ENNAENNA

Lynis

GPL-3.0

Vulnerability Scanning · Shell

Lynis is an open-source security auditing and hardening tool for Linux, macOS, and BSD systems. It performs hundreds of individual tests covering file permissions, kernel parameters, authentication settings, firewall rules, service configurations, network settings, and installed software against known security baselines. Lynis checks compliance against CIS benchmarks, ISO 27001, PCI DSS, and HIPAA requirements, generating a detailed report with a hardening index score and specific remediation suggestions. Unlike vulnerability scanners that look for known CVEs, Lynis focuses on configuration hygiene — finding weak SSH settings, world-readable files, unpatched software, unnecessary services, and missing security controls. The tool runs entirely locally with no network dependencies, making it suitable for air-gapped environments and systems where agents cannot be installed. With over 15,000 GitHub stars, Lynis is the most widely used open-source system hardening tool, commonly run as part of deployment validation and periodic security reviews.

15.5kstars
1.6kforks
198issues
Updated 2mo ago
+I use this
View on GitHubOfficial Website

Installation

$ brew install lynis

Use Cases

  • System hardening and security baseline auditing
  • Compliance checks against CIS, HIPAA, PCI DSS
  • Post-deployment security validation

Tags

hardeningauditcompliancecis-benchmarkauditingdevopsdevops-toolsgdprhipaalinuxpci-dsssecurity-auditsecurity-hardeningsecurity-scannersecurity-toolssecurity-vulnerabilityshellsystem-hardeningunixvulnerability-assessmentvulnerability-detectionvulnerability-scanners

Details

Category
Vulnerability Scanning
Language
Shell
Repository
CISOfy/lynis
License
GPL-3.0
Platforms
🐧linux🍎macos

Links

GitHub Repository

github.com/CISOfy/lynis

Official Website

cisofy.com/lynis

Releases

github.com/CISOfy/lynis/releases

Issues

github.com/CISOfy/lynis/issues

Sponsored

Your ad here

Reach security professionals and developers - ads@en-na.com

Community Reviews

Alternatives & Comparisons

Vuls

Go

Agentless vulnerability scanner for Linux and FreeBSD with CVE detection.

Compare Lynis vs Vuls

More in Vulnerability Scanning

Nuclei

Go

Fast vulnerability scanner driven by YAML templates. Thousands of community-contributed detection templates.

template-basedcvemisconfig

sqlmap

Python

Automatic SQL injection and database takeover tool. Detects and exploits SQL injection flaws.

sql-injectiondatabaseautomated

WPScan

Ruby

WordPress security scanner. Enumerates plugins, themes, users, and checks for known vulnerabilities.

wordpressplugin-enumcve

OpenVAS

C

Full-featured vulnerability scanner. 50,000+ NVTs, credentialed scanning, compliance checks.

enterprisenvtcompliance

XSStrike

Python

Advanced XSS detection suite. Fuzzing engine, context analysis, and WAF detection/bypass capabilities.

xsswaf-bypassfuzzing

Commix

Python

Automated OS command injection exploitation tool. Tests web apps for command injection vulnerabilities.

command-injectionautomatedweb-app