January 27, 2022
How to install Lynis on Ubuntu 20.04

How to Install Lynis On Ubuntu 20.04 LTS

On this article we will learn how to install Lynis version 3.0.6, an extensible security audit tool tools on Linux Ubuntu 20.04 LTS operating system.

Introduction

Lynis is an open-source security auditing tool designed for running on Linux, macOS, and UNIX derivatives such as FreeBSD and OpenBSD. It helps system administrators and security professionals with scanning a system and its security defenses, with the final goal being system hardening. Lynis is used for a several purposes including vulnerability detection, security auditing, and compliance testing. On this article we will install Lynis version 3.0.6 on Ubuntu 20.04 LTS operating system.

Installing Lynis on Ubuntu 20.04 LTS

Lynis is already available in the Ubuntu repositories, but it is older than the one provided by the Lynis repository. We can check what version is in the Ubuntu repository by typing the command line:

$ apt-cache policy lynis
mpik@worker1:~$ apt-cache policy lynis
lynis:
  Installed: (none)
  Candidate: 2.6.2-1
  Version table:
     2.6.2-1 500
        500 http://us.archive.ubuntu.com/ubuntu focal/universe amd64 Packages
        500 http://us.archive.ubuntu.com/ubuntu focal/universe i386 Packages
Lynis Ubuntu 20.04 repository
Lynis Ubuntu 20.04 repository

On this article, we will use the Official Lynis Community repository. The installation process will be consist of several stages, as described below.

  1. Adding Lynis Repository
  2. Update System
  3. Install Lynis On Ubuntu 20.04
  4. Testing Lynis Command Line

A detailed description of the Lynis installation will be discussed in the sub-chapters below.

Adding Lynis Repository

The first step is to add the Lynis Community repository, by texting command line :

$ wget -O - https://packages.cisofy.com/keys/cisofy-software-public.key | sudo apt-key add -

As shown below.

mpik@worker1:~$ wget -O - https://packages.cisofy.com/keys/cisofy-software-public.key | sudo apt-key add -
--2021-12-25 17:31:59--  https://packages.cisofy.com/keys/cisofy-software-public.key
Resolving packages.cisofy.com (packages.cisofy.com)... 37.97.194.171
Connecting to packages.cisofy.com (packages.cisofy.com)|37.97.194.171|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 5318 (5.2K) [application/octet-stream]
Saving to: ‘STDOUT’

-                            100%[==============================================>]   5.19K  --.-KB/s    in 0s      

2021-12-25 17:32:02 (577 MB/s) - written to stdout [5318/5318]

OK

Then we enable it by submitting command line :

$ echo "deb https://packages.cisofy.com/community/lynis/deb/ stable main" | sudo tee
mpik@worker1:~$ echo "deb https://packages.cisofy.com/community/lynis/deb/ stable main" | sudo tee /etc/apt/sources.list.d/cisofy-lynis.list
deb https://packages.cisofy.com/community/lynis/deb/ stable main
Adding Lynis Repository
Adding Lynis Repository

Update Ubuntu System

By updating Ubuntu 20.04 system, it will refresh the local list of available packages software to the newer stable version. To update Ubuntu 20.04 repositories, we will use the command line.

$ sudo apt update
mpik@worker1:~$ sudo apt update
Hit:1 http://us.archive.ubuntu.com/ubuntu focal InRelease                                                          
Hit:2 http://deb.anydesk.com all InRelease                                                                         
Hit:3 https://download.mono-project.com/repo/ubuntu stable-focal InRelease                                         
Hit:4 https://apt.releases.hashicorp.com focal InRelease                                                           
Err:2 http://deb.anydesk.com all InRelease                                                                         
  The following signatures were invalid: EXPKEYSIG 18DF3741CDFFDE29 philandro Software GmbH <info@philandro.com>
Hit:5 http://us.archive.ubuntu.com/ubuntu focal-updates InRelease                                                  
Hit:6 http://security.ubuntu.com/ubuntu focal-security InRelease                                                   
Hit:7 http://us.archive.ubuntu.com/ubuntu focal-backports InRelease                                                
Hit:8 https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/xUbuntu_20.04  InRelease
Get:9 https://packages.cisofy.com/community/lynis/deb stable InRelease [11.4 kB]
Get:10 https://packages.cisofy.com/community/lynis/deb stable/main amd64 Packages [672 B]
Get:11 https://packages.cisofy.com/community/lynis/deb stable/main i386 Packages [672 B]
Fetched 12.8 kB in 5s (2,524 B/s)

Install Lynis

After all are set, then we will install Lynis by submitting APT command line.

$ sudo apt install lynis
mpik@worker1:~$ sudo apt install lynis
Reading package lists... Done
Building dependency tree       
Reading state information... Done
The following packages were automatically installed and are no longer required:
  chromium-bsu-data fonts-uralic libalut0 libglc0 libglewmx1.13 libgtkglext1 libminizip1 libopenal-data libopenal1
  libpangox-1.0-0 libsdl2-2.0-0 libsdl2-image-2.0-0 libsndio7.0 linux-headers-5.11.0-38-generic
  linux-hwe-5.11-headers-5.11.0-38 linux-image-5.11.0-38-generic linux-modules-5.11.0-38-generic
  linux-modules-extra-5.11.0-38-generic
Use 'sudo apt autoremove' to remove them.
The following NEW packages will be installed:
  lynis
0 upgraded, 1 newly installed, 0 to remove and 331 not upgraded.
Need to get 262 kB of archives.
After this operation, 1,681 kB of additional disk space will be used.
Get:1 https://packages.cisofy.com/community/lynis/deb stable/main amd64 lynis all 3.0.6-100 [262 kB]
Fetched 262 kB in 9s (28.4 kB/s)                                                                                   
Selecting previously unselected package lynis.
(Reading database ... 228566 files and directories currently installed.)
Preparing to unpack .../lynis_3.0.6-100_all.deb ...
Unpacking lynis (3.0.6-100) ...
Setting up lynis (3.0.6-100) ...
Processing triggers for man-db (2.9.1-1) ...
Submiting Install Lynis
Submiting Install Lynis

After installation is completed done, then we will verify it by querying its version.

$ lynis show version
$ lynis update info
mpik@worker1:~$ lynis show version
3.0.6
mpik@worker1:~$ lynis update info

 == Lynis ==

  Version            : 3.0.6
  Status             : Up-to-date
  Release date       : 2021-07-22
  Project page       : https://cisofy.com/lynis/
  Source code        : https://github.com/CISOfy/lynis
  Latest package     : https://packages.cisofy.com/


2007-2021, CISOfy - https://cisofy.com/lynis/
Lynis Version
Lynis Version

Testing Lynis Command Line

On this stage, we have had Lynis installed on our system. Now we will try any command line which was provided on Lynis monitoring tools.

  • Displaying commands line on Lynis
$ lynis show commands
mpik@worker1:~$ lynis show commands

Commands:
lynis audit
lynis configure
lynis generate
lynis show
lynis update
lynis upload-only
  • List audit profile
$ lynis show profiles
mpik@worker1:~$ lynis show profiles 
/etc/lynis/default.prf
  • Displaying Lynis setting
mpik@worker1:~$ lynis show settings 
# Colored screen output
colors=1

# Compressed uploads
compressed-uploads=0

# Use non-zero exit code if one or more warnings were found
error-on-warnings=0

# Language
language=en

# License key
license-key=[not configured]

# Logging of tests that have a different OS
log-tests-incorrect-os=1

# Machine role (personal, workstation or server)
machine-role=server

# Pause between tests (in seconds)
pause-between-tests=0

# Quick mode (non-interactive)
quick=1

# Refresh repositories (for vulnerable package detection)
refresh-repositories=1

# Show more details in report (solution)
show-report-solution=1

# Show tool tips
show-tool-tips=1

# Skip plugins
skip-plugins=0

# Skip upgrade test
skip-upgrade-test=0

# Paths that should be ignored for SSL certificates
ssl-certificate-paths-to-ignore=/etc/letsencrypt/archive:space:

# Paths for SSL certificates
ssl-certificate-paths=/etc/apache2:/etc/dovecot:/etc/httpd:/etc/letsencrypt:/etc/pki:/etc/postfix:/etc/refind.d/keys:/etc/ssl:/opt/psa/var/certificates:/usr/local/psa/var/certificates:/usr/local/share/ca-certificates:/usr/share/ca-certificates:/usr/share/gnupg:/var/www:/srv/www

# Perform strict code test of scripts
strict=0

# Scan mode
test-scan-mode=full

# Upload options
upload-options=[not configured]

# Upload server (ip or hostname)
upload-server=[not configured]

# Data upload after scanning
upload=no

# Verbose output
verbose=0

# Add --brief to hide descriptions, --configured-only to show configured items only, or --nocolors to remove colors

Performing Security Audit

On this section, we will try to perform a basic security audit of our system. The Lynis will logs audit information in the /var/log/lynis.log file and stores the audit report in the /var/log/lynis-report.dat file. To perfrom basic security audit, we will submit command line :

$ sudo lynis audit system
mpik@worker1:~$ sudo lynis audit system

[ Lynis 3.0.6 ]

################################################################################
  Lynis comes with ABSOLUTELY NO WARRANTY. This is free software, and you are
  welcome to redistribute it under the terms of the GNU General Public License.
  See the LICENSE file for details about using this software.

  2007-2021, CISOfy - https://cisofy.com/lynis/
  Enterprise support available (compliance, plugins, interface and tools)
################################################################################


[+] Initializing program
------------------------------------
  - Detecting OS...                                           [ DONE ]
  - Checking profiles...                                      [ DONE ]

  ---------------------------------------------------
  Program version:           3.0.6
  Operating system:          Linux
  Operating system name:     Ubuntu
  Operating system version:  20.04
  Kernel version:            5.11.0
  Hardware platform:         x86_64
  Hostname:                  worker1

...

================================================================================

  Lynis 3.0.6

  Auditing, system hardening, and compliance for UNIX-based systems
  (Linux, macOS, BSD, and others)

  2007-2021, CISOfy - https://cisofy.com/lynis/
  Enterprise support available (compliance, plugins, interface and tools)

================================================================================

  [TIP]: Enhance Lynis audits by adding your settings to custom.prf (see /etc/lynis/default.prf for all settings)
Performing a basic security audit with Lynis
Performing a basic security audit with Lynis

Here is an example of using Lynis to perform basic security audit.

Conclusion

On this article we have shown you, how to install and use Lynis, security auditing tools on Ubuntu 20.04 LTS. On this article, we are using Lynis community edition. If you are interested to use Lynis in your environment, you could upgrade to Lynis Enterprise edition. For more information about Lynis can be found on Lynis official web site.

Share this article via :

Leave a Reply

Your email address will not be published. Required fields are marked *