Lynis is a battle-tested security tool. It performs an extensive health scan of your systems to support system hardening and compliance testing. The primary goal is to test security defenses and provide tips for further system hardening. It will also scan for general system information, vulnerable software packages, and possible configuration issues.
The software can be used for security auditing, compliance testing (e.g. PCI, HIPAA, SOx), penetration testing, vulnerability detection, and system hardening.
This is free and open source software.
Key Features
- In-depth audits by host based scanning.
- Compliance testing (PCI, HIPAA, SOx and others).
- Detect intruders and monitor for configuration issues.
- Continuous auditing, discover changes.
- Layered dashboards (technical and managerial).
- Reporting and data export.
- Different levels of user access.
- Modular – run your self-created tests. You can even create them in other scripting or programming languages.
- Opportunistic – only use and test the components that it can find.
- Always perform scans that are tailored to your system.
- Performs hundreds of individual tests. Each test will help to determine the security state of the system. Most tests are written in shell script and have a unique identifier (e.g. KRNL-6000).
- Flexible – tune security scans.
- Plugins – modular extensions to Lynis. With the help of the plugins, Lynis will perform additional tests and collect more system information.
- Cross-platform support – runs under Linux, macOS, other UNIX-like systems, and Windows.
Its audit steps are:
- Initialization.
- Perform basic checks, such as file ownership.
- Determine operating system and tools.
- Search for available software components.
- Check latest Lynis version.
- Run enabled plugins.
- Run security tests per category.
- Perform execution of your custom tests (optional).
- Report status of security scan.
Website: cisofy.com/lynis
Support: GitHub Code Repository
Developer: CISOfy
License: GNU General Public License v3.0
Related Software
| Vulnerability Detection Tools | |
|---|---|
| Metasploit | Penetration testing framework |
| Nuclei | Fast and customisable vulnerability scanner |
| OpenVAS | Full-featured vulnerability scanner |
| Nikto | Web server scanner |
| Lynis | Auditing, system hardening, compliance testing |
| grype | Vulnerability scanner for container images and filesystems |
| OSSEC | Centralized architecture for monitoring and managing multiple systems |
| OpenSCAP | NIST Certified SCAP 1.2 toolkit |
| octoscan | Static vulnerability scanner for GitHub action workflows |
| Greenbone | Central management service between security scanners and the user clients. |
| Terrapin | Terrapin Vulnerability Scanner for the Terrapin attack |
| Tiger | Security audit and intrusion detection too |
| PRS | Web security scanner |
| Trivy | Terrapin Vulnerability Scanner for the Terrapin attack |
Read our verdict in the software roundup.
 Explore our comprehensive directory of recommended free and open source software. Our carefully curated collection spans every major software category.This directory is part of our ongoing series of informative articles for Linux enthusiasts. It features hundreds of detailed reviews, along with open source alternatives to proprietary solutions from major corporations such as Google, Microsoft, Apple, Adobe, IBM, Cisco, Oracle, and Autodesk. You’ll also find interesting projects to try, hardware coverage, free programming books and tutorials, and much more. Know a useful open source Linux program that we haven’t covered yet? Let us know by completing this form. |