Agentless security auditing tool for Linux, macOS, and Unix-based systems with compliance checks
- Stars15.8k
- Forks1.6k
- Open Issues213
GPL-3.0
- Shell
- Roff
- Ruby
About Lynis
Lynis is a security auditing tool for UNIX-like systems including Linux, macOS, and BSD. It runs directly on the host, inspecting security defenses, system information, installed packages, and configuration, then reports concrete tips for further hardening.
Audits are automated and cover compliance testing for ISO 27001, PCI-DSS, and HIPAA, plus vulnerability detection. It also supports configuration and asset management, patch management, intrusion detection, and privilege-escalation checks, giving a broad picture of a system's exposure in one pass.
It is agentless and needs no compilation, running straight from its files via a single command, which makes it easy to drop onto servers or into CI. Output and findings stay local, and the tool is open under the GPLv3.
Key features
- In-depth security scans on the local system
- Compliance testing for ISO27001, PCI-DSS, and HIPAA
- Finds vulnerable packages and configuration issues
- Supports hardening, patch management, and intrusion detection
- Can run from project files without installation
Details
- On GitHub since
- 2013
- Platforms
- Linux · macOS · BSD · CLI
- Deployment
- self-hostable · offline-first
- License
- GPLv3
- Self-hosting
- Runs on the system being audited
- Packaging
- RPM · DEB