Logo - By Henry
   Home | Projects | Articles | Security Net | Contributors | Contact | Wishlist  

« Back to articles

Lynis: security auditing and hardening tool for Linux

Lynis: security auditing and hardening tool for Linux

Installing a Linux based systems is nowadays very easy. Follow the wizard, select the packages you would like to install and soon your server or desktop system is running Linux. While Linux is known for its stability, it's commonly also assumed that it's secure by default. Although we would like this to be true, proper knowledge of software and system management is needed to make this true.

To assist Linux desktop users or system administrators in keeping systems secure, Michael Boelen developed a tool named Lynis. It scans system configurations, installed software and helps the owner of the Linux system with hardening it. Although there are more security scan tools available, many are outdated or limited in functionality. Or they are simple not accessible by normal users, since they are part of a paid service. Lynis is open source software and therefore free to use and publicly available, under the common conditions of the GPL license. This way Linux security knowledge is protected and shared amongst many.

Lynis is different from normal benchmarks and hardening guides. It not only pays attention the operating system, but also the software running on it. While some guides instruct the user or administrator to run time synchronization software for example, Lynis actively searches for what method is used, if it's working correctly and is properly synchronized. Because what has been configured correctly once, is not necessarily the proper configuration today!

Running Lynis is a fairly easy task and consists of the following 3 steps:
1. Download the tarball from the website
2. Unpack it in a temporary directory
3. Run the Lynis binary with the -c (check) option

After it's done with scanning the system and its software, it will provide the user with warnings (if any) and suggestions on how to further improve the hardening state of the system. With some pointers on how to do this, it will be fairly easy for seasoned Linux users to fix these issues themselves. For Linux rookies, it gives them a great starting point to study the subject and ask for help with some specific questions, instead of the general question "how can I improve the security of my Linux installation?".

You can download Lynis at, the home of several security tools to improve Linux security.

Last updated by Michael Boelen at 08 October 2013

Lynis Enterprise Suite

This website is also part of our mission to help individuals and companies to secure their systems and comply with regulations. As such, this website is additional guide for the open source community and our users of the Lynis Enterprise Suite:

Complete solution to audit, harden and secure your Linux/Unix environment.

  • Perform audits within a few minutes
  • Central management
  • Powerful reporting
  • Additional plugins and more tests

Lynis Enterprise screenshot
Lynis Enterprise Screenshot: Output of a customized implementation plan

Tell me more »


"A master piece of software and a must for every server admin." - Jose

"Happy installing Lynis on every server I install. Also made some changes for automation and having regular scans of the system. For several customers I made some custom checks on integrity." - Rick Voormolen

» About

Thanks to
» Contributors
» Sponsors

Valid XHTML 1.0!

[PHPips enabled]
Copyright 2003-2019 and Michael Boelen, supported by CISOfy
All rights reserved
Hosted by Shock Media