lynis
by CISOfy
Lynis is an agentless security auditing and hardening tool for UNIX-based systems that helps identify vulnerabilities and ensure compliance with standards like HIPAA, ISO27001, and PCI DSS.
Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.
Primary Use Case
Lynis is primarily used by system administrators, auditors, and security professionals to perform in-depth security scans, detect vulnerabilities, and assist with system hardening and compliance testing. It is ideal for auditing Linux, macOS, BSD, and other UNIX-like systems without requiring installation, making it suitable for both blue team defense and penetration testing scenarios.
- Automated security auditing for UNIX-based systems
- Compliance testing for standards such as HIPAA, ISO27001, and PCI DSS
- Vulnerability detection including vulnerable software and misconfigurations
- Agentless operation with optional installation
- System hardening recommendations and tips
- Support for configuration, asset, and software patch management
- Useful for penetration testing and privilege escalation assessments
- Open source and regularly updated
Installation
- Clone the repository: git clone https://github.com/CISOfy/lynis
- Navigate to the cloned directory: cd lynis
- Run the audit: ./lynis audit system
- Alternatively, install via package managers for supported OSes (CentOS, Debian, Fedora, OEL, openSUSE, RHEL, Ubuntu) using RPM or DEB packages from https://packages.cisofy.com/
- For up-to-date versions, use the CISOfy software repository or download the latest tarball from the website
- Optionally, change ownership of files to root for running as root: chown -R 0:0
Usage
>_ ./lynis audit systemPerforms a full security audit of the local system
- Integrate Lynis scans into CI/CD pipelines for continuous compliance and vulnerability assessment.
- Use Lynis reports to tailor system hardening policies and automate remediation workflows.
- Combine Lynis with endpoint detection tools to enhance detection of misconfigurations and vulnerabilities.
- Leverage Lynis in purple team exercises to validate both offensive and defensive controls on UNIX systems.
- Automate compliance reporting using Lynis outputs to streamline audit preparation and regulatory adherence.
Docs Take 2 Hours. AI Takes 10 Seconds.
Ask anything about lynis. Installation? Config? Troubleshooting? Get answers trained on real docs and GitHub issues—not generic ChatGPT fluff.
3 free chats per tool • Instant responses • No credit card
Related Tools
trivy
aquasecurity/trivy
Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more
nuclei
projectdiscovery/nuclei
Nuclei is a fast, customizable vulnerability scanner powered by the global security community and built on a simple YAML-based DSL, enabling collaboration to tackle trending vulnerabilities on the internet. It helps you find vulnerabilities in your applications, APIs, networks, DNS, and cloud configurations.
vuls
future-architect/vuls
Agent-less vulnerability scanner for Linux, FreeBSD, Container, WordPress, Programming language libraries, Network devices
oss-fuzz
google/oss-fuzz
OSS-Fuzz - continuous fuzzing for open source software.
nuclei-templates
projectdiscovery/nuclei-templates
Community curated list of templates for the nuclei engine to find security vulnerabilities.
grype
anchore/grype
A vulnerability scanner for container images and filesystems