As you can see, the Lynis v2.6.2 is available in the ubuntu universe repos. By the time of writing this tutorial, Lynis 3.0.6 is the current stable release version.<\/p>\n You can download the latest release from the Lynis community software repository.<\/p>\n First, download and add the PGP signing key from a central keyserver. Execute the commands:<\/p>\n Next, add the Lynis repository to the system package repository list as shown:<\/p>\n To use Lynis with only English, disable translations from being downloaded as shown:<\/p>\n Next, update the system packages before proceeding with the installation. Run the commands:<\/p>\n Now we are ready to install Lynis on our system. Execute the command:<\/p>\n Once the installation is done, confirm the Lynis version installed on your system as shown:<\/p>\n Now that the latest version of Lynis is installed, let\u2019s learn how to use this tool to audit the system. The syntax of the Lynis command is as follows:<\/p>\n We can view the Lynis commands as shown:<\/p>\n To view settings run:<\/p>\n Let’s proceed and perform a system audit on the machine. Run the following command:<\/p>\n During the auditing process, Lynis executes tests and generates output separated into many areas such as security, suggestions, file system, test result, debug information, and so on. The auditing report is saved to \/var\/log\/lynis-report.dat, and all test and debug information is written to \/var\/log\/lynis.log. The report file contains general information on the system application, server vulnerable packages, and so forth. The prior test results will be overwritten each time you perform a new system audit.<\/p>\n The example below displays several auditing results labeled by keywords such as Enabled, Found, Not Found, Ok, Suggestion, etc. Any output with the Warning keyword needs to be checked and fixed.<\/p>\n System Audit Output<\/p>\n Lynis provided suggestions at the end of the auditing on how to harden your system.<\/p>\n Each system check has a unique test ID. If you require additional information about a certain test, use the command below and its ID and display further information.<\/p>\n In this example, we will find out more about a test with a suggestion from Lynis.<\/p>\n![](\"http:\/\/linuxways.net\/wp-content\/uploads\/2021\/11\/word-image-142.png\")
<\/strong><\/p>\nStep 2: Install PGP key & Repo.<\/h2>\n
\r\n$ wget -O - https:\/\/packages.cisofy.com\/keys\/cisofy-software-public.key | sudo apt-key add -\r\n<\/pre>\n
\r\n$ echo \"deb https:\/\/packages.cisofy.com\/community\/lynis\/deb\/ stable main\" | sudo tee \/etc\/apt\/sources.list.d\/cisofy-lynis.list\r\n<\/pre>\n
\r\n$ echo 'Acquire::Languages \"none\";' | sudo tee \/etc\/apt\/apt.conf.d\/99disable-translations<\/pre>\n
Step 3: Update Packages<\/h2>\n
\r\n$ sudo apt install apt-transport-https\r\n\r\n$ sudo apt update\r\n<\/pre>\n
Step 4: Install Lynis<\/h2>\n
\r\n$ sudo apt install lynis\r\n<\/pre>\n
\r\n$ lynis show version\r\n<\/pre>\n
![](\"http:\/\/linuxways.net\/wp-content\/uploads\/2021\/11\/word-image-145.png\")
<\/strong><\/p>\nStep 5: Lynis Command Line Syntax and Options<\/h2>\n
\r\n$ lynis [scan mode] [other options]\r\n<\/pre>\n
\r\n$ lynis show commands\r\n<\/pre>\n
![](\"http:\/\/linuxways.net\/wp-content\/uploads\/2021\/11\/word-image-147.png\")
<\/strong><\/p>\n\r\n$ lynis show settings\r\n<\/pre>\n
![](\"http:\/\/linuxways.net\/wp-content\/uploads\/2021\/11\/word-image-150.png\")
<\/strong><\/p>\nStep 6: Auditing a Linux System Using Lynis<\/h2>\n
\r\n$ sudo lynis audit system\r\n<\/pre>\n
![](\"http:\/\/linuxways.net\/wp-content\/uploads\/2021\/11\/word-image-152.png\")
<\/p>\n![](\"http:\/\/linuxways.net\/wp-content\/uploads\/2021\/11\/word-image-154.png\")
<\/p>\n![](\"http:\/\/linuxways.net\/wp-content\/uploads\/2021\/11\/word-image-156.png\")
<\/p>\nDisplay Details of a Specific Test or Suggestion<\/h2>\n
\r\n$ lynis show details TEST-ID\r\n<\/pre>\n
\r\n$ lynis show details HRDN-7222\r\n<\/pre>\n
![](\"http:\/\/linuxways.net\/wp-content\/uploads\/2021\/11\/word-image-157.png\")
<\/p>\n