How to read Lynis reports to improve Linux security Use Lynis' scans and reports to find and fix Linux security issues August 10, 2020 https://opensource.com/article/20/8/linux-lynis-security Scan your Linux security with Lynis (May 12, 2020)
Lynis for Linux, macOS, and Unix-based systems 3.0.7 Released (January 18, 2022) Homepage Spoiler: 3.0.7 Changelog ## Lynis 3.0.7 ( 2022-01-18 ) ### Added - MALW-3290 - Show status of malware components - OS detection for RHEL 6 and Funtoo Linux - Added service manager openrc ### Changed - DBS-1804 - Added alias for MariaDB - FINT-4316 - Support for newer Ubuntu versions - MALW-3280 - Added Trend Micro malware agent - NETW-3200 - Allow unknown number of spaces in modprobe blacklists - PKGS-7320 - Support for Garuda Linux and arch-audit - Several improvements for busybox shell - Russian translation of Lynis extended
I hadn't seen this until today. Thanks @mood and @1PW ! Installed and ran Audit option. This seems best suited for experienced IT personnel in an enterprise environment. I think for most home users of Linux, basic security measures such as enabling the firewall, requiring sudo elevation, a password to login to account, sticking to the recommended repositories and keeping everything up to date are probably adequate.
Hello @wat0114 I strongly agree with your assessment of Lynis. The tool can also find weak implementations of home user systems and application setups using the audit's notifications. In my own audit run, I may have found at least one security exposure that I'll need to investigate. Thank you @wat0114 for your post and to @mood creating this topic.
I did follow the recommendation to strengthen file permissions on my home directory using the chmod command
I too likely have the same (HOME-9304) suggestion. Similarly, I also have a sensible suggestion in one of my computer's /opt directory. Excellent! Approximately twenty years ago, I first started using Michael Boelen's RKHunter when my then Red Hat Linux system had to "live" in a dangerous environment, and when his Lynis was released, I didn't need much convincing. Lynis has matured nicely.
Most suggestions on mine non-standard install of Debian are not important for not-shared home user, but I have also find something worth correction. Thanks @mood
Lynis for Linux, macOS, and Unix-based systems 3.0.8-100 (stable) was released. (17-May-2022) Homepage | Changelog | Download Spoiler ### Added - MALW-3274 - Detect McAfee VirusScan Command Line Scanner - PKGS-7346 Check Alpine Package Keeper (apk) - PKGS-7395 Check Alpine upgradeable packages - EOL for Alpine Linux 3.14 and 3.15 ### Changed - AUTH-9408 - Check for pam_faillock as well (replacement for pam_tally2) - FILE-7524 - Test enhanced to support symlinks - HTTP-6643 - Support ModSecurity version 2 and 3 - KRNL-5788 - Only run relevant tests and improved logging - KRNL-5820 - Additional path for security/limits.conf - KRNL-5830 - Check for /var/run/needs_restarting (Slackware) - KRNL-5830 - Add a presence check for /boot/vmlinuz - PRNT-2308 - Bug fix that prevented test from storing values correctly - Extended location of PAM files for AARCH64 - Some messages in log improved I apologize to all for not noticing this update earlier.
Lynis for Linux, macOS, and Unix-based systems 3.0.9 (stable) was released. (03-August-2023) Homepage | Changelog | Download | Installation
Lynis for Linux, macOS, and Unix-based systems 3.1.0 (stable) has been released. (11-March-2024) Homepage | Changelog | Download | Installation | GitHub | Documentation | SHA-256: ca192ac67411b07ec8421d579b1f16c038299ff727a53d739403b729817bc2e7 Spoiler ## Lynis 3.1.0 (2024-03-11) ### Added - Translation: Indonesian ### Changed - MALW-3280 - Correction to detect com.avast.daemon - OS detection added for Guix System, macOS Ventura (13.x)/Sonoma (14.x), NXP LSDK, OpenEmbedded “nodistro”, and The Yocto Projects distro “Poky” - Updated Amazon Linux EOL dates and addition of Amazon Linux 2023 - STATUS_NOT_ACTIVE variable added to translation files - End-of-life dates updated - Fixing missing or erroneous test number comments - Detection of SentinelOne corrected - Wazuh for file integrity and tooling - Updated parsing output of arch-audit - Added support for SentinelOne detection - Replacing deprecated option -i for xargs - Path detection for PostgreSQL improved
Lynis for Linux, macOS, and Unix-based systems 3.1.1 (stable) has been released. (17-March-2024) Homepage | Changelog | Download | Installation | GitHub | Documentation | SHA256 hash: d72f4ee7325816bb8dbfcf31eb104207b9fe58a2493c2a875373746a71284cc3 Spoiler ## Lynis 3.1.1 (2024-03-17) ### Added - Detection of ArcoLinux ### Changed - DBS-1882 - Redis configuration file path added for FreeBSD (/usr/local/etc/redis.conf) - DBS-1882 - Check /snap directory location for Redis configuration file
Lynis for Linux, macOS, and Unix-based systems 3.1.2 (stable) has been released. (26-September-2024) Homepage | Changelog | Download | Installation | GitHub | Documentation | SHA-256: b0ed01d30a4415beb78acc47867f8e0779c9966d4febc5f4a31594ba2a0bd44d Spoiler Changelog is Pending Updated to macOS 15 Sequoia compatibility.
Lynis for Linux, macOS, and Unix-based systems 3.1.3 (stable) has been released. (16-December-2024) Homepage | Changelog | Download | Installation | GitHub | Documentation | FAQ | SHA-256: bb51569c8f9e67bd2d2aa5cfcdd8e2d82726552b69fde4abddff9d991706f554 Spoiler ## Lynis 3.1.3 (2024-12-16) This release introduces additional documentation in the form of blog articles to support the (missing) control information on the website. ### Added - Detection of Buildroot, Fedora Linux Asahi Remix, Garden Linux, Peppermint OS - Support for blog posts and articles to enhance suggestions ### Changed - BOOT-5264 - Changed output of systemd-analyze test and added link - FILE-6398 - Test temporarily disabled as on modern kernels JDB support is built-in - FIRE-4508 - Several changes to expand the test, make it more generic, resolve minor issues - KRNL-5622 - Test if systemctl binary is set - Several improvements for busybox - Update of translations: Italian, Russian, Spanish
