How to do automated Linux server security audit using Lynis
Auditing your servers should be a part of your basic security policy. Part of that audit is collecting information. The more information you have about your servers the better. So over the coming weeks we’ll look at simple and small programs that can help you gather information about your server. One such lightweight tool we’ll talk about today is Lynis.
Lynis does not require any installation. Simply download it to your server and run it.
tar -zxf lynis-1.2.9.tar.gz
It will display a list of parameters that need to be specified for it to run. The command you will use the most will be:
bash lynix -c -Q
It will run without requiring human interaction, but if you are running it for the first time I would recommend going without the “-Q” parameter. This will cause it to wait for human input before proceeding with the next check. This will give you a feel for the checks being performed.
Once its completes its check it will display a list of possible vulnerabilities and a list of suggestions that will help you close those vulnerabilities. At the very end you will see, what I feel is a very satisfying progress bar, showing the hardening index of your server.
For future scans, check for updates before proceeding:
bash lynis --check-update
Since it checks everything from PHP settings to unused Firewall rules, it would be best to setup a cronjob to run it twice a month, or more frequently if required.
Thats it! Happy data collecting 🙂
About the Author:
Hamish works as a Senior Software Engineer in Bobcares. He joined Bobcares in July 2004, and is an expert in Control panels and Operating systems used in the Web Hosting industry. He is highly passionate about Linux and is a great evangelist of open-source. When he is not on his xbox, he is an avid movie lover and critic.