lynis/lynis.8

.TH Lynis 8 "30 April 2015" "1.18" "Unix System Administrator's Manual"


.SH "NAME"
\fB
\fB
\fB
Lynis \fP\- Run an system and security audit on the system
\fB
.SH "SYNOPSIS"
.nf
.fam C

\fBlynis\fP \-\-check-all(\-c) [other options]
.fam T
.fi
.SH "DESCRIPTION"

\fBLynis\fP is a security auditing tool for Linux and Unix systems. It checks
the system and software configurations, to determine any improvements.
All details are logged in a log file. Findings and other data is stored in a
report file, which can be used to create auditing reports.
\fBLynis\fP can be run as a cronjob, or from the command line. Lynis prefers
root permissions (or sudo), so it can access all parts of the system, however it
not required (see pentest mode).
.PP
The following system areas may be checked:
.IP
\- Boot loader files
.IP
\- Configuration files
.IP
\- Files part of software packages
.IP
\- Directories and files related to logging and auditing
.SH "OPTIONS"

.TP
.B \-\-auditor <full name>
Define the name of the auditor/pen-tester. When a full name is used, add double
quotes, like "Your Name".
.TP
.B \-\-checkall (or \-c)
\fBLynis\fP performs a full check of the system, printing out the results of
each test to stdout. Additional information will be saved into a log file
(default is /var/log/lynis.log).
.IP
In case the outcome of a scan needs to be automated, use the report file.
.TP
.B \-\-cronjob
Perform automatic scan with cron safe options (no colors, no questions, no
breaks).
.TP
.B \-\-debug
Display debug information to screen for troubleshooting purposes.
.TP
.B \-\-dump\-options
Show all available parameters.
.TP
.B \-\-logfile </path/to/logfile>
Defines location and name of log file, instead of default /var/log/lynis.log.
.TP
.B \-\-no\-colors
Do not use colors for messages, warnings and sections.
.TP
.B \-\-no\-log
Redirect all logging information to /dev/null, prevent sensitive information to
be written to disk.
.TP
.B \-\-pentest
Run a non-privileged scan, usually for penetration testing. Some of the tests
will be skipped if they require root permissions.
.TP
.B \-\-plugin\-dir </path/to/plugins>
Define location where plugins can be found.
.TP
.B \-\-profile </path/to/profile>
Provide alternative profile to perform the scan.
.TP
.B \-\-quick (\-Q)
Do a quick scan (don't wait for user input).
.TP
.B \-\-quiet (\-q)
Try to run as silent as possible, showing only warnings. This option activates
\-\-quick as well.
.TP
.B \-\-report\-file </path/to/report>
Provide an alternative name for report file.
.TP
.B \-\-reverse\-colors
Optimize screen output for light backgrounds.
.TP
.B \-\-tests TEST-IDs
Only run the specific test(s). When using multiple tests, add quotes around the
line.
.TP
.B \-\-tests\-category <category>
Only perform tests from particular tests. Use \-\-view\-categories to determine
valid options.
.TP
.B \-\-upload
Upload data to Lynis Enterprise server.
.TP
.B \-\-view\-categories
Display all available test categories.
.RE
.PP
.RS
Multiple parameters are allowed, though some parameters can only be used together
with others. When running Lynis without any parameters, help will be shown and
the program will exit.
.RE
.PP

.SH "HELPERS"
Lynis has special helpers to do certain tasks. This way the framework of Lynis is
used, while at the same time storing most of the functionality in a separated
file. This speeds up execution and keeps the code clean.
.TP
.B audit
Run audit on the system or on other targets
.TP
.B update
Run updater utility
.TP
To use a helper, run Lynis followed by the helper name
.RE
.PP
.SH "BUGS"
Discovered a bug? Please report them via GitHub: https://github.com/CISOfy/lynis
.RE
.PP
.SH "Documentation"
Supporting documentation can be found via https://cisofy.com/documentation/lynis/
.RE
.PP
.SH "LICENSING"
Lynis is licensed as GPL v3, written by Michael Boelen and supported by CISOfy. Plugins may have their own license.
.RE
.PP
.SH "CONTACT INFORMATION"

Support requests and project related questions can be addressed via e-mail: lynis-dev@cisofy.com.