cisofy/lynis

Lynis is a security auditing tool for Linux, macOS, BSD, and other UNIX-based systems. It runs directly on the machine you want to check, no separate server or agent needed, and performs an in-depth scan of that system's security configuration. The primary goal is to test existing security defenses and provide tips for further hardening, meaning it helps you find weak spots and tells you how to fix them. It also scans for general system information, vulnerable software packages, and potential configuration problems. Beyond general security scanning, Lynis helps with compliance testing against standards like HIPAA, ISO27001, and PCI DSS, frameworks that organizations in healthcare, finance, and other regulated industries must follow. It covers additional use cases including software patch management, penetration testing (specifically privilege escalation testing), and intrusion detection checks. Getting started is straightforward: clone the repository or install a package for your distribution, then run a single command to start a system audit. No compilation is required. Lynis is written in Shell and is licensed under GPLv3. Typical users include system administrators, security auditors, and penetration testers. An enterprise version with a web interface, dashboards, and reporting is also available for organizations that need those features.