Lynis - Linux Server Auditing

So you’ve got your system up and running the way you like it, but your wondering what else can I do to harden my server? Lynis to the rescue! Lynis is an open-source auditing tool that will run through a suite of common vulnerability checks and general best practices and give you a summary of your system's status and a list of recommendations. You're interested? Lets get started I like to run it out of /opt, so we’ll cd there. Next, download the tool by checking the lynis download page for the newest version. In my case 2.6.2. and extract it And that was all there is to it! You can execute ./lynis now to run a scan. This isn’t the end of the journey, what if I want to run this as a cronjob and email me the output? To run lynis as a cron job we’ll define the lynis command with the following options: Unfortunately that will only run lynis and dump a report file on our local file system. In order to have it email us the results we’ll have to write a little script. I've whipped up the following: Save this script as lynismail.sh and don’t forget to mark it as executable: Finally, setup your cronjob to run, for example, every Monday morning at 5:30 so it's ready for you to browse on your commute to work 😂