lynis/lynis.8

129 lines
3.5 KiB
Groff

.TH Lynis 8 "30 January 2015" "1.17" "Unix System Administrator's Manual"
.SH "NAME"
\fB
\fB
\fB
Lynis \fP\- Run an system and security audit on the system
\fB
.SH "SYNOPSIS"
.nf
.fam C
\fBlynis\fP \-\-check-all(\-c) [other options]
.fam T
.fi
.SH "DESCRIPTION"
\fBLynis\fP is an auditing tool for Unix (specialists). It checks the system
and software configuration and logs all the found information into a log file
for debugging purposes, and in a report file suitable to create fancy looking
auditing reports.
\fBLynis\fP can be run as a cronjob, or from the command line. It needs to have
full access to the system, so running it as root (or with sudo rights) is
required.
.PP
The following system areas may be checked:
.IP
\- Boot loader files
.IP
\- Configuration files
.IP
\- Common files by software packages
.IP
\- Directories and files related to logging and auditing
.SH "OPTIONS"
.TP
.B \-\-auditor <full name>
Define the name of the auditor/pen-tester. When a full name is used, add double
quotes, like "Your Name".
.TP
.B \-\-checkall (or \-c)
\fBLynis\fP performs a full check of the system, printing out the results of
each test to stdout. Additional information will be saved into a log file
(default is /var/log/lynis.log).
.IP
In case the outcome of a scan needs to be automated, use the report file.
.TP
.B \-\-check\-update (or \-\-info)
Show program, database and update information.
.TP
.B \-\-cronjob
Perform automatic scan with cron safe options (no colors, no questions, no
breaks).
.TP
.B \-\-debug
Display debug information to screen for troubleshooting purposes.
.TP
.B \-\-dump\-options
Show all available parameters.
.TP
.B \-\-logfile </path/to/logfile>
Defines location and name of log file, instead of default /var/log/lynis.log.
.TP
.B \-\-no\-colors
Do not use colors for messages, warnings and sections.
.TP
.B \-\-no\-log
Redirect all logging information to /dev/null, prevent sensitive information to
be written to disk.
.TP
.B \-\-pentest
Run a non-privileged scan, usually for penetration testing. Some of the tests
will be skipped if they require root permissions.
.TP
.B \-\-plugin\-dir </path/to/plugins>
Define location where plugins can be found.
.TP
.B \-\-profile </path/to/profile>
Provide alternative profile to perform the scan.
.TP
.B \-\-quick (\-Q)
Do a quick scan (don't wait for user input).
.TP
.B \-\-quiet (\-q)
Try to run as silent as possible, showing only warnings. This option activates
\-\-quick as well.
.TP
.B \-\-report\-file </path/to/report>
Provide an alternative name for report file.
.TP
.B \-\-reverse\-colors
Optimize screen output for light backgrounds.
.TP
.B \-\-tests TEST-IDs
Only run the specific test(s). When using multiple tests, add quotes around the
line.
.TP
.B \-\-tests\-category <category>
Only perform tests from particular tests. Use \-\-view\-categories to determine
valid options.
.TP
.B \-\-upload
Upload data to Lynis Enterprise server.
.TP
.B \-\-view\-categories
Display all available test categories.
.RE
.PP
.RS
Multiple parameters are allowed, though some parameters can only be used together
with others. When running Lynis without any parameters, help will be shown and
the program will exit.
.RE
.PP
.SH "BUGS"
Discovered a bug? Please report them via e-mail (lynis-dev@cisofy.com) or via GitHub: https://github.com/CISOfy/Lynis
.RE
.PP
.SH "LICENSING"
Lynis is licensed with the GPL v3 license and under development by CISOfy and Michael Boelen. Plugins have their own license.
.RE
.PP
.SH "CONTACT INFORMATION"
Support and project related questions are addressed via https://cisofy.com/support/.