How to Install Lynis on Ubuntu 18.04

In this guide, we will explain how to install the Lynis community edition on an Ubuntu 18.04 VPS.

Lynis is an open-source tool for security auditing, compliance testing, and vulnerability detection. Lynis also scan for general system information and possible configuration issues and provide tips for further system hardening.

Lynis comes in two editions, community and enterprise. The enterprise editions include more tests and it is bundled with plugins. When extended with plugins, Lynis will perform additional tests and collect more system information. Lynis runs on all Linux distributions and it is used by thousands of developers, system administrators, IT auditors, and penetration testers all around the world.

This guide should work on other Linux VPS systems as well, but it was tested and written for an Ubuntu 18.04 VPS.

Step 1: Install Required packages

Log in to your VPS via SSH as root or sudo user:

ssh userame@IP_Address -p Port_Number

Don’t forget to replace “IP_Address” and “Port_Number” with the IP address and SSH port number of your server.

Issue the following commands to update all packages:

sudo apt-get update
sudo apt-get upgrade

Step 2: Installing Lynis

Lynis can be installed via a package manager or by a direct download of the source tarball. In this tutorial, we will download install the latest Lynis software package from the Lynis download page.

First, navigate to the /usr/local/ directory and download the tar.gz archive with the following command:

cd /usr/local/
sudo wget https://downloads.cisofy.com/lynis/lynis-2.7.3.tar.gz 

On success, the command will output something that looks similar to this:

--2019-04-13 03:08:53--  https://downloads.cisofy.com/lynis/lynis-2.7.3.tar.gz
Resolving downloads.cisofy.com (downloads.cisofy.com)... 37.97.194.171, 2a01:7c8:aac2:37b::1
Connecting to downloads.cisofy.com (downloads.cisofy.com)|37.97.194.171|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 282609 (276K) [application/octet-stream]
Saving to: 'lynis-2.7.3.tar.gz'

Once the file is downloaded, unpack it with this next line:

tar xf lynis-2.7.3.tar.gz

Set the required permissions:

sudo chmod 755 /usr/local/lynis/lynis

You can now run the following commands to check the Lynis version:

/usr/local/lynis/lynis --version

The command will print the Lynis version number and quit:

2.7.3

To check for a new version, run the following:

/usr/local/lynis/lynis update info
 == Lynis ==

  Version            : 2.7.3
  Status             : Up-to-date
  Release date       : 2019-03-21
  Update location    : https://cisofy.com/lynis/


2007-2019, CISOfy - https://cisofy.com/lynis/

At the time of writing this article, the latest Lynis version is 2.7.3.

If there is a new update, you can update Lynis to the latest version that usually includes new features and bug fixes using the following command:

/usr/local/lynis/lynis update release

Step 3: Using Lynis

To perform a system audit, simply run this next command:

/usr/local/lynis/lynis audit
[+] Initializing program
------------------------------------
  - Detecting OS...                                           [ DONE ]
  - Checking profiles...                                      [ DONE ]

  ---------------------------------------------------
  Program version:           2.7.3
  Operating system:          Linux
  Operating system name:     Ubuntu Linux
  Operating system version:  18.04
  Kernel version:            4.15
  Hardware platform:         x86_64
  Hostname:                  vps
  ---------------------------------------------------
  Profiles:                  /etc/lynis/default.prf
  Log file:                  /var/log/lynis.log
  Report file:               /var/log/lynis-report.dat
  Report version:            1.0
  Plugin directory:          /usr/local/lynis/plugins
  ---------------------------------------------------
  Auditor:                   [Not Specified]
  Language:                  en
  Test category:             all
  Test group:                all
  ---------------------------------------------------
  - Program update status...                                  [ NO UPDATE ]

  ...

  Hardening index : 68 [#############       ]
  Tests performed : 232
  Plugins enabled : 0

  Components:
  - Firewall               [V]
  - Malware scanner        [X]

  Lynis modules:
  - Compliance status      [?]
  - Security audit         [V]
  - Vulnerability scan     [V]

  Files:
  - Test and debug information      : /var/log/lynis.log
  - Report data                     : /var/log/lynis-report.dat

Lynis scan results are stored in the /var/log/lynis.log log file.

We can filter the log for warning messages using the grep command:

sudo grep -i warning /var/log/lynis.log

2019-04-14 10:45:36 Warning: One or more deprecated options used [test:LYNIS] [details:show_tool_tips] [solution:Update your profile]
2019-04-14 10:46:25 Warning: iptables module(s) loaded, but no rules active [test:FIRE-4512] [details:-] [solution:-]

Also, we can filter the log for suggestion messages with the following command:

sudo grep -i suggestion /var/log/lynis.log

...
2019-04-14 10:46:37 Suggestion: Turn off PHP information exposure [test:PHP-2372] [details:expose_php = Off] [solution:-]
2019-04-14 10:46:37 Suggestion: Change the allow_url_fopen line to: allow_url_fopen = Off, to disable downloads via PHP [test:PHP-2376] [details:-] [solution:-]
2019-04-14 10:46:39 Suggestion: Check what deleted files are still in use and why. [test:LOGG-2190] [details:-] [solution:-]
2019-04-14 10:46:40 Suggestion: Add a legal banner to /etc/issue, to warn unauthorized users [test:BANN-7126] [details:-] [solution:-]
2019-04-14 10:46:40 Suggestion: Add legal banner to /etc/issue.net, to warn unauthorized users [test:BANN-7130] [details:-] [solution:-]
2019-04-14 10:46:41 Suggestion: Enable process accounting [test:ACCT-9622] [details:-] [solution:-]
2019-04-14 10:46:41 Suggestion: Enable sysstat to collect accounting (no results) [test:ACCT-9626] [details:-] [solution:-]
2019-04-14 10:46:43 Suggestion: Check output of aa-status [test:MACF-6208] [details:/sys/kernel/security/apparmor/profiles] [solution:text:Run aa-status]
2019-04-14 10:46:43 Suggestion: Install a file integrity tool to monitor changes to critical and sensitive files [test:FINT-4350] [details:-] [solution:-]
2019-04-14 10:46:43 Suggestion: Determine if automation tools are present for system management [test:TOOL-5002] [details:-] [solution:-]
2019-04-14 10:46:44 Suggestion: Harden compilers like restricting access to root user only [test:HRDN-7222] [details:-] [solution:-]
2019-04-14 10:46:44 Suggestion: Harden the system by installing at least one malware scanner, to perform periodic file system scans [test:HRDN-7230] [details:-] [solution:Install a tool like, OSSEC]

That’s it. You have successfully installed Lynis on your Ubuntu 18.04 VPS. For more information about how to manage your Lynis installation, please refer to the official Lynis documentation.


Of course, you don’t have to do any of this if you use one of our Linux VPS Hosting services, in which case you can simply ask our expert Linux admins to set up Lynis for you. They are available 24×7 and will take care of your request immediately.

PS. If you liked this post or if you found it helpful, please share it with your friends on the social networks using the share shortcut buttons, or simply leave a comment down below. Thanks.

Leave a Comment