1Lynis(8)              Unix System Administrator's Manual              Lynis(8)
2
3
4

NAME

6        Lynis - System and security auditing tool
7

SYNOPSIS

9       lynis [scan mode] [other options]
10

DESCRIPTION

12       Lynis  is  a security auditing tool for Linux, macOS, and other systems
13       based on UNIX. The tool checks the system and the  software  configura‐
14       tion,  to  see  if  there  is  any  room  for  improvement the security
15       defenses. All details are stored in a log file. Findings and other dis‐
16       covered  data  is stored in a report file.  This can be used to compare
17       differences between audits. Lynis can run interactively or as  a  cron‐
18       job.  Root  permissions  (e.g.  sudo) are not required, however provide
19       more details during the audit.
20
21       The following system areas may be checked:
22
23              - Boot loader files
24
25              - Configuration files
26
27              - Software packages
28
29              - Directories and files related to logging and auditing
30

FIRST TIME USAGE

32       When running Lynis for the first time, run: lynis audit system
33
34

COMMANDS

36       audit <type>
37              Perform an audit of the selected type
38
39       show <parameter>
40              Show information, such as configuration and paths
41
42       update <parameter>
43              Perform activities regarding updating
44
45       upload-only
46              Upload the available report data file
47
48

SCAN TYPES

50       audit system
51              Performs a system audit, which is the most common audit.
52
53       audit system remote <host>
54              Provide commands to do a remote scan.
55
56       For more scan modes, see the helper utilities.
57
58

OPTIONS

60       --auditor <name>
61              Define the name of the auditor/pentester. When a  full  name  is
62              used, add double quotes, like "Your Name".
63
64       --cronjob
65              Perform  automatic  scan  with  cron safe options (no colors, no
66              questions, no breaks).
67
68       --debug
69              Display debug information to  screen  for  troubleshooting  pur‐
70              poses.
71
72       --developer
73              Display developer information when creating tests.
74
75       --help Show available commands and most-used options.
76
77       --logfile </path/to/logfile>
78              Defines  location  and  name  of  log  file,  instead of default
79              /var/log/lynis.log.
80
81       --man  Show the man page. Useful for systems that do not have  the  man
82              page installed.
83
84       --no-colors
85              Disable colored output.
86
87       --no-log
88              Redirect all logging information to /dev/null, prevent sensitive
89              information to be written to disk.
90
91       --pentest
92              Run a non-privileged scan, usually used for penetration testing.
93              Some  of  the tests will be skipped if they require root permis‐
94              sions.
95
96       --plugin-dir </path/to/plugins>
97              Define location where plugins can be found.
98
99       --profile <file>
100              Provide alternative profile to perform the scan.
101
102       --quick (-Q)
103              Do a quick scan (don't wait for user input).
104
105       --quiet (-q)
106              Run quietly and do not show anything to the  screen.  Will  also
107              enable quick mode.
108
109       --report-file <file>
110              Provide an alternative name for report file.
111
112       --reverse-colors
113              Optimize screen output for light backgrounds.
114
115       --skip-plugins
116              Do not run plugins.
117
118       --tests TEST-IDs
119              Only  run  the  specific test(s). When using multiple tests, add
120              quotes around the line.
121
122       --tests-from-category <category>
123              Tests are only performed if they belong to the defined category.
124              Use the command
125
126       --tests-from-group <group>
127              Similar to --tests-from-category. Only perform tests from a par‐
128              ticular  group.   Use  'show  categories'  to  determine   valid
129              options.
130
131       --upload
132              Upload   data   to  Lynis  Enterprise  server  (profile  option:
133              upload=yes).
134
135       --verbose
136              Show more details on screen, such as components that  could  not
137              found. These details are hidden by default.
138
139       --wait Wait  for user to continue. This adds a break after each section
140              (opposed of --quick).
141
142       --warnings-only
143              Run quietly, except show warnings.
144
145       Multiple parameters are allowed, though some  parameters  can  only  be
146       used  together  with others. When running Lynis without any parameters,
147       help will be shown and the program will exit.
148

HELPERS

150       Lynis has special helpers to do certain tasks. This way  the  framework
151       of  Lynis is used, while at the same time storing most of the function‐
152       ality in a separated file. This speeds up execution and keeps the  code
153       clean.
154
155
156       audit  Run audit on the system or on other targets
157
158       show   Provide details about Lynis
159
160       update Run updater utility
161
162       To use a helper, run Lynis followed by the helper name.
163
164

EXIT CODES

166       Lynis uses exit codes to signal any invoking script. Currently the fol‐
167       lowing codes are used:
168
169       0      Program exited normally
170
171       1      Fatal error
172
173       64     An unknown parameter is used, or incomplete
174
175       65     Incorrect data encountered
176
177       66     Can't open file or directory
178
179       78     Lynis found 1 or more warnings or  configurations  errors  (with
180              error-on-warnings=yes)
181
182

BUGS

184       Bugs can be reported via GitHub at https://github.com/CISOfy/lynis
185
186

DOCUMENTATION

188       Supporting documentation can be found via https://cisofy.com/support/
189
190

LICENSING

192       Lynis  is  licensed as GPLv3. It was created by Michael Boelen in 2007.
193       Development has been taken over by CISOfy. Plugins may have a different
194       license.
195
196

CONTACT INFORMATION

198       Support  requests and project related questions can be addressed via e-
199       mail: lynis-dev@cisofy.com.
200
201
202
2031.27                              27 Aug 2018                         Lynis(8)
Impressum