis YUM repository:
sudo cat > /etc/yum.repos.d/cisofy-lynis.repo <<EOF [lynis] name=CISOfy Software - Lynis package baseurl=https://packages.cisofy.com/community/lynis/rpm/ enabled=1 gpgkey=https://packages.cisofy.com/keys/cisofy-software-rpms-public.key gpgcheck=1 priority=2 EOF
sudo yum makecache fast sudo yum install lynis
Sample Output:
[root@linux-dev ~]# sudo yum install lynis Loaded plugins: fastestmirror, langpacks Loading mirror speeds from cached hostfile * base: centos.excellmedia.net * epel: download.nus.edu.sg * epel-source: download.nus.edu.sg * extras: centos.excellmedia.net * updates: centos.excellmedia.net Resolving Dependencies --> Running transaction check ---> Package lynis.noarch 0:3.0.6-100 will be installed --> Finished Dependency Resolution Dependencies Resolved ============================================================================================================================================== Package Arch Version Repository Size ============================================================================================================================================== Installing: lynis noarch 3.0.6-100 lynis 327 k Transaction Summary ============================================================================================================================================== Install 1 Package Total download size: 327 k Installed size: 1.6 M Is this ok [y/d/N]: Y Downloading packages: warning: /var/cache/yum/x86_64/7/lynis/packages/lynis-3.0.6-100.noarch.rpm: Header V3 RSA/SHA1 Signature, key ID 0acf951b: NOKEY --:--:-- ETA Public key for lynis-3.0.6-100.noarch.rpm is not installed lynis-3.0.6-100.noarch.rpm | 327 kB 00:00:07 Retrieving key from https://packages.cisofy.com/keys/cisofy-software-rpms-public.key Importing GPG key 0x0ACF951B: Userid : "CISOfy Software RPMs (signed software packages) <software-rpms@cisofy.com>" Fingerprint: 9146 ce61 dd17 4fb3 02c9 90a9 8246 12e2 0acf 951b From : https://packages.cisofy.com/keys/cisofy-software-rpms-public.key Is this ok [y/N]: y Running transaction check Running transaction test Transaction test succeeded Running transaction Installing : lynis-3.0.6-100.noarch 1/1 Verifying : lynis-3.0.6-100.noarch 1/1 Installed: lynis.noarch 0:3.0.6-100 Complete! [root@linux-dev ~]#
Security Auditing of CentOS System Using Lynis Tool
lynis audit system
Verify Lynis Version:
[root@linux-dev ~]# lynis --version 3.0.6
Checkout Lynis Options:
lynis
[root@linux-dev ~]# lynis [ Lynis 3.0.6 ] ################################################################################ Lynis comes with ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to redistribute it under the terms of the GNU General Public License. See the LICENSE file for details about using this software. 2007-2021, CISOfy - https://cisofy.com/lynis/ Enterprise support available (compliance, plugins, interface and tools) ################################################################################ [+] Initializing program ------------------------------------ Usage: lynis command [options] Command: audit audit system : Perform local security scan audit system remote <host> : Remote security scan audit dockerfile <file> : Analyze Dockerfile show show : Show all commands show version : Show Lynis version show help : Show help update update info : Show update details Options: Alternative system audit modes --forensics : Perform forensics on a running or mounted system --pentest : Non-privileged, show points of interest for pentesting Layout options --no-colors : Don't use colors in output --quiet (-q) : No output --reverse-colors : Optimize color display for light backgrounds --reverse-colours : Optimize colour display for light backgrounds Misc options --debug : Debug logging to screen --no-log : Don't create a log file --profile <profile> : Scan the system with the given profile file --view-manpage (--man) : View man page --verbose : Show more details on screen --version (-V) : Display version number and quit --wait : Wait between a set of tests --slow-warning <seconds> : Threshold for slow test warning in seconds (default 10) Enterprise options --plugindir <path> : Define path of available plugins --upload : Upload data to central node More options available. Run '/bin/lynis show options', or use the man page. No command provided. Exiting.. [root@linux-dev ~]#
Run below command to update Lynis tool:
Lynis update info
Automate Security Audit by adding Lynis command in crontab
Lynis creates a daily report under /var/log/lynis.log file
Install Lynis tool on Debian/Ubuntu/Kali Linux
Download the key from a central keyserver:
sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 013baa07180c50a7101097ef9de922f1c2fde6c4
Install the ‘https’ method for APT
sudo apt install apt-transport-https
Add software repository
echo "deb https://packages.cisofy.com/community/lynis/deb/ stable main" | sudo tee /etc/apt/sources.list.d/cisofy-lynis.list
Install Lynis on Debian/Ubuntu/Kali Linux
apt update apt install lynis
Verify Lynis Version:
lynis show version
Install Lynis on Fedora
Create Lynis YUM repository:
sudo cat > /etc/yum.repos.d/cisofy-lynis.repo <<EOF [lynis] name=CISOfy Software - Lynis package baseurl=https://packages.cisofy.com/community/lynis/rpm/ enabled=1 gpgkey=https://packages.cisofy.com/keys/cisofy-software-rpms-public.key gpgcheck=1 priority=2 EOF
Install or Update Lynis on Fedora
sudo dnf install lynis (OR) sudo dnf update lynis
Install Lynis on openSUSE/SUSE:
Import GPG key and add repository
sudo rpm --import https://packages.cisofy.com/keys/cisofy-software-rpms-public.key
sudo zypper addrepo --gpgcheck --name "CISOfy Lynis repository" --priority 1 --refresh --type rpm-md https://packages.cisofy.com/community/lynis/rpm/ lynis
Verify if repository added:
sudo zypper repos
Install Lynis on openSUSE/SUSE
sudo zypper refresh sudo zypper install lynis
Install Lynis using source
# mkdir /usr/local/lynis # cd /usr/local/lynis # wget https://downloads.cisofy.com/lynis/lynis-3.0.4.tar.gz
Extract Lynis tar file:
# tar -xvf lynis-3.0.4.tar.gz
How to use Lynis tool:
To run Lynis you must be root as it creates log files in /var/log/lynis.log.
# cd lynis
Run lynis without any option to get the list of options.
# ./lynis
Command to scan your entire Linux system:
# ./lynis audit system
To automate you can schedule Lynis in cronjob.
# crontab -e
the option –cronjob all the special characters will be ignored from the output and the scan will run completely automated.
###Run daily “At 10:00.” -- Security Audit#### 0 10 * * * root /path/to/lynis -c -Q --auditor "automated" --cronjob
As per the above cron job will run daily at 10:00 am and creates a daily report under /var/log/lynis.log file.
Lynis provides suggestions to fix problems at the end of the scan.
Steps to update Lynis:
Run below command it will automatically download and install latest version
# ./lynis update info (OR) # lynis update info
End of article. You’ve sucessfully learned how to Do Security Auditing of CentOS System Using Lynis Tool.
