How to Install and Use Lynis for Powerful Linux Security Audits

What is Lynis?

Lynis is a lightweight, free, open‑source security audit tool for Unix/Linux systems. It scans for malware, configuration weaknesses, and known vulnerabilities, then produces a detailed report with warnings and recommendations that help administrators implement security policies.

Environment

CentOS 8

Lynis 3.0.0

Installing Lynis

Create a directory for Lynis, download the source archive, extract it, and run the script. All commands must be executed with root privileges.

# mkdir /usr/local/lynis
# cd /usr/local/lynis
# wget https://downloads.cisofy.com/lynis/lynis-3.0.0.tar.gz
# tar xvf lynis-3.0.0.tar.gz
# cd lynis

After extraction, you can display the help information. The tool writes logs to /var/log/lynis.log.

# ./lynis

Running a Full System Audit

Use the audit system option to scan the entire host. The --wait flag pauses after each report section, waiting for the user to press Enter.

# ./lynis audit system
# ./lynis audit system --wait

Targeted Audits by Group

If you only need to audit specific components, list the available test groups and run a subset. For example, to audit the kernel and firewall tests:

# ./lynis show groups
# ./lynis --tests-from-group 'kernel firewalls'

Further Options

For a complete list of command‑line options, consult the built‑in manual page:

# ./lynis --man

Conclusion

Lynis provides a straightforward way to discover malware, misconfigurations, and security gaps on Linux servers. By automating regular audits, administrators can quickly identify issues and apply hardening measures, improving overall system resilience.