Analysis updated 2026-06-24
Run a full security audit on a Linux server with a single command.
Check a system against HIPAA, ISO27001, or PCI DSS profiles.
Find vulnerable packages and weak service configurations for hardening.
Use Lynis in a CI job to score base images before they ship.
| cisofy/lynis | angristan/openvpn-install | kaldi-asr/kaldi | |
|---|---|---|---|
| Stars | 15,644 | 15,793 | 15,391 |
| Language | Shell | Shell | Shell |
| Setup difficulty | easy | moderate | hard |
| Complexity | 2/5 | 3/5 | 5/5 |
| Audience | ops devops | ops devops | researcher |
Figures from each repo's GitHub metadata at analysis time.
Pure shell with no compilation, some checks need root and a full report needs running on the actual host.
Lynis is a security auditing tool for Linux, macOS, BSD, and other UNIX-based systems. It runs directly on the machine you want to check, no separate server or agent needed, and performs an in-depth scan of that system's security configuration. The primary goal is to test existing security defenses and provide tips for further hardening, meaning it helps you find weak spots and tells you how to fix them. It also scans for general system information, vulnerable software packages, and potential configuration problems. Beyond general security scanning, Lynis helps with compliance testing against standards like HIPAA, ISO27001, and PCI DSS, frameworks that organizations in healthcare, finance, and other regulated industries must follow. It covers additional use cases including software patch management, penetration testing (specifically privilege escalation testing), and intrusion detection checks. Getting started is straightforward: clone the repository or install a package for your distribution, then run a single command to start a system audit. No compilation is required. Lynis is written in Shell and is licensed under GPLv3. Typical users include system administrators, security auditors, and penetration testers. An enterprise version with a web interface, dashboards, and reporting is also available for organizations that need those features.
Shell-based security auditing tool for Linux, macOS, and BSD that scans system configuration and suggests hardening and compliance fixes.
Mainly Shell. The stack also includes Shell, Bash.
GPLv3 lets anyone use, modify, and redistribute Lynis, but derivative works must also be released under GPLv3 with source code available.
Setup difficulty is rated easy, with roughly 5min to a first successful run.
Mainly ops devops.
This repo across BitVibe Labs
Verify against the repo before relying on details.