Do you like this software? Star the project and become a stargazer.
Lynis - Security auditing and hardening tool, for UNIX-based systems.
Lynis is a security auditing tool for systems based on UNIX like Linux, macOS, BSD, and others. It performs an in-depth security scan and runs on the system itself. The primary goal is to test security defenses and provide tips for further system hardening. It will also scan for general system information, vulnerable software packages, and possible configuration issues. Lynis was commonly used by system administrators and auditors to assess the security defenses of their systems. Besides the "blue team," nowadays penetration testers also have Lynis in their toolkit.
We believe software should be simple, updated on a regular basis, and open. You should be able to trust, understand, and have the option to change the software. Many agree with us, as the software is being used by thousands every day to protect their systems.
The main goals of Lynis include:
- Automated security auditing
- Compliance testing (e.g. ISO27001, PCI-DSS, HIPAA)
- Vulnerability detection
The software (also) assists with:
- Configuration and asset management
- Software patch management
- System hardening
- Penetration testing (privilege escalation)
- Intrusion detection
Typical users of the software:
- System administrators
- Auditors
- Security officers
- Penetration testers
- Security professionals
There are multiple options available to install Lynis.
For systems running Linux, BSD, and macOS, there is typically a package available. This is the preferred method of obtaining Lynis, as it is quick to install and easy to update. The Lynis project itself also provides packages in RPM or DEB format suitable for systems systems running: CentOS, Debian, Fedora, OEL, openSUSE, RHEL, Ubuntu, and others.
Some distributions may also have Lynis in their software repository:
Note: Some distributions don't provide an up-to-date version. In that case it is better to use the CISOfy software repository, download the tarball from the website, or download the latest GitHub release.
The very latest developments can be obtained via git.
-
Clone or download the project files (no compilation nor installation is required) ;
git clone https://github.com/CISOfy/lynis -
Execute:
cd lynis && ./lynis audit system
If you want to run the software as root (or sudo), we suggest changing the ownership of the files. Use chown -R 0:0 to recursively alter the owner and group and set it to user ID 0 (root). Otherwise Lynis will warn you about the file permissions. After all, you are executing files owned by a non-privileged user.
Have a look at the Lynis documentation to learn more about the configuration and usage of Lynis. When you are interested in reading more articles about Linux security, then check out the Linux security blog named Linux Audit. For some suggestions by Lynis, this is also the source used to learn more about specific findings.
If you want to create your own tests, have a look at the Lynis software development kit.
We participate in the CII best practices badge program of the Linux Foundation.
Lynis is collecting some awards along the way and we are proud of that.
-
2016
- Best of Open Source Software Awards 2016.
- Article by TechRepublic, considering Lynis a "must-have" tool: How to quickly audit a Linux system from the command line
-
2015
-
2014
-
2013
We love contributors.
Do you have something to share? Want to help out with translating Lynis into your own language? Create an issue or pull request on GitHub, or send us an e-mail: lynis-dev@cisofy.com.
More details can be found in the Contributors Guide.
You can also simply contribute to the project by starring the project and show your appreciation that way.
Thanks!
GPLv3
This software component is also part of an enterprise solution and focuses on companies. Same quality, yet with more functionality.
Focus areas include compliance (PCI DSS, HIPAA, ISO27001, and others). The Enterprise version comes with:
- a web interface;
- dashboard and reporting;
- hardening snippets;
- improvement plan (based on risk);
- commercial support.
Linux 安全专家徽章 生成状态 CII 最佳实践 文档
您喜欢这款软件吗?为项目加星,成为追星族。
林尼斯
Lynis - 基于 UNIX 系统的安全审计和加固工具。
Lynis 是一款安全审计工具,适用于 Linux、macOS、BSD 等基于 UNIX 的系统。它可对系统本身进行深入的安全扫描。主要目的是测试安全防御,并为进一步加固系统提供提示。它还会扫描一般系统信息、易受攻击的软件包以及可能存在的配置问题。系统管理员和审计员通常使用 Lynis 来评估系统的安全防御措施。除了 “蓝队”,如今渗透测试人员的工具包里也有 Lynis。
我们认为软件应该简单、定期更新、开放。您应该能够信任、理解并选择更改软件。许多人都同意我们的观点,因为每天都有成千上万的人使用该软件来保护他们的系统。
目标
Lynis 的主要目标包括
- 自动安全审计
- 合规性测试(如 ISO27001、PCI-DSS、HIPAA)
- 漏洞检测
该软件(还)协助
- 配置和资产管理
- 软件补丁管理
- 系统加固
- 渗透测试(权限升级)
- 入侵检测
Audience 受众
软件的典型用户:
- 系统管理员
- 审计员
- 安全人员
- 渗透测试人员
- 安全专家
安装
Lynis 有多种安装方式。
软件包
对于运行 Linux、BSD 和 macOS 的系统,通常有一个软件包可用。这是获取 Lynis 的首选方法,因为它安装快捷,更新方便。Lynis 项目本身也提供 RPM 或 DEB 格式的软件包,适合运行以下系统的系统: CentOS、Debian、Fedora、OEL、openSUSE、RHEL、Ubuntu 等。
某些发行版的软件仓库中也可能有 Lynis: Repology
注意:有些发行版不提供最新版本。在这种情况下,最好使用 CISOfy 软件仓库,从网站上下载压缩包,或下载最新的 GitHub 版本。
Git
可通过 git 获取最新开发版本。
克隆或下载项目文件(无需编译或安装);
git clone https://github.com/CISOfy/lynis
执行
cd lynis && ./lynis audit system
如果想以 root(或 sudo)身份运行软件,建议更改文件的所有权。使用 chown -R 0:0 递归更改所有者和组,并将其设置为用户 ID 0(root)。否则,Lynis 会对文件权限发出警告。毕竟,你正在执行一个非特权用户拥有的文件。
文档
查看 Lynis 文档,了解更多关于 Lynis 配置和使用的信息。如果你有兴趣阅读更多关于 Linux 安全的文章,请访问 Linux 安全博客 Linux
如果您有兴趣阅读更多有关 Linux 安全的文章,请访问名为 Linux Audit 的 Linux 安全博客。对于 Lynis 提出的一些建议,也可以从这里了解更多具体发现。
自定义
如果你想创建自己的测试,请查看 Lynis 软件开发工具包。
安全性
我们参与了 Linux 基金会的 CII 最佳实践徽章计划。
媒体和奖项
Lynis 一路走来收集了一些奖项,我们为此感到自豪。
- 2016
- 2016 年最佳开源软件奖。
- TechRepublic 的文章,认为 Lynis 是 “必备 ”工具: 如何从命令行快速审计 Linux 系统
- ToolsWatch 最佳工具(前 10 名)
- 2015
- ToolsWatch 最佳工具(第二名)
- 2015 年最佳开源软件奖(镜像)。
- 2014
- 工具观察最佳工具(第三名)
- 2013
- 工具观察最佳工具(第六名)
贡献
我们热爱贡献者。
您有什么要分享的吗?想帮助将 Lynis 翻译成您自己的语言吗?请在 GitHub 上创建一个问题或拉请求,或给我们发送电子邮件:lynis-dev@cisofy.com。
更多详情请查看贡献者指南。
您也可以简单地为项目加星,以表达您的谢意。
谢谢!
许可证
GPLv3
企业版
该软件组件也是企业解决方案的一部分,主要面向企业。质量相同,但功能更多。
重点领域包括合规性(PCI DSS、HIPAA、ISO27001 等)。企业版配备
- WEB接口;
- 仪表盘和报告
- 加固片段
- 改进计划(基于风险);
- 商业支持。
Lynis 是一个开源的安全审计工具。由系统管理员,安全专家,和审计师使用,以评估他们的基于UNIX和Linux的系统的安全防御能力。它运行在主机本身,所以它比漏洞扫描器执行更广泛的安全扫描。这也是我们提供的 Lynis Enterprise 中的客户端。
支持的操作系统
Lynis 运行在几乎所有基于 UNIX 的系统和版本,包括︰
- AIX
- FreeBSD
- HP-UX
- Linux
- macOS
- NetBSD
- OpenBSD
- Solaris
- 和其他