From 67f9d254614fb95644df6c5088ed51ec9e006ce5 Mon Sep 17 00:00:00 2001 From: Michael Boelen Date: Mon, 27 Aug 2018 14:25:59 +0200 Subject: Updated list of options and man page --- lynis.8 | 60 +++++++++++++++++++++++++++++++----------------------------- 1 file changed, 31 insertions(+), 29 deletions(-) (limited to 'lynis.8') diff --git a/lynis.8 b/lynis.8 index a66ee829..55178311 100644 --- a/lynis.8 +++ b/lynis.8 @@ -1,4 +1,4 @@ -.TH Lynis 8 "13 Oct 2016" "1.26" "Unix System Administrator's Manual" +.TH Lynis 8 "27 Aug 2018" "1.27" "Unix System Administrator's Manual" .SH "NAME" @@ -16,12 +16,13 @@ Lynis \fP\- System and security auditing tool .fi .SH "DESCRIPTION" -\fBLynis\fP is a security auditing tool for Linux, Mac OSX, and UNIX systems. It -checks the system and the software configuration, to see if there is any room for -improvement the security defenses. All details are stored in a log file. Findings -and other discovered data is stored in a report file. This can be used to compare -differences between audits. \fBLynis\fP can run interactively or as a cronjob. Root permissions (e.g. sudo) -are not required, however provide more details during the audit. +\fBLynis\fP is a security auditing tool for Linux, macOS, and other systems based +on UNIX. The tool checks the system and the software configuration, to see if +there is any room for improvement the security defenses. All details are stored +in a log file. Findings and other discovered data is stored in a report file. +This can be used to compare differences between audits. \fBLynis\fP can run +interactively or as a cronjob. Root permissions (e.g. sudo) are not required, +however provide more details during the audit. .PP The following system areas may be checked: .IP @@ -41,7 +42,7 @@ When running \fBLynis\fP for the first time, run: lynis audit system .IP "audit \" Perform an audit of the selected type .IP "show \" -Show varies information details like configuration and paths +Show information, such as configuration and paths .IP "update \" Perform activities regarding updating .IP "upload-only" @@ -59,20 +60,10 @@ For more scan modes, see the helper utilities. .SH "OPTIONS" .TP -.B \-\-auditor -Define the name of the auditor/pen-tester. When a full name is used, add double +.B \-\-auditor +Define the name of the auditor/pentester. When a full name is used, add double quotes, like "Your Name". .TP -.B \-\-checkall (or \-c) -\fBLynis\fP performs a full check of the system, printing out the results of -each test to stdout. Additional information will be saved into a log file -(default is /var/log/lynis.log). This option invokes scan mode "audit system". -.IP -In case the outcome of a scan needs to be automated, use the report file. -.TP -.B \-\-config -Show which settings file or profile is being used, then quit. -.TP .B \-\-cronjob Perform automatic scan with cron safe options (no colors, no questions, no breaks). @@ -83,22 +74,25 @@ Display debug information to screen for troubleshooting purposes. .B \-\-developer Display developer information when creating tests. .TP -.B \-\-dump\-options -Show all available parameters. +.B \-\-help +Show available commands and most-used options. .TP .B \-\-logfile Defines location and name of log file, instead of default /var/log/lynis.log. .TP +.B \-\-man +Show the man page. Useful for systems that do not have the man page installed. +.TP .B \-\-no\-colors -Do not use colors for messages, warnings and sections. +Disable colored output. .TP .B \-\-no\-log Redirect all logging information to /dev/null, prevent sensitive information to be written to disk. .TP .B \-\-pentest -Run a non-privileged scan, usually for penetration testing. Some of the tests -will be skipped if they require root permissions. +Run a non-privileged scan, usually used for penetration testing. Some of the +tests will be skipped if they require root permissions. .TP .B \-\-plugin\-dir Define location where plugins can be found. @@ -125,19 +119,27 @@ Do not run plugins. Only run the specific test(s). When using multiple tests, add quotes around the line. .TP +.B \-\-tests\-from\-category "" +Tests are only performed if they belong to the defined category. Use the command +'show categories' to determine all valid options. +.TP .B \-\-tests\-from\-group "" -Only perform tests from particular group of tests. Use 'show groups' to determine -valid options. +Similar to \-\-tests\-from\-category. Only perform tests from a particular group. +Use 'show categories' to determine valid options. .TP .B \-\-upload -Upload data to Lynis Enterprise server. +Upload data to Lynis Enterprise server (profile option: upload=yes). +.TP +.B \-\-verbose +Show more details on screen, such as components that could not found. These +details are hidden by default. .TP .B \-\-wait Wait for user to continue. This adds a break after each section (opposed of \-\-quick). .TP .B \-\-warnings\-only -Run quietly, except warnings. +Run quietly, except show warnings. .RE .PP .RS -- cgit v1.2.3