How to Install and Run Lynis on Ubuntu Linux

Lynis is an open-source and trusted security auditing tool designed for Linux, macOS, and UNIX derivatives such as FreeBSD and OpenBSD. It is used for a number of purposes including security auditing, vulnerability detection, and compliance testing. The aim of leveraging an auditing tool such as Lynis is to probe and resolve any underlying security vulnerabilities, and configuration errors such as weak user account passwords or inappropriate file permissions that might compromise the system in face of an attack.

In this tutorial, you will learn how to install Lynis on Ubuntu 20.04. There are a number of ways of installing Lynis. You can install from Ubuntu repositories using the APT package manager or from the official community repository.

Install the Lynis on Ubuntu

Granted, you can install Lynis from Ubuntu repositories. However, this will not always get you the latest version. For example, at the time of writing this guide, the latest version of Lynis is Lynis version 3.0.6. The version hosted on the Ubuntu repository is older as the command below confirms this.

$ apt-cache policy lynis

From the output, we can see that the latest version hosted on the Ubuntu repository is Lynis 2.6.2-1.

If you wish to install the latest version of Lynis, the best approach is to install it from the Offical Lynis Community repository.

To achieve this, first, update your system

$ sudo apt update

Next, download the signing key from the central keyserver:

$ wget -O - https://packages.cisofy.com/keys/cisofy-software-public.key | sudo apt-key add -

Next, enable the Lynis community repository as follows:

$ echo "deb https://packages.cisofy.com/community/lynis/deb/ stable main" | sudo tee /etc/apt/sources.list.d/cisofy-lynis.list

With that done, refresh the system once more so that the system can be made aware of the newly added repository.

$ sudo apt update

Now proceed to the next step in order to install Lynis.

Finally, to install Lynis, use the following APT command:

$ sudo apt install Lynis

Once the installation is complete, verify the version of Lynis installed.

$ lynis show version
Check Lynis version

You can verify if there is an available update as follows:

$ lynis update info

If you have freshly installed Lynis from its official repository, be sure that this will always be up to date as illustrated in the output.

Check if there are pending updates for Lynis

Lynis Commands

Lynis is already installed. Let's spare some moment and see how you can use the tool to perform some security auditing.

To display the commands that you can run using Lynis, execute:

$ lynis show commands
lynis show commands

Lynis also ships with some audit profiles. A profile is synonymous with a configuration file that determines or spells out how a security audit should be carried out. The profiles are typically found in the /etc/lynis directory.

To list the audit profiles, run the command:

$ lynis show profiles 

In addition, you can display Lynis settings as follows.

 $ lynis show settings 

How to perform a security audit with Lynis

To perform a basic security audit of your system, run the command:

$ sudo lynis audit system

When this command is executed, Lynis probes the system and software configuration for any potential weaknesses or loopholes. Lynis then logs the audit information in the /var/log/lynis.log file and stores the audit report in the /var/log/lynis-report.dat file.

Key areas that Lynis performs system checks on include:

  1. Boot loader files
  2. Software packages
  3. Configuration files
  4. Directories associated with logging and auditing

During the system audit, you are likely to bump into different auditing results with keywords such as Found, OK, Not Found, Suggestion, Warning, and so on.

Lynis system audit in place

Special attention should be given to the system checks that yield a "Warning" alert. Action should be taken to resolve the issue described as this could potentially undermine the security of your system.

From our audit check, Lynis flagged an issue to do with home directory permissions.

Warning alert in Lynis

At the end of the scan, you will be provided with a summary of the audit that includes warnings and suggestions that you can take to harden the security of your system. Accompanying each suggestion is a URL that provides additional information about the suggestion that aims at improving or hardening your system security.

Lynis  audit summary

Check details about a specific Audit Check

Each system check is associated with a unique test ID. To display specific details of a test, use the syntax:

$ lynis show details TEST-ID

For example to view more details on the warning we received in the summary section, run the command where FIRE-4512 is the TEST ID.

$ sudo lynis show details FIRE-4512

The output provides you with potential issues and possible solutions to the warning alert.

Lynis check specific details about an audit check

To view the whole audit information, simply review the Lynis audit log file.

$ sudo cat /var/log/lynis.log

For additional information about Lynis command usage, visit the man pages.

$ man lynis
Lynis man pages

Conclusion

As you have seen, it's quite easy to install Lynis and run audit reports. This provides much-needed visibility for your system and offers you key suggestions on your you can improve your server's security. And that's it! We hope that you found this guide insightful.

Leave a Comment