Login or Register to Ask a Question and Join Our Community

Linux and UNIX Man Pages

Linux & Unix Commands - Search Man Pages

lynis(8) [debian man page]

Lynis(8)						Unix System Administrator's Manual						  Lynis(8)

NAME

	Lynis - Run an system and security audit on the system

SYNOPSIS

       lynis --check-all(-c) [other options]

DESCRIPTION

       Lynis is an auditing tool for Unix (specialists). It checks the system and software configuration and logs all the found information into a
       log file for debugging purposes, and in a report file suitable to create fancy looking auditing reports.  Lynis can be run as a cronjob, or
       from the command line. It needs to have full access to the system, so running it as root (or with sudo rights) is required.

       The following system areas may be checked:

	      - Boot loader files

	      - Configuration files

	      - Common files by software packages

	      - Directories and files related to logging and auditing

OPTIONS

       --auditor <full name>
	      Define the name of the auditor/pen-tester. When a full name is used, add double quotes, like "Michael Boelen".

       --checkall (or -c)
	      Lynis  performs  a  full	check of the system, printing out the results of each test to stdout. Additional information will be saved
	      into a log file (default is /var/log/lynis.log).

	      In case the outcome of a scan needs to be automated, use the report file.

       --check-update (or --info)
	      Show program, database and update information

       --cronjob
	      Perform automatic scan with cron safe options (no colors, no questions, no breaks).

       --no-colors
	      Do not use colors for messages, warnings and sections.

       --no-log
	      Redirect all logging information to /dev/null, prevent sensitive information to be written to disk.

       --quick (-Q)
	      Do a quick scan (don't wait for user input)

       --quiet (-q)
	      Try to run as silent as possible, showing only warnings. This option activates --quick as well.

       --reverse-colors
	      Optimize screen output for light backgrounds.

       --tests TEST-IDs
	      Only run the specific test(s). When using multiple tests, add quotes around the line.

	      Multiple parameters are allowed, though some parameters can only be used together with others. When running Lynis without any param-
	      eters, help will be shown and the program will exit.

BUGS

       There are no known bugs. Bugs can be reported directly to author.

LICENSING

       Lynis is licensed under the GPL v3 license and under development by Michael Boelen.

CONTACT INFORMATION

       Project related questions and comments should be asked via http://www.rootkit.nl/contact/.

1.08								 15 December 2009							  Lynis(8)

Check Out this Related Man Page

AUDIT(8)						    BSD System Manager's Manual 						  AUDIT(8)

NAME

     audit -- audit management utility

SYNOPSIS

     audit -e | -i | -n | -s | -t

DESCRIPTION

     The audit utility controls the state of the audit system.	One of the following flags is required as an argument to audit:

     -e      Forces the audit system to immediately remove audit log files that meet the expiration criteria specified in the audit control file
	     without doing a log rotation.

     -i      Initializes and starts auditing.  This option is currently for Mac OS X only and requires auditd(8) to be configured to run under
	     launchd(8).

     -n      Forces the audit system to close the existing audit log file and rotate to a new log file in a location specified in the audit con-
	     trol file.  Also, audit log files that meet the expiration criteria specified in the audit control file will be removed.

     -s      Specifies that the audit system should [re]synchronize its configuration from the audit control file.  A new log file will be cre-
	     ated.

     -t      Specifies that the audit system should terminate.	Log files are closed and renamed to indicate the time of the shutdown.

NOTES

     The auditd(8) daemon must already be running.  Optionally, it can be configured to be started on-demand by launchd(8) (Mac OS X only).  The
     audit utility requires audit administrator privileges for successful operation.

FILES

     /etc/security/audit_control  Audit policy file used to configure the auditing system.

SEE ALSO

     audit(4), audit_control(5), auditd(8), launchd(8)

HISTORY

     The OpenBSM implementation was created by McAfee Research, the security division of McAfee Inc., under contract to Apple Computer Inc. in
     2004.  It was subsequently adopted by the TrustedBSD Project as the foundation for the OpenBSM distribution.

AUTHORS

     This software was created by McAfee Research, the security research division of McAfee, Inc., under contract to Apple Computer Inc.  Addi-
     tional authors include Wayne Salamon, Robert Watson, and SPARTA Inc.

     The Basic Security Module (BSM) interface to audit records and audit event stream format were defined by Sun Microsystems.

BSD
								 January 29, 2009							       BSD
Man Page