Lynis is a security auditing for UNIX derivatives like Linux, Mac OS X, BSD, and Solaris. It performs an in-depth security scan on the system itself, with the goal to detect issues and provide tips for further system hardening. It will also scan for general system information, vulnerable software packages, and possible configuration issues. Lynis is commonly used by people in the “blue team” to assess the security defenses of their systems.
- Automated security auditing
- Compliance testing (e.g. PCI-DSS, HIPAA)
- Vulnerability detection
The software aims to also assist with:
- Configuration management
- Software patch management
- System hardening
- Penetration testing
- Malware scanning
- Intrusion detection
- Convert all skipped tests to uppercase
- Only add license key when it is defined
- Updated French translation
- Exclude custom.prf from tarball (download via website)
The biggest change in this release is the optimization of several functions. It allows for better detection, and dealing with the quirks, of every single operating system. Some functions were fortified to handle unexcepted results better, like missing a particular binary, or not returning the hostname.
This release also enables tests to be shorter, by adding new functions. Some functions were renamed or slightly changed, to provide more value to the tooling. Another big change in this release is a wide set of optimizations and quality testing. Outdated pieces were removed, or rewritten, to support features seen in newer distributions.
In the area of compliance, adjustments have been made to start supporting more in-depth testing for this. Ideal for companies who have a particular compliance need, or want to test and enforce the system hardening levels of their systems.
Full Changelog: here
[button size=large style=round color=red align=none url=https://github.com/CISOfy/lynis]Download Lynis v3.2.1[/button]