SECURITY AUDITING TOOL FOR LINUX, MACOS, AND UNIX BASED SYSTEMS

INTRODUCTION

Lynis is a security auditing tool for Linux, macOS, and UNIX-based systems, mostly used by system administrators & security auditors. Security audit has always been tough job when done manually, as systems are gone through compliance like HIPAA/ISO27001/PCI DSS. As commented by ethical hacking researcher of International Institute of Cyber Security, this tool automates audit job to some extent. This tool can also be used for security scanning the system files and for system hardening. After completing the automated scan, it reports about the audit score.

LYNIS GOALS

• Automated Security Auditing: When a test is performed manually it is very time consuming, this tool automatically check most of the compliance’s.
• Compliance Testing: It is used to validate or to check whether the test meets the organization’s given standards or not, which is a part of conformances testing. It covers audit guidelines of following compliance:
  • Compliance ISO 27001: It covers policies & procedures of organization information risk management processes.
  • Compliance PCI DSS: Payment Card Industry, Data Security Standard – Developed for cardholder data security industry. Most of the banks use PCI DSS to maintain security compliance.
  • Compliance HIPAA: The Health Insurance Portability and Accountability. This used for maintaining secure data of Health and human services.
• Vulnerability detection: Vulnerability detection means it identifies the weakness in the system

continue reading