Lynis is an open source security auditing and system hardening tool for Linux, macOS, and Unix-based systems. It performs comprehensive health scans to assess system security, detect vulnerabilities, and validate compliance with standards such as PCI-DSS, HIPAA, and ISO27001. Lynis runs directly on the target system, executing hundreds of modular tests that evaluate configuration, software patch status, file integrity, and system hardening measures. The tool generates detailed reports and logs, offering actionable recommendations for remediation and ongoing security improvement. Its extensible architecture supports custom tests and plugins, making it suitable for system administrators, security professionals, auditors, and DevOps teams seeking to automate security assessments and maintain a proactive security posture.

Key Features

Automated Security Auditing Comprehensive system assessment.

• Runs 300+ built-in tests covering configuration, software, and security controls.
• Dynamic OS detection and extensive software support.

Vulnerability and Compliance Checks Identify risks and validate standards.

• Detects known vulnerabilities, outdated software, and configuration weaknesses.
• Checks compliance with standards (PCI-DSS, HIPAA, ISO27001, SOx).

System Hardening Recommendations Actionable guidance for improvement.

• Evaluates hardening status and provides prioritized suggestions.
• Calculates a hardening index to track progress.

File Integrity and Malware Scanning Detect unauthorized changes.

• Monitors for unexpected file changes and access patterns.
• Performs basic rootkit and malware checks.

Detailed Reporting and Logging Track and compare results.

• Generates on-screen reports, detailed logs, and persistent report files for historical comparison.
• Highlights warnings, suggestions, and threat/impact scores.

Extensible and Customizable Adapt to your environment.

• Supports custom tests and plugins for specialized checks.
• Modular test structure allows tuning and selective execution.

Benefits

Proactive Security Posture Move from reactive to proactive defense.

• Early detection of misconfigurations and vulnerabilities reduces risk.
• Regular audits help maintain compliance and security hygiene.

Operational Efficiency Automate and streamline security checks.

• Saves time for system administrators and security teams by automating routine assessments.
• Centralizes findings and recommendations for easier remediation.

Flexibility and Transparency Open, extensible, and easy to use.

• Open source, shell script-based, and no dependencies for easy deployment and review.
• Customizable to fit unique organizational requirements.