Lynis is a battle-tested security auditing tool for Linux systems. It performs in-depth inspections of your server configuration and provides prioritised hardening recommendations. This guide installs and runs Lynis on Ubuntu 24.04 LTS.
Tested and valid on:
- Ubuntu 24.04 LTS
Prerequisites
- Ubuntu 24.04 LTS server
- A user with sudo privileges
Step 1 – Install Lynis
Install from the Ubuntu repositories:
sudo apt update
sudo apt install lynis -yStep 2 – Update Lynis
Ensure you have the latest version:
sudo lynis update infoStep 3 – Run a Full System Audit
Perform a complete audit of the system:
sudo lynis audit systemThe audit takes 2–5 minutes and produces a detailed report.
Step 4 – Review the Hardening Index
Lynis reports a Hardening Index (0–100) at the end of the scan. A score of 70+ is considered acceptable for production systems.
Step 5 – View Warnings and Suggestions
Filter the report for actionable items:
sudo grep -E 'WARNING|SUGGESTION' /var/log/lynis.log | head -40Step 6 – View the Full Report
Read the complete audit log:
sudo cat /var/log/lynis-report.dat | head -100Step 7 – Schedule Regular Audits
Run weekly audits with cron:
echo '0 2 * * 0 root /usr/bin/lynis audit system --quiet --logfile /var/log/lynis-weekly.log' | sudo tee /etc/cron.d/lynisConclusion
Lynis has audited your Ubuntu 24.04 LTS server. Address the highest-priority warnings first and re-run the audit after each fix to track your improvement over time.
