ManagedCloud Servers

High performance handled and monitored by us 24/7/365. A complete solution to provide you with our in house expertise 24/7 tailored to your specific needs. We'll setup a bespoke server for your site using the latest tehnologies so you can get the most out of your hardware and get your website loading quickly and reliably. Find out more..

cPanelCloud Servers

Recommended - High performance cloud servers with no technical knowledge required. If you're hosting multiple websites already and you're looking to consolidate, or if you're looking to isolate yourself from the shared hosting environment but you don't have the time or knoweldge to manage a server, then the Managed cPanel Servers are for you. Find out more..

UnmanagedCloud Servers

Our unmanaged range gives you complete control at rock bottom prices and our cloud platform boasts super fast multipath 40Gb/s network, the latest Intel Xeon V3 CPUs and enterprise grade redundant SSDs. If you're a sysadmin look no further, we offer some of the best specification to price ratio servers available. Find out more..

Want your very own server? Get our 1GB memory, Xeon V4, 20GB SSD VPS for £10.00 / month.

View Plans

How to Install and Use Lynis on CentOS-7

Lynis is an open source and widely used security auditing tool for Unix like operating systems. It will help system administrators and security professionals to run security scans in just few minutes and find vulnerabilities in your operating system.

Lynis scans the whole operating system and determines system information like OS type, installed packages, security issues, and system configuration.

Lynis supports almost all UNIX based operating systems such as Linux, macOS, OpenBSD, Solaris, AIX, FreeBSD, HP-UX, PcBSD, PCLinuxOS, NetBSD, Scientific Linux, Slackware, Ubuntu and many more. Lynis can also used to audit software such as Apache, Nginx, MySQL, Oracle, PostgreSQL etc.

In this tutorial, we will learn how to install and use Lynis on CentOS-7.

Requirements

  • A server running CentOS-7.
  • A non-root user with sudo privileges setup on your server.

Installing Lynis

You can install Lynis either from the source or repository.

To install Lynis from repository, you will need to install the EPEL repository first. You can install the EPEL repo by running following command.

sudo yum install -y epel-release

Then, install Lynis with the following command:

sudo yum --enablerepo=epel install lynis

Output:

    Loaded plugins: fastestmirror
    epel/x86_64/metalink                                     | 5.2 kB     00:00     
    epel                                                     | 4.3 kB     00:00     
    epel/x86_64/primary_db         FAILED                                           
    http://mirror.rise.ph/fedora-epel/7/x86_64/repodata/c7a12e6bbbd439507bb53843a486e92ea43ac3cb24d7465428abfe4abdb81fb2-primary.sqlite.xz: [Errno 14] HTTP Error 404 - Not Found
    Trying other mirror.
    (truncated...)

To install Lynis from repository, download the Lynis source with the following command:

wget https://cisofy.com/files/lynis-2.4.0.tar.gz

Next, extract the downloaded file with the following command:

tar -xvf lynis-2.4.0.tar.gz

Change the directory to the Lynis folder and run it:

cd lynis-2.4.0 sudo lynis

Working with Lynis

Running lynis without any option will provide you a complete list of all available parameters as follows:

sudo lynis

Output:

    [ Lynis 2.3.2 ]

################################################################################ Lynis comes with ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to redistribute it under the terms of the GNU General Public License. See the LICENSE file for details about using this software.

2007-2016, CISOfy - https://cisofy.com/lynis/ Enterprise support available (compliance, plugins, interface and tools) ################################################################################

[+] Initializing program ------------------------------------

Usage: lynis command [options]

Command:

audit audit system : Perform local security scan audit system remote : Remote security scan audit dockerfile : Analyze Dockerfile

show show : Show all commands show version : Show Lynis version show help : Show help

update update info : Show update details update release : Update Lynis release

Options:

--no-log : Don't create a log file --pentest : Non-privileged scan (useful for pentest) --profile : Scan the system with the given profile file --quick (-Q) : Quick mode, don't wait for user input

Layout options --no-colors : Don't use colors in output --quiet (-q) : No output --reverse-colors : Optimize color display for light backgrounds

Misc options --debug : Debug logging to screen --view-manpage (--man) : View man page --verbose : Show more details on screen --version (-V) : Display version number and quit

Enterprise options --plugin-dir "" : Define path of available plugins --upload : Upload data to central node

More options available. Run '/bin/lynis show options', or use the man page.

No command provided. Exiting..

(truncated...)

Now, let's start the Lynis process, run lynis with -c parameter to begin scanning of your entire Linux system:

sudo lynis -c

Once you run above command it will scan your entire system and ask you to Press [Enter] to continue for every process it scans as follows:

    [ Lynis 2.3.2 ]

################################################################################ Lynis comes with ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to redistribute it under the terms of the GNU General Public License. See the LICENSE file for details about using this software.

2007-2016, CISOfy - https://cisofy.com/lynis/ Enterprise support available (compliance, plugins, interface and tools) ################################################################################

[+] Initializing program

(truncated...)

Run Lynis with Custom Tests

It is not important to run all the tests. If you will need to test only Apache web server, then you can use --test parameter:

sudo lynis --tests "HTTP-6632 HTTP-6622 HTTP-6624 HTTP-6626"

Output:

    [+] Software: webserver
    ------------------------------------
      - Checking Apache (binary /usr/sbin/httpd)                  [ FOUND ]
          Info: Configuration file found (/etc/httpd/conf/httpd.conf)
          Info: No virtual hosts found
        * Loadable modules                                        [ FOUND ]
            - Found 100 loadable modules

================================================================================

-[ Lynis 2.3.2 Results ]-

Great, no warnings

No suggestions

================================================================================

You can find more Tests-IDs inside /var/log/lynis.log.

For example, if you want to find out Kernel related Test-IDs, run the following command:

cat /var/log/lynis.log | grep KRNL

You should see the following list:

    2016-11-02 21:17:56 Skipped test KRNL-5622 (Determine Linux default run level)
    2016-11-02 21:17:56 Skipped test KRNL-5677 (Check CPU options and support)
    2016-11-02 21:17:56 Skipped test KRNL-5695 (Determine Linux kernel version and release number)
    2016-11-02 21:17:56 Skipped test KRNL-5723 (Determining if Linux kernel is monolithic)
    2016-11-02 21:17:56 Skipped test KRNL-5726 (Checking Linux loaded kernel modules)
    2016-11-02 21:17:56 Skipped test KRNL-5728 (Checking Linux kernel config)
    2016-11-02 21:17:56 Skipped test KRNL-5730 (Checking disk I/O kernel scheduler)
    2016-11-02 21:17:56 Skipped test KRNL-5745 (Checking FreeBSD loaded kernel modules)
    2016-11-02 21:17:56 Skipped test KRNL-5770 (Checking active kernel modules)
    2016-11-02 21:17:56 Skipped test KRNL-5788 (Checking availability new Linux kernel)
    2016-11-02 21:17:56 Skipped test KRNL-5820 (Checking core dumps configuration)
    2016-11-02 21:17:56 Skipped test KRNL-5830 (Checking if system is running on the latest installed kernel)
    2016-11-02 21:18:13 Skipped test KRNL-6000 (Check sysctl key pairs in scan profile)

Next, run lynis with the parameters below:

`sudo lynis --tests "KRNL-5622 KRNL-5677 KRNL-5695 KRNL-5723 KRNL-5726 KRNL-5728 KRNL-5730 KRNL-5745 KRNL-5770 KRNL-5788 KRNL-5720 KRNL-5730 KRNL-5830 KRNL-6000"

You should see the following output:

    [+] Kernel
    ------------------------------------
      - Checking default runlevel                                 [ runlevel 3 ]
      - Checking CPU support (NX/PAE)
        CPU support: PAE and/or NoeXecute supported               [ FOUND ]
      - Checking kernel version and release                       [ DONE ]
      - Checking kernel type                                      [ DONE ]
      - Checking loaded kernel modules                            [ DONE ]
          Found 70 active modules
      - Checking Linux kernel configuration file                  [ FOUND ]
      - Checking default I/O kernel scheduler                     [ FOUND ]
      - Check if reboot is needed                                 [ NO ]

(truncated...)

Check and Update your Version of Lynis

If you want to see the current version of Lynis on your system run the following command:

sudo lynis update info

Output:

     == Lynis ==

Version : 2.3.2 Status : Unknown Release date : 2016-08-09 Update location : https://cisofy.com/lynis/

2007-2016, CISOfy - https://cisofy.com/lynis/

To upgrade current lynis version, run the following command:

sudo lynis update release

That's it..

Want your very own server? Get our 1GB memory, Xeon V4, 20GB SSD VPS for £10.00 / month.

View Plans