Hardening you Linux and BSD based systems is an important job. Lynis can help you with this! I use Ubuntu 16.04 on my workstation and server, so I you use another on Linux, BSD or macOS based system, you maybe have to change some instructions.
Lynis is an open source security and hardening tool for system administrators, auditors and researchers. With integrated compliance testing for, for example, HIPAA, ISO27001 and PCI DSS, Lynis makes a great tool for compliance auditors. Especially when you combine this with Lynis Enterprise for reporting, monitoring and tips for a complaint and secure systems. Lynis can run on most GNU/Linux and BSD based operating systems. It is completely written in shell and it is GPLv3 licensed.
First thing, I like my device to be up to date.
sudo apt update sudo apt upgrade
In some cases you have to install the APT over HTTPS transport package.
sudo apt install apt-transport-https
Then, we add the key we need for the packages of Lynis.
sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys C80E383C3DE9F082E01391A0366C67DE91CA5D5F
Then, we add the right APT repository.
echo "deb https://packages.cisofy.com/community/lynis/deb/ xenial main" > /etc/apt/sources.list.d/cisofy-lynis.list
And last but not least, install Lynis!
sudo apt update sudo apt install lynis
Now it is time to run our first audit of our machine!
sudo lynis audit system
And there we have some results! It looks like I have some work to do to get a better score.
Later more on Lynis. Then we handle the hardening tip’s it gives us.
For more in formation you can take a look on the website: https://cisofy.com/lynis/
Lynis is an open source project and you can find the code on Github: https://github.com/CISOfy/lynis