Linux command
lynis 命令
安全
权限或系统影响较大,执行前请核对目标。
常用示例
Example
sudo lynis update info
Example
sudo lynis audit system
Example
sudo lynis audit system --quick
Example
lynis audit dockerfile [path/to/Dockerfile]
Example
sudo lynis audit system --tests-from-category [networking]
说明
lynis is a security auditing tool for Unix-based systems. It performs an extensive health scan covering system hardening, vulnerability scanning, and compliance testing.
参数
- audit system
- Perform full system security audit.
- audit dockerfile _FILE_
- Audit a Dockerfile for security issues.
- update info
- Check for lynis updates.
- show profiles
- List available audit profiles.
- show settings
- Display current settings.
- show categories
- List available test categories.
- show commands
- Show available lynis commands.
- -c, --cronjob
- Run as cronjob (non-interactive, with auto-rotation of log files)
- -Q, --quick
- Quick mode, do not wait for user input.
- -q, --quiet
- Suppress output to screen. Implies --quick.
- --no-colors
- Disable colored output.
- --pentest
- Non-privileged scan, show points of interest for penetration testing.
- --forensics
- Perform forensics on a running or mounted system.
- --tests _TEST-IDs_
- Only run specific test(s).
- --tests-from-category _CATEGORY_
- Only run tests belonging to the specified category.
- --profile _FILE_
- Use alternative audit profile.
- --logfile _FILE_
- Define alternative log file location.
- --report-file _FILE_
- Define alternative report file location.
FAQ
What is the lynis command used for?
lynis is a security auditing tool for Unix-based systems. It performs an extensive health scan covering system hardening, vulnerability scanning, and compliance testing.
How do I run a basic lynis example?
Run `sudo lynis update info` in a terminal, then adjust file names, paths, flags, or remote targets for your system.
What does audit system do in lynis?
Perform full system security audit.