2018-08-27 14:25:59 +02:00
|
|
|
.TH Lynis 8 "27 Aug 2018" "1.27" "Unix System Administrator's Manual"
|
2014-08-26 17:33:55 +02:00
|
|
|
|
|
|
|
|
|
|
|
.SH "NAME"
|
|
|
|
\fB
|
|
|
|
\fB
|
|
|
|
\fB
|
2015-09-10 09:31:55 +02:00
|
|
|
Lynis \fP\- System and security auditing tool
|
2014-08-26 17:33:55 +02:00
|
|
|
\fB
|
|
|
|
.SH "SYNOPSIS"
|
|
|
|
.nf
|
|
|
|
.fam C
|
|
|
|
|
2015-09-10 09:31:55 +02:00
|
|
|
\fBlynis\fP [scan mode] [other options]
|
2014-08-26 17:33:55 +02:00
|
|
|
.fam T
|
|
|
|
.fi
|
|
|
|
.SH "DESCRIPTION"
|
|
|
|
|
2018-08-27 14:25:59 +02:00
|
|
|
\fBLynis\fP is a security auditing tool for Linux, macOS, and other systems based
|
|
|
|
on UNIX. The tool checks the system and the software configuration, to see if
|
|
|
|
there is any room for improvement the security defenses. All details are stored
|
|
|
|
in a log file. Findings and other discovered data is stored in a report file.
|
|
|
|
This can be used to compare differences between audits. \fBLynis\fP can run
|
|
|
|
interactively or as a cronjob. Root permissions (e.g. sudo) are not required,
|
|
|
|
however provide more details during the audit.
|
2014-08-26 17:33:55 +02:00
|
|
|
.PP
|
|
|
|
The following system areas may be checked:
|
|
|
|
.IP
|
|
|
|
\- Boot loader files
|
|
|
|
.IP
|
|
|
|
\- Configuration files
|
|
|
|
.IP
|
2016-05-14 15:44:30 +02:00
|
|
|
\- Software packages
|
2014-08-26 17:33:55 +02:00
|
|
|
.IP
|
|
|
|
\- Directories and files related to logging and auditing
|
2016-05-14 15:44:30 +02:00
|
|
|
.IP
|
2015-09-10 09:31:55 +02:00
|
|
|
|
|
|
|
.SH "FIRST TIME USAGE"
|
2016-05-14 15:44:30 +02:00
|
|
|
When running \fBLynis\fP for the first time, run: lynis audit system
|
2015-09-10 09:31:55 +02:00
|
|
|
|
2016-10-13 20:13:44 +02:00
|
|
|
.SH "COMMANDS"
|
|
|
|
.IP "audit \<type\>"
|
|
|
|
Perform an audit of the selected type
|
|
|
|
.IP "show \<parameter\>"
|
2018-08-27 14:25:59 +02:00
|
|
|
Show information, such as configuration and paths
|
2016-10-13 20:13:44 +02:00
|
|
|
.IP "update \<parameter\>"
|
|
|
|
Perform activities regarding updating
|
|
|
|
.IP "upload-only"
|
|
|
|
Upload the available report data file
|
|
|
|
|
|
|
|
.SH "SCAN TYPES"
|
|
|
|
|
2016-05-14 15:44:30 +02:00
|
|
|
.IP "audit system"
|
2015-09-10 09:31:55 +02:00
|
|
|
Performs a system audit, which is the most common audit.
|
2016-05-14 15:44:30 +02:00
|
|
|
.IP "audit system remote \<host\>"
|
|
|
|
Provide commands to do a remote scan.
|
|
|
|
.PP
|
2015-09-10 09:31:55 +02:00
|
|
|
For more scan modes, see the helper utilities.
|
|
|
|
|
2014-08-26 17:33:55 +02:00
|
|
|
.SH "OPTIONS"
|
|
|
|
|
|
|
|
.TP
|
2018-08-27 14:25:59 +02:00
|
|
|
.B \-\-auditor <name>
|
|
|
|
Define the name of the auditor/pentester. When a full name is used, add double
|
2015-01-30 18:04:14 +01:00
|
|
|
quotes, like "Your Name".
|
2014-08-26 17:33:55 +02:00
|
|
|
.TP
|
|
|
|
.B \-\-cronjob
|
|
|
|
Perform automatic scan with cron safe options (no colors, no questions, no
|
|
|
|
breaks).
|
|
|
|
.TP
|
|
|
|
.B \-\-debug
|
|
|
|
Display debug information to screen for troubleshooting purposes.
|
|
|
|
.TP
|
2016-04-26 13:40:21 +02:00
|
|
|
.B \-\-developer
|
|
|
|
Display developer information when creating tests.
|
|
|
|
.TP
|
2018-08-27 14:25:59 +02:00
|
|
|
.B \-\-help
|
|
|
|
Show available commands and most-used options.
|
2014-12-03 23:17:55 +01:00
|
|
|
.TP
|
2014-08-26 17:33:55 +02:00
|
|
|
.B \-\-logfile </path/to/logfile>
|
|
|
|
Defines location and name of log file, instead of default /var/log/lynis.log.
|
|
|
|
.TP
|
2018-08-27 14:25:59 +02:00
|
|
|
.B \-\-man
|
|
|
|
Show the man page. Useful for systems that do not have the man page installed.
|
|
|
|
.TP
|
2014-08-26 17:33:55 +02:00
|
|
|
.B \-\-no\-colors
|
2018-08-27 14:25:59 +02:00
|
|
|
Disable colored output.
|
2014-08-26 17:33:55 +02:00
|
|
|
.TP
|
|
|
|
.B \-\-no\-log
|
|
|
|
Redirect all logging information to /dev/null, prevent sensitive information to
|
|
|
|
be written to disk.
|
|
|
|
.TP
|
2014-09-08 15:28:24 +02:00
|
|
|
.B \-\-pentest
|
2018-08-27 14:25:59 +02:00
|
|
|
Run a non-privileged scan, usually used for penetration testing. Some of the
|
|
|
|
tests will be skipped if they require root permissions.
|
2014-09-08 15:28:24 +02:00
|
|
|
.TP
|
2014-08-26 17:33:55 +02:00
|
|
|
.B \-\-plugin\-dir </path/to/plugins>
|
|
|
|
Define location where plugins can be found.
|
|
|
|
.TP
|
2016-05-14 15:44:30 +02:00
|
|
|
.B \-\-profile <file>
|
2014-11-11 19:49:56 +01:00
|
|
|
Provide alternative profile to perform the scan.
|
|
|
|
.TP
|
2014-08-26 17:33:55 +02:00
|
|
|
.B \-\-quick (\-Q)
|
2014-12-03 23:17:55 +01:00
|
|
|
Do a quick scan (don't wait for user input).
|
2014-08-26 17:33:55 +02:00
|
|
|
.TP
|
|
|
|
.B \-\-quiet (\-q)
|
2016-04-25 11:10:39 +02:00
|
|
|
Run quietly and do not show anything to the screen. Will also enable quick mode.
|
2014-08-26 17:33:55 +02:00
|
|
|
.TP
|
2016-05-14 15:44:30 +02:00
|
|
|
.B \-\-report\-file <file>
|
2014-11-11 19:49:56 +01:00
|
|
|
Provide an alternative name for report file.
|
|
|
|
.TP
|
2014-08-26 17:33:55 +02:00
|
|
|
.B \-\-reverse\-colors
|
|
|
|
Optimize screen output for light backgrounds.
|
|
|
|
.TP
|
2016-04-25 16:00:10 +02:00
|
|
|
.B \-\-skip\-plugins
|
|
|
|
Do not run plugins.
|
|
|
|
.TP
|
2014-08-26 17:33:55 +02:00
|
|
|
.B \-\-tests TEST-IDs
|
|
|
|
Only run the specific test(s). When using multiple tests, add quotes around the
|
|
|
|
line.
|
|
|
|
.TP
|
2018-08-27 14:25:59 +02:00
|
|
|
.B \-\-tests\-from\-category "<category>"
|
|
|
|
Tests are only performed if they belong to the defined category. Use the command
|
|
|
|
'show categories' to determine all valid options.
|
|
|
|
.TP
|
2016-08-18 21:09:22 +02:00
|
|
|
.B \-\-tests\-from\-group "<group>"
|
2018-08-27 14:25:59 +02:00
|
|
|
Similar to \-\-tests\-from\-category. Only perform tests from a particular group.
|
|
|
|
Use 'show categories' to determine valid options.
|
2014-12-11 15:21:13 +01:00
|
|
|
.TP
|
2014-08-26 17:33:55 +02:00
|
|
|
.B \-\-upload
|
2018-08-27 14:25:59 +02:00
|
|
|
Upload data to Lynis Enterprise server (profile option: upload=yes).
|
|
|
|
.TP
|
|
|
|
.B \-\-verbose
|
|
|
|
Show more details on screen, such as components that could not found. These
|
|
|
|
details are hidden by default.
|
2014-08-26 17:33:55 +02:00
|
|
|
.TP
|
2016-07-27 12:14:25 +02:00
|
|
|
.B \-\-wait
|
|
|
|
Wait for user to continue. This adds a break after each section (opposed of
|
|
|
|
\-\-quick).
|
|
|
|
.TP
|
2016-04-25 11:10:39 +02:00
|
|
|
.B \-\-warnings\-only
|
2018-08-27 14:25:59 +02:00
|
|
|
Run quietly, except show warnings.
|
2014-08-26 17:33:55 +02:00
|
|
|
.RE
|
|
|
|
.PP
|
|
|
|
.RS
|
|
|
|
Multiple parameters are allowed, though some parameters can only be used together
|
|
|
|
with others. When running Lynis without any parameters, help will be shown and
|
|
|
|
the program will exit.
|
|
|
|
.RE
|
|
|
|
.PP
|
2015-04-30 01:20:03 +02:00
|
|
|
.SH "HELPERS"
|
|
|
|
Lynis has special helpers to do certain tasks. This way the framework of Lynis is
|
|
|
|
used, while at the same time storing most of the functionality in a separated
|
|
|
|
file. This speeds up execution and keeps the code clean.
|
2015-09-10 09:31:55 +02:00
|
|
|
|
2016-05-14 15:44:30 +02:00
|
|
|
.IP "audit"
|
2015-04-30 01:20:03 +02:00
|
|
|
Run audit on the system or on other targets
|
2016-05-14 15:44:30 +02:00
|
|
|
.IP "show"
|
|
|
|
Provide details about Lynis
|
|
|
|
.IP "update"
|
2015-04-30 01:20:03 +02:00
|
|
|
Run updater utility
|
2016-05-14 15:44:30 +02:00
|
|
|
.PP
|
2015-09-10 09:31:55 +02:00
|
|
|
To use a helper, run Lynis followed by the helper name.
|
|
|
|
|
|
|
|
.SH "EXIT CODES"
|
|
|
|
Lynis uses exit codes to signal any invoking script. Currently the following codes are used:
|
|
|
|
.IP 0
|
2016-04-25 11:10:39 +02:00
|
|
|
Program exited normally
|
2015-09-10 09:31:55 +02:00
|
|
|
.IP 1
|
|
|
|
Fatal error
|
|
|
|
.IP 64
|
|
|
|
An unknown parameter is used, or incomplete
|
|
|
|
.IP 65
|
|
|
|
Incorrect data encountered
|
|
|
|
.IP 66
|
|
|
|
Can't open file or directory
|
|
|
|
.IP 78
|
2016-04-25 11:10:39 +02:00
|
|
|
Lynis found 1 or more warnings or configurations errors (with error-on-warnings=yes)
|
2015-09-10 09:31:55 +02:00
|
|
|
|
2014-08-26 17:33:55 +02:00
|
|
|
.SH "BUGS"
|
2015-09-10 09:31:55 +02:00
|
|
|
Bugs can be reported via GitHub at https://github.com/CISOfy/lynis
|
|
|
|
|
|
|
|
.SH "DOCUMENTATION"
|
2016-04-25 11:10:39 +02:00
|
|
|
Supporting documentation can be found via https://cisofy.com/support/
|
2015-09-10 09:31:55 +02:00
|
|
|
|
2014-08-26 17:33:55 +02:00
|
|
|
.SH "LICENSING"
|
2018-08-27 14:53:27 +02:00
|
|
|
Lynis is licensed as GPLv3. It was created by Michael Boelen in 2007. Development has been taken over by CISOfy. Plugins may have a different license.
|
2014-08-26 17:33:55 +02:00
|
|
|
|
2015-09-10 09:31:55 +02:00
|
|
|
.SH "CONTACT INFORMATION"
|
2015-04-30 01:20:03 +02:00
|
|
|
Support requests and project related questions can be addressed via e-mail: lynis-dev@cisofy.com.
|