Awesome Linux Tools: Lynis from CISOfy

I just heard about this tool on the enterprise linux security podcast, and man this looks like a awesome tool I wish I knew about earlier.
I'll be running it on my servers as a way of double checking my work, you can never be too sure.

well this just brought up a million questions, hope you have the million videos to answer these questions, some I'm sure I can find like how to enable secure boot, but all those [unsafe] in Systemd may be a little more difficult to solve, maybe not and tons of other things , well I guess I found something to both learn and keep me busy.
I got a 64 on Ubuntu 21.10, we'll see if I can raise that
Ok well I don't need to worry about secure boot, and maybe this isn't as hard or as bad as I thought. I would think 64 is a low score, but what do I know, lol

Score 82 on Fedora

Would be great if there was a dektop version as many recommendations for server would not apply to normal desktop users.

is there any automated script that will.... just do what lyns is showing to do? ;)

Lynis tech tips?

What about locking down SSH in Proxmox? I've been reading that it's not recommended because it performs several functions through SSH, like backups for example. What is your recommendation? Thanks

OS: Debian 10 Buster

Lynis security scan details:

Hardening index : 61 [############ ]
Tests performed : 248
Plugins enabled : 1

Components:
- Firewall [V]
- Malware scanner [V]

Lynis Modules:
- Compliance Status [?]
- Security Audit [V]
- Vulnerability Scan [V]

My hardening index is already growing just watching this.

I thought Linux was safe by default? Now I need the same kind of tool that I need on Windows? Seriously?

"Linis" in the Philippine language called Tagalog, means "clean" :)

Hello Jay,
Can you make a video on Amavis ?
I hope it would be really helpful.

Hi jay how did you get a domain name for your linode server ??

Much better than just getting CVS numbers from nmap .
I increased my home server’s rating 10 points in 15 minutes . More hardening will take some research and time.
I don’t know how much of a real difference it makes but every little bit helps .

Thank you for this video. I am trying it now.

I ran it on my AlmaLinux (Electric Cheetah) and got a score of 67 pretty impressive consider I have not done much to secure it. This server is really only a test server to check out new apps like this i do have a malware scanner running its the one you did a video on a while back. I have been using and or playing with Linux since 2007 but never went to deeply into really learning it like I should for work. Most of my distros have been Red-hat based linux.

What is the difference of Lynis to tiger?

Super introduction! Have you tried it on a TrueNAS Scale host? If not, would you care to in the future? I'm unfortunately not knowledgeable to be sure if I tried myself.

Any partir reason why you use sudo su instead of sudo -i?

On open SUSE Leap 15.3 hardening index 94, but after a fresh install, it is 69.

Great tool I will definitely try it later. But, I think what is missing here is the other half of the equation, now that I've identified the issues what tools do I use to resolved them.
I don' think installing manually all the suggestion would be fine. Therefore, what tool can we use to complement Lynis?.
Thanks in advance.

👍👍👍👍👍THANK You Jay!!!
Great tool. Will get it on my Linux "Desktop". Should be a great place to start hardening my systems.
Might hv 1 or 2 lab servers to harden, they are seldom power-up.
Glad tt I hv subscribed to your channel.
Once again, thank you.

Thanks Jay... I got a 64 on my Ubuntu server and 62 on my EndeavourOS desktop,,, :)
LLAP

Ha ha, my debian sid machine gets 90 updates a week, it's impossible to keep it up to date. (It's our experimental, on-prem minecraft-only server, so no big deal.)

Lynis Tech Tips

64 on debian

I ran it a few weeks ago on my Arch install and got a 65 score.

Thanks for sharing, 62 on Manjaro PC

I have the most secure server, it's 100% offline :)

Another tool I wasn't familiar with. Security isn't my job, but it's always been an interest for me, but with limited time to learn much. I can see I'll be spending my holidays learning about what I need to do to lock down my boxes. :)

66 on my CentOS web server. Nice suggestion!

Useful video. I scored 65 on an Ubuntu 21.10 Desktop. What amazed me is, that more than half the systemd services are considered: unsafe. And the lynis.service is considered very unsafe with a 9.6 out of 10 score in systemd-analyze security. The best systemd services are medium safe with a score of 6.x.

Thanks for the video! Keep up the great work!

66 on an Arch desktop. Love the tool. Thanks, Jay

nice. thanks