Using Lynix for Linux Security Audits (Video Tutorial)Using Lynix for Linux Security Audits (Video Tutorial)

Watch this tutorial to learn how to use Lynis, an open source security auditing tool, to audit and enhance Linux security.

Grant Knoetze, Contributor

January 31, 2025

10 Min View
ITPro Today

This tutorial guides you through using Lynis, an open-source tool, to audit and enhance Linux system security. It covers installation, running audits, interpreting results, addressing warnings, and automating audits for continuous protection. 

Subscribe to ITPro Today’s YouTube channel for Linux tutorials and more.

The transcript below has been edited for clarity and length.

Transcript:

Grant Knoetze: Hello, and welcome to today's tutorial on mastering security auditing with Lynis. 

So, we can find the Lynis homepage (https://cisofy.com/lynis), which includes the documentation. 

In this tutorial, you'll learn how to use Lynis, a powerful, open source security auditing tool for analyzing and improving the Linux system security. This guide is perfect for beginners and intermediate Linux users who want to identify and fix vulnerabilities, misconfigurations, and compliance issues. 

Let's dive in. 

What Is Lynis?

Lynis is a widely used and open-source security auditing tool for all Unix-based operating systems. The documentation shows it's available for all Unix-based operating systems, including FreeBSD, etc., and can even run on Raspberry Pi and IoT devices. I will install and use Lynis on Ubuntu. 

Whether you're using a personal server or for cloud purposes, Lynis can significantly enhance the security of your Linux system. 

Related:How To Use AppArmor to Lock Down Linux Applications

 1. Preparing Your System

Let's get started. In the terminal, I will go to my home directory. 

The first thing that I want to do is update and upgrade my system. I want to update my operating system and upgrade all installed packages and software. 

So, I can type: 

sudo apt update

Remember, it could be "yum" or something else instead of "apt" if you use a different distribution. 

Having updated the OS, let's upgrade all installed packages and tools: 

sudo apt upgrade

2. Installing Lynis

Now that we have prepared the system, we can install and use Lynis: 

sudo apt install lynis 

Hit Enter, and it will install Lynis. 

We can check the installation: 

lynis --version

When I hit enter, it shows that I have version 3.0.9 installed. 

3. Running Your First Audit

So, let's run a basic audit. 

From the command line, we can type in: 

sudo lynis audit system 

When you hit Enter, it performs the audit. You can follow along with the audit to see what it's auditing. So, it's detecting our OS. It has detected Ubuntu, the version, and the hardware platform. We can see that it will give us updates, warnings, and other information that will be in square brackets. 

During this audit, Lynis will check various aspects of the system, including kernel configuration, installed packages, File System permissions, user accounts, security settings, secure shell configurations, and much more. 

Related:Linux Security in the Cloud Era: Best Practices for Protecting Your Cloud Workloads

4. Interpreting Audit Results

Now that the Lynis security audit has finished, I can scroll up to see the entire history. I can look under the various headings (for example, Security Frameworks, etc.) and interpret my results. 

If I go to the end of the scan, we have a summary of the scan details. 

Now, it's given us something called a Hardening Index. Lynis assigns this Hardening Index to your system. That's a quick overview of your system's overall security posture. The Harden Index calculates your score up to 100, and a score closer to 100 is better. Even a score in the 80s can indicate a solid security baseline. We see that my system scored a 63, which means that it needs work. 

Let's check specific components. Let's check for a firewall installed on the system. I don't have a malware scanner installed in the system, as indicated by a big red X. It's given us a couple of files. So, there is test and debug information. 

The entire log for the scan is under /var/log/ynis.log. There's also report data under lynis-report.dat. 

We also have warnings. Warnings indicate critical security issues, such as outdated packages or weak configurations. For example, if you see a warning about an outdated package, it's a high-priority issue. 

Related:How To Implement Zero-Trust Security in Linux Environments

It's given me a whole bunch of suggestions (40 total). You can go through the suggestions. For example, "This release is more than 4 months old. Check the website to get up to see if there's an update available," etc. So, that's for Lynis itself. You can run through this as you wish and work on any suggestions. 

It's also given Follow-Ups. 

Now, since we've got the log files, let's look at them. So, I will change directory (CD) to /var/log. If I ls (list command), we can see we have lynis.log and lynis-report.dat. So, I can open my favorite text or code editor, Nano, and open lynis.log by typing: 

sudo nano lynis.log

Now I'm in the Lynis log for the complete audit. If you'd like, you can go through this entire log. You can also output this into a text file and use it elsewhere. I'm just going to press CTRL+X to exit. 

If I want to look at the Linux report, I can type:

sudo nano lynis-report.dat

The entire report opens and provides a breakdown. 

5. Automate Security Audits

So, in previous videos, I've been through the topics of firewalls (including UFW) and hardening SSH. I'm not going to go into these topics in this video. You can watch my other videos for this. What I will do here is show you how to automate this. We can automate regular security audits using a cron job in Linux. 

I will change directory (CD) back to my home. From here, I can type:

sudo crontab -e 

Let's open Nano. I've already configured crontab to open in Nano. You can configure it for whichever editor you like to use. 

So, the crontab tells you, "Edit this file to introduce tasks to be run by cron." It is where all our cron jobs are. For the automated Lynis audit, I'm going to type: 

0 2 * * * /usr/bin/lynis audit system > /var/log/lynis_daily.log

I can hit CTRL+O to save that and CTRL+X to X out. 

Recap

So, let's recap what we've learned today. We've installed Lynis on an Ubuntu system. We've run a basic audit. We've reviewed the results. We've seen how to act on warnings and suggestions to enhance security. We've seen how to automate regular scans to maintain a secure system. 

Make sure to run Lynis regularly to monitor your system's security. Don't forget to subscribe to our YouTube channel, @itprotoday_official, for more Linux security tutorials. Stay safe out there. Bye for now. 

About the Author

Grant Knoetze

Grant Knoetze

Contributor

Grant Knoetze is a cybersecurity analyst with a special interest in DFIR, programming languages, incident response, red-teaming, and malware analysis. His full-time job includes teaching and instructing in various topics from basic Linux all the way through to malware incident response, and other advanced topics. He is also a speaker at various conferences worldwide.

www.grantknoetze.com

https://github.com/Grant-Knoetze

https://www.linkedin.com/in/grant-knoetze-563b0b1b6/

See more from Grant Knoetze
Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.
Newsletter Sign-Up

You May Also Like

Editor's Choice

jobs key on keyboard
Career Management
IT Jobs Outlook 2025: Evolving Skills, AI, Workplace Flexibility Will Shape IT Workforce
IT Jobs Outlook 2025: Evolving Skills, AI, Workplace Flexibility Will Shape IT Workforce

Nov 20, 2024

an it pro is disappointed as a poster for sustainability is switched with one for financial results and garbage piles up next to a recycling bin
Green IT
How Do I Advocate for Green IT Without Being Dismissed as a Lorax?
How Do I Advocate for Green IT Without Being Dismissed as a Lorax?

Nov 27, 2024

person using a laptop with the Ubuntu logo on its scree
IT Operations
3 Simple Ways to Install and Run a Virtual Machine on Ubuntu
3 Simple Ways to Install and Run a Virtual Machine on Ubuntu

Nov 22, 2024

Exclusive ITPro Resources
See all ITPro Resources

Featured Technical Explainers

AI chip
Cloud Computing
Cloud vs. On-Prem AI Accelerators: Choosing the Best Fit for Your AI Workloads
Cloud vs. On-Prem AI Accelerators: Choosing the Best Fit for Your AI Workloads
SaaS concept on a tablet
Cloud Computing
Why SaaS Backup Matters: Protecting Data Beyond Vendor Guarantees
Why SaaS Backup Matters: Protecting Data Beyond Vendor Guarantees
DevOps logo on top of code
DevOps
DevOps: Key to Faster, More Efficient Government Software Development
DevOps: Key to Faster, More Efficient Government Software Development
Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.
Newsletter Sign-Up

Recent What Is

cartoon shows a person next to a checklist and several icons that represent disaster scenarios
Disaster Recovery
BCDR Basics: A Quick Reference Guide for Business Continuity & Disaster RecoveryBCDR Basics: A Quick Reference Guide for IT Pros
technology interface with a person's hand drawing gears and cogs
PowerShell
Introduction To PowerShell Environment VariablesIntroduction To PowerShell Environment Variables