Scan Your System For Vulnerabilities With Lynis


Install Lynis and use it to scan for vulnerabilities.


Lynis is available for most major distributions.


A working Linux install with root privileges.




  • # – requires given linux commands to be executed with root privileges either directly as a root user or by use of sudo command
  • $ – requires given linux commands to be executed as a regular non-privileged user


Lynis is a tool for performing an automated audit of your system. It’s not a virus scanner or an antivirus. Instead, it checks certain criteria on your system to see how it’s configured. By evaluating the system configuration, Lynis can give you an idea what areas are reasonably secure, and which ones need additional hardening.

Install Lynis

Lynis is packaged for just about every distribution. It’s fairly simple to get installed.

Ubuntu 17.10/Debian Testing and Sid

Ubuntu Artful and the testing releases of Debian have the latest version already available. Just install it.

$ sudo apt install lynis

Ubuntu 16.04/Debian Stable

Debian Stable and Ubuntu 16.04 both have Lynis in their repositories, but it’s old. To install the latest version, add the repository from the Lynis developers.

$ sudo apt-key adv --keyserver --recv-keys C80E383C3DE9F082E01391A0366C67DE91CA5D5F

Add Apt transport over HTTPS.

$ sudo apt install apt-transport-https

Create a file at /etc/apt/sources.list.d/lynis.list. Add in he following line.

Ubuntu 16.04

deb xenial main

Debian Stretch

deb stretch main

Then, update and install Lynis.

$ sudo apt update
$ sudo apt install lynis

CentOS/RHEL and Fedora

First, install all of the dependencies.

# yum/dnf install ca-certificates curl nss openssl

Next, create a file at /etc/yum.repos.d/lynis.repo. Place the following configuration in the file.

name=CISOfy Software - Lynis package

Update and install Lynis.

# yum/dnf update
# yum/dnf install lynis


Scanning with Lynis is very simple. You really just tell Lynis to audit the system, and it runs with it.

# lynis audit system

Lynis will run through and scan your system. As it runs, it prints its results in the terminal. For a more detailed scan, you can tell Lynis to check the entire system with the -c flag.

# lynis audit system -c

The Report

Lynis Scan Results

The report that Lynis generates might be a little confusing at first. The entire report is broken down into sections. The sections break down potential vulnerabilities by service or logical grouping to make the report easier to read.

Next, the results use a color code from green to red to denote the severity of the issue. The results will also tell you the basic status of different things. The results are usually basic, and let you know if something is present or on.

Ultimately, it’s up to you to determine whether the results of the report concern you or not. The purpose is to make you aware of potential issues. It’s your call on whether or not to act.

Comments and Discussions
Linux Forum