Learn How To Install and Use Lynis on CentOS 7
Table of Contents
Lynis is an open source security auditing tool which is widely used on various Unix-like operating systems. With Lynis, system administrators and security professionals can perform in-depth system-wide security scans in a matter of minutes.
In this article, I will explain how to install and use Lynis on a CentOS 7 server.
Prerequisites
- A CentOS 7 x64 server instance.
- A sudo user.
Step 1: Update the system
Log in from an SSH terminal as a sudo user, and then update the system as follows:
sudo yum install epel-release -y
sudo yum update -y
sudo shutdown -r now
After the system reboot, log in back as the same sudo user.
Step 2: Install Lynis and Lynis plugins (community)
2.1 Install Lynis
On CentOS 7, you can easily install Lynis using the EPEL YUM repo which has been installed earlier:
sudo yum install lynis -y
2.2 Install Lynis plugins (community)
If you want to enhance Lynis’ functionality, you can install Lynis plugins (community) which can only be obtained from subscription:
- On the official Lynis plugins download page, click the
Download
button. - On the next page, input your email address and then click the
Subscribe
button. - You will receive an email message in your email inbox, click the link within to confirm your subscription.
- You will receive another email message which includes the download URL of Lynis plugins, say it is
http://sable.madmimi.com/c/6938?id=44150.2674.1.a12c46882ca668ab69e63acbe670c747
.
Now, download and unzip the plugins archive as follows:
cd
wget http://sable.madmimi.com/c/6938?id=44150.2674.1.a12c46882ca668ab69e63acbe670c747 -O lynis-community-plugins.tar.gz
sudo tar -zxvf lynis-community-plugins.tar.gz --strip-components=1 -C /usr/share/lynis/plugins
Setup proper permissions:
sudo chown root:root /usr/share/lynis/plugins/plugin_*
sudo chmod 600 /usr/share/lynis/plugins/plugin_*
Finally, check the Lynis profile file to make sure that newly-added plugins (which are pam
and systemd
in our case) are enabled:
sudo grep plugin= /etc/lynis/default.prf
The output should include plugin=pam
and plugin-systemd
:
plugin=compliance
plugin=configuration
plugin=control-panels
plugin=crypto
plugin=dns
plugin=docker
plugin=file-integrity
plugin=file-systems
plugin=firewalls
plugin=forensics
plugin=intrusion-detection
plugin=intrusion-prevention
plugin=kernel
plugin=malware
plugin=memory
plugin=nginx
plugin=pam
plugin=processes
plugin=security-modules
plugin=software
plugin=system-integrity
plugin=systemd
plugin=users
Step 3: Use Lynis
Simply running Lynis without any parameter will display the Lynis parameters:
sudo lynis
If you want to perform a full security scan, use the following command:
sudo lynis audit system
All scan results will be stored in the Lynis log file /var/log/lynis.log
.
After the full security scan, you can sort out all Warning
messages from the Lynis log file using the below grep command:
sudo grep Warning /var/log/lynis.log
Similarly, you can display all Suggestion
messages using another grep command:
sudo grep Suggestion /var/log/lynis.log
That’s it. If you want to learn more details about Lynis, please visit Lynis official website.
Need help?
Do you need help setting up this on your own service?
Please contact us and we’ll provide you the best possible quote!