Lynis - Run an system and security audit on the system
lynis --check-all(-c) [other options]
Lynis is an auditing tool for Unix (specialists). It checks the system
and software configuration and logs all the found information into a
log file for debugging purposes, and in a report file suitable to
create fancy looking auditing reports. Lynis can be run as a cronjob,
or from the command line. It needs to have full access to the system,
so running it as root (or with sudo rights) is required.
The following system areas may be checked:
- Boot loader files
- Configuration files
- Common files by software packages
- Directories and files related to logging and auditing
--auditor <full name>
Define the name of the auditor/pen-tester. When a full name is
used, add double quotes, like "Michael Boelen".
--checkall (or -c)
Lynis performs a full check of the system, printing out the
results of each test to stdout. Additional information will be
saved into a log file (default is /var/log/lynis.log).
In case the outcome of a scan needs to be automated, use the
--check-update (or --info)
Show program, database and update information
Perform automatic scan with cron safe options (no colors, no
questions, no breaks).
Do not use colors for messages, warnings and sections.
Redirect all logging information to /dev/null, prevent sensitive
information to be written to disk.
Do a quick scan (don’t wait for user input)
Try to run as silent as possible, showing only warnings. This
option activates --quick as well.
Optimize screen output for light backgrounds.
Only run the specific test(s). When using multiple tests, add
quotes around the line.
Multiple parameters are allowed, though some parameters can only be
used together with others. When running Lynis without any parameters,
help will be shown and the program will exit.
There are no known bugs. Bugs can be reported directly to author.
Lynis is licensed under the GPL v3 license and under development by
Project related questions and comments should be asked via