lynis/lynis.8

191 lines
5.2 KiB
Groff
Raw Normal View History

2018-08-27 14:25:59 +02:00
.TH Lynis 8 "27 Aug 2018" "1.27" "Unix System Administrator's Manual"
2014-08-26 17:33:55 +02:00
.SH "NAME"
\fB
\fB
\fB
Lynis \fP\- System and security auditing tool
2014-08-26 17:33:55 +02:00
\fB
.SH "SYNOPSIS"
.nf
.fam C
\fBlynis\fP [scan mode] [other options]
2014-08-26 17:33:55 +02:00
.fam T
.fi
.SH "DESCRIPTION"
2018-08-27 14:25:59 +02:00
\fBLynis\fP is a security auditing tool for Linux, macOS, and other systems based
on UNIX. The tool checks the system and the software configuration, to see if
there is any room for improvement the security defenses. All details are stored
in a log file. Findings and other discovered data is stored in a report file.
This can be used to compare differences between audits. \fBLynis\fP can run
interactively or as a cronjob. Root permissions (e.g. sudo) are not required,
however provide more details during the audit.
2014-08-26 17:33:55 +02:00
.PP
The following system areas may be checked:
.IP
\- Boot loader files
.IP
\- Configuration files
.IP
2016-05-14 15:44:30 +02:00
\- Software packages
2014-08-26 17:33:55 +02:00
.IP
\- Directories and files related to logging and auditing
2016-05-14 15:44:30 +02:00
.IP
.SH "FIRST TIME USAGE"
2016-05-14 15:44:30 +02:00
When running \fBLynis\fP for the first time, run: lynis audit system
2016-10-13 20:13:44 +02:00
.SH "COMMANDS"
.IP "audit \<type\>"
Perform an audit of the selected type
.IP "show \<parameter\>"
2018-08-27 14:25:59 +02:00
Show information, such as configuration and paths
2016-10-13 20:13:44 +02:00
.IP "update \<parameter\>"
Perform activities regarding updating
.IP "upload-only"
Upload the available report data file
.SH "SCAN TYPES"
2016-05-14 15:44:30 +02:00
.IP "audit system"
Performs a system audit, which is the most common audit.
2016-05-14 15:44:30 +02:00
.IP "audit system remote \<host\>"
Provide commands to do a remote scan.
.PP
For more scan modes, see the helper utilities.
2014-08-26 17:33:55 +02:00
.SH "OPTIONS"
.TP
2018-08-27 14:25:59 +02:00
.B \-\-auditor <name>
Define the name of the auditor/pentester. When a full name is used, add double
2015-01-30 18:04:14 +01:00
quotes, like "Your Name".
2014-08-26 17:33:55 +02:00
.TP
.B \-\-cronjob
Perform automatic scan with cron safe options (no colors, no questions, no
breaks).
.TP
.B \-\-debug
Display debug information to screen for troubleshooting purposes.
.TP
2016-04-26 13:40:21 +02:00
.B \-\-developer
Display developer information when creating tests.
.TP
2018-08-27 14:25:59 +02:00
.B \-\-help
Show available commands and most-used options.
.TP
2014-08-26 17:33:55 +02:00
.B \-\-logfile </path/to/logfile>
Defines location and name of log file, instead of default /var/log/lynis.log.
.TP
2018-08-27 14:25:59 +02:00
.B \-\-man
Show the man page. Useful for systems that do not have the man page installed.
.TP
2014-08-26 17:33:55 +02:00
.B \-\-no\-colors
2018-08-27 14:25:59 +02:00
Disable colored output.
2014-08-26 17:33:55 +02:00
.TP
.B \-\-no\-log
Redirect all logging information to /dev/null, prevent sensitive information to
be written to disk.
.TP
.B \-\-pentest
2018-08-27 14:25:59 +02:00
Run a non-privileged scan, usually used for penetration testing. Some of the
tests will be skipped if they require root permissions.
.TP
2014-08-26 17:33:55 +02:00
.B \-\-plugin\-dir </path/to/plugins>
Define location where plugins can be found.
.TP
2016-05-14 15:44:30 +02:00
.B \-\-profile <file>
2014-11-11 19:49:56 +01:00
Provide alternative profile to perform the scan.
.TP
2014-08-26 17:33:55 +02:00
.B \-\-quick (\-Q)
Do a quick scan (don't wait for user input).
2014-08-26 17:33:55 +02:00
.TP
.B \-\-quiet (\-q)
2016-04-25 11:10:39 +02:00
Run quietly and do not show anything to the screen. Will also enable quick mode.
2014-08-26 17:33:55 +02:00
.TP
2016-05-14 15:44:30 +02:00
.B \-\-report\-file <file>
2014-11-11 19:49:56 +01:00
Provide an alternative name for report file.
.TP
2014-08-26 17:33:55 +02:00
.B \-\-reverse\-colors
Optimize screen output for light backgrounds.
.TP
.B \-\-skip\-plugins
Do not run plugins.
.TP
2014-08-26 17:33:55 +02:00
.B \-\-tests TEST-IDs
Only run the specific test(s). When using multiple tests, add quotes around the
line.
.TP
2018-08-27 14:25:59 +02:00
.B \-\-tests\-from\-category "<category>"
Tests are only performed if they belong to the defined category. Use the command
'show categories' to determine all valid options.
.TP
2016-08-18 21:09:22 +02:00
.B \-\-tests\-from\-group "<group>"
2018-08-27 14:25:59 +02:00
Similar to \-\-tests\-from\-category. Only perform tests from a particular group.
Use 'show categories' to determine valid options.
2014-12-11 15:21:13 +01:00
.TP
2014-08-26 17:33:55 +02:00
.B \-\-upload
2018-08-27 14:25:59 +02:00
Upload data to Lynis Enterprise server (profile option: upload=yes).
.TP
.B \-\-verbose
Show more details on screen, such as components that could not found. These
details are hidden by default.
2014-08-26 17:33:55 +02:00
.TP
.B \-\-wait
Wait for user to continue. This adds a break after each section (opposed of
\-\-quick).
.TP
2016-04-25 11:10:39 +02:00
.B \-\-warnings\-only
2018-08-27 14:25:59 +02:00
Run quietly, except show warnings.
2014-08-26 17:33:55 +02:00
.RE
.PP
.RS
Multiple parameters are allowed, though some parameters can only be used together
with others. When running Lynis without any parameters, help will be shown and
the program will exit.
.RE
.PP
.SH "HELPERS"
Lynis has special helpers to do certain tasks. This way the framework of Lynis is
used, while at the same time storing most of the functionality in a separated
file. This speeds up execution and keeps the code clean.
2016-05-14 15:44:30 +02:00
.IP "audit"
Run audit on the system or on other targets
2016-05-14 15:44:30 +02:00
.IP "show"
Provide details about Lynis
.IP "update"
Run updater utility
2016-05-14 15:44:30 +02:00
.PP
To use a helper, run Lynis followed by the helper name.
.SH "EXIT CODES"
Lynis uses exit codes to signal any invoking script. Currently the following codes are used:
.IP 0
2016-04-25 11:10:39 +02:00
Program exited normally
.IP 1
Fatal error
.IP 64
An unknown parameter is used, or incomplete
.IP 65
Incorrect data encountered
.IP 66
Can't open file or directory
.IP 78
2016-04-25 11:10:39 +02:00
Lynis found 1 or more warnings or configurations errors (with error-on-warnings=yes)
2014-08-26 17:33:55 +02:00
.SH "BUGS"
Bugs can be reported via GitHub at https://github.com/CISOfy/lynis
.SH "DOCUMENTATION"
2016-04-25 11:10:39 +02:00
Supporting documentation can be found via https://cisofy.com/support/
2014-08-26 17:33:55 +02:00
.SH "LICENSING"
2018-08-27 14:53:27 +02:00
Lynis is licensed as GPLv3. It was created by Michael Boelen in 2007. Development has been taken over by CISOfy. Plugins may have a different license.
2014-08-26 17:33:55 +02:00
.SH "CONTACT INFORMATION"
Support requests and project related questions can be addressed via e-mail: lynis-dev@cisofy.com.