How to Install and Use Lynis for Automated Linux Security Audits

What is Lynis?

Lynis is a free, open‑source security auditing tool for Unix/Linux systems. It scans for malware, configuration weaknesses, and known vulnerabilities, then generates a report with warnings and recommendations that can be used to improve a server’s security posture.

Installation

Create a directory for Lynis, download the latest source archive, extract it, and prepare to run the tool.

mkdir /usr/local/lynis
cd /usr/local/lynis
wget https://downloads.cisofy.com/lynis/lynis-3.0.0.tar.gz

Extract the archive and enter the extracted folder:

tar xvf lynis-3.0.0.tar.gz
cd lynis

Run the script to see the help message; all logs are stored in /var/log/lynis.log:

./lynis

Running a Full System Audit

Use the audit system command to scan the entire host. The --wait flag pauses after each report section.

./lynis audit system
# or
./lynis audit system --wait

Auditing Specific Test Groups

You can list available groups and run tests from a chosen group, such as “kernel firewalls”.

./lynis show groups
./lynis --tests-from-group "kernel firewalls"

Viewing All Options

For a complete list of commands and flags, consult the manual page:

./lynis --man

Conclusion

Lynis provides a lightweight, non‑intrusive way to perform automated security audits on Linux servers, helping administrators identify and remediate vulnerabilities without affecting running services.