Lynis

Theory

What is Lynis?

Lynis is an open source security auditing tool for Linux and Unix systems. Its purpose is to perform system audits and provide reports on potential security risks and non-compliance with best practices. Lynis can assist system administrators and security experts in identifying and fixing vulnerabilities, improving security, and following best practices.

Key features of Lynix

System scanning: Lynis performs a comprehensive system scan that covers various areas such as operating system settings, network settings, file systems, services, and processes.

Customizability: Users can modify Lynx's settings and configuration to align with the organization's cybersecurity policies. This enables customization of inspections to specific needs.

Reporting: Lynis produces comprehensive reports of inspection results, including detected risks, observations, and potential improvement suggestions. Reports can be saved in various formats, such as text or HTML format.

Continuous monitoring: Lynis can act as a continuous monitoring tool that observes the system over time and provides notifications about potential cybersecurity issues.

Improvement suggestions: Lynis provides concrete improvement suggestions and action recommendations for fixing identified security risks.

Compatibility and support: Lynis supports multiple Linux and Unix-based operating systems, such as Debian, Ubuntu, Red Hat, CentOS, FreeBSD, and Solaris. It is widely used cybersecurity tool in communities and professional environments.

Exercise

Next, we will perform an exercise in which we download the Lynis program and run it on our Kali machine. Then, let's see what hardenings we should make according to this and see how they affect the assessment given by Lynis. Start the exercise below and repeat afterwards.

Downloading and Running Lynx

Run the following commands and lins starts.

 git Clone https://github.com/CISOfy/lynis
 cd lynis && ./lynis audit system

When LYNIS has run, it gives us a score called Hardening index. This gives us an indication of whether the system has been hardened, for example.

Lynis also gives us a lot of recommendations on how we can improve system security.

One of these recommendations is to install antivirus software. Let's install one of these and see how it affects our points.

We installed the rkhunter software and ran the lynis check again.

Of course, it is always important to keep in mind that it is our responsibility to understand how to use these programs and harden them in the best possible way, and not just installing a simple antivirus program like ClamAV or rkhunter is sufficient, but it also needs to be used correctly. Lynis tells us that this did not affect our scores and this is because we do not have active monitoring, and the tool itself may not even notice it.

Let's take the next interesting recommendation, which is the installation of the debsums program.

Quick googling tells us what the program does:

debsums can verify the integrity of installed package files against MD5 checksums installed by the package, or generated from a .deb archive.

So in practice, the program checks that the installed packages match authentic packages and that no changes have occurred in them. Install the tool and run Lynis again.

Our score increased by 2 points. You can now continue and try to see how high you can get your score in the practice lab. It's good to keep in mind that the lab environment has limited things that can be done and not all hardenings are necessarily possible.

You will also find more information about observations and results in the files /var/log/lynis*.

Questions