# cisofy/lynis **Attribution required: if you use, quote, or summarise this content, you must credit and link back to [awesome-repositories.com](https://awesome-repositories.com/repository/cisofy-lynis).** 15,284 stars · 1,574 forks · Shell · gpl-3.0 ## Links - GitHub: https://github.com/CISOfy/lynis - Homepage: https://cisofy.com/lynis/ - awesome-repositories: https://awesome-repositories.com/repository/cisofy-lynis.md ## Topics `auditing` `compliance` `devops` `devops-tools` `gdpr` `hardening` `hipaa` `linux` `pci-dss` `security-audit` `security-hardening` `security-scanner` `security-tools` `security-vulnerability` `shell` `system-hardening` `unix` `vulnerability-assessment` `vulnerability-detection` `vulnerability-scanners` ## Description Lynis is an automated security auditing and system hardening framework designed for UNIX-based operating systems. It functions as a command-line utility that inspects local system configurations to identify security vulnerabilities, configuration weaknesses, and compliance gaps. By executing a series of modular tests, the tool generates actionable reports and remediation suggestions to assist in strengthening system defenses. The project distinguishes itself through a highly modular architecture that relies on shell-script-based execution and native system inspection. Users can define custom audit profiles to standardize security policies across diverse environments, while the plugin-driven extensibility allows for the development of specialized security checks tailored to unique infrastructure requirements. This flexibility enables the tool to operate in non-interactive batch modes, facilitating integration into automated scheduling and continuous monitoring workflows. Beyond core auditing, the framework supports enterprise-wide security management by aggregating data from multiple hosts into centralized reports. It provides capabilities for tracking system integrity, enforcing compliance baselines, and prioritizing hardening tasks based on risk assessments. The system also supports structured data serialization, allowing audit findings to be exported for external analysis and visualization. ## Tags ### Security & Cryptography - [Security Auditing Tools](https://awesome-repositories.com/f/security-cryptography/security-auditing-tools.md) — Functions as a command-line auditing tool that identifies security flaws and compliance gaps through automated testing on UNIX systems. - [Security Testing and Auditing](https://awesome-repositories.com/f/security-cryptography/vulnerability-assessment-testing/security-testing-auditing.md) — Provides an automated framework for scanning and auditing UNIX system configurations to identify security vulnerabilities and compliance gaps. ([source](https://cisofy.com/documentation/lynis/)) - [Automated Security Scanners](https://awesome-repositories.com/f/security-cryptography/vulnerability-assessment-testing/security-testing-auditing/security-testing-tools/reconnaissance-assessment-platforms/automated-security-scanners.md) — Provides an automated security scanner that performs systematic checks on UNIX-based systems to identify vulnerabilities and configuration weaknesses. - [Security and Compliance](https://awesome-repositories.com/f/security-cryptography/governance-policy-frameworks/compliance-governance/security-and-compliance.md) — Aggregates security audit data from multiple remote systems into centralized reports to simplify compliance tracking and analysis. ([source](https://cisofy.com/documentation/lynis/collector/)) - [Infrastructure and System Hardening](https://awesome-repositories.com/f/security-cryptography/security/infrastructure-and-hardware/infrastructure-system-hardening.md) — Implements comprehensive security checks and configuration templates to harden operating systems and infrastructure against unauthorized access. - [Infrastructure Hardening](https://awesome-repositories.com/f/security-cryptography/security/infrastructure-and-hardware/infrastructure-system-hardening/infrastructure-hardening.md) — Strengthens system defenses by prioritizing and implementing security hardening improvements. - [Compliance Enforcement Tools](https://awesome-repositories.com/f/security-cryptography/compliance-enforcement-tools.md) — Compares system configurations against security policies to enforce compliance baselines. ([source](https://cisofy.com/documentation/lynis/)) - [Infrastructure Security Scanners](https://awesome-repositories.com/f/security-cryptography/infrastructure-security-scanners.md) — Evaluates system configurations and infrastructure settings against security best practices to maintain integrity and reduce operational risks. - [Policy Enforcement Engines](https://awesome-repositories.com/f/security-cryptography/policy-enforcement-engines.md) — Evaluates system configurations against custom security standards to identify and remediate policy deviations. ([source](https://cisofy.com/documentation/lynis/enterprise/modules/)) - [Centralized Secrets Management](https://awesome-repositories.com/f/security-cryptography/centralized-secrets-management.md) — Aggregates scan results from multiple hosts into a central location for enterprise-wide reporting and analysis. ([source](https://cisofy.com/documentation/lynis/)) - [Plugin Development Frameworks](https://awesome-repositories.com/f/security-cryptography/compliance-audit-tools/plugin-development-frameworks.md) — Supports extending built-in audit capabilities through custom shell scripts and plugins. - [Security Finding Management](https://awesome-repositories.com/f/security-cryptography/security-finding-management.md) — Tracks security findings and provides actionable plans to resolve identified issues. ([source](https://cisofy.com/documentation/lynis/enterprise/modules/)) ### System Administration & Monitoring - [Operational Task Automation](https://awesome-repositories.com/f/system-administration-monitoring/operational-task-automation.md) — Automates security scans via scheduled tasks to maintain continuous monitoring without requiring manual user interaction. ([source](https://cisofy.com/documentation/lynis/get-started/)) - [Background Task Scheduling](https://awesome-repositories.com/f/system-administration-monitoring/background-task-scheduling.md) — Performs system audits in the background by suppressing interactive prompts to facilitate integration with automated task schedulers. ([source](https://cisofy.com/documentation/lynis/configuration/)) - [Audit Logging Systems](https://awesome-repositories.com/f/system-administration-monitoring/audit-logging-systems.md) — Generates structured audit logs containing test results and remediation suggestions for security hardening. ([source](https://cisofy.com/documentation/lynis/)) - [System Inspection Utilities](https://awesome-repositories.com/f/system-administration-monitoring/system-inspection-utilities.md) — Queries the current state of the local operating system by invoking standard command-line utilities for security auditing. - [File System Monitors](https://awesome-repositories.com/f/system-administration-monitoring/file-system-monitors.md) — Tracks changes to system files and configurations to detect unauthorized modifications and maintain integrity. ([source](https://cisofy.com/documentation/lynis/enterprise/modules/)) - [Environment Information Gatherers](https://awesome-repositories.com/f/system-administration-monitoring/environment-information-gatherers.md) — Gathers hardware details and security logs through authenticated requests to maintain accurate monitoring of system status. ([source](https://cisofy.com/documentation/lynis/enterprise/api/)) - [IT Asset Management](https://awesome-repositories.com/f/system-administration-monitoring/it-asset-management.md) — Enables monitoring and control of security configurations across multiple IT assets through a unified interface. ([source](https://cisofy.com/documentation/lynis/enterprise/modules/)) ### DevOps & Infrastructure - [Security Profiles](https://awesome-repositories.com/f/devops-infrastructure/system-configuration-profiles/security-profiles.md) — Defines audit behavior and security policies through external text files to standardize scan parameters across diverse environments. ### Software Engineering & Architecture - [Plugin-Based Architectures](https://awesome-repositories.com/f/software-engineering-architecture/software-architecture/architectural-patterns/plugin-module-systems/modular-plugin-architectures/plugin-based-architectures.md) — Extends core functionality by dynamically loading external scripts and modules at runtime to perform specialized security assessments. - [Extensible Plugin Architectures](https://awesome-repositories.com/f/software-engineering-architecture/extensible-plugin-architectures.md) — Provides a plugin-driven architecture that allows for the dynamic loading of custom scripts to perform specialized security checks. - [Data Serialization Formats](https://awesome-repositories.com/f/software-engineering-architecture/data-serialization-formats.md) — Converts audit findings into structured, machine-readable formats for centralized reporting and data analysis. - [Modular Architectures](https://awesome-repositories.com/f/software-engineering-architecture/modular-architectures.md) — Organizes security checks into isolated, independent units that can be selectively enabled or disabled based on system requirements. ### Part of an Awesome List - [Security Lab Environments](https://awesome-repositories.com/f/awesome-lists/devops/security-lab-environments.md) — Security auditing and hardening tool for Unix-based systems. - [Security And Hardening](https://awesome-repositories.com/f/awesome-lists/security/security-and-hardening.md) — Security auditing and compliance testing tool. ### Testing & Quality Assurance - [Test Report Aggregators](https://awesome-repositories.com/f/testing-quality-assurance/general-testing-utilities/test-utilities-assertions/coverage-diagnostics-reporting/test-report-aggregators.md) — Aggregates audit reports from multiple hosts to simplify enterprise-wide compliance tracking. ### Data & Databases - [Batch Processing Utilities](https://awesome-repositories.com/f/data-databases/data-processing-pipelines/batch-processing-systems/batch-processing-utilities.md) — Supports a headless execution mode that suppresses prompts for seamless integration into automated scheduling and monitoring workflows. - [Structured Data Exporters](https://awesome-repositories.com/f/data-databases/data-serialization-formats/structured-data-exporters.md) — Serializes audit results into machine-readable formats to facilitate centralized reporting and integration with external analysis platforms. ### Development Tools & Productivity - [Command Line Configuration](https://awesome-repositories.com/f/development-tools-productivity/command-line-configuration.md) — Updates scan parameters through command-line instructions to enable integration with external configuration management systems. ([source](https://cisofy.com/documentation/lynis/configuration/)) - [Task Prioritization](https://awesome-repositories.com/f/development-tools-productivity/task-prioritization.md) — Prioritizes security hardening tasks based on risk assessments and effort to guide remediation. ([source](https://cisofy.com/documentation/lynis/enterprise/modules/)) - [Shell Script Execution Engines](https://awesome-repositories.com/f/development-tools-productivity/shell-script-execution-engines.md) — Operates as a collection of modular shell scripts that execute native commands to validate local system configurations. ### Operating Systems & Systems Programming - [Shells & Scripting](https://awesome-repositories.com/f/operating-systems-systems-programming/terminal-command-line-environments/shells-scripting.md) — Executes independent security checks as discrete shell scripts that interact directly with the host operating system. ### User Interface & Experience - [Automation Extenders](https://awesome-repositories.com/f/user-interface-experience/customizable-workspaces/workflow-extenders/automation-extenders.md) — Integrates custom scripts or plugins to gather additional system information and perform tailored security assessments. ([source](https://cisofy.com/documentation/lynis/))