Lynis is a security auditing tool written in Shell that performs in-depth security scans on UNIX-based systems including Linux, macOS, BSD, and other variants. The tool runs directly on the target system in an agentless manner and requires no installation, making it accessible for quick deployment. Users can execute Lynis by cloning the repository and running the audit command immediately, or install it through various package managers and distribution repositories.
The primary purpose of Lynis is to test security defenses and identify opportunities for system hardening. It scans for vulnerable software packages, configuration issues, and general system information while providing actionable recommendations for improving security posture. The tool serves multiple audiences including system administrators, security auditors, security officers, penetration testers, and security professionals. It has become a standard component in both defensive security operations and offensive penetration testing engagements.
Lynis directly supports compliance testing for major regulatory frameworks including HIPAA, ISO27001, and PCI DSS. Beyond compliance, the tool assists with configuration and asset management, software patch management, system hardening, privilege escalation testing, and intrusion detection. The software emphasizes simplicity, regular updates, and openness, allowing users to understand and modify the codebase according to their needs.
The project maintains active development with mboelen serving as the primary contributor with 419 tracked events. GitGenius data shows the repository has processed 127 issues and pull requests with a median response latency of 128.8 hours, though mean latency extends to 1645.3 hours indicating some items receive delayed attention. The most frequently applied issue labels are bug, no-change, and needs-confirmation, suggesting the project manages a steady stream of bug reports and triage activities. Additional contributors OdinVex and jwadodson each have 13 tracked events.
The repository shows cross-project collaboration patterns, with GitGenius identifying overlapping contributors with microsoft/vscode, microsoft/typescript, and rust-lang/rust, indicating the project draws from a broader open-source security community. Installation flexibility is a key design feature, with Lynis available through RPM and DEB packages maintained by the CISOfy project, distribution-specific repositories, direct tarball downloads, and Git clones. The tool has received significant industry recognition, including placement in ToolsWatch Best Tools rankings across multiple years and recognition in the 2016 Best of Open Source Software Awards.
The project participates in the Linux Foundation's CII best practices badge program, demonstrating commitment to security and quality standards. An enterprise version exists for organizations requiring additional functionality such as web interfaces, dashboards, reporting capabilities, hardening snippets, and commercial support, though the open-source version remains fully functional for security auditing and compliance testing purposes.