run a safety audit on AlmaLinux with Lynis

Simply since you use Linux, does not imply you should not take safety precautions. Jack Wallen exhibits you the best way to run a safety audit on AlmaLinux with Lynis.

computer with operating system linux
Picture: mtmmarek/Adobe Inventory

Should you administer Linux servers, you realize that malicious code and vulnerabilities can discover their approach onto the system. This could possibly be from an assault, from a person saving an contaminated file, from a malicious payload in a susceptible package deal or a misconfigured service. Though discovering out how the malicious code made it onto your system is necessary, the quick concern is detecting and mitigating it.

SEE: 40+ open supply and Linux phrases it’s good to know (TechRepublic Premium)

And, sure, despite the fact that you’re utilizing Linux, it is a process it’s good to know the best way to deal with. One such path to success is utilizing the Lynis auditing scanner. For individuals who’ve been round for some time, you may bear in mind Lynis because it was beforehand dubbed–rkhunter.

However Lynis is greater than only a rootkit detector, because it makes it doable to run detailed auditing of your Linux servers (and desktops) for quite a few safety points in addition to misconfigurations.

See also  Put together for AIOps by making ready your knowledge

I need to stroll you thru the method of putting in Lynis and working a scan on AlmaLinux.

What you’ll want

To get Lynis put in and dealing, you’ll want a working occasion of AlmaLinux and a person with sudo privileges. That’s it, let’s get to scanning.

set up Lynis

The very first thing we’ll do is set up the required dependencies. Log into your server and concern the command:

sudo dnf set up ca-certificates curl nss openssl -y

As soon as that completes, we’ll create a brand new repository with the command:

sudo nano /and so forth/yum.repos.d/cisofy-lynis.repo

In that file, paste the next:


identify=CISOfy Software program - Lynis package deal






Save and shut the file.

Set up Lynis with the command:

sudo dnf set up lynis -y

The set up ought to go off and not using a hitch.

scan with Lynis

We will now run a safety audit on our AlmaLinux machine with the command:

See also  Lenovo: Most CIOs immediately see their position as vital to their group's success

sudo lynis audit system

The scan will take a while (relying on the velocity of your {hardware} and the variety of packages put in). You see loads of output move by (Determine A).

Determine A

The output of the Lynis system audit.
The output of the Lynis system audit.

You possibly can sit again and watch the output, because the scan shouldn’t take greater than 2 to five minutes. In addition to, you’ll most likely need to watch the “magic” occur. If within the output you see something purple, that’s an issue that you just’ll most probably have to resolve. In the long run, like me, you may discover that Lynis has detected the server missing a malware scanner (Determine B).

Determine B

Lynis has audited the system and one big issue is the lack of a malware scanner.
Lynis has audited the system and one massive concern is the dearth of a malware scanner.

You possibly can scroll by the output of the scan (in case your terminal window permits), or you may re-run the scan and ship the output to a file for later viewing. To try this, concern the command:

sudo lynis audit system > audit_results

The one downfall of viewing the above file is that the dearth of formatting could make it onerous to learn. Thankfully, there’s a greater approach.

add a Lynis cron job

You may also need to create a cron job to run the Lynis scanner day by day. Create a brand new day by day script with the command:

See also  Wordplay AI Content Generator is redefining content marketing.

sudo nano /and so forth/ by day/lynis

In that script paste the next:



set -u

DATE=$(date +%Ypercentmpercentd)






# Run Lynis

lynis audit system --cronjob > $REPORT


# Elective step: Transfer report file if it exists

if [ -f /var/log/lynis-report.dat ]; then

mv /var/log/lynis-report.dat $DATA


# The Finish

Save and shut the file. Ensure to create the log listing with:

sudo mkdir /var/log/lynis

The brand new cron job will now run with the day by day jobs and can report its findings in /var/log/lynis.

And that’s all there’s to working a safety audit on AlmaLinux, with the assistance of Lynis. Add this to your day by day cron job after which make a behavior of checking the log file each morning.

Subscribe to TechRepublic’s How To Make Tech Work on YouTube for all the newest tech recommendation for enterprise professionals from Jack Wallen.

Leave a Reply