explaingit

cisofy/lynis

Analysis updated 2026-06-24

15,644ShellAudience · ops devopsComplexity · 2/5LicenseSetup · easy

TLDR

Shell-based security auditing tool for Linux, macOS, and BSD that scans system configuration and suggests hardening and compliance fixes.

Mindmap

mindmap
  root((lynis))
    Inputs
      Host system
      Profile files
      Custom tests
    Outputs
      Audit report
      Hardening tips
      Compliance summary
    Use Cases
      Audit a server
      Check compliance
      Find weak configs
    Tech Stack
      Shell
      Bash
      Unix
Click or tap to explore — scroll the page freely

Code map

Detail Auto

An interactive map of this repo's files and how they connect — its source is parsed live in your browser. Click Visualize to build it.

filefunction / class

What do people build with it?

USE CASE 1

Run a full security audit on a Linux server with a single command.

USE CASE 2

Check a system against HIPAA, ISO27001, or PCI DSS profiles.

USE CASE 3

Find vulnerable packages and weak service configurations for hardening.

USE CASE 4

Use Lynis in a CI job to score base images before they ship.

What is it built with?

ShellBash

How does it compare?

cisofy/lynisangristan/openvpn-installkaldi-asr/kaldi
Stars15,64415,79315,391
LanguageShellShellShell
Setup difficultyeasymoderatehard
Complexity2/53/55/5
Audienceops devopsops devopsresearcher

Figures from each repo's GitHub metadata at analysis time.

How do you get it running?

Difficulty · easy Time to first run · 5min

Pure shell with no compilation, some checks need root and a full report needs running on the actual host.

GPLv3 lets anyone use, modify, and redistribute Lynis, but derivative works must also be released under GPLv3 with source code available.

In plain English

Lynis is a security auditing tool for Linux, macOS, BSD, and other UNIX-based systems. It runs directly on the machine you want to check, no separate server or agent needed, and performs an in-depth scan of that system's security configuration. The primary goal is to test existing security defenses and provide tips for further hardening, meaning it helps you find weak spots and tells you how to fix them. It also scans for general system information, vulnerable software packages, and potential configuration problems. Beyond general security scanning, Lynis helps with compliance testing against standards like HIPAA, ISO27001, and PCI DSS, frameworks that organizations in healthcare, finance, and other regulated industries must follow. It covers additional use cases including software patch management, penetration testing (specifically privilege escalation testing), and intrusion detection checks. Getting started is straightforward: clone the repository or install a package for your distribution, then run a single command to start a system audit. No compilation is required. Lynis is written in Shell and is licensed under GPLv3. Typical users include system administrators, security auditors, and penetration testers. An enterprise version with a web interface, dashboards, and reporting is also available for organizations that need those features.

Copy-paste prompts

Prompt 1
Walk me through cloning lynis and running a full system audit on an Ubuntu server.
Prompt 2
Help me read a Lynis report and prioritize the top 10 hardening suggestions for a web server.
Prompt 3
Show me how to add a custom Lynis test that checks for a specific config file in /etc.
Prompt 4
Write a GitHub Actions job that runs Lynis against a Docker image and uploads the report as an artifact.
Prompt 5
Explain which Lynis tests map to PCI DSS controls so I can produce evidence for an audit.

Frequently asked questions

What is lynis?

Shell-based security auditing tool for Linux, macOS, and BSD that scans system configuration and suggests hardening and compliance fixes.

What language is lynis written in?

Mainly Shell. The stack also includes Shell, Bash.

What license does lynis use?

GPLv3 lets anyone use, modify, and redistribute Lynis, but derivative works must also be released under GPLv3 with source code available.

How hard is lynis to set up?

Setup difficulty is rated easy, with roughly 5min to a first successful run.

Who is lynis for?

Mainly ops devops.

Open on GitHub → Explain another repo

This repo across BitVibe Labs

Scan in gitsafehub Deploy in gitdeployhub cisofy on gitmyhub

Verify against the repo before relying on details.