Original author(s) | Michael Boelen |
---|---|
Developer(s) | CISOfy |
Stable release | 3.0.8 / 17 May 2022 [1] |
Repository | |
Written in | Shell script |
Operating system | FreeBSD, Linux, macOS, OpenBSD, Solaris |
Type | Security Software, Audit tool |
License | GNU GPLv3 |
Website | cisofy |
Lynis is an extensible security audit tool for computer systems running Linux, FreeBSD, macOS, OpenBSD, Solaris, and other Unix derivatives. It assists system administrators and security professionals with scanning a system and its security defenses, with the final goal being system hardening. [2]
The tool was created by Michael Boelen, the original author of rkhunter as well as several special contributors and translators. [3] Lynis is available under the GPLv3 license.
The software determines various system information, such as the specific OS type, kernel parameters, authentication and accounting mechanism, installed packages, installed services, network configuration, logging and monitoring (e.g. syslog-ng), cryptography (e.g. SSL/TLS certificates) and installed malware scanners (e.g. ClamAV or rkhunter). Additionally, it will check the system for configuration errors and security issues. By request of the auditor, those checks may conform to international standards such as ISO 27001, PCI-DSS 3.2 and HIPAA.
The software also helps with fully automated or semi-automatic auditing, software patch management, evaluation of server hardening guidelines and vulnerability/malware scanning of Unix-based systems. It can be locally installed from most system repositories, or directly started from disk, including USB stick, CD or DVD. [4]
The intended audience is auditors, security specialists, penetration testers, and sometimes system/network administrators. Usually members of a First Line of Defense within a company or larger organization tend to employ such audit tools. According to the official documentation, there is also a Lynis Enterprise version, available with support for more than 10 computer systems, providing malware scanning, intrusion detection and additional guidance for auditors. [5]
KornShell (ksh
) is a Unix shell which was developed by David Korn at Bell Labs in the early 1980s and announced at USENIX on July 14, 1983. The initial development was based on Bourne shell source code. Other early contributors were Bell Labs developers Mike Veach and Pat Sullivan, who wrote the Emacs and vi-style line editing modes' code, respectively. KornShell is backward-compatible with the Bourne shell and includes many features of the C shell, inspired by the requests of Bell Labs users.
Wine is a free and open-source compatibility layer that aims to allow application software and computer games developed for Microsoft Windows to run on Unix-like operating systems. Wine also provides a software library, named Winelib, against which developers can compile Windows applications to help port them to Unix-like systems.
Darwin is an open-source Unix operating system first released by Apple Inc. in 2000. It is composed of code derived from NeXTSTEP, BSD, Mach, and other free software projects' code, as well as code developed by Apple.
Linux malware includes viruses, Trojans, worms and other types of malware that affect the Linux family of operating systems. Linux, Unix and other Unix-like computer operating systems are generally regarded as very well-protected against, but not immune to, computer viruses.
This is a list of operating systems specifically focused on security. Operating systems for general-purpose usage may be secure without having a specific focus on security.
chkrootkit is a common Unix-based program intended to help system administrators check their system for known rootkits. It is a shell script using common UNIX/Linux tools like the strings
and grep
commands to search core system programs for signatures and for comparing a traversal of the /proc
filesystem with the output of the ps
command to look for discrepancies.
rkhunter is a Unix-based tool that scans for rootkits, backdoors and possible local exploits. It does this by comparing SHA-1 hashes of important files with known good ones in online databases, searching for default directories, wrong permissions, hidden files, suspicious strings in kernel modules, and special tests for Linux and FreeBSD. rkhunter is notable due to its inclusion in popular operating systems
The following tables compare general and technical information between a number of notable IRC client programs which have been discussed in independent, reliable prior published sources.
The Metasploit Project is a computer security project that provides information about security vulnerabilities and aids in penetration testing and IDS signature development. It is owned by Boston, Massachusetts-based security company Rapid7.
Ports collections are the sets of makefiles and patches provided by the BSD-based operating systems, FreeBSD, NetBSD, and OpenBSD, as a simple method of installing software or creating binary packages. They are usually the base of a package management system, with ports handling package creation and additional tools managing package removal, upgrade, and other tasks. In addition to the BSDs, a few Linux distributions have implemented similar infrastructure, including Gentoo's Portage, Arch's Arch Build System (ABS), CRUX's Ports and Void Linux's Templates.
FreeBSD is a free and open-source Unix-like operating system descended from the Berkeley Software Distribution (BSD), which was based on Research Unix. The first version of FreeBSD was released in 1993. In 2005, FreeBSD was the most popular open-source BSD operating system, accounting for more than three-quarters of all installed and permissively licensed BSD systems.
OSSEC is a free, open-source host-based intrusion detection system (HIDS). It performs log analysis, integrity checking, Windows registry monitoring, rootkit detection, time-based alerting, and active response. It provides intrusion detection for most operating systems, including Linux, OpenBSD, FreeBSD, OS X, Solaris and Windows. OSSEC has a centralized, cross-platform architecture allowing multiple systems to be easily monitored and managed. OSSEC has a log analysis engine that is able to correlate and analyze logs from multiple devices and formats.
This is a comparison of notable free and open-source configuration management software, suitable for tasks like server configuration, orchestration and infrastructure as code typically performed by a system administrator.
Tiger is a security software for Unix-like computer operating systems. It can be used both as a security audit tool and a host-based intrusion detection system and supports multiple UNIX platforms. Tiger is free under the GPL license and unlike other tools, it needs only of POSIX tools, and is written entirely in shell language.
Snap is a software packaging and deployment system developed by Canonical for operating systems that use the Linux kernel and the systemd init system. The packages, called snaps, and the tool for using them, snapd, work across a range of Linux distributions and allow upstream software developers to distribute their applications directly to users. Snaps are self-contained applications running in a sandbox with mediated access to the host system. Snap was originally released for cloud applications but was later ported to also work for Internet of Things devices and desktop applications.
Redox is a Unix-like microkernel operating system written in the programming language Rust, which has a focus on safety, stability, and performance. Redox aims to be secure, usable, and free. Redox is inspired by prior kernels and operating systems, such as SeL4, MINIX, Plan 9, and BSD. It is similar to GNU and BSD, but is written in a memory-safe language. It is free and open-source software distributed under an MIT License.
Lumina Desktop Environment, or simply Lumina, is a plugin-based desktop environment for Unix and Unix-like operating systems. It is designed specifically as a system interface for TrueOS, and systems derived from Berkeley Software Distribution (BSD) in general, but has been ported to various Linux distributions.
Linux Malware Detect, abbreviated as LMD or maldet, is a software package that looks for malware on Linux systems and reports on it.
Lynis is different to other, more popular security packages such as Nessus and OpenVAS, in that while the latter both focus on assessing vulnerabilities for the purposes of exploiting the findings; the former analyzes systems and compares the findings to a known set of ever-expanding criteria in an effort to determine an index, or score, that is assigned to systems after a number of checks have been completed and how the device compares to the criteria of known best practices.