Automating Security Audits with Lynis

Introduction

Lynis is a security scanner that checks system configuration, software updates, and security settings. It provides actionable recommendations to improve your VPS security posture.

1. Installing Lynis

sudo apt install lynis or from GitHub for latest version.

2. Running an Audit

sudo lynis audit system. It produces a report with warnings and suggestions.

3. Understanding the Lynis Score

Lynis calculates a hardening index (0‑100). Aim for >70.

4. Viewing Details

Check /var/log/lynis.log and /var/log/lynis-report.dat for details.

5. Automating with Cron

Schedule lynis audit system --cronjob daily and email results.

6. Customising Tests

Edit /etc/lynis/lynis.include to skip certain tests (e.g., if you don’t use Docker).

7. Remediation Steps

For each warning, follow the advice: install missing security packages, set kernel parameters, etc.

8. Checking Kernel Hardening

Lynis checks sysctl settings (IPv6, reverse path filtering, etc.). Apply recommended changes.

9. Service and Daemon Auditing

Identifies unnecessary services (e.g., rpcbind, avahi‑daemon) – disable them.

10. File Permission Checks

Reports world‑writable files, weak permissions on SSH keys, etc.

11. Malware Detection Integration

Lynis runs RKHunter and ClamAV if installed – keep them updated.

12. Firewall and SSH Hardening

Lynis validates UFW/iptables rules, SSH protocol settings, and root login.

13. Lynis Enterprise (Paid)

For multi‑server centralised reporting, consider Lynis Enterprise.

14. Periodic Audits

Run after major configuration changes (e.g., new services, kernel updates).

15. Compliance Profiles

Lynis can test against PCI‑DSS or HIPAA with custom profiles.

16. Integrating with SIEM

Feed Lynis reports into centralised logging.

17. Docker Container Auditing

Run Lynis from inside containers to audit their configuration (limited useful).

18. Security Framework Alignment

Lynis follows CIS benchmarks and other standards.

19. Reducing False Positives

Exclude tests that are not applicable using configuration file.

20. Tracking Improvement Over Time

Record your hardening index each month to measure progress.

Conclusion

Run Lynis monthly to automate security checks. Prioritise warnings that affect remote access and authentication.

# Lynis # Security Audit # Hardening