Lynis v2.3.0 : is a system and security auditing tool for Unix/Linux

Lynis v2.3.0 : is a system and security auditing tool for Unix/Linux

Changelog Lynis 2.3.0 (2016-07-13):

We are excited to announce this major release of auditing tool Lynis. Several big changes have been made to core functions of Lynis. These changes are the next of simplification improvements we made. There is a risk of breaking your existing configuration. See the tips below to upgrade.

This release will soon also be available in our software repository. For more details see to install and upgrade Lynis. Upgrade tips

Default profile and custom profiles:
Settings of multiple profiles can now be merged. Instead of making changes to default.prf, copy your changes to custom.prf. Use ‘lynis show profiles’ to show any detected profiles. Only include your changes in custom.prf, to keep the configuration clean and tidy. They will then overwrite the defaults. Use ‘lynis show settings’ to see if they are applied.

Check your cron jobs:
When using –quiet, the output will be really quiet now. Use –show-warnings-only
if you still want to see the warnings. Lynis will now exit with error 0, even
when warnings have been found. Use option error-on-warnings=yes (custom.prf) to
exit with code 78 when it has any warnings.


New Ansible examples for deployment:

Lynis will check also for DB2 instances and report the status.
Developer Mode

With this release the developer mode is introduced. It can be activated with the –developer option, or developer-mode=yes in profile. In development mode, some details are displayed on screen, to help testing of existing or new tests.

To get easy access, a new profile has been added (developer.prf).

lynis audit system –profile developer.prf
lynis audit system –developer

A new software development kit (SDK) for Lynis is available on GitHub. This will help contributors and developers to test software quality, including linting and running unit tests. The devkit also supports building DEB and RPM files for easy deployment. The repository can be found on

Template files have been updated to provide better examples on how to create
custom tests and plugins.

To simplify the usage of Lynis, a new helper utility has been added: show.
This helper will show help, or values (e.g. version, plugin directories, etc).
Some examples include: lynis show options, lynis show commands, lynis show
version, etc. See lynis show for all available details.
File Systems

The XFS file system detection has been added. Mount points /dev/shm and /var/tmp are now checked for their options. Comparison of the mount options has been improved. A new test has been added to check if /var/tmp has been bound to /tmp.
Language Support

Lynis now supports language translations, with the language profile option.
Initial languages: Dutch (nl), English (en), French (fr).

You can help by translating the language files in the db directory.
Mac OS X Improvements

Package manager Brew has been added

Show suggestion when weak protocol is used, like SSLv2 or SSLv3. The protocols are now also parsed and stored as details in the report file.

Systems running CentOS, Debian, openSUSE, RHEL, Ubuntu and others, may now use our own software repository:

Several performance improvements have been implemented. This includes rewriting tests to invoke less commands and enhanced hardware detection at the beginning.

You can set the plugin directory now also via a profile. First match wins.
Priority: 1) argument, 2) profile, 3) default

–plugindir is now an alias for –plugin-dir

Lynis now support multiple profiles. By using a file ‘custom.prf’, it allows to inherit values first from default.prf, then merge it with custom.prf.

Several tests have been altered to support multiple profiles.

New profile options:
quick=yes|no (similar to –quick)
developer (see Developer section)
Remote scanning

Although Lynis is a aimed on running on local hosts, there is still an ongoing
demand for running remote scans. With ‘lynis audit system remote’ tips are now
provides to perform such a scan via SSH.

Zypper calls are now marked with a non-interactive flag to prevent it waiting for
any interactive input.

Improve execution for Solaris systems.


The configuration of SSH is now parsed from the SSH daemon directly. This enables handling with new defaults more easily, as OpenSSH sometimes introduces new keys, or change their default value between versions. Systemd

Added support for detecting systemd and reporting it as a service manager. The systemd plugin has been released as a community plugin.

Solved a bug which added the proxy configuration twice.

Profile options: upload-tool and upload-tool-arguments

General Improvements

The screen output has been improved, to show more meaningful things when some
parameters are missing. Several old variables and lines have been cleaned up.

The Display function now allows the –debug flag. This helps in showing some
lines on screen, which would normally be hidden (e.g. items not found or

Logging has been improved in different areas, like cleaning up and add more

relevant messages where needed.

The interface colors have been changed, to make it more obvious how the software
can be used. Also the wait line between categories have been altered, to properly
display on systems with a white background.

When no auditor name has been specified, it will say that instead of unknown.

Functions file has been cleaned up, including adding developer debug information
when old functions are still be used. Later on these functions will be deleted,
and therefore placed at the bottom.

Program Options

–developer – Enable developer mode
–verbose – Show more details on screen, reduce in normal mode
–show-warnings-only – Only show warnings on screen
–skip-plugins – Disable running any plugins (alias: –no-plugins)
–quiet – Changed: become really quiet
–config – Removed: use ‘lynis show profiles’ instead


AddSetting – New function to store settings (lynis show settings)
ContainsString – New function to search for a string in another one
Display – Added –debug, showing details on screen in debug mode – Reset identation for lines which are too long
DisplayToolTip – New function to display tooltips
IsDebug – Check for usage of –debug
IsDeveloperMode – Status for development and debugging (–developer)
IsDeveloperVersion – Check if release is still under development
IsRunning – Added return state
IsVerbose – Check for usage of –verbose
IsOwnedByRoot – Check ownership of files and directories
IsWorldWritable – Improved test with additional details
PortIsListening – Check if a service it listening to a specified port
SkipAtomicTest – Allow smaller tests to be skipped (e.g. SSH-7408)


AUTH-9234 – Test for minimal UID in /etc/login.defs when available
AUTH-9254 – Allow allow root to use this test, due to permissions
AUTH-9262 – Restructure of test, support for pwquality PAM
AUTH-9288 – Only check for accounts which have a maximum password age set
AUTH-9308 – Check for systemd targets
BANN-7119 – /etc/motd test disabled
BANN-7122 – /motd content test disabled
BOOT-5122 – Extended GRUB password check
BOOT-5184 – Improve file permissions check for CentOS 7 machines
DBS-1860 – Check for status of DB2
CRYP-7902 – Improved logging
FILE-6354 – Restrict searching in /tmp to mount point only
FILE-6372 – Properly checking for /etc/fstab now, ignore comments
FILE-6374 – Added /dev/shm and /var/tmp
FILE-6374 – New test for /var/tmp
FILE-6430 – New test for detecting specific filesystems
FILE-7524 – Support for multiple profiles
HTTP-6632 – Fix for proper detection of Apache modules
HTTP-6642 – Test disabled
HTTP-6710 – Trigger suggestion when weak protocols SSLv2/SSLv3 are used
KRNL-5788 – Support for kernel with grsecurity patches (linux-image-grsec)
KRNL-5820 – Improved logging for test
KRNL-6000 – Allow multiple profiles to be used, store more details
LOGG-2190 – Improvements for Fail2Ban and cron-related files
NETW-3014 – Support for multiple profiles
PKGS-7303 – Added Brew package manager
PKGS-7354 – Test for DNF repoquery plugin before using it
PKGS-7381 – Check for vuln.xml file
PRNT-2306 – Check if files are readable before parsing them
PROC-3612 – Removed wchan output to prevent grsecurity issues
SCHD-7702 – Test for running cron daemon
SCHD-7704 – Test ownership of cronjob files
SSH-7408 – Show weak configurations of SSH on screen as a suggestion
TOOL-5102 – Test for Fail2ban tooling
TOOL-5190 – Test for intrusion detection or prevention system


PLGN-1602 – Marked as root-only
PLGN-2612 – Marked as root-only
PLGN-2804 – Marked as root-only
PLGN-3202 – Marked as root-onlylynis-v2-3-0

Template files have been updated to provide better examples on how to create custom tests and plugins.

lynis v2.2.1

lynis v2.2.1

lynis v2.2.0

lynis v2.2.0



Lynis is a security auditing for Unix derivatives like Linux, BSD, and Solaris. It performs an in-depth security scan on the system to detect software and security issues. Besides information related to security, it will also scan for general system information, vulnerable software packages, and possible configuration issues.
We believe software should be simple, updated on a regular basis and open. You should be able to trust, understand, and even alter the software. Many agree with us, as the software is being used by thousands every day to protect their systems.

Main goals:
+ Security auditing (automated)
+ Compliance testing (e.g. PCI-DSS, HIPAA)
+ Vulnerability testing

The software aims to also assist with:
+ Configuration management
+ Software patch management
+ System hardening
+ Penetration testing
+ Malware scanning
+ Intrusion detection


Download :  | 2.3.0.tar.gz
Our post Before :