Lynis Security Auditing Software For Linux, macOS, and UNIX-based Systems

LYNIS Security Auditing
LYNIS Security Auditing

Lynis 3.0.6 Released and Update

Lynis is a free and open source security and auditing software. It runs on Linux, macOS, and other Unix-based systems to performs an in-depth security scan.

Lynis is a security auditing software for systems based on UNIX like Linux, macOS, BSD, and others. It performs an in-depth security scan and runs on the system itself. The primary goal is to test security defenses and provide tips for further system hardening.

It will also scan for general system information, vulnerable software packages, and possible configuration issues. Lynis was commonly used by system administrators and auditors to assess the security defenses of their systems. Besides the “blue team,” nowadays penetration testers also have Lynis in their software kit.

The software should be simple, updated on a regular basis, and open. You should be able to trust, understand, and have the option to change the software. Many agree with us, as the software is being used by thousands every day to protect their systems.


Lynis – Security auditing suite for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.

The main goals are:

  • Automated security auditing
  • Compliance testing (e.g. ISO27001, PCI-DSS, HIPAA)
  • Vulnerability detection

The software (also) assists with:

  • Configuration and asset management
  • Software patch management
  • System hardening
  • Penetration testing (privilege escalation)
  • Intrusion detection


Typical users of the software:

  • Developers: Test that Docker image, or improve the hardening of your deployed web application.
  • System administrators: Run daily health scans to discover new weaknesses.
  • IT auditors: Show colleagues or clients what can be done to improve security.
  • Penetration testers: Discover security weaknesses on systems of your clients, that may eventually result in system compromise.


Shell and basic utilities


Normal user or preferable root permissions

Linus Features

Supported platforms

Lynis supports Operating systems

  • AIX
  • FreeBSD
  • HP-UX
  • Linux
  • macOS
  • NetBSD
  • NixOS
  • OpenBSD
  • Solaris
  • and others

It even runs on systems like the Raspberry Pi, IoT devices, and QNAP storage devices.

Lynis Features

  • In-depth audits by host based scanning
  • Installation is optional
  • Even dependencies are optional
  • All Unix, Linux, BSD and macOS versions
  • Action plans, with priority based hardening strategies
  • Find undiscovered vulnerabilities
  • Compliance testing (PCI, HIPAA, SOx and others)
  • Intrusion detection and monitoring to detect intruders and monitor for configuration issues
  • Continuous auditing, discover changes
  • Layered dashboards (technical and managerial)
  • Reporting and data export
  • User management Different levels of user access
  • Open source software

What’s new in Lynis 3.0.6

  • This is a major release of Lynis and includes several big changes.

Breaking change: Non-interactive by default

Lynis now runs non-interactive by default, to be more in line with the Unix philosophy. So the previously used ‘–quick’ option is now default, and the Lynis will only wait when using the ‘–wait’ option.

Breaking change: Deprecated options

– Option: -c
– Option: –check-update/–info
– Option: –dump-options
– Option: –license-key

Breaking change: Profile options

The format of all profile options are converted (from key:value to key=value).
You may have to update the changes you made in your custom.prf.


An important focus area for this release is on security, and added several measures to further tighten any possible misuse.


  • DevOps, Cyber Forensics, and pentesting mode
  • This release adds initial support to allow defining a specialized type of audit.
  • Using the relevant options, the scan will change base on the intended goal.



Clone or download the project files (no compilation nor installation is required) ;

git clone


cd lynis; ./lynis audit system

If you want to run the software as root, we suggest changing the ownership of the files. Use chown -R 0:0 to recursively alter the owner and group and set it to user ID 0 (root).

Software Package

For sytems running Linux, BSD, and macOS, there is typically a package available. This is the preferred method of obtaining Lynis, as it is quick to install and easy to update. The Lynis project itself also provides packages in RPM or DEB format suitable for systems systems running: CentOS, Debian, Fedora, OEL, openSUSE, RHEL, Ubuntu, and others.

Download Lynis

Join Our Club

Enter your Email address to receive notifications | Join over Million Followers

Leave a Reply
Previous Article

Microsoft Defender ATP For Linux Available

Next Article

How Pandemic Has Changed Work And Security Trends At Workplace

Related Posts