Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help
Lynis(8)	      Unix System Administrator's Manual	      Lynis(8)

NAME
	Lynis -	System and security auditing tool

SYNOPSIS
       lynis [scan mode] [other	options]

DESCRIPTION
       Lynis  is  a security auditing tool for Linux, macOS, and other systems
       based on	UNIX. The tool checks the system and the  software  configura-
       tion,  to  see  if  there  is any room for improvement the security de-
       fenses. All details are stored in a log file. Findings and  other  dis-
       covered	data  is stored	in a report file.  This	can be used to compare
       differences between audits. Lynis can run interactively or as  a	 cron-
       job.  Root  permissions	(e.g.  sudo) are not required, however provide
       more details during the audit.

       The following system areas may be checked:

	      -	Boot loader files

	      -	Configuration files

	      -	Software packages

	      -	Directories and	files related to logging and auditing

FIRST TIME USAGE
       When running Lynis for the first	time, run: lynis audit system

COMMANDS
       audit <type>
	      Perform an audit of the selected type

       upload-only
	      Upload the available report data file

	      See HELPERS section for more commands.

SCAN TYPES
       audit system
	      Performs a system	audit, which is	the most common	audit.

       audit system remote <host>
	      Provide commands to do a remote scan.

       For more	scan modes, see	the helper utilities.

OPTIONS
       --auditor <name>
	      Define the name of the auditor/pentester.	When a	full  name  is
	      used, add	double quotes, like "Your Name".

       --cronjob
	      Perform  automatic  scan	with  cron safe	options	(no colors, no
	      questions, no breaks).

       --debug
	      Display debug information	to  screen  for	 troubleshooting  pur-
	      poses.

       --developer
	      Display detailed information useful for developers when creating
	      tests.

       --forensics
	      Perform the audit	on a running or	mounted	system (see --rootdir)

       --help Show available commands and most-used options.

       --logfile </path/to/logfile>
	      Defines location and  name  of  log  file,  instead  of  default
	      /var/log/lynis.log.

       --man  Show  the	 man page. Useful for systems that do not have the man
	      page installed.

       --no-colors
	      Disable colored output.

       --no-log
	      Redirect all logging information to /dev/null,  prevents	sensi-
	      tive information to be written to	disk.

       --no-plugins
	      Do not run any of	the enabled plugins.

       --pentest
	      Run a non-privileged scan, usually used for penetration testing.
	      Some of the tests	will be	skipped	if they	require	 root  permis-
	      sions.

       --plugin-dir </path/to/plugins>
	      Define location where plugins can	be found.

       --profile <file>
	      Provide alternative profile to perform the scan.

       --quick (-Q)
	      Do a quick scan (default:	don't wait for user input).

       --quiet (-q)
	      Run  quietly  and	 do not	show anything to the screen. Will also
	      enable quick mode.

       --report-file <file>
	      Provide an alternative name for report file.

       --reverse-colors
	      Optimize screen output for light backgrounds.

       --tests TEST-IDs
	      Only run the specific test(s). When using	 multiple  tests,  add
	      quotes around the	line.

       --tests-from-category <category>
	      Tests are	only performed if they belong to the defined category.
	      Use the command  'show categories' to determine  all  valid  op-
	      tions.

       --tests-from-group <group>
	      Similar to --tests-from-category.	Only perform tests from	a par-
	      ticular group.  Use 'show	groups'	to determine valid options.

       --use-cwd
	      Run from the current working directory.

       --upload
	      Upload data to Lynis  Enterprise	server	(profile  option:  up-
	      load=yes).

       --verbose
	      Show  more  details on screen, such as components	that could not
	      found. These details are hidden by default.

       --wait Wait for user to continue. This adds a break after each  section
	      (opposed of --quick).

       --warnings-only
	      Run quietly, except show warnings.

	      Multiple parameters are allowed, though some parameters can only
	      be used together with others. When running Lynis without any pa-
	      rameters,	help will be shown and the program will	exit.

HELPERS
       Lynis  has  special helpers to do certain tasks.	This way the framework
       of Lynis	is used, while at the same time	storing	most of	the  function-
       ality  in a separated file. This	speeds up execution and	keeps the code
       clean.

       audit  Run audit	on the system or on other targets

       configure <parameter>
	      Change or	add settings to	the config file

       generate	<parameter>
	      Generate specific	details	such as	host IDs

       show <parameter>
	      Show information,	such as	configuration and paths

       update <parameter>
	      Perform activities regarding updating

       To use a	helper,	run 'lynis' followed by	the helper name.

EXIT CODES
       Lynis uses exit codes to	signal any invoking script. Currently the fol-
       lowing codes are	used:

       0      Program exited normally

       1      Fatal error

       64     An unknown parameter is used, or incomplete

       65     Incorrect	data encountered

       66     Can't open file or directory

       78     Lynis  found  1  or more warnings	or configurations errors (with
	      error-on-warnings=yes)

BUGS
       Bugs can	be reported via	GitHub at  https://github.com/CISOfy/lynis  or
       via support@cisofy.com

DOCUMENTATION
       Supporting documentation	can be found via https://cisofy.com/support/

LICENSING
       Lynis  is  licensed as GPLv3. The tool was created by Michael Boelen in
       2007. Since 2013	its development	has been taken over  by	 CISOfy	 under
       the management of Michael Boelen. Plugins may have a different license.

CONTACT	INFORMATION
       Support	requests and project related questions can be addressed	via e-
       mail: lynis-dev@cisofy.com.

1.32				  14 Feb 2020			      Lynis(8)

NAME | SYNOPSIS | DESCRIPTION | FIRST TIME USAGE | COMMANDS | SCAN TYPES | OPTIONS | HELPERS | EXIT CODES | BUGS | DOCUMENTATION | LICENSING | CONTACT INFORMATION

Want to link to this manual page? Use this URL:
<https://www.freebsd.org/cgi/man.cgi?query=lynis&sektion=8&manpath=FreeBSD+12.2-RELEASE+and+Ports>

home | help