2015-04-30 01:20:03 +02:00
|
|
|
.TH Lynis 8 "30 April 2015" "1.18" "Unix System Administrator's Manual"
|
2014-08-26 17:33:55 +02:00
|
|
|
|
|
|
|
|
|
|
|
.SH "NAME"
|
|
|
|
\fB
|
|
|
|
\fB
|
|
|
|
\fB
|
|
|
|
Lynis \fP\- Run an system and security audit on the system
|
|
|
|
\fB
|
|
|
|
.SH "SYNOPSIS"
|
|
|
|
.nf
|
|
|
|
.fam C
|
|
|
|
|
|
|
|
\fBlynis\fP \-\-check-all(\-c) [other options]
|
|
|
|
.fam T
|
|
|
|
.fi
|
|
|
|
.SH "DESCRIPTION"
|
|
|
|
|
2015-04-30 01:20:03 +02:00
|
|
|
\fBLynis\fP is a security auditing tool for Linux and Unix systems. It checks
|
|
|
|
the system and software configurations, to determine any improvements.
|
|
|
|
All details are logged in a log file. Findings and other data is stored in a
|
|
|
|
report file, which can be used to create auditing reports.
|
|
|
|
\fBLynis\fP can be run as a cronjob, or from the command line. Lynis prefers
|
|
|
|
root permissions (or sudo), so it can access all parts of the system, however it
|
|
|
|
not required (see pentest mode).
|
2014-08-26 17:33:55 +02:00
|
|
|
.PP
|
|
|
|
The following system areas may be checked:
|
|
|
|
.IP
|
|
|
|
\- Boot loader files
|
|
|
|
.IP
|
|
|
|
\- Configuration files
|
|
|
|
.IP
|
2015-04-30 01:20:03 +02:00
|
|
|
\- Files part of software packages
|
2014-08-26 17:33:55 +02:00
|
|
|
.IP
|
|
|
|
\- Directories and files related to logging and auditing
|
|
|
|
.SH "OPTIONS"
|
|
|
|
|
|
|
|
.TP
|
|
|
|
.B \-\-auditor <full name>
|
|
|
|
Define the name of the auditor/pen-tester. When a full name is used, add double
|
2015-01-30 18:04:14 +01:00
|
|
|
quotes, like "Your Name".
|
2014-08-26 17:33:55 +02:00
|
|
|
.TP
|
|
|
|
.B \-\-checkall (or \-c)
|
|
|
|
\fBLynis\fP performs a full check of the system, printing out the results of
|
|
|
|
each test to stdout. Additional information will be saved into a log file
|
|
|
|
(default is /var/log/lynis.log).
|
|
|
|
.IP
|
|
|
|
In case the outcome of a scan needs to be automated, use the report file.
|
|
|
|
.TP
|
|
|
|
.B \-\-cronjob
|
|
|
|
Perform automatic scan with cron safe options (no colors, no questions, no
|
|
|
|
breaks).
|
|
|
|
.TP
|
|
|
|
.B \-\-debug
|
|
|
|
Display debug information to screen for troubleshooting purposes.
|
|
|
|
.TP
|
2014-12-03 23:17:55 +01:00
|
|
|
.B \-\-dump\-options
|
|
|
|
Show all available parameters.
|
|
|
|
.TP
|
2014-08-26 17:33:55 +02:00
|
|
|
.B \-\-logfile </path/to/logfile>
|
|
|
|
Defines location and name of log file, instead of default /var/log/lynis.log.
|
|
|
|
.TP
|
|
|
|
.B \-\-no\-colors
|
|
|
|
Do not use colors for messages, warnings and sections.
|
|
|
|
.TP
|
|
|
|
.B \-\-no\-log
|
|
|
|
Redirect all logging information to /dev/null, prevent sensitive information to
|
|
|
|
be written to disk.
|
|
|
|
.TP
|
2014-09-08 15:28:24 +02:00
|
|
|
.B \-\-pentest
|
|
|
|
Run a non-privileged scan, usually for penetration testing. Some of the tests
|
|
|
|
will be skipped if they require root permissions.
|
|
|
|
.TP
|
2014-08-26 17:33:55 +02:00
|
|
|
.B \-\-plugin\-dir </path/to/plugins>
|
|
|
|
Define location where plugins can be found.
|
|
|
|
.TP
|
2014-11-11 19:49:56 +01:00
|
|
|
.B \-\-profile </path/to/profile>
|
|
|
|
Provide alternative profile to perform the scan.
|
|
|
|
.TP
|
2014-08-26 17:33:55 +02:00
|
|
|
.B \-\-quick (\-Q)
|
2014-12-03 23:17:55 +01:00
|
|
|
Do a quick scan (don't wait for user input).
|
2014-08-26 17:33:55 +02:00
|
|
|
.TP
|
|
|
|
.B \-\-quiet (\-q)
|
|
|
|
Try to run as silent as possible, showing only warnings. This option activates
|
|
|
|
\-\-quick as well.
|
|
|
|
.TP
|
2014-11-11 19:49:56 +01:00
|
|
|
.B \-\-report\-file </path/to/report>
|
|
|
|
Provide an alternative name for report file.
|
|
|
|
.TP
|
2014-08-26 17:33:55 +02:00
|
|
|
.B \-\-reverse\-colors
|
|
|
|
Optimize screen output for light backgrounds.
|
|
|
|
.TP
|
|
|
|
.B \-\-tests TEST-IDs
|
|
|
|
Only run the specific test(s). When using multiple tests, add quotes around the
|
|
|
|
line.
|
|
|
|
.TP
|
2014-12-11 15:21:13 +01:00
|
|
|
.B \-\-tests\-category <category>
|
|
|
|
Only perform tests from particular tests. Use \-\-view\-categories to determine
|
|
|
|
valid options.
|
|
|
|
.TP
|
2014-08-26 17:33:55 +02:00
|
|
|
.B \-\-upload
|
|
|
|
Upload data to Lynis Enterprise server.
|
|
|
|
.TP
|
|
|
|
.B \-\-view\-categories
|
2014-09-08 15:28:24 +02:00
|
|
|
Display all available test categories.
|
2014-08-26 17:33:55 +02:00
|
|
|
.RE
|
|
|
|
.PP
|
|
|
|
.RS
|
|
|
|
Multiple parameters are allowed, though some parameters can only be used together
|
|
|
|
with others. When running Lynis without any parameters, help will be shown and
|
|
|
|
the program will exit.
|
|
|
|
.RE
|
|
|
|
.PP
|
2015-04-30 01:20:03 +02:00
|
|
|
|
|
|
|
.SH "HELPERS"
|
|
|
|
Lynis has special helpers to do certain tasks. This way the framework of Lynis is
|
|
|
|
used, while at the same time storing most of the functionality in a separated
|
|
|
|
file. This speeds up execution and keeps the code clean.
|
|
|
|
.TP
|
|
|
|
.B audit
|
|
|
|
Run audit on the system or on other targets
|
|
|
|
.TP
|
|
|
|
.B update
|
|
|
|
Run updater utility
|
|
|
|
.TP
|
|
|
|
To use a helper, run Lynis followed by the helper name
|
|
|
|
.RE
|
|
|
|
.PP
|
2014-08-26 17:33:55 +02:00
|
|
|
.SH "BUGS"
|
2015-04-30 01:20:03 +02:00
|
|
|
Discovered a bug? Please report them via GitHub: https://github.com/CISOfy/lynis
|
|
|
|
.RE
|
|
|
|
.PP
|
|
|
|
.SH "Documentation"
|
|
|
|
Supporting documentation can be found via https://cisofy.com/documentation/lynis/
|
2014-08-26 17:33:55 +02:00
|
|
|
.RE
|
|
|
|
.PP
|
|
|
|
.SH "LICENSING"
|
2015-04-30 01:20:03 +02:00
|
|
|
Lynis is licensed as GPL v3, written by Michael Boelen and supported by CISOfy. Plugins may have their own license.
|
2014-08-26 17:33:55 +02:00
|
|
|
.RE
|
|
|
|
.PP
|
|
|
|
.SH "CONTACT INFORMATION"
|
|
|
|
|
2015-04-30 01:20:03 +02:00
|
|
|
Support requests and project related questions can be addressed via e-mail: lynis-dev@cisofy.com.
|