Skip to content

Lynis

Official Documentation: https://cisofy.com/documentation/lynis/

Cheat Sheet: Lynis Commands

Purpose

Lynis is an automated security auditing tool for Linux/Unix systems. It scans system configuration, installed software, user accounts, and common security settings to produce hardening suggestions and warnings.

Scenarios

  • CTF (beginner-friendly): Quick health check of a captured VM to find weak settings (world-writable files, weak SSH configs) that might help escalate.
  • Real world: Baseline security audit for a server before handover or during a pentest reconnaissance phase to find misconfigurations and missing patches.

All needed info to run

  • Installed from package manager or git (apt install lynis on Kali or git clone https://github.com/CISOfy/lynis.git).
  • Prefer running as root to get full checks: sudo lynis audit system.
  • Results saved to /var/log/lynis.log and reports in /var/log/lynis-report.dat (paths printed after a run).
  • Main modes:
  • lynis audit system → full system audit
  • lynis show plugins → show installed plugins
  • lynis update info → update data files (signature/db)
  • Can be scheduled via cron for regular checks.

Example commands & outputs

# Run a full system audit (recommended with sudo)
$ sudo lynis audit system
# Sample output snippet:
# [INFO]  : Starting Lynis 3.0.0
# [OK]    : Checking operating system and hardware
# [WARNING]: SSH config: PermitRootLogin is enabled (insecure)
# [INFO]  : Hardening index : 65 [# of suggestions: 17]
# Report saved to /var/log/lynis.log
# Summary saved to /var/log/lynis-report.dat

# Show available tests
$ lynis show tests
# Prints list of test categories (authentication, logging, network, etc.)

# Update Lynis data (if applicable)
$ sudo lynis update info
# Updates local plugins and tests database

Lynis Basics

  • Run Lynis as root for the most complete checks. Non-root runs are limited.
  • The hardening index is a quick metric (higher = better). Use it to track progress across runs.
  • Read /var/log/lynis.log for full details and recommendations.
  • Lynis is an auditing tool — it reports issues; fixes must be manual and tested.

Lynis Commands