1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
|
.TH Lynis 8 "13 Oct 2016" "1.26" "Unix System Administrator's Manual"
.SH "NAME"
\fB
\fB
\fB
Lynis \fP\- System and security auditing tool
\fB
.SH "SYNOPSIS"
.nf
.fam C
\fBlynis\fP [scan mode] [other options]
.fam T
.fi
.SH "DESCRIPTION"
\fBLynis\fP is a security auditing tool for Linux, Mac OSX, and UNIX systems. It
checks the system and the software configuration, to see if there is any room for
improvement the security defenses. All details are stored in a log file. Findings
and other discovered data is stored in a report file. This can be used to compare
differences between audits. \fBLynis\fP can run interactively or as a cronjob. Root permissions (e.g. sudo)
are not required, however provide more details during the audit.
.PP
The following system areas may be checked:
.IP
\- Boot loader files
.IP
\- Configuration files
.IP
\- Software packages
.IP
\- Directories and files related to logging and auditing
.IP
.SH "FIRST TIME USAGE"
When running \fBLynis\fP for the first time, run: lynis audit system
.SH "COMMANDS"
.IP "audit \<type\>"
Perform an audit of the selected type
.IP "show \<parameter\>"
Show varies information details like configuration and paths
.IP "update \<parameter\>"
Perform activities regarding updating
.IP "upload-only"
Upload the available report data file
.SH "SCAN TYPES"
.IP "audit system"
Performs a system audit, which is the most common audit.
.IP "audit system remote \<host\>"
Provide commands to do a remote scan.
.PP
For more scan modes, see the helper utilities.
.SH "OPTIONS"
.TP
.B \-\-auditor <full name>
Define the name of the auditor/pen-tester. When a full name is used, add double
quotes, like "Your Name".
.TP
.B \-\-checkall (or \-c)
\fBLynis\fP performs a full check of the system, printing out the results of
each test to stdout. Additional information will be saved into a log file
(default is /var/log/lynis.log). This option invokes scan mode "audit system".
.IP
In case the outcome of a scan needs to be automated, use the report file.
.TP
.B \-\-config
Show which settings file or profile is being used, then quit.
.TP
.B \-\-cronjob
Perform automatic scan with cron safe options (no colors, no questions, no
breaks).
.TP
.B \-\-debug
Display debug information to screen for troubleshooting purposes.
.TP
.B \-\-developer
Display developer information when creating tests.
.TP
.B \-\-dump\-options
Show all available parameters.
.TP
.B \-\-logfile </path/to/logfile>
Defines location and name of log file, instead of default /var/log/lynis.log.
.TP
.B \-\-no\-colors
Do not use colors for messages, warnings and sections.
.TP
.B \-\-no\-log
Redirect all logging information to /dev/null, prevent sensitive information to
be written to disk.
.TP
.B \-\-pentest
Run a non-privileged scan, usually for penetration testing. Some of the tests
will be skipped if they require root permissions.
.TP
.B \-\-plugin\-dir </path/to/plugins>
Define location where plugins can be found.
.TP
.B \-\-profile <file>
Provide alternative profile to perform the scan.
.TP
.B \-\-quick (\-Q)
Do a quick scan (don't wait for user input).
.TP
.B \-\-quiet (\-q)
Run quietly and do not show anything to the screen. Will also enable quick mode.
.TP
.B \-\-report\-file <file>
Provide an alternative name for report file.
.TP
.B \-\-reverse\-colors
Optimize screen output for light backgrounds.
.TP
.B \-\-skip\-plugins
Do not run plugins.
.TP
.B \-\-tests TEST-IDs
Only run the specific test(s). When using multiple tests, add quotes around the
line.
.TP
.B \-\-tests\-from\-group "<group>"
Only perform tests from particular group of tests. Use 'show groups' to determine
valid options.
.TP
.B \-\-upload
Upload data to Lynis Enterprise server.
.TP
.B \-\-wait
Wait for user to continue. This adds a break after each section (opposed of
\-\-quick).
.TP
.B \-\-warnings\-only
Run quietly, except warnings.
.RE
.PP
.RS
Multiple parameters are allowed, though some parameters can only be used together
with others. When running Lynis without any parameters, help will be shown and
the program will exit.
.RE
.PP
.SH "HELPERS"
Lynis has special helpers to do certain tasks. This way the framework of Lynis is
used, while at the same time storing most of the functionality in a separated
file. This speeds up execution and keeps the code clean.
.IP "audit"
Run audit on the system or on other targets
.IP "show"
Provide details about Lynis
.IP "update"
Run updater utility
.PP
To use a helper, run Lynis followed by the helper name.
.SH "EXIT CODES"
Lynis uses exit codes to signal any invoking script. Currently the following codes are used:
.IP 0
Program exited normally
.IP 1
Fatal error
.IP 64
An unknown parameter is used, or incomplete
.IP 65
Incorrect data encountered
.IP 66
Can't open file or directory
.IP 78
Lynis found 1 or more warnings or configurations errors (with error-on-warnings=yes)
.SH "BUGS"
Bugs can be reported via GitHub at https://github.com/CISOfy/lynis
.SH "DOCUMENTATION"
Supporting documentation can be found via https://cisofy.com/support/
.SH "LICENSING"
Lynis is licensed as GPL v3. It was created by Michael Boelen in 2007. Development has been taken over by CISOfy. Plugins may have a different license.
.SH "CONTACT INFORMATION"
Support requests and project related questions can be addressed via e-mail: lynis-dev@cisofy.com.
|
