July 19, 2008
The first step to higher security of your system is to assess the current state of the system. Lynis is a small command line tool, licensed under GPL 3, which can help you achieving this. From the authors homepage:
Lynis is an auditing tool for Unix (specialists). It scans the system and available software, to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes.
This software aims in assisting automated auditing, software patch management, vulnerability and malware scanning of Unix based systems. It can be run without prior installation, so inclusion on read only storage is no problem (USB stick, cd/dvd).
He also clearly states what Lynis is not:
Not a hardening tool: Lynis does not fix things automatically, it reports only (and makes suggestions).
More to the technicial stuff: The basis of the program are shell scripts which scan the operating system and installed software (e.g. old software) but also stuff like SSL certificates (e.g. expire date). The software checks for accounts without password or wrong file permissions and it takes also a look at your local firewall. It runs under many Linux and Unix versions including Debian and Ubuntu.