CommunityUniversityPartnersDevelopersSupportLogin
Platform
Solutions
Pricing
Resources
Platform View overview
Automation

AI-powered IT Automation for All Your Endpoints

Configuration

Hundreds of Worklets to Automate Anything

Patching

Automated Cross-OS & Hundreds of Titles

Vulnerability Remediation

Automated and Manual Vuln Sync and Remediation

Remote Control

Instantly Troubleshoot Windows and macOS

Reporting

Dashboard, PDF Exports and API Flexibility

Deployment

Automatically Deploy Hundreds of Software Titles

Cloud Architecture

Zero Hardware and Fast, Reliable Agent

Services & Support Plans
Security
Ratings & Reviews

Thousands of Customers Managing 1,000,000 Endpoints

INSTANT DEMOS

Deploy in Seconds

Remote Access

FixNow

Ask Otto AI Scripting

Software Deployment

Single Pane Dashboard

Automate with Worklets

Find & Fix Vulnerabilities

Worklets Catalog

Cross OS Patching

Cross OS Visibility

Desired State Config

Endpoint Organization

Secure Script Signing

OUTCOMES

Automated Cross-OS Updates

Everything Updated — Desktops, Laptops, Servers

Visibility & Reporting

Prove Everything in Your Environment is Up to Date

Automated Software Updates

One Source to Keep All Your Software Up to Date

Zero-Hardware IT Cloud

No VPN, No Servers, One Fast, Reliable Agent

Automated Configuration

Eliminate Drift and Keep Everything Up to Date

Cross-Platform Troubleshooting

Quickly Resolve Windows & macOS Tickets

INDUSTRIES

State & Local Government

K-12 Education

Colleges & Universities

Pharmaceuticals

Sports Organizations

MSPs

SaaS

TOPICS

IT Automation

Patching & Endpoint Automation

Vulnerability Remediation

IT Operations

Patch Tuesday

Automox Updates

View All

SOURCES

Events

Blog

Reports & Guides

Case Studies

Solution Briefs

News & Press

Videos

Podcasts

View All

FEATURED

UPCOMING

Home > Blog > Linux Hack of the Week #10 -...
Otto background

Linux Hack of the Week #10 - Lynis Security Audit Tool

Connect With Us

We're obsessed with making your job easier. Start your free trial today and go from reactive to proactive endpoint management with one click.

When you do a fresh install of Linux, you’ll find a lot software and services that can be improved to secure your system.

There are helpful guides such as the DISA (Defense Information Systems Agency) Secure Technical Implementation Guidelines (STIGs), and others.

However, if you want to run a tool to audit your system, it really is hard to beat Lynis. In this tip, I’ll do a fresh install of Fedora 28, and then run Lynis.

Lynis and installation

Lynis is in the Fedora repository, which makes for an easy install. Run the command: yum install lynis and Lynis is installed:

For this demo, I am using Fedora 28. With any luck, all of these steps should work on Red Hat, CentOS, and Fedora. To install the module run:

Execution

There are several options to run Lynis, including auditing docker files. For our purposes, we will just run the lynis audit system. You may wish to pipe it to more, although it does create a log in /var/log/lynis.log:

When it is finished, you will see a score. On this fresh Fedora install, it received a mediocre 70/100. That is a C-, and we are not C- people:

At this point, you should be looking through the log for ways to improve security. It is fairly lengthy so I use less, and then search for the word partial. Below are examples of a few things were performed to raise that pitiful security score:

  • Set a max password age and min password age
  • Tightened up the umask in /etc/profile
  • FAILLOG_ENAB set in login.defs
  • Added nodev noexec nosuid to /boot in fstab
  • Installed RootKit Checker
  • ...and few other things

After those steps were completed, I ran Lynis again and got a score of 82/100. There’s clearly much more to be done, but the machine now a solid B.

Lynis security scan for Linux

Lynis is not the only tool that can do this. That being said, as an open-source free tool available in the Fedora repo, there is really no reason not to run it. Always verify the tool’s results and since you will be editing system files, make sure you have a test box to work on first. As always, if you have any questions feel free to reach out: support@automox.com.

 

Dive deeper into this topic

loading...

Start your free trial.

Join over 1,090,611 endpoints managed with Automox.

start your free trial now

PRODUCT

OverviewFeaturesWorkletsPricingRoadmap

COMPANY

AboutLeadershipNewsCareersDiversity in ITContact

DOCS

DocsAPIFAQ

CUSTOMERS

SupportCommunityUniversityDevelopersPartners

SOCIAL

LEGALTerms of UsePrivacy PolicyMaster Services Agreement
CSA STAREU-US DPGDPRPCI DSSSOCTX-RAMP
Copyright © 2024 Automox. AUTOMOX is a registered trademark in the US and other countries.
TX-RAMPSOCPCI DSSGDPREU-US DPCSA STAR