SYNOPSIS

lynis --check-all(-c) [other options]

DESCRIPTION

Lynis is an auditing tool for Unix (specialists). It checks the system and software configuration and logs all the found information into a log file for debugging purposes, and in a report file suitable to create fancy looking auditing reports. Lynis can be run as a cronjob, or from the command line. It needs to have full access to the system, so running it as root (or with sudo rights) is required.

The following system areas may be checked:

  • - Boot loader files

  • - Configuration files

  • - Common files by software packages

  • - Directories and files related to logging and auditing

OPTIONS

--auditor <full name>

Define the name of the auditor/pen-tester. When a full name is used, add double quotes, like "Michael Boelen".

--checkall (or -c)

Lynis performs a full check of the system, printing out the results of each test to stdout. Additional information will be saved into a log file (default is /var/log/lynis.log).

  • In case the outcome of a scan needs to be automated, use the report file.

--check-update (or --info)

Show program, database and update information

--cronjob

Perform automatic scan with cron safe options (no colors, no questions, no breaks).

--debug

Display debug information to screen for troubleshooting purposes.

--logfile </path/to/logfile>

Defines location and name of log file, instead of default /var/log/lynis.log.

--no-colors

Do not use colors for messages, warnings and sections.

--no-log

Redirect all logging information to /dev/null, prevent sensitive information to be written to disk.

--pentest

Run a non-privileged scan, usually for penetration testing. Some of the tests will be skipped if they require root permissions.

--plugin-dir </path/to/plugins>

Define location where plugins can be found.

--quick (-Q)

Do a quick scan (don't wait for user input)

--quiet (-q)

Try to run as silent as possible, showing only warnings. This option activates --quick as well.

--reverse-colors

Optimize screen output for light backgrounds.

--tests TEST-IDs

Only run the specific test(s). When using multiple tests, add quotes around the line.

--upload

Upload data to Lynis Enterprise server.

--view-categories

Display all available test categories.

Multiple parameters are allowed, though some parameters can only be used together with others. When running Lynis without any parameters, help will be shown and the program will exit.

BUGS

There are no known bugs. Bugs can be reported via e-mail: [email protected]

LICENSING

Lynis is licensed under the GPL v3 license and under development by Michael Boelen.

CONTACT INFORMATION

Project related questions and comments can be asked via http://cisofy.com/contact/.