My thoughts about IT and infosec.

Install and use Lynis

Hardening you Linux and BSD based systems is an important job. Lynis can help you with this! I use Ubuntu 16.04 on my workstation and server, so I you use another on Linux, BSD or macOS based system, you maybe have to change some instructions.

About Lynis

Lynis is an open source security and hardening tool for system administrators, auditors and researchers. With integrated compliance testing for, for example, HIPAA, ISO27001 and PCI DSS, Lynis makes a great tool for compliance auditors. Especially when you combine this with Lynis Enterprise for reporting, monitoring and tips for a complaint and secure systems. Lynis can run on most GNU/Linux and BSD based operating systems. It is completely written in shell and it is GPLv3 licensed.

Installing Lyins

First thing, I like my device to be up to date.

sudo apt update
sudo apt upgrade

In some cases you have to install the APT over HTTPS transport package.

sudo apt install apt-transport-https

Then, we add the key we need for the packages of Lynis.

sudo apt-key adv --keyserver --recv-keys C80E383C3DE9F082E01391A0366C67DE91CA5D5F

Then, we add the right APT repository.

echo "deb xenial main" > /etc/apt/sources.list.d/cisofy-lynis.list

And last but not least, install Lynis!

sudo apt update
sudo apt install lynis

Running an audit

Now it is time to run our first audit of our machine!

sudo lynis audit system

And there we have some results! It looks like I have some work to do to get a better score.


Later more on Lynis. Then we handle the hardening tip's it gives us.

More information

For more in formation you can take a look on the website:

Lynis is an open source project and you can find the code on Github: