Lynis is a powerful, open-source security auditing and system hardening tool for Unix and Linux systems. It performs in-depth security scans, identifies vulnerabilities, detects misconfigurations, and provides actionable recommendations to improve your server’s security posture.
Lynis is widely used by:
System Administrators
DevOps Engineers
Security Auditors
Compliance Teams
It is lightweight, agentless, and safe to run on production environments.
Regular security audits are critical to:
Detect configuration weaknesses
Reduce attack surface
Improve system hardening
Maintain compliance (PCI-DSS, ISO27001, HIPAA, etc.)
Identify outdated packages and insecure services
Lynis generates a Hardening Index Score that reflects the overall security level of your system.
✔ Agentless and lightweight
✔ No external dependencies
✔ Modular scanning (only scans what exists on the system)
✔ Detailed logging and reporting
✔ Compliance-oriented checks
✔ Suitable for production servers
✔ Supports Linux, macOS, BSD, and Unix systems
Below are multiple installation methods depending on your environment.
sudo dnf install epel-release -y
sudo dnf install lynis -y
For older systems:
sudo yum install epel-release -y
sudo yum install lynis -y
sudo apt update
sudo apt install lynis -y
This method ensures you get the latest stable release.
cd /usr/local
sudo git clone https://github.com/CISOfy/lynis
cd lynis
Run directly:
sudo ./lynis audit system
(Optional) Create a symlink:
sudo ln -s /usr/local/lynis/lynis /usr/local/bin/lynis
Verify installation:
lynis --version
To perform a full system audit:
sudo lynis audit system
During the scan, Lynis will:
Check kernel settings
Review authentication mechanisms
Inspect firewall configuration
Scan running services
Validate SSH configuration
Detect outdated packages
Evaluate filesystem security
Analyze logging configuration
After completion, Lynis provides:
Critical issues that should be addressed immediately.
Recommended improvements to increase hardening.
Example:
Hardening index : 72 [############## ]
Higher score = Better security posture.
Lynis stores results in:
/var/log/lynis.log
/var/log/lynis-report.dat
These files are useful for:
Historical comparisons
Compliance documentation
Security review audits
Automation integration
If Lynis reports SSH weaknesses:
Example recommendation:
Disable password authentication
Fix:
Edit SSH config:
sudo nano /etc/ssh/sshd_config
Set:
PasswordAuthentication no
Restart SSH:
sudo systemctl restart sshd
Re-run audit to verify improvement.
To run daily security scans automatically:
sudo crontab -e
Add:
0 3 * * * /usr/bin/lynis audit system --quiet
This runs the audit every day at 3:00 AM.
sudo lynis audit system --tests-from-group authentication
sudo lynis audit system --quiet --report-file /root/lynis-custom-report.dat
✔ Run Lynis after server deployment
✔ Schedule weekly automated audits
✔ Re-run after major updates
✔ Review Hardening Index trends
✔ Integrate results into monitoring or SIEM
You can forward /var/log/lynis.log to:
ELK Stack
Splunk
SIEM solutions
Centralized log servers
This allows centralized security tracking across multiple servers.
Using Lynis helps:
Detect insecure services
Identify missing security patches
Improve firewall and SSH configuration
Harden web/database servers
Maintain compliance documentation
Reduce breach risk
After new server provisioning
After OS upgrades
After control panel installation
After deploying Docker/Kubernetes
Before compliance audits
During periodic security reviews
Lynis is a powerful and lightweight security auditing tool that helps administrators proactively harden their infrastructure. By incorporating regular Lynis audits into your operational workflow, you significantly reduce security risks and improve system resilience.
For production environments, we strongly recommend automating weekly scans and reviewing the Hardening Index as part of your security baseline management.