Install Lynis on Ubuntu 20.04

Install Lynis on Ubuntu 20.04

Lynis is a command line tool for security auditing, vulnerability detection, system hardening, and more. This tool scans the system to find configuration mistakes, vulnerable packages, insecure services, wrong filesystem permissions and other security issues.

This tutorial explains how to install Lynis on Ubuntu 20.04.

Install Lynis

Download GPG key:

sudo wget -qO /etc/apt/trusted.gpg.d/cisofy-key.asc

Configure APT package manager to skip downloading translations:

echo 'Acquire::Languages "none";' | sudo tee /etc/apt/apt.conf.d/99disable-translations

Add the Lynis repository:

echo "deb stable main" | sudo tee /etc/apt/sources.list.d/cisofy-lynis.list

Next, update the package lists:

sudo apt update

Run the following command to install Lynis:

sudo apt install -y lynis

When installation is completed, we can check Lynis version:

sudo lynis --version

Testing Lynis

Run the lynis command to perform security audit:

sudo lynis audit system

An example of audit report:


[+] Boot and services
  - Service Manager                                           [ systemd ]
  - Checking UEFI boot                                        [ DISABLED ]
  - Checking presence GRUB2                                   [ FOUND ]
    - Checking for password protection                        [ NONE ]
  - Check running services (systemctl)                        [ DONE ]

[+] File systems
  - Checking mount points
    - Checking /home mount point                              [ SUGGESTION ]
    - Checking /tmp mount point                               [ SUGGESTION ]
    - Checking /var mount point                               [ SUGGESTION ]

Uninstall Lynis

If you want to completely remove Lynis, execute the following command:

sudo apt purge --autoremove -y lynis

Remove GPG key, repository and APT config file:

sudo rm -rf /etc/apt/trusted.gpg.d/cisofy-key.asc
sudo rm -rf /etc/apt/sources.list.d/cisofy-lynis.list
sudo rm -rf /etc/apt/apt.conf.d/99disable-translations

Remove logs:

sudo rm -rf /var/log/lynis*

Leave a Comment

Cancel reply

Your email address will not be published.