lynis
Lynis is an open-source security auditing and hardening tool for Linux, macOS, and UNIX systems. It performs in-depth local security scans, identifies misconfigurations, and provides hardening recommendations for compliance frameworks like PCI-DSS, HIPAA, and ISO27001.
Key facts
Objective fields from the source. Values we can't verify are shown as “Unknown” rather than guessed.
| Field | Value |
|---|---|
| Repository | CISOfy/lynis |
| Owner | CISOfy |
| Primary language | Shell |
| License | GPL-3.0 — OSI-approved |
| Stars | 15.9k |
| Forks | 1.6k |
| Open issues | 221 |
| Latest release | 3.1.7 (2026-06-25) |
| Last updated | 2026-06-25 |
| Source | https://github.com/CISOfy/lynis |
What lynis is
Written in Shell, Lynis runs agentless local security audits by examining system configuration, installed packages, and security controls. It requires no compilation or installation (can execute directly from git clone) and operates at the system level to detect vulnerabilities and compliance gaps.
Get the lynis source
Clone the repository and explore it locally.
git clone https://github.com/CISOfy/lynis.gitcd lynis# follow the project's README for install & configurationNeed it deployed, integrated, or customized instead? DEV.co ships production installs.
Best use cases
Implementation considerations
- Requires root or sudo access for full audit capability; plan privilege escalation and execution context accordingly.
- Shell-based execution means compatibility depends on local shell environment; test in target OS/distro combinations early.
- Audit results are text-based; integrate output parsing into existing logging, SIEM, or reporting infrastructure if centralizing findings.
- Customization possible via Lynis SDK; maintain separate test modules if extending to organizational-specific checks.
- No agent/daemon model means scheduling audits via cron or orchestration tools; establish audit cadence and result retention policies.
When to avoid it — and what to weigh
- Real-time Monitoring Required — Lynis is a point-in-time auditing tool, not a continuous monitoring or SIEM solution. Does not provide runtime threat detection or persistent alerting.
- Network-Based Scanning Needed — Lynis runs locally on the target system only; it cannot perform remote scanning, network-wide assessments, or external vulnerability scanning.
- Windows or Non-UNIX Systems — Supported platforms are Linux, macOS, BSD, and UNIX-based systems only. No Windows support.
- Regulatory Compliance without Expert Review — Lynis findings and recommendations inform compliance but do not constitute formal audit reports; expert interpretation and organizational policy alignment remain necessary.
License & commercial use
Licensed under GPL-3.0 (GNU General Public License v3.0), a copyleft open-source license requiring that any derivative work or distribution maintain the same license and provide source code.
GPL-3.0 permits commercial use of the software itself (internal auditing, compliance scanning). However, copyleft requirements mean any modifications or derivative tools must also be GPL-3.0 licensed and source-disclosed. CISOfy offers a separate commercial Enterprise version (web UI, dashboards, reporting, commercial support) for companies requiring proprietary extensions or service-level agreements. Internal use of unmodified Lynis has no licensing barrier.
DEV.co evaluation signals
Editorial assessment — not user reviews. Directional, with an explicit confidence level.
| Signal | Assessment |
|---|---|
| Maintenance | Active |
| Documentation | Strong |
| License clarity | Clear |
| Deployment complexity | Low |
| DEV.co fit | Good |
| Assessment confidence | High |
Lynis is a local audit tool requiring elevated privileges; ensure secure deployment and access controls on audit scripts. Audit findings are informational and context-dependent—recommendations require expert review and testing before production hardening. No vulnerability exploits are attempted; only configuration and software inventory assessment. Verify compatibility with security policies before deploying in regulated environments (e.g., immutable systems, SELinux/AppArmor-enforced). Commercial Enterprise version may include additional hardening controls; review carefully if compliance mandates are strict.
Alternatives to consider
OpenSCAP / SCAP Compliance Checker
Standards-based compliance scanning (NIST, CIS benchmarks); produces formal compliance reports; steeper learning curve and setup overhead versus Lynis simplicity.
Bastille / Aide
File integrity monitoring and change detection; complementary to Lynis but narrower scope; often used in combination rather than as replacement.
Wazuh / Osquery
Agent-based real-time monitoring and threat detection across fleet; higher operational complexity and dependency management; better for continuous monitoring, worse for one-off compliance audits.
Build on lynis with DEV.co software developers
Lynis helps you identify security gaps and compliance risks. Start with a free local audit, or let Devco help you integrate Lynis into your broader security and compliance automation strategy.
Talk to DEV.coRelated open-source tools
Surfaced by semantic similarity across the DEV.co open-source index.
Related on DEV.co
Explore the category and the services that help you build with it.
lynis FAQ
Can Lynis scan remote systems?
Does Lynis fix findings automatically?
Is Lynis suitable for compliance audits?
Can I modify Lynis and distribute my own version?
Custom software development services
From first prototype to production, DEV.co delivers software development services around tools like lynis. Our software development agency staffs experienced software developers and web developers for custom software development, web development, integrations, and ongoing support across open-source devops and beyond.
Ready to Assess Your System Security?
Lynis helps you identify security gaps and compliance risks. Start with a free local audit, or let Devco help you integrate Lynis into your broader security and compliance automation strategy.