Lynis is an open-source security auditing tool for Unix-based systems, designed to assess vulnerabilities, enforce best practices, and improve server hardening. This article explains how to install Lynis on an Ubuntu VPS and provides a guide on how to run security audits, interpret results, and improve server security.
12 min
Edited:12-10-2024
Lynis is a comprehensive security auditing tool for Unix-based systems, including Linux and macOS. Unlike typical antivirus solutions, Lynis focuses on system hardening by checking configuration issues, vulnerabilities, and weaknesses that could expose your server to attacks. It performs a deep analysis of system settings, file permissions, services, and installed software, helping administrators improve the overall security posture of their VPS. Lynis is widely used by security professionals, auditors, and system administrators to evaluate system health and security compliance. It generates detailed reports and provides actionable suggestions to mitigate security risks, making it an essential tool for anyone managing a VPS.
In-depth Security Audits: Identifies vulnerabilities, security issues, and configuration weaknesses.
Compliance Checking: Supports compliance tests for various standards, such as PCI-DSS, HIPAA, and more.
Best Practice Recommendations: Provides suggestions to improve system hardening.
Open Source: Free to use and highly customizable.
Lightweight and Non-Intrusive: Lynis runs directly on the server, without requiring installation of agents.
To secure your Ubuntu VPS using Lynis, follow these steps to install and configure it.
As always, it’s important to keep your server up to date. Begin by updating the package index and upgrading the system:
1. sudo apt update
2. sudo apt upgrade
Lynis is available in Ubuntu’s default repositories, so you can easily install it using the following command:
1. sudo apt install lynis
Alternatively, you can download the latest version directly from the Lynis GitHub repository if you want the most recent updates:
1. cd /opt
2. sudo git clone https://github.com/CISOfy/lynis
3. cd lynis
4. sudo ./lynis audit system
The installation is complete, and Lynis is ready to be used for auditing your system.
After installing Lynis, you can start auditing your server for security weaknesses and best practices.
To run a quick and complete system audit, execute the following command:
1. sudo lynis audit system
Lynis will begin scanning your system, checking for configuration issues, security vulnerabilities, and areas that require hardening. The scan will include categories such as:
File integrity
User accounts
SSH settings
Network services
Installed software
Firewall settings
File permissions
Malware and rootkits
During the audit, Lynis will display its progress in the terminal, showing warnings, suggestions, and tips.
Once the audit is complete, Lynis will generate a detailed report of its findings. This report provides critical information on system security, showing areas that need attention.
To view the audit report summary, scroll up in your terminal after the audit finishes. You can also find a detailed report stored at:
1. /var/log/lynis.log
Another key output is the lynis-report.dat file, which contains all findings and suggestions. You can view this file in the following directory:
1. /var/log/lynis-report.dat
Lynis organizes its findings into categories like Warnings, Suggestions, and Hardening Index:
Warnings: These are critical issues that need immediate attention. They indicate misconfigurations, missing security patches, or high-risk vulnerabilities.
Suggestions: These are recommendations for improving system security. While not as urgent as warnings, following these tips will significantly enhance your system’s defense.
Hardening Index: This is a score that represents how secure your system is based on the audit findings. The higher the score, the more secure your system is. Lynis will also show suggestions to improve your score.
Lynis provides actionable recommendations in its report. Here’s how you can address some common issues:
- Update Software: If Lynis reports outdated software or packages, make sure to update them using:
1. sudo apt update && sudo apt upgrade
- Configure Firewall: Lynis might suggest improving your firewall rules. Ensure that you have ufw (Uncomplicated Firewall) set up and configured to allow only necessary traffic:
1. sudo ufw enable
2. sudo ufw allow ssh
3. sudo ufw allow http
- Secure SSH: Lynis will often recommend hardening SSH access by disabling root login and using key-based authentication:
- Edit the SSH configuration file:
1. sudo nano /etc/ssh/sshd_config
- Ensure the following lines are present:
1. PermitRootLogin no
2. PasswordAuthentication no
- Restart SSH:
1. sudo systemctl restart ssh
- Check File Permissions: Lynis may report issues with file or directory permissions. Make sure that critical files (e.g., /etc/passwd) have the correct permissions and ownership:
1. sudo chmod 644 /etc/passwd
2. sudo chmod 600 /etc/shadow
After addressing the issues and suggestions, re-run the audit to ensure the improvements are recognized by Lynis:
1. sudo lynis audit system
This will confirm that your changes have been applied correctly and that your security posture has improved.
To ensure regular system audits, you can set up a cron job that runs Lynis periodically and logs the results. Here’s how to schedule a weekly audit:
1. Open the cron configuration file:
1. sudo crontab -e
2. Add the following line to run a Lynis audit every Monday at 3 AM:
1. 0 3 * * 1 /usr/sbin/lynis audit system --quiet >> /var/log/lynis-cron.log
This command will run the audit quietly and save the output to /var/log/lynis-cron.log.
Lynis is an invaluable tool for hardening your Ubuntu VPS by identifying weaknesses, vulnerabilities, and misconfigurations. By regularly running security audits with Lynis, you can ensure your server is properly secured and compliant with best practices. Its actionable recommendations and clear reports make it an essential tool for any system administrator looking to maintain a secure environment. With Lynis, you can proactively address security concerns and protect your server from potential threats before they become critical issues.
14-10-2024
This article offers a detailed guide on installing and configuring IPTables on an Ubuntu VPS. IPTables is a powerful firewall tool that helps secure your server by controlling inbound and outbound traffic. Learn how to set up rules for traffic filtering, configure basic security policies, and apply custom rules to protect your VPS.
IPtables
security
12 min
This article offers a comprehensive guide on installing and configuring ModSecurity, a powerful web application firewall (WAF), on an Ubuntu VPS. Learn how to secure your server by filtering and monitoring HTTP requests, set up ModSecurity with Nginx or Apache, and apply rules to protect against common web attacks.
Modsecurity
security
10 min
14-10-2024
This article provides a comprehensive guide on installing and configuring PHP-FPM (FastCGI Process Manager) on an Ubuntu VPS. Learn how to optimize PHP performance for your web applications by configuring PHP-FPM with Nginx or Apache, managing pools, and fine-tuning settings for efficient processing of PHP scripts.
PHP-FPM
speed
optimise
12 min