Forensicsauditingsecurityhardeningunixlinuxsystem scan

Lynis

Lynis is a security auditing tool for Unix-based systems that scans configurations to identify system information and security issues. It assists professional auditors and supports automated audits alongside other security tools.

Description

Lynis is an auditing tool designed for hardening GNU/Linux and Unix-based systems. It performs comprehensive scans of system configurations, generating overviews of system details and potential security issues suitable for professional audits. The tool is particularly useful for identifying weaknesses and compliance gaps in system setups.

Use cases include local security scans, remote system audits, and analysis of Dockerfiles. It complements other software such as security scanners, benchmarking tools, and fine-tuning utilities. Lynis supports various audit modes like forensics and pentesting, making it versatile for different security assessment needs.

The tool is available as a package in Kali Linux, with enterprise features for plugins and data upload. It provides detailed logging and output options for integration into cron jobs or automated workflows.

How It Works

Lynis initializes by detecting the OS, checking profiles, and gathering system details like kernel version, hostname, and hardware platform. It performs tests across categories, reporting compliance levels, suggestions, and warnings. Output can be customized for quiet mode, cron jobs, or verbose details, with support for remote scans via specified hosts and forensics on mounted systems.

Installation

bash

sudo apt install lynis

Flags

-QQuiet mode with no output

--cronjobOutput in cronjob format

--forensicsPerform forensics on a running or mounted system

--pentestNon-privileged mode showing points of interest for pentesting

--no-colorsDon't use colors in output

--quiet (-q)No output

--debugDebug logging to screen

--profile <profile>Scan the system with the given profile file

--version (-V)Display version number and quit

Examples

Scan the system in quiet mode and output in cronjob format

lynis -Q --cronjob

Show help and available commands

lynis -h

Perform local security scan

lynis audit system

Perform remote security scan on specified host

lynis audit system remote <host>

Analyze a Dockerfile

lynis audit dockerfile <file>

Show Lynis version

lynis show version

Show update details

lynis update info

Updated 2026-04-16kali.org ↗