To home page

Installing and using the Lynis vulnerability scanner

Virtual Server Security Configuration Guide

Modern VPS and dedicated servers require continuous security monitoring. Even if the server is isolated and serves only a limited number of users, system vulnerabilities or misconfigurations can still lead to a compromise. To detect such issues in time, it’s convenient to use Lynis, a tool that performs automated security audits of Linux and Unix systems.

file

Lynis is a security auditing tool for Unix and Linux systems. It performs deep system checks without any prior configuration. Since it runs directly on the host, it can provide a more thorough analysis than external vulnerability scanners.

Lynis executes hundreds of individual tests to evaluate the current security state of your system. The scan proceeds step by step, from initialization to generating a final report. The main stages include:

  • Detecting the operating system
  • Finding available tools and utilities
  • Checking for Lynis updates
  • Running plugin tests
  • Performing categorized security checks
  • Generating the final report

During the scan, technical data is written to a log file, while the results (warnings, suggestions, and collected information) are saved in a separate report.

You can download the original Lynis archive here: https://cisofy.com/download/lynis/

cd /tmp
wget https://cisofy.com/files/lynis-3.0.3.tar.gz
tar xvfz lynis-3.0.3.tar.gz
mv lynis /usr/local/
ln -s /usr/local/lynis/lynis /usr/local/bin/lynis

This installs Lynis to /usr/local/lynis and creates a symbolic link for easier command execution.

To check the installed version:

lynis update info

Example output:

Version            : 3.0.3
Status             : Up-to-date
Release date       : 2021-01-07
Project page       : https://cisofy.com/lynis/
Source code        : https://github.com/CISOfy/lynis

To run Lynis, simply use one of its command options. For example, to perform a full system audit:

sudo lynis audit system -c

Or to run the default set of tests:

sudo lynis audit system

You can also perform a remote audit if needed:

audit system remote <host>

During the audit, Lynis performs numerous tests grouped by category. After each stage, results, diagnostic information, and security recommendations are displayed in the standard output.

All warnings are listed at the end of the report. Each warning includes a description, test ID, and — when available — a suggested solution. Links are provided for more details and additional recommendations.

Example output:

Warnings (3):
----------------------------
! Reboot of system is most likely needed [KRNL-5830]
  - Solution : reboot
    https://cisofy.com/lynis/controls/KRNL-5830/

! Multiple accounts found with same UID [AUTH-9208]
    https://cisofy.com/lynis/controls/AUTH-9208/

! iptables module(s) loaded, but no rules active [FIRE-4512]
    https://cisofy.com/lynis/controls/FIRE-4512/

Lynis also provides a list of suggestions that can help improve the overall security posture of your system. For example:

* Set a password on GRUB boot loader to prevent altering boot configuration [BOOT-5122]
  https://cisofy.com/lynis/controls/BOOT-5122/

* Consider hardening system services [BOOT-5264]
  - Details: Run '/usr/bin/systemd-analyze security SERVICE'
  https://cisofy.com/lynis/controls/BOOT-5264/

* Install a PAM module for password strength testing (pam_cracklib or pam_passwdqc)
  https://cisofy.com/lynis/controls/AUTH-9262/

In conclusion, Lynis is a powerful tool for performing regular security audits of VPS and dedicated servers. It helps identify weaknesses early and ensures adherence to best practices for securing Linux and Unix systems.

Need help?Our engineers will help you free of charge with any question in minutesContact us