diff options
author | Michael Boelen <michael.boelen@cisofy.com> | 2018-08-27 15:25:59 +0300 |
---|---|---|
committer | Michael Boelen <michael.boelen@cisofy.com> | 2018-08-27 15:25:59 +0300 |
commit | 67f9d254614fb95644df6c5088ed51ec9e006ce5 (patch) | |
tree | 73e4a22d15359f8997bf48080b8514eef84c26c7 /lynis.8 | |
parent | cfd853d0b0af474be8bb11f64be26cc97420888d (diff) |
Updated list of options and man page
Diffstat (limited to 'lynis.8')
-rw-r--r-- | lynis.8 | 60 |
1 files changed, 31 insertions, 29 deletions
@@ -1,4 +1,4 @@ -.TH Lynis 8 "13 Oct 2016" "1.26" "Unix System Administrator's Manual" +.TH Lynis 8 "27 Aug 2018" "1.27" "Unix System Administrator's Manual" .SH "NAME" @@ -16,12 +16,13 @@ Lynis \fP\- System and security auditing tool .fi .SH "DESCRIPTION" -\fBLynis\fP is a security auditing tool for Linux, Mac OSX, and UNIX systems. It -checks the system and the software configuration, to see if there is any room for -improvement the security defenses. All details are stored in a log file. Findings -and other discovered data is stored in a report file. This can be used to compare -differences between audits. \fBLynis\fP can run interactively or as a cronjob. Root permissions (e.g. sudo) -are not required, however provide more details during the audit. +\fBLynis\fP is a security auditing tool for Linux, macOS, and other systems based +on UNIX. The tool checks the system and the software configuration, to see if +there is any room for improvement the security defenses. All details are stored +in a log file. Findings and other discovered data is stored in a report file. +This can be used to compare differences between audits. \fBLynis\fP can run +interactively or as a cronjob. Root permissions (e.g. sudo) are not required, +however provide more details during the audit. .PP The following system areas may be checked: .IP @@ -41,7 +42,7 @@ When running \fBLynis\fP for the first time, run: lynis audit system .IP "audit \<type\>" Perform an audit of the selected type .IP "show \<parameter\>" -Show varies information details like configuration and paths +Show information, such as configuration and paths .IP "update \<parameter\>" Perform activities regarding updating .IP "upload-only" @@ -59,20 +60,10 @@ For more scan modes, see the helper utilities. .SH "OPTIONS" .TP -.B \-\-auditor <full name> -Define the name of the auditor/pen-tester. When a full name is used, add double +.B \-\-auditor <name> +Define the name of the auditor/pentester. When a full name is used, add double quotes, like "Your Name". .TP -.B \-\-checkall (or \-c) -\fBLynis\fP performs a full check of the system, printing out the results of -each test to stdout. Additional information will be saved into a log file -(default is /var/log/lynis.log). This option invokes scan mode "audit system". -.IP -In case the outcome of a scan needs to be automated, use the report file. -.TP -.B \-\-config -Show which settings file or profile is being used, then quit. -.TP .B \-\-cronjob Perform automatic scan with cron safe options (no colors, no questions, no breaks). @@ -83,22 +74,25 @@ Display debug information to screen for troubleshooting purposes. .B \-\-developer Display developer information when creating tests. .TP -.B \-\-dump\-options -Show all available parameters. +.B \-\-help +Show available commands and most-used options. .TP .B \-\-logfile </path/to/logfile> Defines location and name of log file, instead of default /var/log/lynis.log. .TP +.B \-\-man +Show the man page. Useful for systems that do not have the man page installed. +.TP .B \-\-no\-colors -Do not use colors for messages, warnings and sections. +Disable colored output. .TP .B \-\-no\-log Redirect all logging information to /dev/null, prevent sensitive information to be written to disk. .TP .B \-\-pentest -Run a non-privileged scan, usually for penetration testing. Some of the tests -will be skipped if they require root permissions. +Run a non-privileged scan, usually used for penetration testing. Some of the +tests will be skipped if they require root permissions. .TP .B \-\-plugin\-dir </path/to/plugins> Define location where plugins can be found. @@ -125,19 +119,27 @@ Do not run plugins. Only run the specific test(s). When using multiple tests, add quotes around the line. .TP +.B \-\-tests\-from\-category "<category>" +Tests are only performed if they belong to the defined category. Use the command +'show categories' to determine all valid options. +.TP .B \-\-tests\-from\-group "<group>" -Only perform tests from particular group of tests. Use 'show groups' to determine -valid options. +Similar to \-\-tests\-from\-category. Only perform tests from a particular group. +Use 'show categories' to determine valid options. .TP .B \-\-upload -Upload data to Lynis Enterprise server. +Upload data to Lynis Enterprise server (profile option: upload=yes). +.TP +.B \-\-verbose +Show more details on screen, such as components that could not found. These +details are hidden by default. .TP .B \-\-wait Wait for user to continue. This adds a break after each section (opposed of \-\-quick). .TP .B \-\-warnings\-only -Run quietly, except warnings. +Run quietly, except show warnings. .RE .PP .RS |