Lynis is an open source security auditing tool. Primary goal is to help users with auditing and hardening of Unix and Linux based systems. The software is very flexible and runs on almost every Unix based system (including Mac). Even the installation of the software itself is optional!
How it works
Lynis will perform hundreds of individual tests to determine the security state of the system. Many of these tests are also part of common security guidelines and standards. Examples include searching for installed software and determine possible configuration flaws. Lynis goes further and does also test individual software components, checks related configuration files and measures performance. After these tests, a scan report will be displayed with all discovered findings.
Typical use cases for Lynis:
- Security auditing
- Vulnerability scanning
- System hardening
Why open source?
Open source software provides trust by having people look into the code. Adjustments are easily made, providing you with a flexible solution for your business. But can you trust systems and software with your data? Lynis provides you this confidence. It does so with extensive auditing of your systems. This way you can verify and stay in control of your security needs.
With IT departments already under pressure, the demand for securing systems is only getting higher. This is why regular system auditing is required.
Unfortunately, manual checking is too much work and most solutions only present the issues. With Lynis Enterprise auditing is quick, easy and affordable.
Audits performed by Lynis are extensive. From the bootloader up to the last piece of software, it all gets checked. Any vulnerable package, weak configuration value or unneeded daemon will show up sooner or later.
To increase the defenses of a system, additional security measures have to be implemented. This process of fortification is named system hardening. It consists of removing unnecessary parts, limit default access and tighten up the permissions of processes and users. While Unix based systems are fairly secure by default, the need of system hardening will always exist.
Hardening systems without the right tools, can take a lot of time. Besides investigating, the changes have to be planned, implemented and tested at several stages.
Our solution performs an in-depth audit, to determine the applicable hardening controls. Together with these controls the right suggestions are selected for your environment. A customized plan will be part of your system hardening efforts. To simplify the process of system hardening, hardening snippets are provided. Almost as simple as a copy-paste, you can harden the system of your workstations and servers.
The hardening snippets used are depending on the related control. Usually there is a piece of shell script available to test for a specific control, or to implement the related control. Where possible and applicable, also snippets are provided for configuration management tools like cfengine, Chef and Puppet.
Discovering weaknesses in IT security is named vulnerability scanning. It is the art of finding weaknesses, before malicious people do. These vulnerabilities may exist in essential parts of the operating system, software, or even configuration files.
Our solution focuses on host based scanning, combined with scanning via the network. This way more ground is covered and better insights can be provided. Solutions only using network scanning are nowadays not extensive enough.
Most of the vulnerability tests are already built-in. With the help of plugins, additional tests are performed to discover vulnerabilities. Also information is collected, which can be used to determine weaknesses in unexpected areas.