Lynis Enterprise Modules

Documentation and tips about the modules within Lynis Enterprise

This is the supporting documentation for Lynis Enterprise, with focus on the Lynis Control Panel and related modules. For the installation of Lynis there is the Installation Guide available.

Other subjects

Lynis control panel   Lynis Control Panel
configuration   Configuration
reporting   Reporting
systems   Systems

Part I: Lynis Control Panel


1. Installation

Lynis Enterprise is a flexible software solution which can be used online as Software-as-a-Service (SaaS) or self-hosted within your network. When using the SaaS based solution, you can skip this section.

The installation is covered in the Lynis Enterprise Self-Hosted Guide


Overview

The Control Panel is the central component of the Lynis Enterprise solution. It allows you to centrally manage, control and report about your IT environment.


Lynis Enterprise overview
BackgroundPresentationTextData collectionLynis CollectorLynis Enterprise ArchitectureData CollectionPresentation layerControl PanelPluginsClientLynisSoftwareMetricsDataFirewallProcessesAdviceSnippetsReportingManagementNetworkingIntrusionSystem Integrity


Control Panel Usage

The Control Panel is web based and accessible on most devices with a modern web browser. For devices with a smaller screen, the interface will scale or adjust where needed.


Help & Documentation

At most pages of the website the help and documentation icon will link you to the appropriate section in this document.

In case this documentation, or the Lynis Installation Guide does not provide an answer, please contact our support team.


Searching

When you want to perform a search, use the search icon to access the search. The search can be used to find different elements, like tags.

Accounts

Account Roles

The Control Panel has support for several account types. Each role defines what a user can do.

Examples
  • Dashboard
  • Normal user
  • Administrator
  • Read-only

Account Permissions

Dashboard

This user type has only access to the dashboard. Ideal for displaying the dashboard without the risk of colleagues using the account anonymously.

Read-only user

Users with the read-only role can browse most areas, but can not add, change or delete items. Ideal for users who do not perform system administration duties, like customers, managers, auditors or colleagues from other teams.

Normal user

This type of account can do most actions, except administrative ones like creating accounts.

Administrator

The administrator role has all permissions and should used with care. This type of account could be additionally safeguarded to prevent unauthorized creation of new users.

Compliance

Introduction

The compliance module helps with enforcing security policies by comparing actual and expected results. Each policy consists of multiple rule sets. These rule sets, with its rules, shape the policy and instruct the system what to look for. It includes a wide variety of checks and data points to check the system's security. Besides predefined policies, policies can be created and customized.

Lynis Enterprise has data available for standards and best practices like CIS, GDPR, HIPAA, ISO27001 and ISO27002, PCI-DSS, SOC, SOx, and others.

Compliance features

The compliance module provides several features to simplify testing the security of a system against a predefined set of rules.

  • Predefined policies include common standards and best practices
  • Create custom policies with the policy editor
  • Test compliance on each data upload
  • Automatically link a system to a policy based on system characteristics (hostname, OS, etc)

Policies

There are two type of policies, global and custom policies. The first group are predefined policies and managed for you. If you like to use them, just add a system to the policy and it will tested against that policy. If you want to use your own policies, create a new policy. This will then be a policy of the second group.

Rule sets

Policies are created by filling them with rule sets. Each set is formed by adding one or multiple rules to it.

Purpose: a rule set combines multiple similar rules into a logical group. In other words, keeping similar tests together and describing them properly.

The rule set also have an action when one, multiple or all rules within that set are matched. Default there are 3 different action: do nothing, mark as compliant, and mark as non-compliant.

Rules

Rules are the smallest individual tests there can be. It is as simple as a test like "Does this operating system equal 'Linux'?"

The policy engine evaluates all relevant rules and uses the outcome for further processing. Depending on its linked action, a rule can mark a system non-compliant, compliant, or do nothing.


Events


Using Events

Lynis Enterprise uses events to signal administrators about important discoveries. These events are small messages to tell what has been found and what action is needed.

The idea behind events is to provide a daily activity plan to keep your environment as healthy as possible. After an event is solved you can mark it as done and it will be gone.

To avoid flooding the administrator, each event type will be listed only once. If an event already exists, it will be updated with a new date to show that the event is still current.

Some events might never get solved, so this is why there is an option to hide them. The system will still update them, but not show them anymore.


Events Configuration

By default events will be activated if they are part of your license. No configuration is needed.

System integrity


System integrity module

Interface

The system integrity module helps with monitoring the integrity of the system. It includes areas like file integrity, package manager, vulnerability information, and more. It uses internal functions and external utilities to get a better picture of the system.

Used icons:
question icon - Status of machine unclear
exclamation icon - One or more issues found
tick icon - All tests seem to be fine

small tick icon Specific test is fine
small cross icon Specific test needs attention

File Integrity Plugin for Lynis

For Enterprise users of the software, there is a dedicated plugin available related to system and file integrity. The plugin performs individual tests and collects information, which is then processed by the Lynis Control Panel.

When the file integrity plugin is not installed, the interface will report this. Registered users can download a bundled version of Lynis, which includes the plugins. It comes with the file integrity plugin.

Integrity of Binaries

Software is, besides the actual data, one of the most sensitive components stored on disk. The integrity of these files are important, to ensure no unauthorized alterations have been made. Several tests are performed to provide a 'confidence level', to give a better idea on how well alterations can be prevented or detected.

Messages

No binaries tested

Depending on the operating system used, some tests might not be available. If "no binaries tested" is displayed, specific tools might be missing. What you can do is send a support e-mail, together with the operating system being used, so we can investigate the options.

Binaries mismatches found

During the check some binaries might should up as mismatches (). This indicates that one or more binaries have been found with a different hash than expected. To determine the specific details, run Lynis with the plugins and look in the log file (/var/log/lynis.log).

Vulnerability Database

Some operating systems have a specific vulnerability database available. It may be used to check the state of packages and discover vulnerable packages. Lynis determines if this database is available, its integrity and aging.



Reporting

Dashboard

Lynis Enterprise provides a dashboard which provides a quick overview of your environment. Our solution is different in that it provides three different dashboards by default. Your manager might be interested in compliance, while you want to know if all components are at the latest patch level. For every type of user there is a tailored dashboard.

technical dashboard Technical dashboard

This level is most suitable for consultants and engineers, as it provides all (technical) details of your IT environment. It will also include items related to the configuration of Lynis Enterprise, like plugin configuration.

operational dashboard Operational dashboard

Where the technical dashboard provides all details, this dashboard focuses on the operational aspects of your environment. It is tailored to managerial staff, like the IT manager, security manager or process managers. Not only will some details be left out, it will also list different risks and other representations of the stored data about your environment.

business dashboard Business dashboard

Where the technical dashboard provides all details, this dashboard focuses on the operational aspects of your environment. It is tailored to managers, like the IT manager, security manager or process managers.


Reports

The reports are a different type of view on your systems. Usually it will contain more fields, so you have all information available in one overview. The reports can be easily copied into your spreadsheet program. This way you have full on control on what you want to do with the data, or embed it in your corporate reporting templates.


Improvement Plan

Deciding where to start hardening your systems can be challenging. The improvement plan solves this issue by calculating what areas would be most interesting for your environment. It helps you even select them via different methods, like quick wins or systems with the highest risk rating.

Examples
  • Quick wins: Low risk, low effort
  • Impact: High impact, low to high risk
  • Controls: Control matching most comes first
  • System risk: Focus on high risk systems

Systems

System Overview

In the system overview, all systems belonging to your company are displayed. It includes basic information, like scan date, Lynis version, compliance status and amount of findings.

System Details

To get deep insights on what is known about a system, the system details page will show most of the information on one page. It includes the basic information of the system, up till every applicable category it discovered.

Adding or Removing Systems

To add a system to Lynis Enterprise, only two steps are needed:

  1. Configure the license key and central server
  2. Use the --upload to send data to central server

The license key can be found in the configuration screen. The central host value is usually equal to the address you used before, to log in on the central interface.

Add your changes to /etc/lynis/custom.prf

Example configuration:
license-key=12345-12345-12345-12345
upload-server=portal.cisofy.com

After changing the file, run Lynis:

# lynis audit system --upload


Tags

Using Tags

Tags are an easy way to define some properties of a system and using them later to find or group systems. Examples may include software running on the system, the role of the system, or the status of services.

Tags can be used at several places within the interface.

Automatic and manual tagging

By default the Lynis Control Panel performs "auto-tagging" and applies built-in tags to the system. These are then available for easy ordering or searching.

It is also possible to add custom tags to a system. One way to achieve this is by adding them in your profile (custom.prf) using the tags option.

tags=tag1,tag2,tag3


Need Help?