Lynis is an open source security auditing tool which is widely used on various Unix-like operating systems. With Lynis, system administrators and security professionals can perform in-depth system-wide security scans in a matter of minutes.
In this article, I will explain how to install and use Lynis on a CentOS 7 server.
Prerequisites
- A CentOS 7 x64 server instance.
- A sudo user.
Step 1: Update the system
Log in from an SSH terminal as a sudo user, and then update the system as follows:
sudo yum install epel-release -y
sudo yum update -y
sudo shutdown -r now
After the system reboot, log in back as the same sudo user.
Step 2: Install Lynis and Lynis plugins (community)
2.1 Install Lynis
On CentOS 7, you can easily install Lynis using the EPEL YUM repo which has been installed earlier:
sudo yum install lynis -y
2.2 Install Lynis plugins (community)
If you want to enhance Lynis' functionality, you can install Lynis plugins (community) which can only be obtained from subscription:
- On the official Lynis plugins download page, click the
Download
button. - On the next page, input your email address and then click the
Subscribe
button. - You will receive an email message in your email inbox, click the link within to confirm your subscription.
- You will receive another email message which includes the download URL of Lynis plugins, say it is
http://sable.madmimi.com/c/6938?id=44150.2674.1.a12c46882ca668ab69e63acbe670c747
.
Now, download and unzip the plugins archive as follows:
cd
wget http://sable.madmimi.com/c/6938?id=44150.2674.1.a12c46882ca668ab69e63acbe670c747 -O lynis-community-plugins.tar.gz
sudo tar -zxvf lynis-community-plugins.tar.gz --strip-components=1 -C /usr/share/lynis/plugins
Setup proper permissions:
sudo chown root:root /usr/share/lynis/plugins/plugin_*
sudo chmod 600 /usr/share/lynis/plugins/plugin_*
Finally, check the Lynis profile file to make sure that newly-added plugins (which are pam
and systemd
in our case) are enabled:
sudo grep plugin= /etc/lynis/default.prf
The output should include plugin=pam
and plugin-systemd
:
plugin=compliance
plugin=configuration
plugin=control-panels
plugin=crypto
plugin=dns
plugin=docker
plugin=file-integrity
plugin=file-systems
plugin=firewalls
plugin=forensics
plugin=intrusion-detection
plugin=intrusion-prevention
plugin=kernel
plugin=malware
plugin=memory
plugin=nginx
plugin=pam
plugin=processes
plugin=security-modules
plugin=software
plugin=system-integrity
plugin=systemd
plugin=users
Step 3: Use Lynis
Simply running Lynis without any parameter will display the Lynis parameters:
sudo lynis
If you want to perform a full security scan, use the following command:
sudo lynis audit system
All scan results will be stored in the Lynis log file /var/log/lynis.log
.
After the full security scan, you can sort out all Warning
messages from the Lynis log file using the below grep command:
sudo grep Warning /var/log/lynis.log
Similarly, you can display all Suggestion
messages using another grep command:
sudo grep Suggestion /var/log/lynis.log
That's it. If you want to learn more details about Lynis, please visit Lynis official website.