1080*80 ad
Home » Blog » Installing and Configuring Lynis on Ubuntu 20.04

Installing and Configuring Lynis on Ubuntu 20.04

Benhcmark Administrator Benhcmark Administrator
15/08/2025
0 Views 0
Installing and Configuring Lynis on Ubuntu 20.04

Harden Your Ubuntu 22.04/20.04 System: A Guide to Installing and Using Lynis

In today’s digital landscape, proactive server security isn’t just a best practice—it’s a necessity. Manually auditing an Ubuntu system for vulnerabilities, misconfigurations, and potential security gaps can be a daunting and time-consuming task. This is where automated tools become invaluable, and Lynis stands out as a top-tier choice for system administrators and security professionals.

Lynis is a powerful and extensive security auditing tool for Unix-based systems like Linux, macOS, and BSD. Instead of just searching for vulnerabilities, it performs a deep, comprehensive health scan of your entire system. It checks for installed software, configuration errors, and security issues, then provides actionable suggestions for hardening your server.

This guide will walk you through installing, configuring, and effectively using Lynis to significantly improve the security posture of your Ubuntu 22.04 or 20.04 server.

What Makes Lynis an Essential Security Tool?

Before we dive into the installation, it’s important to understand what Lynis does and why it’s so effective. Unlike a simple vulnerability scanner, Lynis:

  • Performs In-depth Audits: It examines everything from the boot loader and kernel to system services, user accounts, networking, cryptography, and installed software.
  • Provides Hardening Guidance: The true power of Lynis lies in its recommendations. After the scan, it provides a list of concrete suggestions to strengthen your system’s defenses.
  • Checks for Compliance: Lynis can assist in compliance testing for standards like ISO27001, PCI-DSS, and HIPAA by identifying control gaps.
  • Is Non-Intrusive: Critically, Lynis is an auditing tool, not an automated fixing tool. It will never change your system’s configuration. It only inspects and reports, giving you full control over implementing its suggestions.

Method 1: Installing Lynis from Ubuntu Repositories (Easy)

The simplest way to get Lynis up and running is by using Ubuntu’s default package manager, apt. This method is fast and reliable, though it may not always provide the absolute latest version of the tool.

  1. Update Your Package List: First, ensure your package index is up-to-date to fetch the latest available software versions.

    sudo apt update

  2. Install Lynis: Now, install the Lynis package.

    sudo apt install lynis

That’s it! Lynis is now installed and ready to use. You can verify the installation by checking its version:

lynis --version

Method 2: Installing Lynis from Source (Recommended for Latest Version)

For access to the very latest features and tests, installing from the official Git repository is the recommended approach. This ensures you are working with the most current version of the tool.

  1. Install Git: If you don’t already have Git installed, add it to your system.

    sudo apt install git

  2. Clone the Lynis Repository: Navigate to a suitable directory (like /usr/local/) and clone the project from GitHub.

    cd /usr/local/
sudo git clone https://github.com/CISOfy/lynis.git

  3. Navigate to the Directory: Move into the newly created lynis directory.

    cd lynis

From here, you can run Lynis directly without any further installation steps. This method also makes updating simple—just run sudo git pull from within the directory to fetch the latest changes.

Performing Your First Security Audit

Running a system audit with Lynis is straightforward. The primary command is lynis audit system. You will need to run it with sudo privileges to allow it to inspect all system files and configurations.

If you installed from source, navigate to the directory first:

cd /usr/local/lynis/
sudo ./lynis audit system

If you installed using apt, you can run it from anywhere:

sudo lynis audit system

The scan will begin immediately. Lynis will pause every few seconds to display what it’s testing, providing real-time feedback. You’ll see color-coded output:

  • Green (OK): The check passed with no issues.
  • Yellow (Suggestion): A recommendation for hardening.
  • Red (Warning): A significant security issue that should be addressed promptly.

Once the scan completes, you’ll be presented with a summary of findings and, most importantly, a list of suggestions.

Understanding the Report and Taking Action

The on-screen output provides a wealth of information, but the real value is in the log files and the final report section.

Key Output Locations:

  • Log File: A detailed log of the entire scan is saved to /var/log/lynis.log.
  • Report Data: A machine-readable report file is stored at /var/log/lynis-report.dat.

The most critical part for a system administrator is the [Suggestions] section at the end of the scan. Each suggestion comes with a test ID (e.g., [AUTH-9228]) and a clear, human-readable recommendation.

Here’s a practical workflow for hardening your system based on the report:

  1. Run the Audit: sudo lynis audit system
  2. Review Suggestions: Carefully read each warning and suggestion provided at the end of the scan.
  3. Research and Implement: Pick one suggestion. For example, if Lynis suggests disabling root login over SSH (PermitRootLogin), you would:
    • Edit the SSH configuration file: sudo nano /etc/ssh/sshd_config
    • Find the line #PermitRootLogin prohibit-password and change it to PermitRootLogin no.
    • Save the file and restart the SSH service: sudo systemctl restart sshd
  4. Re-run the Scan: Run sudo lynis audit system again. You’ll see your “Hardening Index” score increase, and the suggestion you just fixed will no longer appear.

Repeat this process for other suggestions. By methodically addressing each point, you systematically reduce your server’s attack surface.

Automating Lynis Scans with Cron

Security is an ongoing process, not a one-time fix. It’s a great practice to schedule Lynis to run automatically on a regular basis (e.g., weekly) so you can stay on top of new issues. You can do this with a cron job.

  1. Open the crontab editor:

    sudo crontab -e

  2. Add the following line to schedule a scan to run every Sunday at 2:30 AM. This command uses the –cronjob flag, which ensures Lynis runs non-interactively and without special formatting.

    30 2 * * 0 lynis audit system --cronjob

This automated check ensures you have a continuous pulse on your system’s security posture.

By integrating Lynis into your regular security maintenance routine, you empower yourself to identify and remediate weaknesses before they can be exploited. It’s an indispensable tool for anyone serious about maintaining a secure and robust Ubuntu server.

Source: https://kifarunix.com/install-and-setup-lynis-security-auditing-tool-on-ubuntu-20-04/

900*80 ad

Related Articles
      1080*80 ad
      About Hosterdojo

      Hosterdojo reviews server performance, network capabilities, and other related benchmarks. If you are a provider interested in submitting your VPS products, feel free to reach out to me.

      Email: [email protected]
      Telegram Channel: https://t.me/hosterdojo

      Follow

      Useful Link

      Girl in a jacket