Kinaro's Blog of Things

Audit your web server using Lynis

by Felix Kinaro About 2 min reading time

Lynis is a security auditing tool developed by CISOfy. It is compatible with Linux, macOS, and *NIX systems. The tool can be used to align operations to conform with data security requirements of HIPAA, ISO27001, PCI, DSS as well as system hardening.

This article assumes that you are using a Linux distro such as Ubuntu, and that you have sudo rights on the system.

Use it without having to install (You're gonna need Git)

  1. Install git if you do not have it already. Run sudo apt install git on terminal, or use a graphical tool. Choose your poison.
    Git
  2. Clone the Lynis repository to your local machine. On Terminal, type git clone https://github.com/CISOfy/lynis.git.
    You can also go to https://github.com/CISOfy/lynis and click the Download Zip button. Extract the contents of the zip file and open the directory.
  3. Right click any blank area within the folder and select Open in Terminal.
  4. Run sudo chown -R 0:0 * to recursively set the ownership of the files to user root. Run ls -l to verify ownership
    Root Owner
  5. Run sudo chmod +x lynis to make the script executable. From the above screenshot, you can see that permissions for the script are set to allow the owner to execute it (-rwxr...)

Start using Lynis

  1. Type sudo ./lynis audit system to audit you local Linux machine.
    Initial screen
    Use sudo ./lynis audit system remote, or connect to the server via SSH.
    Replace with the IP address of a server you own. Be warned that auditing a system you have no right to could have serious legal consequences as per your state laws.

    So, what is checked when you run the above command on a local server?

And many more. You can see the scan result for my personal computer below.
Audit report for my laptop
Keep in mind that prevention of compromise will eventually fail, but with the right knowledge you can stop attacks when they occur

Follow me on Twitter @0xOOOOK