How to Install Lynis on Ubuntu 16.04

By Hitesh Jethva, Alibaba Cloud Tech Share Author. Tech Share is Alibaba Cloud’s incentive program to encourage the sharing of technical knowledge and best practices within the cloud community.

Lynis is a free and open source host-based auditing tool for unix like operating system that can be used to scan the entire systems installed and available software information, security information, user accounts without password, wrong file permissions, firewall auditing, etc. Lynis is one of the most powerful and useful tool for auditors, network and system administrators and penetration testers. You can easily test, scan and detect the vulnerability in linux-based systems using Lynis. Lynis does not harden your system automatically. But it will suggestions and security related warning to increase the security of the system. Lynis supports many Operating Systems, such as AIX, Ubuntu, Centos, FreeBSD, Debian, Fedora, Gentoo, kali, NetBSD, RHEL, OpenBSD, OpenSolaris, TrueOS and many more. You can audit MySQL, Oracle, PostgreSQL, Apache, Nginx, and NTP using Lynis. Lynis works by detecting operating system, search for available tools, check for Lynis update, then run tests from available plugins and reports the status of security scan.

In this tutorial, we will be installing and configuring Lynis on an Alibaba Cloud Elastic Compute Service (ECS) Ubuntu 16.04 server.


  • A fresh Alibaba Cloud Ubuntu 16.04 instance.
  • A root password is set up to your instance.

Launch Alibaba Cloud ECS Instance

First, Login to your Alibaba Cloud ECS Console. Create a new ECS instance, choosing Ubuntu 16.04 as the operating system with at least 2GB RAM. Connect to your ECS instance and log in as the root user.

Once you are logged into your Ubuntu 16.04 instance, run the following command to update your base system with the latest available packages.

Install Lynis

By default, the latest version of Lynis is not available in the Ubuntu 16.04 default repository. So, you will need to add the Lynis’s software repository to your system.

First, enable the HTTPS support for the package manager by running the following command:

Next, install the public key for Lynis repository with the following command:


Next, add the Lynis repository with the following command:

Next, update the repository and install Lynis with the following command:

Working with Lynis

First, run the lynis without any option. It will provides the list of available parameters as shown below:


You can run the following command to list all the command available with lynis:


Now, scan your entire Linux system by running the following command:

You should see the following output:

The above command will write the scanning result in the /var/log/lynis.log file. You can see the scanning result later by running the following command:

Run Lynis with Groups

Running “lynis audit system” command generates lot’s of output. You can also scan linux system by groups to scan and harden the specific service. You can list all the groups with the following command:


Now, run the following command to scan SSH service:

You should see the following output:

Update Lynis

You can also update or upgrade Lynis version by running the following command:


You can also run the following command to check the Lynis update:


Congratulations! You have successfully installed Lynis on Ubuntu 16.04 server. I hope you can now easily figure out security issues in your Linux system.

Original Source

Follow me to keep abreast with the latest technology news, industry insights, and developer trends.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store