GSP
Quick Navigator

Search Site

Unix VPS
A - Starter
B - Basic
C - Preferred
D - Commercial
MPS - Dedicated
Previous VPSs
* Sign Up! *

Support
Contact Us
Online Help
Handbooks
Domain Status
Man Pages

FAQ
Virtual Servers
Pricing
Billing
Technical

Network
Facilities
Connectivity
Topology Map

Miscellaneous
Server Agreement
Year 2038
Credits
 

USA Flag

 

 

Man Pages


Manual Reference Pages  -  LYNIS (8)

NAME

Lynis - System and security auditing tool

CONTENTS

SYNOPSIS



lynis [scan mode] [other options]

DESCRIPTION

Lynis is a security auditing tool for Linux and Unix systems. It checks the system and software configurations, to determine any improvements. All details are logged in a log file. Findings and other data is stored in a report file, which can be used to create auditing reports. Lynis can be run as a cronjob, or from the command line. Lynis prefers root permissions (or sudo), so it can access all parts of the system, however it not required (see pentest mode).

The following system areas may be checked:
- Boot loader files
- Configuration files
- Files part of software packages
- Directories and files related to logging and auditing

FIRST TIME USAGE

When running Lynis for the first time, run: lynis audit system --quick

SCAN MODES

audit Performs a system audit, which is the most common audit.

For more scan modes, see the helper utilities.

OPTIONS

--auditor <full name>
  Define the name of the auditor/pen-tester. When a full name is used, add double quotes, like "Your Name".
--checkall (or -c)
  Lynis performs a full check of the system, printing out the results of each test to stdout. Additional information will be saved into a log file (default is /var/log/lynis.log). This option invokes scan mode "audit system".
In case the outcome of a scan needs to be automated, use the report file.
--config
  Show which settings file or profile is being used, then quit.
--cronjob
  Perform automatic scan with cron safe options (no colors, no questions, no breaks).
--debug Display debug information to screen for troubleshooting purposes.
--dump-options
  Show all available parameters.
--logfile </path/to/logfile>
  Defines location and name of log file, instead of default /var/log/lynis.log.
--no-colors
  Do not use colors for messages, warnings and sections.
--no-log Redirect all logging information to /dev/null, prevent sensitive information to be written to disk.
--pentest
  Run a non-privileged scan, usually for penetration testing. Some of the tests will be skipped if they require root permissions.
--plugin-dir </path/to/plugins>
  Define location where plugins can be found.
--profile </path/to/profile>
  Provide alternative profile to perform the scan.
--quick (-Q)
  Do a quick scan (don’t wait for user input).
--quiet (-q)
  Try to run as silent as possible, showing only warnings. This option activates --quick as well.
--report-file </path/to/report>
  Provide an alternative name for report file.
--reverse-colors
  Optimize screen output for light backgrounds.
--tests TEST-IDs
  Only run the specific test(s). When using multiple tests, add quotes around the line.
--tests-category <category>
  Only perform tests from particular tests. Use --view-categories to determine valid options.
--upload
  Upload data to Lynis Enterprise server.
--view-categories
  Display all available test categories.

Multiple parameters are allowed, though some parameters can only be used together with others. When running Lynis without any parameters, help will be shown and the program will exit.

HELPERS

Lynis has special helpers to do certain tasks. This way the framework of Lynis is used, while at the same time storing most of the functionality in a separated file. This speeds up execution and keeps the code clean.

audit Run audit on the system or on other targets

update Run updater utility

To use a helper, run Lynis followed by the helper name.

EXIT CODES

Lynis uses exit codes to signal any invoking script. Currently the following codes are used:
0 Program exited normally, nothing found
1 Fatal error
64 An unknown parameter is used, or incomplete
65 Incorrect data encountered
66 Can’t open file or directory
78 Lynis found 1 or more warnings or configurations errors

BUGS

Bugs can be reported via GitHub at https://github.com/CISOfy/lynis

DOCUMENTATION

Supporting documentation can be found via https://cisofy.com/documentation/lynis/

LICENSING

Lynis is licensed as GPL v3, written by Michael Boelen. Development is supported by CISOfy. Plugins may have their own license.

CONTACT INFORMATION

Support requests and project related questions can be addressed via e-mail: lynis-dev@cisofy.com.
Search for    or go to Top of page |  Section 8 |  Main Index


1.20 LYNIS (8) 2 February 2016

Powered by GSP Visit the GSP FreeBSD Man Page Interface.
Output converted with manServer 1.07.