Perform an audit of the selected type
Show varies information details like configuration and paths
Perform activities regarding updating
Upload the available report data file
Lynis is a security auditing tool for Linux, Mac OSX, and UNIX systems.
It checks the system and the software configuration, to see if there is
any room for improvement the security defenses. All details are stored
in a log file. Findings and other discovered data is stored in a report
file. This can be used to compare differences between audits. Lynis can
run interactively or as a cronjob. Root permissions (e.g. sudo) are not
required, however provide more details during the audit.
The following system areas may be checked:
- Boot loader files
- Configuration files
- Software packages
- Directories and files related to logging and auditing
Define the name of the auditor/pen-tester. When a full name is
used, add double quotes, like "Your Name".
--checkall (or -c)
Lynis performs a full check of the system, printing out the re‐
sults of each test to stdout. Additional information will be
saved into a log file (default is /var/log/lynis.log). This op‐
tion invokes scan mode "audit system".
In case the outcome of a scan needs to be automated, use the re‐
Show which settings file or profile is being used, then quit.
Perform automatic scan with cron safe options (no colors, no
questions, no breaks).
Display debug information to screen for troubleshooting pur‐
Display developer information when creating tests.
Show all available parameters.
Defines location and name of log file, instead of default
Do not use colors for messages, warnings and sections.
Redirect all logging information to /dev/null, prevent sensitive
information to be written to disk.
Run a non-privileged scan, usually for penetration testing. Some
of the tests will be skipped if they require root permissions.
Define location where plugins can be found.
Provide alternative profile to perform the scan.
Do a quick scan (don't wait for user input).
Run quietly and do not show anything to the screen. Will also
enable quick mode.
Provide an alternative name for report file.
Optimize screen output for light backgrounds.
Do not run plugins.
Only run the specific test(s). When using multiple tests, add
quotes around the line.
Only perform tests from particular group of tests. Use 'show
groups' to determine valid options.
Upload data to Lynis Enterprise server.
--wait Wait for user to continue. This adds a break after each section
(opposed of --quick).
Run quietly, except warnings.
Multiple parameters are allowed, though some parameters can only
be used together with others. When running Lynis without any pa‐
rameters, help will be shown and the program will exit.
Lynis has special helpers to do certain tasks. This way the framework
of Lynis is used, while at the same time storing most of the function‐
ality in a separated file. This speeds up execution and keeps the code
audit Run audit on the system or on other targets
show Provide details about Lynis
update Run updater utility
To use a helper, run Lynis followed by the helper name.
Lynis uses exit codes to signal any invoking script. Currently the fol‐
lowing codes are used:
0 Program exited normally
1 Fatal error
64 An unknown parameter is used, or incomplete
65 Incorrect data encountered
66 Can't open file or directory
78 Lynis found 1 or more warnings or configurations errors (with